The Spanish government has been cautious and conservative in its approach to cryptocurrencies. This is because Spanish law is highly protective of the rights of investors and consumers and, during the recession, there have been a number of cases of financial, securities and crypto-asset fraud. Cryptocurrency cannot be legally treated as legal tender, as Law 46/1998 of 17 December on the introduction of the euro as the national currency, provides that from 1 January 1999 the national currency of Spain shall be the euro.

In January 2023, Spanish fintech company Monei was green-lighted by the Bank of Spain to carry out its digital euro project, which was showcased in the Spanish financial sandbox. Under the name EURM, this stablecoin will be the first digital euro in Europe. EURM facilitates online payments and the transmission of euros between individuals through the creation of a token using the new Ethereum 2.0 blockchain technology. This shows that the Bank of Spain’s intention is not to fight blockchain technology but, rather, to embrace it and focus increasingly on it.

As regards AML matters, on 28 April 2021, the Spanish National Gazette published the Royal Decree-Law 7/2021 of April 27 (“RD-Law 7/2021”) transposing EU directives in the areas of competition, prevention of money laundering and credit institutions. RD-Law 7/2021 modified Law 10/2010 of April 28 on the prevention of money laundering and terrorist financing (the “AML Law”) – issues that have caused all governments great concern when it comes to the misuse of crypto-assets. The most relevant inclusions in RD-Law 7/2021 were official definitions of virtual assets and the new regulated entities included within Article 2 of the AML Law – among which can be found (in Section Z) the “providers of services regarding the exchange between virtual and fiat currency, and the custody of virtual wallets” (hereinafter “Virtual Asset Service Providers (VASPs)”). This means that all VASPs must be registered within the Bank of Spain’s specifically tailored registry for these types of entities. The registry has been active since January 2022 and, to date, 102 entities have been registered and now operate in Spain.

On the other hand, Law 6/2023 of March 17 on securities markets and investment services (the new Ley del Mercado de Valores, or LMV) entered into force on April 2023. This new law establishes that all financial instruments that are issued, registered, transferred or stored using distributed ledger technology or other similar technologies will be subject to the new LMV. It also appoints the National Stock Market Commission (Comisión Nacional del Mercado de Valore, or CNMV) as the competent authority to oversee compliance on the Markets in Crypto-Assets Regulation (the “MiCA Regulation”), which was published on 9 June 2023 by the Official Journal of the European Union. This marks an important transition point towards the digitalisation of traditional economy. It is important to note that, even though the MiCA Regulation has already entered into force, it will only apply from 30 December 2024.

The MiCA Regulation contains two transitional periods, beginning with a first fixed period of 18 months already foreseen in the same rule running from the date of entry into force until 31 December 2024, according to the following schedule:

• 29 June 2023 ‒ entry into force;
• 29 June 2023 ‒ date of application of certain articles;
• 30 June 2024 ‒ date of application (Titles III and IV); and
• 30 December 2024 ‒ “general” implementation date (Titles I, II, V, VI and VII).

This is followed by a second “variable” period ‒ as determined by each jurisdiction ‒ of up to 18 additional months, totalling 36 months. In the case of Spain, this variable period would be 12 months (see 143.3, second paragraph) and for crypto-asset service providers the following timetable would be relevant:

• From 30 December 2024 ‒ entities that are not providing crypto-asset services must be MiCA-licensed from that date (MiCA licence (“new entities”)).
• From 30 December 2025 ‒ entities already providing crypto-asset services before 30 December 2024 must be MiCA-licensed as of that date  (MiCA licence (“operating entities”)).
• From 30 December 2024 until 30 December 2025 ‒ “simplified” procedure for already operating entities. It is foreseen that EU member states may apply a simplified procedure to applications for authorisation that are submitted within this period by entities that, on 30 December 2024, were authorised under their national law to provide crypto-asset services.

Lastly, Law 28/2022 of December 21 on the promotion of the start-up ecosystem (the “Start-Up Law”) entered into force on 22 December 2022. Although it is not tailored specifically to blockchain technology, start-up companies that use this technology for innovative purposes will benefit from the Start-Up Law. Besides introducing tax benefits and other facilitators, the law also regulates controlled test environments (known as “regulatory sandboxes”). The purpose of these spaces is to remove the general regulations – under the supervision of a regulatory body or entity – so as to evaluate the usefulness, viability and impact of technological innovations in different sectors. In this respect, the start-ups are allowed to test for one year in an environment controlled by the corresponding regulator.

