The Financial Technology Law Review: Denmark

Overview

The fast-moving developments in terms of digitalisation have continued in the Danish financial sector as the integration of fintech evolves. The Danish fintech environment is characterised as an ecosystem based on a great deal of innovation and improved access to venture capital contributing to the digitalisation of the Danish business environment in general.2 Denmark was ranked number four in the World Bank's 2020 ease of doing business rankings3 and number one in the Digital Economy and Society Index 2021.4

As the Danish fintech market grows, it creates new commercial opportunities through established connections between start-ups, corporates, investors and academia and by linking the Nordic and global fintech ecosystem.5

To accommodate the development of Denmark as a leading fintech hub, the Danish government remains committed to improving conditions for fintech entrepreneurs to start up6 and expand.

As well as establishing a dedicated fintech unit, the Danish Financial Supervisory Authority (DFSA) decided to establish a Division of Fintech, Payment Services and Governance as well as a working group on regulatory initiatives relating to blockchain and decentralised finance. The DFSA has created the following initiatives to put Denmark on the map as a fintech-friendly jurisdiction: the Fintech Forum,7 the FinTech Lab (regulatory sandbox), a Fintech FAQ section on its website8 and guidance services.

The DFSA's published ambition of minimising regulatory uncertainty for financial companies using new technology by assisting financial entrepreneurs through the licensing process is further elaborated on in Section II.i.

In terms of taxation, no specific incentives are aimed at fintech companies, which is common in Denmark as it is rare that specific companies or sectors are granted tax advantages. In relation to digital assets, there is, however, a continuous development as tax authorities seem to decide on specific taxation of these in a somewhat unpredictable manner.

Regulation

i Licensing and marketing

Danish law has not implemented any specific fintech licence per se. As a rule of thumb, the traditional financial regime applies to any 'financial activity' carried out by means of technology. Licence and marketing requirements for a fintech company will therefore depend on the specific type of envisaged activities and, as such, are predominantly based on harmonised EU legislation.

The primary Danish laws currently applicable to fintech are:

  1. the Payments Act of 7 December 2021, as amended from time to time;
  2. the Money Laundering Act of 19 May 2021, as amended from time to time;
  3. the Financial Business Act of 15 December 2021, as amended from time to time;
  4. the Capital Markets Act of 1 November 2021, as amended from time to time;
  5. the Data Protection Act of 23 May 2018, as amended from time to time;
  6. the Marketing Act of 3 May 2017, as amended from time to time;
  7. the Consumer Contracts Act of 17 December 2013, as amended from time to time;
  8. the Consumer Loan Business Act of 24 April 2019, as amended from time to time; and
  9. Regulation (EU) 2020/1503 on European crowdfunding service providers for business.

Payment services

Payment services can be provided by non-banks: either by an electronic money institution or by a payment institution pursuant to Section 9 of the Danish Payments Act. These institutions must apply for a specific licence with the DFSA: either a full licence or a restricted licence when certain specific thresholds are being observed. The requirements as to documentation and the scope with respect to the restricted licence are less rigorous and the process of obtaining this licence is deemed correspondingly faster. The DFSA will have three months to process the application from the date of the receipt of a complete application (i.e., an application that contains all the required information and appendices that are necessary for the DFSA to process the application). There will be no initial fees to be paid to the DFSA with respect to the application. However, once the licence has been granted, the payment service provider will be subject to an annual fee adjusted on a yearly basis.

Credit information services

Companies providing credit information services must be licensed with the DFSA pursuant to Section 60 of the Payments Act. The application process is somewhat similar to the process regarding licensing for entities providing payment services, but less demanding. Once the licence is granted, companies providing credit information services are treated as payment services companies. These companies will need to comply with the rules set out in the Payments Act; however, this is subject to certain exemptions. Furthermore, they are required to hold business insurance covering the company's liabilities in case of unauthorised use of the services or fraudulent access.

The DFSA has emphasised that this area is still new and that new business models are emerging on an ongoing basis.9

Asset management

The Financial Business Act and several executive orders issued on the basis thereof regulate investment firms (implementing the second Markets in Financial Instruments Directive (MiFID II)).10 Financial institutions that provide investment services or carry out investment activities must be licensed as such pursuant to the provisions in Section 9 of the Act.

