Crypto.com's newly announced Stored Value Facilities license from the Central Bank of the UAE is legally more significant than the headline may initially suggest. Public reporting around the development understandably focuses on the novelty of paying government fees with digital assets. The deeper point, however, is regulatory. The announcement shows, in concrete terms, that virtual-asset permissions and payments permissions are not interchangeable in the UAE. A firm may be licensed to operate a virtual-asset business in Dubai and still require a separate Central Bank permission before it can lawfully sit inside the State's payments infrastructure, let alone support government-service payments. ¹

That distinction matters because the UAE has not built a single monolithic 'crypto licence'. It has built a layered framework. Different regulators govern different legal functions, geographies, and risk categories. The result is not duplication for its own sake. It is a functional allocation of regulatory responsibility. If a business is touching payments, stored value, retail payment systems, digital money or payment tokenisation, the Central Bank's perimeter becomes central. If it is carrying on virtual-asset activities in or from Dubai outside the DIFC, VARA is central. If it is operating in ADGM or DIFC, the FSRA or DFSA, respectively, may instead be the relevant financial regulator. If the product is a capital markets or securities-style instrument within the wider UAE framework, the Capital Market Authority also comes into play. ²

What happened

According to Crypto.com, its UAE entity, Foris DAX Middle East FZE, has received a Stored Value Facilities licence from the Central Bank, making it the first virtual asset service provider in the UAE to do so. Crypto.com says this approval allows it to activate its partnership with Dubai's Department of Finance, enabling users to pay government fees with virtual assets, with all financial settlements occurring in UAE dirhams or in CBUAE-approved dirham-backed stablecoins through the Stored Value Facilities framework. The public record also shows that Dubai Finance had signed an MoU with Crypto.com in May 2025 to enable cryptocurrency payments for government service fees as part of the Dubai Cashless Strategy. ³

One should be careful not to overstate what is publicly known. The Central Bank has not, at least on publicly available materials identified at the time of writing, published a detailed license notice setting out the precise conditions, limitations, or technical structure of the Foris DAX licence. That means any legal analysis must be rooted in the published statutory and regulatory framework and in the public statements made by the relevant parties, rather than in any unpublished licence conditions. ⁴

Why this is more than a 'crypto company got another license' story

The real significance of the development is that it illustrates the boundary between virtual-asset regulation and payments regulation in the UAE. That boundary is now unusually explicit in federal law. Federal Decree-Law No. (6) of 2025 lists, as licensed financial activities subject to Central Bank licensing, not only currency exchange and money transfer services, but also 'providing payment services using Virtual Assets' and 'providing stored value services, retail payments and digital money services'. The same decree-law then goes further in Article 62 by stating that any person carrying on, offering, issuing or facilitating, directly or indirectly, any licensed financial activity remains within the Central Bank's jurisdiction regardless of the medium, technology or form employed, including payment tokens, DeFi, decentralized applications, protocols and technological infrastructure that facilitate or enable payments and other financial services. ⁵

The federal statute, therefore, does two things at once. First, it makes payments using virtual assets a Central Bank-regulated activity in principle. Second, it blocks the argument that the use of a token, protocol, Web3 interface, decentralized architecture or other technical wrapper somehow takes the activity outside the payments perimeter. The legislative message is substance over form. ⁶

The federal payments perimeter: why the Central Bank matters here

The Central Bank's role in this area is not confined to the new decree-law alone. The same decree-law also gives the Central Bank sole authority to issue regulations, rules and procedures relating to digital banking operations, digital money, payment tokenisation, stored value facilities, and retail and wholesale payment systems, including cross-border payment systems and related digital banking and financial services. That is an unusually direct allocation of competence. It tells the market, in plain terms, that payment rails and payment-adjacent digital value systems are a federal Central Bank subject matter, not merely a subset of general virtual-asset activity. ⁷

The Central Bank's broader payments architecture points in the same direction. On its payments and settlements pages, the CBUAE identifies Stored Value Facilities, Retail Payment Services and Card Schemes, Large Value Payment Systems and Retail Payment Systems as distinct regulatory building blocks, and explains that digital payment services include categories such as payment account issuance, payment instrument issuance, merchant acquiring, payment aggregation, domestic and cross-border fund transfer services, payment token services, payment initiation services and payment account information services. Its 2024 annual report also treats Stored Value Facilities licensees, Retail Payment Services providers and Payment Token Issuers as distinct licence types, and describes the Payment Token Services Regulation as establishing new standards for stablecoin oversight in the UAE, covering issuance, custody and transfer, and conversion. ⁸

