The PACTE Act

As of 2019, France has expressed the desire to become a major European crypto hub, as manifested by the adoption of the Law  No 2019-486 of May 22, 2019, on the Growth and Transformation of Companies (the “PACTE Act”) in 2019. The PACTE Act established a clear regulatory framework applicable to digital asset service providers (DASPs) and initial coin offerings (ICOs). Under the PACTE Act’s regulatory framework, a DASP is required to register with the Financial Markets Authority (Autorité des Marchés Financiers, or AMF) when it provides at least one of the following four services: (i) custody of digital assets on behalf of third parties, (ii) buying or selling digital assets in legal currency, (iii) exchanging of digital assets for other digital assets, and (iv) operation of a digital asset trading platform.

Recent Developments

In response to the bankruptcy of FTX and other prominent companies, members of the French parliament have recently adopted several amendments to the DASP framework. First, the supervisory and enforcement powers of the AMF have been strengthened: the regulator will be able to take precautionary measures when it considers that a DASP is susceptible to becoming insolvent, and may further suspend the registration of a DASP where its activity is deemed a threat to the stability of the digital assets market.

In addition, a new registration statute has been introduced, which will become mandatory as of 1 January 2024.

However, applications for the simple DASP registration will no longer be processed, and new applicants must apply for a “reinforced registration” statute as of now.

As a result, three regulatory statuses will now coexist in France.

Simple registration

The most basic statute is the registration. It involves a detailed review by the AMF of the business model of the applicant, and a “fit & proper” test for both the beneficial owners and the effective managers. However, in terms of operational procedures, the only real requirement for registered DASPs is the adoption and implementation of a comprehensive AML procedure.

Reinforced registration

Since the modification of the DASP regime in February 2023, all new applicants must now apply for a “reinforced” registration. The requirements under this statute are substantially more demanding than those under the existing “simple registration” statute. As a result, new applicants are required to comply with the requirements set forth in paragraphs 5 and 6 of the newly introduced Article L. 54-10-3 of the French Monetary and Financial Code, including:

• establishing a resilient and secure IT infrastructure, adopting a detailed cybersecurity policy, and submitting an audit report from a certified cybersecurity consultant;
• implementing adequate security and internal control systems;

• adopting and implementing additional procedures, related to conflicts of interest, complaints handling, internal controls, incident reporting, etc, as well as publishing their pricing policy;
• depending on the services actually provided, adopting dedicated policies (eg, if the DASP provides custody services, a detailed custody policy and guarantees that the DASP’s own assets are segregated from its clients’ assets. or if the DASP is a crypto/fiat broker, an order execution policy); and
• including mandatory information and disclaimers in the terms and conditions and marketing content, and communicating clear, accurate and non-misleading information to clients.

Voluntary licensing

On a voluntary basis, applicants can apply for a licence. As of today, there is no licensed DASP in France, even though several applications are currently under review by the AMF. The obligations applicable to the DASP licence are very similar to those applicable to the reinforced registration, except for capital requirements. Licensed DASPs are subject to capital requirements (which will soon become similar to those under the Markets in Crypto-Assets Regulation (MiCA). Alternatively, they can replace the capital requirements through liability insurance – but the conditions of such insurance seem too restrictive to be achievable.

Applying for the optional licence in addition to the reinforced registration has three main advantages:

• using it as a marketing and canvassing tool to gain market share and build the licensed DASP’s visibility in France, especially because there are currently no licensed DASPs;
• anticipating the transition to the crypto-asset service provider (CASP) license under the MiCA Regulation (ie, in early 2025); and
• only licensed DASPs are legally allowed to sponsor sports/e-sports teams and events.

Despite recent events in the crypto-assets markets, the registration framework for DASPs in France, as created by the PACTE Act, remains strong and dynamic: around 70 DASPs have been registered by the AMF, and many more applications are currently being assessed by the French regulator. In addition, applications for DASP licences have been submitted to the French regulators. This demonstrates the dynamism of the crypto market in France, and the willingness of applying crypto companies to conform to MiCA’s upcoming requirements, by already adopting more rigorous internal procedures.

Further Legislation

MiCA Regulation

On 20 April 2023, the European Parliament adopted the Markets in Crypto-assets Regulation, which provides for the European framework for regulation in the EU of the issuance and provision of services related to crypto-assets and stablecoins (the “MiCA Regulation”, or MiCA). Consequently, the European Union has become the first major jurisdiction to adopt a clear and harmonised regulatory framework for digital assets. Under the MiCA Regulation, licensing will be mandatory for all CASPs providing services in the European Union. A transitional period of 18 months (which is expected to end in January 2025) will allow a DASP registered or licensed under an EU member state’s statute, to continue to offer its services in France, while waiting for its authorisation as a CASP. This transitional period is one of the reasons why the French Parliament has elected to strengthen the rules applicable to entities applying for a DASP registration in France, during the months preceding MiCA’s entry into application.

In addition, the DLT Pilot Regime, which is part of the Digital Finance Package introduced by the European Commission in 2020, alongside the MiCA Regulation, was adopted in June 2022, and has now entered into force (the “Pilot Regime”). The Pilot Regime establishes a regulatory framework that aims at developing distributed leger technology (DLT)-based trading facilities and settlement systems for financial instruments.

The Law No 2023-171 of March 9, 2023 (referred to as “DDADUE”) introduced into the French Monetary and Financial Code the provisions transposing the Pilot Regime, and defined the assignment of responsibilities of the respective national authorities: the AMF, the French central bank (Banque de France) and the French Prudential Supervision and Resolution Authority (Autorité de contrôle prudentiel et de résolution, or ACPR). The supervisory authority over the three different categories of participants likely to apply for the exemptions provided by the Pilot Regime will therefore be shared. The joint ACPR/AMF instruction has been published to this effect.

Finally, the revised Transfer of Funds Regulation (EU) 2015/847 on information accompanying transfers of funds (TFR) was adopted on 20 April 2023. The TFR aims to strengthen the EU’s anti-money laundering and countering terrorism financing (AML/CFT) rules, by transposing into EU laws the Travel Rules requirements of the Financial Action Task Force (FATF). The TFR therefore establishes a dedicated framework for tracing the transfers of crypto-assets by imposing Travel Rule requirements on CASPs. Accordingly, EU CASPs will be required to comply with the Travel Rule obligations for every transaction, regardless of its amount. No de minimis threshold will apply, and there will be no simplification of requirements for transactions within the Union. Stronger requirements will apply to transactions with self-hosted wallets. The TFR will start applying in January 2025 (18 months after the regulation enters into force).

