Blockchain 2021 Comparisons

Last Updated June 17, 2021

Contributed By Jones Day

Law and Practice


Jones Day is a global law firm with more than 2,500 lawyers in 43 offices across five continents. Jones Day's fintech practice fields a team of over 100 lawyers across 14 practices and 15 jurisdictions worldwide. In Germany, 14 lawyers, including seven partners, focus on fintech for the firm. Publishable clients include the DAX-listed Deutsche Börse AG, one of the largest stock exchange operators in the world; Exporo AG, a German fintech company specialising in crowdfunding and blockchain-based real estate (re)financing; Landesbank Baden Württemberg, in connection with the first blockchain-based asset-backed commercial paper; Eurazeo Growth; Alliance Ventures; Millicom International Cellular SA; and Celonis, one of the German unicorns.

The German blockchain industry has undergone dynamic development over the past two years, with maturing fintechs and a significant increase in the number of established financial institutions entering the market in combination with a growing interest from institutional investors. We have also seen a number of legislative reforms and innovations accompanied by enhanced legal and regulatory certainty. The German government supports blockchain-based innovation across industry sectors with its blockchain strategy, published on 18 September 2019 (see 2.9 Other Government Initiatives). Since then, legal and regulatory certainty for blockchain innovation has been enhanced through regulation and guidance from the German Financial Services Supervisory Authority (Bundesanstalt für Finanzdienstleistungsaufsicht or BaFin). Notably, Germany was the first EU country to introduce a crypto custody licence in 2020 and is about to introduce a fully regulated environment for digital securities in 2021. Last but not least, investment fund regulation is about to be amended to facilitate crypto funds and permit existing fund to invest in crypto-assets. This is accompanied by a new initiative of the German government to introduce digital identities using blockchain technology to facilitate, inter alia, AML compliance.


The financial industry in particular has driven innovation in the German blockchain market (and Jones Day has advised on a large number of these transactions).

In February 2019, BaFin approved the prospectus for the first securities token offering (STO) in Germany by Bitbond. STOs from the real estate investment companies Fundament and Exporo followed. In February, Landesbank-Baden Württemberg and MEAG (the asset manager of re-insurance giant Munich Re) launched the first blockchain-based asset-backed commercial paper transaction. Continental and Siemens, two of the largest German corporates, piloted the first commercial paper issuance together with Commerzbank and Main Incubator (Commerzbank's research and development unit). In March 2019, Commerzbank, Main Incubator and Deutsche Börse launched the first blockchain-based securities repurchase transaction and a version 2.0 of this with MEAG. In August 2019, Daimler, Commerzbank and Main Incubator used blockchain for machine-to-machine payments in connection with the automated recharging of electric trucks. Other pilot transactions relate to the use of blockchain for derivatives and asset management.

In 2020, real-estate tokeniser Exporo introduced its own trading platform. Bloxxter (premium real estate) and 8Pitch (real estate in Mallorca) joined the market. Real estate company PREOS used blockchain technology to tokenise its shares.

On the SME-financing front, Kapilendo (renamed BOXXON) has continued to expand its business to include crypto custody and has by now closed 224 financing transactions.

The crypto-asset trading platform of Börse Stuttgart, established in 2019, was able to attract more than 200,000 users and a trading volume of EUR1 billion toward the end of 2020.

Vonovia, one of the largest German traditional real estate companies, was the first German DAX company to issue a blockchain-based digital bond with a nominal amount of EUR20 million and a term of three years subscribed by Hamburg-based M.M. Warburg & Co.

In 2020, Germany also saw the first German crypto fund for institutional investors being launched by Hauck & Aufhäuser.

Another element facilitating growth in the German market is the extension by Deutsche Börse of its centrally cleared crypto offering of exchange traded notes on Xetra referencing Ethereum and Bitcoin Cash.

In 2020, we have also seen a number of established financial institutions exploring the potential of blockchain.

We expect the market to grow in 2021 with the draft German Electronic Securities Act (Draft ESA) and an amendment to German fund regulation expected to come into force in the first half of 2021. The new laws will permit the issuance of bonds and fund units in blockchain format and will also enable certain public funds to invest in crypto-assets.

One key factor for the development of blockchain-based business models are secure and reliable payment solutions ("cash on ledger"). With cryptocurrencies being rather volatile, stablecoins sometimes proving not as stable as hoped, and no digital euro yet available, this may be considered a major hurdle. Germany has taken a leading role in promoting the introduction of a digital, programmable blockchain-accessible euro to leverage the benefits of blockchain, such as automated execution of trades and payments through smart contracts.

In 2020, the German Bundesbank (Deutsche Bundesbank) led a working group of a large number of German financial institutions, corporates and fintechs to discuss the use of digital currencies and published its report in December 2020. In March 2021, the Deutsche Bundesbank, Deutsche Börse, Germany’s Finance Agency together with Barclays, Citibank, Commerzbank, DZ Bank, Goldman Sachs and Société Générale successfully tested a settlement interface between blockchain-based transactions and traditional payment systems (a so-called “trigger solution”). The trigger solution could operate as an intermediate solution prior to the introduction of a central bank digital currency (CBDC) for the cash settlement of blockchain transactions on a large scale between financial institutions.

The development of (self-sovereign) digital identity concepts for natural and legal persons as well as machines has recently come into focus. The 2020 Banking Award winning IDunion project has attracted more than 120 partners from the corporate and financial industry. The German government announced a digital identity initiative in December 2020 using blockchain technology as one of the core elements. The initiative is pro-actively supported by the German banking industry with the view to digitalise AML compliance.

A particular strength of the German blockchain market is the holistic cross-industry approach bringing together the building blocks needed for a token economy – ie, the creation of digital assets, the provision of digital platforms, a digital euro and digital identities. The future of blockchain in Germany will, however, also depend on the willingness of market participants, including the famous German Mittelstand and financial institutions, to embrace the technology, increase their co-operation with fintechs and identify potential use cases and associated business models. The COVID-19 pandemic has accelerated digitalisation including blockchain technology.

Energy and Industrie 4.0

The government's blockchain strategy also explores use cases in the energy sector. German companies have already started to use blockchain in this sector. For example, Hamburg-based Enerchain operates a blockchain-based energy trading infrastructure in which more than 40 of the leading European utilities participate. A report published by the German Energy Agency (Deutsche Energie-Agentur) identifies blockchain potential in decentralised energy production and peer-to-peer trading. Initiatives like C/Sells, BloGPV and ETIBLOGG sponsored by the German Ministry for Economy and Energy (Bundesministerium für Wirtschaft und Energie) are developing decentralised blockchain-based storage, generation and trading of energy with a number of pilot projects on their way. Another growth area is the creation and tracking of certificates of origin for green energy, which is expected to gain importance in light of the "Green Deal" announced by the European Commission in December 2019.

The German industry platform "Industrie 4.0", which represents the majority of Germany's manufacturing companies, is using blockchain as part of the industry platform for automated machine-to-machine communication, contracting and payment that is currently being developed.