This is why the Crypto.com development matters. It appears to show a virtual-asset firm not merely obtaining permission to deal in virtual assets, but crossing the bridge into the regulated payments domain. For a law firm audience, that is the point worth dwelling on. The payments layer is where federal monetary, settlement, safeguarding and consumer-protection concerns bite hardest. ⁹

Why a VARA license alone would not have been enough

VARA is a specialist virtual-assets regulator. It is responsible for regulating and overseeing the provision, use and exchange of virtual assets in and from the Emirate of Dubai, except within DIFC. Its framework includes activity-specific rulebooks for broker-dealer services, custody, exchange, lending and borrowing, payments and remittances, and virtual-asset management and investment services. That is a sophisticated and substantial regime. But it is still a virtual-assets regime, operating within Dubai's jurisdictional framework for virtual-asset activities. ¹⁰

That is not the same as holding the federal permissions required to operate a stored-value facility or to be part of the UAE's payments infrastructure. Put differently: a VARA license may authorize a firm to carry on specified virtual-asset activities in Dubai; it does not, without more, authorize the firm to provide federally regulated stored-value or payment services just because the underlying customer experience also involves virtual assets. Once the activity moves from virtual-asset dealing into the regulated business of enabling payments, settlement, stored value or digital money within the State's payments architecture, the Central Bank's permissions become decisive. ¹¹

This conclusion is strengthened, not weakened, by the Central Bank's own FAQ on the 2025 decree-law. The FAQ states that Article 62 does not create new categories of regulated activity, but confirms that Article 61 activities remain subject to Central Bank licensing and supervision when carried out 'by any technological means, technique, form, or model', directly or indirectly. It also clarifies that the criterion is the nature of the underlying financial activity. Most importantly, it says that pure technology service providers are not regulated merely in that capacity, but that a provider falls within the perimeter if it itself offers, issues, or facilitates a regulated financial activity, including by operating a payment service, wallet service, or stored-value facility on a professional basis. This is exactly why a general virtual-assets permission is not the end of the analysis. ¹²

Where do stablecoins and payment tokens fit?

Public materials suggest that the UAE is drawing a careful line between virtual assets used for investment and those used in payment contexts. Article 187 of the 2025 decree-law states that virtual assets are not 'Currency' for the purposes of the statute, but where virtual assets or digital currencies are used as a means or instrument of payment, or for exchange of virtual assets into currency, Central Bank regulations, standards, rules and guidelines may apply. The same article then says that virtual assets are not covered by the decree-law when used for investment purposes, for the exchange of one virtual asset for another, or for swap operations for trading purposes. In short, the law separates the payment use case from the investment and trading use case. ¹³

This separation matters enormously for stablecoins and dirham-pegged payment instruments. The Central Bank's 2024 annual report expressly describes the Payment Token Services Regulation as the UAE's stablecoin oversight framework for payment use. Even without the full text of every operative provision being readily searchable in public form, the regulatory direction is clear enough: the UAE wants payment-facing tokens, particularly fiat-referenced or dirham-linked instruments, to sit inside a monetary and payments framework governed by the Central Bank, rather than to float entirely within a general virtual-assets regime. ¹⁴

The UAE regulator map: who does what?

For international businesses, one of the most misunderstood aspects of the UAE market is that it has multiple serious regulators, each with a distinct regulatory perimeter. The Central Bank is the federal authority for banks, payments, stored value, digital money, payment tokenisation and other licensed financial activities under federal law, outside the financial free zones unless federal law specifically reaches into them. The Financial Services Regulatory Authority is the financial regulator of ADGM and has its own digital assets framework, including regulation of virtual assets, fiat-referenced tokens, digital securities and related financial services carried on in or from ADGM. The Dubai Financial Services Authority is the independent regulator of financial services in or from DIFC and has its own crypto-token regime, updated again in January 2026. VARA is Dubai's specialist virtual assets regulator outside DIFC. The Capital Market Authority, still widely associated with its former SCA identity, remains the national capital markets regulator for securities, market activities, investment funds, and related financial services within its own perimeter. ¹⁵

