← All Insights
Crypto & Blockchain

Crypto License in Bulgaria: How MiCA CASP Authorisation Works

YARD Law Co. · 2026  ·  YARD Law Legal Team

For years, Bulgaria was known as an easy place to "register" a crypto business. That era is over. Since the EU's Markets in Crypto-Assets Regulation (MiCA) became fully applicable to service providers, a crypto license in Bulgaria means one specific thing: authorisation as a Crypto-Asset Service Provider (CASP) - a genuine financial licence, supervised, capital-backed, and valid across the entire EU. This guide explains who needs it, what the competent authority looks for, and why Bulgaria can still be a smart place to obtain it.

The essentials at a glance

Bulgaria adopted the euro on 1 January 2026 (EUR 1 = BGN 1.95583). The figures below are the MiCA minimums current at the date of publication; statutory amounts should always be confirmed against the consolidated text in force at the time of acting.

Regime
MiCA CASP
Regulation (EU) 2023/1114; CASP rules applicable since 30 December 2024
Competent authority
FSC
Financial Supervision Commission (КФН); BNB for e-money / asset-referenced token matters
Minimum capital - Class 1
€50k
Reception & transmission, advice, execution, placing, transfer services
Minimum capital - Class 2
€125k
Custody & administration, or exchange of crypto for funds / other crypto
Minimum capital - Class 3
€150k
Operating a crypto-asset trading platform
EU passport
EEA-wide
One authorisation, services across all EU/EEA states by notification

What changed: from NRA registration to a real licence

Before MiCA, businesses providing exchange between virtual and fiat currencies, or custodian-wallet services, had to enter a public register kept by the National Revenue Agency (NRA). That was an anti-money-laundering registration - fast, cheap and light-touch. It never involved capital requirements, prudential supervision or a fit-and-proper review of management, and it is precisely why Bulgaria acquired its reputation as an easy crypto jurisdiction.

MiCA replaced that logic. The old registration does not, by itself, satisfy the new rules. Providers that were operating lawfully under national law before the CASP rules applied could rely on a transitional period while applying for full authorisation, but that grandfathering is time-limited and is being wound down. If your only permission is the historic NRA entry, obtaining CASP authorisation should be treated as urgent, not optional.

Who needs a CASP licence?

MiCA requires authorisation for anyone providing one or more crypto-asset services on a professional basis. The regulated services include:

  • Providing custody and administration of crypto-assets on behalf of clients.
  • Operating a crypto-asset trading platform (an exchange).
  • Exchange of crypto-assets for funds, or for other crypto-assets.
  • Execution of orders, and reception and transmission of orders, for clients.
  • Placing of crypto-assets.
  • Providing advice on, or portfolio management of, crypto-assets.
  • Providing transfer services for crypto-assets on behalf of clients.

Whether a given product is caught turns on how the asset and the service are legally characterised. Genuinely decentralised, non-custodial software, certain closed-loop or utility tokens, and some pure peer-to-peer arrangements may sit outside the CASP perimeter - but this is a fact-specific legal question, and getting it wrong is expensive. The safe starting assumption for any client-facing, custodial or exchange-type business is that authorisation is required.

The competent authority in Bulgaria

Bulgaria has designated the Financial Supervision Commission (Комисия за финансов надзор, FSC / КФН) as the national competent authority for authorising and supervising crypto-asset service providers and most crypto-asset issuers under MiCA. The Bulgarian National Bank (BNB) retains competence over matters connected to credit-institution and e-money activity, which becomes relevant when a project involves e-money tokens or asset-referenced tokens. Because the precise allocation of competence sits in implementing legislation that has been evolving, it should be confirmed against the current text for any specific application.

