Through its longstanding and highly respected regulatory regime, Bermuda has established itself as a leading jurisdiction for digital assets and blockchain, with a broad-based ecosystem of licensed businesses and service providers across a range of activities.

Beginning in 2018 with the Digital Asset Business Act (DABA), which introduced a licensing regime for firms carrying out “digital asset business” (defined in the following), a market-supporting framework has evolved alongside DABA to include a licensing regime for carrying out “digital asset issuance” under the Digital Asset Issuance Act (DAIA), introduced in 2020, various sandbox programmes (discussed in 4.3 Regulatory Sandbox) and detailed prudential and regulatory guidance published by the Bermuda Monetary Authority (BMA), along with active engagement across the digital finance industry in Bermuda.

The BMA, which is Bermuda’s sole financial regulator, administers a principles-based regulatory framework comprising legislation, policies, guidance, codes of practice and regular industry-wide consultations. It oversees all financial institutions in Bermuda and is a member of the Global Financial Innovation Network (GFIN), an innovative network of regulators and cross-border testing framework.

At the time of writing, there are over 40 digital asset firms licensed or operating in sandbox operations overseen by the BMA, which has specialist expert teams covering digital asset licensing, cyber-risk, anti-money laundering (AML) and compliance.

Bermuda has also seen a number of different limited test deployments focused on the adoption of cryptocurrency by Bermuda residents, including a blockchain-based stimulus token and, at a recent digital finance forum event, an airdrop of USDC stablecoin tokens to conference attendees via the onboarding of non-custodial wallets. There have also been initial exploratory projects involving decentralised autonomous organisations (DAOs) and projects examining integration with artificial intelligence.

The BMA has adopted an exploratory posture, including recently calling for proposals from digital asset firms for a collaborative pilot project aimed at testing embedded supervision on deployed blockchains (with regulatory requirements or disclosures integrated into the blockchain or smart contract architecture). Equally, however, the BMA has also focused on improving and strengthening regulation, including introducing a prudential framework for issuers of stablecoins pegged to the value of fiat currencies (see 2.4 Stablecoins) and consulting on new rules for client assets applicable to DABA licensees providing custody of digital assets, as well as on additional rules on capital, solvency, wind-down plans and net asset and liquidity requirements.

DABA licensees can be authorised to carry out a wide range of activities involving digital assets (details of specific licensable activities are provided in the following). Currently, Bermuda’s digital asset firms are licensed under DABA to conduct a number of different types of business, including:

• stablecoin issuance;
• acting as digital asset exchanges and derivatives exchanges;
• acting as liquidity service providers;
• acting as settlement platform operators;
• securities and real-world asset (RWA) tokenisation;
• providing payment services;
• providing insurance underwriting and marketplace operation;
• acting as investment funds; and
• providing carbon data, climate finance and compliance solutions.

A number of activities are specified as exempt from the requirement to obtain a DABA licence (see 4.1.1 Regulatory Overview), and two activities that are not specified as exempt in the legislation but which fall outside of DABA have been conducted by Bermuda companies in and outside of Bermuda, namely the mining of cryptocurrency/digital assets and operating blockchain protocols (to the extent that these are operations that do not involve DABA-licensable activities, such as providing custodial wallet services).

Many of Bermuda’s DABA licensees offer services to institutional customers, but several large and well-known retail digital asset businesses are licensed in Bermuda, and the BMA is able to accommodate oversight of such businesses (with applicable safeguards and operating procedures).

Many DABA licensees offer services across a number of public-permissioned blockchains, and some of the larger operators have interoperability protocols to allow clients to switch between different blockchains.

Part of the DABA licensing process involves careful assessment of appropriate levels of activity for operations post licensing, and the BMA takes an active approach in setting operating thresholds (such as net asset and liquidity limits) when granting DABA licences.

In respect of DAIA, which provides for the BMA to authorise public offers (issuances) of digital assets by applicant Bermuda firms (or overseas firms) in or from within Bermuda to raise capital, there has been relatively little activity, partly because DABA licensees can issue digital assets (if carried out by way of business).

