Crypto License in Kazakhstan 2026

Launch a compliant crypto business through the AIFC. RUE structures AFSA-facing applications for exchanges, custody, OTC, and digital asset platforms in Kazakhstan.

Book Free Consultation

Regulator

AFSA

Timeframe

3-9 months

Cost

from USD 19k

Capital

case-by-case

Usually AIFC route; fees, capital and timing depend on activity scope and substance.

Why Kazakhstan for a Crypto License

A Kazakhstan crypto license in practice usually means an AIFC authorization supervised by AFSA, not a blanket permit for unrestricted crypto activity across the whole country. RUE helps founders map the correct regulatory perimeter, prepare the application pack, and build the compliance stack needed for licensing and banking.

Polina Merkulova

Polina Merkulova

Licensing Services Manager

[email protected]

As your point of contact, I help coordinate the licensing process end-to-end, keep communication clear, and move your application forward without unnecessary delays.

Regulated United Europe advises on the full Kazakhstan crypto license path through the AIFC: business model mapping, company formation, AFSA application drafting, AML/CFT framework, governance design, compliance staffing, and banking preparation.

We do not sell a generic “license package”. We build a regulator-ready file aligned with your actual model: exchange, custody, brokerage-style intermediation, OTC, tokenization, or a mixed structure requiring scoped legal analysis.

Contact me

🏛️

Clearer Legal Perimeter

The strongest route for a crypto company in Kazakhstan is usually inside the AIFC under AFSA supervision, with a more defined authorization framework than the general domestic regime.

🌍

Regional Market Position

Kazakhstan sits between Europe, the Caucasus, Central Asia, and parts of the CIS corridor, which is commercially relevant for exchanges, OTC desks, and cross-border fintech groups.

⚖️

AIFC Trust Layer

The AIFC Court and International Arbitration Centre add credibility for shareholder disputes, commercial contracts, and enforcement architecture valued by investors and counterparties.

🛡️

Compliance-First Setup

AFSA review is not only about incorporation. Governance, AML/KYC, sanctions controls, custody design, and operational readiness materially affect approval probability and banking outcomes.

Kazakhstan crypto license 2025

26,800 EUR

Package includes (8)

Preparation of necessary documents for registration of a new company in Kazakhstan 2026
Translation of a certificate of no criminal record through a sworn translator
Payment of state fees related to company registration
Payment of notary fees related to company registration
Preparation of compliance documents for MiCA application
Preparation of a business plan
Submission of the necessary documents to AFSA
Recruitment of local MLRO/Compliance officer

Timeframe: From 3 months

Requirements for Kazakhstan Crypto License

A crypto license in Kazakhstan is usually shorthand for obtaining authorization in the Astana International Financial Centre (AIFC) under the supervision of the Astana Financial Services Authority (AFSA). That distinction matters. Kazakhstan does not operate as a single nationwide free-for-all crypto licensing regime for every business model.

In practice, AFSA assesses five things at the same time: legal structure, people, financial resources, internal policies, and technology controls. Founders who treat the process as a company-registration exercise usually lose time in remediation rounds. Founders who prepare a real operating model, documented controls, and credible funding sources move faster.

Below are the core requirements typically relevant to an AIFC crypto license or adjacent digital asset authorization path in 2026. Exact expectations depend on whether you are applying for exchange-style activity, custody, brokerage/intermediation, OTC dealing, or a more novel model routed through a case-by-case analysis.

AIFC Entity Formation and Real Local Substance +

You normally need an AIFC-registered legal entity with a real registered address and operational substance proportionate to the business. A paper company with outsourced everything is weak both for AFSA review and for bankability.

Registered office in the AIFC ecosystem;
Transparent shareholding and ultimate beneficial owner (UBO) disclosure;
Corporate documents, constitutional documents, and group structure chart;
Evidence that key decisions, control functions, and records are properly maintained;
Substance appropriate to the model: exchange and custody businesses are expected to show more operational depth than a narrow B2B advisory or pilot model.

A practical nuance many competitors miss: local substance is not only a regulator issue. It directly affects bank account onboarding for crypto businesses, because banks test whether the company has real governance, accountable officers, and traceable operating flows.

Management, Controllers and Fit-and-Proper Review +

AFSA will review the competence, integrity, and time commitment of founders, directors, senior managers, and control-function holders. This is effectively a fit-and-proper assessment, even if founders use looser market language such as “Kazakhstan VASP license”.

Directors and senior managers should show relevant fintech, financial services, exchange, custody, payments, cybersecurity, or AML experience;
AML officer and compliance officer functions must be clearly allocated;
Conflicts of interest must be identified and managed;
Police clearance, CVs, references, diplomas, and regulatory questionnaires are commonly required;
AFSA will look at prior enforcement history, insolvencies, sanctions exposure, and unexplained gaps in professional record.

