This browser is not actively supported anymore. For the best passle experience, we strongly recommend you upgrade your browser.

Freshfields TQ

Technology quotient - the ability of an individual, team or organization to harness the power of technology

| 5 minutes read

MiCA & DORA ante portas – Germany clarifies application of EU Regulations

The Markets in Crypto-Assets Regulation (MiCA) will apply from 30 December 2024 (except for the provisions on e-money tokens and asset-referenced tokens, which will apply from 30 June 2024). As an EU Regulation, the rules will directly apply to market participants and without further transitional measures. However, MiCA will require accompanying legislative measures from member states. In addition, MiCA must be aligned with national provisions that already govern crypto-assets. 

On 23 October 2023, the German Ministry of Finance published its Draft Act on the Digitalisation of the Financial Markets (“Finanzmarktdigitalisierungsgesetz”). An initial look on this still to-be-adopted “Draft Act” reveals certain provisions that deserve a closer analysis:

New Law: The Draft Act will introduce a new law, the Crypto Markets Supervision Act (“Kryptomärkteaufsichtsgesetz” (“KMAG”)). The law mainly grants the German regulator the necessary competences to supervise compliance with MiCA. The KMAG will apply to companies that carry out licensable activities described in MiCA: the issuance of asset-referenced and e-money tokens and the provision of crypto-asset services. Therefore, the KMAG will also apply to credit institutions, investment firms or e-money institutions that carry out these activities, although they may be exempted from individual obligations.

Cryptographic Instruments and Qualified crypto-custody business: Under German financial regulatory law, “crypto-assets” already qualify as financial instruments insofar they serve as means of payment or investment. The Draft Act will align the definition of “crypto-asset” with MiCA’s definition. In the Draft Act, “crypto-asset” will be defined by way of reference to MiCA and crypto-assets will be removed from the list of financial instruments. The current definition text, however, will be retained and refer to a new instrument, called “cryptographic instrument.” Only instruments that neither qualify as crypto-asset, e-money, funds, nor are subject to the German Electronic Securities Act (“eWpG”), may in the future qualify as “cryptographic instrument.” Cryptographic instruments will not be added to the list of financial instruments. 

The safeguarding, custody and management of cryptographic instruments, and the custody of private keys relating to cryptographic instruments or to securities issued under the eWpG will become a licensable activity. For that purpose, the German legislator will establish a new licensable activity, the so called “qualified crypto-custody business” (qualifiziertes Kryptoverwahrgeschäft). 

“Cryptographic Instruments” aims to apply to “Security Tokens” that qualify as financial instruments under MiFID II. Those are exempted from MiCA. However, their custody is not subject to the German regulated business of “safeguarding of securities” (Depotgeschäft), which requires that securities are represented by global certificates or have been issued under the eWpG. Digital Assets that resemble securities and are issued outside Germany, may therefore fall within this category.

NFT: The Draft Act will – unclear whether deliberate or not – align the definition of Nun-Fungible Tokens (NFT) with MiCA. Tokens that are unique and non-fungible are exempted from MiCA, although they fall within the definition of “crypto-asset”. The definition of cryptographic instrument does not apply to tokens that qualify as “crypto-asset” under MiCA so that it may not apply to NFT. Accordingly, NFT could also not be covered by the definition of “cryptographic instrument.” NFT are also explicitly excluded from the application of KMAG, so that they would be unregulated.

However, the same logic would apply to “Security Tokens” that will usually qualify as crypto-assets and financial instruments and which would – as crypto-assets - be excluded from the definition of “cryptographic instruments,” which the legislator does not intend. The definitions would therefore benefit from some clarification.

Crypto-Lending: The Draft Act may – presumably unintentional – remove potentially existing license obligations for lending of crypto-assets. The lending and borrowing of crypto-assets is explicitly not governed by MiCA, but remains within the competence of national law. Up to now, the lending of crypto-assets might, if structured similarly to securities lending, trigger a license for financial services, such as dealing on own account. Should crypto-assets be removed as financial instruments, this may also remove corresponding license requirements for crypto lending.

Safeguarding of reserve assets: MiCA requires issuers of asset-referenced tokens to legally segregate the reserve assets from the issuers’ estate, in particular in case of their insolvency. Issuers of e-money tokens must safeguard the funds received in exchange for the issuance of the e-money tokens in accordance with MiCA. The Draft Act exempts reserve assets from the insolvency estate of issuers of asset-referenced tokens as well as e-money tokens and grants token holders a direct redemption claim even in the issuer’s insolvency. It remains to be seen how this is implemented in practice. However, it seems unclear what this means if an e-money institution places the funds in a trust account with a credit institution, which already serves the purpose of keeping funds insolvency-remote. It is also unclear whether issuer of e-money tokens that are credit institutions are expected to deposit the funds with another credit institution, and, if not, whether the reserve assets would still not be considered as insolvency estate – which would mean that they would not have to be protected by the deposit protection schemes.

Sanctions: The provisions on insider trading and market manipulation will be enforced by criminal sanctions. Criminal sanctions are not required under MiCA. However, according to the German legislator, the integrity of the markets is equally worthy of protection, and the traditional securities markets and the crypto markets are interconnected. Therefore, the German legislator decided that market abuse in crypto markets should be punished similarly as in traditional securities markets.

Transitional measures: MiCA permits that crypto-asset service providers that provided their services in accordance with applicable law before 30 December 2024, may continue to do so until 1 July 2026 or until they are granted or refused an authorisation, whichever is sooner. Recently, ESMA invited member states to shorten that period to not longer than twelve months. Germany follows that invitation in its Draft Act, limiting reliance on existing licenses until 30 December 2025.

Scope of DORA: The Draft Act clarifies, that, for institutions that are licensed under the German Banking Act (“KWG”) but are not credit institutions in the meaning of the CRR, DORA still applies mutatis mutandis. However, they only must comply with the simplified ICT risk management framework under Art. 16 DORA. The Draft Act further clarifies that German development banks, such as the “Kreditanstalt für Wiederaufbau”, shall not be released from their obligations under DORA, although member states can do so. They would not even benefit from the simplified ICT risk management framework as provided for in Art. 16 DORA but will have to comply with the standard ICT risk management framework under Art. 5 – 15 DORA. This is because development banks currently, need to comply with the Supervisory Requirements for IT in Financial Institutions (BAIT) – which in view of the German legislator sets higher standards than Art. 16 DORA and DORA is not intended to lower operational resilience standards.


blockchain, cryptocurrency, cyber security, data, europe, financial institutions, fintech, regulatory