MiCA CASP License in Bulgaria

Why Choose Bulgaria for Crypto Licensing?

Bulgaria is the right choice for cost-sensitive operators who want a genuine EU MiCA base with a flat 10% tax and full passporting, and who can build real substance and absorb banking friction. It is the wrong choice for a firm that needs frictionless fiat rails on day one, because Bulgaria is the only EU state on the FATF grey list and domestic banks de-risk crypto hard.

A Live MiCA Regime, Not a Promise

The Financial Supervision Commission began authorising CASPs under the Bulgarian Markets in Crypto-Assets Act, in force from 8 July 2025.^[1] This is not a draft framework. Two providers already hold Bulgarian CASP authorisations on the ESMA register: Alaric Securities OOD, authorised on 22 December 2025 as the country’s first, and Belayer OOD, authorised on 28 April 2026.^[2] The count is small, which is itself a signal: this is an early-stage but functioning regime where well-prepared applicants are not queuing behind hundreds of others.

A Flat 10% Tax, Among the Lowest in the EU

Bulgaria levies a flat 10% corporate income tax and a flat 10% personal income tax, the joint-lowest headline corporate rate in the European Union.^[3] For individuals, crypto disposal gains are taxed at an effective rate of roughly 9% after a standard deductible. The arithmetic is straightforward and there is no distributed-profits mechanism to model: profit is taxed at 10% when it arises. For a CASP building toward scale inside the EU, this is a real and quantifiable advantage over higher-rate MiCA jurisdictions.

Full MiCA Passporting

An FSC-issued CASP authorisation confers the full MiCA passport. Under Article 65 of MiCA, a notification to the home regulator is transmitted to host competent authorities and cross-border services may begin after roughly 15 working days, with no separate national licences.^[4] The reach is the entire EU and EEA. The superseded legacy registration never carried this right, which is the central reason the CASP route matters and the registration does not (see the transition section).

The Banking Caveat, Stated Plainly

Bulgaria remained the only EU Member State on the FATF grey list as of the June 2026 plenary, which compounds correspondent-banking friction and makes banking, not the licence, the single biggest execution risk here.^[5] The practical answer is an EMI-first stack planned before authorisation, set out in full in the banking section.

The Euro Changeover

Bulgaria adopted the euro on 1 January 2026 at the fixed conversion rate of 1.95583 lev per euro, set by Council Decision (EU) 2025/1407 of 8 July 2025.^[6][17] Over time this removes lev-euro conversion friction, aligns Bulgarian banks with ECB and SEPA-euro rails, and brings the country fully into the Banking Union. The figures throughout this guide are euro-primary for that reason, with lev shown where the underlying instrument, such as the FSC fee schedule, is denominated in lev. The near-term operational changeover and the mandatory dual-display period to 8 August 2026 are transitional, not structural.

Regulatory Framework

Bulgaria runs a multi-regulator model. The Financial Supervision Commission authorises and supervises CASPs and asset-referenced token issuers. The Bulgarian National Bank is the competent authority for e-money token issuers, who must hold an e-money-institution or credit-institution licence. The National Revenue Agency holds the closed legacy register and administers tax, and the Financial Intelligence Directorate of the State Agency for National Security receives suspicious-activity reports.

The Four Authorities

• Financial Supervision Commission (FSC). The lead authority for CASPs and asset-referenced token issuers under MiCA and the Bulgarian Markets in Crypto-Assets Act. The FSC publishes the authorisation procedure, the fee schedule under Ordinance No. 76, and the register of authorised providers.^[8]
• Bulgarian National Bank (BNB). The competent authority for e-money token issuers, who fall outside the core CASP regime and must be authorised under the Payment Services and Payment Systems Act.^[10]
• National Revenue Agency (NRA). Held the legacy virtual-asset service provider register under the Measures Against Money Laundering Act. That register was migrated to the FSC on 8 July 2025 and closed to new entrants. The NRA continues to administer corporate and personal tax, including DAC8 crypto reporting.
• Financial Intelligence Directorate (FID-SANS). The financial intelligence unit within the State Agency for National Security, which receives suspicious-activity reports and oversees anti-money-laundering intelligence.

Regulatory History

Bulgaria’s journey from a thin national anti-money-laundering register to a full MiCA regime is the context every buyer should understand. The National Revenue Agency recognised crypto income as taxable financial-asset income as early as 2014, and the Measures Against Money Laundering Act, transposing the EU Fifth Anti-Money Laundering Directive, defined virtual currencies and required virtual-asset service providers to register.^[9] Ministry of Finance Ordinance No. H-9 of 7 August 2020 set the registration procedure.

