Blockchain & Crypto-Assets 2026

Last Updated June 11, 2026

Italy

Law and Practice

Authors

Francesco Paolo Patti
Marta Vittoria Colombo

Studio Patti is a full-service law firm providing advice across corporate, regulatory, dispute resolution, and technology-driven practice areas, with a strong focus on fintech and crypto-assets. With 15 professionals in Rome, Milan, and Munich, the firm operates within Europe’s innovation ecosystem, supporting clients across jurisdictions. The multidisciplinary approach enables the practice to advise on a wide range of emerging technologies, including blockchain protocols, crypto-assets, tokenisation, and innovative financial services. Studio Patti also supports clients with white papers, CASP licensing, regulatory positioning, and market entry strategies. In addition, the practice advises on fundraising, including round structuring and investor negotiations, ensuring compliance and growth. Serving international clients, from start-ups to established institutions, the firm assists with complex regulatory landscapes, structuring cutting-edge projects, and ensuring compliance in a rapidly evolving environment. Recent experience includes advising clients on MiCAR authorisation applications and successfully leading a complex cross-border licensing process to a positive outcome.  

Over the past 12 months, Italian market practice has increasingly consolidated around the European Markets in Crypto-Assets Regulation (MiCAR) as the primary compliance benchmark for conducting crypto-asset activities in Italy. This development has occurred even as certain domestic implementing measures continue to mature. The overall trajectory is clear: operators active in Italy are expected to align their organisational, operational and governance frameworks with MiCAR standards in anticipation of full supervisory convergence.

At the national level, the legislative framework identifies Consob and the Banca d’Italia as the competent authorities and delineates their respective areas of responsibility. Consob exercises oversight over conduct of business, transparency and investor protection, while the Banca d’Italia is entrusted with prudential supervision, including governance, organisational requirements and risk management. This allocation of competences reflects a deliberate extension of traditional financial regulatory principles into the crypto-asset domain.

Prior to MiCAR, Italy had established a registration regime for virtual asset service providers through the OAM register. However, this regime was primarily administrative and is now being superseded by the more robust MiCAR framework.

As a result, market participants have progressively restructured their internal compliance systems with a view to becoming “authorisation-ready”. This has entailed the development or refinement of policies relating to outsourcing, ICT governance, operational resilience, product governance, marketing controls and complaints handling. The shift is not merely procedural but reflects a broader change in regulatory posture: operators are preparing for continuous supervision rather than one-off registration.

This transformation has also influenced the approach of banks and large financial institutions. Engagement with crypto-assets is increasingly framed within structured authorisation pathways rather than exploratory or experimental initiatives. Partnerships and group-level strategies are designed to operate within a foreseeable regulatory perimeter, thereby reducing legal and reputational uncertainty.

In parallel with MiCAR, Italy has implemented a framework for digital financial instruments based on DLT, in line with the EU DLT Pilot Regime (Regulation (EU) 2022/858). This framework introduces the concept of “digital financial instruments” and provides for their issuance, transfer and registration through a “register for digital circulation”.

A central feature of this regime is the official list of “responsabili del registro” – entities authorised to operate DLT-based registers. Inclusion requires a formal procedure and entails ongoing obligations regarding operational reliability, transparency and accountability.

This dual regulatory track, comprising MiCAR for crypto-assets and the DLT framework for financial instruments, has contributed to a gradual reorientation of market initiatives toward tokenised securities and structured capital markets applications. These use cases benefit from an established legal infrastructure, including disclosure obligations, custody arrangements and market abuse rules, which can be adapted to distributed ledger environments. The regulatory clarity associated with financial instruments has made this segment particularly attractive for institutional actors.

In practical terms, this has encouraged both institutional and market-led initiatives. On the one hand, financial institutions have conducted pilot projects aimed at improving efficiency and auditability in issuance processes and life cycle management, including corporate actions, transfer restrictions and collateral enforcement. On the other hand, crypto-native operators have increasingly sought to align their products with securities-like frameworks, with a view to accessing regulated distribution channels and secondary markets.

A further area of development concerns blockchain-based models linked to the energy sector. In Italy, certain projects are exploring the tokenisation of rights associated with access to renewable energy production capacity. These structures are typically designed to grant users contractual rights to benefit from the output of renewable energy installations, for example through economic returns or reductions in energy costs. While still subject to careful regulatory classification, these initiatives reflect a broader trend toward the application of distributed ledger technology to real-economy assets and infrastructure.

Italy demonstrates significant technical expertise in DeFi. Italian teams are active in smart contract development, security auditing and protocol design. From a regulatory perspective, these activities are often channelled into hybrid models incorporating elements capable of interfacing with the regulated perimeter.

Looking ahead, the most significant near-term development is likely to be the transition from preparatory compliance efforts to the granting of the first MiCAR authorisations and the commencement of fully supervised operations. At the same time, the DLT-based financial instruments framework is expected to mature, providing further opportunities for regulated tokenisation initiatives.

In this context, two trends are likely to emerge. First, there will be increased participation by traditional financial institutions, either as applicants for authorisation or as partners in regulated projects, driven by greater regulatory certainty. Second, competitive pressures are likely to intensify, leading to consolidation among smaller operators for whom the costs of compliance, capital requirements and governance standards may prove burdensome.

A key legal issue underpinning these developments is the classification of tokenised assets. The distinction between crypto-assets falling within the scope of MiCAR and financial instruments subject to existing capital markets legislation is of fundamental importance. The same technological infrastructure may support either classification, depending on the rights attached to the token and the manner of its distribution. Consequently, considerable attention is being devoted to the legal structuring of products, with classification analysis becoming a central element of business strategy.

In the area of intellectual property, Italian practice is evolving without consolidated case law on blockchain disputes. For NFTs, there is growing recognition that the token does not confer ownership of underlying IP. Market practice has shifted toward structured contractual approaches, emphasising clear licensing terms and transparent communication to users.

In sum, the Italian approach to crypto-assets and distributed ledger technology is characterised by a progressive integration into the existing financial regulatory framework. The emphasis on governance, investor protection and supervisory clarity suggests that future market development will favour operators capable of demonstrating robust compliance structures and operational resilience within a clearly defined legal perimeter.

Italy has introduced a structured regulatory sandbox to allow fintech operators to test innovative solutions within a controlled environment, while ensuring appropriate levels of investor and consumer protection. The sandbox applies across the banking, financial and insurance sectors and involves co-ordinated supervision by Consob, the Banca d’Italia and IVASS. Its legal framework is defined, inter alia, by Ministerial Decree No 100 of 30 April 2021, which sets out admission criteria, operational limits and supervisory powers.

From a practical standpoint, the sandbox is particularly relevant where innovation intersects with regulated activities or does not fit neatly within existing regulatory frameworks. This includes cases involving reserved services, such as investment or payment services, lending and insurance distribution, as well as new operational models, including DLT-based infrastructures, algorithmic governance systems and alternative custody solutions.

The sandbox operates on a temporary and conditional basis. Admission is granted following a case-by-case assessment, and participants are subject to specific safeguards and reporting obligations. The objective is to allow controlled experimentation while enabling authorities to observe and better understand emerging technologies and business models.

This framework is complemented by Italy’s regime on digital financial instruments based on distributed ledger technology, adopted in connection with the EU DLT Pilot Regime. Unlike the sandbox, the DLT framework provides a stable legal basis for certain activities, including the issuance and transfer of financial instruments through distributed ledger-based registers and the operation of DLT trading and settlement systems. Notably, the regime has already moved beyond a purely theoretical stage: four entities have been authorised as “responsabili del registro”, including a major institutional player, Cassa Depositi e Prestiti, which signals growing involvement of established financial actors in DLT-based market infrastructure.

In practice, innovators must determine whether to pursue a sandbox-based approach or to enter directly into a formal authorisation or registration regime. The sandbox is generally suitable for projects at an experimental stage or where legal classification remains uncertain. Conversely, where the business model can be clearly framed within an existing regulatory category, operators may opt for direct authorisation, for example under MiCAR, or registration under the DLT framework.

This dual approach reflects the Italian regulatory strategy of combining controlled experimentation with structured pathways to full compliance, allowing innovation to develop within a defined and supervised legal perimeter.

Italy’s regulatory attitude toward blockchain can be characterised as cautious, structured and anchored in investor and market protection. Public authorities do not approach blockchain as a sector to be either promoted unconditionally or restrained outright. Rather, innovation is channelled within existing legal principles, with an emphasis on governance, transparency and accountability. The implementation of MiCAR reflects this posture: technological novelty does not justify a relaxation of standards, but instead requires clearer allocation of responsibilities and more robust internal controls. As a result, business models that incorporate “compliance by design” are increasingly favoured, particularly where they can demonstrate reliability in areas such as marketing practices, conflict management, operational resilience and complaint handling.

At the same time, Italy does not confine blockchain regulation to crypto-assets alone. Distributed ledger technology is expressly recognised as a potential market infrastructure tool, even where the underlying asset does not fall within the MiCAR perimeter. The legislative framework on digital financial instruments provides a clear illustration. It allows for the issuance and circulation of financial instruments through book entries on a distributed ledger-based “register for digital circulation”, to which specific legal effects are attached. These include rules on the opposability of entries, the exercise of voting rights, the attribution of payment entitlements and the creation of security interests. In this context, blockchain is regulated in functional terms, focusing on operational roles and responsibilities. The framework requires clarity as to who operates the register, the minimum technical and organisational standards it must satisfy, the procedures for handling errors or loss of access, and the allocation of liability among participants.

