Baltic Fintech Legal Outlook

Baltic Fintech Legal Outlook focuses on these regulations which will shape the regulatory outlook for fintech companies across Estonia, Latvia and Lithuania in 2026.

Foreword by Ellex

In 2026, the Baltic FinTech landscape is defined by regulatory maturity, consolidation and cross-border ambition. Estonia remains a digitally advanced and credible Fintech hub, benefiting from constructive engagement by the regulator and a shift towards sustainable, pan-European scaling. Latvia gains momentum with its FinTech Strategy 2026–2027, supported by active regulatory backing and increased licensing activity, strengthening its position as an attractive innovation hub. Lithuania continues to offer efficient EU market access, while facing heightened supervisory expectations around AML, operational resilience, AI, cybersecurity and governance as EU regulatory integration deepens.

Estonia enters 2026 as a mature fintech hub, building on its strong start-up culture, advanced digital infrastructure and a well experienced regulator in technology-driven business models. While the market has peaked statistically in terms of start-ups and unicorns per capita, the focus has shifted from rapid growth to sustainability and cross-border scaling.

Regulation continues to play a decisive role in the sector, in line with broader EU trends. Estonia’s relatively compact regulatory environment remains an advantage, allowing for swift and constructive dialogue with the regulator. The regulator is placing strong emphasis on further enhancing the efficiency of Estonia’s regulatory landscape by reducing administrative burdens for market participants, streamlining regulatory requirements and introducing new solutions to facilitate a smoother and more efficient licensing process. At the same time, supervisory practice has become more selective, particularly following increased scrutiny of digital asset service providers, resulting in higher licensing standards and a smaller but more credible market.

From a regulatory perspective, 2026 is defined by implementation rather than transition. MiCAR has changed the digital asset landscape, DORA has shifted the focus to operational resilience and ICT risk management, the upcoming application of the PSD3/PSR is redefining market access and open banking and artificial intelligence is reshaping how the financial services are provided. These developments require fintech companies to combine technological innovation with regulatory maturity, reinforcing Estonia’s position as a stable and credible jurisdiction for financial services innovation.

Latvia steps into 2026 with a new FinTech Strategy for 2026-2027 with a main objective to ensure that Latvia becomes a competitive FinTech hub in Europe by offering companies and investors an attractive environment for innovation, growth, and the development of new services.

With a strong support from the legislators and the financial supervisory authority, Latvijas Banka, the country is on the right path to achieve this ambitious goal, as evidenced by an increasing number of authorizations issued to FinTech companies in 2025, including two CASP authorizations.

In 2026 Lithuania’s fintech ecosystem should anticipate alignment efforts with evolving EU frameworks, as well as stronger supervisory emphasis on AML, operational resilience, AI/automated risk models, cybersecurity and governance arrangements. Deeper EU regulatory integration with MiCAR, AML regulation, PSR and PSD3, among others, will be critical in ensuring both a growing competitiveness and appropriate risk management. While Lithuania remains as one of the key players in the European fintech ecosystem with a rapid market entry potential, stricter conduct expectations, supervisory oversight and maturity of compliance and risk management are expected to be defining topics this year.

Fintech market outlook – external experts

In the fintech market outlook, the external experts share their thoughts on the most important legal developments and pivotal market trends that will shape the fintech market in the Baltics in 2026.

Ian Kalla, Head of Fintech Working Group, Finance Estonia

If Estonia’s fintech ecosystem were a kitchen appliance, it wouldn’t be the flashy new KitchenAid – it would be the reliable coffee machine you turn on every morning. You likely don’t pay too much attention to it when it works, but you definitely miss it when it doesn’t.

In 2025, the broader startup ecosystem delivered strong revenue growth, with fintech making a meaningful contribution. Just a few years ago, over 70% of Estonian fintech firms were in their earliest stages and less than five years old; today the sector has visibly matured. Fintech is not a mere startup niche anymore, but a strong ecosystem driven by revenue, cross-border activity, and long-term viability.

Payments continue to hold as the backbone of the sector. In addition to widely adopted instant payments, account-to-account solutions, and open banking, we are on the verge of a revolution with stablecoins redefining the rails of money movement. Emphasis is shifting toward reliability, fraud prevention, and harmonisation across markets, as open finance is beginning to emerge as a natural extension of existing systems.

Digital assets are also settling into a more predictable rhythm from 2026. With MiCAR establishing a single European framework, companies operating in this space now have clearer expectations around governance, capital, and consumer protection. For some, the transition may feel demanding, but it also brings the benefit of knowing the rules of the game – and the ability to play as equals among the rest of the financial sector, across the entire EU.

Across all segments, regulation is shaping how fintech companies are built and run. DORA places operational resilience and ICT risk management at the centre of financial services, while AML and sanctions compliance remain key supervisory priorities. As regulatory complexity increases, many turn to AI-driven automation tools to manage compliance efficiently at scale.

Going into 2026, we can expect the Estonian fintech ecosystem to consistently brew that perfect cup of coffee in the morning rush. Leveraging our foundational strengths, the fintechs are in great position to lead the most pressing trends amidst regulatory shifts – innovating dependably and scaling responsibly.

Tīna Lūse, Managing Director, FinTech Latvia association

Looking back at FinTech Industry in 2025, we see that it isn’t just about growth in company count, employment, or tax contribution – it’s about how the sector is growing. What we’re seeing is a shift from a fast-moving, fragmented market to a more structured, policy-aware and economically relevant industry. The combination of scale (€369M turnover, €90M in taxes), regulatory engagement, and collective action signals a clear shift. Latvian fintechs are moving from participants in the system to co-architects of it – contributing to policy design, infrastructure development, and responsible market standards.

New licensed entrants, MiCA implementation, and the National Fintech Strategy 2026-2027 demonstrates us that the industry is no longer experimenting on the margins, but operating as a grown participant of the financial system. Just as importantly, the ecosystem is learning to grow collectively, allowing both regulated and non-regulated players to benefit from better market conditions over time.

The data clearly shows that Latvian fintech is maturing – and with maturity comes influence.

Jekaterina Govina, former regulator, national representative in European regulatory authorities, fintech expert

Lithuania continues to enjoy its position as a regional FinTech hub with a strong global profile, driven by a vibrant ecosystem that offers access to talent, infrastructure, and the European Union market. The payments sector remains a key pillar of the Lithuanian FinTech market. Although the issuance of new licenses has slowed down, the Lithuanian market remains attractive for acquisitions, which are expected to continue as a key trend in 2026. DORA, as well as upcoming regulatory changes under PSD3, PSR are expected to shift market focus towards resilience, fraud prevention, and consolidation.

We will see a spillover effect from the MiCAR licensing process that began in 2025, with several additional licenses expected to be issued by the Bank of Lithuania. Crypto assets will continue to penetrate the financial sector, as society shows a growing willingness to allocate part of their savings to crypto instruments. According to the ECB, more than 13% of Lithuanian households already hold crypto assets. To respond to customer demand, certain segments of the traditional financial market in Lithuania are expected to gradually move towards offering established crypto products.

Alternative financing continues to evolve in Lithuania, with the crowdfunding market actively contributing to the revival of the corporate bond market. Capital market activity in the country will also be influenced by the reform of the second pension pillar, which is expected to redirect a significant share of citizens’ savings towards various lending and investment platforms. This process coincides with the growing interest of Lithuanians in investments and aligns well with the EU’s priority to increase retail participation in capital markets.

Fraud prevention, AML, and sanctions compliance will remain among the top priorities for both financial market participants and regulators, as AML-related enforcement measures continue to dominate supervisory activity. It is therefore unsurprising that FinTech companies are heavily investing in the automation of AML processes, largely relying on third-party solutions. Advances in artificial intelligence will further reinforce this trend, with an increasing number of case management tasks being handled by AI-driven tools.

Regulatory focus will also remain on the governance of FinTech companies, particularly following the entry into force of new governance guidelines at the beginning of this year. This development is welcome and may contribute to reducing overall risk in the FinTech market.

Finally, while one might hope to see signs of administrative burden relief for the financial market inspired by Mario Draghi–driven EU initiatives and local supervisory actions, I remain rather sceptical about their practical implementation and impact on the market.

