Licentium

Licensing Hub

Qatar

The QFC Digital Assets Framework (2024) licenses tokenisation and investment tokens via the QFCRA. QCB covers mainland banking and payments; QFMA covers tokenised securities.

Available licences

QFC Token Service Licence

QFC Authority licence to carry on a token service in or from the QFC: validation, token generation, token custody (holding or controlling tokens or the means by which clients' tokens may be recorded and transacted, including private keys), operating a token exchange (a system bringing together multiple third-party buying and selling interests in tokens under non-discretionary rules in a way that results in a contract), or token transfer services. Token services may not be provided in relation to excluded tokens (cryptocurrencies used as alternatives to fiat, stablecoins or other currency substitutes). Permitted tokens must be generated under the QFC Digital Asset Regulations following validation by a validator and generation by a token generator.

QFCRA Investment Token Activity

QFCRA-regulated activity in relation to investment tokens (tokens representing rights in a specified product, an approved derivative, specified Islamic financial contract rights or substantially similar rights). Activity is regulated if the same activity would be regulated in relation to the underlying right. Includes operating an investment token exchange, clearing or settling transactions in investment tokens, and providing custody services for investment tokens (holding or controlling the tokens or the means by which client investment tokens are recorded and transacted).

QFC AML/CFT Designated Token Service Provider

QFC AML/CFT Rules (Version 6, effective 1 May 2026) apply to validators, token generators, token custodians, token exchanges and token transfer service providers (except where the provider is already a financial institution). CDD covers identification and verification, source-of-wealth and source-of-funds, purpose and intended nature of the relationship, and authority/legal status/ownership/control/beneficial-owner checks. Wire-transfer rules apply to token transfers (originator-side firm = ordering financial institution; recipient-side firm = beneficiary financial institution). QR 3,500 threshold by reference to market value of the token transfer.

QCB Payment Services Licence (Payment Services Regulation)

QCB licence required before carrying on payment services within or from Qatar (unless exempt). Regulated services include e-money issuance, merchant acquisition, domestic money transfer, account information services, payment gateway infrastructure, settlement services and systemically important electronic payment systems. Non-bank payment service providers must place money collected for e-money or merchant acquisition in an escrow account with a QCB-licensed bank, with balance at least 100% of the relevant value. New payment-technology proposals must complete sandbox testing before a PSP licence application can be submitted.

QFMA Securities Services Licence (Tokenised Securities)

QFMA licence for securities services activities including execution of securities orders, securities trading for own account, custody services for cash or securities, broker agent activity, securities advice, securities investment management, investment trusteeship, underwriting, securities issuance management, market making, liquidity providing, margin trading, securities lending and borrowing, securities marketing and listing advice. Capital requirements include QR 3 million (executing broker), QR 5 million (own-account trading, securities investment management, underwriting), QR 20 million (custody and market making) and QR 1 million (securities advice). Tokenised shares, sukuk, bonds, fund units, ETF units, structured products and tokenised receivables in mainland Qatar require QFMA review.

QCB DLT Guideline Compliance (Regulated Entities)

QCB Distributed Ledger Technology Guideline for QCB-regulated entities using or proposing to use DLT. Specified requirements have the same force as QCB regulatory requirements. QCB does not currently permit permissionless DLT networks. Regulated entities must assess whether their DLT activities require QCB licensing, approval or registration; address legal issues, liability, governing law and dispute resolution; and where public key infrastructure is used, maintain key-generation, identity-to-public-key data protection, private-key storage and wallet security, custody solutions, cold-wallet controls and key-recovery plans.

Detailed overview

Qatar: QFC Digital Asset Framework, QCB Payment Rules and QFMA Securities

Regulators

Qatar’s digital-asset position depends on the regulatory perimeter.

The Qatar Central Bank is the main regulator for mainland banking, currency, payment services, e-money, payment systems, QCB-regulated DLT use and financial institutions.

The Qatar Financial Markets Authority regulates securities services and securities-related activities in mainland Qatar.

The Qatar Financial Centre Authority and Qatar Financial Centre Regulatory Authority administer the QFC digital-asset framework, token-service licensing and QFC investment-token regulation.

Mainland crypto position

Qatar does not currently have a public general-purpose mainland VASP licence for ordinary cryptocurrency exchange, brokerage, custody or transfer in the official materials reviewed.

QCB’s official annual report records that QCB urged all banks operating in Qatar not to deal with Bitcoin, not to exchange it with another currency, not to open accounts to deal with it, and not to send or receive transfers for the purpose of buying or selling Bitcoin.

A crypto exchange, broker, custodian, hosted wallet or fiat on/off-ramp should not assume that it can operate in mainland Qatar through a general crypto licence. Direct QCB confirmation is required before any ordinary cryptocurrency trading, custody or payment-rail model is launched.

QFC digital asset framework

The QFC has a positive digital-assets framework. The QFC Digital Assets Framework commenced on 1 September 2024 and provides the legal and regulatory foundation for tokenisation, legal recognition of property rights in tokens and underlying assets, custody arrangements, transfer, exchange and smart contracts.