One role can sometimes cover multiple functions in a very small structure, but this should never be assumed. The regulator’s comfort depends on business complexity, transaction volumes, custody risk, and the independence of control functions.

AML/CFT, KYC, KYB and Sanctions Framework +

A serious Kazakhstan AML KYC crypto framework in 2026 goes far beyond a template onboarding policy. You need a documented control system aligned with the AIFC/AFSA perimeter and Kazakhstan AML/CFT obligations, including escalation and evidence trails.

Business-wide AML/CTF risk assessment;
Customer onboarding rules for KYC, KYB, beneficial ownership, source of funds, and where appropriate source of wealth;
Sanctions, PEP, and adverse media screening;
Blockchain analytics / KYT for wallet screening and transaction risk scoring;
Suspicious activity identification and reporting workflow;
Ongoing monitoring, periodic review, and recordkeeping;
Travel Rule readiness where the model and counterparties require it.

A modern stack often includes vendors such as Sumsub, Veriff, Trulioo, Chainalysis, TRM Labs, or Elliptic. AFSA does not license the vendor itself; it evaluates whether your controls are adequate, documented, and actually embedded into operations.

Business Plan, Financial Model and Capital Adequacy +

You should prepare a 3-year business plan with realistic assumptions, not a sales deck. AFSA and banking partners both test whether the business is economically coherent and sufficiently funded.

Description of services and target client segments;
Jurisdictional scope and prohibited geographies;
Revenue model, fee schedule, liquidity sources, and counterparties;
Projected P&L, cash flow, and balance sheet;
Capital and liquidity assumptions;
Stress scenarios such as low volumes, wallet compromise, banking delay, or vendor failure.

A practical prudential formula often used in preparation is: Required funding runway ≥ 6 × average monthly operating expenses. Monthly OPEX should include payroll, office, legal, audit, AML/KYT tooling, cloud/security, insurance, and contingency reserve. For higher-risk models, a 9-12 month runway is often more persuasive than the bare minimum.

Technology, Custody and Cybersecurity Controls +

Technology review is a decisive part of any crypto exchange license Kazakhstan or custody license Kazakhstan project. Generic statements like “we use secure wallets” are not enough.

Wallet architecture: hot / warm / cold segregation;
Key management: MPC, multisig, or HSM-based controls;
Role-based access control and privileged access logging;
Withdrawal approval matrix and transaction limits;
Incident response, breach escalation, and forensic preservation;
Business continuity and disaster recovery;
Vendor due diligence for custody, cloud, analytics, and payment partners;
Independent penetration testing and vulnerability management.

Useful benchmark standards include ISO/IEC 27001, SOC 2 Type II, and OWASP ASVS. These are not automatic legal substitutes, but they materially strengthen the credibility of your control environment.

Document Pack for AFSA Submission +

A complete application file usually includes far more than incorporation papers. The exact list depends on the activity scope, but a regulator-ready pack commonly contains:

Application forms and corporate documents;
Shareholder and UBO disclosure pack;
CVs and fit-and-proper questionnaires for key persons;
AML/CFT policy, onboarding manual, sanctions policy, and risk assessment;
Compliance monitoring plan and internal controls matrix;
Business plan and 3-year financial projections;
Technology architecture note and cybersecurity framework;
Custody and client asset safeguarding policy, if relevant;
Outsourcing register and vendor oversight policy;
Complaints handling, conflicts of interest, and market conduct controls;
Evidence of funding sources and initial capitalization.

At RUE, we align this document pack with adjacent workstreams such as preparation of compliance documents, legal services, and regulated accounting support so the file is consistent across regulator, bank, and auditor review.

Banking and Fiat Rails Readiness +

Banking is not legally guaranteed by the license, but it is commercially critical. A credible crypto business in Kazakhstan must prepare for bank and EMI due diligence in parallel with the AFSA process.

Expected transaction flows by corridor and counterparty type;
Source of funds and source of wealth evidence for founders and key investors;
AML/KYT vendor stack and alert handling workflow;
Proof of platform readiness or MVP;
Customer risk segmentation and excluded jurisdictions;
Fiat on-ramp/off-ramp design and settlement logic;
Policies for chargebacks, fraud, and suspicious withdrawals.

Many founders underestimate this point: a technically licensable model can still fail commercially if the banking narrative is weak. We therefore combine AFSA preparation with bank account opening support and, where needed, high-risk banking strategy.

Jurisdiction Comparison

Compare Kazakhstan with other jurisdictions by key conditions for obtaining and operating a MiCA/CASP license: regulator, review period, fees, capital, local substance, and passporting.

* This table focuses on MiCA/CASP authorization conditions. Use the settings icon to customize countries and parameters.

