A horizon scanner for the regulations shaping the digital economy — where each one stands, and the key dates to track. For the full explainer of each regulation, see Key Regulations.
21
Regulations tracked
7
Jurisdictions
Jul 2026
Last updated
🇪🇺EU Live
MiCAR
Markets in Crypto-Assets Regulation
MiCAR is the EU’s harmonised rulebook for crypto-assets, directly applicable across the EU and EEA.
Key dates
June 2023MiCAR entered into force.
June 2024ART and EMT rules began applying.
December 2024CASP and wider MiCAR rules began applying.
Show details · +5 more dates
Further dates
March 2025CASPs had to cease services linked to unauthorised ARTs and EMTs where required.
March 2026CASPs providing EMT-related payment services had to obtain PSP authorisation, partner with a licensed PSP, or adjust their model.
May 2026European Commission launched its MiCAR review consultation.
July 2026Transitional period ended; legacy CASPs require full authorisation where applicable.
2028AMLA begins direct supervision of selected high-risk obliged entities.
What it is
MiCAR is the EU’s harmonised rulebook for crypto-assets, directly applicable across the EU and EEA.
Before MiCAR, EU crypto regulation was limited and fragmented. AMLD5 brought certain crypto-to-fiat exchange providers and custodian wallet providers within AML/CFT obligations, but implementation sat with individual Member States. This created different registration standards, supervisory approaches and compliance expectations across the EU.
MiCAR is the EU’s harmonised response to that fragmentation. As a regulation, it applies directly and creates a single framework for crypto-asset issuers and CASPs across authorisation, governance, conduct, prudential safeguards, white papers, market abuse and ongoing compliance. It also introduces passporting, allowing authorised firms to operate across the single market under one authorisation.
MiCAR is only the starting point. Firms must also track Level 2 and Level 3 measures, including RTS, ITS, guidelines, Q&As and supervisory notices — and understand how MiCAR interacts with banking, payments, MiFID II, DORA, AMLR, TFR, GDPR, DAC8 and other regimes.
🇪🇺EU Live
EU TFR
Transfer of Funds Regulation / EU Travel Rule
The EU’s Travel Rule framework for transfers of funds and certain crypto-assets, introduced through the recast Transfer of Funds Regulation, Regulation (EU) 2023/1113.
Key dates
April 2023TFR approved by the European Parliament.
June 2023Regulation (EU) 2023/1113 published in the Official Journal.
December 2024TFR began applying alongside MiCAR CASP obligations.
Show details · +3 more dates
Further dates
December 2024EBA Travel Rule Guidelines began applying.
July 2025Grace period for CASPs using infrastructure with technical limitations ended.
April 2026First EU Travel Rule enforcement action reported by the Office of the Arbiter for Financial Services (OAFS) in Malta.
What it is
The EU’s Travel Rule framework for transfers of funds and certain crypto-assets, introduced through the recast Transfer of Funds Regulation, Regulation (EU) 2023/1113.
The TFR requires payment service providers, intermediary payment service providers and CASPs to collect, verify where required, transmit and screen information on the originator and beneficiary. For crypto-asset transfers, the EU approach applies broadly and is not limited to transfers above a minimum threshold.
For CASPs, TFR is not just a data-sharing requirement. It affects onboarding, wallet screening, counterparty CASP due diligence, transaction monitoring, sanctions controls, Travel Rule vendor selection, exception handling, escalation workflows, record keeping and evidence of implementation.
🇺🇸United States Live
GENIUS Act
Guiding and Establishing National Innovation for U.S. Stablecoins Act
The first federal framework for permitted payment stablecoin issuers in the United States, replacing a fragmented state-led approach with a national regime for payment stablecoin issuance.
Key dates
July 2025GENIUS Act signed into law.
February 2026OCC proposed rules for entities under its jurisdiction.
April 2026FinCEN and OFAC proposed AML and sanctions rules.
