Blockchain & Crypto-Assets 2026 Comparisons

For a crypto or blockchain business in Bulgaria, the relevant regulator depends less on the technology itself and more on what the business is actually doing and the services it provides. There is no single blockchain regulator supervising every blockchain-based activity.

The FSC handles CASP authorisation and supervision under the Bulgarian MiCA framework. If the model also includes payments, electronic money, e-money tokens, payment accounts or banking services, the Bulgarian National Bank will also have supervisory authority. Tax treatment and reporting fall within the remit of the National Revenue Agency, while projects involving customer data, KYC records, wallet analytics or other personal data must also take into account the role of the Commission for Personal Data Protection.

Bulgaria’s regulatory approach is closely aligned with the EU framework rather than based on a separate national model. This means that international standards influence the Bulgarian market mainly through EU legislation and guidance. FATF standards are reflected through AML/CFT rules, Travel Rule obligations and risk-based supervision. BIS and IOSCO standards are relevant more indirectly, through their influence on EU rules on market infrastructure, prudential treatment, stablecoins, financial instruments and supervisory expectations. In practice, businesses operating in Bulgaria should expect local regulators to apply EU standards and guidance rather than a purely domestic interpretation of blockchain and crypto-asset regulation.

Crypto-assets in Bulgaria are characterised by reference to MiCA. Before applying MiCA, it is also necessary to check whether the asset is already regulated under another framework, for example as a financial instrument under MiFID II, electronic money, a deposit or another regulated product. If it is, the existing financial-services regime may apply instead of, or alongside, MiCA.

Bulgaria has adopted a specific national Markets in Crypto-Assets Act to support the application of MiCA. The Act gives effect to the local supervisory and procedural aspects of the regime, while MiCA remains the main substantive framework. As a result, crypto-assets and crypto-asset services in Bulgaria are regulated through a combination of MiCA, the Bulgarian implementing law and other existing regimes such as AML/CFT, payment services, electronic money, data protection, tax, consumer protection and operational resilience rules.

Bulgaria does not prohibit crypto-assets or blockchain-based products as such. Any operational restrictions are tied to the activity that's performed. A business may not provide regulated crypto-asset services without the required authorisation; issue or offer regulated tokens without meeting the applicable disclosure and approval requirements; or engage in market abuse, misleading marketing, AML breaches or other prohibited conduct. Retail-facing activity is not prohibited, but it attracts stronger investor-protection expectations, particularly around disclosure, risk warnings, suitability, complaints and safeguarding of client assets.

Over the next 12 months the most important development will be market adjustment. The legal framework is now largely in place, but businesses still need to translate it into workable governance, compliance, custody, disclosure and client-protection arrangements. Smaller providers may find it difficult to absorb the cost of licensing, governance, custody and operational resilience requirements, while better-prepared firms may benefit from greater trust and reduced competition from unregulated operators. Public registers of authorised CASPs and non-compliant entities are also likely to make regulatory status more visible to clients, banks and commercial partners. As a result, the market is expected to become smaller, more formal and more institutionally focused, but also more credible for businesses seeking to use Bulgaria as an EU entry point.

If the investment is performed through a fund rather than buying crypto-assets directly, the analysis changes, but it does not become unregulated. The investor is no longer simply buying crypto-assets. They are buying units or shares in a fund, so fund regulation becomes relevant.

In Bulgaria, this means that the structure may need to be reviewed under the rules for investment funds, alternative investment funds, fund managers, marketing of fund interests and investor disclosures. If the fund is offered only to professional or well-informed investors, the structure may be easier to manage. If it is offered to retail investors, the regulatory and disclosure requirements will usually be more demanding.

It should also be considered whether the fund is allowed to invest in crypto-assets. This depends on the type of fund, its investment policy and the rules that apply to its manager. For example, an alternative investment fund may have more flexibility than a UCITS fund, but it still needs proper rules on valuation, custody, risk management, liquidity and disclosure.

Using a fund wrapper also does not automatically avoid MiCA. If the fund simply invests in crypto-assets for its own portfolio, this may be treated differently from providing crypto-asset services to clients. But if the structure involves custody, exchange, execution of orders, advice, portfolio management of crypto-assets or transfer services for third parties, MiCA will remain applicable.

Crypto-asset issuance is viable if structured under MiCA. The first step is to classify the token. If it is an asset-referenced token or other MiCA crypto-asset, the MiCA issuance rules will apply. If the token qualifies as a financial instrument or another regulated product, the issuer must consider the existing financial-services regime instead.

