Contributed By Kramer Levin Naftalis & Frankel LLP
The French blockchain market saw heightened activity in 2019, on both the business and the regulatory side.
A notable event was the Paris Blockchain Week of April 2019, which saw the Minister for the Economy and Finance and others members of government voice their goal of turning France into a leading market for blockchain technology. The Paris Blockchain Week also showed that the main focus of the government is blockchain technology, rather than digital assets themselves, which are still viewed with some suspicion.
In May 2019, the PACTE Act – which stands for “Action Plan for the Growth and Transformation of Companies” – finally entered into force. The PACTE Act creates a comprehensive regulatory regime for both initial coin offerings (ICOs) and intermediaries dealing with digital assets (digital assets service providers or DASPs). Various implementing regulations were later published, and both the ICO and the DASP regimes are now fully operational.
With the regulatory framework created by the PACTE Act operational, the French authorities focused on two other issues
First, the announcement of Facebook’s plan to launch a stablecoin called Libra in June 2019 forced various French authorities to take a stand against the development of large scale “private currencies”. In the meantime, working groups on central bank digital currencies (CBDCs) were created by the French Central Bank, with the intention of developing a public alternative to Libra. The Central Bank announced that a “wholesale” CBDC (ie, a CBDC dedicated to large interbank transactions) would be developed in 2020.
Then, the Autorité des marchés financiers (the regulator of financial markets or AMF) started working on how blockchain technology could be used to make financial markets and the financing of small and medium-sized enterprises (SMEs) more efficient. The AMF published an analysis of the application of financial regulation to security tokens in March 2020.
We expect that stablecoins and security tokens will be main focus of French public authorities in the next 12 months. In addition, we expect that the DASP regime will be updated to take into account certain business models which were not included in the first version of the act, such as digital assets lending and derivatives based on digital assets.
While France is not the major European hub for blockchain companies, many startups have been created during the last few years and have grown enough to start expanding internationally. The following business models can be noted:
The major French leaders of the French digital asset and blockchain industry formed a professional association, the Association pour le Développement des Actifs Numériques(ADAN), in 2020. The association will represent the industry before public authorities and civil society.
In addition, most large French companies (whether they are financial or industrial groups) have launched blockchain projects in the last few years. These projects generally focus on supply chain management, healthcare, energy management, etc.
The Banque de France (the French central bank) called in April 2020 for applications to experiment with a central bank digital currency for interbank settlements. The aim is to explore the opportunities offered by this technology, and to identify concrete cases integrating CBDCs in innovative procedures for the clearing and settlement of tokenised financial assets.
The results of these experiments will be a key element of the Banque de France’s contribution to a broader project conducted by the Eurosystem on the potential implementations of a CBDC. Indeed, any decision to create a CBDC is a matter for the Eurosystem.
BPI France (a state-owned investment bank) called, in December 2019, for applications relating to stablecoin/settlement coin working in central bank money.
Caisse des Dépôts et Consignation (CDC) has its own LabChain for blockchain proof of concept with major banks, insurance institutions, investment services providers, and start-ups.
The regulation of the blockchain sector is threefold, focusing on ICOs, DASPs and securities.
The PACTE Act created an optional regulatory regime for ICOs. ICO issuers may choose to ask the AMF to grant its approval (or “visa”) to their ICO – but may also launch an ICO without the AMF’s approval. The approval serves as a proof of the trustworthiness of an ICO issuer, and also grants some marketing rights with respect to the ICO. The following conditions need to be met by issuers applying for an approval:
The PACTE created a legal framework for DASPs. DASPs are entities providing the following services:
The DASP regime is also partially optional. Any entity may apply for a DASP licence to provide the above-mentioned services. Licensed DASPs are subject to a set of obligations which are quite similar to those of investment services providers.
On the other hand, providing the custody service or the service of purchase or sale of digital assets against legal currency requires a registration with the AMF. (Registered DASPs can also apply for a licence with respect to these services.) Registered DASPs are subject to fewer obligations than licensed DASPs.
Obtaining a DASP registration or licence, or an ICO approval has similar effects.
