ASF and BNR Competences

The ASF is expected to become the main authority for CASPs, ART issuers and issuers or offerors of crypto-assets other than ARTs and EMTs. The BNR is expected to supervise EMT issuance by credit institutions and electronic money institutions, as well as payment institutions, electronic money institutions and banks under existing sectoral law. The draft Romanian MiCA emergency ordinance expressly separates these competences between the ASF and BNR and provides for co-operation between them.

AML Authority

The National Office for Prevention and Combating of Money Laundering (ONPCSB) is the financial intelligence unit and AML authority. It receives suspicious transaction reports, supervises AML compliance for relevant reporting entities and co-ordinates the national AML risk response. Law No 129/2019 now uses MiCA-related terminology, including crypto-assets and CASPs.

Other Relevant Authorities

The National Authority for Consumer Protection (ANPC) may be relevant where retail users are targeted, especially in relation to unfair terms, misleading advertising, digital services and distance contracts. The National Agency for Fiscal Administration (ANAF) is relevant for income tax, corporate tax, VAT and crypto-asset reporting. The National Supervisory Authority for Personal Data Processing (ANSPDCP) supervises GDPR compliance, while the National Cyber Security Directorate (DNSC) is relevant for cybersecurity matters and for the implementation of Directive (EU) 2022/2555 on measures for a high common level of cybersecurity (NIS2).

International Alignment

Romania’s approach is closely aligned with EU and international standards. Supervisory interpretation tracks EU law, European Securities and Markets Authority (ESMA) and European Banking Authority (EBA) guidance, FATF AML standards and EU-level supervisory convergence, rather than a separate domestic doctrine. For cross-border operators, this means Romanian outcomes are predictable from the same EU materials they already work with.

Classification of Crypto-Assets

A crypto-asset may fall under MiCA, but only if it is not already regulated as:

• a financial instrument;
• a deposit;
• a structured deposit;
• a fund unit;
• a securitisation position;
• an insurance product;
• a pension product;
• a payment instrument; or
• another excluded instrument.

MiCA applies this technology-neutral logic uniformly, and Romanian law does not layer a separate classification on top.

Interaction with MiFID II

Where a token has the characteristics of a transferable security, fund unit, money market instrument or derivative, it falls within the MiFID II and capital markets framework rather than MiCA. The relevant Romanian implementing law is Law No 126/2018 on markets in financial instruments, and the general principle is that tokenised securities are characterised by their economic substance rather than their digital form.

MiCA Categories

Within MiCA, crypto-assets that are not excluded from its scope fall into three main categories. EMTs are crypto-assets that purport to maintain a stable value by reference to a single official currency. Asset-referenced tokens (ARTs) are crypto-assets that purport to maintain a stable value by reference to another value or right, or a combination thereof, including one or more official currencies. All other crypto-assets, including most utility tokens, are subject to the general regime under Title II of MiCA, unless an exemption applies. Most non-fungible tokens (NFTs) sit outside MiCA under Article 2(3) on the basis of uniqueness and non-fungibility; fractionalising an NFT into fungible units brings it back inside the regime.

Regulated Activities

The regulated activities refer to:

• offers to the public;
• admission to trading;
• ART or EMT issuance; and
• crypto-asset services.

Crypto-asset services include custody, trading platform operation, exchange, order execution and transmission, advice, portfolio management and transfers. Governance tokens are classified by the rights they confer rather than by protocol label: a token granting economic rights, dividends or buyback entitlements may be a financial instrument under MiFID II Annex I, while a pure voting-rights token sits under MiCA Title II.

Prohibitions and Retail Protections

Holding and transferring crypto-assets is not prohibited under Romanian law. The relevant prohibitions are activity-based: carrying out a regulated crypto-asset service without authorisation, or offering ARTs or EMTs to the public without the appropriate issuer status. Separately, misleading retail holders, breaching AML obligations and engaging in market abuse each give rise to their own consequences under the applicable rules. On the retail side, MiCA introduces specific protections for holders, including disclosure obligations, marketing standards and, in certain cases, a right of withdrawal.

Transitional Rules

Under Article 143(3) MiCA, entities that provided crypto-asset services in accordance with applicable national law before 30 December 2024 may continue until 1 July 2026 or until authorisation is granted or refused, unless a member state adopts a shorter period. Romanian materials have not indicated a materially different approach, but final Romanian implementation remains pending. For a detailed discussion of the pending Romanian MiCA implementation legislation, including the draft emergency ordinance and the designation of competent authorities, see 1.1.1 Evolution of Uses of Blockchain.

