Malta

Malta

Law Over Borders Comparative Guide: Cryptoassets Law Guide

02 Jun 2026
Cryptoassets Law Guide Cryptoassets Law Guide

Malta has integrated a comprehensive definition of cryptoassets into its legal framework through the Markets in Crypto-Assets Act (Chapter 647 of the Laws of Malta) (“MiCA Act”), enacted on 30 June 2024 and amended by Act XI of 2025. This legislation transposes Regulation (EU) 2023/1114 of the European Parliament and of the Council of 31 May 2023 on Markets in Cryptoassets (“MiCA Regulation”) into national law, with Article 2(1) of the MiCA Act explicitly referencing the MiCA Regulation for definitional clarity. According to Article 3(1), point (5) of the MiCA Regulation, a “‘crypto-asset’ means a digital representation of a value or of a right which is able to be transferred and stored electronically, using distributed ledger technology or similar technology”. This definition forms the cornerstone of Malta’s approach, encompassing a wide array of digital assets, such as cryptocurrencies (e.g. Bitcoin, Ether), stablecoins and non-fungible tokens (NFTs).

The MiCA Act and Regulation further refine this broad category by establishing distinct classifications to address varying risk profiles and functionalities. Article 3(1), point (6) of the MiCA Regulation defines an “asset-referenced token” (ART) as “a type of crypto-asset that is not an electronic money token and that purports to maintain a stable value by referencing another value or right or a combination thereof, including one or more official currencies”.

Similarly, Article 3(1), point (7) specifies an “e-money token” (EMT) as “a type of crypto-asset that purports to maintain a stable value by referencing the value of only one official currency”. These definitions ensure that stabilised tokens are subject to tailored regulatory oversight. The residual category, covered under Part II of the MiCA Act, includes cryptoassets such as utility tokens (which provide access to goods or services) and NFTs (unique digital assets) that do not qualify as ARTs or EMTs, unless they exhibit characteristics of financial instruments under existing EU directives.

The major elements of these definitions hinge on their digital nature, their ability to be transferred and stored electronically via distributed ledger technology (DLT), and their representation of value or rights. This categorisation enables a balanced regulatory approach, fostering innovation while addressing risks associated with each type, from the stability mechanisms of stablecoins to the unique ownership models of NFTs.

Malta’s regulatory landscape for cryptoassets is shaped by the MiCA Act, which serves as the cornerstone of domestic legislation. This act implements the MiCA Regulation, providing a structured framework for the issuance, trading and servicing of cryptoassets. The MiCA Act addresses requirements for public offers and admissions to trading platforms, as well as obligations for ARTs, EMTs, and other cryptoassets, alongside rules for cryptoasset service providers (CASPs). Its detailed structure, spanning Parts I to XII, includes provisions for preliminary definitions, token classifications, service provider duties, market abuse prevention, and regulatory enforcement powers, ensuring a cohesive approach.

Complementing this, the MiCA Act amends key existing laws to integrate cryptoasset regulation, notably the Banking Act (Chapter 371) under Part XI (Articles 59–61) and the Virtual Financial Assets Act (Chapter 590) under Part XII (Articles 62–64), aligning them with the new framework. The MiCA Regulation, directly applicable as EU law, introduces additional binding legal instruments, such as implementing and regulatory technical standards, which refine operational and compliance obligations.

Oversight is entrusted to the Malta Financial Services Authority (MFSA), established under the Malta Financial Services Authority Act (Chapter 330), acting as the primary competent authority for licensing, supervision and enforcement. The Central Bank of Malta, defined under the Central Bank of Malta Act (Chapter 204), supports efforts related to financial stability. Additionally, the Financial Intelligence Analysis Unit (FIAU), operating under the Prevention of Money Laundering Act (Chapter 373), enforces anti-money laundering (AML) and counter-terrorism financing (CFT) measures. These bodies collaborate with the European Supervisory Authorities, including the European Banking Authority (EBA) and the European Securities and Markets Authority (ESMA), to maintain consistency across the EU framework.

Malta adopts a tailored regulatory approach for various cryptoassets under the MiCA Act, which aligns with the MiCA Regulation. No cryptoassets are outlawed outright, reflecting a progressive stance that supports innovation while mitigating risks.

In determining whether a cryptoasset falls within the scope of the MiCA Regulation, or determining the exact type of cryptoasset in question, the MFSA applies:

  • the joint ESA’s Guidelines on templates for explanations and opinions, and the standardisation test for the classification of cryptoassets; and
  • the ESMA Guidelines on the conditions and criteria for the qualification of cryptoassets as financial instruments.

