By CertiK service

For each security service, see which jurisdictions trigger it and how attractive each market is right now.

Smart Contract Audit

Jurisdictions triggering

Norms triggering

High-maturity markets

Top markets for Smart Contract Audit

Country	Region	Lead regulator	Maturity	Next deadline	Days	Score
BR — Brazil	LATAM	BCB	High	2026-10-30	155	82.9
DE — Germany	EU	Bundestag	High	—	—	63.4
HK — Hong Kong	APAC	SFC	High	—	—	63.4
GB — United Kingdom	EU	FCA	High	2027-10-25	515	63.2
SG — Singapore	APAC	MAS	High	—	—	60.6
FR — France	EU	Parlement	High	—	—	57.7
AE — United Arab Emirates	MENA	CBUAE	Medium	—	—	56.8
AR — Argentina	LATAM	BCRA	Medium	—	—	56.8
TR — Türkiye	MENA	null	Medium	—	—	56.8

Norms that trigger Smart Contract Audit

HK2023-05-23

Consultation Conclusions on the Proposed Regulatory Requirements for Virtual Asset Trading Platform Operators Licensed by the Securities and Futures Commission

This document proposes a comprehensive licensing and regulatory framework for centralized virtual asset trading platforms operating in or marketing to Hong Kong. It covers requirements for custody, AML/CFT, token admission, and introduces investor protection measures to allow access for retail investors.

HK2025-05-30

Stablecoins Ordinance, Cap. 656

This ordinance establishes a mandatory licensing regime for issuers of specified stablecoins in Hong Kong. It also regulates the offering, advertising, and fraudulent activities related to these assets.

AE2024-08-01

CBUAE Payment Token Services Regulation (PTSR) — Circular No. 2 of 2024 (effective Aug 2024) — stablecoin regime; distinguishes Dirham Payment Token (AED-backed, CBUAE-licensed issuer) from Foreign Payment Token (non-AED, CBUAE-registered issuer); licences issuance, custody/transfer, conversion; bans algorithmic stablecoins and privacy tokens as means of payment; 100% reserves; applies UAE-wide except DIFC/ADGM (but reaches VARA entities)

This regulation establishes a licensing and registration framework for payment token (stablecoin) services in the UAE. It covers issuance, custody, and conversion, distinguishing between AED-backed tokens (licensed) and foreign currency-backed tokens (registered).

SG1966

Insurance Act 1966

This act establishes the regulatory framework for the traditional insurance business in Singapore. It defines key terms and classifies insurance into life and general business, but does not address crypto-assets.

GB2017-07-19

UK Payment Services Regulations 2017 (PSRs) — payment services associated with e-money tokens

This regulation establishes an authorization regime for UK payment institutions. It sets out operational, safeguarding, and conduct of business requirements for payment services, which can include those related to e-money tokens.

GB2023-06-08

FCA FG23/3 — Finalised non-handbook guidance on cryptoasset financial promotions — practical application including store-of-value claims, rates of return, on/off-ramp

This guidance clarifies rules for communicating or approving financial promotions for qualifying cryptoassets in the UK. It focuses on ensuring promotions are fair, clear, and not misleading, covering various models like stablecoins and yield products.

AR2025-03-14

CNV General Resolution No. 1058/2025 — FULL PSAV REGULATION; imposes registration, cybersecurity, asset custody, AML, and risk-disclosure duties; requires ANNUAL SYSTEMS AUDIT; sets adequacy deadlines; CNV may suspend/revoke registrations; unregistered PSAVs may be judicially blocked

This regulation establishes a mandatory registration regime for Virtual Asset Service Providers (VASPs) in Argentina. It imposes comprehensive duties including AML, cybersecurity, asset segregation, and public proof-of-reserves.

DE2022-12-14

EU Digital Operational Resilience Act (DORA) 2022/2554 — ICT risk management, third-party governance and incident reporting for financial entities including CASPs

This regulation establishes a comprehensive framework for digital operational resilience in the EU financial sector. It sets harmonized rules for ICT risk management, incident reporting, resilience testing, and managing ICT third-party risk.

DE1896-08-18

BGB — Bürgerliches Gesetzbuch (German Civil Code) — general contract and consumer law applicable to CASP-customer relations

The German Civil Code (BGB) provides the general legal framework for contracts, obligations, and consumer protection. These principles apply to the contractual relationship between crypto-asset service providers and their customers.

DE2018-06-08

WpPG — Wertpapierprospektgesetz (German Securities Prospectus Act) — companion of EU Prospectus Regulation; applies to public offerings of security tokens

This act governs the requirement to prepare, have approved by the regulator, and publish a prospectus for public offerings of securities, including security tokens.

