Crypto Regulations: Malta vs Germany vs Estonia

Crypto Regulations: Malta vs Germany vs Estonia

Crypto License (VASP)
31 October 2022

In this blog post, I will try to give you a very high-level overview of crypto regulations in three different EU countries – Germany, Malta, and Estonia.

And because I don’t have a deep understanding of either German or Maltese regulations, I will rely on articles and information published by others, and try to make it as understandable as possible.

We’ll start with Estonia, as we’ve written extensively about the Estonian crypto regulations in the past.


At this moment, Estonia is by far the best place to obtain a license for crypto businesses. While the regulations were made stricter a year ago, the requirements are still very reasonable.

To obtain a license in Estonia, you need to comply with the following requirements:

  • Recruit local personnel (board member & AML officer)
  • Rent an office
  • Pay in the minimum share capital of 12 000€
  • Have an account with a European bank, EMI or PI
  • Provide non-criminal history records of all participants in the company
  • Provide a description of business activities and AML procedural rules

While there’s some upkeep cost and it’s still an investment, it’s still very much doable for any company with a serious plan to launch and run a crypto business. Time-wise, you need to be ready for 2-4 months licensing process.

And while in Estonia we know exactly what is needed, I can’t be as straight-forward with the two other jurisdictions in this list.

But we’ll do our best.

Next up, Germany.


Germany adopted crypto regulations on 1st of January, 2020. The law regulates crypto depositary services. According to this source, crypto depositary services mean:

Safekeeping of crypto assets is the core of the new financial service. This includes taking crypto assets of customers into custody, i.e. as a service for third parties. The regulation is intended to cover those service providers who store crypto-assets of their customers in a collective stock without the customers knowing the related cryptographic keys.

Administration of crypto assets, in the sense laid out in the explanatory memorandum, means the ongoing exercise of the rights implied in the crypto assets.

Securing of crypto assets as a service is the storage of cryptographic keys. This includes service providers that offer online digital storage of private cryptographic keys as much as their storage on physical data carriers. In addition to hard drives or USB sticks, physical data carriers can include paper as soon as a key it holds or otherwise keeps a cryptographic key.

If you’ll want to provide crypto-depositary services in Germany, here are the requirements for obtaining the license:

  • Minimum 125 000€ in capital
  • Professional, qualified and reliable managers
  • Head office must be located in Germany
  • The owner or legal or statutory representative or personally liable partner of a company that holds a significant interest in the financial services institution must fulfil standards of solid and prudent management of the financial service institution.
  • The institution must be willing or able to establish the necessary organisational precautions for the proper conduct of the business with regard to the licence applied for. BaFin (the German regulator) will take a particular look at the security of crypto assets and cryptographic keys.

As for opening your own crypto exchange, it seems that German authorities rely on MiFID II, which is the EU regulation for financial services. Therefore, opening an exchange in Germany would require applying for an Investment Firm license to operate as an MTF (Multilateral Trading Facility). Investment in this case, together with the required share capital and legal fees, will be around 1 million euros.

I do advise to do your own DD and discuss the above with a German law firm to get up to date and the most correct information, as we’re relying on third-party articles and publications.


Malta was the crypto-industry darling back in 2017. Companies flocked to Malta to conduct their ICOs and start exchange businesses, etc.

But somehow they managed to screw that up. There are only a few crypto companies left in Malta. I don’t have the exact number, but by and large, the industry isn’t there anymore.

To be honest, I never liked Malta as a destination for a regulated business.

They’re awfully slow, law firms take ages to respond and charge a hefty premium. Back at the hight of the ICO bubble, Maltese law firms were charging six-figures to take care of the ICO documentation. While in Estonia, the number was less than 20 000€.

Malta released their blockchain regulatory framework back in 2018, but as of 2020, there were no exchanges that were approved by the Maltese FSA. Even Binance got rejected.

So if the world’s biggest crypto exchange can’t get a handle on the requirements, it’s doubtful that smaller players can.

According to CoinTelegraph:

The framework comprises three acts: the Digital Innovation Authority Act, the Innovative Technological Arrangement and Services Act, and the Virtual Financial Asset Act.

The latter, which is the most essential act out of three, required businesses to be licensed by the MFSA if they launch initial coin offerings, trade digital assets, or provide electronic wallets and brokerage activities. The act also introduces VFA Agents — the so-called “gatekeepers,” or entities that advise and support crypto firms.

To continue addressing the issues with Malta:

The new Maltese regulations abolish the Howie standard for defining utility tokens and reclassify every tradable token into a security token. This makes it virtually impossible for crypto exchanges to operate in Malta.

If any Maltese crypto startup releases a utility token with an intent to list on an exchange it automatically becomes a regulated security token (Section G1–3.3.1 of the VFAA leaves no ambiguity in concluding that if there is even an intent to list a token at any of the crypto exchanges it would be considered as a regulated token). Therefore, as a consequence of VFAA’s definition every exchange-tradable token whether utility or not, under Malta law, becomes a security token. And, no crypto exchange will list it as every exchange out there requires a token to be verified and proven to meet the Howey test of a utility token.

In essence, it’s very unlikely that you’d consider Malta as your potential jurisdiction where to set up your crypto business. And if you want to start a crypto exchange there, then you’re going to have to follow the MiFID II guidelines, tolerate awfully slow regulator (and hence slow time-to-market), expensive lawyers, and have pockets full of money to spend.


I know I am biased as we’re based in Estonia and help companies in Estonia. Yet, by simply looking at the requirements in each of these countries, it’s clear why Estonia stands apart from Germany and Malta.

If you have any questions about Estonian licensing processes and crypto regulations, don’t hesitate to reach out to us!