Outside the financial instruments perimeter, blockchain may also be deployed through private legal arrangements. A notable example in the Italian context is the “contratto di rete”, which allows networks of enterprises to define governance structures, data-sharing rules and operational responsibilities contractually. In such cases, the distributed ledger serves as a shared record-keeping mechanism, while legal effectiveness depends on the alignment between the technological layer and the contractual framework, as well as compliance with any applicable sector-specific regulation.

With respect to data protection, blockchain-based applications are subject to the general framework established by the General Data Protection Regulation (GDPR), as implemented in Italy through the Privacy Code (Legislative Decree No 196/2003, as amended). The GDPR adopts a technology-neutral approach, meaning that blockchain is neither inherently compliant nor inherently incompatible with data protection rules. Compliance depends on system design and governance choices, including data minimisation, identification of controllers and processors, lawful bases for processing, and security measures.

The Italian Data Protection Authority (Garante per la protezione dei dati personali) aligns its approach with European guidance, including positions developed at the level of the European Data Protection Board and the European Data Protection Supervisor. In practice, a number of compliance principles have emerged. Market participants are generally expected to avoid recording personal data directly on immutable ledgers, to rely on off-chain storage solutions with on-chain references such as hashes, and to treat pseudonymisation as a risk-mitigation technique rather than a full exemption from GDPR applicability. Particular attention is required in defining mechanisms to address data subject rights, including requests for erasure or rectification.

At a high level, the so-called right to be forgotten is not considered incompatible with blockchain technology, but it requires careful architectural planning. A commonly adopted approach involves separating the immutable ledger layer from the storage of personal data, so that the ledger contains only indirect references while personal data remains subject to modification or deletion off-chain. This layered model allows the immutability of the ledger to be preserved without undermining compliance with data protection obligations.

Finally, with regard to pseudonymisation, Italian practice reflects the jurisprudence of the Court of Justice of the European Union, according to which data remains “personal” where individuals can be identified through reasonably available means. Consequently, blockchain identifiers and addresses are often treated as personal data if they can be linked, directly or indirectly, to a natural person. This reinforces a prudent compliance approach, under which blockchain solutions must be designed with the assumption that data protection rules will apply in full whenever identifiability cannot be definitively excluded.

Under Italian law, so-called smart contracts can be accommodated within the existing framework of contract law, provided that the general requirements for contractual validity are satisfied. These include the agreement of the parties, a lawful cause (causa), an object that is sufficiently determined or determinable, and compliance with any applicable formal requirements. The use of automated execution through code does not displace these elements. Rather, it presupposes them. The legal analysis therefore remains centred on the existence of a valid agreement, the identification of the parties, and the determination of the contractual content.

From this perspective, a smart contract is more accurately understood not as a distinct legal category, but as a technological modality for the performance and execution of contractual obligations. The fact that performance is automated does not eliminate the need to establish, through conventional legal means, that a contract has been concluded and to interpret its terms. In case of dispute, courts will continue to assess the parties’ common intention, and the code will be considered as one element – albeit a technically relevant one – within the broader evidentiary framework.

Italian legislation has nonetheless introduced statutory definitions that help situate these concepts within the legal system. Article 8-ter of Decree-Law No 135 of 2018, as converted into Law No 12 of 2019, defines “distributed ledger technologies” as shared, distributed, replicable registers, accessible simultaneously, architecturally decentralised on a cryptographic basis and capable of recording, validating, updating and storing data in a manner that is verifiable and resistant to alteration. The same provision defines “smart contracts” as computer programs operating on such technologies, whose execution automatically binds two or more parties based on predefined effects.

These definitions serve an important classificatory function, providing a point of reference for market participants and courts. However, they do not create a new category of contract or introduce a self-standing legal regime. The traditional principles of Italian contract law continue to apply in full. As a consequence, operators must ensure that the use of a smart contract is embedded within a broader contractual framework that governs interpretation, allocation of risk, mechanisms for modification or suspension of performance, and dispute resolution.

In addition, where the underlying transaction is subject to mandatory form requirements, the deployment of a smart contract does not derogate from such requirements. Transactions that must be executed by way of public deed or other formal instruments remain subject to those rules irrespective of any automated execution layer. In practice, this has led to the widespread adoption of “dual-layer” structures, in which a written agreement defines the legal relationship between the parties, while the smart contract code is used as a tool to implement and automate performance in accordance with the agreed terms.

The Italian Blockchain Association presents itself as a multidisciplinary and sector-wide organisation whose primary function is to support the orderly and responsible development of blockchain technologies within the Italian legal and economic system. Its role is best characterised as that of an “ecosystem infrastructure”, in that it seeks to connect a broad range of stakeholders – including legal professionals, technology developers, academic institutions, entrepreneurs and established businesses – around shared methodological and governance principles, rather than advancing a specific commercial agenda or technological orthodoxy.

A defining feature of the Association’s positioning is its non-partisan and inclusive approach. It does not adhere to a single ideological vision of blockchain development, but instead maintains an open framework capable of accommodating different technological architectures and governance models, whether centralised, decentralised or hybrid. This neutrality enhances its credibility as an interlocutor in a field often characterised by fragmentation and competing narratives.

From a practical standpoint, one of the Association’s most relevant functions is to act as a structured counterpart to public institutions and supervisory authorities. In a regulatory environment where technological complexity can hinder effective dialogue, the Association contributes by translating technical developments into legally and policy-relevant terms. At the same time, it provides a channel through which industry participants can articulate co-ordinated positions, thereby facilitating more coherent and informed engagement with legislative and regulatory processes.

Another important dimension of its activity lies in the promotion of common standards and best practices. This function is particularly significant in a context where the applicable legal framework is often principles-based and where compliance outcomes depend heavily on technological design choices. The Association therefore encourages the adoption of approaches centred on quality and security by design, with a view to ensuring that technological solutions are developed in a manner consistent with regulatory expectations.

Under Italian law, crypto-assets are not expressly classified as “property” in the traditional civil law sense. There is no explicit recognition of crypto-assets as “beni” under the Italian Civil Code, nor a dedicated regime of real rights comparable to that applicable to tangible assets. Nonetheless, the legal system accommodates them through a functional approach that combines contractual principles, factual control and regulatory safeguards.

In practice, the holder of the private key is generally regarded as the subject capable of exercising control over the crypto-asset. However, legal protection of such position is not based on classical property remedies, but rather on a combination of contractual rights (for example, vis-à-vis custodial providers), tort law and, where relevant, criminal law. As a result, ownership claims are enforced differently from those relating to tangible property: the focus is less on possession as a legal concept and more on demonstrable control and the underlying contractual framework.

The transfer of crypto-assets is likewise not governed by a specific statutory rule. It is generally understood to occur through the combination of a technical transaction recorded on a distributed ledger and the parties’ intention to transfer the asset. Where intermediaries are involved, transfers may be reflected through internal account entries, with the user holding a contractual claim against the provider rather than direct on-chain control.

The use of crypto-assets as collateral remains an evolving area. Italian law does not provide a comprehensive regime specifically tailored to security interests over crypto-assets. In practice, collateral arrangements are typically structured through contractual mechanisms that rely on control, such as the transfer or escrow of private keys or the use of custodial accounts. Where the relevant tokens qualify as financial instruments, the European regime on financial collateral may apply, offering greater legal certainty. Outside that perimeter, issues of enforceability and third-party effectiveness require careful structuring.

An area where practice has developed more clearly concerns corporate law. In Italy, contributions in kind (conferimenti in natura) are permitted in the context of share capital increases, provided that the contributed asset is capable of economic valuation. On this basis, crypto-assets are increasingly used in practice as contributions in kind, subject to the applicable safeguards, including valuation requirements (typically through an expert report under Article 2343 of the Italian Civil Code for joint stock companies). This confirms that, while not formally classified as traditional property, crypto-assets are recognised as assets with economic value that can be integrated into established legal structures.

Overall, the Italian approach remains pragmatic. Crypto-assets are not yet fully embedded within the system of property law, but their use, transfer and economic exploitation are addressed through existing legal tools, with increasing support from sector-specific regulation.

Prior to the entry into force of MiCAR, access to banking services represented a significant barrier for crypto-asset firms operating in Italy. Italian banks adopted a distinctly cautious approach towards crypto operators, largely driven by the absence of a comprehensive and coherent regulatory framework. This regulatory vacuum created uncertainty around customer qualification, AML/CFT risk classification, and reputational exposure, prompting many credit institutions to decline or restrict relationships with crypto businesses. The introduction of MiCAR has materially improved this landscape. The establishment of a harmonised EU licensing regime, combined with clear prudential and conduct requirements, has provided banks with the regulatory certainty necessary to reassess their risk appetite. While some residual caution persists – particularly with respect to correspondent banking and fiat on/off-ramp services – the trend is shifting. Nevertheless, crypto firms must still demonstrate robust compliance frameworks to secure and maintain banking relationships.