In Romania, regulation attaches to the entity performing the regulated activity, not to the commercial structure chosen by the promoter. Interposing a fund, SPV, foundation or other legal wrapper between the investor and the underlying crypto-asset activity changes the legal relationships but leaves the activity itself in scope. If the activity requires authorisation, someone in the chain must hold it.

Legal Wrappers and the Regulatory Analysis

Where investors acquire units in a collective investment undertaking that allocates capital to crypto-assets, the fund manager will need to comply with fund regulation, and the entity actually managing or custodying the crypto-assets may still need to be authorised under MiCA. Similarly, where a token represents a share, a debt instrument or a right to repayment, the issuer and any intermediary may fall within the scope of MiFID II, the Prospectus Regulation or market abuse rules, regardless of how the offering is labelled.

This is especially relevant for real world asset projects. A promoter may set up an SPV to hold real estate, receivables or private company participations, and then issue tokens linked to that SPV. The commercial logic may be sound, but the token can still qualify as a security, a fund interest, a crowdfunding instrument or a MiCA crypto-asset depending on the rights it confers. The legal wrapper is therefore a factor in the analysis, not a way around it.

Regulatory Consequences for Regulated Firms

Regulated firms that gain exposure to crypto-assets, whether directly or through a wrapper, should expect to address the full range of applicable requirements, including prudential treatment, internal mandate limits, custody and valuation arrangements, governance and outsourcing standards, DORA compliance, conflicts of interest and client disclosure. Banks and payment institutions will also need to factor in approvals and restrictions specific to BNR, while investment firms and funds should consider ASF rules and any applicable investor eligibility thresholds.

White Paper and Legal Explanation Filing

Under MiCA Title II, an offeror or person seeking admission to trading of crypto-assets other than ARTs or EMTs must draw up, notify and publish a crypto-asset white paper before the offer to the public or admission to trading, unless an exemption applies. The MiCA white paper is a public statement of fact and risk, subject to civil liability, update duties and registration in the publicly accessible ESMA register. From a filing perspective, the white paper must be prepared in a machine-readable format using inline XBRL (iXBRL) in accordance with the applicable ESMA implementing technical standards.

Under Article 8(4) MiCA, the white paper must be accompanied by a legal explanation addressed to the national competent authority. This is a substantive, non-public document demonstrating that the token falls within MiCA and is not a financial instrument, deposit, fund unit, securitisation position or other excluded instrument, and is not an ART or EMT. The analysis tracks the classification elements set out in 2.2 Crypto-Asset Regulatory Frameworks and should address the token’s rights, economic function and (where relevant) the absence of any stabilisation mechanism.

Exemptions

The white paper notification and Article 8(4) legal explanation described above are not required where one of the MiCA exemptions applies. These exemptions are modelled on the public offering exemptions under the Prospectus Regulation and include:

• offers addressed solely to qualified investors;
• offers to fewer than 150 natural or legal persons per member state;
• offers where the total consideration does not exceed EUR1 million over 12 months;
• genuinely free offers;
• mining or validation rewards; and
• operational utility tokens and limited network tokens.

The exemptions in Article 4(2) and (3) of MiCA cease to apply as soon as the offeror, or any person acting on its behalf, communicates an intention to seek admission to trading. This extends to informal channels: communications through social media, investor materials, term sheets or roadshow presentations may be sufficient to trigger loss of exemption.

Notification Versus Authorisation

For Title II tokens, the white paper must be notified to the competent authority at least 20 working days before publication. The authority may request information or raise concerns, but formal approval is not required and responsibility for the content remains with the offeror or person seeking admission to trading. Once duly notified and published in one member state, the white paper enables the offeror to offer the crypto-asset or seek its admission to trading across the EU without repeating the notification procedure in each member state (see 3.4 Passporting).

The supervisory posture for stablecoins differs from Title II tokens:

• ART issuers must obtain authorisation from the competent authority, and the white paper is subject to approval rather than mere notification; and
• EMT issuers must be authorised as a credit institution or electronic money institution, and the white paper must be notified but is subject to specific content requirements on redemption rights and reserve assets.

In both cases, the issuer must submit a legal opinion confirming that the token does not qualify as a financial instrument, deposit, structured deposit, fund unit, securitisation position or other excluded instrument, and the competent authority assesses the application against prudential, governance and reserve requirements before the token may be offered to the public or admitted to trading.