Baltic Legal Outlook

The fintech sector is constantly facing new regulations and, therefore, needs to be up-to-date with the latest developments to ensure timely compliance. In the Baltic Legal Outlook we give an overview of the most important EU legal regulations influencing the fintech market in the Baltics in 2026. Specific focus has been put on the implementation of the EU regulations and their impact on the fintech sector in Estonia, Latvia and Lithuania.

PSD3/PSR/FIDA

PSD3/PSR

The European Commission introduced the first draft of the new regulatory proposals for payment services on 28 June 2023 with the aim of bringing the payments sector further into the digital age. For that, the European Commission introduced two new legal acts replacing the PSD2:

Directive on Payment Services and Electronic Money Services (PSD3) and

Payment Services Regulation (PSR).

PSD3 is focusing on the authorisation and supervision in payment services and brought the following important changes according to the proposal:

PSD3 brought e-money institutions (EMIs) under the same regulatory umbrella with payment institutions (PI), as the PSD3 also includes the authorisation requirements for the EMIs.

PSD3 introduced changes to existing definitions, as the definitions under the PSD2 have been subject to debate. PSD3 reviewed the scope of regulated payment services (e.g. the service of enabling cash to be placed or withdrawn from a payment account that was dissociated from the activity of servicing the payment account, services of execution of payment transactions and execution of payment transactions where the funds are covered by a credit line were listed together, while services of issuing payment instruments and acquiring payment transactions were listed separately).

PSD3 foresaw additional requirements to the authorisation. These additional requirements included mainly references to the DORA regulation, risk management and winding-up plans.

PSD3 reviewed the requirements to the initial capital of the PIs and set new thresholds.

PSD3 required existing PIs and EMIs as well as companies operating under payment services exemption to undergo a reapplication process.

PSR is strengthening the requirements on some definitions and open banking solutions with the following most notable proposals:

PSR updated the list of exclusions, i.e. services that are excluded from payment services.

PSR reviewed the requirements applicable to the access of payment systems and accounts.

PSR introduced changes to the open banking solutions and APIs as well as to the strong customer authentication.

The market expected the final texts of the PSD3 and the PSR to be published already in the first quarter of 2025 as the position of the European Parliament was clear already in April 2024. However, the European Council published its position only in June 2025 which allowed trilogue negotiations to start. The European Parliament and the Council reached a deal on the PSD3/PSR in November 2025, and the final texts are expected to be published in Q1 2026.

FIDA

Building on the PSD2 concept of open banking, along with the proposals of the PSD3 and the PSR, the European Commission also proposed the so-called Regulation on Financial Data Access (FIDA). FIDA aims to enhance the availability of highly personalised financial products and services by extending access to customer data far beyond payment account information, covering data on credit agreements, creditworthiness assessment, savings, insurance-based individual pension products, personal pension product, crypto-assets, investments and non-life insurance products. The very few data items outside the scope of the FIDA proposal are information on sickness and health insurance products and credit worthiness assessment data of consumers, as well as payment account information, which will remain within the scope of the PSD3/PSR.

Considering the extensive scope of the data covered, it is unsurprising that the majority of the financial service providers fall within the scope of the FIDA as data holders, thus being obliged to disclose their customers’ data to other financial service providers (data users) and obliged to comply with stringent requirements while doing so. At the same time, financial institutions will also be able to receive data, acting as the so-called data users. FIDA proposal also puts forward legal framework for the licensing of a new type of entity entitled to become a data user – financial information service providers.

Although bearing some similarities to the PSD2 and the PSD3/PSR open banking, data access under the FIDA would be based on different principles, including subjecting data sharing and access to the common standards to be adopted by one or more of the so-called financial data sharing schemes, composed of data holders, data users and customer organisations. As well, while the PSD2 and the PSD3/PSR are limited to data access in the payment sector, the FIDA is expected to expand data access rights to a much broader range of financial services.

At the beginning of 2025, it seemed that the regulation is moving forward quickly as the European Parliament and the Council had finalised their positions on the FIDA. However, the reality proved to be quite different with the FIDA undergoing pivotal times throughout the year. While the FIDA finally entered into trilogue negotiations phase in 2025, there were also discussions in the beginning of 2025 about the withdrawal of the regulation, as well as, proposals on much lighter version of the FIDA regulation. As a result, everyone is in the wait of the final text which is expected to be adopted in Q1 of 2026.

There are no initiatives in Estonia regarding the PSD3/PSR/FIDA.

The fintech market is in a wait for the final texts of the regulations to be published to start preparing for the compliance with the new legal requirements. Among other requirements in the PSD3/PSR it is important to note that the positions of the European Parliament and the Council have indicated that the reauthorisation under the PSD3/PSR seems to be still on the table and inevitable for the payment institutions and e-money institutions once the PSD3/PSR are in force. As a result, the market has strong expectation that the local supervisory authority establishes clear framework and step-by-step process to guide firms through reapplication efficiently and transparently.

There are no initiatives in Latvia regarding rhe PSD3/PSR/FIDA yet. Bank of Latvia has announced that work on necessary legislative changes will take place in the fourth quarter of 2026.

There are no initiatives in Lithuania regarding the PSD3/PSR/FIDA.

CCD II

The Second Consumer Credit Directive ((EU) 2023/2225) (CCD II) came into force on 19 November 2023. EU member states had until 20 November 2025 to adopt and publish laws, regulations and administrative provisions to comply with the CCD II. The implementing measures have to be applied within 12 months from the transposition date, i.e. by 20 November 2026, which is also when the first Consumer Credit Directive (Directive 2008/48/EC) (CCD I) will be repealed.

When reviewing the implementation of the CCD I in 2020, the European Commission found that the CCD I has only partially been effective in ensuring high standards of consumer protection and fostering the development of a single market for credit. Moreover, the digitalisation has contributed to market developments that were not foreseen when the CCD I was adopted. Additionally, the imprecision of the wording of certain provisions of the CCD I allowed the member states to adopt diverging provisions, which resulted in a fragmented framework across the EU.

The CCD II introduces the following main changes:

The CCD I did not apply to credit agreements involving a total amount of credit less than EUR 200 or more than EUR 75,000. The CCD II covers credit agreements under 200 EUR as well as up to 100,000 EUR. If the credit is less than 200 EUR, free of interest or charges, or the credit must be repaid within three months and only insignificant charges are payable, the member states may decide not to apply certain requirements, e.g., in relation to standard information to be included in advertising credit agreements, pre-contractual information and information included in the credit agreement.

The CCD II applies to credit agreements involving a total amount of credit of more than 100,000 EUR that are not secured either by a mortgage, or by another comparable security or by a right related to immovable property, where the purpose of those credit agreements is the renovation of a residential immovable property.

The CCD II foresees narrower scope for buy now, pay later (BNPL) schemes. According to the CCD II only these BNPL schemes do not fall within the scope where (i) a supplier of goods or a provider of services gives the consumer time to pay for the goods or services supplied by that supplier or provider, (ii) the purchase price is to be paid free of interest and without any other charges and with only limited charges for late payments and (iii) payment is done within 50 days as of the delivery of the goods or services. However, this exemption only applies to micro, small or medium-sized enterprises. Other companies which are concluding distance agreements with consumers may defer payment only for 14 days instead of 50 days.

In comparison to the CCD I, the CCD II specifies requirements to the creditworthiness assessment and emphasises that consumer should be granted credit only where the creditworthiness assessment indicates that such consumer is able to meet the obligations resulting from the credit agreement. However, considering that the requirements to the creditworthiness assessment on a member state level are generally more stringent, the requirements in the CCD II would not have significant effect on the creditworthiness assessment practice.

The CCD II amends requirements to the pre-contractual information and outlines specific elements (also dependent on the credit agreement) which need to be presented to the consumers during the pre-contractual phase.

The CCD II requires creditors to exercise reasonable forbearance measures before initiating enforcement proceedings. The CCD II also specifies that the creditor is not required to perform a creditworthiness assessment in case the application of forbearance measures results in modifying the existing terms and conditions of a credit agreement if the total amount payable by the consumer does not increase significantly. Though, requirements on forbearance measures are common in EU, the requirement in the CCD II sets a unified standard.

The CCD II states that when crowdfunding credit service providers grant credit directly to consumers, the requirements of the CCD II apply to them. Consequently, the CCD II obligations extend to crowdfunding credit service providers whenever they offer credit directly to the consumers.

