The regulatory framework aims to:

• establish a secure regulatory environment for the development of new technologies;
• protect clients and investors in crypto-assets;
• ensure a stable and transparent market;
• promote the sustainable development of the crypto-asset market under effective supervision;
• harmonise applicable requirements and prevent regulatory arbitrage.

The Financial Supervision Commission (FSC) is the national competent authority within the meaning of Article 93 of MiCA. The FSC carry out authorisation, ongoing supervision and ex post supervision of crypto-asset service providers and crypto-asset issuers in accordance with MiCA and the Markets in Crypto-Assets Act.

The FSC is the main regulatory and supervisory authority under MiCA. The Bulgarian National Bank (BNB) is the competent authority with regard to e-money tokens and crypto-asset service providers that are entities supervised by the BNB.

The crypto-asset services are defined in Article 3(1), points 16 – 26 of MiCA.
The provision of any of these services is permitted only after obtaining an authorisation from the competent authority, except in cases explicitly provided for in MiCA.

Specific features of certain crypto-asset services:

3.1. Providing custody and administration of crypto-assets on behalf of clients

This service means the safekeeping or controlling, on behalf of clients, of crypto-assets or the means of access to such crypto-assets, where applicable in the form of private cryptographic keys.

The activity is considered custody and administration regardless of whether:

• the provider has full or limited control over the crypto-assets;
• the provider holds the private key in full or has limited rights related to its recovery.

3.2. Providing advice on crypto-assets

Advice or consulting on crypto-assets is deemed to be provided where:

• personalised recommendations are given to a client, either at the client’s initiative or at the initiative of the crypto-asset service provider;
• the recommendations relate to a transaction involving specific crypto-assets;
• the advice is tailored to the profile or objectives of a specific client.

General information, educational content or marketing materials do not constitute advice; however, the provision of personalised recommendations concerning specific crypto-assets is subject to authorisation.

Guidelines on the responsible promotion of financial products and services on social media (so-called “finfluencers”) have been published and are available at:
https://www.fsc.bg/esma-i-kfn-s-nasoki-za-otgovorni-finansovi-influensari/

3.3. Providing portfolio management on crypto-assets refers to safekeeping or controlling/managing a set of crypto-assets on behalf of clients with the aim of increasing the value of the portfolio through professional actions based on a pre-agreed strategy, without guaranteeing returns to the client.

• The management of a crypto-asset portfolio differs from the custody and administration of crypto-assets due to the different objectives of the two services. Portfolio management’ aims to achieve an increase in the overall value of the crypto-assets in the client’s portfolio, without such increase being guaranteed. In contrast, the custody and administration of crypto-assets aims to ensure the secure safekeeping of and access to the client’s crypto-assets, without any relation to their profitability.
• The management of a crypto-asset portfolio differs from the provision of advice on crypto-assets in terms of the effects of the two services. In portfolio management, the provider uses their professional knowledge and resources and independently undertakes actions within parameters agreed with the client in order to achieve an increase in the value of the portfolio, whereas in the provision of advice on crypto-assets, the provider merely issues a recommendation, and the client decides whether to follow that recommendation.

3.4. Exchange of crypto-assets for funds and exchange of crypto-assets for other crypto-assets

Authorisation is required for each of the following services:

• exchange of crypto-assets for fiat funds (crypto-to-fiat);
• exchange of crypto-assets for other crypto-assets (crypto-to-crypto).

Authorisation is required irrespective of how the provider acquires the assets used to carry out the exchange (whether by purchasing and delivering the assets from a liquidity provider or by holding them in advance in its own portfolio).

*        The exchange of crypto-assets for funds or for other crypto-assets differs from the reception and transmission of orders. In the case of an exchange, the provider acts on their own account, with the exchange carried out at a pre-announced price or according to a pre-announced pricing method, whereas in the reception and transmission of orders the provider transfers the result of the order that is executed at market prices, for which they receive a commission.

3.5. Operation of a trading platform for crypto-assets means operating one or more systems that bring together multiple third-party buying and selling interests in crypto-assets, in accordance with the platform’s rules, resulting in contracts and exchanges of crypto-assets for funds or other crypto-assets.

Authorisation is required irrespective of the technological model used.

