The current state of the blockchain technology market in Spain is prolific, and over the last 12 months has been growing. Evidently, the steady macro level of investment as well as recent declines in crypto stablecoin projects and investment from venture capital firms and other companies has affected the pace at which the ecosystem is growing. As per the most recent report of COTEC (a Spanish foundation on innovation), small and medium-sized Spanish companies lead the way in the use of blockchain technology. While 59% of companies have invested an amount of less than 25% of their total R&D budget, 60% of micro companies have dedicated more than 50% of their investment to this type of technology and within these, 40% invest more than 75%.

In Spain, it can be said that most of the companies developing blockchain applications have B2C models. NFT art platforms, videogames and distribution and financing platforms for intellectual property sharing projects, as well as decentralised finance (DeFi) apps, are leading the way.

In this regard, there are a couple of noteworthy public projects, such as the one launched by the government of Aragon for the management of public procurement, using blockchain technology. Alastria, the Spanish consortium, has also received very positive feedback from European regulators.

In the private sector, projects such as RAND, ATANI, Depasify or “play to earn guilds” such as MZ have been operating for some time now, even during the recent bear markets. Tokenised securities projects, such as Reental has also issued several sold-out offerings.

Most of the decentralised finance business models being developed in Spain are lending platforms, automated market makers or platforms for yield earning. No current DeFi-specific regulation has yet been approved, so these products can be offered to the public as long as they cannot be considered to be investment contracts or financial products. To date, none of these projects in Spain have been qualified by regulators as such, and they are all currently working.

The NFT sector is not currently regulated in Spain (although crypto-assets advertised as investments are), unless they are effectively used as financial instruments, which at the moment does not seem to be happening. Therefore, it is a very popular sector in the country, with projects using them for multiple applications: video games, art, profile pictures, and marketplaces such as RUNGIE.

Spain has not adopted a specific law for blockchain technology. On the contrary, the current and general regulations for a given area, such as those applying to securities markets, taxation or consumer rights, are applied.

However, it has taken specific initiatives, especially in the area of crypto-asset service providers. For example, the Bank of Spain has created a specific registry in which all those service providers that are going to exchange fiat currency for crypto-assets, or provide custody services, must be registered (the “Registry”). The securities market regulator (National Securities Market Commission or CNMV) has also issued specific regulation on the advertising of crypto-assets, when these are directly or indirectly presented as investment objects.

With the EU’s Regulation on Markets in Crypto-Assets (MiCA) on the way, Spain will adopt its legal framework instead of creating a proper national one.

Currently, the emergence of crypto regulations such as MiCA, which, although not yet in force, already require compliance with certain obligations (eg, exchanges are required to meet minimum capital requirements). Therefore, it can be understood that international guidelines are applied for the creation of a secure and transparent crypto environment.

Added to this, there are certain regulatory bodies, such as the Bank of Spain, that are already requiring crypto-asset service providers to comply with international standards from the Financial Action Task Force that aren’t yet compulsory since they have not been included in any legal text. This is the case for the Transfer of Funds Regulation.

The key regulatory authorises in Spain are:

• the Bank of Spain, which oversees the Registry (see 2.1 Regulatory Overview) and, in general terms, the regulation of any crypto-asset service provider managing fiat;
• the Spanish Financial Intelligence Unit (SEPBLAC) for anti-money laundering purposes; and
• the CNMV for securities market regulation and overview.

There are no significant self-regulatory organisations with respect to blockchain in Spain

There has not yet been any significant resolved litigation in the blockchain area, but Spain does have several class action law suits regarding Ponzi schemes in crypto-assets. In addition, it appears that tax fraud inspections are starting to be executed, as crypto-assets are a specific matter under the Spanish tax authorities’ annual control.

Spain has not yet performed any regulation through enforcement actions in the blockchain space.

The Treasury department has opened the fourth call for applications to its regulatory sandbox, available here.

In Spain, there is an administrative body under the Ministry of Finance that is responsible for answering taxpayers’ questions, which has ruled on almost all conflicting tax issues. No laws have been amended, since they are applicable to crypto-assets, but new information obligations are pending approval, especially for exchanges and taxpayers to provide information on the transactions carried out, in order for the Spanish tax authorities to better control their tax compliance.

