A general introduction to the regulation of virtual currencies in France

All questions

Introduction to the legal and regulatory framework

As in many countries, the first contact between cryptocurrencies and French law was through the lens of financial crime. In its 2011 annual report, Tracfin (the French financial intelligence unit tasked with fighting financial fraud, money laundering and terrorism financing) was the first French authority to mention Bitcoin.²

Cryptocurrencies then came under scrutiny from other regulators during the Bitcoin bubble of November and December 2013. The French Central Bank published a short report on ‘the dangers linked to the development of virtual currencies’.³ In January 2014, the Prudential Supervision and Resolution Authority (ACPR), the French banking and insurance regulatory authority, stated that entities receiving legal currency on behalf of clients in relation to the purchase or sale of cryptocurrencies were required to obtain a licence to provide payment services.⁴

In October 2017, the Financial Markets Authority (AMF) published a discussion paper on initial coin offerings (ICOs).⁵ Following an extended consultation of experts and actors of the French cryptocurrency and ICO economy, it was finally decided to create a dedicated framework for ICOs, rather than try to include them in the scope of the existing regulation of securities offerings. This legal framework was included in Act No. 2019-486 of 22 May 2019 on the growth and transformation of enterprises (the PACTE Act).

However, on 24 September 2020 the European Commission published the Digital Finance Package, including a digital finance strategy and legislative proposals on cryptoassets (with the regulation on Markets in Crypto-Assets (MiCA) and the secondary market of tokenised financial instruments (with the regulation on a Pilot regime for Market Infrastructures based on blockchain (the Pilot Regime)). The latter has been adopted in May 2022, and is applicable since March 2023. The MiCA regulation, which is inspired by the French ICO and digital asset service providers (DASPs) regime, was adopted on 31 May 2023. Consequently, the European Union becomes the first major jurisdiction to adopt a clear and harmonised regulatory framework for digital assets, issuers and service providers. The MiCA regulation will start to apply to DASPs in December 2024, and an additional transitional period of 18 months will be granted to DASPs registered or licensed in France to keep providing their services, pending MiCA compliance. We expect that French licensed DASPs will benefit from a facilitated access to the MiCA license.

Another crucial regulation was also adopted on 31 May 2023: the Regulation on information accompanying transfers of funds and certain cryptoassets (TFR). In order to strengthen the anti-money laundering legislation, TFR requires cryptoasset service providers (CASPs) to monitor and collect information on transfers of cryptoassets, thereby applying the ‘travel rule’ to cryptoassets.

Finally, on 9 June 2023, France adopted a pioneering legislation aimed at regulating commercial influence on social networks, including crypto-influencers. First, the law provides for a legal definition of ‘influencer’ and equally applies to influencers operating from abroad if they address a French audience. Crypto-influencers will no longer be allowed to promote ICOs and services on digital assets, except when the adviser is a registered or licensed DASP, or an authorised ICO issuer. In addition, influencers will be expected to disclose to their audience that they have been paid.

Securities and investment laws

i Tokenisation of securities and issuance of security tokens

The first appearance of the concept of blockchain in French law was in Ordinance No. 2016-520 of 28 April 2016, which created a dedicated framework for the financing of small and medium-sized enterprises (SMEs) through crowd-lending platforms. The Ordinance allows for the issuance of promissory notes (known as minibons) through a crowd-lending platform. The registration and transfer of minibons can either be done in the traditional way (i.e., the issuer maintains and updates a register of all minibons holders) or by a shared electronic recording system (i.e., a distributed ledger).⁶

Ordinance No. 2017-1674 of 8 December 2017 took a much bigger step by extending to unlisted securities⁷ the possibility to use a distributed ledger for their issuance, registration and transfer. These securities tend to be presented as security tokens, although it would be more accurate to call them ‘tokenised securities’; in any case, the PACTE Act makes it clear that tokens issued pursuant to ICOs cannot be securities.⁸

Both Ordinances provided that the technical requirements (i.e., the level of security and authentication) of the shared electronic recording system would have to be specified by a decree to be passed by the government. Instead of rushing this, the government chose to consult the European Commission, which then validated the government’s definition of the distributed ledger. The much-awaited decree was published on 24 December 2018 (the Decree).⁹

The Decree does not specify which of the issuer or its technology provider will be responsible for complying with the four technical requirements regarding distributed ledgers used for the registration of securities and set out in the Decree.¹⁰ In addition, it does not address the distinction between private and public blockchains. Although the Decree does not exclude the possibility to issue and register securities through a public blockchain (such as Ethereum), complying with some of these technical conditions is more complicated if a public blockchain is used.