Taxation of Crypto Companies in Kazakhstan

Tax efficiency in Kazakhstan depends on legal perimeter, AIFC status, income type, and accounting segregation. The market slogan “0% tax” is incomplete and often misleading. A founder asking about crypto tax Kazakhstan should separate three layers: general Kazakhstan tax rules, AIFC tax incentives, and sector-specific charges such as digital mining burdens.

Outside a qualifying exemption, the standard benchmark for Kazakhstan corporate taxation remains a 20% corporate income tax. However, certain AIFC participants may access tax preferences for qualifying financial and ancillary services under the AIFC regime, often discussed in the market as exemptions available until 1 January 2066. That does not mean every revenue line of every crypto company is automatically taxed at 0%.

The real tax question is not “Is Kazakhstan tax-free?” but rather:

Is the entity an AIFC participant?
Does the income arise from a qualifying activity?
Is separate accounting maintained between exempt and non-exempt activities?
Are there payroll, social, property, VAT, withholding, or cross-border tax consequences?
Is the business actually a mining operation rather than an AIFC-regulated service provider?

For that reason, tax planning should be done together with licensing structuring, not after incorporation. RUE typically combines the licensing workstream with Kazakhstan crypto tax analysis and ongoing accounting support so the tax position matches the regulated activity and the operating model.

Corporate Income Tax

General benchmark outside exemptions

20%

The general Kazakhstan benchmark for corporate income tax is 20%. This is the default reference point for non-exempt income and for structures outside the scope of AIFC tax relief. If your Kazakhstan crypto license strategy relies on AIFC incentives, you must still test whether each revenue stream qualifies and whether separate accounting is maintained.

AIFC Tax Incentives

Potential exemptions for qualifying AIFC participants

0%*

Certain AIFC participants may benefit from tax incentives frequently cited as available until 2066. In practice, this is not a blanket promise of zero tax for every crypto activity. The treatment depends on participant status, legal basis of the activity, and whether the income falls within the scope of qualifying financial or ancillary services. *Always verify current eligibility and maintain separate accounting.

Value Added Tax (VAT)

Depends on service characterization

12% / exempt

Kazakhstan VAT treatment depends on how the service is legally characterized and where the supply is deemed to occur. The standard VAT benchmark in Kazakhstan is 12%, but some financial-service-like activities may be treated differently. Technology, consulting, SaaS, and support services connected to a crypto group may still generate VAT exposure even where core regulated activity is positioned as exempt or preferentially taxed.

Payroll and Social Charges

Not eliminated by AIFC status

variable

Even where an AIFC structure benefits from income tax preferences, payroll taxes, social contributions, pension-related charges, and employment compliance remain relevant. This is one of the main reasons why “0% tax” marketing is commercially dangerous. Your real first-year budget must include gross salary, employer burden, relocation costs, and local HR compliance.

Withholding and Cross-Border Tax

Depends on payment type and treaty position

case-by-case

Dividends, service fees, royalties, and intercompany payments can trigger cross-border tax analysis. The result depends on treaty access, beneficial ownership, transfer pricing, and the exact legal nature of the payment. Groups using Kazakhstan as one node in a wider crypto structure should review withholding and permanent establishment risks before launch.

Digital Mining Burdens

Separate track from AIFC service licensing

case-by-case

Digital mining in Kazakhstan is regulated separately from AIFC crypto service authorization. Mining economics can be affected by electricity pricing, sector-specific charges, grid policy, and sale obligations introduced in prior reform waves. These rules should be checked against the current 2026 position before any mining-related investment decision.

Annual Audit and Reporting Costs

Recurring compliance cost, not a tax

from USD 8k+

Annual audit is commonly expected for regulated structures and should be budgeted as a recurring mandatory cost. Depending on complexity, group reporting, and systems scope, annual audit and related reporting support often start from USD 8,000-15,000+ and can rise materially for exchange or custody businesses with high transaction volumes.

Compliance Tooling and Monitoring

Recurring operating cost often ignored in tax claims

from USD 1k+/mo

A realistic first-year cost model should include recurring spend on KYC/KYB, sanctions screening, blockchain analytics, case management, secure logging, and evidence retention. Even a lean setup often spends USD 1,000-5,000+ per month on compliance tooling before headcount, audit, and legal support are added.

Compliance and Ongoing Obligations

An AFSA authorization is the start of supervision, not the end of the project. A licensed crypto business in Kazakhstan must maintain governance, AML controls, reporting discipline, and technology resilience on a continuous basis.

