Home Normas Sectores ✦ AI Assessment Get a Quote →
HomeSectores → Crypto & Web3

Certification & Compliance for Cripto y Web3

BALTUM supports crypto exchanges, digital asset custodians, DeFi platforms, and Web3 companies in navigating the rapidly evolving regulatory landscape — from MiCA compliance and ISO 27001 certification to GDPR and DORA obligations.

MiCAISO 27001GDPRDORADigital assets

Regulatory Landscape for Digital Assets

El sector de activos digitales enfrenta un entorno regulatorio cada vez más complejo y obligatorio. El Reglamento de Mercados de Criptoactivos de la UE (MiCA), completamente aplicable desde diciembre de 2024, establece requisitos de licencias para los proveedores de servicios de criptoactivos (CASPs) en toda la UE, con obligaciones explícitas de ciberseguridad, resiliencia operativa y gobernanza que ISO 27001 e ISO 22301 abordan directamente.

MiCA Compliance — Key Requirements

  • Robust ICT risk management systems (directly satisfied by ISO 27001 ISMS)
  • Business continuity and disaster recovery plans (ISO 22301)
  • Operational incident reporting to competent authorities
  • Custody and safeguarding of client assets with documented controls
  • Anti-money laundering (AML) and KYC compliance integration

Certifications for Crypto & Web3 Organisations

  • ISO/IEC 27001 — Foundational information security management; required by MiCA and by institutional and B2B partners.
  • ISO 22301 — Business Continuity; required by MiCA Article 72 and addressed in DORA for CASPs qualifying as financial entities.
  • GDPR — All EU-operating CASPs processing personal data must comply; ISO 27701 provides the documented accountability framework.
  • SOC 2 — Required for US-listed token offerings, US institutional custody partnerships, and Nasdaq/NYSE-listed digital asset companies.

BALTUM MiCA Readiness Programme

BALTUM proporciona una evaluación de preparación MiCA estructurada que mapea sus controles actuales a los requisitos del Título IV y Título V de MiCA, identificando brechas y proporcionando una hoja de ruta de remediación priorizada alineada con el cronograma de solicitud de licencia CASP. ISO 27001 e ISO 22301 se integran como las bases de control técnico para el cumplimiento de MiCA.