Contributed By Norton Rose Fulbright
Over the past twelve months, the blockchain market in the Netherlands has experienced remarkable growth. The registration of nine additional crypto service providers with the Dutch Central Bank (De Nederlandsche Bank, DNB) during this period underlines the growing interest in blockchain-related services in the Netherlands. This trend reflects a broader movement towards regulatory compliance and formalisation within the industry, indicating a maturing market that is gaining both user trust and institutional recognition.
At the same time, the bankruptcy of FTX have had a significant impact on the Dutch crypto market. These events have increased regulatory attention on crypto exchanges and blockchain-based financial services. As a result, DNB and the Dutch Authority for the Financial Markets (Stichting Autoriteit Financiële Markten, the AFM) have warned the public several times about the risks associated with trading in cryptocurrency. This has ultimately resulted in DNB imposing administrative fines on several crypto trading platforms targeting the Dutch market without proper authorisation. However, these developments have prompted market participants to enhance their compliance measures, aiming to build trust and ensure user protection in the wake of these collapses.
In the coming period, the Netherlands is preparing for the application of the EU Regulation on Markets in Crypto-Assets (Regulation (EU) 2023/1114, MiCA), which introduces a comprehensive regulatory framework specifically for the issuance and provision of services related to cryptocurrencies. In particular, the AFM has started processing licence applications under MiCA with a welcoming and accommodating approach, assisting market participants to ensure a smooth licensing process. This proactive stance demonstrates the AFM’s commitment to fostering a supportive regulatory environment that encourages innovation and growth in the blockchain sector.
In the Netherlands, blockchain technology is being used in various sectors, with both businesses and consumers engaging in innovative uses of the technology. One of the most notable trends is the rise of crypto trading among Dutch (retail) investors. The Netherlands is home to numerous crypto trading platforms that facilitate crypto (derivative) trading.
In addition to trading platforms, several crypto funds have been registered in the Netherlands in recent years. These funds offer a way for (professional) investors to participate in the crypto market without directly holding individual digital assets. A further notable development in the Dutch blockchain landscape is the registration of the first digital green bond by ABN AMRO on the public blockchain. This pioneering step highlights the potential for further tokenisation of the bond market and possibly other traditional financial instruments.
There are also numerous initiatives outside the financial sector where blockchain technology is currently being tested and utilised. For example, the use of blockchain in (i) event ticketing to enhance security and prevent fraud, (ii) supply chain management to improve transparency and traceability, and (iii) for identification purposes to ensure secure and verifiable digital identities.
Dutch property law does not provide for a bespoke legal framework for the ownership of digital assets that are recorded on a blockchain network, which means that the ownership of the asset must be assessed under general Dutch property law. This assessment is not always easy, as this was not written with digital assets in mind. The qualification also highly depends on the characteristics of each digital asset. For instance, cryptocurrency could be assessed differently than a token that represents a real world asset.
Dutch property law applies to goods (goederen). This includes all objects (zaken) and all property rights (vermogensrecht). Objects are physical items that are subject to human control. It is generally considered that digital assets do not qualify as objects, as they are not physical. There is no case law from the Dutch Supreme Court (Hoge Raad) as to the qualification of digital goods recorded on a blockchain network as a property right, but lower courts have determined that cryptocurrency qualifies as a property right as cryptocurrency represents a value and is transferable. It also appears that a Dutch lower court has determined that an NFT is susceptible to attachment or seizure (beslag), which implies that the NFT is a property right. This means that, depending on the characteristics of the digital asset, it is conceivable that digital assets can qualify as a property right under Dutch law, which means that a person can have ownership in relation to the digital asset.
Ownership and possession of a good, which may include digital assets, is based on the common opinion. When determining the owner of a digital asset, it can be an important indicator who holds the private key relating to that digital asset. However, this will not always be decisive in certain situations. For example, in the event of a bankruptcy, if a bankrupt person transfers a digital asset, the transfer will not be legally valid. However, the blockchain will still record that the transfer is complete.
For the legal transfer of digital assets recorded on a blockchain, it is not prescribed by law that the transfer itself is recorded on the blockchain. Under Dutch law, a legal transfer is completed if the previous owner is authorised to transfer the digital asset, if there is a valid agreement between the parties on the transfer and if the digital asset has actually been transferred. Dutch law does not prescribe a method of delivery for digital assets. The appropriate method of delivery to complete a legal transfer would depend on the underlying type of digital asset. For a digital asset such as Bitcoin, transfer via the blockchain could be an appropriate form of delivery. However, by example for immovable property, Dutch law prescribes that for the delivery thereof, a notarial deed is required, that is registered with a public registry. Suppose a token represents a building as its underlying asset, but the transfer occurs solely via the blockchain without a registered notarial deed. In that case, it appears that ownership would be transferred only for the token, and not the ownership of the building itself. However, such conclusion would depend on the specific circumstances of each case.