In Italy, ESG and sustainable finance requirements applicable to crypto-assets stem directly from MiCAR, which introduces sustainability considerations primarily through disclosure and conduct-of-business obligations rather than through substantive environmental restrictions.

A first level of ESG integration concerns crypto-asset white papers. Under MiCAR, issuers must include information on the principal adverse environmental and climate impacts of the crypto-asset, with particular reference to the consensus mechanism used. This ensures that investors are informed of the energy consumption and broader environmental footprint associated with the underlying technology.

A second and more operational level concerns crypto-asset service providers (CASPs). Article 66 MiCAR, which governs the general duty to act honestly, fairly and professionally in the best interests of clients, frames ESG disclosure within the broader obligation to provide information that is fair, clear and not misleading. Sustainability-related information is therefore not ancillary, but part of the overall transparency duty owed to clients.

More specifically, Article 66(5) requires CASPs to make publicly available, in a prominent place on their website, information on the principal adverse impacts on the climate and other environment-related impacts of the consensus mechanisms of the crypto-assets in respect of which they provide services. This information is typically derived from the relevant white papers and must be accessible to clients in a clear and usable form.

In addition, CASPs must warn clients of the risks associated with crypto-assets and provide access (including via hyperlinks) to the relevant white papers when offering services such as trading, exchange, advice or portfolio management. In this way, ESG disclosures are embedded within the broader investor protection framework.

Italy has introduced a specific tax regime for crypto-assets under the 2023 Budget Law (Law No 197/2022), subsequently amended by the 2025 Budget Law (Law No 207/2024) and further refined by the 2026 Budget Law (Law No 199/2025). Capital gains from crypto-asset transactions are subject to a substitute tax of 26%, increased to 33% as from 2026, provided that the total gains exceed the annual threshold of EUR2,000. Taxpayers were offered a voluntary disclosure window (“regolarizzazione”), enabling retrospective declaration of previously undisclosed holdings, subject to a 14% substitute tax on deemed gains. Significant interpretive uncertainties remain: the characterisation of staking and DeFi yields – whether ordinary income or capital gains – is unsettled. NFTs and utility tokens also pose classification challenges. The lack of binding guidance from the Revenue Agency creates operational difficulties for both taxpayers and advisors, while cross-border holding structures may trigger complex CFC and transfer pricing considerations.

Initially, Italian law did not provide for a specific insolvency or resolution regime tailored to blockchain-based businesses or crypto-asset operators. Entities operating in this space were therefore subject to the ordinary rules of corporate insolvency, without differentiation based on the technological nature of their activities.

This position is now evolving as a result of the entry into force of MiCAR, which introduces a structured regulatory framework for CASPs and certain categories of issuers. While MiCAR itself does not establish a fully-fledged, standalone resolution regime comparable to that applicable to banks, it brings crypto-asset firms within a regulated perimeter characterised by prudential and organisational requirements, which are relevant also in a distress or insolvency scenario.

In particular, MiCAR imposes obligations on CASPs relating to safeguarding of client assets, governance and operational resilience, which are designed to mitigate insolvency risk and facilitate an orderly management of client positions in case of failure. This represents a shift from a purely unregulated environment to one where firms are subject to ex ante controls and ongoing supervision.

At the national level, the Italian implementing legislation adapting the legal system to MiCAR introduces specific provisions that refer back to existing regimes applicable to regulated financial intermediaries, including banks and investment firms. These references are particularly relevant for aspects such as supervisory powers, administrative measures and, indirectly, crisis management tools. The approach is therefore one of regulatory integration, rather than the creation of an entirely new insolvency framework.

The main trade association in the Italian crypto-asset industry is AssoCASP (Associazione Crypto-asset Service Providers), established in 2024. AssoCASP serves as the representative body for CASPs operating or seeking authorisation in Italy, and acts as a unified voice for the industry in regulatory consultations and policy discussions. AssoCASP facilitates dialogue between operators and supervisory authorities (Consob, Banca d’Italia, OAM), promotes best practices in compliance and governance and offers members a platform for sharing regulatory intelligence. The association’s contribution to shaping a sustainable regulatory environment positions it as a key interlocutor for both regulators and market participants.

In Italy, the regulatory landscape for blockchain and crypto-asset activities is characterised by a clear allocation of responsibilities among established financial authorities, combined with a high degree of alignment with the evolving European framework.

At the centre of the system is Consob, which acts as the primary authority for conduct of business, transparency and investor protection. Under the MiCAR regime, Consob has been designated as the competent authority responsible for the authorisation and supervision of CASPs. Its supervisory approach reflects its traditional mandate in securities markets, with a strong emphasis on disclosure standards, marketing practices, conflicts of interest and client protection. In parallel, within the Italian implementation of the EU DLT Pilot Regime, Consob plays a key role in approving and supervising the “responsabili del registro” (operators of DLT-based registers for digital financial instruments), ensuring that such infrastructures meet transparency and integrity requirements.

Alongside Consob, the Banca d’Italia exercises prudential supervision. Its remit covers organisational requirements, risk management, ICT governance and operational resilience of regulated entities, including CASPs where prudential aspects are relevant. The Bank adopts a conservative and risk-focused approach, consistent with its broader supervisory philosophy in the banking and payments sectors, and pays particular attention to outsourcing, cybersecurity and business continuity in blockchain-based models.

In the area of anti-money laundering, oversight is shared with the Unità di Informazione Finanziaria (UIF) and other competent authorities under the Italian AML framework. Italy has historically maintained a robust AML regime, and the extension of obligations to crypto-asset operators has been implemented in a manner fully consistent with European directives and international standards.

The approach of Italian authorities is closely aligned with European supervisory convergence, in particular through adherence to the guidelines, technical standards and supervisory practices developed by the European Securities and Markets Authority (ESMA) and the European Banking Authority (EBA). In practice, this results in a high degree of consistency with EU-level interpretations of MiCAR and related legislation, and a cautious, co-ordinated approach to innovation.

More broadly, Italy can be regarded as fully aligned with international regulatory standards. In the AML domain, the Italian framework is widely considered advanced and reflects a thorough implementation of the principles developed by the Financial Action Task Force (FATF), including the extension of due diligence, reporting and monitoring obligations to crypto-asset activities. Similarly, the prudential and market conduct approaches adopted by Italian authorities are consistent with the policy directions promoted by bodies such as the Bank for International Settlements (BIS) and the International Organization of Securities Commissions (IOSCO), particularly with regard to risk management, investor protection and market integrity. In this context, Italy does not position itself as a regulatory outlier or first mover, but rather as a jurisdiction that faithfully implements and operationalises European and international standards.

In Italy, the classification and regulatory treatment of crypto-assets is now primarily determined by the European framework introduced by MiCAR, which has significantly reduced the degree of interpretative uncertainty that previously characterised the sector. The starting point of any legal analysis is therefore a functional classification exercise, aimed at determining whether a given token qualifies as a financial instrument or as a crypto-asset falling within the scope of MiCAR.

As to the classification of crypto-assets, Italian legislation adopts the same distinction embedded in EU law. Where a crypto-asset qualifies as a financial instrument within the meaning of MiFID II – typically in cases involving transferable securities or instruments with profit participation rights – it falls outside the scope of MiCAR and is instead subject to the full application of the traditional capital markets regime, including prospectus requirements, licensing of intermediaries and market abuse rules.

Conversely, crypto-assets that do not qualify as financial instruments are regulated under MiCAR. Within this perimeter, MiCAR introduces a further classification into three main categories:

  • asset-referenced tokens (ARTs), which aim to maintain a stable value by referencing multiple assets, such as currencies, commodities or other crypto-assets;
  • electronic money tokens (EMTs), which are designed to maintain a stable value by referencing a single official currency and are therefore conceptually aligned with electronic money; and
  • other crypto-assets, including utility tokens, which provide access to a good or service supplied by the issuer and do not have a stabilisation function.

Crypto-assets in Italy are therefore subject to a dual regulatory framework. Financial instruments are governed by existing legislation implementing MiFID II and related EU rules, while non-financial crypto-assets are regulated under MiCAR. This layered approach should ensure that economically equivalent activities are treated consistently, irrespective of the underlying technology.

MiCAR introduces a comprehensive and harmonised regime covering the issuance, public offering and admission to trading of crypto-assets, as well as the provision of crypto-asset services. It establishes disclosure requirements (notably through the obligation to publish a white paper), organisational and prudential rules for service providers, and conduct of business obligations designed to ensure investor protection.

The main regulated activities under Italian law, as shaped by MiCAR, fall into three broad categories.

First, the offer to the public of crypto-assets requires the preparation and publication of a compliant white paper, unless specific exemptions apply. This document must provide clear and non-misleading information to potential investors.

Second, the admission to trading of crypto-assets on a trading platform is subject to similar disclosure requirements, with additional obligations imposed on the operator of the platform.

Third, MiCAR regulates a broad range of crypto-asset services, including:

  • custody and administration of crypto-assets on behalf of clients;
  • operation of trading platforms;
  • exchange of crypto-assets for funds or other crypto-assets;
  • execution of orders and placement services; and
  • advice and portfolio management in relation to crypto-assets.

These activities may only be carried out by authorised CASPs, subject to organisational, prudential and conduct requirements.

