Crypto License in Greece: Requirements and Licensing Process

11.05.2026

For fast communication with a consultant

WeChat

Getting a crypto license in Greece is no longer a matter a digital-asset firm can leave to its own discretion. The country has, for the first occasion on any wide scale, set the European MiCA scaffolding into motion; a venue that swaps coins or a service that minds wallets must now secure clearance from the Hellenic Capital Market Commission — the HCMC — ahead of trading a single euro. The shift runs deeper than a tidy transcription of Brussels text into local statute. Athens is after three things at once: shareholders and clients shielded, the seams through which tax once leaked sewn shut, and the room a launderer might exploit squeezed thin. The product of that effort is a territory that markets itself, on purpose, as a place where the coin trade proceeds in the open and hands newcomers few unpleasant shocks.

What sits below maps, in plain speech, the firms the rule reaches and the file an applicant is expected to assemble. It walks the route to a permit stage by stage and flags the cash penalties that surface the moment a corner is cut.

Regulating cryptocurrency in Greece

Neither owning a coin nor dealing in one runs against any rule on the books, for all that the asset has never been raised to the standing of money that discharges a debt. The European framework reached home soil through a statute passed in spring 2025 and live since that April. Purchase, sale, safekeeping and mining remain on offer to individuals and firms alike, conditional on one thing only: that the compulsory anti-laundering and customer-identification duties are kept. A party running a business in the field, though, runs up against two points beyond bargaining — signing on with the supervisors and securing the permit itself. Let one of those go and the sanctions follow: fines that sting, assets sealed off, or the permit revoked. One further wrinkle warrants notice — a crypto-asset wearing the guise of a financial instrument, a deposit or an insurance product slips into no bespoke regime but stays bound by the older investment-services and prudential rulebooks.

In place of vesting the entire job in one body, the law spreads oversight across several. The market regulator occupies the centre, its attention trained on the service providers the new rules govern. Payment houses, and with them any crypto-tied firm whose holdings carry the look of a financial instrument, answer instead to the central bank.

Running down questionable money movements, leaning against illicit flows and opening inquiries wherever the risk flares up falls to the financial-intelligence arm. A separate role belongs to the finance ministry: it folds the European anti-laundering directives into national law, takes part in framing the rulebook for digital assets, and helps steer policy for the broader digital economy. Set out next is a table distilling the principal pillars of how the country reins in crypto.

Stage	Substance
First anti-laundering statute	carried the European fourth-round directive into national law, fastened the virtual-asset tag onto cryptocurrency, and made identity-and-laundering checks a fixture for crypto firms
Follow-on amendment	gave the fifth-round directive force, rendered sign-up obligatory for the service providers, and widened what due diligence demands
Regulator circular	laid down, in plain detail, the route by which a provider enrols and earns a licence, each stage watched over by the market authority
European crypto framework	the single bloc-wide rulebook on crypto-assets — reaching across tokens, stablecoins and the safeguarding of investors — taken up across the country through 2025

Who must register as a CASP and get a crypto license in Greece

A firm that so much as brushes up against cryptocurrency is obliged to clear formal registration and take on the matching permit the governing law demands. The reach of it is broad. Caught inside are the trading floors and exchanges where users buy, sell and swap digital assets. Caught inside too are the storage providers — the custodial arms that keep client balances safe, and the digital wallets by which a person tends to their own funds securely.

And the duty does not end there: it takes in the projects that mint tokens of their own or mount initial coin offerings, seeing as such ventures draw capital in and send digital assets into circulation. Trading without the permission ranks as a grave wrong, the sort apt to draw stern measures from the regulators. The practical takeaway for a firm is to think the legal side through before a project goes live — in part to keep clear of sanctions, in part to guard its name. There is a paradox in it, too: the tighter the regime gets, the more standing crypto services earn at home, and over time that confidence can draw fresh outside money in and lift the whole sector with it.

Requirements for CASP registration in Greece

Securing approval rests on getting past a sequence of regulatory gates that together lay the ground for operating lawfully and in the open within the field. The opening gate concerns form: an applicant must be a corporate body incorporated in Greece or elsewhere within the EU. Once that is settled, the dossier is put together and certified. The supervisor grants itself roughly two months to verify the papers are in, and it generally wraps its substantive review inside about forty working days — a window that stretches by half as much again where the applicant intends to issue asset-referenced or e-money tokens.

A great deal turns on standing up KYC/AML policies and then keeping them in force. The law requires that firms deploy reinforced means of establishing a customer’s identity, coupled with anti-laundering machinery, so the room left for illicit dealing is shut. Appointing an AML officer is mandatory for each operation — that individual shoulders the responsibility for enforcement, for drafting the risk-management protocols and for ensuring they hold in practice. On top of that, any holder of a CASP licence undertakes to submit transaction reports at regular intervals, the very mechanism by which the supervisor detects suspect activity and acts on the breaches it uncovers before they set in.

