Blockchain & Crypto-Assets 2026 Comparisons

The Finnish Financial Supervisory Authority (FIN-FSA) is the primary regulatory and supervisory authority for blockchain and crypto-asset businesses in Finland. It grants and oversees CASP authorisations under MiCA, supervises payment institutions and EMIs, and enforces AML compliance. The FIN-FSA is known for its technology-neutral supervisory approach, making Finland one of the more accessible jurisdictions in the EU for fintech and crypto-asset businesses seeking regulatory engagement.

The Finnish Tax Administration is increasingly relevant following the introduction of mandatory reporting obligations requiring crypto-asset exchanges to submit detailed customer transaction data, and following the comprehensive updated guidance on crypto-asset taxation issued in December 2025.

Finland’s regulatory alignment with international standards is primarily achieved through EU-level implementation rather than direct bilateral engagement with international bodies. MiCA, DORA and the revised Transfer of Funds Regulation collectively reflect the FATF’s recommendations on virtual asset service providers, including the travel rule, customer due diligence and AML obligations. The FIN-FSA’s updated AML/CFT guidance of June 2025 explicitly incorporates CASPs within its scope, replacing the former national category of virtual currency providers, aligning Finnish supervisory practice with FATF standards. Finland participates in EU-level engagement with IOSCO and BIS through the European Banking Authority and European Securities and Markets Authority, which develop binding technical standards under MiCA.

Crypto-assets in Finland are classified primarily under MiCA, which defines them as digital representations of value or rights transferable and storable electronically using distributed ledger technology. MiCA recognises three categories:

• EMTs, referencing one official currency;
• ARTs, referencing other values or rights (or their combinations); and
• other crypto-assets, including utility tokens, governance tokens, bitcoin and ethereum.

EMTs and ARTs face more stringent requirements, reflecting their potential systemic significance. ESMA’s guidelines of December 2024 provide further criteria for determining when a crypto-asset qualifies as a financial instrument under MiFID II and therefore falls outside MiCA’s scope entirely. No crypto-assets have to date been classified as securities or financial instruments in Finland. For tax purposes, the Finnish Tax Administration treats crypto-assets as assets, with EMTs and ARTs treated similarly to conventional currency.

MiCA constitutes the principal regulatory framework governing crypto-asset issuance and services in Finland. It became fully applicable on 30 December 2024, and Finland’s grandfathering regime for previously registered VASPs expired on 30 June 2025. All operators must now hold CASP authorisation from FIN-FSA, of which five have been granted to date. Alongside MiCA, CASPs are subject to the AML Act, the revised Transfer of Funds Regulation extending the travel rule to all crypto-asset transfers regardless of value, and DORA’s operational resilience requirements applicable from January 2025.

Under MiCA, CASP authorisation from the FIN-FSA is required for:

• custody and administration of crypto-assets on behalf of clients;
• operation of a trading platform;
• exchange of crypto-assets for fiat currency or other crypto-assets;
• execution of client orders;
• placing of crypto-assets;
• reception and transmission of orders;
• provision of advice on crypto-assets;
• portfolio management; and
• transfer of crypto-assets.

EMT issuers must additionally hold either a credit institution licence or an EMI licence. Notably, entities wishing to offer crypto-assets other than ARTs or EMTs no longer require a separate authorisation for the issuance itself, representing a significant change from Finland’s formerly stringent national regime. Traditional financial institutions such as banks may also now incorporate crypto-asset services into their offerings, typically by notifying the FIN-FSA, and credit institutions may issue ARTs or EMTs under certain conditions.

No crypto-asset activities are explicitly prohibited in Finland beyond conducting regulated services without authorisation. MiCA does not draw a general retail versus professional distinction equivalent to MiFID II, though certain disclosure and marketing requirements are calibrated to protect retail investors, including mandatory white paper requirements and fair, clear and non-misleading communication standards. CASPs must handle customer complaints in all languages used for marketing communications across the EEA. Market manipulation, insider dealing and unlawful disclosure of inside information in relation to crypto-assets admitted to trading are prohibited under MiCA’s market abuse framework.

iXBRL white paper formatting requirements entered into application in December 2025, and mandatory reporting obligations requiring CASPs to submit detailed customer transaction data to the Finnish Tax Administration under DAC8 are now in force. The introduction of PSD3 and the Payment Services Regulation will significantly affect the interaction between payment services and crypto-asset services, and the EBA’s June 2025 no-action letter on the MiCA and PSD2 overlap remains a live compliance issue pending PSD3’s resolution. DeFi and DAOs remain outside MiCA’s scope and are expected to attract increasing regulatory attention. The EU AI Act, applying from August 2026, will add compliance complexity for AI-driven crypto-asset applications.

