Buy a licensed company 
VASPs live data and insights 
Learn about crypto safety 
Read the latest research 
Bermuda DABA Explained: Licensing, Compliance, and 2026 Outlook
- Bermuda built DABA as a dedicated digital asset regime, not as a patch on old banking or securities laws.
- The framework regulates business activity first, giving firms more flexibility as products evolve.
- The BMA uses a tiered licensing model (T, M, and F) to cover both pilots and full-scale operators.
- Recent reforms tightened client asset protection through functional control standards and custody rules.
- Bermuda still offers a strong base for digital asset firms, but real substance, local presence, and governance matter more now than simple offshore incorporation.
Bermuda regulates the digital asset sector primarily through the Digital Asset Business Act 2018 (DABA). Administered by the Bermuda Monetary Authority (BMA), DABA serves as a dedicated, purpose-built legislative framework rather than an extension of legacy securities or banking laws.
The BMA employs a risk-based, proportionality-driven supervisory model. Under this model, the regulator calibrates its prudential and governance expectations to match the specific nature, scale, complexity, and risk profile of each licensed entity. This approach allows the BMA to oversee both early-stage startups and globally active institutions under a single legislative umbrella.
| Topic | What Bermuda’s DABA framework does | Why it matters |
| Core law | DABA is Bermuda’s dedicated legal framework for digital asset businesses, supervised by the Bermuda Monetary Authority (BMA). | Firms get a purpose-built regime instead of trying to fit crypto activity into older banking or securities rules. |
| Regulated activities | The regime covers exchanges, custodial wallet services, digital asset trust services, payment services using digital assets, and other regulated digital asset business lines. | Licensing depends mainly on the business activity being carried on, not just the label attached to the token. |
| Licence classes | Bermuda uses three licence classes: Class T for testing, Class M for transition and scale-up, and Class F for full operations. | Startups and larger firms can enter the regime at different stages without using the same compliance model from day one. |
| Capital thresholds | Minimum net assets should not be lower than US$10,000 for Class T and US$100,000 for Class M and Class F, though the BMA can require more. | Capital expectations scale with risk, which makes the framework more flexible than a one-size-fits-all model. |
| Client asset protection | The 2024 reforms widened the focus to functional control of client assets, while the 2025 custody rules require segregation, consent-based pooling, and reconciliation for custodial wallet providers. | This is one of the most important parts of the regime because it directly addresses custody failures and insolvency risk. |
| Operational resilience | The final Operational Resilience and Outsourcing Code requires relevant firms, including Class F digital asset businesses, to identify important business services and implement the framework by 31 March 2028. | Bermuda is not only regulating crypto activity but also assessing how critical services hold up under disruption. |
| AML and sanctions | DABA firms are treated as AML/ATF-regulated financial institutions and must follow KYC, monitoring, reporting, and sanctions controls. | Bermuda treats digital asset firms more like serious financial institutions than lightly supervised tech businesses. |
| Economic substance | Class M and Class F firms must show real economic presence in Bermuda, including management, CIGA, premises, and local operating substance. | This limits shell-company use and pushes licensed firms toward a real on-island operating presence. |
| Tax position | Bermuda’s 15% corporate income tax applies mainly to Bermuda constituent entities in multinational groups with annual global revenues of €750 million or more. | Smaller and mid-sized digital asset firms are generally outside the scope of the new corporate tax. |
| 2026 direction | The BMA’s 2026 plan includes continued work on AI, embedded supervision, payment services, and tokenisation proposals. | The regime is still evolving, which matters for firms planning long-term market entry. |
Definitional Scope and Regulated Activities
What the Law Says
Under Section 2 of DABA, a digital asset is defined as anything existing in binary format that comes with the right to use it and includes a digital representation of value. The statutory definition explicitly includes assets used as a medium of exchange, a unit of account, or a store of value; tokens representing debt or equity; and utility tokens that provide access to decentralized applications. The Act explicitly excludes fiat currency and traditional affinity or rewards programs (such as airline miles).
