As one of the few jurisdictions with an existing licensing and registration regime for digital-asset service providers (prestataires de services sur actifs numériques, or PSANs) prior to Regulation (EU) 2023/1114, known as MiCA (Markets in Crypto-Assets), adopted in 2019, France has actively contributed to the regulatory maturity of the European market.

The domestic framework has recently evolved to align with MiCA’s transitional provisions. Legislative adjustments adopted in October 2024 formally introduced the concept of crypto-asset service providers (CASPs) and provided a dual regime until MiCA’s full entry into force in July 2026 (the “grandfathering period”). PSANs registered before 30 December 2024 may continue to operate under this registration during this transitional period, provided they comply with MiCA-based investor protection standards.

In parallel, France has adopted stringent rules governing the promotion of crypto-assets by online influencers. Since 2023, promotional activities conducted by so-called “finfluencers” have been subject to dedicated regulatory requirements, effectively amounting to prohibition in most cases. Several well-publicised enforcement actions by the French Financial Markets Authority (Autorité des Marchés Financiers, or AMF) in 2024 and 2025 have signalled a clear intention to curb misleading crypto marketing practices and protect retail investors.

The French anti-money laundering (AML) regime has also significantly evolved. In line with Regulation (EU) 2024/1624 (AMLR), AML obligations now apply to CASPs and other crypto-asset market players as of 30 December 2024. Notably, since June 2025, the use of anonymisation technologies such as mixers in crypto transactions triggers a rebuttable presumption of money laundering under the French Penal Code. In early 2025, a formal criminal investigation was opened into alleged money laundering and unlicensed activity by a major global exchange (Binance), reinforcing the authorities’ commitment to strict AML enforcement in this market.

Despite this tightening regulatory environment, the French market has remained dynamic. In November 2024, the French public financial institution La Caisse des Dépôts et Consignations (CDC) issued its first digitally native bonds using distributed ledger technology (DLT) operated by the Bank of France. France has also taken an active role in shaping EU-level discussions, with the French AMF and the Italian CONSOB jointly proposing enhancements to the DLT Pilot Regime (Regulation (EU) 2022/858) to boost Europe’s competitiveness in blockchain innovation.

Looking ahead, the key challenges for market participants include strengthening their AML compliance systems, implementing MiCA licensing requirements, and ensuring that data protection obligations under the GDPR are reconciled with AML disclosure rules, particularly in light of the guidance recently published by the European Data Protection Board (EDPB).

Blockchain technology is being deployed across a broad spectrum of sectors in France, with notable applications in finance, traceability, health, energy, and digital identity. While consumer use remains largely speculative or investment-driven, numerous institutional and industrial actors are developing use cases that illustrate the versatility and maturity of blockchain-based infrastructures.

Traditional Finance

The Bank of France has taken a leading role among European central banks in the field of wholesale central bank digital currency (CBDC). Since 2020, it has conducted successive experiments under the EU DLT Pilot Regime to test the interoperability of CBDC systems with DLTs. Its proprietary “Full-DLT interoperability” solution, known as DL3S (Distributed Ledger Delivery versus Delivery Settlement Solution), enables exploratory cash tokens representing central bank money to circulate across interconnected blockchain platforms. In 2024, DL3S was tested at scale in connection with the European Central Bank’s Digital Euro project, alongside two other interoperability-based DLT solutions.

Additionally, the CDC issued the first tokenised French government bonds in the amount of EUR100 million in November 2024, later listed on Euronext.

Private initiatives have also gained traction. SG Forge, a subsidiary of the French bank Société Générale, launched EUR CoinVertible (EURCV), a euro-pegged stablecoin issued on Ethereum and designed for institutional use, with compatibility for integration into decentralised finance (“DeFi”) ecosystems.

Supply Chain Traceability and Certification

French start-ups are actively leveraging blockchain to improve traceability and authentication in supply chains. Arianee provides NFT-based (non-fungible token-based) solutions for luxury goods, automotive, and high-end appliances, allowing manufacturers and retail stores to offer digital ownership certificates and secure product life cycle data. Meanwhile, KeeeX specialises in time-stamped digital document certification and secure archiving, and is currently being used to support the Digital Product Passport (DPP) initiative, including in the maritime logistics sector.

Energy Sector

In the context of the Paris 2024 Olympic Games, the French state-owned electricity company EDF developed TrackElec, a blockchain-based traceability system designed to ensure hourly synchronisation between the production and consumption of green electricity. This system allows the certified matching of energy flows on an hourly basis, offering real-time verification of renewable energy sourcing.