Show details · +3 more dates
Further dates
April 2026FDIC proposed rules for FDIC-supervised PPSIs and IDIs.
June 2026Treasury comment period closed on state regime comparability.
January 2027Ultimate effective date, unless final rules trigger an earlier date.
What it is
The first federal framework for permitted payment stablecoin issuers in the United States, replacing a fragmented state-led approach with a national regime for payment stablecoin issuance.
The GENIUS Act establishes authorisation pathways for payment stablecoin issuers, with the relevant supervisor depending on the type of issuer and the scale of operations. It sets requirements around 1:1 reserves, redemption rights, governance, compliance, BSA/AML programmes and token-level freeze capability.
Compared with MiCAR, one notable feature is the pathway for foreign payment stablecoin issuers to register or operate in the United States, subject to applicable requirements and supervisory expectations. The framework is expected to reshape how banks, non-bank issuers, foreign issuers and stablecoin infrastructure providers approach U.S. market access.
🇬🇧UK Incoming
UK Cryptoasset Regime
Financial Services and Markets Act 2000 (Cryptoassets) Regulations 2026
For years, UK crypto regulation was fragmented across the Money Laundering Regulations, financial promotions, Travel Rule implementation, and wider developments in private and property law. Cryptoasset businesses were generally brought into the FCA’s remit through AML registration and financial promotion rules, rather than a bespoke full-scope regime.
Key dates
February 2026Cryptoassets Regulations passed by Parliament.
June 2026FCA final rules published across A&D, MARC, stablecoins, regulated activities, prudential rules and Handbook application.
June 2026FCA finalised guidance on Consumer Duty, operational resilience and international cryptoasset firms.
Show details · +5 more dates
Further dates
July 2026Pre-application support opened for cryptoasset firms.
July 2026COREPRU 7 and CRYPTOPRU 7 guidance consultations closed.
30 September 2026FCA authorisation application window opens.
28 February 2027FCA authorisation application window closes.
25 October 2027New UK cryptoasset regime expected to come into force.
What it is
For years, UK crypto regulation was fragmented across the Money Laundering Regulations, financial promotions, Travel Rule implementation, and wider developments in private and property law. Cryptoasset businesses were generally brought into the FCA’s remit through AML registration and financial promotion rules, rather than a bespoke full-scope regime.
That is changing. The Financial Services and Markets Act 2000 (Cryptoassets) Regulations 2026 bring a broad range of cryptoasset activities into the FCA’s regulatory perimeter for the first time. The regime moves beyond AML and financial promotions into authorisation, prudential requirements, conduct, stablecoin issuance, admissions and disclosures, market abuse, operational resilience and wider FCA Handbook standards.
From 25 October 2027, firms carrying on regulated cryptoasset activities will need the relevant FCA permissions. Firms planning to operate in the UK will need to prepare early, including assessing perimeter, permissions, governance, capital, controls, disclosures, safeguarding, operational resilience and Consumer Duty expectations. The FCA says the new regime is expected to come into force on 25 October 2027, with applications for authorisation open from 30 September 2026 to 28 February 2027.
🇪🇺EU Incoming
AMLA
Anti-Money Laundering Authority
AMLA is the EU’s new central authority for anti-money laundering and countering the financing of terrorism, established under Regulation (EU) 2024/1620 and headquartered in Frankfurt.
Key dates
June 2024AMLA Regulation entered into force.
2025AMLA began operational set-up in Frankfurt.
May 2026AMLA published reporting package for identifying provisionally eligible obliged entities.
Show details · +2 more dates
Further dates
2027AMLA to select up to 40 high-risk, cross-border obliged entities for direct supervision.
2028Direct supervision of selected entities begins.
What it is
AMLA is the EU’s new central authority for anti-money laundering and countering the financing of terrorism, established under Regulation (EU) 2024/1620 and headquartered in Frankfurt.