The CCD II indicates that member states should have in place adequate admission process for creditors and credit intermediaries. However, the CCD II does not introduce a unified licensing/authorisation regime for credit the service providers /credit intermediaries (largely fintech companies) across EU. The requirements for licensing/authorisation of the credit service providers /credit intermediaries vary between the member states – in some states, the credit service providers /credit intermediaries need to obtain a financial institution license and are under full supervision of a financial supervision authority, whereas in other states, only a simple registration may be sufficient. Hence, the lack of unified licensing regime and possibility to passport its license to other member states remains as an entry barrier for expanding to the new markets and the main obstacle in scaling its business.

From the Estonian perspective the CCD II will play an important role in reshaping the BNPL market. Offering BNPL schemes has been very popular in Estonia both among credit providers and other entities as it is a largely unregulated area and provides notable profit. After the CCD II, a number of these companies providing BNPL schemes currently in Estonia would most likely need to obtain a license in order to keep providing such services. Also, BNPL providers are required to apply to BNPL clients the same requirements that are applicable to ordinary consumer borrowers. Hence, the influence of the CCD II to the Estonian non-bank lender and therefore fintech market is considerable.  

In Estonia, entities providing or intermediating consumer credit need to obtain a license from a competent authority. The process of and requirements for obtaining the license are comparable with those applicable to other financial institutions. Meanwhile, several other member states require only simple registration or authorisation from the credit service providers / credit intermediaries. As the CCD II does not introduce a unified licensing regime for the credit service providers / credit intermediaries, the entry barriers to the Estonian market remain higher for the credit service providers /credit intermediaries than in several other member states. 

In June 2024, the Ministry of Justice required feedback from parties affected by the CCD II on the implementation of the CCD II in Estonia. Among other, the Ministry of Justice and Digital Affairs asked for an opinion on the options left to the Member States regarding the extension of the scope of the CCD II, providing adequate explanations to the consumer, advisory services, creditworthiness assessment, etc. The Ministry of Justice and Digital Affairs released an update in May 2025 on the state of transposition of the CCD II, based on the feedback received. In their feedback, the majority of the parties affected by the CCD II supported maintaining the current scope to the greatest extent possible. On other issues, the approach was rather to extend, if possible, the current regulation of credit agreements related to residential real estate to other consumer credit agreements, as the new regulation is largely based on the Mortgage Credit Directive. A draft legislation is currently being prepared and expected to be published in 2026.

Consumer lending was subject to very strict regulatory requirements in Latvia already before the adoption of the CCD II, as set forth in the Consumer Rights Protection Law (CRPL), including capping the total cost of credit to consumers, mandating thorough creditworthiness checks and extensive restrictions on advertising. Therefore, many of the requirements introduced by the CCD II will not require additional transposition into Latvian national legislation.

For the reminder of requirements set out in the CCD II, the transposition into Latvian national legislation is under way, but has not yet been completed. The primary law for the transposition of the CCD II is the CRPL. However, full transposition will also require amendments to the Law “On Taxes and Duties,” the Credit Information Bureau Law, as well as Cabinet of Ministers (CM) Regulation No. 691 of 25 October 2016 “Regulations on Consumer Lending” and CM Regulation No. 772 of 13 December 2016 “Regulations on the Registration of Credit Intermediaries and Representatives of Credit Intermediaries.”

The main proposed amendments to the above legislative acts include:

Credit intermediaries. Until now, the obligation to register with the Consumer Rights Protection Centre applied to the credit intermediary and a representative of a credit intermediary who offered a consumer credit whereby the repayment was secured by a real-estate mortgage or whose purpose was to acquire or retain rights to real estate. Once the amendments enter into force, the obligation for the credit intermediary and their representative to register applies regardless of whether the credit service is related to a real-estate mortgage or not. The credit intermediary or its representative, who is subject to the registration requirement, may provide their services only if they are registered in the relevant register.The register contains information on the services provided. Therefore, when introducing new consumer credit services, the credit service provider must promptly (i.e., no later than within seven business days after the respective changes enter into force) inform the registry and submit updated information and documents confirming these facts.

Ethics standards. The amendments will also establish professional ethics standards for the credit providers, credit intermediaries, and their representatives. It means there will be an obligation to reassess the remuneration system in such a way that employees would not be interested to violate the established business ethics standards when issuing credit or providing intermediary services. Remuneration may not depend on the number, amount, or proportion of the approved credit applications. The Consumer Rights Protection Centre has referred to the European Banking Authority’s guidelines on remuneration policies and practices related to the sale of retail banking products and services, which must be taken into account when designing remuneration policies.

Deferred Payment and BNLP. The CRPL will be supplemented with a new concept – the deferred payment service. According to the amendments of the CRPL the deferred payment service is understood only as a service in which no other credit provider is involved. Thus, it distinguishes the deferred payment service from BNPL, in which another credit provider is involved. The exemptions in the CRPL apply only to those loans in which no other credit provider is involved. That is, if the manufacturer, seller, or service provider itself (without the involvement of another credit provider) grants a deferred payment to the consumer so that the consumer can pay for that manufacturer’s, seller’s, or service provider’s goods or services, without applying an interest rate or other charges, and the payment must be made in full within 50 days, then the exemptions will apply.

However, if this manufacturer, seller, or service provider is considered a large company, then the period within which full payment must be made is 14 days in order to apply the exemptions set out in the CRPL. The explanatory notes to the amendments mention that this will affect telecommunications service providers (e.g., LMT, Bite, Tele2), who offer the purchase of phones, computers, and other goods on a deferred payment basis.

Creditworthiness assessment. The obligation to assess the consumer’s ability to repay the loan is also planned to apply to credit granted as an overdraft facility that must be repaid within one month, as well as to credit agreements for which no interest or other fees are charged, or only an insignificant fee is required.

As the proposed amendments have not yet been adopted by the Latvian Parliament, changes are still possible.

The CCD II will play a significant role in reshaping the BNPL market in Lithuania, a service that has become increasingly popular across various industries, including e-commerce and telecommunications. Currently, many BNPL providers (among which there are notable fintech companies known for offering BNPL) operate in a regulatory grey area, as the service often falls outside the traditional scope of consumer credit regulations. After the transposition of CCD II, the credit providers will have to apply the same requirements to BNPL clients and to ordinary consumer borrowers.

As a result, the implementation of the CCD II is expected to have a far-reaching impact on the Lithuania’s non-bank lending and fintech sectors. The directive aims to strengthen consumer protections while fostering a level playing field, which could challenge existing business models and demand operational adjustments from both new and established BNPL providers in Lithuania.

The transposition of the CCD II into Lithuanian national legislation is currently under way. The Ministry of Finance of the Republic of Lithuania has already proposed draft amendments to the Law on Consumer Credit of the Republic of Lithuania. Under the proposed amendments the scope of the law will be broadened by increasing the maximum regulated credit amount from EUR 75,000 to EUR 100,000; regulation of deferred payment arrangements subject to strict conditions and short repayment periods will be introduced; certain existing exemptions will be removed, including those relevant for the BNPL models.

In addition, the draft law introduces more detailed requirements relating to mandatory consumer warnings, pre-contractual information disclosures, and the provision of personalised and automated credit offers. Lithuania’s existing strict approach to responsible lending is maintained with the relevant provisions being technically aligned with the requirements of the CCD II.

The draft amendments also introduce additional regulatory requirements for peer-to-peer lending platforms. These include the replacement of fixed share capital requirements with ongoing own-funds requirements, clearer rules on licensing and deadlines for the commencement of activities, provisions governing removal from the public registers, and strengthened governance, conflict-of-interest and transparency obligations.

These draft amendments remain subject to review and approval by the Parliament of the Republic of Lithuania, and the final adopted version of the legislation may differ from the current draft. In addition, the Bank of Lithuania plans to revise a number of legal acts applicable to consumer credit providers in 2026.

EU AML package

Summer 2024

EU AML package entered into force

1 Jul & 31 Dec 2025

AMLAR starts to apply (few provisions started to apply earlier from 26 June 2024)

10 Jul 2027

AMLR starts to apply (except few provisions start to apply from 10 July 2029) AMLD to be transposed into member states law (except few provisions start to apply form 10 July 2025/2026/2029)

1 Jan 2028

AMLA starts supervision

In May 2024, the European Council adopted the so-called EU AML package. The package includes three major legal acts.

