DFSA
Enquiries
Services
Sign In

A Comprehensive Framework for Responsible Innovation in DIFC

The DFSA’s Crypto Token framework provides a clear, robust, and proportionate regime for financial services activities relating to Crypto Tokens in or from Dubai International Financial Centre (DIFC).

The regime is designed to support responsible innovation, market integrity, and investor protection, while providing clarity and certainty for firms operating in or from DIFC.

Since the introduction of the regime in 2022, the DFSA has continued to refine and strengthen its approach through ongoing market engagements, supervisory experience, and targeted regulatory enhancements.

Quick navigation:

DFSA's Crypto Token framework
DFSA's approach to Crypto Token regulation

 

 
Latest regulatory update
Updated Crypto Token rules are effective from 12 January 2026

 

 
Applying for Authorisation
Firms new to DIFC seeking to carry out Financial Services activities involving Crypto Tokens in DIFC must be authorised by the DFSA
 
Firm requirements
Firms conducting, or planning to conduct, Crypto Token activities
should review the applicable
regulatory framework, and consider whether they need a variation of their licence 
 
Resources and documentation
Rules, policy, guidance documentation

 

 

 

↑ Back to top

DFSA’s Crypto Token framework

The DFSA's approach to Crypto Token regulation is guided by several key principles:

  • Alignment with international standards: ensuring consistency with global regulatory standards and approaches;
  • Technology-neutral stance: ensuring regulatory requirements focus on activities and risks, not specific technologies used;
  • Clear regulatory perimeter and permissions: providing a well-defined scope of regulated activities and permissions; and
  • Robust safeguards: a strong focus on investor protection, market integrity, financial crime, custody, and operational resilience.

The framework integrates with the DFSA's broader regulatory regime, applying existing prudential, conduct, and financial crime requirements to Crypto Token activities where appropriate.

Token taxonomy

The DFSA applies a token taxonomy to determine regulatory treatment:

Taxonomy.png

Suitable Crypto Tokens

Persons/firms who want to conduct an activity in relation to a Crypto Token (excluding Fiat Crypto Tokens) must conclude, on reasonable grounds, that the Crypto Token is suitable for use by that person/firm in relation to that activity.

A Crypto Token must be assessed by a person in consideration of the following criteria:

  • the characteristics of the Crypto Token, including as regards its purpose, governance arrangements, and founders;
  • the regulatory status of the Crypto Token in other jurisdictions, including whether it has been assessed or approved for use by a financial services regulator;
  • the size, liquidity, and trading history of the market for the Crypto Token globally;
  • the technology used in connection with the Crypto Token; and
  • whether the use of the Crypto Token could prevent the person from complying with legislation administered by the DFSA.

Firms must:

  • Conduct appropriate due diligence on Crypto Tokens;
  • Document assessments against each criterion using the guidance provided in the Supervisory Guidelines;
  • Monitor Crypto Token suitability assessments on an ongoing basis; and
  • Be prepared to demonstrate compliance to the DFSA.

The DFSA expects firms to take a rigorous and documented approach to Crypto Token assessment.

To view all DFSA criteria, please consult:

Suitable Crypto Tokens

Regulatory evolution: Key milestones

The DFSA has taken a phased and consultative approach to the regulation of Crypto Tokens, grounded in extensive market engagement, international benchmarking, and supervisory experience. This approach reflects the DFSA’s broader commitment to regulatory clarity, market confidence, and sustainable growth within DIFC, and the DFSA will keep this approach under review.

Crypto Infographic_Page_1 test.png

For more information:

↑ Back to top

Latest regulatory update: Rules effective from 12 January 2026

The latest amendments to the Crypto Token regime came into force on 12 January 2026.

Key changes

  • Responsibility for Crypto Token suitability now sits directly with firms: Firms must determine, on a reasoned and documented basis, whether each Crypto Token they engage with meets the suitability criteria in GEN Rule 3A.2.1.
  • The DFSA no longer maintains a prescribed list of Recognised Crypto Tokens: Firms may only engage with Crypto Tokens that they have assessed as suitable in accordance with DFSA requirements.
  • Funds investing in Crypto Tokens: Thresholds and restrictions on Funds investing directly or indirectly in Crypto Tokens have been removed, subject to appropriate suitability assessments and risk management.
  • Enhanced investor safeguards: Updated conduct, governance, custody, and disclosure requirements strengthen protections for users of Crypto Token services.
  • Proportionate reporting and supervision: Reporting requirements have been refined to reflect market developments and evolving risks.

