Licentium

Fintech Licensing Hub

Malta

Malta regulates crypto under MiCA through the Markets in Crypto-Assets Act (Cap. 647), with the MFSA as competent authority; building on its pioneering 2018 Virtual Financial Assets Act, it took the full 18-month transition to 1 July 2026 with a streamlined VFA-to-CASP conversion, and granted some of the EU's first CASP licences (OKX, Crypto.com, Gemini, BVNK). Payments and e-money run under the Financial Institutions Act (PSD2/EMD2), supervised by the MFSA, with the Instant Payments Regulation and DORA in force and PSD3/PSR moving toward adoption. Gambling is the country's signature sector: the Malta Gaming Authority licenses B2C and B2B operators under the Gaming Act, with a 5% gaming tax on Malta-based-player revenue, making Malta the EU's dominant iGaming hub — and Malta is in the euro area and banking union, and does not tax long-term investment crypto gains while taxing trading at 0–35%.

Available licences

Crypto-Asset Service Provider authorisation (MFSA under MiCAR and Cap. 647)

Custody, operation of a trading platform, exchange of crypto-assets for funds or other crypto-assets, execution, placing, reception and transmission of orders, advice, portfolio management and transfer services require MFSA authorisation under Article 63 MiCAR; an authorisation passports across the EEA.

Asset-Referenced Token (ART) issuer authorisation (MFSA)

Public offering or admission to trading of a token referencing a basket of values, rights or currencies requires authorisation as an ART issuer under Title III MiCAR, with reserve, custody and disclosure requirements.

E-Money Token (EMT) issuer (credit institution or EMI; MFSA)

EMTs (including fiat-backed stablecoins) may be issued only by an authorised credit institution or e-money institution, with redemption at par; Malta has authorised stablecoin-focused CASPs and EMIs.

Article 60 MiCAR notification route (existing financial entities)

Credit institutions, investment firms, e-money and payment institutions and other authorised entities may provide specified crypto-asset services by notifying the MFSA at least 40 working days before starting.

Payment Institution authorisation (MFSA under the Financial Institutions Act)

A licence to provide payment services under the Financial Institutions Act, supervised by the MFSA and passportable across the EEA.

E-Money Institution authorisation (MFSA)

A licence to issue electronic money and provide related payment services, with EUR 350,000 minimum initial capital, supervised by the MFSA; Malta hosts a developed EMI ecosystem (including 3S Money, Moneybase and Bankera).

Account Information and Payment Initiation Services (MFSA)

Open-banking providers — account information and payment initiation service providers — fall within the Financial Institutions Act, supervised by the MFSA, with strong customer authentication.

Banking authorisation (MFSA and the ECB/SSM)

Deposit-taking and lending require a banking licence; in the banking union the European Central Bank grants the licence and directly supervises significant institutions, with the MFSA supervising less-significant ones.

Investment firm authorisation (MFSA — MiFID II)

Investment services in financial instruments require authorisation under the Maltese MiFID II framework, supervised by the MFSA.

B2C Gaming Service Licence (MGA)

A business-to-consumer licence under the Gaming Act to offer gaming directly to players — casino/RNG games (Type 1), fixed-odds betting (Type 2), peer-to-peer/poker/betting exchange (Type 3) and controlled skill games (Type 4) — valid for ten years.

B2B Critical Gaming Supply Licence (MGA)

A business-to-business licence to supply and manage the software and systems that operators rely on, without direct player interaction, valid for ten years.

Detailed overview

Malta at a glance

Malta combines an early, experienced crypto regulator with the EU's dominant online-gaming hub. Crypto is supervised by the MFSA under the Markets in Crypto-Assets Act (Cap. 647); the full 18-month transition ended 1 July 2026, with a simplified VFA-to-CASP conversion. Payments run under the Financial Institutions Act with the MFSA as supervisor and the Instant Payments Regulation and DORA in force. Gambling runs under the Gaming Act, supervised by the MGA. The euro is the currency, and Malta sits inside the euro area and banking union.

