Micar, CARF and CASP Licences in Liechtenstein, What Digital‑asset Firms Must Do in 2026

Last updated: 29 April 2026

Liechtenstein has emerged as one of the EEA’s most purposeful jurisdictions for digital-asset regulation, and 2026 marks the year in which three compliance regimes converge on every crypto business operating from or through the principality. Firms that previously relied on Liechtenstein’s Token and Trustworthy Technologies Act (TVTG) registrations must now determine whether they need a full Liechtenstein CASP licence 2026 under the Markets in Crypto-Assets Regulation (MiCAR), prepare for EEA-wide passporting of that authorisation, and simultaneously build the data infrastructure required by the Crypto-Asset Reporting Framework (CARF). This guide provides the practical, step-by-step compliance roadmap that decision-makers, in-house counsel and compliance officers need, covering licensing thresholds, application checklists, passporting mechanics and the new crypto-asset transparency reporting obligations now in force.

Executive Summary and Key Decision Points

Before diving into regulatory detail, the following five action items capture the critical decisions facing digital-asset firms in Liechtenstein today:

• Licensing threshold. Any entity performing custody, exchange, transfer, brokerage, portfolio management or advisory services for crypto-assets in Liechtenstein requires a CASP authorisation from the Finanzmarktaufsicht (FMA) under MiCAR. A standalone TVTG registration is no longer sufficient for activities that fall within MiCAR’s scope.
• Grandfathering cut-off, 30 June 2026. Existing TVTG-registered VASPs that have not yet obtained or applied for CASP authorisation face a hard transition deadline of 30 June 2026, after which they may no longer provide MiCAR-regulated services without a licence.
• EEA passporting available. A Liechtenstein CASP licence entitles the holder to passport services across all 30 EEA member states via MiCAR’s notification procedure, a significant commercial advantage for firms targeting EU markets.
• CARF reporting starts 2026. According to the Liechtenstein Fiscal Authority (LLV), CARF reports must be submitted for reporting periods commencing as of 2026, requiring firms to capture transaction-level data, counterparty identifiers and wallet addresses now.
• Application lead time. Industry observers expect typical CASP application timelines in Liechtenstein to range from three to nine months. Firms that have not yet initiated a pre-application meeting with the FMA should do so immediately.

Crypto is legal in Liechtenstein. The principality has actively encouraged digital-asset innovation since the TVTG entered into force in 2020. The question is not legality but correct licensing, and the regulatory bar has risen substantially with MiCAR and CARF.

Legal and Regulatory Framework: TVTG, MiCAR Liechtenstein and CARF, How They Interact

Three overlapping legal instruments now govern digital-asset activities in Liechtenstein. Understanding their scope, and which rule takes precedence for a given business model, is the first step toward compliance with the Liechtenstein CASP licence 2026 requirements.

The TVTG in Brief, Liechtenstein’s Token Container Model

Liechtenstein’s Token and Trustworthy Technologies Act (TVTG), commonly known as the “Blockchain Act”, entered into force on 1 January 2020. It introduced the Token Container Model, a civil-law framework that allows virtually any right or asset to be represented as a token on a distributed ledger. The TVTG created registration categories for service providers, including token issuers, token generators, physical validators and key custodians, supervised by the FMA. Critically, the TVTG remains the governing framework for tokenisation mechanics, civil-law treatment of tokens and non-financial-services activities. It has not been repealed by MiCAR; instead, the two regimes coexist, each governing its own domain.

MiCAR Basics for CASPs

The Markets in Crypto-Assets Regulation (MiCAR), Regulation (EU) 2023/1114, establishes a harmonised EEA-wide licensing and conduct regime for crypto-asset service providers (CASPs). MiCAR defines ten categories of crypto-asset services, including custody, exchange, transfer, order execution, placement, advice and portfolio management, and requires any entity performing these services within the EEA to obtain authorisation from its home-state competent authority. As an EEA/EFTA state, Liechtenstein incorporates MiCAR through the EEA Agreement. The FMA serves as the competent authority for CASP authorisation in Liechtenstein. Provisions concerning asset-referenced tokens (ARTs) and e-money tokens (EMTs) carry additional prudential and reserve requirements that may layer on top of the general CASP framework.

MiCAR takes precedence over TVTG for any activity that falls within its scope. Where an entity’s services constitute “crypto-asset services” as defined in MiCAR, the firm must hold a CASP authorisation, a TVTG registration alone will not suffice. However, for activities outside MiCAR’s definitions (such as the tokenisation of traditional assets or purely civil-law token transfers), the TVTG remains the applicable framework.

