Authors: Robert Nešpůrek, Pavel Amler, Tomáš Chmelka
In recent years, European lawmakers have been attempting to respond to the current technological situation in the society through various legislative packages, and thus the emerging cryptocurrency boom cannot have escaped them either. It was merely a matter of time before the declared draft regulations and directives get their final tuning and individual entities have to start adapting to the new legislation in this field.
One of these regulations is MiCA (the “Markets in Crypto-assets”) regulation, which is currently being discussed in the ECON, the European Parliament’s Committee on Economic and Monetary Affairs.
What will need to be ensured with issues of new projects?
One of the positive features the current draft of the MiCA regulation brings to investors is the introduction of new obligations on crypto-asset issuers. These issuers will, among other things, have to issue and publish white papers – essentially a cryptocurrency prospectus – during their initial coin offerings (ICO).
Project white papers will have to comply with certain requirements, which will make information on a given project more comprehensive and easily accessible for investors (e.g., on the actual asset or issuer of the crypto-asset). The purpose of this obligation is to enable potential buyers to understand the risks connected with the offer of a given crypto-asset and help them make as qualified a decision on their investment as possible.
New obligations for entities offering their services associated with crypto-assets
Under the current MiCA draft, crypto-assets service providers (CASPs) will be required to obtain a special licence and to comply with new regulatory obligations similar to those applicable to traditional financial providers. These include, for instance, the rules governing the protection of customers’ assets and prudential requirements. Analogically to other types of financial services governed by the European regulatory framework, the MiCA regulation is to introduce the single-licence right that will enable CASP holders of a licence obtained in one EU Member State to provide services throughout the EU. The competent body administering the public register of all CASPs will be the European Securities and Markets Authority (ESMA).
The final version of the MiCA regulation has not been approved yet and the current draft is still subject to change. Its final wording and its impact on the cryptocurrency markets now depends on the negotiations among the European Commission, the Council of the European Union and also on the European Parliament.
The EU crypto-asset legislation focuses not only on consumer protection but also on prevention of money-laundering. There is a related regulation in the pipeline called the TFR (the “Transfer of Funds Regulation”), regulating transfers of funds and certain crypto-assets. Currently, the TFR is also being discussed in the ECON Committee and other committees in the European Parliament.
Trust vs verification
According to the current TFR draft, the CASPs will now be required to retain and verify information about the origin of the crypto-assets, their beneficiaries and subsequently provide the data to competent regulators. Moreover, before making the crypto-assets available, CASPs should verify whether the source (the entity) of the crypto-assets is recorded in the register of high-risk entities to be established and managed by the European Banking Authority (the EBA).
Importantly, the CASPs will have to fulfil the above obligations for each transaction regardless of its value (with the exception of direct transfers between individual users). The set-up of specific marginal values is not, as the EU law-makers suggest, advisable due to the high volatility of cryptocurrency prices and also because the rules could always be easily circumvented.
Impact on HW wallet holders
The described obligations could cause problems to holders of unhosted wallets, especially hardware wallets like Tresor or Ledger. It will be more challenging to fulfil the obligations imposed on these types of wallets under the TFR proposal. Theoretically, some CASPs might decide to cut off the hardware wallet users from their services to avoid the risk of potential sanctions linked to the non-compliance with the set legal framework.
Analogically to the MiCA regulation, the final version of the TFR has not been approved yet and still depends on the further negotiations of EU bodies. Nonetheless, the current proposals give an idea which direction the European Union intends to take: towards a certain model of regulation of crypto-assets.
EU institutions continue to take a series of steps towards the EU Cybersecurity Strategy. Individual measures are to ensure a high level of joint cybersecurity throughout the EU. They will also boost the resilience of the public and the private sectors and the EU as a whole and their ability to respond to security incidents. Indeed, we covered a related topic (the European cybersecurity certification) in the latest issue of our technology flash.
Currently, there is another package of regulations on the table which, as the preliminary analyses assert, will have a similar impact to that of the GDPR several years ago. The presented documents constitute a new and complex regulation, which is why we will only focus on its most crucial aspects.
The NIS2 Directive
Once approved, the proposal for the NIS2 Directive (NIS2) is expected to replace the existing Directive 1148/2016 (NIS). In addition to increasing the cyber resilience of enterprises active in the EU, the revised directive also aims to remove diverging cybersecurity requirements in various Member States and to harmonise the implementing cybersecurity measures.