Italian law does not prohibit specific categories of crypto-assets as such, but prohibits unauthorised performance of regulated activities. In practice, there is heightened scrutiny of privacy coins, aligning with stricter EU AML measures expected to prohibit services related to anonymous crypto-assets.

Certain restrictions arise indirectly through the regulatory framework. For example, EMTs may only be issued by authorised credit institutions or electronic money institutions, effectively excluding unregulated entities from this segment. Similarly, misleading marketing practices or failure to provide adequate risk disclosures are prohibited under conduct of business rules.

Over the next twelve months, the most significant development in Italy will not be the introduction of entirely new legislation, but rather the full operational implementation of MiCAR. This includes the granting of authorisations to CASPs, the application of regulatory technical standards adopted at EU level, and the progressive consolidation of supervisory practices.

In parallel, the Italian framework on DLT-based financial instruments, adopted in connection with the EU DLT Pilot Regime, is expected to continue developing, further clarifying the boundary between tokenised securities and crypto-assets.

Overall, the Italian regime can now be regarded as largely complete from a legislative standpoint. The focus is shifting from rule-making to supervisory practice and market consolidation, with increasing emphasis on compliance, governance and operational resilience.

Entities providing crypto-asset services in Italy are most commonly incorporated as a Società a Responsabilità Limitata (S.r.l.), a private limited liability company. Less frequently, they adopt the form of a Società per Azioni (S.p.A.), broadly equivalent to a joint stock company. In some cases, firms are established as an S.r.l. Benefit, a limited liability company that, in addition to pursuing profit, is legally required to pursue one or more public-benefit objectives, generating a positive social and/or environmental impact alongside its business activities.

Investment funds with exposure to crypto-assets remain subject to the regulatory framework applicable to their specific legal form and investment strategy (including, where relevant, the AIFMD and UCITS regimes). Where they intend to provide crypto-asset services falling within the scope of MiCA, they must obtain the relevant authorisations or otherwise comply with the conditions set out in MiCA and the applicable Italian implementing measures.

Italy provides a viable legal framework for crypto-asset issuances, including ICOs, now governed by Title II of MiCAR, which allows the offering of crypto-assets to the public for fundraising purposes. The regime applies where the token does not qualify as a financial instrument under MiFID II; otherwise, the traditional securities law framework applies.

A key feature of MiCAR is its notification-based approach. Issuers are not required to obtain prior authorisation, but must prepare and notify a crypto-asset white paper to the competent authority. In Italy, Consob is responsible for receiving such notifications. Despite the absence of a formal approval process, the supervisory approach remains rigorous in practice. Consob generally encourages informal pre-notification discussions, particularly to assess the legal classification of the token and reduce regulatory uncertainty.

The white paper is the central disclosure document and must contain clear, fair and non-misleading information. It includes details on the issuer, the characteristics and rights attached to the crypto-asset, the terms of the offering, the use of proceeds, and the associated risks. It must also describe the underlying technology, including the consensus mechanism, and any relevant environmental impacts. Responsibility for its content lies entirely with the issuer.

Although the framework is relatively streamlined from a procedural perspective, market uptake in Italy has been limited. To date, only a small number of white papers have been notified to Consob – approximately six – of which only one relates to an offering conducted by an Italian issuer.

Italy now has a specific framework addressing market abuse in the crypto-asset space, primarily derived from MiCAR, which introduces a dedicated regime largely inspired by the principles and structure of the Market Abuse Regulation (MAR) applicable to traditional financial instruments.

Under MiCAR, a set of rules applies to crypto-assets admitted to trading on a trading platform or for which a request for admission has been made. The regulation prohibits conduct that closely mirrors traditional market abuse categories, namely:

  • insider dealing, consisting in the use of inside information to acquire or dispose of crypto-assets, or to cancel or amend orders;
  • unlawful disclosure of inside information, where such information is disclosed to third parties outside the normal exercise of a profession or duties; and
  • market manipulation, including practices that give false or misleading signals as to the supply, demand or price of crypto-assets, or that secure prices at artificial levels.

In this context, “inside information” is defined in a manner broadly consistent with MAR, referring to information of a precise nature, not made public, relating directly or indirectly to one or more crypto-assets, and which, if made public, would be likely to have a significant effect on their price.

In Italy, Consob is the authority responsible for supervising compliance with these rules. Its approach is consistent with its longstanding focus on market integrity in traditional securities markets. This translates into a high level of scrutiny on governance and control systems, particularly in the context of authorisation procedures for CASPs. In fact, a portion of the authorisation process is devoted to assessing the adequacy of internal arrangements aimed at preventing, detecting and reporting market abuse, including surveillance systems, conflict management procedures and internal controls over trading activity. Consob expects applicants to demonstrate robust mechanisms comparable, in substance, to those required in regulated financial markets.

Italian regulators, and Consob in particular, have historically adopted a proactive and rigorous enforcement approach, especially in relation to the protection of investors and the integrity of markets in digital environments. This posture has carried over into the crypto-asset sector, where enforcement activity has been both visible and comparatively more intensive than in many other EU jurisdictions.

Consob has been particularly active in monitoring and sanctioning unauthorised offerings and the provision of crypto-asset services through digital channels, including websites, social media and messaging platforms. This focus reflects the perceived risks associated with retail investor exposure to unregulated or misleading initiatives. A clear indicator of this approach is Consob’s contribution to the ESMA register of non-compliant crypto-asset service providers, where approximately 130 notifications originate from the Italian authority alone. By comparison, only isolated notifications have been submitted by other European authorities, such as those in the Netherlands and Slovakia. This disparity highlights the level of scrutiny and enforcement intensity applied by Consob relative to its European peers.

A recent and illustrative enforcement case concerns a public offering of crypto-assets carried out in breach of MiCAR Title II requirements. In January 2026, Consob issued a formal public statement under Article 111 MiCAR and the relevant national implementing provisions, relating to the promotion of a so-called memecoin ($CORONA). The offering had been conducted via online channels without compliance with the core regulatory requirements, including:

  • the absence of a qualifying legal entity as issuer;
  • the failure to prepare a compliant white paper under Article 6 MiCAR; and
  • the lack of notification and publication of such white paper in accordance with Articles 8 and 9 MiCAR.

The activity had already been subject to a blocking order in 2025 and was subsequently followed by enforcement action, including the imposition of an administrative fine of EUR200,000. The case illustrates the willingness of the Italian authority to intervene decisively in relation to non-compliant public offerings, particularly where retail investors may be affected.

With regard to cross-border activities, Italian regulators operate within the framework of EU supervisory co-operation, including co-ordination with ESMA and other national competent authorities. In practice, Consob actively targets operators that offer services into Italy without proper authorisation, regardless of their place of establishment.

Enforcement tools include public warnings, blocking orders against websites and, where necessary, co-operation with foreign authorities. The emphasis is on protecting Italian investors, even in cases involving entities established outside Italy or the EU. This approach is consistent with broader European efforts to address regulatory arbitrage and ensure a level playing field across member states.

Looking ahead, the general attitude of Italian regulators is unlikely to soften. On the contrary, the transition to the full application of MiCAR is expected to further strengthen enforcement activity, particularly as the first authorisations of crypto-asset service providers are granted and supervisory expectations become more clearly defined.

In Italy, licensing requirements for crypto-asset activities are now primarily governed by MiCAR. The requirement to obtain a licence is triggered by providing, on a professional basis, one or more crypto-asset services as defined by MiCAR (including custody and administration of crypto-assets on behalf of clients, operation of trading platforms, exchange services, execution of orders, placement, advice and portfolio management). These are “reserved” activities requiring prior authorisation as a CASP. Credit institutions and other regulated entities may provide crypto-asset services through a notification procedure, demonstrating compliance with MiCAR requirements.

As a general rule, to obtain a CASP authorisation in Italy, the applicant must be established in Italy, with a registered office and effective place of management in the country. This reflects the need for supervisory authorities to exercise effective oversight over governance, operations and risk management. At the same time, MiCAR introduces a passporting regime at EU level. Once authorised in one member state, a CASP may provide services across the European Union, including in Italy, without the need for a separate licence.

However, entities established outside Italy (or outside the EU) may still fall within the Italian regulatory perimeter if they actively target Italian clients. In such cases, offering services without authorisation may be considered an infringement, regardless of the location of the entity. The assessment is therefore based not only on formal establishment, but also on the actual direction of activities toward the Italian market.

MiCAR provides for a transitional period allowing existing operators to adapt to the new framework. In Italy, this has been implemented through a grandfathering regime applicable to entities previously registered as virtual asset service providers (VASPs) in the national register. These entities have been allowed to continue operating without a MiCAR licence until 30 June 2026, provided they were duly registered under the pre-existing regime. During this period, they may maintain their activities while preparing to apply for full authorisation.

Under MiCAR, authorisation as a CASP requires compliance with detailed organisational, prudential, and governance requirements set out in the Regulation and supplemented by ESMA technical standards. Key elements include minimum own funds (calculated according to Article 67 MiCAR), adequate IT and cybersecurity infrastructure, internal control mechanisms, business continuity arrangements and fit-and-proper assessment of shareholders and management. ESMA plays a central co-ordinating role: it maintains the EU register of CASPs, issues binding technical standards, and provides guidance to national competent authorities (NCAs) to ensure supervisory convergence. In practice, NCAs – including Consob and Banca d’Italia in Italy – tend to apply substance requirements rigorously. Applicants are expected to demonstrate genuine local substance, particularly an operational presence in the member state of authorisation. Authorities show a marked preference for structures where the board of directors and key decision-makers are based locally, rather than relying on shell arrangements or remote governance. Firms planning to establish in Italy should anticipate detailed scrutiny of organisational charts, reporting lines and the physical location of compliance and risk functions.

