Blockchain & Crypto-Assets 2026

Blockchain: The Underlying Technology

The law and regulation of blockchain is complexity borne of simplicity. At its heart, a blockchain is simply a new way of storing data in a way that is more secure, immutable and always accessible. That data can be whatever you want it to be – for example, with bitcoin, the data essentially simply referred to the existence of a crypto-asset.

The issues here for jurisdictions have been twofold.

• How does the immutability of data interact with data protection legislation? This has been a core issue in the EU, where blockchain conflicts with the concepts of the right to forget.
• How to reconcile the fact that users treat bitcoin as if it is property whereas in fact it is data, leading to confusion of how to apply concepts like “theft”, which assume physical property, to the data that is bitcoin? The UK Law Commission has done some work on this, recognising digital assets as being potentially property, however it is unclear how that will operate in practice.

On top of this, a different technology, smart contracts, allow for functionality to be automated. This has resulted in new industries, such as DeFI, and raised serious questions regarding whether developers are liable for code that they release but can no longer control. Different jurisdictions have taken very different approaches here, for example the developer of Tornado Cash was prosecuted by the US Department of Treasury for code he no longer controlled. By contrast, in the UK, case law suggests that developers may not always be responsible, for example if the model is so decentralised there is no effective control (Tulip Trading Ltd v Van der Laan & Ors [2023] EWCA Civ 83).

Crypto-Assets

The most contentious aspect of blockchain for regulators has been crypto-assets. As the nature of a crypto-asset, in very broad terms, is determined by the characteristics that users of a blockchain decide to give to information on the blockchain, a crypto-asset can effectively have any feature which its users decide to attribute to it.

Broadly speaking, the starting point taken by regulators has been firstly to distinguish between those crypto-assets which have the indicia of being a security and other crypto-assets. At a high level, the USA in this respect has traditionally been one of the more aggressive jurisdictions in terms of determining that crypto-assets are a security, under the notorious Howey Test, which generally resulted in any crypto-assets designed to increase in value being considered securities – and inadvertently spawned the meme token industry, a token designed to be intrinsically valueless. The EU and the UK have taken a more restrictive approach, with defined definitions of what is considered a security (or “financial instrument”), and anything not on that list being considered not a security. Even in this respect, it is worth noting that there are subtle nuances in this approach, with the concept of the collective investment scheme having a more all-encompassing definition than its EU equivalent, the collective investment undertaking. Other jurisdictions have generally landed along the spectrum, depending on their traditional influences – and so, for example, Singapore has tended to align with (whilst not being quite the same as) the approach adopted by the UK.

For crypto-assets which are not securities, the position has been changing globally, and in this respect the global position can broadly be split into those jurisdictions where crypto-assets are sold from and those where crypto-assets are sold into.

The selling jurisdictions (offshore)

For certain jurisdictions, sometimes referred to as “offshore”, crypto-assets represent a potential new business line that brings wealth into the jurisdiction. These jurisdictions include Switzerland, Cayman, BVI and Panama. The focus of these jurisdictions has generally been on facilitating business set-ups, and indeed a network of services providers have been developed which can, for example, assist with providing local directors to help with issues such as substance requirements. A common feature of these jurisdictions is that the local population does not tend to constitute a large market of potential buyers of crypto-assets, and so firms that set up tend to need to sell cross-border into other jurisdictions in order to run a viable business.

The buying jurisdictions (onshore)

This brings us to the buying jurisdictions – these tend to be those with large populations that might buy crypto-assets, and typically include jurisdictions with large populations such as the EU, UK and the USA, as well as jurisdictions which are traditional financial hubs, such as the UAE, Hong Kong and Singapore.

