On 1 April 2026, Australia passed its first comprehensive law regulating digital asset platforms. The Corporations Amendment (Digital Assets Framework) Bill 2025 cleared both houses of Parliament, bringing crypto exchanges and custody providers into the Australian Financial Services Licence (AFSL) regime for the first time.
Of the roughly 400 crypto platforms registered in Australia, only about 10% are currently registered with ASIC. That gap is now a compliance problem.
If your business touches digital assets — or if you advise businesses that do — here is what you need to know. If you need legal advice specific to your situation, Envision Legal works with businesses across Sydney and Australia on financial services compliance and AFSL matters.
What Is Australia’s Digital Assets Framework?
The Bill amends the Corporations Act 2001 (Cth) to create two new categories of regulated financial product:
- Digital Asset Platforms (DAPs) — facilities where an operator holds digital tokens on behalf of clients. This captures most centralised exchanges, custodians, brokers, and some wallet providers where the operator has custody or control of user tokens.
- Tokenised Custody Platforms (TCPs) — facilities where an operator holds a real-world underlying asset on trust and issues a corresponding digital token. Think tokenised securities, tokenised property, or tokenised commodities.
Both are now classified as financial products. Operators must hold an AFSL from ASIC and comply with the same core obligations that apply to fund managers, brokers, and other financial services providers — including client asset safeguarding, standardised disclosure, prohibition on misleading conduct, and external dispute resolution.
Critically, the law targets the intermediaries in the middle — businesses that hold, manage, or control digital assets on behalf of customers. The underlying assets themselves (Bitcoin, Ethereum, and so on) are not directly regulated. The policy rationale is straightforward: custody creates fiduciary responsibilities, regardless of the technology. This approach was directly informed by the collapse of platforms like FTX and Celsius, which left Australian investors with significant losses.
Which Businesses Are Caught?
The scope of Australia’s new digital assets regulation is broader than many businesses expect. If your operations involve any of the following, assume you are within the regulatory perimeter:
- Operating a centralised exchange that holds customer tokens
- Providing custodial wallet services, including institutional custody
- Acting as a broker or intermediary that acquires and holds tokens on behalf of clients
- Issuing tokenised representations of real-world assets where you hold the underlying asset on trust
There are exemptions — a low value exemption and an incidental activity exemption — but their boundaries are untested. ASIC has broad powers to issue guidance and take enforcement action as the regime matures. The prudent approach is not to assume you are exempt without specific legal advice. A financial services lawyer can help you map your activities against the new categories before the compliance window closes.
DeFi protocols and software developers sit in a grey area. The Bill targets intermediary-operated facilities, so truly decentralised protocols — where no single operator holds custody — may fall outside the regime. But the drafting is broad enough that infrastructure providers and software applications used in DeFi could be caught depending on the degree of control they exercise over user assets.
The AFSL Compliance Timeline — Why the Window Is Tighter Than It Looks
This is where most businesses are miscalculating the urgency.
- Royal Assent — received on 8 April 2026.
- Commencement — substantive provisions commence 12 months after Royal Assent, currently expected around April 2027.
- Transition period — existing operators have a further 6 months from commencement to apply for an AFSL covering their DAP or TCP activities.
That is approximately 18 months before the compliance window closes. But here is the problem: ASIC’s standard processing time for new AFSL applications runs to six months or more. Applications involving novel business models — which most digital asset businesses do — take longer still.
If you wait until April 2027 to start your AFSL application, you will not be licensed in time. For businesses seeking an AFSL in Sydney or elsewhere in Australia, the time to engage a financial services lawyer is now — not when the deadline is approaching.
For new businesses that have not yet launched: the AFSL application timeline needs to be built into your go-to-market strategy from day one.
What Does AFSL Compliance Actually Require?
Holding an AFSL is not just a licence number. It comes with ongoing obligations that most digital asset businesses have not previously had to consider:
- Organisational competence — responsible managers must have appropriate qualifications and experience to oversee a financial services business.
- Financial resources — ASIC imposes minimum net tangible asset requirements. The specific amounts for DAP and TCP operators will be set in regulations, but expect them to be material.
- Client asset segregation — client assets must be held separately from the operator’s own assets. This is the core consumer protection the regime is designed to enforce.
- Disclosure obligations — product disclosure statements or equivalent documents tailored to the risks of digital asset products.
- External dispute resolution — membership of AFCA or an equivalent scheme.
- Compliance framework — documented compliance arrangements, a compliance plan, risk management systems, and record keeping to financial services standards.
For businesses that have operated with minimal regulatory overhead, this is a significant uplift. The cost of obtaining and maintaining an AFSL — legal fees, compliance staff, systems, and capital — is real and needs to be in your financial model.
Don’t Forget AUSTRAC
The Digital Assets Framework sits alongside, not instead of, Australia’s AML/CTF regime. AUSTRAC registration as a Digital Currency Exchange (DCE) provider remains a separate requirement under the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (Cth).
AUSTRAC has confirmed that AML/CTF obligations for newly regulated virtual asset services commence from 1 July 2026, with a registration deadline of 29 July 2026 for services that were previously unregulated.
That deadline is closer than the AFSL transition period. If your business provides virtual asset services that were not previously captured, the AUSTRAC clock is already running.
What This Means for Fundraising
For founders raising capital, regulatory clarity is net positive. Institutional investors and venture funds have been hesitant to deploy into Australian digital asset businesses precisely because of regulatory uncertainty. A clear licensing framework — even one with compliance costs — removes existential regulatory risk from the investment thesis.
Research from the Digital Finance Cooperative Research Centre estimates Australia could generate up to A$24 billion annually from tokenised markets and digital assets under a well-regulated framework.
The flip side: compliance costs are now a line item. Investors will want to see that you have budgeted for AFSL application costs, ongoing compliance, and capital reserves. A founder who understands the regulatory landscape and has planned for it signals maturity. One who has not signals risk.
Key Considerations for Your Business
If you operate in the digital assets space, these are the questions worth working through with a lawyer:
- Does your business model fall within the new categories? Understanding whether you operate a DAP, TCP, or whether any exemptions might apply is the starting point for everything else.
- What is your AFSL position? Whether you need a new licence, a variation to an existing one, or whether your structure falls outside the regime entirely — each scenario has different timing and cost implications.
- Is your compliance infrastructure ready? Responsible manager appointments, compliance plans, risk management systems, and client asset segregation arrangements all take time to design and implement.
- What is your AUSTRAC exposure? If you provide virtual asset services that were previously unregulated, the July 2026 registration deadline is the more immediate priority.
- Are you across ASIC’s guidance as it lands? Regulatory guides and information sheets will be issued as the April 2027 commencement date approaches and will provide critical operational detail.
These are not simple questions. The businesses that work through them early — with the right legal advice — will be better placed than those that leave it to the last minute.
Envision Legal advises businesses across Sydney and Australia on financial services compliance, AFSL applications, and digital assets regulation. Get in touch to discuss your position.
This article contains general information only and does not constitute legal advice. Envision Legal accepts no liability for any loss arising from reliance on this content. You should seek independent legal advice tailored to your specific circumstances. For enquiries, contact Envision Legal.