Over the past 12 months, Liechtenstein has further strengthened its position as an attractive EEA jurisdiction for fintechs and crypto-asset service providers.

Liechtenstein continues to benefit from its early adoption of a national blockchain regulation, the Token and Trusted Technology Service Provider Act (TVTG), which provides legal certainty for token-based business models and complements EU-level regulation (Markets in Crypto-Assets Regulation – MiCAR). Due to the experience with this first-mover piece of legislation, fintechs continue to be advantaged by the early regulatory experience of the local regulator, in particular with DLT/blockchain business models.

The entry into force of MiCAR and DORA has been the key driver of market development. These frameworks have increased legal clarity and encouraged institutional participation, while at the same time raising regulatory and operational standards. Despite high compliance requirements, Liechtenstein remains appealing to international fintechs seeking EEA passporting under a predictable and pragmatic supervisory environment, as it may also be used as a bridge to Switzerland due to its customs and monetary union.

The primary focus over the past year has shifted from regulatory assessment to practical implementation of MiCAR and DORA. Regulatory scrutiny in Liechtenstein has intensified, particularly with regard to AML/CFT compliance, governance structures and cybersecurity.

Smaller fintechs are increasingly required to adapt decentralised or innovation-driven business models to stricter organisational, reporting, digital operational resilience and risk management requirements. While this presents challenges, it also contributes to the ongoing professionalisation and institutionalisation of the fintech market in Liechtenstein. This has favoured the entrance of established players into the Liechtenstein market, in particular financial institutions with a focus on digital assets.

Looking ahead, the fintech market in Liechtenstein will be shaped primarily by:

• ongoing MiCAR operational compliance and supervisory expectations;
• enhanced AML and digital operational resilience requirements under DORA;
• rising compliance costs and potential market consolidation; and
• continued demand for specialised legal, compliance and IT expertise.

Artificial intelligence is increasingly being considered in Liechtenstein’s fintech sector, particularly for AML automation, transaction monitoring and customer onboarding. However, adoption remains cautious, as many fintechs are currently prioritising MiCAR and DORA compliance.

Once the regulatory framework has stabilised, broader use of AI in fintech products and services is expected to accelerate. From a legal perspective, key considerations will include the AI Act, data protection, model governance and regulatory accountability, all within the existing EU-aligned legal framework.

Liechtenstein’s fintech ecosystem is shaped by its role as an EEA financial centre with a strong focus on digital assets, infrastructure services and regulated financial intermediation (such as banks, asset management companies, insurance companies or crypto-asset exchanges). Further, Liechtenstein is well-known for its crypto-foundations, which are used both for DAOs as well as for asset protection.

Crypto-Assets and Tokenisation

The most prominent fintech business models in Liechtenstein remain crypto-asset services and token-based business models. This includes token issuances, trading platforms, custody solutions and wallet services. The TVTG has historically provided legal certainty for tokenised rights, while MiCAR now governs large parts of this sector from a regulatory perspective. New market entrants typically focus on crypto-native services, while legacy financial institutions increasingly integrate crypto custody, brokerage and tokenisation services into their existing offerings.

B2B Fintech

Another key fintech business model is B2B services supporting regulated institutions. This includes blockchain infrastructure providers, transaction processing, compliance tooling, and trusted technology service providers under the TVTG regime. These models are attractive to both start-ups and established players, as they align well with Liechtenstein’s institutional client base and allow scalability across the EEA via passporting.

Digital Banking and Regulated Financial Institutions

Liechtenstein has seen the emergence of digital-first banks and specialised financial institutions, including e-money institutions, payment service providers and digital asset-focused banks. Unlike consumer-focused neobanks in larger markets, these entities typically serve professional and high net worth clients, often with an international focus. Legacy banks have increasingly adopted fintech-driven solutions, particularly in areas such as digital onboarding, asset tokenisation and custody of crypto-assets.

Payments and E-Money Services

While less dominant than crypto and infrastructure, payment services and e-money models are present, primarily targeting niche or cross-border use cases. These businesses operate under EU-harmonised frameworks and are often integrated with broader fintech or platform-based offerings rather than operating as standalone consumer payment apps.

Regtech, Compliance and AML Solutions

Regulatory technology has become an increasingly relevant fintech business model, driven by heightened AML/CFT, MiCAR and DORA requirements. Fintechs offering identity verification and compliance automation play an important role, both as standalone providers and as embedded solutions within regulated institutions. This business model is particularly relevant for legacy players seeking to modernise compliance functions without rebuilding internal systems.

Liechtenstein’s regulatory regime for fintech and crypto-asset industry participants is characterised by the close integration of EU financial market law via the Agreement on the European Economic Area (EEA) and its supplementation by Liechtenstein-specific implementation.

For crypto-asset and tokenisation-related business models, the decisive regulatory distinction remains whether an activity concerns (i) financial instruments within the meaning of Markets in Financial Instruments Directive II (MiFID II), (ii) crypto-assets within the meaning of MiCAR (iii), or a crypto-asset not covered by MiCAR, but the national TVTG. This classification determines the applicable licensing requirements, ongoing obligations and supervisory oversight by the Financial Market Authority Liechtenstein (FMA).

Against this background, the following statutory regimes may apply, depending on the business model.

MiCAR

Although MiCAR was incorporated into the EEA Agreement on 24 June 2025, the Liechtenstein legislature already embedded the accompanying supervisory, administrative and procedural framework in the Act to Implement MiCAR (EWR-MiCA-Durchführungsgesetz), which entered into force on 1 February 2025.

MiCAR establishes a harmonised EEA-wide public-law regime for crypto-assets that do not qualify as, inter alia, financial instruments, and rests on three regulatory pillars.

Public offering and admission to trading of crypto-assets

MiCAR regulates the public offering and the admission to trading of crypto-assets through extensive transparency and disclosure obligations. Prior to the commencement of an offer to the public or the admission to trading, a crypto-asset white paper must be prepared, notified to the FMA and published, subject to certain exceptions set out in MiCAR. The white paper must remain publicly available for as long as the crypto-assets are held by the public.