Where investors access crypto-asset exposure through a fund structure rather than directly, the regulatory analysis shifts materially. Collective investment schemes, including alternative investment funds investing in crypto-assets, are primarily regulated under the Alternative Investment Fund Managers Act (162/2014), which implements the AIFMD. An entity managing such a fund must obtain AIFM authorisation from the FIN-FSA, irrespective of the fund’s size or investment scope, unless assets under management fall below relevant thresholds permitting registration rather than full authorisation. Crypto-asset AIFM structures have been successfully authorised in Finland in practice, with at least two such operators now active in the market, demonstrating that this is a viable and established route for regulated crypto-asset fund management in the jurisdiction.

An AIFM managing a fund with crypto-asset exposure does not itself require CASP authorisation solely by reason of that exposure, provided it does not directly provide crypto-asset services to third parties. However, the fund’s custody arrangements for crypto-assets require careful structuring, as MiCA’s custody and safekeeping requirements will apply where assets are held through an authorised CASP acting as sub-custodian.

Beyond fund structures, traditional financial institutions such as banks may now incorporate crypto-asset services into their offerings under MiCA, typically by notifying the FIN-FSA rather than seeking full CASP authorisation. Credit institutions may additionally issue ARTs or EMTs under certain conditions, providing an alternative structural route for regulated entities seeking crypto-asset exposure.

From a prudential and conduct perspective, AIFMs with crypto-asset exposure must address the asset class within their risk management frameworks, valuation policies and investor disclosure documents. DORA’s operational resilience requirements apply to AIFMs as financial entities, adding a further layer of governance requirements where technology-driven crypto-asset strategies are employed. SFDR sustainability disclosure obligations may also apply depending on the fund’s investment strategy and marketing approach.

Finland has a viable crypto-asset issuance market operating under MiCA’s harmonised framework. The issuance of crypto-assets other than EMTs and ARTs requires the publication of a compliant white paper, which must be notified to the FIN-FSA prior to publication but does not require prior approval for most crypto-asset categories. The white paper must contain prescribed information including details of the issuer, the project, the rights attached to the crypto-asset, the underlying technology, and the environmental impact of the consensus mechanism used. iXBRL formatting requirements for white papers entered into application in December 2025.

The issuance of EMTs requires the issuer to hold either a credit institution licence or an EMI licence from the FIN-FSA. The issuance of ARTs requires specific authorisation from FIN-FSA under MiCA. Both EMT and ART issuers are subject to more stringent ongoing requirements including own funds requirements, reserve asset management obligations and redemption rights for holders.

MiCA’s passporting mechanism enables issuers authorised in Finland to offer crypto-assets across the EEA without requiring separate national approvals, making Finland an attractive base for EU-wide issuance. The successful launch of the Paxos USDG stablecoin through Paxos Issuance Europe Oy demonstrates the viability of Finland as a jurisdiction for significant crypto-asset issuance projects.

MiCA introduces a comprehensive market abuse framework specifically applicable to crypto-assets admitted to trading on a trading platform, representing a significant development from the pre-MiCA position where no equivalent framework existed for crypto-assets in Finland. The framework prohibits insider dealing, unlawful disclosure of inside information, and market manipulation in relation to crypto-assets.

Insider dealing occurs where a person possesses inside information relating to a crypto-asset and uses that information to acquire or dispose of that crypto-asset, or recommends or induces another person to do so. Inside information means information of a precise nature that has not been made public, relating directly or indirectly to a crypto-asset or its issuer, which if made public would be likely to have a significant effect on the price of that crypto-asset.

