The PACTE Act

In 2019, France adopted legislation designed to allow it to become a leading jurisdiction for blockchain technology: the PACTE Act, which stands for “Action Plan for the Growth and Transformation of Companies”. This legislation introduced the first comprehensive regulatory framework in France for initial coin offerings (ICOs) and intermediaries dealing with cryptocurrencies (digital assets service providers or DASPs).

Recent Developments

Despite the COVID-19 pandemic, the year 2020 was productive in advancing these objectives.

Order 2020-1544 of 9 December 2020 (strengthening the framework for the prevention of money laundering and terrorist financing applicable to digital assets) extended the scope of services on crypto-assets requiring registration with the Financial Markets Authority (Autorité des marchés financiers, or AMF). There are thus four services that require registration to the extent that they are supplied in France:

• custody on behalf of third parties of digital assets or access to digital assets;
• the buying or selling digital assets in legal tender currency;
• the exchanging of digital assets for other digital assets; and
• the operation of a digital asset trading platform.

Almost three years after the Act came into force, the PACTE Act has shown its success with the AMF approving the registration of more than 30 DASPs. Similarly, no DASP has yet been licensed by the AMF. However, applications should be forthcoming in order for DASPs to benefit from potential equivalence with the Markets in Crypto-Assets (MiCA) Regulation’s authorisation.

On April 15, 2021, Société Générale issued the first structured product in the “security token” format directly registered on the Tezos public blockchain. These securities were fully subscribed by Société Générale Assurances. This transaction follows a first bond issuance of EUR100 million of “security tokens” on the Ethereum blockchain which was settled in euros in April 2019, and a second bond issuance of EUR40 million of “security tokens”, this time settled in central bank digital currency (CBDC) issued by the Banque de France in May 2020.

Along the same lines, the European Investment Bank is reportedly about to issue EUR100 million in bonds on the Ethereum blockchain network. The issue of these bonds, with a maturity of two years, will be supervised by Société Générale, Goldman Sachs and Santander.

Potential Further Legislation

Now that the PACTE Act has become effective, it is not expected that any further significant blockchain-related pieces of legislation will be adopted in France in the near future.

On the other hand, at the end of March 2022, at the European level, the European Parliament voted in favour of the MiCA regulation, whose goal is to regulate cryptocurrencies. The Regulation is expected to come into force by the end of 2022. It includes a proposal for a pilot regime for market infrastructures based on distributed ledger technology, which aims to create a new regime of exemptions to support the development of financial securities registered on blockchains (security tokens). 

The pilot regime provides guidance for: 

• operators – investment firms accredited under the Markets in Financial Instruments Directive (MiFID), market undertakings and central securities depositories as defined in the Central Securities Depositories Regulation (CSDR); and
• market infrastructures – multilateral trading platforms and securities settlement systems involved in the exchange of security tokens.

Furthermore, on 31 March 2022, two new amendments were voted for by the European Parliament Economic and Monetary Affairs (ECON) Committee and the Committee on Civil Liberties (LIBE) of the European Parliament regarding the Transfer of Funds Regulation (TFR) Directive. The two amendments officially aim at limiting money laundering, by requiring companies to identify the senders and recipients of their transfers, without minimum value limits (even when a private portfolio is involved). By adding the cryptocurrency sector to this Directive, which originally dates from 2015, the monitoring of all cryptocurrency transactions carried out by regulated entities is allowed. While the European Parliament’s version published at the end of March 2022 was deemed very strict for crypto-asset providers (CASPs), trilogues between the European Parliament, the European Commission and the European Council on the TFR have been – and are still ongoing – since 28 April 2022.

In parallel to the MiCA Regulation, the Digital Finance Package and the TFR Directive amends, a 6th Anti-money Laundering/Countering Financing of Terrorism (AML/CFT) Directive is expected to be adopted, together with a regulation establishing an EU AML Authority (AMLA), a regulation on AML/CFT regarding customer due diligence and beneficial ownership.

Finally, the Banque de France’s experiments with central bank digital currency are continuing. On 8 November 2021, the Banque de France published a report on its wholesale CBDC experiments. The Banque de France concludes that a wholesale CBDC could help ensure the safe development of tokenised financial markets by preserving the central role of central bank money. Furthermore, a wholesale CBDC could help improve cross-border and cross-currency payments.

Stablecoins and Central Bank Digital Currency

The creation of a functional stablecoin (whether or not it is actually based on cryptography) by a large financial institution or a public body could be a game changer in 2022, as would be the creation of an operational CBDC by the Banque de France. Thus, it is expected that stablecoins and security tokens will continue to be a primary focus of French public authorities in the coming year.

French Blockchain Businesses

While France is not the major European hub for blockchain companies, many start-ups created during the last few years have grown sufficiently to begin expanding internationally. The following are examples of notable and emerging French business models within this sector:

• digital assets exchange platforms for retail investors (eg, Paymium, Just Minig, Deskoin, Leonod and Digital Broker) or professional investors (eg, VOYAGER (formerly LGO));
• digital assets brokers (ie, companies allowing investors to buy and sell digital assets with legal currency directly, without having to use an exchange platform) such as Coinhouse;
• over-the-counter (OTC) brokers, such as Woorton;
• exchange platforms, such as VOYAGER (formerly LGO);
• dark pool platforms for crypto, such as Sheeld Market;
• hardware wallet manufacturing (eg, Ledger, which is arguably the pre-eminent French blockchain company, having raised EUR61 million in January 2018);
• data collection and analytics services (eg, Kaiko, which provides market data on digital assets exchanges to institutional clients);
• anti-money laundering tools dedicated to digital assets (eg, Scorechain, which is incorporated in Luxembourg but has operations mainly based in France);
• blockchain software development companies such as Nomadic Labs and Ark.io; and
• consulting and outsourced project management (eg, Blockchain Partners, although many other smaller actors also exist).

The major French leaders of the French digital asset and blockchain industry formed a professional association, the Association pour le Développement des Actifs Numériques (ADAN), in 2020. The association will represent the industry before public authorities and consumers.

