TVTG Compliance Checklist for Token Service Providers in Liechtenstein (2026)

Liechtenstein’s Token and TT Service Provider Act (TVTG) remains the most comprehensive national blockchain statute in Europe, and in 2026 it carries fresh operational weight as entities reconcile TVTG obligations with the EU’s Markets in Crypto-Assets Regulation (MiCAR) and its CASP licence requirements. Whether you are launching a token, custodying TT keys, or facilitating on-chain transfers, a rigorous TVTG compliance checklist for Liechtenstein in 2026 is no longer optional, it is the price of market access. This guide converts the dense statutory language of the TVTG into a practical, phase-by-phase checklist that token issuers, TT service providers, compliance officers and fintech founders can execute immediately.

Every obligation traced here is drawn from the official English translation of the TVTG published by the Government of the Principality of Liechtenstein and from the supervisory guidance of the Finanzmarktaufsicht (FMA).

TL;DR, 5-Minute TVTG Compliance Checklist

If you do nothing else today, run through these ten action items. Each one maps to a detailed section below.

1. Classify your activity. Determine whether you act as a token issuer, TT service provider, or both under Article 2 of the TVTG. This dictates which registration path applies.
2. Check whether CASP licensing also applies. If your services fall within MiCAR’s scope (e.g., exchange, custody, portfolio management of crypto-assets), you may need a CASP licence in addition to, or instead of, TVTG registration.
3. Register with the FMA. TT service providers must register before commencing business (TVTG Art. 12). Prepare the required documentation package well in advance.
4. Appoint a qualified compliance officer and AML officer. Both roles must be filled before registration; the FMA evaluates fitness and propriety.
5. Prepare and publish “basic information.” Token issuers must draft, verify and make publicly available a basic information document (TVTG Art. 13) before any token is offered.
6. Implement custody and safeguarding controls. If you hold TT keys on behalf of clients, Art. 25 safeguarding requirements demand documented custody procedures, key management policies and segregation of client assets.
7. Build your AML/KYC framework. Align with Liechtenstein’s Due Diligence Act (SPG) and the FMA’s AML guidance, including customer identification, beneficial-owner verification and transaction monitoring.
8. Operationalise the Travel Rule. Originator and beneficiary TT service providers must capture, transmit and store the data prescribed by the Travel Rule for every qualifying on-chain transfer.
9. Set up annual and incident reporting. Map every FMA reporting deadline, annual accounts, audit reports and mandatory incident notifications, into your compliance calendar.
10. Document everything. The FMA expects written internal policies, board resolutions, risk assessments and audit trails. If it is not written down, it does not exist.

What Is the TVTG and Who Is in Scope?

The Token and TT Service Provider Act, known by its German abbreviation TVTG, entered into force on 1 January 2020. It established Liechtenstein as the first jurisdiction to create a bespoke, technology-neutral legal framework for the tokenisation of rights and the professional provision of services on trustworthy technology (TT) systems, which include blockchain and distributed-ledger networks. The TVTG does not regulate tokens by type (utility, payment, security); instead, it regulates the services performed in relation to tokens and the TT systems that record them.

The Token Container Model (TCM)

Central to tokenisation compliance in Liechtenstein is the Token Container Model. The TVTG treats a token as a digital “container” that can represent any right, a claim, a membership right, a right in rem, or even a licence. The legal effect of a transfer on the TT system is that the right represented in the token follows the token: whoever holds the token holds the right, provided the basic information document accurately describes the rights contained in it. This model gives token issuers flexibility but also imposes a clear duty to describe the token’s legal content precisely in the basic information document.

Who Is a TT Service Provider?

Article 2 of the TVTG defines eleven categories of TT service provider. These include, among others:

• Token issuers, entities that generate and offer tokens to the public or to qualified investors.
• TT key depositaries, entities that safeguard TT keys (private keys) on behalf of third parties.
• TT exchange service providers, entities that exchange tokens for fiat currency, other tokens, or both.
• TT token custodians, entities that safeguard tokens on behalf of clients.
• TT protectors, entities that act as the legal representative of the rights contained in a token.
• Physical validators, entities that ensure the link between a physical asset and its digital token representation.
• TT price service providers, TT identity service providers, and TT verifying authorities, niche roles with specific registration and operational requirements.