More specifically, these entities must obtain a licence to operate as an investment firm in respect of the activities mentioned in Appendix 4(A) of the Act regardless of the automated or digital character of the service (e.g., investment advice). Thus, digital financial advisory or transactional services are subject to the same regulatory requirements as traditional financial services. However, in a statement of 21 December 2020, the DFSA announced that it will sharpen its focus towards automated advisory services.11

Managers of alternative investment funds (AIFs) regulated by the Alternative Investment Fund Managers Directive12 and undertakings for collective investment in transferable securities (UCITS) are not singled out in relation to financial technology, apart from a distinct opinion issued by the DFSA stating that even though investment decisions are made by, for instance, a fully automated algorithm or artificial intelligence (AI), it will always be deemed to be ultimately operated by a natural person, employed in a company holding the applicable relevant authorisation for the financial service involved. In other words, it is not possible to 'outsource to a machine' to avoid personal liability and responsibility.

Marketing rules

The Marketing Act is the general legislation regulating the marketing of goods and services in all industries. The Act applies to private business activities as well as to public activities, to the extent that products and services are offered on the market no matter by which means.

Marketing of MiFID services, payment services or AIF management services entails an obligation to observe specific requirements based on harmonised EU legislation. In addition to these requirements, general rules on marketing as set out in the Marketing Act must also be observed. If a fintech company offers services or products not regulated by the financial regime, such as cryptoassets, the marketing of those services will only be subject to the general rules of the Marketing Act.

ii Cross-border issues

EU investment firms, credit institutions and other financial undertakings13 may passport their local European licence into Denmark14 as may similar firms from the European Economic Area and third countries that have applied to do so to the DFSA, depending on the type of service offered. The provision of investment services in Denmark may be carried out on a cross-border basis, through a branch or through a tied agent.

EU undertakings authorised to provide the activities in their home country may start providing services in Denmark when the DFSA has received notification of this from the supervisory authorities in the home country (passporting).15

Third-country credit institutions and investment firms may also apply for a licence with the DFSA to provide investment services on either a cross-border basis or through a branch.16 Both procedures require a formal application with the DFSA and are not covered by the passport option for EU firms.

Furthermore, EU electronic money institutions or payment institutions can provide payment services in Denmark by offering cross-border payment services, setting up a branch or through an agent, when the DFSA has received notification of this from the relevant supervisory authority in the home country.17

Physical presence is required for certain types of financial activities. The Alternative Investment Fund Managers etc. Act states that an AIF manager (AIFM) must appoint a depositary for each individual fund it manages. If the fund is established in an EU country, the depositary must be established in the same Member State as the fund.18 The same applies in relation to the appointment of a custodian for all UCITS.

In certain cases, the licence will not be required even though the services fall within the scope of the licence-based activities. This approach is, however, only reserved to a specific situation and conditioned upon an assessment of whether the contact between the entity and the customer or investor has been established exclusively on its own initiative (reverse solicitation) or if the service is indeed delivered in another jurisdiction – which may, for instance, be the case for deposits and custody or trading facilities.

Because Danish legislation does not contain a definition of 'reverse solicitation', a specific assessment must always be made on a case-by-case basis. Furthermore, the entity in question is solely responsible to document to the DFSA that no marketing towards customers has taken place (e.g., in the form of a written declaration from the investor supplied by other documentation).

In conclusion, Danish law does not permit undertakings to provide financial services cross-border without them obtaining a relevant licence or passporting a local licence into Denmark, which may often be the case if customer onboarding is done virtually and through electronic means (through, for instance, a website, app or web-based interface). Thus, it is of the utmost importance to carry out a case-by-case assessment of the specific service provided by a fintech company to determine whether it falls under the financial regime and how customers or partners use or access the service. If the (fintech) service falls within the scope, it will be subject to the licensing requirement regimes with cross-border possibilities.

Digital identity and onboarding

The first digital identity signature in Denmark boarded in 2003 and is now known as 'NemID'.19 NemID is issued to citizens and legal entities by the Danish state and consists of a user ID, a password and a key card with one-time codes. When a person logs in, they must first enter a user ID and password and then a code from the key card. NemID is owned and run by a private company, Nets DanID A/S (Nets).20 The identity signature technology is also used in Norway and Sweden. During the course of 2022, NemID will be replaced by a newly developed and fully digitalised solution, MitID.21 MitID will be used for the same tasks as NemID, but without the physical key card, which has been discontinued because it was proven too easy to copy and abuse.

