An extract from The Virtual Currency Regulation Review, 3rd Edition

Introduction to the legal and regulatory framework

As early as 2013 – shortly after virtual currencies gained public attention and the first investor risk warnings could be heard2 – the German financial regulatory authority (BaFin) was quick to bring virtual currencies like Bitcoin within the general financial services licensing scheme (see Section III.i). Distributed ledger technology (DLT) has developed since, and brought with it various business models based on a multitude of tradable token types as digital representations of value.

While Germany has no specific regulatory framework for virtual currencies and other virtual assets in place yet, the general financial regulatory regime applies instead, and brings various types of DLT tokens within the ambit of capital markets, banking, financial services, anti-money laundering (AML) and other laws. In some aspects, the application of these legal regimes for virtual currencies will be clarified in the near future (e.g., qualification of certain tokens and AML obligations) or is envisaged to be clarified by the legislature (e.g., use of digital registers for dematerialised securities). BaFin itself, in line with the European Union, emphasises a reasonable approach, aiming to eliminate risks to financial stability and consumers through virtual currencies, while not stifling innovation. However, the complexity of this regulatory regime with numerous and partially overlapping German and EU sources of law, as well as the initial lack of clarity in regulatory guidance by BaFin and the European Securities and Markets Authority (ESMA),3 have led to some legal uncertainty. Regulators meanwhile acknowledge the wide variety of cryptoassets and seem to keep pace with new guidance,4 emphasising the need for a case-by-case analysis, a technology-neutral approach, and a level playing field for similar activities and assets regardless of their form.5 However, a clear overall picture for the vast number of applications and business models is only emerging slowly. This may be exacerbated by the lack of EU-wide regulation or, where such regulation exists, some leeway for and differences in national implementation by EU Member States.

As a basis for this chapter, we make a distinction between three types of tokens that has proven useful in practice, namely:

  1. cryptocurrency tokens, which are mainly designed as a means of payment or store of value, and thus shall serve as decentralised virtual currencies for transactions with third parties or marketplaces (with Bitcoin as the prominent example);
  2. security tokens, which confer upon their holders access to future profits, interest or possibly some control rights over the issuer (e.g., voting rights on certain business decisions, projects, investments), and are therefore in their function similar to rights typically conferred by securities; and
  3. utility tokens, which do not entitle the holder to payment, but confer access to certain products or services (e.g., specific functions of the respective DLT network) that may already exist or will be developed in the future. Provided that the tokens can be traded on secondary markets, however, holders also may generate profits from the sale of utility tokens.

This classification provides a mere rule of thumb, as hybrid token forms can be easily designed and exist in various business models. Utility tokens especially may take such hybrid forms if their value proposition is not mainly access to services, but also depends on future developments and thus may have a speculative investment component driven by profit expectations through subsequent sales on secondary markets. For such tokens, the regulatory regime is briefly as follows:

  1. cryptocurrency tokens are regulated under banking laws (but are not considered securities) and related services may require a licence in Germany;
  2. security tokens are now also regulated under banking laws and they will often be considered securities, which means various capital market and investment laws (with prospectus requirements) may apply;
  3. the regulatory treatment of utility tokens is rather unclear, with good arguments that their service-related (rather investment-related) characteristics justify not applying capital market laws, since typical investor information asymmetries are not concerned; and
  4. AML rules may apply to all of them.

In any case, the German regulator will engage in an individual case-by-case assessment based on the specific functional token design (form follows function).6

Securities and investment laws

This section provides an overview of the qualification of tokens under securities laws, prospectus requirements and liability, asset management regulation and market integrity laws.

i General qualification of tokens under securities laws

The qualification of tokens as financial instruments and, in particular, securities under the securities laws constitutes the linchpin for the application of any financial and capital market regulation. Under German and European law, a commonly accepted or uniform definition of the notion of a security – such as the Howey test under US securities laws7 – does not exist. Any legal assessment of cryptocurrency tokens, security tokens or utility tokens therefore applies only with respect to the corresponding legal act.