Crypto regime under MiCA — MFSA-led, first-mover:

  • MiCA + national implementing law — Regulation (EU) 2023/1114 (MiCAR); the Markets in Crypto-Assets Act (Cap. 647) and the MFSA MiCA Rulebook, designating the MFSA
  • Competent authority — the MFSA for CASP authorisation and ART/EMT supervision
  • Grandfathering — closed. Malta adopted the full 18-month transition: VFA licensees holding a VFA licence before 30 December 2024 could continue until 1 July 2026 or until their CASP application was decided, with a streamlined conversion; that window has now expired
  • Pre-MiCA heritage — Malta's Virtual Financial Assets Act (2018) classified DLT assets and licensed VFA service providers; the MFSA has supervised crypto since 2018, easing the MiCA transition
  • Early CASP licences — Malta granted some of the EU's first CASP authorisations (OKX in January 2025, alongside Crypto.com, Gemini, Gate, Blockchain.com and BVNK among roughly a dozen), and several firms chose Malta as their EU hub
  • Scrutiny — Malta's speed drew an ESMA peer review of MFSA CASP authorisations that flagged supervisory expectations, and the MFSA issued a CASP supervision circular in April 2025; the MFSA frames its efficiency as built on years of VFA experience
  • Substance — two resident executive directors ("two-mind management"), a local compliance officer and MLRO; banking access remains a practical challenge for crypto firms
  • AML/CFT — Maltese AML law applies, with the FIAU; the EU AML package (Regulation (EU) 2024/1624 / AMLR, with AMLA in Frankfurt) applies from 10 July 2027
  • TFR / DORA — the Travel Rule (Regulation (EU) 2023/1113) applies from 30 December 2024 and DORA from 17 January 2025; DAC8 reporting runs from 2026
  • Tax — administered by the Commissioner for Revenue under DLT-asset guidance: individual gains on crypto held as a long-term investment (store of value) are not subject to capital gains tax, while frequent trading is taxed as income at progressive rates (0–35%); mining, staking and DeFi yields are taxable income. Companies face a 35% headline corporate rate, reduced to roughly 5% effective via the 6/7ths imputation refund on distribution (with proper substance), and a non-dom regime exempts unremitted foreign-source gains

Payments and e-money regime (MFSA-led):

  • PSD2 — Directive (EU) 2015/2366; transposed by the Financial Institutions Act, supervised by the MFSA
  • Payment Institution licensing — initial capital EUR 20,000 (money remittance), EUR 50,000 (payment initiation) and EUR 125,000 (other payment services)
  • EMD2 / E-Money Institution — Directive 2009/110/EC; EUR 350,000 initial capital; Malta hosts a developed EMI ecosystem; stablecoin (EMT) issuers must be EMIs or credit institutions
  • Instant Payments Regulation (Regulation (EU) 2024/886) — euro instant payments: receiving applicable from 9 January 2025 and sending from 9 October 2025
  • DORA (Regulation (EU) 2022/2554) — applicable from 17 January 2025
  • PSD3 / PSR — Commission proposals of 28 June 2023; provisional political agreement reached 27 November 2025, with final compromise texts published 23 April 2026 and formal adoption expected during 2026; the package will repeal PSD2 and EMD2 and fold e-money institutions into payment institutions
  • Banking — in the banking union the ECB grants banking licences and directly supervises significant institutions, with the MFSA supervising less-significant ones
  • Currency: euro (since 2008); no exchange controls

Gambling regime — MGA-licensed, the EU's iGaming hub:

  • Gaming Act (Cap. 583) and the 2018 framework — Malta was the first EU state to regulate online gaming (2004) and remains the leading remote-gaming jurisdiction
  • Regulator — the Malta Gaming Authority (MGA), a single regulator for all gaming and a global benchmark
  • Licences — two categories: B2C (Gaming Service) and B2B (Critical Gaming Supply), each covering multiple Game Types (1–4) under one authorisation, valid for ten years
  • Tax — a 5% gaming tax on gaming revenue from players physically present in Malta (paid monthly); B2C operators also pay a tiered monthly compliance contribution
  • Fees and capital — EUR 5,000 application fee; annual licence fees (EUR 25,000 B2C; EUR 25,000–35,000 B2B); share capital EUR 100,000 (B2C Type 1/2) or EUR 40,000 (Type 3/4 and B2B), with a 2025 positive-equity capital policy
  • Key functions — CEO, compliance and MLRO roles required from application; need not reside in Malta but must be available to the MGA
  • Minimum age — 18 for remote gaming (land-based casinos higher); AML supervised by the FIAU
  • No EU passport — gambling is licensed nationally, though the MGA recognises certain equivalent foreign licences

Last verified: July 2026. Reference rate: USD 1 ≈ EUR 0.87 (EUR 1 ≈ USD 1.15).

