Detailed overview
Greece: HCMC and Bank of Greece MiCA Framework under Law 5193/2025
Greece is a full MiCA jurisdiction. The Greek framework is based on Regulation 2023/1114 and Greek Law 5193/2025.
The main authority for a standard crypto-asset service provider application is the Hellenic Capital Market Commission.
The Bank of Greece is relevant for credit institutions, electronic-money institutions, payment institutions and certain asset-referenced token and e-money token matters.
Greece should not be treated as a simple legacy registration jurisdiction. The Greek transition is time-limited and applies only to qualifying legacy providers.
Regulator
The main regulator for a standard unregulated Greek crypto-asset service provider is HCMC.
HCMC is the competent authority for ordinary CASP authorisation where the applicant is not a credit institution, electronic-money institution or payment institution.
The Bank of Greece has competence for specified MiCA matters involving credit institutions, electronic-money institutions and payment institutions. It is also relevant to e-money tokens and specified asset-referenced token matters.
The correct regulator must be checked before filing. This is especially important for banks, electronic-money institutions, payment institutions, e-money token activity, asset-referenced token activity, payment-like flows and group-regulated structures.
Licensing route
A business that provides crypto-asset services in or from Greece generally needs MiCA authorisation as a crypto-asset service provider unless it is an eligible financial entity using Article 60 or a duly authorised EU CASP passporting into Greece.
The relevant crypto-asset services are custody and administration of crypto-assets for clients, operation of a crypto-asset trading platform, exchange of crypto-assets for funds, exchange of crypto-assets for other crypto-assets, execution of client orders, placing of crypto-assets, reception and transmission of orders, advice on crypto-assets, portfolio management on crypto-assets and transfer services for clients.
Transfer services are a separate MiCA service and should be included in the service-mapping analysis.
The licence perimeter applies only where the asset is within MiCA. Tokens that qualify as financial instruments, deposits, structured deposits, fund interests, payment instruments, non-MiCA e-money arrangements, insurance products or other regulated products require separate legal analysis.
Article 63 authorisation
A standard unregulated Greek CASP applicant applies to HCMC for MiCA authorisation.
HCMC Decision 8/1059/30.07.2025 sets out the procedure and manner for submitting CASP authorisation applications before HCMC. The application framework is based on MiCA Articles 62 and 63, the applicable EU technical standards and Greek Law 5193/2025.
A credible Greek application should include a full service map, legal perimeter analysis, programme of operations, business plan, constitutional documents, proof of prudential safeguards, governance materials, management fit-and-proper evidence, qualifying-holder information, internal controls, AML and counter-terrorist-financing procedures, sanctions controls, TFR procedures, risk assessment, business-continuity plan, ICT and DORA materials, client-asset and client-fund segregation procedures, complaints procedures, conflicts management, outsourcing framework, custody policy where relevant, trading-platform rules and market-abuse systems where relevant, exchange commercial policy and pricing methodology where relevant, execution policy where relevant, advice and portfolio-management competence evidence where relevant and transfer-service procedures where relevant.
HCMC materials also provide for pre-application interaction. A preliminary meeting or initial evaluation can be useful where the applicant has already concluded that the proposed activity falls within MiCA and intends to apply for authorisation in Greece.
Article 60 notification
Article 60 is not a general shortcut for unregulated applicants. It is a notification route for specified regulated financial entities and permitted equivalent crypto-asset services.
The Article 60 route may be relevant for credit institutions, central securities depositories, investment firms, market operators, electronic-money institutions, UCITS management companies and alternative investment fund managers.
In Greece, the Bank of Greece is relevant for Article 60 matters involving credit institutions, electronic-money institutions and payment institutions. HCMC remains relevant for other Title V matters and for provisions not assigned to the Bank of Greece.
A regulated entity must map each proposed crypto-asset service to its existing authorisation and to the MiCA Article 60 equivalence rules.
A regulated entity that wants to provide non-equivalent crypto-asset services may still need full CASP authorisation.
Transitional position
Greece’s MiCA transition currently runs until 30 June 2026.
A Greek legacy provider may rely on the Greek transition only if it was registered by 27 December 2024 for the relevant legacy virtual-currency exchange or digital-wallet custody services and continues only the services it already provided.
A Greek-registered transitional provider may continue until 30 June 2026 or until HCMC grants or refuses MiCA authorisation, whichever occurs earlier.
A provider with registered office in another EU Member State may continue in Greece during transition only if its home Member State applies MiCA Article 143(3). Even then, it may continue only until the earliest of 30 June 2026, expiry of the home-state transition, or grant or refusal of authorisation by the home competent authority.