In most cases, an issuer or offeror selling a crypto-asset into Bulgaria or within the EU will need to prepare a MiCA-compliant crypto-asset White Paper. The content depends on the type of token, but it generally includes information on the issuer or offeror, the project, the rights attached to the token, the technology, risks, offer terms and sustainability-related disclosures. Standard EU templates now apply to MiCA White Papers, which makes the process more formal and less flexible than earlier ICO-style disclosure documents.

Bulgaria’s national Markets in Crypto-Assets Act does not replace MiCA, but provides the local supervisory and procedural framework. The FSC is responsible for MiCA matters in Bulgaria, with the Bulgarian National Bank relevant for e-money and payment-related issues. For ordinary utility-type tokens, the White Paper is approved in advance. For ARTs and EMTs, the regime is stricter and may require authorisation or involvement of a licensed credit institution or electronic money institution.

The practical position is that a token launch from Bulgaria is possible, but issuers should carry out a classification analysis, prepare the White Paper in the required EU format, align the marketing materials with the White Paper, assess whether any CASP services are being provided around the issuance, and check whether the token has features that could bring it within securities, payment services, e-money, AML, tax or consumer protection rules.

Bulgaria applies the EU MiCA market abuse framework for crypto-assets and the regime prohibits insider dealing, unlawful disclosure of inside information and market manipulation in relation to crypto-assets admitted to trading, or for which admission to trading has been requested. The Bulgarian Markets in Crypto-Assets Act supports the application of MiCA at national level and gives the FSC supervisory and enforcement powers.

The prohibited behaviour is broadly similar to traditional securities market abuse. A person should not trade on non-public price-sensitive information, improperly disclose such information, or engage in conduct that gives false or misleading signals about the price, supply or demand of a crypto-asset. CASPs and other persons professionally arranging or executing crypto-asset transactions are also expected to have systems for detecting and reporting suspicious activity.

The main difference from traditional securities regulation is practical. Crypto markets are more fragmented, operate 24/7, and often involve public blockchains, decentralised infrastructure, offshore venues and pseudonymous wallets. Inside information may also look different. It can include not only issuer-related information, but also information about exchange listings, token burns, protocol upgrades, cybersecurity incidents, reserve issues, liquidity arrangements or large wallet movements. As a result, the crypto market abuse framework borrows heavily from the traditional securities model, but its application is more technical and often harder to monitor in practice.

An example for what would be considered market abuse is the manipulating of the price source used by a smart contract or DeFi protocol. If a person artificially moves the price of a crypto-asset on a venue or liquidity pool in order to influence an oracle and trigger a favourable liquidation, settlement or payout, this may raise market manipulation concerns. This type of behaviour is less familiar from traditional securities markets, but it is highly relevant in blockchain-based trading and lending structures.

The enforcement picture is still developing as the MiCA regime is new, and the FSC’s current approach appears to be focused mainly on implementation, guidance and helping the market understand the new requirements. This does not mean that breaches will be treated lightly. The Bulgarian Markets in Crypto-Assets Act gives the FSC substantial enforcement powers, including fines, coercive measures, orders to cease unauthorised activity, publication of sanctions, withdrawal of authorisation, website or platform-blocking measures and, in urgent cases, requests for court-ordered freezing or sequestration of assets.

The financial consequences can be significant. For CASP-related breaches, legal persons may face turnover-linked sanctions, and repeated violations can lead to higher penalties. Market abuse is treated particularly seriously, with sanctions for entities that may reach the higher of EUR7.7 million or 7.5% of annual turnover, and higher levels for repeated violations. In addition, breaches of the Travel Rule and DORA-related requirements are covered by separate sanction provisions.

Sanctions may also apply to individuals involved in the breach, not only to the legal entity. Members of the management body, directors, officers or other responsible persons may face personal administrative fines where the breach is attributable to their conduct, failure to act or failure to ensure compliance. This is particularly relevant for CASPs, where governance, fit-and-proper standards and senior management responsibility are central parts of the MiCA compliance framework.

Cross-border breaches are likely to be handled through the MiCA supervisory co-operation framework. Where a firm authorised in another member state provides services in Bulgaria, the FSC may co-ordinate with the home-state authority. Where a firm operates without authorisation or targets Bulgarian clients unlawfully, the FSC can require the activity to stop and may take measures against the relevant online interface, application, domain or platform presence.

During the following 12 months, the attitude of the regulator is likely to become more enforcement-oriented as the market moves from transition to full compliance. Over the early implementation period businesses may still benefit from regulatory guidance and opportunities to correct gaps. However, firms that ignore licensing requirements, provide services without authorisation, mislead clients, fail to safeguard assets or disregard AML, Travel Rule, DORA or market abuse obligations should expect a much stricter response. The practical message is that Bulgaria is open to serious crypto businesses, but not to informal or non-compliant operations.

