The European legal framework – MiCA Regulation

The regulation of crypto-asset markets at the level of the European Union is no longer a legislative promise, but a legal reality. With the adoption of Regulation (EU) 2023/1114 on Markets in Crypto-Assets (MiCA), the Union establishes, for the first time, a unified and directly applicable legal framework specifically designed for digital assets not covered by existing financial regulations. Although the Regulation entered into force in 2023, the actual applicability of the provisions of the Regulation regarding crypto-asset service providers (CASPs) has been postponed, in order to allow Member States to establish the necessary institutional infrastructure.

National Initiative for the implementation of MiCA

In Romania, the implementation of the MiCA Regulation has been initiated through a draft Emergency Government Ordinance developed by the Ministry of Finance, which is currently subject to public consultation under the applicable transparency procedures. This legislative act lays down the national framework required for the effective enforcement of the new European provisions and, in accordance with Article 94 of the Regulation, delineates the distribution of responsibilities among the competent national authorities. Furthermore, the draft ordinance sets out the institutional architecture for the supervision of the domestic crypto-asset market, establishes the authorization regime applicable to crypto-asset service providers (CASPs), and introduces a specific framework of sanctions for regulatory breaches. It also regulates essential aspects such as the operation of Crypto ATM terminals, the technical and fiscal compliance obligations of service providers, as well as transitional provisions enabling entities that are already active to continue their operations until the relevant authorization is obtained under the new legal regime. Taken as a whole, the draft ordinance marks a transition from a previously fragmented and liberal regulatory environment to a unified and coherent legislative framework, fully aligned with European standards and aimed at supporting the development and institutional consolidation of the crypto-asset market in Romania.

Institutional architecture of crypto-asset market supervision

With regard to the allocation of responsibilities, the draft Emergency Ordinance designates two central authorities as responsible for the implementation of the Regulation: the Financial Supervisory Authority (ASF), an autonomous administrative body responsible for the regulation and oversight of non-banking financial markets, and the National Bank of Romania (BNR), the central bank of the Romanian state and the prudential authority for the banking sector and payment institutions.

ASF is entrusted with supervising the issuance of asset-referenced tokens (ARTs), other crypto-assets that are not electronic money tokens, as well as the provision of crypto-asset services, expressly including the operation of Crypto ATMs. In contrast, BNR is designated as the competent authority exclusively for the issuance of EMTs by credit institutions and electronic money institutions under its supervision.

Additionally, in terms of cross-border cooperation, ASF is appointed as the single point of contact for the European Securities and Markets Authority (ESMA), while BNR assumes the same role in relation to the European Banking Authority (EBA). To fulfil their statutory responsibilities efficiently, both authorities may be supported by other public institutions with technical, fiscal, or cybersecurity competencies, including: the Ministry of Internal Affairs (MAI), the National Authority for Consumer Protection (ANPC), the National Agency for Fiscal Administration (ANAF), the National Institute for Research and Development in Informatics – ICI Bucharest, and the Authority for the Digitalization of Romania (ADR). Inter-institutional cooperation mechanisms are strengthened through the possibility of concluding formal cooperation protocols.

Authorisation regime for crypto-asset service providers and related infrastructure

A distinct section is dedicated to the regulatory framework applicable to Crypto ATM terminals, defined as physical devices through which users may purchase or sell crypto-assets using cash or other payment methods. According to the draft legislation, the operation of such terminals is subject to prior authorisation by the Financial Supervisory Authority (ASF), acting as the competent authority. For this purpose, operators are required to submit two technical approvals: one concerning the physical model of the terminal, issued by the National Institute for Research and Development in Informatics (ICI Bucharest), and another concerning the IT system employed, issued by the Romanian Authority for Digitalisation (ADR). Furthermore, the draft establishes the obligation to implement technical mechanisms that enable real-time and remote access by the competent authority to transactional data, including the individual identification of users for each transaction carried out. The terminals must be equipped with authentication systems, encryption technologies and advanced security measures, and must be installed in locations compliant with the legal requirements for physical protection, as laid down by Government Decision No. 301/2012. The draft explicitly prohibits the installation of such terminals in in publicly accessible or unsupervised premises and requires prior notification to the ASF regarding the intended locations. Additionally, providers are required to ensure full transparency regarding fees and terms of use, as well as easy access to information concerning the risks associated with crypto-asset transactions.

