Austria has positioned itself as one of the top EU jurisdictions for crypto-asset service providers (CASPs) and token-based protocols and projects. This is primarily due to its already existing large community. Every year in May, an updated version of the “Blockchain Landscape Austria” is released (see here). The 2024 update shows that 42 new players chose Austria as their base for EU operations. The overarching theme in the market is currently adapting to the new rules established by the EU Markets in Crypto Assets Regulation (MiCA).
Highlights of the Austrian Market
The “Blockchain Landscape Austria” map underscores the substantial size and diversity of Austria’s cryptocurrency market, featuring 230 active participants. To give some highlights, Austria is home to Europe’s largest Bitcoin ATM provider and one of the largest EU-based CASPs. It is also home to one of the largest operators of validators on Ethereum, and before the switch to proof-of-stake, the world’s largest Ether mining pool. The first security token offering approved by any EU regulator was carried out in Austria (by the author of this contribution). The world’s first and to this day most successful postal stamp with a blockchain twin was issued in Austria.
Asset Tokenisation
More than ten tokenisation providers offer their services, and there are multiple businesses already operating on the basis of asset tokenisation. Business models span a diverse range of sectors, from tokenised car sharing, energy communities, wine, precious metals, gemstones, or real estate investments. Moreover, tokenisation is not limited to tangible assets; it is also being applied to financial instruments. Tokenised securities, or security token offerings, have become increasingly common tools in Austria’s corporate finance landscape. Additionally, Austria is home to one of the few EU-regulated entities that provide security token exchange services.
Austria’s NFT Scene
Austria’s NFT scene is also very mature. Besides the above-mentioned crypto stamp, a number of NFT-based online games were developed in Austria, and the technology is used on a continuous basis to tokenise art – eg, of world-famous Austrian painter Gustav Klimt.
Mining, DAOs, DeFi
Mining companies are represented in Austria, and DAO projects show how decentralised decision-making can be achieved. A lot of protocols have chosen Austria as their operational base. Several Swiss foundations behind numerous protocols use Austria as their EU and MiCA gateway. Moreover, Austria is home to truly decentralised finance (DeFi) protocols, which operate without any regulatory supervision, as confirmed by the Austrian Financial Market Authority (FMA).
Consulting Firms, Tax and Legal Advisers
Since the community is so large, a growing number of consulting firms, tax and legal advisers have built extensive expertise. It is safe to say that anyone choosing Austria as their EU hub will find experienced advisers that can help get everything operational quickly.
Crypto-assets Are Subject to Ownership
As a civil-law jurisdiction, the primary legal source for rules on ownership, and property law in general, is codified in the Austrian General Civil Code. In contrast to other civil-law jurisdictions such as Germany, under Austrian law the concept of ownership is not limited to tangible assets. Intangible (crypto-)assets can also be subject to ownership and other property rights, provided the technology used ensures that transactions of such crypto-assets are recorded immutably and third parties have no way of disposing of one’s crypto-assets. This is the case with decentralised public blockchains such as Bitcoin or Ethereum. Property law principles are also applied to smart contract-based token protocols on public chains, again provided that third parties are excluded from disposing of one’s tokens. Centralised or permissioned DLT is treated differently, however. Those systems, and the crypto-assets based on them, are seen as software-as-a-service and are therefore not subject to property law principles.
Legal Classification of a Transaction Request
Coming back to public and decentralised DLTs, a transaction request on those systems is not viewed as a contractual offer but rather as an offer of a reward made to all miners or validators who partake in the mining/validation process. Because of this classification, users and miners/validators do not form contracts with one another but a miner/validator can still claim the reward offered alongside the transaction request if he or she is able to record the desired transaction in a block. This means that miners or validators on public blockchains do not form contracts with one another either.
Transfer of Ownership in Crypto-assets
The transfer of ownership of crypto-assets based on public and decentralised DLT (such as Bitcoin or Ether) is subject to general property law principles. Besides an agreement (eg, purchase agreement) which serves as the basis for the ownership transfer, Austrian law requires a “mode of transfer”. In its most basic form, this is a handover of the asset. In the context of blockchain this means an on-chain transaction. However, other modes of transfer are valid as well; eg, constitutum possessorium or tradition brevi-manu where ownership is transferred without any on-chain transaction occurring.
