Crypto and the law:

Are you doing business in cryptocurrencies and unsure whether your business will comply with the new European MiCA regulation? This article provides clear guidance on how to verify the legality of your business model. You will learn everything you need to know about licensing procedures at the CNB, AML obligations, and specific rules for taxing crypto assets in 2025 to avoid risks and penalties.

Need advice on this topic? Contact the ARROWS law firm by email office@arws.cz or phone +420 245 007 740. Your question will be answered by "Mgr. Jáchym Petřík", an expert on the subject.

The end of the Wild West in crypto is here. Are you ready?

The era of unregulated cryptocurrency business is definitely over. This article is your essential guide to understanding the new rules defined by the European MiCA regulation. We will show you how to ensure that your business model is not only compliant with the law, but also strategically prepared for success in a new, professionalized market. You will get clear answers to questions about licensing, AML obligations, and taxation.

A new era of regulation: Why is 2025 a turning point for your crypto business?

The last few years have been like a gold rush in the cryptocurrency world. Low barriers to entry have enabled the creation of thousands of companies and projects. In the Czech Republic alone, nearly 30,000 entities operated on the basis of a simple trade license. However, this situation brought chaos, high risks, and legal uncertainty, which discouraged institutional investors and prevented wider adoption. That is now over.

The year 2025 brings a revolution in the form of the Markets in Crypto-assets Regulation (MiCA), which represents the first comprhensive and unified legal framework for crypto-assets across the European Union. This is not just a directive that states would have to implement in a complicated manner, but a directly applicable regulation. This creates a unified and harmonized market across all 27 member states.

The timetable is clear and unrelenting. The rules for stablecoins have been in force since June 30, 2024, and all other key provisions, in particular those regulating crypto service providers, will enter into force on December 30, 2024. For Czech entrepreneurs, this means a fundamental change: the free trade license for "providing services related to virtual assets" was abolished in February 2025. Every new provider of these services must now be a legal entity and obtain a license from the Czech National Bank (ČNB).

The new, capital- and process-intensive licensing procedure is not just a bureaucratic hurdle. It is a deliberate mechanism aimed at professionalizing and cleaning up the market. Of the tens of thousands of original tradespeople, only 232 entities have applied to the CNB for a new license, with CNB representatives openly stating that "not all of them will succeed." For reputable and well-prepared companies, such as those in your portfolio, this represents a unique opportunity to gain market share from entities that will be forced to cease their activities.

Are you a crypto service provider (CASP)? Key obligations you must not underestimate

If your company operates an exchange, provides crypto asset custody, portfolio management, or advisory services, you most likely fall under the definition of a crypto-asset service provider (CASP). The MiCA regulation imposes a number of new obligations on you, and ignoring them can have fatal consequences.

The first and most important step is to obtain a license from the Czech National Bank. The CNB has become the new supervisor and guardian of the market. Applying for a license is a complex process that requires the submission of a wide range of information. The applicant must be a legal entity based in the EU, demonstrate the integrity and professional competence of its management, and submit a detailed business plan, a description of internal control mechanisms, and risk management systems.

Another key area is capital requirements. MiCA sets a minimum amount of capital that CASPs must maintain at all times to ensure their financial stability and ability to cover potential losses. The amount varies depending on the type of services provided. For example, issuers of asset-backed tokens (ARTs) must have own funds of at least EUR 350,000.

Great emphasis is also placed on the protection of client assets. It is strictly required that client crypto assets and funds be held separately from the company's assets. This principle of segregation is a direct response to past collapses of large exchanges and aims to prevent the misuse of client deposits.

ARROWS lawyers have extensive experience with licensing proceedings at the CNB. We will prepare a complete application for you, secure all documentation, and represent you throughout the process so that you can focus on your business. For an immediate solution to your situation, write to us atoffice@arws.cz .

FAQ – Legal tips for CASP licensing

• Do I need to have a registered office in the Czech Republic to obtain a license?
  No, a registered office in any EU member state is sufficient. However, you must submit your application to the regulator in the country where your registered office is located. Do you need help choosing the optimal jurisdiction for your business? Contact us atoffice@arws.cz .
• What is "passporting" and how can it help me expand?
  A license obtained in one EU country (e.g., the Czech Republic) allows you to provide services throughout the Union without having to apply for additional licenses in each country separately. It is the key to a single European market with more than 450 million potential clients. Contact us atoffice@arws.cz and plan your European expansion.

Anti-money laundering (AML/CFT): Your business under the scrutiny of the authorities

Obtaining a MiCA license is only half the battle. At the same time, you must meet strict requirements for combating money laundering and terrorist financing (AML/CFT). The main supervisory authority in this area in the Czech Republic is the Financial Analytical Office (FAÚ).

The basis is the implementation of robust internal processes, which are primarily defined by the Czech AML Act (Act No. 253/2008 Coll.). Key obligations include:

• Customer identification and verification (KYC/CDD): You must reliably verify the identity of each customer and understand the nature of their business activities.
• Transaction monitoring: Your system must be able to detect and evaluate unusual or suspicious transactions.
• Reporting suspicious transactions: You are required to report any suspicious activity to the FAÚ without delay.