Blockchain technology is a fast-growing market and, according to a report by the Bank of Spain, cryptocurrency transactions in Spain amounted to nearly EUR60 billion in 2021. The report also mentions an increase in the number of transactions in Europe, in which Spain accounts for around 10% of cryptocurrency business in the eurozone.

Blockchain technology is being used by businesses and individuals throughout Spain in a variety of promising ways – be they B2B, business-to-person (B2P), B2C, peer-to-peer (P2P), or customer-to-customer (C2C) applications (or, in the case of Digital Euro and Jobchain, all of these).

Digital Euro

As mentioned in 1.1 Evolution of the Blockchain Market, one notable recent announcement is the EURM project, which was presented through the regulatory sandbox by fintech start-up Monei and received approval from the Bank of Spain in January 2023. The project’s objective is to leverage blockchain technology to fully digitise payments and money transfers, thereby enhancing security and programmability as well as significantly reducing costs compared with traditional transfer systems. The project will cater both to consumer needs (eg, facilitating money transfers between individuals and enabling payments for goods and services) and B2B applications, including digitising and automating daily payments from retailers to suppliers.

“TrustOS” Technology

TrustOS, a decentralised software layer powered by smart contracts deployed across various blockchain networks, offers a wide range of functions through which to integrate blockchain technology smoothly into B2B and B2P processes. By leveraging a series of HTTP libraries and application programming interfaces (APIs), TrustOS provides core capabilities such as traceability, certification, reconciliation, and tokenisation. These functionalities interact seamlessly with existing platforms, networks, and ecosystems, enabling businesses to leverage the benefits of blockchain technology.

To facilitate the adoption of blockchain technology among Spanish and Latin American start-ups, telecommunications company Telefónica launched the “Blockchain Activation” programme in 2019. As part of this programme, up to 15 start-ups had the opportunity to explore and implement TrustOS in various use cases.

GSMA International Roaming

The promotion of international roaming services involves the exchange of information and secure payments between telecommunications companies (telcos). Recognising the need for more efficient business processing in this area, GSMA (an international trade association that represents mobile operators such as Telefonica) has turned to blockchain technology. In an effort to address the challenges faced by the wholesale roaming industry, GSMA has released a proof of concept that aims to revolutionise existing B2B processes.

According to GSMA, the wholesale roaming industry is experiencing a 5.6% Compound Annual Growth Rate (CAGR), while the costs associated with running its operations are growing at an 8% CAGR. This disparity creates an unsustainable model for the future, emphasising the urgent need to improve the existing roaming processes between telcos. So the critical issue lies in facilitating network traffic between operators, which traditionally requires dealing with each individual operator’s portability database. By leveraging blockchain technology, the creation of a single shared database for all operators becomes feasible. This breakthrough would greatly accelerate data traffic and reduce the costs associated with managing the compensation for international calls between operators.

Employability and Remuneration

Within the realm of blockchain technology, exciting projects are emerging to foster a more dynamic relationship between employers and employees. Platforms such as Jobchain, which is operated by a company registered as a VASP with the Bank of Spain, are at the forefront of this movement. Their goal is to simplify the connection between a wide range of service providers and users, thereby revolutionising the way people hire and get hired – irrespective of time and location. These platforms also offer the added benefit of instant compensation, empowering both employers and employees to maintain their rights within a secure and verified environment.

Green Energy Verification

As the green energy corporate contracting market continues to expand, the demand for proof of the renewable origin of energy is increasing. Blockchain technology offers a promising B2C solution to this demand, thereby enabling efficient customer service on a global scale.

A notable example of how this technology can be used for verification purposes can be found in the Spanish company Acciona, which has developed a commercial platform called Greenchain. This platform leverages blockchain technology to provide customers with real-time visibility into the renewable origin of the energy they receive. Through Greenchain, customers can access accurate and reliable accreditation of the energy’s 100% renewable source.

Visa B2B

Alongside IBM, Visa developed a payment platform that utilises blockchain technology to facilitate money transfers between banks and thus removed the need for the current Society for Worldwide Interbank Financial Telecommunication (SWIFT) network. Spanish banks such as Santander and BBVA are showing interest in the applicability of blockchain technology for these purposes. However, no significant steps have been taken towards its implementation.