The register was always shallow. After a 22 March 2024 re-application requirement under Ordinance H-9, the National Revenue Agency removed 88 virtual-asset service provider registrations, over 40% of the total, leaving roughly 139 active by late September 2024, down from a cumulative 305 ever authorised.^[20]

MiCA became directly applicable across the EU on 30 December 2024. The Bulgarian Markets in Crypto-Assets Act was adopted by Parliament on 20 June 2025, promulgated in State Gazette No. 54 on 4 July 2025, and entered into force on 8 July 2025, the same date DORA was transposed into Bulgarian law.^[7] Bulgaria chose the maximum 18-month grandfathering period under MiCA Article 143(3), so the transitional window ran to 1 July 2026.^[12]

Recent Regulatory Developments

• 19 June 2026. FATF determines Bulgaria has substantially completed its action plan. The June plenary made the initial determination that Bulgaria warrants an on-site assessment, a step toward grey-list removal that is in progress but not yet finalised. Bulgaria remains the only EU Member State on the list.^[5]
• 28 April 2026. Second Bulgarian CASP authorised. Belayer OOD was authorised by the FSC, described as the first fully crypto-focused Bulgarian CASP, covering custody, execution, and portfolio management.^[2]
• 1 January 2026. Euro adoption. The euro became legal tender in Bulgaria, with mandatory dual price display running to 8 August 2026.^[6]
• 22 December 2025. First Bulgarian CASP authorised. Alaric Securities OOD became the first provider on the Bulgarian CASP register, the first investment broker in the country to receive such authorisation.^[19]
• 8 October 2025. Grandfathering application cut-off. Providers registered between 30 December 2024 and 8 July 2025 had to apply within three months of entry into force to benefit from grandfathering. This deadline has passed.^[12]
• 8 July 2025. BG MiCA Act in force; DORA transposed. The Bulgarian Markets in Crypto-Assets Act entered into force, the FSC register was published, and DORA was transposed into national law.^[7]
• 12 June 2025. FSC Ordinance No. 76 on fees adopted. The Ordinance set the one-off CASP authorisation fees and the annual supervision fee structure.^[8]

Regulatory Overlap

Several EU and Bulgarian regimes intersect with the MiCA CASP authorisation and must be assessed in parallel:

• EU Transfer of Funds Regulation (Regulation 2023/1113). The EU travel rule for crypto-asset transfers; applicable from 30 December 2024. Practical consequence: information sharing via FID-SANS, with originator and beneficiary information accompanying CASP-to-CASP transfers.^[14]
• Digital Operational Resilience Act. Transposed into Bulgarian law on 8 July 2025 and applicable to CASPs. Practical consequence: ICT third-party register, incident classification, and threat-led penetration testing for significant CASPs are baseline obligations.^[13]
• Payment Services and Payment Systems Act. E-money token issuers are carved out of the BG MiCA Act, save the MiCA market-abuse rules, and must be authorised as an e-money or credit institution under this Act, with the Bulgarian National Bank as competent authority.^[10] Capital floors do not net across regimes.
• Measures Against Money Laundering Act (MAMLA). Continues to apply to CASPs as obliged entities. Practical consequence: customer due diligence, five-year record-keeping, and suspicious-activity reporting to FID-SANS remain standing obligations.^[9]

Regulatory Transition: NRA VASP Register to FSC MiCA CASP Authorisation

The Old Regime: NRA / MAMLA VASP Registration

Under the Measures Against Money Laundering Act and Ministry of Finance Ordinance No. H-9 of 7 August 2020, the National Revenue Agency operated a public register of virtual-asset service providers under Article 9a. The registration covered crypto-fiat and crypto-crypto exchange and custodial wallet provision. It was an anti-money-laundering registration only: not a financial licence, not passportable, and territorially limited to Bulgaria. The fee was nominal, around BGN 50 (about EUR 26), with no minimum capital.^[9] After the March 2024 re-application requirement the register shrank sharply, and once it migrated to the FSC it closed to new entrants.

The New Regime: FSC / MiCA CASP Authorisation

The Financial Supervision Commission authorises CASPs under Regulation (EU) 2023/1114 and the Bulgarian Markets in Crypto-Assets Act, in force from 8 July 2025. This is a full financial authorisation, passportable across the EU and EEA under MiCA Article 65. Capital floors are EUR 50,000 / 125,000 / 150,000 by service class under MiCA Annex IV, and the secondary fee law is FSC Ordinance No. 76 of 12 June 2025.^[8] The two regimes are distinct in nature, not two versions of one thing: an anti-money-laundering register on one side, a passportable financial licence on the other.

Grandfathering and Transitional Provisions

Bulgaria adopted the full 18-month grandfathering period allowed under MiCA Article 143(3). Virtual-asset service providers in the National Revenue Agency register before 30 December 2024 could continue without a MiCA licence until 1 July 2026, or until a licence was granted or refused under MiCA Article 63, whichever came first.^[12][21] The application cut-off to benefit from grandfathering, for providers registered between 30 December 2024 and 8 July 2025, was 8 October 2025, three months after entry into force. That deadline has passed.

Conversion Mechanism

There is no automatic conversion. A legacy registrant must submit a full MiCA CASP application package under the same rules that apply to new applicants, in Bulgarian, with the FSC Ordinance No. 76 authorisation fee. Prior National Revenue Agency registration history is part of the fit-and-proper record but does not shortcut the substantive review. The FSC runs pre-application questionnaires and in-person pre-submission meetings with registered providers, which surface its expectations before the formal file is lodged.