In the Netherlands, the characterisation of digital assets is determined by an assessment of their underlying characteristics, functionalities, design and the rights attached to them. This assessment should be made on a case by case basis. Furthermore, the classification of a digital asset should be based on its actual characteristics and not solely on the label given by the issuer.
Depending on their characteristics, functionalities, design and the rights attached to them, digital assets may qualify as:
Depending on their characteristics, certain digital assets may qualify as a “security” within the meaning of the AFS. These type of digital assets are referred to as tokenised securities. A “security” is defined in the AFS as:
According to the AFM, for instruments to be negotiable they need to be “transferable” (overdraagbaar). For this purpose it is not decisive that there is a specific market for the instrument concerned, but rather whether the instrument is negotiable based on its characteristics (ie, is it a standardised instrument). The AFM generally assumes that in case the economic interest in an instrument can be transferred (directly or indirectly) to a third party, the instrument is deemed negotiable. We believe that cryptocurrencies or digital tokens qualifying as securities which are traded on an exchange will be considered to be negotiable.
Another important criterion is whether the digital asset has rights attached to it, eg, shareholder rights (such voting rights or the entitlement to (a portion of) the profit of a company issuing the digital asset) or a claim comparable to that of a shareholder or creditor. If such rights are attached and they are transferable, the cryptocurrencies/digital tokens concerned are likely to qualify as securities within the meaning of the definition under the first bullet point above.
The EU Prospectus Regulation (Regulation (EU) 2017/1129) prohibits anyone from offering securities to the public or admitting securities to trading on a regulated market in the Netherlands (or another EU Member State) without publishing an approved prospectus. This prospectus requirement does not apply where the issuer of the securities can benefit from an exemption to this requirement under the EU Prospectus Regulation. In the Netherlands, the AFM is the competent authority that approves prospectuses. Therefore, a prospectus must be made available, when tokenised securities are offered to the public or admitted to trading on a regulated market in the Netherlands, unless the issuer can benefit from an exemption under the EU Prospectus Regulation.
There is no specific definition of “stablecoins” under Dutch financial regulatory law. However, depending on their characteristics, stablecoins may qualify as (i) virtual currencies within the meaning of Wwft, (ii) e-money within the meaning of the AFS, or (iii) EMTs within the meaning of MiCA.
Virtual Currencies
A discussed above, the definition of virtual currencies under the Wwft should be interpreted broadly and encompasses stablecoins, regardless of whether they are backed by deposits of fiat currency or use an algorithmic formula to maintain their peg. The significance of determining whether a stablecoin qualifies as a virtual currency lies in the regulatory requirements for providing certain services. Under the Wwft, offering services related to virtual currencies requires registration with DNB. This is particularly relevant for services involving the exchange between virtual currencies and fiat currencies (and vice versa), as well as the offering of custodial wallets. For further details, please refer to 4. Blockchain Regulation.
E-money
Stablecoins may also qualify as e-money within the meaning of the AFS. E-money is defined in the AFS as a “monetary value, stored electronically or magnetically, representing by a claim against the issuer, issued in exchange for funds for the purpose of making payment transactions as defined in [the EU Payment Services Directive 2 (Directive 2007/64/EC, the PSD2)], and which is accepted by a natural or legal person other than the electronic money issuer”. The AFS stipulates that any person having its registered office in the Netherlands is prohibited from issuing e-money without a licence granted by DNB for that purposes.
Therefore, if stablecoins are issued in exchange for fiat currencies, they represent a claim against the issuer and can be used to make payments to natural or legal persons other than the issuer of the stablecoins, such coins will qualify as e-money within the meaning of the AFS. As a result, the issuance of such stablecoins requires a licence from DNB. Pursuant to MiCA, stablecoins that qualify as EMTs (see below) are deemed to be e-money within the meaning of the AFS.
EMTs
Under MiCA, EMTs relate to a type of crypto-asset that purports to maintain a stable value by referencing the value of an official currency. EMTs include both stablecoins which are backed by deposits of fiat currency and “algorithmic” stablecoins. Pursuant to MiCA, EMTs may be offered to the public or admitted to trading only by authorised credit institutions or electronic money institutions following prior notification and publication of a crypto-asset white paper. For further information, please refer to 4. Blockchain Regulation.
Depending on their characteristics, NFTs may qualify as virtual currencies under the Wwft (see 2.2 Categorisation). Furthermore, it is important to note that MiCA explicitly excludes from its scope crypto-assets that are unique and not fungible. This means that ‘genuine’ NFTs are not regulated by MiCA. A case-by-case assessment is necessary to determine whether a particular digital asset qualifies as an NFT exempted under MiCA. In its consultation paper on the draft guidelines for the qualification of crypto-assets as financial instruments, ESMA provides several conditions and criteria for determining whether a digital asset qualifies as an exempt NFT. The following should be taken into account in such an assessment:
There is no prohibition in the Netherlands against using cryptocurrencies for payments. However, recipients may refuse payments made in cryptocurrencies and there is no obligation to accept cryptocurrencies as payment.
