DLT, blockchain and security tokens are hot topics among legal authors and numerous publications have been made to date. Distributed ledger technology ("DLT") is increasingly used by businesses in different sectors, with many Fintech start-ups flourishing in Luxembourg and Europe. In Luxembourg, the Commis sion de Surveillance du Secteur Financier (the "CSSF") has over the last couple of years been contacted by numerous promoters of projects involving DLT and gained expertise in relation thereto2, without however releasing extensive guidelines or analyses, unlike e.g. the AMF3 or BaFin4. The Luxembourg legislator has been active in the same period with some amendments made to its legislation to take into account DLT. However, we currently see a gap between this new technology which attracts an increasing number of actors willing to use it and the absence of clear legislative framework regulating the issuance of tokens, in par ticular those qualifying as financial instruments (the so-called security tokens). Nevertheless, Luxembourg law does not prevent the tokenisation of traditional securities (and more specifically securities in registered form) which will be the focus of this paper. The objective of this paper is to draw the attention on different legal considerations to take into account when contemplating an issuance of tokenised securities.

As we write this paper5, the European Commission has finally launched its digital finance strategy with different proposals that we will briefly touch upon. This is an important step towards the digital transformation of the economy and the financial industry and will lead market actors, regulators and supervisors to work together in order to create a sound legal framework within the European Union. We can also anticipate that the launch of the digital finance strategy will lead to the introduction of new regulations under Luxembourg law which, one may hope, will create an attractive legal framework for Fintech actors and will continue to position Luxembourg as a leader in digital finance in Europe.


In order to fully understand what entails an issuance of tokenised securities and distinguish it from an issuance of tokens only, one must first understand how DLT functions and we consider that in that context, some clarifications should also be made as regards the legal terminology associated with DLT (A). We will then turn to what issuers will need to consider when issuing tokenised securities, in particular, in terms of securities that can be tokenised and arrangements necessary for the tokenisation process to occur (B).

A) General considerations on DLT and legal terminology

To understand the legal issues that companies and issuers may face when using DLT, it is important to first explain, in layman's terms, certain technological concepts and clarify the terminology which is often not correctly or heterogeneously used and can lead to confusions if readers are not familiar with this technology6. The objective of the following developments is to provide the readers with some useful and simplified explanations on how DLT and tokenisation work but should not be viewed as an exhaustive overview of how this technology functions (1). In the second part of this section, we will attempt to clarify the legal terminology used in respect of tokens, in particular in light of the recent proposals of regulation made by the European Commission (2).

1. A brief introduction to DLT

We will briefly present how the technology works and key concepts associated with that technology (a) before introducing the notions of coins and tokens from a technological perspective (b).