Key Deadlines

Practical Implications

The most damaging mistake is treating the closed National Revenue Agency registration as if it still grants market access. It does not, and it never passported. Since 1 July 2026, a provider without an FSC authorisation, or at least a filed and pending application, is operating unlawfully and exposed to administrative penalty. For a new applicant the realistic timeline runs 4 to 9 months, so the right course is to incorporate, build the Bulgarian-language dossier, and file with documented urgency, or to wind down in an orderly way with client notification and custody return.

License Types and Activities Covered

The FSC issues a single MiCA Crypto-Asset Service Provider authorisation that is modular by service. The applicant chooses which of the ten MiCA crypto-asset services to provide, and the authorisation is granted for that bundle, mapped to one of three capital classes. Asset-referenced token issuance is a separate FSC authorisation; e-money token issuance falls to the Bulgarian National Bank under the Payment Services and Payment Systems Act.

Capital Classes

MiCA Annex IV and Article 67 group the ten services into three prudential classes. The own-funds requirement is the higher of the class floor or one quarter of the preceding year’s fixed overheads:

Under MiCA Annex IV, operation of a trading platform sits in the EUR 125,000 class, while custody and exchange sit in the EUR 150,000 class.

Covered Activities

The ten MiCA-regulated crypto-asset services are:

• Custody and administration of crypto-assets on behalf of clients. Holding client keys and crypto-assets in segregated arrangements. Applies to wallet providers, exchanges with custodial accounts, prime brokers.
• Operation of a trading platform for crypto-assets. Bringing together multiple third-party buying and selling interests within the system. Applies to spot exchanges and order-book venues.
• Exchange of crypto-assets for funds. Fiat-to-crypto and crypto-to-fiat conversion. Applies to on-ramps and off-ramps.
• Exchange of crypto-assets for other crypto-assets. Crypto-to-crypto conversion. Applies to swap services and DEX aggregators with custodial features.
• Execution of orders for crypto-assets on behalf of clients. Acting in a fiduciary capacity to execute client orders. Applies to brokerage desks.
• Placing of crypto-assets. Marketing of new crypto-assets to purchasers. Applies to launchpads and token-sale infrastructure providers.
• Reception and transmission of orders for crypto-assets on behalf of clients. Receiving client orders and transmitting them to a third party for execution. Applies to introducing brokers.
• Providing advice on crypto-assets. Personal recommendations to clients on crypto-asset transactions. Applies to investment advisers extending into crypto.
• Providing portfolio management on crypto-assets. Discretionary management of crypto-asset portfolios. Applies to asset managers.
• Providing transfer services for crypto-assets on behalf of clients. Moving crypto-assets from one address to another on behalf of a client. Applies to transfer-only operators.

What Does NOT Require CASP Authorisation

• Pure-peer-to-peer transfers between self-hosted wallets. No intermediary is acting on behalf of clients.
• Non-custodial software providers. Pure code that the user runs without the provider holding keys, taking custody, or executing orders.
• DAO governance participation in itself. Where there is no service provided on behalf of clients in a commercial capacity. The European Banking Authority and ESMA Joint Committee guidance distinguishes service provision from infrastructure.
• Bitcoin mining and validator operations. Pure validation activity falls outside MiCA’s CASP perimeter.
• NFTs that are genuinely unique and not fungible. MiCA excludes unique non-fungible crypto-assets, unless they are fungible or issued in a large series, subject to the European Commission’s pending review of the boundary.
• Lending and borrowing of crypto-assets. Crypto lending and staking are not, in themselves, regulated CASP services under MiCA, though they may fall under other national or EU law depending on structure.

Adjacent Authorisations and the BNB Role

A MiCA CASP authorisation does not confer the right to provide MiFID II investment services on financial instruments, payment services, or e-money issuance. Where the business model crosses these boundaries, a parallel authorisation is required and capital floors do not net. The most common crossover in Bulgaria is e-money tokens: EMT issuers are carved out of the BG MiCA Act, save the MiCA market-abuse rules, and must be authorised as an e-money or credit institution under the Payment Services and Payment Systems Act, with the Bulgarian National Bank as competent authority.^[10] A model that touches EMT issuance or reserve handling can pull in the BNB quickly, so classification comes first.

Asset-referenced token issuers stay with the FSC under MiCA Title III. Tokens that qualify as financial instruments fall under the Bulgarian Markets in Financial Instruments Act and MiFID II rather than MiCA, again supervised by the FSC. The boundary between a crypto-asset and a financial instrument is therefore the first question for any token model, because it determines both the regime and the regulator.

