Australia has a vibrant crypto and blockchain ecosystem. Notwithstanding the market turbulence following major collapses in 2022, including FTX (the Australian arm of which is undergoing insolvency proceedings in Australia, independent from the US Chapter 11 process), many Australian-grown cryptocurrency exchanges, start-ups and “Web3” companies are continuing to lead the way in their respective fields.

Institutional interest in the adoption of blockchain technology has also continued to grow over the past 12 months. In particular, there has been increasing interest in the use of stablecoins for payments and the tokenisation of traditional financial and real-world assets, as demonstrated by the Reserve Bank of Australia’s (RBA) retail central bank digital currency (CBDC) pilot project.

Over the next 12 months, the government is expected to consult on and introduce legislation to establish a licensing and custody framework for digital assets. The Australian Securities and Investments Commission (ASIC) is likely to continue to pursue high-profile enforcement actions, particularly in relation to crypto-offerings that allegedly mimic existing financial products, and apply enhanced scrutiny to regulated offerings that reference crypto-assets.

Australian businesses have adopted blockchain technology for a wide variety of applications. While blockchain technology has been widely adopted for financial applications, it is also being deployed in a number of other industries, such as supply chain, healthcare, gaming, ticketing, real estate and the arts, with the following examples.

• The RBA is conducting a project to explore use cases and the economic benefits of a retail CBDC in Australia. The project involves a significant number of industry participants, who are conducting pilot transactions involving carbon trading, livestock auctions, tax automation and tokenised invoicing, among others.
• In collaboration with Tennis Australia, AO Metaverse released non-fungible tokens (NFTs) called the AO Art Ball Collection for the Australian Open. These NFTs provide intrinsic value in the form of Ground Passes to matches and exclusive benefits.
• The Commonwealth Bank of Australia (the largest bank in the country) has explored multiple use cases for blockchain, including:
1. successfully issuing a bond on a blockchain in 2017;
2. developing a blockchain-based platform for the management of sustainable investment products in 2018;
3. completing a global trade pilot to trace provenance of a shipment in 2019; and
4. conducting a proof of concept for a digital marketplace for trading tokenised biodiversity credits in 2019.
• In 2022, the Australian and New Zealand Banking Group issued its own stablecoin, the A$DC, and completed a pilot transaction involving the purchase of tokenised carbon credits.
• Immutable, an Australian-grown, blockchain-based video gaming platform, has continued to pioneer the use of NFTs in video games. Immutable is the developer of the Immutable zkEVM layer-2 blockchain, an NFT marketplace, the Passport digital wallet solution, and the Gods Unchained and Guild of Guardians NFT-based video games.
• Cryptocurrency exchanges such as CoinSpot and Stables have rolled out innovative card products to enable users to spend cryptocurrency and stablecoins on daily expenses.

There is a substantial decentralised finance (DeFi) ecosystem in Australia, with a number of start-ups and developers engaged in the development of decentralised protocols.

There are currently no tailored laws or regulations governing the use of distributed ledger technology (DLT) or blockchain. Australian regulation is technology neutral, and individuals and entities are expected to consider the nature of services being offered to determine which laws and regulations apply.

ASIC’s Information Sheet 219 sets out an assessment tool to help businesses identify whether an Australian Financial Services Licence (AFSL) may be required for blockchain-based services. This tool includes a set of factors to be considered by the business, such as:

• which blockchain platform is being used;
• how it will be run;
• how it works under the law;
• how the blockchain is using the data; and
• how the blockchain affects others.

The following laws may apply to DeFi in Australia:

• the Corporations Act 2001 (Cth) (Corporations Act);
• the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (Cth) (AML/CTF Act);
• the National Consumer Credit Protection Act 2009 (Cth);
• the Australian Securities and Investments Commission Act 2001 (Cth) (ASIC Act); and
• the Australian Consumer Law.

Under the Corporations Act, if a business is considered to be dealing in or issuing a financial product, it is required to hold an AFSL. The same applies to a person “arranging” for another to deal in or issue a financial product. A difficulty arises in relation to DeFi where a protocol operates autonomously and does not fit neatly – or at all – within the existing regulatory framework.

The legal status of DeFi protocols is uncertain. It is unclear how regulators may attempt to impose liability or accountability on decentralised autonomous organisations (DAOs) or their participants.

NFTs have generated a high level of interest in Australia and have gained market traction in four main areas.

NFTs are being used as a representation of asset ownership in video games. The blockchain-based video gaming platform Immutable is the developer of two blockchains for NFT-based video games and an NFT marketplace, which power the cost-effective minting and trading of NFTs that represent ownership of in-game assets such as character skins and collectibles. The Immutable platform also supports third-party video games, such as Illuvium and Shardbound.