What this means for the market

For firms

  • Greater flexibility in Crypto Token activities, within a clear regulatory framework
  • Clearer accountability for assessing and managing Crypto Token risks
  • Increased certainty on supervisory expectations

For investors and users

  • Stronger protections through enhanced governance and custody requirements
  • Greater transparency around Crypto Token services offered in DIFC
  • Increased confidence in a well-regulated digital assets environment

For the DIFC ecosystem

  • Continued support for responsible innovation
  • Alignment with global regulatory standards
  • A framework that evolves with market and technological developments
 

For more information:

↑ Back to top

Applying for Authorisation

If you are a firm new to DIFC seeking to carry out Financial Services activities involving Crypto Tokens, or an Authorised Firm looking to vary your existing financial services permissions in DIFC, you must be authorised by the DFSA.

Note: The use of Crypto Tokens does not in and of itself constitute providing a Financial Service. Rather, Crypto Tokens are Financial Instruments like Securities or Derivatives. Enquirers should consider the list of Financial Service activities in GEN Rule 2.2.2. These activities may involve the use of Crypto Tokens.

Please read through and understand the DFSA’s Authorisation approach.

Initial enquiry

Firms should submit an initial enquiry through DFSA Connect.

Enquirers should include information about their firm that will help the DFSA determine their readiness to operate a financial services business involving Crypto Tokens.

Variation of permissions: Existing Authorised Firms seeking to conduct financial services activities involving Crypto Tokens should apply to vary their permissions through the DFSA ePortal.

Application assessment

The DFSA will assess, among other things:

  • The firm’s proposed business model; 
  • The fitness and propriety of the firm operators; and
  • The Financial Services permission(s) required, based on the firm’s understanding of the DFSA Rulebook.

Information

We expect all information that you provide us to be up to date and specific to each request.

Note: Do not reuse old documents or documents you may have submitted to other regulators as part of this process, unless you have thoroughly reviewed them and verified that they are relevant for submission to the DFSA. 

Disclosure

It is important that you fully disclose the information we ask for. We take any non-disclosure of information that could affect our assessment seriously, especially if there is an attempt to mislead us. It is better to disclose information rather than withhold it.

We will then review the information provided. In making this assessment, if we do not believe that you understand the product or service you wish to provide, or do not have clarity around the required financial services permission(s), we will ask you to re-consider the relevant areas in your submission before we accept an application for a licence or licence variation.

Contact:

For any queries relating to the Authorisation process or the requested information, you can contact the DFSA via DFSA Connect.​​​​

↑ Back to top

Firm requirements

Firms conducting, or planning to conduct, Crypto Token activities should review the following requirements.

Requirements under the January 2026 update:

Crypto Token assessment process

Firms must assess whether Crypto Tokens used in financial services activities meet the suitability criteria in GEN Rule 3A.2.1.

Documentation of assessments should be maintained and available for supervisory review.

Governance arrangements

Review governance structures to ensure:

  • Senior management understanding and oversight of Crypto Token activities
  • Clear accountability for Crypto Token-related decisions
  • Appropriate consideration of digital asset-specific risks in risk management frameworks

Policies and procedures

 Update internal policies to reflect:

  • Crypto Token suitability assessments
  • Ongoing monitoring of tokens in use
  • Fitness and propriety assessment processes for relevant staff
  • Client disclosure materials addressing Crypto Token risks

Engagement with the DFSA

Firms should contact the DFSA on the DFSA ePortal where clarification is required on compliance with updated requirements.

 

Supervisory expectations

The DFSA supervises Crypto Token activities on a risk-based basis, with focus on:

  • Governance and accountability: senior management oversight and clear accountability
  • Financial crime controls: AML/CTF systems appropriate for Crypto Token risks
  • Custody and safeguarding: appropriate arrangements for client Crypto Tokens
  • Technology resilience: secure, resilient infrastructure, and operational continuity
  • Market conduct: fair treatment of clients and market integrity

To support implementation of the updated Rules, the DFSA has published Supervisory Guidelines outlining expectations on conducting Crypto Token suitability assessments. Further guidance is provided in the Crypto Token Frequently Asked Questions (FAQs).

The DFSA will focus its supervisory efforts on the robustness of firms’ assessments and controls, and will hold firms accountable where practices are insufficient.

For more information:

↑ Back to top

Resources and documentation

Regulatory framework

Policy and guidance

Consultations and feedback

General information 

Subscribe to DFSA updates

 

For better web experience, please use the website in portrait mode