Scope Overlaps, MiFID, MiCAR and TVTG

Liechtenstein is subject to MiFID II through EEA incorporation. Where a crypto-asset qualifies as a financial instrument under MiFID II, for example, a security token representing equity or debt, MiFID licensing (rather than MiCAR) applies. MiCAR explicitly excludes financial instruments, deposits, insurance products and pension products from its scope. This creates a three-tier classification task: determine whether the asset is a MiFID financial instrument, a MiCAR crypto-asset, or a token governed solely by the TVTG.

CARF and International Exchange, Liechtenstein’s Adoption

The OECD’s Crypto-Asset Reporting Framework (CARF) was finalised in 2023 and has been incorporated into the CRS framework via amendments adopted by Liechtenstein. According to the Liechtenstein Fiscal Authority (LLV), CARF reports must be submitted for reporting periods as of 2026. This means that CASPs and other reporting crypto-asset service providers must begin collecting reportable data from the start of 2026 and transmit reports to the LLV in the format and timeline prescribed. CARF operates alongside the existing Common Reporting Standard (CRS) automatic exchange framework, adding a crypto-specific data layer for international tax transparency.

Who Needs a CASP Licence in Liechtenstein in 2026

Not every blockchain-related business needs a CASP licence, but the scope is broad. The decisive question is whether the entity provides one or more of MiCAR’s defined crypto-asset services to third parties on a professional basis within Liechtenstein or cross-border into the EEA.

Commercial vs Regulated Activities

The following activities trigger CASP authorisation under MiCAR when performed in relation to crypto-assets:

• Custody and administration of crypto-assets on behalf of clients
• Operation of a trading platform for crypto-assets
• Exchange of crypto-assets for funds or for other crypto-assets
• Execution of orders for crypto-assets on behalf of clients
• Placing of crypto-assets
• Reception and transmission of orders for crypto-assets
• Providing advice on crypto-assets
• Portfolio management of crypto-assets
• Providing transfer services for crypto-assets on behalf of clients

Activities that remain purely within the TVTG domain, such as token generation for one’s own account, physical validation (mining) without custodial elements, or development of blockchain infrastructure, generally do not require a CASP licence, though a TVTG registration may still apply.

Common Edge Cases, Staking, DeFi and Custody-as-a-Service

Several business models sit in grey areas that require careful analysis:

• Staking-as-a-service. Where a provider holds clients’ tokens and delegates them for staking, this likely constitutes custody and potentially transfer services, triggering CASP authorisation.
• Decentralised finance (DeFi) protocols. Truly decentralised, non-custodial protocols may fall outside MiCAR if no identifiable service provider exists. However, where an entity controls governance, holds keys or operates front-end interfaces, the FMA may treat it as a CASP. Industry observers expect regulatory scrutiny of DeFi front-ends to increase through 2026.
• Custody-as-a-service (white-label). An entity providing custodial technology to other regulated firms may itself need authorisation if it exercises control over client assets.

The practical test is control: if the entity holds, moves or manages client crypto-assets, or facilitates their exchange, the likely practical effect will be that a CASP licence in Liechtenstein is required.

Applying for a Liechtenstein CASP Licence, Step-by-Step Checklist, Timeline and Costs

The FMA has confirmed CASP authorisations in Liechtenstein, and the application process follows a structured sequence. Practitioners familiar with the process report that thorough preparation, particularly a pre-application meeting with the FMA, materially reduces processing time and the risk of rejection.

Corporate and Governance Requirements

Applicants must establish a Liechtenstein legal entity (typically an Aktiengesellschaft (AG), Gesellschaft mit beschränkter Haftung (GmbH) or Anstalt) with a registered office and place of effective management in Liechtenstein. Key governance requirements include:

• At least two directors who are fit-and-proper, with relevant professional experience
• At least one director resident in the EEA (Liechtenstein residency preferred by the FMA in practice)
• Clear organisational charts showing reporting lines, compliance function, internal audit and risk management
• Minimum initial capital as specified by MiCAR for the relevant service categories (thresholds vary by service type, with the regulation prescribing minimum own-funds requirements)
• Identification and verification of all ultimate beneficial owners (UBOs)

AML/CFT and Compliance Programme Required

A comprehensive AML/CFT programme must be submitted with the application. The FMA assesses this against Liechtenstein’s Due Diligence Act (SPG) and the EEA anti-money-laundering directives. The programme must include:

• Customer due diligence (CDD) and enhanced due diligence (EDD) procedures
• Transaction monitoring systems with defined parameters and escalation protocols
• Sanctions screening (EU, UN, OFAC and Liechtenstein national lists)
• Suspicious activity reporting procedures to the Financial Intelligence Unit (FIU)
• A designated Money Laundering Reporting Officer (MLRO) with adequate authority and resources
• Ongoing staff training programme with documented schedules

IT/Security and Custody Technology Evidence

For CASPs providing custody or operating trading platforms, the FMA requires detailed documentation of IT infrastructure, cybersecurity policies, key management systems, disaster recovery plans and business continuity arrangements. Applicants must demonstrate segregation of client assets and describe the technical controls preventing unauthorised access to private keys.