As set out in 2.1 Ownership, there is no bespoke legal framework for the ownership of digital assets. This also applies to the use of digital assets in collateral arrangements. This means that the use of digital assets in collateral arrangements should be assessed under general Dutch property law. General Dutch property law does not specifically consider digital assets. Integrating digital assets into a legal system established before their existence can be challenging. Whether digital assets can be used as collateral, depends on the characteristics of the underlying digital asset. This is irrespective of whether digital assets are a useful form of collateral, as their value can fluctuate greatly.
As explained in 2.1 Ownership, a digital asset could potentially qualify as a ‘good’ under Dutch law. If a digital asset qualifies as a good, this would entail that such digital asset could also be subject to a pledge (pandrecht) and thus used as collateral. However, there is no guidance from the Dutch legislator or in case law that confirms that it is possible to create a right of pledge over digital assets and if so, how a pledge on digital asset should take form. Such pledge can be established in the same way as the underlying good should be delivered. For the creation of a pledge of digital assets such as bitcoin, it is not unthinkable that this can be established by a deed between the pledgor and the pledgee. Dutch law does not prescribe that such deed should be recorded on the blockchain.
Creating a pledge over digital assets and the execution thereof raises some practical issues. The pledged digital assets could remain with the pledgor, or could be held by the pledgee. Alternatively, the pledged digital assets could be held by a third party custodian. If the pledgee holds the private key over de digital assets, it can, when needed, proceed to execute the digital assets. However, if the pledged digital assets are held by the pledgor or a third party custodian that holds the private key, the pledgee would need the cooperation of this person before it can proceed to execute the digital assets. This means that there is a risk that the pledgee, despite being entitled to do so, might not be able to execute the pledged digital assets.
In the Netherlands, there are no laws or regulations addressing the legal enforceability of smart contracts, being private contractual arrangements made in whole or in part utilising agreed-upon computer code that executes multiple “nodes” on a blockchain-based network. In addition, there is no case law or guidance in this regard. This means that their validity should be assessed under general Dutch contract law.
Depending on the content of the smart contract, the smart contract can be viewed either as the agreement itself or instead as the execution of an agreement, where that underlying agreement is laid down elsewhere. Certain legal issues may arise with regard to agreement that are laid down in a smart contract or executed by a smart contract. According to Dutch law, most agreements are in principle free of form, which means that they can also be laid down in computer code. However, as such computer code is generally not readable for persons, it can be argued that the obligations are not sufficiently defined if they are not clearly defined elsewhere.
Another example of an issue that may arise is with regard to the termination of the smart contract that executes an agreement. Dutch law prescribes that under certain conditions, a counterparty is allowed to terminate an (ongoing) agreement. However, if the technicalities of the smart contract does not allow for such a termination option because it is set up to ensure that the agreement will continue for a certain number of years, it can be that it is not possible to terminate the contract from a practical perspective, as it is not possible to modify the contract, even though the counterparty is legally entitled thereto.
The Dutch financial regulatory framework adopts a technology neutral approach, which means that if a digital asset fits within an existing financial regulatory framework, it will be subject to that framework. For example, if the digital assets qualify as financial instruments, any related service will be subject to the AFS. Similarly, if the digital assets qualify as securities, its issuance will in principle be subject to the European Prospectus Regulation.
In addition to the existing financial regulatory framework, the Netherlands has adopted a specific framework for certain market participants offering services related to blockchain technology or digital assets. This regime applies to so-called crypto service providers (cryptodienstverleners) and is outlined in the Wwft, which implements the Fourth and Fifth Anti-Money Laundering Directives (Directive (EU) 2015/849 and Directive (EU) 2018/843). The aim of this regulatory regime is to prevent crypto service providers from being used for money laundering and terrorist financing, thereby safeguarding the integrity of financial markets. As such, the Wwft primarily imposes anti-money laundering and combatting the financing of terrorism (AML/CFT) requirements on crypto service providers.
However, the regime under the Wwft for crypto service providers will be replaced by MiCA. MiCA provides for a comprehensive and harmonised European regulatory framework for crypto-assets and related services with the aim of, inter alia, protecting consumers, enhancing legal certainty and promoting market integrity across Europe.
As a European regulation, MiCA will be directly applicable in the Netherlands without the need for transposition into Dutch law. MiCA will gradually come into force throughout the EU from 30 June 2024, with most of MiCA’s requirements applicable from 1 January 2025 (however please note that transitional regimes may differ in the different EU member states). The regime under the Wwft for crypto service providers will be applicable until 1 January 2025.