DE2024-12-27

FinmadiG — Finanzmarktdigitalisierungsgesetz (Financial Market Digitalization Act, 27/12/2024) — umbrella law implementing MiCA, TFR and DORA in Germany; Article 1 creates the KMAG; subsequent articles amend KWG, WpHG, WpIG, KAGB, HGB, GwG, ZAG

This is an umbrella law implementing the EU's MiCA, TFR, and DORA regulations in Germany. It creates the KMAG (Crypto Markets Supervision Act) and amends various existing financial laws.

DE2017-06-14

EU Prospectus Regulation 2017/1129 — public offerings and admissions to trading of securities (applies to security tokens)

This regulation harmonizes the rules for the prospectus to be drawn up, approved, and published when securities are offered to the public or admitted to trading on a regulated market in the EU.

BR2025-11-10

BCB Resolution No. 520 of 2025

This resolution establishes a licensing framework for Virtual Asset Service Providers (VASPs) in Brazil. It defines VASP categories, operational rules, governance, and asset segregation requirements.

BR2026-01-22

BCB Normative Instruction No. 701 of 2026 — technical-certification requirements by independent qualified firms for crypto-asset intermediation/custody licenses (anchors Res. 520 arts. 20 and 23)

This norm details the requirements for a mandatory technical certification by an independent firm. This certification is a prerequisite for entities seeking to provide crypto-asset intermediation and custody services in Brazil.

BR2025-11-10

BCB Resolution No. 521 of 2025

This regulation integrates Virtual Asset Service Providers (VASPs) into Brazil's foreign exchange market framework. It establishes rules and reporting requirements for international payments and transfers involving virtual assets.

BR2020-08-12

BCB Resolution No. 1, of August 12, 2020

This regulation establishes the Brazilian instant payment system, Pix. It defines the rules, participants, governance, and operational framework for 24/7 real-time fund transfers.

BR2003-12-29

CVM Instruction No. 400 of 2003

This regulation governs the process for public offerings of securities in Brazil's primary and secondary markets. It establishes the registration requirements with the CVM to ensure investor protection through disclosure.

BR2025-11-10

BCB Resolution No. 519 of 2025

This resolution establishes the authorization and licensing process for Virtual Asset Service Providers (VASPs) and other financial brokerage firms in Brazil.

BR1990-09-11

Brazilian Consumer Defense Code (Law 8,078/1990) — applies to PSAV/user relations as preserved by Decree 11,563

This is a general consumer protection law that applies to the relationship between Virtual Asset Service Providers (VASPs) and their users. It governs aspects like service liability, advertising, and unfair contract terms.

BR2022-12-31

BCB Resolution No. 277 of 2022 — FX market rules (amended by Res. 521 to include crypto operations)

This resolution regulates the Brazilian foreign exchange (FX) market. It was amended to include virtual asset services, establishing an authorization regime for VASPs to operate within the FX framework.

BR2021-04-08

BCB Resolution No. 85 of 2021 — cybersecurity policy for payment institutions (companion of CMN 4,893)

This resolution establishes a mandatory cybersecurity policy for payment institutions and other regulated entities, including virtual asset service providers from 2026. It details requirements for risk management, incident response, and contracting cloud services.

BR2021-08-20

BCB Resolution No. 130, of August 20, 2021

This resolution establishes rules for independent audit services for authorized institutions, including payment institutions. It covers auditor independence, mandatory replacement, and the creation of audit committees.

BR2021-02-26

CMN Resolution No. 4,893 of 2021 — cybersecurity policy and cloud-processing/storage requirements for BCB-regulated institutions; extended to SPSAVs by Res. 520

This resolution establishes a cybersecurity policy and requirements for contracting cloud computing services for financial institutions. It mandates risk management, incident response plans, and specific security controls.

FR2019-05-22

French PACTE Law n° 2019-486 of 22 May 2019 — created PSAN status (Prestataire de Services sur Actifs Numériques) and the definition of digital assets (actifs numériques = tokens + virtual currencies); pioneering, inspired MiCA

This law created the French legal framework for Digital Asset Service Providers (PSAN). It defines digital assets and establishes a dual regime of mandatory registration and optional licensing for various crypto-asset services.

TR2024-07-02

Law on Amendments to the Capital Markets Law (Law No. 7518)

This law establishes a comprehensive licensing and supervision framework for Crypto-Asset Service Providers (CASPs) in Türkiye. It empowers the Capital Markets Board to regulate their activities, with technical criteria for IT systems set by TÜBİTAK.