Crypto-asset, Asset-Referenced Token, E-money Token, Utility Token
Since MiCA was adopted, the terminology used in Austria has shifted somewhat. The term “crypto-asset” is now exclusively used as defined in MiCA, meaning, put simply, any DLT-based digital representation of value or rights. Besides that, MiCA introduced three additional definitions, namely “asset-referenced tokens”, “e-money tokens”, and “utility tokens”. The first two are new concepts altogether, and at their core they cover tokens which purport to maintain a stable value in relation to either an official currency (e-money tokens) or other asset (asset-referenced tokens). Unfortunately, in the case of utility tokens, the EU legislature opted not to adopt the broader market definition, namely a class of crypto-asset distinct from security tokens that covers a wide range of use cases. Instead, under the new regulations, utility tokens are narrowly defined as crypto-assets solely intended to provide access to a good or a service supplied by its issuer.
Virtual Currency, Cryptocurrency
The term crypto-asset replaces the term “virtual currency” which was introduced by the 5th Anti Money Laundering Directive. Put simply, virtual currency is a digital representation of value that is used as a means of exchange. While this term will vanish from Austrian law with MiCA’s full applicability, its meaning will continue to be used in the Austrian Income Tax Act under the name of “cryptocurrency”. Virtual currency or cryptocurrency can be viewed as a subclass of the term crypto-asset (namely digital representation of value, as opposed to digital representation of rights).
Pointer Tokens
The term “pointer token” is used in connection with real-world asset tokenisation where a custodian is involved. The pointer token then refers to a specific piece of a commodity (gold coins, gemstones, wine bottles, etc) or to a percentage of co-ownership in a commodity (cars, yachts, paintings, real estate, etc). Through the transfer of the pointer token, the custodian is instructed to hold the asset for the new token holder instead of the previous one (thereby transferring ownership in the asset; see also 2.3 Tokenised Securities).
Security Tokens
The term “security token” refers to any “transferable security” in the sense of MiFID II, which instead of a physical paper note uses the blockchain as transaction register. Note that security tokens are not regulated under MiCA but under MiFID II only (and the respective national implementation acts).
Non-fungible Tokens or NFTs
Finally, the term “non-fungible token” or “NFT” is used to describe crypto-assets which are not covered under MiCA due to their uniqueness; eg, because each single piece is linked to a specific piece of digital art.
Tokenised Securities Are Subject to MIFID II
The supervisory regime for transferable securities is harmonised by the EU Markets in Financial Instruments Directive (MiFID II). Austria implemented the regime in the Securities Supervision Act 2018. The term “transferable securities” in Austria is defined by way of reference to MiFID II. The Directive defines the term as those classes of securities that are negotiable on the capital market, with the exception of instruments of payment. MiFID II goes on to give examples, such as shares in companies, bonds or other forms of securitised debt, including depositary receipts in respect of shares or bonds.
Methods of Tokenisation
Transferable securities can be tokenised in two distinct ways. Debt claims (bonds, profit participation rights, etc) can be tokenised directly by linking the claim to the possession of a token. This is achieved simply through clauses in the security terms. As a result, the transfer of the claim requires the transfer of the token. This approach requires the application of property-law principles to the crypto-asset to which the claim is linked. If this is not the case, for example when a private permissioned blockchain is used, then this approach is not viable to create a tokenised security from an Austrian civil-law perspective.
In such cases the security can still be tokenised, however, by tokenising co-ownership in a physical global note of that security. A custodian is in possession of the global note; eg, a bank. Tokens are used to indicate to the custodian whom they should hold the global note for. On the basis of the security’s terms, any transfer of a token on the blockchain is viewed by the custodian as an instruction to now co-possess the global note for the new token holder, thereby also transferring co-ownership in the security. This method of tokenisation can be used for virtually any tangible asset.
Stablecoins Are Subject to MiCA
The supervisory regime for stablecoins is fully harmonised by MiCA. MiCA distinguishes between e-money tokens and asset-referenced tokens. E-money tokens are crypto-assets that purport to maintain a stable value by referencing the value of one official currency. Asset-referenced tokens are a type of crypto-asset that is not an e-money token and that purports to maintain a stable value by referencing another value or right or a combination thereof.
Algorithmic Stablecoins Are Subject to MiCA
Since merely purporting to maintain a stable value suffices, stablecoins with no functional peg at all are also covered by this definition. Since neither definition makes any reference to a particular mechanism of how to maintain the peg, the definitions also cover algorithmic stablecoins. Note, however, that Title III and IV MiCA lay out a number of obligations for issuers of such tokens which are in direct conflict with how an algorithmic stablecoin maintains its peg.
MiCA Does Not Cover Fully Decentralised Protocols
This does not mean that algorithmic stablecoins are completely unattainable under MiCA, however. The solution is to structure the protocol in a “fully decentralised manner” and “without any intermediary”. Such systems do not fall within the scope of MiCA (see MiCA Recital 22). However, this raises questions about the precise meaning of “without an intermediary” and “in an exclusively decentralised manner”. Put simply, a protocol that operates without the need for any party to fulfil promises qualifies under these criteria. One could also use the term “trustless” to characterise fully decentralised systems.