The need for a licence is triggered by the provision of regulated crypto-asset services rather than by the use of blockchain technology itself. The practical test is what the business actually does for clients. A pure software provider may fall outside the perimeter, but a platform that holds client keys, matches trades, executes transactions or facilitates exchange activity may require authorisation even if it presents itself as a technology business.

The territorial analysis is also substance-based. A Bulgarian entity providing crypto-asset services will need to obtain authorisation in Bulgaria and an EU-authorised CASP may serve Bulgarian clients through passporting. However, a non-EU provider cannot actively target Bulgarian or EU clients without considering MiCA authorisation. Reverse solicitation is available only in narrow circumstances where the client approaches the provider entirely on their own initiative, and European Securities and Markets Authority (ESMA) has made clear that it should not be used to circumvent the licensing regime.

A foreign structure will not necessarily avoid Bulgarian or EU licensing issues if the business is effectively managed, marketed or operated from Bulgaria, or if Bulgarian/EU clients are actively targeted. For example, an offshore company with its management team, client onboarding, marketing and operational decision-making in Bulgaria may still raise Bulgarian and EU regulatory questions.

Existing providers may benefit from transitional arrangements if they were lawfully providing crypto-asset services before the relevant MiCA application date, but this is only a temporary position. The transition from the previous registration-based regime to full CASP licensing is expected to end on 1 July 2026. Businesses relying on the transitional period should not treat it as equivalent to full authorisation. They should use it to prepare the CASP application, align internal policies and controls, review marketing and cross-border activity, and prepare an orderly exit plan if authorisation is not obtained.

A CASP licence is obtained through an application to the FSC under MiCA, the Bulgarian Markets in Crypto-Assets Act and the FSC’s implementing rules, and the process resembles a financial-services authorisation. The applicant must submit a detailed licensing file showing what services it intends to provide, explain in detail how the business will operate, who will manage it, how clients and client assets will be protected, and how the firm will comply with AML, DORA, governance and conduct requirements.

Substance is a key point. The FSC is expected to look at whether the applicant has real operational presence and decision-making capacity in Bulgaria. The exact level of substance will depend on the services offered, but the applicant should have sufficient local management, compliance oversight and operational control. Some functions may be outsourced or supported by group entities, but the Bulgarian applicant must remain responsible and able to supervise them effectively.

Local personnel requirements are not assessed through a fixed headcount only. The more important question is whether the team is adequate for the proposed activity. A custody provider or trading platform will need stronger operational, compliance, AML, ICT and risk capacity than a more limited advisory model. Members of the management body and key persons must be suitable, reliable and sufficiently experienced. In practice, the FSC will expect the people named in the application to be genuinely involved, not appointed only for formal purposes.

CASPs must also meet MiCA prudential requirements. Depending on the services provided, the minimum capital requirement is EUR50,000, EUR125,000 or EUR150,000, depending on the exact services, and the CASP must maintain prudential safeguards equal to the higher of the fixed minimum requirement or one quarter of its previous year’s fixed overheads. For new applicants, the business plan and financial forecasts therefore need to be realistic and consistent with the proposed operating model.

In practical terms, the most important part of the licensing process is preparation. Before filing, applicants should usually carry out a gap review of their governance, AML framework, DORA arrangements, custody model, outsourcing structure, client documentation and financial resources. A well-prepared application can reduce follow-up questions and delays, while an incomplete or generic file is likely to create difficulties during the FSC review.

Acquiring control or a significant holding in a licensed CASP in Bulgaria is subject to prior regulatory notification and assessment. A proposed acquirer must notify the FSC before acquiring, directly or indirectly, a qualifying holding in a CASP, or before increasing an existing holding above the relevant MiCA thresholds. The transaction should not be completed until the regulatory process has been properly addressed.

The assessment is not a general commercial approval of the deal. The FSC will focus on whether the proposed acquirer is suitable, financially sound and transparent, whether the source of funds is legitimate, whether the persons who will direct the CASP’s business are fit and proper, and whether the CASP will continue to comply with MiCA after the acquisition. AML/CFT risk is also a central part of the review.

In practical terms, buyers of licensed CASPs should treat regulatory approval as a core transaction workstream. Due diligence should cover the target’s corporate, tax and financial position, and also its licence scope, client asset arrangements, AML framework, governance, outsourcing and any conditions attached to the authorisation. A share purchase agreement should also include appropriate conditions precedent for regulatory notification or non-objection, co-operation obligations and termination rights if the acquisition is not cleared.