Malta is an early-mover, euro-area jurisdiction: crypto runs under MiCAR with the MFSA building on its 2018 VFA framework, payments sit under the Financial Institutions Act, and gambling is the EU's dominant iGaming market under the MGA, with a 5% gaming tax.

Is there a crypto licence in Malta?

Yes. Malta applies MiCAR through the Markets in Crypto-Assets Act (Cap. 647), with the MFSA authorising and supervising CASPs and ART/EMT issuers. The full 18-month transition ended 1 July 2026, so operating now requires an MFSA authorisation, a valid MiCA passport, or an Article 60 notification.

The legal foundation:

  • Regulation (EU) 2023/1114 (MiCAR) — the directly applicable EU framework for offerings, admission and crypto-asset services
  • Markets in Crypto-Assets Act (Cap. 647) and the MFSA MiCA Rulebook — implement MiCAR and designate the MFSA
  • Maltese AML law — AML/CFT obligations, with the FIAU
  • Regulation (EU) 2023/1113 — Travel Rule for crypto-asset transfers

Structure:

  • A Maltese entity with genuine substance — two resident executive directors, a local compliance officer and MLRO, and fit-and-proper management
  • MiCAR own-funds floors by class — EUR 50,000 (Class 1), EUR 125,000 (Class 2), EUR 150,000 (Class 3) — with the higher of the floor or a fixed-overheads measure
  • AML systems, a white paper for in-scope offerings, custody and client-asset segregation, ICT and governance documentation, and a business plan — submitted to the MFSA after pre-application engagement

Operational reality:

  • Malta is experienced and efficient, with many crypto-native exchanges choosing it as their EU hub, but its speed has drawn ESMA scrutiny and the MFSA has tightened CASP supervision
  • The tax environment (no CGT on long-term holdings, the 6/7ths corporate refund, non-dom) and a deep iGaming and fintech ecosystem add to the appeal; banking access remains the main practical hurdle
  • New activity should be structured through an MFSA authorisation, a valid passport or an Article 60 notification — not the closed transitional regime

Official CASP roadmap: The MFSA maintains the Markets in Crypto-Assets Act (Cap. 647) and a MiCA Rulebook with application notices, offers pre-application engagement, and operated a simplified VFA-to-CASP conversion; the full 18-month transition ended 1 July 2026.

Payments & E-money (MFSA — PSD2 / EMD2)

Best for payment, remittance, acquiring, wallet and e-money operators that want an experienced EU regulator and a developed EMI ecosystem.

What it is: Authorisation as a payment institution or e-money institution under the Financial Institutions Act, supervised by the MFSA and passportable across the EEA.

Who it suits: Money-remittance and transfer providers, acquirers, card and wallet issuers, payment-initiation and account-information providers, and e-money issuers (including stablecoin issuers, who must be EMIs or credit institutions).

Covers: The payment services under the Financial Institutions Act — incoming and outgoing transactions, transfers, card and instrument-based payments, money remittance, payment initiation and account information — plus issuance of electronic money.

Operational requirement: A Maltese entity; minimum initial capital by service type; ongoing own-funds and safeguarding of client funds; strong customer authentication; AML/CFT; DORA operational-resilience obligations; and fit-and-proper management.

Headline figures

  • Primary instruments: Financial Institutions Act (PSD2 / EMD2); Instant Payments Regulation (EU) 2024/886; DORA (Regulation (EU) 2022/2554)
  • Regulator: MFSA (authorisation and supervision)
  • Entry capital: payment institutions EUR 20,000 / 50,000 / 125,000 by service type; e-money institutions EUR 350,000
  • Instant payments: euro instant payments receiving from 9 January 2025 and sending from 9 October 2025
  • Reform pipeline: PSD3 / PSR — political agreement November 2025, compromise texts April 2026, adoption expected during 2026; EMD2 to be repealed and EMIs folded into payment institutions
  • Currency: euro (euro-area member); no exchange controls

Is there a gambling licence in Malta?

