i Introduction to the legal and regulatory framework

As early as 2013 – shortly after virtual currencies gained public attention and the first investor risk warnings could be heard2 – the German financial regulatory authority (BaFin) was quick to bring virtual currencies like Bitcoin within the general financial services licensing scheme (see Section III.i). Distributed ledger technology (DLT) has developed since, and brought with it various business models based on a multitude of tradable token types as digital representations of value.

While Germany has no specific regulatory framework for virtual currencies and other virtual assets in place yet, the general financial regulatory regime applies instead, and brings various types of DLT tokens within the ambit of capital markets, banking, financial services, anti-money laundering (AML) and other laws. BaFin itself, in line with the EU approach, emphasises a reasonable approach, which on one hand aims at eliminating risks to financial stability and consumers through virtual currencies, while at the same time not stifling innovation. However, the complexity of such regulatory regime with numerous and partially overlapping German and EU sources of law, as well as the lack of clarity in regulatory guidance by BaFin and the European Securities and Markets Authority (ESMA),3 have led to some legal uncertainty. Regulators emphasise the need for a case-by-case analysis,4 and academics are meanwhile engaged in active discussions, but a clear overall picture for the vast number of applications and business models is only emerging slowly.

As a basis for this chapter, we make a distinction between three types of tokens that has proven useful in practice as a rough guidance, namely:

  1. cryptocurrency tokens, which are mainly designed as a means of payment or store of value, and thus shall serve as decentralised virtual currencies for transactions with third parties or marketplaces (with Bitcoin as the prominent example);
  2. security tokens, which confer upon their holders access to future profits, interest and/or possibly some control rights over the issuer (e.g., voting rights on certain business decisions, projects, investments), and are therefore in their function similar to rights typically conferred by securities; and
  3. utility tokens, which do not entitle the holder to payment, but confer access to certain products or services (e.g., specific functions of the respective DLT network) that may already exist or will be developed in the future. Provided that the tokens can be traded on secondary markets, however, holders also may generate profits from the sale of utility tokens.

This classification provides a mere rule of thumb, as hybrid token forms can be easily designed and exist in various business models. Utility tokens especially may take such hybrid forms if their value proposition is not mainly access to services, but also depends on future developments and thus may have a speculative investment component driven by profit expectations through subsequent sales on secondary markets. For such tokens, the regulatory regime is briefly as follows:

  1. cryptocurrency tokens are regulated under banking laws (but are not considered securities), and related services may require a licence in Germany;
  2. security tokens will often be considered as securities so that various capital market and investment laws (with prospectus requirements) may apply;
  3. the regulatory treatment of utility tokens is rather unclear, with good arguments that their service-related (rather investment-related) characteristics justify not applying capital market laws, since typical investor information asymmetries are not concerned; and
  4. AML rules may apply to all of them.

In any case, the German regulator will engage in an individual case-by-case assessment based on the specific functional token design (form follows function).5

ii Securities and investment laws

This section provides an overview of the qualification of tokens under securities laws, prospectus requirements and liability, asset management regulation and market integrity laws.

i General qualification of tokens under securities laws

The qualification of tokens as financial instruments and, in particular, securities under the securities laws constitutes the linchpin for the application of any financial and capital market regulation. Under German and European law, a commonly accepted or uniform definition of the notion of a security – such as the Howey test under US securities laws6 – does not exist. Any legal assessment of cryptocurrency tokens, security tokens or utility tokens therefore applies only with respect to the corresponding legal act.

Within an increasingly interlinked framework of EU financial regulation, the revised EU Markets in Financial Instruments Directive 2014/65/EU (MiFID II) constitutes the central reference point, as most EU regulatory acts – including prospectus laws and market abuse laws – refer to the MiFID definition of financial instruments. Under Germany's securities and banking laws, however, a different definition applies (see Section III).

Article 4 Paragraph 1 No. 15 and Section C of Annex I of MiFID II define the term financial instrument under an exhaustive enumeration of different types of instruments of which transferable securities are the most relevant in the context of token sales. Under Article 4 Paragraph 1 No. 44 MiFID II, the notion of transferable securities is defined as 'those classes of securities which are negotiable on the capital market, with the exception of payment instruments, such as: (a) shares in companies and other securities equivalent to shares in companies […] (b) bonds or other forms of securitised debt […] (c) any other securities giving the right to acquire or sell any such transferable securities […]'.

The decisive characteristic for classification as a security is therefore tradability on the capital market. This requires, more specifically, that a security – under a case-by-case-assessment – meets the formal criteria of transferability, standardisation and tradability, and is comparable to the examples of the definition from a functional perspective.

First, as regards transferability, it may generally be assumed that tokens can be transferred freely among holders by way of assignment, and that crypto exchanges allow for liquid secondary markets in those tokens (i.e., that the first criterion will regularly be met).

Secondly, a token will require a sufficient degree of standardisation. Currently, virtual currencies are standardised in the sense of a uniform structure within one issuance of tokens only, but there is no uniform token standard among different categories and types in the sense of a common protocol or platform. Taking into account that standardisation serves the purpose of tradability to allow for efficient trading, however, it becomes clear that a standardisation on the level of the individual issuance should be deemed sufficient.

Thirdly, the actual trading of tokens on crypto exchanges indicates their tradability on a capital market. The fact that tokens – immaterial by nature – cannot be acquired in good faith does not lead to a different result: distributed ledger or blockchain technology serves as a functional equivalent of a bona fide acquisition, as transactions may not be reversed for technical reasons.7

Fourthly, and most importantly, according to the prevailing interpretation of securities requirements, a token must be functionally comparable to one of the examples listed in the definition. This criterion substantially limits the scope of tokens qualifying as securities since it requires the token to be similar to shares, bonds or other securities traded on capital markets. Where a token promises access to future revenue streams (e.g., profit-based or interest-like) and possibly control rights, such a securities token will likely be comparable to traditional securities. Where, in contrast, the characteristics of tokens are rather comparable to traditional money, such currency tokens should not constitute securities, as the definition explicitly excludes payment instruments.

Utility tokens that promise future access to goods or services, however, prove difficult to qualify and should be carefully assessed in light of their individual characteristics: if a token, from an objective point of view, may be regarded as an investment promising an increase in value and serves as a corporate financing instrument rather than a means of direct or immediate access to goods or services, it could potentially qualify as a security.8 Simply put, if a token embeds 'hope and expectations' rather than access to use, its qualification as a security for the purposes of MiFID II appears likely.

ii Prospectus requirements and liability

In order to provide investors with sufficient information to make an informed investment decision, thereby reducing informational asymmetries and allowing for an efficient allocation of capital, securities laws set out formal prospectus requirements.