Secondly, tokenisation is often crowned as blockchain’s “killer use case” and has received growing attention in Australia. Tokenisation refers to the process of converting financial or real-word assets, such as securities, artwork or real estate, into digital tokens that can be stored and exchanged on a blockchain. The use of NFTs for tokenisation has the potential to transform financial markets and a wide range of other industries by enabling digital ownership, liquidity and lower transaction costs.

The third area is the integration of real-world benefits into NFTs, often in the form of membership value. An example is the Australian Open’s Art Ball Collection, and the use of NFTs for ticketing or membership schemes.

Finally, many artists have adopted NFTs as a vehicle to reach new audiences and generate new revenue streams, including through collecting ongoing royalties on secondary sales.

The use of NFTs in these areas has potential regulatory implications in relation to a wide range of laws, including financial services laws, anti-money laundering and counter-terrorism financing (AML/CTF) laws, consumer law and taxation laws.

There are no targeted laws or regulations governing market participants who use blockchain technology or businesses that provide services in relation to crypto-assets, except in relation to AML/CTF laws. Accordingly, there remains significant uncertainty regarding the application of existing regulatory regimes to blockchain and digital assets.

The starting point for businesses is to determine whether a crypto-asset is a financial product under the Corporations Act. Any person issuing or dealing in crypto-assets, such as by making a market or providing custodial services, must obtain an AFSL if the relevant crypto-asset is a financial product.

If a business is offering payment services, such as to accept crypto-assets and to make a payment to another party or bank account, then, assuming the crypto-asset is not a financial product, the business will still be providing a “non-cash payment facility” and will be required to hold an AFSL unless it can fall within an exemption. Digital wallets in Australia will most likely constitute non-cash payment facilities. The non-cash payment facility concept in Australia is broadly analogous to the e-money regulatory system in the EU.

Regardless of whether financial services laws apply, Australia maintains robust consumer protection laws relating to the sale of goods and services, including under the Australian Consumer Law, which restrict misleading and deceptive conduct, unfair contract terms and unconscionable conduct, among others.

AML/CTF laws apply if a designated service is provided with a geographical link to Australia. In 2018, the AML/CTF Act was updated to specify that the exchange of digital currency for money or vice versa is a designated service and requires digital currency exchange (DCEs) to register with the Australian Transaction Reports and Analysis Centre (AUSTRAC). Depending on the nature of the crypto-asset-related service in which they are engaged, a person may be engaged in one or more designated services, including a DCE business, which requires registration with AUSTRAC.

For the most part, Australia applies its existing tax laws in relation to crypto-assets, but the Australian Tax Office (ATO) has made a number of determinations and issued guidance that sets out how it will apply the law to market participants using blockchain technology or cryptocurrencies. The existing tax regime and its application to digital assets is currently subject to a broad-based review by the Board of Taxation.

In addition, the government is currently pursuing a number of reforms intended to modernise Australia’s financial system, including the introduction of a licensing and custody framework for digital assets and stablecoin legislation. Accordingly, it is expected that Australia will see the adoption of specific laws relating to digital assets in the next 12 to 24 months. It remains to be seen whether these will be new laws or an attempt to retrofit the existing regulatory framework.

Australia has not yet fully implemented AML/CTF-related guidance from the Financial Action Task Force (FATF) in relation to virtual assets. Currently, the AML/CTF Act only requires DCEs involved in the conversion of digital currency for money or vice versa to register with AUSTRAC where they have a geographical link to Australia.

The AML/CTF Act and the Anti-Money Laundering and Counter-Terrorism Financing Rules Instrument (2007) (No. 1) (Cth) (AML/CTF Rules) require regulated entities to conduct know your customer (KYC) checks and take a risk-based approach to complying with AML/CTF obligations.

The government has recently announced a consultation to reform the AML/CTF regime, which would expand the scope of AML/CTF regulation in relation to virtual assets to cover exchanges between one or more forms of digital currency, the transfer of digital currency on behalf of a customer, the safekeeping or administration of digital currency and the provision of financial services in relation to an offering or sale of digital currency (eg, ICOs).

At the time of writing, Australia is yet to adopt the standards for prudential treatment of crypto-asset exposures finalised by the Bank for International Settlements (BIS) in December 2022. The Australian Prudential Regulation Authority (APRA) will consult on the prudential treatment for crypto-assets in 2024, the standards of which are expected to come into effect in 2025. APRA released interim expectations on the management of risks associated with crypto-assets in April 2022.

It is anticipated that the government will take into consideration the policy recommendations of the International Organisation of Securities Commissions in finalising its own licensing and custody framework for digital assets.

The regulatory bodies that are most relevant for blockchain and crypto-asset businesses are ASIC, AUSTRAC and the ATO.