Banque de France Digital Currency

The Banque de France called, in April 2020, for proposals by market actors to test the use of a central bank digital currency for interbank settlements. The Banque de France is now collaborating with private sector innovators (such as Accenture, Euroclear and HSBC) to conduct eight different types of trial runs on a wholesale CBDC. On 17 December 2020, the Banque de France successfully conducted a CBDC trial run with the company IZNES as part of this collaboration. The trial consisted of investors subscribing and redeeming money fund shares on a private blockchain, provided by SETL, for an aggregate amount of over EUR2 million. Cash settlements were simulated by central bank digital money issued on the blockchain. 

Decentralised finance (DeFi) is an experimental form of finance that does not rely on traditional financial actors acting as intermediaries between market participants (such as brokers, trading platforms, or banks) and is instead based upon smart contracts on blockchains.

While DeFi is a very fast-growing sector in the cryptocurrency industry, DeFi is not currently defined or regulated under French law as such.

However, most of the DeFi platforms offer services that fall within the DASP regime described in 2.1 Regulatory Overview. Under French law, the provision of such services requires registration with the AMF.

In fact, the DASP regime is not suitable for truly decentralised platforms with decentralised governance. It was designed to regulate platforms launched by a centralised entity. In order to fill this gap, national regulators are taking a close interest in DeFi by adopting a rather open posture while insisting on the AML/CFT risks involved. The French Parliament has also taken up the subject of DeFi with the drafting of a report, which was submitted by the Committee on Finance, the General Economy and Budgetary Control (Commission des Finances, de l’Economie Générale et du Contrôle Budgétaire) on 1 December 2020. The report specifies the implementation of the conclusions of the informative mission on crypto-assets.

Finally, many DeFi projects are led by French actors (Paraswap, Cometh, French people are also involved in AAVE, Curve, etc) although they are not always physically based in France or led by French companies.

While France has struggled to gain a foothold in the non-fungible token (NFT) market, since the beginning of 2022, the country has witnessed a real craze among the general public.

Several companies have participated in this popularising of NFTs in France. There is obviously the French NFT company, Sorare, which raised USD680 million in September 2021, the largest fundraising in French tech. This was followed by other French projects that launched in turn. For example, the NFT game Dogami (calling itself the “Tamagotchi 3.0”) raised nearly USD6 million in January 2022 from Ubisoft and the XAnge fund.

Beyond that, Paris has been at the heart of prestigious gatherings, often open to the public and bringing the possibilities of NFTs to a wider and more interested audience.

On 22 January 2022, NFT Paris was held at Station F (Europe’s largest start-up campus). In April 2022, the Paris Blockchain Week Summit hosted, the day before the event, a day entirely dedicated to NFTs in the prestigious Palais Brogniart. All these events democratise access to NFTs and encourage their use and acceptance by the French public.

The regulation of the blockchain sector is threefold, focusing on ICOs, DASPs and securities.

ICOs

The PACTE Act created an optional regulatory regime for ICOs. ICO issuers may choose to ask the AMF to grant its approval (or “visa”) to their ICO – but they may also launch an ICO without the AMF’s approval. The AMF’s approval serves as proof of the trustworthiness of an ICO issuer, and grants certain marketing rights with respect to the ICO. Issuers applying for an approval must meet the following conditions:

• the issuer must be a legal entity incorporated in France, or registered in France through a branch;
• the issuer must prepare a white paper providing detailed information on the offering and the issuer itself; and
• the issuer must implement adequate procedures to track and safeguard the funds raised in the ICO (especially if digital assets are raised).

DASPs

The PACTE created a legal framework for DASPs. DASPs are entities providing the following services.

• Custody of digital assets or cryptographic private keys.
• Purchase or sale of digital assets against legal currency.
• Purchase or sale of digital assets against other digital assets.
• Operation of a digital assets trading platform.
• Various other services related to digital assets.

The DASP regime is also optional. Any entity may apply for a DASP licence to provide the above-mentioned services. Licensed DASPs are subject to a set of obligations which are quite similar to those of investment services providers.

On the other hand, providing the following services requires registration with the AMF:

• custody services;
• the purchase or sale of digital assets against legal currency; and
• since Order 2020-1544 of 9 December 2020, the purchase or sale of digital assets against other digital assets and the operation of a digital assets trading platform.

Registered DASPs can also apply for a licence with respect to these services, but are subject to fewer obligations than licensed DASPs. The AMF has clarified that a service in respect of virtual assets can be considered as provided in France if the DASP addresses a communication of a promotional nature, regardless of the medium, to customers residing or established in France. Promotional communications are defined to include communication via the press, television, websites, social networks, participation in trade fairs, invitations to events, etc.

Obtaining a DASP registration or licence, or an ICO approval has similar effects:

• the entity will be subject to the anti-money laundering legislation and will need to implement a comprehensive anti-money laundering procedure;
• the entity will not be arbitrarily forbidden from opening a bank account and accessing banking services; and
• the entity will be able to market its services (or its offering) on a large scale, (licensed DASPs benefit from more lenient marketing rights than registered DASPs).

In March 2021, the AMF and the Autorité de contrôle prudentiel et de resolution (ACPR) published the report of a working group on the difficulties faced by DASPs regarding access to bank accounts. The report described the challenges and studied avenues for improvement.

Finally, Decree No 2021-387 of 2 April 2021 “relating to the fight against the anonymity of virtual assets and reinforcing the national mechanism for combating money laundering and the financing of terrorism” (AML/CFT) has augmented the obligations of DASPs by eliminating the simplified procedures applicable to occasional clients.

At a European level, with the proposed MiCA Regulation, released on 24 September 2020, the European Commission aims to regulate token issuances (ICOs) and crypto-asset service providers (DASPs).

Securities

Following the PACTE Act, a decree was published to describe the technical conditions which needed to be met by the blockchain used for registration. In theory, public blockchains (such as Ethereum) can now be used for that purpose.