Under the existing law, the German Securities Prospectus Act (WpPG), which implements the Prospectus Directive,9 requires a prospectus for any public offering of securities. From 21 July 2019 onwards, the Prospectus Regulation10 will provide a common legal basis for securities offerings in the European Union. Both legal acts require, first and foremost, securities within the meaning of MiFID II to be offered to the public. With respect to the definition under the WpPG, this understanding follows from the fact that the definition transposes the notion under the Prospectus Directive, which contains a dynamic reference to MiFID II. With respect to investments that do not qualify as securities, prospectus requirements under asset management laws may apply (see below).

Securities must be offered to the public or admitted to trading on a regulated market. With respect to (securities) token issuances, an admission to trading on a regulated market appears unlikely, as these are authorised and regulated public law institutions under the German Stock Exchange Act that require participants to be formally admitted to trading. An offer may, however, constitute an offer of securities to the public, given that the definition includes communication in any form and by any means that presents sufficient information on the terms of the offer and the securities to be offered.11

The WpPG and the Prospectus Regulation contain certain exemptions. In particular, thresholds with respect to institutional offerings or small offerings to retail investors apply. Both legal acts set out detailed criteria on the content of the prospectus that the issuer is obliged to draw up, submit to the national regulator for approval and publish thereafter.

Where the prospectus (e.g., in the case of token sales often labelled as a white paper) does not provide sufficient information – that is, all necessary information material to an investor for making an informed decision – or no prospectus exists at all, the issuer or other persons responsible may be held liable towards investors.12 Such liability may apply to the initiator or sponsor of a token sale (as the issuer) or any third party offering tokens to investors (as the offeror).

Aside from liability provisions under the prospectus laws, issuers or offerors may be subject to prospectus liability under general civil law, which is not limited to the notion of securities under MiFID II. In this case, liability does not result from a responsibility regarding information in a prospectus, but rather the violation of an independent pre-contractual duty of disclosure.

iii Asset management regulation

Collective investment undertakings

The German Capital Investment Code (KAGB) provides a comprehensive regulatory framework for the distribution, management and safekeeping of investment funds, and sets out organisational and transparency requirements for their managers and depositaries. It implements UCITS13 and AIFMD.14 Prospective investors must be provided with detailed information in the form of a prospectus or offering memorandum. Failure to comply with the pertinent requirements will expose managers to liability claims.

The KAGB defines the central notion of investment undertaking broadly as a 'collective investment undertaking, which raises capital from a number of investors, with a view to investing it in accordance with a defined investment policy for the benefit of those investors and which is not an operative undertaking outside the financial sector'.15 This definition, which is rooted in the AIFMD, may apply in particular to investment funds investing into cryptocurrency tokens, security tokens or utility tokens (crypto funds) or to crypto-mining ventures (mining pools) – that is, the pooling of resources to share processing power over a network and split the rewards according to the individual contribution to the pool.

The scope of requirements under the KAGB further depends on the type of the fund. In this respect, the KAGB distinguishes between alternative investment funds (AIFs) that are available to professional and semi-professional investors only (special AIFs),16 and public investment funds,17 such as public AIF and UCITS funds, that are available to retail investors.

With respect to crypto funds, the eligibility of token investments and the safekeeping of assets remain unresolved key issues, as German and European regulators have not issued any guidance on these questions yet. Public AIFs and UCITS may only invest into certain types of assets, including securities as defined under UCITS.18 In addition, detailed rules apply to the safe-keeping of assets by depositaries.19 Currently, it appears unclear whether tokens may be held in accounts with a depositary, and how its control function should be performed in this respect.

Mining pools are likely to qualify as investment funds in the form of an AIF if the manager – irrespective of the legal structure – offers to external investors a pooled investment that diversifies risk and does not undertake any further operative business. This may be the case where cloud or hardware-based mining pools collect revenues to allow for a probabilistic distribution of mining rewards. A contribution in the form of tokens such as cryptocurrency tokens will likely qualify as the raising of capital for the purposes of the definition of an investment fund, but would constitute a contribution in kind. Under the KAGB, such form of contribution is permitted with respect to special AIFs, but not with respect to public AIFs and UCITS.20

Asset investments

Complementary to the KAGB, the German Asset Investment Act (VermAnlG) sets out further requirements for investments offered publicly to retail investors. It only applies to asset investments that do not qualify as investment funds under the KAGB or as securities under the WpPG, and that are distributed in a public offering. These rules may apply to tokens of any type (i.e., cryptocurrency tokens, security tokens or utility tokens), in particular where a securities token embeds certain characteristics of an investment (e.g., the promise of future revenues) but does not meet all criteria required for the qualification of a transferrable security under MiFID II (e.g., where it lacks tradability due to insufficient standardisation or barriers to transferability).

Under the VermAnlG, a token could qualify as an asset investment as defined under an exhaustive list. These include investments that grant a participation in the profits of a company, trust assets, participatory or subordinated loans, profit participation rights, registered bonds or other investments that promise interest and repayment.21

In the context of a typical initial coin offering (ICO), the private placement exemption under the VermAnlG is unlikely to apply as it requires that (either) no more than 20 instruments are offered, the volume of all investments offered within 12 months does not exceed €100,000, or the minimum investment exceeds €200,000 per investor.22 Issuers of certain types of asset investments may, however, benefit from privileges applicable to crowdfunding, social or charitable projects if the total volume of the issuance does not exceed €2.5 million and certain other conditions are met.23

Unless an exemption from the prospectus requirements applies, issuers of such asset investments are required to prepare and publish a sales prospectus and an investment information sheet that are both subject to prior BaFin approval. Anyone who assumes responsibility for a prospectus and those who are assumed to have issued a prospectus may be held liable for incorrect or incomplete information in that prospectus or in the information sheet, or for the lack thereof.

iv Market abuse rules

The efficient allocation of capital and the orderly functioning of the capital markets require rules that ensure the integrity of the financial markets and investor confidence. To that effect, market abuse laws prohibit unfair market practices. Effective as of 2016, the Market Abuse Regulation (MAR)24 provides a common framework that prohibits the unlawful disclosure of inside information and market manipulation (market abuse). Both insider trading and market manipulation constitute criminal offences and may entail severe administrative fines.

MAR applies to any type of financial instrument that is traded or admitted to trading on a regulated market or a multilateral trading facility, as defined under MiFID II, as well as to financial instruments the price of which depends on, or has an effect on, such traded financial instruments (e.g., over-the-counter derivatives).25 As set out above, tokens that qualify as financial instruments under EU law (i.e., security tokens and certain utility tokens) will generally be within the scope of MAR. Nothing else follows from national provisions26 that expand the scope of MAR to goods and foreign currencies that are being traded on a domestic exchange as such an exchange – irrespective of the potential qualification of tokens as goods – includes regulated public exchanges only.