Know Your Customer (KYC)

Many Spanish companies are incorporating blockchain data platforms such as Chainalysis to reinforce their client onboarding processes. This is undoubtedly one way blockchain technology can be used to provide citizens and companies with a greater sense of security and trust.

Currently, in Spain, there are no specific parameters or regulations in place that explicitly determine the ownership of digital assets based on blockchain technology. However, the determination of ownership can vary depending on the type of digital asset in question.

As outlined in the recently published MiCA Regulation, there are different categories of cryptocurrencies:

• crypto-assets, which are digital representations of value or rights that can be electronically transferred and stored using distributed ledger technology or similar technology;
• asset-referenced tokens, which aim to maintain a stable value by referencing the value of fiat currencies, commodities, or other crypto-assets;
• e-money tokens, designed as a means of exchange and to maintain a stable value by referencing a legal tender fiat currency; and
• utility tokens, which provide digital access to goods or services available through a distributed ledger technology and are accepted solely by the issuer.

In determining ownership, factors such as whether the token represents an underlying asset or if the token itself holds intrinsic value can be considered. Additionally, when it comes to the digital file and associated metadata, ownership is typically established by the blockchain technology and the smart contract involved. The same principles apply to non-fungible tokens (NFTs). However, it is important to note that rules regarding ownership of chattels or assets are generally governed by the Spanish Civil Code in Spain.

In Spain, there is currently no comprehensive local legislation that provides a detailed categorisation of digital assets. However, in 2018, the CNMV published a document addressing initial coin offerings (ICOs) and cryptocurrencies that specifically targets professionals within the financial sector. In this publication, the CNMV expressed the view that a significant number of ICO operations should be treated as issuances or public offerings of negotiable securities. This assertion was based on the broad concept of negotiable securities outlined in Article 2.1 of the LMV in force at the time.

The CNMV publication highlighted several factors that were deemed relevant in determining whether an ICO involved the offering of negotiable securities:

• tokens granting rights or expectations of participation in the potential appreciation or profitability of businesses or projects (or presenting equivalent rights to shares, bonds, or other financial instruments regulated by the Spanish LMV);
• tokens providing the right to access services or receive goods or products, with an explicit or implicit reference to benefiting from their appreciation or receiving remuneration associated with the instrument; and
• tokens mentioning liquidity or the possibility of trading on markets considered equivalent or similar to regulated securities markets.

Furthermore, when traded individually, cryptocurrencies could be classed as chattels or commodities.

Following the CNMV’s publication in 2018, the Spanish Securities Market Law was repealed, and the new LMV was introduced during the first quarter of 2023. As mentioned in 1.1. Evolution of the Blockchain Market, Article 2 of the new LMV was amended to include all financial instruments issued, registered, transferred, or stored using distributed ledger technology or similar technologies under the CNMV’s supervision. In other words, the views documented by the CNMV in its 2018 publication were legally reinforced.

In parallel, the MiCA Regulation (published in June 2023) explicitly excludes crypto-assets qualifying as financial instruments under the Markets in Financial Instruments Directive 2014 (“MiFID II”), which serves as the foundation for the new LMV. The MiCA Regulation calls for the European Securities and Markets Authority (ESMA) to issue guidelines on the criteria and conditions for classifying crypto-assets as financial instruments – with a view to establishing a clear distinction between crypto-assets regulated by the MiCA Regulation and traditional financial instruments.

Until ESMA issues these guidelines, market participants will need to rely on the aforementioned statements from the CNMV and the available context (eg, documents such as the issuer’s White Paper) to determine the categorisation of digital assets.

The LMV introduces the necessary adaptations for the implementation of the MiCA Regulation, which was published on 9 June 2023. It allows the tokenisation of shares in companies with a market capitalisation of less than EUR0.5 billion, the issuance of bonds or securitised debt, up to EUR1 billion, or units in funds with a market value of less than EUR0.5 billion.

Article 2 of the new LMV, goes further and allows the tokenisation of the following financial instruments:

• transferable securities;
• shares in companies;
• money market instruments, units and shares in collective investment undertakings, as well as venture capital and closed-end collective investment undertakings;
• options, futures, swaps, forward rate agreements and other derivative contracts relating to financial instruments, currencies, financial variables, commodities or emission allowances; and
• derivative instruments for the transfer of credit risk, financial contracts for differences, and emission allowances.