Healthcare and Medical Data

Blockchain is also gaining momentum in the health sector. The start-up Galien is building the first hospital-to-hospital DLT infrastructure in France. Its objective is to valorise medical data while enabling transparent value-sharing between hospitals, patients, and research partners. Other blockchain initiatives target the authentication of pharmaceuticals, in an effort to prevent counterfeit medications from circulating in the supply chain.

Consumer-Facing Uses

On the consumer side, most blockchain use remains tied to investment or speculation in crypto-assets. However, emerging B2C applications include NFTs in the fields of art and secure ticketing. Another prominent project is Archipels, a public-private consortium (involving EDF, La Poste and Engie), which is developing blockchain-based digital identity and KYC infrastructure for online services and customer verification.

Real Estate

Several projects use the tokenisation of rights linked to real estate ownership or rental income. These initiatives typically rely on a fiduciary structure to hold the underlying property on behalf of token holders. The tokens may represent a right to a fraction of the economic value derived from the property — such as rental income — or, in some cases, a right to participate in the future resale value.

Before addressing the issue of ownership of a digital asset, it is necessary to determine the applicable law, particularly in cross-border scenarios. The following analysis assumes that French law governs the transaction.

There is currently no harmonised legal regime under French law governing all digital assets recorded on distributed ledgers; while French law is very clear on the ownership regime for crypto-assets subject to MiCA Regulation, the regime for NFTs is governed by common law, and more specifically by the Civil Code.

Ownership of Crypto-Assets Regulated by MiCA

France established a clear legal framework for crypto-assets falling within the scope of MiCA Regulation, in October 2024. Under the French Monetary and Financial Code, ownership of MiCA-regulated crypto-assets is governed by the following principles:

• General rule – transfer of ownership is deemed to occur upon the registration of the crypto-assets in favour of the acquirer within the relevant DLT network. This provision reflects the consensus-based nature of blockchain systems and recognises the legal effect of on-chain registration.
• Exception – custody by a CASP. Where the tokens are held by a crypto-asset service provider offering custody services, the transfer of ownership is legally effected by the registration of the acquirer’s position in the client position register maintained by the CASP. This exception acknowledges market practice and the indirect holding structures that prevail in institutional custody chains.

This regime provides legal certainty regarding the moment of ownership transfer, aligning French law with the operational realities of blockchain-based transfers and enhancing investor protection.

Ownership of NFTs

The legal status of NFTs, which fall outside the scope of MiCA, remains unresolved under French statutory law. In the absence of specific legislation, questions of ownership and transfer must be assessed under the general principles of French civil law and the contractual arrangements between the parties.

To date, case law on the ownership of NFTs remains limited and fragmented, while legal doctrine offers divergent interpretations. Depending on the circumstances, an NFT may be construed as:

• an instrument evidencing the contractual transfer of ownership of a digital or physical asset;
• an accessory to the asset it represents; or
• merely a certificate of authenticity, without conferring any real rights over the underlying asset.

Since 2022, French legislation has allowed public auctions of intangible goods. This has enabled judicial auctioneers to offer NFTs at auction, structuring the contractual documentation so that the transfer of the token is deemed to represent transfer of ownership of the associated work.

Recent first-instance rulings have begun to address this issue:

• the Paris Judicial Court ruled that possession of the token constitutes the title of ownership of the asset, with the authenticity of the asset guaranteed by the blockchain (Tribunal judiciaire de Paris, 2 March 2023); and
• in contrast, in February 2025, the Commercial Court of Tours defined NFTs as a mere certificate of authenticity, which do not by themselves transfer ownership of the underlying asset.

There is little doubt that French courts of appeal and ultimately the French Supreme Court will be called upon to clarify the legal nature of NFTs and their effects on ownership. Until then, NFT-related transactions remain legally uncertain and should be secured through clear contractual terms and due diligence on the rights effectively transferred with the token.

The French legal framework for crypto-assets fully incorporates the classification introduced under the EU MiCA Regulation, which defines four categories of regulated crypto-assets. This terminology is now reflected in the French Monetary and Financial Code as amended in October 2024, as follows:

• e-money tokens (EMTs) – tokens that seek to stabilise their value by referencing a single official fiat currency;
• asset-referenced tokens (ARTs) – tokens that are not EMTs and that aim to maintain a stable value by referencing another value or right, or a basket of assets (eg, several currencies or commodities);
• generic crypto-assets – a residual category encompassing any digital representation of value or rights that can be transferred and stored electronically using DLT, and that does not qualify as an ART, EMT or utility token; and
• utility tokens – tokens intended solely to provide digital access to a good or service supplied by the issuer.