Boosted by the new Draft ESA, it appears likely that, in the course of 2021 and going forward, a larger number of issuers and fund managers will start using blockchain technology to replace the traditional (paper-based) way of issuing securities and fund units.

So far, digital innovation has mainly been driven by fintechs and smaller financial institutions that have the necessary flexibility to quickly integrate a new technology into their processes. Larger financial companies are, however, catching up. For example, the traditional custodian banks have been thoroughly assessing the viability of different custody models, sometimes in co-operation with fintechs or competitors.

Other growing business models are token-based SME financings, asset tokenisation and trading, as well as cross-border payments, mainly with a consumer focus. For example, Exporo, a real estate crowdfunding platform from Hamburg, is successfully tokenising real estate cash flows and also offers these tokens to consumers via its trading platform.

On the B2B side, Deutsche Börse's HQLAx platform is one of the most advanced blockchain business models in the market. HQLAx stands for high quality liquid asset exchange, which provides a blockchain-based collateral and liquidity management platform for financial institutions with (close to) real time settlement. In 2020 BNY Mellon, BNP Paribas Securities Services, Citigroup and Goldman Sachs announced their commitment to connect to the HQLAx platform. This is a huge step forward in the in use of blockchain technology by established financial institutions, given the large volumes of collateral handled by these institutions which will then come onto the platform.

Supply Chains

In the real economy, Blockchain applications are still less common than in the financial industry. However, according to a survey conducted by Bitkom, an association that represents more than 2,700 companies active in the digital economy, blockchain has great potential in the management of supply chains to assist with quality control management, tracking of products and a reduction of costs in connection with cross-border deliveries and a reduction of paper-based export/import documentation as well as the development of new pay-per-use models. This will be of particular relevance given the current discussion in connection with the proposed draft Supply Chain Act (Lieferkettengesetz). Other areas with potential include data security and the development of trading platforms as well as the sharing of goods and services, for example in the mobility and e-commerce sector, such as reusable packaging and tracking systems.


Finally, blockchain technology and non-fungible tokens (NFTs) are finding novel business applications in the intersection of the automotive and media industries. Holoride, an Audi spin-off creating in-vehicle augmented reality passenger entertainment solutions, is deploying blockchain technology and NFTs to bring transparency to its ecosystem so that car manufacturers can see how much time was spent with Holoride experiences in their cars and content creators have transparency on how much time was spent with the title they have created for the entertainment platform.

Similarly, Deutsche Börse announced its strategic partnership with fintech 360X AG to develop new blockchain-based digital marketplaces and ecosystems for existing real asset classes such as art and real estate in order to facilitates investment in asset classes that have so far been illiquid. One of the most prominent examples being the sale of the NFT token representing Mike Winkelmann’s (aka Beeple's) digital art work “EVERDAYS: THE FIRST 5000 DAYS” by Christies for USD69,346,250.

There are no specific rules on decentralised finance protocols in Germany. Hence, automated market makers, wallet aggregators, decentralised synthetic investment platforms, decentralised prediction markets, decentralised stablecoins and decentralised lending platforms are subject to the general regulatory framework, including corresponding licence requirements for brokerage and lending activities.

Germany has not implemented a specific regulatory regime applicable to market participants using blockchain technology or cryptocurrencies. The German regulator has taken the approach that the regulatory regime is "technology neutral". As a result, the same regulatory requirements applicable to traditional financial instruments also apply when issuing, trading or selling digital assets using blockchain technology if they resemble a traditional financial instrument.

However, Germany has also implemented blockchain-specific rules, such as a licensing requirement for offering crypto custody services, such as wallet administration and securing private keys. With the Draft ESA, Germany will also introduce a regulatory framework for electronic securities (including blockchain-based crypto securities) as well as electronic fund units (including blockchain-based crypto fund units). In addition, BaFin has developed specific guidance on the regulatory treatment of tokens, including the special treatment of certain asset investments in token form as “securities sui generis” for regulatory purposes. Such tokens are treated as securities (sui generis) for trading purposes and prospectus requirements.

Cryptocurrencies, STOs and Token Regulation

As early as 2013, BaFin classified cryptocurrencies, such as bitcoin, as “financial instruments” for the purposes of the German Banking Act (Kreditwesengesetz) in the form of a unit of accounts (Rechnungseinheit).

The regulator has, from the beginning, followed a “substance over form“ approach. On a case-by-case basis it must be determined whether or not a token is comparable to a share, bond or fund unit, a so-called “asset investment” (Vermögensanlage) or other subcategory of “financial instrument” such as a crypto-asset (Krpyptowert) or even e-money. As a consequence, the regulatory provisions applicable to the relevant type of regulated instrument, including the respective licence, organisational and prospectus requirements pursuant to the German Banking Act (Kreditwesengesetz), the Securities Trading Act (Wertpapierhandelsgesetz), the Capital Investment Act (Kapitalanlagegesetz), the Asset Investment Act (Vermögensanlagegesetz) and the Payment Services Supervisory Act (Zahlungsdiensteaufsichtsgesetz) are applicable. Notably, as of 1 January 2020, the German legislature broadened the definition of financial instruments for purposes of the German Banking Act (Kreditwesengesetz) to include the new category of “crypto-assets” (Kryptowerte). Accordingly, based on this broad definition, as of 1 January 2020, virtually all virtual currencies are now subject to regulation in Germany under the German Banking Act (Kreditwesengesetz). One of the consequences is that only licensed banks or investment firms may provide brokerage services and must apply the same rules as for traditional financial instruments.

Similarly, whether a prospectus or other investor information must be provided to (potential) investors in connection with an offer of “tokens” to the public depends on whether the relevant token meets the criteria of an “asset investment” pursuant to the Asset Investment Act (Vermögensanlagegesetz) or a “security” for purposes of Regulation (EU) 2017/1129 on the prospectus to be published when securities are offered to the public or admitted to trading on a regulated market (Prospectus Regulation).

In the context of STO offerings in Germany, BaFin has developed the notion of "securities sui generis" whereby assets that qualify as “asset investments” (Vermögensanlagen) and not as “securities” are considered to qualify as “securities” for regulatory purposes if issued in token format (see 5.2 Initial Exchange Offerings). The token-related metamorphosis into a security makes the issuance, distribution and trading of the token subject to the licensing and organisational rules established by Directive 2014/65/EU on Markets in Financial Instruments (MiFID) as implemented in the German Banking Act (Kreditwesengesetz) and the German Securities Trading Act (Wertpapierhandelsgesetz) as well as the Prospectus Regulation. The benefit of this is that service providers and issuers can take advantage of the passporting regime whereby MiFID-regulated investment services and prospectuses approved under the Prospectus Regulation can be provided and distributed in other EU jurisdictions (see 5.1 Initial Coin Offerings).

