Key Takeaways
- Bulgaria offers EU market access and a unified regulatory framework that can lend credibility to crypto companies. Utilise Bulgarian VASP registration to provide a multi-national consumer base under established EU regulations.
- A flat 10% corporate tax and relatively low registration fees, usually costing EUR 5,000–8,000, bolster the bottom line. Tax efficiently and redirect savings into technology and compliance, rather than capital buffers.
- Main route is VASP registration with the National Revenue Agency (with oversight from the FSC), with optional EMI/PSP licenses for wider services. Map your business model to the precise authorisations you require, checking consistency against new EU-wide requirements.
- The licensing path is structured and achievable: incorporate an EOOD/OOD, prepare corporate and ownership documents, develop AML/CFT policies, appoint a qualified compliance officer, and submit your VASP application with the required fee. Gather all required documentation early in the process to reduce review times.
- Post-licence compliance is ongoing, including reporting to the NRA, robust KYC & transaction monitoring, and annual financial statements prepared under Bulgarian GAAP or IFRS. Put in safeguards, and hire accountants who know crypto and Bulgarian tax law.
- Look forward to banking obstacles and increased regulatory oversight as MiCA enters in 2025. Develop connections with crypto-friendly EU banks, ensure policies reflect EU norms, and keep track of regulatory developments to stay on top.
Crypto licence in Bulgaria is a registration for VASPs with the National Revenue Agency under the Measures Against Money Laundering Act. Providers must have AML and KYC controls, designate an AML officer, retain records and report suspicious activity. Corporate set‑up in Bulgaria and fit-and-proper management expected. It involves submitting corporate papers, internal policies and criminal record checks. Timescales depend upon the file quality and regulator capacity. Fees include state fees and support, which vary. As an EU member, Bulgaria will move to MiCA, with CASP authorisation replacing simple registration during 2024–2025. The sections below plot today’s steps, costs and timelines, and summarise the upcoming MiCA changes ahead.
Why Choose Bulgaria?
A Bulgarian crypto license provides access across the EU, a low and predictable tax rate, and a viable route to market. The economy is stable, the regulations match that of the EU and the setup is straightforward with timelines that most teams can work their way around.
EU Market Access
Bulgaria is an EU member so a locally registered Virtual Asset Service Provider (VASP) can place services within a harmonised regulatory environment based on EU law and guidance. This enables exchanges, brokers, wallet providers, and token platforms to market cross-border without having to rebuild the compliance stack for each nation.
Passport-style positioning for EU-wide access under common rules.
Easier compliance mapping under AMLD and travel rule standards.
Exposure to a large retail and institutional user base.
Improved credibility from operating under recognised EU supervision.
Smoother partnerships with EU banks, PSPs, and custodians.
With established and predictable framework partners and investors can do their due diligence. It decreases friction when working with KYC vendors, auditors and security providers across the single market.
Favourable Taxation
Bulgaria has a flat 10% corporate income tax – one of the lowest in Europe – which can enhance net margins for crypto activities such as exchange operations, staking-as-a-service, or custody fees. Double-tax treaties mitigate cross-border tax duplication, and lower payroll costs and social contributions keep staff-heavy functions like compliance, engineering and support nimble. Crypto services are VAT exempt in Bulgaria, slashing pass-through costs on fees. Certain profit distributions to residents of other EU countries can be made at 0% withholding tax, subject to treaty terms and substance tests, which may fit with group treasury plans. Inside the EU, businesses can create companies for optimal tax planning – local tax advice should be sought to ensure transfer pricing, IP ownership and intercompany services comply with the latest guidance.
Cost-Effective Operations
Company setup and licensing expenditure frequently sits around EUR5,000 – 8,000, depending on the extent of advice required. Office, staffing and professional services are generally cheaper than Estonia, Lithuania and Malta, reducing the burn rate for the first 12-18 months.
Savings allow teams to fund security audits, chain analytics, SOC 2 or ISO 27001 work instead of pure admin.