Within an increasingly interlinked framework of EU financial regulation, the revised EU Markets in Financial Instruments Directive 2014/65/EU (MiFID II) constitutes the central reference point, as most EU regulatory acts – including prospectus laws and market abuse laws – refer to the MiFID definition of financial instruments. Under Germany's securities and banking laws, however, a different definition applies (see Section III).

Article 4 Paragraph 1 No. 15 and Section C of Annex I of MiFID II define the term financial instrument under an exhaustive enumeration of different types of instruments of which transferable securities are the most relevant in the context of token sales. Under Article 4 Paragraph 1 No. 44 MiFID II, the notion of transferable securities is defined as 'those classes of securities which are negotiable on the capital market, with the exception of payment instruments, such as: (a) shares in companies and other securities equivalent to shares in companies […] (b) bonds or other forms of securitised debt […] (c) any other securities giving the right to acquire or sell any such transferable securities […]'.

The decisive characteristic for classification as a security is therefore tradability on the capital market. This requires, more specifically, that a security – under a case-by-case-assessment – meets the formal criteria of transferability, standardisation and tradability, and is comparable to the examples of the definition from a functional perspective.

First, as regards transferability, it may generally be assumed that tokens can be transferred freely among holders by way of assignment, and that crypto exchanges allow for liquid secondary markets in those tokens (i.e., that the first criterion will regularly be met).

Secondly, a token will require a sufficient degree of standardisation. Currently, virtual currencies are standardised in the sense of a uniform structure within one issuance of tokens only, but there is no uniform token standard among different categories and types in the sense of a common protocol or platform. Taking into account that standardisation serves the purpose of tradability to allow for efficient trading, however, it becomes clear that a standardisation on the level of the individual issuance should be deemed sufficient.

Thirdly, the actual trading of tokens on crypto exchanges indicates their tradability on a capital market. The fact that tokens – immaterial by nature – cannot be acquired in good faith does not lead to a different result: distributed ledger or blockchain technology serves as a functional equivalent of a bona fide acquisition, as transactions may not be reversed for technical reasons.8

Fourthly, and most importantly, according to the prevailing interpretation of securities requirements, a token must be functionally comparable to one of the examples listed in the definition. This criterion substantially limits the scope of tokens qualifying as securities as it requires the token to be similar to shares, bonds or other securities traded on capital markets. Where a token promises access to future revenue streams (e.g., profit-based or interest-like) and possibly control rights, such a securities token will likely be comparable to traditional securities. Where, in contrast, the characteristics of tokens are rather comparable to traditional money, they should not constitute securities, as the definition explicitly excludes payment instruments.

Utility tokens that promise future access to goods or services, however, prove difficult to qualify and should be carefully assessed in light of their individual characteristics: if a token, from an objective point of view, may be regarded as an investment promising an increase in value and serves as a corporate financing instrument rather than a means of direct or immediate access to goods or services, it could potentially qualify as a security.9 Simply put, if a token embeds 'hope and expectations' rather than access to use, its qualification as a security for the purposes of MiFID II appears likely. Whether and to what extent utility tokens should be further included in investor protection legislation is currently being discussed on an EU and German level.10

ii Prospectus requirements and liability

To provide investors with sufficient information to make an informed investment decision, thereby reducing informational asymmetries and allowing for an efficient allocation of capital, securities laws set out formal prospectus requirements.

As of 21 July 2019, the Prospectus Regulation11 provides a common legal basis for securities offerings in the European Union. The German Securities Prospectus Act (WpPG), which originally implemented the Prospectus Directive,12 now provides rules complementing the Prospectus Regulation. Both legal acts require, first and foremost, securities within the meaning of MiFID II to be offered to the public. With respect to investments that do not qualify as securities, prospectus requirements under asset management laws may apply (see below).