Securities Law Reform

In August 2020, the German ministry of finance and consumer protection (Bundesministerium der Justiz und für Verbraucherschutz) and the German ministry of finance (Bundesministerium der Finanzen) published the initial bill for the introduction of electronic securities under German law. It was followed by the German government’s proposal in December 2020. The Draft ESA permits the issuance of securities (e-securities) and fund units (e-fund units) in electronic form. For the time being, e-securities are limited to bearer bonds to exclude registered bonds and notably shares, but the Draft ESA is designed to permit other forms of securities going forward.

E-securities and e-fund units

The Draft ESA provides that for e-securities, the requirement of a paper‑based note is replaced by the entry of the e-securities into a register operated by a supervised entity. The register may be a central register that must be operated by a central securities depositary (CSD) under a CSD licence or by a depositary (Verwahrer) under a depository licence. Alternatively, the register may also be a decentralised register, a so-called crypto security register (Kryptowertpapierregister), in order to permit the issuance of blockchain-based e-securities as security tokens, which the Draft ESA refers to as crypto securities and treats as a subcategory of e-securities. The crypto security register may be operated by the issuer or a third-party registrar appointed by the issuer. The crypto registrar will be subject to regulatory supervision by BaFin, and will require a licence for the provision of crypto security registration services (Kryptowertpapierregisterführung) also triggering AML requirements (see 2.6 Enforcement Actions). The registrar will also be statutorily liable for the correctness of the register and loss of data provided that it did not act fraudulently or negligently.

The terms and conditions of e-securities (and any amendment thereto) must be submitted to the registrar in electronic form. In the case of crypto securities, the registration and certain related information must also be published in the official gazette in Germany and an extract of the register must be made available to the holder upon request (and more frequently in the case of consumers). Transfers will be effected by an agreement between the buyer and the seller and an instruction by the buyer (which can be given electronically) to the registrar to register the buyer as the new holder of the e-securities. The law applicable e-securities is the law of the jurisdiction of the regulator supervising the register.

The Draft ESA also provides for an exchange and consolidation mechanism that will help kick-start the market for e-securities. Issuers may exchange their existing securities into e-securities and vice versa, subject to certain conditions, and both can be consolidated into a single series; e-securities can also be registered in the name of a CSD and can then be cleared and settled under the existing systems. For regulatory purposes, including MiFID and prospectus requirements, they are treated the same way as traditional securities. The exchange and consolidation mechanism and the regulatory treatment in line with traditional securities will facilitate the generation of both a meaningful volume and significant liquidity of securities needed for a functioning market and make it attractive for both, issuers and (institutional) investors.

Notably, the Draft ESA also provides for the issuance of e-fund units and (by way of a delegated regulation) crypto fund units, in each case on the basis of the analogous application of the provisions for e-securities and crypto securities respectively.

A number of details in respect of the e-securities and e-fund units, in particular details relating to, inter alia, the technical requirements are subject to delegated regulations, expected to be consulted in August 2021 and passed in the second half of 2021.

Crypto custody

As of 1 January 2020, Germany introduced a licence requirement for the provision of crypto custody services. Similar to the licence requirement for the safekeeping and administration of traditional securities, this requirement now also applies to the safekeeping, administration and protection of so-called crypto-assets (Kryptowerte) or private keys to crypto-assets. Crypto-assets are broadly defined and, generally speaking, include all tokens that content-wise do not qualify as securities or as money or e-money (ie, in particular, cryptocurrencies). Tokens that qualify as a "security" remain subject to the rules applicable to custodians of traditional securities. In its "Guidelines concerning the statutory definition of crypto custody business" of March 2020, BaFin provides guidance on the scope of the licence requirement and has stated explicitly that any security or investment token representing or being comparable to any traditional financial asset is subject to the crypto custody licence.

Even though the crypto licence requirement is unique to Germany, it also applies to foreign crypto custodians targeting German customers with their services, which means that they need to establish a branch or separate legal entity in Germany.

Crypto custodians that were already providing these services as of 1 January 2020 are deemed to have a licence as of 1 January 2020 until the actual licence is granted provided that they (i) gave notice of their intention to obtain a corresponding licence to BaFin by 31 March 2020 and (ii) filed a licence application by 30 November 2020. The expectation is that approximately ten to twenty enterprises filed an application for a crypto custody licence, mainly fintechs and crypto brokers and, according to the BaFin website no crypto licence has yet been granted. Since crypto custody providers qualify as financial institutions, they will also be required to comply with AML provisions in accordance with Germany’s implementation of the 5th EU Anti-Money Laundering Directive (EU) 2018/843 (see 2.6 Enforcement Actions) as set out in the German Anti-Money Laundering Act (Geldwäschegesetz).

Standards applicable to the blockchain sector proposed by international bodies such as the Financial Action Task Force (FATF) or the Bank of International Settlements (BIS) are taken into account by the German regulator. BaFin participates in consultation on the guidelines and recommendations published by these international standard-setters and examines whether the supervisory provisions and administrative practice are appropriately reflecting these guidelines and recommendations an ongoing basis. For example, in outlining its supervisory approach to AML in the context of crypto-assets, BaFin explicitly refers to the FATF Guidance for a Risk-Based Approach to Virtual Assets and Virtual Asset Service Providers, published in 2019.

The regulatory body most relevant to businesses or individuals using blockchain in Germany is BaFin. That is because activities associated with blockchain to date have mainly been related to cryptocurrencies and the issuance of tokens and, therefore, tend to touch upon regulated financial activities, such as brokerage (eg, in the case of crypto-exchanges), money transfers (eg, cryptocurrency exchange), crypto custody (eg, wallets), the public offering of financial instruments (eg, ICOs and STOs) or the issuance of e-money (as one of the solutions for a cash on ledger concept). These activities may require a licence, fall within the scope of AML regulations and/or may trigger prospectus requirements. Other relevant authorities include the Data Protection Agency (Datenschutzbehörde) either on the state or federal level, the Federal Office for Information Security (Bundesamt für Sicherheit in der Informationstechnik) responsible for IT and cybersecurity, and the Federal Network Agency (Bundesnetzagentur) as the regulatory authority for telecommunication and electricity and gas.

To date there is no private organisation in Germany that performs a (quasi) regulatory role with respect to businesses or individuals using blockchain in Germany.

However, there are a number of private organisations active in the blockchain space promoting the use of blockchain in Germany as well as facilitating the setting of technical and regulatory standards. Examples include the Federal German Blockchain Association (Blockchain Bundesverband) and related associations at state level, the Frankfurt School Blockchain Centre at the Frankfurt School of Finance & Management, the International Token Standardization Association (ITSA) based in Berlin and the European Blockchain Association (EBA) based in Munich. The EBA has recently announced that it is assessing the feasibility of offering a voluntary contract-based certification for providers of staking infrastructures (PoSIs) which comply with (yet to be developed) security and reliability standards.