The MiCA market abuse framework differs from the EU Market Abuse Regulation applicable to traditional securities in several respects. It applies only to crypto-assets admitted to trading on MiCA-regulated trading platforms, meaning crypto-assets traded exclusively on decentralised exchanges or peer-to-peer fall outside its scope. The framework also addresses manipulation techniques specific to crypto-asset markets, including wash trading and layering on crypto trading platforms. The FIN-FSA is responsible for supervising and enforcing the market abuse framework in Finland.

FIN-FSA has demonstrated an increasingly active supervisory approach in the context of the MiCA transition. The expiry of the grandfathering period on 30 June 2025 meant that operators continuing to provide crypto-asset services without CASP authorisation became subject to enforcement action. FIN-FSA has powers to issue public warnings, impose administrative fines, suspend or withdraw authorisations and refer matters for criminal prosecution where warranted.

Finland’s regulatory culture has historically been characterised by proportionate and constructive supervision rather than aggressive enforcement, with the FIN-FSA typically engaging with firms to achieve compliance before resorting to formal sanctions. The authority openly shares legislative interpretations with market participants and regularly publishes regulations and guidelines, contributing to a transparent and predictable supervisory environment. This stands in contrast to certain neighbouring jurisdictions, including parts of the Baltic region, which have experienced regulatory volatility and active revocation of previously granted fintech registrations, authorisations and licences. However, the transition to the MiCA framework has elevated supervisory expectations, and the FIN-FSA’s updated AML/CFT guidance explicitly subjects CASPs to the full scope of Finnish AML supervision, increasing the risk of enforcement action for compliance failures in this area.

For cross-border breaches, MiCA’s passporting framework means that the FIN-FSA co-operates with home state regulators of EEA-passported CASPs operating in Finland, and with ESMA and EBA in cases involving potential breaches of directly applicable EU regulations. Third-country firms offering services into Finland without authorisation are subject to enforcement action by the FIN-FSA regardless of their location.

The FIN-FSA’s supervisory approach is not expected to change materially in the next 12 months, though increasing maturity of the MiCA framework and growing market activity are likely to result in more frequent supervisory engagement and potentially more visible enforcement actions as the regulator moves from transition management to active ongoing supervision.

The trigger for requiring a licence, registration or authorisation in Finland is the provision of regulated crypto-asset services as defined under MiCA, or the issuance of crypto-assets requiring a white paper or specific authorisation. Any entity providing CASP services – including custody, transfer, trading, exchange, execution, placing, reception and transmission of orders, advice or portfolio management in crypto-assets – requires CASP authorisation from the FIN-FSA. EMT issuers additionally require a credit institution licence or EMI licence. By contrast, blockchain technology used without crypto-assets, and the personal buying, holding or trading of crypto-assets on one’s own behalf, does not trigger any licensing, authorisation or registration requirement.

The principle of technology neutrality means that licensing requirements depend on the nature of the service provided rather than the technology or platform used to deliver it. Fully automated or algorithmic delivery of regulated services does not reduce or eliminate licensing requirements.

Territorial reach is determined primarily by where services are actively offered. A firm based outside Finland that actively targets Finnish consumers – for example, by using Finnish language in marketing materials or directing advertising specifically at Finnish consumers – is considered to be offering services in Finland and must hold valid authorisation or passporting arrangements. Finnish legislation does not require the owners or management of a licensed firm to reside in Finland or be Finnish tax residents, providing significant flexibility for international founders and management teams. However, at least one member of the board of directors must reside within the EEA under the Finnish Limited Liability Companies Act. As of 1 January 2026, all notifications and start-up filings to the Finnish Trade Register must be submitted electronically, as paper-based filings are no longer accepted for limited liability companies. MiCA authorisation obtained in Finland additionally enables CASPs to passport their services across the EEA without requiring separate national approvals in each member state, making Finland an effective base for EU-wide crypto-asset operations.

The grandfathering regime that previously allowed registered VASPs to continue operating during the MiCA transitional period expired on 30 June 2025. From that date, all operators are required to hold full CASP authorisation. No grandfathering provisions remain available, and firms operating without authorisation are subject to enforcement action by the FIN-FSA.

