🇱🇹Lithuania

Detailed overview

Lithuania: Bank of Lithuania MiCA Authorisation under the Law on Crypto-Asset Markets

Lithuania is a full MiCA jurisdiction. The Lithuanian framework is based on Regulation 2023/1114 and the Lithuanian Law on Crypto-Asset Markets.

The Bank of Lithuania is the Lithuanian competent authority for MiCA licensing and supervision. The Financial Crime Investigation Service remains relevant for AML/CFT supervision.

Lithuania’s transition from the former virtual-asset service provider regime has expired. New or continuing Lithuania-facing crypto-asset service activity should be structured through MiCA authorisation, a valid Article 60 route or a valid MiCA passport.

Regulator

The main regulator for CASP authorisation is the Bank of Lithuania.

The Bank of Lithuania receives CASP authorisation applications, receives Article 60 notifications, supervises authorised providers, maintains the Lithuanian financial market participant register and exercises MiCA supervisory powers.

FNTT is responsible for AML/CFT supervision. CASP applicants should therefore prepare both the MiCA authorisation file and the AML/CFT control framework.

Other Lithuanian and EU regimes may still apply where the activity involves payment services, e-money, e-money tokens, asset-referenced tokens, financial instruments, deposits, funds, insurance products, AML, sanctions, TFR, DORA or tax reporting.

Licensing route

A business that provides crypto-asset services in or from Lithuania generally needs MiCA authorisation as a crypto-asset service provider unless it is an eligible financial entity using Article 60 or a duly authorised EU CASP passporting into Lithuania.

The relevant crypto-asset services are custody and administration of crypto-assets for clients, operation of a crypto-asset trading platform, exchange of crypto-assets for funds, exchange of crypto-assets for other crypto-assets, execution of client orders, placing of crypto-assets, reception and transmission of orders, advice on crypto-assets, portfolio management on crypto-assets and transfer services for clients.

Transfer services are a separate MiCA service and should be included in the service-mapping analysis.

The licence perimeter applies only where the asset is within MiCA. Tokens that qualify as financial instruments, deposits, structured deposits, fund interests, payment instruments, non-MiCA e-money arrangements, insurance products or other regulated products require separate legal analysis.

Article 63 authorisation

A standard unregulated Lithuanian CASP applicant applies to the Bank of Lithuania for MiCA authorisation.

A MiCA-authorised CASP must have a registered office in an EU Member State where it carries out at least part of its crypto-asset services, its effective management in the EU and at least one EU-resident director.

Lithuanian law expects a CASP to be established as a public limited liability company or private limited liability company.

Where the applicant carries out other activities, the Bank of Lithuania may require a separate legal entity if those other activities could adversely affect financial soundness or the Bank’s ability to supervise.

A credible Lithuanian application should include a full service map, legal perimeter analysis, Lithuanian home-state analysis, legal-form analysis, programme of operations, business plan, constitutional documents, proof of prudential safeguards, governance materials, management fit-and-proper evidence, qualifying-holder information, source-of-funds documentation, internal controls, AML and counter-terrorist-financing procedures, sanctions controls, TFR procedures, risk assessment, business-continuity plan, ICT and DORA materials, client-asset and client-fund segregation procedures, complaints procedures, conflicts management, outsourcing framework, custody policy where relevant, trading-platform rules and market-abuse systems where relevant, exchange commercial policy and pricing methodology where relevant, execution policy where relevant, advice and portfolio-management competence evidence where relevant and transfer-service procedures where relevant.

Lithuanian substance

Lithuania is a high-substance licensing jurisdiction.

The Bank of Lithuania expects transparent and honest applicants with strong governance, competent compliance, AML/CFT controls and a high-quality service model.

Applicants should be prepared to evidence management and shareholder fitness, transparent shareholding, financial soundness, source of funds, an unbroken chain of source-of-funds documentation, management competence, internal controls, risk management, local operational substance and an operation centre in Lithuania.

The Bank of Lithuania has stated that empty shell companies will not be tolerated.

Outsourcing is possible, but it must not remove real competence, control, responsibility or supervisory accessibility from the Lithuanian applicant.

Application process

The Bank of Lithuania acknowledges receipt within five business days.

The Bank then assesses completeness within 25 business days. If the file is incomplete, the Bank may request missing information. If missing information is not provided, the application may be returned.

After the file is complete, the Bank assesses the application within 40 business days. The Bank may request additional information and the assessment period may be extended or suspended within the limits allowed by MiCA.