📊

Reporting and Governance

Annual audited financial statements and regulator-facing reporting
Notification of material changes in ownership, management, or business model
Board and management minutes evidencing real oversight
Ongoing capital and liquidity monitoring against operating needs
Documented outsourcing oversight and vendor review

🛡️

AML, KYC and KYT Controls

Customer due diligence and beneficial ownership verification
Enhanced due diligence for high-risk clients and geographies
Sanctions, PEP, and adverse media screening
Blockchain analytics and wallet risk scoring
Suspicious activity escalation and reporting workflow

🔐

Technology and Safeguarding

Segregation of client assets and internal reconciliation controls
Access control, privileged logging, and incident response playbooks
Cold storage / hot wallet risk limits and key management governance
Business continuity and disaster recovery testing
Penetration testing, patching, and vendor security review

📋

Operational Maintenance

Periodic policy refresh and staff training
Recordkeeping and evidence retention under current rulebook requirements
Complaints handling and customer communication controls
Travel Rule readiness where relevant to transfer flows
Bank and EMI relationship maintenance through ongoing transparency

💡

RUE handles compliance for you. Our team provides ongoing compliance support, including AML officer services, regulatory reporting, and policy updates. We ensure your license stays in good standing year after year. Contact us for compliance support →

What “crypto license in Kazakhstan” means in 2026

What “crypto license in Kazakhstan” actually means in 2026

Short answer: in most commercial cases, a crypto license in Kazakhstan means an authorization path inside the AIFC under AFSA, not a universal nationwide permit for unrestricted crypto operations.

This distinction is the single most important legal point on the page. Kazakhstan’s broader legal framework on digital assets, including the Law “On Digital Assets in the Republic of Kazakhstan” No. 193-VII, does not create a simple one-size-fits-all retail phrase called “Kazakhstan VASP license”. The operational route for exchanges, custody providers, and similar regulated digital asset businesses is typically the AIFC special legal regime.

Outside the AIFC, the treatment of unsecured digital assets and related circulation remains restricted, and digital mining follows its own separate regulatory track. That is why founders should think in three buckets, not one:

AIFC-regulated crypto services;
general Kazakhstan restrictions on unsecured digital assets;
digital mining regulation.

RUE structures applications and legal opinions around that perimeter first. It prevents the most common market mistake: building a business plan around a generic “Kazakhstan crypto license” concept that does not match the actual regulator, legal basis, or tax treatment.

Discuss Your Business Model

Is crypto legal in Kazakhstan or only in the AIFC?

Is crypto legal in Kazakhstan or only in the AIFC?

The legally careful answer is: regulated crypto business models are primarily structured through the AIFC, while the circulation of unsecured digital assets outside that perimeter is restricted. That is more accurate than saying either “crypto is fully legal in Kazakhstan” or “crypto is banned”.

The 2023 reform wave around digital assets clarified the national legal framework, but it did not erase the importance of the AIFC exception. In practical licensing work, the AIFC remains the focal point for a compliant AFSA crypto license, especially for exchange, custody, and intermediation-style models.

A second nuance often omitted by competitors: legality is not binary. A project can be:

legally feasible in the AIFC;
restricted in the general domestic perimeter;
permitted only in a narrower pilot or controlled environment;
or outside the current perimeter and needing case-by-case analysis.

That is particularly relevant for staking, DeFi wrappers, tokenized claims, and payment-linked structures. If the product touches securities, derivatives, e-money, collective investment, or client asset custody, the legal mapping becomes more complex than a simple SEO label suggests.

Get Legal Perimeter Review

Who regulates crypto businesses in Kazakhstan?

AFSA is the key regulator for AIFC-based crypto service authorization. That is the answer founders usually need when asking who issues a Kazakhstan crypto license.

The Astana International Financial Centre (AIFC), launched in 2018, is a special jurisdiction with its own legal acts and institutional architecture. The Astana Financial Services Authority (AFSA), also established in 2018, supervises financial services and authorizations within that framework.

This should not be confused with the role of other Kazakhstan state bodies in broader digital asset policy, mining oversight, energy regulation, AML/CFT enforcement, taxation, or corporate matters. Those bodies matter, but they do not replace AFSA for the AIFC authorization route.

Why this matters in practice:

AFSA = licensing/supervision inside the AIFC;
AIFC legal acts = operational rulebook for authorization and conduct;
Kazakhstan national laws = background framework on digital assets, AML/CFT, tax, corporate, and mining issues;
banks/EMIs = separate gatekeepers for fiat operations.

Any article claiming that one ministry simply “issues all crypto licenses in Kazakhstan” is oversimplifying the system and is not reliable enough for a real filing strategy.