In addition, some crypto-assets may fall outside the scope of MiCA if they qualify as financial instruments under the EU Markets in Financial Instruments Regulation (“MiFID II”).

In May 2025, the AMF formally announced that it would comply with the guidelines drawn up by the European Securities and Markets Authority (ESMA) on the classification of crypto-assets as financial instruments. According to these guidelines, a crypto-asset may qualify as a transferable security where it meets the following cumulative criteria:

• it does not constitute a means of payment;
• it represents a class of securities conferring standardised rights (eg, dividends, voting rights, debt claims); and
• it is negotiable on the capital market.

This approach reflects the principle that form follows function: regardless of its denomination, a token granting economic rights that are structured and tradable, like traditional securities, may fall within the MiFID II regime.

In practice, the obligation to assess the regulatory qualification of a crypto-asset lies with the issuer, the platform or the CASP involved, which will conduct a thorough analysis to determine which regulatory obligations will apply to each token. This is particularly important, as ARTs and EMTs are subject to significantly stricter rules than other crypto-assets, including prior authorisation requirements and specific prudential safeguards.

Importantly, the classification of a token may evolve over time depending on its actual use, technical structure, and economic function. A utility token issued for accessing a digital service may later fall under MiCA or MiFID II if used for fundraising or trading on secondary markets.

This evolving and context-sensitive classification system requires all market participants to adopt a forward-looking compliance approach, ensuring regular re-assessment of the legal nature of the assets they issue, trade or hold.

France does not provide for an autonomous legal definition of a “security token”. Instead, the French regulatory framework has focused, since a reform in 2017 of the Monetary and Financial Codes, on the concept of financial securities recorded in a distributed ledger environment, referred to as the “shared electronic register” (dispositif d’enregistrement électronique partagé, or DEEP).

This approach treats tokenisation as a form of dematerialised registration: the token is not a new legal category but a digital support for an existing financial instrument as defined under French law – shares, bonds, shares in collective investment schemes, and financial futures. This legislative framework was among the first in Europe to enable the practical implementation of tokenised securities.

France is also actively involved in the EU DLT Pilot Regime, which was first applied in March 2023. This temporary regime allows selected market infrastructures to experiment with issuing, trading and settling financial instruments on DLT-based systems, under conditional exemptions from certain regulatory requirements (eg, CSDR, MiFID II, or MiFIR).

The AMF and other public stakeholders have encouraged early adoption of this pilot framework, positioning France as a leading jurisdiction for testing and scaling the use of blockchain in capital markets.

Stablecoins are subject to the comprehensive MiCA framework, depending on whether they qualify as ARTs or EMTs (see 2.2 Categorisation). MiCA does not create a separate legal category for algorithmic stablecoins. However, algorithmic mechanisms used to stabilise the value of a crypto-asset are not exempted from the regulatory requirements applicable to ARTs, provided the token’s value is linked to assets.

Consequently, algorithmic stablecoins may fall within the ART regime if they meet the relevant criteria. Issuers must notably establish and maintain a reserve of assets that is legally and operationally segregated from their own assets, which must be sufficient to cover the risks associated with the referenced assets as well as the liquidity needs associated with redemption rights granted to holders.

There is no dedicated French legislative or regulatory framework specifically addressing the creation, offering or trading of NFTs, which are expressly excluded from the scope of the MiCA Regulation.

Consequently, the legal treatment of NFTs depends primarily on the nature and function of the underlying asset, as well as the contractual terms governing their issuance and transfer (discussed in 2.1 Ownership).

While general consumer protection, IP, contract and civil law provisions may apply depending on the use case, there is no uniform regulatory regime for NFTs. Market participants should conduct case-by-case legal assessments to determine the applicable legal qualifications and obligations associated with a given NFT. Until further clarification by legislation or case law, NFT-related projects in France will operate within a fragmented and evolving legal environment, requiring careful legal structuring and contractual documentation.

Under French law, the euro is the sole legal tender. Consequently, crypto-assets cannot be imposed as a means of payment, but can be voluntarily accepted as a means of payment by merchants, subject to contractual freedom. While still relatively marginal in practice, such payment methods are gradually gaining traction in France.

