Belgium uses the Twin Peaks model for financial supervision. The NBB is primarily responsible for prudential supervision of the following:

• banks;
• payment institutions;
• e-money institutions;
• insurers;
• certain investment firms; and
• other prudentially supervised entities.

Under the Belgian MiCA implementing law, the NBB is also relevant for CASPs that are already NBB-supervised entities and for the prudential supervision of ART and EMT issuers where MiCA gives a national authority a role.

The FSMA is responsible for market conduct, investor and consumer protection in financial markets, public offers, market integrity and many financial intermediaries. Under the MiCA implementing law, the FSMA is the main authority for:

• standalone Article 63 CASPs;
• conduct-of-business requirements for CASPs;
• public offers and admissions to trading of crypto-assets other than ARTs and EMTs;
• certain conduct and marketing rules for ARTs; and
• MiCA market abuse rules.

Other authorities can be relevant. The Federal Public Service Economy deals with consumer and commercial law issues and has a limited MiCA role for certain EMT issuance, redemption and interest-related provisions under the Belgian Law of 11 December 2025. The Belgian Data Protection Authority supervises GDPR compliance. The Belgian Financial Intelligence Processing Unit receives suspicious transaction reports. The tax administration and the Office for Advance Tax Rulings deal with tax treatment and advance rulings.

Belgium has largely aligned its crypto-asset approach with EU and international standards rather than adopting an idiosyncratic national regime. MiCA, the Transfer of Funds Regulation and the EBA travel rule guidelines reflect the EU implementation of FATF-aligned AML/CFT standards. The NBB’s 2019 crypto-asset circular was based on the Basel Committee’s statement on crypto-asset exposures, and prudential treatment for banks is increasingly being shaped through EU implementation of Basel standards. IOSCO, ESMA and EBA work also influences Belgian supervisory practice through EU guidance, technical standards and supervisory convergence.

Crypto-assets are now characterised primarily under MiCA, unless they qualify as another regulated product such as a financial instrument, deposit, structured deposit, securitisation position, insurance product or pension product. MiCA distinguishes between EMTs, ARTs and crypto-assets other than ARTs or EMTs. Utility tokens are a subcategory of the latter. Unique and non-fungible crypto-assets are generally outside MiCA unless their features or issuance structure show that they are not genuinely unique or that the arrangement should be recharacterised.

Existing Belgian and EU financial regulation still matters. A token that qualifies as a financial instrument is outside MiCA and may trigger MiFID II, the Belgian Investment Services Act, the Prospectus Regulation, Belgian prospectus law, market abuse rules for financial instruments, CSDR and, where relevant, the DLT Pilot Regime. A tokenised fund interest may trigger AIFMD or UCITS rules. A payment or e-money structure may trigger the Belgian Payment Institutions Act and e-money rules, in addition to MiCA for EMTs.

MiCA regulates public offers and admissions to trading of in-scope crypto-assets, issuance of ARTs and EMTs, and the provision of crypto-asset services. Regulated crypto-asset services include:

• custody and administration;
• operating a trading platform;
• exchanging crypto-assets for funds or other crypto-assets;
• executing orders;
• placing, receiving and transmitting orders;
• advice;
• portfolio management; and
• transfer services.

Belgian law also contains product and marketing restrictions. The FSMA’s 2014 regulation prohibits the professional marketing to non-professional clients of certain financial products whose return depends directly or indirectly on virtual money. MiCA also restricts the admission of crypto-assets with an inbuilt anonymisation function to trading platforms unless holders and transaction history can be identified by the platform operator. Retail crypto-asset marketing is not prohibited as a category, but it is subject to MiCA and, where MiCA does not apply, the FSMA’s 2023 virtual currency advertising regulation.

The most important upcoming practical change is the end of the CASP transitional period on 1 July 2026. After that date, firms relying on transitional arrangements must either have a MiCA authorisation, valid Article 60 notification or another lawful basis, or cease the relevant services in the EU.