Primary sources:
Website: afsa.aifc.kz
AIFC: aifc.kz
AFSA public register: publicreg.myafsa.com

Business model to regulatory path in Kazakhstan

Business model	Likely route	Main regulator focus	Key issue in 2026
Crypto exchange / trading venue	AIFC / AFSA authorization path	Market conduct, custody, AML, technology resilience	Order handling, client asset segregation, fiat rails, surveillance
Custody provider	AIFC / AFSA authorization path	Safeguarding, wallet governance, key management	MPC/HSM design, recovery procedures, insurance and reconciliation
OTC desk / broker-style intermediation	AIFC route, scope depends on structure	Counterparty risk, AML, dealing logic	Principal vs agency model, pricing governance, sanctions exposure
Wallet / app with custody element	Case-by-case within AIFC perimeter	Whether client assets are actually controlled	Non-custodial marketing often mismatches real control architecture
Token issuance / tokenization	Needs legal mapping; may involve FinTech Lab or broader analysis	Instrument classification, disclosure, investor protection	Security-like features, redemption rights, secondary trading design
DeFi / staking wrapper	Gray area; case-by-case analysis required	Control, intermediation, custody, product characterization	“Decentralized” front-end often still has accountable operators
Digital mining	Separate Kazakhstan regulatory track	Energy, sector rules, sale obligations, tax	Not the same as an AIFC crypto services authorization

Exchange, brokerage, custody, wallet and OTC models

Exchange, brokerage, custody, wallet and OTC models

These models are not interchangeable, and AFSA will not treat them as one generic “virtual asset service provider Kazakhstan” activity.

Exchange / digital asset trading facility. This is the closest fit for what founders usually mean by crypto exchange license Kazakhstan. The regulator will focus on trading logic, client onboarding, custody arrangements, market abuse controls, order handling, and operational resilience. If fiat is involved, banking and payment infrastructure become central to the file.

Custody. Custody is not just wallet storage. It is about legal and technical control over client assets. AFSA will want to understand whether you hold keys directly, rely on third-party custodians, or use MPC/co-signing architecture. The strongest applications explain wallet segregation, withdrawal governance, reconciliation, and incident recovery in operational detail.

OTC / broker-style dealing. OTC desks often underestimate licensing complexity. The regulator will ask whether you act as principal or agent, how you price trades, who your liquidity providers are, and how you manage sanctions and source-of-funds risk on large tickets. A desk with institutional clients usually needs a more sophisticated onboarding and transaction-monitoring framework than a retail-only app.

Wallet services. The legal answer depends on whether the wallet is truly non-custodial or whether the operator retains practical control over transfer initiation, recovery, or key fragments. Many “non-custodial” marketing claims collapse under technical review once account recovery, omnibus settlement, or backend signing logic is examined.

A useful rule: if your operating model touches client assets, execution, intermediation, or price formation, assume a real regulatory mapping exercise is required before anyone can quote timeline or fees responsibly.

Map My License Scope

Token issuance, DeFi and staking require case-by-case analysis

Token issuance, DeFi and staking: where the gray areas begin

These models should never be sold as automatically covered by a simple Kazakhstan crypto license. In 2026, the decisive question is not the label but the legal and operational substance of the product.

Token issuance may raise questions about whether the token represents a utility, a claim, a security-like instrument, a payment instrument, or a hybrid structure.
DeFi projects often claim decentralization, but regulators examine who controls the front end, governance keys, treasury, upgrade rights, or fee extraction.
Staking can move from a technical service into a regulated intermediation or custody-adjacent product depending on pooling, reward allocation, slashing risk, and client disclosures.

The AIFC FinTech Lab may be relevant for certain innovative models, pilot structures, or controlled testing scenarios, but it is not a magic shortcut around legal classification. A credible filing strategy starts with product decomposition: who holds assets, who makes decisions, what rights the user receives, and where losses can occur.

RUE usually prepares a written legal mapping before any application work begins for these models. That saves months of avoidable re-drafting later.

Request Case-by-Case Analysis

Mining is not the same as a VASP license

Mining is not the same as a VASP license

Digital mining in Kazakhstan is a separate regulatory track and should not be confused with an AIFC authorization for exchange, custody, or brokerage-style activity.

This is one of the most persistent market errors. Mining is governed through a different policy logic involving infrastructure, electricity consumption, sector-specific obligations, and national legislation, including reform measures associated with Law No. 194-VII and related amendments. Those rules have historically included requirements affecting energy sourcing, pool participation, and sale mechanics, and they should be checked against the live 2026 position before launch.

By contrast, an AIFC crypto license is about regulated financial-service-like activity: onboarding clients, executing trades, holding assets, managing controls, and reporting to AFSA. A mining operator may need corporate, tax, energy, customs, and infrastructure planning without ever becoming the equivalent of an AIFC-regulated exchange or custodian.

Founders combining mining with treasury management, OTC disposal, tokenization, or hosted wallet features should split those functions legally. Mixing them in one narrative without perimeter analysis is a classic regulator and banking red flag.

Review Mining Structure

Regulatory framework and laws you should know

Regulatory framework and laws you must know before applying

The legal framework for a Kazakhstan crypto license is layered. You need to read the national laws together with the AIFC legal acts and AFSA authorization expectations.

