A Spotlight on Digital Asset Regulation in the European Union

This October 2022, the Council of the European Union and the European Parliament Committee on Economic and Monetary Affairs both gave preliminary approval to the European Union’s landmark legislation Markets in Crypto Assets Regulation (MiCA) after months of negotiation. First introduced to the European Commission in 2020, the bill is part of a larger “digital finance package” aimed at tackling the emerging decentralized finance (DeFi) sector. 

A draft of the allegedly final version text was leaked in September 2022 and has been interpreted by crypto news sources Coindesk, Blockworks, and Decrypt, as well as by legal experts and policymakers. 

This blog post collates their findings to reveal what’s next for the European Union in terms of crypto asset regulation with particular focus on what the leaked draft means for stablecoins, NFTs, DeFi, and DAOs.

We’ll also touch on some of the other legislative changes and policies on the EU agenda, including updates to AML/CFT laws and the pilot project for decentralized ledger technology in capital markets. 

The backstory: crypto-friendly national attitudes

As a region, Europe has garnered quite a crypto-friendly reputation thanks to various nations’ crypto tax policies, innovation plans, regulation-exempt environments for experimentation, legal recognition of digital assets, progressive legislative approaches, and in a few cases explicit packages to legitimize the industry. 

Among the most notable places are Switzerland, whose financial regulator FINMA became the first in the world to offer business accounts to crypto companies, along with Germany, Portugal, and Malta.

No mention of Europe’s crypto-friendly places would be complete without Zug, the city in Switzerland where the Polymesh Association is based alongside a cluster of other blockchain-based companies and foundations. Famously nicknamed the “crypto valley”, the city is a magnet for fintechs and blockchain companies with no capital gains tax on crypto and an acceptance of bitcoin and ether for municipal services and tax payments. 

This crypto-friendliness is echoed in the European Union (EU), which has garnered a fairly welcoming reputation towards the sector thanks to early moves to harmonize digital asset regulation across the bloc and the installation of exemptions providing for experimentation. One Brussels MP even made headlines for pledging to take his salary in bitcoin right on the heels of the crypto’s crash. 

The Main players: the European Union’s political institutions

The EU has a unique legal structure as a supranational organization that has to contend not only with finding consensus between its various political institutions, but also across the 27 member states who make up those institutions. 

The four key institutions are the European Parliament (EP), the European Commission (EC), the Council of the European Union (the “Council”), and the European Council (EUCO). The legislative process is a complex, multistage process that primarily involves three institutions:

• The EC, which proposes new laws
• The EP and the Council, both of which must pass those proposals 

Once passed, EU law becomes superior to national law, prohibiting member states from passing national laws and/or overriding existing national laws that contradict it.

Sticking points for harmonization concerning crypto assets

When it comes to crypto issues, the EU’s legislative bodies have not always been aligned. For MiCA, key areas of disagreement between member states and the EP have included:

• The possible inclusion of non-fungible tokens
• Regulation of significant stablecoins
• Supervision of crypto-asset service providers
• The inclusion of anti-money laundering clauses 
• Limiting the environmental impact of consensus mechanisms

This last point would have seen crypto companies required to disclose information on their environmental and climate footprint, as well as the eventual introduction of mandatory minimum sustainability standards for consensus mechanisms. However, no agreement on the matter could be reached, so it’s been scrapped in the final draft. 

There’s also been disagreement between the Council and EP over which financial regulator would take jurisdiction over supervising crypto companies. Initially the Council was adamant that the crypto watchdog should be the European Banking Authority (EBA), but it looks like the EP won that fight as the European Securities and Markets Authority (ESMA) was named the “crypto-sheriff in town” by the latest EU agreement. 

ESMA: The “crypto-sheriff in town”

With MiCA designating ESMA the new “crypto-sheriff in town”, ESMA will begin policing the biggest players in the crypto market with the power to fine non-compliant companies and prohibit or restrict crypto asset services, as well as the distribution or sale of crypto assets. ESMA will also oversee a neighborhood watch of national authorities to ensure further compliance with the EU’s new transparency measures and investor safeguards.

Attributing the sheriff’s badge to ESMA is the EU’s recognition that the general job of policing digital assets most resembles the tasks fulfilled by securities markets supervisors, who watch over speculative assets like stocks and bonds. 

It looks like this agreement was not reached without compromise, though, as MiCA will position the EBA– whose remit is to keep payments secure across the bloc– as a dual watchdog for crypto assets used as alternatives to conventional cash (such as stablecoins).  