ASIC regulates activities involving blockchain and crypto-asset business if one or more crypto-assets meets the definition of a financial product, or if the business is providing a financial service under the Corporations Act. This includes taking action against misleading and deceptive conduct in the marketing and sale of financial products and services. The Australian Competition and Consumer Commission (ACCC) has also delegated powers to ASIC to take action in respect of misleading and deceptive conduct in the marketing or sale of crypto-assets that are not financial products. Following the growth of the cryptocurrency industry and the market turbulence of 2022, ASIC has adopted a more aggressive enforcement posture in relation to crypto-assets by identifying the industry as an area of focus.

AUSTRAC regulates businesses providing certain services (designated services) in the financial sector with a geographical link to Australia. AUSTRAC receives reports from reporting entities, which assist it and its partner agencies in Australia and internationally to combat and disrupt financial crime. To the extent that a blockchain or cryptocurrency business is providing a designated service with a geographical link to Australia, it will be regulated by AUSTRAC.

The ATO collects revenue, administers Goods and Services Tax (GST) on behalf of states and territories, and administers programmes that provide a means for transfer and community benefits. The ATO has provided some limited guidance on cryptocurrency dealings, relating to, for example, the tax treatment of certain crypto-assets and whether they are taxed as capital gains tax (CGT) assets or trading stock, or are subject to fringe benefits tax (FBT). The Board of Taxation conducted a broad-based review of the tax treatment of crypto-assets in 2022 and is scheduled to report back to the Australian government in September 2023.

Blockchain Australia is a self-regulatory organisation for the blockchain and cryptocurrency industry that represents blockchain businesses and market participants. Its Australian Digital Currency Industry Code of Conduct is an audited, self-regulatory scheme that allows Australian DCEs, if certified, to demonstrate that they meet certain best practice standards in the operation of their business, including:

• legal compliance;
• the reputation and background of the owners and operators;
• AML/CTF protections and reporting; and
• consumer protection, including transparent pricing, dispute resolution and data security.

The Code also applies to businesses that provide or facilitate the storage of digital currency; however, at the time of writing, no digital currency custody services have yet been certified.

There are cases considering crypto-assets, but most decisions to date have been of an interlocutory or procedural nature, including the following.

• In Noicos v Dawson [2019] FCA 2197, Justice White of the Federal Court made orders extending a freezing injunction in respect of the respondents who had been involved in the establishment of a cryptocurrency hedge fund (Countinghouse Global and/or Countinghouse Fund). The plaintiffs’ investments in that case took the form of, and were styled as, Countinghouse Tokens (CHTs).
• In Hague v Cordiner (No. 2) [2020] NSWDC 23, a defamation action in the New South Wales District Court, Judge Gibson made an interim order approving the use of crypto-assets held in a cryptocurrency exchange account as security for costs.
• In Chen v Blockchain Global Ltd and Another; Abel And Others v Blockchain Global Ltd and Others [2022] VSC 92, an interlocutory proceeding, Attiwill J accepted that bitcoin is property for the purpose of granting a freezing order.

ASIC has issued regulatory guidance regarding the application of financial services laws to blockchain and crypto-assets in Australia in the form of an Information Sheet (INFO 225). However, ASIC has not yet provided any definitive guidance on whether it considers one or more cryptocurrencies to be a financial product, and has instructed those dealing in crypto-assets to seek professional advice. ASIC has also provided guidance in Information Sheet 219 in relation to the use of DLT to help both ASIC and interested parties evaluate whether the use of DLT would allow an entity to meet its regulatory obligations.

ASIC has acted to stop proposed and completed ICOs as well as token generation events that raise capital without appropriate investor protections. According to ASIC, in taking these actions it has identified consistent problems that occur in these areas, including things like the use of misleading and deceptive comments in sales and marketing materials, and the operation of unregistered management investment schemes and businesses not holding an AFSL.

ASIC’s recent enforcement activity reflects its heightened scrutiny of crypto-asset offerings that mimic financial products and services. The Deputy Chair has repeatedly warned that “simply because a product hinges on a crypto-asset does not mean it falls outside financial services law”. This stance became evident in ASIC’s proceedings against Qoin, Block Earner and Finder Wallet, which each concerned the alleged offer of unlicensed financial services involving crypto-assets.

In 2022, ASIC also issued stop orders against Holon Investments preventing the distribution of certain crypto-asset funds referencing Bitcoin, Ethereum and Filecoin on the basis that the company had too widely defined the target market for the products. The stop orders issued against single crypto-asset funds suggest that ASIC may take the view that cryptocurrency investments are only suitable for retail investors with a very high risk tolerance, if at all.

AUSTRAC has previously taken action to refuse, cancel or suspend a DCE registration in a limited number of cases, which are published on its website. However, AUSTRAC does not publicly specify the reason for such actions.

There is no specific regulatory sandbox geared towards blockchain-based projects, but Australia does have a regulatory sandbox that “aims to facilitate financial innovation in Australia”.