There are hardly any judicial decisions in Germany in respect of blockchain or digital assets. The most notable decision is the decision of the Higher Regional Court of Berlin of 29 September 2018. In this case, the provider of a platform on which bitcoin could be traded was accused of having conducted banking business without a banking licence (which constitutes a criminal offence). Since 2013, BaFin has taken the view that bitcoins qualify as financial instrument in the form of units of account (Rechnungseinheiten) and, therefore, certain trading activities relating to bitcoin require a banking licence pursuant to the German Banking Act (Kreditwesengesetz). In contrast to BaFin, the court held that bitcoins do not qualify as ”financial instruments” in the form of units of account (Rechnungseinheiten) and, therefore, the defendant did not require a licence. However, while BaFin expressly took note of the decision, it made it clear that this would not change its administrative practice.

There have been a few blockchain-related enforcement actions in Germany.

In February 2019, BaFin stopped the STO of a company called RISE offering algorithmic trading strategies with a return based on licensing fees generated by the RISE trading system. It was the first time the German regulator stepped in and prohibited an STO in Germany on the basis that the offer was made without the required prospectus.

On 21 October 2019, BaFin issued an order for Karabit Foundation Belize to stop the issuance of "KaratGoldCoins," holding that this would constitute the conduct of e-money business without having obtained the appropriate licence and started fraud investigations in the aftermath of Karatgold Coin's USD100 million ICO at the beginning of 2019.

On 31 March 2021, BaFin published information about the potential violation of the obligation not to publish misleading marketing information in respect of “PREOS Token”.

On 24 April 2021, BaFin issued a public announcement that Binance, one of the world’s biggest cryptocurrency exchanges, may have offered tokenised shares of Tesla Inc., MicroStrategy Inc. and Coinbase Global Inc., without the corresponding prospectus required by the European Prospectus Regulation.

Apart from enforcement actions, a focus of the German regulator has been AML concerns. In its first “National Risk Analysis to Combat Money Laundering and Terrorist Financing” of 2018/19, the German Federal Ministry of Finance (Bundesministerium der Finanzen) considered the money laundering threat posed by crypto-assets to be a low to medium risk. According to the analysis, crypto-assets are used for terrorist financing only in isolated cases. The ministry also concluded that the risk could increase in the future with more stablecoins coming onto the market. There is close monitoring of criminal activities such as "cryptotrojans", also known as ransomware, tumblers mixing identified or identifiable crypto funds as well as privacy-enhancing currencies such as Monero (XMR).

While there are certain areas of law where technical innovation may be exempted from certain regulatory requirements and be permissible for test purposes, such as autonomous driving, there is no general "sandbox" exemption for fintechs in the financial services space. BaFin has consistently stated that it operates under the "same risk same rules" approach.

In Germany, there are no explicit legal provisions governing the taxation of blockchain or cryptocurrencies. The general tax rules apply. Due to the novelty of the assets concerned, however, their application is not always clear-cut.


As a reaction to the “Hedquist” ruling by the European Court of Justice, both the use of bitcoin as a means of payment and the conversion of cryptocurrencies into fiat (legal currency) and vice versa have been free from German VAT since 2018 (German Federal Ministry of Finance, 27 February 2018, DB 2018, 546). This applies to bitcoin produced by mining as well. The fees of bitcoin exchanges are generally subject to VAT if the exchange is a marketplace technically enabling sellers and buyers to conduct transactions.

Income Tax

While there have been no publications by the fiscal authorities that deal with cryptocurrencies comprehensively, there have been some publications by lower-tier fiscal authorities that address particular issues related to cryptocurrencies (eg, the Fiscal Authority of the State of Hamburg, 11 December 2017, DB 2018, 159). Based on these publications, the current status of income taxation of cryptocurrencies may be summarised as follows.

Cryptocurrencies are considered to be intangible assets for income tax purposes. In case of purchases or sales of cryptocurrencies by a private individual, the transaction is considered to be a private disposal of "other assets", pursuant to Section 22 No 2 and Section 23 (1) No 2 of the German Income Tax Act (Einkommensteuergesetz). The gain or loss is defined as the difference between the selling price, on the one hand, and the acquisition costs and income-related expenses, on the other. Private individuals can benefit from holding periods that may lead to a tax exemption for gains. Depending on the scope of the trading activity by the private individual, trade tax may apply as well. The trade tax burden is offset against income tax.

In the event that cryptocurrencies are traded by a corporate entity, the income from the trade business is subject to taxation pursuant to Section 15 of the German Income Tax Act. In addition to the income tax, trade tax will have to be paid. For corporations, the trade tax cannot be offset against the corporate income tax.

On 18 September 2019, and after a corresponding online consultation, the German government, led by the German Federal Ministry for Economic Affairs and Energy (Bundesministerium für Wirtschaft und Energie) and the Federal Ministry of Finance (Bundesministerium für Finanzen), published the "Blockchain Strategy of the Federal Government". This strategy identifies numerous measures for its implementation across industry sectors and identifies the responsible governmental agencies and their respective task forces. The blockchain strategy is part of the broader technology and digitalisation initiative of the German government led by the Federal Ministry of Economic Affairs and Energy which also includes Industrie 4.0 (see 1.1 Evolution of the Blockchain Market) and self-sovereign digital identities.

With regard to German civil law, the legal nature of digital assets and legal ownership generally has not yet been addressed by the legislature and is subject to debate in legal literature.

Generally speaking, under German law, the transfer of ownership follows different rules depending on the type of asset – eg, there are different rules for the transfer of ownership of moveable assets (bewegliche Sachen) and immovable assets (Grundstücke), claims (Ansprüche), intangible rights (immaterielle Vermögenswerte) and, if none of these apply, as a fallback category, other rights (sonstige Rechte).

Based on the concept that the law is technology neutral, legal literature seems to follow a case-by-case analysis with regard to ownership. Based on the nature of the digital asset and the blockchain-specific transfer/consensus mechanism, the civil law asset category is identified which most closely resembles the nature of the specific digital asset in order to determine the rules governing the transfer of ownership of the digital asset. However, no clear rules have so far emerged from the discussion.

For example, according to some legal authors, the transfer of cryptocurrencies such as bitcoin should qualify as a transfer of a moveable asset provided that the uniqueness of the respective tokens is guaranteed by the system. This is because the transfer requirements for moveable assets closely resemble the technical transfer mechanism used in a blockchain. The transfer of a moveable asset under German law (in simplified terms) requires:

  • an agreement to transfer ownership;
  • the transfer of possession over the asset from the transferor to the transferee; and
  • the right of the transferor to dispose over the asset.

It is argued that the element of transfer of possession seems to be very similar to the concept of control over a private key that is necessary in order to effect a transfer on a blockchain. Other voices argue that a digital asset/token is typically lacking an element of physicality (Körperlichkeit) required to fall within the category of a moveable asset. Accordingly, the transfer of ownership should either follow the rules applicable to other rights (sonstige Rechte) or should be analysed by way of identifying the factual control over the respective token. For the time being (and even though this may not solve all legal issues) from a practical perspective it seems advisable to contractually identify the rights represented by a token and provide for a transfer in accordance with the civil law transfer provisions applicable to the embedded rights and contractually agree on the additional requirement for a token transfer.