In November 2024, Printemps – a major French department store – announced that it would begin accepting payments in crypto-assets (including Bitcoin, Ethereum, EURI and USDC) through a partnership with Binance Pay and French fintech Lyzi. The system enables customers to pay by scanning a QR code, illustrating the growing interest in integrating crypto-assets into retail environments.

Under the Monetary and Financial Code, payment in e-money is subject to specific legal limitations:

• EUR3,000 when the payer is fiscally domiciled in France and acts in a professional capacity; and
• EUR10,000 in other cases (ie, private individuals or non-residents).

However, the use of crypto-assets for the payment of real estate transactions appears to be excluded (unless converted into euros), drawing from established case law on the nullity of clauses stipulating payment in foreign currency in mortgage loan agreements.

French law has recently evolved to recognise the use of digital assets as collaterals. On 30 April 2025, the French Monetary and Financial Code was amended to introduce a specific legal framework for pledging digital assets, including to secure loans (a lombard credit or loan).

Cryptocurrencies and other tokens may then be accepted by banks or other institutions as collateral, once the implementing decree specifying the operational details is published.

The pledge is deemed to be valid and enforceable inter partes and against third parties, upon the signing of a pledge declaration by the owner of the pledged digital assets. Unless otherwise agreed, the fruits and proceeds of the pledged assets are automatically included in the scope of the collateral.

Where the pledged assets are held by a CASP, the service provider must, upon request from the secured creditor, provide a pledge certificate including the inventory of the underlying assets.

This new mechanism is expected to enhance legal certainty for lenders and facilitate the development of secured lending practices involving crypto-assets, while aligning with the principles of transparency and investor protection underpinning the MiCA Regulation.

There is no specific legislative or regulatory regime governing smart contracts under French law. As such, smart contracts are assessed under general contract law principles, primarily those set out in the French Civil Code. There are no judicial decisions on the enforceability of smart contracts to date.

Based on the Civil Code, smart contracts must meet the standard legal requirements applicable to any contract, namely: free and informed consent of the parties, legal capacity, and a lawful and certain object, which could require additional contracts if the parties cannot fully comprehend the underlying software program.

In consumer-facing relationships, additional mandatory rules from the Consumer Code may apply, particularly in terms of information duties, withdrawal rights, and fairness of terms, some of whose provisions seem to contradict the concept of DLT.

In February 2025, a joint working group composed of the French Prudential Supervision and Resolution Authority (L’Autorité de Contrôle Prudentiel et de Résolution, or ACPR), the AMF and fintech stakeholders published recommendations exploring the potential for certifying smart contracts in the context of DeFi. The objective was to anticipate future regulatory developments and define minimum standards for reliability and security in automated contractual execution.

The group’s recommendations set out a series of principles for smart contract certification in DeFi, including:

• compliance with development best practices;
• mitigation of known vulnerabilities;
• deterministic compilation;
• public availability of source code;
• application of the principle of least privilege; and
• clear separation of critical functions.

These principles were generally endorsed by industry contributors in a synthesis report published in July 2025, laying the groundwork for future regulatory initiatives aimed at ensuring the integrity, auditability, and legal reliability of smart contracts in financial applications.

In France, the regulatory treatment of digital asset exposures by regulated entities (such as credit institutions and investment firms) follows the prudential rules set out under the EU Capital Requirements Directive (“CRD IV”) and related regulations.

The French ACPR regularly updates its guidance on the calculation and disclosure of prudential ratios. In its latest notice published in December 2024, the ACPR reiterated the transitional capital treatment of crypto-asset exposures in accordance with the forthcoming Capital Requirement Regulation 3 (CRR 3). Under this framework:

• tokenised traditional assets are treated like their underlying traditional counterparts for risk-weighting purposes, provided their value is not linked to any other crypto-assets;
• ARTs referencing one or more traditional assets are subject to a 250% risk weight; and
• all other crypto-asset exposures are subject to a 1,250% risk weight, reflecting their high-risk nature under the current prudential standards.

France does not currently operate a general regulatory sandbox for digital asset innovations, other than the DLT Pilot Regime (discussed in 1.1 Evolution of the Blockchain Market).

To participate in the DLT Pilot, project leaders must obtain prior authorisation from the relevant competent national authority, which is either the AMF or the ACPR, depending on the nature of the market infrastructure or service to be operated.

France has aligned its regulatory approach to digital assets with international standards, particularly in the field of AML. CASPs are subject to stringent AML obligations under the EU regulatory framework, which either has a direct effect in French law or has been transposed into national legislation.