Tokenised securities and RWA

MiCA Article 2(4) excludes crypto-assets that qualify as financial instruments, so a tokenised security (a tokenised share, bond, or fund unit) is regulated not under MiCA but under MiFID II, the Prospectus Regulation, and the EU DLT Pilot Regime (Regulation (EU) 2022/858), supervised in Bulgaria by the Financial Supervision Commission. ESMA’s Guidelines on the qualification of crypto-assets as financial instruments set the security-versus-crypto boundary. The honest consequence: a Bulgarian MiCA CASP authorisation does not permit issuing or trading tokenised securities, which follow the MiFID securities regime instead. Where the model wraps tokenised fund units rather than instruments, the route runs through fund licensing under the underlying fund regime.

Reverse Solicitation

A non-EEA crypto-asset service provider may serve a Bulgarian client only where the client has initiated the service entirely on its own exclusive initiative, with no marketing directed at Bulgaria. The exemption is narrow. Any form of EU-targeted marketing, EU-language website content, geo-targeted advertising, app-store availability, or use of EU-based influencers voids the exemption under ESMA’s guidelines, which stress that it is exceptional and narrowly construed. Operators seeking systematic EEA market access cannot rely on reverse solicitation and must obtain a CASP authorisation in an EU member state. See the dedicated reverse solicitation under MiCA guide for the third-country compliance pattern.

Requirements

Two requirements determine whether a Bulgarian CASP application succeeds: own funds genuinely held and demonstrable, with an EU bank account in place for the capital deposit at application, and a Bulgarian operational substance the regulator can audit. Everything else, including governance, fit-and-proper, AML/CFT and DORA, is exacting but conventional. Add a third, jurisdiction-specific friction: the formal file is in Bulgarian.

Requirements Table

Fit-and-Proper Assessment

The Financial Supervision Commission assesses the suitability of the management body and qualifying shareholders under MiCA Article 68. The dimensions are knowledge and experience appropriate to the role, good repute, sufficient time commitment, financial probity, and the absence of prior regulatory sanction or involvement in failed regulated entities. Documents required include CVs, clean criminal-record extracts, professional history, and conflict-of-interest declarations. In practice, the regulator looks at how the team’s combined experience maps to the services the CASP intends to provide; a custody or trading model staffed by a team with no relevant operational track record will struggle.

Local Presence and Substance

EU establishment is mandatory under MiCA Article 59: a CASP must be a legal person established in the EU. In Bulgaria that means a real OOD, EOOD, or AD with a registered office, not a ghost address. Foreign ownership at 100% and non-resident directors are permitted, but the FSC tests governance, local presence, and operational reality. A local AML and compliance function is expected, and books and records should be maintained in Bulgaria. The minimum share capital for an OOD is nominal (BGN 2, about EUR 1), but it must be raised to the relevant CASP class capital before authorisation.

AML/CFT and Travel Rule

The Measures Against Money Laundering Act (MAMLA) applies to CASPs as obliged entities, requiring customer due diligence, risk scoring, five-year record-keeping, and suspicious-transaction reporting to the Financial Intelligence Directorate of the State Agency for National Security. The EU Transfer of Funds Regulation (Regulation 2023/1113) applies from 30 December 2024, with originator and beneficiary information accompanying crypto-asset transfers and information sharing via FID-SANS.^[14] The historical enhanced-due-diligence threshold under MAMLA was BGN 30,000 (about EUR 15,000). Enhanced due diligence is triggered by high-risk jurisdictions, politically exposed persons, complex ownership, and privacy-enhancing technologies. The forthcoming EU single rulebook and the Frankfurt-based AML Authority are the forward context.

Application Process

The Financial Supervision Commission must decide within 40 working days of a complete application under MiCA Article 63(9), preceded by a 5-working-day receipt acknowledgement and a 25-working-day completeness check. Real-world timelines from incorporation to authorisation run 4 to 9 months, with the long tail driven by documentation depth, the Bulgarian-language file, and the FSC’s information rounds.

Pre-application engagement: The FSC runs pre-application questionnaires and in-person pre-submission meetings with registered providers. The regulator’s expectation is that applicants come with a near-complete programme of operations and substantive draft documentation before engaging. No dedicated Bulgarian crypto sandbox has been identified as of June 2026.

Jagelski & Partners’ specialist compliance partners draft Bulgaria-specific AML/CFT policy manuals, business plans, DORA ICT frameworks, and Travel Rule procedures, and manage certified translation of the Bulgarian-language file as part of the MiCA CASP licensing engagement. Book a Licensing Assessment →

Required Documents

The application package follows the EBA Regulatory Technical Standards for CASPs, mapped to the BG MiCA Act and FSC procedure. The file spans corporate documents, personal documents for all assessed persons, a programme of operations, a three-year business plan, the bespoke compliance documentation, and the technology and operational resilience framework. The formal submission is in Bulgarian.

Corporate Documents

Articles of association of the Bulgarian OOD, EOOD, or AD, certificate of incorporation and extract from the Commercial Register, evidence of share capital and own funds, ownership chart down to ultimate beneficial owners, group structure where applicable, audited financial statements of the parent group where applicable, and evidence of the EU bank account arranged for the capital deposit.