Securities must be offered to the public or admitted to trading on a regulated market. With respect to (securities) token issuances, an admission to trading on a regulated market appears unlikely, as these are authorised and regulated public law institutions under the German Stock Exchange Act that require participants to be formally admitted to trading. An offer may, however, constitute an offer of securities to the public, given that the definition includes communication in any form and by any means that presents sufficient information on the terms of the offer and the securities to be offered.13

The Prospectus Regulation and the WpPG contain certain exemptions. In particular, thresholds with respect to institutional offerings or small offerings to retail investors apply. The Prospectus Regulation sets out detailed criteria on the content of the prospectus that the issuer is obliged to draw up, submit to the national regulator for approval and publish thereafter. However, EU companies that qualify as small and medium-sized enterprises (SMEs)14 that do not fall under the exemption thresholds may also offer securities tokens to the public by taking advantage of a new simplified prospectus regime (the EU Growth prospectus).15

Where the prospectus (e.g., in the case of token sales often labelled as a white paper) does not provide sufficient information – that is, all necessary information material to an investor for making an informed decision – or no prospectus exists at all, the issuer or other persons responsible may be held liable towards investors.16 Such liability may apply to the initiator or sponsor of a token sale (as the issuer) or any third party offering tokens to investors (as the offeror).

Aside from liability provisions under the prospectus laws, issuers or offerors may be subject to prospectus liability under general civil law, which is not limited to the notion of securities under MiFID II. In this case, liability does not result from a responsibility regarding information in a prospectus, but rather the violation of an independent pre-contractual duty of disclosure.

iii Asset management regulationCollective investment undertakings

The German Capital Investment Code (KAGB) provides a comprehensive regulatory framework for the distribution, management and safekeeping of investment funds, and sets out organisational and transparency requirements for their managers and depositaries. It implements undertakings for collective investment in transferable securities (UCITS)17 and the Alternative Investment Fund Managers Directive (AIFMD).18 Prospective investors must be provided with detailed information in the form of a prospectus or offering memorandum. Failure to comply with the pertinent requirements will expose managers to liability claims.

The KAGB defines the central notion of investment undertaking broadly as a 'collective investment undertaking, which raises capital from a number of investors, with a view to investing it in accordance with a defined investment policy for the benefit of those investors and which is not an operative undertaking outside the financial sector'.19 This definition, which is rooted in the AIFMD, may apply in particular to investment funds investing into cryptocurrency tokens, security tokens or utility tokens (crypto funds) or to crypto-mining ventures (mining pools) – that is, the pooling of resources to share processing power over a network and split the rewards according to the individual contribution to the pool.

The scope of requirements under the KAGB further depends on the type of fund. In this respect, the KAGB distinguishes between alternative investment funds (AIFs) that are available to professional and semi-professional investors only (special AIFs),20 and public investment funds,21 such as public AIF and UCITS funds, that are available to retail investors.

With respect to crypto funds, the eligibility of token investments and the safekeeping of assets remain unresolved key issues. Public AIFs and UCITS may only invest in certain types of assets, including securities as defined under UCITS.22 In addition, detailed rules apply to the safekeeping of assets by depositaries,23 which, since 1 January 2020, require a licence as financial services institutions under the Banking Act (see Section III.i).

Mining pools are likely to qualify as investment funds in the form of an AIF if the manager – irrespective of the legal structure – offers to external investors a pooled investment that diversifies risk and does not undertake any further operative business. This may be the case where cloud or hardware-based mining pools collect revenues to allow for a probabilistic distribution of mining rewards. A contribution in the form of tokens such as cryptocurrency tokens will likely qualify as the raising of capital for the purposes of the definition of an investment fund, but would constitute a contribution in kind. Under the KAGB, this form of contribution is permitted with respect to special AIFs, but not with respect to public AIFs and UCITS.24

Asset investments

Complementary to the KAGB, the German Asset Investment Act (VermAnlG) sets out further requirements for investments offered publicly to retail investors. It only applies to asset investments that do not qualify as investment funds under the KAGB or as securities under the WpPG, and that are distributed in a public offering. These rules may apply to tokens of any type (i.e., cryptocurrency tokens, security tokens or utility tokens), in particular where a securities token embeds certain characteristics of an investment (e.g., the promise of future revenues) but does not meet all criteria required for the qualification of a transferable security under MiFID II (e.g., where it lacks tradability owing to insufficient standardisation or barriers to transferability).