Legacy registration is not a MiCA licence and should not be marketed as MiCA authorisation.
A new Greece-facing provider should use MiCA authorisation, a valid Article 60 route or a valid MiCA passport.
Passporting and register checks
A MiCA-authorised CASP may provide its authorised services across the EU through the MiCA passport, subject to the required notification process and service scope.
A Greek legacy registration or transitional position does not itself create a MiCA passport.
HCMC, Bank of Greece and ESMA register information should be checked before relying on a provider’s authorisation status, onboarding a counterparty, launching services or publishing any authorisation claim.
Costs
Greek regulatory fees and supervisory costs should be checked before filing.
Applicants should budget for HCMC or Bank of Greece regulatory fees where applicable, legal structuring, governance, AML, sanctions, TFR, DORA, ICT, custody, outsourcing, complaints, conflicts, prudential safeguards, translation, accounting, audit and operational implementation.
A fixed Greek CASP authorisation fee should not be published unless the current HCMC or Bank of Greece fee instrument has been checked from an official source.
Prudential safeguards
A CASP must maintain MiCA prudential safeguards at all times.
The required amount is at least the higher of the applicable permanent minimum capital requirement and one quarter of fixed overheads for the preceding year.
Prudential safeguards may take the form of own funds, an insurance policy, a comparable guarantee or a permitted combination.
The prudential package should be evidenced in the application and maintained after authorisation.
AML, TFR and DORA
Greek CASPs must prepare AML, sanctions, TFR and ICT controls before filing.
Core controls include customer due diligence, beneficial ownership analysis, AML risk assessment, sanctions screening, transaction monitoring, suspicious-activity escalation, travel-rule procedures, treatment of self-hosted addresses where relevant, outsourcing oversight, recordkeeping and staff training.
Legacy providers relying on the Greek transition remain obliged persons under the Greek AML framework until the transition ends or until authorisation is granted or refused.
DORA and ICT readiness are also central. A Greek application should include ICT governance, security documentation, incident management, business continuity, outsourcing controls and operational-resilience evidence.
ARTs, EMTs and payment activity
Stablecoin-related activity should be analysed separately.
The Bank of Greece is relevant for specified e-money token and asset-referenced token matters and for entities that are credit institutions, electronic-money institutions or payment institutions.
A wallet, exchange, transfer, settlement, payment or client-balance model involving e-money tokens may require additional analysis beyond standard CASP authorisation.
A token issuer or offeror should not assume that CASP authorisation alone covers token issuance, admission to trading, ART obligations, EMT obligations or white-paper obligations.
Ongoing obligations
A Greek CASP must comply with MiCA, Greek implementation law, HCMC or Bank of Greece supervisory requirements, AML and counter-terrorist-financing obligations, sanctions controls, TFR and DORA.
Core obligations include governance, management suitability, qualifying-holder controls, prudential safeguards, internal controls, risk management, AML and counter-terrorist-financing procedures, sanctions controls, transaction monitoring, TFR implementation, business continuity, ICT and DORA controls, outsourcing oversight, complaints handling, conflicts management, custody safeguards, client-asset and client-fund segregation, recordkeeping, fair and non-misleading client information, cost and fee transparency, market-abuse systems where relevant and service-specific conduct rules.
Enforcement risk
Greece is not a light-touch jurisdiction.
MiCA requires Member States to maintain administrative penalties and supervisory measures for CASP infringements. These include public statements, cease-and-desist orders, benefit-based fines, natural-person fines and legal-person fines.
The main enforcement risks are operating without MiCA authorisation, continuing after the transition without authorisation, presenting legacy registration as a MiCA licence, relying on another Member State’s transition without satisfying Greek conditions, using Article 60 without eligibility, providing services outside authorised scope, weak AML or TFR controls, weak DORA readiness and misleading marketing or authorisation claims.
Exact Greek sanction exposure depends on the breach, offender category, turnover, benefit obtained, culpability, repeated-breach status and whether the HCMC, the Bank of Greece or another authority is responsible.
Practical assessment
Greece is suitable for firms that want MiCA authorisation in an EU jurisdiction with a defined national implementation law, an identified HCMC authorisation process and a clear HCMC / Bank of Greece competence split.
It is not suitable for firms looking for a paper registration, indefinite grandfathering or informal reliance on another Member State’s transition.
The main execution risks are incorrect service classification, missing transfer services, choosing the wrong authority, treating Article 60 as a general shortcut, relying on transition without meeting the Greek conditions, underestimating AML and TFR controls, overlooking Bank of Greece competence and filing before governance, prudential, ICT, custody, complaints, conflicts and service-specific materials are ready.