The framework is not a general crypto or stablecoin framework. It is built around permitted tokens, tokenisation of property rights and regulated investment tokens.

Permitted tokens and excluded tokens

A permitted token is a token generated under the QFC Digital Asset Regulations and not an excluded token.

A token is excluded if it does not represent a right in property other than the token itself, or if it is a substitute for currency, represents currency or can otherwise be used as a means of payment.

The QFC Digital Asset Regulations give two important examples. A cryptocurrency token used as an alternative to fiat currency, not issued or backed by a government authority and not representing off-chain property, is an excluded token. A stablecoin is also an excluded token because it is treated as a substitute for currency that can be used as a means of payment.

A token representing a right to a commodity, such as a precious metal, is not excluded merely because it may be tradeable.

QFC tokenisation requires a validation and generation process.

The owner of the right to be tokenised must obtain a certificate of validation from a validator. The owner then requests tokenisation from a token generator. The token generator generates a token representing the underlying right and gives the owner, or a person acting for the owner, the means to exercise the power to transfer the token.

Ownership of a permitted token confers ownership of the underlying represented by that token. A person who controls the power to transfer a permitted token may be presumed to be the owner of the token.

Transfer of a permitted token is effected by transferring control over the power to transfer the token. Transfer of the permitted token results in transfer of the underlying to the transferee. The underlying may be transferred only by transferring the permitted token representing it.

Token services in the QFC

A token service carried on in or from the QFC is a licensable QFC permitted activity. The entity may not carry on the activity unless licensed by the QFC Authority.

A token service may not be carried on in or from the QFC in relation to an excluded token. This means QFC token-service licensing is not available for ordinary cryptocurrencies or stablecoins where they are excluded tokens.

Token services are validation, token generation, token custody services, operating a token exchange and token transfer services.

Token custody includes holding or controlling tokens for clients or holding or controlling the means by which clients’ tokens may be recorded and transacted on token infrastructure. Holding or safeguarding private keys for client tokens is an example of token custody.

Operating a token exchange means operating a system that brings together multiple third-party buying and selling interests in tokens under non-discretionary rules in a way that results in a contract. A facility that merely routes orders without interaction is not a token exchange.

Token transfer services are services that facilitate the transfer of tokens to or from a person and a third party. Selling hardware or software that may be used for token transfer does not itself constitute a token transfer service.

Investment tokens in the QFC

Investment tokens are separately regulated by the QFCRA.

An investment token is a token representing rights in a specified product, an approved derivative, specified Islamic financial contract rights or substantially similar rights. A token representing such a right is treated as representing that right for QFC regulatory purposes. Activity in relation to an investment token is regulated if the same activity would be regulated in relation to the underlying right.

Operating an investment token exchange and clearing or settling transactions in investment tokens are regulated activities. An investment token exchange is a system that brings together multiple third-party buying and selling interests in investment tokens under non-discretionary rules in a way that results in a contract.

A firm provides custody services for investment tokens where it holds or controls investment tokens, or where it holds or controls the means by which clients’ investment tokens may be recorded and transacted on token infrastructure.

A platform trading tokenised shares, tokenised debt instruments, tokenised fund interests, tokenised derivatives, tokenised Islamic finance rights or similar investment rights should complete a QFCRA investment-token analysis.

QFC AML and token transfers

QFC token service providers fall within the QFC AML/CFT framework.

The QFC AML/CFT Rules apply to firms carrying on business activities in or from the QFC, subject to specified exclusions. The current rules are Version 6, effective 1 May 2026.

The rules define designated token service providers as validators, token generators, token custodians, token exchanges and token transfer service providers, except where the provider is already a financial institution.

Customer due diligence includes identifying and verifying the customer, determining whether the customer acts for another person, obtaining source-of-wealth and source-of-funds information, and understanding the purpose and intended nature of the business relationship. For legal persons and legal arrangements, CDD also includes authority, legal status, ownership, control and beneficial-owner checks.

The QFC AML/CFT Rules apply wire-transfer rules to token transfers. The firm acting for the originator is treated as an ordering financial institution and the recipient-side firm is treated as a beneficiary financial institution for the token-transfer mechanics. The QR 3,500 threshold is applied by reference to the market value of the token transfer.

A QFC token service provider should maintain KYC, beneficial-owner checks, source-of-funds and source-of-wealth controls, sanctions screening, transaction monitoring, suspicious-activity escalation, recordkeeping and token-transfer information systems.

Payment services and e-money

Payment-like digital assets require QCB analysis.

QCB’s Payment Services Regulation applies to payment services with a clear payment nexus, systemic-risk implications, processing of funds or merchant-acquiring functions, and consumer or merchant dealing. A person must not carry on payment services within or from Qatar unless licensed or exempt.

Regulated payment services requiring prior QCB authorization include e-money issuance, merchant acquisition, domestic money transfer and other payment services with the relevant payment-service characteristics.

E-money is a payment instrument containing monetary value paid in advance to the e-money issuer. It may be issued in card-based or network-based form and may be accessible through the internet, mobile phones or other devices.

