BTC $67,420 ▲ +2.4% ETH $3,541 ▲ +1.8% SOL $178 ▲ +5.1% BNB $412 ▼ -0.3% XRP $0.63 ▲ +0.9% ADA $0.51 ▼ -1.2% AVAX $38.90 ▲ +2.7% DOGE $0.17 ▲ +3.2% DOT $8.42 ▼ -0.8% LINK $14.60 ▲ +3.6% MATIC $0.92 ▲ +1.5% LTC $88.40 ▼ -0.6% BTC $67,420 ▲ +2.4% ETH $3,541 ▲ +1.8% SOL $178 ▲ +5.1% BNB $412 ▼ -0.3% XRP $0.63 ▲ +0.9% ADA $0.51 ▼ -1.2% AVAX $38.90 ▲ +2.7% DOGE $0.17 ▲ +3.2% DOT $8.42 ▼ -0.8% LINK $14.60 ▲ +3.6% MATIC $0.92 ▲ +1.5% LTC $88.40 ▼ -0.6%
Crypto Currencies

Crypto Exchange License in Lithuania: Regulatory Framework and Practical Requirements

Lithuania operates a two-license regime for crypto exchanges under the Law on the Prevention of Money Laundering and Terrorist Financing. Businesses handling…
Halille Azami · April 6, 2026 · 7 min read
Crypto Exchange License in Lithuania: Regulatory Framework and Practical Requirements

Lithuania operates a two-license regime for crypto exchanges under the Law on the Prevention of Money Laundering and Terrorist Financing. Businesses handling virtual currency exchange or custodial wallet services must obtain distinct licenses from the Register Centre under the Ministry of Economy and Innovation. The framework became a popular EU entry point during 2018–2021, though recent tightening of capital and operational requirements has shifted the compliance baseline. This article walks through the license types, application mechanics, ongoing obligations, and structural considerations for operators evaluating the jurisdiction.

License Categories and Scope

Lithuania distinguishes between two activities. The virtual currency exchange operator license covers fiat-to-crypto, crypto-to-fiat, and crypto-to-crypto exchange services. The virtual currency depository wallet operator license governs custody services where the operator holds private keys or credentials on behalf of users. Most exchange platforms require both licenses since trading functionality typically includes deposit and withdrawal wallets.

The licenses are activity-specific, not entity-specific. A single legal entity may hold both if its business model spans exchange and custody. The Register Centre treats each license application separately, with distinct compliance reviews and fee structures.

Licensing does not create passporting rights under EU directives. While Lithuania is an EU member state, the virtual currency licenses fall outside MiFID II, PSD2, and EMD frameworks. Operators cannot passport these licenses to other EU jurisdictions. Crossborder service provision requires either local registration in each target member state or reliance on reverse solicitation principles, which carry enforcement risk.

Capital and Organizational Requirements

Lithuania introduced minimum share capital requirements in 2020. Virtual currency exchange operators must maintain at least EUR 125,000 in paid share capital. Depository wallet operators face no statutory minimum, though the Register Centre may impose capital adequacy requirements based on custody volume and risk profile during the application review.

Applicants must appoint at least two managers or board members, at least one of whom must be a Lithuanian tax resident. The resident manager requirement applies at the time of application and throughout the license validity. Management personnel undergo fit and proper assessments, including criminal background checks and verification of prior experience in financial services or technology operations.

The business must maintain a registered office in Lithuania with physical presence. Virtual office arrangements do not satisfy this requirement. The Register Centre conducts on-site inspections during the application process and periodically thereafter. Operators are expected to demonstrate that substantive business activity occurs at the Lithuanian address, not merely administrative mailbox services.

Application Mechanics and Timeline

Applications are submitted electronically through the Register Centre’s portal. Required documents include the articles of association, shareholder register, management CVs and declarations, internal AML and KYC procedures, IT security policies, and a business plan detailing projected transaction volumes and customer segmentation.

The business plan must address several specific elements. Operators describe the technical architecture for transaction processing, wallet infrastructure, and private key management. For custodial services, the plan must detail cold and hot wallet ratios, multisignature protocols, and disaster recovery procedures. The Register Centre evaluates whether proposed controls align with the risk profile and projected scale.

AML procedures receive close scrutiny. The submission must include customer onboarding workflows, transaction monitoring rules, suspicious activity reporting protocols, and sanctions screening integration. Lithuania applies the EU Fifth Anti-Money Laundering Directive standards, which require enhanced due diligence for certain customer categories and transaction patterns.

Processing time varies. The Register Centre has 30 calendar days to review completeness and request additional information. Once the application is deemed complete, the formal review period extends up to 60 days, though complex applications or requests for clarification extend this timeline. Expedited processing is not available.

The application fee structure includes a base fee for each license type plus variable costs for background checks and on-site inspections. Expect total application costs in the range of EUR 5,000 to EUR 10,000 per license, excluding legal and consulting fees.