Under the Act, an entity must hold a license from the BMA if it operates in or from within Bermuda and conducts any of the following activities for the general public:
- Issuing, selling, or redeeming digital assets.
- Operating as a payment service provider utilizing digital assets.
- Operating a digital asset exchange or a digital asset derivative exchange.
- Providing custodial wallet services.
- Carrying on digital asset trust services.
- Operating as a digital asset benchmark administrator or digital asset services vendor.
- Operating as a digital asset lending or repurchase transactions service provider (a category formally added via the Digital Asset Business Amendment Act 2024).
Entities providing strictly underlying technology infrastructure, such as independent miners, node validators, or data storage providers, are generally exempt from licensing, provided they do not conduct the financial activities listed above on behalf of clients.
Strategic Context
The practical effect of this broad definitional framework is that businesses typically do not need to secure separate legal classifications for utility tokens and security tokens to determine baseline DABA applicability. Because the law captures the business activity itself rather than relying on the token’s specific technological categorization, firms can alter their product offerings without automatically triggering a change in their jurisdictional regulatory status, provided the new activity falls within their approved business plan.
The Tiered Licensing Architecture
What the Law Says
The BMA issues three classes of digital asset licences. Class T is a testing licence for pilot or beta activity, Class M is a transitional licence, and Class F is the full licence. Minimum net assets should not be lower than US$10,000 for Class T and US$100,000 for Class M and Class F, with the BMA able to require more based on the nature, scale, and complexity of the business. Under the 2024 amendments, Class T licensees must maintain records of client and proprietary transactions for five years.
The application timetable is best understood as a guideline for supervisory services rather than a statutory guarantee. Current BMA materials indicate acknowledgement within two business days, a completeness check within three business days, and presentation to the Assessment and Licensing Committee within 20 business days following the first Friday after receipt, provided the application is complete and outstanding queries are resolved. Application fees range from US$1,000 (Class T) to US$2,266 (Class M and F). Annual operating fees are calculated as the lower of US$450,000 or a fractional multiplier of estimated client receipts, with set minimums based on the specific services provided (e.g., US$150,000 minimum for custodial operations).
Strategic Context
The tiered structure functions as a managed runway. It provides early-stage companies with a legal operating environment to secure banking relationships and venture capital before they possess the balance sheet required to maintain a full Class F compliance apparatus.
Prudential Standards and Asset Safeguarding
What the Law Says
To secure and maintain a license, entities must meet the “Minimum Criteria for Licensing” outlined in Schedule 1 of DABA. This requires that all controllers and officers be “fit and proper” persons, that the business be conducted prudently, and that the firm maintain adequate accounting systems and insurance.
The protection of client assets is a central pillar of the regime. The 2024 reforms broadened the regime’s focus from formal custody labels to functional control over client assets. Separately, the Digital Asset Business (Custody of Client Assets) Rules 2025 apply expressly to licensed undertakings that provide custodial wallet services, requiring client asset segregation, written client consent for the pooling of identical assets, and regular reconciliations.
Addressing systemic continuity, the BMA consulted on operational resilience and outsourcing in January 2025 and finalized the Code in September 2025. The final regime requires relevant firms to identify important business services, map the resources needed to deliver them, set impact tolerances, and implement the framework by 31 March 2028. Any discussion of pre-approval-style outsourcing notice requirements should be framed carefully, as some of that language appeared more explicitly at the consultation stage than in the final Code.
Strategic Context
The 2024 “control of assets” amendment and the 2025 Custody Rules represent the BMA’s direct regulatory response to the complex insolvencies of the 2022 global crypto market. By shifting focus from strict custodial labels to the functional “control” of assets, the BMA has structurally integrated decentralized finance (DeFi) margin trading and stablecoin reserve management into traditional prudential standards.
