Germany: crypto & digital assets regulation

Regulated

BaFin-regulated crypto custody under KWG; MiCA implementation underway

Lead regulator:
Federal Financial Supervisory Authority (BaFin)
Key law:
German Banking Act (KWG) Section 64y
Last updated:
2026-07-12

Crypto custody business is a regulated financial service under the German Banking Act (KWG), requiring authorization from BaFin. Entities must comply with strict anti-money laundering obligations under the Money Laundering Act (GwG) and governance standards outlined in BaFin circulars.

The regulatory framework distinguishes between crypto custody and other activities, with custody being the primary licensed activity for crypto firms. The Bundesbank supports clear regulation to mitigate systemic risks from private digital money, while the EU-wide MiCA regulation is set to further harmonize the landscape.

Recent guidance emphasizes suitability requirements for management bodies and risk-based AML approaches. The jurisdiction maintains a cautious stance on private stablecoins, highlighting the importance of central bank digital currency for monetary sovereignty.

Who regulates

  • Federal Financial Supervisory Authority (BaFin)

    Primary supervisor for crypto custody licensing, AML compliance, and governance standards.

    [1][2][3][4]
  • Deutsche Bundesbank

    Monetary authority providing policy context on systemic risks and CBDC necessity.

    [5][6]

Core laws & rules

  • German Banking Act (KWG) (2020 (amended))

    Section 64y of the KWG establishes crypto custody as a regulated financial service, requiring BaFin authorization. It defines the scope of custody business and grants provisional authorization to early applicants.

    [3][4]
  • Money Laundering Act (GwG) (2020 (amended))

    Designates crypto custody providers as obliged entities under anti-money laundering rules, requiring risk-based due diligence and compliance measures.

    [2]

Licensing & registration

  • Crypto Custody License

    Authorization required for providing custody and administration of crypto assets. Provisional authorization was available for entities notifying BaFin by March 2020. Timeline: 1 January 2020 (start of regulation)

    [3][4]

Restrictions & warnings

  • Entities must adhere to strict governance and suitability requirements for management bodies as per BaFin Circular 11/2025. AML obligations are mandatory and risk-based.

    [1][2]
  • Private digital money scaling is viewed as a risk to monetary policy transmission, prompting calls for clear regulation and potential CBDC issuance.

    [5][6]

Direction of travel

  • Regulatory focus remains on strengthening oversight of private digital money and ensuring monetary sovereignty. Implementation of EU MiCA will further standardize requirements.

    [5][6]

Email alerts for Germany updates

New circulars, rules and guidance — a digest in your inbox, same day.

This guide is compiled automatically from 6 primary-source documents published by Germany's regulators, reviewed by RegAlert, and refreshed monthly (last updated 2026-07-12). It is not legal advice — always confirm requirements with the regulator or local counsel before acting.