Licentium

Fintech Licensing Hub

Cyprus

Cyprus regulates crypto under MiCA with CySEC as competent authority for CASPs and ART issuers, while e-money tokens fall to the Central Bank of Cyprus; the pre-MiCA national CASP register is being decommissioned, Cyprus took the full 18-month grandfathering to 1 July 2026, and CySEC required applications by 27 February 2026. Payments and e-money run under the Provision and Use of Payment Services and Access to Payment Systems Laws (PSD2) and the Electronic Money Laws (EMD2), supervised by the CBC, with the Instant Payments Regulation and DORA in force and PSD3/PSR approaching adoption. Gambling is unusual: the National Betting Authority licenses land-based (Class A) and online (Class B) betting under the Betting Law of 2019, but online casino is prohibited and land-based casino gaming is confined to a single integrated-resort licence — and a December 2025 tax reform raised corporate tax to 15% and introduced a flat 8% tax on certain crypto gains from 1 January 2026.

Available licences

Crypto-Asset Service Provider authorisation (CySEC under MiCAR)

Custody, operation of a trading platform, exchange of crypto-assets for funds or other crypto-assets, execution, placing, reception and transmission of orders, advice, portfolio management and transfer services require CySEC authorisation under Article 63 MiCAR. CySEC is one of the EU's more active CASP authorising authorities; an authorisation passports across the EEA.

Asset-Referenced Token (ART) issuer authorisation (CySEC)

Public offering or admission to trading of a token referencing a basket of values, rights or currencies requires authorisation as an ART issuer under Title III MiCAR, with reserve, custody and disclosure requirements, supervised by CySEC.

E-Money Token (EMT) issuer (credit institution or EMI; CBC)

EMTs may be issued only by an authorised credit institution or e-money institution, with redemption at par; EMTs fall outside CySEC's mandate and are supervised by the Central Bank of Cyprus, consistent with its prudential role over e-money.

Article 60 MiCAR notification route (existing financial institutions)

Cyprus Investment Firms, AIFMs, UCITS management companies, credit institutions and other authorised entities may provide specified crypto-asset services by notifying CySEC for the services their existing licence covers.

Payment Institution authorisation (CBC under the Payment Services Law)

A licence to provide payment services under the Provision and Use of Payment Services and Access to Payment Systems Laws, supervised by the CBC; the applicant must be incorporated in Cyprus and carry out at least part of its payment business there.

E-Money Institution authorisation (CBC under the Electronic Money Law)

A licence to issue electronic money and provide related payment services, with EUR 350,000 minimum initial capital and ongoing own funds, supervised by the CBC. CASPs whose EMT-related services qualify as payment services must hold a CBC PI/EMI authorisation or partner with an authorised PSP.

Account Information Service Provider registration (CBC)

Account information service providers register with the CBC under the Payment Services Law, with strong customer authentication under PSD2.

Banking authorisation (CBC / ECB SSM under the Business of Credit Institutions Law)

Deposit-taking and lending require a banking licence under the Business of Credit Institutions Law. The CBC is the national supervisor; with euro-area membership, the ECB decides for significant institutions and oversees less significant ones within the SSM.

Cyprus Investment Firm authorisation (CySEC — MiFID II)

Investment services in financial instruments require authorisation as a Cyprus Investment Firm under the Investment Services and Activities and Regulated Markets Law transposing MiFID II, supervised by CySEC.

Class A land-based betting licence (NBA under the Betting Law)

A bookmaker's licence for land-based betting in licensed premises, issued by the National Betting Authority, excluding online betting and horserace betting.

Class B online betting licence (NBA under the Betting Law)

A licence for online betting issued by the NBA, excluding slot machines, online casino games, online horserace betting and lotteries; online casino gaming is prohibited in Cyprus.

Integrated casino-resort licence (Cyprus Gaming and Casino Supervision Commission)

A single exclusive land-based casino-resort licence under the Casino Operations and Control Law of 2015, with the right to operate up to four satellite casinos; supervised by the Cyprus Gaming and Casino Supervision Commission.

