Blockchain 2024 Comparisons

Last Updated June 13, 2024

Law and Practice

Authors



Norton Rose Fulbright boasts a fintech law practice in Amsterdam that is truly multidisciplinary: it leverages the firm's historic strengths in the financial services and technology sectors and brings together lawyers collaborating from across its financial services regulation, banking, insurance, IP/IT, data privacy, corporate/M&A, competition, disputes and tax practices. It advises on all areas of fintech, including, payment systems, blockchain/distributed ledger technology, digital assets and cryptocurrencies, tokenisation, the Metaverse and NFTs, InsurTech, DeFi, BNPL and consumer credit, artificial intelligence, smart contracts, P2P platforms, DAOs, RegTech, fundraisings, global expansion, payments and crypto regulations, acquisitions and investments, market entry and licensing approvals, disputes and investigations, and participation in consortia. The team consists of over 15 lawyers. With fintech experts in more than 50 cities worldwide, Norton Rose Fulbright are well positioned to help clients wherever they conduct business, offering extensive experience and knowledge of regional and international fintech regulations and laws. Our matters regularly involve an international component, requiring us to leverage our network of offices and to deliver seamless legal advice to clients on a global scale.

Over the past twelve months, the blockchain market in the Netherlands has experienced remarkable growth. The registration of nine additional crypto service providers with the Dutch Central Bank (De Nederlandsche Bank, DNB) during this period underlines the growing interest in blockchain-related services in the Netherlands. This trend reflects a broader movement towards regulatory compliance and formalisation within the industry, indicating a maturing market that is gaining both user trust and institutional recognition.

At the same time, the bankruptcy of FTX have had a significant impact on the Dutch crypto market. These events have increased regulatory attention on crypto exchanges and blockchain-based financial services. As a result, DNB and the Dutch Authority for the Financial Markets (Stichting Autoriteit Financiële Markten, the AFM) have warned the public several times about the risks associated with trading in cryptocurrency. This has ultimately resulted in DNB imposing administrative fines on several crypto trading platforms targeting the Dutch market without proper authorisation. However, these developments have prompted market participants to enhance their compliance measures, aiming to build trust and ensure user protection in the wake of these collapses.

In the coming period, the Netherlands is preparing for the application of the EU Regulation on Markets in Crypto-Assets (Regulation (EU) 2023/1114, MiCA), which introduces a comprehensive regulatory framework specifically for the issuance and provision of services related to cryptocurrencies. In particular, the AFM has started processing licence applications under MiCA with a welcoming and accommodating approach, assisting market participants to ensure a smooth licensing process. This proactive stance demonstrates the AFM’s commitment to fostering a supportive regulatory environment that encourages innovation and growth in the blockchain sector.

In the Netherlands, blockchain technology is being used in various sectors, with both businesses and consumers engaging in innovative uses of the technology. One of the most notable trends is the rise of crypto trading among Dutch (retail) investors. The Netherlands is home to numerous crypto trading platforms that facilitate crypto (derivative) trading.

In addition to trading platforms, several crypto funds have been registered in the Netherlands in recent years. These funds offer a way for (professional) investors to participate in the crypto market without directly holding individual digital assets. A further notable development in the Dutch blockchain landscape is the registration of the first digital green bond by ABN AMRO on the public blockchain. This pioneering step highlights the potential for further tokenisation of the bond market and possibly other traditional financial instruments.

There are also numerous initiatives outside the financial sector where blockchain technology is currently being tested and utilised. For example, the use of blockchain in (i) event ticketing to enhance security and prevent fraud, (ii) supply chain management to improve transparency and traceability, and (iii) for identification purposes to ensure secure and verifiable digital identities.

Dutch property law does not provide for a bespoke legal framework for the ownership of digital assets that are recorded on a blockchain network, which means that the ownership of the asset must be assessed under general Dutch property law. This assessment is not always easy, as this was not written with digital assets in mind. The qualification also highly depends on the characteristics of each digital asset. For instance, cryptocurrency could be assessed differently than a token that represents a real world asset.

Dutch property law applies to goods (goederen). This includes all objects (zaken) and all property rights (vermogensrecht). Objects are physical items that are subject to human control. It is generally considered that digital assets do not qualify as objects, as they are not physical. There is no case law from the Dutch Supreme Court (Hoge Raad) as to the qualification of digital goods recorded on a blockchain network as a property right, but lower courts have determined that cryptocurrency qualifies as a property right as cryptocurrency represents a value and is transferable. It also appears that a Dutch lower court has determined that an NFT is susceptible to attachment or seizure (beslag), which implies that the NFT is a property right. This means that, depending on the characteristics of the digital asset, it is conceivable that digital assets can qualify as a property right under Dutch law, which means that a person can have ownership in relation to the digital asset.

Ownership and possession of a good, which may include digital assets, is based on the common opinion. When determining the owner of a digital asset, it can be an important indicator who holds the private key relating to that digital asset. However, this will not always be decisive in certain situations. For example, in the event of a bankruptcy, if a bankrupt person transfers a digital asset, the transfer will not be legally valid. However, the blockchain will still record that the transfer is complete.

For the legal transfer of digital assets recorded on a blockchain, it is not prescribed by law that the transfer itself is recorded on the blockchain. Under Dutch law, a legal transfer is completed if the previous owner is authorised to transfer the digital asset, if there is a valid agreement between the parties on the transfer and if the digital asset has actually been transferred. Dutch law does not prescribe a method of delivery for digital assets. The appropriate method of delivery to complete a legal transfer would depend on the underlying type of digital asset. For a digital asset such as Bitcoin, transfer via the blockchain could be an appropriate form of delivery. However, by example for immovable property, Dutch law prescribes that for the delivery thereof, a notarial deed is required, that is registered with a public registry. Suppose a token represents a building as its underlying asset, but the transfer occurs solely via the blockchain without a registered notarial deed. In that case, it appears that ownership would be transferred only for the token, and not the ownership of the building itself. However, such conclusion would depend on the specific circumstances of each case.

In the Netherlands, the characterisation of digital assets is determined by an assessment of their underlying characteristics, functionalities, design and the rights attached to them. This assessment should be made on a case by case basis. Furthermore, the classification of a digital asset should be based on its actual characteristics and not solely on the label given by the issuer.

Depending on their characteristics, functionalities, design and the rights attached to them, digital assets may qualify as:

  • Financial instruments within the meaning of the European Directive on Markets in Financial Instruments II (Directive 2014/65/EU, MiFID II) as implemented in the Act on the Financial Supervision (Wet op het financieel toezicht, the AFS). These type of instruments encompasses the “traditional” financial instruments such as securities, derivatives, and units in collective investment vehicles. For example, financial derivative contracts relating to digital assets (such as a crypto derivative), a basket of digital assets or an index of digital assets should generally be classified as derivative contracts under MiFID II (see also the European Securities and Market Authority’s (the ESMA) consultation paper on draft guidelines for the qualification of crypto-assets as financial instruments which provides guidelines as to when a crypto-asset should be qualified as a financial instrument. Please note as of date of this publication, we have only considered the consultation version as there is no final version available yet. This final version should however be considered once published for the qualification for digital assets).
  • Financial products within the meaning of the AFS. This includes, among other things, investment objects (beleggingsobjecten), loans, e-money and insurances. This may in particular be relevant for decentralised applications (dApps) which grant certain loans or provide for an insurance.
  • Virtual currencies within the meaning of the Act on the prevention of money laundering and the financing of terrorism (Wet ter voorkoming van witwassen en financieren van terrorisme, the Wwft). A virtual currency is defined in the Wwft as “a digital representation of value that is not issued or guaranteed by a central bank or a public authority, is not necessarily attached to a legally established currency and does not possess a legal status of currency or money, but is accepted by natural or legal persons as a means of exchange and which can be transferred, stored and traded electronically”. The definition should be interpreted broadly and includes all types of digital assets such as security tokens, exchange tokens and stablecoins. Please note that the regulatory regime in relation to virtual currencies under the Wwft will be replaced by MiCA as of 1 January 2025 (for further details please, refer to 4. Blockchain Regulation). As a result, the definition of “virtual currencies” will no longer be of relevance once MiCA becomes applicable.
  • Crypto-assets within the meaning of MiCA which is defined as a “digital representation of a value or of a right that is able to be transferred and stored electronically using distributed ledger technology or similar technology”. MiCA distinguishes between the following crypto-assets:
    1. E-money tokens (EMTs), a type of crypto-asset that purports to maintain a stable value by referencing the value of an official currency. Examples of EMTs include digital assets such as Tether (USDT) or USDC, which are pegged to a single official currency.
    2. Asset-referenced tokens (ARTs), which are a type of crypto-asset other than EMTs that purport to maintain a stable value by referencing another value or right, or a combination thereof, including one or more official currencies. While EMTs can only be pegged to a single official currency, ARTs can be pegged to multiple types of assets, such as official currencies, baskets of goods, commodities, other crypto-assets or a combination of such assets. Examples of ARTs include digital assets such as PAX Gold and Tether Gold.
    3. Crypto-assets that are not EMTs or ARTs. Examples of this type of crypto-asset include Bitcoin and Dogecoin.
    4. Utility tokens, which are a type of crypto-asset whose sole purpose is to provide access to a good or service provided by its issuers. Examples of this type of crypto-asset include Binance Coin and Chainlink.

Depending on their characteristics, certain digital assets may qualify as a “security” within the meaning of the AFS. These type of digital assets are referred to as tokenised securities. A “security” is defined in the AFS as:

  • a negotiable share or an equivalent right (other than an apartment right);
  • a negotiable bond or other negotiable debt instrument; or
  • any other negotiable instrument issued by a legal person, corporation or institution by which securities referred to under the first two points above may be acquired through exercising the rights attached to this instrument or through conversion, or that can be settled in cash.

According to the AFM, for instruments to be negotiable they need to be “transferable” (overdraagbaar). For this purpose it is not decisive that there is a specific market for the instrument concerned, but rather whether the instrument is negotiable based on its characteristics (ie, is it a standardised instrument). The AFM generally assumes that in case the economic interest in an instrument can be transferred (directly or indirectly) to a third party, the instrument is deemed negotiable. We believe that cryptocurrencies or digital tokens qualifying as securities which are traded on an exchange will be considered to be negotiable.

Another important criterion is whether the digital asset has rights attached to it, eg, shareholder rights (such voting rights or the entitlement to (a portion of) the profit of a company issuing the digital asset) or a claim comparable to that of a shareholder or creditor. If such rights are attached and they are transferable, the cryptocurrencies/digital tokens concerned are likely to qualify as securities within the meaning of the definition under the first bullet point above.

The EU Prospectus Regulation (Regulation (EU) 2017/1129) prohibits anyone from offering securities to the public or admitting securities to trading on a regulated market in the Netherlands (or another EU Member State) without publishing an approved prospectus. This prospectus requirement does not apply where the issuer of the securities can benefit from an exemption to this requirement under the EU Prospectus Regulation. In the Netherlands, the AFM is the competent authority that approves prospectuses. Therefore, a prospectus must be made available, when tokenised securities are offered to the public or admitted to trading on a regulated market in the Netherlands, unless the issuer can benefit from an exemption under the EU Prospectus Regulation.

There is no specific definition of “stablecoins” under Dutch financial regulatory law. However, depending on their characteristics, stablecoins may qualify as (i) virtual currencies within the meaning of Wwft, (ii) e-money within the meaning of the AFS, or (iii) EMTs within the meaning of MiCA.

Virtual Currencies

A discussed above, the definition of virtual currencies under the Wwft should be interpreted broadly and encompasses stablecoins, regardless of whether they are backed by deposits of fiat currency or use an algorithmic formula to maintain their peg. The significance of determining whether a stablecoin qualifies as a virtual currency lies in the regulatory requirements for providing certain services. Under the Wwft, offering services related to virtual currencies requires registration with DNB. This is particularly relevant for services involving the exchange between virtual currencies and fiat currencies (and vice versa), as well as the offering of custodial wallets. For further details, please refer to 4. Blockchain Regulation.

E-money

Stablecoins may also qualify as e-money within the meaning of the AFS. E-money is defined in the AFS as a “monetary value, stored electronically or magnetically, representing by a claim against the issuer, issued in exchange for funds for the purpose of making payment transactions as defined in [the EU Payment Services Directive 2 (Directive 2007/64/EC, the PSD2)], and which is accepted by a natural or legal person other than the electronic money issuer”. The AFS stipulates that any person having its registered office in the Netherlands is prohibited from issuing e-money without a licence granted by DNB for that purposes.

Therefore, if stablecoins are issued in exchange for fiat currencies, they represent a claim against the issuer and can be used to make payments to natural or legal persons other than the issuer of the stablecoins, such coins will qualify as e-money within the meaning of the AFS. As a result, the issuance of such stablecoins requires a licence from DNB. Pursuant to MiCA, stablecoins that qualify as EMTs (see below) are deemed to be e-money within the meaning of the AFS.

EMTs

Under MiCA, EMTs relate to a type of crypto-asset that purports to maintain a stable value by referencing the value of an official currency. EMTs include both stablecoins which are backed by deposits of fiat currency and “algorithmic” stablecoins. Pursuant to MiCA, EMTs may be offered to the public or admitted to trading only by authorised credit institutions or electronic money institutions following prior notification and publication of a crypto-asset white paper. For further information, please refer to 4. Blockchain Regulation.

Depending on their characteristics, NFTs may qualify as virtual currencies under the Wwft (see 2.2 Categorisation). Furthermore, it is important to note that MiCA explicitly excludes from its scope crypto-assets that are unique and not fungible. This means that ‘genuine’ NFTs are not regulated by MiCA. A case-by-case assessment is necessary to determine whether a particular digital asset qualifies as an NFT exempted under MiCA. In its consultation paper on the draft guidelines for the qualification of crypto-assets as financial instruments, ESMA provides several conditions and criteria for determining whether a digital asset qualifies as an exempt NFT. The following should be taken into account in such an assessment:

  • To be unique, NFTs should be considered distinct and irreplaceable where their characteristics and/or the rights they provide are not identical to the other crypto-assets issued by the same (or any other) issuer.
  • The classification of a crypto-asset as unique and non-fungible should not be based solely on its technical specificities, such as the attribution of a unique identifier or the use of specific technical features and standards.
  • An “interdependent value test” should be conducted as part of the assessment in order to classify a crypto-asset as unique and non-fungible considering:
    1. if the value of the crypto-asset primarily stems from the unique characteristics of each individual asset and the utility/benefits it offers to its holder;
    2. the extent to which the interconnection of various types of crypto-assets influences the value of one another in such a way that the NFT has no value of its own that would be decorrelated from the other NFTs in the series; and
    3. the unique characteristics that distinguish these digital assets from others.
  • Market participants should consider that despite their inherent non-fungible nature, certain NFTs may be part of a group of crypto-assets exhibiting interconnected value dynamics. This interconnectedness should become a key factor when these crypto-assets influence each other's value, thereby challenging their perceived “uniqueness”.
  • When evaluating the uniqueness of a digital assets, one should focus on the features that contribute to its distinct value. If a crypto-asset’s valuation largely stems from its comparability to others with similar attributes, rendering them interchangeable, it should not warrant an exemption under MiCA.
  • The assessment of uniqueness and fungibility in the context of MiCA should be considered independently of the asset’s negotiability on secondary markets. The ability to trade a crypto-asset on such markets does not inherently affect its classification under MiCA as unique or non-unique. NFTs that are issued “in a large series or collection” may be considered fungible and thereby covered by MiCA.
  • Market participants should also consider that fractionalised NFT may be qualified as a crypto-asset within the meaning of MiCA. As part of their assessment, market participants should consider whether the crypto-assets represent a partial ownership stake in a single unique and non-fungible token; if fractional parts of a unique and non-fungible crypto-asset, when considered separately, are also deemed unique and non-fungible; whether these fractional parts share identical attributes or characteristics; and the possibility of reconstructing complete ownership of the unique and non-fungible token by aggregating all its fractional components.

There is no prohibition in the Netherlands against using cryptocurrencies for payments. However, recipients may refuse payments made in cryptocurrencies and there is no obligation to accept cryptocurrencies as payment.

As set out in 2.1 Ownership, there is no bespoke legal framework for the ownership of digital assets. This also applies to the use of digital assets in collateral arrangements. This means that the use of digital assets in collateral arrangements should be assessed under general Dutch property law. General Dutch property law does not specifically consider digital assets. Integrating digital assets into a legal system established before their existence can be challenging. Whether digital assets can be used as collateral, depends on the characteristics of the underlying digital asset. This is irrespective of whether digital assets are a useful form of collateral, as their value can fluctuate greatly.

As explained in 2.1 Ownership, a digital asset could potentially qualify as a ‘good’ under Dutch law. If a digital asset qualifies as a good, this would entail that such digital asset could also be subject to a pledge (pandrecht) and thus used as collateral. However, there is no guidance from the Dutch legislator or in case law that confirms that it is possible to create a right of pledge over digital assets and if so, how a pledge on digital asset should take form. Such pledge can be established in the same way as the underlying good should be delivered. For the creation of a pledge of digital assets such as bitcoin, it is not unthinkable that this can be established by a deed between the pledgor and the pledgee. Dutch law does not prescribe that such deed should be recorded on the blockchain.

Creating a pledge over digital assets and the execution thereof raises some practical issues. The pledged digital assets could remain with the pledgor, or could be held by the pledgee. Alternatively, the pledged digital assets could be held by a third party custodian. If the pledgee holds the private key over de digital assets, it can, when needed, proceed to execute the digital assets. However, if the pledged digital assets are held by the pledgor or a third party custodian that holds the private key, the pledgee would need the cooperation of this person before it can proceed to execute the digital assets. This means that there is a risk that the pledgee, despite being entitled to do so, might not be able to execute the pledged digital assets.

In the Netherlands, there are no laws or regulations addressing the legal enforceability of smart contracts, being private contractual arrangements made in whole or in part utilising agreed-upon computer code that executes multiple “nodes” on a blockchain-based network. In addition, there is no case law or guidance in this regard. This means that their validity should be assessed under general Dutch contract law.

Depending on the content of the smart contract, the smart contract can be viewed either as the agreement itself or instead as the execution of an agreement, where that underlying agreement is laid down elsewhere. Certain legal issues may arise with regard to agreement that are laid down in a smart contract or executed by a smart contract. According to Dutch law, most agreements are in principle free of form, which means that they can also be laid down in computer code. However, as such computer code is generally not readable for persons, it can be argued that the obligations are not sufficiently defined if they are not clearly defined elsewhere.

Another example of an issue that may arise is with regard to the termination of the smart contract that executes an agreement. Dutch law prescribes that under certain conditions, a counterparty is allowed to terminate an (ongoing) agreement. However, if the technicalities of the smart contract does not allow for such a termination option because it is set up to ensure that the agreement will continue for a certain number of years, it can be that it is not possible to terminate the contract from a practical perspective, as it is not possible to modify the contract, even though the counterparty is legally entitled thereto.

The Dutch financial regulatory framework adopts a technology neutral approach, which means that if a digital asset fits within an existing financial regulatory framework, it will be subject to that framework. For example, if the digital assets qualify as financial instruments, any related service will be subject to the AFS. Similarly, if the digital assets qualify as securities, its issuance will in principle be subject to the European Prospectus Regulation.

In addition to the existing financial regulatory framework, the Netherlands has adopted a specific framework for certain market participants offering services related to blockchain technology or digital assets. This regime applies to so-called crypto service providers (cryptodienstverleners) and is outlined in the Wwft, which implements the Fourth and Fifth Anti-Money Laundering Directives (Directive (EU) 2015/849 and Directive (EU) 2018/843). The aim of this regulatory regime is to prevent crypto service providers from being used for money laundering and terrorist financing, thereby safeguarding the integrity of financial markets. As such, the Wwft primarily imposes anti-money laundering and combatting the financing of terrorism (AML/CFT) requirements on crypto service providers.

However, the regime under the Wwft for crypto service providers will be replaced by MiCA. MiCA provides for a comprehensive and harmonised European regulatory framework for crypto-assets and related services with the aim of, inter alia, protecting consumers, enhancing legal certainty and promoting market integrity across Europe.

As a European regulation, MiCA will be directly applicable in the Netherlands without the need for transposition into Dutch law. MiCA will gradually come into force throughout the EU from 30 June 2024, with most of MiCA’s requirements applicable from 1 January 2025 (however please note that transitional regimes may differ in the different EU member states). The regime under the Wwft for crypto service providers will be applicable until 1 January 2025.

Lastly, the European Regulation (EU) 2022/858, which is directly applicable in the Netherlands, provides for a so-called DLT Pilot Regime. This regime establishes a temporary pilot regime for market infrastructures based on distributed ledger technology (DLT). In particular, the DLT Pilot Regime allows operators of financial market infrastructures to test DLT in the issuance, trading and settlement of crypto-assets that qualify as financial instruments (ie, tokenised financial instruments) by setting up a new type of market infrastructure, including (i) a DLT multilateral trading facility (DLT MTF), (ii) a DLT settlement system (DLT SS), and (iii) a DLT trading and settlement system (DLT TSS) (which will be further discussed in 4.3 Regulatory Sandbox).

Currently, there are no licensing requirements in the Netherlands for services related to or the issuance of digital assets, provided that these assets do not qualify as financial instruments, or financial products under the AFS. However, the Wwft does contain a registration requirement for digital assets that qualify as virtual currencies. As discussed above, the regulatory regime under the Wwft for virtual currencies will be replaced by MiCA, which introduces licensing requirements for the issuance of certain crypto-assets and certain related services. In the following, we will discuss the registration requirement under the Wwft and the licensing requirement under MiCA. For the sake of completeness, if digital assets qualify as financial instruments or financial products, licensing requirements may apply under the existing regulatory framework of the AFS.

The Wwft

Registration requirement

Under the Wwft, it is prohibited to provide crypto services in or from the Netherlands without being registered as a crypto service provider with DNB. This registration requirement is only triggered if the services are provided on a professional or  commercial basis.