Although securities registered on a blockchain are often called “security tokens,” a more accurate denomination would be “blockchainised securities.” Registering securities on a blockchain does not transform their legal nature. Even though these securities may be nearly identical, from a technical perspective, to certain digital assets (eg, ERC-20 utility tokens), they are still subject to all the laws applicable to traditional securities.

At the European level, the proposal for a regulation on a pilot regime for market infrastructures based on distributed ledger technology aims to create a new regime of exemptions to support the development of financial securities registered on a blockchain (security tokens). The pilot regime aims to regulate: 

• market infrastructures – multilateral trading platforms and securities settlement systems involved in the exchange of security tokens; and
• operators – MiFID-accredited investment firms, market undertakings and central securities depositories as defined in the Central Securities Depositories Regulation (CSDR). 

FATF Recommendations

The updated recommendations of the Financial Action Task Force (FATF) suggest that a public authority should register various actors in the digital assets economy and comply with the anti-money laundering legislation. The FATF’s list contains the following activities:

• exchange between digital assets and fiat currencies;
• exchange between one or more forms of digital asset;
• transfer of digital assets;
• safekeeping and/or administration of digital assets or instruments enabling control over virtual assets; and
• participation in and provision of financial services related to an issuer’s offer and/or sale of a digital asset.

Directive (EU) 2018/843 of 30 May 2018 (the fifth anti-money laundering directive or AMLD 5) was adopted before the recommendations were updated. Therefore, the AMLD 5 only requires member states to apply the anti-money laundering legislation to two categories of DASPs: custodian wallet providers and providers engaged in exchange services between digital assets and fiat currencies.

With the PACTE Act, France chose not to follow the FATF recommendations and simply transposed the AMLD 5 into French law. However, with the enactment of Order 2020-1544 it is now the four services requiring DASP registration that are subject to AML/CFT regulation in France.

Finally, the FATF opened a consultation in April 2021 to update its Guidance on the risk-based approach to virtual assets (VAs) and virtual asset service providers (VASPs). The document provides updated guidance in six main areas, including (i) FATF standards applied to stablecoins or (ii) additional guidance on the risks associated with peer-to-peer (P2P) transactions and mitigation techniques.

ADAN Proposals

In its contribution to the revision of the FATF Guidelines, the ADAN states that “the proposals for changes are, in general, very concerning as they effectively expand the (know your customer) KYC and AML supervision obligations in ways that are neither practical nor desirable”. Indeed, for ADAN, the proposed clarifications are at best awkward, at worst impossible to implement for individuals and start-ups.

In this sense, ADAN has issued proposals to:

• improve the monitoring of criminal activity on public blockchain networks by national authorities;
• subject targeted actors to reporting requirements based on their actual operational role and available information; and
• create industry standards and best practices.

The AMF is the lead regulator for all matters related to digital assets. The AMF’s main purpose is to protect investors and ensure the proper functioning of financial markets. With respect to digital assets, the AMF grants approvals to ICOs and registrations or licences to DASPs.

However, the Banque de France and the ACPR must be consulted in all DASP registration or licence applications with respect to the anti-money laundering procedures. These procedures must be validated by the ACPR before the registration or the licence is granted by the AMF. In addition, the compliance of registered DASPs (ie, digital asset custodians and entities allowing the purchase or sale of digital assets against legal currency) with the anti-money laundering legislation is monitored by the ACPR, while licensed DASPs and ICO issuers are monitored by the AMF.

The prominent French trade organisation dedicated to digital assets is the Association for the Development of Digital Assets (or ADAN). ADAN was created in January 2020 and replaced Chaintech, which focused more broadly on the blockchain market. Today, the association has nearly 70 members.

The ADAN does not have any regulatory or self-regulatory binding authority, although it plans to help market participants develop best market practices and lobby public authorities to ensure that regulation is appropriately suited to the needs of its members.

There have been few judicial decisions related to digital assets.

In March 2020, a liquidity provider obtained a loan of bitcoins from Paymium, the oldest French exchange platform, in order to provide liquidity to the Paymium platform. The liquidity provider reimbursed the loan in December 2017, but did not pay interest amounts due. Paymium then froze the borrower’s account to recover the interest.

The dispute later focused on the ownership of the Bitcoin Cash (BCH) obtained by the borrower, following the hard fork splitting Bitcoin from BCH in August 2017. Under French law, whether the borrower or the lender is entitled to receive the BCH depends on the legal qualification of the loan.

Although bitcoins are not regarded as perfectly fungible (as legitimate actors would not accept bitcoins transferred from an address, which previously received transactions from addresses, associated with illicit activities), they appear to be mostly fungible in business relationships involving exchange platforms and liquidity services. Therefore, the commercial court ruled that the borrower was the legitimate owner of the BCH received following the fork.

That decision somewhat clarified the legal status of digital assets with respect to civil law and contract law (while the PACTE Act focused on the regulation of activities related to digital assets). However, it does not provide a reliable legal framework for digital assets loans or sophisticated financial transactions.

There has been no enforcement action related to digital assets in France. The AMF and the ACPR did publish warnings regarding the use of digital assets by retail investors during the 2017 bubble. The AMF also publishes a “blacklist” of websites offering financial services without proper authorisation. That blacklist now includes websites offering various speculative products on digital assets (such as derivatives or binary options).

On April 15, 2021, the AMF placed crypto.com, a VASP platform, on its blacklist. The platform with 10 million users worldwide was engaged in marketing to the French public (by using advertisements and influence campaigns on various media platforms) without proper authorisation. The AMF also regularly updates its blacklist of websites offering crypto-asset derivatives, listing, as of May 2022, over 60 sites.

There is no regulatory sandbox in France for blockchain or fintech projects. French regulatory agencies do not plan to establish any national regulatory sandbox for the time being.

In a recent publication on security tokens, the AMF suggested that the European Commission create a “digital laboratory” which would allow national regulators to lift certain requirements arising from European legislation, in order to support the development of projects related to security tokens.