Crypto exchange operators that provide a venue to buy or sell financial instruments will typically not qualify as a regulated market, but may qualify as an alternative trading venue in the form of a multilateral trading facility provided that they match buying and selling interests in a non-discretionary manner (see also Section III.i). The consent of the issuer, an approval or listing are not required: that is, the trading of tokens on a venue that qualifies as a multilateral trading facility as such may bring it into the scope of market abuse rules.

For the purposes of MAR, inside information comprises any precise information relating to a token or its issuer that 'would be likely to have a significant effect on the prices': that is, that reasonable investors would be likely to use such information as part of the basis of their investment decisions.27 Anyone who possesses inside information is prohibited from trading the respective instrument for its own account or that of a third party, and from recommending another person to do so, or inducing another person to do so, as such activity would constitute insider dealing.28

In addition, MAR also prohibits engaging in or attempting to engage in market manipulation. This concept includes any transaction, order or behaviour that could or is likely to give false or misleading price signals, or to secure prices at an abnormal or artificial level, or that employs a form of deception or contrivance as well as the dissemination of false or misleading signals or rumours in relation to a financial instrument and the transmission of such information in relation to a benchmark.29

Certain aspects of MAR apply to benchmarks, such as indices that financial instruments as defined under MiFID II make reference to.30 As benchmarks may be based on any type of input data, they can relate to security tokens, cryptocurrency tokens or utility tokens. In addition, it should be noted that Regulation (EU) 2016/1011 on indices used as benchmarks sets out detailed requirements for the provision and use of benchmarks. Crypto market data providers may, therefore, without issuing financial instruments themselves, be subject to registration or authorisation requirements.

iii Banking and money transmission

The core issues in the realm of banking and money transmission regimes are the statutory licence requirements that may arise under various laws and bring with them, inter alia, specific supervisory, process and compliance as well as AML obligations (regarding that last, see Section IV).

i German Banking Act31

Banking Act licence requirements

The Banking Act (KWG) entails, in line with various EU laws, the general regulatory regime for banking and financial services in Germany. It sets out strict licence requirements not only for classical banking but also for various financial services, together with, inter alia, minimum capital requirements; management requirements (e.g., fit-and-proper tests) and risk management rules; AML and know your customer (KYC) principles; supervision requirements; and a detailed framework on various other issues.

The licence requirements hinge, inter alia, on the types of assets (see below) and regulated business activity (see below) in question.

Failure to obtain the necessary licences may have harsh consequences: not only can administrative proceedings be brought by BaFin (Section 37 KWG), but this may trigger criminal proceedings against responsible persons such as founders or CEOs (Section 54 KWG), who may also face personal civil liability.

For cross-border operations, which are typical for DLT networks, the BaFin takes the stance that German regulation applies not only for domestic businesses with a seat or branch in Germany,32 but also where cross-border services (e.g., crypto exchanges located abroad) actively target the domestic market (taking into account, for example, means of advertising, language, share of transactions in Germany; however, the mere accessibility of websites in Germany is unlikely to suffice as such). A licensed financial service business can passport a German licence throughout the EU (and vice versa). In practice, cooperations with licensed banks or financial services providers are also conceivable, with the caveat that control over the business will vest with the licensed business.33

Regulatory trigger: tokens as financial instruments

What constitutes financial services is exhaustively defined in the KWG and entails several activities related to financial instruments. One core question is therefore whether tokens qualify as financial instruments within the meaning of the KWG.34 This term does not fully correspond with the same term under the WpHG and MiFID II,35 but is broader and encompasses, inter alia, also units of account, which BaFin has applied since 2013 in standing practice to virtual currencies (cryptocurrency tokens). This approach was recently confirmed in its 2018 ICO notice,36 where BaFin reiterated its position that several crypto asset-related activities may require a licence under the KWG (see below). Differentiated by token, the regulatory approach is therefore as follows: cryptocurrency tokens qualify as financial instruments under the KWG (but not MiFID II) in the specific form of units of account.37 This category, which has so far covered units of value such as the International Monetary Fund's special drawing rights or privately issued complementary currencies, has evolved to be the new main regulatory anchor for cryptocurrencies. Although this standing administrative practice finds support in the legal literature, it should be noted that a German appellate court recently rejected such approach in criminal proceedings involving the operation of a Bitcoin exchange.38 The court had doubts that such a broad reading of regulatory licensing requirements that are subject to criminal penalties is compatible with legal certainty. So far, this is a single decision and it remains to be seen how practice and other courts follow.

Security tokens falling under MiFID II will usually also qualify as financial instruments within the meaning of KWG;39 and it is still not entirely clear whether and under which circumstances utility tokens qualify as financial instrument within the meaning of KWG.40 Hybrid forms of utility tokens especially will be more likely to qualify as financial instruments the more their characteristics resemble security tokens or cryptocurrency tokens. However, if utility token transactions involve also cryptocurrency tokens or security tokens, licence requirements may already be triggered by the latter and apply to the whole transaction.41

Regulation of token-related business models

Provided that tokens qualify as financial instruments, KWG licences are required for a broad range of business activities if they are performed as a commerce or on a scale requiring a commercial business organisation.42

A KWG licence is particularly relevant and usually necessary for crypto exchange platforms and similar token trading models. Licensing requirements here are commonly discussed on the basis that such activities may constitute investment broking43 (where broking transactions involve the purchase and sale of financial instruments, which may also be done through an electronic platform44) or the operation of a multilateral trading facility45 (which brings together multiple third-party buying and selling interests in financial instruments in the system, in accordance with non-discretionary rules and in a way that results in a contract).46 Business models should also be assessed as to whether they might be considered as financial broking services47 (with the purchase and sale of financial instruments in a service provider's own name but on a third party's account48) or contract broking49 (where the aforementioned purchase and sale occur in a third party's name on its account50). The further case of proprietary trading51 is quite broad, and involves the purchase and sales of financial instruments as a market maker, systemic internaliser or participant in markets with high-frequency trading systems, and also cases where purchases and sales on one's own account are offered as a specific service for others.52 This may be relevant, for example, for solicited regular buying and selling activities in virtual currencies if such activities involve a further services element (e.g., if the entity has better access to the market or creates a market by regular trading activities that would otherwise not be available for others).53 In any case, this will require a case-by-case assessment of the technical and functional details.