AML/CFT

In parallel, new EU measures strengthening AML/CFT measures are in the process of being adopted. This package includes three pieces of draft legislation on the financing provisions of EU AML/CFT policy. The package consists of:

• the 6th Anti-money Laundering/Countering Financing of Terrorism (AML/CFT) Directive, which introduces national provisions on supervision and financial intelligence units, as well as an access for competent authorities to necessary and reliable information (eg, beneficial ownership registers and assets stored in free zones);
• the regulation establishing an EU AML Authority (AMLA), which will be entrusted with supervisory and investigative powers to ensure compliance with AML/CFT requirements; and
• the EU “single rulebook” regulation, which introduces provisions regarding the performance of due diligence procedures on customers, transparency of beneficial owners and the use of anonymous instruments, such as crypto-assets, and new entities, such as crowdfunding platforms.

Under these regulations, entities, such as banks, assets and crypto-assets managers will be required to verify their customers’ identity, what they own and who controls the company. Payments that can be accepted by persons providing goods or service will be limited and capped to up to EUR7,000 for cash payments and EUR1,000 for crypto-asset transfers, where the customer cannot be identified.

There remains the question of whether decentralised finance (DeFi) protocols would be required to comply with these new measures regarding AML/CFT. Although the requirements for such protocols have not yet been finalised, this would mainly depend on whether a DeFi protocol can be shown to be centrally controlled.

Regulation of influencers

On 30 March 2023, members of the French Parliament passed a bill to regulate influencers, including crypto influencers. The bill aims to set a frame of reference to protect influencers as well as consumers. The proposal provides for a legal definition of “influencer” and equally applies to influencers operating from abroad, who address a French audience. Initially, the proposal included a ban on the promotion of certain financial products and services, such as cryptocurrencies, but this provision has been recently revised. As it stands, only registered and licensed DASPs, as well as project holders conducting an ICO under the PACTE Act’s visa regime can actively promote their activities through influencers. However, the final version of the law has yet to be formally adopted and might be subject to change.

Stablecoins and Central Bank Digital Currency

The Banque de France’s experiments with a central bank digital currency (CBDC) are continuing. On 8 November 2021, the Banque de France published a report on its CBDC experiments. One of the main takeaways is that a wholesale CBDC could help ensure the safe development of tokenised financial markets due to the CBDC’s role in preserving the central bank’s money. On 27 September 2022, the Banque de France organised a conference on the opportunities and challenges of the tokenisation of finance. More recently, the Governor of the Banque de France gave a speech in which he confirmed that the Banque de France is also experimenting with a retail CBDC.

France has become the central hub for crypto and blockchain companies in Europe, and several French start-ups have begun their international expansion. The following are examples of business models developed by French startups, or companies established in France:

• exchange platforms for retail investors (Binance France, Crypto.com);
• digital asset brokers such as Coinhouse, Meria or Deskoin, enabling investors to trade digital assets directly with legal currency without their transactions being processed on an order book;
• prime brokers offering over-the-counter (OTC) services to institutional services, such as Woorton and Aplo;
• hardware wallet manufacturers like Ledger (arguably the most prominent French blockchain company);
• data collection and analytics services such as Kaiko and Sun Zu Labs, offering market data on digital asset exchanges to institutional clients;
• blockchain software development companies, including Nomadic Labs and Ark.io;
• layer 1 blockchain solutions such as Massa Labs, a company developing a scalable blockchain infrastructure;
• consulting and outsourced project management firms, such as Blockchain Partner, as well as numerous other smaller players in the market;
• DeFi platforms, such as Morpho, Angle, Atlandis, Paladin, Paraswap, Mangrove, or Kleros; and
• digital asset tax reporting and compliance tools (Waltio).

In France, the use of DeFi protocols has grown considerably, with numerous innovative projects and platforms emerging across various sectors. DeFi refers to a set of services related to crypto-assets, comparable to financial services and performed without the intervention of an intermediary or a centralised order book.

The following are some examples of notable and emerging French DeFi projects:

• Morpho Labs, a DeFi protocol that emphasises on cross-chain compatibility, thereby enhancing the interoperability between different blockchain networks.
• Swaap Labs, which recently raised EUR4.5 million in funding, is developing a suite of DeFi products aiming to provide a seamless user experience.
• Paladin, which allows the generation of interest using the decision-making powers of governance tokens.
• Mangrove, an exchange platform that offers users the ability to trade tokens and participate in liquidity pools, fostering DeFi growth.
• Dusa Labs, a decentralised application that hosts its front-end completely on-chain, by using the “Autonomous Smarts Contracts technology” developed by L1 Massa Labs.
• Atlendis, a decentralised lending platform that enables users to lend and borrow cryptocurrencies while maintaining full control of their assets; the platform focuses on providing a user-friendly experience, removing intermediaries, and reducing fees.

Several French individuals have also contributed significantly to the DeFi ecosystem, holding key positions or being founders in projects such as AAVE, Curve, APWine, and StakeDao.

While DeFi is a very fast-growing sector in the cryptocurrency industry, it is not currently defined or regulated under French law. However, most of the DeFi platforms offer services that fall within the DASP regime described in 2.1 Regulatory Overview, which requires registration with the AMF. It should, however, be noted that the DASP regime is not suitable for truly decentralised platforms with decentralised governance, and which are therefore not centrally controlled.

However, French regulators and parliamentarians are putting forward ideas for the regulation of DeFi, which is becoming a priority for the coming years. In April 2023, the ACPR, in collaboration with the Banque de France, released a report on decentralised finance, aimed at assessing the risks and opportunities associated with DeFi, and exploring potential regulatory approaches (the “DeFi Consultation”. The report was open for public consultation until 19 May 2023.

Relatedly, the Association for the Development of Crypto-assets (Association pour le développement des actifs numériques, or ADAN), released a report on the issues and problems it recommends to take into consideration for a prospective DeFi regulation.

Furthermore, the Haut Comité juridique de la Place financière de Paris (HCJP) is currently working on developing guidelines and recommendations for the regulation of decentralised autonomous organisation (DAOs) in France.