On the other hand, the new LMV anticipated the entry into force of the MiCA Regulation, designating the CNMV as the competent authority for the supervision, inspection and sanctioning in relation to compliance with the issuance, offer and admission to trading of tokens that are not financial instruments.

Specifically, the MiCA Regulation regulates the tokenisation of non-financial instruments and introduces a classification of tokens, as follows:

• utility tokens ‒ a type of crypto-asset used solely to provide access to a good or service provided by its issuer;
• asset-referenced tokens ‒ a type of crypto-asset that is not an electronic money token and which is intended to hold a stable value referenced to another security or right, or a combination of both, including one or more official currencies; and
• “electronic money token” – a type of crypto-asset that, in order to hold a stable value, is referenced to the value of an official currency.

As mentioned in 2.2 Categorisation, there is no local legislation that makes distinctions between tokens. Therefore, there is no formal distinction between stablecoins that are backed by deposits of fiat currency and “algorithmic” stablecoins that use a formula to maintain their peg. Therefore, it would be necessary to assess – on a case-by-case basis – whether the specific token qualifies as a security/financial instrument (subject to Spanish stock market legislation) or as “crypto-assets not considered financial instruments” (subject to Spanish AML law).

Nonetheless, it is worth emphasising that the MiCA Regulation introduces a definition for asset-referenced tokens and for e-money tokens, and specific rules are proposed for these types of assets. The so-called algorithmic stablecoins, which aim to maintain a stable value in relation to an official currency or in relation to one or several assets via protocols, are also mentioned in the MiCA Regulation. Although the MiCA Regulation separates them from asset-referenced tokens and e-money tokens, it states that the same rules contained in Titles III or IV of the regulation will apply. However, in the case of algorithmic crypto-assets that do not aim to stabilise the value of the crypto-assets by referencing one or several assets, Title II of the MiCA Regulation will apply.

Its important to consider that, as the MiCA Regulation has been published and entered into force, these classifications also apply in Spain – even though the MiCA Regulation will only be applicable from 30 December 2024.

An NFT is a digital asset that is unique and cannot be replaced or exchanged for another of the same value. NFTs are created and stored on a blockchain, which is a distributed ledger that records transactions and ensures security and authenticity. NFTs can represent any kind of digital asset (eg, art, music, videos, games and collectibles). NFTs give the owner of the digital asset the evidence of ownership, as well as the ability to sell or trade it on various platforms. NFTs are different from cryptocurrencies such as Bitcoin, which are fungible, meaning that they can be exchanged for other identical units of the same value or for fiat currency (such as dollars and euros) at the prevailing market rate.

NFTs are not regulated within Spanish legislation nor the MiCA Regulation. If an NFT does not fall within the categorisation of financial instruments contained in Article 2 of the new LMV, it will therefore not be subject to Spanish stock market legislation.

Considering that there are no specific Spanish legal rules governing the transfer of NFTs, their purchase and sale will be subject to the broad rules of the Spanish Civil Code, which requires both a contract between the parties and the delivery of the NFTs to the purchaser.

These rules are in article 333 of the Civil Code. According to this rule, NFTs are “things” that can be the object of appropriation and will be considered as a type of goods and chattels or intangible rights (article 1526 Civil Code). Article 609 CC provides that the contract plus the delivery of the object is required for acquiring a legal title. Under Spanish law 59/2003, the agreement to transfer an NFT must take the form of an electronic document to be signed digitally by the parties, in accordance with a system of recognised certified signatures, to adequately identify the parties. This process does not need a Spanish certification. As to the delivery, the delivery of a certificate of ownership to the purchaser or investor would be treated as a deemed legal delivery, so that the requirements of article 606 CC would be considered duly fulfilled.

Aside from the provisions of law 59/2003 on digital signature, the transfer of NFTs, since they are not wet ink documents, will not require notarial formalities or the incorporation to a public register (which in any case does not exist in Spain).

It is also worth distinguishing between the transfer of title effects of NFTs and rules about the governing law of the transaction. In accordance with the conflict of law rule of article 10 title, NFTs will be governed by the “lex situs” to the extent they can be assimilated to goods and chattels. Of course, another line of thought would be to consider that the NFT transfer took place in cyberspace, but it is understood that the acquisition of any rights, even if they are characterised as immaterial, must be carried out in accordance with the law of a given country.