Sensible Capital Rules
Bulgaria permits VASP registration without a large mandatory minimum capital, lowering the barriers for early-stage teams.
That means no locked capital like elsewhere, so you can deploy funds in product, liquidity and risk management.
Companies can scale responsibly – inject paid-up capital as volumes increase and as banking partners impose limits.
The outcome is open access, enticing both startups and seasoned founders looking for speed, clear rules and space to expand in a safe EU environment. The typical licensing timetable is approximately 2-6 months on a light-touch process, with few restrictions but strong compliance responsibilities.
Understanding the Bulgarian Crypto Licence
Bulgaria’s approach to crypto is set out in the Law on Financial Supervision and AML Act, with stable policy since 2018 and in line with the EU’s 5AMLD. Oversight includes both the National Revenue Agency (NRA) for VASP registration, AML/VAT, and the Financial Supervision Commission (FSC) for VASP investment services, as well as the Bulgarian National Bank (BNB) for payment services and e‑money. Firms must keep a local footprint: a Bulgarian company, registered office, and real substance.
Licence/Status | Scope of services | Main authority | Key requirements | Typical use case |
|---|---|---|---|---|
VASP Registration | Exchange, broker, and custodian wallet for crypto | NRA | AML/CFT policies, KYC, beneficial owner data, internal controls, local address | Spot exchange, wallets |
Financial Institution (registration) | Certain financial services without taking deposits | BNB | Fit-and-proper, governance, AML, reporting | Lending backed by crypto, factoring |
Payment Institution (PI/PSP) | Payment services in fiat | BNB | Capital tiers per PSD2, safeguarding, IT and ops | On/off-ramps, fiat rails |
Electronic Money Institution (EMI) | Issue e-money, payment accounts | BNB | Higher capital, safeguarding, strong governance | Stablecoin off-ramp, cards |
Investment Firm | Investment services in instruments/crypto-securities | FSC | MiFID II rules, capital, conduct, reporting | Tokenised securities, brokerage |
Company setup is light: a limited liability company can start with BGN 2 (€1) minimum capital, but you still need a local director, office, and staff aligned to your risk profile. Crypto transactions are typically categorised as services or intangible documents for VAT. Corporate profits incur a flat 10% rate.
VASP Registration
By submitting an online registration on the NRA’s electronic platform. Other information will be required to be submitted such as corporate documents, proof of registered address, ultimate owners information, and evidence of internal controls.
Provide AML/CFT policies comparable with 5AMLD and Bulgaria AML regulations. Risk scoring, KYC by risk, sanctions screening, blockchain analytics where fit, and enhanced checks for high-risk clients demonstrates trackable functions, training schedules and audit trails.
We can’t keep things alive.” Update them when your products change, or when EU rules such as MiCA & AMLR come into force. Recordkeeping, suspicious activity reports and periodic reviews are ongoing obligations.
Substance over form. Appoint a local compliance officer, keep a case management tool and test controls. That includes desk and on-site inspections.
Beyond VASP
Certain models require more than VASP status. If you’re planning fiat accounts or card issuing, an EMI or PI licence under the BNB might be relevant. For tokenised shares or investment advice, you’ll require an FSC investment firm license. For lending or similar, a Financial Institution registration may cover non-deposit credit activity. Having multiple permissions can broaden your offer (e.g. VASP + PI for smooth on/off-ramps, or VASP + investment firm for crypto-securities), but increases capital, governance, IT and audit overheads. Map your product stack now to future EU goals: pass-on under EMI/PI/investment firm regimes can facilitate EU-wide growth, while MiCA could introduce authorisation or notifications for asset-referenced or e-money tokens and crypto service providers.
Regulatory Bodies
The FSC supervises investment services and markets, covering tokenised securities and firms under MiFID II. The NRA oversees VASP registration, AML supervision, and tax/VAT compliance. It gives EMIs and PIs permissions, registers Financial Institutions, and establishes safeguarding and operational requirements for payment flows.