The issuing of tokens as such does normally not necessitate KWG licences. BaFin further states that in the context of ICOs, depending on the individual circumstances, underwriting business54 (with the taking over of financial instruments at one's own risk for placement55) or placement business56 (with the placement of financial instruments without a firm commitment basis57) require a licence. Such activities appear, however, usually not to be done by the issuer itself in an ICO.

Other typical regulated financial intermediary activities may also require a prior KWG licence if such activities are offered in connection with virtual currency business models. This may be the case for rendering investment advice58 (in the form of personal recommendations for transactions in specified financial instruments, based on an examination of an investor's personal circumstances and not exclusively announced through information distribution channels or to the public59) or financial portfolio management60 (with discretionary management of individual investments in tokens as financial instruments for others61).

Within that framework, other actors in a DLT ecosystem will normally need no KWG licence. The mere use of virtual currencies as a means of payment does not require any licence; neither does operating a DLT network for token transactions as such, given that such network is a mere technical facility for effecting transactions, and no entity for trading and in particular no multilateral trading facility.62 The same holds true for operating a wallet. This would in particular not qualify as portfolio management or deposit business63 for securities. Under German law, a security deposit business with the provision of custody and administration for others still requires securities with a tangible certificate, which DLT tokens lack.64 Finally, operations of miners normally do not fall under the activities regulated by the KWG. However, this may be different for specific services such as organising mining pools. Where a central pool operator would sell mined virtual currency to third parties and disburse collected money or virtual currency to individual miners, the operator could be considered as acting for a third person and engaging in proprietary trading services.

ii German Payment Services Supervision Act65

Further licence requirements, which may potentially be relevant for virtual currencies, exist under the Payment Services Supervision Act (ZAG). This law, which implements the Payment Services Directive66 and the E-money Directive,67 regulates in essence two types of business activities, namely rendering certain (enumerated) payment services and issuing e-money. For such business activities, the ZAG sets out certain requirements, inter alia, as to management qualifications, capital requirements and risk management.68 Structurally similar to the KWG, foreign entities require a licence if their business activities target the German market, and a ZAG licence can be passported throughout the EU. For some KWG-licensed entities (CRR credit institutions), no additional ZAG licence is necessary.69


A licence is required for engaging in the business of issuing e-money.70 E-money is defined as electronically (including magnetically) stored monetary value represented by a claim against the issuer, which is issued against the receipt of funds for the purpose of making payment transactions, and which is accepted by a natural or legal person other than the electronic money issuer.71 Thus, where a company provides an electronic monetary value in exchange for an equal amount of (fiat) money, it will serve as an electronic means of payment for the substitution of cash. Such ZAG licence covers not only issuing e-money, but also ancillary activities such as related payment services and the operation of payment systems.

While tokens can take various forms, the currently prevailing opinion is that virtual currency tokens – unlike electronic cash cards – are in the majority of cases not e-money. First, such tokens would have to be issued in exchange for (fiat) money (which is conceivable for example, in the case of pre-mined tokens, but is not the general case).72 Secondly, this would require a monetary claim against a specific issuer, which virtual currency tokens (especially cryptocurrency tokens) normally do not confer.73 Thirdly, even if a token was seen as e-money, any such ZAG licence would hinge with the issuer, not with (if any in such models), for example, miners.

Payment services

The ZAG further sets out an exhaustive list of regulated payment services.74 Given that all such services are related to money in cash, bank accounts or e-money, but not (yet) to virtual currencies,75 a ZAG licence becomes relevant where virtual currency transactions involve some element of processing fiat money, but not merely virtual currency-to-virtual currency transactions. It is mainly for the issuing of virtual currency tokens and exchanges that the question arises whether they are involved in rendering payment services. As such, the most relevant issues in a virtual currency context include payment initiation services76 (which allow access to payment accounts, but without acquiring possession of the transferred money); issuing of payment instruments or acquiring of payment transactions, or both;77 or, as a broad catch-all clause,78 money remittance services,79 where a payer (without any payment accounts created) pays funds to a payment service provider with the aim of transferring a corresponding amount to a payee (or another payment service provider acting on the payee's behalf), or where such funds are received on behalf of and made available to the payee, or both.

Thus, if an issuer or trader of virtual currency tokens collects fiat money to broker it on a platform with token purchasers, this may, depending on technical and functional details, constitute a regulated payment services business. The transferor and transferee of tokens are normally not subject to such ZAG licence; neither would a DLT network operator (if any) be regulated. The operation of miners does normally not fall under ZAG-regulated activities, and it is also doubtful whether operating virtual currency wallets (unlike e-money wallets) as such would require a ZAG licence.80

Even if activities are related to payment services, some exceptions may apply, for example, for mere technical support service providers who do not obtain possession of funds (including, for example, data processing and storage, trust and privacy protection services, authentication and communication, unless they are payment initiation and account information services),81 or commercial agent models82 (who are authorised via agreement to negotiate or conclude the sale or purchase of goods or services on behalf of only the payer or only the payee).

iv Anti-money laundering

i General framework

Several actors in a DLT ecosystem may be subject to AML laws, namely the German Anti-Money Laundering Act (GwG), which provides, together with some AML-related provisions in the KWG,83 the main legal basis for AML requirements under German law. The GwG transposes AMLD 484 into German law, and will soon be amended to implement AMLD 5,85 which was adopted on 19 April 2018 by the European Parliament and must be transposed by EU Member States within 18 months. AMLD 5 will further tighten AML rules as part of the European Commission's 2016 AML action plan, which also responds to the Panama Papers revelations.

Currently, AML rules are based on a wide understanding of property that may be involved in money laundering, including assets of any kind (corporeal or incorporeal, movable or immovable, tangible or intangible),86 so that any kind of tokens involved in criminal acts can be the object of money laundering activities. This concerns not only transactions with tokens (as the main subject matter of the transaction), but also payments with tokens (a typical virtual currency case), as long as the transacting entity is subject to the AML rules.87

The new AMLD 5 defines virtual currencies,88 and will bring entities that provide services that are in charge of holding, storing and transferring virtual currencies into the scope of the AML obligations, which most notably apply to crypto exchanges as well as to wallet providers. Given that the recitals refer to a medium of exchange,89 this will cover cryptocurrency tokens, but it is doubtful whether it will include security tokens and utility tokens.

ii AML subjects

Generally, German AML rules hinge on certain listed types of obliged entities that engage in specific activities susceptible to money laundering activities.90

As far as is relevant in the context of virtual currencies, banking and financial service institutions that require a KWG licence (first and foremost token exchanges: see Section III.i) must generally comply with the AML rules.91 Thus, AMLD 5's implementation into German law will probably not change the status of exchange services between virtual currency and fiat currencies to the extent that they already require a KWG licence.92 However, in many cases initial token sales will be structured in a way that the issuer will neither be regarded as a financial institution nor a credit institution.93 Similarly, AML obligations apply to undertakings if they render certain payment or e-money services and require a ZAG licence as payment institutions and e-money institutions (see Section III.ii).94 In the (currently infrequent) event that tokens should qualify as e-money, the issuer as well as the merchant accepting such payments are also subject to AML rules.95

While the operation of virtual currency wallets has so far not been regarded as triggering AML obligations, the upcoming implementation of AMLD 5 into German law will have to include custodian wallet providers who engage in services to safeguard private cryptographic keys on behalf of their customers to hold, store and transfer virtual currencies as AML subjects.