A CASP licence obtained in Bulgaria can be passported into other EU member states under MiCA. This means that a Bulgarian-authorised CASP can provide its authorised crypto-asset services across the EU without applying for a separate licence in each host member state.

To benefit from the passport, the CASP must submit a cross-border notification to the FSC, identifying the member states where it intends to operate, the services it will provide, the intended start date and any other activities it carries out. The FSC then notifies the relevant host authorities, ESMA and EBA. The CASP can start providing services once it is informed that the notification has been communicated, or at the latest after the MiCA waiting period has expired.

The passport only covers the services for which the CASP is authorised. This is a useful point for applicants to consider at the licensing stage. A firm that wants to use Bulgaria as an EU entry point should ensure that its licence scope matches its wider EU business plan, rather than applying for a narrow licence and later discovering that its passport does not cover the services it wants to provide in other member states.

Passporting also does not eliminate every local-law issue. Host-country tax, consumer protection, advertising, AML implementation, data protection and civil-law rules may still affect how the service is offered. In addition, firms relying only on transitional arrangements are not in the same position as fully authorised CASPs and should not assume that they benefit from the MiCA passport before full authorisation is granted.

Regulated crypto-asset services may not be provided to clients in Bulgaria unless the provider is properly authorised under MiCA or is otherwise entitled to provide the service under the MiCA passporting regime. An EU-authorised CASP may service Bulgarian clients without obtaining a separate Bulgarian licence, but only after completing the required cross-border notification through its home regulator. The passport only covers the crypto-asset services included in the CASP’s authorisation, so a provider cannot use a narrow licence obtained in one member state to offer broader services in Bulgaria.

A non-EU provider cannot actively target Bulgarian or EU clients without considering MiCA authorisation. Reverse solicitation is permitted, but it is interpreted narrowly. It applies only where the client approaches the provider on the client’s own exclusive initiative. It should not be relied on where the provider uses Bulgarian or EU-focused advertising, local affiliates, influencer campaigns, targeted online marketing, client onboarding adapted to Bulgarian users, promotional events or educational materials that effectively direct clients to its services.

Where crypto-assets are offered to the public or admitted to trading in Bulgaria, MiCA White Paper and marketing rules may apply. Marketing communications must be fair, clear and not misleading, must be consistent with the White Paper, and generally cannot be disseminated before the relevant White Paper has been published. For ARTs and EMTs, the disclosure and approval requirements are stricter.

Bulgaria does not have a separate crypto-specific advertising code comparable to the UK financial promotion regime. However, marketing is still subject to MiCA, and the local consumer protection rules and general advertising standards. Firms should avoid exaggerated statements, unclear risk disclosures, “guaranteed return” language, or any suggestion that a product is risk-free simply because the provider is licensed.

White-label arrangements are possible in Bulgaria, but they must be structured carefully. An external firm cannot “borrow” the licence of an authorised CASP in order to provide regulated crypto-asset services to Bulgarian clients. The licensed CASP must remain the actual provider of the regulated service and must retain responsibility for MiCA compliance, client onboarding, AML controls, disclosures, custody, complaints handling and client protection.

The analysis depends on the real division of functions. If the external firm only provides technology, branding, marketing support or client introductions, the model may be viable. If it controls the client relationship, gives advice, receives orders, handles execution, provides custody, or presents itself as the regulated provider, it may need its own authorisation.

The arrangement should also be clear to clients. The client should understand which entity is licensed, which entity provides the service, who holds the assets and who is responsible for regulatory compliance. White-label models are therefore possible, but they should not be used to disguise unauthorised activity or to bypass MiCA licensing and passporting requirements.

DeFi is not prohibited in Bulgaria. However, there’s no special Bulgarian safe harbour for DeFi. The question depends on whether the activity is genuinely decentralised or whether an identifiable person or entity is providing regulated services to users. If a project has an operator, promoter, front-end provider, fee recipient or other party exercising control or influence, the activity may need to be assessed under MiCA, and AML rules.

CeFi firms may use DeFi infrastructure in connection with their products or services, but doing so does not remove their regulatory responsibilities. A licensed CASP or other regulated firm remains responsible for the service it offers to clients, even if part of the execution, liquidity provision or yield generation takes place through a decentralised protocol.

The main issues are client disclosure, custody and control of assets, smart contract risk, liquidity risk, governance of the protocol, conflicts of interest, AML screening and operational resilience. In practice, a CeFi firm using DeFi should be able to show that it has carried out due diligence on the protocol, understands the technical and legal risks, can monitor exposures, and has clearly disclosed to clients that the product involves DeFi-specific risks such as smart contract failure, oracle manipulation, liquidity loss, hacks or protocol governance changes.