CASP authorisation is granted by the FIN-FSA following a formal application process. Applicants must demonstrate compliance with MiCA’s requirements across several areas, including the following:

• governance and organisational structure;
• fitness and propriety of management and qualifying shareholders;
• own funds and capital adequacy;
• custody and safekeeping arrangements for client assets;
• AML and CFT policies and procedures;
• ICT and operational resilience frameworks meeting DORA requirements; and
• complaints-handling procedures covering all languages used in marketing across the EEA.

In terms of application content, the FIN-FSA requires detailed documentation covering at minimum:

• the applicant’s corporate structure and ownership;
• the planned business operations and specific services to be provided;
• the fitness and propriety of shareholders, management and board members;
• functional and technical specifications of the services;
• client asset protection arrangements and internal procedures;
• marketing measures;
• operational and business risks;
• IT and technical aspects of the services; and
• AML/KYC frameworks and related risk management policies.

Capital requirements under MiCA vary by service type. The minimum own funds requirement is:

• EUR50,000 for CASPs providing advice, portfolio management, reception and transmission of orders, execution of orders or placing of crypto-assets;
• EUR125,000 for custody and administration, exchange for funds and exchange for other crypto-assets; and
• EUR150,000 for operation of a trading platform.

EMT issuers must hold initial capital of the higher of EUR350,000 or 2% of average reserve assets, and ART issuers must maintain own funds of at least the highest of EUR350,000, 2% of average reserve assets or a quarter of fixed overheads of the preceding year.

Applicants must have a registered office in Finland and conduct at least part of their crypto-asset services from that establishment. From a substance perspective, applicants must demonstrate genuine operational presence and governance in Finland rather than a purely administrative establishment. Key personnel responsible for management and control must meet fitness and propriety requirements, and the firm must maintain adequate internal controls, risk management frameworks and compliance functions proportionate to the nature and scale of its activities.

The FIN-FSA is known for its constructive engagement with applicants throughout the process, openly sharing legislative interpretations and providing accessible guidance on regulatory requirements. Finland’s transparent and predictable regulatory culture typically ensures a relatively smooth authorisation process compared to many other EU jurisdictions.

All change of control situations involving a Finnish-authorised CASP or EMI must be notified to the FIN-FSA in advance, allowing it to assess the proposed new owners before the transaction completes. The FIN-FSA has the power to prohibit a proposed acquisition where it could jeopardise the sound and prudent management of the target entity, based on justified grounds to suspect any of the following:

• the reputation or financial position of the acquiring entity;
• the reliability or suitability of the target’s management or compliance with other licensing requirements as a result of the acquisition;
• the solvency, supervision or conditions for information exchange with authorities; or
• the involvement of the acquisition in money laundering or terrorist financing.

Owners and qualifying shareholders of CASPs must always be of sufficiently good repute and must not have been convicted of offences related to money laundering, terrorist financing or other matters affecting their good repute. These requirements apply on an ongoing basis and are not limited to the initial authorisation.

There are no foreign exchange or currency control restrictions in Finland that would impede foreign ownership of CASPs or EMIs, and Finnish legislation does not require owners or senior management to be Finnish residents or tax residents. However, at least one member of the board of directors must reside within the EEA under the Finnish Limited Liability Companies Act.

MiCA’s passporting framework enables authorised Finnish CASPs to offer their services across the entire EEA without requiring separate national authorisations in each member state. This represents one of the most significant commercial advantages of obtaining CASP authorisation in Finland, substantially reducing legal barriers to cross-border expansion and positioning Finland as a competitive jurisdiction for regulated crypto-asset activity at EU scale.

To benefit from passporting, an authorised Finnish CASP must notify the FIN-FSA of its intention to provide services in another EEA member state, specifying the services to be offered and the member states concerned. The FIN-FSA then notifies the relevant host state competent authority. The CASP may commence providing services in the host state following completion of the notification procedure, without requiring additional local authorisation.

CASPs passporting into Finland from other EEA member states may offer their services without a separate Finnish licence, provided they adhere to both their home state regulatory requirements and applicable Finnish rules. Passporting firms also have the option to notify and establish a branch in Finland. Where a passporting firm actively targets the Finnish market – for example, by using Finnish or Swedish in marketing materials or specifically directing advertising at Finnish consumers – it must have valid passporting arrangements in place. Under MiCA, CASPs are required to handle customer complaints in all languages used for their marketing communications across the EEA, which is a broader obligation than a purely local language requirement. Finland’s well-established regulatory framework and the FIN-FSA’s co-operative approach to cross-border supervision make it a straightforward jurisdiction for passported firms to operate in.

