The blockchain market has continued to steadily grow in the United Kingdom in the last 12 months, and there is increasing specialisation within the market into specific sub-sectors. Generally, we are seeing early signs of an influx of firms into the UK, encouraged by moves to make it a “crypto hub” for business.

We are seeing an array of different proofs of concept (PoCs), ranging from stablecoins to tokenisation of real-world assets, and new NFT concepts. A common set up for companies is to locate their head office and intellectual property in the UK, and then setting up subsidiaries abroad to target specific foreign markets.

We are seeing an element of regulatory “wait and see” for decentralised protocols, as there is an approach of seeing how the market develops, rather than pre-empting with regulation.

Currently, the approach is that decentralised finance is generally unregulated unless (i) it functions similarly to a fund (or “collective investment scheme”); (ii) it safeguards crypto-assets for users; and (iii) it is involved in transacting, or in “making arrangements with a view to” transactions in crypto-assets.

In the near future, we are expecting clarification regarding how decentralised autonomous organisations may operate in the UK, which may in turn encourage the development of the decentralised finance industry in the UK as there will be a clearer legal wrapper through which it can operate.

We are seeing the development of a range of new NFT concepts in the UK, and a particular aspect of these is that new laws designed to capture the financial promotion of crypto-assets may not be applied to NFTs when they do not constitute the undertaking of a financial activity.

Currently, the regulation of crypto-assets laws in the UK can be split into three groups. For most firms, the primary regulator in the UK responsible for the application of regulation is the Financial Conduct Authority. However, in certain cases the implications of a blockchain solution may also be regulated by the Prudential Regulatory Authority. 

The first is the securities/payments framework. This is set out in the Financial Services and Markets Act 2000 (Regulated Activities) Order 2001 (RAO), and requires that crypto-assets that fall within the definition of a “specified investment” are regulated in the same way as the relevant specified investment. So, for example, a token that performs the function of equity shall be regulated in the same way as equity.

The second regime is the AML registration regime, set out in the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (MLRs). This regime applies to certain activities in relation to all crypto-assets, and so the relevant activities, if performed in relation to a security token, may likely require both a securities licence under the RAO as well as registration under the MLRs. Whilst this regime is referred to as a “registration”, it is in fact an onerous process to obtain the required registration.

The third group of regulations concerns the proposed new rules, which are likely to start coming into force towards the end of 2023/early 2024. The specifics of these are yet to be determined, however they are likely to be influenced by principles from traditional finance. For example, the financial promotion of crypto-assets in/into the United Kingdom will generally be required to either obtain a sign-off from a person with the appropriate licence to do so, or will be required to fall within an exemption (and those exemptions are broadly similar to those which would apply to traditional securities). In addition, there are likely to be new regimes for specific use cases. A particular area of focus here is stablecoins for the purpose of making payments. They will likely fall within a regime regulating them broadly in line with traditional payment services, albeit with additional requirements, for example in relation to ensuring disclosure of the basis on which stability is ensured.

The UK has actively sought to implement laws and standards proposed by international bodies such as the Financial Action Task Force and the Bank for International Settlements. In certain areas it has even gone beyond the requirements prescribed by these bodies in order to position itself as a gold standard jurisdiction in the industry.

For most firms, the relevant regulator will be the Financial Conduct Authority, whose jurisdictional remit is determined by whether the relevant activity in relation to the particular crypto-asset falls within the scope of one of the frameworks set out in 2.1 Regulatory Overview.

The Financial Conduct Authority has had resourcing issues when dealing with the crypto-asset sector, and has responded by building up the required resources to more effectively supervise the industry. The Financial Conduct Authority’s approach to the industry has always been to require high (but achievable) standards, and the general approach in that respect has not changed since the bankruptcies in the blockchain sector in 2022.

The Prudential Regulatory Authority is also relevant to certain type of business, such as banks and insurers, and has a core focus on issues such as ensuring that the level of exposure of these businesses to crypto-assets and blockchain is properly managed.

The Advertising Standards Authority, whilst not a licencing regulator, has general jurisdiction as regards any advertising, and ensuring that any advertising complies with the UK’s code on advertising. The Advertising Standards Authority has authority to impose fines on firms that fail to comply with the UK’s standards for advertising.

There are no self-regulatory organisations or trade groups that perform regulatory or quasi-regulatory roles with respect to businesses or individuals using blockchain in the UK.