NFTs Are Not Covered by MiCA
Currently, crypto-assets that are unique and not fungible with other crypto-assets, including digital art and collectibles (non-fungible tokens or NFTs) are not covered by any regulatory acts in Austria. MiCA does not apply (see MiCA Recital 10 and 11) and no national laws or regulation exist.
From a legal perspective, NFTs are not characterised by the use of any particular technology. Using ERC-721 or any other technical NFT standard has therefore no bearing on the legal qualification of that token as an NFT. Instead, one must ask whether or not the tokens are sufficiently similar to essentially all represent the same use case and therefore same value. A good example in the real world is bank notes. Each note has a unique identifier printed on it – its serial number. One could argue that from a technical perspective, bank notes are therefore non-fungible. But viewed from a use-case angle, it becomes apparent that the notes are, in fact, interchangeable and therefore all represent the same value.
NFTs Are Subject to General Consumer Protection Legislation
NFTs do not exist in a legal vacuum, however. As they are typically sold to consumers or traded over the internet, the EU Consumer Rights Directive must be observed. This Directive, implemented in Austria in the Consumer Protection Act and the Distance and Off-Premises Transactions Act, provides for extensive disclosure requirements and generally a 14-day right of withdrawal from a purchase (unless an exemption applies).
Both volatile crypto-assets such as Bitcoin but also stablecoins such as Tether and others can be used as a means of exchange in Austria. In fact, a growing number of companies accept crypto as payment, in particular in cross-continent transactions. There are no legal restrictions on the size of a crypto payment, whether large or small.
Any type of crypto-asset can be used as collateral under Austrian law. While for the transfer of ownership, an on-chain transaction is only one of multiple acceptable modes of transfer (see 2.1 Ownership), a pledge over crypto-assets is less flexible. If the crypto-assets in question are currently with the pledgor then an on-chain transaction to an address of the pledgee is required. If the crypto-assets are already in possession of the pledgee but owned by the pledgor (eg, where a CASP uses crypto-assets held for the user) for the pledge to be validly established and enforceable, the pledgor must make visible note of the pledge in its books. In effect, the same principles apply that govern the establishment of collateral arrangements over tangible assets.
It is widely accepted in Austrian legal literature that smart contracts can be used to make contractual offers, to receive such offers, and also to form contracts between two or multiple parties. Austrian courts will not follow the doctrine of “code is law”, however. Rather, they will use the legal toolkit of interpretation to decide what a reasonable party was able to expect from interacting with another party using smart contracts.
Note, this does not mean that any interaction with a smart contract must automatically be viewed in contractual terms or must result in the conclusion of a contract. It is also widely accepted that smart contracts can be used without any contracts being concluded. This is the case when a protocol is structured to operate in a fully decentralised manner and without any intermediary (see 2.4 Stablecoins).
MiCA – the Legal Basis for all Crypto-asset Services in Austria
In Austria, MiCA is the legal basis for the provision of all crypto-asset services as well as for token issuings. The Austrian MiCA Implementation Act stipulates that the FMA is the competent authority for all MiCA-related matters.
Rules for Public Offers
MiCA sets out general requirements for the public offering of crypto-assets within the EU. Public offer is a communication to multiple people in any form, and by any means, presenting sufficient information on the terms of the offer and the crypto-assets to be offered so as to enable prospective buyers to decide whether to purchase those crypto-assets. Any communication, including publishing information on a website, or recommendations by influencers in video messages or at events can constitute a public offer. Any public offer of crypto-assets is subject to the following requirements:
These requirements for the public offer of crypto-assets do not apply if:
MiCA also provides for exclusions based on the nature of the offering. A White Paper is not required if:
Rules for CASPs
The following crypto-asset services are covered by MiCA:
All crypto-asset service providers are subject to certain general obligations. These include the duty to act honestly, fairly and professionally in the best interests of the customer. Further, it includes a duty to provide fair, clear and not misleading marketing communications and to warn of risks.
MiCA provides certain prudential requirements; eg, minimum capital requirements, as well as certain governance arrangements to be put in place. It further requires, as a general principle, that all service providers store crypto-assets and funds securely, and in a way that, in case of insolvency of the CASP, the crypto-assets and funds of the clients are protected. For Austria, this means rights for segregation and preferential rights in case of insolvency must exist (also see 4.1.6 Resolution or Insolvency Regimes).