MiCAR imposes a stringent regime for the assessment of shareholders and beneficial owners of CASPs, modelled on the qualified holdings framework applicable to credit institutions under the CRD. Persons holding a qualifying holding are subject to a fit-and-proper assessment. The rationale is investor protection and financial stability: regulators must ensure that ownership structures do not undermine sound and prudent management or facilitate financial crime. Authorities require full transparency on the ownership chain up to the ultimate beneficial owner(s), supported by documentation evidencing source of funds and economic rationale for the investment. In practice, regulators display strong reluctance towards complex or opaque structures – particularly those involving trusts, nominees, or multi-layered holding vehicles, which are viewed with suspicion in civil law jurisdictions lacking a native trust concept. Applicants are well-advised to maintain simple, linear corporate structures with clearly identifiable natural persons as beneficial owners. Any deviation from this model invites extended scrutiny and may jeopardise the authorisation process.

Under MiCAR, authorisations obtained in Italy as a CASP benefit from a full EU passporting regime, which significantly facilitates cross-border operations within the European Union.

Once authorised by Consob, a CASP may provide its services in other member states either on a freedom to provide services basis or through the establishment of a branch.

The authorised CASP must notify its home authority (in Italy, Consob) of its intention to operate in another member state, specifying the services to be provided and, where relevant, the organisational arrangements of any branch. Consob then transmits this information to the competent authorities of the host member state. Once this communication is completed, the CASP may begin operating on a cross-border basis.

No additional licensing requirements are imposed by host member states, although local authorities retain limited powers, particularly in relation to marketing practices and consumer protection rules applicable at national level.

This passporting mechanism represents one of the key innovations of MiCAR, as it replaces the previously fragmented national regimes with a single EU-wide authorisation, thereby enabling scalable business models and reducing regulatory barriers to entry across the internal market.

Cross-border provision of crypto-asset services into Italy is governed by MiCAR. Only EU-authorised CASPs may provide services into Italy, benefitting from the passporting regime. Entities outside the EU must obtain authorisation within the EU framework. Where crypto-assets are offered to the public, Title II MiCAR requirements apply, including white paper preparation and notification.

MiCAR provides for limited exemptions, including the so-called reverse solicitation – that is, the provision of services at the exclusive initiative of a client. However, consistent with the broader EU approach, the exemption is interpreted restrictively. Any form of prior marketing, solicitation or targeting of Italian clients is likely to exclude reliance on this exemption. In practice, it cannot be used as a substitute for authorisation where there is a structured or ongoing presence in the market.

Marketing of crypto-assets and related services in Italy is subject to both general principles and specific MiCAR provisions. Across the board, communications must be fair, clear and not misleading, and must be consistent with the information contained in the relevant white paper where applicable.

Title II MiCAR introduces specific rules for marketing communications in the context of public offerings. Such communications must be clearly identifiable as marketing, must not contradict or diminish the information provided in the white paper, and must present risks in a balanced and prominent manner. The overall objective is to prevent promotional material from creating unrealistic expectations or obscuring the nature of the investment.

Similarly, CASPs are subject to conduct of business obligations requiring transparency in client communications, including disclosure of risks, costs and key characteristics of the crypto-assets involved. Particular attention is given by Consob to digital channels, including social media and online platforms, where misleading or aggressive marketing practices are more likely to occur. Also, the governance and organisation of marketing activities are scrutinised in detail within the CASPs’ authorisation procedures.

Under the MiCAR framework as applied in Italy, the use of white-label solutions is not prohibited per se, but it is subject to strict regulatory constraints. The fundamental principle is that crypto-asset services may only be provided by an authorised CASP, which remains fully responsible for compliance with all regulatory obligations vis-à-vis clients and supervisors.

In practice, an external firm may leverage the infrastructure or licence of an authorised entity only where the arrangement is properly structured as outsourcing. In such cases, the authorised CASP must retain full control and responsibility over the service, including client onboarding, decision-making, compliance, and risk management. The third-party partner must operate within a clearly defined contractual framework, under the supervision of the authorised entity.

Conversely, if an external firm markets or provides services to clients in Italy under its own brand, even where it relies on the technical infrastructure or MiCAR authorisation of another entity, it may be deemed to be independently performing regulated activities. In such circumstances, a separate CASP authorisation would be required.

From a supervisory perspective, Consob carefully assesses these arrangements both at the authorisation stage and on an ongoing basis. Particular attention is given to governance, allocation of responsibilities and client-facing functions, to ensure that the services provided by third parties do not dilute regulatory accountability.

Importantly, outsourcing requirements are increasingly stringent, especially where they involve ICT and technology providers. This is largely due to the application of the Digital Operational Resilience Act (DORA), which imposes detailed obligations on regulated entities in relation to third-party risk management. CASPs must ensure robust oversight of outsourced functions, including due diligence, contractual safeguards, monitoring and contingency planning. Where critical or important functions are outsourced, additional requirements apply, including enhanced supervisory scrutiny.

DeFi is not prohibited in Italy. Rather, its regulatory treatment must be understood in light of MiCAR, which does not expressly regulate decentralised finance. Recital 22 MiCAR clarifies that services provided in a fully decentralised manner, without intermediaries, fall outside the scope of the Regulation. On this basis, purely decentralised protocols – where no identifiable entity exercises control or provides services on a professional basis – are, in principle, not subject to MiCAR authorisation requirements.

That said, the practical boundary of what constitutes “fully decentralised” remains uncertain. Unlike some other European regulators, Consob has not yet taken a formal position or issued detailed guidance on the criteria to assess whether a protocol meets this threshold. It is nonetheless noteworthy that Consob’s enforcement activity – particularly its numerous warnings against non-compliant operators – has not, to date, been directed at DeFi protocols as such, but rather at identifiable entities providing services without proper authorisation.

As regards centralised operators, CeFi firms (including CASPs) are not prohibited from interacting with DeFi protocols. In theory, they may utilise such protocols in connection with services offered to clients which are not covered by MiCAR, for example in areas such as lending and borrowing, staking or liquidity provision. However, this raises significant regulatory concerns.

First, where a CASP integrates DeFi functionalities into its offering, it remains fully responsible vis-à-vis clients and regulators. Second, such activities are generally regarded as high-risk from a supervisory perspective. Key concerns include smart contract vulnerabilities, lack of governance transparency, counterparty risk, and potential difficulties in ensuring compliance with AML and investor protection standards. For this reason, Italian authorities are likely to subject such models to heightened scrutiny.

While DeFi is not prohibited in Italy, the jurisdiction is not generally regarded as particularly favourable for the establishment of formal legal wrappers for DeFi projects. Italian law does offer traditional legal structures – such as associations (associazioni) and foundations (fondazioni) – which could, in principle, be used to support governance or co-ordination functions in a DeFi context. However, especially due to crypto taxation rules and bureaucratic complexities, Italy has not emerged as a preferred jurisdiction for structuring DAO-like arrangements with a formal legal personality.

In practice, Italian-based teams are more commonly involved in technical development activities, such as coding, protocol design and smart contract auditing.

In Italy, the issue of accountability and liability in the context of DeFi remains largely unsettled, both at the judicial and regulatory level. To date, there is no case law and no notable enforcement actions specifically addressing harm caused by decentralised protocols.

Payments in crypto-assets are permitted in Italy, subject to the applicable regulatory framework. The legal treatment depends on the nature of the asset used and its classification under MiCAR or existing financial services legislation.

Under MiCAR, EMTs are the category most clearly intended for payment purposes. EMTs are crypto-assets that aim to maintain a stable value by referencing a single official currency and are aligned with electronic money from a regulatory standpoint. As such, they are recognised as a legitimate means of payment, subject to a regime closely connected to the existing EU framework on electronic money.

From a practical standpoint, the use of crypto-assets as a means of payment in commercial transactions is not prohibited but remains relatively limited. Businesses accepting crypto-asset payments must consider VAT implications, accounting treatment and compliance with applicable AML obligations. Where the payment involves an EMT issued by an authorised institution, the transaction benefits from a clearer regulatory framework.

For other crypto-assets not qualifying as EMTs, acceptance as payment is a matter of contractual freedom between the parties.

No response has been provided in this jurisdiction.

Under MiCAR, fiat-backed stablecoins fall predominantly within the category of EMTs, defined as crypto-assets that purport to maintain a stable value by referencing a single official currency, such as the euro. EMTs are conceptually aligned with electronic money, and their regulatory treatment reflects this proximity.

However, rather than being simply absorbed into the pre-existing payments framework, EMTs are subject to a hybrid regime. On the one hand, MiCAR builds on the principles of the Electronic Money Directive (EMD2), particularly with respect to redemption rights, safeguarding of funds and issuer authorisation. On the other hand, it introduces additional, crypto-specific requirements, thereby creating a distinct regulatory layer tailored to blockchain-based instruments.