The final decision is communicated within five business days after the assessment period.

The programme of activities, business plan and customer-facing procedures should be prepared in Lithuanian. The Bank of Lithuania may require other documents in Lithuanian.

A poorly prepared or incomplete application is likely to be delayed or not accepted for full examination.

Article 60 notification

Article 60 is not a general shortcut for unregulated applicants. It is a notification route for specified regulated financial entities and permitted equivalent crypto-asset services.

The Article 60 route may be relevant for credit institutions, central securities depositories, investment firms, electronic-money institutions, UCITS management companies, alternative investment fund managers and market operators.

Credit institutions may provide crypto-asset services. CSDs may provide custody and administration. Investment firms may provide equivalent crypto-asset services. Electronic-money institutions may provide custody and transfer services only with regard to EMTs they issue. UCITS and AIF managers may provide services equivalent to their portfolio-management, investment and non-core permissions. Market operators may operate crypto-asset trading platforms.

An Article 60 entity must notify the Bank of Lithuania at least 40 working days before first providing the relevant services.

The Bank checks completeness within 20 working days. The entity may not provide the crypto-asset service while the notification is incomplete.

A regulated entity that wants to provide non-equivalent crypto-asset services may still need full CASP authorisation.

Transitional position

Lithuania’s MiCA transition has expired.

Lithuania applied a transition period until 31 December 2025. During that period, FNTT supervised providers registered under the previous national virtual-asset framework.

From 1 January 2026, a company without a CASP licence may not provide crypto-asset services in Lithuania.

Former FNTT or VASP status is not MiCA authorisation and should not be marketed as such.

The Register Centre removed former virtual-currency exchange and depository-wallet operator entries from 2 January 2026 and no longer publishes those lists.

Legacy AML record-retention and reporting obligations may continue after cessation.

New or continuing Lithuania-facing crypto-asset service activity should be structured through MiCA authorisation, a valid Article 60 route or a valid MiCA passport.

Wind-down

A provider that does not have MiCA authorisation should not onboard new clients, custody crypto-assets or provide crypto-asset services in Lithuania.

A provider that does not intend to continue should inform clients, return client assets to customers, transfer assets to another licensed provider or custodian, or return assets to a self-hosted wallet where appropriate.

Wind-down planning should include client notices, closure of onboarding, asset return, complaint handling, record retention, AML reporting, outsourcing termination and website or marketing updates.

Passporting and register checks

A MiCA-authorised CASP may provide its authorised services across the EU through the MiCA passport, subject to the required notification process and authorised service scope.

Former Lithuanian VASP status or expired transition does not create a MiCA passport.

The Bank of Lithuania register currently lists several authorised Lithuanian CASPs, including Robinhood Europe UAB, UAB “Decentralized”, Nuvei Liquidity UAB and UAB Micar assets.

Bank of Lithuania and ESMA register information should be checked before relying on a provider’s authorisation status, onboarding a counterparty, launching services or publishing any authorisation claim.

Costs

Lithuanian state fees and supervisory contributions apply.

The Bank of Lithuania identifies the state-fee resolution and annual supervisory-contribution resolution as part of the relevant national framework for CASPs.

The exact current state fee and supervisory contribution should be checked before filing or publication.

These amounts are not the full cost of authorisation. Applicants should also budget for legal, governance, AML, sanctions, TFR, DORA, ICT, custody, outsourcing, complaints, conflicts, audit, accounting, prudential, insurance and operational implementation costs.

Prudential safeguards

A CASP must maintain MiCA prudential safeguards at all times.

The required amount is at least the higher of the applicable permanent minimum capital requirement and one quarter of fixed overheads for the preceding year.

The MiCA class amounts are EUR 50,000 for class 1, EUR 125,000 for class 2 and EUR 150,000 for class 3.

Class 1 covers execution of orders, placing, transfer services, reception and transmission of orders, advice and portfolio management.

Class 2 includes class 1 services plus custody and administration, exchange of crypto-assets for funds and exchange of crypto-assets for other crypto-assets.

Class 3 includes class 2 services plus operation of a crypto-asset trading platform.

Where a provider offers services in more than one class, the highest applicable class applies.

Prudential safeguards may take the form of own funds, an insurance policy, a comparable guarantee or a permitted combination.

AML, TFR and DORA

Lithuanian CASPs must prepare AML, sanctions, TFR and ICT controls before filing.