MiCA creates a market abuse framework for crypto-assets admitted to trading or for which admission to trading has been requested. The prohibited behaviours are insider dealing, unlawful disclosure of inside information and market manipulation. This brings crypto-asset markets closer to the traditional securities model.

The framework is similar in policy to the Market Abuse Regulation applicable to financial instruments, but it is adapted to crypto-asset markets. It must deal with pseudonymous trading, social media announcements, token treasury activity, thin liquidity, governance events, protocol changes, smart contract vulnerabilities and issuer information that may not be published through traditional regulated information systems.

For tokenised securities that qualify as financial instruments, the traditional market abuse regime continues to apply. MiCA is not a substitute for Regulation (EU) No 596/2014 on market abuse (MAR) where the token is a security. The same token can therefore be outside MiCA for classification purposes but still subject to strict capital markets rules.

In practice, issuers and CASPs should adopt insider lists, announcement controls, treasury dealing policies, market monitoring, conflict procedures and social media approval processes. A small token project may not look like a listed company, but once its token is traded, information asymmetry can become a regulatory issue.

Non-compliance with regulatory requirements in place can lead to administrative, civil, criminal, AML, tax and consumer protection consequences. However, to date, Romanian authorities have not publicly taken enforcement action against crypto-asset platforms servicing Romanian users. Enforcement activity has been limited to criminal contexts, including tax evasion, money laundering, cybercrime and investment fraud, rather than formal authorisation breaches. This position is expected to change once the national MiCA framework is adopted. Under Article 111 of MiCA, member states must ensure maximum administrative fines of at least EUR5 million or 5% of annual turnover for legal persons and at least EUR700,000 for natural persons, subject to uplift to at least twice the profits gained or losses avoided. Romania has not yet enacted implementing legislation for this sanctions regime, but it is mandatory and is expected to be operationalised for the ASF and BNR within the next 12 months.

A MiCA authorisation is required to provide crypto-asset services in or into Romania on a business basis, unless an exemption or the MiCA transitional regime applies. The Romanian trigger will normally be the provision of a MiCA crypto-asset service from Romania, through a Romanian entity, or into Romania by targeting Romanian clients.

Licensing Trigger and Territorial Scope

Targeting indicators (Romanian-language marketing, local payment rails, Romanian effective management or a local operating company) and the limits of reverse solicitation under Article 61 of MiCA are discussed in 4.1 Marketing; the interaction with the transitional regime is addressed in 2.2 Crypto-Asset Regulatory Frameworks.

Transitional Regime and Parallel Licensing

Existing Romanian operators may rely on the MiCA transitional regime described in 2.2 Crypto-Asset Regulatory Frameworks, provided they were operating in accordance with applicable national law before 30 December 2024. In practice, this requires careful evidence of AML registration or compliance, service history and the exact services provided. The transitional regime does not create a passport and should not be treated as equal to full MiCA authorisation.

Other licences may be required in parallel, as discussed in 2.2 Crypto-Asset Regulatory Frameworks and 2.3 Regulated Firms and Legal Wrappers. Payment services, EMT related services, e-money issuance, investment services, crowdfunding, consumer credit and fund management can each trigger their own rules independently of MiCA.

Set-up requirements for a Romanian CASP authorisation are those of MiCA, applied locally. The process is substantive: the applicant must be a legal person or other eligible undertaking with a registered office in the EU and effective management in the EU. It must demonstrate the following.

Governance and personnel:

• at least one director resident in the Union;
• members of the management body who are fit and proper, possess appropriate knowledge, skills and experience, and have not been convicted of money laundering, terrorist financing or other offences affecting their good repute;
• shareholders or members with qualifying holdings who are of sufficiently good repute; and
• staff with the knowledge, skills and expertise necessary for the responsibilities allocated to them.

Prudential requirements:

• Class 1 CASPs (advice, portfolio management, placing, reception and transmission of orders, execution of orders, transfer services): minimum permanent capital of EUR50,000;
• Class 2 CASPs (Class 1 services plus custody, exchange of crypto-assets for funds or other crypto-assets): EUR125,000;
• Class 3 CASPs (Class 2 services plus operation of a trading platform): EUR150,000;
• alternatively, one quarter of the fixed overheads of the preceding year, whichever is higher; and
• prudential safeguards may take the form of own funds or an insurance policy covering the relevant territories.