Watching customers, by the same token, never stops: it is not only the new arrivals under observation but everything users do thereafter — how funds travel, how wallets move. Slip on any single one of these and the consequence is severe. Operate unregistered and a fine lands, and past the fine the licence can be suspended or pulled for good.

Documentation for obtaining a crypto license in Greece

Pride of place in the file goes to a thorough write-up of how the company makes money, what services it puts on offer, and how it means to reach the markets it is aiming at. Sitting next to it, the plans for cross-border passporting carry weight, since they signal to the regulator a preparedness to work across assorted EU jurisdictions without stumbling over the rules.

An organisational chart has to be supplied, mapping who carries which role and which duty, set beside fit-and-proper attestations for those at the helm vouching for their competence and good faith. The conflict-of-interest policy must be committed to plain writing, so that the danger of corrupt or otherwise dishonest conduct within the firm is shut out.

One of MiCA’s load-bearing walls is satisfying the AML/CTF requirements. A firm’s policies and procedures have to prove they lock into the MiCA rules — vetting customers, keeping watch on transactions, reporting to the national supervisors without delay. The regulator wants unmistakable evidence that the processes meet exacting security standards and that financial dealings stay above-board.

Equally weighed is how sturdy the applicant proves on the technical and operational side. Schematics of the IT setup, cybersecurity protocols, the findings of penetration testing and plans for keeping the business running all have to be laid out. That stack of material attests that the company can ride out technical breakdowns and pare the danger of losing data, or losing the way into client assets, down to almost nothing.

On the money side comes evidence that the own-funds threshold is satisfied — a sum landing somewhere between 50,000 and 150,000 euros according to the activity category.

Class	Core activities	Additionally included	Minimum financial requirement
Class 1	relaying orders: passing on a client’s instructions without executing them itself	—	50,000 euros
Class 2	operating on the client’s behalf: positioned between them and a transaction on domestic or foreign markets	all of class 1, together with exchanging crypto-assets, holding tokens and safeguarding private keys behind protective technology (custodial services)	125,000 euros
Class 3	counselling on investment and managing crypto portfolios: analysis, advice and direct stewardship of a client’s funds under mandate	all of classes 1 and 2, together with running exchange infrastructure (overseeing centralised and decentralised platforms)	150,000 euros

Keeping client money out of harm’s way calls for a recommended kit of layered own funds, mechanisms that ring-fence assets, and professional-indemnity cover.

Should a company put out ART (asset-referenced tokens) or EMT (e-money tokens), it has the further task of tabling a White Paper and accompanying papers that set out what the tokens entitle the holder to, how governance is arranged, the terms on fees and redemption, and an account of the risk factors and reserve mechanisms. Those issuing asset-referenced tokens, as it happens, must sit on capital of 350,000 euros or 2 per cent of reserves. The table that follows pulls together the central documents and the leading requirements the filing for a MiCA crypto licence in the country has to carry:

Document	Explanation
Business profile	the firm’s earnings model, the services it puts up, the markets it goes after, and its intent to passport abroad
Governance and compliance	how the firm is structured, the channel it uses to resolve conflicts, and clean-record attestations on the people at its head
AML/CTF rules and transaction monitoring	the screening of customers, a watch held over operations, and the reporting lines running up to the national supervisors
Technical and operational resilience	cybersecurity protocols, the outcomes of penetration testing, and plans to stay running and to bounce back when something breaks
Capital and financial resources	own funds set in tiers, client assets fenced apart, and professional-indemnity cover
White Paper and disclosure (ART/EMT)	a uniform disclosure spanning token rights, governance, fees, redemption, the risk factors and the reserve mechanisms

Getting a crypto license in Greece: KYC and AML duties

At the heart of it lies a demand that a firm’s own customer-vetting procedures be designed to push the risk of dirty money down. Not a single registration goes ahead before identity has been pinned down through official documents or up-to-date KYC tools, which keeps the underlying records sound. From there, firms are bound to screen customers against the major international watch-lists — the bloc’s own sanctions registers alongside the leading US and UK ones — and to judge whether any of them counts as a politically exposed person.

An element the apparatus cannot manage without is the surveillance of wallets: every transaction is tracked as it happens, so that anything amiss surfaces while there is still time to act. Where a deal’s legitimacy begins to falter, the firm must send a suspicious-transaction report off to the Financial Intelligence Unit, and send it without delay.

Another duty laid on permit-holders rests on recordkeeping — each entry and operations log must be kept no fewer than five years, leaving the path open for inspections and audits later on. A control framework assembled along these tiers achieves more than trimming the chance of crypto being turned toward bankrolling illicit business; it shores up, just as much, the confidence of clients and of partners overseas.

Any questions?