Personal Documents (All Directors, Officers, UBOs, Qualifying Shareholders)

Identity documents, clean criminal-record extracts, CVs covering the full career history, professional references, declarations of any prior regulatory sanction, financial-probity declarations, conflict-of-interest declarations, and UBO disclosures filed via the Commercial Register. Foreign-language documents are translated and apostilled for the Bulgarian file.

Compliance Documentation

The compliance documentation is the most heavily scrutinised component of any Bulgarian CASP application. Jagelski & Partners’ specialist compliance partners draft each of these documents as part of the licensing engagement, bespoke and Bulgaria-specific, not templates adapted from other jurisdictions. Each document must reflect the applicant’s specific business model, risk profile, and operational structure.

Business Plan and Financial Projections

Three-year financial projections (base, downside, upside), revenue model by service, cost structure, capital adequacy projection against the MiCA Article 67 higher-of test, treasury and liquidity plan, and a wind-down plan demonstrating how clients would be made whole under an orderly exit.

Technology and Operational Documentation

Network and architecture diagrams, custody and key-management architecture, cybersecurity policy and information-security management system documentation, business continuity and disaster recovery plans, ICT third-party register, and incident-management playbooks. The level of detail expected on the ICT side stepped up with DORA, which became applicable to financial entities on 17 January 2025 and was transposed into Bulgarian law on 8 July 2025.

Costs and Pricing

The cheap figures of EUR 25 to EUR 6,500 circulating online refer to the old National Revenue Agency VASP registration or a single state fee, not the CASP build. The real Year 1 cost combines capital, the FSC Ordinance No. 76 fee, professional fees, compliance tooling, audit, and translation. Capital is usually the largest component, at EUR 50,000 to EUR 150,000 by class.^[9]

Government / FSC Fees

The one-off CASP authorisation fees are set by FSC Ordinance No. 76 of 12 June 2025, denominated in lev and shown below at the fixed euro conversion rate.^[8]

The widely repeated EUR 2,556 “Class 1” figure is wrong: that is the separate BGN 5,000 fee for other authorisations and approvals, not the cost of a Class 1 CASP licence. An asset-referenced token public-offering licence is BGN 35,000.

Total Cost Summary

The CASP authorisation is granted for an indefinite period; there is no renewal fee. Ongoing cost runs to the annual FSC supervision fee (fixed per service plus 0.03% of annual income), audit, the local compliance function, and ICT framework maintenance. The compliance documentation is a real line item, not a rounding error.

Timeline

The shortest realistic Bulgarian CASP timeline from incorporation to authorisation is around 4 months for a well-prepared single-service applicant. The longest, for a Class 3 custody and exchange applicant building team, ICT framework, and the Bulgarian-language file in parallel, runs to 9 months. The 40-working-day statutory decision window applies only once the FSC confirms a complete file.

In practice, what affects speed is documentation quality at first submission, since a thin AML/CFT manual or an under-specified ICT framework triggers information requests before the clock even starts. The common mistake is treating the 25-working-day completeness check as a formality. It is a substantive review of completeness, and a deficiency notice resets the cycle.

Taxation

Bulgaria runs a flat-tax model. Corporate income tax is a flat 10% and personal income tax is a flat 10%, among the lowest in the EU.^[3] Profit is taxed when it arises; there is no distributed-profits deferral to model. The attraction is real, but it comes with DAC8 visibility from 1 January 2026 and genuine substance expectations, so low-substance structures are exposed rather than rewarded.

Crypto-Asset Tax Treatment

The National Revenue Agency treats crypto as a financial asset for tax. For individuals, disposal gains are taxed under Article 33(3) of the Personal Income Taxes Act: taxable income is gains less losses, then a 10% standard deductible, giving an effective rate of roughly 9%.^[18] Filing is via Annex 5, with the return due by 30 April and payment by 30 June. Mining and staking income is taxed under business-income rules. For corporate holders, crypto-operating income falls within the flat 10% corporate base.

DAC8 / CARF Reporting

The EU DAC8 directive is live from 1 January 2026, aligned with the OECD Crypto-Asset Reporting Framework. Bulgarian CASPs report to the National Revenue Agency, with the first exchange of information in 2027 and no de minimis.^[18] Practical consequence: every Bulgarian CASP must capture and report reportable user information and reportable transactions from 1 January 2026 onward, which is also why low-substance structures are increasingly visible to the authorities.

Pillar Two (Global Minimum Tax)

Bulgaria implemented the EU Minimum Tax Directive, a 15% top-up tax for in-scope groups with consolidated revenue exceeding €750 million. The threshold is relevant only to large multinational groups and does not touch a standalone Bulgarian CASP in its growth phase. Operators that form part of a larger international group should model the Pillar Two interaction against the flat 10% domestic rate before any in-scope status change.

Ongoing Compliance & Post-Authorisation

An FSC CASP authorisation is granted for an indefinite period. Ongoing compliance is not an annual renewal event; it is a continuous supervisory relationship governed by supervisory reporting, material-change notifications, the annual supervision fee, audit, and ICT register maintenance under DORA.