Using a legal wrapper such as a fund does not avoid the regulatory analysis in 2.2 Crypto-Asset Regulatory Frameworks. It changes the legal object purchased by investors, but the fund, its manager, depositary, distributor and portfolio may each trigger their own regulatory regimes.

A fund investing in crypto-assets may be an AIF and require an authorised or registered AIFM, a depositary where required, valuation procedures, risk management, disclosures and marketing compliance. A UCITS structure is more constrained because UCITS eligible asset rules do not generally accommodate direct holdings of native crypto-assets. Retail distribution of fund products with crypto exposure also raises suitability, product governance, risk disclosure and marketing issues. Derivative exposure to crypto-assets must be assessed under derivatives, prospectus, MiFID and retail product rules.

Regulated firms with crypto exposure must consider prudential, conduct, operational, accounting and governance consequences. Banks and other NBB-supervised entities should assess the NBB’s expectations on crypto-asset exposures, Basel/EU prudential treatment, AML/CFT, outsourcing, custody and risk governance. Investment firms, portfolio management companies, UCITS management companies and AIF managers may be able to provide certain crypto-asset services under MiCA Article 60 notification where the services are equivalent to their existing permissions, but they cannot simply extend into custody or other services beyond that equivalence. Where they provide a service outside Article 60 equivalence, a full CASP authorisation may be required.

Belgium has not become a large domestic ICO or token generation event hub. Issuance activity is now expected to be structured under MiCA or, where the token is a financial instrument, under the ordinary securities and financial services framework. The viability of launching a crypto-asset from Belgium depends on the token’s classification, target investors, offer size, trading arrangements, issuer location, reserve or redemption features, and whether any regulated services are provided.

For crypto-assets other than ARTs or EMTs, MiCA generally requires the offeror to be a legal person, draw up a crypto-asset white paper, notify it to the competent authority, publish it, ensure marketing communications are fair, clear and not misleading, and comply with the offeror obligations. Certain exemptions exist, including offers to fewer than 150 persons per member state, offers below EUR1 million over 12 months, and offers addressed solely to qualified investors where the asset can only be held by qualified investors. The white paper is notified, not pre-approved, for this category.

For ARTs, the regime is materially heavier. An issuer generally requires authorisation or must be a credit institution satisfying MiCA requirements, and the white paper is subject to approval. For EMTs, only credit institutions and e-money institutions may issue the token, and holders must have a redemption claim at par. EMT issuance is therefore closely linked to existing e-money regulation.

Where the token is a financial instrument, MiCA does not apply and Belgian/EU securities laws must be considered. That can include prospectus requirements, MiFID licensing, placement restrictions, market infrastructure rules and the Belgian intermediation monopoly for public offers of investment instruments. Pre-launch engagement with the FSMA or NBB is strongly advisable for any Belgian issuance or offer into Belgium.

MiCA has introduced a dedicated market abuse framework for in-scope crypto-assets. It applies to acts concerning crypto-assets that are admitted to trading or for which a request for admission to trading has been made, and it applies to transactions, orders or behaviour whether or not they occur on a trading platform. The FSMA is the Belgian authority responsible for checking compliance with MiCA’s market abuse rules.

The prohibited behaviours are:

• insider dealing;
• unlawful disclosure of inside information; and
• market manipulation.

Inside information includes precise, non-public information relating directly or indirectly to issuers, offerors, persons seeking admission to trading or crypto-assets, where publication would likely have a significant effect on prices. For persons executing client orders, client order information can also be inside information. Market manipulation includes false or misleading signals, securing prices at abnormal or artificial levels, deception or contrivance, and disseminating false or misleading information, including through the internet.