The ASIC sandbox permits a business to provide a limited range of services without first needing to obtain an AFSL or Australian credit licence, or vary its licence to include additional authorisations, for a period of up to two years. However, prior to participating, the business must meet a public benefit test and an innovation test. While businesses must still report to ASIC on their activities, this licensing leeway is designed to grant innovative businesses the opportunity to test new services. Should they wish to continue their business after these two years, they will need to apply for the appropriate licence well before the end of the sandbox.

The ASIC Innovation Hub assesses applications to use the sandbox and also provides practical support to fintech start-ups and other innovators as they navigate Australia’s financial regulatory system.

Most blockchain-based start-ups are unlikely to fit within the criteria to utilise the sandbox.

The ATO has released limited guidance on how the existing tax regime applies to crypto-asset dealings in the form of taxation rulings and public guidance on its website.

Significant tax uncertainties remain in Australia, including (but not limited to):

• capital versus revenue account characterisations for individual investors/traders;
• the applicability of FBT to projects that allocate tokens to their employees (akin to an employee share scheme);
• whether certain on-chain interactions (eg, staking) constitute taxable events;
• the tax implications of a blockchain hard-fork;
• the applicability of indirect taxes (eg, GST) in the context of decentralised and anonymous transactions;
• the application of potential CGT exemptions, including the personal use asset exemption;
• the calculation of CGT asset cost bases; and
• what constitutes sufficient records in the eyes of the ATO (eg, decentralised ledger records).

At the time of writing, the Board of Taxation is reviewing materials in response to an extensive consultation process conducted in 2022. The Board is expected to finalise its report to the government in September 2023, which will include suggestions for legislative and regulatory reform.

In February 2020, the federal government announced its National Blockchain Roadmap, which is a five-year plan that sets out a strategy for the government to look into the benefits of blockchain and address the challenges thereof. To investigate the potential for blockchain technology, particularly in the Roadmap’s showcased areas of supply chains, credentialing and KYC, the government formed working groups to explore several use cases in each sector.

The Roadmap also established a National Blockchain Roadmap Steering Committee, with Terms of Reference to oversee the 12-step strategy for the Australian government to best address the challenges and leverage the opportunities that are presented by blockchain technology.

Following an election in May 2022, the new federal government has not indicated whether it will pursue the National Blockchain Roadmap, and appears to have shifted its focus to promoting the development of other innovative technologies.

The previous government also formed the Senate Select Committee on Financial Technology and Regulatory Technology (later renamed as the Senate Select Committee on Australia as a Technology and Financial Centre) to investigate the policy settings for fintech and regtech in Australia. As part of its goal to develop an internationally competitive edge in fintech, in October 2021 the committee issued a final report with 12 recommendations to the Australian government, including establishing a market licensing regime for DCEs, a custody or depository regime for crypto-assets and conducting a token mapping exercise. Some of these recommendations have informed the government in its later legislative proposals and consultations.

It is not currently clear how the ownership of a crypto-asset is determined whose transfer based on an instruction given to a blockchain network using a private cryptographic key in Australia: it depends on the blockchain network being referred to and how many blocks need to be created before a transaction is considered to be irreversible on account of being too deep within the ledger’s history to be altered.

On a public blockchain with no central party that determines when a transaction is final, ownership is probabilistic and statistical. On a private blockchain, the operator of the blockchain would be expected to determine when a transaction is final.

To date, there have not been any cases that directly address the question of whether crypto-assets are property and at what point they become property.

To date, the Australian government has not adopted any classification system for different types of crypto-assets. The core question remains whether the crypto-asset in question falls within the existing definition of a “financial product” under the Corporations Act or is otherwise a form of “goods”. This requires analysis on a case-by-case basis. The general definition of a financial product is a facility through which, or through the acquisition of which, a person:

• makes a financial investment;
• manages financial risk; or
• makes non-cash payments.

In addition, specific things are deemed to be financial products, including securities, derivatives and interests in a managed investment scheme.

The assessment of whether a particular crypto-asset is a financial product involves considerable uncertainty in the absence of clear guidance or case law. ASIC’s INFO 225 encourages persons dealing in crypto-assets to “seek professional advice” on whether the asset is a financial product.

Even if a crypto-asset is not a financial product, the sale of crypto-assets remains subject to Australia’s general consumer protection laws, including the prohibition on misleading and deceptive conduct under the Australian Consumer Laws.

Australia does not yet maintain laws that specifically address stablecoins. Depending on its specific features, a stablecoin may meet the definition of a financial product (eg, a derivative, an interest in a managed investment scheme or a non-cash payment facility), in which case the issuer and persons dealing in the stablecoin must hold an AFSL.

While there is no regulation that specifically addresses the distinction between asset-backed and algorithmic stablecoins, these characteristics are considered when making a determination as to whether the crypto-asset is a financial product.