Under the VermAnlG, a token could qualify as an asset investment as defined under an exhaustive list. These include investments that grant a participation in the profits of a company, trust assets, participatory or subordinated loans, profit participation rights, registered bonds or other investments that promise interest and repayment.25

In the context of a typical initial coin offering (ICO), the private placement exemption under the VermAnlG is unlikely to apply as it requires that (either) no more than 20 instruments are offered, the volume of all investments offered within 12 months does not exceed €100,000 or the minimum investment exceeds €200,000 per investor.26 Issuers of certain types of asset investments may, however, benefit from privileges applicable to crowdfunding and social or charitable projects if the total volume of the issuance does not exceed €2.5 million and certain other conditions are met.27

Unless an exemption from the prospectus requirements applies, issuers of such asset investments are required to prepare and publish a sales prospectus and an investment information sheet that are both subject to prior BaFin approval. Anyone who assumes responsibility for a prospectus and those who are assumed to have issued a prospectus may be held liable for incorrect or incomplete information in that prospectus or in the information sheet, or for the lack thereof.

iv Market abuse rules

The efficient allocation of capital and the orderly functioning of the capital markets require rules that ensure the integrity of the financial markets and investor confidence. To that effect, market abuse laws prohibit unfair market practices. Effective as of 2016, the Market Abuse Regulation (MAR)28 provides a common framework that prohibits the unlawful disclosure of inside information and market manipulation (market abuse). Both insider trading and market manipulation constitute criminal offences and may entail severe administrative fines.

MAR applies to any type of financial instrument that is traded or admitted to trading on a regulated market or a multilateral trading facility, as defined under MiFID II, as well as to financial instruments the price of which depends on, or has an effect on, such traded financial instruments (e.g., over-the-counter derivatives).29 As set out above, tokens that qualify as financial instruments under EU law (i.e., security tokens and certain utility tokens) will generally be within the scope of MAR. Nothing else follows from national provisions30 that expand the scope of MAR to goods and foreign currencies that are being traded on a domestic exchange because such an exchange – irrespective of the potential qualification of tokens as goods – includes regulated public exchanges only.

Crypto exchange operators that provide a venue to buy or sell financial instruments will typically not qualify as a regulated market, but may qualify as an alternative trading venue in the form of a multilateral trading facility provided that they match buying and selling interests in a non-discretionary manner (see also Section III.i). The consent of the issuer, an approval or listing are not required: that is, the trading of tokens on a venue that qualifies as a multilateral trading facility as such may bring it into the scope of market abuse rules.

For the purposes of MAR, inside information comprises any precise information relating to a token or its issuer that 'would be likely to have a significant effect on the prices': that is, that reasonable investors would be likely to use such information as part of the basis of their investment decisions.31 Anyone who possesses inside information is prohibited from trading the respective instrument for its own account or that of a third party, and from recommending another person to do so, or inducing another person to do so, as such activity would constitute insider dealing.32

In addition, MAR also prohibits engaging in or attempting to engage in market manipulation. This concept includes any transaction, order or behaviour that could or is likely to give false or misleading price signals, or to secure prices at an abnormal or artificial level, or that employs a form of deception or contrivance as well as the dissemination of false or misleading signals or rumours in relation to a financial instrument and the transmission of such information in relation to a benchmark.33

Certain aspects of MAR apply to benchmarks, such as indices that financial instruments as defined under MiFID II make reference to.34 As benchmarks may be based on any type of input data, they can relate to security tokens, cryptocurrency tokens or utility tokens. In addition, Regulation (EU) 2016/1011 on indices used as benchmarks sets out detailed requirements for the provision and use of benchmarks. Crypto market data providers may, therefore, without issuing financial instruments themselves, be subject to registration or authorisation requirements.