Detailed overview

Cyprus at a glance

Cyprus pairs euro-area membership with a deep cross-border financial-services sector and an active MiCA regulator, against an unusually restrictive gambling backdrop. Crypto is supervised by CySEC (CASPs and ART issuers) with EMTs falling to the CBC; the pre-MiCA national CASP register is being decommissioned and the transitional regime expired on 1 July 2026. Payments run under the Payment Services and Electronic Money Laws with the CBC as supervisor and the Instant Payments Regulation and DORA in force. Betting is licensed by the National Betting Authority, online casino is prohibited, and land-based casino gaming is confined to a single integrated resort. A December 2025 tax reform raised the corporate rate to 15% and introduced a flat 8% tax on certain crypto gains from 1 January 2026.

Crypto regime under MiCA — CySEC-led, active authoriser, post-transition:

  • MiCA + national designation — Regulation (EU) 2023/1114 (MiCAR); CySEC is the designated competent authority, and the pre-MiCA national CASP regime under the Prevention and Suppression of Money Laundering and Terrorist Financing Law (as amended in 2021) is being decommissioned
  • Competent authorities — CySEC for CASP authorisation, ART issuers and crypto-assets other than EMTs (Titles II, III, V); EMT issuers fall outside CySEC's mandate and are supervised by the Central Bank of Cyprus as e-money issuers
  • Grandfathering — closed. Cyprus took the full 18-month transitional period to 1 July 2026; CySEC stopped accepting national CASP registrations from 17 October 2024 and required existing providers to file a complete MiCA application by 27 February 2026, with non-filers required to submit a wind-down plan and cease by 1 July 2026
  • Article 60 notifications — Cyprus Investment Firms, AIFMs and UCITS management companies may notify CySEC to provide crypto-asset services within their existing authorisation
  • PSD2 interplay — under the EBA's No-Action Letter, CASPs whose EMT transfer or custody services qualify as payment services had to obtain a CBC PI/EMI authorisation or partner with a PSP, with the transitional period ending 2 March 2026
  • AML/CFT — the Prevention and Suppression of Money Laundering and Terrorist Financing Law applies; the EU AML package (Regulation (EU) 2024/1624 / AMLR, with AMLA in Frankfurt) applies from 10 July 2027; the Cyprus FIU is MOKAS
  • TFR — Regulation (EU) 2023/1113 (recast Transfer of Funds Regulation) applies the Travel Rule to crypto-asset transfers from 30 December 2024
  • Tax — from 1 January 2026 the standard corporate income tax rate is 15% (up from 12.5%), and a flat 8% tax applies to certain crypto gains (including sale, exchange and use as payment; mining excluded) under the December 2025 tax reform — confirm treatment for a specific model with Cyprus tax counsel

Payments and e-money regime (CBC-led):

  • PSD2 — Directive (EU) 2015/2366; transposed by the Provision and Use of Payment Services and Access to Payment Systems Laws of 2018 to 2025, supervised by the CBC
  • Payment Institution licensing — initial capital EUR 20,000 (money remittance), EUR 50,000 (payment initiation) and EUR 125,000 (other payment services)
  • EMD2 / E-Money Institution — the Electronic Money Laws of 2012 and 2018; EUR 350,000 initial capital plus ongoing own funds scaled to outstanding e-money
  • Open banking — account information and payment initiation services under the Payment Services Law, with strong customer authentication
  • Instant Payments Regulation (Regulation (EU) 2024/886) — euro instant payments: receiving applicable from 9 January 2025 and sending from 9 October 2025
  • DORA (Regulation (EU) 2022/2554) — applicable from 17 January 2025
  • PSD3 / PSR — Commission proposals of 28 June 2023; provisional political agreement reached 27 November 2025, with final compromise texts published 23 April 2026 and formal adoption expected during 2026; the package will repeal PSD2 and EMD2 and fold e-money institutions into payment institutions, with PSD3 transposed nationally and the PSR directly applicable after a phased timeline
  • Banking — banks are licensed by the CBC under the Business of Credit Institutions Law, with the ECB deciding for significant institutions under the SSM
  • Currency: euro (EUR), in the euro area since 2008; no exchange controls; financial services exempt from VAT