Nevertheless, Spain has shown its intention to actively participate the non-fungible token (NFT) market, which has been expanding globally. This trend is particularly evident in the sports industry; tokens and NFTs have already gained a penetration rate of 34% among sports fans in Spain. Sports sponsorship agreements have played a role in raising awareness and interest in these products – for instance, leading digital asset management platform WhaleFin signed a sponsorship agreement with Atlético de Madrid to become the the sports club’s main sponsor for the next five seasons (and, even though concerns arose due to market struggles, the club recently expressed its commitment to the agreement). Another notable example is the partnership between Sorare, an online platform for trading football cards using cryptocurrencies, and Spain’s premier football division LaLiga. Through this collaboration, LaLiga plans to issue its own collection of player stickers as NFTs.

These two examples clearly demonstrate the industry’s recognition of the crucial role that NFTs can play in connecting fans with sports. Moreover, companies in Spain are exploring the potential of NFTs in various sectors, including:

• verifying product authenticity;
• tracking product location;
• offering membership plans and customer loyalty programmes;
• providing authenticity certificates for art collectors; and
• offering property titles within the real estate market.

The euro is the only legal tender in Spain. The use of cryptocurrencies as a means of payment must be agreed by the parties to a transaction.

In fact, the AML Law defines a “virtual currency” as a digital representation of value that is:

• not issued or guaranteed by a central bank or public authority;
• not necessarily associated with a legally established currency;
• lacking legal tender status as currency or money; but
• accepted as a medium of exchange that can be transferred, stored, or traded electronically.

In other words, even though cryptocurrency is not recognised as legal tender, it is accepted as a means of payment if so agreed by the parties to the transaction.

There is no specific legislation in Spain regarding the use of digital assets in collateral agreements.

Digital assets do not have access to the Spanish Movable Asset Registry for the time being, which will require a major legislative change.

Smart contracts are very frequently used in certain industries: finance, insurance, IP rights, electricity supplies, healthcare (appointments with medical doctors), etc. They are characterised by being inflexible ‒ ie, they are encoded in a blockchain, which means they cannot be easily modified. On the other hand, traditional contracts are flexible and can be amended as required. Smart contracts are typically used in massive business with consumers.

Nevertheless, there are no specific laws or regulations in Spain addressing the legal enforceability of private contractual arrangements made in whole or in part using blockchain-based smart contracts. Likewise, there are no judicial decisions on the matter (see 5.1 Judicial Decisions and Litigation).

In Spain, smart contracts are not regulated except for restrictions imposed by Spanish consumer protection legislation and the legislation on the legal effects of digital signatures. Despite this, Spanish law recognises their legal validity and applies to them the basic rules of the law on contracts of the Civil Code. Terms and conditions must be clear and not one-sided, and the agreement of the parties must be incorporated without any doubt. Hence the importance of a digital signature as evidence of consent.

That being said, in March 2022, the Spanish Data Protection Agency (Agencia Española de Protección de Datos, or AEPD) published a statement declaring that – to the extent the automated decisions of a smart contract may significantly affect individuals or profile them – the smart contract’s design must consider the requirements set out in Article 22 of the EU General Data Protection Regulation (GDPR) and incorporate the necessary safeguards and measures to protect the rights of data subjects.

Additionally, the Bar Association of Madrid (Ilustre Colegio de Abogados de Madrid, or ICAM) also published an article in its online blog in which it is argued that the smart contract’s recognition by the Spanish legal system will depend on the technical configuration of the smart contract, which determines how its authenticity and validity can be verified. The verification of these smart contracts can be conducted in several ways, including:

• through a trusted third party;
• by means of a network of trusted third parties;
• through a public notary or other authorised official; and
• through an open and fully decentralised network that relies on technologies such as blockchain.

There are no special regulations in Spain that apply to investment funds or collective investment schemes that invest in digital assets, unless these fall under the definition of financial instruments contained within Article 2 of the LMV. In that case, the entity will be considered a financial collective investment scheme and accordingly have to comply with the provisions established in Law 35/2003 of 4 November on collective investment institutions, as well as with the corresponding EU regulations.

In November 2020, the Spanish government approved Law 7/2020 on the digital transformation of the financial system. Law 7/2020 provided for the creation of a test space specifically tailored for innovations within the financial sector subject to administrative supervision (the “financial sandbox”). It is an attempt to change Spanish regulatory culture by establishing an information centre for technofinance, as well as offering the industry a space to test new products and share experiences. Pilot projects are selected, supervisors are appointed to conduct the follow-up, and – if testing is satisfactory – licences are granted.

