MiCAR in Norway: EEA Applicability and CASP Reporting After the Norges Bank Crypto Survey

Last updated: June 2026

A crypto-asset firm that treats Norway as just another corner of the EU single market is making an expensive assumption. MiCAR in Norway did not switch on when the EU rules did. The provisions binding crypto-asset service providers across the Union applied from 30 December 2024, but a firm serving Norwegian clients was governed by a different instrument, brought into force on a different date, and supervised by a different authority.

That timing gap is the practical story behind a piece of supervisory data most reporting teams skipped past. On 5 June 2026 Norges Bank published the second round of its survey on the Norwegian population and crypto-assets. The headline barely moved: 12 percent of the population own crypto-assets, up from 11 percent in 2024. The figure that should interest a compliance reader sits lower down. Only 17 percent of crypto-asset owners had heard of the Crypto Asset Act that now regulates the firms they buy from. Finanstilsynet is supervising a market where most customers do not know the rulebook exists.

Related reading: our MiCAR reporting obligations guide

What the Norges Bank survey actually measured

The survey was run by Ipsos for Norges Bank. The main sample of 1,268 respondents was collected between 29 January and 5 February 2026, with a booster sample of 503 fielded between 25 February and 10 March 2026, giving 718 crypto-asset owners in total. Awareness of crypto-assets reached 97 percent of the population aged 16 and over, up from 96 percent in 2024. Seventeen percent of the population said they have owned or currently own crypto-assets, up from 15 percent two years earlier.

Stablecoins are where the gap between hype and behaviour shows. Nineteen percent of respondents had heard of stablecoins, and of that group, 72 percent said they had never bought one. Among those who had, 55 percent bought stablecoins to trade other cryptocurrencies rather than to pay for anything. That tells a CASP the stablecoin activity it does see is overwhelmingly exchange-driven, which feeds straight into how asset-referenced and e-money token flows get reported.

One number deserves a flag for what it does not say. The survey does not split holdings cleanly into payments versus speculation, and it is a population survey, not a register of regulated activity. It is good evidence of demand, not a substitute for a firm mapping its own client base against MiCAR scope.

How MiCAR in Norway took effect through the Crypto Asset Act

MiCAR is Regulation (EU) 2023/1114, published in the Official Journal on 9 June 2023 and marked as a text with EEA relevance. That EEA label is the part teams misread. A regulation with EEA relevance does not reach Norway, Iceland and Liechtenstein automatically the way it binds EU Member States. It has to be incorporated into the EEA Agreement by a decision of the EEA Joint Committee, then given effect in national law by each EEA EFTA state.

The EEA Joint Committee decision incorporating MiCAR was taken on 20 February 2025. Norway gave the regime domestic effect through the Crypto Asset Act, the kryptoeiendelsloven (Lov 2025-05-27-20), which received royal assent on 27 May 2025 and entered into force on 1 July 2025. The same date brought Norway’s transposition of the recast Funds Transfer Regulation, Regulation (EU) 2023/1113, through amendments to the Anti-Money Laundering Act.

So the dates do not line up with the EU. ART and EMT rules applied across the EU from 30 June 2024 and the CASP regime from 30 December 2024, while the same obligations only became operative in Norway from 1 July 2025. A firm that booked Norwegian clients in the first half of 2025 on the assumption that an EU MiCAR authorisation already passported into Norway was relying on a bridge still being built. When I check a CASP’s status, the first thing I look at is which authority granted it and whether the EEA incorporation it relies on for passporting is actually in force.

Who needs a Norwegian CASP authorisation

Under MiCAR, providing crypto-asset services in the EEA requires authorisation as a crypto-asset service provider, granted by a national competent authority. In Norway that authority is Finanstilsynet. A firm applies under the Article 62 process, and the content and format of that application are set by Commission Delegated Regulation (EU) 2025/305, the regulatory technical standards under Article 62(5), and Commission Implementing Regulation (EU) 2025/306, the implementing technical standards under Article 62(6).

The common error is assuming the passport flows in only one direction. An EU-authorised CASP cannot assume its passport covers Norwegian clients before the EEA incorporation is operative, and a CASP authorised by Finanstilsynet should not assume same-day reach into all 27 Member States. Passporting across the EEA depends on the incorporation decision being in force across the EEA EFTA states, so the safe step is to confirm the current position with Finanstilsynet rather than infer it from the EU timeline. The token-level analysis that drives the whole authorisation is the same one we walk through in our MiCAR token classification guide.

The transitional period is shorter than people think

MiCAR Article 143(3) lets entities that provided crypto-asset services under applicable national law before 30 December 2024 continue until 1 July 2026, or until they are granted or refused a MiCAR authorisation under Article 63, whichever comes first. Article 143(6) adds an optional simplified authorisation route for firms already authorised under national law. Member States and EEA EFTA states can shorten or decline that grandfathering, which is why the transitional period is not a single EU-wide date.

