03/07/2026

Provision of crypto-asset services from 1 July 2026: Crypto licence and registration in Hanfa registers mandatory for providers; consumers urged to exercise caution

On 1 July 2026, the transitional period under Regulation (EU) 2023/1114 on markets in crypto-assets (MiCA) came to an end in Croatia and across the European Union. This marks the end of the period during which certain companies, namely Virtual Asset Service Providers (VASPs), were permitted to provide crypto-asset services without a licence, operating instead under the Anti-Money Laundering and Terrorist Financing Act. From now on, crypto-asset services in Croatia and throughout the European Union may be provided only by firms that have obtained authorisation under MiCA, i.e. Crypto-Asset Service Providers (CASPs).

The following legal entities are permitted to offer and provide crypto-asset services in Croatia:

  1. Croatian firms that have been granted authorisation by Hanfa to provide crypto-asset services (CASPs). These providers have obtained a crypto licence, are supervised by Hanfa and are entered in Hanfa's Register of Entities Authorized to Provide Crypto-Asset Services.
  2. Firms from other EU Member States that have been authorised by their home regulators to provide crypto-asset services and have expressed their intention to provide services to Croatian citizens. These are so-called notified entities, supervised by the competent authority of their home Member State and listed in Hanfa's List of Entities from EU Member States Authorised to Provide Crypto-Asset Services.
  3. Certain financial institutions already supervised by Hanfa or the Croatian National Bank that have expressed interest to provide crypto-asset services and completed the relevant notification procedure.

Hanfa urges users of crypto-asset services to exercise caution

Hanfa warns users of crypto-asset services about the risks associated with dealing with providers that are not included in Hanfa's registers, as they may, in the worst-case scenario, lose their assets or become victims of fraud. Before trading or transferring their funds or crypto-assets, consumers should undertake appropriate due diligence regarding the entity with which they intend to establish a business relationship.

Users are advised to identify the exact legal name of the provider through which they wish to trade and verify whether it appears in Hanfa's registers. For example, if a website does not clearly disclose the name of the legal entity operating the platform, this is often an indication that the firm may be providing crypto-asset services without authorisation or that the website may be fraudulent. Hanfa therefore recommends that consumers refrain from entering into a business relationship with such entities. Practice has shown that entities lacking authorisation frequently attempt to offer and provide crypto-asset services unlawfully.

Members of the public who identify such activities are encouraged to report the relevant entities to Hanfa at info@hanfa.hr so that appropriate measures can be taken to protect investors and market integrity.

VASPs that have not obtained a crypto licence

During the transitional period, 17 VASPs were listed in Hanfa's VASP register. Five of them initiated the authorisation process in a timely manner, obtained a licence to operate as CASPs before the end of the transitional period and were subsequently entered in Hanfa's CASP register. This enabled them to continue providing crypto-asset services after 1 July 2026 without interruption. 

VASPs that did not obtain a crypto licence are no longer legally permitted to provide crypto-asset services following the expiry of the transitional period. To protect clients' interests and verify compliance with the applicable regulatory requirements, Hanfa is monitoring the measures in relation to the cessation of the provision of crypto-asset services, taken by Croatian VASPs that failed to obtain authorisation in time. This includes assessing whether such providers have established plans for the orderly cessation of services, prepared adequate client communications and implemented mechanisms for the return of clients’ assets where those assets were held on behalf of clients.

Such VASPs were required to inform clients to whom they had been actively providing crypto-asset services that those services had ceased. Furthermore, where the VASP held client assets (funds and crypto-assets), it was required to return those assets to clients in accordance with their instructions.

It should be noted that these providers, like any other legal entity, may apply for MiCA authorisation at any time. However, they may provide crypto-asset services only after authorisation has been granted.  

What are crypto-asset services?

Crypto-asset services are services relating to crypto-assets (such as Bitcoin, Ethereum and USDC) that may be provided only by authorised firms.

