← Regulations / Denmark / custody
Grade B AI-Researched

Denmark -- Custody Regulations Regulatory Overview

Published: 2026-04-22 Updated: 2026-04-22 Author: SearXNG+LLM Version 1 Sources cited in: English (1), Danish (1)
Note: This article cites primary sources in languages other than English. Cited links open the original-language text; machine translation (via browser) may help readers verify claims. See the badge next to each source for its language.

Methodology

AI-generated synthesis from web search results.

Limitations

  • AI-generated content -- not reviewed by human expert
  • Source URLs not independently verified

Denmark, as a member of the European Union, is currently in a transitional phase regarding cryptocurrency and digital asset custody regulations. While specific, comprehensive prudential rules for crypto custody are evolving, the current framework is primarily driven by Anti-Money Laundering (AML) and Counter-Terrorist Financing (CTF) requirements, with the forthcoming EU Markets in Crypto-Assets (MiCA) Regulation set to introduce a far more extensive regime.

Here's a breakdown of the current and pending regulations:

Current Regulatory Landscape (Pre-MiCA)

The Danish Financial Supervisory Authority (Finanstilsynet) is the primary regulator.

1. Custodial License Requirements (AML Registration)

  • Requirement: Any entity providing services related to virtual currencies, including safekeeping or administration of virtual currencies on behalf of third parties (custodial wallet providers), is classified as a Virtual Asset Service Provider (VASP). As such, they must register with Finanstilsynet under the Danish Anti-Money Laundering Act (Hvidvaskloven).
  • Scope: This registration primarily focuses on AML/CTF compliance, ensuring firms have robust systems for customer due diligence (KYC), transaction monitoring, risk assessment, and reporting suspicious activities.
  • Fit & Proper: Management and beneficial owners of registered VASPs must meet "fit and proper" criteria.
  • Regulatory Reference:
    • Danish Anti-Money Laundering Act (Hvidvaskloven): The primary legal basis. While a direct English translation of the official Danish consolidated act might be hard to find with a URL, you can refer to the legal text in Danish (search for "Hvidvaskloven").
    • Finanstilsynet's Guidance on Virtual Currencies:

2. Segregation of Client Assets Rules

  • Current Situation (for non-financial instrument crypto): There are no specific, explicit legislative mandates under current Danish law for the segregation of client virtual assets from the firm's own assets for most commonly traded cryptocurrencies (e.g., Bitcoin, Ethereum) that are generally not classified as "financial instruments" in Denmark.
  • Best Practice: While not legally mandated for crypto, segregation is considered a fundamental best practice in traditional financial services and is expected by Finanstilsynet as part of robust internal controls and risk management for any financial institution.
  • If Classified as Financial Instrument: If a specific digital asset is deemed a "financial instrument" under Danish law (e.g., certain security tokens, some structured stablecoins), then the full suite of MiFID II (Markets in Financial Instruments Directive II) rules, implemented in Denmark, would apply. MiFID II includes strict client asset segregation requirements. However, this is currently an exception rather than the norm for most widely traded crypto assets.
  • Regulatory Reference (for financial instruments):
    • Danish Securities Trading Act (Værdipapirhandelsloven): Implements MiFID II.
    • Finanstilsynet's guidance on the classification of crypto assets: Finanstilsynet has issued statements on when crypto assets might fall under financial legislation.

3. Insurance/Bonding Requirements

  • Current Situation (for non-financial instrument crypto): Similar to segregation, there are no specific, explicit legislative mandates for insurance or bonding requirements tailored to crypto asset custodians under current Danish AML law.
  • Risk Management: Firms are expected to manage their operational risks, which would typically include considering insurance as part of a comprehensive risk mitigation strategy.
  • If Classified as Financial Instrument: If a crypto asset is deemed a financial instrument, then capital requirements and potentially professional indemnity insurance requirements under MiFID II might apply, depending on the specific services offered.