Stay alert to EU changes: MiCA for crypto-asset services, AMLR/AMLA for centralised AML supervision, and updates to 5AMLD practice. Watch out for Bulgarian announcements, adapt client risk models and revise contracts and disclosures as scope changes.
How to Obtain Your Crypto Licence
Bulgaria does not issue a “crypto licence”. Instead, crypto businesses must register and abide by anti‑money laundering and counter‑terrorist financing regulations. Our step-by-step guide walks you through company setup, AML readiness and VASP registration with the National Revenue Agency (NRA).
Set up a local limited company (OOD/EOOD) with at least 2 BGN share capital and a Bulgarian legal address.
Draft essential corporate and AML documents (Articles of Association etc. Ownership data)
Build AML/CFT policies, KYC, and monitoring controls.
If useful, appoint a compliance officer or outsource.
Submit VASP registration with the NRA, pay the state fee (~50 BGN ≈ 25€), respond to checks.
1. Establish Your Company
Get an OOD or EOOD to operate under. Its minimum share capital is 2 BGN (around 1 EUR). You need a legal address in Bulgaria – not an office or local staff.
Pick a bespoke company name and draft Articles of Association. Explain your crypto scope (exchange, brokerage, wallet, etc.).
List founders and directors that comply with Bulgarian law Application with the commercial register Full company registration and VASP process can take up to a month in practice.
2. Prepare Key Documents
Gather passports or ID cards for all directors and shareholders, along with clean criminal record certificates (where applicable). Draw up an ownership and control ‘map’, identifying ultimate beneficial owners and decision‑makers. Draft and notarise your AoA according to Bulgarian law, and prepare a concise business plan that specifies your crypto activities, target markets, counterparties, key service providers, expected volumes and how you’ll make and retain profit. Include information on governance, cyber security, and record-keeping. These packs back banking and auditors, and the NRA review, and reduce back‑and‑forth later on.
3. Develop AML/CFT Policies
Write policies that align with Bulgarian and EU AML rules. Cover risk assessment, onboarding, ongoing checks, and reporting.
Set KYC levels for all customers. Confirm identity, source of funds where applicable and conduct record-keeping. Retain customer and transaction data in accordance with legal retention periods.
Include transaction monitoring rules for high-risk geographies, mixers and red-flag patterns. Specify when and how to submit suspicious activity reports.
Change policies as laws evolve and develop. VAT on crypto exchange is 0%, but corporate income tax is 10% on profits, so keep ledgers clean.
4. Appoint a Compliance Officer
The law doesn’t require an AML officer in Bulgaria, but naming a capable lead assists with banks, partners and audits. Look for experience in EU AML, blockchain analytics, and NRA expectations Train, tools and legal updates
If in-house talent is thin on the ground, outsource to a specialist provider.
5. Submit Your VASP Application
Complete NRA VASP registration, including corporate documentation, AML/CFT policies and owner/directors. Pay the state fee (~50 BGN ≈ 25€) as well as notary/legalisation costs, if necessary.
Maintain a register of customers and transactions, and establish an obvious route for reporting suspicious activity.
Follow the file and reply promptly to NRA queries. Once registered, keep policies, records, and tax filings compliant.
Navigating Post-Licence Compliance
Once approved, responsibility moves from application checks to ongoing evidence of control. Bulgarian guidelines demand clear records, stable systems, and openness with banks and regulators. Forgotten filings or lax controls could follow in fines or a licence at stake.
Ongoing Reporting
Periodic reporting to the National Revenue Agency (NRA) on crypto volumes, counterparties where relevant, fee income and tax bases. Maintain ledgers that link wallets, bank accounts, and order books to invoices and contracts. Retain records for audit in a form that auditors can check from beginning to end.
File annual returns and accounts on time. Include notes explaining your crypto recognition policy, custody set-up, and valuation method. Inform the competent authority immediately if your shareholding or control or senior staff change.