Document Checklist

Typical Timeline

1. Company formation, 2 to 4 weeks (entity registration with the Public Register).
2. Pre-application meeting with FMA, schedule as early as possible; the FMA encourages informal dialogue before formal submission.
3. Application preparation, 4 to 12 weeks (depending on readiness of policies, IT documentation and AML framework).
4. Formal submission and FMA review, 3 to 6 months (the FMA may issue information requests that extend the clock).
5. Authorisation decision, issued once all requirements are met; total end-to-end timelines typically range from 3 to 9 months.

Common Application Pitfalls

• Incomplete AML framework. Submitting generic templates rather than business-specific risk assessments and monitoring parameters.
• Weak IT security documentation. Lacking penetration test results, incident response runbooks or clear private-key management protocols.
• Unclear governance. Missing or ambiguous reporting lines between the board, compliance function and operational management.
• Capital shortfalls. Failing to account for ongoing own-funds requirements (not just initial capital) in financial projections.
• Residency gaps. Not having at least one EEA-resident director or effective management presence in Liechtenstein at the time of application.

MiCAR Passporting via Liechtenstein, Commercial and Practical Steps

One of the most compelling reasons to obtain a Liechtenstein CASP licence 2026 is the ability to passport crypto-asset services across the entire EEA, all 27 EU member states plus Iceland and Norway, without requiring separate authorisation in each jurisdiction. As an EEA/EFTA member, Liechtenstein’s FMA-issued CASP authorisations carry the same passporting rights as those issued by any EU member state’s competent authority under MiCAR.

Notification Procedure and Templates

The passporting mechanism under MiCAR follows a notification model rather than an approval model. Once authorised in Liechtenstein, the CASP notifies the FMA of its intention to provide services in one or more host EEA states. The FMA then transmits the notification, including details of the services to be offered and the target markets, to the host-state competent authorities. The host state does not approve or reject the notification; it may only impose local marketing rules and consumer-protection requirements that are compatible with MiCAR.

Practical Timeline and Interaction with Host Regulators

Early indications suggest the following practical sequence:

1. Internal decision, identify target host states and service scope.
2. Notification filing, submit the passporting notification to the FMA with required information (entity details, service categories, target states).
3. FMA transmission, the FMA forwards the notification to host-state authorities within the timeframe prescribed by the regulation.
4. Host-state waiting period, services may commence after the prescribed notification period expires (the regulation establishes a clear timeframe for host-state review).
5. Ongoing compliance, the CASP must comply with host-state marketing and conduct requirements; the FMA remains the primary supervisor.

Commercial Considerations for Crypto Licensing via EEA Passport

Passporting via Liechtenstein offers several advantages. The principality’s compact regulatory environment allows for direct interaction with the FMA. Liechtenstein’s long track record with the TVTG means the regulator has deep institutional knowledge of blockchain-native business models. For firms comparing jurisdictions, a useful reference is our comparison of VASP/crypto licensing across top jurisdictions. Additionally, firms launching a crypto exchange may find Liechtenstein’s passporting route particularly efficient for accessing multiple EU markets from a single licence.

However, passporting does not eliminate all host-state obligations. Firms must still comply with local language requirements for client communications, host-state advertising rules and any applicable consumer-protection provisions. Maintaining a register of host-state obligations is essential.

CARF and 2026 Crypto-Asset Transparency Reporting, What Firms Must Do Now

The Crypto-Asset Reporting Framework introduces a new automatic exchange-of-information standard specifically for crypto-assets. According to the Liechtenstein Fiscal Authority (LLV), CARF reports must be submitted for reporting periods as of 2026. This is not a future obligation, it is operational now, and firms must already be collecting the required data.

Data Mapping and System Changes

Reporting crypto-asset service providers (RCASPs) under CARF must capture and store the following data fields for every reportable transaction:

• Customer identification data, full name, date of birth, jurisdiction of residence, tax identification number (TIN) and, where applicable, entity classification
• Transaction details, type of transaction (exchange for fiat, exchange for other crypto-assets, transfer), transaction value in fiat equivalent, date and timestamp
• Crypto-asset identifiers, type of crypto-asset, wallet addresses involved (where available)
• Aggregate data, total gross proceeds from disposals, total number of units transferred and their fair market value at the time of each transaction

Firms must map these fields against their existing database schemas and, in most cases, implement new data-capture workflows. The OECD’s CARF technical guidance provides the standardised XML schema that jurisdictions, including Liechtenstein, are expected to adopt for transmission.

