Crypto Licence in Germany

A crypto licence in Germany is a regulatory authorisation issued by the Federal Financial Supervisory Authority (BaFin) under Section 32 of the German Banking Act (Kreditwesengesetz, KWG). Any business that provides cryptocurrency custody, trading, or brokerage services to clients in Germany must hold this licence. The application process involves submitting a detailed business plan, proving minimum capital of €125,000, and demonstrating robust AML/KYC procedures. Processing typically takes 6 to 12 months. Germany remains one of the few EU countries with an established, transparent framework for cryptocurrency regulations in Germany.

What Is a Crypto Licence in Germany?

Since January 2020, Germany has classified crypto-asset custody (Kryptoverwahrgeschäft) as a financial service under the KWG. This means that storing, managing, or safeguarding cryptographic keys on behalf of clients requires BaFin authorisation — the same regulator that oversees banks and insurance companies.

The legal basis is Section 1(1a) sentence 2 no. 6 of the KWG, introduced by the Act Implementing the Fourth EU Money Laundering Directive. BaFin treats crypto custody on par with traditional financial services, which gives licensed firms a significant credibility advantage when dealing with banks, institutional investors, and corporate clients.

Germany was the first EU member state to create a standalone regulatory category for crypto custody. This early-mover status has attracted hundreds of applications from both domestic and international firms seeking to operate within a clear legal framework.

Who Needs a Crypto Licence?

The licensing requirement applies to any entity that provides one or more of the following services commercially in Germany:

• Crypto custodians — firms that store private cryptographic keys or hold crypto assets on behalf of third parties
• Cryptocurrency exchanges — platforms that facilitate buying, selling, or swapping of crypto assets
• Crypto brokers and dealers — intermediaries that trade crypto assets for clients or on their own account
• Token issuers — companies issuing security tokens or crypto securities under the Electronic Securities Act (eWpG)
• Crypto fund managers — investment firms managing portfolios that include crypto assets

Firms based outside Germany that actively market crypto services to German residents also fall under BaFin’s jurisdiction. A mere website accessible from Germany may not trigger the requirement, but targeted advertising, German-language marketing, or accepting German clients likely will.

Types of Crypto Licences

BaFin does not issue a single “crypto licence.” Instead, the type of authorisation depends on the specific activities a firm intends to carry out:

Crypto Custody Licence (Kryptoverwahrgeschäft)

The most common type. Covers safekeeping and administration of crypto assets or private cryptographic keys for third parties. Required for wallet providers, custodial exchanges, and institutional custody services.

Proprietary Trading Licence (Eigenhandel)

Required when a firm trades crypto assets on its own account. This applies to market makers and OTC desks that buy and sell crypto from their own inventory.

Financial Commission Business (Finanzkommissionsgeschäft)

For firms that execute crypto transactions in their own name but on behalf of clients. Common for brokerage platforms.

Crypto Securities Licence

Under the Electronic Securities Act (eWpG), firms that register and administer crypto securities (Kryptowertpapiere) on a blockchain-based register need separate authorisation as a crypto securities registrar (Kryptowertpapierregisterführer).

Some business models require multiple licences simultaneously. BaFin encourages applicants to discuss their intended scope of activities before submitting a formal application.

Requirements for a German Crypto Licence

BaFin sets stringent requirements across several categories:

Minimum Capital

The initial capital requirement for a crypto custody licence is €125,000. For firms combining crypto custody with other financial services (e.g., proprietary trading), higher capital thresholds may apply — up to €750,000 or more depending on the activity.

Legal Entity and Registered Office

The applicant must be a legally established entity with a registered office and head office in Germany. Common legal forms include GmbH (limited liability company) and AG (stock corporation). Foreign companies typically need to establish a German subsidiary. Our team can assist with company registration in Germany as part of the licensing process.

Fit and Proper Management

At least two managing directors must demonstrate professional qualifications and personal reliability. BaFin conducts background checks covering criminal records, financial standing, and relevant professional experience (typically 3+ years in financial services or technology).

AML/KYC Compliance

A fully documented Anti-Money Laundering programme is mandatory. This includes customer due diligence procedures, transaction monitoring systems, suspicious activity reporting protocols, and appointment of a dedicated Money Laundering Reporting Officer (MLRO).

Business Plan

The application must include a detailed business plan covering the planned activities, target markets, revenue model, three-year financial projections, risk assessment, and organisational structure.

IT Security and Infrastructure

BaFin expects robust IT security measures: secure key management systems, multi-signature wallets, disaster recovery plans, regular penetration testing, and compliance with BaFin’s BAIT (Bankaufsichtliche Anforderungen an die IT) or equivalent DORA requirements.