Annual Reporting Obligations

Bulgarian CASPs file supervisory reports to the FSC under the MiCA Regulatory Technical Standards, audited annual financial statements, and a beneficial-ownership filing in the Commercial Register where ownership changes. DAC8 user and transaction reporting runs to the National Revenue Agency from 1 January 2026. ICT third-party register updates under DORA are maintained on an ongoing basis, with intra-year updates for material changes.

Supervision Fees

The annual supervision fee combines a fixed per-service component, from BGN 400 for reception and transmission of orders to BGN 12,000 for operating a trading platform, plus a variable 0.03% of total annual income.^[8] Recurring operational costs scale with the CASP’s size: registered office and operations, statutory and AML audit, and the local compliance function. The flat 10% tax keeps the post-tax burden of these costs lower than in higher-rate MiCA jurisdictions.

Regulatory Inspections and Powers

The FSC supervises authorised CASPs and may compel withdrawal or amendment of misleading marketing or white papers. Its enforcement powers include publishing measures (a naming-and-shaming function) and, in urgent cases, blocking websites, apps, or domains without a prior court order.^[10][16] Experienced operators treat the regulator as a counterparty to be kept informed, particularly given the pre-submission meeting culture, rather than a body to be engaged only at filing and audit.

Enforcement

Since the transitional period ended on 1 July 2026, providing crypto-asset services without an FSC authorisation is an administrative offence. Under MiCA and the BG MiCA Act, the FSC may impose administrative penalties for CASP infringements, with the heavier market-abuse penalties under MiCA Title VI. Authorisation can be withdrawn for sustained AML/CFT or DORA breach, false information in the application, or loss of fit-and-proper status. The FSC must issue express, reasoned decisions, which improves predictability for applicants and licensees alike.

Marketing Communications Rules

MiCA marketing-communications rules require communications to be fair, clear, and not misleading, identifiable as marketing, and consistent with the white paper where applicable. The FSC may compel withdrawal or amendment of non-compliant marketing. No Bulgaria-specific crypto-advertising prohibition beyond MiCA and general consumer law has been identified. Cross-border marketing into another EEA state follows the Article 65 passport notification.

ICT Risk Management & Operational Resilience

The Digital Operational Resilience Act (DORA) became applicable to financial entities on 17 January 2025 and was transposed into Bulgarian law on 8 July 2025, amending the Credit Institutions Act, the Payment Services and Payment Systems Act, and the Markets in Financial Instruments Act.^[13] DORA is not a layer on top of MiCA; it is a parallel direct-effect regulation. Compliance is documented through an ICT risk framework, an incident-management workflow, a third-party register, and resilience testing.

Applicable Regulation

Regulation (EU) 2022/2554 on digital operational resilience for the financial sector (DORA), applicable to financial entities from 17 January 2025 and transposed in Bulgaria from 8 July 2025, supplemented by the joint EBA/ESMA/EIOPA Regulatory Technical Standards and ITS on ICT risk management, incident classification and reporting, and the third-party register.

ICT Risk Management Framework

DORA Articles 5–14 require a documented ICT risk management framework proportionate to size and complexity, with the management body bearing ultimate responsibility under Article 5. The framework must cover ICT-risk identification, classification, mitigation, monitoring, response, and learning. Bulgarian CASPs should expect the FSC to test alignment between the policy framework and operational reality during supervisory engagement.

Incident Reporting

Major ICT-related incidents must be classified and reported to the national competent authority under DORA Articles 17–23, with initial, intermediate, and final reports per the joint RTS and ITS timelines. The FSC reporting channel mirrors the structure used for other supervised entities.

Testing and Resilience

Information security testing, vulnerability assessment, and business continuity testing are required at frequencies proportionate to the CASP’s significance. Significant CASPs designated under DORA Articles 26–27 face threat-led penetration testing on a three-year cycle, conducted by accredited testers and overseen by the competent authority.

Wallet Management

Wallet management is the CASP-specific operational-resilience concern, and the reason most operating exchanges end up in Class 3. The MiCA Article 75 standards on custody (segregated wallets, register of positions per client, daily reconciliation) intersect with DORA’s ICT third-party requirements where wallet infrastructure is outsourced. Hot-cold segregation, multi-signature thresholds, key-ceremony protocols, and disaster-recovery key reconstitution are baseline expectations.

Third-Party ICT Risk

Article 28(3) requires a maintained register of all ICT third-party service-provider arrangements at entity, sub-consolidated, and consolidated levels, with annual reporting to the competent authority. Critical ICT third-party service providers designated under the DORA pan-EU oversight framework face direct EU-level oversight. CASP outsourcing contracts must include audit rights, sub-outsourcing controls, exit plans, and DORA-aligned termination triggers.

Banking

Banking is the single biggest practical execution risk for a Bulgarian CASP. A licence opens the conversation, but it does not solve the problem. The right design is EMI-first, planned before authorisation, not after, for the reasons the rest of this section sets out.