Reporting Process, Who Files, and When

Under Liechtenstein’s implementation, the entity that qualifies as an RCASP (essentially, any entity effectuating exchange transactions or transfers on behalf of customers) bears the reporting obligation. Reports are transmitted electronically to the LLV, which then exchanges the data with partner jurisdictions under bilateral or multilateral competent authority agreements. The LLV’s guidance specifies the transmission channel and format requirements. Firms should consult the LLV’s dedicated CARF guidance page for the latest filing calendar and technical specifications.

Interaction with CRS and Other Exchange Frameworks

CARF does not replace the CRS. Financial institutions that already report under CRS must continue to do so. Where a crypto-asset service provider also holds traditional financial accounts (for example, fiat on-ramp balances), both CRS and CARF reporting obligations may apply simultaneously. Firms need dual compliance processes, though the data collection infrastructure can be shared. For firms also active in North America, parallel obligations may exist, our guide to obtaining an MSB licence in the US covers the American reporting landscape.

Operational, AML/CFT, Governance and Tech Compliance Post-Licence

Obtaining a CASP licence is only the starting point. Day-one operational compliance requires that all systems, policies and personnel be fully functional from the moment the authorisation is granted.

AML/KYC Checklist, Ongoing Obligations

• Transaction monitoring, automated, rule-based and behaviour-based monitoring with regular parameter reviews
• Sanctions screening, real-time screening of all customers and counterparties against EU, UN and Liechtenstein lists, with immediate freezing procedures
• Suspicious activity reporting, documented escalation from front-line staff to the MLRO and onward to the FIU within prescribed timeframes
• Record retention, all customer identification records, transaction records and monitoring alerts retained for a minimum of five years after the end of the business relationship
• Ongoing due diligence, periodic review of customer risk profiles, with enhanced scrutiny for politically exposed persons (PEPs) and high-risk jurisdictions
• Internal audit, regular independent reviews of AML/CFT effectiveness, reported to the board

Third-Party Custodial Arrangements and Contractual Protections

CASPs that outsource custody or key management to third-party providers must ensure that outsourcing arrangements comply with MiCAR requirements. The CASP remains fully responsible to the FMA and to clients for outsourced functions. Contracts must include clear provisions on liability, audit rights, incident notification, data access and termination. For deeper context on what the CASP designation entails under MiCA, firms should review the regulatory definitions carefully before entering outsourcing arrangements.

Reporting and Licensing Obligations by Entity Type, Comparison Table

The following table helps firms self-diagnose their likely obligations under the 2026 Liechtenstein regulatory framework:

Conclusion and Next Steps, Your Liechtenstein CASP Licence 2026 Action Plan

The convergence of MiCAR, CARF and the TVTG in 2026 creates both obligation and opportunity for digital-asset firms in Liechtenstein. The principality’s streamlined regulatory access, deep institutional expertise and EEA passporting capability make it an attractive base, but only for firms that meet the compliance bar. The following 30/60/90-day action plan provides a structured path forward:

• Within 30 days: Conduct a regulatory gap analysis, classify all crypto-asset services against MiCAR definitions and identify whether existing TVTG registrations cover ongoing activities. Begin CARF data-field mapping across internal systems.
• Within 60 days: Engage Liechtenstein legal counsel to schedule a pre-application meeting with the FMA. Finalise the AML/CFT manual, governance documentation and IT security policies. Initiate a capital-adequacy assessment against MiCAR own-funds thresholds.
• Within 90 days: Submit the formal CASP application to the FMA with complete documentation. Launch CARF-compliant data collection processes. Begin preparing passporting notifications for target EEA markets.

Firms that act now retain the advantage of entering the FMA’s review pipeline ahead of the 30 June 2026 transition cut-off. Those that delay risk operating without a valid licence, a regulatory and commercial risk that no serious digital-asset business can afford. The Liechtenstein CASP licence 2026 process is demanding but navigable with proper preparation, and the payoff, full EEA market access from a single authorisation, is substantial.

For an initial licence-readiness assessment or to discuss your firm’s specific regulatory position, visit the Global Law Experts lawyer directory to connect with qualified Liechtenstein counsel experienced in digital-asset regulation.

Sources

1. Finanzmarktaufsicht Liechtenstein (FMA), First Authorised CASP in Liechtenstein
2. Liechtenstein Fiscal Authority (LLV), CARF Guidance
3. European Commission, Markets in Crypto-Assets Regulation (MiCAR)
4. OECD, Crypto-Asset Reporting Framework (CARF)
5. Chambers Practice Guides, FinTech 2026: Liechtenstein
6. Global Legal Insights,