The Decree also modifies the rules applicable to the pledging of securities to allow securities registered on a distributed ledger to be effectively pledged.¹¹

French start-ups and large corporations have already started using the Decree to tokenise their securities. In April 2019, Société Générale issued €100 million worth of covered bonds registered on the Ethereum blockchain, as part of a pilot project in which it was also the sole subscriber of the bonds.¹² In April 2021, Societé Générale issued the first structured product in a security token format, which was directly registered on the Tezos blockchain and fully subscribed by Société Générale Assurances. In January 2023, a subsidiary of Société Générale used some of these security tokens as collateral to obtain a loan of stablecoins from the Maker DAO protocol.¹³

However, registering securities on a blockchain is only useful insofar as various burdensome or costly processes, such as the vote at general meetings or the secondary market of unlisted securities, are made easier. While the registration of unlisted securities was greatly modernised pursuant to the Ordinance of 8 December 2017 and the Decree, the other obligations to which an issuer is subject with respect to its shareholders have remained the same, thus creating many practical problems.

In March 2020, the AMF published an analysis on the application of financial regulations to security tokens,¹⁴ in which it identified the legal obstacles to the development of security tokens. The AMF notably suggested to the European Commission that a European ‘Digital Lab’ be created, which would enable national authorities to waive certain regulatory requirements to facilitate the clearing and settlement of transactions involving security tokens. Following the AMF report, the Haut Comité Juridique de la Place de Paris (HCJP), a think tank on financial regulation created by the Banque de France and the AMF, published a first report in 2020¹⁵ on the situation of French law regarding the tokenisation of financial securities, and more precisely on security tokens. A second report published in May 2022 by the HCJP proposed legislative changes to adapt French law to the Pilot Regime. The Pilot Regime temporarily exempts blockchain-based market infrastructures (such as multilateral trading facilities and settlement systems) from certain specific requirements of the EU financial services legislation. Finally, a decree dated 31 May 2023 updated the laws applicable to securities to ensure the compatibility of French law with the Pilot Regime.

Finally, regarding the potential qualification of certain cryptoassets as securities under EU law, the MiCA regulation mandates the European Securities and Markets Authority to issue guidelines on the conditions and criteria for the qualification of cryptoassets as financial instruments.

ii Asset managers and investment funds

In the past few years, alternative fund managers have started to create cryptocurrency investment funds. Tobam Bitcoin Fund, launched in November 2017 by French alternative asset manager Tobam, claimed to be the very first European cryptocurrency fund.¹⁶ However, Tobam’s fund was not licensed by the AMF because cryptocurrencies, as an asset class, did not fit in any category of the regulatory framework applicable to asset managers.

In addition, the PACTE Act now allows professional specialised investment funds (FPSs), which are dedicated to professional investors, to purchase assets registered in a shared electronic recording system (i.e., a blockchain), which includes cryptocurrencies.¹⁷ The PACTE Act also allows professional private equity funds (FPCIs) to invest up to 20 per cent of their assets in digital assets.¹⁸ FPSs and FPCIs are alternative investment funds, and therefore may only be managed by a licensed asset manager; however, they are required to appoint a depositary (which is notably in charge of the custody of the assets owned by the fund). Finding depositaries willing to take custody of cryptocurrencies remains a challenge for most asset managers.

Regarding cryptocurrency derivatives, the AMF took actions to increase the protection of retail investors against websites offering to bet on cryptocurrencies through derivatives (such as contracts for difference or binary options). In February 2018, the AMF issued an analysis stating that cash-settled contracts on cryptocurrencies qualified as derivatives under French law.¹⁹ Consequently, platforms that offer cryptocurrency derivatives trading must now obtain an administrative authorisation and may not target French residents in their online marketing. Furthermore, the management of individual cryptocurrency portfolios on behalf of clients is now included in the list of digital asset services.²⁰ Obtaining a licence will be optional for entities providing this service and, as a rule, they will not be subject to any regulation.

Napoleon X, which raised around €10 million following an ICO in 2018, became the first French crypto start-up to obtain an asset manager licence from the AMF. In May 2022, the management company Arquant Capital was authorised by the AMF to manage FPSs that are fully invested in actual cryptocurrencies, such as Bitcoin and Ethereum, and not in cryptocurrency derivatives.²¹ In June 2023, another asset manager focused on venture capital, XAnge, obtained a similar authorisation, but is expected to focus on cryptoassets such as governance tokens.