Gambling regime — betting-only online, single casino resort:

  • Betting Law of 2019 (Law 37(I)/2019) — the framework for betting, administered by the National Betting Authority, with two licence classes: Class A (land-based betting) and Class B (online betting)
  • Online casino prohibited — only online sports betting is licensed; online casinos, poker, slot machines, bingo, betting exchanges and spread betting are prohibited, with criminal penalties under Article 79 (players up to one year and/or EUR 50,000; providers up to five years and/or EUR 300,000)
  • Casino gaming — land-based only, under the Casino Operations and Control Law of 2015 (Law 124(I)/2015), with a single exclusive integrated-resort licence plus up to four satellite casinos, supervised by the Cyprus Gaming and Casino Supervision Commission
  • Horse-race betting and lotteries — horse-race betting falls under the Nicosia Race Club; numerical games and the state lottery are operated by OPAP Cyprus, with private lotteries licensed by the government
  • Class B requirements — a Cyprus company (or branch) with share capital of at least EUR 500,000 and a bank guarantee of around EUR 550,000; licences run for one or two years and are non-transferable; client funds are held in segregated accounts
  • Tax — a 10% betting tax on gross gaming revenue payable to the Republic, plus a contribution to the NBA
  • Minimum age — 18 for betting; 21 for the integrated casino resort; operators are AML obliged entities, and the NBA maintains a public blocking list of unlicensed sites
  • No EU passport — gambling is licensed nationally; offering online betting to Cyprus residents without an NBA Class B licence is prohibited

Last verified: July 2026. Reference rate: USD 1 = EUR 0.87 (EUR 1 = USD 1.15). Cyprus has been in the euro area since 2008.

Cyprus is a euro-area financial hub: crypto runs under MiCAR with CySEC authorising CASPs (e-money tokens falling to the Central Bank of Cyprus), payments sit under the Payment Services and Electronic Money Laws with the CBC as supervisor, and gambling is unusually restrictive — the National Betting Authority licenses betting only, online casino is prohibited, and land-based casino gaming is confined to a single integrated resort.

Is there a crypto licence in Cyprus?

Yes. Cyprus applies MiCAR with CySEC as competent authority for CASPs and ART issuers, while EMT issuers fall to the Central Bank of Cyprus. The pre-MiCA national CASP register is being wound down; the transitional window expired on 1 July 2026 and the CySEC application deadline passed on 27 February 2026.

The legal foundation:

  • Regulation (EU) 2023/1114 (MiCAR) — the directly applicable EU framework for offerings, admission and crypto-asset services
  • CySEC designation — CySEC is the competent authority for CASPs and ART issuers; the prior national CASP regime under the AML/CFT Law is being decommissioned
  • Prevention and Suppression of Money Laundering and Terrorist Financing Law — AML/CFT obligations for CASPs
  • Regulation (EU) 2023/1113 — Travel Rule for crypto-asset transfers

Structure:

  • A Cyprus legal entity with genuine local substance and management
  • MiCAR own-funds floors by class — EUR 50,000 (Class 1), EUR 125,000 (Class 2), EUR 150,000 (Class 3) — paid-up qualifying own funds held in a Cyprus credit institution at application, with the higher of the floor or a fixed-overheads measure
  • Fit-and-proper management and qualifying shareholders, AML officers, a white paper for in-scope offerings, and custody, conflicts, complaints and market-abuse arrangements

Operational reality:

  • CySEC is an experienced securities regulator that has positioned Cyprus as an active MiCA jurisdiction; it ran a preliminary application phase and engages with applicants
  • Cyprus offers an English-speaking professional ecosystem and EEA passporting, though the 2026 tax reform raised the corporate rate to 15% and introduced a flat 8% tax on certain crypto gains
  • New Cyprus-facing activity must be structured through a CySEC authorisation, a valid passport or an Article 60 notification — the national register no longer provides a standalone basis to operate

Official CASP roadmap: CySEC sets out its CASP authorisation path through official announcements and circulars rather than a single roadmap document — a preliminary application phase opened in November 2024, existing providers had to apply by 27 February 2026, the transitional period ended 1 July 2026, and non-filers must wind down. CySEC publishes the application and notification forms (Article 60 notifications to authorisations@cysec.gov.cy) and a MiCA overview, including the CySEC MiCA Regulation Overview and Crypto-Asset Service Providers page.