NemID (MitID) ensures the identification of citizens and legal entities when executing documents and communicating with authorities; for example, in non-face-to-face situations (i.e., online). Traditionally, a person would put a signature on a piece of paper as a guarantee that he or she is who they say they are. However, when business affairs and models move from paper to digital communication, a tool used to sign electronic documents online becomes necessary. NemID (MitID) is an important tool used widely by companies in Denmark for this purpose. Further, NemID (MitID) is the common digital signature used in Denmark, which means that the same login is used everywhere. For instance, the DFSA has announced that requirements for a signature in connection with the handling of board documents and resolutions can be carried out using digital signature solutions.22

NemID (MitID) can also be used as a secure login on different online platforms, including for: accessing online banking, securities trading facilities and information from authorities; communicating with companies; carrying out cryptocurrency transactions; and accessing personal files and information from the Danish Tax Agency. Undertakings can enter into an agreement with a broker to support MitID.23

After granting the right to be a NemID (MitID) service provider, undertakings can use NemID (MitID) for the following purposes:

  1. identification: secure identification of users logging in to a website;
  2. validation: when the user validates himself or herself with NemID (MitID), the company is assured that the user is who they say they are; and
  3. signing: the possibility to offer digital signatures to an agreement. NemID (MitID) is a legally valid digital signature.

This solution is attractive for companies that wish to onboard clients digitally. NemID (MitID) enables companies to identify customers, users, representatives, employees, etc., digitally when entering into any agreements or engaging digitally.

Digital markets, payment services and funding

i Digital marketplaces

Operators of marketplaces are subject to the Danish Capital Markets Act, which entered into force on 3 January 2018 and implements relevant parts of MiFID. Among other things, operators of marketplaces need to apply to the DFSA for a licence. The scope of the requirements applicable differ depending on the services provided by the operator to its customers (members).

Because a marketplace is defined as either a regulated market, a multilateral trading facility (MTF) or an organised trading facility (OHF),24 the regulations apply only to platforms where third parties can buy and sell financial instruments.

Due to the fact that cryptoassets are generally not categorised as either a currency or a security or financial instrument,25 rules applicable to digital marketplaces do not apply to cryptoasset exchanges unless these can be categorised as financial instruments. Further to the regulation mentioned above, operators of digital platforms are subject to the general regulations on, inter alia, anti-money laundering (AML), competition, marketing, consumer protection and intellectual property rights protection, as well as to the General Data Protection Regulation (GDPR). The assessment of the applicability of financial regulation will be based on the characteristics of both the cryptoassets offered or traded and the services offered on the marketplace.

ii Crowdfunding

After the introduction and entry into force of the EU Regulation on European Crowdfunding Service Providers for Business (the Crowdfunding Regulation),26 the bespoke domestic regimes on crowdfunding, which diverged across the European Union, have been abolished.27 Thus, a new set of rules regarding the conditions of operation of crowdfunding platforms, the scope of permitted activities and the authorisation requirements is now harmonised across all EU Member States. The Crowdfunding Regulation aims at fostering cross-border crowdfunding services and facilitating the exercise of the freedom to provide and receive these services in the internal market.

According to the Crowdfunding Regulation, there are three types of actors: project owners that propose the project to be funded; investors that fund the proposed project (clients); and an intermediating organisation in the form of a crowdfunding service provider that brings together project owners and investors through an online platform.

The Crowdfunding Regulation lays down uniform requirements for the provision of crowdfunding services, for the organisation, authorisation and supervision of crowdfunding service providers and for the operation of crowdfunding platforms, as well as for transparency and marketing communications in relation to the provision of crowdfunding services in the EU. The Crowdfunding Regulation applies to crowdfunding services that consist of the joint provision of reception and transmission of client orders and the placement of transferable securities or admitted instruments for crowdfunding purposes without a firm commitment basis on a public platform that provides unrestricted access to investors.

With regard to crowdfunding that is not subject to the Crowdfunding Regulation (e.g., crowdfunding services that are provided to project owners that are consumers, or crowdfunding offers below €5 million), the national existing regime is assumed to apply (see below). However, a concrete assessment of whether a service or entity would be covered by the Crowdfunding Regulation (the authorisation requirement as a crowdfunding service provider) should be considered on a case-by-case basis.28

Loan-based crowdfunding may require one of two licences: either a payment institution licence or a credit institution licence. The decisive factor is whether the company operating the crowdfunding platform only transfers funds or whether it provides loans.

If the company only transfers funds between parties, the service provider will most likely need to apply for a licence as a payment institution.29 With a licence to provide payment services, it is possible to carry out intermediary activities related to payments between two parties; for example, by transferring: (1) an initial loan from an investor to a project owner; (2) interest; or (3) repayments. The transferral of funds can be initiated in several ways, where the specific way in which the service is provided will be decisive for what permission is required under the Payments Act.