The framework differs from the traditional Market Abuse Regulation (MAR) because it is tailored to crypto-assets rather than financial instruments. MiCA expressly recognises crypto-specific contexts, including social media, smart contracts, mining pools, DLT governance and the role of persons involved in the underlying technology. Derivatives or tokenised products that are financial instruments remain subject to MAR where the ordinary conditions are met. In practice, some structures can therefore require parallel analysis under MiCA, MAR and ordinary Belgian criminal or civil law.

Belgian supervisors have shown that they are prepared to enforce crypto rules where cross-border providers target Belgium without the required regulatory basis. The most notable public example remains the FSMA’s decision of 23 June 2023 ordering Binance to cease offering virtual currency services in Belgium because services were being provided from non-EEA entities under the pre-MiCA Belgian AML regime. The FSMA also required the return or transfer of Belgian clients’ assets and notified the Brussels public prosecutor of facts potentially constituting a criminal offence.

Under MiCA, non-compliance can lead to supervisory measures, public warnings, suspension or prohibition of offers or services, withdrawal of authorisation and administrative sanctions. AML/CFT breaches may also lead to administrative sanctions or criminal consequences under the Belgian AML Act. Consumer, advertising and data protection breaches can be enforced by the relevant authorities in parallel.

For cross-border breaches, Belgium will rely increasingly on MiCA’s home/host authority co-operation model, ESMA and EBA co-ordination, and the EU register of white papers, issuers and CASPs. A third-country firm cannot avoid the regime merely by using a foreign website or contractual disclaimer if it actively solicits Belgian or EU clients.

The regulatory attitude over the next 12 months is likely to be active but implementation-focused. Supervisors are expected to prioritise MiCA authorisation and notification processes, the end of the transitional period, AML/CFT and travel rule compliance, marketing to retail clients, custody and operational resilience.

A licence, authorisation or notification is required where the activity, not the technology, falls within a regulated perimeter. The main trigger for a crypto-asset business is the professional provision in the EU of a crypto-asset service under MiCA, such as custody and administration, operating a trading platform, exchange against funds or other crypto-assets, execution, placing, reception and transmission of orders, advice, portfolio management or transfer services. Standalone CASPs generally require Article 63 authorisation, while certain financial entities can provide equivalent services after an Article 60 notification.

Other triggers remain relevant. Issuing or offering ARTs or EMTs, offering crypto-assets to the public, seeking admission to trading, issuing financial instruments, operating a market infrastructure, providing investment services, managing a fund, issuing e-money, providing payment services or conducting crowdfunding can each require separate authorisation or compliance.

MiCA has an EU territorial perimeter. A CASP authorised under Article 63 must have a registered office in a member state where it carries out at least part of its crypto-asset services, have its place of effective management in the EU and have at least one director resident in the EU. Belgium may be the home member state where the CASP has its registered office in Belgium, or where a non-EU offeror without an EU branch first offers the crypto-asset to the public in Belgium or first seeks admission to trading there. Separately, Belgian tax residence, company law, AML/CFT and establishment questions may arise if key management, staff or infrastructure are in Belgium.

MiCA contains a transitional regime. CASPs that provided services in accordance with applicable national law before 30 December 2024 may continue until 1 July 2026 or until authorisation is granted or refused, whichever occurs first. In Belgium, the FSMA has stated that it did not grant any registrations under the pre-MiCA national VASP rules. EEA providers relying on a national authorisation in their home member state may only rely on transition in Belgium if they were already active in Belgium on 30 December 2024 and were permitted to do so under their home regime.

A standalone CASP seeking authorisation in Belgium must submit an application to the competent authority, generally the FSMA unless the Belgian MiCA implementing law allocates prudential supervision to the NBB because of the applicant’s existing regulated status. The application must describe the following:

• services;
• business plan;
• governance;
• shareholders;
• management body;
• prudential resources;
• ICT systems;
• safeguarding and custody arrangements;
• outsourcing;
• conflicts of interest;
• complaints handling;
• AML/CFT framework;
• market abuse controls where relevant; and
• wind-down arrangements.