Finnish fintech companies may not provide regulated crypto-asset services in other EEA jurisdictions without valid passporting arrangements in place. Conversely, firms from other EEA member states may offer services into Finland under MiCA’s passporting framework without requiring a separate Finnish licence, provided they have completed the requisite notification procedure with their home state competent authority.

The language used in marketing materials is a key indicator of the intended target market. The use of Finnish, Swedish or English in marketing materials is generally acceptable within Finland. The use of other languages may be interpreted as targeting markets outside Finland and would require valid passporting arrangements to be in place in the relevant jurisdictions. Advertising specifically directed at Finnish consumers is similarly treated as actively targeting the Finnish market regardless of the language used.

Marketing of crypto-asset services in Finland is subject to regulation at both national and EU level. The FIN-FSA has issued guidelines governing the marketing of financial services and products, requiring that marketing is clear, fair and not misleading. CASPs are strictly required to handle customer complaints in all languages used for their marketing communications across the EEA. The Consumer Protection Act and the Act on Unfair Business Practices additionally prohibit misleading communications and require clear disclosure of whether compiled information constitutes marketing and on whose behalf it is conducted. Platforms providing only free comparisons of financial products or general information about them are generally not subject to a separate licence requirement, though they remain subject to these consumer protection obligations.

Reverse solicitation is recognised under MiCA as a basis on which third-country firms may provide services to EEA clients without authorisation, where the service is provided exclusively at the client’s own initiative. However, MiCA’s reverse solicitation exemption is interpreted narrowly, and firms may not rely on it as a basis for general marketing or active outreach to Finnish clients.

White-label arrangements, under which an unlicensed firm uses the licence of an authorised CASP to provide services to end clients, are not explicitly regulated under MiCA or Finnish law. Unlike MiFID II, which provides a formal tied agent and appointed representative regime for investment services, MiCA does not include an equivalent framework for crypto-asset services, meaning third-party distribution arrangements must be constructed within the general CASP authorisation and outsourcing requirements under MiCA and DORA.

The authorised CASP retains full regulatory responsibility for services provided under its licence, and the FIN-FSA will look through arrangements that appear designed to circumvent authorisation requirements. Outsourced functions must remain subject to the authorised CASP’s oversight and control. White-label arrangements are therefore permissible in principle but require careful legal structuring to ensure the authorised entity maintains genuine control over the regulated activities conducted and that the arrangement does not amount to unauthorised service provision by the white-label partner.

DeFi is not prohibited in Finland, but its regulatory treatment depends critically on the degree of decentralisation of the protocol or application in question. MiCA does not regulate genuinely and completely decentralised applications where no identifiable central operator exists. However, where a DeFi application or protocol is only nominally decentralised and an identifiable centralised entity operates or controls it, that entity is very likely to be classified as a CASP under MiCA and subject to the full authorisation and compliance framework. The boundary between genuine and nominal decentralisation remains an evolving area without definitive regulatory guidance in Finland or at EU level.

Firms authorised as CASPs in Finland may in principle utilise DeFi protocols in connection with their services, but must do so consistently with their regulatory obligations under MiCA and DORA. Key concerns include ensuring that the use of DeFi protocols does not undermine client asset segregation and custody requirements, that ICT and operational resilience standards are maintained, and that AML and travel rule obligations are satisfied in respect of transactions conducted through DeFi infrastructure. The interaction between DeFi’s permissionless and pseudonymous characteristics and AML-compliance requirements presents particular challenges that require careful case-by-case analysis.

There is no specific corporate or legal structure in Finland designated for DeFi operations. Operators of DeFi protocols that fall within the scope of MiCA, by reason of having an identifiable central operator, would typically establish a Finnish limited liability company and seek CASP authorisation from the FIN-FSA. At least one member of the board of directors must reside within the EEA under the Finnish Limited Liability Companies Act. DAOs do not have a recognised legal form under Finnish law and therefore cannot themselves be authorised or hold licences. Where a DAO operates a DeFi protocol with Finnish nexus, legal liability and regulatory obligations would typically attach to the identifiable individuals or entities behind the protocol rather than the DAO itself.

