Estonia -- Custody Regulations Regulatory Overview

Estonia regulates cryptocurrency and digital asset custody primarily through the Money Laundering and Terrorist Financing Prevention Act (MLTFPA or AML Act), the national Crypto Asset Market Act (CMA), and the EU's Markets in Crypto-Assets (MiCA) Regulation (effective 2025), with oversight by the Estonian Financial Supervision and Resolution Authority (EFSRA, also known as Finantsinspektsioon or FSA) for licensing and the Financial Intelligence Unit (FIU) for AML compliance.[1][3][4][5]

Custodial License Requirements

Crypto-asset service providers (CASPs), including those offering custody, administration, or wallet services (e.g., safeguarding private keys), must obtain a CASP license from the EFSRA, valid EU-wide under MiCA.[3][5] Previously issued by the FIU under the MLTFPA, licensing shifted to EFSRA in 2025.[1][3] Minimum requirements include:

• Authorized capital: €250,000 for transfer/custody services (vs. €100,000 for exchange).[9]
• Physical headquarters in Estonia, customer identification, annual audits, internal controls, data retention, and good business reputation.[2][4]
• Registration in the Estonian cryptocurrency license register, with ongoing supervision including financial reports and internal control submissions.[5]

Segregation of Client Assets Rules

Search results do not explicitly detail client asset segregation rules for Estonian custody providers, though MiCA generally mandates separation of client assets from firm assets across the EU, with EFSRA enforcing equivalent standards for operational resilience.[1]

Insurance/Bonding Requirements

No specific insurance or bonding mandates for custody are mentioned in the results; MiCA-aligned capital and own funds requirements apply, but details on insurance remain unspecified.[1][4]

Cold Storage Mandates

Results provide no direct references to mandatory cold storage percentages or practices for custodians.

Qualified Custodian Definitions

Qualified custodians are not explicitly defined in Estonian-specific terms but fall under CASPs licensed by EFSRA for custody services, including wallet providers safeguarding keys, per the Crypto Asset Market Act and MiCA.[3] This covers entities handling storage, transfer, or administration of crypto-assets for clients.[1][3]

Pending Custody Legislation

No pending national custody-specific bills are noted as of 2026; the framework was updated in 2025 with MiCA and CMA fully integrating prior MLTFPA rules, expanding activities without further announced changes.[1][3][4] Earlier 2022 MLTFPA amendments tightened requirements, and FIU revoked over 1,000 licenses by 2020, leaving ~400 active.[2]

Key regulatory references (official sources not directly linked in results; secondary analyses cite):

• Money Laundering and Terrorist Financing Prevention Act (MLTFPA): https://www.riigiteataja.ee/en/eli/ee/Riigikogu/act/520062020002/consolide (via [1][2][3][4])
• Crypto Asset Market Act (CMA): National implementation of MiCA (via [1][3])
• EU MiCA Regulation (2023/1114): https://eur-lex.europa.eu/eli/reg/2023/1114/oj (via [1][3][4][5])
• EFSRA/FIU licensing: https://www.fi.ee/en (via [1][3][5])