Banking and money transmission

Over the past few years, French banking regulators have frequently reminded the public that cryptocurrencies are not real money. The Central Bank and the ACPR, for example, consider the term ‘cryptocurrency’ to be misleading and prefer to use the term ‘cryptoassets’.²²

Their position clearly matters because the French regulation of payment services revolves around the use of legal currency (i.e., a legal tender issued by a sovereign country). All the payment services defined by Article L. 314-1 of the Monetary and Financial Code (MFC) involve the use of funds. Pursuant to the Payment Services Directive 2 (PSD 2),²³ funds means ‘banknotes and coins, scriptural money or electronic money as defined in point (2) of Article 2 of Directive 2009/110/EC’.²⁴ Therefore, in general, receiving and sending cryptocurrencies on behalf of third parties does not qualify as a regulated service under PSD 2. The European Commission is also currently revising the PSD 2. Public consultations to gather input from professional stakeholders were launched from 10 May 2022 to 5 July 2022.²⁵

However, the recent development of stablecoins (and in particular fiat-backed stablecoins) blurs the line between legal currencies and cryptocurrencies. As the European Banking Authority (EBA) stated in its advice on cryptoassets of 9 January 2019, redeemable fiat-backed stablecoins may qualify as electronic money when the token:

1. is electronically stored;
2. has monetary value;
3. represents a claim on the issuer;
4. is issued on receipt of funds;
5. is issued for the purpose of making payment transactions; and
6. is accepted by persons other than the issuer.²⁶

Consequently, some fiat-backed stablecoin issuers may be required to obtain electronic money licences to be allowed to operate in France. However, the consequences of this qualification would be highly unclear, since the regulation of electronic money issuers and distributors is not designed to apply to entities issuing, receiving or transferring stablecoins.

The European Central Bank (ECB) also issued a paper in September 2020²⁷ in which it states that stablecoin arrangement as a new payment method could reach a scale of operations such that fragilities within the stablecoin arrangement may give rise to financial stability risks and the possibility of liquidity runs. The ECB’s report further states that the Eurosystem framework will cover stablecoin arrangements that qualify as a payment system regardless of the technology used and their organisational setup. Indeed, in November 2021, the ECB released the Eurosystem oversight framework for electronic payment instruments, schemes and arrangements (PISA), which allows the ECB to monitor payment systems, including those based on ‘digital payment tokens,’ which likely includes stablecoins.²⁸

More recently, the Financial Stability Board, which includes all G20 major economies and the European Commission, issued in February 2022²⁹ a report assessing the risks to financial stability from cryptoassets. The report states that stablecoins raise concerns about regulatory compliance, quality and sufficiency of reserve assets, and standards of risk management and governance. The major concern is the potential failure of a stablecoin issuer, which would constrain the liquidity within the broader cryptoasset ecosystem, thus disrupting trading and potentially causing stress in those markets.

This is why the MiCA regulation primarily aims to regulate the issuance of stablecoins. The regulation distinguishes between ‘asset-referenced tokens’ (ART), which are defined as ‘a type of cryptoasset that purports to maintain a stable value by referring to the value of several fiat currencies that are legal tender, one or several commodities or one or several cryptoassets, or a combination of such assets’ and ‘e-money tokens’ (EMT), which are defined as ‘a type of cryptoasset the main purpose of which is to be used as a means of exchange and that purports to maintain a stable value by referring to the value of a fiat currency that is legal tender’. Consequently, under MiCA, issuers of e-money tokens will have to be licensed as a credit institution or electronic money institution and comply with the Electronic Money Directive,³⁰ while issuers of asset-referenced tokens will have to obtain a specific licence, and publish a ‘white paper’ with mandatory disclosure requirements and notify it to the competent national authority.

Whether the MiCA regulation applies to ‘algorithmic’ stablecoins (i.e., those that use a formula to maintain their peg rather than a reserve of assets) and decentralised crypto-backed stablecoins, such as Dai, remains unclear. As a general rule, the regulation does not apply when services are provided ‘fully decentralised manner without any intermediary’.

In this way, the MiCA regulation aims to protect sovereignty and monetary stability by regulating the issuance of global stablecoins.

In addition, the French Central Bank started working with external consultants to develop a central bank digital currency (CBDC).³¹ The Central Bank’s CBDC projects focus on wholesale transactions (i.e., large interbank transactions) and the clearing and settlement of transactions involving tokenised financial assets. The Central Bank is now collaborating with private sector innovators (such as Accenture, Euroclear and HSBC) to conduct a programme of eight investigations on a wholesale CBDC. In May 2020, the Central Bank successfully tested a wholesale CBDC for the settlement of digital financial securities issued by Société Générale Forge. On 27 April 2021, the European Investment Bank, in collaboration with Goldman Sachs, Santander and Société Générale, launched a digital bond issue of €100 million, with the aim of using distributed ledger technology for the registration and settlement of digital bond securities. In a partnership with the Central Bank, the issuance was settled with a CBDC issued on the blockchain.

