1.  How is crypto regulated?
  2.  What are the steps taken by the regulator to adopt MiCAR? 
  3. Are the following activities regulated or unregulated in your jurisdiction? ― Direct sales of tokens by issuers ― Exchange (buy/sell) ― Custody (hold) ― Borrowing/lending ― Yield/staking services ― Staking on proof of stake consensus mechanisms.
  4. Can offshore business provide services to local customers on either active solicitation or reverse solicitation basis? 
  5. How long would establishing a crypto-asset business/ obtaining a licence in your jurisdiction take?
  6. What would be the approximate overall cost of obtaining a licence?
  7. What is the probability (%) of success in obtaining a licence?
  8. What other limitations are there in your jurisdiction when looking to set up a cryptoasset business?

jurisdiction

Germany

Disclaimer: This chapter was last updated on 15 July 2025 and does not reflect any subsequent developments. The information provided is intended for general informational purposes and should not be construed as legal advice.

1. How is crypto regulated?

Jurisdiction-specific MiCAR implementation and deviations Any other regulation

In addition to the general MiCAR framework (covered here), the German Banking Act (Kreditwesengesetz – “KWG”) and the German Securities Institutions Act (Wertpapierinstitutsgesetz – “WpIG”) govern certain services related to financial instruments within the meaning of MiFID II, as well as the custody of cryptographic keys and cryptographic instruments (a term covering certain crypto-assets not subject to MiCAR). Furthermore, the German Prospectus Act (Wertpapierprospektgesetz – “WpPG”), together with European prospectus law, regulates public offerings and admissions to trading of financial instruments within the meaning of MiFID II.

 

This leads to the following supervisory law landscape for crypto-assets:

  • KWG / WpIG: Regulation of certain services related to crypto-assets that are functionally comparable to financial instruments within the meaning of MiFID II (e.g. security tokens), as well as the custody of cryptographic instruments (including NFTs) and cryptographic keys.
  • MiCAR: Regulation of crypto-assets as defined in Art. 3(1) no. 5 MiCAR and certain related services (e.g. utility tokens, e-money tokens, asset-referenced tokens, certain governance and other tokens).

WpPG and European prospectus law: Regulation of public offerings and the admission to trading of crypto-assets that are functionally comparable to financial instruments.

The Money Laundering Act (Geldwäschegesetz – “GwG”) and Regulation (EU) 2023/1113 (the “EU Funds and Crypto Transfer Regulation”) are particularly important.

2. What are the steps taken by the regulator to adopt MiCAR? 

The German legislator adopted the Financial Markets Digitisation Act (Finanzmarktdigitalisierungsgesetz – “FinmadiG”), which, among other things, amended the KWG and the WpIG and created the Crypto Markets Supervision Act (Kryptomärkteaufsichtsgesetz – “KMAG”).

FinmadiG implements and supplements the requirements of MiCAR as a transposition law. The most important amendments include:

  • The KWG and WpIG no longer apply to crypto-asset services that are now covered by MiCAR. However, the amended KWG and WpIG still apply to services related to crypto-assets that are functionally comparable to financial instruments within the meaning of MiFID II (e.g. security tokens), and to the custody of “cryptographic instruments” and cryptographic keys.
  • The KMAG designates the Bundesanstalt für Finanzdienstleistungsaufsicht (“BaFin”) as the competent authority for supervising issuers of crypto-assets and crypto-asset service providers under MiCAR, KWG, and WpIG, and provides further powers and sanctions. KMAG also addresses the possibility of a simplified authorisation procedure for already regulated institutions.

FinmadiG aligns national regulations with the updated EU Funds and Crypto Transfer Regulation. Crypto-asset service providers must collect, transmit, and make available information about clients and beneficiaries of the crypto transfers they carry out.

3. Are the following activities regulated or unregulated in your jurisdiction? ― Direct sales of tokens by issuers ― Exchange (buy/sell) ― Custody (hold) ― Borrowing/lending ― Yield/staking services ― Staking on proof of stake consensus mechanisms.