Before the 2019 Budget Act, the tax treatment of digital assets was particularly severe. Capital gains made by individual investors were taxed at a marginal rate, which could reach 60% (for large amounts). These gains are now taxed at a flat rate of 30%. In addition, crypto-to-crypto transactions are not subject to any taxation: the taxation is deferred until the digital assets are sold against fiat currency or exchanged against a good or a service.

This 30% flat tax only applies to individual investors: professional traders and miners are still subject to the general income tax regime, as the gains they make are regarded as having a professional nature.

With respect to companies, capital gains made by trading digital assets will be included in their taxable income and subject to corporate tax. In addition, theoretically, following a regulation of the Accounting Standards Authority of December 2018, digital assets held for speculative purpose by a company must be reassessed each year based on their market value. Therefore, an unrealised profit or loss could be realised each year. Whether such profit or loss would be included in taxable income remains unclear.

The AMF and the ACPR both created internal fintech teams in 2016. These teams mostly focus on blockchain technology and digital assets, although their mandate covers the entire fintech sector. They are meant to function as “innovation hubs” and offer guidance to start-ups wishing to develop innovative products. Both of them are in charge of the “FinTech forum” which is a space for discussion between fintech players and regulators.

Outside of digital assets, the Banque de France also created a task force in 2019 focused on CBDCs.

No specific provision of French law explains how ownership rights are treated with respect to digital assets. Digital assets would normally belong to the intangible goods category (which also includes claims, patents, or copyrights). However, under French law, the transfer of most intangible goods requires a written notification (eg, for claims) or a modification of a registry maintained by a public authority. On the contrary, the actual transfer of a digital asset only requires sending, to a blockchain network, a transaction signed with a private cryptographic key.

The transfer of ownership (which is different from the actual transfer on the blockchain) is deemed final, in theory, when the agreement between the transferor and the transferee is concluded, unless the agreement provides otherwise. In practice, agreements concerning the sale of digital assets should provide that the transfer of ownership would occur when the digital assets are effectively transferred on the blockchain.

With respect to depositing (ie, the conditional keeping in custody of something that belongs to another person), digital assets seem to be able to be deposited with a third party without a transfer of ownership. However, complicated situations may arise if a depositary of digital assets were to become insolvent.

French regulators often refer in their publications to the three main categories of tokens: security tokens, utility tokens, and payment tokens.

The PACTE Act, however, created two specific categories: tokens (jetons) and digital assets (actifs numériques).

Tokens are intangible assets digitally representing one or several rights that may be issued, registered or transferred through a distributed ledger that allows the direct or indirect identification of the owner of the token.

Digital assets are defined more broadly as any digital representation of value that is not issued or guaranteed by a public authority and does not qualify as legal currency, but is accepted by legal or natural persons as a medium of exchange, and can be transferred, stored or traded electronically. Digital assets also include tokens.

Interestingly, securities may qualify as tokens as soon as they are registered on a distributed ledger, which is permitted under French law. But such securities would only be subject to securities laws, meaning the regulation of tokens, ICOs, or digital assets would not apply to them.

Regarding the distinction between security tokens and digital assets, French law does not use, per se, an analytical framework such as the Howey test. Under French law, securities (instruments financiers) include derivatives contracts, equity securities, bonds, and shares in collective investment schemes. To determine whether a token qualifies as one of these subcategories, a judge would consider the purpose of the implicit agreement between the token issuer and the subscriber, as well as the rights granted to the subscriber (ie, if a tokenholder is entitled to a fixed share of the benefits of the entity issuing the token, that token would qualify as an equity security, and therefore as an instrument financier).

As with various other business models (eg, DeFi), stablecoins became mainstream after the PACTE Act was drafted. Therefore, they are not mentioned in the DASP regulatory framework.

The potential qualification of certain stablecoins as electronic money has been discussed amongst regulatory authorities since the beginning of 2019. The advice on crypto-assets of the European Banking Authority (EBA) of 9 January 2019 specifically mentioned that possibility. Digital assets may theoretically qualify as electronic money if they satisfy the following six conditions:

• they have monetary value;
• they are electronically stored;
• they represent a claim on the issuer;
• they are issued on receipt of funds;
• they are issued for the purpose of making payments transactions; and
• they are accepted by persons other than the issuer.

Therefore, a stablecoin issued by an entity under contractual terms allowing any holder of units of the stablecoin to redeem them at face value at any time could theoretically qualify as electronic money. However, the consequences of this qualification would be highly unclear, since the regulation of electronic money issuers and distributors is not designed to apply to entities issuing, receiving or transferring stablecoins.

This is why the draft MiCA Regulation also aims to regulate the issuance of stablecoins. For the moment the proposed reform terms distinguish between (i) “asset-referenced tokens” which are defined as “a type of crypto-asset that purports to maintain a stable value by referring to the value of several fiat currencies that are legal tender, one or several commodities or one or several crypto-assets, or a combination of such assets”; and (ii) “e-money tokens” which are defined as “a type of crypto-asset the main purpose of which is to be used as a means of exchange and that purports to maintain a stable value by referring to the value of a fiat currency that is legal tender”.

Issuers of e-money tokens will have to be licensed as a credit institution or e-money institution and comply with the e-money directive (EMD) while issuers of asset-referenced tokens will have to obtain a licence and notify a white paper to the competent national authority.

In France, only the euro is legal tender. A creditor is only required to accept a payment made in euros. However, parties to a contract may agree to use a digital asset as payment. Legally, such operation would be regarded as an exchange rather than a legal payment.

In practice, various French retailers and websites accept payments made with digital assets. Most of these retailers use an external provider, which automatically converts the digital assets received from the client to euros (eg, Bitpay), shielding the retailer from price volatility.

Digital assets remain rarely used as medium of payment. They tend to be hoarded by their owners, who believe that their price will increase in the long run, and therefore would rather deal in euros than digital assets.

Before any development, it should be noted that many assets are called non-fungible tokens (NFTs) without being so. Indeed, to qualify as such, an asset must (i) be non-fungible; (ii) be issued, registered, held or transferred by means of a blockchain; and (iii) represent a right, generally an intellectual property right.