If asset-referenced tokens (ARTs) are offered to the public or admitted to trading, the white paper is subject to prior filing with the competent authority. These rules apply in Liechtenstein strictly on the basis of the MiCAR text as incorporated into EEA law.

Crypto-asset services and CASP authorisation

MiCAR also governs the provision of crypto-asset services. Crypto-asset service providers (CASPs) must be authorised either under MiCAR itself pursuant to Article 62 MiCAR or, in the case of credit institutions, may provide MiCAR services under the simplified procedure pursuant to Article 60 MiCAR.

CASPs must have their registered office and place of effective management within the EEA and conduct at least part of their crypto-asset services business there. At least one member of the management body must be resident in the EEA. All CASPs are subject to general conduct-of-business obligations, including the duty to act honestly, fairly and professionally in the best interests of clients. In addition, service-specific requirements apply, for example in relation to custody, record-keeping and segregation of client assets.

Market abuse regime for crypto-assets

MiCAR introduces a market abuse regime tailored to crypto-asset markets. This includes obligations to disclose inside information, prohibitions of insider dealing and unlawful disclosure of inside information, and prohibitions of market manipulation. These provisions apply in Liechtenstein as part of directly applicable EEA law.

MiFID II and Securities Regulation

Where a tokenised asset qualifies as a financial instrument (such as shares, bonds or other transferable securities) the MiFID II regime and the prospectus regulation apply.

Under this regime, issuers and service providers may be subject to licensing requirements as investment firms or trading venues, prospectus obligations, organisational and conduct-of-business rules, and ongoing supervision by the FMA. The decisive criterion is the legal and economic substance of the tokenised asset, not its technological form.

Fund Regulation (UCITSG, AIFMG)

Entities pooling capital from multiple investors and investing it collectively in accordance with a defined investment policy, with the aim of generating returns for those investors, may be subject to the fund regulation. Alongside the alternative investment fund (AIF), as embedded in Liechtenstein law under the AIFMG and the undertakings for collective investment in transferable securities (UCITS) embedded in Liechtenstein law under the UCITSG, in certain rare cases the Liechtenstein-specific Investment Companies Act (IUG) may also be applicable.

Token and Trusted Technology Service Providers Act

The TVTG constitutes a distinctive feature of the Liechtenstein legal framework. While often colloquially referred to as the “Blockchain Act”, its primary contribution lies in the private law architecture for tokens rather than in public law supervision, which has been largely substituted by the MiCAR regime.

The TVTG establishes a comprehensive civil law framework for tokens, including the representation of claims, rights in rem and other legal positions, as well as rules on transfer, acquisition, collateralisation, segregation in insolvency and enforceability of custody arrangements via trusted technology systems.

As of November 2025, 29 entities were registered under the TVTG, primarily offering token custody and exchange services. Following the full applicability of MiCAR, TVTG-regulated services may, from 1 July 2026 onwards, only be provided in relation to crypto-assets outside MiCAR’s scope, such as NFTs or genuinely decentralised, operator-free protocols. Nevertheless, the TVTG remains practically relevant where MiCAR deliberately leaves civil law characterisation and effects to national law.

DLT Pilot Regime

The EU DLT Pilot Regime applies in Liechtenstein as part of EEA law. It allows for temporary exemptions from certain MiFID II and CSDR requirements for market infrastructures using distributed ledger technology to trade and settle tokenised financial instruments. The regime is limited to tokenised financial instruments and does not apply to crypto-assets governed by MiCAR.

Participants must be authorised and obtain specific approval from the FMA, which co-operates with the European Securities and Markets Authority (ESMA).

Banking, Payment Services and Digital Lending

Digital lending and payment-related business models are regulated under Liechtenstein national law, depending on their structure. Lending may constitute regulated banking business under the Liechtenstein Banking Act.

Payment services may require authorisation under the Payment Services Act. The regulatory classification depends on the economic substance of the activity rather than the use of distributed ledger technology.

Crowdfunding

Crowdfunding activities are regulated at EEA level under the European Crowdfunding Service Providers Regulation (ECSPR). Platforms operating from Liechtenstein must be authorised as European Crowdfunding Service Providers and are supervised by the FMA. Depending on the structure of the offering, additional regimes, such as securities law or fund regulation, may apply.

Decentralised Finance (DeFi) and Operator-Free Protocols

Decentralised finance is not expressly regulated under Liechtenstein or EEA law. However, where DeFi arrangements involve activities that fall within regulated categories, MiCAR, MiFID II and/or AML/CFT legislation may apply, depending on the degree of decentralisation and effective control.

Liechtenstein supervisory practice follows a substance-over-form approach. Genuinely operator-free protocols may fall outside existing licensing regimes, while centralised access points such as custody providers, brokers or fiat on/off-ramps are regularly subject to financial market and AML regulation.

In Liechtenstein, industry participants may apply various compensation models, including direct customer fees, commissions, spreads, bundled services, or remuneration linked to tokens or protocols, depending on the type of service and regulatory framework.

For investment services governed by MiFID II, all costs must be disclosed upfront in a transparent and fair manner, and any third-party incentives are only allowed if they improve the quality of the service and do not disadvantage clients. Payment service providers are required to clearly communicate all fees before entering into a contract and to make pricing information easily accessible. For crypto-asset services under MiCAR, service providers must fully disclose fees and pricing structures, including those related to custody, trading and staking, in both pre-contractual disclosures and relevant documentation.

As a general principle under Liechtenstein and EEA financial market law, fintech companies are subject to the same regulatory framework as legacy financial institutions where they carry out regulated activities. Regulation is therefore activity-based rather than technology-based (substance over form).

Liechtenstein does not operate a formal regulatory sandbox of the kind seen in some other jurisdictions. The Liechtenstein FMA has not established a statutory sandbox regime or “licence-light” framework specifically for fintechs under Liechtenstein law.