Regulation (EU) 2024/1620 establishing the Authority for Anti-Money Laundering and Countering the Financing of Terrorism (AMLAR) sets the rules to the establishment and operations of the Authority for Anti-Money Laundering and Countering the Financing of Terrorism (AMLA). AMLA shall perform supervision over the high-risk credit and financial institutions that operate largely on a cross-border basis. AMLAR also outlines that AMLA should at first instance be able to supervise 40 entities. However, this number may be subject to increase. This, however, means that only a very small proportion of the financial sector companies in the EU fall under the supervision of AMLA. Except for few large market players, the fintech companies in the Baltics should be out of AMLA’s supervisory scope.

Regulation (EU) 2024/1624 on the prevention of the use of the financial system for the purposes of money laundering or terrorist financing (AMLR) contains directly applicable AML/CTF rules to the obliged entities. It is the first time requirements to the obliged entities are established as a regulation that is directly applicable to all obliged entities throughout the European Union. The AMLR introduces a number of changes, of which the following are the most important:

the scope of obliged entities shall be extended, adding as obliged entities crowdfunding service providers, crowdfunding intermediaries, credit intermediaries for mortgage and consumer credits, crypto-asset service providers, holding companies (e.g. financial holding companies) and other institutions;

the requirements to the CDD measures shall be amended (including introducing new situations that additionally require the application CDD measures, more comprehensive requirements for SDD and EDD measures);

more detailed rules for the identification of beneficial owners;

more comprehensive requirements to outsourcing AML functions (e.g. setting restrictions on which functions may not be outsourced).

Directive (EU) 2024/1640 on the mechanisms to be put in place by Member States for the prevention of the use of the financial system for the purposes of money laundering or terrorist financing (AMLD) shall mainly establish rules for the competent authorities and the member states themselves (e.g. supervision by and cooperation between competent authorities, requirements for central registries and EU and national level risk assessments). AMLD also includes certain suitability requirements for the managers and beneficial owners of the obliged entities. Suitability requirements for managers are typical in the financial sector and therefore do not entail any revolutionary changes to the current legal framework. However, the AMLD also requires the assessment of the beneficial owners. The financial services regulations foresee the suitability requirements to the owners of qualifying holding, but the beneficial owners are not the same as the owners of qualifying holding. Therefore, the AMLD adds an additional layer of suitability assessment to the financial sector. Fintech companies should assess their ownership and control structure up to the beneficial owners to determine the persons to be assessed.

In addition to the above, a significant amount of second level regulations (RTS, ITS) shall be adopted by the AMLA which need to be complied with.

For fintech companies, it is most crucial to understand whether they fall under the widened scope of the obliged entities. The application of AML/CTF requirements imposes notable changes to the internal processes, procedures and systems, and such changes need time. As the legal acts within the EU AML package have entered into force, the fintech companies should start familiarising themselves with the new requirements and set a solid timeline for becoming compliant.

The EU AML package will have a significant impact on the Estonian Money Laundering and Terrorist Financing Act (MLFTPA) and the guidelines of the competent authorities. This is mainly due to the directly applicable EU regulations and second level regulations to be adopted by the AMLA as a result of which the Estonian specific regulations will – to the large extent – be revoked (except for the AMLD which needs to be transposed to the local legislation).

It is still under discussion whether existing laws will be amended in accordance with the AMLD or will a new regulation be adopted. The bill for an amended or new regulation is expected to be published by the Ministry of Finance in Q1 2026.

The EU AML package will have a significant impact on the Latvian Law on Prevention of Money Laundering and Terrorism and Proliferation Financing (LPMLTPF) and the regulations issued by the supervisory authorities. This is mainly due to the directly applicable EU regulations and second level regulations to be adopted by the AMLA as a result of which the Latvian specific legislation will – to the large extent – be revoked (except for the matters set out in AMLD which needs to be transposed to the local legislation).

The legislator and the competent authorities have started the implementation processes, and the obliged entities (including fintech companies) should closely monitor the proposed amendments to the LPMLTPF and guidelines of the competent authorities.

The EU AML package will have a significant impact on the Law on the Prevention of Money Laundering and Terrorist Financing and the regulations issued by the supervisory authorities. This is mainly due to the directly applicable EU regulations and second level regulations to be adopted by the AMLA as a result of which the Latvian specific legislation will – to the large extent – be revoked (except for the matters set out in AMLD which needs to be transposed to the local legislation).

The legislator and the supervisory authorities will soon start with the implementation processes and the obliged entities (including fintech companies) should closely monitor the proposed amendments to the respective law and accompanying regulations and guidelines issued by the supervisory authorities. Up till now, the authorities have had few public discussions on the new legislation, however, various associations of market participants are becoming increasingly more active in aligning their questions and clarifications for the local and EU supervisory authorities.

MiCAR

29 Jun 2023

MiCAR entered into force

30 Jun 2024

Provisions of the MiCAR regarding the issuance and offering of ATRs and EMTs started to apply

30 Dec 2024

MiCAR became fully applicable, except for the companies operating under VASP license

31 Dec 2025

Companies operating under VASP license in Lithuania need to comply with MiCAR

30 Jun 2025

Companies operating under VASP license in Latvia need to comply with MiCAR

1 Jul 2026

Companies operating under VASP license in Estonia need to comply with MiCAR

MiCAR (Regulation 2023/1114/EU) is part of the EU digital finance package aiming to set standardised rules for the issuance of crypto-assets and provision of crypto-asset services.

MiCAR has become applicable step-by-step. From 30 June 2024, the provisions for the issuance of asset-referenced tokens (ART) and e-money tokens (EMT) started to apply. MiCAR became fully applicable throughout Europe from 30 December 2024, governing the issuing of other crypto-assets and licensing of crypto-asset service providers (CASP). However, the full applicability came with the concession that every EU member state had the opportunity to decide when the virtual asset service providers (VASP), currently operating based on the EU AML directive and/or relevant local law provisions, need to apply for CASP licensing in the respective EU member state. In that sense, the EU member states have taken very different approaches.

Estonia holds a backlog of being the “go-to” jurisdiction for companies wishing to operate on the crypto-asset sphere. Estonian was especially popular for obtaining VASP licenses (Estonia used to have more than 2000 VASPs) as well as the jurisdiction to go during the ICO boom. However, even prior to the adoption of the MiCAR, Estonia tightened the rules for the VASPs due to which the VASPs in Estonia were required to undergo re-licensing process. As a result of this, the number of VASPs dropped significantly to less than 50 VASPs in 2025. Similarly, when the ICOs were at their peak in the world during 2017-2018, Estonia was the jurisdiction companies often chose for conducting their ICOs. The lack of legislative prohibitions or straight-cut rules was intentional so as not to interfere with technological development. It was believed that Estonia was the pioneer for adopting requirements for crypto services, which added an additional layer of trust for the ICO investors.

In relation to the application of the MiCAR, Estonia introduced its Act for Markets in Crypto-Assets (AMCA) in June 2024. The regulation in the AMCA was to be expected for some time but did not introduce anything revolutionary. In relation to the AMCA, it has been welcoming for the Estonian VASPs that the Estonian regulator introduced maximum transition period allowing the VASPs in Estonia to operate under their current license until 1 July 2026. This has given the Estonian VASPs sufficient time to prepare for the licensing process under the MiCAR with due care. At the same time, it has been unfortunate that Estonia did not introduce a simplified transition for companies operating under the VASP license. As the VASPs in Estonia had been subject to more stringent requirements and had gone through the re-licensing process during the last few years, it was expected that there would be adapted rules for a simplified transition.

As part of the AMCA, there have been no other guidelines adopted in Estonia by the competent authorities. This is expected considering the amount and comprehensiveness of the secondary legislation on the EU level for the MiCAR. Some licensing forms (e.g. for the suitability assessments) have been put in place by the Estonian FSA for a long time ago and are also expanded to the CASPs. The Estonian FSA has held introductory webinars on how to prepare for licensing and published guidance on the application package on its website. Also, the Estonian FSA has seemed to put human resources to this specific matter in order to ensure efficient and timely application process.