An NFT is therefore close to the notion of a token as defined by Article L. 552-2 of the French Financial and Monetary Code. However, NFTs do not qualify as tokens (jetons), as per the definition set out by the PACTE Act (since tokens are defined as intangible goods representing digitally one or several rights which can be registered on a distributed ledger).

NFTs would not qualify as digital assets (actifs numériques) either, since the PACTE Act definition states that digital assets are supposed to be “accepted by natural or legal persons as a medium of exchange.” While NFTs can be easily transferred, they should not be regarded as a medium of exchange since they are not fungible, and are actually meant to be collectibles.

Therefore, as French law currently stands, (genuine) NFTs and trading platforms for such assets do not fall under any legal regime. The MiCA Regulation proposal does not directly aim to regulate NFTs. However, they could fall under the broad definition of crypto-assets, and therefore be regulated, as well as the trading platforms offering such NFTs.

In this regard, on 14 March 2022, the European Parliament’s Committee on Economic and Monetary Affairs expressed its opinion on the MiCA Regulation and confirmed that NFTs are excluded from the scope of MiCA, unless they fall into the category of utility tokens.

Although digital assets are quite popular in France, no French exchange platform has reached a global scale. The French digital assets exchanges mostly focus on the French market.

France-based exchanges include Paymium, Coinhouse, Sheeldmarket, Just Mining, Binance France or VOYAGER (formerly LGO). 

Custodial exchange platforms remain the most convenient way to exchange fiat currency for digital assets. As French exchange platforms do not provide the same level of liquidity and low fees as their better-known competitors, most French clients create trading accounts with foreign exchange platforms. The tricky part often resides in depositing euros in the trading account – some French banks refuse to perform wire transfers when the receiving account is associated with a digital asset exchange.

Other options that are available to French clients include:

• directly buying or selling digital assets to a broker such as Coinhouse;
• buying Bitcoin coupons from local retailers and redeeming them on a specific wallet provided by KeplerK;
• using a Bitcoin automated teller machine (ATM), although only a handful exist in France; and
• finding a buyer or seller of digital assets through a platform such as LocalBitcoins and agreeing to physically exchange fiat currency against digital assets.

The regulation of payment services (ie, the European equivalent of money transmission) does not directly apply to fiat-to-crypto exchanges, and does not apply at all to crypto-to-crypto exchanges. Crypto-fiat exchanges or brokers are subject to the ACPR’s guidance and must therefore become payment institutions or agents of a payment services provider. In practice, crypto-fiat brokers avoid that obligation by buying and selling digital assets for their own account.

The DASP regulatory regime requires the following entities to fully comply with the anti-money laundering (AML) legislation:

• DASPs that are required to register with the AMF (ie, entities providing custody, crypto-fiat or crypto-crypto brokering services and the operation of a digital asset trading platform);
• DASPs providing other services related to digital assets that choose to apply for a DASP licence with the AMF; and
• ICO issuers whose issuance was approved by the AMF, but only with respect to the subscriptions received as part of the ICO.

Other actors (ie, mostly DASPs that do not provide custody, crypto-fiat or crypto-crypto brokering services and the operation of a digital asset trading platform) are not subject to any AML obligation, although they often choose to voluntarily apply due diligence measures (such as collecting and verifying identification documents, analysing the source of funds and screening clients against sanction lists).

The AML legislation which must be applied by the above-mentioned entities derives from the Directive (EU) 2015/849 of 20 May 2015 on the prevention of the use of the financial system for the purposes of money laundering or terrorist financing (AMLD 4), as amended by Directive (EU) 2018/843 of 30 May 2018 (AMLD 5). To sum up, these entities are subject to the same rules as traditional financial entities (such as banks, insurance companies, payment institutions, etc). In parallel to the MiCA Regulation and the Digital Finance Package, a 6th AML/CFT Directive is expected to be adopted, together with a Regulation establishing an EU AML Authority (AMLA), a Regulation on AML/CFT regarding customer due diligence and beneficial ownership, as well as an amendment to the 2015 Regulation on Transfers of Funds to include aspects related to crypto-assets.

Please refer to 2.2 International Standards for complementary information.

Since Order 2020-1544, operating an exchange platform constitutes a digital assets service that requires a mandatory registration with the AMF. Entities providing that service can voluntarily apply for a DASP licence with the AMF.

In addition, if the exchange platform allows the exchange of fiat currency against digital assets, it will need a payment institution licence (or have authorisation to act as an agent of payment service providers), pursuant to the 2014 guidelines of the ACPR. Only exchange platforms, which do not handle fiat currency, may fall outside of the scope of the payment services regulation (this would be the case, for example, if each user of the platform were to use its own bank account to transfer and receive legal currency following transactions made on the platform – eg, without the platform acting as an intermediary).

Therefore, all custodial exchange platforms are subject to the regulation (either the DASP regime or both the DASP regime and the payment services legislation).

In addition, exchange platforms that obtain the optional DASP licence will have to comply with additional obligations, such as:

• preparing a rulebook which will have to be approved by the AMF, and made available on the exchange platform’s website; and
• publishing, on their website, an order book and the details of past transactions.

Operators of licensed exchange platforms may not trade for their own account on their platform, unless such trades are only meant to provide liquidity and are proportionate to the traded digital asset’s market capitalisation. In addition, licensed exchange platforms may not profit from “inside information” (defined as “information likely to harm the integrity of digital assets markets”), and their employees are subject to trading restrictions.

Licensed digital asset custodians may not use their clients’ digital assets for any purpose without the clients’ consent. In addition, licensed custodians must segregate the digital assets belonging to their clients from their own digital assets.

The ability of licensed custodians to use (or re-hypothecate) their clients’ digital assets is limited by a provision requiring the custodian to make sure that, at any given moment, the amount of digital assets it holds on behalf of its clients is equal to the amount of digital assets for which it actually controls the private keys. Therefore, in practice, re-hypothecation could work, but only as between clients of the same custodian (because the custodian would keep the private keys of all re-hypothecated digital assets). Re-hypothecating digital assets to non-client third parties would be forbidden, as the custodian would not control of the private keys related to the digital assets.