In September 2021, the Banque de France published its report on the CBDC³² following its research conducted in 2020 and 2021. The report covers nine investigations selected from nearly 40 proposals and conducted since September 2020 with private, national and international actors, as well as other central banks and public authorities. The investigations have brought to light a number of important issues that need to be explored further. One of the highlighted issues is that the issuance of an interbank CBDC to a large number of market participants could affect the role of financial intermediaries and the conditions for the transmission of monetary policy to the economy. In this respect, the ability of the central bank to maintain control over the interbank MNBC in circulation is fundamental. On 12 July 2022, the Governor of the Banque of France stated in his annual speech that the Banque was currently experimenting with a retail CBDC.³³

At the European level, on 28 April 2022, the ECB has launched a call for the expression of interest³⁴ for payment service providers, banks and other relevant companies to become involved in a project to develop prototype user interfaces. This call follows the results of the ECB’s public consultation in April 2021 on a digital euro.³⁵ This consultation reveals that privacy is the main concern of the public and professionals (43 per cent), followed by security (18 per cent), the option to pay throughout the eurozone (11 per cent), without additional costs (9 per cent) and offline (8 per cent). Christine Lagarde, President of the ECB, has stated that ‘the digital euro should become a reality within five years’.

Anti-money laundering

French authorities started monitoring the use of cryptocurrencies in illegal transactions as early as 2011. The 2011 annual report of Tracfin briefly described how Bitcoin could be used in money laundering schemes.³⁶ In June 2014, a working group led by Tracfin published a report on cryptocurrencies and issued various recommendations aimed at limiting the use of cryptocurrencies in money laundering or terrorism financing schemes.³⁷ Tracfin now closely monitors cryptocurrencies.

The ACPR published new guidelines on 28 January 2022³⁸ regarding information on the anti-money laundering (AML) and terrorist financing procedures for digital asset service providers. In addition, on 31 March 2022, the AMF and Tracfin signed a new protocol for the exchange of information and the sharing of expertise between their authorities.³⁹

The European Union addressed cryptocurrency-related AML/countering financing of terrorism (CFT) issues through Directive (EU) 2018/843 of 30 May 2018 amending Directive (EU) 2015/849 on the prevention of the use of the financial system for the purposes of money laundering or terrorist financing (the Fifth Anti-Money Laundering Directive), which states that the ‘Member States shall ensure that providers of exchange services between virtual currencies and fiat currencies, and custodian wallet providers, are registered’. The Fifth Anti-Money Laundering Directive defines virtual currencies as ‘a digital representation of value that is not issued or guaranteed by a central bank or a public authority, is not necessarily attached to a legally established currency and does not possess a legal status of currency or money, but is accepted by natural or legal persons as a means of exchange and which can be transferred, stored and traded electronically’.

At the national level, to comply with the Fifth Anti-Money Laundering Directive, the PACTE Act extends the list of entities subject to AML/CFT requirements to include the following categories:

1. ICO issuers that obtained the optional approval of the AMF;
2. digital asset custodians;
3. entities allowing the purchase or sale of digital assets against legal currency;
4. entities allowing the purchase or sale of digital assets against other digital assets;
5. entities operating a digital asset trading platform; and
6. licensed digital asset service providers.⁴⁰

The PACTE Act includes the definition of virtual currencies under the Fifth Anti-Money Laundering Directive in the definition of digital assets.⁴¹ The definition of digital assets also includes tokens issued pursuant to ICOs. As French banks are reluctant to open accounts for cryptocurrency-related companies because the AML/CFT regulation applicable to them is still unclear, the above-mentioned categories of entities also benefit from preferential access to banking services (see Section X).

Finally, in March 2018, the G20 finance ministers asked the Financial Action Task Force (FATF) to clarify how its standards apply to cryptoassets. In October 2018, the FATF stated that ‘jurisdictions should ensure that virtual asset service providers are subject to AML/CFT regulations, for example conducting customer due diligence including ongoing monitoring, record-keeping and reporting of suspicious transactions. They should be licensed or registered and subject to monitoring to ensure compliance.⁴² In October 2021, the FATF updated its 2019 Guidance on the risk-based approach to virtual assets and virtual asset service providers.⁴³ The document provides updated guidance in six main areas, including FATF standards applied to stablecoins and additional guidance on the risks associated with peer-to- peer (P2P) transactions and mitigation techniques.

Cryptocurrency-related companies that are not currently included in the list of persons subject to AML/CFT requirements must still report any suspicious transaction to the public prosecutor, which will then notify Tracfin.