Whether and to what extent token transactions trigger AML obligations has not yet been entirely clarified. In general, a person trading in goods may also be subject to the AML rules under certain circumstances (e.g., handling cash payments exceeding €10,000 or in the case of specific suspicions).96 Whether transactions with tokens (be they within an ICO by the issuer in the primary market or later on the secondary markets) are trades in goods is discussed. The Federal Ministry of Finance refers in that regard to classical civil law sales contracts,97 which would cover only token-against-fiat transactions,98 but arguably not the use of tokens as means of payment for, for example, other tokens or goods. In addition, the German government has stated that the mere use of cryptographic currencies (without specific token qualification) would not fall under the AML rules.99

Finally, neither the network operation (if any such entity exists at all in a decentralised system) nor mining as such are currently regarded as AML-relevant activities.

iii AML duties and responsibilities

Entities subject to German AML rules must comply with various duties and responsibilities, most notably:

  1. establishing an adequate and effective risk management system with ongoing analysis of activity-related risks, and with customer and business-related internal security measures, which may include, for example, procedures and controls, codes of conduct or reliable compliance processes;100
  2. the appointment of a sufficiently equipped AML officer at management level in Germany (and a deputy) who is responsible for ensuring AML compliance;101
  3. customer due diligence (CDD, as a KYC principle), which aims at identifying and verifying customers and beneficial owners, for example, when entering into a business relationship, where transaction values exceed certain thresholds, where indicators of suspicious transactions exist or when information provided by customers seems to be inaccurate.102 The scope of CDD is subject to proportionality and depends on certain risk-based criteria, which may limit103 or broaden104 the CDD scope. In addition, CDD requires the identification of politically exposed persons; and
  4. reporting of suspicious transactions to the Central Financial Transaction Investigation Unit where circumstances indicate that assets originate from AML-relevant criminal offences, are related to terrorist financing, or where necessary identification documents have not been provided.105

For some AML subjects such as persons trading in goods, the aforementioned obligations may be limited and only apply where certain thresholds are reached (e.g., transactions with cash payments exceeding €10,000) or under specific suspicious circumstances.

v Regulation of exchanges

German law provides no specific regulation of virtual currency exchanges; however, the general rules as set out above apply. Depending on the specific activity and type of token traded, laws on securities (see Section II), banking laws (see Section III) and AML rules (see Section IV) may be applicable.

vi Regulation of miners

German law provides no specific regulation of miners; however, the general rules as set out above apply. Normally, mining as such will require no licence, but only in special cases (e.g., commercial operation of mining pools: see Section III.i).

vii Regulation of issuers and sponsors

German law provides no specific regulation of issuers; however, the general rules as set out above apply. Depending on the specific activity and type of token traded, laws on securities (see Section II), banking laws (see Section III) and AML rules (see Section IV) may be applicable.

viii Criminal and civil fraud and enforcement

Besides specific criminal regulations – as set out above for insider trading and market manipulation,106 failure to meet prospectus requirements,107 lack of required financial licences under the KWG,108 KAGB109 or ZAG,110 or money laundering111 – virtual currency-related fraudulent activities will normally fall within the scope of general criminal law (most notably computer fraud,112 unauthorised access to data113 or interference with data114). Just recently, the German Federal Supreme Court115 convicted operators of a botnet for mining cryptocurrency tokens that used the power of infiltrated computers for several offences of data criminality.116 While German law does not acknowledge a theft of virtual currency in the absence of a physical embodiment, hacking and the misuse of private keys may be sanctioned as computer fraud within the context of data processing. Cases of market manipulation or transactions or ICOs with fraudulent information might also be pursued as general fraud117 or criminal breach of trust.118 Any proceeds from such activity may be the object of money laundering. Virtual currencies as proceeds from criminal offences – regardless of their legal character119 – may be subject to forfeiture.120

Criminal liability will usually coincide with civil law damages and restitution claims,121 but procedural details for virtual currencies have apparently not yet been litigated.122 A transfer of virtual currencies in such cases can be enforced, for example, by handing over a private key to avoid – as generally under German civil procedure law – a penalty payment or imprisonment.123 For virtual currencies stored in wallets, claims against the wallet provider could also be seized.124

Apart from criminal sanctions and private civil law enforcement, administrative enforcement is the most-used measure to ensure regulatory compliance in the authorities' toolbox. In 2017, BaFin initiated 36 proceedings to verify regulatory compliance. In four cases, BaFin closed down such operations and involved criminal prosecutors.125

ix Tax

While virtual currency tax issues are extensively discussed, authoritative guidance is limited. In the absence of specific virtual currency-related regulation, general German tax laws apply.

Value added Tax (VAT), following the European Court of Justice (ECJ) Hedqvist judgement126 and guidance of the German Federal Ministry of Finance,127 will not be triggered by a conversion of cryptocurrency tokens to fiat money (and vice versa).128 Despite some uncertainties at the EU level,129 the Ministry of Finance further states the same for transaction fees (or cryptocurrency tokens) received by miners.130 In contrast, fees for services providing a wallet131 or a cryptocurrency token exchange132 (unless trading cryptocurrency token as intermediary on its own behalf133) may trigger VAT. The mere use of cryptocurrency tokens as a means of payment (instead of fiat money) has normally no influence on the qualification of transactions under tax laws,134 but may require documenting exchange rates.135 For utility tokens and security tokens, the absence of authoritative statements leads to some uncertainties. Some authors argue that the issue of security tokens will not trigger VAT, whereas the issue and sale of utility tokens may be subject to VAT.