The Council of Financial Regulators is understood to be working on legislation that would bring stablecoins within a legislative framework for stored value facilities. Separately, a private member’s bill – the Digital Assets (Market Regulation) Bill 2023 which, at the time of writing, was being reviewed by the Senate Economics Legislation Committee – provides a framework for the licensing of stablecoin issuers and the passporting of stablecoins regulated overseas. That bill is unlikely to become legislation in its current form.

The government has recognised digital currencies as a lawful form of payment only in the sense that it has acknowledged that digital currencies can be used in the same way as other non-cash consideration in barter transactions. However, no digital currency is recognised as legal tender in Australia, and the government has yet to accept any digital currency as a means of payment.

Some businesses in Australia are accepting digital currencies from customers, and a number of payments businesses have issued card products that allow customers to convert digital currency and pay merchants in fiat currency. If a business is facilitating payments in digital currencies between parties, it may be providing a non-cash payment facility, in which case it would need an AFSL; it should also consider whether it may be providing a payment system or purchased payment facility, which is regulated by the RBA.

Australia does not have specific arrangements for the regulation of NFTs. Generally, the law treats NFTs like other non-tangible assets, and will permit them to be bought, sold and owned, intervening to uphold property rights (including intellectual property rights) and contractual obligations, including those created by smart contracts. In certain cases, NFTs may be treated as financial products. However, even where they are not, NFTs will be considered goods under the Australian Consumer Law, and sale or trading in NFTs is subject to consumer law protections, such as the prohibition on misleading and deceptive conduct and unfair contract terms.

The ATO has advised that the tax treatment of an NFT is contingent on the circumstances of the acquisition or sale, the usage of the NFT and reasons for transacting or holding the NFT. An individual may be required to pay income tax on the NFT as a capital gains tax asset under the CGT regime or as part of a business, profit-making scheme or on revenue account as trading stock. Furthermore, GST may apply on NFT sales to Australian consumers if the NFT marketplace is operating as an electronic distribution platform. In rare cases, an NFT may be recognised as a personal use asset, in which case special rules for CGT and exemptions may become relevant.

The Australian market is serviced by several large domestic exchanges and intermediaries, a significant number of smaller DCEs and a number of large international exchanges that have established local operations. Some of these exchanges have established NFT platforms. Australians are also accessing a wide variety of decentralised platforms for trading in cryptocurrencies and NFTs.

There is no legislative framework or guidance that specifically addresses crypto-asset securities. However, there is a growing interest in asset tokenisation, and a number of companies are exploring tokenised financial products.

ASIC has created a pathway for issuing exchange-traded and managed funds that invest in crypto-assets. A number of ETFs have been delisted following the market turbulence of 2022, and wholesale and retail funds have faced significant hurdles in obtaining regulatory approvals. In 2022, Binance and FTX established licensed crypto-derivatives offerings in Australia. Binance handed in its licence in April 2023 following regulatory scrutiny, meaning that there are no longer any licensed crypto-derivatives offerings in Australia.

All entities in the business of exchanging digital currency for fiat and fiat for digital currency (ie, DCEs) must be enrolled and registered with AUSTRAC and must comply with AML/CTF laws. All DCEs must have an AML/CTF programme outlining their processes for complying with AML/CTF laws and conducting KYC checks. Digital currency is excluded from the definition of property under these laws and, accordingly, the transfer of digital currency is excluded from being classified as remittance (money transmission).

At this stage, exchanges between digital currencies are unregulated by AUSTRAC. This is expected to change in the near future, as the Attorney-General’s department is conducting consultations on expanding AML/CTF laws to cover crypto-to-crypto exchanges, the transfer and custody of digital currency and offers and sales of digital currency (eg, ICOs).

However, it is best practice to adhere as much as possible to AML/CTF laws in order to minimise the risks associated with providing such services. Businesses offering to deal in crypto-assets, such as by making a market or trading services, must obtain an AFSL if they deal in crypto-assets that constitute financial products.

The AML/CTF Act and AML/CTF Rules set out KYC and other rules applicable to transactions in digital currency. DCEs and any other person or entity carrying on a “designated service” under the AML/CTF Act must have risk-based procedures, systems and controls in place to manage AML/CTF risk and comply with AML/CTF laws. These include:

• being registered as a DCE and/or enrolling with AUSTRAC;
• conducting KYC identification and verification on all customers and beneficial owners;
• conducting ongoing customer due diligence;
• complying with reporting obligations such as threshold transaction reporting, suspicious matter reporting and submitting annual AUSTRAC Compliance Reports;
• having appropriate management oversight and record-keeping procedures in place;
• training, monitoring and supervising representatives;
• having an employee due diligence programme in place;
• undertaking ongoing and independent reviews; and
• having a compliant AML/CTF programme in place.