Seen properly, this is not regulatory chaos. It is regulatory segmentation. Geography matters. Product characterization matters. Functional role matters. If a token is being traded as an investment product, one regulator may matter most. If it is being used to move or store payment value in the UAE's payment system, another does. If the business is in ADGM or DIFC, the free-zone regulators have their own regimes. Serious market participants need to map all three questions at once: where the activity occurs, what it is in substance, and which legal system or regulator governs it there. ¹⁶

What this means for Crypto.com

On the public facts, Crypto.com appears to have assembled a licensing stack rather than a single permission. Its existing Dubai virtual-assets permissions enabled it to operate a regulated VASP business. The newly announced Stored Value Facilities licence appears to give it an additional foothold in the payments layer, which in turn unlocks a very different category of opportunity: regulated government payments, and potentially other payment integrations if further approvals are obtained. That is strategically significant. It suggests a move from virtual-asset trading and custody-type activity into payment-enablement infrastructure tied to real-economy use cases. ¹⁷

Equally important, the public framing of the initiative emphasizes that settlement will occur in AED or CBUAE-approved dirham-backed stablecoins through regulated infrastructure. That is telling. It suggests that the UAE is not opening the door to a free-for-all in volatile tokenized public service payments. Rather, it permits an interface in which the user may begin with virtual assets, while the actual payment-side architecture remains anchored in regulated dirham-denominated or dirham-linked settlement mechanics. Legally and policy-wise, that is a very different proposition from simply letting government agencies receive whatever token a user happens to hold. ¹⁸

What this says about the UAE market

The better way to understand the UAE is not to think of it as 'easy' on crypto. It is that it has become unusually good at licensing by function. The country has built one of the few truly multi-layered legal architectures in which crypto trading, custody, token issuance, payment-facing stablecoins, stored value, retail payments and free-zone financial services can each fall into a discernible regulatory home. That makes the market more legible for serious institutions, even if it also makes legal analysis more demanding. ¹⁹

For businesses and investors, the lesson is simple. A virtual-assets strategy in the UAE cannot stop at the question, 'Do we have a crypto licence?' The real question is, 'What exactly are we doing?' If the answer includes enabling payments, holding stored value, touching merchant acceptance, interfacing with government payment flows, or converting user-facing token activity into regulated payment execution, the Central Bank must be part of the analysis from the beginning. Crypto.com's SVF license is important precisely because it demonstrates that the market is now moving along that functional spectrum. ²⁰

Conclusion

Crypto.com's CBUAE Stored Value Facilities license is best understood not as a routine incremental approval, but as a public illustration of how the UAE's licensing architecture is meant to work. VARA and the other specialist regulators remain critical, but they do not collapse the federal payments perimeter. In the UAE, virtual-asset regulation and payments regulation can sit side by side, and firms that want to do both should expect to be licensed for both. That is not over-regulation. In a market trying to connect digital assets to real payment infrastructure at an institutional scale, it is exactly what a mature legal framework should look like. ²¹

-

This article is for general information only and does not constitute legal, regulatory, tax, financial or other professional advice. Readers should not act, or refrain from acting, based on this article without seeking advice from suitably qualified counsel on their specific circumstances.

Septten Advisors is a UAE-registered legal consultancy advising founders, investors, technology companies, financial services businesses and virtual asset market participants on legal, regulatory, transactional and strategic matters.

The content reflects our general views as at the date of publication and may not reflect later legal, regulatory or market developments. No advisor-client relationship is created by reading this article. To the fullest extent permitted by law, Septten Advisors accept no liability for any reliance placed on it.

Endnotes

1. Crypto.com, ‘Crypto.com Receives UAE Stored Value Facilities License to Enable Virtual Asset Payments for Government Services’, 11 May 2026; Crypto.com states that Foris DAX Middle East FZE received a CBUAE Stored Value Facilities licence and that this is the first such licence granted to a VASP in the UAE.

2. Federal Decree-Law No. (6) of 2025 Regarding the Central Bank, Regulation of Financial Institutions and Activities, and Insurance Business, Arts. 61, 62, 156 and 187; VARA, ‘Licensed Activities’; ADGM, ‘Financial Services Regulatory Authority’ and ‘Digital Assets’; DFSA, ‘About the DFSA’ and ‘Crypto Token Regulation’; Capital Market Authority website (formerly SCA branding on older/public data pages).

3. Crypto.com, ‘Crypto.com Receives UAE Stored Value Facilities License to Enable Virtual Asset Payments for Government Services’, 11 May 2026; Government of Dubai Media Office, ‘Dubai Finance signs MoU with Crypto.com’, 12 May 2025.