Norway shows how that discretion bites. The transitional rule in section 19(2) of the Crypto Asset Act originally let providers registered with Finanstilsynet under the AML regime keep operating only until 30 December 2025. Finanstilsynet then consulted on extending that window and adopted a transitional regulation (forskrift 2025-12-18-2854) moving the cut-off toward 30 June 2026, to line up with the maximum permitted under Article 143(3). The lesson is to read the national instrument, not the EU headline. A firm that planned around 1 July 2026 because that is the MiCAR ceiling would have been six months early in Norway under the original rule, and could have lost the right to operate before its authorisation came through.

The reporting obligations that come with the licence

Authorisation is the entry ticket. The recurring work is reporting, and it runs on several tracks at once.

The first track is AML. Through the Funds Transfer Regulation, a Norwegian CASP carries travel-rule duties: transfers of crypto-assets must travel with originator and beneficiary information, and that data has to be available for suspicious-activity and supervisory purposes. This is the backbone behind the survey finding that retail use is still mostly trading rather than payments, because exchange-style flows are exactly what the travel rule is built to trace.

The second track is token-specific. A CASP that handles asset-referenced tokens feeds transaction data to the token issuer under Article 22 of MiCAR, so the issuer can monitor and report use of the token as a means of exchange. The same obligation reaches e-money tokens denominated in a currency that is not an official currency of a Member State, where Article 22 applies through Article 58 of MiCAR. The EBA technical standards under Article 22 set how that CASP-to-issuer data flows, including aggregated reporting per single-currency area. A firm that thinks of itself as only an exchange, and forgets it is also a reporting node in someone else’s ART or EMT monitoring, will under-build that pipe.

The third track is market integrity and ongoing supervision. CASPs sit inside MiCAR market-abuse obligations and report to Finanstilsynet as their home supervisor. A Norwegian licence means a Norwegian reporting relationship, on Norwegian timelines, even where the underlying standard is a directly applicable EU technical standard. The wider cross-border design questions are explored in our coverage of the EC MiCAR review consultation and the AML edges in our note on stablecoins and unhosted wallets.

What the survey signals for scope and conduct teams

Read together, the survey and the rulebook point the same way. Ownership is broad and slightly rising, product awareness is near-universal, but awareness of the rules protecting the buyer is thin. Owners skew toward the 16 to 39 age groups, with the 60-plus group under-represented and more men than women holding crypto. Low rule-awareness among customers does not reduce a firm’s obligations. It raises the expectation that the firm closes the gap itself, through clear white papers, honest risk warnings, and reporting that shows on demand that the firm sits inside the regime.

Frequently Asked Questions

Does MiCAR apply directly in Norway the way it applies in the EU?

No. MiCAR is an EU regulation with EEA relevance, so it reaches Norway through the EEA Agreement rather than directly. The EEA Joint Committee incorporated it on 20 February 2025, and Norway gave it domestic effect through the Crypto Asset Act, in force from 1 July 2025.

Who is the competent authority for CASPs in Norway?

Finanstilsynet, the Norwegian Financial Supervisory Authority, authorises and supervises crypto-asset service providers in Norway and runs the application process under MiCAR Article 62.

When does the Norwegian transitional period for existing providers end?

The Crypto Asset Act first allowed previously registered providers to continue until 30 December 2025. Finanstilsynet then adopted a transitional regulation extending that toward 30 June 2026, in line with the maximum window permitted by MiCAR Article 143(3). Confirm the current cut-off against the Norwegian instrument, not the EU date.

Does an EU MiCAR authorisation cover Norwegian clients automatically?

Not by default. Passporting across the EEA depends on the incorporation decision being operative across the EEA EFTA states. Verify the live passporting position with Finanstilsynet rather than assume the EU timeline applies.

What reporting obligations does a Norwegian CASP take on?

The main tracks are travel-rule and AML reporting under the Funds Transfer Regulation (Regulation (EU) 2023/1113), CASP-to-issuer data reporting under Article 22 of MiCAR for asset-referenced tokens (and, through Article 58, for e-money tokens denominated in a non-Member-State currency), and market-abuse and ongoing supervisory reporting to Finanstilsynet.

What did the 2026 Norges Bank survey find?

That 12 percent of the population own crypto-assets and 17 percent have ever owned them, with 97 percent aware of crypto-assets. Only 17 percent of owners had heard of the Crypto Asset Act, and 19 percent of respondents had heard of stablecoins, most of whom had never bought one.

Related Articles

• MiCAR Reporting Obligations – The core MiCAR reporting duties for issuers and CASPs across the EU and EEA.
• MiCAR Token Classification – How to classify a token as an ART, EMT or other crypto-asset, and the reporting that follows.
• EBA MiCA Statement on ARTs and EMTs – Issuer takeaways on own funds, reserves and significance under MiCAR.
• EC MiCAR Review Consultation – What the Commission’s review consultation could change for European CASPs.
• FATF Stablecoins and Unhosted Wallets – The AML/CFT angle on stablecoins and self-hosted wallet transfers.