*        The operation of a crypto-asset trading platform differs from the exchange of crypto-assets for funds or for other crypto-assets in that, in the case of a trading platform, the exchange results from the functioning of the platform. The parties involved in these transactions on the platform are the clients using the platform, not the provider that operates it.

3.6. Execution of orders for crypto-assets

This service includes the conclusion, on behalf of clients, of contracts to buy or sell one or more crypto-assets, or the subscription of crypto-assets during a public offer or admission to trading.

3.7. Placement of crypto-assets means marketing and offering crypto-assets to potential purchasers on behalf of or for the account of the offeror (the issuer or another related party).

3.8. Reception and transmission of orders on behalf of clients

The provider receives an order from a client to buy or sell crypto-assets or to subscribe for crypto-assets and transmits it to a third party for execution. The third party (exchange/platform/other provider) acts as the liquidity provider.

• The difference between the services of placing crypto-assets and the reception and transmission of orders is that, in placing, the provider acts on behalf and on the account of the offeror (the issuer of the crypto-asset/token or another person), with the provider’s objective being the active sale and marketing of new assets to investors. In the case of reception and transmission of orders on behalf of the client, the provider serves the client/investor by receiving the order from the latter and forwarding it for execution by another provider.

3.9. Transfer services for crypto-assets on behalf of clients is the service of “moving”/transferring crypto-assets from one blockchain address/wallet or account to another, carried out on the client’s order. The provision of this service is not necessarily linked to a purchase or sale (trading), but rather constitutes the technical transfer of the assets, which distinguishes it from the above-mentioned crypto-asset services.

Important clarification:

Any person providing one or more of the above services on a professional basis must obtain authorisation as a crypto-asset service provider under MiCA, unless explicitly exempted.

Where multiple services are combined, the authorisation will cover all activities, and the relevant capital, organisational and supervisory requirements will apply to each service.

The types of authorisations for crypto-asset service providers under MiCA are categorised into three classes, depending on the scope of services provided.

• Class 1 includes providers offering one or more of the following services:
  execution of orders on behalf of clients; placement of crypto-assets; provision of transfer services for crypto-assets on behalf of clients; reception and transmission of orders related to crypto-assets on behalf of clients; provision of advice on crypto-assets; portfolio management of crypto-assets.
• Class 2 includes providers offering one or more of the following services:
  custody and administration of crypto-assets on behalf of clients; exchange of crypto-assets for funds; exchange of crypto-assets for other crypto-assets.
• Class 3 includes providers offering the service of operating a crypto-asset trading platform.

The application for authorisation shall be submitted to the Financial Supervision Commission (FSC):

• via the Unified Information System (EIS);
• electronically by email to: delovodstvo@fsc.bg;
• in person at the FSC’s premises.

Registration in the FSC’s Unified Information System enables applicants to track the progress of the authorisation procedure.

Documents submitted electronically must be signed with a qualified electronic signature.

All documents must be submitted in Bulgarian. Declarations signed by foreign nationals must be submitted in bilingual form.

Application templates are established in two separate implementing regulations, depending on the category of applicant.

• Applicants under Article 59(1)(a) of MiCA are all companies that are not regulated entities, including those companies that are virtual asset service providers (VASPs) registered in the register under § 5(3) of the Transitional and Final Provisions of the Markets in Crypto-Assets Act. Implementing Regulation (EU) 2025/306 applies to these applicants, with the application form annexed thereto:
  https://eur-lex.europa.eu/legal-content/BG/TXT/?uri=CELEX:32025R0306

The information that must accompany the application submitted by these persons is set out in Delegated Regulation (EU) 2025/305:
https://eur-lex.europa.eu/legal-content/BG/TXT/?uri=OJ:L_202500305

• Applicants under Article 59(1)(b) of MiCA are the following regulated entities:
  credit institutions, central securities depositories, investment firms, market operators, electronic money institutions, management companies and alternative investment funds managers.