Ongoing Compliance Obligations

Licensed operators submit annual activity reports to the Register Centre by March 31 each year, covering the preceding calendar year. The report includes transaction volumes by currency pair, total customer count, geographic distribution of customers, and summary statistics on suspicious activity reports filed with the Financial Crime Investigation Service.

Operators must notify the Register Centre within 10 business days of any material change: changes in management or ownership exceeding 10 percent, amendments to AML procedures, changes in service offering, or relocation of the registered office. Failure to notify triggers administrative penalties and potential license suspension.

Annual audits are not statutorily required for all operators, but the Register Centre may impose this obligation based on transaction volume or risk classification. Operators handling custody of more than EUR 1 million in client assets at any point during the reporting period generally face enhanced reporting requirements, including quarterly reconciliation reports.

The Register Centre maintains a public register of licensed operators. Delisting occurs automatically upon license revocation or voluntary surrender. Operators planning to exit the market must submit a wind-down plan addressing customer notification, asset return procedures, and record retention.

Worked Example: Dual License Application for Trading Platform

Consider a platform offering spot trading across 15 crypto pairs with EUR and USDT settlement and integrated deposit wallets. The platform operates hot wallets for immediate liquidity and cold storage for excess balances.

The operator files two applications simultaneously. The exchange operator application describes the matching engine, API rate limits, and order types supported. The custody operator application details the wallet architecture: 20 percent of assets in hot wallets with 2-of-3 multisig, 80 percent in cold storage with 3-of-5 multisig, quarterly key rotation, and hardware security module integration.

The business plan projects 5,000 active users in year one, averaging EUR 200,000 in monthly trading volume. The Register Centre requests clarification on transaction monitoring thresholds and the process for freezing accounts flagged by sanctions screening. After two rounds of supplemental submissions, both licenses are granted four months after initial filing.

The platform maintains EUR 125,000 in share capital and employs a Lithuanian resident compliance officer alongside the CTO based in Estonia. Monthly compliance reports track customer concentration, transaction velocity anomalies, and wallet balance reconciliation.

Common Mistakes and Misconfigurations

  • Underspecifying IT security controls in the application. Generic statements about “industry standard encryption” are insufficient. The Register Centre expects specific protocols, key lengths, and patch management cycles.
  • Assuming the resident manager can be a nominee. The requirement is substantive. The individual must actively participate in compliance oversight and be accessible for regulatory inquiries.
  • Failing to document sanctions screening integration. Operators must demonstrate real-time screening against EU and UN lists, not periodic batch checks.
  • Omitting disaster recovery testing schedules. The business plan should include frequency of backup restoration drills and failover testing, not just the existence of backups.
  • Misclassifying stablecoin activity. Some operators assume stablecoin trading falls outside the license scope. Lithuania treats stablecoins as virtual currency for licensing purposes.
  • Ignoring the 10 percent ownership threshold. Changes in shareholder composition exceeding this threshold require advance notice, not post-transaction reporting.

What to Verify Before You Rely on This

  • Current minimum capital requirements and whether the Register Centre has issued updated guidance on capital adequacy calculations.
  • The definition of “virtual currency” under Lithuanian law and whether recent amendments have added or excluded specific asset types.
  • Passporting limitations and whether Lithuania has entered mutual recognition agreements with non-EU jurisdictions.
  • Annual reporting deadlines and whether the Register Centre has modified the template or required data fields.
  • On-site inspection frequency and current staffing levels at the Register Centre, which affect processing times.
  • Tax residency rules for the resident manager requirement and acceptable documentation.
  • IT security standards referenced in recent application approvals, particularly for multisignature and key management.
  • Fee schedules for initial applications, annual renewals, and material change notifications.
  • Current interpretation of “physical presence” and whether hybrid or remote work models satisfy the requirement.
  • Recent enforcement actions or license revocations, which signal priority compliance areas.

Next Steps

  • Engage a Lithuanian legal advisor with recent experience in virtual currency licensing to review your business model against current Register Centre expectations and draft application materials.
  • Prepare a technical architecture document detailing wallet infrastructure, private key management, and transaction flow before drafting the business plan to ensure consistency between operational reality and regulatory submissions.
  • Evaluate whether the Lithuanian license aligns with your target market strategy, given the lack of passporting rights, and model the cost of parallel registrations in other EU member states if crossborder service is essential.

Category: Crypto Regulations & Compliance

Topics: Crypto CurrenciesCrypto DerivativesCrypto ExchangesCrypto Investment StrategiesCrypto Market AnalysisCrypto NewsCrypto Portfolio TrackingCrypto Price PredictionCrypto RatingsCrypto RegulationsCrypto SecurityCrypto TaxesCrypto TradingCrypto Wallets

Related Stories