Finality of Transfers in a Decentralised System

Similarly, the discussion on how to deal with the fact that, from a technical perspective, the transfer of a digital asset on the blockchain may only become final after confirmation by the respective blockchain consensus mechanism (which may differ depending on the type of blockchain, including proof-of work and proof-of stake concepts) has not been reflected in great detail in the legal discussion. The issue may have implications from a regulatory and insolvency law perspective. This is because there are specific rules for the finality of cash and securities settlements under Directive 98/26/EC on settlement finality in payment and securities settlement systems (Finality Directive) providing for a privileged insolvency treatment of certain settlements. However, it appears that the concept of finality that was developed for classic cash and traditional securities for a centralised system may not necessarily be suitable for validation mechanisms on blockchain networks. It, therefore, remains to be seen how to synchronise decentralised blockchain technology with the legal framework tailored to a centralised system.

Under German law, the characterisation of digital assets, generally speaking, is based on the principle that the law is technologically neutral and applies to all digital assets based on their content and substance rather than their form.

Under German law, digital assets are evaluated on a case-by-case basis as to whether their content is comparable to a share, bond, fund unit or other type of legal concept known under German law – eg, loan, profit participation right or partnership interest. If and to the extent a token is comparable to any of these instruments, the respective civil law provision and regulatory framework applicable to the comparable traditional legal concept is applied.

While the individual characterisation of a particular token is token-specific and not straightforward, BaFin, in its publication "Blockchain Technology – Thoughts on Regulation" of 1 August 2018, acknowledged that crypto tokens can, for the purpose of a simplified overview, be divided into three broad categories (while the regulatory treatment, irrespective of that classification, is based on the content of the respective token).

  • Payment tokens (like bitcoin) – used as means of payment, or traded and exchanged for traditional and virtual currencies on specialised trading platforms; these tokens tend not to have any intrinsic value and typically have no other function, or only limited functions, beyond this.
  • Security tokens (equity and other investment tokens) – conferring membership rights or shares in the issuer’s future revenues, similar to shares or debt securities.
  • Utility tokens (app tokens, usage or consumption tokens) – used for the purchase of services or goods that the fundraiser develops; very complex legal structures generally apply to utility tokens.

In Germany, there is no special legal or regulatory regime for stablecoins. According to the principle of technological neutrality, stablecoins, whether backed by deposits of fiat currency or based upon an algorithmic formula, need to be assessed on a case-by-case basis and their specific set-up and concept.

Given that the only official means of payment are euro-denominated banknotes (see 3.4 Use of Digital Assets), stablecoins do not qualify as an official means of payment under German law. From a regulatory perspective, generally speaking and subject to the specific set-up, stablecoins may be subject to a number of licence requirements including, but not limited to, in respect of the provision of:

  • payment services (eg, in connection with the transfer of money);
  • investment services (eg, brokerage, portfolio management);
  • banking services (eg, by accepting deposits and/or granted credit); and/or
  • investment management services (eg, in connection with the management of the underlying collateral).

A stablecoin may also qualify as e-money, which may trigger a licence requirement needed by an e-money institution. It may also qualify as an alternative investment fund (AIF), subjecting it to the licence and product requirements for the management and distribution of alternative investment funds pursuant to EU Directive 2011/61 on Alternative Investment Fund Managers as implemented in Germany by the Capital Investment Act (Kapitalanlagegesetzbuch). In addition, the issuer of a stablecoin would need to comply with AML provisions and, if the stablecoin qualifies as a security or asset, investment and prospectus requirements.

However, there may also be stablecoins which do not fall within any of these categories but are mostly caught by the broad concept of crypto-assets (Kryptowerte) introduced in the German Banking Act (Kreditwesengesetz) as of 1 January 2020, and therefore qualify as regulated “financial instruments”.

Similarly, on the European level, the application of various European directives and regulations is linked to the MiFID definition of “financial instruments”. To avoid any shortfall on regulation of crypto-assets falling outside the scope of the MiFID financial instruments, the European Commission on 24 September 2020 proposed the Market in Crypto-assets Regulation (MiCAR) as part of the Digital Finance Package. MiCA provides for harmonised European regulation of issuers of crypto-assets (including stablecoins) and crypto-asset services providers. To what extent MiCAR will impact the treatment of crypto-assets and stablecoins under German law, and how the overlap in regulation between the German concept of crypto-assets (Krytpowert) and the MiCAR notion of crypto-assets will be resolved, remains to be seen.

According to the German Central Bank Act (Gesetz über die Deutsche Bundesbank), the only officially accepted means of payment in Germany is the euro. However, parties to a contract are at liberty to accept other assets (eg, cryptocurrencies) in lieu of a payment in euros subject to the risk that these cryptocurrencies may not be accepted as official tender.

We note that there are a number of pilot projects on how payments in euros may be affected using blockchain technology. For example, under German law, a digital asset may be structured as e-money or a token could serve as a payment instruction (eg, a trigger solution) resembling existing payment concepts in combination with blockchain technology. They are a first step in developing euro-availability on a blockchain, which is essential to enable smart contract-based automated delivery v payment execution of contracts.

In addition, the European Central Bank (see, for example, the ECB “Report on a digital euro” and the “Eurosystem report on the public consultation on a digital euro”), the German National Central Bank (Deutsche Bundesbank), the German Ministry of Finance (Bundesministerium der Finanzen) and the German Banking Association (Bundesverband Deutscher Banken) are actively engaged in discussions around a digital central bank euro. In 2020 the Deutsche Bundesbank led a working group to discuss the use of digital currencies and published its report in December 2020 (Geld in programmierbaren Anwendungen – Branchenübergreifende Perspektiven aus der deutschen Wirtschaft). In March 2021, the Deutsche Bundesbank, Deutsche Börse, Germany’s Finance Agency (Bundesrepublik Deutschland – Finanzagentur GmbH) together with Barclays, Citibank, Commerzbank, DZ Bank, Goldman Sachs and Société Générale tested a settlement interface between blockchain-based transactions and traditional payment systems (a so called trigger solution). The trigger solution could operate as an intermediate solution prior to the introduction of a digital euro for the cash settlement of blockchain transactions on a large scale between financial institutions.

Under German law, there are no special regulations applicable to non-fungible tokens (NFTs). As for fungible tokens, the regulations applicable to NFTs are determined on a case-by-case basis based on the content of the NFTs in question.