Core controls include customer due diligence, beneficial ownership analysis, AML risk assessment, sanctions screening, transaction monitoring, suspicious-activity escalation, travel-rule procedures, treatment of self-hosted addresses where relevant, outsourcing oversight, recordkeeping and staff training.

DORA and ICT readiness are also central. A Lithuanian application should include ICT governance, security documentation, incident management, business continuity, outsourcing controls and operational-resilience evidence.

FNTT remains relevant for AML/CFT supervision.

EMT and payment-services overlap

EMT-related activity should be analysed separately.

From 2 March 2026, CASPs carrying out certain EMT transactions require additional payment-services authorisation.

A crypto-asset transfer service may be regarded as a payment service where it involves EMTs and the transfer is made on behalf of a client.

Custody and administration of EMTs on behalf of clients may also qualify as payment services where the service enables sending or receiving EMTs to or from third parties.

Exchange of crypto-assets for funds or other crypto-assets is not treated as a payment service merely because one of the exchanged crypto-assets is an EMT.

Wallets, EMT transfers, EMT custody, settlement models, payment-like flows and client-balance models should be assessed for payment institution, e-money institution or PSP-partnering requirements in addition to MiCA.

Tax reporting

Lithuanian tax reporting should be built into onboarding and account processes.

CASPs, ART issuers, EMT issuers, offerors and admission applicants that open accounts or similar products for client funds must report opening and closing information to the Lithuanian Tax Administration.

The reporting deadline is generally three working days.

DAC8-related changes from 2026 may affect duplicated reporting obligations, so tax reporting should be checked before implementation.

Token issuance and white papers

CASP authorisation and token-offer compliance are separate.

A CASP licence does not itself cover public offers, admission to trading, ART issuance, EMT issuance or white-paper obligations.

Stablecoin, wallet, exchange, settlement and payment-like structures should be reviewed separately for EMT, ART, e-money, payment-services and white-paper treatment.

Ongoing obligations

A Lithuanian CASP must comply with MiCA, Lithuanian implementation law, Bank of Lithuania supervisory requirements, AML and counter-terrorist-financing obligations, sanctions controls, TFR, DORA and applicable tax-reporting rules.

Core obligations include governance, management suitability, qualifying-holder controls, prudential safeguards, internal controls, risk management, AML and counter-terrorist-financing procedures, sanctions controls, transaction monitoring, TFR implementation, business continuity, ICT and DORA controls, outsourcing oversight, complaints handling, conflicts management, custody safeguards, client-asset and client-fund segregation, recordkeeping, fair and non-misleading client information, cost and fee transparency, market-abuse systems where relevant and service-specific conduct rules.

Enforcement risk

Lithuania is not a light-touch jurisdiction.

The Bank of Lithuania may refuse authorisation where the applicant fails, or is likely to fail, to meet MiCA Title V requirements; where management or qualifying holders are not fit and proper; where management threatens sound and prudent management, continuity, client interests or market integrity; where AML/TF risk exposure is present; or where third-country law prevents effective supervision.

After the end of transition, accepting new clients, custodying crypto-assets or providing other crypto-asset services without a MiCA licence is treated as illegal financial activity.

The Bank of Lithuania may block websites and publish information about illegal providers.

FNTT has warned that financial activity without the required licence may trigger criminal liability.

MiCA also requires Member States to maintain administrative penalties and supervisory measures for CASP infringements. These include public statements, cease-and-desist orders, benefit-based fines, natural-person fines and legal-person fines.

The main enforcement risks are operating without MiCA authorisation, relying on expired transition, presenting former FNTT or VASP status as MiCA authorisation, using Article 60 without eligibility, providing services outside authorised scope, weak AML or TFR controls, weak DORA readiness, ignoring EMT and payment-services overlap, insufficient Lithuanian substance and misleading marketing or authorisation claims.

Practical assessment

Lithuania is suitable for firms that want MiCA authorisation through an active Baltic regulator and are prepared to build real local substance.

It is not suitable for firms looking for a paper registration, continued reliance on former VASP status, indefinite grandfathering or an empty-shell structure.

The main execution risks are incorrect service classification, missing transfer services, treating Article 60 as a general shortcut, relying on expired transition, underestimating Bank of Lithuania documentation expectations, weak Lithuanian substance, inadequate source-of-funds evidence, ignoring EMT and payment-services issues, failing to evidence prudential safeguards and filing before AML, TFR, DORA, ICT, custody, outsourcing, complaints, conflicts and service-specific controls are ready.