Detailed overview
Bulgaria: FSC MiCA Authorisation under the Markets in Crypto-Assets Act
Bulgaria is a full MiCA jurisdiction. The Bulgarian Markets in Crypto-Assets Act is now in force and has replaced the former AML-only virtual-asset registration route with a MiCA authorisation and notification framework.
Regulator
The main regulator for stand-alone crypto-asset service providers is the Bulgarian Financial Supervision Commission.
The Bulgarian National Bank is relevant for e-money tokens and for crypto-asset service providers that are entities supervised by the BNB. Banks, e-money institutions, payment institutions, credit institutions and other prudentially supervised entities require a separate competence analysis before filing.
Licensing route
A business that provides crypto-asset services in or from Bulgaria generally needs MiCA authorisation from the FSC unless it is an eligible financial entity using the Article 60 notification route or another valid MiCA route.
Authorised crypto-asset services include custody and administration of crypto-assets for clients, operation of a crypto-asset trading platform, exchange of crypto-assets for funds, exchange of crypto-assets for other crypto-assets, execution of client orders, placing of crypto-assets, reception and transmission of orders, advice on crypto-assets, portfolio management on crypto-assets, and crypto-asset transfer services for clients.
The licence perimeter applies only where the asset is a crypto-asset within MiCA. Tokens that qualify as financial instruments, deposits, fund interests, insurance products, e-money outside the relevant MiCA treatment, or other regulated products require separate legal analysis.
Licence classes
Bulgaria follows the MiCA class structure for crypto-asset service providers.
Class 1 covers lower-risk service models such as execution of orders, placing, transfer services, reception and transmission of orders, advice and portfolio management.
Class 2 includes custody and administration of crypto-assets, exchange of crypto-assets for funds, and exchange of crypto-assets for other crypto-assets.
Class 3 covers operation of a crypto-asset trading platform.
The class analysis is important because it affects fees, prudential treatment, internal controls and the scope of the application.
Article 63 authorisation
A stand-alone crypto-asset service provider generally applies for MiCA authorisation through the FSC.
Applications are submitted under MiCA, the Bulgarian Markets in Crypto-Assets Act, Ordinance No. 77 and the applicable EU regulatory technical and implementing standards. Applications may be filed in person, through the FSC electronic system, by official email, or through secure electronic delivery. Electronic filings must be signed with a qualified electronic signature. Documents are generally submitted in Bulgarian.
A credible application should include a complete service mapping, legal perimeter analysis, three-year business plan, governance package, ownership and qualifying-holder information, management fit-and-proper materials, own funds or insurance analysis, AML/CFT framework, outsourcing framework, DORA and ICT-risk materials, custody and safeguarding arrangements, complaints procedures, conflicts management, client disclosures, order-execution or platform rules where relevant, recordkeeping procedures, internal policies, constitutional documents and proof of fee payment.
Article 60 notification
Article 60 is not a general shortcut for all applicants. It is a notification route for eligible financial entities that are allowed under MiCA to provide equivalent crypto-asset services.
Entities using this route must submit the required Article 60 information and receive confirmation from the FSC that the notification is complete before providing the relevant crypto-asset services.
A regulated entity that wants to provide services outside the scope of its Article 60 permission may still need full CASP authorisation.
Local substance
Bulgaria should not be treated as a shell-registration jurisdiction. The FSC expects real local substance and operational readiness.
An applicant should have its registered office in Bulgaria and part of its crypto-asset services or activities carried out in Bulgaria. The FSC expects at least one executive officer resident in Bulgaria and fully dedicated to the CASP, staff actually working in Bulgaria, and a business model that includes Bulgarian activity.
Outsourcing is possible, but it is reviewed case by case and does not remove responsibility from the authorised provider. A model with only a formal Bulgarian address, no local staff and all key decisions taken outside the EU is likely to create licensing risk.
Timing
The FSC has indicated that review of submitted documentation can take four to five months, and the timeline may be extended if the file is incomplete or if further information is requested.