If the service provider actually provides loans for its own account (after syndication of the lenders by public deposits), it will be required to apply for a licence as a credit institution.30

The DFSA has emphasised that the financial legislation, in addition to the above-mentioned licence requirements, imposes further requirements on providers of platforms and project owners. These may include the observation of MiFID requirements in terms of investor protection (including suitability tests) and requirements related to AML.31

Equity-based crowdfunding allows investors to invest in specific projects in exchange for ownership of shares or other forms of ownership interest from the issuer. Investor protection rules will often apply to equity-based crowdfunding. For example, a project owner or the provider of the platform may be required to prepare a prospectus and carry out suitability tests of the investors before the project can be financed. There are different types of permissions depending on the activity being performed because equity-based crowdfunding may involve both a single-purpose initial public offering-type transaction as well as collective investment scheme-related transactions. AML and know your customer requirements shall as always be observed.

Marketplace operators

With a licence as operator of a regulated market,32 an MTF33 or an OHF,34 it is possible to provide a platform that connects different project owners, issuers, sellers and intermediary and investor interests in buying and selling financial instruments.

The decisive factor for which of the three above permits is relevant to the provider of the platform is how the marketplace is set up and which types of financial instruments are traded on the marketplace.

AIFMs

With an AIFM licence,35 it is possible to establish a collective investment structure that intends to raise capital from a number of investors to invest in accordance with the specified investment strategy. Investments must be made in accordance with a defined investment policy for the benefit of investors. It is also possible to obtain a permit for ancillary services, which include investment advice and the receipt and dissemination of orders relating to financial instruments.36 For example, this structure may involve the provision of crowdfunding services or constitute a crowdfunding platform.

Investment company

A licensed investment company37 may, in relation to a crowdfunding platform, be responsible for safekeeping assets, receiving, transmitting and executing orders relating to financial instruments issued by selected project owners, and providing investment advice to investors. Platforms that have a licence as an investment company can also obtain a licence to participate in the investments with their own funds and to operate an MTF.

iii Other liabilities and relevant legislation for crowdfunding

Depending on the type of licence, providers of crowdfunding platforms may need to comply with investor protection rules such as customer categorisation, customer agreements, information obligations and requirements for suitability tests.38

Crowdfunding platforms not subject to the Crowdfunding Regulation will typically be covered by the Anti-Money Laundering Act (the AML Act). Companies subject to the AML Act must prepare a risk assessment and, based on this, internal policies and procedures that specifically describe how the company will manage and prevent the risk of being misused for money laundering and terrorist financing.

The company providing a crowdfunding platform must comply with the requirements set out in the Consumer Contracts Act.39 Because peer-to-peer lending platforms usually offer their services online, the consumer protection rules on distance selling must be respected. Pursuant to Section 14 of the Act, the provider must give the consumer certain information before entering into a distance selling agreement on a financial service.

iv Collective investment schemes

Collective investment schemes can take on many forms, including that of an AIF or a UCITS. It is not possible to locate any special provisions applicable to fintech models falling under the definition of a UCITS. Thus, these activities must be considered under the applicable regime for the collective investment scheme in question. The legislation and the directives they implement are 'technology neutral', which means that the use of financial technology neither qualifies nor disqualifies the application of either the Investment Associations, etc. Act40 for UCITS or the AIFM Act for AIFs. In other words, the categorisation must be based upon whether the characteristics are defined in the legislation, regardless of the use of technology.

Cryptocurrencies, initial coin offerings (ICO) and security tokens

i Current regulatory situation

The DFSA has announced that cryptocurrency will generally not be categorised as either a currency, a security or a financial instrument under the applicable financial regulatory regime in Denmark41 unless certain criteria apply. As such, there are no specific regulations that apply to payment assets issued on the blockchain technology usually referred to as cryptocurrency as cryptocurrency is not viewed as possessing an inherent value or deriving from a specific issuer. Cryptocurrency is only mentioned in the AML Act, which transposes the latest changes set out in the EU Anti-Money Laundering Directive (the Fifth AMLD). Cryptoassets may be financial instruments or securities as they may very well possess the characteristics of these. If a cryptoasset has the same aim as a financial instrument, it matters not that it is based on distributed ledger technology (DLT). If the cryptoasset as an issuance involves a financial aim, is standardised, transferable and negotiable, it will most probably be viewed as a financial instrument (usually referred to as a security token). Again, the regulation is technology neutral.

Regulatory initiatives from the EU are escalating in this area; a proposal for a regulation on markets in cryptoassets (MiCA) was published on 24 September 2020, together with an amending directive.42 The latest developments within the area will undoubtedly be considered as game changing and will contribute to the creation of a level playing field or enhancement of the investor protection as many of the existing participants will potentially fall under supervision because of a licence requirement. Denmark is expected to implement new EU harmonisation well within deadline.