While there has not been definitive case law in Bermuda (and where Bermuda courts would likely find the decisions of English courts persuasive, including decisions that have determined that crypto-assets constituted property), there is no express statutory definition of either the ownership or transfer of digital assets in Bermuda’s digital assets legislation (although the legislation is considered to have been drafted with the presumption that digital assets constitute property interests and legal title can be transferred and held in trust).

Consistent with the importance of control in asserting title to digital assets, in guidance and rules published by the BMA (exercising powers pursuant to DABA), which DABA licensees are required to adhere to (in respect of custody of digital assets for clients), it is provided that DABA licensees must have “adequate accounting... other records… systems and controls” to accurately track the ownership and quantity of client digital assets. The beneficial ownership rights of clients to digital assets held by DABA licensees are referred to in these rules, whilst the recently introduced Digital Asset Business (Custody of Client Assets) Rules 2025 (the “Custody Rules”; see 4.1.2 Licensing) refer to holders of digital assets having “respective beneficial ownership rights”.

In general, pursuant to the Digital Asset Business Custody Code of Practice (the “Custody Code”), the BMA (and its cyber-risk team) typically considers control of private keys (even by way of authorisation procedures for a multiparty computation (MPC) wallet) essential for determining the status of control of any digital assets, and for determining the ownership interest and finality of any transfer. The Custody Code includes technical standards applicable to those DABA licensees who provide custodial wallet services to ensure effective management and control of private keys (and thereby of the digital assets themselves).

In a consultation paper published late in 2024, the BMA indicated that they expect to introduce a definition of “control” of digital assets by amendment of Section 2 of DABA in order to capture DABA licensees that do in fact have control due to their business model but had previously been able to establish themselves outside of the custodial wallet services provider activity (and therefore not being subject to strict supervisory measures in respect of such control absent such change).

Under Bermuda’s DABA legislation, the wide definition of “digital asset” (“anything that exists in binary format with the right to use and includes a digital representation of value”) encompasses uses that fall within the exchange, security and utility token definitions used in other jurisdictions, namely:

• as a medium of exchange;
• to represent assets such as debt or equity or associated rights; or
• to provide access to an application or service.

Therefore, in most projects there may not be any need for categorisation in respect of digital assets (for regulatory purposes in Bermuda) although there may be consideration as to whether the proposed activity is among those requiring licensing under DABA.

The same definition of “digital asset” applies under DAIA in respect of digital asset issuance.

Recently, Bermuda has seen a number of projects (launched by DABA licensees) that involve the tokenisation of RWAs and representations or entitlement to other underlying rights, such as interests in securities including yield bearing stablecoins (backed by US Treasuries).

As mentioned in 2.2 Categorisation, the definition of “digital asset” under DABA includes security tokens (used to represent underlying securities), enabling businesses carrying out activities in respect of tokenised securities to be licensed under DABA.

Similar to tokenised securities, activities involving stablecoins are licensable under DABA in Bermuda, and Bermuda hosts a number of stablecoin issuers as DABA licensees. In 2024, the BMA published detailed guidance (the “SCPS Guidance”) applicable to stablecoin issuances that maintain a stable value relative to a specified asset, or a pool or basket of assets, in a single fiat currency (single currency-pegged stablecoins; SCPS). The SCPS Guidance introduced a comprehensive prudential regime for stablecoin issuers with requirements in respect of:

• the quality and sufficiency of backing assets;
• disclosures including requirements for attestations and audits of backing assets;
• stress testing;
• the bankruptcy remoteness of structures holding backing assets;
• interoperability;
• recovery and resolution planning; and
• liquidity and net asset requirements (own funds).

In the guidance, the BMA does not identify algorithmic stablecoins (as being applicable); however, it should be noted that the requirement for the issuer to have backing assets with market value equal to or higher than the value of the issued stablecoin tokens in circulation would likely preclude algorithmic stablecoins from being in compliance with the SCPS Guidance.

