New laws and regulatory reforms

Crypto

In the Republic of Armenia, on 29 May 2025, the National Assembly adopted the Law of the Republic of Armenia “On Crypto-Assets”, marking the first comprehensive legal act specifically dedicated to the regulation of crypto-assets in Armenia. The Central Bank of Armenia (CBA), who ensures the finance stability in Armenia and is accountable for providing licenses and has supervisory obligations, establishes a specific procedure for obtaining a license, including the list of required documents, the minimum amount of charter capital, depending on the type of activity carried out. This Law regulates the procedure for the public offering and public purchase and sale of crypto-assets. It also defines the types of crypto-asset services, as well as the procedure for their provision and implementation. In addition, the Law establishes the competencies and duties of the Central Bank in the field of crypto-asset regulation and determines the liability for violations of the requirements set forth therein. While providing services, the crypto-asset service provider shall be obliged to act fairly and at a professional level, disclose to the client the risks related to crypto-asset transactions, maintain records on performed transactions, received and fulfilled orders. The Central Bank shall have the competence to apply the following sanctions: warning, fine (for legal persons in the amount of up to 15 per cent of the generated annual revenue or income, for natural persons in the amount of up to twenty-thousand-fold of the minimum salary), removal of executive officer from registration, revocation of a license, termination of authorization or registration in the cases provided for by this Law. 

Cybersecurity

The Constitution of the Republic of Armenia establishes the right to private life, protection of personal data, and secrecy of correspondence as fundamental rights. These principles are further developed in the Law of the Republic of Armenia "On Personal Data Protection" and the Law "On Cybersecurity", which entered into force on January 4, 2026. The Law applies to legal entities, individual entrepreneurs, state administration bodies, and local self-government bodies - in essence, to almost all those who work with information systems and online services. A cyber incident is considered serious if it threatens human life or health, endangers national security or the economy, or disrupts the functioning of critical infrastructure. Upon becoming aware of a cyber incident, a company is obliged to submit updated information to the Authorized Body within 72 hours. If the incident may have caused harm to individuals, the company must inform them immediately or, at the latest, within two days. Violation of the requirements of the Law entails administrative or criminal liability. It is necessary to emphasize that the adoption of the Law on Cybersecurity does not mean that all the problems in the sector have been completed: the law must be followed by about 30 sub-legislative legal acts. However, this is an important turning point in ensuring a safe and stable environment in vital sectors of Armenia: energy, manufacturing, transport, healthcare, and the financial system, by protecting their information systems and critical information infrastructures.