All CASPs must also have a functioning complaint management system and adequate procedures to identify, prevent, manage and disclose conflicts of interest. Outsourcing may only be undertaken in accordance with MiCA requirements, and each CASP must have a plan in place to properly manage its business should the outsourcing provider cease operations.
In addition to these general obligations, MiCA imposes a number of specific obligations, each of which affects providers of certain services.
Pre-licensing Discussions With the Austrian FMA
The Austrian FMA provides a roadmap (available here) as well as additional information (available here) for CASPs intending to set up operations in Austria. It actively encourages future applicants to reach out as early as possible for informal preliminary discussions to allow sufficient time for preparation and co-ordination. When requesting a meeting, the FMA asks that a questionnaire be completed (available here). Note that both the pre-licensing discussions as well as the whole licensing proceedings can be conducted in English.
Presence Requirements Under MiCA
All CASPs wishing to file an application with the Austrian FMA must also have their registered office in Austria where they conduct at least part of their services. They must also have their place of effective management in Austria, and at least one of the managers must be an EU resident. A CASP licensed in Austria may provide its services throughout the EU; this may be done either under the freedom of establishment (eg, through a branch), or under the freedom to provide services (ie, without establishment).
Simplified Licensing
MiCA distinguishes between two groups of CASPs, namely (i) companies that acquire their first license under MiCA, and (ii) companies that already hold a license to provide (traditional) financial services. For companies that already hold a financial services license, MiCA outlines which services can be provided by which entities:
These companies may provide the respective crypto-asset services after following a certain procedure. First, the companies must notify the FMA at least 40 working days in advance and provide certain information. This includes, among other things, a business plan and descriptions of various internal processes. The FMA will review the information within 20 working days and may request additional information as necessary. The company may provide the services once the requested information has been fully provided to the FMA.
Regular Licensing
A simplified procedure is only available to the above-mentioned companies which are already supervised. All other companies must submit an application for authorisation to the FMA. MiCA contains detailed information on the application procedure and the necessary documents. After examining the application, the FMA can and will issue improvement orders and request additional information. MiCA provides multiple grounds to reject a license application. The most important ones in practice are concerns about the personal reliability of managers or beneficial owners or deficient internal control procedures.
If marketing is conducted, the marketing communications must be clearly identifiable as such, it must be fair, clear and not misleading, consistent with the information in the White Paper and it must reference the White Paper and contain certain disclaimers and statements set forth in MiCA. For documentation purposes, marketing communications must also be posted on the offeror’s website. If the public offer of a crypto-asset is concerned, no marketing may be conducted prior to the publication of the White Paper (if a White Paper is required in that particular case).
Austria has implemented the 5th EU Anti-Money Laundering Directive (AMLD5) in the Financial Markets Anti-Money Laundering Act. This Act applies to all CASPs. The central element of money laundering prevention is the due diligence obligations that so-called obliged entities must apply to their customers. The general due diligence obligations include, among other things:
The due diligence obligations must therefore not only be applied to new customers, but reviews and updates must also be carried out periodically, as well as when there are indications of changes.
The FMA is tasked with ensuring that both management and beneficial owners of all supervised entities are professionally suitable and personally reliable. To ensure this is the case, potential buyers as well as potential targets of an acquisition have to notify the FMA ahead of any binding agreement. The legal basis for the ensuing ownership control procedure is an ordinance issued by the FMA (Ownership Control Ordinance 2016).
As part of the notification to the FMA, the following general documents must be submitted:
In practical terms, it is highly advised to approach the FMA as soon as possible and long before any binding agreement between acquirer and seller is reached.
Segregation Requirement Under MiCA
MiCA requires CASPs to implement procedures that guarantee the segregation of client assets from their own assets. The segregation must be maintained at all times, ensuring that in the case of insolvency, the client assets are protected and can be promptly returned to the rightful owners without being subject to the claims of general creditors. Furthermore, CASPs are required to have strong internal control mechanisms to monitor this segregation of assets. This includes regular audits and reconciliations to ensure compliance with the segregation requirement. Lastly, CASPs must also provide clear and regular reporting to clients about the status and location of their assets.
Implementation Under Austrian law
In Austria, the Insolvency Act stipulates that crypto-assets can generally be part of the insolvency estate. The Act grants a right to segregation to anyone who can show that they have certain rights in rem or personal rights to crypto-assets in the insolvency estate. Whether a right to segregation exists must be assessed exclusively in accordance with the general principles of Austrian property law. The most frequent reason for segregation is ownership or co-ownership. Therefore, to comply with MiCA’s segregation requirement, it must be ensured that a CASP’s clients are actually owners of the crypto-assets held for them by the CASP. For details on ownership over crypto-assets under Austrian law see 2.1 Ownership.