Before the PACTE Act was published, securities law was modified to allow the use of blockchain for the issuance, registration and transfer of unlisted securities. A decree was later published to describe the technical conditions which need to be met by the blockchain used for the registration. In theory, public blockchains (such as Ethereum) can now be used for that purpose.
Although securities registered on a blockchain are often called “security tokens,” a more accurate denomination would be “blockchainised securities.” Registering securities on a blockchain does not transform their legal nature. Even though these securities may be nearly identical, from a technical perspective, to certain digital assets (eg, ERC-20 utility tokens), they are still subject to all the laws applicable to traditional securities.
The updated Recommendations of the Financial Action Task Force (FATF) suggest that various actors in the digital assets economy should be registered by a public authority and comply with the anti-money laundering legislation. The FATF’s list contains the following activities:
Directive (EU) 2018/843 of 30 May 2018 (the fifth anti-money laundering directive or AMLD 5) was adopted before the Recommendations were updated. Therefore, the AMLD 5 only requires member states to apply the anti-money laundering legislation to two categories of DASPs: custodian wallet providers and providers engaged in exchange services between digital assets and fiat currencies.
As a result, France transposed the AMLD 5 through the PACTE Act and chose not follow the Recommendations of the FATF. France will probably wait for an update of the AMLD 5 – as implementing the FATF Recommendations before other European countries could lower its comparative attractiveness.
The AMF is the lead regulator for all matters related to digital assets. The AMF’s main purpose is to protect investors and ensure the proper functioning of financial markets. The AMF also regulates asset managers and financial products. With respect to digital assets, the AMF grants approvals to ICOs and registrations or licences to DASPs.
However, the Banque de France and the Autorité de contrôle prudentiel et de resolution (ACPR), the other main regulator of the financial industry, which mostly supervises banks, insurance companies, payment institutions and electronic money institutions, must be consulted in all DASPs registration or licence applications with respect to the anti-money laundering procedures. These procedures must be validated by the ACPR before the registration or the licence is granted by the AMF. In addition, the compliance of registered DASPs (ie, digital assets custodians and entities allowing the purchase or sale of digital assets against legal currency) with the anti-money laundering legislation is monitored by the ACPR, while licensed DASPs and ICO issuers are monitored by the AMF.
The prominent French trade organisation dedicated to digital assets is the Association for the Development of Digital Assets (or ADAN). The ADAN was created in January 2020 and replaced the Chaintech, which focused more broadly on the blockchain market.
The ADAN does not have any regulatory or self-regulatory power, although it plans to help market participants develop good practices, and lobby public authorities to ensure that regulation fits the needs of its member companies.
There have been few judicial decisions related to digital assets. The most notable one was rendered by a commercial court in March 2020. (The commercial court is a lower court specialised in business disputes, which means that this decision may be appealed and reversed.)
In that dispute, a liquidity provider obtained a loan of bitcoins from Paymium, the oldest French exchange platform, in order to provide liquidity to the Paymium platform. The liquidity provider reimbursed the loan in December 2017, but did not pay the interests. Paymium then froze the borrower’s account to recover the interest.
The dispute later focused on the ownership of the Bitcoins Cash (BCH) obtained by the borrower following the "fork" of August 2017. Under French law, whether the borrower or the lender is entitled to receive the BCH depends on the legal qualification of the loan. To summarise, if the loaned goods are fungible, the borrower would receive the ownership of the BCH, whereas if they are “individualised,” the BCH would belong to the lender.
Although bitcoins are not regarded as perfectly fungible (as legitimate actors would not accept bitcoins transferred from an address which previously received transactions from addresses associated with illicit activities), they appear to be mostly fungible in business relationships involving exchange platforms and liquidity services. Therefore, the commercial court ruled that the borrower was the legitimate owner of the BCH received following the fork.
That decision somehow clarifies the legal status of digital assets with respect to civil law and contract law (while the PACTE Act focused on the regulation of activities related to digital assets). However, it does not provide a reliable legal framework for digital assets loans or sophisticated financial transactions.
There has been no enforcement action related to digital assets in France. The AMF and the ACPR did publish some warnings against the use of digital assets by retail investors during the 2017 bubble. The AMF also publishes a “blacklist” of websites offering financial services without any authorisation. That blacklist now includes websites offering various speculative products on digital assets (such as derivatives or binary options).
