Changes to the DIFC Crypto Token Regulation from 12 January 2026

All persons (including “Authorised Firms” as defined by the DFSA Rulebook) carrying on specified activities (outlined below) in or from the DIFC in relation to Crypto Tokens (“Relevant Persons”).

As per GEN 3A.2.1, the regime covers:

• Carrying on a Financial Service relating to a Crypto Token (e.g., dealing, advising, managing, arranging).
• Making or approving a Financial Promotion relating to a Crypto Token.
• Offering Crypto Tokens to the public.
• Managing or promoting funds with exposure to Crypto Tokens.
• Dealing in derivatives or other instruments relating to Crypto Tokens.

The regime is implemented through binding amendments to the DFSA Rulebook (notably GEN, COB, CIR, FER, AMI, MKT, and GLO modules).

Under the old regime, only DFSA-recognised tokens could be used for regulated activities.

Under the new regime, for most Crypto Tokens (other than fiat-backed stablecoins), each firm must conduct and document its own suitability assessment before use.

As for Fiat Crypto Tokens (e.g., USDC, EURC, RLUSD), these remain subject to DFSA approval and are listed in the DFSA’s Policy Statement.

For non-fiat Crypto Tokens, Relevant Persons Persons must:

• Conduct a prior assessment of each Crypto Token before use.
• Conclude on reasonable grounds that the Crypto Token is suitable for your firm and the intended activity, having regard to the following mandatory criteria (GEN 3A.2.1(3)):
  • Token characteristics - Purpose, governance, founders.
  • Regulatory status elsewhere - Has it been assessed/approved by other regulators?
  • Market size, liquidity, trading history: - is there sufficient depth and price transparency?
  • Technology used - Network resilience, security, and incident response.
  • DFSA compliance - Does use of the token allow you to comply with all DFSA-administered laws and rules (e.g., AML, sanctions)?

As regards suitability, as per GEN 3A.2.1A, ongoing obligations for Relevant Persons include:

• Disclosing your "suitable token list" to clients and prospects, including token name, identifier, and underlying technology.
• Continuously monitoring and reviewing each token's suitability and ceasing activity immediately if a token is no longer suitable. Where immediate cessation is not possible, the firm must take reasonable steps to cease.
• Demonstrating your assessment to the DFSA on request.
• Submitting a monthly Crypto Token information return via the DFSA portal.

The DFSA will focus on the robustness of the assessments and controls of Relevant Persons, who must be able to demonstrate the grounds for each suitability decision, and failure to comply may result in enforcement action.

Fiat Crypto Tokens (e.g., USDC, EURC, RLUSD) remain DFSA-determined. Firms must check the DFSA's published list and policy statement for eligible stablecoins. Other stablecoins (including algorithmic or unapproved fiat-referencing tokens) are not permitted.

Privacy Tokens/Devices and Algorithmic Tokens remain prohibited (but this prohibition is now expanded to include Funds and Derivatives / Instruments as per GEN 3A.2.2).

GEN 3.A.2.1(4) provides that the prohibition in GEN 3A.2.1(1)(a) (carrying on a Financial Service relating to the Crypto Token) does not apply to an Authorised Person to the extent it Provides Custody of a Crypto Token. However, other restrictions, including the Privacy and Algorithmic Token restrictions above, still apply to such custodians.

The regime still applies to activities taking place “in or from” the DIFC. The same categories of “in-scope” activities, such as providing Financial Services, making Financial Promotions, making Offers to the Public, certain Fund-related activities, and dealing in derivatives or instruments linked to Crypto Tokens, remain subject to regulation. Crypto Tokens continue to be classified as Financial Products for the purposes of the DFSA’s conduct regime.

Authorised Firms are not permitted to provide services or conduct activities involving Utility Tokens or Non-Fungible Tokens (NFTs), except that licensed custodians may provide custody services for these tokens.

Representative Offices in the DIFC are still prohibited from marketing Crypto Tokens, investments relating to Crypto Tokens, or Financial Services relating to Crypto Tokens (or related investments).

Retail client protections remain unchanged, including appropriateness assessments, a ban on trading incentives, continued margin requirements for derivatives, and restrictions on using terms like “market”, “platform”, or “venue” without the appropriate licence.

• As pertains to funds, investment constraints are now determined by the firm's own suitability assessment, not DFSA thresholds. Fund documents and risk frameworks must be updated.
• This applies to direct holdings and indirect exposure (e.g., derivatives or index-tracking exposure that includes Crypto Tokens).
• Also, GEN 3A.2.1A Guidance indicates that if a token becomes unsuitable, fund managers should divest as soon as possible.

The January 2026 updates also cover other restrictions outlined in GEN 3A.2, including that:

• regulated and unregulated business are not to be carried on together (GEN 3A.2.4);
• Money Service Providers are restricted from carrying on crypto activities (GEN 3A.2.5); and
• an Authorised Firm may only refer a client to a provider of Crypto Token-related services if it has reasonable grounds to believe that the provider is either: (a) an Authorised Firm; or (b) a regulated financial institution outside the DIFC that is subject to requirements broadly equivalent to those imposed on Authorised Firms conducting Crypto Business in or from the DIFC (GEN 3A.2.6).