There is no applicable information in this jurisdiction.
No Current Specific Limitations to Crypto-asset Exposure
There are currently no specific limitations under Austrian law on crypto-asset exposure of regulated entities. UCITS funds could invest (within the boundaries of generally applicable limitations) into units of other funds holding crypto-assets; a direct investment is not permissible for UCITS funds. An AIF can invest (again, within the boundaries of generally applicable limitations) into regular crypto-assets (Bitcoin, Ether, etc) which are not to be classified as security tokens.
CRR III and BCBS Standard on Crypto-asset Exposure
Under the upcoming CRR III which will be directly applicable also in Austria, rules on crypto-asset exposure will be implemented for the first time. These rules are loosely based on the revised Basel Committee on Banking Supervision’s standard on the prudential treatment of crypto-asset exposures (but limited to the most restrictive aspects of the BCBS standard).
The Basel standard distinguishes between two main groups of crypto-assets: Group 1 and Group 2. Both groups are further divided into two subgroups. Group 1 crypto-assets include tokenised traditional assets (Group 1a) and crypto-assets with effective stabilisation mechanisms (Group 1b) if they meet four specific classification conditions. Group 1a instruments are also referred to in the industry as security tokens (see 2.2 Categorisation and 2.3 Tokenised Securities) and Group 1b instruments as stablecoins (see 2.4 Stablecoins). Group 1 crypto-assets are generally subject to the same capital requirements as the underlying risk positions (ie, the underlying asset for Group 1a or the reference asset for Group 1b).
Group 2 includes crypto-assets that do not fulfil all four classification conditions. In the opinion of the Basel Committee, they represent an increased risk compared to Group 1 crypto-assets and are therefore subject to a new conservative capital approach. Virtual currencies that function purely as a medium of exchange, such as Bitcoin or Ether, are always classified as Group 2 crypto-assets. Under certain conditions, hedging transactions for the respective risk position are recognised as Group 2 crypto-assets. Such crypto-assets then fall into group 2a. The risk weight and the required capital for crypto-assets in Group 2a are therefore similar to that of Group 1. Only if neither the four classification conditions, nor the requirements for the recognition of hedging transactions, are met does the crypto-asset fall into Group 2b. A risk weight of 1,250% is then applied by default.
Austria has a regulatory sandbox. It is established with the Austrian FMA and it allows start-ups and existing regulated entities alike to test innovative business models under regulatory supervision in a controlled environment.
In order to participate, applicants must provide a comprehensive description of the business model, including how it works, the technology involved, and the expected benefits. Applicants must further demonstrate a significant economic interest, showing potential benefits to the financial market or economy in Austria. Also, the business model should be ready for market testing, implying that it has moved beyond the conceptual stage and is prepared for real-world application.
An application must be filed with the Austrian FMA. The filing can also be done in English. The FMA conducts a preliminary review and hands the application over to the Regulatory Sandbox Advisory Council, consisting of representatives from the Ministry of Finance, FMA, Austrian National Bank, and other experts. This council assesses the economic interest, market readiness, and testing feasibility of the business model. Based on the council’s assessment, the FMA makes its final decision on whether to admit the applicant to the sandbox.
There is no applicable information in this jurisdiction.
In Austria, several regulatory bodies are relevant to businesses or individuals using blockchain technology. Each of these bodies has its own scope of jurisdiction and regulatory approach to blockchain and digital asset firms:
Within the Austrian Chamber of Commerce, CASPs are organised in the subdivision for financial service providers and crypto-asset service providers. This body is tasked with representing the interests of the industry in legislative proposals and serving as a single point of contact for other stakeholders. In addition, the Digital Assets Association Austria, a voluntary interest group, promotes the interests of the industry.
There is no applicable information in this jurisdiction.
There is no applicable information in this jurisdiction.
There is no applicable information in this jurisdiction.
Austria has implemented a special tax regime for crypto-assets in the Income Tax Act. In the Act, the definition of virtual currency (as introduced by the 5th Anti-Money Laundering Directive) is used to define the newly introduced term of “cryptocurrency”. Income from cryptocurrencies is classified as income from capital, subjected to a special tax rate of 27.5%. This encompasses income from staking, airdrops, bounties, and hard forks, which are taxed upon sale rather than receipt. For domestic taxpayers, capital gains from cryptocurrency transactions must be reported, and capital gains tax (KESt) must be deducted by CASPs headquartered in Austria.