Moreover, the Start-Up Law entered into force on 22 December 2022. This regulates controlled test environments, known as regulatory sandboxes, for innovations beyond the financial sector.

Blockchain projects have made a few appearances in these sandboxes, with the most recent highlight being the approval of the digital euro project showcased by Monei.

As mentioned earlier, VASPs in Spain are subject to AML legislation. Spain’s AML regulations have been developed in accordance with international standards and driven by Spain’s membership in the Financial Action Task Force (FATF) since its establishment in 1989.

The following regulators are most relevant to businesses or individuals using blockchain in Spain.

• The Bank of Spain – businesses or professionals that provide services for the exchange from fiat money to virtual assets (and vice versa) and/or for the custody of electronic wallets (“cryptocurrency service providers”) must be registered with the Bank of Spain to operate in the country.
• SEPBLAC – SEPBLAC is in charge of reviewing the required documentation cryptocurrency service providers must file in order to be registered within the Bank of Spain (generally, a risk analysis assessment and a money laundering prevention manual), as well as overseeing AML compliance.
• The CNMV – the CNMV is in charge of overseeing stock market regulation compliance and, when it comes to blockchain, has been appointed as the authority to oversee compliance with the MiCA Regulation in Spain. Additionally, even though crypto-assets are not directly regulated by the LMV, the CNMV may subject the advertising of crypto-assets to authorisation or other forms of administrative control (eg, the introduction of risk warnings).

There are no self-regulatory organisations or trade groups that perform regulatory or quasi-regulatory roles with regard to businesses or individuals using blockchain in Spain.

Although there have been initiatives aimed at developing blockchain regulation in Spain (eg, the financial sandbox system), the CNMV and the Bank of Spain are continuously striving to promote awareness of the risks associated with blockchain and cryptocurrency usage. To achieve this, they have published various informative documents and regularly organise conferences in collaboration with universities and blockchain industry stakeholders.

Please note that, as Spain is a civil-law jurisdiction, Spanish case law does not rely on the doctrine of binding precedent. Nonetheless, back in 2019, the Spanish Supreme Court decision (STS 326/2019) constituted the first judicial pronouncement in Spain to address one of the most well-known blockchain technologies – namely, cryptocurrencies – and, specifically, Bitcoin (the most famous of them all). In this sense, the decision outlines an analysis of Bitcoin’s nature – essentially, that:

• bitcoins are defined as units of account transferred or exchanged through the computer and cryptographic technology known as Bitcoin;
• bitcoins are intangible assets that can be exchanged or used as consideration in any bilateral transaction in which the parties involved accept them; and
• bitcoins are in no way money, nor can they be considered as such in legal terms.

This was indeed an accurate legal description that, as expected, aligned with the views of both the European Central Bank (ECB) and the Bank of Spain regarding crypto-assets.

Furthermore, the ECJ’s decision in Skatteverket v David Hedqvist (Case C-264/1456), which was promulgated on 22 October 2015, remains the sole ruling addressing the legal aspects of cryptocurrency transactions. According to the ECJ’s analysis, the exchange of bitcoins for legal tender is deemed a “taxable supply of services” exempt from VAT under Directive 2006/112/EC of November 28. The significance of this decision lies not only in its conclusion but also in its ratio decidendi, which acknowledges that Bitcoin exists solely as a virtual currency with bidirectional flow, used for exchanging with traditional currencies and functioning exclusively as a means of payment.

From 2019 to the present day, court cases in relation to blockchain and specifically in relation to bitcoin have been increasing. As of 2024, there are more than 100 court rulings in relation to this matter in Spain.

There have not been any enforcement actions in Spain that have helped market participants better understand the “regulatory perimeter” of permitted and prohibited activity utilising blockchain.

However, as mentioned in 5.1 Judicial Decisions and Litigation, there have been certain pronouncements by the courts about the nature of bitcoin and possible fraudulent conducts through it.

In April 2023, the Council of Ministers approved Royal Decree 249/2023 of April 4, which amends the main regulations of the Spanish General Tax Law with the aim of developing administrative review. Among the modifications it introduces, the most relevant is the obligation to declare – from 1 January 2024 – the possession of cryptocurrency (and other virtual assets) and any operations that are carried out with their use. The amendment introduces three reporting obligations.