ARTs, as defined in Article 3(1), point (6) of the MiCA Regulation (referenced in the MiCA Act under Part III, Articles 9–21), are subject to stringent rules — in particular, the ongoing requirements applicable to issuers of ARTs outlined in the MFSA’s MiCA Rulebook. Issuers must obtain authorisation from the MFSA before offering ARTs. This includes the publishing and maintenance of a detailed white paper approved by the MFSA.

EMTs, per Article 3(1), point (7) (regulated under Part IV, Articles 22–25), can only be issued by credit institutions or electronic money institutions authorised by the MFSA in terms of the Financial Institutions Act (which includes the transposition of EMD2) or the Banking Act, in addition to MiCA. In accordance with the MFSA MiCA Rulebook, issuers wishing to notify an EMT white paper shall refer to the following provisions:

  • the provisions of Part IV of the MiCA Act;
  • the provisions of Title III of the MiCA Regulation; and
  • any applicable regulatory technical standards and guidelines issued under the MiCA Regulation.

The catch-all residual category includes all cryptoassets not classified as ARTs, EMTs or financial instruments. Unlike ARTs and EMTs, these do not require prior authorisation, and follow a notification regime whereby such cryptoassets would need to be notified to the MFSA, subject to a 20-working day period before the cryptoasset can be offered or admitted to trading. In accordance with the MFSA’s MiCA Rulebook, issuers or other persons wishing to notify an “other cryptoasset” white paper shall refer to the following provisions:

  • the provision of Part II of the MiCA Act;
  • the provisions of Title II of the MiCA Regulation;
  • any applicable regulatory and technical standards and guidelines issued under the MiCA Regulation; and
  • the ESMA Guidelines on the maintenance of systems and security access protocols under MiCA, which supplements Article 14(1) of the MiCA Regulation.

Additionally, offerors or persons availing themselves of the exemption set out under Article 4(3)(d) of the MiCA Regulation which are required to submit a notification relating to the limited network exemption set out therein, shall submit the Limited Network Exclusion Form, which may be downloaded from the MFSA’s website and submitted via e-mail to [email protected].

Issuers wishing to notify a white paper shall submit the relevant notification form, which may be downloaded through the MFSA’s LH Portal. This shall include the payment of the applicable notification fee as set out in the Markets in Crypto-Assets Act (Fees) Regulations (L.N. 295 of 2024). Issuers are to take note that the MFSA shall require neither prior approval of cryptoasset white papers, nor any marketing communications relating thereto, before their respective publication. Upon notification of the white paper, the issuer shall remain responsible for complying with the relevant provisions of the MiCA Regulation.

Stablecoins generally fall under these stabilised categories, ARTs or EMTs, depending on their reference assets, inheriting the respective regulatory burdens. Security tokens, if classified as financial instruments under Directive 2014/65/EU, are regulated under existing EU financial services laws rather than the MiCA framework, although the MFSA assesses their status on a case-by-case basis. NFTs, as per the residual category outlined in Question 1, above, of other cryptoassets under Part II (Articles 5–8), face lighter regulation unless they exhibit security-like features, requiring transparency and market abuse prevention measures.

Malta implements a mandatory authorisation and licensing regime under the MiCA Act, which transposes the MiCA Regulation. This regime applies to issuers of ARTs (Part III, Articles 9–21) and EMTs (Part IV, Articles 22–25), as well as CASPs, including exchanges, custodians, and other intermediaries (Part V, Articles 26–34).

Issuers of ARTs must secure MFSA approval, maintaining robust governance arrangements with conflict of interest policies, establishing transparent complaint handling procedures, meeting specific own funds requirements that may be adjusted based on stress testing, maintaining liquid reserve assets invested in highly liquid financial instruments with minimal risk, implementing recovery and redemption plans within 6 months of authorisation, reporting quarterly transaction data when required, obtaining prior approval for changes in qualifying holdings, and adhering to additional obligations if their tokens are classified as significant (including enhanced liquidity management, remuneration policies, and liquidity stress testing). These issuers must also fulfil ongoing notification requirements, maintain appointed persons through proper approval processes, submit audited financial statements, and pay applicable fees as outlined in the MiCA Rules.