A major change that will change the rules of the game from December 30, 2024, is the so-called "Travel Rule." This rule, introduced by the Transfer of Funds Regulation (TFR), effectively ends the anonymity of transactions between regulated entities. For each transfer of crypto assets, you will be required to collect, store, and, upon request, provide information about both the sender and the recipient.

It is important to note that in some cases, your business may be subject to dual regulation. While services falling under MiCA are licensed by the CNB, certain specific activities that fall outside the scope of MiCA (e.g., services related to unique NFTs) may require a separate license directly from the FAÚ. Navigating this complex matrix of obligations without expert assistance is extremely risky.

AML/CFT and regulatory oversight

Risks and sanctions	How ARROWS helps
High fines from the FAÚ for inadequate KYC/AML procedures, up to CZK 10 million in extreme cases.	Preparation of customized internal AML guidelines – we will prepare a robust system of internal policies that will stand up to scrutiny. Do you need to prepare documentation? Contact us atoffice@arws.cz .
Criminal liability of company management for enabling the legalization of proceeds from criminal activity.	Professional training for employees and management – we will ensure that your team understands the risks and fulfills its obligations, including a certificate of completion. Would you like to train your team? Write tooffice@arws.cz .
Loss of license from the Czech National Bank due to violation of AML obligations and damage to reputation with banks and partners.	Legal consultation and audit of existing processes – we will review your procedures and identify weaknesses before the regulator does. Do you need a legal audit? Contact us atoffice@arws.cz .
Prohibition of activities and forced termination of business due to non-compliance with the Travel Rule (TFR).	Implementation of TFR into your processes – we will help you technically and legally set up the collection and transfer of transaction data in accordance with the regulation. Get a tailor-made legal solution atoffice@arws.cz .

Decentralized finance (DeFi): Really beyond the reach of regulators?

Many innovators and investors are turning to decentralized finance (DeFi) in the belief that it is a space free from regulation. The MiCA regulation does indeed primarily target centralized intermediaries (CASP) and largely omits fully decentralized protocols. However, this view is dangerously simplistic.

Regulators are increasingly taking note of a phenomenon that can be called the "illusion of decentralization." Many DeFi projects that appear to be fully autonomous actually have centralized points of control or failure. These may be the original developers who hold the administrator keys, small groups of governance token holders with majority voting rights, or the companies behind the protocol's development. It is precisely these entities that may become the focus of regulatory attention in the future.

The current absence of direct regulation of DeFi in MiCA is not a permanent exception, but rather a temporary postponement. European authorities have already announced that they will continue to address this area. It is likely that future rules will focus on identifiable control points and may also apply to activities that took place before their introduction.

It is therefore crucial for founders and investors in DeFi projects to proactively structure their projects today in order to minimize the risk of future legal liability.

In addition to regulatory uncertainty, DeFi also faces specific technical risks with legal implications:

• Errors in smart contracts: A "smart contract" is not a legal contract, but immutable code. A security flaw in it can lead to irreversible losses of millions of dollars.
• Oracle manipulation: Protocols that depend on external data (known as oracles) can be compromised by the provision of false information, which can lead to erroneous liquidations and huge financial losses.

Legal uncertainty in DeFi

Risks and sanctions	How ARROWS helps
Unclear legal liability for losses caused by code errors or hacker attacks.	Legal analysis and structuring of DeFi projects – we will assess your model and propose a structure (e.g., establishment of a foundation, DAO) that minimizes the personal liability of the founders. Want to know your legal options? Write tooffice@arws.cz .
Risk of future reclassification of your governance token as a security (financial instrument).	Legal opinion on the nature of the token – we will prepare a detailed analysis to help you navigate the regulations and reduce the risk of future disputes with regulators. Do you need a legal opinion? Contact us atoffice@arws.cz .
Disputes within DAOs (decentralized autonomous organizations) without a clear resolution mechanism.	Drafting and revision of governance rules – we will help you set clear and legally enforceable rules for the functioning of your DAO, including dispute resolution mechanisms. Our lawyers are ready to help you – write tooffice@arws.cz .

Taxation of crypto assets in 2025: Do you know the differences for companies and individuals?

The new rules for taxing crypto assets, effective from February 2025, have sparked a wave of enthusiasm. However, it is essential to understand who they apply to. Widely publicized tax breaks, such as the time and value tests, apply exclusively to individuals who do not hold crypto assets as business assets.

For legal entities and entrepreneurs, the situation remains unchanged. Income from the sale or exchange of crypto assets is always part of the total tax base for companies and is subject to the standard corporate income tax rate, which is currently 21%.

For context, let's briefly summarize the new rules for individuals:

• Value test: Income from the sale of crypto assets is tax-exempt if the total annual amount does not exceed CZK 100,000. Please note that this refers to income, not profit. This test does not apply to stablecoins.
• Time test: Income from sales is exempt if at least three years have elapsed between the purchase and the sale. The exemption applies up to a total limit of CZK 40 million per year (together with income from the sale of securities and shares).