Implementing Regulation (EU) 2025/304 applies to these applicants, with the application form is annexed thereto:
https://eur-lex.europa.eu/legal-content/BG/TXT/?uri=CELEX:32025R0304

The information that must accompany the application submitted by these entities is set out in Delegated Regulation (EU) 2025/303:
https://eur-lex.europa.eu/legal-content/BG/TXT/?uri=OJ:L_202500303

All applicants must take into account the additional requirements laid down in the applicable delegated regulations, which define the minimum mandatory content of the documentation (for example, Delegated Regulation (EU) 2025/1141 on rules for the management of conflicts of interest, Delegated Regulation (EU) 2025/1140 on record-keeping requirements, and others).

Detailed information on the acts implementing MiCA is available in the register maintained by the European Commission, accessible at:
https://webgate.ec.europa.eu/regdel/#/delegatedActs?lang=en
(use the filter “basic legislative act”),
or at:
https://finance.ec.europa.eu/regulation-and-supervision/financial-services-legislation/implementing-and-delegated-acts/markets-crypto-assets-regulation_en

Applicants must also take into account the requirements of Regulation (EU) 2022/2554 and its implementing acts with regard to rules, policies and procedures on digital operational resilience and ICT risk management.

A number of guidelines and other documents issued by the European supervisory authorities are also applicable in the authorisation procedure, for example:

• the Joint Guidelines of the European Banking Authority (EBA) and the European Securities and Markets Authority (ESMA) on the assessment of the suitability of members of the management body of asset-referenced token issuers and crypto-asset service providers;
• the Supervisory Briefing on the Authorisation of CASPs under MiCA (ESMA75-453128700-1263);
• and other applicable guidelines and other documents issued by the European Securities and Markets Authority.

A consolidated table summarising the MiCA Level 2 and Level 3 acts is published on the website of the European Securities and Markets Authority, available at:
https://www.esma.europa.eu/sites/default/files/2025-07/ESMA75-113276571-1510_MiCA_Level_2_and_3_table.pdf

The FSC assesses the three-year business plan in detail with particular regard to:

• the realism of the business model and the planned services;
• a detailed description of the types of crypto-assets to be covered by the services;
• the compatibility of other planned activities unrelated to crypto-assets;
• information on all websites, platforms, applications and similar tools operated by the applicant, including the languages used for marketing activities;
• the financial resilience of the company, the origin of funds and the geographical location of revenue sources;
• target clients, including profile, number and projections;
• detailed information on external service providers and related agreements (existing and planned);
• the ability to effectively manage risks and internal control.

The assessment is based on the applicant’s actual state. The mere declaration of intentions is not sufficient. The company must possess the necessary resources to commence operations within the initially planned scale upon obtaining authorisation.

Yes. Crypto-asset service providers must have their registered office in Bulgaria and must carry out part of their crypto-asset-related activities and services within the country.

Local presence must include:

• at least one executive officer residing in Bulgaria and fully dedicated to the activities of the crypto-asset service provider;
• part of the staff having their actual place of work in Bulgaria;
• part of the provider’s clients being Bulgarian natural or legal persons.

It is permissible for:

• some key functions (compliance, risk management, internal control) to be outsourced to service providers within the European Union;
• some ancillary functions (IT, human resources) to be outsourced to providers in third countries.

Such arrangements will be deemed higher-risk and assessed on a case-by-case basis, considering the nature, scale, and complexity of the business model.

Members of the management body must:

• meet the requirements for good repute, experience and qualifications, individually and collectively;
• all or some of them must hold higher education in fields such as finance, economics, law, accounting, auditing, management, information technology or statistics;
• allocate sufficient professional time to the provider’s activities, as follows:
  • at least one executive member must be fully engaged in the provider’s activities;
  • other executive members must dedicate at least half of their professional time;
  • non-executive members must be able to attend to on-site engagements within two days.

The assessment of the suitability of members of the management body is carried out in accordance with the Joint Guidelines of the EBA and ESMA on the assessment of the suitability of members of the management body of asset-referenced token issuers and crypto-asset service providers. An individual assessment is to be prepared for each person and a collective assessment is to be prepared for the management body as a whole, whereby its members, taken together, must ensure that sufficient knowledge and professional experience are available for the management of the crypto-asset service provider. It is recommended that the assessments be prepared by at least two persons who do not perform executive functions in the management of the provider.

Providers must demonstrate that they have staff already employed or otherwise engaged who are capable of performing all regulatory and operational functions.