Sanctions regulations will apply to dealings in relation to crypto-assets on the basis that they are a form of property.

Under the Corporations Act, it is illegal to implement transactions that have or are likely to have the effect of creating an artificial price for trading in financial products on a financial market. A person can be found liable for market manipulation if they are directly or indirectly involved by means of taking part in the transaction or having it carried out on their behalf. The extent to which these laws apply to cryptocurrencies is fact sensitive. However, such conduct may still be prosecuted under other laws, such as general fraud type offences.

As Australia’s financial services regulator, ASIC has broad oversight of financial products and services. It administers the AFSL regime and monitors unlicensed financial service providers. ASIC is expected to administer the future licensing and custody framework for crypto-assets. The ACCC has delegated its consumer protection powers in respect of crypto-assets to ASIC.

There are no specific regulatory restrictions on the ability of a cryptocurrency exchange to re-hypothecate (on-transfer) its crypto-assets to third parties. However, these matters will be subject to contractual protections and consumer protection laws. If the cryptocurrency exchange is providing a financial service or product under Chapter 7 of the Corporations Act, or a managed investment scheme under Chapter 5 of the Corporations Act, it will be required to comply with the Corporations Act and the ASIC Act in its dealings with customer assets.

If a business stores tokens that fall within the definition of a “financial product”, it will need to hold an AFSL and the relevant custodial and depository authorisation. If the tokens are not financial products, then there are no specific regulations applicable to either hot or cold storage as of now. This is expected to change as Australia continues its efforts to develop a licensing and custody framework for crypto-assets.

ASIC has issued best practice guidance for funds that invest in and custody crypto-assets in INFO 225.

The specific regulations that are applicable to fundraising through a token issuance will depend on the characteristics of the token.

If the token is a financial product and the issuance is undertaken in Australia or is to Australians, the issuer and any intermediary dealing in the tokens will be required to comply with Chapter 7 of the Corporations Act and will accordingly require an AFSL, unless an exemption applies.

The AFSL authorisations and the disclosure documents required for the issuance will be determined by the type of financial product and whether the issuance is to wholesale clients only or also to retail clients.

ASIC provides guidance on token offerings in INFO 225. ASIC’s latest guidance emphasises that it expects entities that do not have an AFSL to be able to justify a conclusion that their token or ICO is not a financial product, and to know who their investors are if the entity intends to rely on wholesale/sophisticated investor exemptions to the requirement that a managed investment scheme that accepts investment from retail investors above certain limits be registered with ASIC.

Unfortunately, ASIC’s updated INFO 225 does not provide clear guidance on how entities can undertake a token offering that is compliant with the obligations of a managed investment scheme operated by an AFSL holder in relation to matters such as custody or secondary trading of crypto-assets or provide any categories of crypto-tokens that will not be considered financial products.

If the token being issued has the characteristics of an interest in a managed investment scheme, share or derivative, and the issuer has a geographical link to Australia, the issuer will also be providing a designated service for the purposes of the AML/CTF Act and will be required to comply with that Act, including enrolling with AUSTRAC. The issuer may also be required to register as a DCE.

The specific regulations that are applicable to fundraising through an initial exchange offering depend on the characteristics of the token, as set out under 5.1 Initial Coin Offerings.

ASIC has delegated powers from the ACCC to enforce the Australian Consumer Law in relation to crypto-assets. Where a crypto-asset exchange is involved as an intermediary, it must be careful not to be misleading or deceptive in its marketing and selling of crypto-assets, regardless of whether or not the crypto-assets involve a financial product. This includes communications about the structure and purpose of the crypto-asset, the status of the offeror and disclosures made under its white paper.

There is no legislation in Australia that specifically regulates the distribution of tokens to community members. However, the receivers of airdropped tokens must declare such receipts under “other income” as part of their tax return filing. The monetary value of the token received is classified as ordinary income at the time of receipt under the guidance of the ATO. However, the ATO advises that tokens received as part of an initial airdrop do not have market value at the time of receipt, so no reporting requirement applies at the time of receipt. However, subsequent sale of the tokens will be subject to CGT rules.

Australia does not have any special regulations concerning investment funds or collective investment schemes that invest in crypto-assets as an alternative to traditional assets. Investment funds are traditionally regulated as managed investment schemes.

In INFO 225, ASIC provides good practice guidance for investment products that provide exposure to crypto-assets. Issues of exchange traded products (ETPs) that reference crypto-assets should also refer to the additional good practices specific to crypto-asset ETPs set out in ASIC’s Information Sheet 230.

According to INFO 225, there are certain key matters that Responsible Entities (ie, operators of registered managed investment schemes) must consider when investing the funds of their investors into crypto-assets, particularly in relation to custody, risk management and disclosure. These key matters are relevant regardless of whether the crypto-assets are financial products or not.