Therefore, DeFi is permitted, but it is not treated as a regulatory blind spot. Where DeFi is used as part of a client-facing product, Bulgarian and EU regulators are likely to focus on the regulated entity that packages, promotes or controls the access to that product.

Bulgaria does not currently recognise DAOs as a separate legal form. DeFi projects that want a legal presence need to use ordinary legal structures, such as a limited liability company, a joint-stock company, or in some cases a foundation or association-style entity for community or ecosystem functions. A DAO may exist at the governance or smart contract level, but it does not by itself provide legal personality, limited liability, tax registration or regulatory accountability under Bulgarian law.

The structure will depend on the services performed by the DeFi project, as for example software development, IP ownership or regulated services.

There are no DeFi-specific capital requirements in Bulgaria. The ordinary capital rules for the chosen legal form apply unless the activity is regulated. If the DeFi structure involves CASP services or other regulated functions, then the relevant licensing, prudential, governance and substance requirements will apply. In that case, the capital requirement is driven by the regulated activity, not by the fact that the project uses DeFi technology.

Setting up a DeFi structure in Bulgaria requires a careful perimeter analysis before incorporation. The founders should identify who operates the front end, who controls the smart contracts and whether any part of the model involves custody, exchange, order execution or token issuance. These details determine whether the project can be structured as a technology or development business, or if it needs to be treated as a regulated financial or crypto-asset business.

Bulgaria does not yet have a developed body of case law or public enforcement practice specifically addressing liability for harm caused by DeFi protocols. There is also no separate statutory liability regime for DeFi. Accountability would be assessed under existing Bulgarian civil, commercial and consumer rules.

If a protocol is genuinely decentralised, with no operator, promoter or controlling party, enforcement may be difficult. If, however, there is a front-end operator, packaging access to the protocol, Bulgarian authorities and courts could focus on that person’s actual role.

Liability may arise where users are misled, risks are not properly disclosed and client assets are mishandled. A firm cannot avoid responsibility simply by saying that the underlying infrastructure is decentralised if the firm itself selects, promotes or manages the client-facing product.

There have not been notable Bulgarian DeFi-specific enforcement actions to date. The more likely near-term trend is that DeFi-related issues will be addressed through MiCA perimeter analysis, market abuse rules and general civil liability, rather than through a dedicated DeFi enforcement framework.

Payments in crypto-assets are not prohibited in Bulgaria, but crypto-assets are not considered a legal tender. They may be used as a means of payment where the parties agree to this, mainly in commercial or civil-law relationships. The transaction must still be properly valued, accounted for and taxed in euro or another fiat currency.

The position is different for employment remuneration. Under the Bulgarian Labour Code, base employment remuneration must be paid in money, so crypto-assets should not be used as a substitute for the employee’s ordinary salary. Yet, additional benefits or incentive arrangements involving crypto may be possible in limited cases, but they require careful labour, tax and social-security analysis.

A practical VAT point is that payment in crypto does not change the nature of the underlying transaction. If the underlying sale is taxable, for example a sale of goods or taxable services by a Bulgarian VAT-registered business, VAT should still be charged even if the customer pays in crypto-assets. The taxable amount should be converted into euro at the relevant time. By contrast, the exchange of crypto-assets for fiat currency, or fiat-for-crypto, is generally treated as a VAT-exempt financial transaction following the CJEU’s Hedqvist case. The distinction is important: crypto used as payment for goods or services does not automatically remove VAT, while crypto exchange activity may be exempt but can affect the right to deduct input VAT.

Tokenised assets and RWA crypto are not regulated more lightly simply because they are placed on blockchain. The regulatory treatment depends on what the token represents and what rights it gives to the holder. If the token represents a financial instrument, such as a share, bond or fund unit, the traditional financial-services framework will apply. If it represents another type of real-world asset or contractual right, MiCA may be applicable, but the legal rules governing the underlying asset will still need to be respected.

The practical consequence is that tokenisation usually adds a regulatory layer rather than replacing the existing one. For example, a token linked to real estate does not itself transfer ownership of the real estate unless the formal requirements under Bulgarian property law are met. A token linked to receivables will not automatically perfect an assignment or security interest unless the ordinary civil-law requirements are satisfied.

For RWA projects in Bulgaria, the issuer should identify the underlying asset, the rights attached to the token, how those rights are created and enforced, who holds the underlying asset, whether the token is transferable, whether investors receive economic exposure or actual ownership, and whether any regulated service is being provided around the token. The blockchain record can be useful for transparency and transferability, but it does not replace the legal mechanics needed to create, transfer or enforce rights in the underlying asset.