With regard to the obligations imposed on crypto-asset service providers, the draft legislative act reflects the legislator’s intention to establish a market access regime that is both rigorous and proportionate, in line with the principles set out under MiCA. The draft Emergency Ordinance conditions the granting of authorisation on the cumulative fulfilment of clear requirements: the absence of outstanding tax liabilities, the absence of unreversed criminal convictions or relevant entries in the tax offence register, both for the legal entity and for the members of its management. Existing operators will be required to update their corporate purpose accordingly and notify either the Financial Supervisory Authority (ASF) or the National Bank of Romania (BNR), depending on the nature of the services provided. In addition, a monthly fee amounting to 0.5% of the revenues generated from authorised activities is established. This amount must be transferred in full to the ASF no later than the 15th day of the month following the one for which it is due, and is intended to support the Authority’s regulatory, supervisory and enforcement duties in the crypto-asset sector. Failure to pay this fee shall result in the revocation of the provider’s operating authorisation.

Supervisory mechanisms and the sanctioning framework

From a supervisory standpoint, the draft ordinance introduces a differentiated sanctioning mechanism, tailored to the nature of the entity and the severity of the breach. It draws a clear distinction between administrative offences and criminal violations, assigning enforcement powers to the two competent authorities – the Financial Supervisory Authority (ASF) and the National Bank of Romania (BNR). These authorities are empowered to apply a broad range of enforcement measures, including administrative fines, written warnings, suspension of activities, and public disclosure of the sanctions imposed. All sanctions are subject to procedural safeguards, including the right to challenge administrative decisions before a court of law. The underlying objective of this coercive framework is to ensure a high level of compliance and investor protection, without impairing the functioning of the market.

Transitional provisions and compliance challenges

In order to allow for the adaptation of entities already operating in the field of crypto-asset services on Romanian territory, the draft ordinance includes transitional provisions enabling such entities to continue their activity until authorisation is obtained under the new legal framework.

However, the wording of the proposed legislation creates legal uncertainty and necessitates further clarification, as the current formulation of the transitional provisions under Article XXXIV of the draft ordinance appears to extend the authorisation requirement to providers that are already authorised in another Member State of the European Union under the MiCA Regulation. This interpretation is not, however, expressly supported by any provision that would exclude the applicability of the cross-border service provision mechanisms laid down in the Regulation. While it is unclear whether this extension of the authorisation requirement was indeed intended by the legislator, the absence of an explicit distinction between the two categories of providers risks leading to inconsistent application of the regulation and to practical difficulties in ensuring compliance during the transitional period.

In addition, the draft legislative act introduces an obligation for crypto-asset platforms to undergo recurring technical audits, with a view to ensuring a high level of operational security and user protection. In cases where repeated security breaches are identified, the draft provides for gradual sanctions, which may ultimately lead to the suspension of the entity’s activity for a period of up to three years, as well as the obligation to fully compensate customers for the damages incurred.

The implementation of the MiCA Regulation in Romania is expected to fundamentally reshape the operational landscape for crypto-asset service providers. Significant investments in compliance infrastructure, advanced technology, and specialized personnel will be necessary. At the same time, increased investor confidence and enhanced market stability may constitute key advantages. From a legal perspective, the transposition of MiCA poses several challenges: the complexity of inter-institutional coordination, time constraints in adopting secondary legislation, and the risk of market concentration. These challenges are addressed through transitional arrangements and structured mechanisms for institutional cooperation.

Therefore, the proposed legislative measure constitutes a critical and necessary step toward establishing a regulated, functional, and credible crypto-asset market in Romania, fully aligned with European standards.