To help market participants better understand the regulatory perimeter, the AMF mostly relies on the publication of guidelines or analyses.
There is no regulatory sandbox in France for blockchain or fintech projects.
In a recent publication on security tokens, the AMF suggested that the European Commission create a “digital laboratory” which would allow national regulators to lift certain requirements arising from European legislation, in order to support the development of projects related to security tokens.
Before the 2019 Budget Act, the tax treatment of digital assets was particularly severe. Capital gains made by individual investors were taxed at a marginal rate which could reach 60% (for large amounts). These gains are now taxed at a flat rate of 30%. In addition, crypto-to-crypto transactions are not subject to any taxation: the taxation is deferred until the digital assets are sold against fiat currency or exchanged against a good or a service.
This 30% flat tax only applies to individual investors: professional traders and miners are still subject to the general income tax regime, as the gains they make are regarded as having a professional nature.
With respect to companies, capital gains made by trading digital assets will be included in their taxable income and subject to corporate tax. In addition, theoretically, following a regulation of the Accounting Standards Authority of December 2018, digital assets held for speculative purpose by a company must be reassessed each year based on their market value. Therefore, an unrealised profit or loss could be realised each year. Whether such profit or loss would be included in taxable income remains unclear.
The AMF and the ACPR both created internal fintech teams in 2016. These teams notably focus on blockchain technology and digital assets, although their mandate covers the entire fintech sector. They are meant to function as “innovation hubs” and offer guidance to startups wishing to develop innovative products. Both of them are in charge of the “FinTech forum” which is a space for discussion between fintech players and regulators.
Outside of digital assets, the French Central Bank also created, in 2019, a task force focused on CBDCs.
No specific provision of French law explains how ownership rights are treated with respect to digital assets. Digital assets would normally belong to the intangible goods category (which also includes claims, patents, or copyrights). However, under French law, the transfer of most intangible goods requires a written notification (eg, for claims) or a modification of a registry maintained by a public authority. On the contrary, the actual transfer of a digital asset only requires sending, to a blockchain network, a transaction signed with a private cryptographic key.
The transfer of ownership (which is different from the actual transfer on the blockchain) is deemed final, in theory, when the agreement between the transferor and the transferee is concluded, unless the agreement provides otherwise. In practice, agreements concerning the sale of digital assets should provide that the transfer of ownership will occur when the digital assets are effectively transferred on the blockchain.
With respect to deposit (ie, the fact of receiving a thing that belongs to another person, on the condition of keeping it and returning it), digital assets seem to be able to be deposited to a third party without a transfer of ownership. However, complicated situations may arise if a depositary of digital assets were to become insolvent: would owners of the deposited digital assets be able to recover them, or would the receiver consider that the owners actually only have a claim against the depositary?
French regulators often refer in their publications to the three main categories of tokens: security tokens, utility tokens, and payment tokens.
The PACTE Act, however, created two specific categories: tokens (jetons) and digital assets (actifs numériques).
Tokens are intangible assets representing digitally one or several rights that may be issued, registered or transferred through a distributed ledger that allows the direct or indirect identification of the owner of the token.
Digital assets are defined more broadly as any digital representation of value that is not issued or guaranteed by a public authority and does not qualify as legal currency, but is accepted by legal or natural persons as a medium of exchange, and can be transferred, stored or traded electronically. Digital assets also include tokens.
Interestingly, securities may qualify as tokens, as soon as they are registered on a distributed ledger, which is allowed under French law. But such securities would only be subject to securities law – the regulation of tokens, ICOs, or digital assets would not apply to them.
Regarding the distinction between security tokens and digital assets, French law does not use, per se, an analytical framework such as the Howey test. Under French law, securities (instruments financiers) include derivatives contracts, equity securities, bonds, and shares in collective investment schemes. To determine whether a token qualifies as one of these subcategories, a judge would consider the purpose of the implicit agreement between the token issuer and the subscriber, as well as the rights granted to the subscriber (ie, if a tokenholder is entitled to a fixed share of the benefits of the entity issuing the token, that token would qualify as an equity security, and therefore as an instrument financier).
As with various other business models (eg, decentralised finance or DeFi), stablecoins became mainstream after the PACTE Act was drafted. Therefore, they are not mentioned in the DASP regulatory framework.