Lastly, the European Regulation (EU) 2022/858, which is directly applicable in the Netherlands, provides for a so-called DLT Pilot Regime. This regime establishes a temporary pilot regime for market infrastructures based on distributed ledger technology (DLT). In particular, the DLT Pilot Regime allows operators of financial market infrastructures to test DLT in the issuance, trading and settlement of crypto-assets that qualify as financial instruments (ie, tokenised financial instruments) by setting up a new type of market infrastructure, including (i) a DLT multilateral trading facility (DLT MTF), (ii) a DLT settlement system (DLT SS), and (iii) a DLT trading and settlement system (DLT TSS) (which will be further discussed in 4.3 Regulatory Sandbox).
Currently, there are no licensing requirements in the Netherlands for services related to or the issuance of digital assets, provided that these assets do not qualify as financial instruments, or financial products under the AFS. However, the Wwft does contain a registration requirement for digital assets that qualify as virtual currencies. As discussed above, the regulatory regime under the Wwft for virtual currencies will be replaced by MiCA, which introduces licensing requirements for the issuance of certain crypto-assets and certain related services. In the following, we will discuss the registration requirement under the Wwft and the licensing requirement under MiCA. For the sake of completeness, if digital assets qualify as financial instruments or financial products, licensing requirements may apply under the existing regulatory framework of the AFS.
The Wwft
Registration requirement
Under the Wwft, it is prohibited to provide crypto services in or from the Netherlands without being registered as a crypto service provider with DNB. This registration requirement is only triggered if the services are provided on a professional or commercial basis.
Virtual currencies
Crypto services within the meaning of the Wwft relate to virtual currencies. The definition of “virtual currencies” is very broad (as discussed in 2. Digital Assets) and includes cryptocurrencies such as Bitcoin, Ether and USDC.
Crypto services
The following two types of services are considered crypto services for purposes of the Wwft:
In or from the Netherlands
The registration requirement for crypto service providers under the Wwft is triggered if the services are provided “from” or “in” the Netherlands.
Crypto services are deemed to be provided “from” the Netherlands if they are provided from an establishment based in the Netherlands, regardless of whether the crypto services are provided “in” the Netherlands or only abroad.
Whether crypto services are considered to be provided “in” the Netherlands depends on a number of factors which have been derived from the Pammer & Alpenhof cases of the Court of Justice of the EU (Court of Justice of the EU, 7 December 2021/C-585/08 and C-144/09). One important consideration is that a provider must have expressed an intention to establish commercial relations with customers in the Netherlands. This means that, for example, providing information about crypto services in the Dutch language, having a section of the website dedicated to Dutch users and paying search engine service providers to display online advertisements relating to the crypto services in the Netherlands are likely to lead to the conclusion that crypto services are provided in the Netherlands.
DNB takes a strict approach when assessing whether a party is providing crypto services in the Netherlands. This is also illustrated by the administrative fines DNB has imposed in recent years on several foreign crypto service providers. It follows from the decisions underlying these fines that DNB considers the following factors, inter alia, to be relevant in assessing whether crypto services are provided in the Netherlands: (a) facilitating the Dutch payment method “iDEAL”; (b) explicitly referring to the Netherlands as one of the countries in which crypto services are available; (c) making available a mobile application in the Dutch Google Play Store or App Store; and (d) having an affiliate programme in which Dutch (legal) persons participate.
Key requirements for registration
DNB will only register a market participant as a crypto service provider if:
The Wwft does not provide for a passporting regime for crypto service providers. This means that crypto service providers registered with DNB that wish to provide crypto services in other EU Member States must obtain authorisation under the local laws of each EU Member State in which they wish to provide crypto services.
We note that the court of Rotterdam, in its rulings on 4 October 2023 (ECLI:NL:RBROT:2023:9153 and ECLI:NL:RBROT:2023:9157), determined that DNB’s assessment of registration applications is contrary to the scope of the Fourth and Fifth Anti-Money Laundering Directives. In addition, market participants generally view the crypto registration process with DNB as equivalent to, and sometimes even more time-consuming and cumbersome than, a PSD2 licensing application. Please note that DNB currently recommends parties to apply for the MiCA licence with the AFM (please see hereafter) as it is expected they will not be able to process the registration in time to be still relevance.
MiCA
Licensing requirements
MiCA provides for a licensing requirement in relation to:
Crypto-assets
As discussed in 2. Digital Assets, MiCA defines crypto-assets as “a digital representation of a value or of a right that is able to be transferred and stored electronically using distributed ledger technology or similar technology.” MiCA distinguishes between the following four types of crypto-assets: (i) EMTs, (ii) ARTs, (iii) crypto-assets that are not EMTs or Arts, and (iv) utility tokens.
MiCA does not apply to crypto-assets that already fall within the scope of existing regulatory frameworks. For example, this includes crypto-assets that qualify as (a) financial instruments under MiFID II and (b) funds under PSD 2, unless such funds qualify as EMTs. In addition, MiCA does not apply to crypto-assets to “genuine” NFTs.
Crypto-asset services
MiCA distinguishes the following types of crypto-asset services:
This crypto-asset service entails the CASP buying or selling crypto-assets on behalf of clients. For example, it may involve placing an order on a crypto-asset trading platform on the behalf of the client.