MiCA requires the CASP to have a registered office in a member state, effective management in the EU and at least one EU-resident director. Managers and qualifying shareholders must meet suitability expectations. Own funds or insurance requirements depend on the class of services, broadly as follows:

• EUR50,000 for services such as advice, portfolio management, reception and transmission, execution, placing and transfer services;
• EUR125,000 for services such as custody and exchange; and
• EUR150,000 for operating a trading platform.

Operational substance is important. The applicant must be able to demonstrate that key functions, compliance, risk management, ICT security, AML/CFT and outsourcing oversight are real and effective. Where client assets or private keys are held, the custody model, wallet governance, segregation, reconciliation, incident response and access controls will be scrutinised closely.

Regulated financial entities using Article 60 do not apply for a full CASP authorisation for equivalent services, but they must notify the competent authority using the prescribed forms and templates. The scope of deemed equivalence is not unlimited. For example, the FSMA has clarified that portfolio management and investment advisory companies, UCITS management companies and AIF managers are not permitted to hold client funds, client-owned crypto-assets or the means of access to crypto-assets merely by making an Article 60 notification.

MiCA contains change-of-control requirements for CASPs. A person intending to acquire, directly or indirectly, a qualifying holding in a CASP, or to increase a qualifying holding so that the voting rights or capital held reach or exceed 20%, 30% or 50%, or so that the CASP becomes its subsidiary, must notify the competent authority in advance. A qualifying holding is generally a direct or indirect holding of at least 10% of capital or voting rights, or a holding enabling significant influence over management.

The competent authority assesses the proposed acquisition, including the reputation of the proposed acquirer, the reputation, knowledge, skills and experience of persons who will direct the business, the acquirer’s financial soundness, the CASP’s continuing ability to comply with MiCA, and money laundering or terrorist financing concerns. Disposals or reductions below relevant thresholds must also be notified.

In Belgium, the competent authority will depend on the status of the CASP and the allocation of powers under the Law of 11 December 2025. If the target is also a bank, payment institution, e-money institution, investment firm or other regulated entity, sectoral change-of-control rules may apply in parallel.

A MiCA CASP authorisation granted in Belgium can be used to provide the authorised crypto-asset services throughout the EU, either through the freedom to provide services or through a branch. MiCA expressly states that a CASP providing services cross-border is not required to have a physical presence in the host member state.

To passport, the CASP must submit the required information to its home competent authority, including the member states in which it intends to provide services and the services concerned. The home authority then transmits the information to ESMA and the host authorities. The practical process is therefore a notification process, not a new host-state licence, although host-state consumer, advertising, AML/CFT, tax and data protection issues may still matter.

Other financial licences may have their own passporting mechanics. A Belgian payment institution, e-money institution, investment firm, UCITS manager or AIFM should not assume that its existing passport automatically covers crypto-asset services unless MiCA Article 60 or another specific regime applies.

Cross-border sales of crypto-asset services into Belgium are restricted where the activity falls within MiCA or another financial services regime. A firm providing crypto-asset services to Belgian clients must have a valid MiCA authorisation, valid Article 60 notification or lawful transitional basis, unless the activity is genuinely outside the regulatory perimeter. A third-country firm cannot actively solicit Belgian clients for in-scope services without an EU regulatory basis.

Reverse solicitation is recognised under MiCA, but it is narrow. A third-country firm may provide a crypto-asset service to a Belgian or EU client only where the client initiates the service at the client’s own exclusive initiative. The firm may not use reverse solicitation to market new types of crypto-assets or crypto-asset services to that client, and generic website disclaimers are unlikely to be sufficient if the overall facts show active solicitation.

MiCA marketing communications must be clearly identifiable, fair, clear and not misleading, consistent with the white paper where one is required, and must contain the prescribed responsibility statement. Where a white paper is required, marketing communications cannot be disseminated before publication of the white paper. For crypto-assets other than ARTs and EMTs, white papers are notified rather than approved, but marketing communications may need to be notified upon request.