MiCA: Markets in Crypto Assets  

In July 2022, the Council and EP reached provisional agreement on the proposed Markets in Crypto Asset (MiCA) legislation, which covers issuers of non-security crypto assets, stablecoins, and the trading venues and wallets where these assets are held.

MiCA is part of a larger “Digital Finance Package” proposed by the Commission in 2020 that also contained a digital finance strategy, a digital operations act, and a proposal on market infrastructures for distributed ledger technology (DLT) Pilot Regime. The package aims to identify a digital finance strategy to protect the EU’s consumers and economy from the risks of crypto assets while ensuring the EU embraces innovation in the financial sector from applying new technologies. 

MiCA was adopted for negotiation by the Council in 2021, with agreement on the final text reached this October 5, 2022. From there it was sent to the European Parliament to be enacted should the EP adopt its position at first reading in the same wording (the EP’s Committee on Economic and Monetary Affairs approved the text on October 10th in a vote of 28 to 1, with the full EP vote expected soon).  

The bill aims to create a consistent regulatory framework for crypto assets among EU member states and is a major step towards establishing rules for how digital asset companies should operate in the bloc. But given the EU’s power and position in international politics, it’s likely to have a much more far-reaching effect. Binance CEO Changpeng Zhao has said that when adopted the regulation “will become a global regulatory standard copied around the world”. 

Digital asset companies will require licensing and ‘passports’ 

MiCA’s main impact will be in bringing crypto assets, their issuers, and crypto asset service providers (CASPs) under an EU-wide regulatory framework for investor protection, market integrity, and financial stability. 

The largest change will occur in the registration and authorization process for CASPs. Under MiCA, crypto asset companies will require a license and customer safeguards to issue and sell digital tokens in the EU. They will also be liable for losing crypto assets from investors’ digital wallets. 

Once approved as a legal entity by one member state, CASPs will gain a pan-EU “passport” enabling them to serve clients across the whole 27-country bloc from one single base. Many companies will be required to submit a whitepaper before they can provide services in Europe, although this requirement may be exempt for small to medium businesses. 

While obtaining the official license will be tough, the “single market” the passport system creates will benefit crypto asset companies by removing the hassle of having to apply and comply with each regime individually, ultimately making it easier to grow and scale.

The responsibility for licensing crypto firms will fall on national regulators, who will be required to inform ESMA about any large operators they have authorized. 

Expected to come into force in early 2024

Even if the EP overwhelmingly approves the latest version of MiCA’s text, MiCA will only be fully implemented 18 months after its initial publication in the EU’s official journal– leaving a void in the legal framework until early 2024 or later. 

Currently, the only EU-wide requirement is that digital asset companies must show controls for anti-money laundering (AML). Crypto firms compliant with these AML controls will be given 18 months once MiCA comes into effect to obtain new licenses without disruption to service. 

Until then, member states will need to enforce their national legislation for crypto assets (if they have any) or leave crypto assets for the large part momentarily unregulated. For CASPS, the delay in implementation means that they can only operate within the countries where legally permitted by national regulators.

This implementation gap is prompting fears in the EU that national regulators might attempt to patch things up by enacting new laws affecting future harmonization. For example, the European Central Bank (ECB) has expressed concern about countries providing crypto-related licenses to traditional banks before a pan-European wide framework on the provision of licenses comes into play, an understandable concern given MiCA’s proposed “passport” system.

As national regulators contemplate leaving the sector unregulated or ushering in new legislation, crypto companies in the eurozone are expected to experience further temporary uncertainty. At least EU policymakers recognize this and are expected to work on harmonizing policies where they can until MiCA officially enters into force. There’s also leeway in the fine print, as member states have the option to propose amendments to the text or introduce new provisions to address the implementation gap. 

In fact, ECB president Christine Lagarde has already called for version two of MiCA, with particular emphasis on the need for legislation to cover new areas like crypto lending. While the ECB isn’t part of MiCA negotiations, its vocality on the matter does echo that policymakers aren’t fully content with MiCA and that the EU’s crypto framework is bound to experience fluctuations in the future. The crypto industry is likely to agree on this need for refinement  (although it may not agree with what’s in the final text). 

Divided opinions in the crypto industry 

Opinion on whether the single set of rules proposed by MiCA will be beneficial is divided. Coinbase states that the legal certainty is exciting and that harmonized regulation will enable the exchange to invest, accelerate, and scale their growth efforts across the entire bloc. But developers and other industry players critique it as a potential innovation killer, fearing that rules are being imposed too preemptively by conservative and risk-averse lawmakers who have minimal understanding of the space. 

The Blockchain for Europe lobby group– which includes major exchanges Binance and Crypto.com– shares the enthusiasm about legal certainty but fears that stablecoins have no way to become profitable, in part due to the new law that holders will be offered a claim at any time and free of charge by the issuer. 