The majority or all of Bermuda’s stablecoin issuances licensed under DABA have had fiat currency or US Treasuries as backing assets.

In respect of other digital assets beyond those mentioned in the foregoing (such as non-fungible tokens, or NFTs), the broad definition of “digital assets” under DABA captures all or nearly all other relevant use cases.

At the time of writing, there have been considered and progressed projects in Bermuda that sought licensing for the issuance of NFTs (including to represent artworks).

The definition of “digital assets” includes means of exchange/payment instruments. Payments denominated in digital assets are valid in Bermuda, with a number of pilot activations having occurred that involved airdrops of tokens that could be used as a means of payment for goods and services in Bermuda. The Bermuda government has considered potential acceptance of digital assets (stablecoins) as a means of payment for government departments, and BermudAir, the national airline, recently announced it had partnered with a DABA licensee specialising in digital asset payment and interoperability systems, Zerohash, to accept payments in stablecoins.

In addition, one of the licensable activities under DABA is “operating as a payment service provider” utilising digital assets for the transfer of funds, and a number of current DABA licensees are licensed for this activity.

In 2025, the BMA published a consultation paper considering proposals to introduce a regulatory regime for payment service providers in Bermuda, which would supersede and likely overlap the existing licensing regime for money services businesses and permit payments denominated in digital assets.

Certain of Bermuda’s DABA licensees have looked to use digital assets for collateral arrangements in a number of ways in recent years.

Most recently, several DABA licensees have been establishing facilities to issue yield-bearing stablecoins in Bermuda, with the intention that those tokens will be used as collateral for derivatives trading – a particularly high-growth sector. Second, the use of digital assets as collateral for staking was permitted with the addition of a DABA activity (operating as a digital asset lending or digital asset repurchase transactions service provider), although volumes of staking activity peaked in 2022. Finally, transactions have occurred in Bermuda in which digital assets have been granted as collateral security for regular corporate transactions (by Bermuda companies holding digital assets), including for loan transaction security.

Bermuda does not have a specific statutory legal regime for granting collateral security over digital assets, although there have been transactions where security was effected and registered by Bermuda companies pursuant to the statutory regime of granting a charge over moveable assets pursuant to the Companies Act 1981 (which involved some technically complex issues regarding the control of private keys).

To the extent they are intended to comprise binding contracts (and include the requisite elements of contracts under common law – namely offer, acceptance, intention to create legal relations and consideration), smart contracts can and will be enforceable as contracts under common law in Bermuda.

In addition, the enforceability of smart contracts (including when they comprise a contract under common law) is strengthened by a statutory presumption of effectiveness. Under the Electronic Transactions Act 1999 (ETA), legal recognition is given to electronic records (which include information inscribed on a tangible medium or any other medium and are retrievable in perceivable form), with a negative presumption that the form of electronic record/s referred to “shall not be denied” legal effect, validity admissibility or enforceability solely on the ground of their electronic form.

The ETA also contains a negative presumption in respect of legal proceedings, such that the electronic form of a record (or its status as the “best evidence” not in the original form) shall not be a sole basis to deny admissibility in evidence in any legal proceedings.

Ordinarily, however, Bermuda DABA licensees need to ensure they adopt best practice in the operation of smart contracts to accord with the technical standards set by the BMA therefor, which include the adoption of secure development practices (in respect of standards and testing environments), benchmarking against specific vulnerability standards, security assessments and reviews of design and implementation risks (as set out in the Operational Cyber Risk Management Code of Practice; the “Cyber Code”).

Given that there is some overlap between digital asset business and investment business, there have been some examples of Bermuda-based investment business licensees carrying on activity that also falls within the scope of DABA (such as holding investments in tokenised assets or issuing RWA-backed tokens), and of DABA licensees beginning to hold investment fund instruments to back stablecoins, such as shares in funds holding US Treasuries.