The De-Risking Reality

Bulgarian crypto firms face significant bank de-risking. Domestic commercial banks routinely apply intensive anti-money-laundering checks and have frozen or closed accounts linked to crypto flows; case law on wrongful termination is limited and has generally not gone against the banks, in part because of the difficulty of proving damages.^[11] A CASP authorisation improves the conversation but does not guarantee an account: banks and EMIs still run enhanced due diligence on ownership, source of funds, wallet flows, and sanctions exposure, and grey-list status adds slower transactions and higher cost on top.

Practical Architecture: EMI-First

The realistic route for a licensed Bulgarian CASP is to rely on EU and EEA electronic money institutions and payment institutions specialising in crypto-adjacent client profiles for fiat rails and the capital deposit, rather than domestic retail banks.^[11] MiCA Article 67 own funds must be held as segregated regulatory own funds, not co-mingled with operating cash, and an EU bank account is required at application for the deposit. The binding constraint is concentration risk: a single-provider stack cannot survive a de-banking event, so build redundancy across operating, safeguarding, and acquiring layers from the start.

The Euro Tailwind

Euro adoption on 1 January 2026 is a structural positive for CASP banking over time.^[6] Beyond removing lev-euro conversion friction, it brings the country fully into the Banking Union, where it has been in close cooperation since 2018, aligning Bulgarian banks with ECB and SEPA-euro rails. The net effect, once FATF removal is finalised, should be a materially better banking environment than the grey-list years.

What Determines Provider Approval

In practice, four variables determine the answer:

• Asset mix. Bitcoin and major stablecoins are routinely onboardable. Privacy coins and mixer-adjacent business models are routinely declined.
• Ownership and source of funds. Grey-list-driven enhanced due diligence focuses on ultimate beneficial owners, source-of-funds narratives, and sanctions exposure. Opaque ownership chains are the most common reason for refusal.
• Capital and runway. Providers ask for evidence of operating capital in addition to the segregated MiCA prudential own funds. Treating capital as a paid-in formality fails this test.
• AML/CFT control evidence. Banks and EMIs frequently request the AML/CFT policy suite, sanctions framework, and Travel Rule documentation as part of their own enhanced due diligence. The documentation built for the FSC doubles as the banking pack.

Jagelski & Partners’ Banking Service

Jagelski & Partners’ banking partner network spans more than 90 credit institutions and EMIs across the EEA, the UK, Switzerland, and select offshore jurisdictions. Through that network, businesses placed more than fourteen billion euros in client turnover across banking and EMI relationships in 2025. Jagelski & Partners is paid by the institution, not by the client. We do not mark up institutional banking or EMI pricing. We do not charge an onboarding fee.

FATF Status & International Standing

Bulgaria’s international standing is the honest weak point. As of the June 2026 FATF plenary, Bulgaria remained on the FATF grey list of Jurisdictions under Increased Monitoring, and it was the only EU Member State on it.^[5] Removal is in progress but not finalised. The listing is the root cause of the banking difficulty set out in the banking section, which is why the next plenary is the date to watch.

FATF Grey List: Where Things Stand

At its June 2026 plenary, the FATF made the initial determination that Bulgaria had substantially completed its action plan and warranted an on-site assessment to verify that AML/CFT reforms have begun and are being sustained, and that the necessary political commitment remains in place.^[5] The remaining deficiency centres on improving the investigation and prosecution of money laundering linked to high-scale corruption and organised crime. Removal would materially improve the banking narrative, but until an on-site assessment is passed and the plenary delists Bulgaria, grey-list-driven enhanced due diligence applies.

MONEYVAL Standing

MONEYVAL, the Council of Europe FATF-style regional body, closed the fifth evaluation round for Bulgaria, and the country has implemented all 40 FATF Recommendations at the level of compliant or largely compliant.^[15] The technical-compliance picture is therefore strong; the open question is effectiveness, specifically the prosecution record. That distinction is the whole point here: what keeps Bulgaria under increased monitoring is an effectiveness shortfall, not a technical-compliance gap.

MiCA Passporting and EU Market Access

An FSC MiCA CASP authorisation confers the full MiCA passport across all 27 EU member states and the three EEA states via the Article 65 notification.^[4] The passport does not extend to Switzerland or the United Kingdom, both of which operate independent crypto-asset regimes.

Advantages and Limitations

Bulgaria’s advantages cluster around cost: a flat 10% tax, the lowest-band MiCA fees, and full EU passporting. Its limitations cluster around banking and reputation: the FATF grey list, bank de-risking, and a Bulgarian-language filing process. Each limitation below carries the mitigation that makes the trade-off workable.