Meanwhile, financial markets industry body AFME says clarity is needed on whether crypto asset custodians will be off the hook for events out of their control such as a nation state hack. It’s also not clear what the rules will be for NFTs or the wider Web3.

Special focus: stablecoins

Initially excluded when MiCA was first introduced in 2020, stablecoins have a special focus in the finalized draft. This includes a specific exemption from the standard 18 month implementation rule, with stablecoin regulation to apply 12 months from when the law enters into force. 

MiCA’s heavy focus on regulating (algorithmic) stablecoins is partly in response to recent events such as the collapse of Terra which prove the risks stablecoins pose to the stability of the EU’s economic system. 

Stability risks are exacerbated when stablecoins are algorithmic (stablecoins whose value is supported by another crypto asset designed to maintain a stable price). This is because algorithmic stablecoins rely on two types of tokens– meaning a crash will affect the financial stability not only of the stablecoin but also other crypto assets.

Issuers of stablecoins (also referred to as “asset-referenced tokens” or “e-money tokens”) will be obliged to comply with strict requirements around funds, limitations to provide interest, and in some cases additional rules on reserve operations to provide for adequate minimum liquidity. Issuers will need to retain a sufficiently liquid reserve with a 1:1 ratio partly in the form of deposits, while stablecoins holders may claim an exchange at any time and free of charge by the issuer (including in the event of collapse). 

A precondition of any stablecoin issuance will be that the issuer has a presence (i.e. a registered office) in the EU. This requirement applies even to asset-referenced tokens (ARTs) based on non-European currencies, as it will ensure better supervision and monitoring. Supervision of stablecoins will come from the European Banking Authority (EBA) and not just ESMA. 

Protecting economic stability or stifling stablecoins?

Significantly, the new laws will impose restrictions on dollar-backed stablecoins (incl. USDC and USDT) and constrain the use of ARTs for payment, likely an attempt to preserve the euro’s sovereignty over the crypto industry in Europe. 

Yet many in the industry fear policies contained by MiCA, while well-intentioned, may throttle innovation. For one, the regulation proposes to restrict transactions involving stablecoins pegged to fiat currencies other than the euro to a cap of €200 million per day. Crypto backers claim that the cap is too low to guarantee zero disruptions to stablecoin operations or gauge its success, and will only serve to stifle innovation and the benefits stablecoins could offer. 

Also fueling this fear is the hesitation both EU and national regulations demonstrate when it comes to legally recognizing digital currencies, including stablecoins, as a form of payment or digital settlement. This, despite the EU’s mission to become a leader in digital payment.

This mixed attitude towards digital assets is translating to policies which appear to be digitally inclusive but in practice prevent the type of adoption required to lead to crypto innovation. Take Belgium, which recently passed legislation requiring merchants to offer at least one digital payment solution but doesn’t recognize crypto as a valid form of payment for this provision. The EU needs to hurry before digital payment businesses looking into blockchain innovation begin to move outside its borders. ‍

Apprehension towards foreign involvement

Much of the EU’s apprehension around stablecoins stems from fears that the ECB’s own central bank digital currency (CBDC) project will not be able to compete with other crypto assets. The ECB has been developing a digital euro, which it predicts to launch in 3 years. 

Industry and EU officials have been pushing back, claiming the EU can’t wait that long and that regulation needs to open for private stablecoins in Europe before the dominant form of euro ends up controlled by an entity outside the eurozone. A notable contender is US-based Circle, which recently launched its EUROC token on Ethereum fully backed by Euro-denominated reserves (but held in the custody of institutions within the US regulatory perimeter). 

It seems the later inclusion of stablecoins in MiCA are an attempt to placate this worry, but it might not have the intended effect of boosting the euro as international currency if it ends up forcing the digital currency business out of Europe. Further, as a euro-backed asset, Circle’s EUROC appears to be in the clear from the €200 million transaction cap limit and restrictions faced by non-euro pegged assets (although the company has stated it would not actively market EUROC within the jurisdiction until the framework is more certain). 

Ironically, fear of US-involvement seems to have been forgotten when it comes to the EU’s own digital euro. While outwardly the ECB has been heralding the importance of ensuring EU control over digital payments, the ECB chose to collaborate with U.S. tech giant Amazon as one of five companies helping to trial the digital euro. Economic and Monetary Affairs committee members have questioned why the non-EU firm had been selected to develop e-commerce prototypes for such a sensitive and important project… especially as the company was fined €746 million ($725 million) in 2021 for breaching EU privacy rules and has recently threatened to quit the EU entirely in an attempt to evade penalties for violating antitrust laws. 