It is designed to make AML/CFT supervision more consistent across the EU by coordinating national supervisors, supporting cooperation between Financial Intelligence Units and directly supervising selected high-risk, cross-border obliged entities.
For firms, AMLA marks a shift from fragmented national supervision toward a more coordinated EU-level approach. The impact will be felt most by groups operating across multiple Member States, high-risk financial institutions and obliged entities with complex cross-border activity. Even firms not directly supervised by AMLA are likely to feel the effect through more consistent expectations, stronger supervisory convergence and increased focus on evidence, governance and control effectiveness.
🇪🇺EU Incoming
AMLR
EU Anti-Money Laundering Regulation
The EU AML framework has historically been built around AML directives, which Member States had to transpose into national law. That approach created fragmentation across the EU, with differences in national implementation, supervisory expectations and compliance standards.
Key dates
July 2024AMLR entered into force.
May 2026Consultation closed on draft RTS for Customer Due Diligence under Article 28(1).
July 2027AMLR applies to most obliged entities, including banks, crypto firms and designated non-financial businesses.
Show details · +1 more dates
Further dates
2029Extended transition period ends for the football sector.
What it is
The EU AML framework has historically been built around AML directives, which Member States had to transpose into national law. That approach created fragmentation across the EU, with differences in national implementation, supervisory expectations and compliance standards.
The AMLR changes that. Regulation (EU) 2024/1624 creates a directly applicable EU Single Rulebook for AML/CFT, replacing parts of the fragmented directive-based approach with harmonised rules across all 27 Member States.
The AMLR sets common standards for obliged entities, including customer due diligence, beneficial ownership transparency, internal controls, group-wide policies, outsourcing, high-risk relationships and ongoing monitoring. For firms operating across multiple EU markets, it is a major step toward more consistent AML/CFT expectations and supervision.
🇭🇰Hong Kong Live
Hong Kong Stablecoins Ordinance
Fiat-Referenced Stablecoin Issuer Regime
Hong Kong’s Stablecoins Ordinance establishes a dedicated licensing regime for fiat-referenced stablecoin issuers.
Key dates
May 2025Stablecoins Ordinance enacted.
July 2025HKMA published its implementation package, including guidance on supervision of licensed stablecoin issuers, AML/CFT expectations, licensing requirements and transitional arrangements for pre-existing issuers.
August 2025Stablecoins Ordinance came into effect.
Show details · +1 more dates
Further dates
April 2026HKMA issued first stablecoin issuer licences to HSBC and Standard Chartered.
What it is
Hong Kong’s Stablecoins Ordinance establishes a dedicated licensing regime for fiat-referenced stablecoin issuers.
The regime applies to persons issuing fiat-referenced stablecoins in Hong Kong, issuing Hong Kong dollar-referenced stablecoins outside Hong Kong, or actively marketing relevant stablecoins to the Hong Kong public. Licensed issuers are subject to requirements around reserve backing, redemption, governance, risk management, AML/CFT and ongoing supervision.
The framework positions Hong Kong as one of the first major Asian financial centres with a bespoke stablecoin issuer regime. It is relevant for issuers, banks, payment firms, Web3 businesses and infrastructure providers assessing stablecoin issuance, distribution or market access in Hong Kong.
🇬🇧UK Live
UK MLRs
Money Laundering, Terrorist Financing and Transfer of Funds Regulations 2017
The UK MLRs form the core of the UK’s AML/CFT framework, setting requirements for firms in the regulated sector to assess financial crime risk, conduct customer due diligence, monitor activity, maintain controls and report suspicious activity.
Key dates
June 2017UK MLRs entered into force.
January 2020Cryptoasset exchange providers and custodian wallet providers brought into scope for FCA AML registration.
June 2026Money Laundering and Terrorist Financing Amendment Regulations made.
Show details · +3 more dates
Further dates
June 2026Most 2026 amendments came into force.
February 2027New cryptoasset EDD requirements under regulation 34A take effect.