The core sources typically include:

Constitutional Law on the AIFC — establishes the special legal regime and institutional architecture of the AIFC;
Law “On Digital Assets in the Republic of Kazakhstan” No. 193-VII — national framework for digital assets and related restrictions/definitions;
Law No. 191-IV on AML/CFT — baseline anti-money laundering and counter-terrorist financing obligations;
Tax Code of the Republic of Kazakhstan — general tax treatment and interaction with AIFC incentives;
AIFC / AFSA legal acts and rulebooks — the operational source for authorization, conduct, prudential expectations, and supervision.

The most practical source for founders is usually not the statute alone but the regulator-facing rulebook and public register. That is where you see how the legal theory is translated into real authorization categories, public permissions, and supervisory expectations.

A further trust layer that sophisticated investors notice is the dispute-resolution architecture: the AIFC Court and the International Arbitration Centre. This matters for shareholder agreements, custody contracts, technology outsourcing, and enforcement planning. Competitors mention it rarely, but in real transactions it can materially improve confidence in the jurisdiction.

Review Kazakhstan Regulation

Core legal sources for Kazakhstan crypto licensing

Act / source	What it regulates	Why it matters
Constitutional Law on the AIFC	AIFC legal regime, institutions, court and arbitration framework	Foundation of the special jurisdiction used for most licensable crypto service models
Law on Digital Assets No. 193-VII	National digital asset framework and restrictions	Defines the broader Kazakhstan perimeter and why AIFC exception matters
Law No. 191-IV on AML/CFT	AML/CFT obligations	Core basis for KYC, monitoring, suspicious activity controls, and sanctions governance
Tax Code of Kazakhstan	CIT, VAT, payroll and other tax rules	Determines whether AIFC incentives actually improve your effective tax position
AFSA legal acts / rulebooks	Authorization, supervision, conduct expectations	Primary operational source for application drafting and ongoing compliance
AFSA public register	Public record of authorized firms and permissions	Best way to verify whether a claimed license or activity is real

How to verify a licensed crypto company in Kazakhstan

The fastest verification tool is the AFSA public register. If a consultant, exchange, or seller claims to hold a Kazakhstan crypto license through the AIFC, you should check the entity in the AFSA public register before relying on the claim.

The register typically allows you to confirm core public data such as:

legal name of the entity;
registration status;
authorized or licensed activities;
registered address and corporate data;
in some cases, public information on officers or related filings.

This matters for due diligence, M&A, banking, and vendor onboarding. It also helps distinguish between a company that is merely incorporated in the AIFC and a company that is actually authorized for a regulated activity.

Public register: publicreg.myafsa.com

What banks and EMIs usually want to see

Transparent Ownership

Full UBO chain, shareholder passports, corporate documents, and clean source of funds narrative for founders and investors.

Real Business Model

A clear explanation of products, target clients, expected monthly volumes, corridors, counterparties, and whether the firm acts as principal or agent.

AML and KYT Stack

Documented KYC/KYB, sanctions screening, wallet screening, alert escalation, and evidence retention. Banks increasingly ask which vendors are used and why.

Platform Readiness

MVP, screenshots, transaction flow diagrams, custody logic, and proof that the operating model is not only theoretical.

Geographic Risk Controls

Restricted jurisdictions list, sanctions controls, and a credible explanation of how prohibited or high-risk markets are excluded.

Financial Credibility

Realistic projections, runway, capitalization evidence, and a coherent explanation of how the company survives delayed revenue or slower banking activation.

Common mistakes that delay or kill a Kazakhstan crypto license application

Common mistakes that delay or kill a Kazakhstan crypto license application

Most failed applications are not rejected because the jurisdiction is hostile; they fail because the file is internally inconsistent.

Wrong perimeter mapping: the business is described as “software only” while the actual model includes custody or execution.
Weak ownership disclosure: incomplete UBO chain, unclear investor funding, or unexplained nominee layers.
Template AML policy: generic text with no wallet screening, no sanctions logic, and no escalation workflow.
No real substance: virtual-office structure with no accountable local governance or control functions.
Unrealistic financials: aggressive revenue assumptions, no runway, and no budget for audit, tooling, or staffing.
Poor technology narrative: no wallet architecture, no key governance, no incident response, no vendor oversight.
Banking blind spot: founders assume licensing automatically solves fiat access.
No MVP or operating evidence: especially damaging for exchange and custody models.
Conflicted key persons: the same person is proposed for too many critical roles without credible independence.
Slow remediation: delayed or partial answers to regulator questions extend the process materially.

The most effective prevention tool is a pre-application readiness review. RUE typically runs a licensing gap analysis before incorporation is finalized, which reduces rework and improves bankability.

Order Readiness Assessment

Who should choose Kazakhstan — and who should not

Kazakhstan through the AIFC is usually a strong fit for founders who want a regulated regional hub with a real legal perimeter, but it is not the best answer for every crypto project.

Good fit:

exchange or OTC groups targeting Central Asia / Eurasia corridors;
custody or brokerage-style platforms willing to build real compliance infrastructure;
projects that value the AIFC Court and English common law elements;
teams able to show transparent funding, governance, and operational substance.