These rules are largely inspired by international recommendations, notably those of the Financial Action Task Force (FATF). As an FATF member since 1990, France has consistently shaped its national regime in line with FATF standards.

Financial supervision in France follows a “Twin Peaks” model, involving two independent supervisory authorities:

• The ACPR is responsible for the prudential supervision of financial institutions. It oversees the stability and soundness of entities such as banks, insurers, and CASPs, with regard to AML, internal control systems, and financial soundness.
• The AMF ensures the proper functioning, transparency, and integrity of financial markets. It supervises the conduct of market participants, including CASPs, and monitors public offerings, marketing practices, and investor protection obligations. It also plays an active role in raising public awareness by regularly issuing warnings, educational campaigns, and alerts on the risks associated with investing in crypto-assets.

In addition to these regulatory bodies, the Bank of France also plays a key role in supporting blockchain innovation in the financial sector. It actively contributes to the Eurosystem’s exploratory work on a wholesale CBDC and is proposing to deploy a digital euro. Through these initiatives, the Bank of France acts as a driving force in the development of the blockchain-based financial infrastructure in France.

There are currently no self-regulatory organisations or industry bodies in France that hold regulatory or quasi-regulatory authority over blockchain-related activities.

The AMF and the ACPR are actively engaged in raising public awareness about the risks associated with crypto-assets and blockchain-related activities. They regularly publish educational materials, alerts and reports aimed at retail investors, and frequently organise seminars and conferences in partnership with academic institutions and industry stakeholders to foster informed use and responsible innovation in the blockchain space.

France has seen a growing body of case law relating to digital assets, reflecting the increasing volume of disputes in this field.

Legal Qualification of Bitcoin (Nanterre Commercial Court, 26 February 2020, Bitspread v Paymium)

In a decision that drew wide commentary, the Nanterre Commercial Court classified Bitcoin as a consumable and fungible asset due to its usage and interchangeability. As a result, a loan of bitcoins was deemed to transfer ownership and risk to the borrower. The court concluded that the borrower was entitled to keep the bitcoin cash received following a hard fork, as this constituted the fruit of the original loaned bitcoins.

Liability of Unregistered Service Providers (Grenoble Court of Appeal, 26 June 2025)

The Grenoble Court of Appeal held a crypto-asset service provider liable for failing to register with the AMF as required under French law (PSAN regime at the time). The provider had launched its activity without authorisation and was ordered to compensate a client whose tokens had been fraudulently diverted. The court awarded compensation in fiat currency, rejecting the client’s claim for loss of opportunity to benefit from the appreciation of the stolen tokens, due to their inherent price volatility.

Judicial Co-Operation in Fraud Cases (Lyon Judicial Court, 17 March 2025)

In a more recent case, the Lyon Judicial Court issued an injunction against an Irish-registered CASP, ordering it to disclose identifying information about the holders of a wallet linked to fraudulent transactions. The court also ordered the suspension of the wallet to prevent dissipation of the tokens, pending a decision on the merits. While crypto-asset seizures remain procedurally complex, this ruling marks a positive development for victims seeking judicial relief in France.

The French Supreme Court had already confirmed the legality of the seizure of bitcoins from a wallet account (Cour de Cassation, 15 February 2023). In that case, the wallet holder was suspected of participating in money-laundering operations involving drug trafficking, since it had employed a combination of cryptographic methods in the operations that reinforced the presumption of illegality regarding the origin of the funds.

As mentioned in 4.1.4 Anti-Money Laundering and Counter-Terrorism Financing (AML/CTF) Requirements, in September 2022, the AMF revoked the registration of a PSAN for failing to comply with KYC obligations and enhanced scrutiny of transactions, presenting a particular risk.

In early 2025, in co-ordination with other EU member states, the French National Jurisdiction for the Fight Against Organised Crime opened a formal investigation into Binance for alleged breaches committed between 2019 and 2024. The preliminary findings suggest the following:

• Failures to comply with AML/CTF obligations, in particular, the lack of proper KYC procedures. These deficiencies allegedly facilitated the laundering of funds derived from various criminal activities, including narcotics trafficking and tax fraud.
• Unlawful promotional communications targeting French residents or entities prior to Binance’s official registration as a PSAN (the pre-MiCA national regime). These marketing efforts were reportedly carried out through influencer partnerships and online advertising campaigns on social media platforms.