Only authorised credit institutions or electronic money institutions may issue EMTs. Issuers must ensure that holders have a right of redemption at par value, at any time, and must implement robust safeguarding arrangements for the assets backing the tokens.

In addition, EMT issuers are subject to obligations that go beyond traditional e-money regulation, including:

  • the preparation and publication of a crypto-asset white paper (subject to notification, not approval);
  • enhanced transparency and disclosure requirements, including information on the functioning of the token and associated risks;
  • specific governance and organisational requirements; and
  • ongoing supervision by competent authorities, including both conduct and prudential aspects.

While EMTs are clearly positioned within the broader payments ecosystem, the MiCAR regime is more comprehensive and stringent in certain respects than the traditional e-money framework. In particular, the introduction of detailed disclosure obligations and the integration of market conduct rules reflect the dual nature of EMTs as both payment instruments and crypto-assets.

At the same time, the reliance on existing categories of regulated entities ensures continuity with the pre-existing regulatory system, preserving the role of established financial institutions in the issuance of payment instruments.

EMTs are subject to detailed and prescriptive rules on the composition and safeguarding of backing assets, aimed at ensuring full stability and immediate redeemability.

EMTs must be fully backed (100%) and holders must benefit from a right of redemption at par value at any time.

Article 54 MiCAR introduces a clear quantitative requirement:

  • at least 30% of the funds must be held at all times as deposits in separate accounts with credit institutions; and
  • the remaining portion must be invested in secure, low-risk and highly liquid financial instruments, with minimal market, credit and concentration risk, and denominated in the same official currency referenced by the token.

This creates a two-tier reserve structure, combining immediate liquidity (cash deposits) with conservative liquid investments.

All backing assets must be:

  • segregated from the issuer’s own assets;
  • protected against claims by creditors; and
  • held within the regulated financial system, typically with authorised credit institutions.

These requirements are aligned with those applicable to electronic money institutions, but reinforced under MiCAR.

Prohibition on Interest

MiCAR expressly prohibits the payment of interest or any form of remuneration linked to the holding of EMTs. The rationale is to ensure that EMTs function strictly as means of payment, and not as investment or deposit-like instruments.

Under MiCA, EMTs and ARTs may be designated as “significant” where, on the basis of specific regulatory criteria set out in the Regulation, they are considered to be of particular importance due to their scale, market penetration, cross-border relevance, or potential impact on financial stability. The assessment is conducted by the European Banking Authority (EBA) in co-operation with ESMA and the relevant national competent authorities, including the Bank of Italy.

Where a token is designated as significant, the issuer becomes subject to enhanced supervision led by the EBA, while the Italian authorities continue to exercise their supervisory powers within their respective areas of competence. Significant EMTs and ARTs are required to comply with more stringent governance, risk management, reporting, and reserve management obligations, reflecting the greater potential impact of such tokens on financial stability and market integrity.

In Italy, the regulation of tokenised assets and real-world assets (RWAs) follows a substance-over-form approach, whereby the legal treatment depends on the nature of the underlying asset and the rights attached to the token, rather than on the use of blockchain technology itself.

As a general principle, where tokenisation results in instruments that qualify as financial instruments, the full body of traditional capital markets regulation applies (including MiFID II), irrespective of the technological layer. Conversely, where the token does not fall within existing financial categories, it may be subject to MiCAR or remain governed primarily by contractual arrangements.

In practice, an area of development concerns NFTs linked to real-world assets, particularly in sectors such as art. In these cases, the token does not typically confer direct ownership of the underlying asset, but rather represents a set of contractual rights defined by the issuer. As a result, the legal framework is largely based on private law, with emphasis on the terms and conditions governing the relationship between the parties.

More complex is the tokenisation of assets such as real estate. Under Italian law, direct tokenisation of ownership rights in immovable property remains difficult, due to the formal requirements governing transfers of real estate (including the need for notarised deeds and registration in public registers). A more viable structure involves placing the asset within a corporate vehicle and tokenising the shares or participations in that entity. In such cases, the tokens may qualify as financial instruments, bringing the arrangement within the scope of securities regulation.

The introduction of the EU DLT Pilot Regime and the Italian framework on digital financial instruments has opened the door to more structured forms of tokenisation, including the possibility of issuing and transferring securities through distributed ledger-based registers. However, the circulation and secondary trading of such instruments remains, in practice, complex and still developing from both a legal and operational standpoint.

Despite these limitations, a number of pilot projects are emerging in Italy, particularly involving institutional actors, and the overall direction of travel is clear. While the current framework imposes constraints, especially in relation to asset transfer formalities and market infrastructure, the regulatory environment is gradually evolving to accommodate tokenised representations of real-world assets, suggesting significant future growth in this area.

Studio Patti

Largo Augusto 3
20122
Milan
Italy

+39 02 760 13056

segreteria@patti.legal www.patti.legal
Author Business Card

Trends and Developments


Authors

Francesco Paolo Patti
Marta Vittoria Colombo

Patti Legal is a full-service law firm providing advice across corporate, regulatory, dispute resolution, and technology-driven practice areas, with a strong focus on fintech and crypto-assets. With 15 professionals in Rome, Milan, and Munich, the firm operates within Europe’s innovation ecosystem, supporting clients across jurisdictions. The multidisciplinary approach enables the practice to advise on a wide range of emerging technologies, including blockchain protocols, crypto-assets, tokenisation, and innovative financial services. Studio Patti also supports clients with white papers, CASP licensing, regulatory positioning, and market entry strategies. In addition, the practice advises on fundraising, including round structuring and investor negotiations, ensuring compliance and growth. Serving international clients, from start-ups to established institutions, the firm assists with complex regulatory landscapes, structuring cutting-edge projects, and ensuring compliance in a rapidly evolving environment. Recent experience includes advising clients on MiCAR authorisation applications and successfully leading a complex cross-border licensing process to a positive outcome.  

A Year of Structural Change

Over the past twelve months, the Italian blockchain and crypto-asset landscape has undergone a profound transformation, driven primarily by the implementation of the EU Markets in Crypto-Assets Regulation (MiCAR). The shift has been structural rather than incremental, marking a transition from a light-touch regime to a fully integrated financial regulatory framework.

Prior to MiCAR, Italy had adopted a relatively flexible approach to anti-money laundering compliance. Crypto-asset service providers were not subject to authorisation by Consob or the Bank of Italy; instead, they were required only to register with the OAM (Organismo Agenti e Mediatori) based on limited disclosure requirements. This streamlined regime facilitated rapid market entry and led to the registration of more than 150 virtual asset service providers (VASPs).

MiCAR has fundamentally altered this landscape. The introduction of a full authorisation regime, coupled with stringent organisational, prudential and conduct-of-business requirements, has significantly raised the regulatory threshold. As a result, many entities previously registered with the OAM have opted not to pursue MiCAR authorisation. By the end of 2025, the number of operators remaining on the register had fallen to just over 30 (22 at the time of writing), many of which remain listed primarily because they have submitted applications in other EU jurisdictions.

From Registration to Supervision

The transition from VASP to CASP represents a fundamental redefinition of the Italian market. Under MiCAR, crypto-asset service providers must operate within a framework that mirrors traditional financial regulation, including:

  • robust governance and internal controls;
  • detailed organisational and ICT requirements;
  • capital and prudential safeguards; and
  • enhanced investor protection and transparency obligations.

This is not merely a procedural evolution but a substantive change in regulatory philosophy. Operators are no longer subject to a one-off registration requirement but to ongoing supervision and continuous compliance.

The Italian authorities have adopted a particularly rigorous approach. The Bank of Italy has emphasised the need for genuine local substance, requiring decision-making functions and effective management to be located within the EU. Similarly, Consob has focused on conduct of business, transparency and investor protection, applying standards closely aligned with those of traditional securities markets.

The transitional regime has allowed existing operators to continue operating temporarily, but it has not softened the overall impact.

A Slow Start in CASP Authorisations

In this context, Italy has not emerged as a preferred jurisdiction for obtaining a MiCAR licence. From a strategic perspective, it has generally not been regarded by market participants as a “first-choice” authorisation hub within the EU.

This positioning reflects a combination of factors, including the perceived stringency of the supervisory approach, the emphasis on local substance and governance, and the overall complexity of the authorisation process. While these elements enhance regulatory robustness, they also increase the cost, timing and operational burden associated with obtaining a licence.

As a result, it is reasonable to expect that the majority of CASPs ultimately authorised in Italy will be domestically rooted operators or entities with a strong local presence. By contrast, large international groups – particularly those pursuing multi-jurisdictional strategies – have, in most cases, opted to seek authorisation in other member states offering more streamlined processes or greater regulatory predictability, and to rely on passporting into Italy. Only limited exceptions to this trend are likely, typically involving groups with specific strategic reasons to establish a direct presence in the Italian market.

Italy is therefore increasingly becoming a market in which crypto-asset services are provided by CASPs authorised in other member states under the EU passporting regime. Market evidence suggests that this trend is already well advanced, with more than one hundred foreign-authorised providers reportedly offering services into Italy on a cross-border basis.