On 20 July 2021, the European Commission published the European AML package, currently under negotiation. This package consists of three pieces of legislation:

1. the 6th Anti-money Laundering/Countering Financing of Terrorism (AML/CFT) Directive;
2. the regulation establishing an EU AML Authority (AMLA), responsible for exercising supervisory and investigative powers, as well as promoting cooperation among EU financial intelligence units; and
3. the EU ‘single rulebook’ regulation, including provisions related to conducting due diligence procedures on customers, ensuring transparency regarding beneficial owners, addressing the use of anonymous instruments, like certain cryptoassets, and new entities, such as crowdfunding platforms.

In addition, the revised Transfer of Funds Regulation was adopted on 31 May 2023 and will require CASPs to implement the travel rule with respect to transfer of cryptoassets made by their clients.

On the enforcement side, in September 2022, the AMF announced the cancellation of the registration of a DASP because of violations of its AML/CFT obligations. This withdrawal occurred following an on-site inspection conducted by the ACPR.

Regulation of exchanges

The PACTE Act of 2018 created a comprehensive legal framework for DASPs. DASPs are entities that provide services related to digital assets. Digital assets, as defined by the PACTE Act, include:

1. tokens, as this term is defined in the ICO legal framework (i.e., intangible digital assets incorporating rights that can be issued, registered, held and transferred on a shared electronic recording system), as long as they do not qualify as financial instruments; and
2. any digital representation of value that is not issued or guaranteed by a central bank or a public authority, is not necessarily attached to a legally established currency and does not possess a legal status of currency or money, but is accepted by natural or legal persons as a means of exchange and that can be transferred, stored and traded electronically.⁴⁴

This definition of digital assets is slightly more precise than the definition of virtual assets in the FATF Recommendations.⁴⁵ In any case, all cryptoassets and cryptocurrencies would be covered by the definition of digital assets, but certain tokens that may not be based on cryptography may also qualify as digital assets.

To establish the list of services related to digital assets, the promoters of the PACTE Act looked to traditional investment services for inspiration. Therefore, digital asset services include the following services, as soon as they are performed in relation to digital assets:

1. custody of digital assets or cryptographic private keys;
2. purchase or sale of digital assets against legal currency;
3. purchase or sale of digital assets against other digital assets;
4. operation of a digital assets trading platform; and
5. various other services related to digital assets, including receipt and transmission of orders on behalf of third parties, portfolio management, investment advice, underwriting, and placing with or without a firm commitment.⁴⁶

The PACTE Act chose to establish a regulatory approach based on optional licences as an incentive-based system. Any entity providing one of the above-mentioned services can apply for a DASP licence, but obtaining this licence is not mandatory. This system emphasises non-mandatory provisions to foster professionalism and promote sound market practices while avoiding restrictive frameworks that might deter innovation and diminish France’s attractiveness. Licensed actors will be regarded as being whitelisted and may use their licence as a marketing tool.

However, owing to anti-money laundering concerns (arising notably from the Fifth Anti-Money Laundering Directive), obtaining a registration with the AMF is mandatory for custodians of digital assets, providers of the service of purchase or sale of digital assets against legal currency and, since Order No. 2020-1544 of 9 December 2020, entities allowing the purchase or sale of digital assets against other digital assets and those operating a digital asset trading platform. The requirements to obtain this registration are not overly burdensome: registered providers must give the AMF information regarding the reputation and professional qualifications of their managers and beneficial owners, as well as implementing the internal procedures required to comply with the anti-money laundering legislation. The registration will be granted by the AMF, although the prior approval of the ACPR is also required.

Conversely, licensed entities are subject to obligations equivalent to those of regulated investment service providers: they have to subscribe to professional liability insurance (or comply with capital requirements), possess secure and resilient IT systems and establish adequate policies to manage conflicts of interests. In addition, depending on the regulated services they intend to provide, licensed DASPs will have to comply with additional requirements. For example, licensed custodians will be required to establish a custody policy, ensure that they are always able to return the cryptoassets or the keys to their clients (or both) and implement segregated accounts.⁴⁷

Anti-money laundering requirements also apply to digital asset service providers that obtained the optional licence. Although obtaining a DASP licence will mostly serve as a marketing tool, licensed entities will also be granted the following benefits:

1. they will not be arbitrarily forbidden from opening a bank account and accessing basic banking services (see Section X); and
2. they will be allowed to contact potential individual clients on a massive scale (through emails or cold calls) to market their services, in accordance with the ‘financial or banking solicitation’ regime.⁴⁸ Licensed DASPs will also be able to broadly advertise their services to the general public and use sponsorship as a marketing tool. In contrast, registered DASPs may not use sponsorship and are subject to certain restrictions on advertising.

Finally, on 28 February 2023, the French parliament passed a new legislation that establishes a third regulatory status – referred to as ‘reinforced registration’ – which is much stricter than the registration but slightly less restrictive than the licence. The new reinforced registration will apply for DASP applications deemed complete by the AMF after 30 June 2023, but will not cover existing DASPs. The requirements are essentially similar to those applicable to licenced DASP with the exception of the prudential requirements (i.e., capital requirement or professional liability insurance).