• Obligation to report balances in virtual currencies – persons and entities resident in Spain (as well as foreign-owned permanent establishments in Spanish territory) that provide services to safeguard private cryptographic keys on behalf of third parties for the purpose of maintaining, storing and transferring virtual currencies will be obliged to file an annual informative declaration detailing all the virtual currencies they keep in custody.
• Obligation to report transactions with virtual currencies – persons and entities residing in Spain (as well as foreign-owned permanent establishments in Spanish territory) that provide the above-mentioned services and services for exchanging virtual currencies and fiat currency or exchanging different virtual currencies, or that intermediate in any way in the execution of these operations, will be required to submit an annual informative declaration regarding the acquisition, transmission, exchange, and transfer of virtual currencies in which they are involved or act as intermediaries (along with the receipts and payments made in such currencies). It is important to note that the foregoing does not apply to individuals or entities that limit their activity to advising on virtual currencies.
• Obligation to report virtual currencies located abroad – all the above-mentioned must also annually declare all virtual currencies held abroad (either as the owner or, where applicable, the beneficiary).

For the declaration of cryptocurrencies, the Tax Office has included a section (1800) dedicated to virtual currencies. All buying and selling transactions must be included in this section, up to a maximum limit of 25 capital gains and losses.

Furthermore, in 2024, Form 721 has been introduced ‒ as a replacement for Form 720 – to report on virtual currencies held abroad. In this case, there will be no obligation to report cryptocurrencies if the combined balances as of December 31 do not exceed EUR50,000.

Under Article 6.1(c) of Regulation (EU) 2016/g79 on personal data protection, the Spanish Tax Authority can receive and process the personal data of crypto-assets customers, as it is doing so in order to comply with a legal obligation. The following forms exist for this purpose:

• Form 172 ‒ informative statement on balances in virtual currencies; and
• Form 173 ‒ informative statement on operations with virtual currencies.

Under the first form, the taxpayer reports balances of cryptocurrencies held by its customers. Under the second form, the taxpayer reports all customer transactions involving cryptocurrencies.

Form 721 is the format in which the information return on virtual currencies located abroad must be made. Pursuant to Article 1.5 of the AML Law, virtual currency means a digital representation of value that is neither issued nor guaranteed by a central bank or public authority, is not necessarily associated with a legally established currency and does not have the legal status of currency or money, but is accepted as a medium of exchange and can be transferred, stored or traded electronically.

In 2018, the EU established the first Sustainable Finance Strategy. It details a strategy that is divided into four areas of action:

• contributing to the transition towards a sustainable economy;
• enhancing the inclusion of SMEs in sustainable finance;
• increasing the resilience of the financial system so as to contribute to the objectives of the European Green Pact; and
• promote a global sustainable finance agenda.

The EU Corporate Sustainability Reporting Directive (CSRD) is transforming ESG reporting and reporting. By 2024, almost 50,000 companies will be required to report on sustainability.

However, as far as digital finance is concerned, it is worth mentioning the changes planned for 2024. The Financial Stability Board (FSB) will focus on the interactions between interest rates and liquidity risk, the role of technology and social media in deposit outflows, and lessons for the effective implementation of the international resolution framework. In addition, it will focus on continuing work already initiated in previous years, including:

• enhancing the resilience of non-bank financial intermediaries;
• fostering the benefits of digital innovation while containing its risks – this will be done by advancing the global regulatory and supervisory framework for crypto-asset markets and activities and by continuing to monitor the financial stability implications of other digital innovations, including tokenisation and AI developments;
• addressing financial risks arising from climate change;
• improving cross-border payments, continuing with the G20 roadmap to implement co-ordinated improvement;
• strengthening cyber- and operational resilience;
• monitoring and evaluating the effectiveness of G20 reforms, including by analysing the effects of securitisation reform; and
• improving resolution in the financial system by addressing operational challenges in the implementation of bail-in at the global level and reviewing the adequacy of public backstop mechanisms ‒ work will also be done to improve the resolution of central counterparty clearing houses (CCPs) and insurers.

In Spain, there are currently no laws, regulations, or court decisions that specifically address privacy concerns related to blockchain technology. Nonetheless, the GDPR and the Spanish Data Protection Act should be applicable.