Part of the team may consist of persons, who have committed to assume the relevant positions, provided that:

• declarations of commitment are submitted;
• documents evidencing qualifications and professional experience are provided;
• the minimum requirements necessary for the implementation of the business model are met.

There is no fixed minimum number of employees. For providers with a non-complex business model, two employees may be considered a reasonable starting point. The decisive factors will be:

• whether the company can effectively perform all regulatory and operational functions;
• whether staff have the necessary qualifications and experience.

Suitability is demonstrated by:

• documents evidencing education and professional experience;
• criminal record certificates or equivalent documents, or declarations where such documents are not issued;
• declarations on the absence of specific circumstances;
• certificates on the existence or absence of criminal proceedings, where applicable, or declarations where such documents are not issued;
• individual and collective suitability assessments carried out by non-executive persons.

Diplomas issued by foreign educational institutions must be accompanied by a recognition certificate issued by the National Centre for Information and Documentation.

Copies of employment records, job descriptions, extracts from official registers, including social security records, and other documents may evidence professional experience.

No. There is no exhaustive list. Required internal rules depend on the specific services and business model and will typically include:

• rules on the internal organisation of a crypto-asset service provider;
• risk management rules;
• internal control and regulatory compliance rules;
• client complaints handling rules;
• conflict of interest rules;
• rules on anti-money laundering and counter-terrorist financing measures;
• order execution rules;
• personal transactions rules;
• information and communication technology (ICT) management rules and procedures;
• market abuse prevention rules;
• data retention rules;
• general terms and conditions, where applicable.

Some of the above-mentioned rules may be combined into a single document. In such cases, it is recommended that the application for authorisation clearly indicate the document, as well as the relevant section(s) and/or page(s) where the applicable rules, policies and/or procedures are set out.

13. What is the transitional regime for persons registered with the National Revenue Agency (NRA), currently maintained by the FSC?

Persons under Article 4(38) and (39) of the Measures on Anti-Money Laundering Act (in force until 1 July 2026) who were registered under Article 9a of the same Act may temporarily continue their activities without authorisation under MiCA until:

• 1 July 2026; or
• the date of issuance or refusal of an authorisation under MiCA, whichever occurs first.

Persons under Article 4(38) and (39) of the Measures on Anti-Money Laundering Act (in force until 1 July 2026) who were registered under Article 9a of the same Act may temporarily continue their activities without authorisation under MiCA until:

• 1 July 2026; or
• the date of issuance or refusal of an authorisation under MiCA, whichever occurs first.

After the expiry of the transitional period, the provision of crypto-asset services will be permitted only with an authorisation issued by the FSC.

Companies that have pending authorization procedures as of July 1, 2026, and continue to operate must submit a plan to suspend their activities until authorization is granted or denied.

Companies that have not applied for authorisation by 1 July 2026 must cease crypto-asset activities. To ensure an orderly wind-down and the protection of investors, the FSC recommends that companies who do not intend to apply for authorisation to prepare a termination plan by 1 March 2026 and submit it to the FSC. The plan must include arrangements for settling relationships with clients.

* This answer may be subject to change following guidance from the European supervisory authorities.

No. Pursuant to Article 67 of MiCA, prudential safeguards may be provided in one or in a combination of the permissible forms. An insurance policy is one of the possible options, but it is not the only means of meeting the requirement.

The following will not be considered sufficient for the issuance of an authorisation:

• submission of business intentions or concepts without actual resources;
• unclear or contradictory descriptions of services subject to the application;
• lack of actually employed or engaged key staff;
• formal indication of an address in Bulgaria without real operational activity;
• absence of internal rules and policies governing the activity;
• models where all key decisions are taken by group structures outside the EU;
• incomplete or formal documentation not reflecting actual operations or intentions;
• internally inconsistent or contradictory documentation.

A significant risk is deemed to exist where the same persons have applied for authorisation in other Member States, have been refused authorisation, or have withdrawn applications elsewhere.

Before requesting a meeting or consultation with the FSC regarding a future authorisation procedure, applicants should prepare:

• a brief description of the business model and services;
• information on the group structure (if applicable);
• details of management and owners, including CVs;
• an organisational structure and key functions.

Documents should be sent by email to:
d.laskova@fsc.bg and a.todorova@fsc.bg,
together with a contact telephone number.