  1. DLT: DLT is not a new technology but a combination of existing technologies. Put in simple terms a DLT is a distributed database or ledger using cryptography. Blockchain constitutes one specific type of DLTtarget=_blank7, but it is the DLT most frequently referred to in legal publications8 because it is the most simple and common form of DLT. For the purposes of this paper, we will use the term "DLT" rather than "blockchain" when referring to the underlying technology in general, however, our analysis will mainly focus on blockchain technology. DLT has become more popular among businesses in recent years because its functionalities permit to ensure the immutability, security and decentralisation of data. How does it work?
    A distributed ledger is maintained on a network that has the specificity of being decentralised. The first key characteristic of DLT is indeed that it relies on a decentralised network, which means that each node9 of the network has a copy of the ledger and can transfer information to other nodes without having to go through a central server. In addition to being decentralised, the network is distributed which is to say that all the servers and computers of the network are interconnected and can share information10. The second key characteristic of DLT is the use of cryptography. The aim of this paper is not to explain in detail what cryptography is and how it works, but to set out certain underlying concepts which are essential to understand the tokenisation process.
    First, the concept of hash and hash functions must be explained. Hash functions permit in essence to transform an information, transaction or a document into a fixed length series of numbers and letters which is unique to that information or document and is called a hash. In other words, the hash is the fingerprint of a document in the sense that any change in the content of that document would create a different hash. In a distributed ledger functioning as a blockchain, a block in the blockchain contains a large number of transaction data to which a specific hash is assigned. Each block of the blockchain has its own hash and the hash from the previous block which thus permits, at least in theory, to prevent any tampering in the data of the previous block. To make it more secure and avoid having hackers tampering the transaction data in one block and recalculating all the different hashes, consensus mechanisms are put in place by the participants of the blockchain to agree on the rules to be followed by the nodes to accept new entries in the blockchain. The Bitcoin Blockchain for example uses a consensus mechanism called "proof-of-work" which is "a computational challenge that is hard to solve (in terms of computing power and processing time) but easy to verify"11. That process is often referred to as "mining". As it takes some time to resolve the computational challenge (about 10 minutes for the Bitcoin Blockchain), it makes it much more difficult for hackers to tamper the data and change all the hashes from the previous blocks as they would need to go through that proof-of-work process for each previous block. To continue with the example of the Bitcoin blockchain, it is important to note that each person, a so-called "miner", that "produces a valid proof-of-work in the Bitcoin network receives Bitcoins as a reward (sort of like a transaction fee), which serves as an economic incentive to maintain system integrity12". However, this consensus mechanism is not the only consensus that exists. The Ethereum Blockchain, which is another wellknown blockchain, is currently in the process of upgrading its blockchain with Ethereum 2.0 which will use the consensus mechanism called "proof-of-stake"13. With proof-of-stake, the probability to validate a new block does not depend on your computing power but on how much stake or amount of cryptocurrencies (e.g. Ether) you have14. The more cryptocurrencies you have deposited to validate a new block the more likely you are to validate the new block and get the transaction fee. If the new block is fraudulent15, then the validator will lose the cryptocurrencies deposited. With proof-of-stake, the terminology is slightly different and instead of miners and mining, the terms validators and minting or forging a new block are being used. Distributed ledger technologies other than blockchain use other consensus mechanisms but they are beyond the scope of this paper.
    Another concept to present is the concept of digital signature. Digital signatures are an essential part of cryptography as they permit to authenticate and identify the sender of information within the DLT while encrypting the data that is being sent. DLT is based on asymmetric cryptography which means that the digital signatures used by DLT correspond in fact to a set of two keys: a public key which is known by all the participants of the network and therefore permits to identify the sender of data16, and a private key which is personal to each individual user and is used to sign and encrypt the data sent to the network17. Each public key is uniquely linked to a private key by a mathematical algorithm. Thus, a public key uniquely corresponds to a given private key. To give an example, a user A willing to send a message or information to a user B will send such message or information in an encrypted form using its private key and the public key of user B, and user B will in turn be able to decrypt the message with its own private key and user A's public key. User A does not need to know the private key of user B to send its message and no central counterparty is required to validate the transaction. The transaction between A and B will be validated by the participants to the blockchain through the relevant consensus mechanism and will then be added to a block of transactions that all participants to the blockchain will include in their own record or copy of the blockchain.
    It is therefore essential that public and private keys be kept and stored safely by each individual user, especially private keys since it is not possible from a technical perspective to recreate the private key with the public key. This is the reason why wallet service providers offer a number of services in relation to public and private keys, and in particular, for their safe custody. As explained by the European Securities and Markets Authority ("ESMA"), in its advice on initial coin offerings and crypto-assets dated 9 January 2019, "digital crypto-asset wallets are used to store public and private keys and to interact with DLTs to allow users to send and receive cryptoassets and monitor their balances. Crypto-asset wallets come in different forms. Some support multiple crypto-assets/DLTs while others are crypto-asset/ DLT specific"18. As further discussed in section II) A)2.b) below, it is therefore crucial to ensure that wallets are compatible with the underlying blockchain and the smart contract generating the tokens. It is also important to clarify that a wallet used in the context of a blockchain does not contain the tokens held by a particular user but only his or her public and private keys.
    With this brief overview of the technology, the concepts of coins and tokens can be introduced.
  2. Coins and tokens: coins and tokens should not be used interchangeably as there is a technological difference between them19. A coin is an asset or unit of value that is native from a specific blockchain, such as Bitcoin which is the coin native from the Bitcoin Blockchain or Ether for the Ethereum Blockchain. Tokens on the other hand do not have their own blockchain and are built on top of existing blockchains. They are generated and created through a smart contract that is built on the blockchain and permits to automatically execute transactions in accordance with the smart contract code. A smart contract is a computer programme that enables the creation, transfer and cancellation of tokens (see further in section I)B)2.a) below). A large number of tokens have been issued on the Ethereum Blockchain which has developed certain standards of tokens such as the "ERC-20 tokens". ERC-20 tokens are only one of the many forms of tokens that exist on the Ethereum Blockchain, and other standards of tokens exist on other blockchains. Each standard of tokens has its own specific rules and functions, which makes them compatible with different wallets or crypto-exchanges supporting these standards20. In light of the increasing attention of regulators worldwide to regulate the issuance of tokens, and in particular security tokens, it is worth mentioning that a new standard ERC-1400 has been developed on the Ethereum Blockchain to integrate additional functionalities specifically dedicated to security tokens and permitting for example to regulate the holding period, to whitelist and restrict the sale of tokens to non-accredited investors or put a threshold on transactions21.
    Finally, one should keep in mind that in order to transfer or effectuate transactions relating to tokens, a certain number of coins will be needed as transaction fees. For example, on the Ethereum Blockchain, a certain amount of Ethers will be used to "fuel" transactions on the Ethereum Blockchain22 in order to send a token from one wallet to another wallet. This shows that tokens and coins are not the same thing and should therefore be distinguished.
    With these clarifications on how blockchain technology functions and the role of coins and tokens, we can turn to the legal analysis of the different types of instruments based on DLT.

Click here to continue reading ...


1. The views expressed in this paper are those of the authors and do not necessarily reflect the views of the law firm Elvinger Hoss Prussen, société anonyme.