October 2027Additional cryptoasset regime-related MLR provisions take effect.
What it is
The UK MLRs form the core of the UK’s AML/CFT framework, setting requirements for firms in the regulated sector to assess financial crime risk, conduct customer due diligence, monitor activity, maintain controls and report suspicious activity.
For cryptoasset businesses, the MLRs have historically been the main route into FCA supervision, requiring cryptoasset exchange providers and custodian wallet providers to register for AML purposes. The 2026 amendments update that framework, including more proportionate risk-based requirements, enhanced due diligence for certain cryptoasset arrangements, trust registration changes and FCA breach notification obligations.
The MLRs remain a key part of the UK crypto compliance stack, even as the broader UK cryptoasset regime moves toward full authorisation in October 2027. Firms need to understand how AML registration, MLR obligations, Travel Rule implementation and the new cryptoasset perimeter interact.
🇪🇺EU Live
DORA
Digital Operational Resilience Act
DORA is the EU’s operational resilience framework for the financial sector, introduced as part of the EU Digital Finance Package alongside MiCAR.
Key dates
January 2023DORA entered into force.
January 2024First wave of policy standards published.
July 2024Second wave of policy standards published.
Show details · +4 more dates
Further dates
January 2025DORA became fully applicable.
April 2025Financial entities submitted ICT third-party registers to competent authorities.
July 2025ESAs began criticality assessment and notified potential critical ICT third-party providers.
November 2025ESAs designated the first cohort of critical ICT third-party providers.
What it is
DORA is the EU’s operational resilience framework for the financial sector, introduced as part of the EU Digital Finance Package alongside MiCAR.
It creates harmonised requirements for managing ICT and cyber risk across financial entities, including incident reporting, digital operational resilience testing, ICT risk management and third-party risk management. It also introduces direct EU-level oversight of critical ICT third-party providers.
For firms, DORA is not only a cybersecurity regulation. It affects governance, outsourcing, vendor management, contractual arrangements, incident response, resilience testing, board oversight and evidence of ICT risk controls across the business and technology stack.
🇪🇺EU Incoming
EU AI Act
Artificial Intelligence Act
The EU AI Act is the EU’s horizontal regulatory framework for artificial intelligence, establishing risk-based obligations for AI systems placed on the EU market or used in the EU.
Key dates
August 2024AI Act entered into force.
November 2024Member States required to identify fundamental rights authorities and notify the Commission.
February 2025General provisions, AI literacy obligations and prohibitions began applying.
Show details · +5 more dates
Further dates
August 2025General-purpose AI rules began applying and governance framework required.
August 2026Majority of AI Act rules apply and enforcement begins.
August 2027Rules apply for high-risk AI embedded in regulated products.
December 2027Rules apply for certain high-risk areas, including biometrics, critical infrastructure, education, employment, migration, asylum and border control.
August 2028Rules apply for AI systems integrated into products such as robotics and industrial machinery.
What it is
The EU AI Act is the EU’s horizontal regulatory framework for artificial intelligence, establishing risk-based obligations for AI systems placed on the EU market or used in the EU.
It sets requirements across prohibited AI practices, general-purpose AI, high-risk AI systems, transparency obligations, governance, human oversight, data quality, technical documentation, conformity assessment and post-market monitoring.
For firms, the AI Act is not only a technology compliance exercise. It affects product design, governance, vendor oversight, model validation, documentation, customer impact, internal training and how AI-enabled systems are deployed across regulated and non-regulated environments.
🇺🇸United States Proposed
CLARITY Act
Digital Asset Market Clarity Act
The CLARITY Act is a U.S. federal market structure proposal for digital assets.
Key dates
May 2025Digital Asset Market Clarity Act introduced.
July 2025Passed the House.
June 2026Placed on the Senate Legislative Calendar.
Show details · +1 more dates
Further dates
August 2026Reported target deadline for Senate action before summer recess.