MiCA applies to natural and legal persons and certain other undertakings that provide crypto-asset services on a professional basis. This applies even if the crypto-asset services are provided in a partially decentralised manner. However, crypto-asset services provided in a fully decentralised manner, without the involvement of an intermediary, are not covered by MiCA. This means that decentralised finance (DeFi) and dApps are excluded from the scope of MiCA if they are provided in a fully decentralised manner without the involvement of an intermediary.
Licensing requirement for issuers of ARTs
Issuers of ARTs are in principle required to obtain a licence from the competent authority of their home Member State in order to be permitted to make an offer to the public or to seek admission to trading of ARTs within the EU. This licensing requirement does not apply to EU authorised credit institutions, provided that (i) they have notified the competent authority of their home Member State at least 90 working days before the issuing of the ARTs for the first time, and (ii) they make available a crypto-asset white paper approved by the respective competent authority.
The home Member State of an issuer of an ART is the Member State in which the issuer of the ART has its registered office. In the Netherlands, DNB will be the competent authority, meaning that an issuer of ARTs that has its registered office in the Netherlands must obtain a licence from DNB to issue ARTs.
The licence obtained by DNB for the issuance of ARTs is valid for the entire EU.
If certain conditions are met, the European Banking Authority (EBA) may classify ARTs as significant. If such categorisation applies, the issuer of significant ARTs will be supervised by the EBA and will have to comply with certain specific requirements.
Key requirements for obtaining a license from DNB for the offer to the public and admission to trading of ARTs
DNB will only grant a license if:
Issuers of EMTs
EMTs may only be offered to the public or admitted to trading by authorised credit institutions or electronic money institutions following prior notification and publication of a crypto-asset white paper. The crypto-asset white paper must be notified to the home member state of the issuer of the ART, ie, the member state where the issuer of the ART has its registered office. In the Netherlands, DNB will be the competent authority for supervision of issuers of EMTs.
If certain conditions are met, the EBA may classify EMTs as significant. If such categorisation applies, the issuer of significant EMTs will be supervised by the EBA and will have to comply with certain specific requirements.
Issuers of crypto-assets other than ARTs or EMTs
Under MiCA, there is no requirement to obtain a licence for the issuance of crypto-assets other than ARTs or EMTs or to have these type of crypto-asset admitted to trading. However, issuers of such crypto-assets are subject to certain requirements under MiCA as described below under 4.1.7 Other Regulatory Requirements (eg, such as the prior notification and publication of a crypto-asset white paper). DNB will be the competent authority in the Netherlands for supervising the compliance of such issuer with MiCA.
Licensing requirement for the provision of crypto-asset services
The provision of crypto-asset services is subject to a licensing requirement. This licensing requirement only applies if the crypto-asset services are provided on a professional basis and to clients in the EU. CASPs who have their registered office in the Netherlands must obtain such their licence from the AFM.
Licensed CASPs may provide crypto-asset services throughout the EU, either through the right of establishment, including through a branch, or through the freedom to provide services. To start providing crypto-asset services in other member states, firms must notify the competent authority of their home member state.
Key requirements for obtaining a license from the AFM for the provision of crypto-asset services
The AFM will grant a licence only if:
The licensing requirement for the provision of crypto-services does not apply to authorised credit institutions, central securities depositories, investment firms, market operators, electronic money institutions, UCITS management companies or alternative investment fund managers if their licence covers the service similar to crypto asset services for which article 60 of MiCA is relevant. They need to notify the competent authority at least 40 working days before providing those services for the first time. As part of the notification process, detailed information and documentation must be provided demonstrating that the relevant authorised firm will comply with the requirements under MiCA.
General marketing requirements in the Netherlands
In the Netherlands, the Unfair Commercial Practices Act (Wet oneerlijke handelspraktijken) must be observed when marketing services or products (such as crypto services) to consumers. In short, the Unfair Commercial Practices Act states that any information provided must always be correct, clear and not misleading. In addition, the Unfair Commercial Practices Act states that consumers cannot be denied the essential information they need to enter into an agreement. Essential information is information that a consumer needs to make an informed decision. This information cannot be hidden or provided in an unclear, incomprehensible and ambiguous way, or too late.
Specific marketing requirements under MiCA
MiCA sets out requirements for marketing communications relating to (i) an offer to the public of crypto-assets or the admission to trading of such assets and (ii) crypto-asset services.
The following marketing requirements apply for offerors and persons seeking admission to trading of crypto-assets:
There is no requirement to obtain DNB’s prior approval for marketing material. However, DNB may request to be notified of marketing communications relating to the offer to the public or admission to trading of crypto-assets prior to the publication of the marketing communication.
With regard to CASPs, MiCA requires CASPs to provide their clients with information that is fair, clear and not misleading. This also applies to marketing communications, which must be identified as such. In addition, CASPs must not intentionally or negligently mislead a client about the real or perceived benefits of crypto-assets.