The licence or registration granted by the AMF has no extraterritorial effect. As this regulatory framework is unique to France, there is no passporting regime applicable to DASPs.

As at June 2023, there are 76 registered DASPs, including most of the major French digital assets start-ups (Coinhouse, Aplo, Paymium, Meria, Flowdesk, Woorton) and several foreign actors (Binance, Bitpanda, Bitstamp).⁴⁹

Regulation of miners

Miners of cryptocurrencies are not subject to any specific regulatory regime. The French mining industry is almost non-existent, as electricity prices have been too high to make mining profitable in the past few years.⁵⁰ However, many individuals mine cryptocurrencies as a hobby or a side job.

A parliamentary report of 30 January 2019 on virtual currencies⁵¹ suggested that French miners be legally included in the list of ‘electro-intensive industries’, and thus exempted from the domestic tax on final electricity consumption. This exemption could lower electricity costs by a third, thus making France more attractive for miners. However, the environmental impact of cryptocurrency mining has been widely criticised, and it is unlikely that either the government or the legislation will encourage the development of proof-of-work mining in France. Still, many actors point out that the development of a mining industry could be synergistic with the development of renewable energy infrastructure, as miners can use the surplus produced by renewable power sources when the demand on the network is low.

Regulation of issuers and sponsors

While France has struggled to attract prominent ICOs in the past few years,⁵² the government and the AMF have taken multiple steps to turn France into an ICO-friendly jurisdiction. Following a public consultation conducted by the AMF,⁵³ the government and the AMF chose to create an ad hoc framework for ICOs rather than promote a best practice guide or include ICOs in the scope of the existing regulation of securities offerings.

The AMF can now grant its approval (or ‘visa’) to public offerings of tokens that comply with the requirements set out by the PACTE Act. Obtaining the AMF’s approval is optional for all ICO issuers; no ICO will be forbidden in France for lack of approval, although unapproved ICOs are subject to marketing restrictions. The AMF expects that ICO promoters will apply for the approval, as the global reputation of the AMF would serve as proof of their trustworthiness and help them market their ICO in foreign jurisdictions, as well as allow them to freely sell their token to French investors.

Under the PACTE Act, ICOs are explicitly separated from securities offerings. No security offering is allowed to be carried out under the form of an ICO. Issuing a token whose characteristics would make it similar to a security (i.e., a security token) would trigger the application of corporate law and securities law.

To obtain the AMF’s approval, ICO issuers have to file an information document containing various details of the offer and the issuer.⁵⁴ This document shall contain financial and legal information, but also certain technical information about the tokens and the method used to secure the digital assets raised during the offering (e.g., multi-signature wallets, smart contracts). The information document must be accurate, not misleading, and written in plain language, and it must describe the risks associated with the offer. In a way, the information document is similar to a white paper. In addition, the issuer is required to be located in France – if necessary through a subsidiary or a branch.⁵⁵

The marketing materials used by the issuer will also be reviewed by the AMF.⁵⁶ This requirement was criticised by the French community as, in theory, it would prevent the issuer from communicating on its contemplated offering before the end of the approval process (which may take a few months).

In June 2019, a section dedicated to ICOs was added to the General Regulation of the AMF (i.e., the code containing detailed provisions on securities offerings, capital markets, investment funds, licensed service providers, etc.).⁵⁷ The AMF also published on 6 June 2019 an instruction that further details the approval process and the content of the information document.⁵⁸

Thus far, only four visas have been granted by the AMF (French ICO, WPO, iExec Blockchain Tech and Blockchain Valley), with the last one on 24 January 2023.

The legal consequences of obtaining the AMF’s approval are very similar to those of obtaining the DASP licence (see Section V). The approved ICO issuers:

1. will not be arbitrarily forbidden from opening a bank account and accessing basic banking services (see Section X); and
2. are allowed to broadly advertise their services to the public, through financial or banking solicitation, online advertising or sponsorship (or all three).

In addition, as explained in Section IV, approved ICO issuers will be subject to AML/CFT requirements, but only in relation to transactions received from investors during the token offering.

Finally, as for the DASP licence, the approval granted by the AMF has no extraterritorial effect and cannot be passported within the European Union.

Criminal and civil fraud and enforcement

Enforcement case related to cryptocurrencies and cryptoasset services are finally increasing in France.

On the administrative side, in September 2022, the AMF and the ACPR removed the DASP registration of Bykep, invoking serious failures in the implementation of its AML processes. The ACPR also announced that several investigations would be conducted in 2023 concerning the AML compliance of existing DASPs. Since the bankruptcy of FTX in November 2022, the DASPs are more closely monitored by the regulators and their solvency has become a major area of attention.