Genuinely decentralised protocols without an identifiable operator fall outside the current regulatory framework entirely, though this position is expected to evolve as DeFi attracts increasing regulatory attention at EU level in the coming period.

Finnish courts and regulators have not yet issued significant guidance or enforcement decisions specifically addressing liability and accountability in DeFi contexts. The general principle under Finnish law is that regulatory obligations and civil liability attach to identifiable legal or natural persons, meaning that the pseudonymous or anonymous character of DeFi participants creates practical challenges for enforcement. Where an identifiable operator exists behind a nominally decentralised protocol, the FIN-FSA would treat that operator as a CASP and apply the full MiCA enforcement framework accordingly. In the absence of an identifiable operator, enforcement action is practically difficult under current frameworks. This remains a developing area both in Finland and across the EU, and dedicated regulatory guidance on DeFi liability is anticipated as part of broader EU regulatory developments in this space.

Payments in crypto-assets are permitted in Finland but are not recognised as legal tender. Finnish law does not restrict parties from agreeing contractually to settle obligations in crypto-assets, and various payment service providers offer crypto-asset payment services. In practice, however, the use of crypto-assets for routine payments has been limited by the tax implications involved, as every transaction using crypto-assets as a means of payment may constitute a taxable realisation event. This has deterred widespread adoption for smaller everyday transactions, though crypto-assets have seen greater traction in large-scale financial transactions and funding rounds where the benefits may outweigh the tax consequences.

The regulatory treatment of crypto-asset payments depends on the nature of the asset and service involved. Where payments are made using EMTs, the dual legal character of EMTs under MiCA as both crypto-assets and electronic money means that custody and transfer services involving EMTs constitute payment services requiring authorisation under both MiCA and PSD2, as clarified by the EBA’s June 2025 no-action letter. Exchange services involving EMTs, by contrast, fall solely within MiCA’s scope. This distinction has significant practical implications for CASPs providing EMT-related services, who must either obtain a PSD2 licence in addition to their MiCA CASP authorisation or structure their operations in co-operation with a PSD2-licensed payment service provider.

The anticipated introduction of PSD3 and the Payment Services Regulation will represent a significant shift in the broader payments regulatory landscape and is expected to provide a more definitive resolution to the interaction between payment services regulation and crypto-asset services. Greater integration of EMTs into payment systems more broadly is also expected to increase the use of crypto-assets for payments in Finland over time.

Finland has not enacted a standalone statute specifically governing the tokenisation of real-world assets. In line with the principle of technology neutrality reflected in Finnish and EU financial regulation, the regulatory treatment of tokenised assets is determined by the nature of the underlying asset and the rights represented by the token rather than the technical method of issuance.

Where a token represents rights equivalent to a transferable security or financial instrument under MiFID II, it will be regulated as such irrespective of its blockchain-based form. ESMA’s guidelines of December 2024 on the conditions and criteria for qualifying crypto-assets as financial instruments provide further clarity on this assessment, emphasising that the same activities, same risks, same rules principle and technology neutrality apply, meaning MiFID II financial instrument categories extend to blockchain-based equivalents. To date, there have been no instances of crypto-assets being classified as securities or financial instruments in Finland, which reflects prevailing market characteristics rather than excluding such classification in principle.

Where tokenised structures fall within MiCA’s scope – for example, as ARTs referencing real-world assets such as commodities or baskets of assets – the applicable MiCA issuance and service-provider framework applies, including the relevant authorisation and disclosure requirements for those categories.

At EU level, the DLT Pilot Regime under Regulation (EU) 2022/858 provides a specific framework for market infrastructures trading and settling tokenised financial instruments, allowing certain DLT-based trading and settlement models under time-limited permissions and exemptions. Finnish entities may participate in this regime and at least one Finnish entity has done so to date.

Several legal questions around tokenisation may require case-by-case analysis under existing Finnish law, including the mechanics of transfer, interaction with property law concepts and insolvency treatment. Increasing market activity is expected to drive demand for further regulatory clarity at both national and EU level.