What it is
The CLARITY Act is a U.S. federal market structure proposal for digital assets.
It is designed to create a clearer framework for digital asset markets by allocating oversight between the SEC and CFTC, setting guardrails for exchanges, brokers, dealers and intermediaries, and introducing consumer and investor protection requirements.
If enacted, the CLARITY Act would be a major step toward a federal digital asset market structure regime in the United States. It is intended to reduce regulatory uncertainty, support responsible innovation, address illicit finance and national security risks, and provide clearer rules for developers, issuers, platforms and market participants.
🇦🇺Australia Incoming
Corporations Amendment (Digital Assets Framework) Bill
Australia’s Digital Assets Framework introduces a dedicated regulatory regime for digital asset platforms and tokenised custody platforms by amending the Corporations Act 2001 and the ASIC Act 2001.
Key dates
April 2026Digital Assets Framework Act received Royal Assent.
April 2026ASIC published its implementation roadmap.
June 2026ASIC issued updated INFO 225 and accompanying no-action position.
Show details · +3 more dates
Further dates
Q1 2027ASIC to publish regulatory guides for DAPs and TCPs.
April 2027Licensing application window opens and the Act commences.
October 2027Transitional period ends.
What it is
Australia’s Digital Assets Framework introduces a dedicated regulatory regime for digital asset platforms and tokenised custody platforms by amending the Corporations Act 2001 and the ASIC Act 2001.
The framework brings Digital Asset Platforms (DAPs) and Tokenised Custody Platforms (TCPs) within Australia’s financial services regime, requiring firms to obtain an Australian Financial Services Licence (AFSL), comply with conduct and consumer protection obligations, and meet new standards for custody, safeguarding, disclosures and governance. The reforms are intended to provide greater regulatory certainty while strengthening consumer protection and market integrity.
The regime marks Australia’s shift from relying primarily on existing financial services law to introducing a bespoke framework for digital asset businesses, with ASIC leading implementation through guidance, licensing and supervisory expectations.
🇪🇺EU Incoming
EUDI
European Digital Identity Framework
eIDAS 2.0 updates the EU framework for electronic identification and trust services and introduces the European Digital Identity Wallet as its central feature.
Key dates
February 2024European Parliament adopted the updated framework.
May 2024Regulation entered into force.
November 2024Commission adopted the first technical implementing standards for EUDI Wallets.
Show details · +3 more dates
Further dates
End of 2026Member States must provide at least one EUDI Wallet.
2027 onwardMandatory acceptance requirements begin applying to relevant public and private-sector services.
2030EU target for widespread use of digital identification across key services.
What it is
eIDAS 2.0 updates the EU framework for electronic identification and trust services and introduces the European Digital Identity Wallet as its central feature.
Each Member State must make at least one EUDI Wallet available to citizens, residents and businesses. Wallets may be issued directly by the state, provided by a mandated entity or recognised where developed by an approved private-sector provider. Users will be able to identify themselves and securely store, present and share digital credentials across borders, including identity documents, professional qualifications, driving licences and other verified attributes.
For regulated firms, eIDAS 2.0 will affect digital onboarding, strong customer authentication, identity verification and credential-based customer journeys. Banks and other specified private-sector service providers will need to prepare to accept EUDI Wallets where strong user authentication is required, while ensuring that their systems, workflows and data practices support secure and privacy-preserving verification.
🇪🇺EU Live
DAC8
Directive on Administrative Cooperation — Crypto-Asset Reporting
DAC8 extends the EU’s tax transparency framework to crypto-assets and implements the OECD Crypto-Asset Reporting Framework within EU law.
Key dates
October 2023DAC8 adopted.
December 2025Member State transposition deadline.
January 2026Data collection and due diligence obligations began.
Show details · +2 more dates
Further dates
2027First reports covering the 2026 calendar year become due under national rules.
September 2027First automatic exchanges between Member State tax authorities due.