Poor fit:

founders seeking a no-substance “cheap license”;
projects dependent on anonymous flows or weak KYC;
teams that need guaranteed instant banking;
products whose core economics rely on unresolved DeFi or token-classification gray zones;
EU-first businesses that actually need MiCA market access rather than a Eurasian operating base.

If your commercial objective is access to the EU, a CASP license or MiCA license in Europe may be more suitable. If your objective is a compliant operational base for Kazakhstan and the wider region, the AIFC route deserves serious consideration.

Compare Jurisdictions with RUE

📝 Check Your Eligibility

Answer a few quick questions to find out if this jurisdiction suits your crypto business

Step 1 of 5

What type of crypto services will you provide?

Exchange (fiat ↔ crypto)

Custody & Wallet Services

Transfer & Payment Services

Advisory / Portfolio Management

Multiple / All of the Above

Step 2 of 5

What is your target market?

European Union only

EU + Global markets

Global (non-EU priority)

Step 3 of 5

Do you already have a registered company in the EU?

Yes, in this jurisdiction

Yes, in another EU country

No, I need to register one

Step 4 of 5

What is your available budget range?

Under €20,000

€20,000 – €50,000

€50,000 – €100,000

Over €100,000

Step 5 of 5

When do you plan to launch?

As soon as possible (1–3 months)

Within 6 months

Within a year

Just exploring options

✅

This Jurisdiction Is a Great Fit!

Based on your answers, this jurisdiction matches your business requirements well. Here's a quick summary:

Recommended License

CASP License

Estimated Budget

€24,000 – €35,000

Estimated Timeframe

4–6 months

EU Passporting

Available

📞 Get Personalized Assessment

Step-by-Step Licensing Process

Step 1

Scope Mapping

We define whether your model fits exchange, custody, OTC, brokerage-style activity, tokenization, or a mixed structure. This legal perimeter review is the most important first step. Typical duration: 1-3 weeks.

Step 2

Readiness Review

We assess ownership transparency, management suitability, compliance gaps, funding sources, technology stack, and bankability. Weaknesses are fixed before filing. Typical duration: 2-4 weeks.

Step 3

AIFC Company Setup

We incorporate the AIFC entity, prepare constitutional documents, structure shareholding, secure registered office arrangements, and align substance with the planned regulated activity. Typical duration: 1-4 weeks.

Step 4

Policy and Document Pack

We prepare the AFSA-facing file: business plan, financial projections, AML/CFT framework, sanctions controls, governance documents, technology notes, outsourcing and safeguarding policies. Typical duration: 4-10 weeks.

Step 5

Submission to AFSA

The application is submitted with supporting documents and disclosures for shareholders, directors, and controllers. At this stage, quality and consistency matter more than speed. Typical duration: 1-2 weeks.

Step 6

Review and Remediation

AFSA review is iterative. Expect follow-up questions, clarification requests, and remediation rounds on governance, AML, technology, or financial assumptions. Typical duration: 6-20+ weeks depending on complexity.

Step 7

Operational Activation

After authorization, we support banking/EMI onboarding, final staffing, audit preparation, compliance tooling deployment, and launch controls. Banking is parallel but not guaranteed. Typical duration: 2-8+ weeks.

Start Your Application

Frequently Asked Questions

Is crypto legal in Kazakhstan in 2026? +

Yes, but not as a single unrestricted nationwide regime. In practical licensing terms, most regulated crypto business models are structured through the AIFC under AFSA supervision. Outside that perimeter, the circulation of unsecured digital assets is restricted and must be assessed under the broader Kazakhstan legal framework.

This is why the correct question is not simply “Is crypto legal?” but which activity, where, and under which legal basis. Exchange, custody, OTC, token issuance, and mining do not sit in the same regulatory bucket.

Is a crypto business legal outside the AIFC? +

Usually not in the way most founders mean it. If you are asking about a regulated exchange, custody provider, or similar client-facing crypto service, the main compliant route is generally the AIFC authorization path. Outside the AIFC, the legal treatment is much narrower and more restrictive.

Mining, software development, analytics, and some technology support services may exist outside the AIFC under different rules, but they are not equivalent to holding an AIFC crypto license.

Who issues a crypto license in Kazakhstan? +

For the AIFC route, the key regulator is AFSA. The Astana Financial Services Authority supervises authorizations within the Astana International Financial Centre. This is the answer relevant to most founders searching for a Kazakhstan crypto license.

Other state bodies may be relevant for mining, taxation, AML enforcement, energy, or corporate matters, but they do not replace AFSA for the main AIFC authorization route.

How long does it take to get a crypto license in Kazakhstan? +

A realistic range is usually 3-9 months, and complex cases can take longer. Any fixed promise like “8 weeks guaranteed” should be treated cautiously.