Instead, the FMA uses an innovation-friendly and guidance-oriented approach. It has set up an internal “Regulatory Laboratory” or fintech competence team to support and advise innovative companies, including those developing fintech and blockchain business models, on licensing requirements, applicable regulation and compliance pathways. This body provides early clarification on whether and how regulatory requirements apply, helping firms navigate the licensing process and understand their obligations without offering a separate sandbox testing environment.

Further, the EU DLT Pilot Regime is available in Liechtenstein.

The Liechtenstein FMA is responsible for the authorisation, ongoing supervision and enforcement of regulated financial services activities, including those carried out by fintech companies in Liechtenstein. The FMA’s jurisdiction covers, in particular, licensing requirements, prudential supervision, conduct of business rules, AML/CTF and DORA compliance insofar as these relate to financial market and services activities.

By contrast, industry participants that are duly licensed in another EU or EEA member state are, in principle, subject to the supervision of their home member state authority. Under the European passporting regime, the FMA’s role is generally limited to host state regulatory authority, while primary prudential supervision remains with the competent authority in the home member state.

The FMA does not issue formal “no-action” letters matching those known in certain common law jurisdictions.

However, the Liechtenstein FMA provides written regulatory assessment on licensing implications or the applicability of certain financial markets law.

Furthermore, in practice, the FMA maintains an open and pragmatic supervisory dialogue, particularly with fintech and blockchain-based business models. Market participants may seek informal guidance of a proposed activity. Accordingly, although formal no-action letters are not available, early engagement with the FMA is an established and effective substitute for this, to manage regulatory uncertainty.

As a general rule, most regulated functions may be outsourced, provided that the outsourcing does not impair the regulated entity’s ability to comply with its legal and supervisory obligations.

The regulated entity always remains fully responsible for the outsourced functions. The vendor is, therefore, subject to indirect regulatory requirements, in particular, with respect to reliability, expertise, data protection, confidentiality and operational resilience.

From a contractual perspective, certain minimum requirements are mandatory. Outsourcing agreements must typically include, inter alia:

• clear descriptions of the outsourced services;
• audit and access rights for the regulated entity and the FMA;
• data protection and confidentiality provisions;
• sub-outsourcing restrictions; and
• termination and exit arrangements.

There is no general obligation to outsource to a regulated service provider. However, if regulated services are outsourced it is mandatory to outsource to another regulated entity (eg, custody of crypto-assets may only be outsourced to another regulated CASP under MiCAR).

Therefore, it is preferable and may be mandatory that services are outsourced to regulated entities. 

To understand the law in relation to “gatekeepers”, it has to be noted that the Digital Markets Act (DMA) has not yet been implemented into EEA law and, therefore, not into Liechtenstein national law.

However, a fintech located in Liechtenstein which is considered a gatekeeper under the DMA may be subject to the obligations and prohibitions applicable to gatekeepers under the DMA, if it provides or offers core platform services to business users established in the EU or end users established or located in the EU. The gatekeeper regime of the DMA applies irrespective of the place of residence or establishment and irrespective of the law otherwise applicable to the provision of services.

In practice, fintech providers may also be subject to specific gatekeeper-type obligations under sectoral regulation, such as AML/CTF laws, the EU Digital Services Act (if they offer their services to EU clients), or crypto-asset regulation, depending on the business model. Accordingly, the extent of responsibility is highly fact-specific and must be assessed on a case-by-case basis.

The Liechtenstein FMA closely supervises the financial market to identify unauthorised activities. If it becomes aware of financial services being offered without the required authorisation, the FMA can take a range of enforcement actions. These include ordering the immediate cessation of the activity, imposing administrative sanctions, issuing public warnings, and, where necessary, involving criminal prosecution authorities. To enhance market transparency and investor protection, the FMA also maintains a publicly accessible warning list and invites the public to report suspicious or potentially unlawful financial service providers.

In Liechtenstein, fintechs (including crypto-asset service providers and robo-advisers) are subject not only to financial regulation but also to a broad set of non-financial services regulations. These include rules on cybersecurity obligations such as DORA and NIS2, data protection under the GDPR, as well as standards for marketing and software development. Together, these frameworks govern the use of personal data, the resilience of digital systems, the functioning of automated tools, and advertising practices.

Industry participants in Liechtenstein are typically subject to oversight by external auditors, IT security experts and industry associations (if available for the specific industry). Further, licensed firms are also required to undergo statutory audits and specific regulatory reviews.

Liechtenstein, in particular, has industry bodies for blockchain-related services, which promote best practices and can give guidance. 

In Liechtenstein, some industry participants do offer unregulated products or services alongside regulated ones, for example, DeFi-related services, educational services or software solutions, together with regulated products.

These offerings can be structured either within the same legal entity or through separate affiliated companies, depending on risk, liability and regulatory considerations. The FMA generally allows this practice as long as it is clear to customers which services are regulated and which are not, and which entity provides which services.

Anti-money laundering (AML) and sanctions regulations have a significant impact on both regulated and certain unregulated fintechs, reflecting the jurisdiction’s strong focus on financial integrity.

Regulated fintechs, such as crypto-asset service providers and payment institutions, are fully subject to the Due Diligence Act (DDA) and related ordinances, which implement EU-aligned AML/CFT and sanctions standards. These firms must carry out, inter alia, customer due diligence, transaction monitoring, sanctions screening and reporting of suspicious activities, often under close supervision by the FMA.

Unregulated fintechs may also fall within the scope of AML and sanctions rules if they perform activities covered by the DDA. As a result, AML compliance is a key regulatory focus in Liechtenstein across the fintech sector, regardless of licensing status.

Unregulated fintechs may further fall indirectly under AML and sanctions rules, if the fintech is structured as holding company, which has a Liechtenstein trustee as mandatory board member. Liechtenstein trustees are themselves subject to AML and sanctions rules and also have to follow these if they are part of the management of a fintech.

In Liechtenstein, AML and sanctions rules are closely aligned with the standards set by the FATF. The DDA and related ordinances implement the FATF’s recommendations into national law, covering customer due diligence, transaction monitoring, reporting of suspicious activities, and sanctions screening.

