Crypto-Securities Regulation: ICOs, Token Sales and Cryptocurrencies under EU Financial Law


Philipp Hacker
Professor for Law and Ethics of the Digital Society, European New School of Digital Studies
Chris Thomale


Time to read

3 Minutes

Cryptocurrencies, such as bitcoin and ethereum, have not only risen to public attention as novel means of payments. Rather, as we explain in a recent article,  the current hype is fueled by financial applications built on top of these currencies that stand to potentially upend consumer and investment markets. The most remarkable, and economically relevant, of these applications are tokens sold via initial coin offerings (ICOs, also called token sales). In 2017 alone, the equivalent of more than USD3 billion have been raised through ICOs. In these entirely online-mediated offerings, startup entrepreneurs sell tokens registered on a blockchain in exchange for cryptocoins traded on that blockchain (typically bitcoins or ethers). Investors receive tokens that can be understood as cryptographically-secured coupons which embody a bundle of rights and obligations. 

In July 2017, the SEC released an investigative report that highlighted that such tokens can be subject to the full scope of US securities regulation. As a result, issuers increasingly structure ICOs so as to prevent US citizens and residents from obtaining tokens in order to exclude the reach of US securities regulation. However, for the time being, EU citizens and residents are free to invest in tokens. This raises the question to what extent EU securities regulation is applicable to ICOs and, particularly, whether issuers have to publish and register a prospectus in order to avoid criminal and civil prospectus liability in the EU. In conceptual terms, this inter alia raises the question whether tokens are considered ‘securities’ under the EU prospectus regulation regime. The question is of great practical relevance since, despite the high stakes involving more than USD100 million in some ICOs, to our knowledge not a single token issuer has up to now published or registered any such prospectus. However, European financial regulators, including ESMA (ESMA, ‘ESMA alerts firms involved in Initial Coin Offerings (ICOs) to the need to meet relevant regulatory requirements’, Statement (13 November, 2017), are actively scanning the market. The French Autorité des Marchés Financiers is even conducting a public consultation on the issue, the UK Financial Conduct Authority has just concluded one.

Against this background, our article develops a nuanced approach that distinguishes between three archetypes of tokens: currency, investment, and utility tokens. It analyzes the differential implications of each of these types, and their hybrid forms, for EU securities regulation. While the variety of tokens offered necessitates a case-by-case analysis, the discussion reveals that at least some types and hybrid forms of tokens are subject to EU securities regulation. Where this is the case, EU securities regulation and, in particular, the EU prospectus regime apply whenever the EU market is targeted. According to our view, it should also be the task of the targeted market’s national legal order to fill in the gaps of EU regulation on matters such as prospectus liability. Hence, there is no room for system shopping through re-incorporation or similar techniques: by choosing to launch an ICO on a given market, the issuer subjects itself to that very market’s rules. By and large, pure investment tokens typically must be considered securities, while pure currency and utility tokens are exempted from securities regulation in the EU. In identifying these archetypes, regulation and market oversight will have to put substance over form. 

We also spell out criteria for the application of EU securities regulation to hybrid token types. In essence, tokens will have to be considered securities if the promotion materials raise significant expectations of profit among investors; or if, despite silence in the materials, investors are known to speculate on a token mainly for profit motives. The scrutiny of promotion materials is consonant with regulatory practice both in the US and the EU.

The paper closes by offering two policy proposals to mitigate legal uncertainty concerning token sales. First, we suggest tailoring disclosure requirements to the code-driven nature of token sales. Such an ICO-specific safe harbor would offer a clear and less burdensome path to EU law compliance for token sellers who suspect that their tokens may qualify as securities. This only requires the Commission to amend its delegated 2004 Commission Prospectus Regulation, or to include the safe harbor in the future delegated regulation according to Art. 13(1) of the 2017 Prospectus Regulation. Second, we propose that, on an international level, governments form a compact to bestow certainty about the application of their respective securities regulation regimes to token sales. This is, first, to avoid regulatory overkill on the one and regulatory lacunae on the other hand in online-mediated, global token sales. Second, overlapping, and partially contradicting, securities regulation regimes can nullify each other. In the end, only a joint international regulatory regime can efficiently balance investor protection and investor access in the face of the novel generation of decentralized blockchain applications. 

Dr. Philipp Hacker is A.SK Fellow at the WZB Berlin Social Science Center and a Research Fellow at the Centre for Law, Economics and Society, and at the Centre for Blockchain Technologies, both UCL and Dr. Chris Thomale is  Associate Professor at the Heidelberg Institute of Comparative Law, Conflict of Laws and International Business Law.


With the support of