Payments & E-money (CBC — PSD2 / EMD2)

Best for payment, remittance, acquiring, wallet and open-banking operators that want an English-speaking euro-area base supervised by the Central Bank of Cyprus.

What it is: Authorisation as a payment institution or e-money institution under the Cyprus Payment Services and Electronic Money Laws, supervised by the CBC and passportable across the EEA.

Who it suits: Money-remittance and transfer providers, acquirers, card and wallet issuers, payment-initiation and account-information providers, and e-money issuers seeking an EU foothold with a mature services sector.

Covers: The payment services under the Payment Services Law — incoming and outgoing transactions, transfers, card and instrument-based payments, money remittance, payment initiation and account information — plus issuance of electronic money.

Operational requirement: A Cyprus entity carrying out at least part of its payment business locally; minimum initial capital by service type; ongoing own-funds and safeguarding of client funds; strong customer authentication; AML/CFT; DORA operational-resilience obligations; and fit-and-proper management.

Headline figures

  • Primary instruments: Provision and Use of Payment Services and Access to Payment Systems Laws of 2018 to 2025 (PSD2); Electronic Money Laws of 2012 and 2018 (EMD2); Instant Payments Regulation (EU) 2024/886; DORA (Regulation (EU) 2022/2554)
  • Regulators: CBC (authorisation and supervision); ECB (SSM, for significant banks)
  • Entry capital: payment institutions EUR 20,000 / 50,000 / 125,000 by service type; e-money institutions EUR 350,000 plus ongoing own funds
  • Crypto interplay: CASPs whose EMT services qualify as payment services need a CBC PI/EMI authorisation or a PSP partnership (EBA No-Action Letter, transition ended 2 March 2026)
  • Instant payments: euro instant payments — receiving from 9 January 2025, sending from 9 October 2025
  • Reform pipeline: PSD3 / PSR — political agreement November 2025, compromise texts April 2026, adoption expected during 2026; EMD2 to be repealed and EMIs folded into payment institutions
  • Currency: EUR (euro area since 2008); no exchange controls

Is there a gambling licence in Cyprus?

Partly. The National Betting Authority licenses land-based (Class A) and online (Class B) betting under the Betting Law of 2019, but online casino is prohibited, and casino gaming is confined to a single land-based integrated resort regulated separately. There is no general online-casino licence.

The legal foundation:

  • Betting Law of 2019 (Law 37(I)/2019) — betting framework administered by the National Betting Authority
  • Casino Operations and Control Law of 2015 (Law 124(I)/2015) — single integrated-resort casino regime supervised by the Cyprus Gaming and Casino Supervision Commission
  • Prevention and Suppression of Money Laundering and Terrorist Financing Law — AML obligations for operators
  • Ministry of Finance — gambling policy

Structure:

  • Class A (land-based betting) and Class B (online betting) licences are issued by the NBA to a Cyprus company or a foreign company with a Cyprus branch
  • Online casino, poker, slots, bingo, betting exchanges and spread betting are prohibited, with criminal penalties under Article 79 of the Betting Law
  • Casino gaming is available only at the single licensed integrated resort and up to four satellite casinos, supervised by the Cyprus Gaming and Casino Supervision Commission

Gambling — Class B online betting licence (NBA)

Best for sports-betting operators able to incorporate in Cyprus and meet capital and guarantee requirements; not for online-casino, poker or slots operators, which are prohibited.