Currently, the most important litigation in the UK is around the Tulip Trading line of cases. These concern the extent to which coders of a network could owe fiduciary duties to holders of a token. The final position is still being determined, however the consequences are potentially far-reaching, as it may impact the willingness of coders to get involved in projects if they may incur liability as a result.

The regulatory perimeter for the securities framework is the same as that for traditional securities, which is well defined.

Currently, there is some confusion regarding the scope of the MLRs, in particular as regards the scope of “making arrangements with a view to” a crypto-asset transaction. However, with the expected move towards the expansion of the regulatory perimeter pursuant to the RAO, we are likely to get more clarity on this point.

There is a sandbox run by the Financial Conduct Authority that is targeted at innovation,  particularly where that innovation raises regulatory considerations. Whilst the sandbox is not specifically geared towards blockchain-based project, they are heavily represented in the sandbox.

HMRC has provided welcome guidance regarding how they will treat blockchain and cryptocurrencies, covering activities such as staking. In very broad terms, they are maintaining a similar treatment to analogous pre-existing forms of tax.

The Financial Conduct Authority has undertaken various surveys in relation to the benefits and risks of blockchain and crypto-assets generally, with a view to obtaining greater insights into the industry.

The Law Commission has also investigated how best to accommodate blockchain and crypto-assets within the existing UK common law framework. Work here has included confirming the nature of crypto-assets as a form of property, despite being based on data (which has not to date been generally treated as property), and considering whether the UK legal regime should be altered to cater more specifically for DAOs.

This issue is subject to consultation with the Law Commission (“Digital Assets: Consultation paper”). Whilst the position is not yet settled, current indications are that a state change in the blockchain would be indication of a change of ownership. However, it is unlikely itself that this will be definitive, for example because if there is a change in the holder of a private key giving access to a crypto-asset, that might indicate a change of ownership even if there is no on-chain state change.

The FCA has provided a helpful guide, which clearly sets out the different bases on which crypto-assets can be categorised, and was one of the first regulators globally to do this. The approach aligns with the general position under UK law, in that if a crypto-asset meets the definition of a specified investment then it is regulated; otherwise it is an unregulated token. The nature of the regulated specified investment depends on whether the crypto-asset meets the definition of electronic money (in which case it is classified as an e-money token) or a security token (in which case it is classified as a security token).

Currently, the key question is whether the crypto-asset falls within the definition of e-money. The definition of e-money is relatively restrictive, for example it requires that the crypto-asset have a 1:1 fiat value.

This is likely to change, as stablecoins used for the purpose of payment transactions are likely to become regulated. This regime will have its roots in traditional payment services regulation, however it will be adapted to the specific characteristics of stablecoins (eg, requiring that asset-backed stablecoins do actually have the required backing). This change is perceived as both closing a loophole within the existing regulatory framework as well as making the UK a more attractive jurisdiction to launch stablecoins (because of the certainty of a robust legal framework behind any UK projects).

Payments can be made in crypto-assets in the UK. Generally, payment in unregulated crypto-assets for goods and services is not a regulated activity.

However, the act of converting unregulated crypto-assets for fiat/crypto-assets, as well as making arrangements with a view to the conversion of crypto-assets for fiat/crypto-assets, is a registrable activity under the MLRs. As such, care does have to be taken to not undertake this activity unless the relevant registration is in place.

The general regulatory framework as described in 2.1 Regulatory Overviewapplies to NFTs. In this respect, we would note that most use cases of NFTs do not involve giving NFTs the characteristics of a security.

As regards tax, this generally does apply to NFTs, and so VAT can apply depending on the specifics of what is being done.

Generally, the focus of the markets in the UK has been on the development of custodial and non-custodial CEX models. DEXes have generally not been set up in the UK to date, in part because of perceived uncertainty regarding whether such a set-up would trigger an FCA registration requirement, and secondly because of a lack of an existing roadmap for a DEX to acquire the registration if required.

The key consideration from a UK perspective is the FCA registration requirement under the MLRs, if there is an exchange of (or the making of arrangements with a view to the exchange of) crypto-assets and fiat/crypto-assets by way of business in the UK.

A key point here is that the business must be “in the UK”. Under the MLRs, business involving UK persons cannot be considered to be “in the UK” if performed cross-border from a non-UK establishment, even if the users of those services are UK persons. However, this may change, as the current delineation of the regulatory perimeter is under review, with a view to expanding it to businesses that do not fall within the current regime.

Under the MLRs, in-scope firms are expected to comply with the full range of the anti-money laundering rules and related requirements, including as regards sanctions.