The FMA supervises compliance for regulated entities, including banks, payment institutions, e-money providers and crypto-asset service providers. Liechtenstein also applies FATF-aligned risk-based approaches, requiring both regulated and, in certain cases, unregulated fintechs to implement proportional measures based on the risk profile of their customers and services.       

Under Liechtenstein law, reverse solicitation is generally recognised, meaning that otherwise-regulated products or services may be provided from another jurisdiction without automatically triggering domestic licensing requirements, provided the initiative for the business comes from the client in Liechtenstein rather than the service provider.       

As Liechtenstein law is technology-neutral and principle-based (substance over form), all robo-advisers must comply with the regulatory framework applicable to their activities, including licensing, AML and investor-protection obligations.

The business model of a robo-adviser depends on the asset classes it serves.

• For security tokens, which are classified as financial instruments under MiFiD II, providers must comply with all investment service obligations, including suitability assessments, appropriateness tests and client disclosures. Clients must be informed of the degree of human involvement and the data sources used to generate advice.
• For crypto-assets, robo-advisers must implement MiCAR-specific suitability and risk management obligations, reflecting the higher risk and speculative nature of these assets. In addition, MiCAR includes specific rules that differ from those in MiFID II, which robo-advisers must carefully consider and implement.

In Liechtenstein, legacy players are increasingly adopting solutions pioneered by robo-advisers, particularly in automated portfolio management, digital client onboarding and algorithm-driven investment advice. Local robo-advisers, such as those offering automated wealth management or crypto-related investment services, have demonstrated the potential of digital, algorithm-based advisory models, which legacy players now integrate into their own offerings. Many established banks implement modular robo-advisory solutions rather than overhauling their entire business model, combining automation with human oversight to ensure regulatory compliance.

Regulated financial service providers using robo-advisers are required to ensure that client orders are executed in a manner that delivers the best possible outcome. This obligation covers multiple factors, including price, costs, speed, probability of execution and settlement, size and the characteristics of the transaction. These rules must also be implemented for robo-advisers.

However, for robo-advisers managing both traditional and digital assets, meeting best execution requirements presents particular challenges. Automated systems must be designed to continuously monitor execution quality, especially for less liquid instruments or highly volatile crypto-assets. Execution of crypto-assets can be complex, which requires clear policies on how prices are sourced and which trading venues are used, including unregulated platforms. Algorithms may also favour certain execution venues for efficiency, which could create potential conflicts of interest that must be identified and managed.

In Liechtenstein, there are clear regulatory distinctions between loans to individuals and loans to (small) businesses or other non-consumer borrowers.

• Loans to individuals (consumer loans) are subject to strict consumer protection rules, primarily under the Liechtenstein Civil Code, the Liechtenstein Consumer Protection Act and the Consumer Credit Act. These laws impose requirements for transparency, disclosure obligations, creditworthiness assessments and provide for specific withdrawal rights. Mortgage or real estate-related loans are additionally governed by the Mortgage and Real Estate Credit Act, which sets specific rules for loan conditions, repayment and borrower protection.
• Loans to (small) businesses and other commercial entities are generally treated as commercial loans. These are less heavily regulated, and many consumer-specific protections do not apply, allowing for greater contractual flexibility. Depending on the size of the lender and its portfolio, the Banking Act may impose obligations for the lender. This may include concentration limits and risk management requirements.

In Liechtenstein, underwriting processes depend on the underwriting entity, but are primarily guided by risk and creditworthiness assessment and regulatory requirements under the DDA and related financial market laws.

While the regulations set minimum standards, larger institutions often have internal guidelines for the underwriting process, which set additional standards.

Further, when it comes to consumer loans, these processes are also heavily shaped by consumer protection laws.

In Liechtenstein, fintech lenders can source fiat funds for loans through several channels, each carrying distinct legal and regulatory implications.

• Peer-to-peer (P2P) lending – funds are provided directly by individuals via digital platforms. Depending on the final structure, these platforms may require a licence and/or be considered credit brokerage under the Liechtenstein Banking Act or a financial intermediary, if the investment instruments offered to lenders qualify as securities.
• Lender-raised capital/institutional funding – funds can be raised by a fintech from investors by way of equity or debt financing. While this reduces regulatory complexity compared with public funding, the lender must still comply with securities regulation, AML/CFT obligations and ensure proper creditworthiness assessments.
• Taking deposits – accepting deposits from the public constitutes a regulated banking activity under the Liechtenstein Banking Act. Only licensed banks or authorised institutions may take deposits, subject to strict prudential, capital and reporting requirements. Non-bank fintech lenders generally cannot accept deposits without a banking licence.

Each funding source triggers different regulatory obligations, with deposit-taking being the most heavily regulated, while P2P and institutional funding require, in particular, robust AML compliance and investor protection measures. Fintech lenders must carefully structure their operations to align with the applicable legal framework.

Loan syndication can occur in Liechtenstein, though it commonly only takes place for larger commercial or institutional loans. Fintech companies in Liechtenstein are typically not involved in loan syndication of fiat loans. This is typically a business of legacy players.

Payment processors can either use existing payment rails or implement new systems, subject to regulatory compliance. Traditional payment infrastructure, such as SEPA or card networks, may be used by licensed payment institutions or e-money providers, ensuring secure, reliable and regulated transfers.

Fintechs may also develop proprietary payment solutions or alternative rails, for example blockchain-based or tokenised systems or application programming interface (API)-based transfer platforms. However, any new infrastructure that involves handling customer funds or executing payments typically requires licensing as a payment institution or e-money provider, adherence to AML/CFT obligations, and compliance with operational and cybersecurity standards (DORA).

In practice, innovation is possible, but the creation of new payment rails is carefully monitored by the FMA to ensure financial stability, consumer protection and regulatory alignment.

In Liechtenstein, cross-border payments and remittances are regulated under the Payment Services Act (PSA), which implements PSD2, and the DDA for AML/CFT compliance. Licensed payment service providers, including fintechs, must conduct customer due diligence (KYC), monitor transactions and report suspicious activity to the Financial Intelligence Unit (FIU).