Contact our specialists

Tax oversight for CASP license applicants in Greece

A shift is gathering across the digital-asset market in the country, spilling over the permit side as much as the apparatus that keeps watch on tax and laundering. The aim the authorities hold is to knit the supervision of crypto firms together with sharper financial-monitoring instruments. Command over tracing where money travels is moving to the dedicated anti-laundering body and the national revenue authority; and the moment dubious operations surface, to dig into where the funds came from, lock them down and set further inquiries running.

A tax of its own is pending a new body of rules, assembled by a government working group. Front and centre will be a levy on the capital gains that crypto dealings throw off. On the first proposal the figure sits at 15 per cent, worked out as the spread between an asset’s purchase price and what it later fetched. Beside it runs a plan for the usual 24 per cent VAT to land on a set of crypto-related services. The trading of crypto in itself, by the forecasts going round at present, is reckoned to sit clear of VAT — a balance struck on purpose between the load of tax and a spur for the sector to expand.

MiCA regulation in Greece: penalties for non-compliance

The fresh permit route for service providers switched on in spring 2025. What it asks falls into lockstep with the bloc-wide crypto rulebook, a fit that lets the national statute book couple itself to standards shared across the continent. Fall short of those rules and a firm lays itself open to consequences — steep money sanctions, a freeze on what it does, or the licence taken away outright.

Breach	Penalty
operating with neither registration nor a permit	a fine that can climb to 500,000 euros
gaps in meeting KYC/EDD obligations	penalties of 50,000 up to 250,000 euros per instance
failing to file reports on suspicious transactions	exposure in law, the permit open to being pulled
moving funds through anonymous wallets	investigations opened, with holdings at risk of seizure by the authorities

MiCA licensing in Greece: what changed in 2025

Beginning in 2025 the country rests its whole weight on the MiCA Regulation, drawing its home rules level with how the EU now treats digital assets. Among the heavier changes the new regime carries, these stand out:

one passport, the whole bloc. a provider enrolled and licensed at home may serve customers in every other member state without chasing a separate sign-off in each — which trims away much of the paperwork that ordinarily clogs work across borders.
a thicker guard for the user. providers are pressed to come clean on what they charge, what dangers ride along with a service, and what the user is on the hook for — the whole of it bent toward lifting both safety and plain comprehension a notch.
a tighter leash on issuing tokens. float a utility token or a stablecoin and heavier disclosure lands on you, wrapping in documentation, audit and compliance — a bundle assembled to firm up the product’s reliability and to leave investors guarded.
a watch out of Frankfurt. the European Central Bank looks set to keep an eye on the large stablecoin arrangements, the ones charged with holding money and operations steady the length of the bloc.

By weaving the MiCA clauses into its own tax and compliance apparatus, the lawmakers here are toiling to cast the country as a regulated, see-through hub for digital finance within the Union.

Conclusion: getting a crypto license in Greece

Setting both the MiCA Regulation and the home licensing law for crypto-asset service providers to work signals a decision the state has made and stuck to: to raise a transparent and secure market in digital finance. Clearance from the Capital Market Commission becomes a thing no venue operator, custodian or token issuer can step around, which holds their conduct level with European yardsticks and trims their legal, financial and operational exposure. A firm already on the books under the older regime is free to carry on through December 2025, provided it files its MiCA application within the window allowed. Let that handover slip and the entitlement to offer services lapses in full.

Companies that want to operate on Greek ground are bound to keep rigorously to the AML and KYC requirements, to install in-house procedures for watching customers, to keep tabs on transactions and to report to the regulator punctually. A methodical handling of licensing and control bolsters the faith of investors and partners, lifts the sector’s financial sturdiness and coaxes foreign capital in.

Having worked as a lawyer across cryptocurrency and financial technology, I am placed not merely to set out the fine detail of the freshest changes in Greek crypto law but to stand beside a client with full legal support through every stage of securing the permission.

FAQ on getting a crypto license in Greece

What is the legal status of cryptocurrency in the country?

It stands inside the law, steered by the EU financial rulebook — the 2025 MiCA Regulation — together with the statutes passed at home.

Does running a crypto exchange require a licence?

It does. Anyone offering crypto services has to register, draw the clearance of the Hellenic Capital Market Commission (HCMC), and hold to the AML rules.

How are cryptocurrencies taxed?

Earnings off crypto land under capital-gains tax or income tax, the choice between them turning on the shape of the dealings and how frequently they recur.

Does the country comply with the EU’s MiCA rules?

It does — the domestic crypto framework now lines up with the EU’s Markets in Crypto-Assets (MiCA) rules.

What is the minimum capital for the authorisation?

The MiCA threshold runs between 50,000 and 150,000 euros. An issuer of asset-referenced tokens has to hold 2 per cent of reserves, failing which 350,000 euros.