As it regards taxes on profits, virtual currencies are taxed in accordance with general principles: virtual currencies are immaterial assets, and profits (e.g., as the difference between the acquisition price and disposal price, or for ICOs between the book value and issue price, after the deduction of losses and expenses like platform operating costs) can in principle be taxed as personal income. In particular, the issuer of utility tokens in an ICO may have accounting profits taxed if a utility token is issued in exchange for cryptocurrency tokens. According to statements of the Federal Ministry of Finance, profits from occasional mining of virtual currency may also be taxed as income.136

Details of the tax regime vary depending on whether transactions are carried out in a private or commercial context, and by whom. In a private context, tax on personal income will accrue for individuals who realise profits such as gains in virtual currency value,137 but only if in such context virtual currencies are held less than a year.138 If virtual currencies are created or bought as a commercial activity, earnings from a sale or exchange may be subject to taxation as business income.139 If done by commercially acting individuals or partnership companies, taxes will accrue as private income tax at the shareholder level; and if done by (both public and private) limited liability companies, taxes will accrue at the corporate level.

X Other Issues

Anyone commercially involved in a virtual currency business must refrain from false advertising and supplying misleading information. Thus, even in the absence of specific prospectus obligations (see Section II.ii), ICO white papers must be correct and not omit relevant information, and information on the prospects of success and economic development must not be misleading. This follows from German unfair competition law,140 which is quite effectively enforced by competitors, business associations and consumer organisations. Furthermore, potential contractual parties are required to act truthfully, and may under special circumstances have to disclose information that is important but unknown to the other party proactively under general civil law. If they withhold such information or provide false information, they may be held liable.141 It is argued that this may apply also for issuers of tokens.

Operators of internet platforms where virtual currency tokens are commercially offered may also have to comply with general e-commerce and consumer protection laws.142 Since the legal nature of tokens may vary, some uncertainties exist as to the applicability of such regulations. While the European Central Bank (ECB) has stated that neither consumer rights nor e-commerce regulations are applicable to cryptocurrency token transactions,143 it is conceivable that at least utility tokens could be subject to such regulation. If applicable, this would include extensive information duties (e.g., on entrepreneur's identity, modalities of online contract formation, characteristics of goods and services, costs)144 and – rather theoretically – customer withdrawal rights in some cases.145

xi Looking Ahead

While the current virtual currency regulation and regulatory practice are still shaped by legal uncertainty and business models have to be discussed with regulators, it can be assumed that regulators will provide more general guidance in the future to give their sensible case-by-case approach a more profound basis. Owing to the cross-border nature of virtual currencies and related services, it is also conceivable that further regulation will take place on an EU (or even on an international) level in order to create level playing fields. While the substantive virtual currency framework is widely harmonised throughout the EU, practical differences in enforcement may remain. However, regulatory arbitrage is nonetheless limited because of looming civil law liability.

In addition to the regulatory (i.e., public law) aspects discussed in this chapter, it can be envisaged that the legal discussion about the emission, administration and servicing of tokens will also need to take civil and corporate law aspects into consideration. More fundamentally, use cases and activities related to securities tokens raise the question of potential efficiency gains in post-trade activities, that is, the holding, clearing and settling of securities through custody chains governed by DLT protocols. In this context, two technical concepts appear to emerge: the issuance of tokens linked to securities held by the German central securities depository (CSD) (mirror DLT securities) and the genuine issuance of tokens on a DLT platform in book-entry form (genuine DLT securities). With respect to this strand of the discussion, numerous impediments to the structuring of genuine DLT securities remain, largely due to provisions that require some physical form or representation of the securitised right (in rem concept of securities ownership). Unlike in other countries, securities issuances under German law must generally be securitised in physically stored paper certificates, which nowadays are normally issued in the form of a global note that is held by the CSD. Therefore, the safekeeping and transfer of securities issued as genuine DLT tokens will require amendments to the German safe custody law, which could be inspired by the German Federal Debt Management Act that already provides for genuine book-entry form with regard to public sector debt (e.g., government bonds). This concept could be used for future legislation, possibly setting out a framework for a qualified digital register that might be operated by regulated entities.


1 Matthias Berberich is counsel and Tobias Wohlfarth is an associate at Hengeler Mueller Partnerschaft von Rechtsanwälten mbB.

2 EBA Opinion on virtual currencies of 4 July 2014 (EBA/op/2014/08), p. 21 seqq.

3 See ESMA statement of 13 November 2017 on ICO regulatory requirements (ESMA50-157-828); BaFin notice of 20 February 2018 (WA 11-QB 4100-2017/0010); for investor risks, see ESMA statement of 13 November 2017 (ESMA50-157-829); BaFin article in BaFin Journal November 2017, p. 15 seqq.

4 BaFin notice of 20 February 2018 (WA 11-QB 4100-2017/0010).

5 BaFin Notice of 20 February 2018 (WA 11-QB 4100-2017/0010), emphasising that terminology is not decisive.

6 Cf. Hacker/Thomale, Crypto-Securities Regulation: ICOs, Token Sales and Cryptocurrencies under EU Financial Law, Working Paper November 2017 (SSRN ID 3075820), p. 18.

7 BaFin Notice of 20 February 2018 (WA 11-QB 4100-2017/0010).

8 Cf. Klöhn/Parhofer/Resas, 'Initial Coin Offerings (ICOs) – Markt, Ökonomik und Regulierung', ZBB 2018, 89, 102 et seq.; Zickgraf, 'Initial Coin Offerings – Ein Fall für das Kapitalmarktrecht?', AG 2018, 293, 303 et seqq.

9 Directive 2003/71/EC.

10 Regulation (EU) 2017/1129.

11 Section 2 No. 4 WpPG, Article 2(d) Prospectus Regulation.

12 Sections 21 through 25 WpPG, Article 11 Prospectus Regulation.

13 EU Directive 2009/65 on Undertakings for Collective Investment in Transferable Securities.

14 EU Directive 2011/61 on Alternative Investment Fund Managers.

15 Section 1 Paragraph 1 KAGB.

16 Section 1 Paragraph 6 s. 1 KAGB.

17 Section 1 Paragraph 6 s. 2 KAGB.

18 Sections 192 et seqq. and Section 219 KAGB.

19 Sections 68 et seqq. KAGB.

20 Section 71 Paragraph 1 s. 3 KAGB.

21 Section 1 Paragraph 1 VermAnlG.

22 Section 2 Paragraph 1 VermAnlG.

23 Sections 2a, 2b and 2c VermAnlG.

24 Regulation (EU) No. 596/2014.

25 Article 2 Paragraph 1 MAR.

26 Section 25 WpHG.

27 Article 7 Paragraph 1 MAR.

28 Article 14 MAR.

29 Article 12 Paragraph 1 MAR.

30 Article 2 Paragraph 2 c) MAR.

31 Kreditwesengesetz.

32 Section 53 Paragraph 1 KWG.

33 Gebundener Vermittler, Section 25e KWG.

34 Section 1 Paragraph 11 KWG with an extensive list.

35 BaFin Notice of 20 February 2018 (WA 11-QB 4100-2017/0010).

36 BaFin Notice of 20 February 2018 (WA 11-QB 4100-2017/0010).

37 Section 1 Paragraph 11 s. 1 No. 7 KWG.

38 Higher Regional Court of Berlin, decision of 25 September 2018, Ref. No. (4) 161 Ss 28/18 (35/18).

39 Section 1 Paragraph 11 s. 1 No. 1 through 4 KWG.

40 Public BaFin statements remain vague (see only BaFin, Journal 11/2017, p. 18); dissenting Bundesverband Blockchain, Statement on Token Regulation, p. 39.