The potential qualification of certain stablecoins as electronic money has been discussed among regulatory authorities since the beginning of 2019. The advice on crypto-assets of the European Banking Authority (EBA) of 9 January 2019 precisely mentioned that possibility. Digital assets may theoretically qualify as electronic money if they satisfy the following six conditions:
Therefore, a stablecoin issued by an entity under contractual terms allowing any holder of units of the stablecoin to redeem them at face value at any time could theoretically qualify as electronic money. However, the consequences of this qualification would be highly unclear, since the regulation of electronic money issuers and distributors is not designed to apply to entities issuing, receiving or transferring stablecoins.
This qualification should not be extended to “algorithmic” stablecoins which use a formula to maintain their peg (since there would be no deposit of fiat currency) and, more notably, to decentralised stablecoins such as Dai.
In any case, we expect that the EBA will publish detailed guidelines on stablecoins in the upcoming months. A new version of the Revised Payment Services Directive (PSD 2) would also be needed if stablecoins were to be treated as electronic money.
In France, only the euro is legal tender. A creditor is only required to accept a payment made in euros. However, parties to a contract may agree to use a digital asset as payment. Legally, such operation would be regarded as an exchange rather than a legal payment.
In practice, various French retailers and websites accept payments made with digital assets (a list can be found at the following link: https://bitcoin.fr/depenser-ses-bitcoins/). Most of these retailers use an external provider which automatically converts the digital assets received from the client to euros (eg, Bitpay), shielding the retailer from price volatility.
Digital assets remain rarely used as medium of payment. They tend to be hoarded by their owners, who believe that their price will increase in the long run, and therefore would rather spend euros than digital assets. In addition, using digital assets for payment is impractical in many cases: most counterparties would refuse them due to the risk of loss or theft, the inability to deposit them in a bank account, their volatility, the anti-money laundering concerns, or the accounting and tax issues.
Non-fungible tokens (NFTs) do not qualify as tokens (jetons), as per the definition set out by the PACTE Act (since tokens are defined as intangible goods representing digitally one or several rights which can be registered on a distributed ledger).
NFTs would not qualify either as digital assets (actifs numériques), since the PACTE Act definition states that digital assets are supposed to be “accepted by natural or legal persons as a medium of exchange.” While NFTs can be easily transferred, they should not be regarded as medium of exchange since they are not fungible, and are actually meant to be collectibles.
Therefore, until guidelines are issued by the AMF to cover NFTs, these tokens fall outside the regulation. The issuance or sale of NFTs would instead be subject to the laws applicable to the online sale of goods (ie, e-commerce).
Although digital assets are quite popular in France, no French exchange platform has reached a global scale. The French digital assets exchanges mostly focus on the French market.
France-based exchanges include:
Both Paymium and LGO are custodial exchanges, although LGO is developing a technology which would allow its exchange to function in a non-custodial way.
Another well-known French company is Coinhouse, which acts as a broker rather than as an exchange (ie, clients may buy or sell digital assets to or from Coinhouse at a fixed price, but cannot trade between themselves). Coinhouse obtained the first DASP registration with the AMF in March 2020. As of May 2020, Coinhouse remains the only French registered DASP.
As far as we know, no decentralised exchange (DEX) is registered in France or operated by an entity incorporated in France.
Custodial exchange platforms remain the most convenient way to exchange fiat currency for digital assets. As French exchange platforms do not provide the same level of liquidity and low fees as their better-known competitors, most French clients create trading accounts with foreign exchange platforms. The tricky part often resides in depositing euros in the trading account – some French banks refuse to perform wire transfers when the receiving account is associated with a digital assets exchange.
Other options are available to French clients include:
The regulation of payment services (ie, the European equivalent of money transmission) does not directly apply to fiat-to-crypto exchanges – and does not apply at all to crypto-to-crypto exchanges. In January 2014, the ACPR published a guideline which makes clear that receiving legal currency from a digital assets buyer in order to transfer that legal currency to a digital assets seller qualifies as a payment service. Crypto-fiat exchanges or brokers are covered by the ACPR’s guideline and must therefore become payment institutions or agents of a payment services provider. In practice, crypto-fiat brokers avoid that obligation by buying and selling digital assets with their own account.