The number of Estonian VASPs who will obtain the CASP license under the MiCAR in Estonia is still hard to predict. The companies are evaluating the pros and cons of different jurisdictions thoroughly and are not tied to the jurisdiction where they have specifically obtained their VASP license. It can be assumed that the first Estonian VASPs would receive their CASP license under MiCAR in Q1 of 2026 and this number will grow in time until the end of the grandfathering period (July 2026). However, the practice from the other member states where the grandfathering period has already lapsed (including Latvia and Lithuania) has shown that the number of existing VASPs applying for CASP license is limited. The same can be expected for Estonia and therefore the final number of Estonian VASPs who obtain the CASP license under the MiCAR in Estonia will stay relatively low. Such trend is mainly due to strict and comprehensive rules under the MiCAR which would require from small businesses high compliance shift. Also, the competition between member states for most friendly crypto jurisdiction seems to be still ongoing, and the winner is yet unknown. This will influence also the companies applying for the CASP license on a first-time basis.

Latvia is eager to establish itself as a key player in the cryptocurrency landscape, with both politicians and the supervisory authority actively encouraging CASPs to consider Latvia as their preferred jurisdiction for licensing, and they are backing their words with concrete actions:

Supervisory fees payable by CASPs are said to be the best in the Baltics. Although models for calculation of the supervisory fees applied by various countries differ significantly and hence are difficult to compare, Latvian politicians acted upon calls by the industry (its most influential representative being the Latvian Blockchain Association (LBAA)) and agreed on a supervisory fee model that has a competitive edge over the ones applicable in Estonia and Lithuania. The supervisory fee is set in Latvia at up to 0.6% of gross CAS-related income (to be determined annually by the Bank of Latvia), but no less than 3000 EUR. The licensing fee is set at 2500 EUR for the CASP license.

Innovation Centre and Regulatory Sandbox operated by the Bank of Latvia. The Latvian FSA, which for the CASPs will be the Bank of Latvia, has put in place various mechanisms to assist CASPs in entering the market. The regulatory sandbox can be used to test fintech ideas in real life. The innovation centre, on the other hand, offers practical help during the so-called pre-licensing stage via dedicated consultations by the employees of the Bank of Latvia. For additional information, check out fintechlatvia.eu.

Access to the Bank of Latvia retail payment system (EKS) and SEPA: in a groundbreaking step, the Bank of Latvia opened access to its retail payment system EKS and hence also to SEPA to licensed payment service providers and thus also to CASPs who provide payment services.

Payment of share capital in crypto and other developments. To popularise the usage of crypto, amendments to Latvian Commercial Law were adopted, making it possible to pay share capital of a company (any company, not just CASPs) by crypto. Discussions are also ongoing about the possible integration of CASPs providing crypto exchange services to the systems used for payment of taxes.

The right to keep client’s funds in an account in the Bank of Latvia. In addition to granting access to the payment systems, the Bank of Latvia also wanted to provide an option for CASPs to keep a client’s funds in an account in the Bank of Latvia. Hence, a respective provision is even envisaged in the Latvian Law on Crypto-Asset Services (the LCAS). This innovative idea was struck down by the ECB as incompatible with the core role of central banks. Accordingly, the Bank of Latvia will be following the ECB’s policy on access to central bank accounts of July 2024, whereby only the moneys necessary for payment execution (settlement) may be placed in such an account with the remainder thereof being transferred to a bank for safekeeping. To this end, the local AML guidelines have been further revised to allow banks to adopt a more cooperative stance towards those engaged in the crypto sphere.

No quotas for the licenses. Everyone that meets MiCAR requirements is welcome!

To supplement MiCAR, LCAS was adopted in the summer of 2024, with the ten brief articles thereunder focusing on establishing supervisory mandate of the Bank of Latvia and introducing the above-described competitive licensing and supervision fees.

Transition period applicable to the existing VASPs ended on 30 June 2025. In 2025, the Bank of Latvia issued two CASP licenses. During the same year, it received six CASP license applications, while 12 companies remained in the pre-licensing stage.

In recent years Lithuania has been a popular jurisdiction for virtual currency service providers to choose to register themselves. The Lithuanian government adopted a fintech friendly stance, and, prior to MiCA coming into force, had a relatively straightforward registration regime for virtual currency exchange operators and depositary virtual currency wallet operators. Lithuania has been proactive in aligning its legislation with MiCA, and the government’s regulatory approach has now shifted to ensure high compliance and prudential standards, with an emphasis on consumer protection, anti-money laundering/ counter-financing of terrorism (AML/CFT) and operational resilience. The stricter regime has led to market consolidation and the de-registration of a number of virtual currency service providers. At the same time, regulatory efforts are now focused on supporting well-prepared, compliant and financially sound providers in obtaining licences under MiCA and continuing to operate under the new framework, while ensuring that any wind-downs of virtual currency service providers that do not seek to obtain authorisation under MiCA are carried out in an orderly manner.

Alignment of MiCA with domestic/national legislation: On 11 July 2024, the Lithuanian parliament, the Seimas, approved the draft Law on Crypto-Asset Markets prepared by the Ministry of Finance, which establishes new requirements for the conduct of activities for CASPs. The Law on Crypto-Asset Markets entered into force on 25 July 2024. Furthermore, the Bank of Lithuania issued the licensing rules for CASPs which entered into force on 30 December 2024 and set out the procedure for submitting and examining applications for a CASP licence. The Commission for Coordinating the Protection of Objects of Importance to National Security assesses and approves certain shareholdings or voting rights in excess of 25% in CASP applicants. The Bank of Lithuania is the designated national competent authority responsible for licensing and supervising crypto asset market participants. In the supervision of crypto-asset market participants in the field of AML/CTF, the Bank of Lithuania closely cooperates and exchanges information with the FNTT.

In accordance with Article 143(3) of MiCA, Member States were able to adopt a transitional period and Lithuania initially opted for a Transition Period until 1 June 2025, but then on 8 May 2025, following industry feedback, extended it to 1 January 2026.

Authorisation Process: On 17 December 2024, the Bank of Lithuania adopted new Licensing Rules for CASPs, which cover the following information about the CASP authorisation procedure:

the documents to be submitted for a CASP licence application, including form, language and content requirements, as well as the standard forms of CASP licence application annexes that must be completed by an applicant for a CASP licence;

the procedure for submission and examination of a CASP licence application, including processing times;

how to modify or extend the scope of a CASP licence; and

which changes in submitted information have to be notified to the Bank of Lithuania.

Once clearance from the National Security Commission is obtained and the CASP licence application is prepared in accordance with requirements set out in the Licensing Rules for CASPs, the application can be submitted to the Bank of Lithuania. It is also important to note that, in addition to the documents and information specified in the Licensing Rules for CASPs, applicants must submit to the Bank of Lithuania the documentation and information required for:

a qualifying holdings assessment for any natural or legal persons who directly or indirectly – whether individually or acting in concert – hold 10% or more of the shares or voting rights (or who otherwise exert significant influence) in a Lithuanian entity applying for a CASP licence;

a fit and proper assessment for each individual proposed as a manager of the CASP.

The fee for the assessment of a CASP licence application is EUR 2,425.

The timeframe for the assessment of CASP’s authorisation application in Lithuania is the same as set forth in MiCA:

The Bank of Lithuania shall assess whether the application is complete and verify that all information specified in Article 62(2) of MiCA (as further detailed in the Licensing Rules for CASPs) has been provided within 25 working days from the date of receipt of the application. If the application is not complete, the Bank of Lithuania shall set a deadline by which the applicant must provide the missing information.

The Bank of Lithuania shall assess a CASP’s application and make a reasoned decision to grant or refuse a licence to the applicant within 40 working days from the date of receipt of the complete application.

During the assessment, but no later than the 20th day of the assessment period, the Bank of Lithuania may request any additional information necessary to complete the assessment. The assessment period is suspended from the day the Bank of Lithuania requests the missing information until the day responses are received from the applicant. The assessment period can be suspended for no more than 20 working days. In practice, an applicant for a CASP licence can expect that preparing a high‑quality application may take approximately 2-3 months under optimal circumstances, while the application assessment process at the Bank of Lithuania may take approximately 9‑12 months.