Apart from cryptocurrency exchanges (see 4.2 On-Ramps and Off-Ramps), the most notable exchange for digital assets in Germany is Börse Stuttgart. Börse Stuttgart started its crypto-asset trading platform BISON in co-operation with Solaris-Bank in June 2019, offering a rather broad variety of cryptocurrencies for trading. By the end of 2020 Börse Stuttgart was able to attract more than 200.000 users and for the first time came up to a trading volume of one billion EUR. In addition, some of the STO and token issuers in Germany, such as Bitbond, Exporo or Kapilendo, have started to offer trading platforms for their own tokens. While some of the platforms also provide crypto custody solutions, others require the customer to hold its own wallet (which may be operated by a wallet provider with whom the exchange co-operates).

For the exchange of fiat currency for cryptocurrencies and vice versa, most market participants in Germany seem to use the large globally active crypto exchanges, such as kraken, etoro, Binance, coinbase, Plus400, Bitpanda and Ternion, to exchange fiat for cryptocurrencies. In addition, German providers like Börse Stuttgart and neo-brokers like Scalable Capital and Trade Republic are gaining traction.

From a German regulatory perspective, depending on the set up of the cryptocurrency exchange, the exchange may require a licence for providing payment services and/or a banking/MiFID licence for brokerage services, operation of a trading facility and/or proprietary trading. In addition, a German crypto custody licence may be required.

It should be noted that German licence requirements also apply to foreign service providers if the provider actively targets the German market in order to offer banking products or financial services repeatedly, and on a commercial basis, to companies and/or persons having their registered office or ordinary residence in Germany. Given that most of the aforementioned licence requirements are based on European legislation, foreign providers of crypto exchanges based and licensed in the European Union may therefore provide their services in Germany on the basis of their licence if they have "passported" it to Germany. As the crypto custody licence as well as the contemplated licence as a crypto registrar are based on a German local law regime, there is no passporting and the foreign crypto custodian or crypto registrar must obtain a licence in Germany and will need to establish a branch or a separate legal entity in Germany.

Like every other EU member state, Germany implemented the EU Anti-Money Laundering Directive, which requires providers of regulated financial business such as banking, investment and payment services, to comply with AML obligations. Given that BaFin qualified bitcoins as financial instruments in the form of units of account in 2013, various services related to bitcoin have been subject to financial regulation – including a licence requirement – ever since and, therefore, triggered corresponding AML requirements for these market participants.

Since 1 January 2020, Germany has implemented the most recent crypto-asset related amendments of the 5th EU Anti-Money Laundering Directive (EU) 2018/843 (see 2.6 Enforcement Actions). The directive requires that companies which exchange fiat or legal currencies, or vice versa, carry out customer identification and transaction monitoring. In addition, as a result of the new German local law licence requirement for crypto custodians (see 2.1 Regulatory Overview and 4.6 Wallet Providers), crypto custodians are regulated entities and will also be subject to the European AML obligations as implemented by the German Anti-Money Laundering Act (Geldwäschegesetz). These obligations include customer identification and transaction monitoring requirements and corresponding organisational and risk management obligations. BaFin also updated its administrative guidelines for the implementation of the German Anti-Money Laundering Act (Geldwäschegesetz) and it is expected to implement the so called “travel rule” requiring financial institutions to report the details of both transferor and transferee of crypto-assets (to the extent the transferee is not acting through a financial intermediary), as recommended by the FATF (see 2.3 International Standards).

Please see 2.1 Regulatory Overview, 2.6 Enforcement Actions and 4.1 Types of Markets.

Under German law, there is no general prohibition on re-hypothecation. However, there are re-hypothecation prohibitions for specific products – eg, in the context of the collateralisation of derivatives pursuant to the EU Market Infrastructure Regulation (EMIR) and, in the case of funds, the Capital Investment Act (Kapitalanlagegesetz).

With the introduction of the crypto custody licence in Germany as of 1 January 2020, online ("hot"), cloud/server ("warm") and offline ("cold") storage solutions for private cryptographic keys that control the ability to give instructions with respect to digital assets have become subject to a licensing requirement.

The new licence requirement applies to the safekeeping, administration and protection of so-called crypto-assets (Kryptowerte) and expressly refers to private keys to crypto-assets (see 2.1 Regulatory Overview). It applies to any kind of hot, warm or cold storage for others, covering both the digital storage of the private cryptographic keys of third parties provided as a service and the storage of physical data carriers (eg, a USB stick or a piece of paper) on which such keys are stored. However, the mere provision of storage space (eg, by web hosting or cloud storage providers) is outside the scope of the licence requirement as long as these providers do not offer their services explicitly for the storage of private cryptographic keys.

The crypto custody licence also applies to foreign wallet providers who are actively targeting customers in Germany, either through a branch or on a cross-border basis. Since the crypto custody licence is not based on EU law but a special German local law regime, there is no European passporting and foreign service providers must obtain a German crypto custody licence in Germany, which means that they must at least have a branch in Germany or set up a new entity.

On 9 November 2017, BaFin published its "Consumer warning: the risks of initial coin offerings" stating that initial coin offerings (ICOs) constitute a highly speculative form of investment with substantial investment risks which may also be used for fraudulent investment schemes.

On 20 February 2018, BaFin issued its publication "Initial Coin Offerings: Advisory letter on the classification of tokens as financial instruments". The BaFin circular confirmed that tokens issued in connection with an ICO and/or STO are to be evaluated on a case-by-case basis as to whether their content is comparable to a share, bond, fund unit or other type of legal concept known under German law – eg, loan, profit participation right or partnership interest. If and to the extent a token issued in connection with an ICO/STO is comparable to any of these instruments the respective civil law provision and regulatory framework applicable to the comparable traditional legal concept will be applied (see 2.1 Regulatory Overview). In essence, BaFin’s advisory letter closed the door for ICOs of allegedly “pure utility tokens” (see 3.2 Categorisation).


Most STOs in Germany take the form of a subordinated registered bond or subordinated participation rights rather than the form of a bearer bond or share which would be the typical instrument for a public offering in classic form. This particular format is used to overcome the German civil law requirement of a physical paper certificate that is needed for the issuance of a share or bearer bond and to avoid the issuer being considered to be a regulated deposit-taking entity. Subordinated registered bonds and subordinated participation rights in their traditional format do not qualify as securities under the German prospectus regime but as an asset investment (Vermögensanlage) pursuant to the German Asset Investment Act (Vermögensanlagengesetz). However, according to an additional publication from BaFin in April 2019, tokens representing investments in the form of profit participation, loans, or registered bonds, which in their traditional form do not qualify as securities under the German prospectus regime, may be classified as securities if issued in token format because of the increased tradability of tokens (see 2.1 Regulatory Overview).