What it is: An NBA Class B licence for online betting under the Betting Law of 2019, excluding casino games, slots, online horserace betting and lotteries, for a one- or two-year term.

Who it suits: Online sports-betting operators with a Cyprus company (or branch) and the required capital and guarantee.

Covers: Online sports betting within the licence scope; online casino and related products are excluded and prohibited.

Operational requirement: A Cyprus entity with share capital of at least EUR 500,000, a bank guarantee of around EUR 550,000, segregated client accounts, AML/CFT and player-protection controls, and NBA technical compliance.

Headline figures

  • Primary instruments: Betting Law of 2019 (Law 37(I)/2019); NBA directives and codes
  • Regulators: National Betting Authority (betting); Cyprus Gaming and Casino Supervision Commission (casino)
  • Costs: share capital of at least EUR 500,000 and a bank guarantee around EUR 550,000 for Class B; licence and supervision fees — confirm current figures with the NBA
  • Tax/duty: 10% betting tax on gross gaming revenue plus an NBA contribution
  • Prohibited online: casino games, poker, slots, bingo, betting exchanges and spread betting
  • Player protection: minimum age 18 (21 for the casino resort); AML obligations; NBA blocking list of unlicensed sites

Costs and timelines at a glance

  • Crypto: MiCAR with CySEC for CASPs/ARTs and CBC for EMTs; own-funds floors EUR 50,000 / 125,000 / 150,000 by class; Article 63 timeline of a 25-working-day completeness check plus a 40-working-day decision; transitional regime closed 1 July 2026 (CySEC application deadline 27 February 2026)
  • Payments primary instruments: Payment Services and Access to Payment Systems Laws (PSD2); Electronic Money Laws (EMD2); Instant Payments Regulation (EU) 2024/886; DORA
  • Payments regulators: CBC (authorisation and supervision); ECB (SSM, banks)
  • Banking entry: authorisation under the Business of Credit Institutions Law; CBC national supervisor, ECB for significant institutions under the SSM
  • Reform pipeline: PSD3 / PSR — agreement November 2025, compromise texts April 2026, adoption expected during 2026
  • Gambling: NBA betting regime under the Betting Law of 2019 (Class A land-based, Class B online); online casino prohibited; casino gaming confined to a single integrated resort; 10% betting tax on GGR
  • Tax: corporate income tax 15% from 1 January 2026 (up from 12.5%); flat 8% tax on certain crypto gains
  • Currency: EUR (euro area since 2008); no exchange controls
  • FX: USD 1 = EUR 0.87 (EUR 1 = USD 1.15)

Who Cyprus suits and who it does not

Suitable for

  • Crypto exchanges, custodians and token issuers wanting a MiCAR CASP authorisation from an experienced, active regulator with EEA passporting and an English-speaking professional sector
  • Cyprus Investment Firms, AIFMs and UCITS managers that can add crypto-asset services through the Article 60 notification route
  • Payment, remittance, acquiring, wallet and open-banking operators seeking a euro-area base under CBC supervision, including crypto on/off-ramp structures pairing a CASP with a payment licence
  • E-money issuers and fintechs that value Cyprus's passporting and mature corporate-services ecosystem
  • Sports-betting operators willing to incorporate in Cyprus and meet the NBA's capital, guarantee and player-protection requirements

Not suitable for

  • Firms seeking a bespoke or light-touch national crypto regime — Cyprus applies MiCAR in full, with CySEC/CBC supervision and a local-substance expectation
  • Providers relying on the former national CASP registration — the transitional window closed on 1 July 2026 and the application deadline passed on 27 February 2026
  • Payment or e-money firms expecting to avoid EU prudential, safeguarding, DORA or AML obligations
  • Online-casino, poker, slots or bingo operators — these are prohibited in Cyprus, with criminal penalties for unlicensed activity
  • Operators expecting to offer online betting to Cyprus residents without an NBA Class B licence, or to run a casino outside the single licensed integrated resort

Ready to launch without the regulatory guesswork?

Book a 30-minute consultation with a senior advisor and talk through your route.

Get Started