Virtual currencies

Crypto services within the meaning of the Wwft relate to virtual currencies. The definition of “virtual currencies” is very broad (as discussed in 2. Digital Assets) and includes cryptocurrencies such as Bitcoin, Ether and USDC.

Crypto services

The following two types of services are considered crypto services for purposes of the Wwft:

  • The services of the exchange between virtual currencies and fiat currencies (Exchange Services) – A party is deemed to provide Exchange Services when it effects transactions or enables clients to effect transactions in which virtual currencies are exchanged for fiat currencies or vice versa. Exchange services may be provided or facilitated in a number of ways. For example, the service provider may bring together the buying and selling intentions of third parties in respect of virtual currencies in order to create an agreement in accordance with the rules of the platform, or act as a counterparty or broker. In addition, parties that manage or operate a so-called automated teller machine (ATM), which allow the exchange of fiat currency for virtual currency and vice versa, are considered to provide Exchange Services. An example of an Exchange Service is the operation of a crypto trading platform where users can purchase virtual currencies using fiat currencies.
  • The services for the provision of custodian wallets (Wallet Services) – A party that offers Wallet Services is typically referred to as a custodian wallet provider. Wallet Services are only considered to be provided if the custodian wallet provider is in a position to independently access the customer’s private cryptographic keys in such a manner that it can hold, store and transfer the customer’s virtual currencies. Parties offering non-custodian wallets, ie, parties that in no way whatsoever have access to their customer’s virtual currencies, are not considered to provide Wallet Services. Such wallets are typically referred to as cold wallets or self-hosted wallets.

In or from the Netherlands

The registration requirement for crypto service providers under the Wwft is triggered if the services are provided “from” or “in” the Netherlands.

Crypto services are deemed to be provided “from” the Netherlands if they are provided from an establishment based in the Netherlands, regardless of whether the crypto services are provided “in” the Netherlands or only abroad.

Whether crypto services are considered to be provided “in” the Netherlands depends on a number of factors which have been derived from the Pammer & Alpenhof cases of the Court of Justice of the EU (Court of Justice of the EU, 7 December 2021/C-585/08 and C-144/09). One important consideration is that a provider must have expressed an intention to establish commercial relations with customers in the Netherlands. This means that, for example, providing information about crypto services in the Dutch language, having a section of the website dedicated to Dutch users and paying search engine service providers to display online advertisements relating to the crypto services in the Netherlands are likely to lead to the conclusion that crypto services are provided in the Netherlands.

DNB takes a strict approach when assessing whether a party is providing crypto services in the Netherlands. This is also illustrated by the administrative fines DNB has imposed in recent years on several foreign crypto service providers. It follows from the decisions underlying these fines that DNB considers the following factors, inter alia, to be relevant in assessing whether crypto services are provided in the Netherlands: (a) facilitating the Dutch payment method “iDEAL”; (b) explicitly referring to the Netherlands as one of the countries in which crypto services are available; (c) making available a mobile application in the Dutch Google Play Store or App Store; and (d) having an affiliate programme in which Dutch (legal) persons participate.

Key requirements for registration

DNB will only register a market participant as a crypto service provider if:

  • The crypto service provider has presence either in the Netherlands or in another EU Member State.
  • Extensive information and documentation is provided to demonstrate that the crypto service provider will comply with the requirements of the Wwft and the Dutch Sanctions Act 1977 (Sanctiewet 1977) and the rules and regulations promulgated thereunder.
  • The daily policymakers and the co-policymakers of the crypto service provider are deemed fit and proper. A daily policymaker is anyone who is responsible for the policy- and decision-making aimed at the daily actual business operations of the crypto service provider. This includes, executive and non-executive directors of the crypto service providers. A co-policymaker is anyone who can actually exercise significant influence over the day-to-day management of the crypto service provider. This includes the executive directors of any controlling shareholder of the crypto service provider.
  • The qualifying holders of the crypto service provider as well as the ultimate beneficial owners (UBOs) are deemed proper. A qualifying holder is anyone who holds a direct or indirect holding of at least 10% of the shares and/or voting rights (or comparable control) in the crypto service provider. An UBO is anyone who ultimately owns or controls the crypto service provider.

The Wwft does not provide for a passporting regime for crypto service providers. This means that crypto service providers registered with DNB that wish to provide crypto services in other EU Member States must obtain authorisation under the local laws of each EU Member State in which they wish to provide crypto services.

We note that the court of Rotterdam, in its rulings on 4 October 2023 (ECLI:NL:RBROT:2023:9153 and ECLI:NL:RBROT:2023:9157), determined that DNB’s assessment of registration applications is contrary to the scope of the Fourth and Fifth Anti-Money Laundering Directives. In addition, market participants generally view the crypto registration process with DNB as equivalent to, and sometimes even more time-consuming and cumbersome than, a PSD2 licensing application. Please note that DNB currently recommends parties to apply for the MiCA licence with the AFM (please see hereafter) as it is expected they will not be able to process the registration in time to be still relevance.

MiCA

Licensing requirements

MiCA provides for a licensing requirement in relation to:

  • the offer to the public of certain crypto-assets or the admission to trading of such crypto-assets; and
  • the provision of crypto-asset services.

Crypto-assets

As discussed in 2. Digital Assets, MiCA defines crypto-assets as “a digital representation of a value or of a right that is able to be transferred and stored electronically using distributed ledger technology or similar technology.” MiCA distinguishes between the following four types of crypto-assets: (i) EMTs, (ii) ARTs, (iii) crypto-assets that are not EMTs or Arts, and (iv) utility tokens.

MiCA does not apply to crypto-assets that already fall within the scope of existing regulatory frameworks. For example, this includes crypto-assets that qualify as (a) financial instruments under MiFID II and (b) funds under PSD 2, unless such funds qualify as EMTs. In addition, MiCA does not apply to crypto-assets to “genuine” NFTs.

Crypto-asset services

MiCA distinguishes the following types of crypto-asset services:

  • The provision of custody and administration of crypto-assets on behalf of clients, which involves the safekeeping or controlling of crypto-assets on behalf of clients or of the means of access to such crypto-assets, where applicable in the form of private cryptographic keys. This crypto-asset service typically involves custodian wallet providers. Hardware or software providers of non-custodian wallets are not considered to provide these type services.
  • The operation of a trading platform for crypto-assets, which involves the management of one or more multilateral systems, which bring together or facilitate the bringing together of multiple third-party purchasing and selling interests in crypto-assets, in the system and in accordance with its rules, in a way that results in a contract, either by exchanging crypto-assets for funds or by the exchange of crypto-assets for other crypto-assets. This crypto-asset service may include, for example, the operation of a centralised exchange (CEX) where trades in crypto-assets are facilitated. We believe the opinion of ESMA on the perimeter of trading venues will be relevant under MiCA as well.
  • The exchange of crypto-assets for funds or for other crypto-assets, which involves the conclusion of purchase or sale contracts concerning crypto-assets with clients for funds or other crypto-assets by using proprietary capital. This crypto-asset service requires the crypto-asset service provider (CASP) to trade with clients against its own capital, with the price of such exchange being freely determined by the CASP.
  • The execution of orders for crypto-assets on behalf of clients, which involves the conclusion of an agreement to purchase or sell one or more crypto-assets or the subscription or one or more crypto-assets on behalf of clients. This service also includes entering into contracts to sell crypto-assets at the time of their public offering or admission to trading.

This crypto-asset service entails the CASP buying or selling crypto-assets on behalf of clients. For example, it may involve placing an order on a crypto-asset trading platform on the behalf of the client.