The DASP regulatory regime requires the following entities to fully comply with the anti-money laundering (AML) legislation:
Other actors (ie, mostly DASPs that do not provide custody or crypto-fiat brokering services) are not subject to any AML obligation, although they often choose to voluntarily apply due diligence measures (such as collecting and verifying identification documents, analysing the source of funds, screening clients against sanction lists, etc).
The AML legislation which must be applied by the above-mentioned entities derives from the Directive (EU) 2015/849 of 20 May 2015 on the prevention of the use of the financial system for the purposes of money laundering or terrorist financing (AMLD 4), as amended by Directive (EU) 2018/843 of 30 May 2018 (AMLD 5). To sum up, these entities are subject to the same rules as traditional financial entities (such as banks, insurance companies, payment institutions, etc).
As explained in 2.2 International Standards, the scope of the AMLD 5 with respect to digital assets is more limited than that recommended by the FATF Recommendations. The FATF also recommends that crypto-to-crypto exchange services, entities facilitating the transfer of digital assets, and entities providing financial services related to an ICO be subject to the AML legislation. Including these entities in the scope of the AML legislation will require an amendment of the AMLD 5.
Digital assets exchange platforms are not regulated per se. Operating an exchange platform is a digital assets service, but providing this service does not require a mandatory registration with the AMF. Therefore, entities providing that service can voluntarily apply for a DASP licence with the AMF.
However, in practice, most digital assets exchange platform will be regulated, for the following reasons.
Therefore, all custodial exchange platforms will be subject to the regulation (either the DASP regime or both the DASP regime and the payment services legislation).
In addition, exchange platforms that obtain the optional DASP licensc will have to comply with additional obligations, such as:
Licensed exchange platforms may not trade for their own account on their platform, unless such trades are only meant to provide liquidity, and are proportionate to the traded digital asset’s market capitalisation. In addition, licensed exchange platforms may not profit from “inside information” (defined as “information likely to harm the integrity of digital assets markets”), and their employees are subject to trading restrictions.
Licensed digital asset custodians may not use their clients’ digital assets for any purpose without the clients’ consent. In addition, licensed custodians must segregate the digital assets belonging to their clients from their own digital assets.
The ability of licensed custodians to use (or re-hypothecate in any way) their clients’ digital assets, even with their consent, is limited by a provision requiring the custodian to make sure that, at any time, the amount of digital assets it holds on behalf of its clients is equal to the amount of digital assets for which it actually controls the private keys. Therefore, in practice, re-hypothecation could work, but only among clients of the custodian (because the custodian would keep the private keys of all re-hypothecated digital assets). Re-hypothecating digital assets to non-client third parties would be forbidden, as the custodian would lose control of the private keys related to the digital assets.
However, the above-mentioned rules normally apply to licensed custodians, and not to licensed operators of exchange platforms. It is unclear whether a licensed operator of exchange platform (which would also provide custody services) would have to respect them.
Wallet providers are treated as digital asset custodians (see 2.1 Regulatory Overview and 7.3 Custody), as soon as the entity actually controls the private keys related to the digital assets deposited by clients.
If the wallet provider merely allows a client to create and manage its own wallet and private keys, it should not be subject to the DASP regime (whereby digital assets custodians are required to register with the AMF). In principle, whether the wallet is created by the client using a dedicated website or through software which first needs to be downloaded should not make a difference.
Finally, entities which manufacture and sell “hardware” wallets (such as Ledger) are not subject either to the DASP regime, since their wallets are designed to make sure that the wallet manufacturer is never able to know the private keys of their clients.
As further explained in 2.1 Regulatory Overview, the PACTE Act created a tailor-made regulatory regime for ICOs. Tokens issuers are now allowed to apply for an approval (or visa) from the AMF, as soon as they are incorporated in France or have a French branch or subsidiary.
Applying for the AMF’s approval is optional – ICOs conducted without the approval are allowed. The approval is meant to be used as a proof of the seriousness of the project.