Applicants for authorisation as an issuer of ARTs shall, in particular, refer to the following provisions:

  • the provisions of Part III of the MiCA Act;
  • the provisions of Title IV of the MiCA Regulation;
  • the regulatory technical standards and guidelines applicable to issuers of ARTs, as outlined in Title 4 of these rules; and
  • the regulatory technical standard specifying the information to be submitted as part of the application for authorisation, issued pursuant to Article 18 of the MiCA Regulation.

EMT issuers also require authorisation as credit or electronic money institutions, with similar capital and disclosure obligations to ensure stability. Such issuers are subject to certain requirements emanating from the MiCA Regulation and the MiCA Act, as well as Chapter 1 and Chapter 3 of the Financial Institutions Rulebook, commonly referred to as “FIR/01” and “FIR/03”, which must be adhered to at all times. The regulations establish compliance obligations including the creation of recovery and redemption plans within six months of public offering or trading admission.

For EMTs denominated in non-EU Member State currencies, issuers must report transaction data quarterly using specified methodologies to track usage as a means of exchange. Electronic money institutions can provide cryptoasset custody and transfer services with proper notification. The framework becomes more stringent for significant EMTs, which face additional requirements including enhanced own funds adjustments, liquidity management policies, stress testing programmes, and governance arrangements for remuneration.

The regulatory structure incorporates multiple layers of technical standards and guidelines from the European Supervisory Authorities, with the MFSA applying these proportionally. Issuers must maintain reserves invested in highly liquid financial instruments with minimal risk exposure, and continuously monitor evolving European Commission, ESMA and EBA regulations to ensure ongoing compliance. The framework aims to balance market innovation with financial stability and consumer protection in the growing digital assets sector.

CASPs require an MFSA licence for the following activities: operating trading platforms, exchange services, custody services, executing orders, reception and transmission of orders, offering advice, portfolio management, and transfer services. The applicable minimum capital requirements depend on the classification of the CASP, set at EUR 50,000 for Class 1, EUR 125,000 for Class 2 and EUR 150,000 for Class 3.

Applicants for authorisation as a CASP shall in particular refer to the following provisions:

  • the provisions of Part V of the MiCA Act;
  • the provisions of Title V of the MiCA Regulation;
  • the regulatory technical standards, guidelines and other regulatory requirements applicable to CASPs as outlined in these rules; and
  • the regulatory technical standard specifying the information to be submitted as part of the application for authorisation, issued pursuant to Article 62 of the MiCA Regulation.

These provisions set out, inter alia, the information which will be collected throughout the application process, the requirements with which applicants will be expected to demonstrate compliance, as well as the basis for which the MFSA may decide to grant or refuse to grant a licence.

Practically, the MFSA processes applications on a case-by-case basis, typically taking six to nine months depending on submission quality. While exact success rates are not publicly available, the MFSA has processed a growing number of applications since 2024, reflecting Malta’s growing and active crypto market. A full list of licensed entities can be accessed via the MFSA’s Financial Services Register at fsr.mfsa.mt.

Notably, under Malta’s now repealed Virtual Financial Assets Act, which was widely regarded as the EU framework most closely aligned with MiCA, a total of 30 companies were granted licences as Virtual Financial Assets Service Providers. Furthermore, as of 17 October 2025, seven firms have been granted a MiCA licence by the MFSA to operate as CASPs.

The promotion of cryptoassets in Malta is captured under Title I, Article 3(22) of MiCA, which defines the placing of cryptoassets to mean the marketing, on behalf of or for the account of the offeror or a party related to the offeror, of cryptoassets to purchasers. In accordance with Article 79 of MiCA, CASPs placing cryptoassets shall communicate the following information to the offeror, to the person seeking admission to trading, or to any third party acting on their behalf, before entering into an agreement with them:

  • the type of placement under consideration, including whether a minimum amount of purchase is guaranteed or not;
  • an indication of the amount of transaction fees associated with the proposed placing;
  • the likely timing, process and price for the proposed operation; and
  • information about the targeted purchasers.

CASPs placing cryptoassets shall, before placing those cryptoassets, obtain the agreement of the issuers of those cryptoassets, or any third party acting on their behalf, as regards the information listed above.

CASPs’ rules on conflicts of interest referred to in Article 72(1) shall have specific and adequate procedures in place to identify, prevent, manage and disclose any conflicts of interest arising from the following situations:

  • CASPs place the cryptoassets with their own clients;
  • the proposed price for placing of cryptoassets has been overestimated or underestimated; and
  • incentives, including non-monetary incentives, are paid or granted by the offeror to CASPs.