Conduct monthly bookkeeping to assist with VAT, payroll and corporation tax. Most practices maintain a local registered address and a local director to pass substance tests. Order annual maintenance expenditure, which will differ where tax, legal or ICT is in-house or outsourced.
KYC and Transaction Monitoring
Implement zero-tolerance KYC upon onboarding all retail or institutional customers. Identity, source of funds, and if required source of wealth? For legal entities, locate and validate UBOs and control routes. Check all parties against sanctions and watchlists, and rescreen on a risk-based cycle. Track on-chain and off-chain flows for red flags such as rapid pass-throughs, peel chains, mixers, high-risk jurisdictions or structuring below thresholds. Utilise wallet risk scoring, cluster-linking and identifying cross-platform patterns. Calibrate alerts per product (exchange, broker, custody, staking) and per channel (web, API, OTC). Maintain clear case files with evidence, analyst notes and decisions. Report suspicious activity without alerting the Financial Intelligence Directorate of Bulgaria, and track feedback. Revise your AML/KYC policy in line with new regulations such as those in the EU AML package and guidance provided by Bulgarian authorities. Provide training at least annually, test knowledge and log results. Appoint a responsible compliance officer with direct access to the board, and maintain regular contact with banking partners on risk appetite, blocked payments and remedies.
Financial Accounting
Maintain books according to Bulgarian GAAP or IFRS, and secure consistent policies for recognition, measurement, and revenue timing. Map each wallet to the ledger. Reconciling hot, warm and cold storage against customer liabilities on a daily basis. Differentiate your assets and your clients’. Track fiat movements using bank statements and payment processor reports. Maintain minimum capital per your licence class, and test it monthly.
- Prepare annual accounts and corporation tax return. Corporate income tax is usually 10% of profits. VAT may be payable on some charges, depending on service. Tax treaty relief can reduce rates in cross-border flows. Employ an accountant who understands crypto and Bulgarian tax, and annually audit outsourcing compared to in-house costs.
The Reality of Operating in Bulgaria
Bulgaria’s low setup cost and access to the EU is tempting, but there’s daily work that requires attention. Corporate income tax is 10%, the state application fee is $25, and you can begin with just 1€ share capital. The lev is pegged to the euro, foreign trade holds up, so euro flows are reliable. There is no separate cryptocurrency licence or formal definition as yet. Oversight is indirect, under the 2018 Anti-Money Laundering Act. Company formation is typically a matter of a few weeks – up to a month at most, usually caught up in bank onboarding. Office costs keep burn rate down, with rents around €8–12 per m².
Banking Hurdles
Banks dictate the tempo. Others are wary of crypto and local onboarding can delay timelines, particularly for exchanges, brokers or custodians.
- Map crypto-friendly banks in Bulgaria and the EU. Think EMIs and SEPA providers for interim payment rails.
- Prepare a clear pack: UBO chart, source-of-funds, AML/KYC policy, risk assessment, transaction flows, target client segments, jurisdictions, and tech stack.
- Translate controls for sanctions, PEPs, travel-rule preparedness and on/off-ramp partners. Add smart contract audits where offering custody or staking.
- Kick off with a small, low-risk use case, then scale thresholds once a clean track record is established.
- Be open, proactive updates with a named bank contact. Quarterly Compliance summaries and audit outcomes.
- Diversify to two banking partners. 4–12 week onboarding plan and potential enhanced due diligence.
- Maintain working capital in EUR, to match the currency peg and minimise FX friction.
Cheaper rent can compensate for slower onboarding, create a cash buffer for protracted compliance checks and sluggish first settlements.