Any person or entity performing one or more of these roles on a professional basis in or from Liechtenstein must register with the FMA before starting operations, as mandated by the TVTG.

Do You Need to Register, Obtain a CASP Licence, or Both?

Deciding which regulatory pathway applies is the first critical step in any TVTG compliance checklist for Liechtenstein in 2026. The answer depends on the nature of the service, the type of token involved, and whether MiCAR’s CASP framework captures the activity.

Registration With the FMA Under the TVTG

Registration under TVTG Article 12 is mandatory for any entity performing a TT service provider activity described in the Act. The FMA assesses the application against criteria including organisational adequacy, fitness and propriety of management, minimum capital requirements (which vary by activity), and the existence of a compliant AML/KYC framework. Registration is activity-specific: an entity providing multiple TT services may need to register for each one.

CASP vs TVTG, The MiCAR Interplay

Since 30 December 2024, MiCAR has applied across the European Economic Area (EEA), of which Liechtenstein is a member. Where a token qualifies as a “crypto-asset” under MiCAR and the service falls within MiCAR’s defined list of crypto-asset services, a CASP licence may be required instead of, or in parallel with, TVTG registration. Industry observers expect the FMA to adopt a pragmatic “one-stop” approach, but the dual-regime situation means providers must map each service to both frameworks.

Where both regimes apply, entities should engage Liechtenstein counsel early to structure the dual filing and avoid regulatory gaps. For a detailed walkthrough of the CASP application process, see the Liechtenstein CASP licence 2026 practical guide.

Step-by-Step TVTG Compliance Checklist

This section breaks down the core token service provider obligations into three operational phases: pre-launch, launch and post-launch. Use the table at the end of this section as a document-readiness tracker.

Phase 1, Pre-Launch (Legal Structuring and Documentation)

1. Legal entity formation. Establish the entity in Liechtenstein (or confirm EEA passporting eligibility). Ensure the articles of association reflect the intended TT service activities.
2. Map activities to TVTG categories. Prepare an activity-mapping memo listing every TT service you will perform and its corresponding TVTG Article 2 category.
3. Draft the basic information document. For token issuers, TVTG Article 13 requires a document describing the token’s rights, technical functioning, risks and the issuer’s identity. This is the Liechtenstein equivalent of a whitepaper and must be accurate, clear and not misleading.
4. Appoint key personnel. Identify and appoint the compliance officer, AML officer, and at least two members of the management body who meet the FMA’s fitness-and-propriety standards.
5. Draft internal policies. At a minimum, prepare: (a) an AML/KYC policy aligned with the Due Diligence Act (SPG), (b) a custody and key-management policy, (c) a business continuity plan, (d) an outsourcing policy (if applicable), and (e) a complaints-handling procedure.
6. Engage an external auditor. The TVTG requires an audit office to review compliance. Select a Liechtenstein-licensed audit firm and formalise the engagement.

Phase 2, Launch (Registration and Disclosure)

1. Submit the FMA registration application. Compile and file the registration dossier, including legal-entity documents, activity mapping, governance structure, proof of minimum capital, internal policies, and the basic information document (for token issuers).
2. Publish the basic information document. Once the FMA has processed the registration, make the basic information publicly available, typically on the issuer’s website, before any token is offered.
3. Activate AML/KYC controls. Before onboarding the first client, verify that customer-identification, beneficial-owner-verification and transaction-monitoring systems are fully operational.
4. Deploy custody infrastructure. If you hold TT keys or tokens for clients, ensure the safeguarding environment (cold storage, multi-signature wallets, key-ceremony procedures) is live and documented before accepting any client assets.

Phase 3, Post-Launch (Ongoing Reporting and Maintenance)

1. Annual reporting to the FMA. Submit audited annual accounts and the external auditor’s compliance report within the statutory deadline.
2. Continuous disclosure obligations. Update the basic information document whenever material changes occur (e.g., a change in the rights represented by the token).
3. Incident reporting. Report security breaches, loss of TT keys, and any material operational incidents to the FMA without undue delay.
4. Ongoing AML monitoring. Conduct periodic reviews of the client base, refresh KYC on a risk-based schedule, and file suspicious-activity reports (SARs) where required.

