Implementing MiCA in Romania: Legal Framework Takes Shape

By Camelia Iantuc, Senior Associate, and Rebecca Marina, Counsel at Filip & Company

For over fifteen years, cryptocurrencies have triggered a wave of public interest that shows no sign of slowing down. However, for a substantial period, these digital assets remained on the periphery of regulatory oversight, which led to uncertainty for both investors and service providers.

The year 2023 marked a turning point for the regulation of crypto assets in the European Union, with the entry into force and into effect of Regulation 2023/1114 on markets in crypto-assets, and amending Regulations (EU) No 1093/2010 (the “MiCA Regulation”). 

Now, two years on, Romania has only begun laying the groundwork for national rules to implement this new legal framework. Draft legislation (the “Draft GEO”) aims to identify and empower Romanian authorities responsible for supervising crypto-asset markets and ensuring compliance with the MiCA Regulation.

As Romania moves to implement the MiCA Regulation, the country’s measured yet comprehensive approach offers a clearer, more secure roadmap for both incumbents and new entrants to the crypto market. While increased regulatory scrutiny may channel additional compliance obligations, it also promises a more transparent and stable environment—one that could attract serious investors and foster long-term confidence in Romania’s digital asset ecosystem.

1.Brief overview of Romania’s approach towards crypto currencies

The starting position of the Romanian authorities towards crypto currencies has been a very prudent one. In March 2015, the National Bank of Romania (the “NBR”) was issuing a statement meant to clarify to the public that crypto currencies do not represent e-money and that using virtual payment schemes as an alternate payment method poses potential risks for the financial sector due to the lack of regulation and supervision, terrorism financing, price volatility and lack of adequate security.

The prudent approach was restated by the NBR through another press release issued in 2018, when they deemed virtual coins to be speculative assets, highly volatile and risky, discouraging any kind of involvement in relation therewith, including the provision of services for entities offering investment or transactional services with respect to such coins. The impact of the NBR’s statement on the market was significant, leading to a reluctance of credit institutions to collaborate with firms active on the cryptocurrency market, even to open accounts for such firms. Moreover, it became a common practice for banks to include restrictions in their general terms and conditions related to the use of bank accounts for cryptocurrency-related activities.

In spite of the lack of enthusiasm of the banking regulatory sector, the National Fiscal Administration Agency introduced a tax on income deriving from the sale of virtual currencies in 2019 while later in 2024, a draft law was passed by the Parliament proposing the waiver of tax on income from crypto transactions, however the law was not passed by the President. 2020 marked a further step forward, when references to virtual currencies and issuers of digital wallets were introduced in the legislative framework concerning money laundering and terrorist financing. 

2. Regulatory reform – framework for implementation of the MiCA Regulation

In the context of implementing the MiCA Regulation in Romania, the Draft GEO indicates that Romania has adopted a dual regulator approach. Under this framework:

a) the FSA will be the competent national authority for exercising the competences set out in the MiCA Regulation related to the:

• issuance of asset-referenced tokens (“ART”);

  • issuance of crypto-assets, other than electronic money tokens (“EMT”) or ART; and

  • provision of crypto-asset services, including the making available of Crypto-ATMs.

Additionally, the FSA will also serve as the single point of contact designated for the purposes of cooperation with the ESMA.

b) at the same time, the NBR is designated as the competent authority responsible for applying the provisions of Directive 2009/110/EC concerning issuers of e-money tokens issued by institutions under its direct supervision and control, namely: credit institutions and e-money issuers, as well as for overseeing the provisions of the MiCA Regulation referring to the resolution authority.

The NBR will also be the single point of contact designated for the purposes of cooperation with the European Banking Authority.

3. What does this mean for the regulated entities wishing to expand their horizons?

Regulated entities (credit institutions, payment institutions or e-money issuers) wishing to expand their horizons and provide crypto-asset services, issue ARTs or crypto-assets (other than ARTs or EMTs) have now more clarity on the process they would need to follow in order to extend their authorisation for such activities. The process implies, among others, the cooperation between the NBR (who would receive the request for a prior approval of the amendment of the business object) and the FSA (who would receive the NBR’s preliminary assessment on the request and then further proceed to analyse compliance with the provisions of the MiCA Regulation).