Regulatory Scrutiny
Expect stricter supervision as Bulgaria conforms to the EU. There is no dedicated crypto licence, but the country’s AML Act mandates CDD, ID checks, risk profiling and the reporting of suspicious transactions. The FSC & NRA might ask for information or conduct audits, act quickly and maintain detailed logs of alerts, SAR filings, blockchain analytics results, and client risk ratings. Maintain staff training records, appointed AML officer, independent testing of AML controls, board oversight minutes. Hold financial statements timely, record revenue recognition for trading and fees and expect questions on market abuse risks, custody safeguards and outsourcing. The 10% corporation tax is simple, but keep records for cross-border services into the EU. As rules change, monitor in-progress draft guidance and plug gaps early to avoid remedial action under duress.
The MiCA Transition
Markets in Crypto‑Assets (MiCA) regime by 2025. Expect CASP authorisation, elevated capital, governance and conduct standards and tougher custody, conflict-of-interest, complaints, disclosures and outsourcing oversight. Issuers have white paper responsibilities. Service providers get EU passporting when authorised. Align policies now: client asset segregation, incident reporting, ICT and operational resilience, marketing fairness, and pricing transparency. Revise contracts, create new board committees, practice breach playbooks, and align data retention with MiCA and national law.
A phased path helps: stabilise Bulgarian operations, document controls to MiCA language, then apply for authorisation and scale cross‑border with the passport.
Future of Crypto Regulation
Change is accelerating. Bulgaria is headed from lenient rules to a comprehensive, EU-compliant regime that establishes clearer responsibilities for crypto companies and stronger protection for consumers. The transition is influenced by the EU’s Markets in Crypto‑Assets Regulation (MiCA) and its local implementation.
In line with MiCAR, the Bulgarian Parliament adopted the Markets in Crypto‑Assets Act (BG MiCA Act) on 20 June 2025, aligning national law”. Important provisions came into force on 8 July 2025, covering public offers of crypto-asset financial instruments, admission to trading on platforms, and the licensing of crypto-asset service providers and issuers of asset-referenced tokens. The Financial Supervision Commission (FSC) will likely be the principle regulator for service providers and issuers, though it hasn’t been formally appointed as the national competent authority yet. Companies should act as if the FSC will set the rulebook and maintain the public register.
MiCA establishes a common baseline across the EU. It classifies crypto‑assets and activities, with special focus on two token types: electronic money tokens and asset‑referenced tokens. It hard-codes customer due diligence obligations into the framework. This combination will determine how projects tailor products, write white papers and manage reserves. (For instance, a euro-pegged e-money token issuer will be subject to stringent reserve, disclosure and redemption requirements, while a platform listing a basket-backed token will require stricter KYC and ongoing reporting.)
AML and KYC rules will only get stricter. Crypto‑asset service providers in Bulgaria will need customer due diligence, ID verification, sanctions screening and suspicious deals reporting. Think higher standards for checks, firmer travel-rule data sharing and closer alignment with FATF recommendations. A wallet provider on-boarding users in Sofia, for example, will need sender and recipient data for transfers, and maintain records in accordance with FATF guidance.
Harmonisation will increase, but gaps will still exist. The EU route is to align rules across Member States via MiCA and associated AML legislation. Still, cross-border frictions will remain, particularly with third countries. A company routing trades between Bulgaria and India could face delays, additional attestations or duplicative KYC, as a result of conflicting rule sets and disparate tax or exchange controls, which can raise costs and inhibit settlement.
Licensing and registration will be rule. Issuers, traders or custodians of crypto-assets will require a licence or register, except some entities already under special regimes. Regulators will enforce rules more strictly and keep a public register of authorised providers. To stay ahead, invest in compliance tools, skilled staff, and workable policies: automated screening, robust reporting, product classification playbooks, and board-level risk oversight. Create audit trails from day one, run gap checks against MiCA and FATF, and test incident plans with real case drills.
Why Choose Bugarska.net as Your Licensing Partner
Bugarska.net provides a complete framework for companies that want to establish and license cryptocurrency activities in Bulgaria. Our support goes beyond the initial registration process and ensures that businesses remain fully compliant with both Bulgarian and EU regulations.