France has positioned itself as a pioneer in the field of digital crypto art, with Paris hosting a plethora of successful entrepreneurs involved in the non-fungible token (NFT) industry. This pioneering spirit was on full display during the emblematic NFT Paris event, held from 23 to 24 March 2023. This event featured high-quality speakers with international renown, including many luxury brand leaders.

The Centre Pompidou, a renowned complex of modern and contemporary art, became the first traditional cultural institution to acquire NFTs, adding 18 of them to its collection. Among these acquisitions were works by well-known artists, such as the American duo Larva Labs, creators of the famous CryptoPunks collection that popularised NFTs. CryptoPunk #110 was notably exhibited at the institution.

With the rise of crypto-related art in France, several innovative projects have emerged, including Sandbox and Sorare – two projects that are now world-renowned.

Finally, the NFT Factory, a dedicated NFT space in Paris, stands out among these initiatives. Launched by a collective of 128 tech and crypto leaders, artists, and investors (including Arianee, Blackpool, Ethereum France, The Sandbox, and Sorare), the NFT Factory aims to democratise NFTs for the general public by organising events, conferences, and exhibitions.

The regulation of the blockchain sector focuses on ICOs and DASPs.

ICOs

Article 85 of the PACTE Act created the option (and not the obligation) for tokens issuers in the context of an ICO, to apply for a visa with the AMF prior to the ICO being launched. The AMF’s approval serves as proof of the soundness of the operation, although it does not provide any guarantees with respect to the success of the project.

To be granted an ICO approval from the AMF, the following requirements must be met:

• the issuer must be a legal entity established or registered in France;
• the issuer must produce a white paper providing detailed information on the offering and the issuer itself (Article 712-2 of the AMF General Regulation (GRAMF)); and
• the issuer must implement adequate procedures for monitoring and safeguarding the funds raised as part of the ICO.

The issuer must implement a system to ensure compliance with the obligations regarding the prevention of money laundering and terrorism financing.

DASPs

The PACTE Act initially established a legal framework for DASPs that comprises two levels of regulation.

Under this initial framework, services can be provided pursuant to one of two regulatory regimes established under French law: (i) mandatory registration, or (ii) an optional licence, which licence provides more assurances to investors.

Mandatory registration

Registration is mandatory for the provision of at least one of the following services to French investors:

• custody of digital assets on behalf of a client;
• purchase or sale of digital assets against legal currencies;
• exchange of digital assets for other digital assets;
• operation of a digital assets trading platform.

In order to obtain DASP registration, French regulatory authorities perform due diligence on the following aspects:

• the suitability and competence of the directors and beneficial owners of the applicant entity, which involves an evaluation of their academic and professional experience in relation to the entity’s services to be provided, as well as a check of any past criminal records; and
• the anti-money laundering and anti-terrorism financing policies and procedures implemented by the applicant entity.

Optional licensing

An optional licence may be used in lieu of the mandatory registration for the provision of the four services which require such mandatory registration, as well as for the provision of the following services on behalf of third parties:

• the reception and transmission of orders for digital assets;
• the management of digital asset portfolios;
• advice to investors with respect to digital assets;
• digital asset underwritings; and
• the placement of digital assets.

In order to secure a DASP licence, the applicant must not only satisfy the requirements needed to obtain the mandatory registration, but it must also have:

• professional liability insurance or a minimum of equity capital in specified amounts;
• at least one effective director;
• sufficient human and technical resources;
• resilient IT systems;
• an internal control system;
• procedures for handling complaints; and
• procedures and policies to prevent conflicts of interest.

The optional licence enables its holders to engage in marketing and canvassing practices in France, which is otherwise prohibited to registered DASPs.

The requirements to operate under the DASP optional licence are substantially similar to those that will be required once the MiCA Regulation becomes effective.

Being licensed as a DASP should accelerate the process for obtaining the MiCA licence, and the resulting European passport, which will enable companies to provide their services in all member states with a single licence.

The regulatory framework for DASPs operating or serving customers in France has been substantially strengthened with the introduction of the reinforced registration on 28 February 2023. As detailed in 1.1  Evolution of the Blockchain Market, the reinforced registration and the licensed DASP statutes share many similarities with the exception of the prudential requirements that remain solely required for licensed DASPs. According to these requirements, licensed DASPs should alternatively have a certain amount of capital set aside or a professional liability insurance policy that provides EUR400,000 of coverage per claim and EUR800,000 of coverage per insurance year.

FATF Recommendations

The updated recommendations of the FATF suggest that a public authority should register various actors involved in the digital assets economy, and bring them into compliance with anti-money laundering legislation. Entities required to comply with the FATF’s requirements include:

• exchange between digital assets and fiat currencies;
• exchange between one or more forms of digital asset;
• transfer of digital assets;
• safekeeping and/or administration of digital assets or instruments enabling control over virtual assets; and
• participation in and provision of financial services related to an issuer’s offer and/or sale of a digital asset.

On October 2021, FATF updated its 2019 Guidance on the risk-based approach to virtual assets (VAs) and virtual asset service providers (VASPs). The document provides updated guidance on six main areas, including FATF standards applied to stablecoins and additional guidance on the risks associated with peer-to-peer (P2P) transactions and mitigation techniques.

UNIDROIT

UNIDROIT is the International Institute for the Unification of Private Law. One of UNIDROIT’s major projects, spanning from 2020 to the present, involves a working group dedicated to conducting studies on of digital assets and private law, which aims to develop a future legal instrument containing principles and legislative guidance in the field of private law and digital assets.

On January 2023, UNIDROIT released a public consultation on a collection of “Draft Principles and Commentary pertaining to Digital Assets and Private Law”. The principles are split into seven sections: scope and definitions, private international law, control, custody, secured transactions, procedural law including enforcement, and insolvency. They address a wide range of crypto-related legal concerns, particularly in terms of governing law.

Through this consultation, UNIDROIT seeks to ensure the principles’ adaptability across various contexts, including civil and common law jurisdictions, developing economies, emerging markets, and developed economies. The final principles were adopted in May 2023.

The AMF is the regulator that is responsible for supervising DASPs and ICOs. For instance, the AMF grants approvals to ICOs, as well as DASP registrations and licences.

However, the Banque de France and the ACPR are consulted as part of all DASP registration or licence applications with respect to anti-money laundering procedures. These procedures must be validated by the ACPR as a condition for the regulated statute to be granted. In addition, compliance with the AML/CFT legislation and internal procedures is supervised by the ACPR.