41 The provision of financial services for utility tokens that will not be acquired or disposed of in exchange for security tokens and cryptocurrency tokens will be less likely to qualify as a regulated activity under the KWG, Bundesverband Blockchain, Statement on Token Regulation, p. 27.

42 Section 1 Paragraph 1 s. 2 and Section 1a s. 2 KWG.

43 BaFin notice of 20 February 2018, WA 11-QB 4100-2017/0010.

44 Section 1 Paragraph 1a No. 1 KWG.

45 BaFin Notice of 20 February 2018 (WA 11-QB 4100-2017/0010).

46 Section 1 Paragraph 1a No. 1b KWG, similar to Article 4 Paragraph 1 No. 22 MiFID II.

47 BaFin Notice of 20 February 2018 (WA 11-QB 4100-2017/0010).

48 Section 1 Paragraph 1 s. 2 No. 4 KWG. It is reported that in 2017 BaFin closed down four exchanges of Bitcoins into euros without having a licence for financial broking.

49 BaFin Notice of 20 February 2018 (WA 11-QB 4100-2017/0010).

50 Section 1 Paragraph 1a No. 2 KWG.

51 BaFin Notice of 20 February 2018 (WA 11-QB 4100-2017/0010).

52 Section 1 Paragraph 1a s. 2 No. 4 KWG.

53 Every transaction that is not trading on own account will qualify as dealing on own account, which normally requires no licence, unless done by undertakings within a Capital Requirements Regulation (CRR) group, engaging in other licensed banking and financial services or as participant in a multilateral trading facility or organised trading facility, or with electronic marketplace access. The question has been raised whether users of a crypto exchange, which qualifies as multilateral trading facility, who purchase or sell tokens may require a licence based on that wording. With the legislative history of the KWG and MiFID II in mind, it appears unlikely that authorities would follow such an approach.

54 BaFin Notice of 20 February 2018 (WA 11-QB 4100-2017/0010).

55 Section 1 Paragraph 1 s. 2 No. 10 KWG.

56 BaFin Notice of 20 February 2018 (WA 11-QB 4100-2017/0010).

57 Section 1 Paragraph 1a s. 2 No. 1c KWG.

58 BaFin Notice of 20 February 2018 (WA 11-QB 4100-2017/0010).

59 Section 1 Paragraph 1a s. 2 No. 1a KWG.

60 BaFin Notice of 20 February 2018 (WA 11-QB 4100-2017/0010).

61 Section 1 Paragraph 1a s. 2 No. 3 KWG.

62 Section 1 Paragraph 1a s. 2 No. 1b KWG.

63 Section 1 Paragraph 1 s. 2 No. 5 KWG.

64 Section 1 Paragraph 1 DepotG. Such tangible embodiments of German securities are usually stored with Clearstream AG.

65 Zahlungsdiensteaufsichtsgesetz.

66 Directive EU 2015/2366.

67 Directive 2009/110/EC.

68 Details in Section 12 ZAG.

69 Section 1 Paragraph 1 No. 1 and 3 ZAG; Section 1 Paragraph 3d KWG.

70 Section 11 Paragraph 1 ZAG.

71 Section 1 Paragraph 2 s. 3 ZAG.

72 BaFin Notice of 22 December 2011 (as amended on 29 November 2017) on the interpretation of the Payment Services Supervision Act.

73 BaFin Notice of 22 December 2011 (as amended on 29 November 2017) on the interpretation of the Payment Services Supervision Act. This interpretation was recently confirmed by the Higher Regional Court of Berlin, decision of 25 September 2018, Ref. No. (4) 161 Ss 28/18 (35/18).

74 See Section 1 Paragraph 1 s. 2 No. 1 through 8 ZAG for a list of payment services regulated by the ZAG.

75 BaFin Notice of 22 December 2011 (as amended on 29 November 2017) on the interpretation of the Payment Services Supervision Act, No. 2.

76 Section 1 Paragraph 1 s. 2 No. 7 ZAG.

77 Section 1 Paragraph 1 s. 2 No. 5 ZAG.

78 See legislative materials, BT-Drucks. 18/11495, p. 104. The former case of digital payment business has been abandoned in the course of implementation of the Second Payment Services Directive in the ZAG, and legislative materials state that such cases will normally be within the scope of the aforementioned cases: see BT-Drucks. 18/11495, p. 104.

79 Section 1 Paragraph 1 s. 2 No. 6 ZAG.

80 It may be argued that wallets are in particular not payment authentification services (Section 1 Paragraph 1 s. 2 No. 5, Section 1 Paragraph 20 ZAG), since wallets are not personalised means or procedures agreed between a user and a payment services provider for effecting payments.

81 Section 2 Paragraph 1 No. 9 ZAG.

82 Section 2 Paragraph 1 No. 2 ZAG.

83 In addition to the GwG, financial services institutions are also subject to AML requirements under Section 25h KWG, which partially overlap with the GwG provisions.

84 4th European AML Directive (Directive (EU) 2015/849).

85 5th European AML Directive (Directive (EU) 2018/843).

86 Section 1 Paragraph 7 GwG.

87 In this vein (although very generic), the ESMA statement of 13 November 2017 on ICO regulatory requirements (ESMA50-157-828).

88 Under AMLD 5, virtual currencies means a digital representation of value that is not issued or guaranteed by a central bank or a public authority, is not necessarily attached to a legally established currency, and does not possess a legal status of currency or money, but is accepted by natural or legal persons as a means of exchange and that can be transferred, stored and traded electronically.

89 Directive (EU) 2018/843 Recital 8.

90 Section 2 Paragraph 1 GwG.

91 Section 2 Paragraph 1 No. 1 and 2 GwG; Section 1 Paragraph 1 and 1a KWG.

92 The lack of AML regulation of providers engaged in exchange services between virtual currencies and fiat currencies prior to AMLD 5 (see AMLD 5 Recital 8) concerned only the EU level, and left unaffected the stricter German financial services licence requirements with direct impact on the scope of AML subjects.