The Financial Conduct Authority is the primary regulator with responsibility for regulating digital assets in the United Kingdom, however in certain cases the Prudential Regulatory Authority may also have an interest, for example when a PRA-regulated firm has an exposure to crypto-assets.

Currently, issues such as fraud and manipulative practices are subject to common law rules prohibiting such behaviour. However, as part of the general expansion of the regulatory perimeter of the Financial Conduct Authority, the rules prohibiting market abuse, currently applicable only to security tokens, are likely to also be applied to prohibit such behaviour in relation to unregulated crypto-assets.

The law in the UK is currently not entirely clear on re-hypothecation of assets due to the lack of relevant case law. However, the work of the Law Commission and the UK Jurisdiction Taskforce in determining that crypto-assets can function as property, which has been endorsed by the courts, would tend to indicate that it would be possible to re-hypothecate (on-transfer) to third parties digital assets held for customers. Indeed, we are aware of certain companies operating under UK law that do undertake this activity.

The key distinction here is whether the relevant person is “safeguarding” crypto-assets. This is to a large extent a question of contractual set-up, in particular as regards which person is designated as taking responsibility for keeping the crypto-assets secure.

For example, if a person provides the software to enable customers to store their own crypto-assets, but does not take responsibility for the safeguarding of the crypto-assets, then that will often not be a regulated activity because the mere act of acting as a software provider to enable another person to perform an activity is not regulated.

Also, if a business does not itself safeguard crypto-assets, but rather arranges for a third party to safeguard crypto-assets, that is often not a regulated activity either because the business does not involve safeguarding crypto-assets, but rather arranging for a third party to safeguard crypto-assets.

This activity is subject to the general regulatory frameworks discussed in 2.1 Regulatory Overview. As such, the initial consideration is whether the relevant token being sold constitutes a security token.

In addition, an ICO will by its nature involve a transaction converting fiat/crypto-assets to (a different) crypto-asset, which is registrable with the FCA under the MLRs. The cornerstone of the MLRs is compliance with anti-money laundering requirements. However, given the general move towards expanding the regulatory perimeter, conduct of business requirements are likely to formally start to apply to ICOs, and firms operating from an establishment in the UK are therefore increasingly expected to take note of these. For example, it is becoming increasingly important for firms to be able to identify their target market for selling crypto-assets, and to ensure that their products are compatible with that target market.

A further area of development concerns how firms market any ICO. The Advertising Standards Authority has jurisdiction to impose penalties, such as for misleading or offensive adverts. In the future, the requirements are expected to expand, so that any financial promotion of crypto-assets will be required to obtain approval from a firm with the required licence to do so, or to be targeted at certain groups only (such as high net worth and sophisticated investors) which fall within an exemption.

The regulation of initial exchange offerings is not materially different from that applicable to initial coin offerings.

The MLRs apply to unregulated tokens when there is a conversion to fiat/other crypto-assets. As such, the act of giving away tokens gratis (ie, airdropping), or otherwise paying out tokens in return for services, is not a regulated activity in the UK.

The framework for investment funds/collective investment schemes does not have a special regime for crypto-assets.

In general, funds that invest in such assets are not suitable for the retail market, largely because the tokens, being unregulated, do not fit the investment criteria allowing them to be marketed to the UK retail market.

As such, it is usual for funds with crypto-asset exposure to be set up within a hedge, venture capital or private equity wrapper. Regulatory requirements for these funds are no different than for those investing in more traditional securities. Nevertheless, these funds are expected to fully understand the unique risks associated with the asset class they are investing in, as well as the potential for capital loss for their investors. Therefore, it is incumbent upon them to clearly communicate to their investors the possibility of capital loss when investing in such funds.

Brokerage activity in relation to crypto-assets requires registration with the Financial Conduct Authority under the MLRs. Furthermore, promoting an exchange, for example, would also trigger a requirement to register with the Financial Conduct Authority if the relevant activity constitutes making arrangements with a view to a transaction. 

Where the digital asset constitutes a security token, in addition to the registration requirement under the MLRs, there would also be a requirement to obtain authorisation from the Financial Conduct Authority under the RAO.

The law in the UK is sufficiently flexible to recognise the ability to form a contract using smart contracts, so long as the relevant requirements for a contract are met (such as offer, acceptance, consideration, intention to create legal relations, authority and capacity, and certainty). This means that a smart contract is not, by definition, a validly enforceable legal contract. For example, a smart contract to perform a service simply by virtue of a timing requirement being met (eg, to pay £10 every Monday at 09:00) is not in itself a legal contract because there is no consideration in return for the payment being made.