Due to the absence of a specific regulatory regime, platforms based on the trading or exchange of cryptoassets (those not categorised as financial instruments) are currently not covered by the Danish financial regulation. Thus, provision of services with regard to cryptoassets does not require a licence. Nevertheless, companies providing cryptoasset exchange or trading services must be aware of other applicable legislation, such as AML laws, the general Danish marketing regime, contractual regimes, GDPR regimes and consumer protection regimes when providing services in Denmark.

That being said, it should be repeated that digital assets could be categorised as financial instruments. As such, a provider should always assess whether the criteria for qualifying a token or cryptoasset as a financial instrument are present (see below).

ii Security tokens

Cryptocurrencies that are exclusively a means of payment are still not regulated under the financial legislation in Denmark. However, certain tokens can be acknowledged as financial instruments (security tokens) and be covered by financial legislation.

Thus, security tokens should be assessed on a case-by-case basis as tokens may be viewed as financial instruments if they involve a financial aim and are standardised, negotiable and transferable.

It will depend on an individual assessment of whether a token fulfils the listed criteria for financial instruments and consequently is regulated by the DFSA. An example could be a token that acts as a derivative linked to an underlying financial instrument.

iii ICOs

The term 'initial coin offering' refers to the event where a company offers its own cryptocurrency on a blockchain that the public can buy. Companies dealing with ICOs and cryptocurrencies in general should carefully consider whether their activities fall within the scope of financial legislation. For example, this could be AIF or AML legislation or the Prospectus Regulation or the Crowdfunding Regulation. An individual assessment will establish whether an ICO is regulated by financial regulation. While ICOs have the potential to fund small and medium-sized enterprises, innovative start-ups and scale-ups, and can accelerate technology transfer, the Crowdfunding Regulation's preamble states that their characteristics differ considerably from crowdfunding services and shall not be covered by the Regulation.

However, few ICOs are regulated, and raising capital may therefore be started quickly and at lower cost because the company does not have to obtain regulatory approval. Another advantage may be that the company simultaneously raises capital and builds a user base of customers for its goods or services.

As investing in ICOs may be a high-risk activity, most often settled with another high-risk product (e.g., a widespread cryptocurrency such as Bitcoin or Ether), the DFSA encourages consumers to carefully examine the risks associated with the investment and gain the necessary understanding of the underlying business model and technology before investing.43

It is important to state that the very construction behind the offering of tokens through an ICO and investments in an ICO may be regulated by other legislation, even though the token offered is not a financial instrument.

iv Money laundering registration

The Fifth AMLD is partly implemented in the Danish Act on Preventive Measures against Money Laundering and Financing of Terrorism (the Money Laundering Act).44

Providers of cryptoassets and digital asset services are covered by the Act45 and cryptoasset issuers must be registered with the DFSA. In connection with AML registration, members of the company's management and beneficial owners must be considered 'proper' prior to the registration with the DFSA. For this purpose, the company will be obliged to submit criminal records for both members of the board of directors and the executive board as well as the ultimate beneficial owners.

When the company is registered, it is obliged to ensure that employees, including management, have received adequate training in the requirements of the AML Act and rules issued pursuant thereto as well as relevant data protection requirements.

v Tax and VAT

When an individual buys or sells cryptocurrency it is generally considered speculation. Therefore, generally, a Danish domiciled buyer or seller must also report the profit or loss to the Danish Tax Agency when selling cryptocurrency. In other words, tax must be paid if the cryptocurrency has been purchased for the purpose of making a profit.

Currently no specific VAT rules or exemptions apply with regard to cryptoassets or services. Hence, the question of whether VAT applies shall be assessed on a case-by-case basis in the light of the harmonised rules as set out in the EU VAT Directives. As such, a VAT exemption may apply if a financial technology is applied or included in a VAT-exempted service such as fund administration.46

Based on recent court practice, there might be a presumption that trading in certain cryptoassets can fall under the VAT exemption as the European Court of Justice has stated that transactions exchanging traditional currencies for units of Bitcoin are exempted from VAT under the provision concerning transactions relating to 'currency, bank notes and coins used as legal tender'.47

Other new business models

Denmark has not implemented specific rules on self-executing contracts or fully automated investment processes but judicial practice on the subject is plentiful as the concept of 'machine-induced will' is not accepted unless it can be attributed as the manifestation of a physical person's will. The concept of self-awareness is generally not accepted by law of contract unless it can be linked to, for instance, the implementation and responsibility of a legal person.

As outlined above, new ways of conducting business are continuously arising in the fintech industry. The most recent business models observed include:

  1. automated investment advisory;
  2. open banking platforms;
  3. credit information services;
  4. crowdfunding platforms;
  5. cryptoasset services;
  6. ICOs;
  7. digital marketplaces; and
  8. digital identity services.