The solicitation rules, enshrined in Part VI (Articles 35–36), establish a regulatory framework for financial promotion, requiring all marketing materials to be fair, clear, and not misleading, in line with ESMA guidelines. The MFSA enforces these standards, with a focus on protecting consumers from deceptive practices.

Cryptoasset custodians in Malta are regulated under Part V (Articles 26–34) of the MiCA Act, which transposes the MiCA Regulation. Custody is captured under the providing custody and administration of cryptoassets on behalf of clients’ licensable activity and is defined as the safekeeping or controlling, on behalf of clients, of cryptoassets or of the means of access to such cryptoassets, where applicable in the form of private cryptographic keys. This is a MiCA Class 2 activity that requires a minimum share capital of EUR 125,000.

The MFSA requires the applicant to submit a custody policy aimed at minimising the risk of a loss of clients’ cryptoassets or the rights related to those cryptoassets or the means of access to the cryptoassets due to fraud, cyber threats or negligence. In accordance with Article 75(3) of MiCA, a summary of the custody policy must also be made available to clients, alongside a standard client agreement for the custody and administration of cryptoassets. The custody policy must set out the custodian’s internal rules and procedures governing the safekeeping of clients’ cryptoassets and related access means, and must be made available to clients in electronic format upon request.

Client cryptoassets must be segregated from the custodian’s own assets to minimise commingling risk and ensure protection in the event of insolvency. Custodians are required to enter into a written agreement, with each client outlining their respective duties and responsibilities, the security systems employed, and the custody policy itself. Furthermore, custodians must maintain a register of client positions, showing each client’s entitlement to cryptoassets and recording any movements promptly and accurately.

Malta imposes stringent AML requirements for cryptoassets under the MiCA Act. These are enforced by the FIAU under the Prevention of Money Laundering Act (Chapter 373). CASPs, including exchanges and custodians under Part V (Articles 26–34), must conduct Know Your Customer checks, verifying client identities and assessing risks before establishing business relationships. Registration with the FIAU is mandatory for all service providers, ensuring oversight of AML compliance.

Cryptoassets are not classified as legal tender or money in Malta, but they are treated as regulated assets under the MiCA framework and Maltese AML legislation. CASPs must conduct customer due diligence and submit “suspicious transaction” reports to the FIAU whenever they have reasonable grounds to suspect money laundering or terrorist financing, irrespective of the amount involved. The FIAU’s Implementing Procedures allow simplified due diligence for low-risk relationships where aggregate transfers by a customer remain below EUR 1,000 in a rolling 90-day period, but once that threshold is met, full customer due diligence is required. The EU’s recast Transfer of Funds Regulation (implementing Financial Action Task Force (FATF) Recommendation 16) extends the “travel rule” to cryptoasset transfers, requiring CASPs to collect and transmit originator and beneficiary information on all transfers and to verify ownership of unhosted wallets when the transfer exceeds EUR 1,000. Non-compliance with MiCA or AML/CFT obligations can result in significant administrative fines (up to EUR 5 million or more) and licence revocation. These obligations form part of a wider EU AML/CFT package, including the new AML Regulation, the sixth AML Directive (AMLD6) and the forthcoming EU Anti-Money Laundering Authority, which will further harmonise requirements across Member States and ensure that cryptoasset transfers are subject to the same scrutiny as traditional financial transfers.

Under Maltese civil law, cryptoassets are best characterised as incorporeal movables that can be owned, assigned, and transferred by contract and delivery/acknowledgment under the Civil Code. Legal and beneficial interests may be separated (e.g. via trust or custodial arrangements) so that a custodian can hold legal title or factual control while the client retains the beneficial entitlement.

“Control” is not a defined civil law concept for digital assets. In practice, it means the ability to authorise transactions (private keys or custodial controls), while legal entitlement is determined by contract and general property/obligations rules. As movables, cryptoassets can, in principle, secure obligations (e.g. pledges or title-transfer collateral) if properly structured and perfected.

Mere ownership is not licensable. Issuing cryptoassets or providing services (e.g. custody/administration, exchange, operating a trading platform, execution/transfer, advice/portfolio management) requires authorisation under Malta’s MiCA Act with MFSA supervision and AML/CFT compliance.