Banking and money transmission

The core issues in the realm of banking and money transmission regimes are the statutory licence requirements that may arise under various laws and bring with them, inter alia, specific supervisory, process and compliance as well as AML obligations (see Section IV).

i German Banking ActBanking Act licence requirements

The KWG entails, in line with various EU laws, the general regulatory regime for banking and financial services in Germany. It sets out strict licence requirements not only for classical banking but also for various financial services, together with, inter alia, minimum capital requirements; management requirements (e.g., fit-and-proper tests) and risk management rules; AML and know your customer (KYC) principles; supervision requirements; and a detailed framework on various other issues.

The licence requirements depend, inter alia, on the types of assets and regulated business activity in question (see below).

Failure to obtain the necessary licences may have harsh consequences: not only can administrative proceedings be brought by BaFin (Section 37 KWG), but this may trigger criminal proceedings against responsible persons such as founders or CEOs (Section 54 KWG), who may also face personal civil liability.

For cross-border operations, which are typical for DLT networks, BaFin takes the stance that German regulation applies not only for domestic businesses with a seat or branch in Germany,35 but also where cross-border services (e.g., crypto exchanges located abroad) actively target the domestic market (taking into account, for example, means of advertising, language, share of transactions in Germany; however, the mere accessibility of websites in Germany is unlikely to suffice as such). However, only businesses domiciled in Germany can obtain a German banking licence. A licensed financial service business can passport a German licence throughout the European Union (and vice versa). In practice, cooperation with licensed banks or financial services providers is also conceivable, with the caveat that control over the business will vest with the licensed business.36

Regulatory trigger: tokens as financial instruments

What constitutes financial services is exhaustively defined in the KWG and entails several activities related to financial instruments. One core question is therefore whether tokens qualify as financial instruments within the meaning of the KWG.37 This term does not fully correspond with the same term under the WpHG and MiFID II,38 but is broader and encompasses, inter alia, units of account, which BaFin has applied under the current law since 2013 in standing practice to virtual currencies (cryptocurrency tokens). This approach was confirmed in both its 2018 ICO notice39 and its second notice on prospectus and licence requirements in connection with the issuance of token,40 where it reiterated its position that several cryptoasset-related activities may require a licence under the KWG (see below). Differentiated by token, the regulatory approach under these notices was, therefore, as follows: cryptocurrency tokens qualify as financial instruments under the KWG (but not MiFID II) in the specific form of units of account.41 This category, which has so far covered units of value such as the International Monetary Fund's special drawing rights or privately issued complementary currencies, has evolved to be the new main regulatory anchor for cryptocurrencies. Although this administrative practice finds support in the legal literature, a German appellate court rejected this approach in criminal proceedings involving the operation of a Bitcoin exchange.42 The court had doubts that such a broad reading of regulatory licensing requirements that are subject to criminal penalties is compatible with legal certainty. So far, this is a single decision and it remains to be seen how practice and other courts follow.

However, the discussion on whether cryptocurrency tokens are units of account has now become moot in the course of the implementation of Directive (EU) 2018/843, which extends anti-financial crime rules to virtual currencies, into German law. A recent KWG amendment, which came into force on 1 January 2020, has now explicitly added cryptoassets to the key concept of financial instruments.43 The KWG now expressly defines 'cryptoassets' widely as digital representations of a value that is neither issued nor guaranteed by a central bank or public entity and does not enjoy the status of a currency or money, but is accepted by natural or legal persons, as agreed or customarily, as a means of exchange or payment, or for investment purposes, and that can be transferred, stored or traded electronically (excluding e-money).44 In particular, the KWG now includes a broad range of tokens and is not confined to currency tokens, like the amended AML Directive, but also covers security tokens by making explicit reference to 'investment purposes'. Security tokens falling under MiFID II already usually qualify as financial instruments within the meaning of the KWG.45 Given that cryptocurrency tokens are already considered units of account, BaFin understands the new category of cryptoassets as a wide definition to catch all forms of use of crypto tokens relevant for financial markets, even where some forms may already be covered by other KWG licensing requirements.46 However, some uncertainty remains regarding whether other categories of tokens that do not serve 'investment purposes' will also qualify as financial instruments within the meaning of the KWG in the future.47 In that regard, BaFin's statements explicitly exclude electronic vouchers for the purchase of goods and services, which cannot be traded and do not represent investment expectations in the gain of value of such vouchers or the issuer's business.48 Hybrid forms of utility tokens especially will be more likely to qualify as financial instruments the more their characteristics resemble security tokens or cryptocurrency tokens. If utility token transactions also involve cryptocurrency tokens or security tokens, licence requirements may already be triggered by the latter and apply to the whole transaction.49