See 2.1 Regulatory Overview.

No French court has yet ruled on cases related to blockchain and digital assets, except for one important case decided by the Commercial Court of Nanterre on 26 February 2020.

The dispute focused on the legal qualification of Bitcoin and the loans associated with this asset. A liquidity provider had been granted a loan in bitcoins from the company Paymium (the oldest French exchange platform) to provide liquidity. The liquidity provider reimbursed the loan in December 2017 but did not pay the interest accrued in connection with this loan. As a consequence, Paymium froze the borrower’s account to recover the accrued interests.

With respect to the legal nature of Bitcoin, the Court found that bitcoins were both “fungible” and “consumable”. “Fungible” because each bitcoin is of “the same nature and quality” because the bitcoins are all derived from the same computer protocol and are equivalent to other bitcoins. “Consumable” because of the bitcoin’s use, in that each bitcoin would be “consumed” when they are used, whether to pay for goods or services, to exchange for money or to be lent, similar to legal currencies.

Regarding the bitcoin loan contract, the Court considered that it was a “consumer loan”. Finally, with respect to the treatment of the profits attached to the bitcoins loaned, the Court concluded that these profits belonged to the borrower, in accordance with the rules applicable to consumer loans in France.

This decision clarified the legal status of digital assets with respect to civil and contract laws, while the PACTE Act established a regulatory framework on digital assets services.

There has been no enforcement action related to digital assets in France.

However, the AMF may de-register a DASP, provided the ACPR grants its approval to such measure, on its own initiative or at the initiative of the ACPR, when the provider has ceased to materially comply with the obligations associated with its registered status.

To date, two DASPs have been withdrawn from the registration list of the AMF.

At the date of publication of this guide, France does not provide for a regulatory sandbox dedicated to blockchain or fintech initiatives, and there are no immediate plan by French regulatory authorities to implement a national regulatory sandbox.

By contrast, the European Commission has launched a blockchain regulatory sandbox in February 2023, that is set to operate throughout 2023. The sandbox aims to support 20 innovative blockchain solutions annually, including public sector use cases. The selection process will be overseen by a panel of independent academic experts. Projects are selected through calls for expressions of interest.

Individuals

Individuals are taxed whenever they carry out a transfer of a digital asset in return for a good, a service or a quantity of money in euros or another legal currency. This transfer constitutes in principle a taxable event – ie, the event that renders the declaration and payment of the tax compulsory.

Capital gains realised on an occasional basis by individuals domiciled in France for tax purposes, directly or through an intermediary, on a sale of digital assets, are subject to the flat tax at a rate of 30% (12.8% plus 17.2% in social security levies).

From 1 January 2023, purchase, sale and exchange transactions under conditions similar to those of professionals are taxed in the “BNC” category. Gains from mining are still taxed in the BNC category.

Professionals

The flat tax is not applicable to individuals acting in their capacity as professionals. In this case, the marginal rate of income tax and social security contributions can reach up to 60%. Capital gains resulting from trading digital assets can alternatively be subjected to corporate taxes.

The AMF and the ACPR both created internal fintech teams in 2016. These teams mostly focus on blockchain technology and digital assets, although their mandate covers the entire fintech sector. They are meant to function as “innovation hubs” and provide guidance to start-ups wishing to develop innovative products. Both of these regulatory authorities are in charge of the “FinTech forum”, which is a space for discussion between fintech players and regulators.

No specific provision under French law clarifies the nature of the rights of ownership with respect to digital assets. Digital assets would normally belong to the category of intangible goods (which also includes claims, patents, or copyrights). However, under French law, the effective transfer of most intangible goods is subject to a written notification (ie, for claims) or an inscription on a registry maintained by a public authority. Conversely, transferring a digital asset only requires sending, to a blockchain network, a transaction signed with a private cryptographic key.

The transfer of ownership is deemed final when the agreement between the transferor and the transferee is concluded, unless the agreement provides otherwise. In practice, agreements concerning the sale of digital assets should provide that the transfer of ownership is effective as of the moment the digital assets are transferred on the blockchain.

Further, digital assets may be deposited with a third party without this deposit triggering a transfer of ownership. However, complicated situations may arise if a depositary of digital asset were to become insolvent.

Principle 19 drafted by UNIDROIT (see 2.2 International Standards) aims to clarify the effects of insolvency on proprietary rights issues of digital assets.

Under French law, tokens are classified into three main categories: security tokens, utility tokens, and payment tokens.

However, the PACTE Act only refers to two specific categories: tokens (jetons) and digital assets (actifs numériques).

Digital assets are any digital representation of value that is not issued or guaranteed by a public authority and does not qualify as legal currency, but is accepted by legal or natural persons as a medium of exchange, and can be transferred, stored or traded electronically. Digital assets also include tokens.

Tokens are defined more broadly as intangible assets digitally representing one or several rights that may be issued, registered or transferred through a distributed ledger and which allow the direct or indirect identification of their owners.

Interestingly, financial instruments may qualify as tokens as soon as they are registered on a distributed ledger, which is permitted under French law. But such financial instruments would only be subject to financial instruments laws, meaning the regulation of tokens, ICOs, or digital assets would not apply to them.

Regarding the distinction between security tokens and digital assets, French law does not use, per se, jurisprudential precedents such as the Howey test. Under French law, financial instruments (instruments financiers) include derivatives contracts, equity financial instruments, bonds, and shares in collective investment schemes. To determine whether a token qualifies as one of these subcategories, a judge would consider the purpose of the implicit agreement between the token issuer and the subscriber, as well as the rights granted to the subscriber (ie, if a tokenholder is entitled to a fixed share of the benefits of the entity issuing the token, that token would qualify as an equity security, and therefore as an instrument financier).

Despite their popularity, stablecoins are not subject to any specific treatment under the DASP regulatory framework.

The potential qualification of certain stablecoins as electronic money has been discussed amongst regulatory authorities since the beginning of 2019. The European Banking authority (EBA), in January 2019, specifically mentioned this possibility. Digital assets may theoretically qualify as electronic money if they satisfy the following six cumulative conditions:

• they have monetary value;
• they are electronically stored;
• they are issued on receipt of funds;
• they are issued for the purpose of making payments transactions; and
• they are accepted by persons other than the issuer.