NFTS: neglected or marked ‘security’ 

It looks like non-fungible tokens (NFTs) may eventually receive their own regulatory regime as they remain excluded from MiCA unless they qualify under existing crypto-asset categories. The European Commission will work on reviewing whether further NFT-focused legislation is needed once MiCA enters into force.

NFTs which will find themselves exempt from MiCA include digital assets that are “unique and not fungible… including digital art and collectibles” with “unique characteristics” that grant “utility” to token holders. Importantly, what distinguishes the digital asset as unique or not fungible in the eyes of EU law is not necessarily a unique identifier, but also the uniqueness and non-fungibility of the assets and rights it represents. 

The leaked draft of the legislation hints that NFTs issued or sold as components in large collections or series could be found to possess little to no distinctively unique qualities or utility– meaning the new laws could be applied to NFTs. This focus on NFTs is likely in response to the rise of fractionalized assets, including fungible tokens issued with unique identifiers. 

Law experts have interpreted this language as amounting to the EU labeling NFTs issued or sold as components in large collections– including popular profile picture (PFP) projects Bored Ape Yacht Club, Cryptopunks, or Doodles– as securities. If that’s the case, major NFT collections will find themselves subject to the same regulatory scrutiny as other crypto assets as well as the stringent MiFID market rules faced by traditional securities.

Ultimately, this outcome hinges on whether ownership of NFTs in collections composed of visually similar NFTs distinguished by number mechanisms is found functionally identical to owning fungible shares in the value of the whole project or brand, and not just a unique digital item. 

When it comes to assessing the features of the asset, EU regulators will adopt a “substance over form” approach and look at the asset’s qualification as opposed to its designation by users. The result is likely to have a large impact on how NFTs are treated by other nations, particularly the U.S., where the SEC recently filed a lawsuit claiming the entire Ethereum network should be considered a securities exchange. 

Anti-Money Laundering (AML) and Combatting Financing of Terrorism (CFT) 

MiCA will add to existing AML laws by requiring ESMA to maintain a public register of non-compliant CASPs. In line with existing laws, CASPs with parent companies based in “high risk” third countries or on the list of non-cooperative jurisdictions for tax purposes will be required to implement enhanced identity verification checks in line with the EU’s AML framework. 

Alongside MiCA, the EU is forming a new Anti-Money Laundering Authority (AMLA) to ensure a consistent EU-wide approach to monitoring risky transactions, as the EU’s current cross-border framework was found to give opportunities for criminal activity.  Regarding digital assets, the AMLA will supervise directly or indirectly CASPs covered by the Financial Action Task Force (FATF) recommendations. Notably, the AMLA will not be responsible for monitoring or tackling money laundering–that job belongs to the national authorities. 

The EP is also currently moving through a draft of updates to existing AML/CFT laws to cover digital asset transactions. This will require CASPs to adhere to AML rules when processing transactions over €1000 and introduce an obligation for CASPs to collect and make accessible certain information about the senders and beneficiaries of transfers to ensure better traceability of crypto assets. Clearly, Polymesh foresaw the future when it focused on bringing identity to blockchain to help CASPs meet these regulatory requirements. 

Other amendments thus far have included the addition, and subsequent removal, of provisions seeking compulsory identity verification for crypto transfers involving non-custodial wallets (wallet addresses where users own the private key), as well as expanding the scope of regulation to decentralized finance (DeFi), decentralized autonomous organizations (DAOs), NFTs, and the metaverse. 

The removal of provisions on identity verification for non-custodial wallets is likely to somewhat appease critics, who have warned that overzealous regulation of public blockchains could lead to a regime of financial surveillance affecting citizen privacy and freedom. 

Decentralized Finance (DeFi) + Decentralized Autonomous Organizations (DAOs)

Most products in decentralized finance fall outside of MiCA’s scope. DeFi/DAO operations won’t be exempt from oversight for long, though, as the new draft of AML/CFT laws being worked on by the European Parliament will potentially include DeFi platforms, the DAOs that govern them, and other entities operating Web3 companies. 

Earlier this year, the ECB issued a bulletin tearing down the concept of decentralization on the premise that DeFi applications and decentralized governance in practice retain high levels of centralization or concentration. 

The new draft of AML/CFT laws incorporates this thinking in its argument that existing AML/CFT rules should apply to DeFi transactions if “controlled directly or indirectly, through smart controls or voting protocols, by natural and legal persons.” The draft text is a warning to DeFi developers or operators to properly assess the risks before launching a project. 