  • The reception and transmission of orders for crypto-assets on behalf of clients, which involves the reception from a person of an order to purchase or sell one or more crypto-assets or to subscribe for one or more crypto-assets and the transmission of that order to a third party for execution. In providing this crypto-asset service, the CASP acts as an intermediary, receiving and transmitting crypto-asset orders without executing the order itself.
  • The placing of crypto-assets, which involves the marketing, on behalf of or for the account of the issuer or a party related to the offeror, of crypto-assets for purchasers. This crypto-asset service is purely marketing in nature, with the CASP promoting, for example, an initial coin offering on behalf of the issuer.
  • The provision of advice on crypto-assets, which involves the offering, giving or agreeing to give personalised recommendations to a client, either at the client’s request or on the initiative of the CASPs providing the advice, in respect of one or more transactions relating to crypto-assets, or the use of crypto-asset services. For example, a CASP provides crypto-asset advice by recommending to a client the purchase of certain crypto-assets based on the client's personal circumstances.
  • The provision of portfolio management of crypto-assets, which involves managing individual portfolios in accordance with mandates given by clients on a discretionary client-by-client basis where such portfolios include one or more crypto-assets. For example, in providing this service, the CASP is mandated to manage a portfolio of crypto-assets on behalf of a client in accordance with pre-determined investment guidelines.
  • The provision of transfer services for crypto-assets on behalf of clients, which involves providing services of transfer, on behalf of a natural or legal person, of crypto-assets from one distributed ledger address or account to another. This type crypto-asset services does not include the validators, nodes or miners that might be part of confirming a transaction and updating the state of the underlying distributed ledger. As a result, validators, nodes or miners are not considered to provide transfer services within the meaning of MiCA.

MiCA applies to natural and legal persons and certain other undertakings that provide crypto-asset services on a professional basis. This applies even if the crypto-asset services are provided in a partially decentralised manner. However, crypto-asset services provided in a fully decentralised manner, without the involvement of an intermediary, are not covered by MiCA. This means that decentralised finance (DeFi) and dApps are excluded from the scope of MiCA if they are provided in a fully decentralised manner without the involvement of an intermediary.

Licensing requirement for issuers of ARTs

Issuers of ARTs are in principle required to obtain a licence from the competent authority of their home Member State in order to be permitted to make an offer to the public or to seek admission to trading of ARTs within the EU. This licensing requirement does not apply to EU authorised credit institutions, provided that (i) they have notified the competent authority of their home Member State at least 90 working days before the issuing of the ARTs for the first time, and (ii) they make available a crypto-asset white paper approved by the respective competent authority.

The home Member State of an issuer of an ART is the Member State in which the issuer of the ART has its registered office. In the Netherlands, DNB will be the competent authority, meaning that an issuer of ARTs that has its registered office in the Netherlands must obtain a licence from DNB to issue ARTs.

The licence obtained by DNB for the issuance of ARTs is valid for the entire EU.

If certain conditions are met, the European Banking Authority (EBA) may classify ARTs as significant. If such categorisation applies, the issuer of significant ARTs will be supervised by the EBA and will have to comply with certain specific requirements.

Key requirements for obtaining a license from DNB for the offer to the public and admission to trading of ARTs

DNB will only grant a license if:

  • The applicant is established in the EU.
  • The management body of the applicant does not pose a threat to its effective, sound and prudent management and business continuity and to the adequate consideration of the interest of its clients and the integrity of the market.
  • The members of the management body of the applicant are of sufficiently good repute and possess the appropriate knowledge, skills and experience to perform their duties. This applies both on an individual and collective basis. In addition, they may not have been convicted of offences relating to money laundering or terrorist financing or of any other offences that would affect their good repute. It must also be demonstrated that they are capable of committing sufficient time to effectively perform their duties.
  • The shareholders and members who hold a direct or indirect qualifying holding in the applicant are of sufficiently good repute. In particular, they may not have been convicted of offences relating to money laundering or terrorist financing or of any other offences that would affect their good repute.
  • The applicant does not fail or is unlikely to fail to meet the applicable requirements under MiCA. In this regard, detailed information and documentation must be provided regarding, inter alia, (i) the programme of operations, (ii) the governance arrangements, (iii) the business continuity, (iv) the internal control mechanisms and risk management procedures, (vii) a description of the systems and procedures in place to comply with DORA (Regulation (EU) 2022/2554) and GDPR (Regulation (EU) 2016/679), (viii) the complaints-handling procedures, (ix) a description of the contractual arrangements with the third party entities regarding the reserve of assets and (x) a description of the systems and procedures in place to comply with DORA (Regulation (EU) 2022/2554) and GDPR (Regulation (EU) 2016/679). In addition, as part of the application process, the applicant must submit its crypto-asset white paper and a legal opinion that the ARTs do not qualify either as crypto-assets excluded from the scope of MiCA (such as crypto-assets that qualify as financial instruments within the meaning of MiFID II or NFTs) or EMTs.
  • The applicant’s business model might pose a serious threat to market integrity, financial stability, the smooth operation of payment systems, or exposes the applicant or the sector to serious risks of money laundering and terrorist financing.

Issuers of EMTs

EMTs may only be offered to the public or admitted to trading by authorised credit institutions or electronic money institutions following prior notification and publication of a crypto-asset white paper. The crypto-asset white paper must be notified to the home member state of the issuer of the ART, ie, the member state where the issuer of the ART has its registered office. In the Netherlands, DNB will be the competent authority for supervision of issuers of EMTs.

If certain conditions are met, the EBA may classify EMTs as significant. If such categorisation applies, the issuer of significant EMTs will be supervised by the EBA and will have to comply with certain specific requirements.

Issuers of crypto-assets other than ARTs or EMTs

Under MiCA, there is no requirement to obtain a licence for the issuance of crypto-assets other than ARTs or EMTs or to have these type of crypto-asset admitted to trading. However, issuers of such crypto-assets are subject to certain requirements under MiCA as described below under 4.1.7 Other Regulatory Requirements (eg, such as the prior notification and publication of a crypto-asset white paper). DNB will be the competent authority in the Netherlands for supervising the compliance of such issuer with MiCA.

Licensing requirement for the provision of crypto-asset services

The provision of crypto-asset services is subject to a licensing requirement. This licensing requirement only applies if the crypto-asset services are provided on a professional basis and to clients in the EU. CASPs who have their registered office in the Netherlands must obtain such their licence from the AFM.

Licensed CASPs may provide crypto-asset services throughout the EU, either through the right of establishment, including through a branch, or through the freedom to provide services. To start providing crypto-asset services in other member states, firms must notify the competent authority of their home member state.

Key requirements for obtaining a license from the AFM for the provision of crypto-asset services

The AFM will grant a licence only if:

  • The management body of the applicant does not pose a threat to its effective, sound and prudent management and business continuity, and to the adequate consideration of the interest of its clients and the integrity of the market. In addition, it does not expose the applicant to a serious risk of money laundering or terrorist financing.
  • The members of the management body of the applicant are of sufficiently good repute and possess the appropriate knowledge, skills and experience to perform their duties. This applies both on an individual and collective basis. In addition, they may not have been convicted of offences relating to money laundering or terrorist financing or of any other offences that would affect their good repute. It must also be demonstrated that they are capable of committing sufficient time to effectively perform their duties.
  • The shareholders or members who hold a direct or indirect qualifying holding in the applicant are of sufficiently good repute. In particular, they may not have been convicted offences of money laundering or terrorist financing or of any other offences that would affect their good repute.
  • The applicant does not fail or is unlikely to fail to meet the applicable requirements under MiCA. In this regard, detailed information and documentation must be provided regarding, inter alia, (i) a programme of operations, (ii) proof that the applicant meets the prudential requirements, (iii) governance arrangements, (iv) internal control mechanisms, policies and procedures to identify, assess and manage risks, including money laundering and terrorist financing risks, (v) business continuity plans, (vi) technical documentation of the ICT systems and security arrangements, and a description thereof in non-technical language, (vii) description of the procedure for the segregation of clients’ crypto-assets and funds, (viii) complaints-handling procedures, and (ix) certain specific information depending on the type of crypto-asset services the applicant CASPs intends to provide.