Operators of schemes that hold crypto-assets will generally need to hold an AFSL or be exempt from the requirement to hold a licence. When applying for these authorisations, the applicant is required to select what kind(s) of assets the scheme will hold. For registered managed investment schemes that will hold crypto-assets, the applicant should select:

• the “crypto-asset” asset kind for crypto-assets that are not financial products; or
• the asset kind that corresponds to the crypto-asset class of financial product for crypto-assets that are also financial products – for example, the “financial assets” or “derivatives” asset kinds.

Australia also introduced a framework for corporate collective investment vehicles (CCIV) in the Corporate Collective Investment Vehicle Framework and Other Measures Act 2022 (Cth). CCIV is a new type of corporate vehicle that can be used for fund management.

Broker-dealers or other financial intermediaries that deal in crypto-assets that are financial products must hold an AFSL, which is likely to cover providing financial product advice and dealing in the applicable financial product. These dealings may be to all customers, or may be limited to wholesale customers only.

Where the broker-dealer is exchanging crypto-assets for fiat currency (whether Australian or not) or vice versa in the course of carrying on a DCE business, the broker-dealer must also apply for registration as a DCE with AUSTRAC and prepare a compliant AML/CTF programme.

If the broker-dealer deals in a token that has the characteristics of a financial product, it will likely be carrying on one or more designated services and will be required to comply with the AML/CTF laws, including enrolling with AUSTRAC and implementing an AML/CTF programme.

Whether smart contracts are legally enforceable depends on the form of the particular smart contract. The term “smart contracts” is used for various contractual relationships, including:

• an unwritten agreement, where inputs and outputs are extremely limited and trust is not required between the parties (eg, a vending machine);
• a standard written agreement (eg, an agreement for the sale of land);
• a written agreement incorporating the parties’ reliance on a software-driven outcome, where control over the execution of the software process is in the hands of a trusted third party (eg, an escrow service);
• a written agreement, usually in a human language, incorporating the parties’ reliance on a software-driven outcome where the software resides on a blockchain and executes without human intervention; and
• an agreement written only in machine-readable computer code, executed entirely without human intervention once entered into, known as “the code is the contract” or even presumptuously as “smart contract law”.

A legally enforceable smart contract must meet all of the traditional elements of a binding contract, including intent to create legal relations, consideration, offer and acceptance. Any duress, undue influence or unconscionable dealings could render a smart contract void at law, despite being potentially unstoppable digitally. The most pure “the code is the contract” smart contracts are of particular concern as they lack any notification of their terms, which exist only as machine-readable code. The identity of the other party to the contract, or whether that party has capacity to enter into the contract, is usually unknown. Australian superior courts have yet to address a smart contract dispute of this kind or make rulings regarding smart contracts.

It has been argued that if traditional contract law applies to the underlying transactions between parties using smart contracts in some circumstances, then, on the same basis, software developers could be found to be liable for poorly written software code that results in a loss for someone that uses their software. However, this theory has not been considered by the Australian courts at this stage so there is currently no authority on this issue. Under existing law, it is difficult to see how a software developer would be found to be a fiduciary absent a compelling factual matrix. Recognised fiduciary relationships under Australian law to date include solicitor and client, trustee and beneficiary, and doctor and patient.

However, the possibility of software developers owing fiduciary duties to software users was considered by the English court in the Tulip Trading case (Tulip Trading Limited v van der Laan & Ors [2023] EWCA Civ 83). The Court of Appeal held that it was arguable that the developers of blockchain software owed a fiduciary duty to ensure the user of the software had access to and control of their Bitcoin. At the time of writing, the matter has been remitted to the High Court for further argument. The outcome in this case will be eagerly anticipated in common law countries.

DeFi activity is allowable as long as the decentralised platforms ensure that persons involved in the development and operation of the platform hold any required AFSL and credit licence authorisations. To the extent a DeFi platform meets the definition of a “financial service”, persons involved in the platform may be required to hold an AFSL. Similarly, to the extent a DeFi platform’s lending activities fall within the definition of “credit activity” under the National Credit Consumer Protection Act 2009 (Cth), a lending licence may be required.

The only way to show control and perfect interest in a crypto-asset is by owning the private key. For instance, when a customer uses a third party exchange and uses a “hot wallet”, that exchange holds the private key, meaning the exchange controls the asset. The reverse is true for an owner of a “cold wallet”. A lender would need to have some control over the crypto-asset to have a practical security interest, potentially through a sharded key or total possession.

There are currently no specific obligations that apply to a professional investor transferring its crypto-assets to a custodian. Crypto-asset custodians are regulated only if the crypto-assets stored by the custodian entity are financial products under Chapter 7 of the Corporations Act, in which case the custodian must obtain an AFSL with appropriate custodial and depository authorisation. Existing custody regulations have not been tailored to crypto-assets. However, ASIC has issued best practice guidance for funds that invest in and custody crypto-assets in INFO225.