Therefore, a stablecoin issued by an entity under contractual terms allowing any holder of units of the stablecoin to redeem them at face value at any time could theoretically qualify as electronic money. However, the consequences of this qualification would be highly unclear, since the regulation of electronic money issuers and distributors is not designed to apply to entities issuing, receiving or transferring stablecoins.

However, the MiCA Regulation establishes a regulatory framework applicable to stablecoins. Under this text, any centralised stablecoin issued in Europe would be deemed as either an “electronic-money token” ( EMT), or as an “assets-referenced token” (ART). EMTs are defined under Article 3 (7) of the MiCA Regulation as “a type of crypto-asset that purports to maintain a stable value by referencing the value of one official currency”, while ARTs are defined under Article 3 (6) as “a type of crypto-asset that is not an electronic money token and that purports to maintain a stable value by referencing another value or right or a combination thereof, including one or more official currencies.” Issuers of EMTs in Europe will have to be licensed either as credit institutions or as e-money institutions, and comply with both MiCA and the e-money directive (EMD) (MiCA, Article 48). Issuers of ARTs shall either be licensed in the EU as credit institutions, or have been authorised under MiCA. These rules will apply from May 2024 at the latest.

It should be noted that Société Générale Forge (or SG-Forge, a subsidiary of the Société Générale Group, regulated as an investment firm) launched, in April 2023, the first stablecoin deployed on the public Ethereum blockchain, and pegged to the euro. This stablecoin, entitled CoinVertible (EURCV), is currently aimed at institutional investors.

In France, only the euro is recognised as legal currency. A creditor is only required to accept a payment made in euros. However, since there is no specific prohibition on the use of cryptocurrencies, parties to a contract may agree to use a digital asset as a means of payment. Legally, such operation would be regarded as an exchange rather than a payment.

In practice, various French retailers and websites provide for the opportunity to pay with digital assets. Most of these retailers use an external payment services provider, which automatically converts the digital assets received from the client to euros (eg, Bitpay), shielding the retailer from price volatility.

Before any development, it is important to note that the term “NFT” is sometimes improperly used. To qualify as such, an asset must be non-fungible; issued, registered, held or transferred by means of a blockchain; and represent a right, generally an intellectual property right.

To date, no regulatory framework exists in France concerning NFTs, as the PACTE Act is silent on this point. This is attributable to the difficult legal qualification of NFTs since the uses case are diverse and varied. In order to find the regime applicable to a specific NFT, a case-by-case analysis of the NFT’s characteristics should therefore be conducted.

It should be considered whether NFTs can be deemed “digital assets” under French law (composed of tokens and cryptocurrencies except those meeting the conditions of financial instruments). A comprehensive analysis of the rights and attributes of these assets, and, where applicable, their underlying assets, must be carried out.

The question of whether NFTs fall under MiCA’s regime remains unclear. Although Recital 6b of the regulation indicates that “the Regulation should not apply to crypto-assets that are unique and not fungible with other crypto-assets including digital art and collectibles”, the EU Commission has 18 months to develop an ad hoc regime dedicated to regulating NFTs. Further, NFTs are excluded from the scope of MiCA when they do not qualify as “digital assets”. This suggests that MiCA’s provisions would apply in this case.

Companies based in France mainly focus on the French market, notably because, in the absence of a European passport (which will be granted under MiCA) their regulated status only allows these companies to address the country in which they hold the appropriate regulatory status. In addition, the French market is relatively significant in terms of crypto-asset adoption. France-based exchanges, brokers and OTC markets include Coinhouse, Aplo, Meria, and Binance France.

Custodial exchange platforms remain the most convenient way to exchange fiat currency for digital assets. Although there are French platforms providing such services, some French investors still use trading accounts opened with foreign exchange platforms, notably because of their reputation and depth of liquidity. In addition, some French banks refuse to perform wire transfers when the receiving account is associated with a digital asset exchange (which is, however, becoming less frequent).

Other options are available:

• directly buying or selling digital assets to a broker, such as Coinhouse;
• buying crypto coupons from local retailers and redeeming them on a specific wallet;
• using an automated teller machine (or ATM) – 11 ATMs are listed across France;
• finding a buyer or seller of digital assets through a platform such as Localbitcoins and agreeing to physically exchange fiat currency against digital assets.

The regulation of payment services (ie, the European equivalent of money transmission) does not apply to crypto-to-crypto exchanges, as such services already are regulated under the DASP regulation. Crypto-fiat exchanges or brokers are subject to the ACPR’s guidance and must therefore become payment institutions or agents of a payment service provider. In practice, crypto-fiat brokers avoid that obligation by buying and selling digital assets for their own account.

The DASP regulatory regime requires the following entities to fully comply with the anti-money laundering (AML) legislation:

• DASPs that are required to register with the AMF (ie, entities providing service(s) for custody of digital assets, buying or selling digital assets in legal tender, trading of digital assets for other digital assets and the operation of a trading platform for digital assets);
• DASPs providing other services related to digital assets that choose to apply for a DASP licence with the AMF; and

• ICOs whose issuance has been approved by the AMF by means of the visa, but only with respect to the subscriptions received pursuant to the ICO.

Other actors (ie, mostly DASPs that do not provide custody, crypto-fiat or crypto-crypto brokering services and the operation of a digital asset trading platform) are not subject to any AML obligation, provided the services they provide doesn’t fall within the scope of the AML/CFT legislation.

The AML/CFT requirements, which must be complied with by the above-mentioned entities, derive in part from the order (arrêté) of 6 January 2021 relating to the AML/CFT system and internal control and the freezing of assets, and the Directive (EU) 2015/849 of 20 May 2015 on the prevention of the use of the financial system for the purposes of money laundering or terrorist financing (AMLD 4), as amended by Directive (EU) 2018/843 of 30 May 2018 (AMLD 5).

In addition, and as discussed under 1.1. Evolution of the Blockchain Market, on 21 July 2021, the European Commission published the European AML package, which is currently being negotiated. This package includes, in particular, a regulation on AML/CFT (known as the AMLR) which provides for the application of AML/CFT obligations to CASPs.

The package further includes an amendment to the 2015 TFR regulation, which transposes the FATF’s travel rule under EU law. TFR has already been adopted and will apply to CASPs.

On September 2022, for the first time, the AMF announced the withdrawal of a DASP registration due to breaches of the DASP’s obligations with respect to its AML/CFT requirements. This withdrawal followed an on-site inspection by the ACPR.