Copenhagen Fintech has created an overview of the different areas and the companies involved that can be found on their website.48

The general starting point for all these fintech models is that they must be assessed on a case-by-case basis as regulation is intended to be technology neutral. The traditional financial regime applies for all models in which financial instruments or services are present. Therefore, it is decisive for the regulatory requirements to determine whether a financial instrument is involved in the specific service or vice versa. Fintech companies can apply the following steps in the assessment.

  1. Does the service involve financial instruments or payments?
  2. If yes, is it subject to financial regulation?
  3. If yes, what specific financial field does it concern and does a special legal framework apply?
  4. Can other relevant legislation apply (e.g., GDPR, competition, consumer protection and marketing)?

If the first step is confirmed, the specific financial field in which the service operates must be examined. As an example, automated investment advisory services fall under the scope of MiFID and the corresponding Danish Financial Business Act. In consequence, the fintech company must be aware of investor protection regimes and other obligations applicable to MiFID investment companies.

After confirming the relevant financial field involved, another important point to bear in mind is that additional requirements may apply for certain services. As an example, all securities traders that perform algorithmic trading on marketplaces in Denmark must notify their activities to the DFSA.49 This applies to Danish as well as foreign securities traders. In addition, MiFID implements a number of requirements for securities traders that use algorithmic trading or offer direct electronic access (e.g., in the form of risk frameworks and controls). Furthermore, the DFSA has issued a memorandum on good practice, which financial companies should follow if they use supervised machine learning.50 The DFSA recommends companies to be clear about the purpose of using machine learning to make proper decisions.

After concluding the scope of activities within the financial field, the company will have to consider other relevant legislation, such as GDPR, competition, consumer protection, marketing and taxation. As an example, one or more of the above-mentioned regimes will apply to third-party websites comparing products or providing information about financial products. Different regimes entail different requirements that ultimately affect the costs involved. The scope of requirements can therefore be important for evaluating the desired purpose of the fintech company.

Thus, a fintech company will always have to examine the specific field of activity to get an idea of the applicable regulatory framework. It is not possible to establish a clear or general framework for all fintech models and with new models arising, specific analysis must be conducted in each case by linking the service to the traditional financial regime and other relevant regimes.

With the fast-paced development in mind, fintech companies must be aware of new and upcoming regulatory initiatives in the fintech field, a recent example being the proposed regulations on cryptoassets presented by the European Commission.

Intellectual property and data protection

i Copyright protection of software

Digital data and material will usually be one of the key assets of fintech companies. Therefore, it is important to outline the legal scope for the protection of these assets.

There have been debates on whether computer programs (software) are protected as a copyright or patent right. In the EU, the copyright model has been the legal approach for dealing with this situation. In that sense, computer programs are protectable by copyright as literary works if they express the intellectual creation of an author.51 In that regard, the source code and object code of the software are protected by copyright.

Copyright protection extends to any element of expression of the creativity of a work's author, but not to the ideas behind it or the procedures, methods of operation or mathematical concepts as such. Therefore, an algorithm will not be protected by copyright. The main legal argument for this conclusion is that it is a factual concept and not an expression of the intellectual creativity of its author.

If an employee of a fintech company develops software during the performance of his or her work or according to the employer's instructions, the copyright will automatically be granted to the employer.52 This rule applies only to 'employees'. Consequently, consultants and software developers entering into a separate agreement with the company will attract the copyright as creators of the work. Therefore, it is important to manage the rights to the software in the contract under which it is developed.

ii Patent protection of software

The European Patent Convention and the Danish Patent Act excludes software from patentability if a patent application relates to a computer program 'as such'. It is therefore necessary to distinguish between 'software patents' that are excluded and 'computer-implemented inventions' that constitute accepted patentable subject matter.

In this respect, patent protection can be granted to inventions that involve the use of a computer, a computer network or other features realised by means of a computer program. Therefore, patentability is not denied on the sole basis that a computer program is involved. The decisive factor for patent protection of software is that the invention must contain or possess a technical character. This technical character must be present in all variants covered by the patent claim.

iii Database protection

Certain fintech business models have an interest in protecting the database they created. Protection can be obtained either as copyright protection or the unique sui generis protection offered by the Directive on the legal protection of databases.53 The latter protection type is, seemingly, easiest to access, as it only requires a substantial investment (qualitative or quantitative) in obtaining, verifying or presenting the data.

The copyright protection demands that the selection or arrangement of the contents of the database must constitute the author's own intellectual creation. Hence, protection will only apply to the selection and arrangement or structure of the material contained in the database and not the data itself.