Jurisdiction-specific MiCAR implementation and deviations Any other regulation

Direct sales of token by issuers

  • MiCAR: See here
  • KWG / WpIG: The initial offering of crypto-assets that are functionally comparable to financial instruments is generally not regulated under the KWG or WpIG. However, the subsequent sale of such crypto-assets — e.g. transfers to a buyer in return for payment or in exchange for other crypto-assets — may fall within the scope of the KWG / WpIG, as it could constitute a regulated financial service such as proprietary trading.
  • Prospectus law: In any case, the issuance and sale of crypto-assets functionally comparable to financial instruments is generally subject to prospectus obligations, e.g. under the WpPG and the European Prospectus Regulation. However, exemptions may apply.

Exchange (buy/sell)

  • MiCAR: See here
  • KWG / WpIG: The exchange of crypto-assets that are functionally comparable to financial instruments may require authorisation under the KWG / WpIG, as such activity could qualify as proprietary trading, brokerage, or the operation of a multilateral trading facility (MTF).
  • Prospectus law: The sale of a crypto-asset functionally comparable to a financial instrument may be subject to prospectus obligations.

Custody (hold)

  • MiCAR: See here
  • KWG / WpIG: A custody licence must be obtained from BaFin if cryptographic instruments (e.g. security tokens or NFTs) or cryptographic keys are taken into custody. Companies offering storage space only (e.g. web hosting or cloud services) do not require a BaFin licence, provided they do not explicitly offer the storage of private keys. Manufacturers and sellers of hardware or software for self-custody also do not require a licence, as long as they do not have access to the crypto-assets stored by users.

Borrowing/lending

  • MiCAR: See here
  • KWG / WpIG: There are structures that may not require a licence, but no official guidance has been issued by the regulator so far.

Yield/staking services

  • MiCAR: here
  • KWG / WpIG: There are structures that may not require a licence, but no official guidance has been issued by the regulator so far.

Staking on proof of stake consensus mechanisms

KWG / WpIG: Generally, staking is not regulated under KWG/WpIG.

The GwG and the EU Funds and Crypto Transfer Regulation are particularly applicable if a crypto asset service within the meaning of MiCAR is provided.

4. Can offshore business provide services to local customers on either active solicitation or reverse solicitation basis? 

Jurisdiction-specific MiCAR implementation and deviations Any other regulation

Yes, but activities may be regulated.

 

·        Active solicitation: According to current supervisory practice, a licence for regulated activities is required not only when a foreign provider operates a branch or agency in Germany, but also when it actively targets the German market from abroad (e.g. through advertising on social media) with the intention of offering financial services “repeatedly and in a business-like manner” in Germany.

·        Reverse solicitation: If a service is provided solely at the initiative of the domestic recipient – i.e. requested without any prior solicitation – no licence is required. However, this is considered a narrow exception and should be interpreted restrictively.

 

5. How long would establishing a crypto-asset business/ obtaining a licence in your jurisdiction take?

Jurisdiction-specific MiCAR implementation and deviations Any other regulation
Obtaining one or more of the licences mentioned above typically takes 1 to 2 years. 

6. What would be the approximate overall cost of obtaining a licence?

Jurisdiction-specific MiCAR implementation and deviations Any other regulation
This depends on the type of licence required, as well as associated costs – particularly for IT and HR.
 

7. What is the probability (%) of success in obtaining a licence?

Jurisdiction-specific MiCAR implementation and deviations Any other regulation

High.

The biggest roadblocks (in our experience) are:

  • No sufficient IT.
  • Unsuccessful ownership control procedure.

Lack of qualified management.


 

8. What other limitations are there in your jurisdiction when looking to set up a cryptoasset business?

Jurisdiction-specific MiCAR implementation and deviations Any other regulation
  • There are several compliance requirements, including the obligation to have a physical presence in Germany (except in cases of EU passporting), and the need to demonstrate to BaFin a certain level of initial capital and management reliability.
  • EU consumer protection laws must also be complied with.