There have been no task forces established, or pre-existing bodies mandated, to look into the benefits of and/or the challenges posed by the use of blockchain in Spain.

There is no specific criteria as to how ownership of a digital asset is determined, and no public authority nor court of law ever had to rule on the matter. Therefore, the common practice is to follow the technology; ie, the ownership of the asset is deemed to belong to the one who has access to the private key which in turn allows access to the balance sheet in which it is located and therefore is the person who has the ability to transfer or transact with it (“your keys, your asset”).

As to blockchain transfers, again, the practice so far has been to consider a transaction completed once it has been verified, and the block confirmed and added to the chain. All the above coincides with the concept of ownership in Spain, according to which one must have possession or power of disposal over an asset in order to consider it your property.

There are two categories of tokens: securities and utilities.

The CNMV issued a public statement on 8 February 2018 confirming that “the tokens granting rights or expectations of participation in the potential revaluation or profitability of businesses or projects or, in general, that present or grant rights equivalent or similar to those of shares, debentures or other financial instruments included in Article 2 of the TRLMV” and those “whose offer is made with explicit or implicit reference to the expectation that the purchaser or investor will obtain a benefit as a consequence of its revaluation or any remuneration associated with the instrument or mentioning its liquidity or possibility of negotiation in markets equivalent or allegedly similar to the securities markets subject to regulation” would be deemed securities.

By exclusion, the rest will be considered utilities.

Up to the date, most of the tokens issued in Spain have been treated by the regulators as utilities.

The regulation of stablecoins is currently included in MiCA, which will regulate them in the future as a separate section of the standard. Stablecoins have not been, therefore, treated in any distinct way in Spain.

Cryptocurrencies are accepted as a means of exchange, but they have not been recognised as a legal mean of payment (they are not legal tender and possess no debt discharge power). In other words, crypto-assets can be used in any environment as a means of exchange, as long as the parties accept it as a form of payment.

However, the final regulatory push to consolidate cryptocurrencies as a means of payment is still waiting to become a reality, despite the fact that more and more transactions can be carried out with digital currency. In Spain, these operations or transactions are not qualified, in most cases, as a purchase and sale but as an exchange and for tax purposes, are taxed as swaps (with the implicit capital gain that could have been realised).

For example, as they lack the legal status of currency or legal money, the payment of workers’ salaries or the delegated payment of social security benefits cannot be carried out with cryptocurrency according to the Workers’ Statute. However, the law does not prevent them from being used for the payment of employees’ remuneration in kind, the amount of which may in no case exceed 30% of the worker’s salary payments.

Although bitcoin is not money, the acquisition of apartments with this cryptocurrency is possible, but with the contract being considered not as a purchase and sale but as an exchange: each contracting party is obliged to give one thing (the apartment) to receive another (bitcoins). The problem comes when paying taxes: in the exchange two transmissions are taxed, twice as much as in the sale and purchase.

Intellectual property law, VAT law, advertising regulations and, in the event that NFTs are considered financial instruments, the securities market law would apply to the creation, marketing, or sale of NFTs.

The CNMV’s Circular on advertising crypto-assets as investment opportunities will also apply if they are offered in such manner.

To date, no exchange has been banned from operating in Spain. Rather, some of them have been included in a grey list for not being compliant with specific regulation.

Having said that, there are several types of markets in the Spanish jurisdiction depending on how exchanges provide their services, so it is possible to distinguish between:

• decentralised exchanges (custodial and non-custodial); and
• centralised exchanges (custodial and non-custodial).

It is also possible to distinguish between markets depending on the type of assets they offer: NFT marketplaces or markets for utility tokens (non-securities digital assets), for example.

The only market that is pending approval and is currently in the regulatory sandbox is the one for tokenised securities.

The exchange of fiat currency for cryptocurrencies is done through platforms that perform the exchange of virtual currency for fiat currency (“Exchanges”).

Regarding the platforms that perform fiat-crypto exchange, it will be necessary to have the relevant payment services licence that allows accepting fiat money and the Law on Prevention of Money Laundering will be applicable.

The Tax Fraud Prevention Law will also apply.