The distinction between securities offerings and ICOs was clarified through a specific provision of the PACTE Act: whenever the tokens offered in an ICO qualify as securities, they are entirely governed by securities law. The technology used to issue the tokens has no impact on their legal qualification. Therefore, the issuance of tokens is mostly viewed as a commercial activity – notably from a tax and accounting perspective. From an accounting perspective, tokens issuances are actually often treated as deferred revenue.
The regulation of ICOs by the PACTE Act was conceived before Initial Exchange Offerings (IEOs) became a trend. Therefore, IEOs are not regulated, per se, under French law. The same reasoning as the one used for ICOs should apply: the issuance would be subject to securities law if the tokens qualify as securities. Otherwise, the issuer would have the possibility to apply for the AMF’s approval.
The exchange platforms used for IEOs may be required to register with the AMF if they provide custody or crypto-fiat brokering services. However, exchange platforms are not subject to any specific regulatory regime with respect to IEOs.
The PACTE Act allows two categories of regulated alternative investment funds to invest in digital assets: professional specialised investment funds (FPS) and professional private equity funds (FPCIs). FPCIs may only invest up to 20% of their assets in digital assets, while FPS are not subject to any limitation.
Only professional clients may subscribe to or purchase the shares of FPS or FPCIs. In addition, FPS and FPCIs must be managed by a licensed asset manager. Managing funds invested in digital assets does not require a specific authorisation, but the programme of activity of the asset manager (which sets out the organisational structure of the asset manager) needs to be adapted to digital assets. As the programme of activity must be validated by the AMF, the regulator can keep an eye on alternative investment funds which invest in digital assets.
In December 2018, Napoleon AM became the first licensed asset manager with a clear focus on digital assets. Napoleon AM launched its first FPS invested in digital assets in November 2019.
However, both FPSes and FPCIs must appoint a depositary. The depositary is notably in charge of the custody of the assets owned by the funds. Here lies the issue: French depositaries are currently not willing to take care of the custody of digital assets, since the legal and operational risk is deemed too high. Therefore, in practice, the first FPS launched by Napoleon AM does not directly hold digital assets, but rather purchases listed derivatives on digital assets, which qualify as financial instruments.
Finally, the list of the services on digital assets created by the PACTE Act includes the management of individual portfolios of digital assets on behalf of clients. Providing such service does not require a mandatory registration. However, each client’s portfolio must be managed separately (ie, the entity managing the portfolios is not allowed to pool the clients’ assets).
The regulatory framework of DASPs covers various services, as soon as they relate to digital assets. Certain of these services would typically be provided by broker-dealers or other financial intermediaries, such as receipt and transmission of orders on behalf of third parties, underwriting, and placing with or without a firm commitment.
However, providing these services does not require a registration with the AMF. DASPs providing these services may only apply for an optional licence.
No regulation or judicial precedent specifically applies to the enforceability of smart contracts.
The French legal community tends to distinguish two situations.
The first difficulty with this second situation would reside in the applicability to such a contract of the rules related to the validity of agreements. Under French law, an agreement is valid if the contracting parties consented to enter into that agreement, and if their consent was free and exempt from flaws (eg, lack of sanity, duress, etc). Making sure that the parties consented to enter into the agreement also requires identifying the parties.
Then, the actual enforceability of the agreement would be made impractical by the lack of jurisdiction and choice of law clause. Regulation (EC) 593/2008 of 17 June 2008 on the law applicable to contractual obligations (the Rome I Regulation) allows parties to incorporate by reference into their contract a “non-State body of law” but still provides that an agreement must always be governed by the law of a country. However, French law considers arbitration rulings based solely on a non-state body of law (such as lex mercatoria) to be valid. Therefore, blockchain-friendly litigation systems (such as Kleros or Aragon) could in theory produce binding decisions.
In any case, we expect that the validity and enforceability of smart contracts will continue to be the focus of many legal debates during the coming years. We do not expect that the Civil Code (which contains the core principles of contract and tort law) will be modified in the near future to cover smart contracts.
Whether developers of smart contracts or blockchains could be held liable under French law for losses arising through the use of their software remains unclear.
First, a developer may only be held liable if it is identifiable. In the blockchain economy, many software or smart contracts are developed by people using pseudonyms. A liability lawsuit against a pseudonymous person would be bound to fail.