The sui generis right on the other hand does not protect the structure or arrangement of the database but protects its contents. Thus, if a company is protected by the sui generis right, it has the right to prohibit any acts of extraction or reutilisation of the whole, or a substantial part, of the contents of a database.

iv GDPR

Providers of financial services in Denmark are subject to the EU GDPR and the Danish Data Protection Act.54 It is necessary for fintech companies to ensure that personal data is processed lawfully in the light of the data protection rules.

As an example, companies must gather information about: their customers in accordance with the AML Act and the Crowdfunding Regulation; and their investors pursuant to the suitability test carried out by MiFID companies. When companies gather this information, obligations under the GDPR regime are triggered and the companies must comply with these rules to avoid any sanctions.

Year in review

Denmark is considered to be at the forefront of the fintech area and has historically been a first mover in, for example, the creation of digital IDs (NemID (MitID)), payment cards (Dankort), mobile payment apps (MobilePay), public digital rights registers and notaries, digital vaccine passports and driving licences. The development is accelerating, with strong initiatives from both authorities and the private sector.

However, most recent developments in the regulation and legal treatment of fintech in Denmark are derived from regulations and directives from the EU as Denmark is reluctant to implement national regulation preceding upcoming and awaited EU harmonisation. The implementation of the EU legislation on fintech has primarily been transposed in Denmark in the Payments Act, the AML Act and the Financial Business Act. Furthermore, the DFSA has published a number of statements in the past year providing information on how certain legal fintech issues should be dealt with.

The Danish government and the DFSA have a clear vision to make it easier for fintechs to establish and grow in Denmark. With the DFSA's regulatory sandbox – the FinTech Lab – selected companies can test their innovative business models in a safe environment. The FinTech Lab ensures that companies can test new technologies and business models more quickly (e.g., by testing on a limited number of customers). This can help both the companies and the DFSA understand the use of new technology and business models within the financial area.

Private institutions are also contributing to successful development in the Danish fintech field. The organisation Copenhagen Fintech contributes to this progression by developing the community and ensuring growth within fintech innovation. The organisation hosts a yearly Copenhagen Fintech Week, which creates connections between different parties and connects the Nordic fintech ecosystem with the global fintech ecosystem.55 Events took place between June and November 2021, with three full days of sessions in September focusing on, among other things, sustainability, impact and Nordic cooperation and trends.56

The use of new technology and new business models in the financial sector may in some cases be difficult to place within existing financial legislation. The rise of new ways of conducting business in the fintech field requires regulators and practitioners to carry out individual assessments for the specific model in question and consider many different regulatory approaches. This applies not least for ICOs and cryptoassets that may still raise legal uncertainty. The DFSA is not only keeping a close eye on developments but is also participating directly on a practical level by offering various test environments. The latest initiative from the DFSA in that regard was an invitation to participate in a special task force for blockchain and decentralised finance. The main task of the group will be to support the DFSA in keeping track of new developments (both on the market and in the underlying technologies) as well as participating in the issue of guidance with respect to the upcoming MiCA regulation.57

To keep up with the most relevant developments in the regulation and legal treatment of fintech in Denmark, it is essential to follow DFSA announcements and keep track of the regulatory initiatives from the EU.

Outlook and conclusions

With strong initiatives from both authorities and the private sector in mind, the Danish fintech sector is expected to surge in innovation and development in the years to come. Industriens Fond (the Danish Industry Foundation) has released a report in cooperation with EY 'depicting Copenhagen fintech's journey to becoming one of Europe's leading clusters and incubation environments for fintech start-ups in just a few years'.58

The DFSA supports the fintech environment within the framework provided by the legislation and arranges special meetings where specific topics can be discussed as needed; it is possible for anyone interested to participate in these meetings.59

The aim and vision for fintech in Denmark are designed to make it easier for companies to grow within the field but also entail a duty to prepare and adapt to new models, especially in the areas of cryptoassets, AI, big data processing, payment service solutions and digital marketplaces.

As a result of recent regulatory initiatives in the cryptoasset field, clear and specific requirements can be expected for these assets. With the MiCA proposal, fintech companies dealing with cryptoassets can expect detailed regulation of the field. Thus, companies can already start assessing the proposed licence requirements applicable to issuers of cryptoassets and cryptoasset service providers to prepare their business model.

By amending the MiFID II definition of 'financial instruments' to specifically include instruments issued by means of DLT, the regulatory uncertainty for these assets will be removed, which can give rise to new and more innovative fintech models dealing with these instruments. The regulators in Denmark are keeping track of developments, and companies are advised to be particularly aware of statements issued by the DFSA.