The application file must contain, among others:

• a programme of operations and business plan;
• governance documents and description of internal control mechanisms;
• evidence of own funds or insurance policy meeting the prudential requirements;
• AML policies, risk assessment framework and business continuity plan;
• ICT and security documentation;
• description of client asset segregation procedures;
• complaints-handling procedures;
• custody policy (where custody services are intended);
• operating rules and market abuse detection procedures (where a trading platform is intended); and
• proof of fit and proper status of management body members and qualifying shareholders.

For Romanian applicants, the ASF is expected to be the main authority for CASPs and non-EMT crypto-assets, while the BNR will be relevant for EMTs and for entities already supervised by the BNR, such as banks, payment institutions and electronic money institutions. Because the final Romanian procedure is still pending, applicants should prepare files based on MiCA, ESMA/EBA standards and the draft Romanian allocation of competences.

Even if MiCA does not require all staff to be in Romania, a Romanian applicant should be able to demonstrate real decision-making, competent management, compliance capacity, AML personnel, technical oversight and access to outsourced systems. A project managed entirely from another jurisdiction may face supervisory questions.

Under Article 83 of MiCA, any person intending to acquire or increase a qualifying holding in a CASP so as to reach or exceed the 20%, 30% or 50% thresholds, or to make the CASP a subsidiary, must notify the competent authority in writing before the change takes effect. The same obligation applies to any disposal or reduction below the 10%, 20%, 30% or 50% thresholds. The competent authority has 60 working days to assess the acquisition; if no opposition is raised, the acquisition is deemed approved.

A crypto-asset firm that is also regulated as a bank, payment institution, electronic money institution, investment firm, fund manager or insurance entity may face parallel qualifying holding approval requirements under the applicable sectoral regime. Transaction documents should include regulatory conditions precedent, and buyers should diligence the licence, pending notifications, AML history, client asset segregation and any reliance on transitional regimes. A change of control during the grandfathering period is particularly sensitive where the business has not yet obtained full MiCA authorisation.

A MiCA authorisation granted by the Romanian competent authority is valid throughout the EU and EEA, enabling the holder to provide authorised services in other member states via the MiCA passporting procedure. To passport, the CASP notifies the Romanian competent authority of the host member states, the services it intends to provide and the intended start date; the competent authority communicates that information to the host member states within ten working days, and the CASP may begin providing services shortly thereafter.

The passport does not, however, remove all local law questions. The CASP must remain within the scope of its authorised services, comply with host state consumer protection, AML and advertising rules where applicable, and separately assess any activities that fall outside MiCA. A Romanian MiCA authorisation will not cover payment services, electronic money issuance, investment services, fund management or consumer credit, unless those activities are independently authorised.

Cross-border marketing into Romania is permitted, but the applicable rules depend on the legal classification of the product being marketed rather than on the technology used to deliver it. If the token is a MiCA crypto-asset, marketing communications are subject to the requirements of Article 7 of MiCA, and all marketing communications must comply with the following requirements:

• they must be clearly identifiable as marketing communications;
• the information they contain must be fair, clear and not misleading;
• the information must be consistent with the information in the crypto-asset white paper where a white paper is required;
• they must clearly state that a white paper has been published and indicate the address of the relevant website, telephone number and email address; and
• each marketing communication must contain the following prominent statement: “This crypto-asset marketing communication has not been reviewed or approved by any competent authority in any Member State of the European Union.”

No marketing communications may be disseminated prior to the publication of the white paper, although market soundings are not affected by this restriction. Marketing communications must be provided to the competent authority of the home member state and, where they address prospective holders in a host member state, to the competent authority of that host member state, upon request.

Where the token is a financial instrument, MiFID II, the Prospectus Regulation and MAR will apply instead of, or in addition to, MiCA. Crowdfunding activities are subject to Regulation (EU) 2020/1503 on European crowdfunding service providers for business (the “EU Crowdfunding Regulation”) and Romanian Law No 244/2022. Payment services, e-money, consumer credit, fund interests and insurance-based investment products each carry their own marketing restrictions. A project that describes itself as “crypto” may in substance be advertising a payment account, an investment product, a fund-like participation or a credit product, and the correct analysis begins with the legal rights and service being offered, not the technology through which they are delivered.

Reverse Solicitation

Reverse solicitation is available only in narrow circumstances. A foreign firm cannot rely on it if it actively targets Romanian users through Romanian-language channels, local advertising, influencer campaigns, referral schemes or local payment infrastructure, and EU guidance interprets the exemption strictly. Consumer protection rules apply in parallel regardless of the regulatory classification of the product: the ANPC may assess whether advertising is misleading, whether risks are adequately disclosed and whether retail customers are given a fair understanding of the volatility and legal status of crypto-assets. Yield language, “guaranteed return” wording and statements implying regulatory approval are areas of particular sensitivity.