• ✓ Flat 10% corporate and personal tax. Among the lowest in the EU, with crypto disposal gains for individuals effective at roughly 9%.
• ✓ Full MiCA passport from a single FSC authorisation. Cross-border services across the EU and EEA via Article 65 notification, with no separate national licences.
• ✓ Lowest-band authorisation fees. One-off FSC fees of BGN 10,000 to 60,000 by class under Ordinance No. 76, below several higher-cost MiCA jurisdictions.
• ✓ A live, proven regime. Two providers already hold Bulgarian CASP authorisations on the ESMA register, and the FSC must issue express, reasoned decisions.
• ✓ Euro adoption from 2026. The single currency removes lev-euro conversion friction and aligns Bulgarian banks with ECB and SEPA-euro rails over time.
• ✓ Predictable decision clock. 40 working days on a complete file under MiCA Article 63(9), with the silent-denial rule removed before enactment.
• × FATF grey list and bank de-risking. The binding constraint on the whole build. Mitigation: plan an EMI-first banking stack, budget for enhanced due diligence, build provider redundancy, and watch the next FATF plenary.
• × Bulgarian-language filing. The formal FSC file is in Bulgarian, adding translation and apostille cost and time. Mitigation: resource certified translation early, run it in parallel with drafting, and use the FSC pre-submission meeting to align before lodging.
• × Cost confusion in the market. The cheap legacy VASP figures are not the cost of a CASP licence. Mitigation: budget against the real build, capital plus Ordinance No. 76 fees plus compliance and ICT, with capital the largest line.
• × Substance and DAC8 visibility. The FSC tests governance and operational reality, and DAC8 reporting exposes low-substance structures. Mitigation: build a genuine Bulgarian entity with a local compliance function and books and records in country.
• × Early-stage regime depth. Only two CASPs are authorised as of May 2026, so supervisory and enforcement precedent is still forming. Mitigation: engage the FSC early through the pre-application route and treat the regulator as a counterparty to keep informed.

How Bulgaria Compares

Bulgaria’s natural peers under MiCA are Estonia, Lithuania, the Czech Republic, and Romania, the EU jurisdictions competing on cost-efficient passporting. The comparison shows Bulgaria as the tax leader of the group on headline rate, with the binding trade-off being banking, as it is the only one of the five on the FATF grey list.

Compare every crypto jurisdiction side by side →

Against that backdrop, the peers split cleanly. Estonia offers a distributed-profits model and an English-administrable process. Lithuania is fast but selective. Czech Republic is the slower, higher-cost option with a stable regulator. Romania is the closest peer on cost and timeline, without the grey-list overhang.

The honest read is that Bulgaria competes on price, not on banking ease: until FATF removal is finalised, the right comparison is between Bulgaria’s lower tax and fees and a peer’s easier fiat rails. Delisting, which the June 2026 plenary signalled is in progress, would leave the cost advantage standing with much less of the banking friction.

When Bulgaria Is the Right Choice

Choose Bulgaria if you...

• Want a genuine EU MiCA base with full passporting on the lowest headline tax in the group, a flat 10%
• Are cost-sensitive on government fees and can absorb the Bulgarian-language filing process
• Can build real Bulgarian substance and plan an EMI-first banking stack from the start
• Are comfortable watching the FATF grey-list position and treating banking as the binding constraint

Consider alternatives if you...

• Need easier fiat rails without grey-list overhang: Romania is the closest peer on cost and timeline
• Want a distributed-profits tax model and an English-administrable process: Estonia
• Want the fastest decision clock and can pass a selective regulator: Lithuania
• Prefer a stable, slower regulator and can absorb a higher Year-1 budget: Czech Republic

Not sure which column is you? Ask Emma. She compares these jurisdictions in seconds, in your language.

Common Mistakes in Bulgaria Applications

The recurring mistakes in Bulgarian CASP applications cluster around the regime transition, the cost reality, and the banking constraint. Almost all are preventable by reading the regime as it actually is, a live FSC licence on a grey-listed banking market.

• Treating the legacy VASP registration as if it still grants market access. The National Revenue Agency registration was an anti-money-laundering designation only. It never passported and it was closed on migration to the FSC. Since 1 July 2026 it confers nothing; a full FSC CASP authorisation is required.
• Quoting the cheap VASP fee as the cost of a CASP licence. The EUR 25 to EUR 6,500 figures circulating online refer to the old registration or a single state fee. The real CASP build, capital plus FSC Ordinance No. 76 fees plus the dossier and compliance work, is far higher, and capital alone is EUR 50,000 to EUR 150,000.
• Missing that the deadlines have passed. The grandfathering application cut-off (8 October 2025) and the operational end date (1 July 2026) are both behind us. A firm without a filed FSC application is no longer protected and is operating unlawfully.
• Under-budgeting banking. Failing to arrange an EU account to deposit and segregate the Article 67 own funds before filing stalls the application. Plan the EMI-first stack early.
• Mis-classifying tokens and services. Letting e-money or stablecoin features pull the model into Bulgarian National Bank competence, or treating a custody or trading model as Class 1 when it is Class 3, leads to the wrong authorisation and the wrong capital. Classify first.
• Filing in English only. The formal FSC file is in Bulgarian. Under-resourcing translation, apostilles, and the FSC pre-submission meeting delays the 40-working-day clock, because an incomplete or poorly translated file does not start it.
• Building a ghost entity. A Bulgarian company with no real substance fails the test. The FSC examines governance, local presence, and operational reality, and DAC8 reporting exposes thin structures to the tax authority.

Frequently Asked Questions

References