Footnotes

1 Kim Esben Stenild Høibye is a partner and Jakub Zakrzewski is an attorney-at-law at NJORD Law Firm.

2 The Danish Industry Foundation, 'Copenhagen Fintech: Successful cluster development', 2021 https://industriensfond.dk/nyhed/ny-praktisk-guide-viser-vej-til-staerkere-okosystemer/.

6 Danish Financial Supervisory Authority (DFSA), 'Hvem er vi, og hvad er vores formål?', 7 December 2017, www.finanstilsynet.dk/Tilsyn/Information-om-udvalgte-tilsynsomraader/Fintech/Formaal.

10 Directive 2014/65/EU of the European Parliament and of the Council of 15 May 2014 on markets in financial instruments and amending Directive 2002/92/EC and Directive 2011/61/EU.

11 Danish FSA, 'Investeringsrådgiveren skal kende kunden – også når rådgiveren er en robot', 21 December 2020, www.finanstilsynet.dk/Nyheder-og-Presse/Pressemeddelelser/2020/Investeringsraadgiveren_skal_kende_kunden_161220.

12 Directive 2011/61/EU of the European Parliament and of the Council of 8 June 2011 on Alternative Investment Fund Managers and amending Directives 2003/41/EC and 2009/65/EC and Regulations (EC) No. 1060/2009 and (EU) No. 1095/2010.

13 See the entities mentioned in Sections 7–11 of the Danish Financial Business Act.

14 See id., Sections 30–32.

15 See id., Section 31.

16 See id., Section 33.

17 See Sections 46–49 of the Payments Act.

20 Nets is a leading provider of digital payment services and related technology solutions across Europe.

22 DFSA, 'Underskrivelse med digitale signaturløsninger', 3 April 2019, www.finanstilsynet.dk/Tilsyn/ Tilsynsreaktioner/Vejledende-fortolkninger/Underskivelse_digital_signatur_030419.

24 See Section 3, No. 5 of the Capital Markets Act.

26 Regulation (EU) 2020/1503 of the European Parliament and of the Council of 7 October 2020 on European crowdfunding service providers for business, and amending Regulation (EU) 2017/1129 and Directive (EU) 2019/1937.

29 See Section 9 of the Payments Act.

30 See Section 7 of the Financial Business Act.

32 A licence as an operator of a regulated market is an independent licence pursuant to Section 59 of the Capital Markets Act.

33 Permission to operate as a multilateral trading facility (MTF) is required in cases where a marketplace is operated in accordance with the rules in Chapters 17, 18, 20, 22 and 23 of the Capital Markets Act.

34 Permission to operate as an organised trading facility is required in cases where a marketplace that is neither a regulated market nor an MTF is operated. In this type of marketplace, only bonds, structured financial products, issue quotas and derivatives may be traded.

35 The conditions for obtaining an alternative investment fund manager (AIFM) licence are set out in Section 11, Subsection 3 of the AIFM Act.

36 See the AIFM Act, Annex 1, Point 3b.

37 The conditions for obtaining a securities company licence are set out in Sections 9 and 14 of the Financial Business Act.

38 See the rules in Executive Order No. 2092 of 14 December 2020 on Investor Protection.

39 Act No. 1457 of 17 December 2013.

40 Act No. 1718 of 27 November 2020.

42 COM(2020) 596 final.

43 DFSA, 'Orientering om ICO'er', 13 November 2017, www.finanstilsynet.dk/Nyheder-og-Presse/Sektornyt/2017/Orientering-om-ICO.

44 Act No. 1782 of 27 November 2020.

45 id., Section 1(1), Points 23 and 24.

46 See the Court of Justice of the European Union BlackRock case of 2 July 2020.

47 C-264/14 (Hedqvist).

50 DFSA, 'God praksis ved brug af superviseret machine learning', 10 July 2019, www.finanstilsynet.dk/Nyheder-og-Presse/Pressemeddelelser/2019/Machine_learning_10719.

51 See Recital 8 and Article 1(1) and (3) of the Software Directive (Directive 2009/24/EC).

52 See Section 59 of the Danish Copyright Act.

53 Directive 96/9/EC.

54 Currently Act No. 502 of 23 May 2018.

58 The Danish Industry Foundation, 'Copenhagen Fintech: Successful cluster development', 2021, https://copenhagenfintech.dk/intelligence/copenhagen-fintech-successful-cluster-development/.

59 Information about special meetings will appear on the DFSA's website and in its newsletter: DFSA, 'Fintech Forum', 24 February 2020, www.finanstilsynet.dk/Tilsyn/Information-om-udvalgte-tilsynsomraader/Fintech/Fintech-Forum.

The Law Reviews content