However, the above-mentioned rules normally apply to licensed custodians, and not to licensed operators of exchange platforms. It is unclear whether a licensed operator of an exchange platform (with custody services) would have to respect them.

Wallet providers are treated as digital asset custodians (see 2.1 Regulatory Overview and 7.3 Custody) as soon as the entity actually controls the private keys related to the digital assets deposited by clients.

If the wallet provider merely allows a client to create and manage its own wallet and private keys, it should not be subject to the DASP regime (whereby digital assets custodians are required to register with the AMF). In principle, whether the wallet is created by the client using a dedicated website or through software, which first needs to be downloaded, should not make a difference for the purposes of determining the regime’s applicability.

Finally, entities which manufacture and sell “hardware” wallets (such as Ledger) are not subject to the DASP regime either, since their wallets are designed to make sure that the wallet manufacturer is never able to know the private keys of their clients.

As further explained in 2.1 Regulatory Overview, the PACTE Act created a tailor-made regulatory regime for ICOs. Tokens issuers are now allowed to apply for an approval (or visa) from the AMF as soon as they are incorporated in France or have a French branch or subsidiary.

Applying for the AMF’s approval is optional – ICOs conducted without the approval are permitted. The AMF approval is meant to lend legitimacy and integrity to the issuance.

The distinction between securities offerings and ICOs was clarified through a specific provision of the PACTE Act: whenever the tokens offered in an ICO qualify as securities, they are entirely governed by securities laws. The issuance of tokens is mostly viewed as a commercial activity (notably from a tax and accounting perspective). From an accounting perspective, token issuances are actually often treated as deferred revenue.

The regulation of ICOs by the PACTE Act was conceived before initial exchange offerings (IEOs) became a trend. Therefore, IEOs are not regulated, per se, under French law. The same reasoning as the one used for ICOs should apply: the issuance would be subject to securities law if the tokens qualify as securities. Otherwise, the issuer would have the option to apply for the AMF’s approval.

However, since Order 2020-1544, the operation of an exchange platform used for IEOs requires registration with the AMF. On the other hand, exchange platforms are not subject to any specific regulatory regime with respect to IEOs.

The finalised version of MiCA provides some guidelines regarding the special issuance of tokens, meaning through (i) an “airdrop” or (ii) a similar mechanism that does not necessarily involve a purchase. According to MiCA, under certain conditions, issuers do not have, for example, to publish a white paper. One of the listed conditions is if the crypto-assets are offered for free (eg, during airdrops).

However, MiCA also explains that crypto-assets shall not be considered as offered “for free” if potential holders have to enable personal data in exchange for the token or if any non-monetary benefits are given (eg, from third parties). 

The PACTE Act allows two categories of regulated alternative investment funds to invest in digital assets: professional specialised investment funds (FPS) and professional private equity funds (FPCIs). FPCIs may only invest up to 20% of their assets in digital assets, while FPS are not subject to any limitation.

Only professional clients may subscribe to or purchase the shares of FPS or FPCIs. In addition, FPS and FPCIs must be managed by a licensed asset manager. The management of funds invested in digital assets does not require a specific authorisation, but the programme of activity of the asset manager (which sets out the organisational structure of the asset manager) needs to be adapted to digital assets. As the programme of activity must be validated by the AMF, the regulator can keep an eye on alternative investment funds that invest in digital assets.

In December 2018, Napoleon AM became the first licensed asset manager with a clear focus on digital assets.

However, both FPSes and FPCIs must appoint a depositary. The depositary is notably in charge of the custody of the assets owned by the funds. Here lies the issue: French depositaries are currently not willing to take custody of digital assets, since the legal and operational risk is deemed too high. Therefore, in practice, the first FPS launched by Napoleon AM does not directly hold digital assets, but rather purchases listed derivatives on digital assets, which qualify as financial instruments.

Finally, the list of the services on digital assets created by the PACTE Act includes the management of individual portfolios of digital assets on behalf of clients. Providing such a service does not require a mandatory registration. However, each client’s portfolio must be managed separately.

The regulatory framework of DASPs covers various services relating to digital assets. Certain of these services would typically be provided by broker-dealers or other financial intermediaries, such as the receipt and transmission of orders on behalf of third parties, underwriting, and placement with or without a firm commitment.

However, providing these services does not require a registration with the AMF. DASPs providing these services need only apply for an optional licence.

No regulation or judicial precedent specifically applies to the enforceability of smart contracts.

The French legal community tends to distinguish between (i) a valid agreement and (ii) situations where the computer code itself is the entire agreement (where the parties do not interact outside of the computer code and, presumably, there is no way for them to agree on a jurisdiction or choice of law clause).

The difficulty with respect to the second situation would reside in the applicability to such a contract of the rules related to the validity of agreements. Under French law, an agreement is valid if the contracting parties consented to enter into that agreement, and if their consent was validly given (eg, by a person not lacking in legal capacity, free from duress, etc). Making sure that the parties consented to enter into the agreement also requires identifying the parties.

Then, the actual enforceability of the agreement would be made impractical by the lack of jurisdiction and choice of law clause. Regulation (EC) 593/2008 of 17 June 2008 on the law applicable to contractual obligations (the Rome I Regulation) allows parties to incorporate by reference into their contract a “non-State body of law” but still provides that an agreement must always be governed by the law of a country.

In any case, we expect that the validity and enforceability of smart contracts will continue to be the focus of legal scholarly debate during the coming years. That being said, we do not expect that the Civil Code (which contains the core principles of contract and tort law) will be modified in the near future to cover smart contracts.

Whether developers of smart contracts or blockchains could be held liable under French law for losses arising through the use of their software remains unclear.

First, a developer may only be held liable if it is identifiable. In the blockchain economy, many software or smart contracts are developed by people using pseudonyms. A liability lawsuit against a pseudonymous person would be bound to fail.

