Crypto asset platform licensing: the 2026 reforms explained

Australia is moving crypto asset platforms inside the existing financial services licensing system. In short: if your business holds or deals in crypto on behalf of customers, you will generally need an Australian Financial Services Licence (AFSL) from ASIC, and you must act before ASIC's transitional no-action position expires on 30 June 2026. Rather than create a standalone crypto licence, the Government has chosen to treat digital asset platforms as financial services providers under the Corporations Act.

This explainer sets out who is captured, what the new licensing categories are, the timing, and the practical steps platforms should take. It is a neutral reference, not advice — confirm your specific position against the primary sources cited.

What the 2026 reforms require

The reforms have two moving parts.

First, ASIC's interpretation of existing law: ASIC's updated Information Sheet 225, *Digital assets: financial products and services*, sets out when a digital asset or related service is already a financial product or financial service under the Corporations Act. On ASIC's current view, that can include stablecoins, wrapped tokens, tokenised securities and certain digital asset wallet and custody arrangements. Where a product is a financial product, dealing in it, advising on it, or providing custody generally requires an AFSL today — the reforms clarify and enforce this rather than invent it.

Second, the new statutory framework: the Corporations Amendment (Digital Assets Framework) Act creates two new categories of regulated platform and brings their operators squarely within the AFSL regime. The substance is that crypto platforms become subject to the same core obligations as brokers and fund managers — safeguarding client assets, clear and standardised disclosure, prohibitions on misleading conduct, and access to dispute resolution and compensation arrangements.

You can review the full obligation profile under crypto asset platform licensing and the related crypto asset secondary service provider licensing.

Who the new licensing applies to

The licensing net is drawn around businesses that hold or control crypto on behalf of customers, or otherwise deal in crypto that is a financial product. In practice this captures:

• Centralised crypto exchanges that take custody of customer assets;
• Custody and wallet providers that hold private keys or assets for clients;
• Brokers and intermediaries that buy, sell or arrange transactions in digital asset financial products;
• Operators issuing or facilitating tokenised real-world assets.

Some activity will fall outside the regime. The Government has signalled relief for smaller operators below certain customer-holding and transaction-volume thresholds, and purely non-custodial or genuinely peer-to-peer software may not be captured in the same way. The exact monetary thresholds and exemption conditions should be confirmed against the final legislation and ASIC guidance, as figures circulating in commentary are not all settled — verify the current figure with ASIC before relying on any exemption.

A useful working test: if customers must trust you to hold or move their assets, assume you are in scope until you have advice confirming otherwise. For the broader picture of how fintech, payments and crypto obligations interlock, see the fintech, payments and crypto topic hub.

The two new regulated platform categories

The framework introduces two defined platform types:

Operators of both must obtain an AFSL with the relevant authorisations. Bringing tokenised real-world assets into the same perimeter is significant: it signals that the regime is asset-agnostic and focused on the *function* of holding and dealing, not on the underlying technology.

Key dates and the 30 June 2026 cliff

The most pressing date is 30 June 2026. ASIC has granted a transitional no-action position that, broadly, allows in-scope providers to keep operating while they review the guidance and lodge a licence application — but only if they apply (for a new licence or a variation) by that date. ASIC's own notice, Deadline looms for digital asset businesses to apply for a licence, confirms this.

After 30 June 2026, a business that needed a licence or variation and did not apply risks operating in breach of financial services law. Unlicensed financial services conduct carries serious civil and criminal consequences under the Corporations Act, including substantial penalties — confirm the applicable maximums with ASIC, as they vary by offence.

Separately, the substantive Digital Assets Framework provisions are timed to commence later, with a transition runway before the new platform categories take full effect. Businesses that also operate market or clearing and settlement infrastructure have additional notification steps and should engage ASIC directly. Treat 30 June 2026 as the action-forcing date and the later commencement as the compliance horizon.

AUSTRAC AML/CTF runs in parallel

AFSL licensing does not replace anti-money-laundering obligations. Crypto businesses remain regulated by AUSTRAC, and the AML/CTF regime has itself been reformed.

Key points:

• Businesses providing virtual asset services must be registered with AUSTRAC and meet AML/CTF program, customer due diligence and reporting obligations.
• The 2024 AML/CTF amendments expanded the perimeter from the older "digital currency exchange" concept to a broader set of virtual asset services — including crypto-to-crypto exchange, value transfers and payment execution — with the expanded scope taking effect during 2026.

So a typical exchange will face two distinct regulators: ASIC for financial-services licensing and conduct, and AUSTRAC for AML/CTF. See the AML/CTF hub for the financial-crime obligations in more detail.

What platforms should do now

A pragmatic sequence:

1. Map your products and services against ASIC's INFO 225 to identify which involve financial products.
2. Form a licensing view — do you need a new AFSL, a variation to an existing licence, or can you rely on an authorised representative arrangement?
3. Lodge by 30 June 2026 if you need a new licence or variation, to preserve the benefit of the no-action position.
4. Build the AFSL substance: responsible managers, organisational competence, financial resources, custody and key-management controls, breach reporting, and a dispute-resolution pathway.
5. Confirm AUSTRAC registration and program are current under the expanded virtual-asset definitions.
6. Document your reasoning — keep a written record of why each product is or is not a financial product, since ASIC may test it.

Common pitfalls

• Assuming AUSTRAC registration is enough. It is not — AML/CTF compliance and AFS licensing are separate obligations.
• Treating "non-custodial" as a blanket exemption. Scope turns on the substance of what you do, not the label.
• Missing the application date. The no-action position protects those who *apply* by 30 June 2026, not those who merely intend to.
• Relying on unverified thresholds. Exemption figures quoted in media are not all settled; check the final instruments.
• Under-resourcing custody controls. Safeguarding client assets is central to the regime, and weak key management is a foreseeable enforcement focus.

The direction of travel is clear: Australia is regulating crypto platforms as financial services. The window to get licensing in train is narrow, and the most important step — lodging an application before 30 June 2026 — is also the most time-sensitive.