Whether this model ultimately serves the best interests of Italian investors remains an open question. On the one hand, passporting promotes competition and access to a broader range of services. On the other, it may reduce the degree of direct supervisory proximity between Italian authorities and service providers. The long-term impact of this dynamic – particularly in terms of investor protection and market integrity – will become clear only over time.

Crypto-Asset Issuance Under MiCAR

As regards the issuance of crypto-assets under MiCAR, Italy has not, to date, emerged as a particularly active or attractive jurisdiction for issuers. While the regulatory framework is fully in place and operational from a legal standpoint, market uptake has remained limited across all major token categories.

In particular, no asset-referenced tokens (ARTs) or electronic money tokens (EMTs) have been issued from Italy so far. This is consistent with the broader European trend, where these categories – given their prudential complexity and the involvement of banking or e-money licences – have seen relatively cautious adoption. In the Italian context, this caution is further reinforced by the supervisory approach of the competent authorities and the absence, at this stage, of strong domestic champions in the stablecoin segment. Notably, leading Italian banks have thus far favoured participation in cross-border EMT projects over the development of proprietary issuance schemes. Qivalis, a joint venture created by a consortium of major European banks to launch a euro-backed stablecoin, provides a clear example of this approach. Among its founding members were the Italian institutions UniCredit and Banca Sella, while Intesa Sanpaolo and BPER Banca later joined the initiative. The participation of four major Italian banks highlights the significant role played by banks of our country in shaping pan-European EMT infrastructures and confirms their preference for collaborative rather than standalone issuance models.

With respect to Title II MiCAR crypto-assets (the so-called “other than” tokens that do not qualify as financial instruments), activity has also been limited. To date, only six white papers have been notified to Consob, and among these there is only one project promoted by an issuer established in Italy.

That project – Digital Energy – stands out as a particularly interesting example of how crypto-assets may be deployed in connection with the real economy. The initiative is linked to renewable energy infrastructure and is structured around a token that grants holders access to the productive capacity of energy generation plants. In practical terms, this translates into economic benefits for users, including the possibility of reducing energy costs through participation in the output of such installations.

From a market perspective, Digital Energy illustrates a broader trend towards the functional use of tokens as instruments for accessing services or rights, rather than as purely speculative assets. It also highlights the potential convergence between blockchain technology and sustainability-oriented business models, an area where Italy – given its strong renewable energy sector – may see further development.

Nonetheless, the overall picture remains one of limited domestic issuance activity. Whether this reflects a temporary adjustment phase or a more structural positioning of Italy as a “consumption market” rather than an “issuance hub” under MiCAR will become clearer over the coming years.

Renewed Engagement from the Banking Sector

Despite the tightening of regulatory requirements, MiCAR has had a positive effect on the perception of crypto-assets within the traditional financial sector. Greater regulatory clarity has reduced legal and reputational uncertainty, encouraging banks to engage more actively with crypto-assets.

Several developments illustrate this trend.

  • Intesa Sanpaolo has undertaken initial exposure to bitcoin and participated in blockchain-based bond issuances.
  • As seen, UniCredit and Banca Sella, Intesa and BPER have joined a European initiative to develop a MiCAR-compliant euro-denominated stablecoin.
  • Following the completion of the notification procedure required under MiCAR, Banca Sella has become authorised to provide crypto-asset custody and transfer services, marking a significant step in the integration of crypto-asset services within the Italian banking sector.
  • Institutional involvement in blockchain-based financial instruments has increased significantly.

These initiatives remain cautious and largely experimental, but they signal a clear shift in attitude. Crypto-assets are increasingly viewed not as an unregulated fringe activity, but as a potential extension of existing financial services within a defined legal perimeter.

At the same time, the creation of AssoCASP, the Italian association of crypto-asset service providers, reflects the growing institutionalisation of the sector. The association plays a key role in facilitating dialogue with regulators and promoting best practices, particularly in the context of MiCAR compliance.

The FinTech Decree and the Rise of Tokenisation

Alongside MiCAR, Italy has developed a parallel regulatory framework for distributed ledger technology through the so-called FinTech Decree. Introduced in 2023, this regime provides a clear legal basis for the issuance, transfer and circulation of financial instruments in digital form through distributed ledger technology (DLT), marking a significant step towards the integration of blockchain within traditional capital markets.

At the core of this framework is the concept of “digital financial instruments”, defined as financial instruments that exist exclusively as entries in a “digital circulation register”. The legal effects traditionally associated with securities – such as ownership, transfer and the exercise of rights – are directly linked to entries recorded on these registers. In particular, the person in whose favour the entry is made is recognised as having full and exclusive entitlement to exercise the rights attached to the instrument, including voting rights and entitlement to dividends or interest.

A central feature of the regime is the recognition of “responsabili del registro” (DLT registry operators), which may include banks, investment firms, issuers or other authorised entities. These operators are subject to a formal registration process with Consob and must meet stringent requirements relating to governance, technological reliability, operational resilience and transparency. They are also subject to ongoing supervision and liability regimes, reflecting their critical role in maintaining the integrity and accuracy of the register.

From a technical and legal standpoint, the framework imposes detailed requirements on the digital registers themselves. These include guarantees of integrity, non-duplication, traceability and accessibility of data, as well as mechanisms to ensure business continuity and the correct recording of transfers and encumbrances.

This regime has become a key driver of innovation in Italy, particularly in the tokenisation of real-world assets (RWAs). Unlike unregulated crypto-assets, tokenised financial instruments benefit from an established legal infrastructure, making them especially attractive for institutional actors seeking to leverage blockchain technology within a clearly defined and enforceable legal framework.

Institutional Innovation Hubs: Consob Tech and Milano Hub

Italy’s approach to financial innovation is supported not only by formal regulatory frameworks but also by dedicated institutional platforms designed to facilitate early engagement between regulators and market participants. Two initiatives stand out in this respect: Consob Tech and the Milano Hub of the Bank of Italy, which operate in a complementary manner within their respective areas of competence.

Consob Tech functions as the primary entry point for projects falling within the securities and investor protection perimeter. It is not an authorisation mechanism, but a structured dialogue channel through which firms can present innovative business models – particularly in areas such as crypto-assets, tokenisation and digital platforms – and receive preliminary, non-binding guidance. A key feature of Consob Tech is its focus on legal classification and regulatory framing, helping operators determine whether a product qualifies as a financial instrument, falls within MiCAR or is subject to other regulatory regimes. In doing so, it reduces legal uncertainty at an early stage and supports a compliance-by-design approach.

In parallel, the Bank of Italy’s Milano Hub serves as a broader innovation centre focused on the banking, payments and financial infrastructure domains. Unlike Consob Tech, which is primarily interpretative and regulatory in nature, the Milano Hub provides technical and institutional support for the development of innovative solutions. Selected projects are admitted to dedicated “call for proposals” cycles and benefit from interaction with Bank of Italy experts, as well as access to research, workshops and collaborative initiatives. The Hub does not grant licences or funding, but facilitates the maturation of projects by aligning technological innovation with regulatory expectations, particularly in areas such as digital payments, DLT-based infrastructures and operational resilience.

Together, these two initiatives reflect a coherent institutional strategy. Innovation is not addressed through deregulation, but through structured engagement with competent authorities, allowing business models to be refined before entering fully regulated markets. For operators, this dual framework offers both legal clarity (through Consob Tech) and technical and supervisory dialogue (through the Milano Hub), reinforcing Italy’s approach of integrating innovation within a well-defined regulatory perimeter.

A Strong Enforcement Posture

Italian regulators – particularly Consob – have adopted a proactive and assertive enforcement approach. This is evident not only in formal supervisory frameworks but also in a growing number of concrete enforcement actions targeting both domestic and cross-border operators.

Consob has been especially active in:

  • blocking websites offering unauthorised crypto-asset services to Italian users;
  • issuing public warnings against non-compliant operators; and
  • intervening in unlawful public offerings of crypto-assets.

Recent cases have included the prohibition of multiple online platforms and enforcement measures against token offerings conducted without compliant white papers. These interventions have not been limited to Italian-based entities but have extended to operators established abroad that actively target Italian investors, demonstrating a willingness to exercise powers in a cross-border context where necessary.

A particularly illustrative case is the public offering of the so-called memecoin $CORONA. In January 2026, Consob issued a formal public statement under Article 111 MiCAR in relation to an offering carried out via online channels, including a dedicated website and Telegram channel. The authority found that the offer had been conducted in breach of MiCAR requirements, notably because it was not made by a legal entity, was not accompanied by a compliant white paper and had not been duly notified or published in accordance with the Regulation.

More broadly, the Italian approach reflects a clear regulatory philosophy: the development of the crypto-asset market must take place within a well-defined legal perimeter, and compliance is not regarded as a secondary or formal requirement, but as a central element of market integrity. The transition to MiCAR has reinforced this principle by embedding crypto-asset activities within a framework closely aligned with traditional financial regulation, where governance, transparency and investor protection are non-negotiable.

For market participants, this has practical implications. Business models that rely on aggressive marketing, regulatory arbitrage or informal operational structures are increasingly unlikely to succeed in the Italian environment. By contrast, operators that invest in robust compliance frameworks – covering areas such as internal controls, client disclosures, AML procedures and technological resilience – are better positioned to operate sustainably.