The MiCA Act does not establish a specific registration regime for decentralised autonomous organisations (DAOs). The MFSA would assess DAOs on a case-by-case basis, potentially classifying them as partnerships or unincorporated associations under the Companies Act (Chapter 386) if they exhibit centralised control or profit-seeking activities. This lack of tailored regulation reflects the evolving nature of DAOs, with the MFSA monitoring their development for future legislative consideration.

In a nutshell, liability for DAO members attaches based on their level of involvement or contribution, with no inherent limit unless the DAO is structured as a legal entity (e.g. a non-profit seeking foundation aimed at facilitating governance initiatives, full on-chain governance, and so on), which would provide for limited liability. Without such a structure, members may face unlimited liability for the DAO’s obligations, depending on their role and the jurisdiction’s interpretation of their actions, highlighting the need for clear legal structuring to mitigate risks.

There are no crypto-specific bankruptcy rules in Malta. Corporate insolvency is handled under the Companies Act (Chapter 386) (court or voluntary winding-up), with liquidators appointed to realise assets and distribute proceeds according to statutory ranking. Individual bankruptcy is addressed under the Commercial Code (Chapter 13). The Insolvency Practitioners Act (Chapter 632) governs office holders, and Malta has introduced a pre-insolvency framework to facilitate early restructuring. In this context, cryptoassets form part of the insolvent estate and are realised by the liquidator like other property (e.g. exchange or over-the-counter sales) to maximise recoveries. Creditor priority depends on the existence and perfection of valid security interests under Maltese law; absent security, claims rank as unsecured. Where the insolvent company is MFSA-authorised (e.g. a CASP under MiCA), the MFSA may exercise supervisory powers (including restricting activities or withdrawing authorisation), but the insolvency itself proceeds under the Companies Act, not MiCA.

Smart contracts may be deemed to be legally enforceable as legal contracts in Malta under the Civil Code (Chapter 16), provided they meet the essential requisites of a valid contract, namely, capacity, consent, a determinate object, and a lawful causa (cause). The Electronic Commerce Act confirms that a contract (and offer/acceptance) is not denied legal effect merely because it is electronic or automated, which accommodates code-based agreements. MiCA regulates cryptoasset activity but does not itself determine contractual enforceability; that remains a matter of general contract law. In practice, where terms are embedded in code, courts may recognise the validity of smart contracts if linked to clear legal intent, often requiring expert testimony to interpret code-based terms, ensuring alignment with traditional contractual obligations.

Victims of crypto-fraud in Malta can file a criminal report with the Police under the Criminal Code, and also pursue civil claims for damages and urgent asset-preservation measures. In civil proceedings, courts may issue precautionary warrants, including garnishee orders (to freeze monies with banks/third parties in Malta) and prohibitory injunctions (to restrain disposals), under the Code of Organisation and Civil Procedure.

For litigation involving foreign counterparts (e.g. exchanges or assets abroad), service of claims/orders within the EU follows Regulation (EU) 2020/1784 on service of documents, and recognition/enforcement of civil judgments follows Brussels I Recast (Reg. 1215/2012). Outside the EU, Malta relies on the Hague Service Convention (1965). Courts can also order disclosure or compel third parties within Malta through domestic procedure; for overseas exchanges, disclosure generally requires proceedings or assistance in the foreign court having jurisdiction.

Malta taxes cryptoasset activity under its existing framework, that is, the Income Tax Act (Chapter 123) and the Value Added Tax (VAT) Act (Chapter 406), together with the Malta Tax and Customs Administration (MTCA)’s guidance for DLT assets.

For income tax purposes, the treatment depends on the asset and facts.

  • Some cryptoassets may be treated like currency (e.g. business profits and mining receipts are treated as income).
  • Some cryptoassets may be treated like securities under Article 5 of the Income Tax Act. These cryptoassets produce income when they yield returns (e.g. dividend- or interest-like) and may fall under capital gains only if they qualify as securities.
  • Some cryptoassets are taxed under ordinary rules when used to supply goods/services.

The standard Maltese corporate rate of 35% applies to corporate entities while the progressive rates of tax apply to individuals.

For VAT purposes, exchanging coins for fiat or other coins is generally exempt (currency-like treatment), while exchanging cryptoassets for goods/services generally falls within the scope of VAT, similar to fiat payment in exchange for goods/services.

Taxpayers must register as taxable persons with the MTCA, must value at market rates, must keep proper records, and must report through their normal income tax/VAT returns.