Austrian law does not provide for ESG requirements. Note, however, that MiCA mandates that issuers of crypto-assets as well as CASPs must disclose the principal adverse impacts of the technology underlying a certain crypto-asset on the environment, specifically related to the consensus mechanisms used. This includes the environmental and climate-related impacts of mining or other processes used to validate transactions on the blockchain.
Blockchain-based products and services are subject to the EU General Data Protection Regulation (GDPR). In practice, the Regulation plays a role only when it comes to centralised market participants such as CASPs or token issuers. It is also relevant when a smart contract is used to provide services to others. In the case of fully decentralised systems (see 2.4 Stablecoins) and speaking from a practical perspective, the GDPR becomes a non-issue. The so-called right to be forgotten can be maintained by storing personal data on the blockchain only in encrypted form and storing a separate decryption key for every data entry stored on the blockchain. If someone exercises their right to be forgotten, this request can be complied with by simply deleting the decryption key associated with the data entry to be deleted.
Seilerstätte 24
1010 Vienna
Austria
+43 1 997 10 25
+43 1 997 10 25 - 99
ov@sv.law www.sv.lawIntroduction: The Overarching Theme
MiCA preparation dictates everyday business
As Europe progresses steadily towards the full applicability of the EU Market in Crypto Assets Regulation (MiCA), which fully harmonises the crypto industry across all EU member states, preparing for this new legal regime is the overarching theme of recent developments in Austria’s crypto industry:
What is MiCA, actually?
MiCA is a complex framework. It introduces, for example, the obligation to draw up a (standardised) crypto-asset White Paper before offering crypto-assets to the public in the EU or listing crypto-assets on an EU exchange. Additional requirements apply to issuers of asset-referenced tokens and e-money tokens, two newly introduced legal concepts. CASPs wishing to conduct business in the EU must set up shop in an EU member state and must obtain a license. MiCA also prohibits market abuse in the crypto markets, including market manipulation and insider dealing.
This article cannot provide an in-depth explanation of all of MiCA’s intricacies. If you would like to learn more, please consider downloading our booklet on blockchain in Europe at gomica.eu, which is a compendium on MiCA compliance, or reading the MiCA commentary “Crypto-Assets” (ISBN 3406777864).
Other legal sources
Note that while MiCA is certainly at the core of crypto-asset regulation in Austria and Europe, it is far from the only legal source to consider. There are a number of guidelines and delegated regulations, including regulatory technical standards (RTS) and Implementing Technical Standards (ITS) adopted by the European Banking Authority (EBA) and the European Securities and Markets Authority (ESMA). In fact, it is becoming increasingly difficult to keep track of all the delegated legal acts. There is no central index by any EU body known to us keeping track of all consultation papers, final reports, delegated regulations or guidelines. Therefore, we maintain such an index ourselves at gomica.eu/resources.
How the Austrian FMA is Preparing for MiCA: EU’s Leading Regulator
Why the FMA is a good choice
Non-EU CASPs should consider opening their EU base in Austria. This automatically leads to the Austrian FMA becoming the competent regulator for their business. There are a number of factors that play into this consideration:
Excursus: How Austria’s FMA became Central Europe’s “crypto regulator”
It cannot be stressed enough that Austria’s financial markets regulator FMA has an exceptionally strong understanding of blockchain/DLT and almost any business model in the crypto industry. This should not come as a surprise considering the dynamics that played out in the decade before the EU legislature stepped in by adopting MiCA, in particular relating to the differing legal views the Austrian FMA held as compared to German regulator BaFin.
As early as 2013, BaFin decided to categorise Bitcoins as units of account within the meaning of the German Banking Act. It arrived at its conclusion before discourse on the legal quality of Bitcoin had even fully begun in Germany. The argumentation was correspondingly criticised as unsubstantiated and based on incorrect assumptions. The impact of BaFin’s enforced perspective had dramatic consequences for the nascent German crypto industry. These repercussions were evident long before the flaws in BaFin’s legal interpretations became apparent, as a more nuanced understanding of this new phenomenon evolved.
In contrast, the Austrian FMA took a different approach. In 2014, it declared itself not competent for business models relating to Bitcoin. This regulatory reluctance was not due to major differences in the legal traditions between the two EU member states, but was rather due to the realisation that crypto-assets on public blockchains differed fundamentally from financial instruments. This relaxed approach allowed the industry to develop unhindered in Austria. For this reason, a number of crypto entrepreneurs with German roots settled in Austria to test their business models. This, in turn, provided the FMA with ample opportunity to gain exposure to a diverse range of business models, enabling it to accumulate a level of expertise that remains unparalleled.