AML/ATF and Financial Crime Compliance
Digital asset businesses in Bermuda are legally designated as “AML/ATF-regulated financial institutions” under the Proceeds of Crime Act (POCA). Licensees must adhere to the same financial crime standards as traditional banks and reinsurers.
Requirements include:
- Implementing strict Customer Due Diligence (CDD) and Know Your Customer (KYC) onboarding protocols.
- Applying Enhanced Due Diligence (EDD) for transactions involving high-risk jurisdictions as identified by the FATF.
- Conducting ongoing transaction monitoring and global sanctions screening.
- Appointing a Money Laundering Reporting Officer (MLRO) responsible for filing Suspicious Activity Reports (SARs) via the GoAML system to the Financial Intelligence Agency (FIA).
- Undergoing an annual, independent third-party audit of the firm’s AML/ATF compliance program.
Economic Substance and Taxation
What the Law Says
Under the Bermuda Economic Substance Act 2018, licensed entities (specifically Class M and Class F) are required to maintain substantial economic presence in the jurisdiction. A digital asset business must prove that its Core Income-Generating Activities (CIGA) occur in Bermuda.
To comply, the entity must:
- Be managed and directed in Bermuda (meaning key strategic decision-making occurs locally).
- Undertake its relevant CIGA physically on the island.
- Maintain adequate physical commercial premises.
- Employ an adequate number of suitably qualified, full-time local employees.
- Incur adequate local operating expenditures.
If an entity generates income through the exploitation of High-Risk Intellectual Property, it faces a statutory presumption of non-compliance, which can only be rebutted by proving a high degree of control over the IP’s development and maintenance by employees permanently residing in Bermuda.
Historically, Bermuda applied a 0% corporate tax rate to offshore profits. However, effective January 1, 2025, Bermuda enacted a 15% Corporate Income Tax (CIT) in alignment with the OECD’s Pillar Two framework. This tax applies exclusively to Bermuda constituent entities that are part of Multinational Enterprise (MNE) groups with annual global revenues of €750 million or more.
Strategic Context
Bermuda’s Economic Substance laws effectively eliminate the viability of “brass plate” offshore shell companies. Firms must invest in local infrastructure and executive personnel. Regarding the 2025 CIT, the €750 million threshold means that the vast majority of mid-market digital asset startups and independent protocol developers operating under DABA remain outside the scope of the new 15% tax, preserving the jurisdiction’s tax-neutral status for early and growth-stage companies.
Forward-Looking Policy: The 2026 BMA Business Plan
The BMA’s published Business Plan for 2026 outlines specific regulatory objectives for the digital asset sector. In 2026, the BMA plans to continue supervisory engagement on AI and develop framework enhancement proposals on the responsible use of AI in the financial sector. The Authority also intends to publish the outcome of its embedded supervision pilot, operationalise and finalise licensing classes under the proposed Payment Services Act, and advance proposals on tokenisation and digitally innovative investments.
Comparative Regulatory Analysis
As global digital asset regulation matures, operational requirements differ significantly across jurisdictions.
European Union: Markets in Crypto-Assets (MiCA)
MiCA provides a harmonized framework allowing authorized Crypto-Asset Service Providers (CASPs) to passport their services across 27 EU member states. However, the regime places strict geographical constraints on stablecoin issuers. MiCA mandates that a significant portion of the reserve assets backing e-money tokens (EMTs) and asset-referenced tokens (ARTs) must be held in credit institutions physically located within the EU. DABA does not impose equivalent geographic restrictions on reserves, allowing Bermuda-licensed issuers to utilize globally distributed institutional custodians, provided the assets meet the BMA’s liquidity and risk criteria.
Singapore: Payment Services Act (PSA)
Administered by the Monetary Authority of Singapore (MAS), the PSA relies on a two-tier system: Standard Payment Institutions and Major Payment Institutions (MPI). The MPI license requires a base capital of S$250,000 (approx. US$184,000) and mandates security deposits based on transaction volumes. Singapore’s framework is heavily focused on digital payment tokens and fiat remittances. Bermuda’s DABA captures a wider array of financial instruments natively within a single framework, explicitly regulating digital asset derivatives, trusts, and decentralized lending.