In Malta, CASPs authorised under the MiCA Act (which transposes the EU’s MiCA Regulation), are subject to comprehensive data privacy and cybersecurity obligations. These stem from EU-wide frameworks that apply directly or through national implementation, ensuring alignment with broader financial services standards.

Data privacy is governed primarily by the General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679), which applies to all entities processing personal data, including crypto platforms. As an EU Member State, Malta enforces GDPR through the Data Protection Act (Cap. 586), overseen by the Information and Data Protection Commissioner (IDPC). CASPs must comply with GDPR principles, such as lawfulness, fairness, transparency, purpose limitation, data minimisation, accuracy, storage limitation, integrity, confidentiality, and accountability when handling customers’ personal data (e.g. identity verification details, transaction histories, and wallet addresses linked to individuals). This includes conducting data protection impact assessments for high-risk processing, appointing a data protection officer if required, and obtaining explicit consent where applicable. Customers’ personal and transactional data are protected under these rules, with rights to access, rectification, erasure, and objection. Breaches must be notified to the IDPC within 72 hours if they pose a risk to individuals’ rights and freedoms, and affected data subjects must be informed if the risk is high. Fines for non-compliance can reach up to EUR 20 million or 4% of global annual turnover.

For cybersecurity, CASPs fall under the Digital Operational Resilience Act (DORA) (Regulation (EU) 2022/2554), which applies to CASPs as “financial entities” and is enforced in Malta by the MFSA. The DORA mandates robust information and communications technology (ICT) risk management frameworks, including governance arrangements, risk identification, protection and prevention measures, detection systems, response and recovery plans, and regular testing (e.g. penetration testing and threat-led simulations). CASPs must implement measures to ensure the confidentiality, integrity, and availability of systems handling cryptoassets and related data. Incident reporting is required: major ICT-related incidents must be notified to the MFSA promptly (initial report within four hours, intermediate within 72 hours, and final within one month), with potential escalation to the European Central Bank or other EU authorities. The DORA also requires third-party ICT service providers (e.g. cloud services used for crypto operations) to be managed through contractual oversight and risk assessments.

Additionally, under MiCA (as implemented in Malta), CASPs have sector-specific obligations for the safekeeping and administration of cryptoassets (Article 75 of MiCA), which include maintaining secure systems to protect clients’ assets and data from unauthorised access, loss, or cyber threats. This encompasses segregation of client assets, regular audits, and insurance or comparable guarantees against operational risks, including cyberattacks. The MFSA may impose enhanced requirements during authorisation or ongoing supervision to address cybersecurity vulnerabilities.

Non-compliance with these obligations can result in MFSA sanctions, including fines of up to EUR 5 million or 10% of annual turnover, licence suspension, or revocation. CASPs are encouraged to integrate these requirements into their operations from the outset, often through MFSA-approved policies and external audits.

Staking, yield farming, and other decentralised finance (DeFi) activities are not explicitly defined or regulated under Malta’s MiCA Act, which transposes the MiCA Regulation. Instead, their treatment depends on whether they involve regulated cryptoasset services or fall within broader financial regulations. Staking, often seen in proof-of-stake consensus mechanisms, and yield farming, typically involving liquidity provision for rewards, may be assessed as investment products if they exhibit characteristics of collective investment schemes under Directive 2011/61/EU or financial instruments under Directive 2014/65/EU, potentially triggering licensing under those frameworks rather than MiCA.

Platforms facilitating these services require MFSA registration as CASPs if they provide custody, exchange, or portfolio management, unless the protocol is fully decentralised. As outlined in Recital 22 of MiCA, full decentralisation (meaning no single entity controls the protocol or provides essential services) places activities outside MiCA’s scope, treating them as a “common good” resource on permissionless DLT. However, it is to be expected that European regulators would publish further interpretative notes to ensure a harmonised interpretative approach towards what is to be deemed “fully decentralised without any intermediary in place” so as to ensure harmonisation.

The MFSA regularly issues circulars to the industry, with updates on authorisation procedures, supervisory expectations under MiCA and practical compliance measures. Malta is actively consulting on niche areas, such as the tokenisation of collective investment schemes, with MFSA position papers and event briefings outlining future integration of blockchain and DLT within collective investment regimes. This paper is part of Malta’s efforts to align with the EU’s broader digital finance agenda, particularly MiCA and the DLT Pilot Regime. Malta continues to align local supervisory practices with EU-wide standards, evidenced by harmonised reporting requirements, such as the CASP return, increased AML compliance and collaborative consultations with European authorities, such as the ESMA and the EBA.