93 Bundesverband Blockchain, Statement on Token Regulation, p. 28.

94 Section 2 Paragraph 1 No. 3 GwG; Section 1 Paragraph 3 ZAG.

95 Section 2 Paragraph 1 No. 3 and 16 GwG.

96 Section 2 Paragraph 1 No. 16 GwG. Risk management requirements will only be triggered in the case of handling cash payments exceeding €10,000, Section 4 Paragraph 4 GwG. Normally, no AML representative has to be appointed. Customer due diligence requirements also apply only where the said thresholds for cash handling are reached, or there are indicators of suspicious transactions, Section 10 Paragraph 6 GwG.

97 Statement, German Federal Ministry of Finance, VII A 3–WK 5023/11/10021.

98 Bundesverband Blockchain, Statement on Token Regulation, p. 29.

99 BT-Drucks. 18/12521, S. 8. This is far from being undisputed.

100 Section 4 through 6 GwG. In 2017, the Joint Committee of European Regulators issued guidance on risk factors for specific sectors (JC 2017 37).

101 Section 7 GwG.

102 Sections 10 through 13 GwG.

103 Simplified due diligence under Section 14 GwG, for example when transactions are conducted by a customer who is a public enterprise or agency or who has its registered office in an EU Member State or a country with similar AML and counter-terrorist financing requirements.

104 Enhanced due diligence under Section 15 GwG. For example, for transactions by politically exposed persons, transactions without any obvious economic purpose or transactions by enterprises or agencies residing in high-risk jurisdictions.

105 See Section 43 GwG.

106 Sections 119 Paragraph 1, 120 Paragraph 2 No. 3 WpHG in conjunction with Article 15 MAR (market manipulation); Section 119 Paragraph 3 No. 1, 2, 3 WpHG in conjunction with Article 14 MAR (insider trading).

107 Actions within the meaning of Section 35 WpPG.

108 Section 54 Paragraph 1 No. 2 in conjunction with Section 32 Paragraph 1 s. 1 KWG.

109 Section 339 Paragraph 1 KAGB.

110 Section 63 Paragraph 1 No. 4, 5 in conjunction with Section 10 Paragraph 1 s. 1, Section 34 Paragraph 1 s. 1 or Section 11 Paragraph 1 s. 1 ZAG.

111 Actions within the meaning of Section 56 Paragraph 1 GwG.

112 Section 263a StGB (Computerbetrug).

113 Section 202a StGB (Ausspähen von Daten).

114 Section 303a StGB (Datenveränderung).

115 BGH, NStZ 2018, 401.

116 Sections 202a, 303a StGB; see BGH, NStZ 2018, 401, 402 et seqq.

117 Section 263 StGB (Betrug).

118 Section 266 StGB (Untreue).

119 BGH, NStZ 2018, 401, 404 et seq.

120 Section 73 StGB (Einziehung, formerly Verfall), cf. BGH, NStZ 2018, 401, 404 et seq.

121 Section 823 Paragraph 2 German Civil Code (BGB); Section 812 et seqq. BGB.

122 See for such unclearness Bundesverband Blockchain, Statement on Token Regulation, p. 38.

123 Section 888 ZPO. Issue was not answered by Cf. BGH, NStZ 2018, 401, 405.

124 Section 857 ZPO.

125 See statement of the government of 21 February 2018, BT-Drucks. 19/851, p. 2.

126 ECJ, judgment of 22 October, C-264/14 – Hedqvist, Paragraph 53; Article 135 Paragraph 1 lit. e Directive 2006/112/EC.

127 German Federal Ministry of Finance, letter of 27 February 2018, III C 3 - S 7160-b/13/10001; Parliamentary State Secretary at the German Federal Ministry of Finance, 5 January 2018, BT-Drs. 19/370, p. 21 et seq.

128 Section 4 No. 8 lit. b UStG.

129 Parliamentary State Secretary at the German Federal Ministry of Finance, 5 January 2018, BT-Drs. 19/370, p. 22.

130 German Federal Ministry of Finance, letter of 27 February 2018, III C 3 - S 7160-b/13/10001, p. 2.

131 German Federal Ministry of Finance, letter of 27 February 2018, III C 3 - S 7160-b/13/10001, p. 3.

132 German Federal Ministry of Finance, letter of 27 February 2018, III C 3 - S 7160-b/13/10001, p. 3.

133 German Federal Ministry of Finance, letter of 27 February 2018, III C 3 - S 7160-b/13/10001, p. 3; Section 4 No. 8 b) UStG.

134 Statement of Parliamentary State Secretary of the Federal Ministry of Finance, BT-Drucks. 17/14062,
p. 25.

135 German Federal Ministry of Finance, letter of 27 February 2018, III C 3 - S 7160-b/13/10001, p. 2.

136 Section 22 No. 3 EStG; Parliamentary State Secretary at the German Federal Ministry of Finance, 5 January 2018, BT-Drs. 19/370, p. 21 et seq.

137 Parliamentary State Secretary at the German Federal Ministry of Finance, 5 January 2018, BT-Drs. 19/370, p. 21 et seq.; Statement of Parliamentary State Secretary of the Federal Ministry of Finance, 21 June 2013, BT-Drucks. 17/14062, p. 25.

138 Section 23 Paragraph 1 No. 2 EStG.

139 Section 15 EStG; Parliamentary State Secretary at the German Federal Ministry of Finance, 05 January 2018, BT-Drs. 19/370, p. 21 et seq.

140 Section 5 UWG, implementing the EU Unfair Commercial Practices Directive 2005/29/EC and the EU Misleading and Comparative Advertising Directive 2006/114/EG.

141 Sections 280 Paragraph 1, 311 Paragraph 2, 241 Paragraph 2 BGB.

142 For example, with the EU E-Commerce Directive 2000/31/EC, Consumer Rights Directive 2011/83/EU and Financial Services Distance Marketing Directive 2002/65/EC, which are implemented in the German Civil Code.

143 ECB, Virtual Currency Schemes, 2012, p. 44 et seq.

144 Details in Section 312d Paragraph 2 and Article 246b Introductory Act to the Civil Code (EGBGB) for B2C financial services; Section 312d BGB and Article 246a EGBGB for B2C distance selling contracts; Section 312j BGB and Article 246a EGBGB for B2C e-commerce contracts; Section 312i BGB and Article 246c EGBGB for all e-commerce contracts (including B2B).

145 Section 312g BGB.