The licensing requirement for the provision of crypto-services does not apply to authorised credit institutions, central securities depositories, investment firms, market operators, electronic money institutions, UCITS management companies or alternative investment fund managers if their licence covers the service similar to crypto asset services for which article 60 of MiCA is relevant. They need to notify the competent authority at least 40 working days before providing those services for the first time. As part of the notification process, detailed information and documentation must be provided demonstrating that the relevant authorised firm will comply with the requirements under MiCA.

General marketing requirements in the Netherlands

In the Netherlands, the Unfair Commercial Practices Act (Wet oneerlijke handelspraktijken) must be observed when marketing services or products (such as crypto services) to consumers. In short, the Unfair Commercial Practices Act states that any information provided must always be correct, clear and not misleading. In addition, the Unfair Commercial Practices Act states that consumers cannot be denied the essential information they need to enter into an agreement. Essential information is information that a consumer needs to make an informed decision. This information cannot be hidden or provided in an unclear, incomprehensible and ambiguous way, or too late.

Specific marketing requirements under MiCA

MiCA sets out requirements for marketing communications relating to (i) an offer to the public of crypto-assets or the admission to trading of such assets and (ii) crypto-asset services.

The following marketing requirements apply for offerors and persons seeking admission to trading of crypto-assets:

  • The information in the marketing communication must be fair, clear and not misleading. It must be consistent with the information in the crypto-asset white paper (where required to be published). In addition, the marketing communication may not be disseminated prior to the publication of the crypto-asset white paper.
  • The marketing communication must be clearly identifiable as such.
  • The marketing communication must clearly state that a crypto-asset white paper has been published (where required) and clearly indicate the address of the website of the issuer as well as telephone number and an email address to contact the issuer.
  • Marketing communications must be updated and published.
  • Depending on the type of crypto-assets, the marketing communication must contain certain specific statements.

There is no requirement to obtain DNB’s prior approval for marketing material. However, DNB may request to be notified of marketing communications relating to the offer to the public or admission to trading of crypto-assets prior to the publication of the marketing communication.

With regard to CASPs, MiCA requires CASPs to provide their clients with information that is fair, clear and not misleading. This also applies to marketing communications, which must be identified as such. In addition, CASPs must not intentionally or negligently mislead a client about the real or perceived benefits of crypto-assets.

In the Netherlands, the Fourth and Fifth Anti-Money Laundering Directives have been implemented in the Wwft. These directives are based on, inter alia, the recommendations of the Financial Action Task Force (FATF).

The Wwft contains AML/CFT requirements for, inter alia, crypto service providers. However, as mentioned above, the scope of the Wwft will be extended to CASPs once MiCA applies to the provision of crypto-asset services.

The Wwft includes obligations relating to customer due diligence, unusual transaction reporting, record keeping and AML/CFT training for staff. It also requires in-scope institutions to conduct regular AML/CFT risk assessments and to establish policies, systems and procedures to mitigate and manage the AML/CFT risks identified. In addition, in-scope institutions with two or more daily policymakers must designate one of them to oversee AML/CFT compliance. Depending on the nature and size of the institution, an independent and effective compliance function and/or internal audit function must also be established.

Both the Wwft and MiCA regimes contain a change of control requirement in the form of DNB’s approval of the holding of a qualifying holding.

As discussed above, a qualifying holding is, in short, any direct or indirect holding in a financial institutions which represents at least 10% of the capital or of the voting rights (or comparable control), or which makes it possible to exercise a significant influence over the management of the financial institution.

Change in Control under the Wwft

Under the Wwft, the acquisition of a qualifying holding in a crypto service provider must be approved by DNB. DNB will grant such an approval if the trustworthiness of the holder of the qualifying holding is beyond doubt. DNB will verify the trustworthiness of a candidate on, among other things, their intentions, actions and antecedents (such as criminal, financial, supervisory and tax compliance related antecedents).

Change in Control under MiCA

Under the regulatory framework underMiCA, a so-called declaration of no-objection (verklaring van geen bezwaar, DNO) must be obtained from DNB for the acquisition of a qualifying holding in a Dutch CASP. This DNO requirement also applies when increasing a qualifying holding or reducing it in such a way that certain thresholds are either exceeded or fallen below. These thresholds are set at 10%, 20%, 30% or 50%. For the issuance of the DNO, DNB will assess the suitability of the proposed acquired and the financial soundness of the proposed acquisition against all of the following criteria:

  • The reputation of the proposed acquirer.
  • The reputation, knowledge, skills and experience of any person who will direct the business of the CASP or the issuer of the ARTs as a result of the proposed acquisition.
  • The financial soundness of the proposed acquirer, in particular, in relation to the type of business envisaged and pursued in respect of the CASP or the issuer of the ART in which the acquisition is proposed.
  • Whether the CASP or the issuer of the ART will be able to comply and continue to comply with the applicable provisions under MiCA.
  • Whether there are reasonable grounds to suspect that, in connection with the proposed acquisition, money laundering or terrorist financing is being or has been committed or attempted, or that the proposed acquisition could increase the risk thereof.

DNB may oppose the issuance of a DNO only where there are reasonable grounds for doing so on the basis of the criteria set out above or where the information provided is incomplete or false.

There are no specific resolution or insolvency requirements/regimes applicable to crypto(-asset) service providers in the Netherlands.

Regulatory Requirements under the Wwft

Under the Wwft, crypto service providers are subject to a limited set of code of business rules. These rules include the requirement to have a transparent control and ownership structure. In addition, crypto service providers are required to have an integrity policy in place to ensure ethical governance. This means that the crypto service provider must have policies and procedures regarding (i) conflicts of interest, (ii) the prevention of criminal offences or other breaches of the law by the crypto service provider or its employees that could damage trust in the crypto service provider, (iii) relationships with customers or third parties that could damage trust in the providers, and (iv) the control of business processes and business risks. In addition, the crypto service provider is required to set up its operational management in such a way as to ensure sound business operations.

Regulatory Requirements under MiCA

Under MiCA, CASPs and issuers of crypto-assets are subject to a comprehensive set of code business and conduct rules. These rules aim to protect the interests of investors as well as the integrity and stability of markets in crypto-assets.

Issuers of all type of crypto-assets

The rules applicable to issuers of crypto-assets depend on the type of token. A key obligation under MiCA is that issuers of all three types of crypto-assets must publish a white paper before offering crypto-assets to the public in order to be admitted to trading. The purpose of the crypto-asset white paper is to provide potential holders of the crypto-asset with information about, among other things, the issuer, the project to be undertaken with the capital raised, the rights and obligations attached to the crypto-asset, the underlying technology used for such crypto-asset, the associated risks and the adverse environmental and climate-related impacts of the consensus mechanism used to issue the crypto-asset.