As explained above, the two main regulators are the AMF and the ACPR. In the event of fraud or fraudulent actions, the victim can take various actions. First, the victim can refer the matter to the AMF Ombudsman, who handles disputes relating to financial products and digital assets. To be processed by the AMF, the claim must relate to a registered or licensed DASP. Between 2021 and 2022, the AMF has faced a substantial increase in alleged claims, among which a quarter of the 2,000 referrals concerned DASPs.

The ACPR and the AMF, which co-operate closely on these matters, also detect fraudulent public offerings, and alert the public and professionals on those offerings they deemed not compliant with, or made in violation of the French regulation. The two authorities regularly publish thematic warnings and update their blacklists of unauthorised digital assets providers. To date, more than 100 entities are listed. Alongside them, the Directorate General for Consumer Affairs, Competition and Fraud Prevention (Direction générale de la consommation, de la concurrence et de la répression des fraudes, or DGCCRF) has authority to investigate and sanction consumer fraud. The Nabilla-Bitcoin case, for instance, led to a sanction issued by the DGCCRF.

In addition, the victim can file a complaint at the police station or before the competent court.

Licensed custodians of digital assets are required to obtain their clients’ consent before using their digital assets for any purpose. Furthermore, these custodians must segregate their clients’ digital assets from their own. The AMF, in its guidelines applicable to DASPs, clarifies that segregating the DASP’s clients’ assets from each other, on dedicated wallets, is a best practice that is recommended to DASPs.

To limit the custodian’s ability to use or re-hypothecate their clients’ digital assets, a GRAMF’s provision requires the custodian to ensure that the digital assets held on behalf of its clients are equivalent to the amount of digital assets for which the custodian controls the private keys. Frequent reconciliations between the off-chain and on-chain ledgers should therefore be carried on by the DASP.

In principle, wallet providers or entities which manufacture and sell hardware wallets (such as Ledger) are not considered as DASPs, provided they only provide technological infrastructure and do not hold or have access to their clients’ private keys.

Therefore, the issue at stake is whether the provider does, within the meaning of the DASP regime, have access to the means of control over the users/clients’ digital assets. If this were to be the case, the wallet provider would be required to register as a “custody provider” under Articles L. 51-10-2, 1 and R. 54-10-1, 1 of the French Monetary and Financial code. Whether the wallet is created by the client using a dedicated website or though software, which first needs to be downloaded, does not make a difference for the purposes of determining the applicability of the DASP regulation.

As detailed in 2.1 Regulatory Overview, under the PACTE Act, an issuing company can apply for the AMF’s visa for its contemplated ICO. This is an optional label that an issuing company may or may not request, and which indicates that the “information document” has been validated by the regulator, and therefore deemed satisfactory with respect to the disclosures made to prospective investors.

The distinction between security token offerings (STOs) and ICOs has been clarified in the PACTE Act, and in later AMF publications and guidelines. According to this regulatory framework, tokens that are deemed financial instruments are not eligible to the ICO regime, and should be issued as part of an STO.

The tax treatment of the ICO should also be considered, in order to assess whether the proceeds from the ICOs do trigger a tax event under French law, thereby making these proceeds taxable.

Initial exchange offerings (IEOs) are a form of fundraising conducted in partnership with marketplaces. IEOs are not regulated per se in France insofar as the PACTE Act does not provide for a specific regime. However:

• the issuer is subject to financial regulation if the assets being issued are deemed financial instruments; and
• the issuer may apply for the AMF’s approval.

Furthermore, since Order 2020-1544 of 9 December 2020, the operation of an exchange platform where IEOs are carried out should be registered with the AMF.

“Airdrops” or similar mechanisms that do not necessarily involve a purchase are not subject to a dedicated legal and regulatory regime in France.

However, Article 4 of the MiCA Regulation provides that Title II (which regulates the offerings and marketing to the public of crypto-assets other than asset referenced tokens and e-money tokens) does not apply if the digital asset is offered for free (without any compensation or consideration).

However, MiCA clarifies that a consideration does exist “where purchasers are required to provide, or to undertake to provide, personal data to the offeror in exchange for that crypto-asset, or where the offeror of that crypto-asset receives from prospective holders of that crypto-asset any fees, commissions, or monetary or non-monetary benefits in exchange for that crypto-asset.”

Two categories of regulated alternative investment funds are allowed to invest in digital assets: professional specialised investment funds (FPS) and professional private equity funds (FPCIs). FPCIs may only invest up to 20% of their assets in digital assets, while FPS are not subject to any limitation.

In addition, FPS and FPCIs shall be managed by a licensed asset manager. The management of funds invested in digital assets does not require a specific authorisation, but the programme of activity of the asset manager (which sets out the organisational structure of the asset manager) shall be adapted and provide for the appropriate procedures and measures in connection with the digital assets services to be provided. As the programme of activity must be validated by the AMF, the regulator does have supervisory authority over alternative investment funds that invest in digital assets.

Both FPS and FPCIs must appoint a depositary. The depositary is responsible for the custody of the assets owned by the funds. Therefore, the functions of investing and of custodying the assets are separated into two distinct entities.

Initially, French depositaries were not willing to take custody of digital assets, since the legal and operational risk was deemed too high. As a result, the first FPS with a clear focus on digital assets, which was launched by Napoleon AM, does not directly hold digital assets, but rather purchases listed derivatives on digital assets, which qualify as financial instruments.

Nonetheless, in 2022, the trend reversed when Arquant Capital became the first asset manager to directly invest in digital assets.

The regulatory framework applicable to digital assets services relating to digital assets covers a broad scope of intermediaries. Some of these services would be provided by broker-dealers or other financial intermediaries, such as the receipt and transmission of orders on behalf of third parties; purchase or sale of digital assets in legal tender; underwriting; or placement with or without a firm commitment.

With the exception of buying and selling digital assets in legal tender, these services do not require a mandatory registration with the AMF.

To date, no regulation or judicial precedent specifically addresses the enforceability of smart contracts. However, the French legal system can accommodate such contractual arrangements under the existing legal framework. Difficulties may arise from the outset with respect to the assessment of the smart contract’s scope and form: on the one hand, the smart contract can be seen as an automated computer program executing a separate and validly formed agreement; on the other hand, the computer code itself might be deemed as constituting the entire agreement. The French Civil Code does not require a specific form for most contracts, therefore providing flexibility for smart contracts to be recognised as valid agreements under French law. Enforceability thus relies on general contract law principles, such as consent, capacity, as well as a lawful and reliable content.