No money transmission nor AML regulation is yet being applied to “crypto to crypto” transactions. It is expected that this will start to be required with the entry into force of MiCA and the Transfer of Funds Regulation.

After the approval of Royal Decree-Law 7/2021, of 27 April 2010, Law 10/2010, of 28 April 2010, on the prevention of money laundering and terrorist financing (AML/CFT) was amended.

Since thar moment, providers of services for the exchange of virtual currency for fiat currency and custody of electronic wallets have been obliged to comply with such regulations.

Therefore, all cryptocurrency platforms and the so-called “custodial wallets” must comply with the same procedures as any regulated entity in order to prevent fraud and money laundering.

Likewise, by virtue of the Second Additional Provision of the AML/CFT Law, these operators must register in the Registry overseen by the Bank of Spain.

The regulations applicable in the markets for digital assets will depend on how these markets provide the service.

• If it is an exchange (fiat-crypto exchange), the Law on Prevention of Money Laundering, and the Tax Fraud Prevention Law will apply; when it comes into force, MiCA will also be applicable.
• If there is custody, the regulations indicated in the previous point will also apply.
• Likewise, if there is processing of user data, the Organic Law on Data Protection and the Law on Information Society Services will be applicable.

The regulators involved are the CNMV for markets in digital assets, manipulative practices, financial instruments and public offerings and the Bank of Spain, which covers aspects related to money laundering and money transmission.

There are no regulatory limits on the ability of a digital asset exchange to re-hypothecate (on-transfer) to third parties the digital assets they hold for customers that the authors are aware of.

The Organic Law on Data Protection establishes some security requirements that data storage providers need to comply with.

The regulations applicable to initial coin offerings (ICOs) depend on the type of token issued in the offering.

On 8 February 2018, the CNMV issued a statement together with the Bank of Spain differentiating between utility and security tokens:

• security tokens, generally, grant a stake in the future income or increase in value of the issuing entity or a business; while
• utility tokens give the right to access a service or receive a product, without prejudice to which – when the offer is made, reference is usually made to expectations of revaluation and liquidity or the possibility of trading them in specific markets.

For the above purposes, doctrinally, the following distinction has been established:

A utility token is one that allows digital access to applications or services supported by a structure based on blockchain technology. In principle, the utility token does not attribute rights or expectations of participation in a potential revaluation or profitability of businesses and/or projects, nor political or economic rights (in the sense of distribution of dividends, for example) in relation to the company issuing the token.

A security token, on the other hand, would be one that represents rights with an economic content which, due to their legal configuration and transmission regime, are susceptible to widespread and impersonal traffic in a financial market. This occurs, for example, normally in the projects or businesses for which security tokens are issued as a financing mechanism. The security token, in this way, attributes or can attribute rights or expectations of participation in a potential revaluation or profitability of businesses and/or projects, assuming that the investors acquire it for this purpose.

Therefore, security tokens are considered to present or grant rights that can be considered equivalent to shares, bonds and other financial instruments included in Article 2 of the Royal Legislative Decree 4/2015 of October 23rd, approving the Consolidated Text of the Securities Market Law; being therefore considered by the regulator as negotiable securities, and as such, fully subject to the legislation regulating securities markets. This means that although there is no specific regulation of crypto-assets assimilated to securities in Spain, it is generally accepted that crypto-assets assimilated to capital market securities must comply with the regulations applicable to them, just as any other security. Therefore, business or financial activities dealing with these types of asset are considered to be fully valid and legal as long as they comply with the aforementioned regulations (see, for example, the Considerations of the CNMV of 8 February 2018, on crypto-assets and ICOs.

Depending on the token, securities market law – and European regulations such as the Markets in Financial Instruments Directive (MiFid) or Markets in Financial Instruments Directive II (MiFid II), or MiCA (once this is in force) – would apply to fundraising through the sale of tokens intended to be used as part of a decentralised network

Regarding the exchange, anti-money laundering, data protection and information society legislation would be applicable, Of course, the terms and conditions drafted by the issuer will legally bind the relation between the issuer and the token holder as consumer law is applicable too.

Airdrops will have tax implications and the relationship between issuer and buyer must be bound by terms and conditions.