Belgian advertising rules remain relevant. The FSMA’s 2023 regulation on the distribution of virtual currencies to consumers continues to apply where the advertisement falls outside MiCA: for example, certain influencer or intermediary advertising, or offers of crypto-assets with no identifiable issuer such as bitcoin. CASPs using the MiCA transitional regime must also continue complying with that regulation for advertisements disseminated when distributing virtual currencies to Belgian consumers. Mass media campaigns under the Belgian regime must be notified to the FSMA at least ten days before dissemination.

White-label structures are possible, but an external firm cannot simply borrow or rent the licence of an authorised Belgian or EU entity. The regulatory analysis turns on who provides the regulated service to the client, who contracts with the client, who holds client assets or keys, who controls execution, advice or order routing, who receives remuneration and how the service is presented.

If the licensed entity is the true CASP and the white-label provider supplies only technology or operational support, the structure can be viable subject to MiCA outsourcing, governance, ICT, AML/CFT, data protection and conflict-of-interest requirements. The structure should not result in a regulated crypto-asset service, in particular custody and administration, being provided to EU clients by an unauthorised entity or an unauthorised third-country group entity. The licensed entity remains responsible to clients and supervisors and must be able to control, monitor and terminate the outsourced arrangement.

If the external firm markets the service as its own, exercises discretion, receives and transmits orders, provides advice, handles custody, operates a trading platform or otherwise performs a crypto-asset service, it may itself require MiCA authorisation or notification. The client-facing documentation, branding, complaints process and disclosures should make the roles of the parties clear and avoid misleading clients as to who is authorised and responsible.

DeFi is not prohibited as a category in Belgium. The difficulty is that Belgian and EU financial regulation applies by function and substance, while many DeFi projects are designed to avoid a centralised operator. A genuinely decentralised protocol with no issuer, offeror or service provider may fall partly outside MiCA as currently drafted, but this conclusion is highly fact-specific and should not be assumed merely because a project uses smart contracts or a DAO label.

Where there is an identifiable promoter, developer, governance body, foundation, interface operator, liquidity arranger, token issuer, validator, custodian or other intermediary, ordinary rules may apply. These can include:

• MiCA;
• AML/CFT;
• the Transfer of Funds Regulation;
• financial instruments regulation;
• payment services;
• consumer protection;
• market abuse;
• sanctions;
• data protection; and
• tax rules.

CeFi firms in Belgium may use DeFi infrastructure only if they can still comply with their own obligations. Key concerns include:

• custody and segregation;
• private-key control;
• smart contract risk;
• oracle risk;
• transaction finality;
• conflicts of interest;
• outsourcing;
• DORA;
• AML/CFT and sanctions screening;
• travel rule compliance where transfers are made through CASPs;
• market abuse surveillance;
• valuation;
• accounting; and
• client disclosures.

A regulated firm must be able to explain how it controls the risks of a protocol that it does not itself control.

Belgian law does not recognise a DAO as a separate legal form. A DeFi project with Belgian connections will usually need one or more ordinary legal vehicles if it wants to contract, employ staff, hold assets, raise funding, own intellectual property, open accounts, pay taxes or interact with regulators. Depending on the activity, this may be a Belgian company such as a BV/SRL or NV/SA, a Belgian non-profit association or foundation, or a foreign foundation or company combined with Belgian service providers.

The structure is normally driven by substance: who develops the code, who owns the intellectual property, who issues tokens, who controls treasury assets, who operates the user interface, who decides protocol changes, who receives fees and who can pause or upgrade the protocol. Governance documents should address token-holder rights, voting, conflicts, delegation, treasury management, liability, tax and wind-down.

There are no DeFi-specific capital requirements in Belgium. Capital or own-funds requirements arise if the vehicle is a regulated CASP, payment institution, e-money institution, investment firm, fund manager, issuer of ARTs or another regulated entity. For unregulated corporate vehicles, ordinary Belgian company law applies, including the requirement that founders of a BV/SRL provide sufficient initial equity for the planned activity, even though there is no statutory minimum capital for that form. An NV/SA remains subject to minimum capital requirements.