A variety of marketplaces and trading platforms are permissible, each subject to different regulatory frameworks depending on the types of assets traded.

• Traditional securities trading platforms (MFT/OFT) – platforms facilitating the buying and selling of financial instruments such as shares or bonds fall under MiFID II rules. Operators must be licensed as investment firms and comply with requirements on client onboarding, best execution, transaction reporting and investor protection.
• Crypto-asset platforms/CASPs – platforms offering trading, custody or exchange services for crypto-assets are regulated under MiCAR, DORA and the DDA. They must obtain a licence as a CASP from the FMA, implement AML/CFT controls, DORA compliance, ensure secure custody and disclose fees and risks to clients.
• P2P or decentralised platforms – P2P platforms may operate without direct licensing if no custodied funds or exchange services are provided. However, once the platform facilitates transactions with held client funds or offers order-matching as a service, licensing as a CASP or financial intermediary may be required, depending on the assets involved.
• Commodity or tokenised asset platforms – platforms trading tokenised real-world assets or derivatives may fall under a combination of MiFID II, MiCAR and Liechtenstein TVTG, depending on whether the asset constitutes a financial instrument, a crypto-asset or a token. Licensing, reporting and investor disclosure obligations apply accordingly.

In practice, the scope of regulation depends on the assets traded and whether the platform handles client funds, with fintech operators needing to assess carefully which licences and compliance measures are required.

In Liechtenstein different asset classes are subject to distinct regulatory regimes, as Liechtenstein has a regime of substance-over-form.

• Security tokens – are assets classified as financial instruments under MiFID II and require compliance with securities and financial services regulation, including licensing, prospectus requirements and investor protection rules.
• Crypto-assets – are regulated under MiCAR and the DDA. CASPs must obtain an authorisation from the FMA, implement AML/CFT procedures, DORA, secure custody, and disclose all fees and risks.
• Tokenised real-world assets (RWAs) – fall under the TVTG, which provides a legal framework for issuing, transferring and holding tokenised representations of real-world assets, ensuring regulatory clarity for fintech platforms. Depending on the structure, they may also trigger MiFID II or MiCAR obligations, requiring licensing, reporting and investor protection measures.

• NFTs – are also regulated by the TVTG.

The rise of cryptocurrency exchanges, both centralised (CEXs) and decentralised (DEXs), has significantly influenced the regulatory landscape in Liechtenstein since the introduction of the TVTG in 2020.

• CEXs that hold or trade crypto-assets for clients are now required to license as CASPs under MiCAR and many were previously registered under the TVTG. They must implement AML/CFT procedures, DORA, secure custody, IT security and transparent disclosure of fees and risks.
• DEXs, operating P2P without holding client funds, are currently not regulated, though platforms that control funds or provide order-matching services may fall under CASP regulations.

Regulators now clearly distinguish between hosted, supervised platforms and purely decentralised protocols, ensuring compliance and investor protection.

In Liechtenstein, listing standards depend on the type of asset and the market.

• For security tokens or other financial instruments, listing must comply with MiFID II, the prospectus regulation and the Market Abuse Regulation.
• For crypto-assets, listing is governed by MiCAR and, where applicable, the TVTG (eg, tokenised real-world assets and NFTs). In particular, a white paper (MiCAR) or a basis information sheet (TVTG) may be required.

Beyond regulation, industry participants broadly agree on best practices for listing, including clear governance frameworks, transparent pricing, anti-fraud measures and adherence to AML/CFT rules, even if not strictly required by law. These voluntary standards help build investor confidence and market integrity.

Order handling rules apply in Liechtenstein for investment services involving financial instruments, including securities and security tokens. These rules are derived from MiFID II and related FMA guidance.

For crypto-assets, MiCAR does not impose identical order handling obligations, but CASPs must still ensure transparency, fairness and proper disclosure when executing client orders.

The rise of P2P trading platforms has significantly affected both traditional financial institutions and fintech players in Liechtenstein. For fintechs, P2P models provide opportunities to offer direct, decentralised trading without holding client funds, reducing operational costs and enabling innovative business models such as crypto-asset swaps or exchanges for tokenised assets. Traditional institutions, by contrast, face pressure to adapt digital offerings or partner with P2P platforms to remain competitive.

From a regulatory perspective, P2P platforms present several challenges. If the platform does not custody funds, licensing may not be required, but platforms facilitating payments, order matching or custody could trigger CASP or financial intermediary licensing under MiCAR and/or financial market laws. AML/CFT compliance, investor protection and transparency obligations remain key concerns, particularly given the decentralised and sometimes pseudonymous nature of transactions.

As of 28 March 2024, the EU implemented a general ban on payment for order flow (PFOF) through Article 39a of MiFIR, prohibiting investment firms from receiving any fee, commission or non-monetary benefit from third parties for directing client orders to specific execution venues.

In Liechtenstein, as an EEA member, these rules were expected to be transposed into national law through the EEA implementation process by 1 February 2026. Consequently, investment firms, including fintechs, will no longer be permitted to receive PFOF when executing orders for retail or opt-in professional clients.

In Liechtenstein, trading is governed by principles of market integrity and investor protection, primarily through MAR and MiFIR, as implemented in national law.

• MAR prohibits insider trading, market manipulation        and unlawful disclosure of inside information, and sets requirements for insider lists, disclosure of inside information, and reporting of suspicious transactions.
• MiFIR complements this framework by requiring pre- and post-trade transparency and transaction reporting, enabling the FMA to monitor markets effectively.

These rules apply to all investment services, including fintech platforms and robo-advisers handling securities or security tokens, ensuring fair, transparent and orderly trading, while extending similar principles to tokenised financial instruments under the TVTG and MiCAR where relevant.

Algorithmic trading exists where a computer system automatically determines key order parameters with little or no human intervention. High-frequency trading is a subset of algorithmic trading, characterised by very low latency and high order volumes, and is subject to enhanced regulatory requirements due to its systemic risk potential.