What it is
DAC8 extends the EU’s tax transparency framework to crypto-assets and implements the OECD Crypto-Asset Reporting Framework within EU law.
It requires Reporting Crypto-Asset Service Providers to collect tax residence and identification information, including Tax Identification Numbers, and report relevant transactions involving EU-resident users. National tax authorities will then exchange that information automatically with the Member State in which the user is tax resident.
The regime covers a broad range of crypto-assets and transactions, including exchanges between crypto-assets and fiat currency, exchanges between crypto-assets, transfers and certain retail payment transactions. Its scope can also extend to non-EU providers serving EU-resident users, requiring them to register in a Member State unless an exemption applies.
🇪🇺EU Live
DLT Pilot Regime
Pilot Regime for Market Infrastructures Based on Distributed Ledger Technology
The EU DLT Pilot Regime is a controlled regulatory framework under Regulation (EU) 2022/858 for testing the trading and settlement of financial instruments using distributed ledger technology.
Key dates
March 2023DLT Pilot Regime began applying.
June 2025ESMA published its review and recommended changes, including a possible permanent regime.
December 2025Commission proposed reforms through the Market Integration and Supervision Package.
Show details · +1 more dates
Further dates
2030Further review proposed under the Commission’s reform package, subject to adoption.
What it is
The EU DLT Pilot Regime is a controlled regulatory framework under Regulation (EU) 2022/858 for testing the trading and settlement of financial instruments using distributed ledger technology.
It allows authorised market infrastructures to operate DLT multilateral trading facilities, DLT settlement systems, or combined DLT trading and settlement systems. Operators may receive limited exemptions from parts of MiFID II, MiFIR and CSDR where necessary for their DLT model, subject to safeguards for investor protection, market integrity and financial stability.
The regime applies to tokenised financial instruments such as shares, bonds and fund units, rather than crypto-assets governed by MiCAR. It provides a route for regulated institutions and market infrastructure providers to test tokenised capital-markets models, although limited uptake and restrictive thresholds have prompted proposals to broaden and make the framework more permanent.
🇪🇺EU Proposed
PSD3 & PSR
Payment Services Directive 3 and Payment Services Regulation
PSD3 and the PSR modernise the EU payment services framework, replacing much of PSD2 with a revised directive and a directly applicable regulation.
Key dates
June 2023European Commission proposed PSD3 and the PSR.
June 2025Council agreed its negotiating position.
November 2025Parliament and Council reached provisional agreement.
Show details · +4 more dates
Further dates
April 2026COREPER confirmed the compromise texts.
May 2026ECON Committee approved the agreed texts.
NextFormal adoption and publication in the Official Journal.
21 months after entry into forceMost PSR provisions apply and Member States must apply national measures transposing PSD3.
What it is
PSD3 and the PSR modernise the EU payment services framework, replacing much of PSD2 with a revised directive and a directly applicable regulation.
PSD3 will govern the authorisation and supervision of payment institutions and electronic money institutions, while the PSR will establish harmonised conduct requirements for payment services across the EU. The package is intended to reduce payment fraud, improve consumer protection, increase fee transparency, strengthen open banking and create a more consistent framework for banks, payment institutions, fintechs and other payment service providers.
The framework also responds to new payment models and the interaction between payments and digital assets. Firms will need to assess changes to authorisation, safeguarding, fraud prevention, strong customer authentication, account access, customer communications and liability arrangements. The final compromise also addresses the treatment of certain payment transactions involving e-money tokens, creating an important link between the payment services framework and MiCAR.
🇪🇺EU Proposed
FiDA
Framework for Financial Data Access
FiDA is the EU’s proposed open finance framework, extending customer-controlled data sharing beyond payment accounts to a wider range of financial products and services.
Key dates
June 2023European Commission proposed FiDA.
April 2024European Parliament committee adopted its negotiating position.