Regarding enforcement related to criminal activities, the 2021 decentralised finance (DeFi) and non-fungible token (NFT) craze has led to a number of high-profile police investigations concerning scams and NFT thefts. In June 2023, the Paris Criminal Court will render its judgment in a ‘rug pull’ case, where three individuals are suspected of having deployed a fraudulent smart contract to steal cryptoassets from overconfident users.⁵⁹ In October 2022, several French individuals were indicted in connection with a NFT phishing scam targeting Bored Ape Yacht Club owners.⁶⁰ In addition, Tracfin closely monitors the use of cryptocurrencies in fraudulent and money laundering schemes, and regularly transfers cases to the judicial authorities.

Tax

Before the 2019 Budget Act, the tax treatment of digital assets was particularly severe. Capital gains made by individual investors were taxed at a marginal rate, which could reach 60 per cent (for large amounts). Following the adoption in 2018 of an ad hoc rule applicable to individual investors and the publication by the French Accounting Standards Authority (ANC) of a regulation on the accounting rules applicable to ICO issuers and investors (the ANC Regulation),⁶¹ these gains are now taxed at a flat rate of 30 per cent. In addition, crypto-to-crypto transactions are not subject to any taxation: taxation is deferred until the digital assets are sold against fiat currency or exchanged against a good or a service.

i Income tax treatment of individual investors

Until the adoption of the 2019 Budget Act, France was arguably one of the worst European jurisdictions for individual investors in cryptocurrencies, with a tax rate of up to 60 per cent. Cryptocurrency capital gains of individual investors are now taxed at a flat rate of 30 per cent,⁶² which is still higher than in some neighbouring countries. Crypto-to-crypto transactions fall outside the scope of the capital gains tax.⁶³ In practice, the taxation will be deferred until the cryptocurrencies are either sold against legal currency or used to purchase a good or service. This measure simplifies tax accounting and reporting, although individual investors still need to accurately track their transactions to be able to justify their gains.

In addition, individual taxpayers are not subject to income tax if the gains do not exceed €305 per year.

The 30 per cent tax rate will only apply to occasional sales of digital assets. Professional traders and miners will still be subject to the general income tax regime (i.e., a variable rate depending on their taxable income). In some cases, the tax administration still tends to consider that the sale of large amounts of cryptocurrency by wealthy individuals leads to the application of the general income tax regime, notably when the amount of the sale is considerable when compared to the individual’s income.

ii Corporate income tax – entities purchasing cryptocurrencies and ICO subscribers

Pursuant to the ANC Regulation, the accounting rules applicable to tokens issued following an ICO are also applicable to cryptocurrencies. In accordance with this regulation, if the cryptocurrencies or tokens are held for an investment purpose, they will be recorded in a newly created account under the short-term financial instruments category and their market value will be reassessed each year. Normally, these unrealised profits or losses should be neutralised from a tax perspective.

Utility tokens (tokens that are meant to be held until the services associated with them are provided or until the goods are delivered) purchased by a company will be recorded as intangible assets and amortised or depreciated as such.

iii Corporate income tax – ICO issuers

On the issuer’s side, the accounting treatment of the tokens will depend on the rights and obligations associated with the token, as follows:

1. if the tokens can be assimilated (even temporarily) to a reimbursable debt, they will be recorded as ‘loans and similar debts’;
2. if the tokens represent services to be provided or goods to be delivered in the future, they will be recorded as prepaid income; or
3. otherwise, if the issuer has no implicit or explicit obligation towards the token holders, the funds collected by the issuer will be recorded as income.

In most cases, the funds collected by the issuer will eventually be recorded as income. Then, although there has been no specific regulation on this matter yet, value added tax (VAT) and income tax will have to be paid by the issuer.

iv VAT regime

In 2015, a decision of the Court of Justice of the European Union confirmed that the purchase or sale of cryptocurrencies against legal currency is exempted from VAT.⁶⁴

With regard to utility tokens, in theory, VAT rules should be applicable, as soon as services are provided or goods are delivered in exchange for tokens. However, various technical issues have yet to be clarified (e.g., the actual value of the service provided by the token issuer is generally unknown at the time of the ICO). In certain cases, the tax authorities tend to consider that no VAT is applicable because there is no direct link between the good delivered or the service rendered and the consideration received. A formal clarification of the tax authorities may be necessary to settle the VAT treatment of token issuances.

