Co-Founder of LegalBison: “What's legal in one country can be a licensing violation in another

Viktor Juskin, Co-Founder of LegalBison, explains how crypto founders must navigate the complex 2026 regulatory landscape, from MiCA and DORA compliance to DAO liability and jurisdictional strategies across the EU, U.S., and UAE. Viktor Juskin is Co-Founder and Managing Partner of LegalBison, a global boutique legal and business services firm and licensed Corporate Service Provider specializing in corporate structuring for FinTech and digital asset projects.

LegalBison operates across 50+ jurisdictions with offices in Poland, Estonia, Bahrain, Costa Rica, Panama, and Malaysia, serving clients ranging from leading cryptocurrency exchanges to VC-backed payment platforms. In this interview, he addresses the operational realities of the post-transition 2026 regulatory framework: from DORA’s reach into IT infrastructure and the end of DAO immunity, to Travel Rule interoperability gaps and how founders should structure their jurisdictional strategy across the EU, U.S., and UAE.

What does “running a global crypto business” actually mean from a regulatory perspective? What surprises founders the most? It means every country where you have users, process transactions, or market your services is potentially a jurisdiction where you need authorization. Founders think globally about their product.

The app works everywhere, and the blockchain does not care about borders. Regulators, on the other hand, think locally. They care about whether their residents are being served, whether funds are being held, and whether marketing is being directed at their market. A single platform can trigger obligations in a dozen jurisdictions at the same time.

Each of these locations will have different requirements, timeframes, and enforcement deadlines. Which specific business activities most commonly trigger licensing requirements that founders do not anticipate? First, there is centralization. In the case of MICA licensing, it means the existence of any specific service provider who directly or indirectly controls the project.

The moment you hold a user’s private keys or maintain control over their assets, most jurisdictions classify you as a custodian/service provider, and that triggers licensing. Founders who think they are just building a cryptocurrency exchange are often building a regulated custodial service.

Second, fiat on-ramp and off-ramp activity. Converting between traditional currency and digital assets triggers payment regulations in almost every jurisdiction. Third, active marketing. Some countries distinguish between passively accepting clients who find you and actively soliciting clients in their territory.

If your activities fall under the second category, you may be required to register, even if your company is incorporated abroad. In many jurisdictions, there are strict rules on reverse solicitation, too. So, companies that hold a crypto exchange license cannot rely solely on ‘global reverse solicitation’.

How do you identify whether a particular service requires licensing in a given jurisdiction? You start with the business model instead of the jurisdiction. Map every activity your platform performs: is it centralized? Does it hold user funds? Does it execute trades on behalf of users?

Does it facilitate transfers between parties? Does it provide advice? Each of those activities, to name a few, has a regulatory classification that varies by country. At LegalBison, we usually run such an activity mapping against the regulatory frameworks of each of our clients’ target jurisdictions.