To deal with the overlap, there are statutory carve-outs and guidance permitting a DABA licensee to carry out investment business – if done in an ancillary manner – within certain limits (the ancillary business generated should not exceed 25% of the total gross revenue, with a buffer zone of 25–35% requiring the DABA licensee to notify the BMA and agree a remediation plan or roadmap to reduce the revenue towards compliance with the 25% threshold).

For DABA licensees, the Class T and Class M licenses are considered as a sandbox environment overseen by the BMA, through which businesses graduate to the full Class F licence and are subject to certain limits and supervision as they develop their business models.

In addition, the BMA operates a sandbox for innovative businesses in the insurance industry, along with an innovation hub for earlier-stage business concepts, with sandbox licensees being classed as either innovative insurers (Class IIGB) or innovative intermediaries (IMP) in accordance with the Insurance Act 1978.

A number of the current companies in the insurance regulatory sandbox deploy blockchain/decentralised ledgers in their projects – such as offering insurance policies that are denominated in cryptocurrency and insurance markets administered by smart contracts. Such firms account for a proportion of the relatively large number of innovative firms developing new business models incorporating blockchain in Bermuda.

Bermuda’s DABA legislation predates the launch of the virtual asset service provider (VASP) legislative model arising from Financial Action Task Force (FATF) Recommendation 15 (New Technologies); however, it is similar in many ways (including the listed activities for which licensing is required).

As noted in 4.1.4 Anti-Money Laundering and Counter-Terrorism Financing (AML/CTF) Requirements, Bermuda has a very robust AML/ATF framework, as confirmed by recent assessments. The BMA, as a regulator, engages regularly with peer regulators and fellow international standard-setting bodies.

As discussed in the foregoing, the BMA is the sole financial regulator in Bermuda and is entirely responsible for the regulation of digital asset firms in Bermuda.

The Office of the Privacy Commissioner for Bermuda (the “Privacy Commissioner”) is an independent supervisory authority responsible for overseeing implementation of the Personal Information Protection Act 2016 (PIPA).

Bermuda hosts a number of professional bodies representing interests across the financial services sector. Relevant to digital assets, NEXT – the Bermuda Digital Assets Industry Forum – is an autonomous industry advocacy group for Bermuda-based digital asset companies licensed by the BMA providing a collective voice and opportunities for collaboration within Bermuda and globally.

Founded in May 2022, at the time of writing NEXT consists of 13 companies licensed under DABA and/or the IIGB category. As well as being a voice for the industry and representing Bermuda’s interests internationally, NEXT has been involved in consultations with the BMA on behalf of its membership.

The Bermuda government plays an active role across its different departments in engaging with stakeholders, both within Bermuda and externally. The government has a strong tech focus, which extends into areas such as digital identity, education and international co-operation.

The Bermuda Business Development Agency (BDA) oversees a number of working groups and committees, which can involve members of the Bermuda Bar considering proposals for law reform including in the digital assets space. In the last year, one sub-committee staffed by lawyers with experience in the sector, and overseen by the BDA, examined the development of DAOs globally and formulated proposals that have been transmitted to the Bermuda Government and the BMA for consideration and deployment in Bermuda.

In May 2025 – in the case of Lai and others v Bermuda Monetary Authority and the Minister of Finance (2025) SC (Bda) 49 Civ (the “Bittrex case”) – the Supreme Court of Bermuda rejected a challenge by the ultimate beneficial owners (UBOs) and former directors of a digital assets exchange, Bittrex Global (Bermuda) Ltd (“Bittrex”), which held a Class F (Full) DABA licence until it ceased operations in 2024. Details of the enforcement steps taken by the BMA are set out in 5.2 Enforcement Actions.

The challenge focused on the constitutional validity of the BMA’s regulatory actions and also heard arguments in respect of the impact of such actions on the individual former directors. 

The challenge was unsuccessful, and it was held that the BMA is not an “adjudicating authority” within the meaning of Bermuda’s Constitution and that the BMA does not determine civil rights obligations (a separate DABA appeal tribunal is the adjudicating authority under DABA). Additionally, the actions of the BMA (serving a warning notice and decision notice) did not determine any civil rights of the UBOs or former directors of Bittrex. 