Key Takeaways

• MiCAR reaches Norway through the EEA Agreement, not directly. The EEA Joint Committee incorporated it on 20 February 2025 and the Crypto Asset Act gave it effect from 1 July 2025.
• The Norwegian CASP timeline runs roughly six months behind the EU CASP date of 30 December 2024. Do not assume EU dates apply in Norway.
• Finanstilsynet is the competent authority. Authorisation runs under MiCAR Article 62, with application content set by Delegated Regulation (EU) 2025/305 and Implementing Regulation (EU) 2025/306.
• The Norwegian transitional window under section 19(2) first ran to 30 December 2025, then was extended toward 30 June 2026 to match the Article 143(3) ceiling.
• Reporting runs on three tracks: travel-rule and AML under the Funds Transfer Regulation, CASP-to-issuer data under Article 22 MiCAR (extended to non-Member-State-currency EMTs via Article 58), and market-abuse and supervisory reporting to Finanstilsynet.

Sources and References

• Regulation (EU) 2023/1114 of 31 May 2023 on markets in crypto-assets (MiCAR), OJ L 150, 9.6.2023, EUR-Lex: https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A32023R1114
• Regulation (EU) 2023/1113 on information accompanying transfers of funds and certain crypto-assets (recast Funds Transfer Regulation), EUR-Lex: https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A32023R1113
• EBA Final Report on draft RTS on the methodology to estimate transactions associated to uses of ARTs under Article 22(6) and of EMTs denominated in a non-EU currency under Article 58(3) of MiCAR (EBA/RTS/2024/13, 19 June 2024): https://www.eba.europa.eu/sites/default/files/2024-06/4befe99b-36d3-4b92-96b1-13a0f47e039a/Final%20Report%20on%20RTS%20on%20use%20of%20ARTs%20and%20EMTs%20as%20a%20means%20of%20exchange%20under%20MICAR.pdf
• ESMA, Markets in Crypto-Assets Regulation (MiCA) Level 2 and 3 measures table (Article 62 RTS/ITS, transitional measures): https://www.esma.europa.eu/esmas-activities/digital-finance-and-innovation/markets-crypto-assets-regulation-mica
• ESMA Statement on MiCA Transitional Measures, 17 December 2024 (ESMA75-453128700-1396): https://www.esma.europa.eu/sites/default/files/2024-12/ESMA75-453128700-1396_Statement_on_MiCA_transitional_measures.pdf
• Finanstilsynet, Kryptoeiendeler (MiCA) topic page: https://www.finanstilsynet.no/tema/kryptoeiendeler-mica/
• Finanstilsynet, news on the Crypto Asset Act and AML Act amendments (TFR II) entering into force 1 July 2025: https://www.finanstilsynet.no/nyhetsarkiv/nyheter/2025/lov-om-kryptoeiendeler-kryptoeiendelsloven-og-lov-om-endringer-i-hvitvaskingsloven-tfr-ii-trer-i/
• Finanstilsynet, consultation on extending the transitional rule in the Crypto Asset Act: https://www.finanstilsynet.no/nyhetsarkiv/horinger/2025/horing-forlengelse-av-overgangsregelen-i-kryptoeiendelsloven/
• Lovdata, Lov om kryptoeiendeler (kryptoeiendelsloven), Lov 2025-05-27-20: https://lovdata.no/lov/2025-05-27-20
• Lovdata, Forskrift om overgangsregler til kryptoeiendelsloven (2025-12-18-2854): https://lovdata.no/dokument/SF/forskrift/2025-12-18-2854
• Norges Bank Papers 6/2026, Survey on crypto-assets in Norway, 5 June 2026: https://www.norges-bank.no/en/news-events/publications/Norges-Bank-Papers/2026/nb-papers-6-2026-crypto-assets/
• Norges Bank Papers 2/2024, Survey on crypto-assets in Norway (comparison baseline): https://www.norges-bank.no/en/news-events/publications/Norges-Bank-Papers/2024/memo-2-2024-crypto-assets/

Norway is a reminder that the EEA is its own timeline

The Norges Bank survey is a demand signal, and a modest one: a little more ownership, a lot of awareness, very little understanding of the rules. The regulatory signal underneath it is sharper. MiCAR binds Norwegian CASPs, but it binds them through the Crypto Asset Act, on Norwegian dates, under Finanstilsynet, with a transitional window that has already moved once. Any firm building its Nordic crypto book off an EU calendar should put the Norwegian instruments next to the EU ones and reconcile the dates before, not after, it onboards the next customer.

Disclaimer: The information on RegReportingDesk.com is for educational and informational purposes only. It does not constitute legal, regulatory, tax, or compliance advice. Always consult your compliance officer, legal counsel, or the relevant supervisory authority for guidance specific to your institution.