Australia’s legal regime for the protection of data privacy is covered under federal legislation: the Privacy Act 1988 (Cth) (Privacy Act), which is currently undergoing reform to be in line with international standards and best practices. Some states in Australia have their own privacy laws. Many of the proposed changes to the Privacy Act seek to emulate the EU’s General Data Protection Regulation – eg, to include the right to erasure.

Currently, the Privacy Act regulates the handling of personal information by government agencies and private sector entities that have an aggregate group revenue of at least AUD3 million. The Act also applies to reporting entities (including DCEs) under AML/CTF laws, regardless of the turnover threshold. The reforms to the Privacy Act propose to broaden the requirements so that small businesses may be included within the remit of the legislation and to place other additional obligations on entities.

Alongside the main provisions of the Privacy Act are 13 Australian Privacy Principles (APPs) that form part of the Privacy Act. The APPs impose obligations on the collection, use, disclosure, retention and destruction of personal information, with which entities caught under the Privacy Act need to comply.

One of the main features of blockchain technology is its immutability, which can prove a challenge with regards to the concept of the “right to be forgotten”. Amending or deleting personal information that has been entered into a blockchain can be difficult. Therefore, entities who use or provide blockchain-based products or services need to craft their privacy policies clearly, ensuring that any personal information being captured will not ultimately end up on the blockchain where it conflicts with legislation, making it hard to alter or remove it. Additionally, given the borderless nature of blockchain technology, entities that have a jurisdictional link to Australia will need to comply with the Privacy Act and the APPs.

The specific regulations that are applicable to data protection are the same as those set out under 8.1 Data Privacy.

Although cryptocurrency mining is permitted in Australia, there are no specific legislative or regulatory instruments that govern the activity. However, if the cryptocurrency mining facilitates a clearing and settlement process for cryptocurrencies that are financial products in accordance with the Corporations Act, then the activity will fall within the “financial services and markets” regulatory regime outlined in Chapter 7 of the Corporations Act. ASIC INFO 225 refers to this possibility in principal, but no real-world examples of this have been provided.

In Australia, crypto-assets are generally treated as CGT assets, with CGT being payable upon eventual disposal of the asset, the possibility of certain CGT discounts applying and the ability to carry forward any CGT losses to future years to offset taxable capital gains.

However, mined cryptocurrency may be treated as trading stock under the existing tax regime if the taxpayer is deemed to be running a business in cryptocurrency mining. In this situation, the taxpayer would pay ordinary income tax on the trading profits made within the income tax year from the mined cryptocurrency.

Token holders who participate in staking their tokens as part of a process to validate transactions on their host blockchain protocol ordinarily receive rewards in the form of additional tokens, which are subject to tax implications. Staking rewards are taxed when received by the taxpayer, with the market value of the tokens being the deemed ordinary income of the taxpayer.

The offer of crypto-asset yield, earn and staking type services has been subject to heightened scrutiny in Australia over the last year. ASIC commenced enforcement actions against two crypto companies in late 2022 over a variety of yield-based product offerings that ASIC alleges amount to unlicensed financial services.

Any intermediary proposing to offer yield, earn or staking type services should seek professional advice addressing whether the offering in question involves a financial product or service, such as a debenture or a managed investment scheme. Severe civil and criminal penalties may apply if the product is treated as an unlicensed financial service.

DAOs continue to be active in Australia. DAOs are used to govern the development of decentralised applications (eg, video games, liquidity pools and trading platforms) on public and private blockchains, with governance tokenholders (ie, the “members” of the DAO) primarily organising themselves via web-based forums Discord, Telegram and Twitter.

There is currently no legal recognition of DAOs in Australia, with advisers and regulators debating how, if at all, the DAO model fits within the existing legal entity framework. A DAO may constitute an “unincorporated association of persons” or partnership depending on the facts, which potentially exposes members to personal liability.

DAO governance structures operating in Australia are varied: some structures revolve around certain key individuals making proposals, whereas other DAOs are significantly more decentralised in their approach to governance. Tokens are generally allocated to DAO members through a DAO treasury, which more often than not is an offshore entity.

Governance processes are typically conducted both on and off-chain, with voting participating thresholds depending on the size of the DAO and the significance of the particular proposal.

Given that DAOs currently fall outside the existing legal framework in Australia, they will often incorporate a “DAO wrapper” private company to conduct business with non-blockchain native entities, as many service providers are unwilling to contract with an unincorporated association, given the difficulty in determining liability.

Whilst DAO wrappers shield key individuals from liability, they also create an entity that is required to comply with applicable laws and regulations. This also includes the potential for tax liabilities to be imposed upon DAO wrappers as the only identifiable legal personality that can reasonably be taxed for the DAO’s activities.