To this day, the Austrian FMA continues to play a leading role as an opinion leader at the EU level. It was, for example, a driving force behind the current ESMA draft guidelines on reverse solicitation.
How CASPs Prepare for MiCA: An Industry Grows Up
To prepare for providing MiCA services, future CASPs need to take a series of strategic and operational steps to ensure compliance. We generally recommend the following steps:
How Protocols Adapt to MiCA in Austria: A Push Towards Decentralisation
DeFi not covered by MiCA
MiCA is often viewed by protocol developers as an impending regulatory presence just over the horizon. Many developers do not wish to become regulated under MiCA. Fortunately for them, there is a way out. Decentralised protocols, such as the entire area of decentralised finance (DeFi), do not fall within the scope of MiCA.
Recital 22 of MiCA states that crypto-asset services that are provided in a fully decentralised manner without any intermediary, should not fall within the scope of the regulation. While recitals are not a binding part of MiCA, they do bear weight. It is basically a recognition by the EU legislature that smart contracts can be published in an immutable manner, in such a way that an unlimited audience can access them, and that these smart contracts can provide functionality without the involvement of any third party.
When is DeFi truly DeFi?
Of course, immediately the question arises as to what exactly is meant by “without an intermediary” and “in an exclusively decentralised manner”. The utilisation of smart contracts in providing crypto-asset services (or financial services, for that matter) does not automatically confer a status of decentralisation. Companies can use smart contracts to provide crypto-asset services or financial services in their own name. In such cases, the smart contract is merely a tool used by a company.
At the end of the day – or at the end of the legal analysis – sufficient decentralisation can more or less be equated with trustlessness. If nobody needs to trust that other parties stick to promises, and if the protocol continues functioning even if its developers disappear, the protocol is usually sufficiently decentralised so as to not fall within MiCA. The details are, obviously, more complex.
The concept of decentralisation is well understood in Austria, and also by the FMA, which has dealt with fully decentralised systems in the context of financial services in the past and has concluded that they do not fall within financial market regulation and developers are not subject to the FMA’s supervision. Against this backdrop, a number of developers are currently reviewing whether their protocols are sufficiently decentralised to not fall within MiCA.
How TradFi Prepares for Crypto Business Under MiCA: The Equivalence Regime
As stated earlier, MiCA was not written for the crypto industry but rather as a way for established financial market participants to engage in crypto-asset services. This can best be observed in Article 60 of MiCA, which establishes an equivalence regime between financial market services and crypto-asset services (but not the other way round). Traditional financial service providers are allowed to engage in certain crypto-asset services. In particular:
This only requires a notification of their competent regulator which must include a programme of operations detailing the types of crypto-asset services and marketing plans, descriptions of internal control mechanisms, risk assessment frameworks, business continuity plans, ICT systems, security arrangements, procedures for segregating client assets, custody policies, trading platform rules, commercial policies, execution policies, qualifications of personnel providing advice or managing portfolios, and details of the crypto-assets involved.
How Third-Country CASPs Are Preparing for MiCA: No More Reverse Solicitation
Current status of reverse solicitation rules
As of writing, ESMA has completed its consultation process regarding its draft guidelines on reverse solicitation under MiCA. Its final report has not yet been published, however.
What is reverse solicitation?
Generally, third-country firms may not solicit clients in the EU as they are not authorised to provide CASP services in the Union. There is only one exemption, namely if the client, on their own initiative and without solicitation, contacted the firm and requested the service, the third-country firm may provide it (Article 61 of MiCA). The rationale for this exemption is that clients shall not be excluded from using third-country firms if they choose to do so without having been solicited by such firms.
In any case, it should be understood as applying in very limited and narrow circumstances. Although often referred to as the reverse solicitation exemption, it is actually a prohibition: a prohibition on third-country firms soliciting clients established or situated in the Union, unless the crypto-asset service was explicitly requested by the client without any solicitation. It also states that in order to make sure that clients of CASPs benefit from full rights and protections afforded to them under MiCA and that EU CASPs are not put at a competitive disadvantage compared to third-country firms vis-à-vis EU clients, it is important to actively protect EU-based investors and MiCA-compliant CASPs from undue incursions by non-EU and non-MiCA compliant entities.
ESMA limits permissible reverse-solicitation
ESMA highlights that the term solicitation should be construed in the widest possible way. It includes banner advertisements, sponsorship deals, solicitation by any kind of affiliates such as influencers and other celebrities. This broad interpretation of the term solicitation, especially with respect to online activities and the use of banner advertising and the use of influencers and other celebrities, reflects the fact that crypto-assets and crypto-asset services are essentially offered online.