In this respect, therefore, a smart contract can be considered as evidence of the terms of a legal contract.

The position here is relatively unsettled pending the outcome of the Tulip Trading line of cases. The current position is that the Court of Appeal has found that developers might owe fiduciary duties to owners of crypto-assets on their network, however this outcome is not uncontentious, and the case is currently under appeal. 

B2B lending, such as lending to a limited company, is broadly unregulated in the United Kingdom.

The position is less clear in relation to lending crypto-assets to consumers. The prevailing view being taken by practitioners is that such activity is not regulated, because the asset being lent is not money, and the lending must be in money in order to be regulated. Additionally, these platforms raise questions about whether actual lending – in the sense of taking on credit risk – occurs. For instance, some platforms use flash loans designed to eliminate the need for parties to assume credit risk from each other.

Because a crypto-asset is essentially composed of data, the idea of “possession” – generally limited to tangible assets – may not be applicable. Therefore, it is unlikely that a crypto-asset could be pledged, for instance. The market has typically employed other mechanisms, such as title transfer collateral arrangements or non-possessory charges, to achieve similar outcomes.

However, an exception might exist for crypto-assets that are tied to physical, real-world assets. It could be feasible to physically possess and thus pledge the actual real-world asset. In this case, the pledge technically does not apply to the crypto-asset itself – which simply serves as a record of ownership – but to the real-world asset it is linked to.

There is no inherent requirement for a professional investor to transfer digital assets to a custodian; indeed, for certain more esoteric crypto-assets it may be that the investor has to take self-custody of the crypto-asset because there is no viable custodian able to support the relevant crypto-asset.

However, as part of general risk management expectations, there is often an implicit expectation that a professional investor who is, for example, a fund manager, will use a professional custodian to safeguard the crypto-assets. Not doing this may therefore raise questions regarding whether the manager is taking all skill, care and diligence to act in the best interests of their clients.

If a UK business is acting as a custodian of digital assets, the broad requirement is to register under the MLRs because the activity involves safeguarding crypto-assets for a third party (ie, a professional investor). In addition, if the crypto-assets constitute security tokens, there may be a requirement to obtain authorisation under the RAO for this activity, just as for traditional securities.

Data privacy laws and regulations in the UK apply to the use of blockchain-based products or services broadly in the same way as to any other business. They are therefore triggered by the act of processing personal data, and there are obligations to safeguard this information and to make certain disclosures in relation to how this information is used.

Data protection laws and regulations in the UK apply to the use of blockchain-based products or services broadly in the same way as to any other business. They are therefore triggered by the act of processing personal data, and there are obligations to safeguard this information and to make certain disclosures in relation to how this information is used.

Mining of cryptocurrencies is permitted in the UK, and is not in itself subject to any particular regulation.

However, a core consideration for any mining operation is whether it falls within the scope of being a collective investment scheme.

The definition of collective investment scheme in this respect is very broad. For example, it would likely cover a mining scheme where clients of the miner, receiving the benefits of the mining, do not have day-to-day control over mining decisions.

The regulation of staking follows the same approach as mining. As such, staking as a service, where this constitutes simply the provision of software so that clients can perform their own staking, generally falls outside the scope of regulation.

On the other hand, managed staking models, such as pooled validator staking and liquid staking, are more likely to involve the operation of a collective investment scheme. This brings such staking models within a regulatory framework, which can be relatively resource intensive to comply with, and which effectively prohibits the staking products from being provided to the retail market.

Currently, the United Kingdom is not a particularly popular jurisdiction for DAOs. This is thought to be due to the lack of clarity regarding how best to structure a DAO to fit within the UK’s legal and regulatory framework.

In response to this, the Law Commission is currently working on proposals to either set out how DAOs may be set up in the UK, or alternatively to change the law in the UK to more explicitly allow for DAOs, for example in terms of creating a new form of corporate DAO entity.

Another relatively unexplored aspect of DAOs in the UK is how a DAO would obtain regulatory licences, if a requirement for a licence were triggered.

There are no specific requirements for DAO governance in the United Kingdom, however there is developing academic and practitioner expertise regarding what should be in place from a governance perspective. This is a developing field and is likely to evolve quickly.

There are philosophical and practical considerations at play when deciding how best to proceed. From a liability perspective, it makes sense to, for example, use a limited company for a DAO – however this is perceived as an intrinsically centralised model. As mentioned in 10.1 General, the Law Commission is currently working on proposals in this area.