There are no leading Belgian court decisions or publicly reported Belgian regulatory enforcement actions that provide a comprehensive DeFi liability framework. Judges and regulators would therefore be expected to apply ordinary principles of Belgian civil, commercial, financial, criminal and consumer law.

The absence of a centralised company or the use of a DAO does not automatically prevent liability. Potentially accountable persons may include founders, developers, promoters, interface operators, governance participants, directors, token issuers, custodians, liquidity providers, advisers or regulated firms that integrate the protocol into their own services. The relevant test will be what each person actually did, controlled, represented or benefited from, and whether a statutory duty, contractual duty, tort duty, AML/CFT duty or consumer protection obligation was breached.

Regulators are likely to look at substance over form. A project described as decentralised may still have an identifiable person providing a regulated service if that person controls access, fees, listings, custody, key infrastructure, governance or client communications. For regulated firms, using DeFi does not shift responsibility to the protocol. The firm must still comply with suitability, conduct, governance, outsourcing, operational resilience, AML/CFT, sanctions and disclosure obligations.

Payments in crypto-assets are not prohibited in Belgium where the payee agrees to accept them. Crypto-assets are not legal tender, so a creditor cannot generally be forced to accept them unless the contract provides for payment in that asset. The legal character of the transaction may be closer to barter or settlement in kind than payment in money, depending on the asset and contractual terms.

The regulatory treatment depends on the payment model. A merchant accepting bitcoin or another crypto-asset for goods or services is not, for that reason alone, providing a regulated payment service. However, an intermediary that transfers funds, issues e-money, operates payment accounts, provides acquiring, initiates payments or issues EMTs may be regulated under the Belgian Payment Institutions Act, e-money rules and/or MiCA. Stablecoins are addressed separately under MiCA.

Businesses accepting crypto-assets should address pricing, exchange-rate risk, refunds, consumer information, accounting, VAT, income tax, AML/CFT, sanctions and record-keeping. Belgian rules requiring certain payments to be made in scriptural money, including real estate purchase price payments, may prevent settlement in crypto-assets for those transactions. Crypto-assets should not be used to circumvent cash-payment restrictions or AML controls.

Belgian law generally regulates tokenised assets and real-world asset tokens according to the rights they represent, not according to the fact that a blockchain is used. Tokenisation does not transform the underlying asset into an unregulated product and does not, by itself, transfer ownership of the off-chain asset.

If the token is a financial instrument, traditional securities and investment services rules apply. This may include MiFID II, prospectus rules, Belgian rules on investment instruments, market abuse, CSDR and, where the relevant conditions are met, the EU DLT Pilot Regime. The DLT Pilot Regime is specifically designed for DLT market infrastructures handling financial instruments and allows limited, conditional exemptions from ordinary market infrastructure rules.

If the token represents a contractual claim to an off-chain asset, such as commodities, receivables, real estate interests, carbon credits or other real-world assets, the legal analysis depends on the underlying transfer, custody and enforceability arrangements. It must be clear who owns the underlying asset, whether the token-holder has a direct right, a contractual claim, a security interest or only economic exposure, how insolvency of the issuer or custodian is handled, and how the token can be redeemed or enforced.

If the token represents shares in a Belgian company, ordinary Belgian company law remains relevant, including the rules on nominative and dematerialised securities and the evidentiary effect of the share register or securities account. A blockchain register can be useful operationally, but it must fit the legally recognised method of recording and transferring the relevant rights.

RWA structures therefore require more than token design. They require a robust legal wrapper, custody or asset-control arrangement, insolvency analysis, tax treatment, valuation method, AML/CFT process, investor disclosure and, where retail investors are targeted, careful consumer and financial promotion compliance.