Merchant acquisition includes accepting and processing a payment transaction for a merchant where the merchant carries on business in Qatar, is incorporated, formed or registered in Qatar, or the contract is entered into in Qatar. Examples include online payment gateways and card or QR-code acquiring.

Domestic money transfer includes transfers between payment accounts held with licensed banks or licensed e-money issuers in Qatar, where neither payer nor payee is a financial institution.

Other regulated payment services include account information services, payment gateway infrastructure, settlement services and systemically important electronic payment systems operating in Qatar.

A non-bank payment service provider must place money collected for e-money or merchant acquisition in an escrow account with a QCB-licensed bank. The bank must ensure that the escrow balance is not lower than 100% of the relevant value.

Stablecoins and fiat-backed tokens

Stablecoins are excluded tokens under the QFC Digital Asset Regulations and cannot be the subject of QFC token services.

A fiat-backed token, tokenised deposit, stablecoin, payment token, e-wallet or merchant settlement product also requires QCB analysis. If the product stores monetary value, enables payments, supports merchant settlement, facilitates payment initiation or processes customer funds, it may fall within the QCB payment framework.

If a proposed payment service uses new technology that has not been implemented or tested in a regulated environment, the QCB Payment Services Regulation requires sandbox testing before an eligible applicant may submit a payment service provider licence application.

QCB-regulated DLT use

QCB has a Distributed Ledger Technology Guideline for QCB-regulated entities.

The guideline applies to QCB-regulated entities that use or propose to use DLT. Although it is called a guideline, it states that specified requirements have the same force as QCB-issued regulatory requirements. QCB currently does not permit permissionless DLT networks.

A QCB-regulated entity must assess whether its DLT activities, services or products require licensing, approval or registration with QCB. It must also address legal issues, liability, governing law and dispute resolution.

Where public key infrastructure is used, the entity must maintain robust key-generation processes, protect customer identity-to-public-key data, assess private-key storage and wallet security, evaluate custody solutions, consider cold-wallet controls for higher-risk assets and maintain key-recovery plans.

This framework supports regulated DLT use by QCB-supervised entities. It is not a general public authorization for cryptocurrency exchange, custody or payment activity.

QFMA and securities tokens

Tokenised securities outside the QFC require QFMA analysis.

QFMA financial services activities requiring licensing include execution of securities purchase or sale orders for others, securities trading for own account, custody services for cash or securities, broker agent activity, securities advice, securities investment management, investment trusteeship, underwriting securities issuance, securities issuance management, market making, liquidity providing, margin trading, securities lending and borrowing, securities marketing and promotion, listing advice and any other activity QFMA adds.

A tokenised share, sukuk, bond, fund unit, ETF unit, structured product, tokenised receivable or other security-like instrument should therefore be reviewed under QFMA rules if it is offered, marketed, traded, advised on, managed, underwritten or custodied in mainland Qatar.

QFMA capital requirements vary by activity. The Financial Services Rulebook lists minimum capital including QR 3 million for executing broker activity, QR 5 million for securities trading for own account, QR 20 million for custody services and market-maker activity, QR 5 million for securities investment management and underwriting, and QR 1 million for securities advice.

CBDC and digital securities

Qatar’s CBDC work is a wholesale central-bank project and should not be confused with private cryptoasset authorization.

QCB states that CBDC is central-bank-issued digital currency that serves as legal tender and is a claim against the central bank. Qatar’s current CBDC program is limited to wholesale CBDC and does not cover retail participation.

QCB describes digital securities as financial securities ownership recorded on the same or similar digital network as CBDC. The wholesale CBDC program first investigates digital government bonds, implemented as digital copies of existing bonds. Participation in the first phase is limited to selected banks and controlled by QCB.

The program uses DLT designed for regulated use cases and governed by QCB. The initial phase is a simulation and is not conducted with real money.

This does not create authorization for retail CBDC, private stablecoin issuance or ordinary private cryptocurrency payment use.

Regulatory outlook

Qatar now has a sophisticated QFC tokenisation framework and QCB-led DLT and wholesale CBDC initiatives. The core distinction is between regulated tokenisation of rights and ordinary private cryptocurrencies.

In the QFC, permitted tokens, token services and investment tokens can be regulated under the QFC and QFCRA framework. Cryptocurrencies and stablecoins are excluded tokens and cannot be the subject of QFC token services.

In mainland Qatar, ordinary private crypto exchange, transfer and custody remain high-risk and no public general VASP licence was identified in the official materials reviewed. Payment-like models require QCB analysis. Securities-like tokens require QFMA analysis. QCB-regulated DLT use requires QCB compliance and, where applicable, QCB approval.

A new entrant should first decide whether the business is in the QFC or mainland Qatar, then classify the asset and activity. The main classification questions are whether the product is a permitted token, excluded token, investment token, payment instrument, e-money, stablecoin, CBDC-related instrument, digital security or mainland security.

Ready to launch legally?

Book a 30-minute consultation. We'll map your licensing path and tell you exactly what's required, in plain language.

Get Started