December 2024Council agreed its negotiating mandate.
Show details · +1 more dates
Further dates
NextFiDA remains under trilogue negotiations between the European Parliament and the Council, with the Commission participating; it has not yet been formally adopted or published.
What it is
FiDA is the EU’s proposed open finance framework, extending customer-controlled data sharing beyond payment accounts to a wider range of financial products and services.
The proposed regulation would establish rights and obligations for financial institutions, insurers, investment firms, pension providers and authorised financial information service providers that hold, access or use customer data. Customers would be able to permit their data to be shared through secure interfaces, enabling new services across lending, savings, investments, insurance and personal financial management.
FiDA moves the EU from open banking toward open finance. It will require firms to consider consent management, data-access permissions, API infrastructure, compensation arrangements, data security and participation in financial data-sharing schemes. It is also likely to affect how financial data is used in AI-enabled products, customer analytics and personalised financial services.
🇪🇺EU Live
NIS2
Directive on Measures for a High Common Level of Cybersecurity Across the Union
NIS2 is the EU’s cybersecurity framework for essential and important entities operating across critical sectors.
Key dates
December 2022NIS2 adopted and published.
January 2023Directive entered into force.
October 2024Member State transposition deadline; NIS1 repealed.
Show details · +3 more dates
Further dates
October 2024Commission adopted implementing rules for specified digital and ICT entities.
2024–2026National transposition and enforcement continued across Member States.
January 2026Commission proposed targeted NIS2 amendments as part of a wider cybersecurity package.
What it is
NIS2 is the EU’s cybersecurity framework for essential and important entities operating across critical sectors.
It expands the scope of the original NIS Directive to 18 sectors, including digital infrastructure, ICT service management, financial market infrastructure, energy, transport, health, manufacturing, public administration and certain digital service providers. It introduces requirements covering cybersecurity risk management, incident reporting, business continuity, supply-chain security and management-body accountability.
For financial entities, NIS2 must be read alongside DORA. DORA generally operates as the sector-specific framework for financial-sector ICT risk, while NIS2 may remain relevant to other activities, group entities, technology providers and infrastructure falling outside DORA’s scope. Firms therefore need to determine which entities and services fall under each regime rather than treating them as interchangeable.
🇧🇷Brazil Live
Brazil Virtual Asset Framework
BCB Resolutions 519, 520 and 521
Brazil’s Central Bank has introduced a comprehensive regulatory framework for virtual asset service providers through BCB Resolutions 519, 520 and 521.
Key dates
November 2025BCB published Resolutions 519, 520 and 521.
February 2026New virtual asset framework entered into force.
May 2026Reporting of specified foreign-exchange-related virtual asset transactions became mandatory.
Show details · +1 more dates
Further dates
October 2026Transitional deadline for existing providers to seek authorisation and adapt their operations.
What it is
Brazil’s Central Bank has introduced a comprehensive regulatory framework for virtual asset service providers through BCB Resolutions 519, 520 and 521.
Resolution 519 establishes the authorisation process for companies seeking to provide virtual asset services. Resolution 520 governs the operation of VASPs, including permitted activities, governance, risk management, client asset segregation, AML/CFT controls, monitoring and information-sharing requirements. Resolution 521 brings specified virtual asset transactions within Brazil’s foreign-exchange framework, including certain cross-border payments, fiat-referenced virtual asset transactions and transfers involving self-hosted wallets.
The framework marks Brazil’s move from a principles-based regime to direct prudential and conduct supervision by the Banco Central do Brasil. Existing providers must assess their authorisation path, operating model, capital and governance arrangements, customer asset controls, AML/CFT framework and reporting obligations. Firms using virtual assets for international payments must also consider how their activity is treated under the foreign-exchange rules.
🇸🇬Singapore Live
Singapore Crypto Regulation
Payment Services Act 2019 and Financial Services and Markets Act 2022
Singapore regulates digital token activities through a combination of the Payment Services Act and the Financial Services and Markets Act, with the Monetary Authority of Singapore serving as the principal regulator.