Additionally, even if the developer is an identifiable person or entity, French law differentiates contractual liability from extra-contractual liability. The contractual liability can be limited by specific provisions included in the agreement, although these limitations cannot apply in cases of gross negligence, or when they exonerate, in practice, the contracting party from executing its material obligations. Therefore, the developer could compel the users of its software (if this were technically feasible) to accept terms of use limiting or excluding that developer’s liability.

Finally, with respect to open source or free-to-use software, which does not require any authorisation from its developer to be run (eg, a smart contract whose code would be freely available on Github), the liability risk of the developer would probably be non-existent, unless it could be demonstrated that the developer had a fraudulent intent. Even if the software code contained a gross security flaw, a judge would likely rule that the user who suffered a loss should have known that the use of the software was risky, and should have reviewed the code before running it.

So far, the entire space of decentralised finance (DeFi) has remained under the radar of the regulatory authorities. The PACTE Act was mostly drafted between 2018 and the beginning of 2019, when DeFi was a niche topic in the broader digital assets economy. The PACTE Act created a regulatory framework largely for digital assets custodians, brokers, and exchange platforms.

Therefore, the regulatory status of DeFi remains unclear. Until a clear position is published by the French regulators or the law is modified, platforms matching borrowers and lenders of digital assets should be regarded as legal.

More specifically, receiving repayable funds from the public and granting credits (ie, the core banking services) are only permitted for regulated credit institutions. The French “banking monopoly” is stricter than in many countries, although various exceptions allow entities that are not credit institutions to grant loans or payment terms having a similar purpose. However, the regulation of banking operations applies to “funds,” which include banknotes and coins, and scriptural or electronic money. Digital assets, which do not qualify as funds, are outside of the scope of the regulation of credit.

DeFi Risks

Although the MiCA Regulation proposal does not aim to regulate DeFi, two legal risks should nevertheless be noted.

First, it is worth noting that the regulation of consumer credit does not refer to the notion of funds. Consumer credit is defined as credit granted to natural persons acting outside of their professional activity, when the amount of the credit is between EUR200 and EUR75,000 and the credit is unrelated to the acquisition or maintenance of a real property. Since “credit”, within the meaning of this specific regulation, is not defined as the fact of lending funds or money, but only as the fact of granting a loan, the lending of digital assets could be subject to the regulation of consumer credit, if the above-mentioned conditions are met.

Secondly, DeFi platforms often use stablecoins – whether those stablecoins are issued by an entity (Tether, Gemini Dallor, Paxos Standard, etc) or by a smart contract in a decentralised manner (such as Dai). For example, DeFi platforms may advertise a USD10,000 loan backed by a digital asset collateral, and actually transfer to the borrower the equivalent of USD10,000 in a certain stablecoin.

Stablecoins may qualify as electronic money, as explained in 3.3 Stablecoins, until they are covered by the adoption of the MiCA regulation. While the above-mentioned legal risks cannot be ignored, we consider that applying the regulation of credit or electronic money to DeFi platforms would require more than a mere position of the AMF or the ACPR.

The use of digital assets as collateral for loans is not currently regulated. As a general rule, any intangible good may be pledged as collateral for a loan. Under French law, digital assets are regarded as intangible goods. However, the French Civil Code provides that pledges on intangible goods, which are not subject to a specific regulation (ie, claims, securities accounts, business assets), are deemed to be governed by the rules applicable to pledges on tangible goods. These rules provide that a pledge is effective against third parties when it has been published in a special registry maintained by a public authority, or when the pledged good has been transferred to the creditor or to a third party.

Therefore, pledges on digital assets should be enforceable under French law as soon as the pledged digital assets do not remain in the possession of the debtor. This rule is consistent with how digital assets work in practice: since the knowledge of the private key is sufficient to transfer a digital asset at any time, the creditor needs to make sure that the debtor cannot transfer the digital assets once they are pledged. Trusted third parties, such as technology-savvy notaries, would probably be chosen to receive and keep the pledged digital assets.

Sophisticated smart contracts could also be used to ensure that the pledged digital assets do not remain in the possession of the debtor – for example, a third party could be given the responsibility to transfer the pledged digital assets back to their original owner once the loan is repaid, or to the creditor if the debtor is in default, without actually receiving the pledged digital assets.

With respect to pledges on security tokens, the regulation applicable to pledges of securities applies. The modification of the French securities law allowing certain securities to be recorded and issued on a distributed ledger (see 2.1 Regulatory Overview) actually includes rules on pledges of such securities. Again, only the legal nature of a particular good is of import for determining its ability to be legally pledged – whether or not it is recorded on a distributed ledger is a mere technical modality without legal implications.

As explained above (see 2.1 Regulatory Overview), providing custody services with respect to digital assets is a regulated activity which requires a registration with the AMF.

Custodians of digital assets are subject to different obligations depending on whether they are registered or licensed. In theory, registered custodians are not subject to any specific obligation with respect to their activity, although the AMF will in practice monitor the security measures used to safeguard the digital assets during the registration process.

Licensed custodians, on the other hand, are notably required to segregate the digital assets deposited by its clients from their own, allow clients to benefit from potential forks (such as the one occurring in 2017), and make sure that digital assets may only be transferred if the transaction is validated by multiple agents (eg, by using multi-signature wallets). Licensed custodians are also forbidden from using their clients’ digital assets without their approval.

Regulation (EU) 2016/679 of 27 April 2016 (the General Data Protection Regulation or GDPR) guarantees certain rights for individuals in relation to their data, such as the right of access, the right to erasure, the right to rectification, and the right to object to processing. Whether these rights can be enforced with respect to public blockchains remains unclear, since they are not maintained by a single entity.

In addition, “personal data” as per the GDPR refers to information relating to an identified or identifiable natural person. The data included in public blockchains, in general, only provides information about anonymous addresses and transactions, rather than identifiable individuals. Therefore, data privacy issues may only arise if personal data is broadcast to the network, for example if it is included in a transaction’s code.