1-3 weeks: business model and perimeter mapping;
2-4 weeks: readiness review and remediation planning;
1-4 weeks: AIFC incorporation and substance setup;
4-10 weeks: policy drafting and document pack preparation;
6-20+ weeks: AFSA review and clarification rounds;
2-8+ weeks: banking and operational activation after approval.

The main variables are application quality, novelty of the business model, responsiveness to regulator questions, and whether the team already has governance, funding, and technology documentation in place.

What are the minimum capital requirements? +

There is no single market-wide number that fits every Kazakhstan crypto license case. Capital expectations depend on the activity scope, risk profile, and operating model. Founders should be skeptical of articles quoting one universal minimum.

A practical planning formula is:

Required funding runway ≥ 6 × average monthly operating expenses

Where monthly OPEX includes payroll, office, audit, legal, AML/KYT tooling, IT/security, and contingency. For exchange and custody models, a stronger runway often improves both regulator comfort and banking outcomes.

Can foreign shareholders apply for an AIFC crypto license? +

Yes, foreign shareholders can generally participate, subject to full transparency and fit-and-proper review. The key issues are not nationality but disclosure, source of funds, sanctions screening, and governance credibility.

You should expect to provide:

full ownership chain and UBO disclosure;
corporate documents for holding entities;
source of funds evidence for injected capital;
identity and background documents for controllers;
explanations of the group structure and decision-making chain.

Complex offshore layering without a commercial rationale can create both regulator and bank concerns.

Is banking guaranteed after getting licensed? +

No, banking is not guaranteed. A license materially improves credibility, but banks and EMIs run their own risk assessments.

They usually review:

ownership transparency and source of funds;
target markets and sanctions exposure;
AML/KYT tooling and alert handling;
expected transaction flows and counterparties;
product design and actual platform readiness.

This is why RUE treats banking as a parallel workstream and not as an automatic by-product of licensing. See also our crypto business bank account support page.

What taxes apply to a crypto company in Kazakhstan? +

The default benchmark is not zero. Kazakhstan’s general corporate income tax benchmark is 20%, while certain AIFC participants may access tax incentives for qualifying activities. The actual outcome depends on legal status, income type, and separate accounting.

In addition to income tax analysis, you should review:

VAT characterization of services;
payroll and social charges;
withholding tax on cross-border payments;
audit and reporting costs;
mining-specific burdens where relevant.

For a deeper breakdown, founders should combine licensing work with Kazakhstan crypto tax planning.

Is mining covered by the same license? +

No. Digital mining is a separate regulatory and economic track and should not be confused with an AIFC crypto services authorization.

Mining issues usually involve energy, infrastructure, sector-specific obligations, and tax treatment. Exchange, custody, OTC, and wallet models involve a different regulator focus: client onboarding, safeguarding, AML, governance, and technology controls.

How can I verify whether a company is really licensed in Kazakhstan? +

Check the AFSA public register. That is the most reliable public verification tool for AIFC-authorized entities.

You should confirm:

the exact legal name;
current status;
authorized activities;
whether the company is merely incorporated or actually authorized.

Public register: publicreg.myafsa.com

What are the main reasons AFSA or banks push back on an application? +

The most common red flags are weak ownership disclosure, generic AML documents, no local substance, unrealistic financials, and poor technology governance.

Other frequent issues include:

mislabeling a custody or execution model as “software only”;
no credible source-of-funds evidence;
unclear sanctions controls or no blockchain analytics;
no MVP, no transaction flow diagrams, and no vendor oversight;
founders expecting the same person to cover all control functions;
slow or incomplete responses during the review phase.

These problems are usually preventable with a proper pre-application readiness review.

Regulated United Europe OÜ

Registration number: 14153440
Anno: 16.11.2016
Phone: +372 56 966 260
Email: [email protected]
Address: Laeva 2, Tallinn, 10111, Estonia

Company in Lithuania UAB

Registration number: 304377400
Anno: 30.08.2016
Phone: +370 6949 5456
Email: [email protected]
Address: Lvovo g. 25-702, Vilnius, 09320, Lithuania

Company in Czech Republic s.r.o.

Registration number: 08620563
Anno: 21.10.2019
Phone: +420 775 524 175
Email: [email protected]
Address: Na Perstyne 342/1, Prague

Company in Poland Sp. z o.o.

Registration number: 38421992700000
Anno: 28.08.2019
Email: [email protected]
Address: Twarda 18, Warsaw, 00-824, Poland

Please leave your request

The RUE team understands the importance of continuous assessment and professional advice from experienced legal experts, as the success and final outcome of your project and business largely depend on informed legal strategy and timely decisions. Please complete the contact form on our website, and we guarantee that a qualified specialist will provide you with professional feedback and initial guidance within 24 hours.

Main Services

Terms of Cooperation

Regulated United Europe