However, other aspects are key for your company. Proper accounting for crypto assets is essential. They are most often accounted for as inventory of their own kind, but depending on the purpose of holding them, they can also be long-term assets. Each transaction must be carefully recorded and valued in Czech korunas, which is a significant challenge given the volatility of the market.

On the other hand, the good news is that one of the biggest historical problems of crypto business has been solved. New legislation gives licensed companies a clear right to open and maintain a bank account. Banks will no longer be able to arbitrarily refuse or cancel accounts of legitimate crypto companies.

Proper accounting and tax processes are crucial for crypto companies. At ARROWS, we not only advise you on taxation, but also help you communicate with banks and the tax office. Feel free to contact our office atoffice@arws.cz .

International expansion? With ARROWS International, the door is open

The new MiCA regulation is not just a set of obligations, but also a huge opportunity for expansion. Obtaining a license in any EU member state opens the door to the entire single market with more than 450 million inhabitants. With this step, the European Union has become the first major jurisdiction with a comprehensive and clear regulatory framework, giving it a head start over the fragmented approach in the US or Asia.

However, a license alone is not enough for successful expansion. You need a partner who understands not only European law, but also the local specifics of individual markets. This is where the strength of our ten-year-old ARROWS International network comes into play. Thanks to our partners in key European jurisdictions, we are able to ensure your company's smooth entry into new markets and resolve all legal requirements locally.

However, our services do not end with legal provisions. Thanks to our extensive network of contacts and a portfolio that includes more than 150 joint-stock companies, 250 limited liability companies, and dozens of municipalities and regions, we actively connect our clients. If you are looking for investment opportunities or strategic partners, we will be happy to help you establish valuable contacts. At ARROWS, we believe in building an ecosystem of successful companies.

From uncertainty to legal certainty with a partner who understands your business

The crypto asset market has matured. The new regulatory reality is challenging, but it also brings an unprecedented level of legal certainty and legitimacy. For companies that are ready to embrace the new rules, there is enormous scope for growth, innovation, and gaining the trust of mainstream investors and customers.

Navigating this new environment requires an experienced partner who understands not only the law, but also your business and technology. The ARROWS team has long specialized in crypto assets and FinTech. Our experience and speed guarantee that your business will stand on a solid and secure foundation.

Don't leave your business at the mercy of legal uncertainty. Whether you need to secure a license, set up AML processes, or optimize your taxes, the ARROWS team is ready to help. Contact us atoffice@arws.cz and get a tailor-made legal solution.

FAQ – Frequently asked legal questions about the legality of crypto businesses

1. What is the difference between a license from the CNB and a permit from the FAÚ?
   Simply put, the CNB supervises compliance with investor protection and market stability rules under MiCA and grants licenses to crypto service providers (CASP). The FAÚ focuses on anti-money laundering (AML/CFT) and may require a separate permit for activities that do not fall directly under MiCA but pose an AML risk. In practice, a company may need both. If you are facing a similar problem, contact us atoffice@arws.cz .
2. What happens if I continue to operate without a license after the transition period?
   Operating crypto-asset services without a valid license will be considered unauthorized business after the transition periods expire (no later than July 1, 2026, for existing providers). You may face heavy fines from the CNB, forced termination of your business, and, in serious cases, criminal prosecution. Do not hesitate to contact our office –office@arws.cz .
3. Does MiCA also apply to NFTs?
   MiCA generally does not apply to crypto assets that are unique and non-fungible (non-fungible tokens, NFTs), such as digital works of art. However, NFTs issued in large series or collections, which may be considered fungible and fall under the regulation, are an exception. The assessment is always individual. For an immediate solution to your situation, please write to us atoffice@arws.cz .
4. How should I, as a company, correctly account for crypto assets?
   In Czech accounting, crypto assets are most often reported as inventory of their own kind. It is necessary to keep detailed analytical records of each type of crypto asset and, for each transaction (sale, exchange), correctly determine the historical acquisition cost (e.g., using the FIFO method) and report the profit or loss. We will be happy to advise you on specific issues –office@arws.cz .
5. Can company management be criminally liable for AML deficiencies?
   Yes, definitely. The law on criminal liability of legal entities allows for the prosecution not only of the company as a whole, but also of specific members of the statutory body. In the event of a serious or deliberate breach of AML obligations that enables the legalization of proceeds from criminal activity, executives or members of the board of directors face criminal liability. Our lawyers are ready to help you – write tooffice@arws.cz .
6. What are the main differences in the regulation of crypto assets between the EU and the US?
   The main difference lies in complexity and uniformity. The EU has adopted a comprehensive MiCA framework that covers most crypto assets and services and applies uniformly throughout the Union. The approach in the US is fragmented – different agencies (SEC, CFTC) claim jurisdiction over different types of assets (cryptocurrencies as securities vs. commodities) and there is no uniform federal law. The EU currently offers significantly greater legal certainty. Do you need legal assistance with an international element? Contact us atoffice@arws.cz .

Don't want to deal with this problem yourself? More than 2,000 clients trust us, and we have been named Law Firm of the Year 2024. Take a look HERE at our references.