White label structures are possible in Romania, but MiCA does not allow an unlicensed firm to perform crypto-asset services by “borrowing” the licence of an authorised CASP. The authorised CASP must remain the entity providing the regulated service and must retain responsibility for the client relationship, disclosures, safeguarding, complaints, regulatory reporting and compliance.

A white label model is more defensible where the unlicensed firm provides technology, branding, distribution support or other non-regulated services, while the CASP contracts directly with the client and performs the regulated activity. The structure becomes risky where the unlicensed firm controls onboarding, custody, order execution, advice, complaints or client communications in substance, as it may itself be treated as providing crypto-asset services without authorisation.

Client-facing documentation should clearly identify the authorised CASP, the role of the white label partner, the entity holding crypto-assets or funds, the applicable terms and the complaints route.

DeFi is permitted in Romania, and there is no Romanian statute that prohibits decentralised protocols, DAOs (decentralised autonomous organisations), non-custodial wallets or smart-contract-based financial applications. DeFi projects can be structured and launched lawfully, and the EU regulatory framework provides a workable foundation for doing so – provided the compliance architecture is built into the project from the outset.

MiCA recognises that fully decentralised services without an identifiable intermediary may fall outside its scope, but the carve-out requires careful design: where a founder, operator, front-end provider, governance body, treasury controller or other identifiable person performs a MiCA, payment, investment or credit activity, authorisation and conduct requirements may still apply. Even where no licence is required, AML, KYC, sanctions and travel-rule controls should be built in, particularly for protocols interacting with regulated counterparties.

Centralised finance firms can use DeFi infrastructure, but must address custody, private-key control, smart-contract risk, AML and sanctions screening, liquidity, conflicts, outsourcing, operational resilience, client disclosure and valuation as part of integration. A regulated entity cannot set aside its obligations by routing activity through a decentralised protocol; properly structured, DeFi components can be integrated into a regulated service model without disturbing the firm’s authorisations.

DeFi structures in Romania are built using established corporate vehicles rather than a bespoke DAO form. A DAO may exist technically, through smart contracts and governance rules, but Romanian law does not recognise DAOs as a separate legal form and a project will not have legal personality only because it is described as one. This creates uncertainty around ownership of assets, capacity to contract, tax residence, governance and liability. Where there is no incorporated entity, founders, developers or active participants may be exposed to personal liability under general civil law principles.

In practice, Romanian DeFi projects usually need at least one legal layer. A Romanian limited liability company is the most common vehicle for development, operations, employees, IP ownership and commercial contracts. A separate issuer or SPV may be used where tokens, assets or financing flows are involved, and foundations are sometimes considered for treasury or governance functions, though Romanian non-profit structures are not always suitable for commercial token economics. The structure should be built around the function performed by each entity, with separate entities for protocol development, front-end operation, token issuance and regulated services.

This separation is useful only if it reflects reality: a Romanian company cannot avoid MiCA or payment services rules if, in substance, it operates custody, exchange, transfer, trading, advice or payment flows. Capital, governance and authorisation requirements arise from the regulated activity, not from the technology, and a CASP, payment institution, electronic money institution, investment firm, fund manager or crowdfunding service provider will be subject to the relevant prudential and licensing regime.

Accountability and liability in Romanian DeFi matters are assessed under general law, as Romanian courts and regulators have not yet developed a significant body of DeFi-specific case law. The main categories of liability are:

• contractual;
• tort;
• consumer protection;
• product and digital services;
• directors’ liability; and
• in serious cases, criminal liability.

A developer is not automatically liable for every loss suffered by users of open-source software. However, liability becomes more plausible where the developer operates the front end, markets the product, controls upgrades, receives fees, manages the treasury, makes misleading statements or knows of a material vulnerability and fails to act.

Promoters and founders may also be liable where they create an investment expectation, conceal risks or misrepresent decentralisation. Governance tokenholders are less likely to be liable merely because they vote, but repeated active control over business decisions can change the analysis.

The practical recommendation is to map accountability before launch. Projects should decide who contracts with users, who controls keys, who can upgrade the protocol, who receives fees, who handles complaints, who conducts AML checks and who can stop the system in an emergency.