Regulators in these jurisdictions tend to place greater emphasis on consumer protection – as if there is an issue with a crypto-asset, their populations tend to be the ones that absorb the loss. It is also noteworthy that the regulators deployed to govern such activity tend to be securities regulators, and as such approaches are often heavily influenced by securities regulation. Whilst this may make sense in certain contexts, where the reasons for buying a crypto-asset is as an investment, it can cause difficulty in other contexts – and so for example virtual currencies created alongside video games can have an awkward relationship with local requirements. A notable trend here is that NFTs tend to be less regulated, or not regulated at all, in a large range of jurisdictions, because they are generally considered to be intrinsically less “like a security” than fungible crypto-assets.

When selling into buying jurisdictions, firms can see the situation in terms of effectively being “pay to play” – in that there is a cost attached to complying with local laws, and so firms need to weigh that against the potential revenues received in accessing these jurisdictions. A consequential factor is the extent to which firms have taken a risk-based approach to matters such as reverse solicitation. In this respect, it is worth noting that generally reverse solicitation is not accepted by most jurisdictions – however the USA and UK have traditionally been the most aggressive jurisdictions in terms of seeking to enforce local requirements on companies outside of the jurisdiction.

An evolving world

It is worth noting that the above is only a current snapshot of the regulation of crypto-assets. We are seeing various jurisdictions increasingly take an aggressive approach towards regulating crypto-assets, both in terms of jurisdictions bringing in regulation to regulate crypto-assets, for example in Africa where there is a general shift towards regulation, led by jurisdictions such as Mauritius and Botswana, as well as in terms of jurisdictions becoming more stringent towards regulation, such as is the case in Singapore, UAE and Hong Kong.

A common theme we are seeing as the regulatory grip tightens is a requirement to have a local subsidiary in order to service local populations. The effect of this has been twofold: firstly, it undermines the attractiveness of the selling jurisdictions if in any event firms will need to set up onshore. Secondly, it increases operational costs as obligations such as capital requirements and having sufficient local substance (for example in terms of senior compliance) increases costs, meaning that firms may not have sufficient resources to operate in a large range of markets.

The overall effect of this yet to be determined, as if the cost of operating in a jurisdiction outweighs the benefit, then firms may cease servicing that market – which will have the detrimental effect of reducing customer choice. As such, being too aggressive in terms of regulation can actually harm a jurisdiction’s position as it could be left behind more progressive jurisdictions. An interesting development here has been that of sandboxes – originally pioneered by the FCA in the UK – as a means for regulators to better understand the products being sold in their jurisdiction to try to find the right balance of regulatory approach. This approach has now been adopted by a range of regulators internationally.

The need for cohesion

Whilst regulators have taken different approaches to dealing with crypto-assets, the cost of this for the industry has been a lack of cohesion. This can be seen for example in the context of stablecoins, where different jurisdictions have taken very different approaches as to what constitutes a stablecoin in their jurisdiction, and how they should be regulated, for example in terms of backing reserve assets. For example, backing reserve assets for UK-based stablecoins must be held in low risk secure and liquid assets such as short-term bank deposits, and cannot include electronic money. By contrast, in the EU an electronic money institution licence is a requirement to issue a stablecoin. 

The result of this lack of cohesion creates regulation arbitrage opportunities, as firms can structure to address those markets with the lowest barriers to entry – however not always to the benefit to consumer. It can also harm cross-border businesses, such as those providing cross-border stablecoin payments, by adding friction to processes, which drives up costs and undermines utility. We are seeing regulators take steps, through organisations such as FATF and IOSCO, to create a more uniform international approach, however this is not easy to achieve as there can be geopolitical tensions that challenge such efforts. For example, the recent proliferation of US denominated stablecoins is generally to the benefit of USA (as bringing money into US institutions), whereas other jurisdictions such as Korea and the EU will generally be less enthusiastic about developments that could encourage money moving outside of their jurisdictions.

Currently, therefore, the only real certainty is complexity, given the evolving patchwork of regulatory approaches we are seeing, making it intrinsically difficult for firms to correctly position themselves. This guide seeks to alleviate some of the pain for firms in this respect, by giving a high-level overview of the different approaches we are seeing in major jurisdictions.