In the last week of June, a package of amendments arrived as part of the latest omnibus act, catching domestic crypto-asset service providers and users by surprise. Although it seemed that the MiCA, which had been under negotiation for many years would bring uniform crypto regulation in all EU Member States, new questions have now arisen in Hungary regarding operation in the crypto market.
MiCA has created a separate ecosystem for the regulation of crypto-assets and crypto-asset service providers. It may be a subject of debate whether rapidly changing digital industries can be regulated in a timely manner with slow-moving, gigantic legislations. However, it can be clearly stated that at the end of the lengthy debate surrounding MiCA, EU regulators have managed to reach a common understanding with crypto market participants. The basic expectations have crystallized, and a system well known from the world of financial instruments and activities has been established: there are different categories of crypto-assets, the supervisory authority has been designated, MiCA authorization is mandatory, authorized crypto-asset service providers can operate. Transparent criteria for the internal market, as it was destined to be.
But suddenly the situation is not that clear-cut. Out of nowhere, market experts now must familiarize themselves with legal concepts that are difficult to grasp with, such as "abuse of crypto-asset", "crypto-asset exchange service," and "crypto-asset validation". The Hungarian Crypto Act, which was originally intended solely to facilitate the implementation of MiCA, is full of such and similar novelties, but the provisions of Act C of 2012 on the Criminal Code (the Criminal Code) and Act XXXII of 2021 on the Supervisory Authority for Regulated Activities (the SARA Act) have also been amended in line with the changes.
As a starting point, it should be noted that the Hungarian legislator has created a conceptual framework, validation structure and licensing procedure that runs parallel to MiCA and is minimally harmonized with it, under the supervision of the Supervisory Authority of Regulated Activities (the SARA). From now on, crypto-assets can only be exchanged into fiat currency or other crypto-assets with a compliance certificate issued by a crypto-asset validation service provider. A crypto-asset validation service provider may only be a legal entity authorized by the SARA to perform this activity. The purpose of validating crypto-asset exchanges is to effectively identify the customer and the transaction in accordance with the law.
It is difficult to understand the purpose behind the amendments as the guidance published by the SARA cites Regulation (EU) 2023/1113, which although significantly tightened the customer and transaction identification and data collection obligations of crypto-asset service providers, it did not specify that licensing and validation systems need to be set up at Member State level to verify compliance with the above requirements. Under the regulation, crypto-asset service providers themselves must ensure that appropriate identification systems and processes are in place to monitor crypto-asset transfers and in accordance with this, cooperate with the authorities themselves (like the credit institutions with money transfers). The obligations in question do not even apply to the exchange of crypto-assets into fiat currency or other crypto-assets, only to crypto-asset transfers, i.e. when a given crypto-asset moves between accounts, addresses or wallets without being exchanged. In contrast to this, the amendment to the Crypto Act introduces a completely new layer of authorization and validation for the exchange of crypto-assets, which, in its current form and in the absence of detailed legislation, is extremely vague and imposes an additional burden on crypto-asset service providers operating in Hungary. Also, based on the first reactions to the amendments, market participants have also not received a satisfactory explanation why the SARA, as the authority supervising the "validators", is being involved alongside the National Bank of Hungary, which is already responsible for supervising crypto-asset service providers.
The amendment to the Criminal Code caused a lot of speculation in the public opinion. It would not have been a particular surprise if the legislator had criminalized the provision of crypto-asset services without a MiCA license, similarly to other unauthorised financial activities. It would have been sufficient to amend Section 408 (1) of the Criminal Code to include unauthorised crypto-asset services, and this step would most likely not have come as a surprise to the market. Instead, two completely new criminal offense have been introduced in the Criminal Code: "unauthorised provision of crypto-asset exchange services" and "abuse of crypto asset”.
The former – newly introduced in relation to the introduction of the Crypto Act’s new conceptual framework, which does not yet have a functioning structure and is not clarified by detailed rules – orders the punishment of the provision of crypto-asset exchange services in significant amounts with the violation of the validation obligations defined under the Crypto Act. Although the amendment entered into force on 1 July 2025, the detailed rules on the validation obligations and validating service providers will only be specified by the decree of the president of the SARA, so until the sectoral rules enter into force it is doubtful whether crimes under the new offenses can be committed. In addition to the many open questions, it is immediately apparent that legislator seems to have failed to criminalise the unauthorised provision of crypto-asset services defined under the directly applicable MiCA. The definition of the offense refers exclusively to services provided with circumventing the validation requirements set out in the Crypto Act. Although the explanatory part of the amendment attempts to clarify that the offense is not only committed by failing to validate, but also by providing services without authorisation, the wording may still make accurate interpretation and application difficult in practice.
The latter, i.e. the abuse of crypto-asset, is punishable if an individual or a legal person exchanges crypto-assets of significant value into fiat currency or other crypto-assets by using an unauthorised crypto-asset exchange service. The Criminal Code therefore punishes users who use unauthorised crypto-asset exchange services, even if they do not commit any other criminal offense. In the context of financial activities, it is unusual that using a service can constitute a criminal offense on the part of the user. From a consumer protection perspective, it is concerning that consumers may find themselves in situations, where they must check the service provider's authorisation, either on a long-term or on a transaction-by-transaction basis. The wording raises further questions. Crypto-asset service providers with the appropriate MiCA license can, in theory, freely carry out such activities within the EU, but in practice it appears that, in the absence of compliance with the new – and yet undeveloped – Hungarian validation requirements, this alone may not be sufficient for the lawful provision of exchange services. Even the use of services offered by MiCA licensed entities but not aligned with the Hungarian exchange validation system may be considered unlawful and entail criminal consequences for users. This approach is completely contrary to the MiCA's objective of harmonizing obligations for service providers and users across Member States.
While the price of Bitcoin is reaching new all-time highs, the US president has just signed the stablecoin law aimed at strengthening the dominance of the US dollar, and news are coming in about MiCA licenses being granted in other Member States, Hungarian crypto-asset service providers and users are closely monitoring the events in the domestic market and eagerly awaiting further developments from regulators to help interpret the changes.