However, blockchain actually improves on traditional methods of IP protection. It automates the monitoring of timestamps and other activities, making it easier to detect infringements. In addition, blockchain helps in certain aspects such as reducing the confusion that often arises over ownership in IP terms. The World Intellectual Property Organization is currently exploring how blockchain’s applications for licensing and record-keeping of IP, as well as its ability to support smart and self-executing contracts, can be admitted as evidence in courts around the world.

Moreover, the EU Blockchain Observatory and Forum (acting on behalf of the European Parliament) has released reports and studies on this matter. One of the reports, titled Blockchain and the GDPR, describes in detail the tensions between blockchain and the GDPR – given that data included on the chain is immutable and blockchain is an append-only database. It also states that regulatory agencies are expected to gradually propose solutions that clarify the tensions between blockchain technology and data protection rules. These solutions might address the following aspects.

• Identification and obligations of data controllers and processors – it is necessary to recognise that there are situations where it is challenging, and sometimes impossible, to identify data controllers. One such example would be when individual users are engaging in transactions or interacting with decentralised smart contracts on a public, permissionless blockchain for personal purposes.
• Anonymisation of personal data – it is necessary to assess the validity of different techniques that enable users to record “proofs of data” on the blockchain without actually revealing the underlying data, thereby ensuring privacy.
• Other relevant issues – these include lawfulness of data processing, data minimisation, the right to erasure (right to be forgotten) and the right to rectification, the right of access to personal data, automated processing, territoriality, and data protection by design and by default.

Based on the above-mentioned considerations, academic institutions and organisations utilising distributed ledger technology have put forward potential solutions, such as:

• storing data off-chain to enable its modification; or
• implementing measures to prevent access by third parties (including data controllers) once data processing concludes or when individuals request data erasure – for example, destroying encryption keys or implementing additional layers of encryption to render the data inaccessible.

Nevertheless, it is recognised in Spain and across Europe that blockchain technology offers numerous opportunities to improve data protection and security while aligning with the principles of data protection by design. This alignment ultimately ensures compliance with the GDPR.

As mentioned, the use of blockchain technology – especially public blockchains – raises issues relating to the proper identification of data controllers and processors, owing to the difficulty in identifying the actors involved. This is a challenge that complicates how data protection laws and regulations apply to the use of blockchain-based products or services and there is still no clear consensus on how regulators should proceed in this respect.

The EU has recently approved Regulation (EU) 2023/2854 on the harmonised rules for fair access to the use and transfer of data (the “EU Data Act”), which has been criticised by cryptocurrency and fintech operators as a potential source of restrictions to smart contracts. In this respect, it is important to note that the EU Data Act is a cross-sectoral piece of legislation (it lays out legal guidelines that apply to all sectors, not only to crypto or fintech).

A principal criticism of the EU Data Act is the requirement to include a “kill switch” clause. This means that smart contracts must have the capacity to be terminated or “deactivated” by including internal functions that can reset or interrupt the contract to stop or interrupt the operation ‒ in particular, to avoid “future accidental executions” (Article 36, paragraph (b) and (c) of Regulation (EU) 2023/2854). This clause has been seen as a threat to the deployment of smart contracts, as it seems incompatible with blockchain technology, which cannot be interrupted. In addition to this, it is being said that the definition of smart contracts in the EU Data Act is over-broad because it could encompass computer programs that would not currently be considered smart contracts. However, in reality, this risk seems somewhat exaggerated ‒ given that the legal definition is in line with the generally accepted definition of smart contracts as “autonomous computer programs that are automatically executed when predefined conditions in a digital agreement are met”. Be it as it may, these crypto and fintech industry concerns are beside the point because the requirements of Article 36 will only apply to a small number of smart contracts, which deal with executing data-sharing agreements governed by the EU Data Act.

In these agreements, there are considerations of personal data protection and intimacy that only can be addressed with the consent of the affected parties and therefore a “kill switch” clause is justified. Moreover, (94) of the EU Data Act expressly refers to the termination of contracts for reasons of personal data protection introduced by Regulation (EU) 2016/679 and Directive (EU) 2019/770. The use and circulation of model clauses and templates are likely to minimise potential negative effects, as the terms and conditions of smart contracts will become soon standardised and compliant with EU law, which takes precedence over the laws of the member states. In this respect, the EU has taken the lead over the USA and other major countries, which will be an advantage for the development and growth of the single European market on data trade.