Other issues

i Access to banking services

Access to banking services has long been one of the major struggles of French crypto-related companies. For many years, regulatory authorities only mentioned cryptocurrencies in relation to financial crime, money laundering or terrorism financing, and thus bank employees are understandably wary. In addition, the ability of bank employees to open bank accounts to these companies is often limited by the bank’s internal anti-money laundering policy. Many French banks prefer avoiding any exposure to activities related to cryptocurrencies to simplify their own AML/CFT reporting with their supervisory authorities.

Although the situation has improved since 2022, many start-ups still report that they had their bank account frozen or closed when their bank learned that it might be used to receive funds related to cryptocurrencies. Various individuals suffered the same problem, with many retail investors reporting that their bank blocked wire transfers to bank accounts associated with cryptocurrency trading platforms such as Kraken or Coinbase.⁶⁵

As a result, many French crypto-related companies had to open bank accounts with banks located in other European countries, where the scrutiny of crypto-related activity is less strict.

One of the most important provisions of the PACTE Act is the preferential access to banking services granted to three categories of entities:

1. ICO issuers that obtained the optional approval of the AMF;
2. registered digital asset custodians and entities allowing the purchase or sale of digital assets against legal currency; and
3. licensed digital asset service providers.

Banks have to set up objective, non-discriminatory and proportionate rules to determine whether these entities should be able to open an account in their books. Once the account is open, the entity’s access to basic banking services shall not be hindered by the bank. These provisions create a strong incentive for ICO issuers and crypto-related companies to obtain an optional visa, an optional licence or a registration instead of remaining unregulated, as the right to access bank accounts is tied to this approval or licence.

In addition, if a bank denies one of these entities the right to open an account, it shall communicate the reason for its decision to the AMF or the ACPR. Entities denied a bank account might also appeal the bank’s decision.

However, registered DASPs still face obstacles when opening bank accounts with French banks. Many banks claim that the AML risk posed by DASPs is too high, even when they are registered and subject themselves to AML regulation. The organisation representing the French actors of the cryptoasset industry, the Association for the Development of Digital Assets, has repeatedly denounced the difficulties DASPs face in accessing basic banking services.⁶⁶ In March 2021, a working group co-lead by the AMF and the ACPR published a report on the difficulties faced by DASPs regarding access to bank accounts. The report described the challenges and studied potential solutions. As of 2023, this situation is improving and the reinforcement of the DASP regime (with the reinforced registration status and the upcoming CASP status under MiCA) will likely convince more banks to work with DASPs.

ii General Data Protection Regulation compliance

Public blockchains seem to be at odds with certain rights guaranteed by the General Data Protection Regulation (GDPR),⁶⁷ such as the right to erasure, the right to rectification and the right to object to processing.

In September 2018, the National Commission on Informatics and Liberty (CNIL), France’s data protection authority, issued an analysis on the compatibility of public and permissioned blockchains with the GDPR.⁶⁸ (With regard to private blockchains, the CNIL noted that they do not raise specific issues with respect to the GDPR, as their immutability is usually not guaranteed by design.)

The CNIL stated that whenever a blockchain contains personal data, the GDPR applies. The CNIL focuses on personal data that may be uploaded to a blockchain as a way to ensure traceability of real-world documents (e.g., a diploma), but it seems to acknowledge the conflict between some GDPR requirements, such as the right to erasure, and the very nature of public blockchains. In any case, the CNIL recommends not storing unencrypted personal data in a blockchain. Furthermore, in February 2022, the CNIL emphasised its concerns about the protection of privacy in relation with the future ‘digital euro’. The CNIL stressed the need to reconcile the right to privacy with the implementation of AML verifications.

Looking ahead

The PACTE Act gave France a complete legal framework for ICO issuers and cryptoasset intermediaries. In 2024, that framework will be replaced by the European-wide regime established by the MiCA regulation. However, the French regime has partly inspired the MiCA project and we expect that registered or licensed DASPs will have a facilitated access to the MiCA CASP status.

Still, for France to become a true hub for cryptoasset start-ups, many reforms still need to be made. With regard to tax, the tax reporting applicable to individual investors could be simplified. The tax and accounting regime applicable to companies owning cryptocurrencies should also be clarified. In addition, allowing individuals to benefit from a tax deferral when financing a company with cryptocurrencies would encourage holders of cryptocurrencies to reinvest their gains in the real economy.

Because decentralised finance is increasingly popular among retail and institutional investors, the inclusion of these activities in the DASP framework would provide legal certainty to their users. In addition, because decentralised finance, as well as most trading platforms, relies heavily on decentralised stablecoins, clarifying their status and allowing their circulation without creating too many legal obstacles would help position France and Europe as leading jurisdictions for the cryptoasset economy.

Finally, a clarification of the status of decentralised autonomous organisations (DAOs) under French law would be welcome. A working group of the HCJP plans to publish its report on the the application of French law to DAOs in mid-2023.