Personal Income Tax

France adopted a dedicated tax regime for digital assets in 2019, following a landmark decision by the Conseil d’État in April 2018. Since the Finance Law of 28 December 2018, capital gains on crypto-asset disposals realised by individuals residing in France have been taxable when:

• the assets are converted into fiat currency; or
• the assets are used to purchase goods or services.

These capital gains are subject either to a 30% flat tax or, upon election, to the progressive income tax scale. French tax residents are thus required to declare such gains annually and, since 2020, to report any digital asset wallets opened, held, used, or closed abroad.

Taxation of Professional Gains

Since 2023, gains arising from crypto-asset transactions that form part of a professional activity have been taxed as non-commercial profits, including income from mining activities. Where digital assets are received for free (eg, through mining), their acquisition cost is deemed to be zero for tax purposes.

Reporting Obligations for CASPs from 1 January 2026

The Finance Law for 2025 transposed the EU “DAC8” Directive. As a result, authorised PSANs/CASPs established in France will be required, from 1 January 2026, to report identification and transaction data concerning their clients who are French residents or residents of a participating jurisdiction. The reporting obligation covers:

• exchanges between different crypto-assets or between crypto-assets and fiat currency; and
• transfers of crypto-assets to or from a client’s external wallet or account.

VAT

The French tax administration has incorporated into national guidance the Hedqvist ruling of 2015 of the European Court of Justice. As such, the exchange of recognised cryptocurrencies against fiat currency (and vice versa) is exempt from VAT when the digital assets are accepted as a means of payment.

In the context of utility tokens, the French tax administration considers that the ICO is not subject to VAT due to uncertainty surrounding the delivery of a future good or service. However, when such tokens are later redeemed for specific goods or services from the issuer, VAT applies under standard rules.

As for NFTs, no specific regime exists; they are subject to general VAT principles depending on their legal and economic characteristics.

The MiCA Regulation explicitly addresses the environmental risks associated with crypto-assets, particularly those linked to the consensus mechanisms used for transaction validation.

White papers must therefore include information on the principal adverse impacts of the crypto-asset on the climate and environment. This includes a description of the consensus mechanism used (eg, proof of work, or proof of stake), together with an assessment of its environmental footprint. ESMA guidance indicates that this assessment should cover:

• the energy consumption of each DLT network node;
• the location of the nodes; and
• the types of devices used to operate and maintain the distributed ledger.

CASPs are also required to publish ESG-related disclosures in a prominent place on their websites for each crypto-asset they offer. These disclosures must follow the format and indicators specified by the delegated regulation adopted by the European Commission in December 2024, which includes detailed methodologies for calculating energy consumption, energy intensity, and greenhouse gas emissions.

Annual energy consumption is the key metric to be disclosed, with further indicators required for high-impact issuers exceeding predefined thresholds. These obligations aim to ensure greater transparency on the environmental sustainability of crypto-assets and to foster investor awareness of the ecological implications of blockchain technologies.

The French Data Protection Authority (La Commission Nationale de L'Informatique et des Libertés, or CNIL) published its first guidance on the responsible use of blockchain under the GDPR back in 2018. It encouraged data controllers to assess the appropriate type of blockchain to be used, particularly highlighting the inherent limitations of public blockchains with respect to compliance. The CNIL also proposed compliance measures such as keyed hashing or cryptographic commitments as ways to reduce privacy risks.

A major step forward came in April 2025, when the European Data Protection Board (EDPB) issued its Guidelines 2/2025 on the processing of personal data in the context of blockchain technologies (public consultation until June 2025). These guidelines provide a comprehensive framework for assessing the compatibility of DLT with the principles and obligations of the GDPR.

Data recorded on a blockchain can be technically difficult or impossible to alter, given the characteristics of this technology. Therefore, the Guidelines are a reminder that technical impossibility cannot be invoked to justify non-compliance with GDPR requirements and they encourage controllers to adopt a proactive approach, combining organisational measures, techniques and governance models.

The EDPB mentions solutions such as encryption of personal data before storing it on a blockchain, hashing with the use of a secret key or salt, and storing cryptographic commitments on the blockchain itself.

One of the key regulatory challenges going forward will be to reconcile these data protection requirements with anti-money laundering obligations, particularly those relating to transparency and traceability of transactions. In particular, the Travel Rule and related KYC/AML obligations require the identification of parties involved in crypto-asset transfers, potentially conflicting with GDPR principles such as data minimisation and purpose limitation. Regulators and market participants will need to co-ordinate technical and legal approaches to ensure both regulatory objectives can be met without undermining user rights or the integrity of compliance.