The compatibility of blockchain technology with the GDPR was discussed in an analysis published in September 2018 by the French data protection authority (the National Commission on Informatics and Liberty or CNIL). The CNIL considers that the GDPR applies as soon as personal data is contained in a blockchain. However, the CNIL acknowledges that enforcing the GDPR is impractical with respect to public blockchains, and recommends not storing unencrypted personal data in a blockchain.

The difference between data privacy and data protection is subtle, and most of the rules arising out of the GDPR actually focus on data privacy (ie, the rights of individuals with respect to the collection and processing of their personal data).

Data protection rules focus on the role and responsibility of the entity processing the personal data. For example, Article 32 of the GDPR provides that data controllers and data processors should implement appropriate technical and organisational measures (such as encrypting personal data and regularly testing security systems) to ensure that the security level is adequate.

The mining of cryptocurrencies is not regulated in France. In practice, very few companies mine cryptocurrencies in France, since the business has not been profitable in the last few years due to the prices of both electricity and cryptocurrencies. Some investment schemes have grown in the last few years, whereby investors purchase stakes in mining operations located abroad (generally in Asian countries) and collect the profits of the mining, if any. In these schemes, the investor does not purchase shares of the mining companies, but purchases directly one or several mining Application-Specific Integrated Circuits (ASICs) which are operated on its behalf by the mining company.

Following the parliamentary report on cryptocurrencies in 2019, a new information report was submitted by the Committee on Finance, Economics and Budgetary Control on the implementation of the conclusions of the fact-finding mission on crypto-assets on 1 December 2021. The report examines the legislative framework put in place in 2019 and the challenges faced by the proposed MiCA Regulation.

Staking is not regulated per se in France. Like other business models which emerged after 2018 (eg, lending and DeFi), it was not included in the list of the digital assets services of the PACTE Act.

However, “staking as a service” businesses would indirectly be subject to the regulation, since staking digital assets on behalf of a third party would qualify as providing the service of custody of digital assets – which requires a registration with the AMF.

Coinhouse, the prominent French broker of cryptocurrencies, which was the first to become a registered DASP in March 2020, launched a staking service focused on Tezos in December 2019.

In this section, DAOs are understood as organisations that function thanks to a computer program that provides governance rules to a given community of users. It is, in a way, a more complex version of a smart contract, but with the same advantages: its rules are (i) transparent and (ii) unchangeable, because they are “sent” to the blockchain.

The governance structures being used by DAOs in Europe does not significantly differ from those used for the global operation of DAOs today. The potential of DAOs, which goes far beyond their use limited to blockchain, is only just starting to be understood.

In general, DAOs share similarities in governance with open-source projects. Moreover, some DAOs possess corporate governance, as traditional companies are part of the network. Finally, the use of tokens introduces novel forms of digital governance. For instance, tokens could carry economic incentives, tokenise votes, and resolve disputes over the deployment of forks.

The EU Blockchain Observatory and Forum has developed, in its release dated 9 June 2021, broad categories of network governance. The two categories are (i) on-chain governance (where rules are encoded into the blockchain protocol), and (ii) off-chain governance (where the decision-making happens informally).

One could legitimately ask which final position the successive versions of MiCA will eventually settle on. The European Commission’s first version makes no mention of DAOs (nor of DeFi and NFTs). The European Council’s second proposal mentions DeFi and NFTs but did not mention DAOs. It was only in the late-stage negotiations that the European Parliament’s ECON committee suggested mentioning DAOs. The latest published version of MiCA also includes a mention of DAOs. This suggestion proposed that crypto-assets managed by DAOs – and which comply nonetheless with MiCA’s requirements and do not raise a risk for investor protection, market integrity or financial stability – should be admitted for trading.

The broadness of the definition of DAOs affects the question of to how to regulate them. Two main speculative options should be discussed regarding DAOs’ legal entity options: (i) the de facto company and (ii) the trust (fiducie).

The DAO as a De Facto Company

It cannot be ruled out that a French judge would consider that a DAO constitutes a de facto company. A de facto company results from the behaviour of persons who, without being fully aware of it, treat each other and act towards third parties as true partners.

The de facto partnership is subject to the same legal regime as that of the joint venture (Article 1873 of the French Civil Code).

According to Article 1871 of the Civil Code, the relations between partners are then governed either by the provisions applicable to civil partnerships, if the partnership is civil in nature, or, if it is commercial in nature, by those applicable to general partnerships. Regardless of whether the DAO is civil or commercial in nature, if the DAO (i) could hypothetically be a de facto company, and (ii) cannot meet its debts, its creditors may sue the “partners” directly out of their personal assets (provided, of course, that they could be identified).

A DAO could therefore legally exist as a joint venture, but without legal personality, which is advantageous for no one (except for those who would like to remain anonymous).

The DAO as a French Trust (Fiducie)

DAOs are also related to the French civil law definition “trust” (fiducie) as defined in Article 2011 of the Civil Code: “A trust is the operation by which one or more settlors transfer property, rights or securities, or a set of property, rights or securities, present or future, to one or more trustees who, keeping them separate from their own patrimony, act for a specific purpose for the benefit of one or more beneficiaries.”

Hence, in a trust, there is no creation of legal personality, but the property transferred forms a separate patrimony, distinct from the personal patrimony of the trustee.

At first, the principle of this mechanism seems to be adapted to DAOs: a community (the settlors) is formed to allocate (for their benefit) assets or rights (eg, bitcoins) to a specific purpose, after having designated “trustees” (being the fiduciaries).

In practice, however, one could ask if this is really feasible. The trust requires a written contract (containing several mandatory mentions). Registration with the tax department is also required. The contract must also be declared to the national register of trusts. The trustee must be a financial institution or a lawyer.

The question that inevitably follows on from these requirements is whether it is possible to create a DAO whose members remain “anonymous” on the blockchain (ie, their public key), but whose identities would be known to the government services authorised to consult their official file. In this scenario, the trust agreement would be, as far as possible, executable by a smart contract.