Similarly, a broad interpretation should be given to the person soliciting. It may be the third-country firm or any entity or person on its behalf. The relationship between the third-country firm and the person soliciting on its behalf does not necessarily need to be a contractual relationship – it may be explicit or implicit. For instance, if a third party is undertaking a marketing campaign or building the third-country firm profile in the Union, then the third-country firm would not be able to claim that there was no solicitation carried out and to rely on Article 61 of MiCA.
Also, timing is of the essence when a third-country firm relies on the reverse solicitation exemption. If the third-country firm meets all the conditions to rely on Article 61 of MiCA, it may only do so for a very short period of time. The third-country firm relying on the exemption is not allowed to subsequently offer the client further crypto-assets or services, even if such crypto-asset or service is of the same type as the one originally requested, unless they are offered in the context of the original transaction. Although the draft guidelines do not provide any definite time window during which the exemption may be used, the lapse of a month or even a couple of weeks between the provision of the crypto-asset service based on a request made on the client’s exclusive initiative and a subsequent offer by the third-country firm would exclude the application of Article 61.
Consequences for third-country CASPs
Third-country CASPs which have acquired EU customers in the past have to adapt to this new interpretation of the reverse-solicitation principle. Even sending a single email to an existing EU customer after 30 December 2024 may trigger EU regulators to initiate proceedings for unauthorised business. And while a CASP may hold the view that fines are of no concern, the regulator’s possibility to publish investor warnings – also known as naming and shaming – should suffice to encourage third-country CASPs to re-evaluate their customer information processes.
Why the EU Data Act’s Kill Switch Provision is Not What You Think
The industry seems to still be of the opinion that the upcoming EU Data Act will require all developers of smart contracts to include a “kill switch”. This is not the case. Since it is still a topic of contention, we chose to end this article by explaining why protocols do not have to worry.
What is the EU Data Act?
The Data Act is an EU regulation that sets out a harmonised framework on fair access to and use of data. It seeks to ensure that users of “connected products” that generate data concerning their performance, often referred to as the “Internet of Things”, can access and use the data generated by the use of these products, including by sharing them with third parties of their choice. The Data Act is in the final stages of the EU legislative process. It entered into force on 11 January 2024 and will apply (ie, be directly enforceable) from 12 September 2025.
What is the Data Act’s kill-switch obligation?
Article 36 of the Data Act obliges vendors of applications using smart contracts for executing data sharing agreements to ensure that those smart contracts comply with certain requirements, including ensuring that a mechanism exists to terminate the continued execution of transactions and that the smart contract includes internal functions which can reset or instruct the contract to stop or interrupt the operation. This is often referred to as a kill switch.
It is important to stress the italicised part of the above paragraph. The provisions of the Data Act regulating smart contracts, including the requirement to implement a kill switch, relate only to smart contracts used in the context of data sharing agreements under the Data Act. The Recitals to the Data Act make that abundantly clear. Recital 47 points out that smart contracts may reduce the costs in regular or repetitive transactions between data holders and data recipients. Recital 104 states that, to promote the interoperability of tools for the automated execution of data sharing agreements, it is necessary to lay down essential requirements for smart contracts which professionals create for others or integrate in applications that support the implementation of agreements for data sharing. Recital 104 notes that the essential requirement to ensure that smart contracts can be interrupted and terminated implies mutual consent by the parties to the data sharing agreement.
Article 8 of the Data Act requires that, in cases where a data holder is obliged to make data available to a data recipient, it shall agree with a data recipient the arrangements for making the data available and shall do so under fair, reasonable and non-discriminatory terms and conditions and in a transparent manner. Article 11 provides that a data holder may apply appropriate technical protection measures, including smart contracts, to prevent unauthorised access to data and to ensure compliance with the Data Act as well as with the agreed contractual terms for making data available.
Why is the kill switch not of importance?
It is in the context of these data sharing agreements between data holders and data recipients, as contemplated in Articles 8 and 11 of the EU Data Act, that the harmonised standards for smart contracts exist, including the requirement to implement a kill switch. In a decentralised system, miners or validators, but also protocol participants are – in almost all cases – not data holders or data recipients and therefore are not obliged to share data pursuant to the Data Act. They are also not subject to the Data Act’s smart contract requirements. However, developers could become subject to the smart contract requirements if they qualified as a manufacturer of a connected product, provider of a related service, data holder or data recipient and used smart contracts in the context of a data sharing agreement. That said, you would have to be creative to find an example where that would be the case.
Seilerstätte 24
1010 Vienna
Austria
+43 1 997 10 25
+43 1 997 10 25 - 99
ov@sv.law www.sv.law