Therefore, tokens possessing rights similar to shares or debt securities are likely to qualify as “financial instruments” (in the form of a security (sui generis)) and as a consequence fall within the scope of the German Securities Trading Act (Wertpapierhandelsgesetz), MiFID and the Prospectus Regulation and trading regulations thereunder (eg, market abuse regulations such as the prohibition on insider trading). Furthermore, depending on the specific business model, a MiFID licence as implemented in Germany pursuant to the German Banking Act (Gesetz über das Kreditwesen) may be required for the placement and trading of the tokens and possibly a payment services licence pursuant to the Payment Services Act (Zahlungsdiensteaufsichtsgesetz). Under the Prospectus Regulation, a public offer of these security tokens will require a prospectus to be approved by BaFin subject to certain exceptions. Most notably, no prospectus is required in the case of an offer of securities to investors with a total equivalent value of no more than EUR8 million within a period of 12 months. However, the “EUR8 million exemption” requires a securities information sheet (Wertpapier-Informationsblatt, or WIB). The WIB regime also applies to public offers between EUR100,000 and EUR1 million. However, due to certain investment restrictions in respect thereof, and the requirement to disclose the financial information of non-qualified investors, the WIB alternative may not always be feasible in practice. Also, for practical reasons, offerings via the internet may not be suitable in practice for keeping within the exception under the Prospectus Regulation, which places a limit of 150 non-qualified investors per EU member state. Only public offers below a total volume of EUR100,000 are completely exempt from the disclosure obligation.

However, with the introduction of the concept of dematerialised securities into German law that is currently under way with the Draft ESA pending approval (see 2.1 Regulatory Overview), we expect to see a significant increase in the issuance of STOs. We also expect that this will open up the door for the use of blockchain technology for the issuance of securities generally. This will make the technology attractive for institutional issuers and investors and further investments by large financial market participants into a blockchain-based financial market infrastructure in Germany.

Based on the concept of a technologically neutral regulatory regime, the general regulatory regime also applies to fundraising through the sale of tokens intended to be used as part of a decentralised network by using a digital asset exchange as an intermediary (see 2.1 Regulatory Overview).

Accordingly, if and to the extent a token is comparable to a traditional financial instrument, the intermediary is subject to the same regulations and licence requirements as an intermediary selling that traditional financial instrument, in particular MiFID-driven licence and organisational requirements as implemented in Germany pursuant to the German Banking Act (Kreditwesengesetz) and the German Securities Trading Act (Wertpapierhandelsgesetz).

Under German investment law, there are no specific rules which would create obstacles to setting up crypto funds. On the contrary, Germany is about to issue rules which explicitly state that crypto-assets (Kryptowerte) are eligible for certain investment funds up to 20%. This has, however, already been the case, as the small number of existing crypto funds shows, but the new rules increase structuring options. While the absence of regulated depositaries offering depositary services for crypto-assets has so far prevented the establishment of mutual funds and limited the distribution to professional investors (eg, corporates and institutions) or semi-professional investors (eg, family offices), certain German depositaries have announced the introduction of depositary services for crypto funds.

In the future, best practices in regard to the depositary function, in line with expectations of the regulator, may arise but have not been established so far. As regards the key question of whether crypto-assets should be considered subject to safe custody rules, which includes the depositary’s strict liability for a loss of assets, or only subject to an ownership verification obligation by the depositary, the German legislature has recently stated that it appears doubtful whether safe custody of crypto-assets (Kryptowerte) was possible. However, the German legislature also acknowledged, at the same time, that there are still many open questions regarding safe custody. The preliminary stance may therefore be that ownership verification regarding crypto-assets will be sufficient to fulfill the depositary function. Acknowledging that neither BaFin nor the EU regulator has yet announced any specifications of the depositary obligations with regard to crypto-assets, there is room to establish depositary agreements without strict requirements regarding safe custody or ownership verification as long as asset managers and depositaries establish a process which satisfies the general risk management requirements applicable to protect fund investors.

The German fund vehicle suitable for investment in crypto-assets is the so-called Spezial-AIF, which is an Alternative Investment Fund (AIF) under EU Directive 2011/61 on Alternative Investment Fund Managers as implemented in Germany by the Capital Investment Act (Kapitalanlagegesetzbuch). Compared to mutual or retail funds, Spezial-AIF have little or no portfolio limitations but must, like any fund, be able to calculate the net asset value (NAV) and diversify the portfolio according to certain minimum standards.

The introduction of e-securities (including crypto securities) by the Draft ESA is extended to fund units. As a result, as soon as this regulation has entered into force, asset managers may issue fund units on a blockchain.

The general approach taken in Germany, to qualify tokens based on their contents, means that they fall within the regulatory framework applicable to the type of regulated or unregulated asset to which they are comparable. Accordingly, the activities of broker-dealers and other financial intermediaries dealing with digital assets that qualify as regulated financial instruments are subject to the general regulatory framework applicable to traditional financial instruments and broker-dealers (in particular the MiFID-driven licence and organisational requirements) as supplemented by the newly created specific crypto custody licence regime.

It is worth noting that the scope of application of the regulatory regime is broader than in other European countries because of the broader interpretation of the term "financial instrument" under German law. Under German law, the term financial instrument also includes:

  • units of account, which BaFin interprets to include cryptocurrencies like Bitcoin;
  • asset investments, including securities sui generis; and
  • anything falling under the broad term crypto-assets (Kryptowerte), which the legislator introduced as a subcategory of financial instruments as of 1 January 2020 (see 2.1 Regulatory Overview and 4.2 On-Ramps and Off-Ramps).

There are no specific laws, regulations or binding judicial decisions addressing the legal enforceability of private contractual arrangements made, in whole or in part, utilising agreed-upon computer code that executes across multiple nodes on a blockchain-based network. However, based on the freedom of contract, which also permits the conclusion of a contract orally or by conduct, German law will generally recognise the conclusion of a contract, its validity and its enforceability using blockchain technology subject to compliance with the basic requirements of a contract – eg, an agreement of the parties in respect of the essentialia negotii of the contract.

Based on the principle of technological neutrality of the law, there are great similarities between the use of blockchain technology and the conclusion of a contract via other electronic means. Form requirements for certain types of contract under German law, such as written form or notarisation, currently pose a hindrance in practice as the technical means to comply with them on a blockchain are not broadly available in practice. For example, the qualified electronic signature would satisfy the written form requirement and even though the legal concept has been implemented into German law in the late 1990s its use has not been wide spread in practice but has accelerated during the COVID-19 pandemic. From a practical perspective, parties may be well advised to use terms of use for their blockchain application similar to those commonly used in connection with the other well established online or e-commerce platforms for purposes of clarity (including clarity on the law governing the contract).

The question of whether developers of blockchain-based networks, or the code that runs on those networks, can be held responsible for losses that arise through the use of this software has not been addressed in detail in Germany, either by the legislator or by legal literature.

The liability of a developer might be based on a contractual relationship, tort or the statutory product liability regime and the discussion among legal authors may be summarised (in simplified terms) as set out below.

If the programming is furnished by the provider of the service, an (implicit) contractual liability may arise if the user suffers damages based on wrongly programmed software. If the service provider uses software developed by a third party, liability runs along the lines of the contractual relationships – ie, liability of the service provider vis-à-vis the user and liability of the software developer vis-à-vis the service provider. There may also be a quasi-contractual liability of the developer or service provider vis-à-vis the users based on the principles of culpa in contrahendo. Either liability is more likely to arise if the developer or service provider, by using the deployed software, assumes a fiduciary function or pursues its own economic interests vis-à-vis the user in connection with the transaction executed by the software.