Crypto-Asset Payments and Settlement Models

Payments in crypto-assets are permitted in Romania. Crypto-assets are not legal tender, but parties are free to agree on crypto-asset settlement under contractual autonomy, and both direct wallet-to-wallet settlement and card or merchant-acquiring models are available. Tax, accounting, AML and consumer protection considerations are addressed in 1.2.4 Tax, 2.1 Regulators and International Alignment and 4.1 Marketing.

Many merchants opt for conversion into RON or another fiat currency through a regulated intermediary, which simplifies accounting, valuation and refund handling. Direct wallet-to-wallet settlement is also possible and may be preferable in B2B or cross-border contexts, provided refund mechanics, record-keeping and valuation are addressed contractually. Where the model involves payment services or electronic money, the payment services and EMT requirements below apply.

Payment Services Law

Payment services law must be considered whenever the provider executes payment transactions, issues payment instruments, provides payment accounts, remits money or initiates payments. Law No 209/2019 transposes Directive (EU) 2015/2366 on payment services in the internal market (PSD2) in Romania and prohibits unauthorised professional provision of payment services.

EMT Services and PSD2 Interplay

The EBA’s opinion on the interplay between PSD2 and MiCA is especially important for EMTs. The EBA advised national authorities to treat certain EMT transfers and custodial wallet arrangements as payment services requiring PSD2 authorisation or a partnership with an authorised payment service provider. It also advised that exchange of crypto-assets for funds or other crypto-assets should not, by itself, be treated as a payment service.

From 2 March 2026, CASPs carrying out EMT services that qualify as payment services must hold payment institution or electronic money institution authorisation, have entered into a partnership with an authorised payment service provider, or fall within the limited pending-application scenario described by the EBA. Under that scenario, the CASP must have duly submitted an application, the competent authority must have no reason to expect the application will be refused, and certain cumulative conditions must be met. CASPs that have not applied, or that do not meet these conditions, are expected to cease providing EMT services that qualify as payment services.

Tokenised and real-world-asset products are regulated in Romania by reference to the rights attached to the token, not the technology used to issue it. Tokenisation is not a standalone regulatory category: the same asset can fall outside MiCA, or qualify as a financial instrument, a fund interest, a crowdfunding instrument or a payment instrument, depending on the rights granted to holders.

For real estate RWAs, direct tokenisation of the underlying asset is not the most workable Romanian structure. Direct ownership of Romanian real estate requires notarial transfer documents and Land Book registration; a blockchain entry cannot replace those formalities.

The practical approach is to place the real estate in a Romanian special purpose vehicle (SPV). Investors receive rights connected to shares, participation rights, profit rights, receivables or contractual rights in the SPV, while the token acts as a digital representation or transfer tool for those rights, with enforceability anchored in corporate documents, shareholder registers and KYC rules.

A well-structured tokenised RWA project typically involves the following layers:

• an asset-holding SPV incorporated for the relevant asset or pool of assets;
• an issuer or investor layer structured for transferability, pooling or public offering mechanics;
• corporate documents governing voting, distributions, exits, transfers, drag and tag rights, information rights and default scenarios;
• tokenholder terms and offering materials that explain the legal nature of the token;
• KYC, AML and investor eligibility controls on primary and secondary transfers; and
• a platform, custody and technical layer aligned with the legal structure, so that an on-chain transfer does not create a false impression of legal transfer where off-chain corporate registers have not been updated.

The process should begin with classification and structuring, not with token drafting. The classification phase should cover the asset, investor rights, transferability, redemption or exit mechanics, target jurisdictions, marketing model, custody, platform role and secondary transfer plan. Only after this analysis should the project draft token terms, offering materials and technical specifications.

Depending on the goals of the project, tokens may be legally structured as a representation of value, a contractual right, a corporate participation or a claim against an SPV, and the choice of structure determines the applicable regulatory framework. The principal risks are misclassification (treating a MiCA crypto-asset as a financial instrument or vice versa), misrepresentation (presenting the token as direct real estate ownership when the legal structure gives only corporate or contractual rights) and secondary trading restrictions (an on-chain transfer that is technically possible may still be legally prohibited under shareholder agreements, articles of association or investor eligibility rules). Legal, technical and commercial messaging must be aligned from the outset. Romania is well placed for RWA tokenisation work given its EU-anchored regulatory perimeter, established custodian and banking relationships and the Civil Code’s ability to accommodate tokenised structures, provided the token is built around the underlying legal asset rather than used as a substitute for it.