Investment funds and collective investment schemes have regulation specific to them that, to date, is considered to be contrary to them investing in crypto-assets. This is something being discussed internally by the CNMV and may change.

Broker-dealers or other financial intermediaries are considered to be crypto-asset service providers and, as such, will have to comply with all the specific regulation approved and applicable in Spain: the Registry overseen by the Bank of Spain, AML requirements, the Circular on crypto-asset advertising, etc

To date, it appears that no one has denied the validity of the execution involved in smart contracts. In other words, smart contracts execute a private contract that has been previously agreed upon by the parties, and therefore, has full legal validity. As there is no specific regulation, the Civil Code would be applicable and validity would need to be proven before courts if it were challenged.

Unless it is a code error (comparable to a security breach attributable to the developer's lack of diligence) the developer cannot be held responsible for the loss of value of a token since the volatility of tokens is a consequence of the market. This assumes the developer is not also the company promoting or selling the tokens, only the coder.

The regulations applicable to decentralised finance (DeFi) platforms that match borrowers and lenders of digital assets would depend on the type of digital asset a platform was working with: if they were utilities, the platform would not need a licence. However, if the platform were to lend or if their activity were based on securities, they would need a licence to operate with these types of financial instrument.

This may be challenged once MiCA enters into force, since complete identification of the company is mandatory. Also, if a platform falls under the scope of the crypto-asset service providers that are required to register before the Bank of Spain, it will have to fully comply with AML requirements.

Regulations that specifically apply to blockchain-like technology are not yet in place, but there is a European Regulatory Framework (MiCA) that is expected to come into force during 2024, that contains provisions on crybersecurity, and, of course, the current EU Regulations on the topic should be complied with by any project.

The requirements for transfer of digital assets top a custodian will depend on the type of digital asset: if utility tokens are involved, a user may use a custodian where a set of cryptographic elements are stored that allow the custody of the balance of crypto-assets deposited therein by a single user.

In this regard, custodians must comply with the Securities Market Act, MiCA (where applicable) and the Data Protection Act.

There has been no pronouncement from the European Data Protection board with regard to the right to be forgotten and its application to the use of blockchain-based products – it is well known that from the point of view of the technology alone, the GDPR clashes head-on with the structure and operation of blockchain: for example, the impossibility of exercising the right to be forgotten and the right of rectification due to the immutability of the data implied by the blockchain.

Actually, it is impossible to apply the GDPR to blockchain (as long as the authorities’ pronouncement that the hash is personal data remains unchanged).

To this end, and only applicable to centralised platforms such as exchanges or custodians, the GDPR would be applicable to the extent that there is data processing beyond blockchain, since these are centralised platforms that operate like any other. However, at a purely blockchain technology level, GDPR cannot be reconciled with the GDPR.

See 8.1 Data Privacy.

Mining is allowed, as any other business activity, and it has specific tax implications that have already been determined by the Spanish tax authorities, basically regarding the way in which they have to calculate capital gains, if there are.

As with proof of work, staking is allowed in Spain and is not considered to be a regulated activity (if it is done with utility tokens). 

DDAOs are being used as a governance system in communities so that users have decision-making power over certain community issues.

The problem lies in the fact that in Spain, there is no regulation as such of the DAOS, which implies that, if something goes wrong in the organisation, all members would be jointly and unlimitedly liable.

To limit this liability, it is suggested that a limited company be created to regulate the activity of the DAO, with specific partners and with the decisions that the community can vote on being regulated. If it follows the proposed scheme, the Capital Company Law will be applicable.

DAOs in Spain are deemed to be general partnerships with joint and several liability among their members.

Governance processes are usually on-chain, and token allocation very diverse.

Some DAOs are used to “manage” the funds raised from ICOs, while others are launched to decide upon strategic projects. 

Some of the DAOs being used in Spain do have legal entities backing them up, and DAOs acting as front-ends, but there are other ones that do not. Using legal entities ensures limitation of liability, and the possibility of reinforcing governance rules with corporate instruments. Added to this, tax fraud from DAOs not having a legal entity on their back-end will almost certainly be happening, and in Spain, tax fraud over a certain threshold is a crime.