Local Expertise with International Standards Our consultants and legal partners are based in Bulgaria and possess in-depth knowledge of local legislation. At the same time, all services are aligned with European Union standards, including MiCA regulations and AML directives, ensuring that your business is structured for long-term success within the EU.
End-to-End Project Management From the first consultation to the final licensing approval, Bugarska.net manages the entire process. This includes strategic planning, company incorporation, preparation of all regulatory documents, submission of applications, and follow-up communication with the relevant authorities.
Transparent and Predictable Pricing We provide clear and upfront pricing models. Clients know in advance what each service includes, which allows for proper budget planning without the risk of hidden or unexpected costs.
Accelerated Time-to-Market Because of our established relationships with regulators, financial institutions, and compliance professionals, we are able to complete registration procedures more efficiently. This enables clients to enter the market faster than if they attempted the process independently.
Ongoing Post-Licensing Support Unlike many providers who limit their assistance to initial licensing, Bugarska.net remains a long-term partner. We provide accounting, tax compliance, and continuous AML monitoring to ensure your company meets its obligations year after year.
Tailored Solutions for Different Business Models We adapt our services to the specific needs of each client. Whether you are a start-up crypto exchange, a fintech business seeking an EMI or PSP license, or an international company expanding into the EU, we deliver solutions that match your operational goals and growth plans.
Conclusion
Bulgaria offers an attractive route to a crypto license. The rules remain opaque. The fees remain reasonable. The setup time remains low. You can set up a small team in Sofia and cater to EU users. Run an exchange, wallet or OTC desk. File the forms, pass checks, keep clean books. You comply with AML and KYC rules. You love tight risk logs. You file returns on time. That leaves the door open and the bank lines calm.
Move steady, map every step, have one owner and log week by week. Want a no-nonsense scheme or a fee audit for your case? A) Reach out, share your model, ask for an easy next step
Frequently Asked Questions
Is there a specific “crypto licence” in Bulgaria today?
Not a full license yet. Crypto exchanges and wallet providers must register for AML purposes with the National Revenue Agency (NRA). They have to fulfill AML/KYC obligations. Full EU MiCA authorisation for Crypto-Asset Service Providers (CASPs) will apply from December 2024.
Who is the regulator for crypto in Bulgaria?
For AML registration the National Revenue Agency (NRA) Suspicious activity is reported to the Financial Intelligence Directorate (FID-SANS). Under MiCA, Bulgaria’s Financial Supervision Commission (FSC) is likely to authorise CASPs and grant EU passporting.
What are the basic requirements to register?
Incorporate a Bulgarian company, disclose ultimate beneficial owners, appoint an AML officer, adopt AML/CTF polices, conduct customer due diligence, and establish transaction monitoring and reporting systems. Provide clean criminal records for key persons. Have a registered office and keep records.
How long does registration take?
If documentation is in order, registration takes 2-6 weeks. Timelines vary by case and regulator workload. MiCA authorisations will be slower, involving detailed checks of governance, capital and systems.
Are there capital or auditing obligations?
No special prudential capital on the existing AML registration. Normal company law applies. MiCA will impose capital, organisational and safeguarding requirements, as well as improved governance and possible audit requirements for CASPs.
Can I passport my services across the EU?
That’s not on the existing AML registration. Passporting will come with a MiCA CASP authorisation – anticipated from December 2024 – allowing for cross-border services across the EU.
What ongoing compliance is expected after registration?
Maintain KYC, risk assessments, sanctions screening, transaction monitoring, staff training, and reporting of suspicious activity to FID-SANS. Update internal policies regularly. Keep records and respond to regulator requests. Under MiCA, expect stricter governance, disclosures, and consumer protection obligations.
Daniel Malbašić is a business expert with extensive experience in the field of business consulting, organization and business optimization. His expertise includes market analysis, strategic planning, and implementation of effective business solutions. Daniel is dedicated to helping companies grow and improve their operations, providing them with comprehensive support in making key business decisions.
