Portugal's MiCA Implementation Roadmap: New Crypto Regulation Reshapes 2025 Compliance Landscape

Portugal’s government unveiled an ambitious crypto regulation overhaul on October 20, 2025, formally initiating the transposition of EU Regulation 2023/1114 (MiCA) into national law. The initiative addresses the regulatory gap that has persisted since MiCA’s EU-wide adoption, establishing a comprehensive framework for crypto-asset service providers while fortifying anti-money laundering enforcement. This shift signals Portugal’s commitment to regulatory alignment and investor protection in digital assets.

The MiCA Framework: What Changes for Portugal’s Crypto Market

The proposed legislation anchors Portuguese crypto oversight within the EU’s harmonised regulatory regime, embedding provisions from EU Regulation 2023/1114 while preserving existing national guardrails such as Law No. 83 of 18 August 2017. The framework imposes clear licensing and reporting obligations on crypto-asset service providers—effectively integrating them into the formal financial oversight structure.

For businesses, this means mapping service classifications against the new definitions and conducting urgency audits on licensing gaps and reporting infrastructure. The harmonisation effort aims to create operational parity across EU member states, reducing fragmentation and clarifying compliance expectations for firms serving the Portuguese market. Companies should anticipate conduct and operational standards that mirror EU requirements, though national supervisors will retain enforcement discretion.

Regulatory Architecture: Dual Oversight Between Bank of Portugal and CMVM

The draft delineates supervisory responsibilities between two key institutions: the Bank of Portugal (prudential oversight) and the CMVM (conduct and market integrity supervision). This dual mandate mirrors EU arrangements and ensures that both systemic risk and consumer conduct protections are addressed.

Concurrently, the proposal extends AML obligations to crypto service providers, treating them as financial institutions under Portugal’s AML regime. This expansion requires firms to deploy enhanced transaction monitoring, implement Know-Your-Transaction (KYT) tooling, and formalise robust customer due diligence processes. Based on typical compliance timelines, institutions should allocate 3 to 9 months for implementation, depending on operational complexity and existing AML infrastructure maturity. Supervisors are expected to prioritise custody arrangements, asset segregation practices, and incident-response protocols, while accelerating cross-border information-sharing mechanisms aligned with EU standards.

The Banco de Portugal has acknowledged that national MiCA implementation legislation remains unpublished to date, making the draft proposal a critical step toward closing this regulatory vacuum.

Legislative Trajectory and Compliance Deadlines

The proposal advanced through Parliament’s first reading vote on October 20, 2025, with Secretary of State João Silva Lopes emphasising the package’s focus on regulatory stability alongside consumer and investor safeguards. The bill now enters committee-level deliberation before final parliamentary approval.

A pivotal feature is the proposed transitional extension through June 2026, granting firms additional runway to achieve compliance with authorisation, supervision, and AML standards. This grace period acknowledges implementation complexity and allows phased alignment ahead of EU-wide deadlines. Market participants should monitor committee schedules closely and prepare technical submissions detailing compliance readiness and potential implementation barriers.

The legislative pathway reflects Portugal’s intention to deliver on EU regulatory obligations while providing market participants a realistic compliance runway in a rapidly evolving crypto ecosystem.