Outsourcing and Internal Controls

Any outsourcing of critical functions must be documented and approved. The firm must maintain effective risk management, internal audit, and compliance functions — proportional to its size and complexity.

Application Process

The licensing process follows a structured path:

1. Pre-application consultation — An informal meeting with BaFin to discuss the business model and clarify which licences are needed. This step is optional but strongly recommended.
2. Document preparation — Compile all required documents: business plan, AML policy, IT security concept, organisational charts, CVs of directors, proof of capital, articles of association.
3. Formal application submission — File the complete application with BaFin. Incomplete applications are returned, which causes delays.
4. BaFin review and questions — BaFin examines the application and typically sends follow-up questions within 4-8 weeks. Response times during this phase significantly affect the overall timeline.
5. Bundesbank involvement — The Deutsche Bundesbank may be consulted, particularly on capital adequacy and prudential matters.
6. Decision — BaFin issues the licence or rejection. Approvals typically include specific conditions and ongoing reporting obligations.

Timeline: The entire process usually takes 6 to 12 months from the date of filing a complete application. Complex business models or delayed responses to BaFin queries can extend this to 18 months.

Costs of Obtaining a Crypto Licence

The total cost depends on the firm’s complexity and the scope of services sought:

The total upfront investment for a straightforward crypto custody licence typically ranges from €250,000 to €450,000, including capital requirements. Firms with more complex operations should budget accordingly.

Benefits of Getting Licensed in Germany

Despite the costs and effort, a German crypto licence offers substantial strategic advantages:

• EU market access under MiCA — Germany’s regulatory framework aligns closely with the EU Markets in Crypto-Assets Regulation (MiCA). Licensed firms will be well-positioned for EU-wide passporting once MiCA transition periods conclude.
• Banking relationships — German-licenced crypto firms can open business accounts with major banks. Unlicensed entities face severe difficulties accessing the traditional financial system.
• Institutional credibility — BaFin supervision signals trustworthiness to institutional investors, corporate treasuries, and high-net-worth clients.
• Legal certainty — Operating within a clearly defined regulatory framework reduces legal risk and provides a stable foundation for business growth.
• Talent and ecosystem — Germany’s fintech companies in Germany ecosystem, particularly in Berlin and Frankfurt, provides access to qualified compliance, legal, and technical professionals.

MiCA and the Future of Crypto Regulation in Germany

The EU’s Markets in Crypto-Assets Regulation (MiCA), fully applicable since December 2024, introduces a harmonised framework across all EU member states. Germany has been implementing MiCA through amendments to the KWG and new secondary legislation.

Firms already holding a BaFin crypto custody licence benefit from a transitional period (until mid-2026 in most cases) during which they can continue operating under existing authorisations. After the transition, they must obtain an MiCA-compliant licence — but the existing BaFin authorisation provides a significant head start.

New applicants filing after MiCA’s effective date may apply directly under the MiCA framework, with BaFin acting as the national competent authority.

Frequently Asked Questions

How long does it take to get a crypto licence in Germany?

The typical timeline is 6 to 12 months from the submission of a complete application to BaFin. Incomplete filings, complex business models, or slow responses to BaFin’s follow-up questions can extend the process to 18 months. Pre-application consultations with BaFin can help identify potential issues early and reduce delays.

What is the minimum capital requirement for a crypto licence?

For a standalone crypto custody licence, the minimum initial capital is €125,000. If the firm also conducts proprietary trading or other regulated financial services, the capital requirement increases — potentially to €750,000 or higher. The capital must be available as equity at the time of licence issuance and maintained on an ongoing basis.

Can foreign companies apply for a German crypto licence?

Foreign companies cannot apply directly. BaFin requires the applicant to have a registered office and head office (effective place of management) in Germany. In practice, foreign firms must establish a German subsidiary — typically a GmbH — and apply through that entity. The managing directors must also be physically present in Germany for day-to-day operations.

What happens if I operate without a crypto licence in Germany?

Operating a regulated crypto business without BaFin authorisation is a criminal offence under Section 54 KWG. Penalties include fines of up to €5 million and imprisonment of up to five years. BaFin can also order the immediate cessation of unlicensed activities and publish enforcement actions, which causes reputational damage.

Is a German crypto licence valid across the entire EU?

Under the current KWG-based regime, a German crypto custody licence is valid only in Germany. However, under MiCA (fully applicable since December 2024), firms holding an MiCA-compliant authorisation can passport their services across all EU and EEA member states. Existing BaFin-licenced firms benefit from transitional provisions that allow continued operation while they transition to MiCA compliance.