The transitional period during which virtual asset service providers were required to obtain authorisation in accordance with MiCAR ended in Lithuania on 31 December 2025. As of 1 January 2026, virtual asset service providers that do not hold a licence are no longer permitted to provide crypto-asset-related services.

As of the beginning of January 2026, 3 companies hold a licence issued by the Bank of Lithuania, granting them the right to provide crypto-asset services in Lithuania as well as in other EU Member States. Crypto-asset services may also be provided in Lithuania by crypto-asset service providers licensed in other EU Member States, provided that they have been duly notified to provide services in Lithuania.

EU AI Act

Aug 2024

EU AI Act entered into force

2 Feb 2025

Provisions of the EU AI Act banning AI systems with an unacceptable risk start to apply

2 Aug 2026

The remaining provisions of the EU AI Act start to apply (except for Article 6(1) regulating obligations related to high-risk AI systems)

2 Aug 2027

Provisions of the EU AI Act regarding the obligations related to high-risk AI systems start to apply

The rapid advancement of artificial intelligence in recent years has created new opportunities to improve service efficiency across various sectors, including finance. It is no surprise that financial institutions are increasingly exploring the adoption of AI systems as AI allows greater automation and a tailormade approach to service delivery processes. This is especially the case for fintech companies who generally aim to capture market share by challenging current financial service providers by offering easy, fast and convenient financial solutions. At the same time, it is important for fintech companies to lower their costs (e.g. costs of compliance, cost for human resources). AI will help fintech companies achieve both of these goals.

The use of artificial intelligence systems will be primarily regulated by the EU AI Act (Regulation 2024/1689/EU) that started to apply partially on 2 February 2025, with most obligations taking effect on 2 August 2026. Companies in the financial sector that rely on data-driven models and AI solutions or plan to start using them should prepare for these new regulatory requirements. Companies using high-risk AI systems (e.g. the use of AI for creditworthiness assessment and credit decisions or for risk assessment and pricing in life and health insurance) will need to perform risk assessments to check for potential biases, establish strong data management practices and keep records of how the AI processes use the data to make decisions. They must also provide clear explanations of how the AI model works and how it may impact individuals.

When using AI solutions, companies should also comply with other frameworks, like the GDPR if the AI solution in use processes personal data.

The use of AI solutions by the Estonian financial institutions is becoming more and more popular, especially among fintech companies providing financial services online. This trend was confirmed by a survey conducted by the Estonian FSA in March 2025 among supervised entities and published in late 2025. The survey specifically showed that AI is widely used by the financial institutions in Estonia, mainly in pilot or early implementation stages, with efficiency and decision-support identified as the main benefits.

Estonia has been relatively active in relation to boosting the use of AI-based applications both in the public and private sector. In 2019, the Estonian government introduced an expert report (the so-called Kratt report) on how to advance the use of AI in the public and private sector. After this, Estonia has also introduced National AI Strategies for 2019–2021, for 2022–2023 and currently for 2024–2026. The National AI Strategies also introduced legal initiatives for regulating AI in Estonia. In light of the EU AI Act, these initiatives were redirected towards solving specific problems that needed to be regulated and were able to be regulated independently from the EU regulations. According to the National AI Strategy for 2024–2026, the aim is to support the implementation of the EU AI Act within Estonia, including establishing a supervisory framework for developing and using AI. However, Estonia’s specific legal initiatives on AI as well as the National AI Strategy for 2024–2026 establishing the goals for implementing EU regulation put little to no attention to the use of AI specifically in the financial sector. To date, Estonian competent authorities have not issued sector-specific guidance on the use of AI in financial services and it is unlikely that such guidelines will be introduced in the near future. The EU AI Act establishes a binding framework that will apply fully as from 2026, with its most significant obligations for financial institutions taking effect at that stage.

The survey by the Estonian FSA indicated also that from a supervisory perspective the key areas of focus in relation to AI are data protection, governance, model reliability, cybersecurity, and ensuring meaningful human oversight, as AI increasingly influences institutions’ business models and risk profiles.

Fintech companies should therefore start reviewing what AI systems they already use and which AI systems they plan to implement before the EU AI Act becomes applicable. It is also important to assess which requirements of the EU AI Act will apply to those systems once the relevant obligations take effect and prepare an internal action plan for compliance. The action plan can be submitted to the competent authorities in the case of a respective inquiry.

Fintech companies should therefore start reviewing what AI systems they already use and which AI systems they plan to implement before the EU AI Act becomes applicable. Also, fintech companies should analyse the requirements from the EU AI Act applicable to the use of such AI systems and prepare the action plan for becoming compliant. The action plan can be submitted to the competent authorities in the case of a respective inquiry.

The use of AI in the financial sector has been increasing exponentially. According to a survey conducted by the Bank of Latvia in the first half of 2024, 34 Latvian financial market participants are already using AI solutions in their work. According to the survey, AI solutions are used in all financial market segments, although the most frequent users are deemed to be investment brokerage companies, insurance companies and investment management companies.

Up until the adoption and coming into force of the EU AI Act, the Bank of Latvia has exercised limited supervision on the application of AI by financial institutions, and it is expected that as the application of the EU AI Act approaches, the competent authorities will increase the level of supervision going onwards.

Lithuania, as an EU member state, is preparing for the implementation of the EU AI Act by adapting to new requirements and promoting responsible AI use across various sectors, including public administration, the economy and the financial sector. The Ministry of Economy and Innovation is leading the implementation of the EU AI Act in Lithuania, working closely with institutions such as Lithuania the Communications Regulatory Authority and the State Data Protection Inspectorate. National efforts include: a review of existing national laws (such as those related to data protection and consumer rights) to ensure alignment with the EU AI Act’s requirements, education and awareness initiatives and support for innovation.

In terms of areas where Lithuania could excel, the local fintech community increasingly views AI as a field with strong leadership potential. AI technologies are already being applied in Lithuania’s financial sector, particularly for enhancing risk assessment and fraud detection. For instance, financial institutions are using AI tools to ensure compliance with AML (anti-money laundering) and KYC (know-your-customer) requirements, thereby reducing administrative burdens and improving accuracy.

With the EU AI Act, fintech companies utilising artificial intelligence solutions will need to prepare for potential new regulations and compliance requirements specific to artificial intelligence.

Digital EURO

October 2021 to October 2023 – Investigation phase

November 2023 to October 2025 – Preparation phase

Since October 2025 – Phase focusing on technical readiness

2026 – Potential adoption of the digital euro rulebook

2029 – Potential first issuance of the digital euro

Due to the decrease of the usage of cash and the rise of electronic payments the ECB has been investigating the possibility of introducing a central bank digital currency (CBDC) – a digital version of the official currency. Digital euro would be central bank money in a digital form issued by the ECB, which would allow electronic payments in shops, both online and in person, as well as, person-to-person transfers. Digital euro would be issued and backed by the ECB and one digital euro would always equal one euro in coin. As such, digital euro would not qualify a crypto-asset. Moreover, there would be limits to the amounts of digital euro a person can hold in their wallet at any point of time. Such limitations are established to ensure that digital euro is used as a means of payment instead of as a deposit. Furthermore, such restrictions would ensure the financial stability of the Eurosystem. The ECB has emphasised that digital euro would not replace cash but would be an alternative to cash as well as bank transfer payments.

During the preparation phase, the first draft of the digital euro scheme rulebook was composed. The respective regulation will establish the rules, standards and procedures that the supervised financial institutions are required to follow when distributing the digital euro. Additionally, the ECB selected service providers for some of the digital euro components and related services. After the successful completion of the preparation phase in October 2025, the ECB decided to move on to the next phase which will focus on the technical readiness for the first issuance of the digital euro. The final decision on the issuance will be made by the ECB’s Governing Council only once the respective legislation is adopted. Assuming that the regulation on digital euro is adopted in 2026 and the testing and initial transactions could be performed in 2027 then the digital euro could be first issued to the public in 2029.

As the digital euro is still under development no steps have been currently taken. On 29th September 2025 Eesti Pank organised an international conference, where the importance of digital euro was discussed by various experts. More information on it can be found here.

As the digital euro, including respective legal framework, is still under development at the EU / ECB level, Latvian authorities currently have not engaged in individual action for the introduction of digital euro.

As the digital euro is still under development no steps have been currently taken.