It is worth noting that the process is not envisaged to be an expedite one. The preliminary assessment by the NBR can take up to three months from receipt of the request from the relevant institution; in our experience, however, the NBR tends to consider that the request was received only when the accompanying documentation is complete, thus prolonging the three months deadline until all documentation is submitted in an adequate form. Then the final approval is issued by the NBR by no later than four months after the FSA has confirmed compliance by the entity with the MiCA Regulation requirements, with the Draft GEO being silent on the deadline during which the FSA would need to make its own assessment. While the draft GEO explicitly details these terms solely in the case of requests filed by credit institutions, our reasonable expectation is that these shall apply to requests filed by payment institutions and e-money issuers as well.

4. Authorisation of crypto-assets services providers

Per the Draft GEO, entities wishing to provide crypto-assets services (which are not authorized institutions) must comply with the following conditions in order to be authorised by the FSA and then, subsequently, throughout the whole period during which they are authorised:

• not to have any outstanding tax liabilities or any other outstanding budgetary obligations recorded with the tax authority under a writ of execution;

• not to have been sentenced through a final court order for which rehabilitation has not operated; and

• not to have any information registered in the fiscal records (condition which is applicable not only for the entity, but also for the shareholders holding qualified participations and the directors and legal representatives thereof).

Authorisation of Crypto-ATM services requires additional conditions, namely, obtaining of a technical endorsement of the Crypto ATM model from the National Institute for Research and Development in Informatics and a technical endorsement of the IT system from the Authority for the Digitalisation of Romania. The supplier is required to ensure real time access of the FSA to data regarding the transactions performed through the respective ATMs, including the identity of users for each transaction. The National Institute for Research and Development in Informatics shall manage a Sole National Registry of Crypto ATMs. Additional secondary legislation is expected to be enacted within thirty days from the entering into force of the Draft GEO outlining the authorisation procedure and the technical requirements concerning the Crypto ATMs, as well as the procedures pursuant to which the technical endorsements can be obtained from the relevant aforementioned competent authorities.

5. Other relevant provisions

Security is a major concern on the Romanian market, which is why strict obligations are included insofar as the technical audit of the platforms is concerned. The general rule is that any operator active on the crypto-assets market is required to conduct such a technical audit every two years. However, the occurrence of an incident of a security event/vulnerability which resulted in damages for clients can lead to the obligation, for the following three years, to conduct such technical audit on an annual basis. A further incident during these three years would further lead to the obligation to conduct the technical audit, for a period of five years, every six months. The occurrence of another incident during these five years shall lead to the suspension of the operator’s activity for a period of three years and the activity can be resumed only if the damages are fully paid.

Along the same note, the Draft GEO includes a strict prohibition related to the promotion of crypto assets and ART related services and offers through call centers or unsolicited mass messages, under the sanction of a fine ranging from RON 5,000 (approx. EUR 1,000) to RON 50,000 (approx. EUR 10,000). The FSA is expected to issue additional secondary legislation related to this prohibition.

Suppliers for crypto-assets services which intend to be authorised on the Romanian market should be aware that, currently, the Draft GEO provides that a monthly tax of 0.5% of the monthly revenues resulting from the authorised activities must be paid to the FSA for the purposes of supporting the regulatory, supervision and control activity performed by it. Whether or not such tax shall be maintained within the final form of the Draft GEO it remains to be seen however, taking into account the current financial situation in Romania, we believe that it is unlikely for it to be reduced or removed.

The Draft GEO represents a significant step forward in aligning Romania with the EU-wide framework established by the MiCA Regulation. While certain procedural aspects remain to be clarified and we anticipate that the initial form of the legislation will not be sufficient nor satisfactory for the market, the direction is clear: increased regulatory certainty, more robust institutional oversight, and a structured path for market entry and operation.

In this evolving context, a sound understanding of the legal framework and regulatory expectations will be essential for entities looking to enter the Romanian market and to navigate the compliance process effectively in the crypto-asset space. As the market matures, those best equipped to interpret and adapt to the new requirements will be best positioned to contribute to and benefit from Romania’s digital asset ecosystem.