Regulation of token-related business models

Provided that tokens qualify as financial instruments, KWG licences are required for a broad range of business activities if they are performed as commerce or on a scale requiring a commercial business organisation.50

A KWG licence is particularly relevant and usually necessary for crypto exchange platforms and similar token trading models. The recent KWG amendment has expressly brought 'crypto custody business' within the ambit of financial services. It is defined as the safekeeping, administration or safeguarding of cryptoassets or private cryptographic keys used to hold, store or transfer cryptoassets for others.51 Safekeeping of cryptoassets includes, in particular, the storage of cryptoassets in a collective inventory where the customers have no knowledge of the cryptographic keys used. Administration of cryptoassets includes the exercise of rights resulting from a cryptoasset, such as collection activities or notification services. Safeguarding of cryptoassets includes the service of digital storage of private cryptographic keys but also the storage of physical data storage devices (e.g., USB sticks) on which such keys are saved. The mere offering of hardware and software that is operated by users for such purposes without access of providers to cryptographic keys is not subject to licensing requirements. The same is true for web hosting or cloud storage providers as long as they do not explicitly offer key storage.52 This broad definition has also brought wallet providers within the scope of financial services, but is not limited to such services. In this respect, again, the KWG amendment goes beyond the definition of Directive (EU) 2018/843 as the new regulated activity also extends to safekeeping and administration services as well as to the concept of cryptoassets.

Aside from the crypto custody business introduced by the KWG amendment, licensing requirements that were previously discussed may still have relevance for related services53 on the basis that such activities may constitute investment broking54 (where broking transactions involve the purchase and sale of financial instruments, which may also be done through an electronic platform55) or the operation of a multilateral trading facility56 (which brings together multiple third-party buying and selling interests in financial instruments in the system, in accordance with non-discretionary rules and in a way that results in a contract).57 Business models should also be assessed as to whether they might be considered as financial broking services58 (with the purchase and sale of financial instruments in a service provider's own name but on a third party's account59) or contract broking60 (where the aforementioned purchase and sale occur in a third party's name on its account61). The further case of proprietary trading62 is quite broad, and involves the purchase and sales of financial instruments as a market maker, systemic internaliser or participant in markets with high-frequency trading systems, and also cases where purchases and sales on a person's own account are offered as a specific service for others.63 This may be relevant, for example, for solicited regular buying and selling activities in virtual currencies if such activities involve a further services element (e.g., if the entity has better access to the market or creates a market by regular trading activities that would otherwise not be available for others).64 In any case, this will require a case-by-case assessment of the technical and functional details.

Operating a wallet or safekeeping tokens is not seen as portfolio management or deposit business65 for securities, given that under current German law, a security deposit business with the provision of custody and administration for others still requires securities with a tangible certificate, which DLT tokens lack66 (but see Section XI for possible changes).

BaFin further states that in the context of ICOs, depending on the individual circumstances, underwriting business67 (with the taking over of financial instruments at one's own risk for placement68) or placement business69 (with the placement of financial instruments without a firm commitment basis70) require a licence.

Other typical regulated financial intermediary activities may also require a prior KWG licence if such activities are offered in connection with virtual currency business models. This may be the case for rendering investment advice71 (in the form of personal recommendations for transactions in specified financial instruments, based on an examination of an investor's personal circumstances and not exclusively announced through information distribution channels or to the public72) or financial portfolio management73 (with discretionary management of individual investments in tokens as financial instruments for others74).