Dubai: Virtual Assets Regulatory Authority (VARA) / Free Zones
The UAE regulatory landscape operates through mainland authorities (regulated by the Central Bank and VARA) and independent free zones like the Dubai International Financial Centre (DIFC) and Abu Dhabi Global Market (ADGM), each with distinct rulebooks and capital tiers. Bermuda, by contrast, utilizes a unified regulatory architecture; the BMA serves as the sole financial services regulator for the entire jurisdiction, meaning firms do not need to navigate intra-jurisdictional free-zone variations.
Market Integrity and Enforcement
The BMA possesses extensive statutory powers under DABA to enforce compliance. The Authority conducts on-site inspections, demands the production of documents, and can restrict or revoke licenses.
Operating a digital asset business in Bermuda without a valid DABA license constitutes a criminal offense. Upon summary conviction, an entity is liable to fines of up to US$50,000 and imprisonment; upon conviction on indictment, penalties extend to fines of up to US$250,000 and maximum prison sentences of 5 years.
The BMA regularly publishes warning lists identifying unauthorized entities. For example, in early 2026, the BMA issued public alerts regarding “Coinmint Bermuda Ltd,” confirming the entity was unregistered and falsely claiming DABA licensure. To protect institutional privacy, the BMA strictly limits public disclosures regarding compliant firms. The Information Commissioner has upheld the BMA’s right under the Public Access to Information (PATI) Act to withhold supervisory data, such as the operational reasons for an entity’s voluntary surrender of its license, citing the secrecy provisions of the BMA Act 1969.
Frequently Asked Questions (FAQ)
What is Bermuda’s Digital Asset Business Act (DABA)?
DABA is Bermuda’s primary law governing digital asset businesses operating in or from within the jurisdiction. It gives the BMA authority to license, supervise, and enforce standards across the sector.
Who needs a DABA licence?
Any firm carrying on regulated digital asset business in or from Bermuda generally needs a licence. That includes exchanges, custodians, payment service providers using digital assets, certain lending businesses, and other regulated operators.
What are the DABA licence classes?
There are three: Class T for testing or pilot activity, Class M for transitional or scaling businesses, and Class F for full unrestricted operations.
How long does the DABA licensing process take?
The process is not a hard statutory deadline. Still, BMA guidance indicates acknowledgement within two business days, a completeness check within three business days, and presentation to the Assessment and Licensing Committee within 20 business days after the first Friday following receipt, assuming the application is complete.
What is the minimum capital requirement under DABA?
Minimum net assets should not be lower than US$10,000 for Class T and US$100,000 for Class M and Class F, though the BMA may require higher amounts depending on the business model and risk profile.
How does Bermuda regulate custody of client assets?
The regime now focuses on functional control of client assets, not just formal custody labels. Firms providing custodial wallet services must segregate client assets, obtain written consent before pooling identical assets, and conduct regular reconciliations.
Are DABA firms subject to AML and sanctions rules?
Yes. Digital asset businesses are treated as AML/ATF-regulated financial institutions and must follow KYC, transaction monitoring, sanctions screening, reporting, and audit requirements.
Do digital asset firms need real substance in Bermuda?
Yes. Class M and Class F businesses are expected to show real economic presence, including local management, relevant income-generating activity, commercial premises, staff, and operating expenditure.
Does Bermuda’s 15% corporate income tax apply to all crypto firms?
No. The 15% Corporate Income Tax mainly applies to Bermuda constituent entities that are part of multinational groups with annual global revenue of €750 million or more. Most smaller and mid-sized digital asset firms fall outside that threshold.
What is the difference between DABA and DAIA?
DABA regulates the ongoing operation of digital asset businesses. DAIA deals with digital asset issuance and fundraising activity, such as token offerings structured to raise capital.