Finally, with respect to open source or free-to-use software, which does not require any authorisation from its developer to be run (eg, a smart contract whose code would be freely available on Github), the liability risk of the developer would probably be non-existent, unless it could be demonstrated that the developer had a fraudulent intent. Even if the software code contained a gross security flaw, a judge would likely rule that the user who suffered a loss should have known that the use of the software was risky, and should have reviewed the code before running it.
So far, the entire space of decentralised finance (DeFi) has stayed under the radar of the regulatory authorities. The PACTE Act was mostly drafted between 2018 and the beginning of 2019, when DeFi was a niche in the broader digital assets economy. The PACTE Act created a regulatory framework largely for digital assets custodians, brokers, and exchange platforms.
Therefore, the regulatory status of DeFi remains unclear. Until a clear position is published by the French regulators or the law is modified, platforms matching borrowers and lenders of digital assets should be regarded as legal.
More specifically, receiving repayable funds from the public and granting credits (ie, the core banking services) are only allowed for regulated credit institutions. The French “banking monopoly” is stricter than in many countries, although various exceptions allow entities that are not credit institutions to grant loans or payment terms having a similar purpose. However, the regulation of banking operations applies to “funds,” which include banknotes and coins, and scriptural or electronic money. Digital assets, which do not qualify as funds, are outside of the scope of the regulation of credit.
Two legal risks should nevertheless be noted:
First, that the regulation of consumer credit does not refer to the notion of funds. Consumer credit is credits granted to natural persons acting outside of their professional activity, when the amount of the credit isbetween EUR200 and EUR75,000 and the credit is unrelated to the acquisition or maintenance of a real property. Since “credit”, within the meaning of this specific regulation, is not defined as the fact of lending funds or money, but only as the fact of granting a loan, the lending of digital assets could be subject to the regulation of consumer credit, if the above-mentioned conditions are met.
Secondly, DeFi platforms often use stablecoins – whether those stablecoins are issued by an entity (Tether, Gemini Dallor, Paxos Standard, etc) or by a smart contract in a decentralised manner (such as Dai). For example, DeFi platforms may advertise a USD10,000 loan backed by a digital asset collateral, and actually transfer to the borrower the equivalent of USD10,000 in a certain stablecoin.
Stablecoins may qualify as electronic money, as explained in 3.3 Stablecoins, although such qualification would probably require that the PSD 2 be updated.
While the above-mentioned legal risks cannot be ignored, we consider that applying the regulation of credit or electronic money to DeFi platforms would require more than a mere position of the AMF or the ACPR. A modification of the law would at least be required. In addition, since the regulation of electronic money and payment services arise from EU Directives, we expect that these issues will be tackled at EU level – if necessary through modifications of the PSD 2 and the EMD 2.
The use of digital assets as collateral for loans is not currently regulated. As a general rule, any intangible good may be pledged as collateral for a loan. Under French law, digital assets are regarded as intangible goods. However, the French Civil Code provides that pledges on intangible goods, which are not subject to a specific regulation (ie, claims, securities accounts, business assets), are governed by the rules applicable to pledges on tangible goods. These rules provide that a pledge is effective against third parties when it has been published in a special registry maintained by a public authority, or when the pledged good has been transferred to the creditor or to a third party.
Therefore, pledges on digital assets should be effective under French law, as soon as the pledged digital assets do not remain in the possession of the debtor. This rule is consistent with how digital assets work in practice: since the knowledge of the private key is sufficient to transfer a digital asset at any time, the creditor needs to make sure that the debtor cannot transfer the digital assets once they are pledged. Trusted third parties, such as technology-savvy notaries, would probably be chosen to receive and keep the pledged digital assets.
Sophisticated smart contracts could also be used to ensure that the pledged digital assets do not remain in the possession of the debtor – for example, an oracle could be given the responsibility to transfer the pledged digital assets back to their original owner once the loans is repaid, or to the creditor if the debtor is in default, without actually receiving the pledged digital assets.
With respect to pledges on security tokens, the regulation applicable to pledges of securities applies. The modification of the French securities law allowing certain securities to be recorded and issued on a distributed ledger (see 2.1 Regulatory Overview) actually includes rules on pledges of such securities. Again, only the legal nature of a good matters – whether or not it is recorded on a distributed ledger is a mere technical modality without legal implications.