A result of the case has been confirmation of the valid status of DABA under the Bermuda Constitution and of the BMA’s use of its enforcement powers. 

Due to the wide-ranging nature of regulation (in respect of both digital assets and insurance), the scope of regulation has not been shaped by regulator action or litigation.

The BMA has wide-ranging powers of investigation and discipline under DABA, DAIA and the Insurance Act, as well as under its enabling legislation, and the BMA also publishes details of certain of its enforcement actions on its website.

The BMA also publishes guidance as to the use of its enforcement powers (entitled the “Statement of Principles and Guidance on the Exercise of Enforcement Powers”).

Key disciplinary powers of the BMA under DABA include:

• the imposition of directions, restrictions and conditions;
• the imposition of civil penalties of up to USD10 million;
• injunctions;
• public censure (by way of published statement);
• prohibition orders against individual directors and officers (that such individual is not a fit and proper person to perform functions in relation to the regulated activity);
• a general power to require the production of documents (with failure to comply or issuing materially false or misleading information constituting a criminal offence);
• objections to controllers;
• revocation of licence (generally) and cancellation of registration (AML only);
• winding up; and
• referral to the police.

In the Bittrex case, it would seem from the judgment that the BMA’s use of its disciplinary powers included a warning notice and a decision notice.

There is no tax arising on the issuance, acquisition, purchase, subscription or sale of digital assets in Bermuda.

There are no taxes on income, profits, dividends or capital gains – or other taxes – in Bermuda other than a 15% corporate income tax (CIT) payable if a Bermuda company is part of a multinational group with annual revenue of EUR750 million (from 2025), to which double taxation and set-off rules shall apply.

Digital asset licensees that are structured as exempted companies can apply to the Minister of Finance for an exemption from any future imposition of tax on profits, income or any capital gain or appreciation until 31 March 2035 (although this does not apply to CIT, if payable). In addition, any conversion of the local currency (Bermuda dollars) via Bermudian banks will incur a 1% foreign currency purchase tax charge.

In the event that aspects of a transaction involving digital assets are concluded in a written agreement that is to be registered in Bermuda (such as a charge or security agreement), stamp duty will be chargeable at the rates specified in legislation.

While the BMA has been proactive in giving greater consideration to ESG and sustainable finance concerns across its areas of supervision – and expanded the risk management framework in the Insurance Code of Conduct in 2022 (to incorporate considerations of material risks arising from ESG aspects, in particular climate risks), which may impact firms that participate in the insurance regulatory sandbox – there are currently no disclosure or reporting requirements applicable to firms that are licensed under DABA or authorised under DAIA.

On 1 January 2025, PIPA came fully into force in Bermuda, and all Bermuda organisations that use personal information (whether wholly or partly by automated means, including as part of a structured filing system) are subject to it.

As in other jurisdictions, the introduction of PIPA means that Bermuda-based organisations, including digital asset firms, have to assess their own operations and establish processes to ensure compliance. These may include:

• adopting policies taking into account the nature, scope, context and purposes of the use of personal information and the risk to individuals from such use;
• engaging with third parties to ensure their compliance with PIPA at all times;
• designating a privacy officer who will have primary responsibility for communicating with the Privacy Commissioner;
• undertaking assessments to determine statutory conditions of use that the organisation can rely on;
• preparing a privacy notice and having protocols for notifying individuals when personal information is collected;
• ensuring any personal information held is accurate, up to date, adequate, relevant and used in a lawful and fair manner;
• implementing safeguards to protect personal information against risks of unauthorised access, destruction, modification or disclosure; and
• assessing the level of protection provided by an overseas third party prior to making a transfer of personal information.

The impact on Bermuda’s digital asset firms of PIPA compliance programmes will depend on the type of personal information they are using (and the manner of use) and how such programmes interface with on-chain operations. For example, the impact will differ between an on-chain insurance market (using significant personal information of the insured) and a liquidity services provider who deals only with institutions (with little or no personal information involved).