For the crypto-asset white paper, there is no general requirement for the issuer to have the crypto-asset white paper approved by DNB. This is only different from the case for ARTs, where the approval of the crypto-asset white paper must be obtained from DNB.

An important aspect of MiCA is that issuers of crypto-assets are liable for the information contained in the crypto-asset white paper. Liability arises if the information contained in the crypto-asset white paper is not complete, fair, clear or misleading.

Issuers of crypto-assets other than ARTs and EMTs

Issuers of crypto-assets other than ARTs and EMTs are subject to the following requirements: among other things:

  • marketing communication requirements (see above);
  • disclosure requirements in relation to the result of the offer to the public and safeguarding arrangements;
  • conduct requirements to act honestly, fairly and professionally and to communicate with (prospective) holders in a fair, clear and not misleading manner;
  • requirements relating to conflict of interest; and
  • requirements to maintain all of their systems and security access protocols in conformity with the appropriate EU standards.

Issuers of ARTs

Issuers of ARTs are subject to the following requirements, among other things:

  • reporting requirements in relation to the issuance of the ARTs;
  • restrictions on the issuance of ARTs if certain quantitative thresholds are exceeded;
  • marketing communications requirements (see above);
  • conduct requirements to act honestly, fairly and professionally in the best interest of the holders of the ARTs;
  • disclosure requirements with regard to the amount of ARTs in circulation, the value and composition of the reserve of assets, the audit report and any event that has or is likely to have a significant effect on the value of the ARTs or the reserve of assets;
  • requirements to have complaints-handling procedures in place;
  • requirements with regard to conflict of interests;
  • governance arrangements, and the requirement to notify DNB on changes of the management board of the issuers;
  • prudential requirements;
  • the obligation to have a reserve of assets, composition and management of such reserve of assets;
  • The custody of reserve assets;
  • The investment of the reserve of assets;
  • Prohibition of granting interest;
  • the requirement to have recovery and redemption plans in place; and
  • specific obligations for ARTs that are classified as significant ARTs.

Issuers of EMTs

Issuers of EMTs are subject to the following requirements, among other things:

  • the requirements set out under title 2 and 3 of the E-Money Directive (Directive 2009/110/EC) which relate to prudential requirements, safeguarding of received funds and out-of-court complaint and redress procedures for the settlement of disputes;
  • requirements on the issuance and redeemability of EMTs;
  • prohibition of granting interest;
  • marketing communications requirements (see above);
  • investment of funds received in exchange for EMTs;
  • requirement to have recovery and redemption plans in place;
  • specific obligations for EMTs that are classified as significant EMTs.

CASPs

CASPs are subject to the following requirements, among other things:

  • an obligation to act honestly, fairly and professionally in the best interest of clients;
  • prudential requirements;
  • requirements with regard to governance arrangements;
  • notifying DNB on change of management board;
  • safekeeping of clients’ crypto-assets and funds;
  • requirement to have a complaints-handling procedures;
  • requirement regarding conflicts of interest policy;
  • outsourcing requirements;
  • requirements to have in place a wind-down plan;
  • certain obligations in respect of specific crypto-assets.

In the Netherlands, there is no prohibition for regulated firms and/or investment funds to be exposed to digital assets. As mentioned above, certain types of regulated firms are not required to obtain a licence from the AFM to provide crypto-asset services. Instead, these regulated firms will be required to complete a notification process with the AFM. However, the notification process will only apply to crypto-asset services that are equivalent to the services and activities for which the regulated firms are licensed. The provision of crypto-asset services that are not equivalent to their current activities or services will require authorisation from the AFM or DNB (ie, in case of an EMI). For example, investment firms authorised to provide investment advice under MiFID II will be exempt from the authorisation requirements for the provision of the crypto-asset service of providing advice on crypto-assets. However, such firms would be required to obtain a licence from the AFM to operate a crypto-asset trading platform. Authorised credit institutions, on the other hand, are completely exempt from the licensing requirements. Once they have completed the notification process, they will be able to offer all types of crypto-asset services.

Regulated entities that have completed the notification process for the provision of crypto-asset services are exempt from the prudential requirements under MiCA. In addition, the change of control requirements under MiCA (see above) do not apply to such firms. Please note that such firms will be subject to prudential requirements and change of control requirements under their sector-specific regulatory regime (eg, under MiFID II, AIFMD and CRD IV).

European Regulation (EU) 2022/858 provides for a so-called DLT Pilot Regime. This regime establishes a temporary pilot regime for market infrastructures based on distributed ledger technology (DLT). In particular, the DLT Pilot Regime allows operators of market infrastructures to test DLT in the issuance, trading and settlement of crypto-assets that qualify as financial instruments (ie, tokenised financial instruments) by setting up a new type of market infrastructure, including (i) a DLT multilateral trading facility (DLT MTF), (ii) a DLT settlement system (DLT SS), and (iii) a DLT trading and settlement system (DLT TSS).

Market participants wishing to operate a DLT MTF, DLT SS or DLT TSS must apply to the AFM for authorisation. Authorisation is only available to (i) authorised investment firms and market operators to operate a DLT MTF, (ii) authorised central securities depositories to operate a DLT SS. Institutions that are not already authorised as such will need to apply for authorisation as an investment firm, market operator or CSD in parallel with an application under the DLT Pilot Regime.

As mentioned above, the Dutch legislator has implemented the Fifth Anti-Money Laundering Directive in the Wwft. The Fifth Anti-Money Laundering Directive extended its scope to crypto service providers and introduced a registration requirement for the provision of Exchange Services and Wallet Services. This regulatory regime is based on the recommendations of the Financial Action Task Force (FATF) with respect to virtual asset service providers (VASP).

In addition, the European legislator adopted the Transfer of Funds Regulation 2 (Regulation (EU) 2023/1113), which, among other things, extends the scope of the so-called travel rule to the transfer of crypto-assets. This travel rule is based on FATF recommendations. Under the travel rule, CASPs facilitating the transfer of crypto-assets are required to ensure that such transfer is accompanied by certain information about the initiator and beneficiary.

The AFM and DNB are the regulatory bodies in the Netherlands for businesses or individuals using blockchain.

Currently, DNB is the competent authority to supervise crypto service providers for compliance with the Wwft. However, this will change once MiCA becomes applicable in the Netherlands. Under MiCA, the AFM will be the competent authority to supervise CASPs, while the DNB will be the competent authority to supervise issuers of crypto-assets.

The AFM and DNB take a cautious and prudent regulatory approach to crypto-assets and crypto service providers, emphasising consumer protection, financial stability and compliance with relevant laws. Both regulators aim to strike a balance between encouraging innovation in the crypto space and protecting the financial system and consumers from potential risks associated with crypto services.

There are no self-regulatory organisations or trade groups in the Netherlands that perform regulatory or quasi-regulatory roles with respect to business or individuals using blockchain.

In the Netherlands, no government body has set up a task force or mandated an existing body to investigate the benefits and/or challenges of using blockchain. However, the Netherlands does have the Dutch Blockchain Coalition (DBC), which is a cooperative association of members from government agencies, centres of expertise and the commercial sector. The aim of the DBC is to increase both the knowledge and use of blockchain in the Netherlands, thereby accelerating the decentralisation of digital infrastructure.

To date, there have not been any judicial decision which provide guidance on the interpretation or the establishment of the applicable legal regime to the use of blockchain. In relation to the qualification of blockchain and items related thereto such as cryptocurrencies, there is consensus that it does not qualify as money.