The overall message is therefore unequivocal: MiCAR in Italy is not merely a formal framework but an actively enforced regime. Retail-facing activities, in particular, are subject to close scrutiny, and there is limited tolerance for non-compliance. In this context, adherence to regulatory requirements is not simply a legal obligation, but a key condition for long-term market access and credibility.

DeFi and the Italian Talent Layer

Alongside institutional and regulatory developments, Italy is experiencing a particularly dynamic phase in the field of decentralised finance (DeFi), driven primarily by technological experimentation rather than formal market structures. Beyond the regulated perimeter, a growing number of highly skilled Italian developers are actively contributing to leading global DeFi protocols, participating in projects that are likely to reshape key aspects of financial markets over the coming years.

This layer of innovation is characterised by strong technical expertise in areas such as smart contract development, protocol design, security auditing and cryptographic engineering. Italian teams are frequently involved in international, open-source ecosystems, often operating without a formal domestic corporate presence but playing a meaningful role in the evolution of decentralised infrastructures. As a result, while Italy may not yet be a preferred jurisdiction for the legal structuring of DeFi projects, it is increasingly recognised as a source of high-quality technical talent.

This trend is also reflected in the emergence of industry events and community-driven initiatives. Among these, “Ethereum Milano” has gained particular visibility as a recurring conference dedicated to the Ethereum ecosystem and the broader Web3 space. The event brings together developers, researchers, entrepreneurs and investors, offering a platform for knowledge sharing, technical discussion and networking. Its growing scale and international participation highlight the increasing relevance of Italy within the global blockchain developer community.

From a regulatory perspective, DeFi remains largely outside the direct scope of MiCAR where activities are genuinely decentralised and not carried out by identifiable intermediaries. However, the boundary between decentralised and intermediary-driven models remains fluid, and Italian authorities are likely to monitor developments closely.

Overall, the Italian DeFi landscape presents an interesting contrast: while regulatory and institutional developments are proceeding cautiously, technological innovation continues to evolve at a rapid pace, positioning Italy as a contributor to the global development of decentralised finance rather than as a primary jurisdiction for its legal structuring.

Taxation of Crypto-Assets

The Italian tax framework applicable to crypto-assets has continued to evolve, reaching a more structured – yet still partially uncertain – configuration as of 2026. The most significant development is the full entry into force of the 33% substitute tax on capital gains and other income derived from crypto-assets, introduced through recent budget laws and now fully operational from 1 January 2026.

This reform marks a clear shift towards aligning crypto-assets with traditional financial investments from a fiscal perspective, reinforcing their classification as economically relevant assets within the Italian system. At the same time, the regime has become more nuanced. In particular, certain euro-denominated electronic money tokens (EMTs) compliant with MiCAR may benefit from a differentiated treatment, remaining subject to the lower 26% rate, reflecting their closer functional proximity to traditional payment instruments.

Further clarifications have also been introduced with respect to taxable events. While disposals against fiat currency clearly trigger taxation, specific forms of crypto-to-crypto exchanges may, in certain cases, benefit from neutrality rules, depending on their economic substance and classification. This remains, however, an area where interpretative uncertainty persists and where further administrative guidance is expected.

Other important grey areas remain. In particular, the tax treatment of DeFi-related income – such as staking, lending or liquidity provision – continues to lack clear and consistent guidance, especially as regards the distinction between capital gains and ordinary income. Similarly, NFTs and hybrid tokens still raise classification challenges.

Overall, the Italian tax regime reflects a broader trend of progressive normalisation: crypto-assets are no longer treated as exceptional instruments but are increasingly embedded within the general fiscal framework. However, the pace of technological innovation continues to outstrip regulatory clarification, leaving room for interpretation and requiring careful tax planning by market participants.

Key Trends for the Next 12 Months

Looking ahead, the Italian blockchain and crypto-asset market is entering a decisive phase in which regulatory implementation will translate into tangible market structure.

First, the long-anticipated MiCAR authorisation phase is expected to materialise. The granting of the first CASP licences – likely concentrated in the months leading up to July 2026 – will mark the transition from a preparatory environment to a fully supervised market. This will provide much-needed clarity on supervisory expectations in practice, particularly in areas such as governance, outsourcing, and operational resilience.

Second, market consolidation is likely to accelerate. The significant compliance costs associated with MiCAR – combined with capital requirements and organisational burdens – are expected to reduce the number of active operators. Smaller or less structured players may exit the market or seek partnerships with authorised entities, leading to a more concentrated but also more stable ecosystem.

Third, the trend towards institutionalisation will continue. Traditional financial institutions, including banks and investment firms, are expected to play an increasingly central role, either as authorised CASPs or as partners in regulated initiatives. This will contribute to a gradual normalisation of crypto-asset services within the broader financial system.

Fourth, tokenisation of financial instruments and real-world assets (RWAs) is likely to represent the most dynamic segment of the Italian market. The legal certainty provided by the FinTech Decree and the DLT framework, combined with growing institutional interest, is expected to drive further projects in areas such as bonds, minibonds and structured products.

Taken together, these trends suggest that the Italian market will evolve less as a hub for rapid expansion and more as a controlled environment for regulated, institutional-grade innovation.

Conclusion

Italy’s approach to blockchain and crypto-assets is best understood as one of regulated integration rather than regulatory competition. The country has not positioned itself as a jurisdiction aimed at attracting large volumes of operators through speed or flexibility. Instead, it has prioritised alignment with traditional financial regulatory principles, emphasising governance, transparency and investor protection.

This approach has had immediate consequences. On the one hand, it has limited the number of operators seeking authorisation in Italy and contributed to a shift towards cross-border service provision through EU passporting. On the other, it has strengthened the credibility of the market and reduced the legal uncertainty that historically characterised the sector.

At the same time, Italy is developing distinctive strengths in areas that are likely to define the next phase of blockchain adoption. In particular, the combination of MiCAR, the FinTech Decree and Eurosystem initiatives positions the country as a relevant jurisdiction for regulated tokenisation, institutional use cases and financial infrastructure innovation.

A notable feature of the Italian landscape is the coexistence of two parallel dynamics. On the one hand, a highly structured and cautious regulatory environment shapes the development of market-facing activities. On the other, a vibrant technological ecosystem – particularly in DeFi and open-source development – continues to evolve at pace, often operating beyond formal jurisdictional boundaries.

Importantly, however, this same regulatory rigour may represent a strategic advantage for certain categories of operators. Italy can constitute an ideal jurisdiction for serious, well-structured projects that are willing to engage in continuous and transparent dialogue with supervisory authorities. For such actors, the availability of institutional interfaces – combined with a clear, albeit demanding, regulatory framework – offers the opportunity to develop compliant business models in close interaction with regulators, thereby reducing long-term legal and operational risk.

For businesses and investors, the key takeaway is therefore nuanced. Italy may not offer the fastest route to market under MiCAR, but it provides a framework in which long-term, compliant and institutionally integrated projects can be developed with a high degree of legal certainty.

Studio Patti

Largo Augusto 3
20122
Milan
Italy

+39 02 365 89238

segreteria@patti.legal www.patti.legal
Author Business Card

Law and Practice

Authors

Francesco Paolo Patti
Marta Vittoria Colombo

Studio Patti is a full-service law firm providing advice across corporate, regulatory, dispute resolution, and technology-driven practice areas, with a strong focus on fintech and crypto-assets. With 15 professionals in Rome, Milan, and Munich, the firm operates within Europe’s innovation ecosystem, supporting clients across jurisdictions. The multidisciplinary approach enables the practice to advise on a wide range of emerging technologies, including blockchain protocols, crypto-assets, tokenisation, and innovative financial services. Studio Patti also supports clients with white papers, CASP licensing, regulatory positioning, and market entry strategies. In addition, the practice advises on fundraising, including round structuring and investor negotiations, ensuring compliance and growth. Serving international clients, from start-ups to established institutions, the firm assists with complex regulatory landscapes, structuring cutting-edge projects, and ensuring compliance in a rapidly evolving environment. Recent experience includes advising clients on MiCAR authorisation applications and successfully leading a complex cross-border licensing process to a positive outcome.  

Trends and Developments

Authors

Francesco Paolo Patti
Marta Vittoria Colombo

Patti Legal is a full-service law firm providing advice across corporate, regulatory, dispute resolution, and technology-driven practice areas, with a strong focus on fintech and crypto-assets. With 15 professionals in Rome, Milan, and Munich, the firm operates within Europe’s innovation ecosystem, supporting clients across jurisdictions. The multidisciplinary approach enables the practice to advise on a wide range of emerging technologies, including blockchain protocols, crypto-assets, tokenisation, and innovative financial services. Studio Patti also supports clients with white papers, CASP licensing, regulatory positioning, and market entry strategies. In addition, the practice advises on fundraising, including round structuring and investor negotiations, ensuring compliance and growth. Serving international clients, from start-ups to established institutions, the firm assists with complex regulatory landscapes, structuring cutting-edge projects, and ensuring compliance in a rapidly evolving environment. Recent experience includes advising clients on MiCAR authorisation applications and successfully leading a complex cross-border licensing process to a positive outcome.  

Compare law and practice by selecting locations and topic(s)

{{searchBoxHeader}}

Select Topic(s)

loading ...
{{topic.title}}

Please select at least one chapter and one topic to use the compare functionality.