In the Netherlands, the Fourth and Fifth Anti-Money Laundering Directives have been implemented in the Wwft. These directives are based on, inter alia, the recommendations of the Financial Action Task Force (FATF).
The Wwft contains AML/CFT requirements for, inter alia, crypto service providers. However, as mentioned above, the scope of the Wwft will be extended to CASPs once MiCA applies to the provision of crypto-asset services.
The Wwft includes obligations relating to customer due diligence, unusual transaction reporting, record keeping and AML/CFT training for staff. It also requires in-scope institutions to conduct regular AML/CFT risk assessments and to establish policies, systems and procedures to mitigate and manage the AML/CFT risks identified. In addition, in-scope institutions with two or more daily policymakers must designate one of them to oversee AML/CFT compliance. Depending on the nature and size of the institution, an independent and effective compliance function and/or internal audit function must also be established.
Both the Wwft and MiCA regimes contain a change of control requirement in the form of DNB’s approval of the holding of a qualifying holding.
As discussed above, a qualifying holding is, in short, any direct or indirect holding in a financial institutions which represents at least 10% of the capital or of the voting rights (or comparable control), or which makes it possible to exercise a significant influence over the management of the financial institution.
Change in Control under the Wwft
Under the Wwft, the acquisition of a qualifying holding in a crypto service provider must be approved by DNB. DNB will grant such an approval if the trustworthiness of the holder of the qualifying holding is beyond doubt. DNB will verify the trustworthiness of a candidate on, among other things, their intentions, actions and antecedents (such as criminal, financial, supervisory and tax compliance related antecedents).
Change in Control under MiCA
Under the regulatory framework underMiCA, a so-called declaration of no-objection (verklaring van geen bezwaar, DNO) must be obtained from DNB for the acquisition of a qualifying holding in a Dutch CASP. This DNO requirement also applies when increasing a qualifying holding or reducing it in such a way that certain thresholds are either exceeded or fallen below. These thresholds are set at 10%, 20%, 30% or 50%. For the issuance of the DNO, DNB will assess the suitability of the proposed acquired and the financial soundness of the proposed acquisition against all of the following criteria:
DNB may oppose the issuance of a DNO only where there are reasonable grounds for doing so on the basis of the criteria set out above or where the information provided is incomplete or false.
There are no specific resolution or insolvency requirements/regimes applicable to crypto(-asset) service providers in the Netherlands.
Regulatory Requirements under the Wwft
Under the Wwft, crypto service providers are subject to a limited set of code of business rules. These rules include the requirement to have a transparent control and ownership structure. In addition, crypto service providers are required to have an integrity policy in place to ensure ethical governance. This means that the crypto service provider must have policies and procedures regarding (i) conflicts of interest, (ii) the prevention of criminal offences or other breaches of the law by the crypto service provider or its employees that could damage trust in the crypto service provider, (iii) relationships with customers or third parties that could damage trust in the providers, and (iv) the control of business processes and business risks. In addition, the crypto service provider is required to set up its operational management in such a way as to ensure sound business operations.
Regulatory Requirements under MiCA
Under MiCA, CASPs and issuers of crypto-assets are subject to a comprehensive set of code business and conduct rules. These rules aim to protect the interests of investors as well as the integrity and stability of markets in crypto-assets.
Issuers of all type of crypto-assets
The rules applicable to issuers of crypto-assets depend on the type of token. A key obligation under MiCA is that issuers of all three types of crypto-assets must publish a white paper before offering crypto-assets to the public in order to be admitted to trading. The purpose of the crypto-asset white paper is to provide potential holders of the crypto-asset with information about, among other things, the issuer, the project to be undertaken with the capital raised, the rights and obligations attached to the crypto-asset, the underlying technology used for such crypto-asset, the associated risks and the adverse environmental and climate-related impacts of the consensus mechanism used to issue the crypto-asset.
For the crypto-asset white paper, there is no general requirement for the issuer to have the crypto-asset white paper approved by DNB. This is only different from the case for ARTs, where the approval of the crypto-asset white paper must be obtained from DNB.
An important aspect of MiCA is that issuers of crypto-assets are liable for the information contained in the crypto-asset white paper. Liability arises if the information contained in the crypto-asset white paper is not complete, fair, clear or misleading.
Issuers of crypto-assets other than ARTs and EMTs
Issuers of crypto-assets other than ARTs and EMTs are subject to the following requirements: among other things:
Issuers of ARTs
Issuers of ARTs are subject to the following requirements, among other things:
Issuers of EMTs
Issuers of EMTs are subject to the following requirements, among other things:
CASPs
CASPs are subject to the following requirements, among other things:
In the Netherlands, there is no prohibition for regulated firms and/or investment funds to be exposed to digital assets. As mentioned above, certain types of regulated firms are not required to obtain a licence from the AFM to provide crypto-asset services. Instead, these regulated firms will be required to complete a notification process with the AFM. However, the notification process will only apply to crypto-asset services that are equivalent to the services and activities for which the regulated firms are licensed. The provision of crypto-asset services that are not equivalent to their current activities or services will require authorisation from the AFM or DNB (ie, in case of an EMI). For example, investment firms authorised to provide investment advice under MiFID II will be exempt from the authorisation requirements for the provision of the crypto-asset service of providing advice on crypto-assets. However, such firms would be required to obtain a licence from the AFM to operate a crypto-asset trading platform. Authorised credit institutions, on the other hand, are completely exempt from the licensing requirements. Once they have completed the notification process, they will be able to offer all types of crypto-asset services.