Within that framework, other actors in a DLT ecosystem normally do not need a KWG licence. The mere use of virtual currencies as a means of payment does not require any licence; neither does operating a DLT network for token transactions as such, given that the network is a mere technical facility for effecting transactions and not an entity for trading and, in particular, not a multilateral trading facility.75 Finally, whether operations of miners will in the future fall under the activities regulated by the KWG, remains to be seen. For now, this could be the case for specific services, such as organising mining pools. Where a central pool operator would sell mined virtual currency to third parties and disburse collected money or virtual currency to individual miners, the operator could be considered as acting for a third person and engaging in proprietary trading services.

ii German Payment Services Supervision Act

Further licence requirements, which may potentially be relevant for virtual currencies, exist under the Payment Services Supervision Act (ZAG). This law, which implements the Payment Services Directive76 and the E-money Directive,77 regulates in essence two types of business activities, namely rendering certain (enumerated) payment services and issuing e-money. For such business activities, the ZAG sets out certain requirements, inter alia, as to management qualifications, capital requirements and risk management.78 Structurally similar to the KWG, foreign entities require a licence if their business activities target the German market, and a ZAG licence can be passported throughout the European Union. For some KWG-licensed entities (Capital Requirements Regulation credit institutions), no additional ZAG licence is necessary.79


A licence is required for engaging in the business of issuing e-money.80 E-money is defined as electronically (including magnetically) stored monetary value represented by a claim against the issuer, which is issued against the receipt of funds for the purpose of making payment transactions, and which is accepted by a natural or legal person other than the electronic money issuer.81 Thus, where a company provides an electronic monetary value in exchange for an equal amount of (fiat) money, it will serve as an electronic means of payment for the substitution of cash. The ZAG licence covers not only issuing e-money, but also ancillary activities such as related payment services and the operation of payment systems.

While tokens can take various forms, the currently prevailing opinion is that virtual currency tokens – unlike electronic cash cards – are in the majority of cases not e-money. First, these tokens would have to be issued in exchange for (fiat) money (which is conceivable for example, in the case of pre-mined tokens, but is not the general case).82 Secondly, this would require a monetary claim against a specific issuer, which virtual currency tokens (especially cryptocurrency tokens) normally do not confer.83 Thirdly, even if a token was seen as e-money, the ZAG licence would be the responsibility of the issuer, not the miner, for example.

Payment services

The ZAG further sets out an exhaustive list of regulated payment services.84 Given that all such services are related to money in cash, bank accounts or e-money, but not (yet) to virtual currencies,85 a ZAG licence becomes relevant where virtual currency transactions involve some element of processing fiat money (rather than being wholly virtual currency transactions). It is mainly for the issuing of virtual currency tokens and exchanges that the question arises of whether they are involved in rendering payment services. As such, the most relevant issues in a virtual currency context include payment initiation services86 (which allow access to payment accounts, but without acquiring possession of the transferred money); issuing of payment instruments or acquiring of payment transactions, or both;87 or, as a broad catch-all clause,88 money remittance services,89 where a payer (without any payment accounts created) pays funds to a payment service provider with the aim of transferring a corresponding amount to a payee (or another payment service provider acting on the payee's behalf), or where such funds are received on behalf of and made available to the payee, or both.

Thus, if an issuer or trader of virtual currency tokens collects fiat money to broker it on a platform with token purchasers, this may, depending on technical and functional details, constitute a regulated payment services business. The transferor and transferee of tokens are normally not subject to a ZAG licence; neither would a DLT network operator (if any) be regulated. The operation of miners does normally not fall under ZAG-regulated activities, and it is also doubtful whether operating virtual currency wallets (unlike e-money wallets) as such would require a ZAG licence.90

Even if activities are related to payment services, some exceptions may apply, for example, for mere technical support service providers who do not obtain possession of funds (including, for example, data processing and storage, trust and privacy protection services, authentication and communication, unless they are payment initiation and account information services),91 or commercial agent models92 (who are authorised via agreement to negotiate or conclude the sale or purchase of goods or services on behalf of only the payer or only the payee).