Yes. The MGA licenses B2C and B2B operators under the Gaming Act — Malta is the EU's leading online-gaming jurisdiction, with a low 5% gaming tax on Malta-based-player revenue.

The legal foundation:

  • Gaming Act (Cap. 583) and the 2018 regulatory framework — Malta first regulated online gaming in 2004
  • MGA — a single regulator for all gaming, and a global benchmark
  • Gaming Licence Fees Regulations — fees, gaming tax and compliance contribution

Structure:

  • Two licence categories — B2C (Gaming Service) and B2B (Critical Gaming Supply) — each covering Game Types 1–4 under one authorisation
  • Licences run for ten years and are renewable subject to compliance reviews and a systems audit
  • Key functions (CEO, compliance, MLRO) must be approved from application

Gambling — B2C Gaming Service Licence (MGA)

Best for online operators wanting the EU's most established remote-gaming licence and a low effective tax burden for cross-border play.

What it is: An MGA B2C licence to offer casino, betting, poker and skill games directly to players.

Who it suits: Online casino, sportsbook and poker operators able to meet capital, key-function and systems-audit requirements.

Covers: Game Types 1 (RNG/casino), 2 (fixed-odds betting), 3 (P2P/poker), and 4 (controlled skill games).

Operational requirement: Approved key functions, share capital by Game Type, a systems audit, AML/CFT under FIAU supervision, responsible-gaming measures and ongoing compliance reviews.

Headline figures

  • Primary instruments: Gaming Act (Cap. 583); Gaming Licence Fees Regulations
  • Regulator: Malta Gaming Authority (MGA)
  • Tax: 5% gaming tax on gaming revenue from Malta-based players (monthly); tiered B2C compliance contribution
  • Fees and capital: EUR 5,000 application; EUR 25,000 annual (B2C); share capital EUR 100,000 (Type 1/2) or EUR 40,000 (Type 3/4)
  • Term: ten-year licence; minimum age 18 (remote)

Costs and timelines at a glance

  • Crypto: MiCAR via Cap. 647, MFSA for CASPs/ARTs/EMTs; own-funds floors EUR 50,000 / 125,000 / 150,000 by class; 40-working-day decision after completeness (typically four to eight months); transition closed 1 July 2026
  • Payments primary instruments: Financial Institutions Act (PSD2 / EMD2); Instant Payments Regulation (EU) 2024/886; DORA
  • Payments regulator: MFSA; banking licences via the ECB/SSM (banking-union member)
  • Reform pipeline: PSD3 / PSR — agreement November 2025, compromise texts April 2026, adoption expected during 2026
  • Gambling: MGA B2C/B2B licences (ten-year term); 5% gaming tax on Malta-based players; EUR 5,000 application, EUR 25,000 annual (B2C)
  • Tax: corporate 35% headline (~5% effective via the 6/7ths refund); individual long-term investment crypto gains untaxed, trading taxed at 0–35%
  • Currency: euro (euro-area and banking-union member); no exchange controls
  • FX: USD 1 ≈ EUR 0.87 (EUR 1 ≈ USD 1.15)

Who Malta suits and who it does not

Suitable for

  • Crypto exchanges, custodians and token issuers wanting an experienced MiCAR regulator, a smooth VFA heritage and EEA passporting
  • Stablecoin (EMT) issuers and crypto-native firms that value Malta's deep digital-asset and EMI ecosystem
  • Payment and e-money operators wanting an established regulator and a developed EMI base (3S Money, Moneybase, Bankera)
  • Online gaming operators wanting the EU's most recognised remote-gaming licence and a low 5% gaming tax on Malta-based play
  • Companies that can build real substance to access the 6/7ths corporate refund and the non-dom regime

Not suitable for

  • Firms wanting to avoid scrutiny — the MFSA's CASP authorisations have drawn ESMA peer review and tighter supervision
  • Providers relying on a former VFA registration — the transition closed on 1 July 2026
  • Crypto firms underestimating banking friction — banks classify crypto as high-risk, and EMIs are often the practical route
  • Letterbox structures — the MFSA and the tax authorities require genuine local substance and two-mind management
  • Payment, e-money or gaming firms expecting to avoid EU prudential, safeguarding, DORA, AML or systems-audit obligations

Ready to launch without the regulatory guesswork?

Book a 30-minute consultation with a senior advisor and talk through your route.

Get Started