2. CSSF Annual Report 2019, p.32 (https://www.cssf.lu/en/2020/09/publication-of-the-cssfs-annual-report-2019).

3. Autorité des marchés financiers, the financial regulatory authority for France (see in particular, "Synthèse des réponses à la consultation publique portant sur les Initial Coin Offerings (ICO) et point d'étape sur le programme "Unicorn"" (https://www.amf-france.org/fr/actualites-publications/consultations-publiques/synthese-des-reponses-la-consultation-publique-portant-sur-les-initial-coin-offerings-ico-et-point) and "Etat des lieux et analyse relative à l'application de la réglementation financière aux security tokens " (https://www.amf-france.org/fr/actualites-publications/actualites/analyse-juridique-sur-lapplication-de-la-reglementation-financiere-aux-security-tokens-et-precisions).

4. Bundesanstalt für Finanzdienstleistungsaufsicht, the financial regulatory authority for Germany (see in particular, "Initial Coin Offerings: Advisory letter on the classification of tokens as financial instruments", 28 March 2018 (https://www.bafin.de/Shared-Docs/Downloads/EN/Merkblatt/WA/dl_hinweisschreiben_einordnung_ICOs_en.html;jsessionid=549E6A96822084BE260F9 8A148143973.2_cid393?nn=11089708) and "Second advisory letter on prospectus and authorization requirements in connection with the issuance of crypto tokens", 22 November 2019 (https://www.bafin.de/SharedDocs/Downloads/EN/Merkblatt/WA/dl_wa_merkblatt_ICOs_en.html).

5. This paper was written as of 10 October 2020.

6. J. Lee and F. L'heureux, "A Regulatory Framework for Cryptocurrency", European Business Law Review 31, no.3 (2020): 423-446, paragraph 4.1.2.

7. For completeness, we note that two main categories of distributed ledgers exist: the private or permissioned blockchains, which put certain conditions to access the network and to become a node, and the public or permissionless blockchains, which can be accessed by anyone.

8. G. Cywie, "La numismatisation de l'économie", Droit du financement de l'économie, Legitech, December 2018 ; G. Canivet, "Blockchain et régulation", Semaine Juridique – Entreprises et Affaires n°36, 7 September 2017 ; D. Legeais, "Blockchain", Jurisclasseur Commercial, March 2017 ; G. Kolifrath, M. Goupy, "Blockchain : les enjeux en droit français", Revue internationale des services financiers, 2017, n°4, pp.19-24 ; M. Melki, "Les mystères de la blockchain", Recueil Dalloz, 2 November 2017, n°37 ; B. Barraud, "Les blockchains et le droit", Revue Lamy Droit de l'immatériel, April 2018.

9. A node is a participant to the network which may take several forms such as a server, a computer or even a smartphone.

10. A. Tordeurs, "Une approche pédagogique de la Blockchain", Revue internationale des services financiers, 2017, n°4, pp.8-18.

11. World Bank Group, "Distributed Ledger Technology (DLT) and Blockchain", FinTech Note No.1, 2017, p.6.

12. Ibid, World Bank Group, "Distributed Ledger Technology (DLT) and Blockchain", FinTech Note No.1, 2017, p.6.

13. For further details on the concepts of "proof-of-work" and "proof-of-stake", see for example, A. Pinna, W. Ruttenberg, "Distributed ledger technologies in securities post-trading", European Central Bank, Occasional Paper Series No. 172, April 2016, paragraph 2.3.

14. Additional criteria in fact come into play to determine which users will be able to participate in the forging process of a new block, including in particular the methods of "randomised block selection" and "coin age selection". These two methods (which we will not explain in this paper as it would be too technical) permit to avoid a situation where the consensus mechanism would rely solely on the wealth of the different nodes of the network, which could cause some issues if certain nodes were to own large stakes of coins.

15. This may occur in the event that the new block contains illegitimate or invalid transactions or if there is an attempt to create a fork. In such cases, the network will not validate the new block.

16. Because the public key is the only one known to the entire network, it is often referred to as the "blockchain address".

17. For additional developments, see for example, Ibid, A. Tordeurs, "Une approche pédagogique de la Blockchain", Revue internationale des services financiers, 2017, n°4, pp.13-14 ; Ibid, World Bank Group, "Distributed Ledger Technology (DLT) and Blockchain", FinTech Note No.1, 2017, pp.8-9.

18. ESMA, "Advice on Initial Coin Offerings and Crypto-Assets", 9 January 2019, paragraph 25.

19. "Token vs Coin: What's the Difference" (https://www.bitdegree.org/tutorials/token-vs-coin/).

20. "Security Tokens – An ERC-Standards Comparison", microbo Market Research, December 2018 (https://medium.com/@micobo/security-tokens-an-erc-standards-comparison-919e7c379f37).

21. "Security Token Standard ERC 1400 – tokenization of assets", Bitcademy, 1 May 2019 (https://medium.com/@bitcademyfb/security-token-standard-erc-1400-tokenization-of-assets-f92ba6ee6b85).

22. The term "gas" is also used to refer to the payment of a transaction fee.

This article was first published in Bulletin Droit & Banque, n°67, ALJB, December 2020, pp. 29-53.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.