Country-specific legal initiatives impacting the fintech sector

Country-specific legal initiatives add another layer of regulations that fintech sector companies need to be aware of in order to ensure compliance. In this section, we give an overview of the most important regulations in Estonia, Latvia and Lithuania together with the expected influence such regulations have on the fintech sector in each country during 2026. In addition, an overview is given of the measures supporting fintech companies when entering the market and for launching innovative solutions in each country and the latest supervisory developments.

Significant developments in supervision supporting Estonia’s position as the fintech hub

During 2025 the Estonian FSA introduced several new initiatives which will have positive impact on the regulatory environment of the financial sector, especially of the fintech market. As these developments are still ongoing it is expected to take a full effect during 2026 and the following years.

The Estonian FSA aims to reduce administrative burden in the financial sector. The Estonian FSA set a goal to revoke 10% of the legal requirements. For this, the Estonian FSA asked input from the market participants and experts within the Estonian FSA. The Estonian FSA received about 500 proposals of which 110 were submitted to the Estonian Ministry of Finance as these proposals require change in the legislation and about 130 proposals are going to be implemented by the Estonian FSA itself starting from 2026. Reducing administrative burden will have significant influence on the compliance costs of financial institutions, especially for fintech companies and contributes to the strategic positioning of Estonia as an innovation hub.

More on the results of the information gathering and the overview of the proposals may be found here.

The Estonian FSA is planning to introduce a new digital solution for licensing proceedings. The new digital solution should simplify the communication between the applicant and the Estonian FSA, including the submission of documents to the Estonian FSA. The other features of the new digital solution are yet unknown and the market is in a wait for the launch of the new solution.

The Estonian FSA has initiated round-table for innovation. In 2025 the Estonian FSA introduced an innovation round-table initiative which brings together experts from different market segments, legal advisors as well as the Estonian FSA itself. It is yet to be seen whether the initiative will have practical positive influence on the innovative in the financial sector.

In addition, from January 2026 the Estonian FSA has a new management board (news here). The new management board has strong private sector background both from market participants as well as from legal counselling. The market is watching closely the nature and scope of changes that the new management board will introduce to the supervisory practices.

Positive credit register

Discussions regarding establishing a positive credit registry in Estonia have been ongoing for years. A positive credit registry would enable credit decisions to be made based on more comprehensive publicly available data. This would also benefit fintech companies providing credit through online applications in making credit decisions with less time and less manual involvement.

In November 2024, the draft law was published by the Ministry of Finance and submitted to other ministries and market participants for them to provide feedback. In May 2025, the bill for the positive credit register was accepted to be processed by the Estonian Parliament. The draft law outlines the requirements on what kind of information shall be entered into the credit information register as well as the requirements for the legal entity operating register (the registrar). Obliged entities under the draft law are credit institutions, credit providers, credit agents acting on behalf of only one credit provider and savings and loan associations (credit information providers). Information shall be submitted to the registrar after the conclusion of the credit agreement, amendment of the credit agreement or in case of changes in the data, but not less than once a day.

The credit provider’s right to use credit databases to assess a consumer’s creditworthiness is also regulated by the CCD II. However, the CCD II does not establish the obligation to create such databases nor does it stipulate any substantive requirements. The explanatory memorandum explains that the draft law is to a certain extent related to the CCD II. However, it is currently unclear whether the CCD II would also require making changes to the draft law on the positive credit registry.

Pursuant to the draft law, provisions regarding the requirements to the registrar start applying in accordance with the general principles. The credit information register would begin operation on 1 October 2027, and from 1 June 2028, all credit information providers would be obliged to make a query to the register before granting credit.

The draft law is currently in the Estonian Parliament having passed the first reading. However, the biggest issue yet to be resolved is whether credit servicers and credit purchasers should also submit information to the credit information register. Whilst credit institutions welcome such information to be included in the credit information register, then credit servicers and credit purchasers have voiced their opposition to this proposal. As a result, there is currently no clarity on the pace at which the draft law will move forward.

FinTech Sector Development Strategy

At the end of 2025, the Cabinet of Ministers approved the FinTech sector development strategy for 2026–2027, prepared by the Ministry of Finance and the Bank of Latvia.

Overall targets to be achieved:

A 30% increase in the number of FinTech companies in Latvia.

Attraction of new FinTech investments amounting to a 15% increase.

An 18% increase in new FinTech-related jobs.

Latvia established as a competitive FinTech hub in the Baltic and Nordic region.

To implement this vision, Latvia will pursue measures across four strategic pillars:

Promotion of Latvia internationally.

Infrastructure and regulatory environment.

Access to capital.

Availability of talent.

Legal framework for special (small) bank licensing

In order to boost competitiveness in financial market, legislation allowing for the licensing of the so called special (small) bank was adopted at the end of 2025, providing for an option to establish a bank with a lovwer intial capitla threshold – EUR 1 million (for traditional banks initial capital threshold is EUR 5 million).

In order to benefit from the exemption from the EUR 5 million initial capital requirement a bank would need to comply with the following non-cumulative criteria: (a) have a limited range of customers established according to the territorial principle, the employment principle, or the principle of community of interests within the meaning of the Law on credit unions; (b) provide financial services exclusively in digital form; or (c) have a business model that envisages the provision of innovative services, which are new or significantly improved financial services in Latvia. No secondary legislation is envisaged in the draft law to further define these criteria.

There are no limits to the range of financial services that special bank is entitled to provide, including cross-borders in the EU (via freedom to provide services or freedom of establishment). Accordingly, special bank will be subject to all the same prudential and other requirements for a credit institution as other banks.

Direct access of PIs and EMIs to the Bank of Latvia retail payment system

In a much-anticipated move, as of November 2024, the Bank of Latvia allows non-bank payment service providers (licensed PIs and EMIs) to become direct participants of the Bank of Latvia retail payment system (EKS). Thus, licensed PIs and EMIs will no longer have to rely on services of commercial banks to execute their client’s payments – both instant payments and SEPA credit transfers. EKS also provides access to a clearing service for bulk payments and service called Proxy Registry, which links phone numbers to the IBAN and name of the payee.

In addition to granting access to the payment systems, the Bank of Latvia also wanted to provide an option for the non-bank payment service providers to keep client’s funds in an account in the Bank of Latvia. Unfortunately, this innovative idea was struck down by the ECB as incompatible with the core role of the central banks. Accordingly, the Bank of Latvia will be following the ECB’s policy on access to central bank accounts of July 2024, whereby only the moneys necessary for payment execution (settlement) may be placed in an account in the Bank of Latvia, with the remainder thereof being transferred to an account in a commercial bank for safekeeping.

Changes to supervisory regime of non-bank consumer lenders

Non-bank consumer lenders, who represent the proportionally largest segment of the FinTech market in Latvia, are currently supervised by the Consumer Rights Protection Center. The Ministry of Finance has proposed transferring the supervision of non-bank consumer lenders to the Bank of Latvia as of January 2027.

One of the most concerning aspects for the industry discussed in connection with the transfer of supervisory powers was the potential imposition of prudential requirements (such as capital adequacy and liquidity requirements) on non-bank consumer lenders. However, this initiative has been dismissed for the time being, as non-bank consumer lenders do not accept deposits and therefore do not pose the same prudential risks as credit institutions.

The necessary regulatory framework for the transfer of supervisory functions is planned to be developed by 30 April 2026.

Support measures

In Latvia, various support measures are available for fintech companies:

The Innovation Centre and Regulatory Sandbox operated by the Bank of Latvia. The Latvian FSA has put various mechanisms in place to assist fintech companies in entering the market. The regulatory sandbox can be used to test fintech ideas in real life. The innovation centre, on the other hand, offers practical help during the licensing stage via dedicated consultations by employees of the Bank of Latvia. For additional information, check out fintechlatvia.eu.

Altum’s support tools for start-ups. State development finance institution Altum provides both direct and indirect support for newly established companies/start-ups. As a direct support tool, Altum offers direct loans in amounts up to EUR 250,000. The loans are subject to Altum standard terms (10% downpayment, interest rate from 4.9%, term depending on purpose of loan, collateral). Certain industry exceptions may apply to determine eligibility for the loan, for example, companies operating as financial and insurance mediators. Altum co-financed venture capital investment funds (selected by Altum during a procurement process) with an investment strategy to invest in growth-stage companies, serving as an indirect support instrument.