4. This observation is based on publicly available materials reviewed as at 15 May 2026, including the decree-law, CBUAE website materials, Dubai Government announcements, VARA materials and Crypto.com's own announcements. No detailed public CBUAE license notice setting out the Foris DAX Middle East FZE license conditions was identified in those materials.

5. Federal Decree-Law No. (6) of 2025 Regarding the Central Bank, Regulation of Financial Institutions and Activities, and Insurance Business, Art. 61(1)(e)-(h) and Art. 62.

6. Federal Decree-Law No. (6) of 2025 Regarding the Central Bank, Regulation of Financial Institutions and Activities, and Insurance Business, Art. 62; Central Bank of the UAE, 'FAQs regarding the Federal Decree-Law No. (6) of 2025', Q6.

7. Federal Decree-Law No. (6) of 2025 Regarding the Central Bank, Regulation of Financial Institutions and Activities, and Insurance Business, Art. 156.

8. Central Bank of the UAE, ‘Payments and Settlements Regulations and Standards’ page; Central Bank of the UAE Annual Report 2024, sections on licensing and Payment Token Services.

9. Federal Decree-Law No. (6) of 2025 Regarding the Central Bank, Regulation of Financial Institutions and Activities, and Insurance Business, Arts. 61, 62 and 156.

10. VARA, ‘Licensed Activities’; VARA, Virtual Assets and Related Activities Regulations 2023; VARA, ‘About VARA’.

11. Federal Decree-Law No. (6) of 2025 Regarding the Central Bank, Regulation of Financial Institutions and Activities, and Insurance Business, Arts. 61, 62 and 156; Central Bank of the UAE, ‘Payments and Settlements Regulations and Standards’ page.

12. Central Bank of the UAE, 'FAQs regarding the Federal Decree-Law No. (6) of 2025', Q6, including the clarification that technology service providers are not regulated merely in that capacity, but may fall into scope where they themselves operate, offer, issue or facilitate a regulated financial activity such as a payment service, wallet service or stored-value facility.

13. Federal Decree-Law No. (6) of 2025 Regarding the Central Bank, Regulation of Financial Institutions and Activities, and Insurance Business, Art. 187.

14. Central Bank of the UAE Annual Report 2024, section titled ‘Payment Token Services’; Central Bank of the UAE, ‘Payments and Settlements Regulations and Standards’ page.

15. Federal Decree-Law No. (6) of 2025, Art. 2 and Art. 156; ADGM, ‘Financial Services Regulatory Authority’ and ‘Digital Assets’; DFSA, ‘About the DFSA’ and ‘Crypto Token Regulation’; VARA, ‘Licensed Activities’; Capital Market Authority website and its licensed companies/public data pages.

16. Federal Decree-Law No. (6) of 2025, Art. 2; VARA, ‘Licensed Activities’; ADGM, 'ADGM's independent authorities' and 'Digital Assets'; DFSA, ‘About the DFSA’.

17. Crypto.com, ‘Crypto.com Granted Virtual Asset Service Provider License by Dubai’s Virtual Assets Regulatory Authority’, 13 November 2023; Crypto.com, ‘Crypto.com Receives UAE Stored Value Facilities License to Enable Virtual Asset Payments for Government Services’, 11 May 2026.

18. Crypto.com, ‘Crypto.com Receives UAE Stored Value Facilities License to Enable Virtual Asset Payments for Government Services’, 11 May 2026; Federal Decree-Law No. (6) of 2025, Art. 187.

19. Central Bank of the UAE, ‘Payments and Settlements Regulations and Standards’ page; Central Bank of the UAE Annual Report 2024; VARA, Virtual Assets and Related Activities Regulations 2023; ADGM, ‘Digital Assets’; DFSA, ‘Crypto Token Regulation’.

20. Federal Decree-Law No. (6) of 2025, Arts. 61, 62, 156 and 187; Central Bank of the UAE, 'FAQs regarding the Federal Decree-Law No. (6) of 2025', Q6.

21. Federal Decree-Law No. (6) of 2025, Arts. 61, 62 and 156; Crypto.com, ‘Crypto.com Receives UAE Stored Value Facilities License to Enable Virtual Asset Payments for Government Services’, 11 May 2026; Government of Dubai Media Office, ‘Dubai Finance signs MoU with Crypto.com’, 12 May 2025.