Cyprus
Answer ... Cyprus is currently drafting legislation that will regulate distributed ledger technology (DLT) business ventures. The draft legislation is a direct result of the Cypriot National Strategy on DLT. Once enacted, the new legislation will facilitate DLT implementations through several state registers and processes.
DLT protocols usually comprise a set of rules that determine how the DLT system operates. For example, DLT protocols can determine:
- how nodes interact with each other;
- how data is routed from one node to the next;
- the conditions for validity of on-chain transactions;
- how consensus is achieved;
- the maintenance of the ledger;
- the conditions for making changes to the system; and
- how errors are dealt with.
In preparation for the enactment of the Cypriot blockchain legislation, developers building governance for DLT protocols should take into account the existing regulatory frameworks relating to financial services, public offerings, electronic communications, data protection, tax and contract law.
The framework regulating due diligence procedures in the context of anti-money laundering (AML) applies to several blockchain applications. Depending on the sector or domain in which a specific DLT protocol is implemented, further regulatory regimes might need to be considered, such as corporate law.
One key domain in which regulatory regimes are particularly relevant to DLT ventures is that of cryptographic (or digital) assets. Where crypto-assets qualify as transferable securities or other types of financial instruments, the Cypriot regime regulating public offerings of securities, financial services and settlements might apply. This regime – which transposes EU legal instruments such as the Prospectus Directive, the Transparency Directive, the Second Markets in Financial Instruments Directive (MiFID II) and the Market Abuse Directive – is likely to apply to firms offering crypto-assets that are deemed to be issuers or providers of investment services.
Cyprus
Answer ... In principle, public blockchains (particularly permissionless blockchains) will expose the protocol to a wider range of applicable frameworks, due to their public nature. As such, in a public blockchain system, it is important to consider what law might apply to on-chain transactions and consider appropriate risk assessment regarding the protocol design itself. Nevertheless, from a liability perspective, in a plethora of permissionless public blockchains, developers may be understood to have limited their regulatory and legal exposure where the protocol allocates full control to network participants in a manner that could shift any liability to those participants.
Depending on their precise functions, private blockchains might allow developers to operate within specific legal frameworks. However, a number of private blockchains assessed through the prism of current regulatory regimes might lead to certain operators in such blockchains being regarded as accountable aspects of the system’s operation. While all developers should assess their position, private blockchain developers should seek legal advice as to their involvement in the lifecycle of the system.
Cyprus
Answer ... Crypto-assets are a common application of DLT at present. When dealing in crypto-assets, users will want to ensure that their investment is protected. The European Securities and Markets Authority (ESMA) has identified the most significant risks as being fraud, cyber-attacks, money laundering and market manipulation. Meanwhile, there could be benefits associated with initial coin offerings, provided that the appropriate safeguards are in place.
Depending on the protocol used, the processing of investors’ personal data might also prove a consideration for blockchain developers.
Moreover, in public blockchain systems, where there is a clear contractual framework between the participants which may expressly or impliedly allocate liability and accountability to the participants, this might give rise to legal exposure to users.
Cyprus
Answer ... The Cyprus Securities and Exchange Commission (CySEC) is responsible for enforcing the legislation governing financial services. A key consideration for CySEC is the legal status of crypto-assets, as this determines whether the financial services legislation is likely to apply.
CySEC is also competent to regulate security tokens, which qualify as transferable securities. As ESMA noted in its 2019 Advice on Initial Coin Offerings and Crypto-Assets, the actual classification of a crypto-asset as a financial instrument is the responsibility of the individual national regulators, and will depend on the specific national implementation of EU law and the information and evidence provided to the regulator.
Where crypto-assets qualify as transferable securities or other types of MiFID financial instruments, the full set of EU financial rules – including the Prospectus Directive, the Transparency Directive, MiFID II, the Market Abuse Directive, the Short Selling Regulation, the Central Securities Depositories Regulation and the Settlement Finality Directive – is likely to apply to their issuers and/or firms providing investment services/activities relating to those instruments.
In some cases, the e-money framework may apply, depending on the nature of the crypto-assets, which might result in the Central Bank of Cyprus having competence over such crypto-assets.
The framework regulating the due diligence procedures in the AML context will also apply to a number of blockchain applications, particularly those relating to crypto-assets. In the AML context, the Cypriot legal order designates respective authorities (eg, CySEC) as competent to implement the AML framework, depending on the activity concerned. The AML Unit at the Attorney General’s Office has wide-ranging powers in investigating AML offences.
Other authorities might also be competent to determine the application of regulatory regimes, depending on the nature and function of the blockchain. For example, the Commissioner for the Protection of Personal Data might be competent where on-chain acts involve the processing of personal data; while the Tax Department will have the power to tax any activity that generates taxable income under Cyprus law. Generally – and particularly ahead of the introduction of specific Cypriot legislation – an overall legal assessment is required for any blockchain venture.
Cyprus
Answer ... CySEC encourages the development of responsible blockchain applications, which can be accommodated under the existing regulatory regimes.
CySEC itself is exploring the DLT space and is participating in a number of initiatives, such as the Blockchain Technology for Algorithmic Regulation and Compliance project, which is run by University College London Blockchain Technologies. CySEC has also launched an innovation hub to explore innovative fintech applications, including those based on DLT.
Cyprus
Answer ... Several associations are active in the promotion of blockchain technology, ranging from financial services professional associations to academic groups.