Transitional providers that wanted a realistic chance of authorisation before the end of the transitional period were expected to submit their applications by 16 February 2026.
The practical timing of a new application depends heavily on service class, ownership complexity, management suitability, outsourcing, ICT readiness, AML/CFT controls and the quality of the filing.
Transitional position
Bulgaria’s transitional period runs until 1 July 2026.
Persons that were registered with the National Revenue Agency before 30 December 2024 under the former AML virtual-asset regime may temporarily continue their activity in Bulgaria until 1 July 2026 or until the FSC grants or refuses MiCA authorisation, whichever occurs earlier.
Entry in the FSC transitional register is not a MiCA licence. The FSC has expressly stated that persons in that register do not hold a MiCA licence and that the FSC has not examined their business model or the validity of the services they provide.
After 1 July 2026, Bulgaria-facing crypto-asset services should be provided only by a duly authorised MiCA CASP, a provider using a valid Article 60 notification route, or another valid MiCA route.
Costs
FSC licence fees are class-based.
The licence fee is BGN 10,000 for class 1, BGN 20,000 for class 2 and BGN 60,000 for class 3.
The Article 60 notification route is also subject to class-based fees. The current fee table lists BGN 10,000 for class 1, BGN 20,000 for class 2 and BGN 60,000 for class 3 notifications.
Licence-extension fees apply where a provider expands its scope. The current fee table lists BGN 12,000 for extension from class 1 to class 2 and BGN 37,000 for extension from class 2 to class 3.
Annual supervision fees are service-specific. Fixed annual components include BGN 800 for custody and administration, BGN 12,000 for operation of a trading platform, BGN 3,200 for exchange services, BGN 1,000 for execution of orders, BGN 600 for placing, BGN 400 for reception and transmission, BGN 800 for advice, BGN 1,600 for portfolio management and BGN 10,000 for transfer services.
The fee table should be checked immediately before filing because fee ordinances may be amended.
Ongoing obligations
Bulgarian CASPs must comply with MiCA, the Bulgarian Markets in Crypto-Assets Act, Ordinance No. 77, transfer-of-funds rules, DORA-related operational-resilience requirements and applicable AML/CFT obligations.
Ongoing obligations include governance, own funds or insurance, management suitability, internal controls, risk management, compliance, complaints handling, conflicts management, outsourcing oversight, ICT security, recordkeeping, client disclosures, custody safeguards, trading-platform rules, exchange rules, execution rules, order reception and transmission rules, advice and portfolio-management rules, and transfer-service duties.
AML/CFT, sanctions screening, transaction monitoring and travel-rule implementation should be treated as core regulatory controls, not as afterthoughts.
Enforcement risk
Bulgaria is not a light-touch jurisdiction.
The FSC may require remedial measures, suspend crypto-asset services, prohibit services, require publication of essential information and publicly disclose non-compliance.
The FSC may also order technical measures affecting hosting providers, domain registrars, platforms and interfaces where needed to stop violations or prevent serious harm.
Natural-person fines for key MiCA breaches may reach BGN 700,000, with higher limits for repeated breaches.
For legal persons, sanctions for CASP breaches may reach the greater of BGN 5,000,000 or 2.5 percent of annual turnover. For repeated breaches, the maximum may reach the greater of BGN 10,000,000 or 5 percent of annual turnover. Where profit or avoided loss can be quantified, sanctions may be increased up to twice that amount.
Practical assessment
Bulgaria is suitable for firms that want an EU MiCA authorisation through a jurisdiction with a defined statutory framework, a published application ordinance and an active regulator.
It is not suitable for firms looking for a paper registration, a low-substance structure or continued reliance on the former AML registration regime.
The main execution risks are incorrect service classification, assuming transitional register entry is a MiCA licence, relying on the transitional period too late, failing to show Bulgarian substance, underestimating FSC documentation expectations, and filing before governance, AML/CFT, ICT, outsourcing and management-suitability materials are ready.