Regulated entities that have completed the notification process for the provision of crypto-asset services are exempt from the prudential requirements under MiCA. In addition, the change of control requirements under MiCA (see above) do not apply to such firms. Please note that such firms will be subject to prudential requirements and change of control requirements under their sector-specific regulatory regime (eg, under MiFID II, AIFMD and CRD IV).
European Regulation (EU) 2022/858 provides for a so-called DLT Pilot Regime. This regime establishes a temporary pilot regime for market infrastructures based on distributed ledger technology (DLT). In particular, the DLT Pilot Regime allows operators of market infrastructures to test DLT in the issuance, trading and settlement of crypto-assets that qualify as financial instruments (ie, tokenised financial instruments) by setting up a new type of market infrastructure, including (i) a DLT multilateral trading facility (DLT MTF), (ii) a DLT settlement system (DLT SS), and (iii) a DLT trading and settlement system (DLT TSS).
Market participants wishing to operate a DLT MTF, DLT SS or DLT TSS must apply to the AFM for authorisation. Authorisation is only available to (i) authorised investment firms and market operators to operate a DLT MTF, (ii) authorised central securities depositories to operate a DLT SS. Institutions that are not already authorised as such will need to apply for authorisation as an investment firm, market operator or CSD in parallel with an application under the DLT Pilot Regime.
As mentioned above, the Dutch legislator has implemented the Fifth Anti-Money Laundering Directive in the Wwft. The Fifth Anti-Money Laundering Directive extended its scope to crypto service providers and introduced a registration requirement for the provision of Exchange Services and Wallet Services. This regulatory regime is based on the recommendations of the Financial Action Task Force (FATF) with respect to virtual asset service providers (VASP).
In addition, the European legislator adopted the Transfer of Funds Regulation 2 (Regulation (EU) 2023/1113), which, among other things, extends the scope of the so-called travel rule to the transfer of crypto-assets. This travel rule is based on FATF recommendations. Under the travel rule, CASPs facilitating the transfer of crypto-assets are required to ensure that such transfer is accompanied by certain information about the initiator and beneficiary.
The AFM and DNB are the regulatory bodies in the Netherlands for businesses or individuals using blockchain.
Currently, DNB is the competent authority to supervise crypto service providers for compliance with the Wwft. However, this will change once MiCA becomes applicable in the Netherlands. Under MiCA, the AFM will be the competent authority to supervise CASPs, while the DNB will be the competent authority to supervise issuers of crypto-assets.
The AFM and DNB take a cautious and prudent regulatory approach to crypto-assets and crypto service providers, emphasising consumer protection, financial stability and compliance with relevant laws. Both regulators aim to strike a balance between encouraging innovation in the crypto space and protecting the financial system and consumers from potential risks associated with crypto services.
There are no self-regulatory organisations or trade groups in the Netherlands that perform regulatory or quasi-regulatory roles with respect to business or individuals using blockchain.
In the Netherlands, no government body has set up a task force or mandated an existing body to investigate the benefits and/or challenges of using blockchain. However, the Netherlands does have the Dutch Blockchain Coalition (DBC), which is a cooperative association of members from government agencies, centres of expertise and the commercial sector. The aim of the DBC is to increase both the knowledge and use of blockchain in the Netherlands, thereby accelerating the decentralisation of digital infrastructure.
To date, there have not been any judicial decision which provide guidance on the interpretation or the establishment of the applicable legal regime to the use of blockchain. In relation to the qualification of blockchain and items related thereto such as cryptocurrencies, there is consensus that it does not qualify as money.
In recent years, DNB has imposed administrative fines on several foreign crypto service providers who, according to DNB, were providing crypto services in the Netherlands without being registered with them. The decisions underlying these fines have helped market participants better understand when, according to DNB, one is considered to be providing crypto services in the Netherlands. According to these decisions, DNB considers the following factors, among others, to be relevant in assessing whether crypto services are provided in the Netherlands: (a) facilitating the Dutch payment method “iDEAL”; (b) explicitly referring to the Netherlands as one of the countries where crypto services are available; (c) making a mobile application available in the Dutch Google Play Store or App Store; and (d) having an affiliate programme in which Dutch (legal) persons participate.