The draft text also warns Web3 companies of the dangers of exploitation in transactions involving virtual real estate or other metaverse assets, with the plan to include Web3 companies on the list of entities obligated to monitor transactions over €1,000. 

Ultimately, it’s not clear exactly how the EU will apply regulations to Web3, especially as existing legislation focuses more on intermediaries such as exchanges. Imposing rules on a truly decentralized finance project will be much more difficult, so it’s likely the EU isn’t on track to regulate DeFI just yet– although this could change. Understandably, there’s a lot of worry that the EU could rush into regulating the sector before it fully understands the use-cases and in the end cause the continent to fall behind in Web3 innovation.

DLT Market Infrastructure Pilot

It’s too early to tell how the future regulatory changes in the EU will play out, but it’s clear from its establishment of the DLT market infrastructures Pilot Regime (Regulation 858) that the EU is committed to ensuring the legal framework won’t totally hinder the use and innovation of digital asset products and technologies. 

The DLT Pilot Regime came into force in June 2022 and will be applicable from March 23, 2023 with the exception of certain specific provisions. 

Under the Pilot Regime, DLT market infrastructures may benefit from exemptions from provisions in the EU’s financial services legislation– particularly those that prevent the application of new technologies for the trading and settlement of transactions with financial instruments using DLT (e.g. MiFID; CSDR). However, the scope of securities covered by the DLT Pilot Regime is limited to crypto assets that qualify as financial instruments (e.g. stocks, bonds, money market securities, and funds). Illiquid securities are restricted. 

Countries in the EU (e.g. Spain) have already implemented comparable sandboxes temporarily exempting companies from their obligation to comply with certain national regulations for the same purpose. Other national regulators have gone a step further to amend their national securities laws to allow for digital securities issued using DLT, which is likely a more attractive alternative than the pilot regime. 

Industry experts say the success of the pilot regime wouldn’t be widespread adoption but will be measured by the engagement model created between the private and public sector, as well as the transparency around such engagement. However, there are potential unintended outcomes that could harm the goal of promoting experimentation in emerging technologies. 

For example, the pilot regime doesn’t fully allow for the level of experimentation required to assess wider decentralization across the entire market infrastructure and their users, but is limited to central infrastructures deploying DLT. It’s also not certain how companies will exit the pilot program and whether they can still operate once it expires. The specific permission to operate as a DLT market infrastructure is granted by a national authority and valid for a period of up to six years, but beyond that there’s a lot of gray areas, especially as the exemptions granted under the pilot program are not firmly pre-determined by EU legislators. 

These potentials increase the risk for investors engaging in business models under the program much to the dismay of participants hoping to emerge in operation. Still, given the focus on national legislators in the granting of permission, the sandbox could be an attractive avenue for crypto companies looking to emerge with a license  in time for the EU’s “passport rule” to take effect. 

What’s next? Understanding the role of blockchain

For companies in the EU looking to provide crypto asset products and services, it’s vital to use blockchain infrastructure that can pertinently address EU regulatory needs, lest the project risk non-compliance or eventual shutdown (the EU’s laws on licensing, public registers, and crackdowns on illicit transactions make this potential outcome very clear). 

As alluded, Polymesh is a best-fit solution for this matter. The institutional-grade blockchain was built specifically to address regulatory needs in capital markets, which it executes in a delicate balance between identity verification for AML/CFT purposes, compliance, and confidentiality for user privacy. 

Unlike other blockchains which allow anyone to participate, Polymesh embeds an identity verification process that generates an on-chain identity for every individual or entity that participates in the network, with claims attached as needed. Tokenholders can’t subvert compliance rules by using multiple identities to hold assets, and these decentralized identifiers can be mapped back to real-world individuals or entities at any time by the permissioned customer due diligence provider responsible for onboarding and generating it. 

What does this mean for crypto asset service providers in the EU? 

On Polymesh, there’s a known real-world entity behind all on-chain interactions, and users don’t have to worry about directly or indirectly interacting with entities on the EU’s blacklist.

This concept extends to the blockchain’s infrastructure. CASPs and other users get the confidence they need to engage with public blockchain infrastructure knowing that the entities who validate new blocks are known, regulated financial entities. 

Polymesh’s identity system is interwoven with automated compliance as well, giving organizations complete control over the compliance rules governing their tokens through primary and secondary trading and empowering ecosystem partners through delegated controls. 

All of this is possible because of Polymesh’s unique public permissioned infrastructure. Learn more about how Polymesh bolsters security, prevents bad actors from joining the network, and reduces risks of money laundering and other harmful behavior at polymesh.network/permissioned-blockchain.