High-frequency trading and algorithmic trading in Liechtenstein are regulated as specific trading activities, not as technologies. The decisive factor is therefore not the use of algorithms, but the type of asset traded and the potential impact on market integrity.

• Where algorithms are used to trade traditional financial instruments such as shares, bonds or derivatives, MiFID II applies in full and imposes detailed organisational and supervisory obligations on investment firms engaging in algorithmic trading. Firms must in particular (i) implement robust systems and risk controls, (ii) notify their home regulator, as well as the competent authorities of the trading venues on which they operate, that they engage in algorithmic trading, and (iii) keep comprehensive records of their trading algorithms and make these available to regulators upon request. Crucially, trading systems must be designed in a way that prevents their use for market abuse or any conduct contrary to the Market Abuse Regulation or the rules of the relevant trading venue.
• By contrast, algorithmic trading in crypto-assets that do not qualify as financial instruments falls under MiCAR. MiCAR does not establish a specific high-frequency trading regime, focusing instead on the authorisation and organisational duties of CASPs and on general market abuse rules.

Across all asset classes, market manipulation is prohibited and trading algorithms are fully attributable to the firm deploying them.

From a Liechtenstein regulatory perspective, there is no separate licence or registration category called “market maker”. Acting in a principal capacity does not, by itself, trigger a market-maker registration requirement. Instead, regulatory obligations depend on the nature of the instruments traded and the role assumed in the market.

For financial instruments (such as shares, bonds or derivatives), trading on own account is a regulated investment service under MiFID II. As a general rule, firms engaging in proprietary trading on a professional basis must be authorised as investment firms, unless a specific exemption applies.

In crypto-asset markets, the position is different. Under the MiCAR, there is currently no regulated concept of a market maker comparable to MiFID II. Participants providing liquidity in a principal capacity are not required to be licensed or registered as market makers. Regulatory obligations focus instead on the authorisation and conduct of CASPs, particularly trading platform operators, who must ensure fair and orderly trading.

While regulations do not distinguish between funds and dealers engaged in high-frequency and algorithmic trading, different regulations are applicable to dealers (investment firms) and funds engaging in such activities, even if the strategies are similar.

• Dealers trading on own account are regulated under MiFID II and must be authorised as investment firms.
• Funds, in contrast, are regulated under AIFMD or UCITS, with supervision focused on the fund manager rather than the fund itself.

Similarities include adherence to market abuse rules, operational and model risk management, and expectations of robust algorithm governance. The key distinction lies in who trades and why: dealers trade as market participants; funds trade on behalf of investors.

In Liechtenstein, programmers who develop trading algorithms or electronic trading tools are generally not directly regulated. Regulatory obligations attach to the firms deploying the tools, not the individuals writing the code.

However, independent developers may become regulated if their services include execution, order routing or trading advice.

Simply supplying software without control over trading decisions remains unregulated, but the client firm of the programmer remains liable for regulatory compliance.

In the insurtech sector, underwriting processes increasingly rely on digital and automated tools, including:

• AI-driven risk assessment;
• real-time pricing engines;
• IoT and third-party data integration; and
• rule-based workflows mostly supplemented by human oversight.

Regulation does not prescribe specific methodologies, but imposes constraints on their use. Underwriting must comply, in particular, with consumer protection and transparency rules, data protection laws such as GDPR, and Liechtenstein-specific insurance regulations overseen by the FMA.

Different types of insurance are treated differently by both industry participants and regulators.

• Life insurance and annuities, as long-term contracts, rely on underwriting models based on mortality, longevity and health data, and are subject to stringent Solvency II and FMA requirements on capital, liability valuation and long-term risk management.
• Non-life insurance, such as property and casualty insurance, in contrast, involves shorter-term, event-driven risks and uses probabilistic and catastrophe models; regulatory focus is on reserving, claims management, and capital for volatility and catastrophic events.

While the overall regulatory framework, including the national Liechtenstein Insurance Contract Act, applies to all insurers, practices and requirements are tailored to the duration, nature and volatility of the underlying risks.

In Liechtenstein, regtech providers are generally not regulated solely for offering regulatory technology, such as compliance software, monitoring tools or reporting platforms. Regulation depends on the nature of the services they provide and whether they engage in activities that fall within the scope of financial services regulation.

If a regtech firm merely supplies software or analytics (SaaS) to banks, insurers or investment firms, it remains unregulated, but the client remains fully responsible for compliance.

However, if a regtech provider performs regulated services on behalf of clients, it may itself fall under MiFID II, MiCAR, PSD2 or other applicable regimes, and must be authorised accordingly.

Financial services firms typically enter into strict agreements with technology providers to ensure system performance, accuracy and reliability. These often cover service levels and uptime guarantees, data integrity and accuracy obligations, testing and change-management procedures, audit rights, liability and remediation clauses, and cybersecurity requirements. These provisions are partly industry custom, but also shaped by regulatory expectations (if applicable) under MiFID II, DORA and MiCAR, which require firms to maintain resilient, auditable and accurate systems, leading firms to flow these obligations down to their technology providers.

In Liechtenstein, traditional financial players such as banks, insurers and fund managers are exploring blockchain primarily to enhance efficiency, transparency and security, while fully aligning with financial market regulation, MiCAR and the TVTG. Key areas of focus include crypto-asset services under MiCAR and asset tokenisation, particularly of securities, funds and other real-world assets, taking advantage of the TVTG’s legal certainty for tokenised rights.

Implementation in Liechtenstein is typically gradual and pilot-driven to test interoperability and operational feasibility. Regulatory compliance is central: blockchain solutions must meet MiFID II, AML/CFT obligations, and MiCAR alignment, while leveraging Liechtenstein’s legal framework (such as the TVTG) to ensure that tokenised assets are recognised under civil and supervisory law.

Traditional players generally combine innovation with a cautious, compliance-first approach, using blockchain to improve operational processes without compromising legal or supervisory obligations. However, compared to other jurisdictions, traditional players in Liechtenstein were among the early adopters of modern technologies, in particular the blockchain technology.