What it takes to get authorised

A CASP application is closer to a payment-institution or investment-firm file than to the old registration form. The core building blocks are:

  • An EU legal entity with substance. The applicant must be a legal person with a registered office in an EU member state where it carries out at least part of its business, with a place of effective management in the EU and at least one director resident in the EU. The FSC expects genuine local substance - management, staff and operations - not a letterbox.
  • Minimum capital. Prudential safeguards of €50,000, €125,000 or €150,000 depending on the class of services (see the table above), being the higher of the fixed minimum or one quarter of the previous year's fixed overheads.
  • Fit-and-proper management and qualifying shareholders. Good repute, adequate knowledge and experience, and disclosure of the beneficial-ownership chain.
  • Governance and risk framework. A clear organisational structure, conflict-of-interest management, complaints handling and business-continuity arrangements.
  • AML/KYC compliance. A full anti-money-laundering programme under the Bulgarian AML framework and EU rules, including customer due diligence and the crypto "travel rule".
  • ICT and operational resilience. Security and continuity arrangements consistent with the EU DORA framework for digital operational resilience.
  • Client-asset protection. Segregation and safekeeping of client crypto-assets and funds, with clear custody arrangements.

The EU passport - why the jurisdiction still matters

The single biggest advantage of a MiCA licence is passporting. Once authorised in Bulgaria, a CASP can offer the services covered by its authorisation across the entire EU/EEA by notifying host-state authorities through the FSC - no separate licence in each country. That turns the choice of home member state into a strategic decision: cost base, regulator responsiveness, language, talent and banking access all matter, because the resulting licence works everywhere in the single market. Bulgaria's low operating costs and EU membership are exactly why it remains on the shortlist despite the higher bar MiCA now sets.

Timeline and transition

The MiCA rules for crypto-asset service providers have applied since 30 December 2024 (the rules for asset-referenced and e-money tokens applied earlier, from 30 June 2024). Member states were allowed to grant existing providers a transitional period to continue operating while seeking authorisation, up to a maximum window that ends in 2026, and several states shortened it. The practical takeaway is the same in every case: the transitional runway is closing, and an application takes months to prepare, so the realistic planning horizon is now, not later.

Issuing a token is a different question

Running a crypto business and issuing a crypto-asset are governed by different parts of MiCA. Offering many crypto-assets to the public, or seeking their admission to trading, generally requires a compliant white paper and notification to the competent authority. Issuing asset-referenced tokens (ARTs) or e-money tokens (EMTs) - the stablecoin categories - is a separate and more demanding authorisation regime, with the BNB's competence engaged. A project that both issues a token and operates a platform may need to clear more than one regime simultaneously. We cover the issuer side in our companion pieces on the MiCA regulatory framework and what crypto companies must do under MiCA.

Common mistakes we see

  • Assuming the historic NRA registration is enough - and missing the CASP authorisation deadline.
  • Designing the corporate structure and raising capital before mapping which services are regulated, then discovering the wrong entity or the wrong class was chosen.
  • Treating the entity as a letterbox, when the FSC expects real management and operational substance in Bulgaria.
  • Underestimating the AML, DORA and client-asset-segregation workload, which is where most application time is actually spent.
  • Confusing the CASP (service-provider) regime with the token-issuance and stablecoin regimes, and preparing only one when both apply.
  • Overlooking the tax side of the structure - see our guide to Bulgarian tax law and crypto taxation in Bulgaria.

For a structured overview of how YARD Law supports crypto and blockchain businesses - from entity set-up and CASP authorisation to token structuring, AML and ongoing compliance - see our Crypto & Blockchain practice page →

This guide was prepared by the legal team at YARD Law Co., a full-service law firm based in Sofia, Bulgaria. It is for general information only and does not constitute legal advice on a specific case. MiCA and its implementing legislation are still bedding in and change frequently - specific requirements, capital thresholds, procedural deadlines and the allocation of regulatory competence should always be verified against the current consolidated text and the guidance of the competent authority before acting.

Planning a crypto licence in Bulgaria?

From CASP authorisation to AML, DORA and token structuring - we handle the whole file in-house.