In the absence of specific Dutch legislation addressing the taxation of crypto assets, the general tax principles apply in the Netherlands. A notable distinction within the Dutch income tax system regarding crypto assets is the classification of crypto-related activities and their corresponding taxation under either Box 1 or Box 3 of the Dutch Income Tax Act 2001 (Wet inkomstenbelasting 2001). This classification may depend on the specific circumstances and activities of the individual involved:
Box 1: Taxation for Dutch Individuals Operating Crypto Businesses
When a Dutch individual operates a crypto business or is deemed to operate a business in the context of crypto (including investing and trading beyond a mere hobby, where the individual may expect to derive profit from such a business), any gains are treated as regular taxation in Box 1 which is taxed at progressive rates up to 49.5% (2024 top rate).
Box 3: Taxation for Individual Crypto Investors
For Dutch individuals, the acquisition and ownership of crypto assets including farming, trading and lending should generally be covered under the so-called Box 3 taxation. This Dutch Box 3 taxation prescribes taxation based on a deemed annual increase in value of crypto assets of 6.04% (2024 rate), where individuals are subject to annual taxation of 36% (2024 rate) on the deemed value increase of their entire crypto portfolio (with calculations based on asset values at 1 January of each year).
Corporate Income Tax for Dutch Legal Entities
For Dutch legal entities subject to Dutch corporate income tax, all income derived from cryptocurrency-related activities, including gains from investments, trading, mining, staking, and block rewards, is taxed. Additionally, tokens received by Dutch legal entities from staking or mining cryptocurrency are subject to corporate income tax based on their market value at the time of receipt. In contrast to the taxation method applied in Box 3, cryptocurrency assets should not be subject to annual mark-to-market valuation for Dutch corporate income tax purposes.
Dutch legal entities are taxed at the general Dutch corporate income tax rate of 25.8%, with a lower rate of 19% applying to profits up to EUR200,000 (2024 rates and thresholds).
Under MiCA, issuers of all type of crypto-assets are required to make available a crypto-asset white paper in which, inter alia, information must be included regarding the associated risks and the adverse environmental and climate-related impacts of the consensus mechanism used to issue the crypto-asset. In addition, MiCA requires CASPs to make publicly available, in a prominent place on their website, information related to the principal adverse impacts on the climate and other environment-related adverse impacts of the consensus mechanism used to issue each crypto-asset in relation to which they provide services.
In the Netherlands, the rules with respect to data privacy/data protection follow from the EU General Data Protection Regulation (GDPR) and the Dutch GDPR Implementation Act.
The GDPR applies to any “processing” of “personal data” (except for some limited exceptions such as the processing by a natural person in the course of a purely personal or household activity). Both “processing” and “personal data” are very wide concepts under the GDPR, as (i) “processing” includes any operation or set of operations that can performed on data (eg, collection, storage, use, disclosure and erasure) and (ii) “personal data” means any information relating to an identified or identifiable natural person. Given that the GDPR is drafted in a sector-neutral manner, it also applies to the processing of personal data in the context of blockchain- based products or services.
When the GDPR applies, the entity processing the personal data should determine whether it qualifies as a “data controller” or as a “data processor”. A data controller is the natural or legal public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data (thereby basically determining the “why” and “how” of the processing). A data processor is the natural or legal person, public authority, agency or other body which processes personal data on behalf of the data controller.
Data controllers are primarily responsible for ensuring GDPR compliance, whereas data processors are mostly subject to contractual requirements vis-à-vis the data controller (albeit that the GDPR does impose some direct obligations on data processors as well, eg, ensuring that sufficient security measures are in place). Some main obligations applicable to data controllers are:
Notably, given the wide territorial scope, also non-EU entities may be subject to the GDPR and the above requirements if they either (i) offer goods or services to individuals in the EU or (ii) monitor the behaviour of individuals in the EU.
In the context of blockchain-based products and services it may be difficult in practice to determine the roles and associated responsibilities of the entities operating in the field under the GDPR (ie, data controller or data processor), as there are use cases where a data controller is difficult to identify. In case of private, permissioned blockchain networks the data controller can be easily identified. However, where blockchain transactions are for example written by the data subjects themselves, this becomes more challenging.
In addition, complying with certain requirements of the GDPR is problematic for entities acting as a data controller. For example, the inherent nature of blockchain makes it difficult to respond to data deletion requests, as blockchain does not allow for the deletion of data. Also, the GDPR restrictions applicable to international transfers of data are often difficult to comply with in practice, as the location of the data cannot always be easily identified or controlled. Although there are ways to comply with the GDPR requirements (eg, storing personal data off chain to allow for the ability to delete such data), some of these solutions may contradict inherent blockchain features.
These issues are discussed in more detail in reports and studies from the EU Blockchain Observatory and Forum, such as the 2018 report named “Blockchain and the GDPR”.
2Amsterdam, 15th floor
Eduard van Beinumstraat 34
Amsterdam
1077 CZ
Netherlands
+31 20 4629 426
floortje.nagelkerke@nortonrosefulbright.com www.nortonrosefulbright.com/