In recent years, DNB has imposed administrative fines on several foreign crypto service providers who, according to DNB, were providing crypto services in the Netherlands without being registered with them. The decisions underlying these fines have helped market participants better understand when, according to DNB, one is considered to be providing crypto services in the Netherlands. According to these decisions, DNB considers the following factors, among others, to be relevant in assessing whether crypto services are provided in the Netherlands: (a) facilitating the Dutch payment method “iDEAL”; (b) explicitly referring to the Netherlands as one of the countries where crypto services are available; (c) making a mobile application available in the Dutch Google Play Store or App Store; and (d) having an affiliate programme in which Dutch (legal) persons participate.

In the absence of specific Dutch legislation addressing the taxation of crypto assets, the general tax principles apply in the Netherlands. A notable distinction within the Dutch income tax system regarding crypto assets is the classification of crypto-related activities and their corresponding taxation under either Box 1 or Box 3 of the Dutch Income Tax Act 2001 (Wet inkomstenbelasting 2001). This classification may depend on the specific circumstances and activities of the individual involved:

Box 1: Taxation for Dutch Individuals Operating Crypto Businesses

When a Dutch individual operates a crypto business or is deemed to operate a business in the context of crypto (including investing and trading beyond a mere hobby, where the individual may expect to derive profit from such a business), any gains are treated as regular taxation in Box 1 which is taxed at progressive rates up to 49.5% (2024 top rate).

Box 3: Taxation for Individual Crypto Investors

For Dutch individuals, the acquisition and ownership of crypto assets including farming, trading and lending should generally be covered under the so-called Box 3 taxation. This Dutch Box 3 taxation prescribes taxation based on a deemed annual increase in value of crypto assets of 6.04% (2024 rate), where individuals are subject to annual taxation of 36% (2024 rate) on the deemed value increase of their entire crypto portfolio (with calculations based on asset values at 1 January of each year).

Corporate Income Tax for Dutch Legal Entities

For Dutch legal entities subject to Dutch corporate income tax, all income derived from cryptocurrency-related activities, including gains from investments, trading, mining, staking, and block rewards, is taxed. Additionally, tokens received by Dutch legal entities from staking or mining cryptocurrency are subject to corporate income tax based on their market value at the time of receipt. In contrast to the taxation method applied in Box 3, cryptocurrency assets should not be subject to annual mark-to-market valuation for Dutch corporate income tax purposes.

Dutch legal entities are taxed at the general Dutch corporate income tax rate of 25.8%, with a lower rate of 19% applying to profits up to EUR200,000 (2024 rates and thresholds).

Under MiCA, issuers of all type of crypto-assets are required to make available a crypto-asset white paper in which, inter alia, information must be included regarding the associated risks and the adverse environmental and climate-related impacts of the consensus mechanism used to issue the crypto-asset. In addition, MiCA requires CASPs to make publicly available, in a prominent place on their website, information related to the principal adverse impacts on the climate and other environment-related adverse impacts of the consensus mechanism used to issue each crypto-asset in relation to which they provide services.

In the Netherlands, the rules with respect to data privacy/data protection follow from the EU General Data Protection Regulation (GDPR) and the Dutch GDPR Implementation Act.

The GDPR applies to any “processing” of “personal data” (except for some limited exceptions such as the processing by a natural person in the course of a purely personal or household activity). Both “processing” and “personal data” are very wide concepts under the GDPR, as (i) “processing” includes any operation or set of operations that can performed on data (eg, collection, storage, use, disclosure and erasure) and (ii) “personal data” means any information relating to an identified or identifiable natural person. Given that the GDPR is drafted in a sector-neutral manner, it also applies to the processing of personal data in the context of blockchain- based products or services.

When the GDPR applies, the entity processing the personal data should determine whether it qualifies as a “data controller” or as a “data processor”. A data controller is the natural or legal public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data (thereby basically determining the “why” and “how” of the processing). A data processor is the natural or legal person, public authority, agency or other body which processes personal data on behalf of the data controller.

Data controllers are primarily responsible for ensuring GDPR compliance, whereas data processors are mostly subject to contractual requirements vis-à-vis the data controller (albeit that the GDPR does impose some direct obligations on data processors as well, eg, ensuring that sufficient security measures are in place). Some main obligations applicable to data controllers are:

  • ensuring that the personal data are collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes;
  • ensuring that the personal data are adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed;
  • ensuring that the personal data are accurate and, where necessary, kept up to date;
  • ensuring that personal data are only processed for as long as necessary for the purposes for which the personal data are processed;
  • complying with requests submitted by individuals to exercise their data subject rights (eg, the right to access to their personal data and to have it erased);
  • where required, notify a personal data breach to the relevant supervisory authority and the affected individuals;
  • providing sufficient information to individuals regarding the processing of their personal data (often through “privacy statements”); and
  • not transferring personal data outside the EEA, unless the transfer can take place in compliance with the requirements set out in Chapter V of the GDPR.

Notably, given the wide territorial scope, also non-EU entities may be subject to the GDPR and the above requirements if they either (i) offer goods or services to individuals in the EU or (ii) monitor the behaviour of individuals in the EU.

In the context of blockchain-based products and services it may be difficult in practice to determine the roles and associated responsibilities of the entities operating in the field under the GDPR (ie, data controller or data processor), as there are use cases where a data controller is difficult to identify. In case of private, permissioned blockchain networks the data controller can be easily identified. However, where blockchain transactions are for example written by the data subjects themselves, this becomes more challenging.

In addition, complying with certain requirements of the GDPR is problematic for entities acting as a data controller. For example, the inherent nature of blockchain makes it difficult to respond to data deletion requests, as blockchain does not allow for the deletion of data. Also, the GDPR restrictions applicable to international transfers of data are often difficult to comply with in practice, as the location of the data cannot always be easily identified or controlled. Although there are ways to comply with the GDPR requirements (eg, storing personal data off chain to allow for the ability to delete such data), some of these solutions may contradict inherent blockchain features.

These issues are discussed in more detail in reports and studies from the EU Blockchain Observatory and Forum, such as the 2018 report named “Blockchain and the GDPR”.

Norton Rose Fulbright LLP

2Amsterdam, 15th floor
Eduard van Beinumstraat 34
Amsterdam
1077 CZ
Netherlands

+31 20 4629 426

floortje.nagelkerke@nortonrosefulbright.com www.nortonrosefulbright.com/
Author Business Card

Law and Practice in Netherlands

Authors



Norton Rose Fulbright boasts a fintech law practice in Amsterdam that is truly multidisciplinary: it leverages the firm's historic strengths in the financial services and technology sectors and brings together lawyers collaborating from across its financial services regulation, banking, insurance, IP/IT, data privacy, corporate/M&A, competition, disputes and tax practices. It advises on all areas of fintech, including, payment systems, blockchain/distributed ledger technology, digital assets and cryptocurrencies, tokenisation, the Metaverse and NFTs, InsurTech, DeFi, BNPL and consumer credit, artificial intelligence, smart contracts, P2P platforms, DAOs, RegTech, fundraisings, global expansion, payments and crypto regulations, acquisitions and investments, market entry and licensing approvals, disputes and investigations, and participation in consortia. The team consists of over 15 lawyers. With fintech experts in more than 50 cities worldwide, Norton Rose Fulbright are well positioned to help clients wherever they conduct business, offering extensive experience and knowledge of regional and international fintech regulations and laws. Our matters regularly involve an international component, requiring us to leverage our network of offices and to deliver seamless legal advice to clients on a global scale.