The proposal for the directive updates and significantly expands the list of industries and activities subject to the cybersecurity obligations – it is to apply to sectors such as energy, transport, healthcare and digital infrastructure. The NIS2-set system is also expected to apply to the central public authorities. Apart from the direct addressees, the requirements set out in the NIS2 Directive will also have to be met by their relevant supply chain, which shows that the impact of the NIS2 Directive will be truly enormous.
DSA Regulation (Digital Services Act)
The proposal for the DSA Regulation will significantly impact the liability of online intermediaries, online advertising rules and illegal content and disinformation.
The persons affected by this Regulation can be divided into two groups: intermediary services offering network infrastructure (e.g., internet services providers, hosting and cloud services, online marketplaces and social media) and large-scale online platforms entailing specific risks in terms of the dissemination of illegal content and its detrimental effect on society (reaching more than 10% of Europe’s 450 million consumers).
The DSA Regulation in particular regulates the mechanism for reporting illegal content by users, the process for dealing with such reported content and the assessment of systemic risks.
DMA Regulation (Digital Services Act)
The proposal for the DMA regulation sets out criteria for designating large online platforms as gatekeepers. This will, in particular, include internet search engines, social media, online marketplaces, cloud services, etc. These gatekeepers will have to fulfil selected obligations that will prevent them from potentially abusing their dominant position on the market.
Specific examples include the obligation to allow third parties to interoperate with gatekeeper services or the obligation to allow business users to promote their offers and conclude contracts with customers outside the gatekeeper platform. On the other hand, the gatekeepers are expressly prohibited from treating their own services and products more favourably than similar services or products offered on their platform by third parties, preventing consumers from connecting with businesses outside the gatekeeper platform, or preventing users from removing pre-installed software.
The regulation described is to constitute the cornerstone of the European Digital Strategy. It is clear from the proposals so far that the scope of the addressees and the content of the obligations will significantly affect the day-to-day functioning of digital platforms. We recommend not to underestimate the preparation and development of these regulations and to follow them closely and respond to the requirements of the final regulations.
The European Union is actively stepping up in the fight against money laundering. This is evident from the relentless law-making activity and the envisaged package of EU legislation primarily aimed at the reinforcing and strengthening the efforts to fight money laundering. One of these legislative drafts reinforcing the EU’s position in this fight is the proposal for the Regulation establishing the Anti-Money Laundering Authority, regarding which the Council adopted its partial position in June earlier this year.
The comprehensive proposal for the regulation lays down in detail the operation of the Anti-Money Laundering Authority, its powers and other partial duties, which are expected to lead to enhanced coordination and harmonisation of the fight against money laundering across Member States.
Competence and powers of the AML Authority
The competence and powers of the AML Authority under the proposal will not only cover anti-money laundering (AML), but also countering the financing of terrorism (CFT), which is closely related to AML issues.
Due to the complexity of the proposal, below we will only focus on the most crucial and interesting points of the regulation.
Harmonisation of supervision in AML-CFT within the EU
The mere existence of a single central EU anti-money laundering and counter-terrorism financing authority, which would issue application methodologies for regulators and competent obliged entities, and unify AML-CFT-related procedures and interpretation, will naturally lead to a harmonised approach to compliance with the AML-CFT rules across Member States. Ensuring such EU harmonisation will simplify the supervision over compliance with the AML-CFT rules and lead to more efficient control over the relevant entities.
Direct supervision over large financial institutions
The power to directly supervise cross-border and, from the Authority’s perspective, particularly high-risk financial institutions stands relatively above all its other powers. Under the regulation, where there arises an urgent need to intervene in money laundering, the Authority will be entitled to inspect these institutions and to impose sanctions on them.
Coordination of national authorities in the fight against money laundering
Under the proposed regulation, the Authority will also supervise the competent national authorities supervising the financial sector in each Member State and coordinate their activities at the EU-wide level.
As for the financial intelligence units (Financial Analytical Office in the Czech Republic), the Authority will primarily assume a support function, which will include, in particular, conducting joint anti-money laundering investigations and sharing technical expertise in areas such as the use of artificial intelligence, IT solutions and best practices for identifying suspicious transactions.
The Authority is to be established as of 1 January 2023 according to the proposal. The actual regulation is to be effective as of 1 January 2024, therefore the Authority would commence its official operations as of that date. Currently, no final decision has been made as to which Member State the Authority will be seated in. Apart from the Netherlands, Germany and France, Italy and Austria have also joined the competition to host the Member State seat. Vienna seems to be the winner and the most likely future seat of the Authority.