The Latvian Investment and Development Agency offers grants for support for development of innovative entrepreneurship in SMEs in the amount of up to 300,000 with aid intensity of up to 45%. Grants can be used to cover the costs related to the remuneration of highly qualified employees. Support by means of applying tax reliefs, i.e., paying reduced payroll taxes, is also being offered.

The Latvian Investment and Development Agency furthermore offers non-financial support for pre-incubation – including consultations, training, and mentoring for the development of business ideas.

Support measures

The Bank of Lithuania has launched several successful fintech-focused initiatives that benefit both newcomers and established companies:

The Newcomer Programme is a comprehensive consultation service designed to assist financial market participants interested in applying for a license in Lithuania. The Bank of Lithuania’s Newcomer Programme helps potential financial market participants evaluate their opportunities in Lithuania and gives an insight on legislative and licensing requirements for businesses aiming to start their activities in the country. It is a one-stop shop for meetings and consultations with potential financial market participants, basic information about licensing and financial services opportunities in Lithuania, requesting meetings, consultations via email or phone on launching a business or a new product and checking whether your future plans are in line with legislative and licensing requirements.

CENTROlink is a 24/7/365 payment system operated by the Bank of Lithuania, providing technical access to the Single Euro Payments Area (SEPA) for payment service providers licensed in the European Economic Area (EEA), including electronic money and payment institutions. Through CENTROlink, participating payment service providers are able, under a “single access point” model, to offer their clients the full range of SEPA payment services, including SEPA Credit Transfers, SEPA Direct Debits and SEPA Instant Credit Transfers. The system is directly connected to the main European instant payment infrastructures, namely RT1 and the TARGET Instant Payment Settlement system.

The Regulatory Sandbox is a live testing environment that allows financial innovations to be tested under the supervision and guidance of the Bank of Lithuania. . Participation in the sandbox has many advantages, such as continuous consultation with the regulator, access to real consumers for testing new products and services, exemptions from certain regulatory requirements during participation (ie, no obligation to have a licence in hand) and, except when necessary, no enforcement measures under legal acts applicable either to the participant or its managers. Fintech companies may enter the regulatory sandbox if their financial innovation meets the following criteria: (1) it is new to Lithuania’s market; (2) if implemented, it would bring more convenient, safer and cheaper financial services or other identifiable benefits to consumers; (3) its testing in a live environment is objectively necessary and may contribute to the implementation of the said financial innovation; (4) the financial market participant has carried out an assessment of its adaptability, allocated sufficient resources, carried out a risk analysis; and (5) it will be further developed in Lithuania.

DAMAMA is a data maturity programme aimed at transforming how regulators collect data, enabling the extraction of granular data from supervised entities instead of relying on traditional reports.

Administrative Agreements with Financial Market Participants

The legal amendments that came into effect in November 2024 enabled the Bank of Lithuania and financial market participants to conclude the supervisory inspection processes by entering into administrative agreements (also known as peaceful settlement agreements) with the supervisory authority.

Administrative agreements allowed for quicker mutual conclusion of supervisory processes. A financial market participant potentially subject to an enforcement measure by the Bank of Lithuania has the right to propose an administrative agreement to settle the matter amicably. In total 20 proposal were provided from market participants in 2025, in 16 cases the process was initiated, in 3 cases the Bank of Lithuania refused to initiate the process, and in 1 case the settlement was not achieved and the process ceased.

This process offers certain benefits to both counterparties. First, if the sanction considered for an administrative agreement is a fine, the amount of the fine may be reduced by 20 to 40 percent. Secondly, market participant and the Bank of Lithuania can negotiate and find a mutual agreement on the scope and timeline for remediation of violations. Thirdly, the process is quite efficient and speedy. The agreement should be concluded in 2 months’ time after the Bank of Lithuania agrees to enter into the agreement process. On the other hand, neither the refusal from the Bank of Lithuania to enter into the agreement process, nor the concluded agreement itself can be appealed in court.

Reporting

From 1 January 2026, new reporting requirements will apply to certain types of financial market participants supervised by the Bank of Lithuania, including EMIs, PIs, CASPs, following the transition to a new national data collection system, REGATA. These newly adopted reporting obligations set out specific reporting requirements by entity type, for instance:

CASPs will be required to submit the following periodic reports to the Bank of Lithuania:

financial reports: balance sheet, income statement, off-balance sheet data, information on service and fee income, and statements on equity, receivables and liabilities;

capital adequacy reports: own funds and fixed overhead requirements; and

operational reports: client and portfolio information, covering crypto transactions, services provided, investments, and the marketing/distribution of crypto-assets and ARTs in other jurisdictions.

Pursuant to the updated reporting framework, EMIs and PIs will be subject to revised reporting requirements, which include the following changes:

elimination or consolidation of several report forms (e.g. on loans granted, staff count, account closures, safeguarding of funds, and professional indemnity insurance);

removal of provisions related to the complaints report, as a joint resolution covering complaint reporting for all financial market participants is expected shortly;

introduction of a new form on investment of client funds, anticipating future safeguarding requirements; and

expansion of the reporting triggers for service-related reports to include material changes in EMI or PI activities.

Crypto Asset Reporting Framework for Tax

As of 1 January 2026, amendments to the Law on Tax Administration and to the Code of Administrative Offences will enter into force that establish administrative liability for a CASP’s failure to provide certain information about reportable users of crypto‑assets, with fines ranging between EUR 1,800 to EUR 6,000 in cases of non-compliance. Pursuant to these amendments, CASPs will be required to collect and report to the State Tax Inspectorate (the STI) on an annual basis information relating to reportable users of crypto-assets, in accordance with the procedures and within the deadlines to be set by the STI.

Download as PDF

Ellex: trusted partner in FinTech, Digital Assets & IT law

As the digital revolution has been driving the traditional financial system, our mission at Ellex is to empower our clients to lead the fintech sector. Ellex is recognised as a Band 1 law firm in the Baltics by the Chambers and Partners FinTech Guide 2025. As our clients say, the team stands out as a premier option in the market, described as “one of the largest specialised fintech teams, having exceptional expertise and attention to details. Its fintech legal team has the full capacity and know-how to handle complicated legal issues.”

With a client-focused approach and unparalleled industry knowledge, we empower businesses at the forefront of innovation to thrive in an ever-evolving digital economy. Ellex stands out with its deep expertise and proven track record in navigating the complex legal landscape of fintech, digital assets and IT law.

FinTech

We advise financial service providers, including payment and e-money institutions, crowdfunding platforms, neo-banks and others providing financial services using innovative technological solutions.

We also help tech companies providing digital solutions to financial institutions to orientate in the regulatory regime. We offer strategic legal support to startups, scale-ups and established financial institutions through different regulatory proceedings (from licensing to supervisory proceedings) when launching innovative financial solutions.

Ellex.legal FinTech service

Blockchain & Digital Assets

Blockchain solutions and digital assets have allowed for emergence of new business models and have, through that, started transforming entire industries. Since the development of blockchain and digital assets, the understanding of financial services in traditional finance has changed significantly.

The present and future of the financial services is based on services provided on blockchain technology and in the form of digital assets. We offer strategic legal support for tokenisation projects, cryptocurrency businesses and decentralised finance (DeFi) initiatives.

Our experts advise on regulatory compliance, smart contracts, NFT frameworks and initial coin offerings (ICOs), ensuring your innovative ideas comply with legal requirements.

Ellex.legal Blockchain & Digital Assets service

Data Protection, Cybersecurity & IT Law

We help you at each stage of the data lifecycle. Primarily, we assist in assessing and mitigating data protection and security risks, and in meeting the legal requirements for data processing and risk management.

From drafting SaaS agreements to advising on GDPR compliance and managing data breaches, we ensure your digital operations are secure and compliant.

Ellex.legal Data Protection, Cybersecurity & IT Law service

Innovative legal solutions: we understand the unique challenges of disruptive technologies and provide proactive, practical advice to help you succeed.
Regulatory expertise: our deep knowledge of local and international legal frameworks ensures seamless cross-border operations.
Client-centred approach: we prioritise your goals, working as partners in innovation to align our legal strategies with your business vision.