Document-Readiness Tracker

Custody, Safeguarding and Technical Controls

Token custody rules under the TVTG impose some of the most granular requirements in Europe. If your entity holds TT keys or tokens on behalf of clients, the safeguarding framework must be defensible in an FMA audit and resilient against both technical failure and internal misconduct.

TVTG Art. 25, Safeguarding Requirements

Article 25 of the TVTG mandates that TT key depositaries and TT token custodians implement appropriate organisational and technical measures to safeguard the tokens and TT keys entrusted to them. The FMA interprets this broadly: “appropriate” means proportionate to the value of assets under custody, the number of clients, and the risk profile of the TT system used. Key obligations include the segregation of client assets from the entity’s own assets, clear attribution of individual client holdings, and immediate recoverability of client assets in the event of the provider’s insolvency.

TT Keys and Custody Models

In practice, TT service providers must choose and document a custody model, or a combination, that meets Art. 25 requirements. The most common models include:

• Cold storage. TT keys stored on air-gapped hardware security modules (HSMs) or hardware wallets. Highest security; requires documented key-ceremony and access-control procedures.
• Hot wallets with multi-signature (multi-sig) controls. Keys distributed across multiple signers; transactions require a quorum. Faster for operations but demands rigorous signer-management policies.
• Multi-party computation (MPC). Cryptographic key-share distribution that eliminates any single point of compromise. Increasingly favoured by institutional custodians but must be documented and auditable.

Whichever model is adopted, the FMA expects written documentation covering key generation, storage, backup, rotation, destruction and emergency-recovery procedures.

Smart Contract Audit and Evidence Retention

Where tokens are governed by smart contracts, a pre-deployment audit by a qualified independent firm strengthens the compliance position, but it is not by itself sufficient to satisfy TVTG safeguarding obligations. The entity must also maintain evidence of post-deployment monitoring, vulnerability management and any contract upgrades. The audit control matrix below illustrates minimum evidence items.

On-Chain Transfers, the Travel Rule and Evidence of Transfer

Every qualifying on-chain transfer triggers obligations for both the originator’s and the beneficiary’s TT service provider. Liechtenstein implements the Travel Rule through its transposition of the EU Funds Transfer Regulation and the FATF Recommendation 16 framework, requiring transmittal of originator and beneficiary information alongside the transfer. The practical challenge is that blockchain transactions are pseudonymous by default, so compliance must be engineered into operational workflows.

What to Record for Every Qualifying Transfer

For each on-chain transfer processed by a registered TT service provider, the following data fields must be captured, transmitted to the counterparty TT service provider, and retained:

• Originator data: full name, account number (or TT address), and either the originator’s physical address, national identity number or date and place of birth.
• Beneficiary data: full name and account number (or TT address).
• Transaction data: date and time, amount, token type, transaction hash (on-chain reference).
• Risk-assessment notation: indication of whether enhanced due diligence was applied.

The originator’s TT service provider is responsible for collecting and transmitting this data before or simultaneously with the transfer. The beneficiary’s TT service provider must verify the completeness of received data and take risk-based measures, including rejecting or suspending the transfer, if information is missing. Industry observers expect the FMA to increase scrutiny of Travel Rule implementation during routine audits throughout 2026.

On-Chain Transfer as Legal Evidence

Under the Token Container Model, the on-chain transfer legal treatment is clear: the transfer of a token on the TT system is the mechanism by which the right represented in the token passes to the new holder. This means the on-chain transaction record serves as primary evidence of the transfer of ownership. TT service providers should maintain an immutable log that links the on-chain hash to the corresponding off-chain client identity data, creating a complete compliance chain for regulatory and evidentiary purposes.

Reporting, Annual Obligations and Enforcement Risk

Non-compliance with the TVTG exposes entities to supervisory measures, administrative penalties and, in serious cases, criminal sanctions. Understanding the reporting timeline and enforcement toolkit is essential to any TVTG compliance checklist for Liechtenstein in 2026.