French courts are expected to assess smart contract validity and enforceability on a case-by-case basis, considering specific facts and circumstances. Courts will likely examine whether the smart contract at stake complies with French general and specific contract law requirements. As part of the DeFi Consultation (see 1.3 Decentralised Finance Environment), proposals for the regulation of smart contracts have been introduced. These include the following:

• In the absence of specific regulation, smart contracts are subject to the general rules of French contract law; this therefore implies that the conditions of consent, capacity, as well as a lawful and reliable content are met.
• Smart contracts that are addressed or used by consumers within the meaning of French law may be subject to the specific regime and rules provided under French consumer law; this includes rules on consumer protection, professional liability and the prohibition of misleading commercial practices.
• Smart contracts that process personal data are subject to French data protection legislation, in particular the European General Data Protection Regulation (GDPR); smart contract developers must therefore comply with data protection requirements, including the collection, processing and storage of personal data, in compliance with the GDPR.
• Smart contracts that enable fund transfers or financial transactions may be subject to French AML/CFT regulations; should that be the case, smart contract developers would be required to implement appropriate policies and procedures to process such transfers and transactions in compliance with the AML/CFT requirements.
• Certification of the code of smart contracts’ code, by public or private authorities.

The ability to held smart contracts’ or application’s developers liable under French law for losses resulting from the use of a software or code they participated in developing has not yet been confirmed. The Paris court is currently examining a case involving the developers of a smart contract, who allegedly orchestrated a scam involving 925 ether. A line of code in the smart contract maliciously slipped into the protocol, allegedly allowed the defendants to increase the initial 2% withdrawal rate to 100% half an hour later, an increase “drowned in the mass of operations, and therefore almost invisible to investors”, according to investigators of the case. Upon withdrawal, the plaintiff’s 925 ether were therefore automatically sent to the digital wallet of the developers of the smart contract.

The verdict in this case may shed some light on the liability of smart contract developers, although this will be limited to a proven case of fraud.

Pending any court’s ruling on this matter, the ACPR and the Banque de France, in the DeFi Consultation, have introduced regulatory measures with respect to the developers of smart contracts:

• regulation could require developers to be licensed or registered to operate – this could help ensure a minimum level of competence and security for a smart contracts’ users;
• developers could be required to disclose information about their identity, experience, how they manage risk and other relevant information to help users make informed decisions with respect to the smart contracts at stake; and
• developers could be held liable for losses incurred by smart contracts’ users, due to vulnerabilities or security issues – regulation could also establish compensation mechanisms.

Authorities could define technical and security standards with which smart contract developers should comply. This would foster user protection and strengthen the stability of the system.

Regulation of digital assets has focused on centralised participants, following the same logic as for financial services. These regulations have therefore not been written for disintermediated, peer-to-peer systems.

Yet, it should be noted that receiving repayable funds from the public and granting credits (ie core banking services) are the exclusive domain of regulated credit institutions in France. Non-credit institutions may however be granted exceptions, under specific regulatory statutes, and therefore provide loans or payment terms with similar purposes. Funds shall be understood as banknotes, coins, and scriptural or electronic money. Digital assets, which do not qualify as funds, fall outside the scope of credit regulation.

MiCA should not regulate DeFi protocols and stakeholders. It remains to be determined what is meant by DeFi, the level required to deem a project sufficiently decentralised, and the applicable regulation. In this respect, the EU Commission is currently working on a draft, ad hoc regulatory regime that will be applicable to DeFi.

The DeFi Consultation, released by the ACPR and the Banque de France, in April 2023, outlines the primary use cases, the potential for development, and the limitations of DeFi, as well as the risks associated with such protocols.

See 7.1 Decentralised Finance Platforms.

Providing custody services with respect to digital assets on behalf of third parties is a regulated activity, which requires a prior, mandatory registration with the AMF (see 2.1 Regulatory Overview).

The service of custody implies the ability to control, on behalf of a third party, the means of access to the digital assets of such third party, as registered in the distributed ledger. It further implies the responsibility to keep a register of positions opened in the name of the custodian, and corresponding to the third party’s rights on the said digital assets.

The AMF clarified that a service of custody can be found, where:

• the provider has the ability to transfer the digital assets through any means whatsoever in the DLT on behalf of the client;
• the provider has a wallet that contains the private digital keys associated with the digital assets held by its clients;
• the client’s digital assets are recorded in a DLT using a public address that is owned by the provider;
• the client has transferred its digital assets to a wallet opened using a public address that belongs to the provider, and allows the provider to transfer the assets on behalf of the client.

Custodians of digital assets are required to comply with obligations that vary depending on whether the provider is registered or licensed.

Licensed custodians are notably required to segregate the digital assets deposited by their clients from their own, allow clients to benefit from potential forks (such as the one occurring in 2017), and ensure that digital assets may only be transferred if the transaction is validated by multiple agents (eg, by using multi-signature wallets). Licensed custodians are also forbidden from using their clients’ digital assets without their approval.

The protection of personal data is regulated by Regulation (EU) 2016/679 of 27 April 2016 (the General Data Protection Regulation, or GDPR) and Law No 78-17, of 6 January 1978 amended in 2018.

The GDPR affords EU residents with rights in connection with, as well as means of protecting their personal data, including:

• the right of access by the data subject – ie, the right to request a copy of any of the data subject’s personal data which is being “processed” (ie, used in any way) by “controllers” (ie, those who decide how and why data is processed), as well as other relevant information;
• the right to erasure – ie, the right for the data subject to have its data erased, without undue delay, by the data controller, if one of the conditions set out in the GDPR applies; and
• the right to rectification – ie, the right to have the data rectified, by the controller, without undue delay.

The decentralised nature of public blockchains raises a number of challenges regarding the enforcement of these rights.

In this regard, it might be practically complex to identify a data controller and a data processor within the meaning of the GDPR. Further, the immutable nature of blockchain technology might render the enforcement of certain rights inapplicable, such as the right to erasure.

Many of these issues can be mitigated, but might result in a solution which substantially deviates from the way public blockchains work. For example, a private permission-based blockchain, would allow a controlling entity to identify all participants, and to categorise their activities as a controller or processor. Relatedly, storing most of the personal data on “off chain” ledgers would alleviate some of the issues around erasure, data minimisation and storage limitation.