4. Cold Storage Mandates

  • Current Situation: There are no specific legislative mandates dictating the use of cold storage for crypto assets.
  • Best Practice & Risk Management: Custodial service providers are expected to implement appropriate security measures to protect client assets from theft, loss, or unauthorized access. Industry best practices widely recommend and utilize cold storage (offline storage) for a significant portion of assets as a key security measure. Finanstilsynet would expect a VASP's risk assessment and internal controls to address cyber and operational security robustly.

5. Qualified Custodian Definitions

  • Current Situation: There is no specific legal definition for a "qualified custodian" tailored to crypto assets under current Danish law. The concept of a "qualified custodian" typically originates from securities regulations (e.g., in the U.S.) that apply to traditional financial instruments.
  • AML Registration: The closest current equivalent is being a registered VASP under the AML Act, which signifies meeting AML/CTF obligations and having suitable management.

Pending Custody Legislation: The EU Markets in Crypto-Assets (MiCA) Regulation

The most significant upcoming development for crypto asset custody in Denmark (and the entire EU) is the implementation of the Markets in Crypto-Assets (MiCA) Regulation. MiCA was published in the Official Journal of the EU on June 9, 2023, and will be phased in.

Key MiCA Provisions Affecting Custody:

MiCA will introduce a comprehensive regulatory framework for crypto-asset service providers (CASPs), including those providing custody services.

  • Authorization Requirement: CASPs offering custody services will require authorization from a national competent authority (e.g., Finanstilsynet in Denmark) under MiCA, moving beyond mere AML registration.
  • Operational Requirements for Safekeeping and Administration of Crypto-Assets:
    • Segregation of Client Assets: MiCA explicitly mandates that CASPs must keep crypto-assets belonging to their clients separate from their own assets.
    • Robust Internal Controls: CASPs must establish and maintain robust internal controls and effective risk management procedures to ensure the safekeeping of crypto-assets.
    • Security Policies: CASPs must have a robust ICT (Information and Communication Technology) security policy in place, including appropriate technical and organizational measures to ensure the highest degree of security for crypto-assets.
    • Access Protocols: They must maintain proper records and access protocols to their clients' crypto-assets and private keys.
    • Business Continuity: Implement business continuity plans.
  • Liability: MiCA introduces specific liability rules for CASPs in case of loss of client crypto-assets or private keys due to events attributable to the CASP.
  • Capital Requirements: CASPs will be subject to minimum capital requirements.
  • Conflicts of Interest: CASPs must have effective arrangements to identify, prevent, manage, and disclose conflicts of interest.
  • Information Disclosure: CASPs must provide clear, fair, and not misleading information to clients, including on risks.

Timeline for MiCA Application:

  • Titles III and IV (relating to asset-referenced tokens and e-money tokens): Application from 30 June 2024.
  • All other provisions (including those for CASPs providing custody services): Application from 30 December 2024.

Regulatory Reference:

Conclusion

Currently, Denmark's primary regulatory focus for crypto custody is AML/CTF compliance, requiring VASPs to register with Finanstilsynet. Specific prudential rules like mandatory asset segregation, insurance, or cold storage for most crypto assets are not explicitly legislated beyond general corporate governance expectations.

However, the impending EU MiCA Regulation will fundamentally transform the landscape, introducing a comprehensive authorization and prudential framework for crypto-asset service providers, including explicit mandates for client asset segregation, robust security, capital requirements, and liability, which will apply in Denmark from late 2024. Entities engaged in crypto custody should prepare for these significant changes.

Disclaimer: This information is for general informational purposes only and does not constitute legal or regulatory advice. It is recommended to consult with legal professionals specializing in Danish and EU financial services law for specific advice.

Sources & Attribution

This article was generated by SearXNG+LLM .

Primary Sources

[2] https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=OJ%3AL%3A2023%3A150%3ATOC (government-public)

Based on reporting by

[1] Unknown — https://www.finanstilsynet.dk/Tilsyn/Hvidvask-og-terrorfinansiering/Virksomheder_der_udbyder_veksling_mellem_virtuel_valuta_og_fiat_valuta_samt_virtuelle_tegneboeger da

Edit History

2026-04-22 — auto-publish-pipeline: published — Auto-published: grade B

This article is maintained by AI research workers and reviewed by human editors. Learn about our methodology →