Annual Reporting to the FMA

Registered TT service providers must submit to the FMA:

• Audited annual financial statements within the deadline prescribed by the FMA (typically within six months of the financial year-end).
• Compliance audit report prepared by the appointed external audit firm, confirming adherence to TVTG obligations.
• Updated governance documentation whenever material changes in management, ownership or business model occur, these must be notified without undue delay rather than on an annual cycle.

Incident Reporting

Security breaches, loss or compromise of TT keys, operational failures and suspected fraud must be reported to the FMA immediately. The FMA expects a preliminary notification within 24 hours and a detailed written incident report as soon as practicable. Delays in incident reporting are treated as aggravating factors in any subsequent enforcement action.

Supervisory Measures and Penalties

The FMA has a broad supervisory toolkit under the TVTG, including the power to:

• Issue binding instructions requiring specific remediation actions.
• Suspend or revoke registration for persistent or serious non-compliance.
• Impose administrative fines on both the entity and responsible individuals.
• Publish decisions as a deterrent measure.
• Refer matters for criminal prosecution in cases involving fraud, AML violations or operation without registration.

The likely practical effect of the FMA’s dual-regime oversight (TVTG plus MiCAR/CASP) will be intensified scrutiny of entities that have registered under the TVTG but have not assessed whether they also require CASP authorisation. Early indications suggest that the FMA regards this as a priority compliance gap in 2026.

TVTG vs MiCAR, Comparison Table

For entities that must navigate both Liechtenstein’s TVTG and the EU’s MiCAR framework, the following comparison highlights the key divergences and overlaps:

For a broader explanation of what a CASP entails, see our guide to crypto-asset service providers under MiCA regulation.

Practical Next Steps and Compliance Playbook

Translating the TVTG compliance checklist for Liechtenstein in 2026 into a concrete timeline requires disciplined project management. The following 30/60/90-day action plan is designed for entities that have not yet commenced their registration or compliance build-out.

• Days 1–30: Complete the activity mapping. Engage Liechtenstein counsel for a dual-regime assessment (TVTG + CASP). Draft the basic information document and begin internal-policy development. Initiate key-personnel recruitment or appointment.
• Days 31–60: Finalise internal policies (AML/KYC, custody, BCP). Select and engage the external auditor. Build or configure the custody infrastructure and Travel Rule data-capture system. Submit the FMA registration application.
• Days 61–90: Respond to any FMA queries on the application. Conduct a pre-launch compliance dry run (simulate a token issuance, custody onboarding and on-chain transfer). Publish the basic information document. Go live with full AML/KYC and reporting workflows.

Entities that are already registered but have not reviewed their position against MiCAR/CASP requirements should prioritise the dual-regime assessment in the first 30 days. For a step-by-step CASP application guide, consult the Liechtenstein CASP licence 2026 practical guide.

Appendix, Key Statute Extracts and Regulatory Links

The following statutory references and links are cited throughout this TVTG compliance checklist for Liechtenstein in 2026 and serve as the primary reference materials for compliance teams.

TVTG Article 2, Definitions and TT Service Provider Categories. Defines eleven categories of TT service provider activity and the key terms (token, TT system, TT key) that underpin the entire regulatory framework.

TVTG Article 12, Registration Obligation. Establishes that TT service providers must register with the FMA before commencing professional activity. Sets out the information and documentation to be submitted with the registration application.

TVTG Article 13, Basic Information. Requires token issuers to produce and publish a basic information document before any token is offered. The document must accurately describe the rights represented by the token, the issuer, and associated risks.

TVTG Article 25, Safeguarding of Tokens and TT Keys. Mandates that entities safeguarding client tokens or TT keys implement appropriate organisational and technical measures. Requires segregation of client assets and their recoverability in insolvency.

The following external regulatory resources provide the source texts and guidance on which this article relies:

• Official English translation of the TVTG, Government of the Principality of Liechtenstein
• FMA TVTG supervision and guidance page, Finanzmarktaufsicht Liechtenstein
• Travel Rule implementation guidance for Liechtenstein TT service providers
• CMS Expert Guide to crypto regulation in Lie

  Need Legal Advice?

  This article was produced by Global Law Experts. For specialist advice on this topic, contact Julia von der Osten at VON DER OSTEN Legal, a member of the Global Law Experts network.