As explained above (see 2.1 Regulatory Overview), providing custody services with respect to digital assets is a regulated activity which requires a registration with the AMF.
Custodians of digital assets are subject to different obligations depending on whether they are registered or licensed. In theory, registered custodians are not subject to any specific obligation with respect to their activity, although the AMF will in practice monitor the security measures used to safeguard the digital assets during the registration process.
Licensed custodians, on the other hand, are notably required to segregate the digital assets deposited by its clients from their own, allow clients to benefit from potential forks, and make sure that digital assets may only be transferred if the transaction is validated by several of its agents (eg, by using multi-signature wallets). Licensed custodians are also forbidden from using their clients’ digital assets without their approval.
Regulation (EU) 2016/679 of 27 April 2016 (the General Data Protection Regulation or GDPR) guarantees certain rights for individuals in relation to their data, such as the right of access, the right to erasure, the right to rectification, and the right to object to processing. Whether these rights can be enforced with respect to public blockchains remains unlikely, since they are not maintained by a single entity. Likewise, regarding each node running a digital asset’s core software as a data processor would be highly impractical.
In addition, “personal data” as per the GDPR refers to information relating to an identified or identifiable natural person. The data included in public blockchains, in general, only provides information about pseudonymous addresses and transactions, rather than identifiable individuals. Therefore, data privacy issues may only appear if personal data is broadcasted to the network, for example if it is included in a transaction’s code. (The genesis block of the Bitcoin blockchain famously includes the message “The Times 03/Jan/2009 Chancellor on brink of second bailout for banks.”)
The compatibility of blockchain technology with the GDPR was discussed in an analysis published in September 2018 by the French data protection authority (the National Commission on Informatics and Liberty or CNIL). The CNIL considers that the GDPR applies as soon as personal data is contained in a blockchain. However, the CNIL acknowledges that enforcing the GDPR is impractical with respect to public blockchains, and recommends not storing unencrypted personal data in a blockchain.
The difference between data privacy and data protection is subtle, and most of the rules arising out of the GDPR actually focus on data privacy (ie, the rights of individuals with respect to the collection and processing of their personal data).
Data protection rules focus on the role and responsibility of the entity processing the personal data. For example, Article 32 of the GDPR provides that data controllers and data processors should implement appropriate technical and organisational measures (such as encrypting personal data and regularly testing security systems) to ensure that the security level is adequate.
With respect to public blockchains, as explained in 8.1 Data Privacy, two issues arise: (i) the data included in the blockchain generally does not qualify as personal data, and (ii) identifying a data controller and/or data processor is in practice almost impossible. Still, common sense measures should be implemented when including personal data in the blockchain, as empahsised in the CNIL analysis. For example, if a document containing personal data is “uploaded” to the blockchain as a way to prove its authenticity and/or to timestamp it, that document should be encrypted.
The mining of cryptocurrencies is not regulated in France. In practice, very few companies mine cryptocurrencies in France, since the business has not been profitable in the last few years due to the prices of both electricity and cryptocurrencies. Some investment schemes have grown in the last few years, whereby investors purchase stakes in mining operations located abroad (generally in Asian countries) and collect the profits of the mining, if any. In these schemes, the investor does not purchase shares of the mining companies, but purchases directly one or several mining Application-Specific Integrated Circuits (ASICs) which are operated on its behalf by the mining company.
In 2019, a parliamentary report on cryptocurrencies suggested that French miners be exempted from the tax on electricity consumption (called TIPCE), in the same way as other “electro-intensive” industries (such as data centres). It is unlikely that such a measure will be adopted in the near future, as the environmental impact of cryptocurrencies remains a concern.
Staking is not regulated per se in France. Like other business models which emerged after 2018 (eg, lending and DeFi), it was not included in the list of the digital assets services of the PACTE Act.
However, “staking as a service” businesses would indirectly be subject to the regulation, since staking digital assets on behalf of a third party would qualify as providing the service of custody of digital assets – which requires a registration with the AMF.
Coinhouse, the prominent French broker of cryptocurrencies, which was the first to become a registered DASP in March 2020, launched a staking service focused on Tezos in December 2019.