The compatibility of blockchain technology with the GDPR was discussed in an analysis published in September 2018 by the French data protection authority (the National Commission on Informatics and Liberty, or CNIL). The CNIL concluded that once personal data is available on a blockchain, GDPR rules apply. However, the CNIL acknowledged that enforcing the GDPR is impractical with respect to public blockchains, and recommends not storing unencrypted personal data in a blockchain.

Under French law, there is a distinction between “data privacy” and “data protection”. Data Privacy refers to the right of collecting and processing, while data protection focuses on the role and responsibility of the entity processing the personal data.

The GDPR mainly regulates data privacy concerns, but some of its provisions apply to data protection. For instance, Article 32 of the GDPR provides that data controllers and data processors should implement appropriate technical and organisational measures to ensure that the security level is appropriate.

Mining refers to blockchain proof of work consensuses, by which miners secure and verify the transactions that are added to the network.

The mining of cryptocurrencies is not regulated in France as a dedicated activity. In practice, very few companies mine cryptocurrencies in France, since the business has not been profitable in the last few years due to the prices of both electricity and cryptocurrencies. Some investment schemes have grown in the last few years, whereby investors purchase stakes in mining operations located abroad (generally in Asian countries) and collect the profits of the mining, if any. Under these schemes, the investor does not purchase shares of the mining companies, but purchases directly one or several mining Application-Specific Integrated Circuits (ASICs) which are operated on its behalf by the mining company.

The European Parliament’s Committee on Economic and Monetary affairs (the “ECON Committee”) was considering a ban on crypto-assets using “proof of work” as a consensus mechanism to validate their underlying transactions. This amendment stemmed from concerns around the mechanism’s high energy consumption, which consumption were deemed to conflict with EU environmental goals. The final version of the bill finally took a “softer” approach by generally permitting the use of proof of work, subject to additional disclosure requirements to be included in relevant crypto-asset’s white papers.

Staking consists in locking and immobilising digital assets into validator software that participate in maintaining network data. The assets become locked and non-transferable for as long as the crypto-assets remain staked, and until such time that the relevant blockchain’s “unbonding period” or other waiting time requirement concludes. Validators are software programs that lock-up a set amount of a staker’s crypto-assets in a smart contract on the blockchain, and that are selected from a pool of full nodes to validate transactions and create new blocks on the blockchain.

Staking is not regulated as a distinctive activity or service under French law. Depending on the way the staking services are being provided (whether directly, through a centralised exchange platform, or by using the technology made available by a technological provider), this activity can require a prior, mandatory regulatory statute under French law.

Decentralized autonomous organization (DAOs) are a new form of social organisation whose governance is defined by computer code (smart contracts). A DAO’s organisational rules are transparent and can only be modified subject to the DAO’s governance’s rules.

The potential of DAOs goes far beyond their limited use with blockchain-related applications. DAOs share similarities in terms of governance with open-source projects. Moreover, some DAOs feature corporate governance mechanisms and structures, similar to those that can be found within traditional, incorporated companies. In this respect, the issuance and use of tokens introduces new ways of operating and establishing digital “corporate” governance. For instance, tokens can incorporate or convey economic incentives, tokenised votes, and abilities to solve disputes among DAO participants, including through the deployment of forks.

On 20 April 2023, the EU Blockchain Observatory & Forum organised a conference for the regulation of DAOs at the European level in Lisbon. This conference addressed key topics such as mandatory decentralisation, legal personality, governance structures, limited liability and capacity to enter into legal agreements, as well as crucial sectoral issues, such as dispute resolution, civil liability, tax law, criminal law and conflicts of laws.

It should be noted that the High Legal Committee of the Paris Financial Centre (HCJPé) is working on a report addressing the regulation of DAOs. This report shall be published before the end of 2023.

In France, there is no legal framework for DAOs. Two main speculative options should be discussed regarding DAOs’ legal entity status: the de facto company and the Law of Associations (1901).

There exists no dedicated corporate statute under French law that accounts for DAOs’ specific requirements and distinctive problems. This lack of dedicated status has resulted in DAOs generally operating without any corporate veil. There is therefore a risk that such DAO’s activities might be considered as being provided through a de facto company. This risk has prompted some DAOs to seek legal certainty by incorporating part or all of their activities under an existing corporate statute. To date, the most popular choice seems to be the 1901 law association.

The DAO as a De Facto Company

In practice, the operation of a DAO is very similar to that of a company. However, it is not certain that DAOs always qualify as a de facto company. A de facto company could be defined as a company resulting from the behaviour of persons who have participated together in a common economic venture in which they have shared the profits and borne the losses, and who have ultimately behaved as partners without being fully aware of this fact and, consequently, without having taken the steps necessary for the incorporation of a company.

The consequences of such a reclassification as a de facto company are both fiscal and legal, and could also be such as to qualify the DAO’s governance tokens as company shares, and therefore as financial instruments under French law. A de facto company’s creditors might further engage the company’s members’ liability, and therefore the responsibility of the DAO’s members, and seek compensation out of their respective private resources.

To date, no DAO has yet been requalified as a de facto company under French law.

The DAO as an Association 1901

A trend shows that DAOs incorporated in France tend to choose as their legal wrapper the 1901 Association statute. This is mainly due to the operational flexibility afforded by this regime, as well as the transparency and clarity of its management procedures. Paladin and Morpho Labs have chosen to incorporate their respective DAOs under the 1901 Association statute.

The 1901 Associations can be set up as non-profit organisation, or carry out a commercial activity under certain conditions. The relations between the 1901 Association and the protocol should be precisely defined in the association’s statutes. Indeed, the articles of association can transpose part or all of the DAO’s governance rules.

This statute has the advantage of providing a legal, defined structure to part or all of the DAO’s activities, while setting up a legal entity through which the DAO can enter into commercial agreements. Further, this legal wrapper may allow the circumvention of the DAO members’ responsibility, and offer some protection to the DAO’s assets.

There remain, however, numerous complexities and uncertainties regarding accounting, taxation and management liability. While this status offers the flexibility and level of representativity valued by DAO members, the 1901 Association statute is not tailor-made for these specific technological features. Yet, this statute remains one of the most suitable solutions to date for any DAO wishing to incorporate part or all of its activities within a legal wrapper.