Key dates
January 2020Payment Services Act entered into force.
August 2023MAS finalised its stablecoin regulatory framework.
April 2024Expanded Payment Services Act scope and new DPT safeguards began taking effect.
Show details · +3 more dates
Further dates
October 2024MAS consulted on the DTSP regime under the Financial Services and Markets Act.
May 2025MAS published final DTSP regulations, notices and licensing guidance.
June 2025DTSP regime entered into force for Singapore-based providers serving customers outside Singapore.
What it is
Singapore regulates digital token activities through a combination of the Payment Services Act and the Financial Services and Markets Act, with the Monetary Authority of Singapore serving as the principal regulator.
The Payment Services Act governs Digital Payment Token services provided in Singapore, including dealing in or facilitating the exchange of DPTs and facilitating their transmission. Licensed providers are subject to requirements covering AML/CFT, safeguarding of customer assets, conduct, technology risk, disclosures and consumer protection. Amendments that took effect in 2024 expanded the regulated scope to include additional activities such as custodial services and certain transfers or exchanges where the provider does not take possession of the assets.
The Financial Services and Markets Act separately regulates Singapore-established Digital Token Service Providers that provide services solely to customers outside Singapore. From June 2025, such providers require an MAS licence, with licensing expected to be granted only in limited circumstances and no transitional arrangement for firms already carrying on the activity. The regime includes AML/CFT, conduct, disclosure, governance and financial requirements.
Singapore has also finalised a framework for single-currency stablecoins issued in Singapore and pegged to the Singapore dollar or a G10 currency. Issuers seeking recognition as MAS-regulated stablecoins must meet requirements relating to reserve assets, capital, redemption at par and disclosures.
🇭🇰Hong Kong Live
Hong Kong Virtual Asset Regulatory Framework
Virtual Asset Trading Platform and Digital Asset Market Regime
Hong Kong regulates virtual asset trading platforms through a mandatory licensing regime administered by the Securities and Futures Commission under the Anti-Money Laundering and Counter-Terrorist Financing Ordinance.
Key dates
December 2022Legislation establishing the mandatory VATP licensing regime enacted.
June 2023SFC licensing regime for virtual asset trading platforms began.
June 2024Transitional non-contravention period for existing platforms ended.
Show details · +5 more dates
Further dates
January 2025SFC introduced an enhanced licensing process and revamped external assessments.
February 2025SFC launched its ASPIRe roadmap for further development of the virtual asset market.
April 2025SFC issued guidance permitting staking under specified safeguards.
November 2025SFC issued guidance allowing licensed VATPs to connect to intra-group shared order books to enhance liquidity.
May 2026Consultations concluded on proposed licensing regimes for virtual asset dealing and custody providers.
What it is
Hong Kong regulates virtual asset trading platforms through a mandatory licensing regime administered by the Securities and Futures Commission under the Anti-Money Laundering and Counter-Terrorist Financing Ordinance.
The regime applies to centralised virtual asset trading platforms carrying on business in Hong Kong or actively marketing their services to Hong Kong investors. Licensed platforms must meet requirements covering governance, custody, client asset protection, token admission, market surveillance, conflicts of interest, AML/CFT, cybersecurity and investor protection.
Hong Kong is continuing to expand the framework beyond trading platforms. The SFC’s ASPIRe roadmap focuses on access, safeguards, products, infrastructure and regulatory relationships, while further regimes are being developed for virtual asset dealing and custody. The SFC has also introduced measures covering staking, financing, market making, new product offerings and access to global liquidity.
For general information only. Not legal, regulatory or compliance advice.
Need Help Navigating These Changes?
From MiCAR and the UK cryptoasset regime to AMLR, DORA and the EU AI Act — Cryptliance helps firms understand what applies, what it means for the business and what to do next.