On 3 January 2025, BaFin published the Guidance Notice on crypto-asset services MiCAR (“Guidance Notice”). In addition to interpretation notes on crypto-asset services, which were already discussed in the blog post of 8 January 2025, the Guidance Notice also contains information on the authorisation requirement with regard to the provision of crypto-asset services and the notification procedure, which are the subject of this blog post.
1. Obligation to obtain authorisation for crypto-asset services
Crypto-asset services are subject to authorisation in Germany if they are operated commercially and in Germany.
The provision of a crypto asset service is commercial if it is intended to last for a certain period of time and if it is provided with the intention of making a profit. This definition of commercial activity used in the Guidance Notice corresponds to the definition of commercial activity used by BaFin for other regulated services.
A significant difference between crypto-asset services and other regulated services (e.g. payment services pursuant to section 10 ZAG and banking business and financial services pursuant to section 32 KWG) is that a requirement for authorisation cannot be justified by the fact that the crypto-asset service is or is to be operated on a scale that requires a commercially organised business operation. The background to this is that the MiCAR only stipulates commerciality as a materiality threshold, so that the Guidance Notice, correctly, does not say a word about the size of the business, which may result in a licensing requirement.
With regard to domestic operations or domestic procurement, there is no change to other regulated services, as BaFin refers to the BaFin Guidance Notice “Notes regarding the licensing for conducting cross-border banking business and/or providing cross-border financial services“. In summary, commercial operated crypto-asset services in Germany are subject to authorisation if the company concerned
- is domiciled in Germany or establishes a legally dependent branch office or maintains another physical presence from which it conducts business – even if only specifically with non-residents – or
- addresses its offer from abroad using means of distance communication exclusively by way of cross-border service provision, without maintaining an intermediary network or a physical presence, also and especially to legal entities or natural persons who have their registered office or habitual residence in the Federal Republic of Germany (i.e. actively addresses its offer to the German market).
Furthermore, Bafin points out that companies can “passport” their MiCAR licence to other EEA states in accordance with Art. 65 MiCAR.
2. Exemptions from the authorisation requirement
Bafin also points out the exceptions to the authorisation requirement in the Guidance Notice. Companies that exclusively provide crypto-asset services within the group, for parent companies, subsidiaries and sister companies are not subject to authorisation (so-called “group privilege”). Likewise, the persons, companies and organisations listed in Art. 2 (2) lit. b to f MiCAR do not require authorisation (e.g. ECB, insolvency administrators acting in the course of insolvency proceedings, international public law organisations, etc.).
3. Notification procedure
Pursuant to Art. 59 (1) MiCAR in conjunction with Art. 60 MiCAR, certain companies that are already licensed under other regimes may provide crypto-asset services if these companies notify BaFin of this at least 40 working days before the first provision of these services and submit the complete information required under Art. 60 (7) MiCAR (so-called “notification procedure”). Unfortunately, the Guidance Notice is mainly limited to the reproduction of the respective MiCAR provisions and does not refer to the technical regulatory standards of ESMA, which are currently available as a final draft version and concretise the notification procedure. Only for operators of regulated markets does BaFin recommend that the information required for the notification procedure also be submitted to the competent stock exchange supervisory authority.
Based on the notification procedure, the following companies can provide the following crypto-asset services without additional authorisation:
- CRR credit institutions all crypto asset services that they respectively report
- Investment institutions and financial services institutions as well as credit institutions with a licence for underwriting business and/or principal broking service the crypto-asset services that are equivalent to the respective investment (ancillary) and financial services or banking business pursuant to Section 1 (1) sentence 2 nos. 4, 10 KWG and for which they have a licence pursuant to KWG or WpIG (Note: Art. 60 (3) MiCAR specifies which of the regulated services is equivalent to the specific crypto-asset service)
- E-money institutions the custody and administration of crypto assets on behalf of clients and transfer services for crypto assets on behalf of clients with regard to e-money tokens issued by the e-money institution
- Asset management companies the crypto-asset services reception and transmission of orders for crypto-assets on behalf of clients, advice on crypto-assets and portfolio management of crypto-assets if they are authorised to provide investment brokerage, investment advice and portfolio management in accordance with section 20 (2) or (3) KAGB
- Operators of regulated markets within the meaning of Art. 4 (1) no. 18 MiFID II may operate trading platforms for crypto-assets