Local regulators have taken a proactive and innovation‑oriented stance on blockchain, including the introduction of dedicated legislation and ongoing adaptations to align with evolving EU rules.

The centrepiece of Liechtenstein’s regulatory approach remains the TVTG, also known as the Blockchain Act. This law has been in force since 1 January 2020 and was designed to provide legal certainty for blockchain‑based services and the broader token economy by defining legal principles for tokens and regulating service providers. It requires these service providers to register with the FMA and meet minimum standards, including AML due diligence, client protection measures and reporting obligations.

Beyond the TVTG, Liechtenstein has also adapted its regulatory framework in response to the EU’s MiCAR. Liechtenstein implemented MiCAR domestically through the EEA MiCAR Implementation Act (EWR‑MiCA‑DG), effective from February 2025. CASPs conducting activities that fall within MiCAR’s scope must now hold a MiCAR authorisation. After the transitional period ending on 31 June 2026, MiCAR authorisation also becomes mandatory for service providers registered under the TVTG for these services. Regulators in Liechtenstein continue to signal support for blockchain innovation through dedicated innovation functions (such as the Office for Digital Innovation and the FMA Fintech Unit) and by engaging with market participants to refine rules in line with technological and market developments. While the TVTG provides a technology‑neutral, comprehensive baseline for token and trusted technology services, MiCAR brings Liechtenstein fully into the EEA’s harmonised crypto‑asset regime, creating legal clarity and facilitating passporting into EU markets.

In Liechtenstein, the regulatory treatment of blockchain assets depends on their legal nature and economic function, rather than the underlying technology (substance over form).

• Security token – blockchain assets are treated the same as traditional securities, if they embody rights the same or similar to those of traditional securities in their economic and legal substance, reflecting the principle of technological neutrality.
• Crypto-assets – MiCAR distinguishes three categories: (i) E-Money Tokens (EMTs), which are – eg, stablecoins pegged to a single fiat currency, (ii) ARTs, token backed by baskets of currencies, commodities, and (iii) other assets and other crypto-assets, including utility tokens and native blockchain tokens that are neither EMTs nor ARTs.
• NFTs – blockchain assets that fall outside MiCAR, such as NFTs, are regulated under the TVTG.

The legal treatment of blockchain assets depends on their function: security tokens remain subject to securities law, including MiFID II, prospectus regulation and licensing requirements for intermediaries; crypto-assets are strictly regulated under MiCAR, and NFTs by TVTG. In all cases, the classification of the token determines the applicable regulatory framework, while the fact that it is issued on a blockchain does not alter its legal or supervisory treatment.

In Liechtenstein, the regulation of issuers of blockchain assets and the initial sale of tokens depends on the legal nature and economic function of the blockchain asset, not the underlying blockchain technology, reflecting the principle of technological neutrality (substance over form).

• Security tokens are fully subject to securities law, including prospectus regulation, MiFID-based rules and licensing requirements for intermediaries.
• Under MiCAR, issuers of crypto-assets must be legal entities and prepare, notify and publish a comprehensive white paper before offering tokens publicly or seeking admission to trading, unless exemptions apply. The white paper must include detailed information about the issuer, the token’s characteristics, associated rights and obligations, underlying technology, and risks, and it must be submitted to the competent supervisory authority (in Liechtenstein, the FMA) and remain publicly accessible for as long as the token is held by investors. Issuers of ARTs or EMTs are subject to even stricter rules as regards the preparation of a white paper.
• Tokens outside MiCAR, such as NFTs, are regulated under the TVTG. Issuers must prepare a set of basic information, publish it publicly, and notify the FMA of the planned issuance, unless an exception applies (eg, if the aggregate issuance volume is below CHF5 million or the equivalent in another currency).

Liechtenstein’s framework provides a high degree of legal certainty for token issuers, but the tokenisation of real-world assets remains challenging due to the need to ensure civil law recognition of underlying rights, cross-border enforceability, accurate valuation, liquidity and investor protection. Issuers must carefully structure offerings to comply with MiCAR, securities law, e-money law, or TVTG, depending on the classification of the blockchain asset.

Blockchain asset trading platforms are regulated according to the type of assets traded.

• Platforms handling security tokens fall under MiFID II/MiFIR.
• Platforms trading crypto-assets (EMTs, ARTs and other crypto-assets) must be authorised as CASPs under MiCAR.
• Custody of assets outside the scope of MiCAR (eg, NFTs) may require a TVTG registration.
• Trading via intermediaries is subject to the same licensing and conduct rules, whereas P2P trading of non-security tokens is largely unregulated unless the platform provides execution or intermediary services.

In Liechtenstein, the TVTG introduced the regulated service category of the token lending company (Tokendarlehensunternehmen). Under the TVTG, a token lending company is a service provider who receives tokens under the condition that they can dispose of them at their own discretion or on the instructions of clients, but must retransfer tokens after a certain period of time.

As a result, certain forms of staking fall within the definition of token-lending company, where tokens are transferred or locked under the control of the service provider, combined with a contractual obligation to return equivalent tokens to the client. In such cases, staking is not treated as a purely technical service but as a regulated activity under the TVTG.

See 10.6 Staking.

The offering of cryptocurrency derivatives is regulated and generally falls under existing financial markets law, rather than MiCAR or the TVTG.

Where a derivative references a cryptocurrency (eg, futures, options, CFDs or swaps on bitcoin or ether), it is typically classified as a financial instrument under MiFID II. As a result, firms offering or brokering such products must be licensed as investment firms under MiFID II. Trading venues listing crypto-derivatives must be authorised (eg, as regulated markets or MTFs) and meet strict requirements on market integrity and risk controls.

Importantly, MiCAR does not apply to crypto-derivatives, as it expressly excludes crypto-assets that qualify as financial instruments. Accordingly, providers cannot rely on CASP authorisation to offer derivatives; a MiFID-based licence is required.