The crypto-asset services most commonly provided to Croatian consumers include:

  • execution of orders for crypto-assets and crypto-asset exchange services
  • custody and administration of crypto-assets on behalf of clients, whereby an authorised provider safekeeps the means of access to clients' crypto-assets (including private cryptographic keys).

Other crypto-asset services include, for example: reception and transmission of orders for crypto-assets on behalf of clients, providing advice on crypto-assets, portfolio management on crypto-assets, operation of a trading platform for crypto-assets, etc.

Not all authorised firms provide all categories of crypto-asset services. Hanfa's registers clearly indicate which crypto-asset services each authorised firm is permitted to provide.

What is Hanfa's crypto licence?

To obtain Hanfa's authorisation to operate as a CASP, i.e. to provide crypto-asset services, a legal entity must satisfy a range of regulatory requirements, including requirements relating to:

  • the suitability of members of the management body and shareholders;
  • sufficient own funds, depending on the crypto-asset services to be provided;
  • established internal control mechanisms;
  • an adequate organisational structure;
  • effective arrangements for the prevention and detection of money laundering and terrorist financing;
  • management of ICT and security risks (risks arising from the inadequacy of information technologies, including cyber attacks), etc.

There is no guarantee that a firm initiating the authorisation process will ultimately obtain authorisation to operate as a CASP. The purpose of the authorisation process is to ensure a thorough and robust assessment of firms seeking to engage in activities involving clients' assets.

Once authorisation has been granted, the firm becomes a CASP, is entered in Hanfa's CASP register and becomes subject to Hanfa's supervision in respect of all of its crypto-asset-related activities, rather than solely in relation to anti-money laundering requirements, as was the case for VASPs.

EU regulators call on unauthorised providers to wind down orderly, while also safeguarding clients’ interests

The European Securities and Markets Authority (ESMA), in a statement prepared jointly with national competent authorities, has also called on providers to act responsibly following the end of the transitional period. ESMA clarified the steps that providers which have not obtained a MiCA authorisation are required to take after the expiry of the transitional period and urged consumers to exercise caution while explaining the measures available to protect their assets.

Clients of unauthorised CASPs, whether EU or non-EU entities, should be aware that they do not benefit from MiCA safeguards, including protections for their assets.  Clients using crypto-asset services in the EU are invited to verify whether their provider is authorised under MiCA in the ESMA Register and act promptly where this is not the case, including by transferring their crypto-assets to an authorised CASP, where one is identified, or to a self-hosted wallet. Clients experiencing difficulties should contact their provider in the first instance.

Unauthorised CASPs must communicate clearly, promptly and repeatedly with clients (retail and institutional) about the measures taken to safeguard their assets and the wind-down plans so that clients know the timeline to dispose of, transfer, reallocate or close their positions. CASPs’ communications should include a deadline by which any residual positions would be closed automatically and information about client protection requirements. Wind-down arrangements should be implemented in compliance with all relevant EU or national conduct laws and AML/CFT obligations.  

ESMA and national competent authorities are directly engaged with the entities concerned and will coordinate to monitor whether significant unauthorised cross-border CASPs wind down without delay, with a focus on client protection, financial stability and market integrity. They are also cooperating with the European Banking Authority (EBA) and the Anti-Money Laundering Authority (AMLA).  Within the ESMA cooperation framework, national competent authorities may, where necessary, take coordinated action against unauthorised CASPs after the transitional period.

SHARE THE ARTICLE

Other news items

All News
COOKIES

We need the necessary cookies in order for the site to function properly and in order to maintain security standards as much as possible by complying with all applicable regulations.

This category of cookies can also be called so-called. third-party cookies. Statistical cookies also belong to the group of functional cookies that allow us to store previously entered information (such as username or language) on the web service and to improve the possibility of providing a better service by tracking analytics or visit statistics. We must inform you that when using this category of cookies, data is transferred to third countries.