VARA's Technology and Information Rulebook sets requirements including cold/hot wallet ratios, multi-signature key controls, key ceremony (formal multi-party procedure for creating cryptographic keys for cold wallets) documentation, cybersecurity controls, and business continuity planning. A third-party technology audit is mandatory before licence issuance.