In Liechtenstein, DeFi is not regulated as a separate category, but is assessed under existing regulatory frameworks based on the functions performed and the degree of control exercised, in line with the principles of technological neutrality and substance over form. The absence of a traditional intermediary does not, by itself, remove an activity from regulatory oversight.

Where a DeFi arrangement involves security tokens, the relevant securities and financial markets laws apply. If a party designs, operates, controls or meaningfully influences a protocol that enables the trading of security tokens, this activity may qualify as operating a trading venue or providing investment services under MiFID II, triggering licensing, organisational and conduct requirements. The fact that trading occurs via smart contracts does not change this assessment.

For cryptocurrencies and other crypto-assets within MiCAR’s scope, regulatory obligations may arise if a party facilitates trading, custody, exchange or execution, even where these services are labelled as “decentralised”. Under MiCAR, entities that exercise control, governance rights or ongoing involvement in a protocol may be deemed CASPs and require authorisation. A purely decentralised protocol with no identifiable controlling party may fall outside direct supervision, but this is assessed very narrowly in practice.

Crucially, a party cannot avoid regulation simply by claiming there is no intermediary. If there is an identifiable developer, operator or service provider that sets parameters, upgrades the protocol, provides front-end access, markets the service or collects fees, regulators will generally consider that party to be performing a regulated activity.

Funds investing wholly or partly in blockchain assets are regulated under the existing collective investment framework, applying a technology-neutral approach. The applicable regime depends on the fund type, investor base and the legal nature of the underlying assets, not on the use of blockchain technology.

UCITS funds are subject to strict diversification, liquidity, and eligible asset rules, which in practice limit direct investment in most crypto-assets and typically result in only indirect exposure. Most crypto-focused strategies are therefore implemented through alternative investment funds (AIFs), which are regulated under AIFMD, with the AIFM bearing full responsibility for risk management, valuation, custody arrangements and investor protection.

Where blockchain assets qualify as securities, customary securities law applies. Where they fall within MiCAR, custody, trading and AML/CFT requirements must be met. The use of on-chain assets does not remove the need for appropriate regulated safeguarding structures.

The FMA confirmed that an AIFM does not require a MiCAR licence merely because a fund invests in crypto-assets within MiCAR’s scope and that UCITS management companies, AIFMs and licensed asset managers may provide certain crypto-asset services, such as portfolio management of crypto-assets on a discretionary, individual-client basis, under the exemptions provided in Article 60 MiCAR.

However, where portfolio management of a crypto-asset-investing AIF or structured product is delegated to an external asset manager, that delegate must hold a separate MiCAR authorisation, in line with the consistent practice of European supervisory authorities.

In Liechtenstein, virtual currencies and blockchain assets are related but regulated differently.

• Virtual currencies, like bitcoin, are generally outside securities law, though services such as trading or custody may require CASP authorisation under MiCAR and AML/CFT compliance.
• Blockchain assets cover a broader range, including security tokens, utility tokens and stablecoins, which may trigger MiCAR, securities or e-money rules depending on their function.

NFTs are generally not covered by MiCAR, but they fall under the Liechtenstein TVTG, meaning that platforms offering NFT services, such as custody, may qualify as token service providers and must register with the FMA.

The regulation focuses on the economic function of the NFT and the role of the platform, ensuring consumer protection, AML/CFT compliance and operational safeguards.       

In Liechtenstein, stablecoins are regulated under MiCAR. E-Money Tokens (EMTs) pegged to a single fiat currency may only be issued by banks or licensed e-money institutions, while ARTs backed by baskets of assets require MiCAR authorisation. Issuers must maintain full reserves, ensure redemption at par, implement robust risk management and operational safeguards, and submit a white paper to the FMA detailing stabilisation, custody and redemption mechanisms.

Overall, Liechtenstein applies a technology-neutral approach, focusing on investor protection and operational resilience.

Open banking is actively supported by regulation through the full implementation of PSD2 as part of the EEA framework. PSD2 obliges banks to grant licensed third-party providers access to customer accounts, enabling account information and payment initiation services with customer consent. Overall, PSD2 has been a key enabler of open banking in Liechtenstein, fostering innovation under a clear and technology-neutral regulatory framework.

Banks and technology providers address open-banking data privacy and security risks through compliance with PSD2 and GDPR, combined with robust technical and contractual safeguards. They use secure APIs, strong customer authentication and consent management. Clear contractual allocation of liability and privacy-by-design principles ensure that data sharing supports innovation without compromising customer protection. Regulatory oversight is shared between the FMA for PSD2 compliance and the Data Protection Authority for GDPR enforcement.

In Liechtenstein, fraud in the context of financial services and fintech is primarily defined under criminal law, complemented by financial market regulation and supervisory enforcement. Misleading disclosures, misuse of client assets and deceptive token offerings may trigger criminal liability as well as regulatory sanctions by the FMA. The use of new technology does not exempt actors from fraud rules, reflecting a substance-over-form approach.

The FMA is particularly focused on unauthorised financial and crypto-asset service providers, clone and impersonation scams and phishing attacks, including cases where fraudsters misuse the name or branding of licensed firms or the FMA itself.

A recurring theme is deception about regulatory authorisation, where fraudulent platforms falsely claim supervision or legitimacy to induce payments or asset transfers.

The FMA also highlights investment and crypto-related fraud, often linked to misleading online platforms and cross-border schemes. Overall, supervisory attention is concentrated on fraud that exploits trust in regulation, licensing and digital channels, with a strong emphasis on consumer warnings and prevention.

In Liechtenstein, a fintech service provider may be responsible for customer losses depending on the nature of the service, the applicable regulatory regime, and the cause of the loss. Liability arises under a combination of contract law, financial market regulation and tort law, with a strong focus on compliance obligations.

• Under PSD2, providers are typically required to reimburse customers for unauthorised payment transactions, except where the customer acted fraudulently or with gross negligence.
• Under MiCAR, custodians of crypto-assets are liable if a client incurs a loss that can be directly attributed to its actions or failures.