In principle, developers or providers of software on the blockchain may also be liable under general tort or product liability principles. However, the scope of tortious liability in connection with digital products is not yet clearly defined and seems rather limited. Accordingly, consumer protection organisations and scholars have been arguing for the development of a new digital products and services liability regime. The Federation of German Consumer Organisations (Verbraucherzentrale) has been advocating to extend the general product liability regime to also cover damages suffered from defective digital services. The European Commission is expected to propose, in 2022, measures adapting the liability framework to the challenges of new technologies as part of the initiatives to regulate new technologies and artificial intelligence. The European Commission’s Coordinated Plan on Artificial Intelligence 2021 Review explicitly states that these measures may include a revision of the Product Liability Directive.

Generally speaking, decentralised financial (DeFi) platforms are permitted to operate in Germany subject to compliance with the applicable regulatory requirements. As stated in 2.1 Regulatory Overview, based on the principle of technological neutrality, the general regulatory regime also applies to DeFi platforms based on their respective set-up and activity. Under German law, lending (to wholesale and private customers) as a commercial activity is a regulated activity which requires a licence under the German Banking Act (Kreditwesengesetz). Similarly, investment brokerage and contract brokerage are also regulated activities as well as the provision of payment services. The need for a licence very much depends on the specific set-up and activity performed by the platform. There are some peer-to-peer lending platforms that operate on the basis of a fronting bank model and there are others that mediate between private individuals operating on a brokerage basis. If and to the extent cash is received and passed on, a payment service licence may also be required.

The rules of taking an effective security interest (eg, a pledge or security transfer) under German law follow the same principles as the transfer of ownership, please see 3.1 Ownership for further discussion.

There are no specific rules for professional investors to use a custodian for holding digital assets. Regarding the requirements for custodians see 4.6 Wallet Providers and 5.3 Investment Funds.

The main body of applicable data protection legislation is the European General Data Protection Regulation (GDPR).

The GDPR applies if the data controller or data processor is established in the EU or the European Economic Area (EEA) even if the data processing takes place outside the EU/EEA. Even if the data controller or processor is established outside the EU/EEA, the GDPR is applicable when the data processing takes place in connection with the offering of goods or services to data subjects in the EU/EEA. Hence, any offering of goods or services to natural persons in the EU/EEA will trigger the application of the GDPR. In relation to other services, the GDPR applies if the data processor or controller is established in the EU/EEA.

Personal Data Processing

However, the GDPR only applies in respect of the processing of "personal data". Processing is defined very broadly and includes any data entry, processing or reading of personal data and, therefore, almost any blockchain application will involve processing data. Personal data means any information relating to an identified or identifiable natural person (excluding corporates). It should be noted that an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data or an online identifier. In respect of online identifiers, such as public keys, it is not necessary that the natural person is known by name. It is sufficient that additional circumstances and facts are available that, taken as a whole, enable a person knowing the online identifier to find out the name and identity of the person using the online identifier. In the context of blockchain that is built on public and private keys, that means that the GDPR will almost always be applicable in the case of natural persons as public key users of blockchain applications. Even if a public key is allocated to an enterprise, the GDPR may become applicable if the natural persons acting on behalf of that legal person are identifiable.

The Right to Be Forgotten

Even though processing of personal data may be permissible with the consent of a data subject, that consent may be revoked resulting in inconsistencies with the GDPR, most notably with the "right to be forgotten" (RTBF). The RTBF is a data subject's right to request that his or her personal data be erased under certain circumstances, including in circumstances where the data subject has revoked his or her consent. In connection with blockchain technology which, generally speaking, does not permit for subsequent changes to data on the blockchain, this is very likely not possible resulting in a violation of the GDPR.

Accordingly, care must be taken not to bring personal data onto the blockchain or technical solutions must be used to enable the erasure of personal data, such as subsequent anonymisation of data in the blocks by removing the link to personal data or deleting personal data stored outside the blockchain to which the blockchain was linked.

There are numerous initiatives to develop standards and technical approaches for lawfully processing personal data and implementing the RTBF on a blockchain. In April 2020, the technical standard DIN SPEC 4997 entitled “Privacy by Blockchain Design: A standardised model for processing personal data using blockchain technology” was released, which despite not yet being part of the German DIN suite, contains promising approaches, mapping legal principles to implementing technical measures.

The German Federal Office for Information Security (Bundesamt für Sicherheit in der Informationstechnik) released technical guidance “Designing blockchains in a secure manner – Guidance on DLT-based crypto currencies” summarising the central aspects for the secure design of distributed ledger technology-based cryptocurrencies. This includes:

  • sufficiently secure authentication of users;
  • anonymity of users vis-à-vis third parties;
  • availability of the payment services to all users;
  • all algorithms and processes must comply with recognised IT security standards; and
  • integrity and trustworthiness of the transactions and the long-term availability of the cryptocurrency credit balance to users.

Beyond the GDPR, additional provisions may apply, such as Regulation (EU) 2018/1807 on a framework for the free flow of non-personal data in the EU or the NIS Directive (EU) 2016/1148 and further national implementing legislation in terms of cybersecurity requirements, especially in critical sectors across the EU.

Please refer to 8.1 Data Privacy.

The mining of cryptocurrencies as such for one's own use is not considered a regulated activity in Germany, whereas mining-pools operating on a commercial basis in return for a participation in the mined cryptocurrencies may constitute a regulated activity. However, this seems to be of less practical importance due to the relatively high energy costs in Germany.

Staking-as-a-service businesses have only recently emerged in Germany with players including Staking Facilities and Stakinglabs.

Accordingly, the regulatory treatment of staking of tokens has not yet been addressed in great detail. However, the European Blockchain Association recently noted that staking providers to whom tokens are delegated by other users of the network do not hold private keys of their delegators and, therefore, they should not fall under the newly introduced crypto custody licensing requirement.

Jones Day

Thurn-und-Taxis-Platz 6
60313 Frankfurt am Main

+49 69 9726 3917

+49 69 9726 3993
Author Business Card

Law and Practice in Germany


Jones Day is a global law firm with more than 2,500 lawyers in 43 offices across five continents. Jones Day's fintech practice fields a team of over 100 lawyers across 14 practices and 15 jurisdictions worldwide. In Germany, 14 lawyers, including seven partners, focus on fintech for the firm. Publishable clients include the DAX-listed Deutsche Börse AG, one of the largest stock exchange operators in the world; Exporo AG, a German fintech company specialising in crowdfunding and blockchain-based real estate (re)financing; Landesbank Baden Württemberg, in connection with the first blockchain-based asset-backed commercial paper; Eurazeo Growth; Alliance Ventures; Millicom International Cellular SA; and Celonis, one of the German unicorns.