EU legal framework for crypto-assets and financial sector resilience: update

The EU is working on setting out the legal framework for Fintech. On a separate but connected note, the EU legislator also addresses risks carried by technological evolutions. This paper focuses on three pieces of legislation and legislation in preparation for shaping the future of financial markets.

The Pilot Regime for market infrastructure based on distributed Ledger Technology Regulation (“EU DLT Pilot Regime”)

  • The EU DLT Pilot Regime provides for a temporary testing environment offering derogations from existing rules, which provides a legal framework for the trading and settlement of transactions in crypto-assets that qualify as financial instruments within the meaning of MiFID II (true digital securities or security tokens).
  • Through their relevant national authorities, authorised investment firms and market operators may apply to trading on a DLT Multilateral trading facility. Authorised Central securities depositary ("CSD") can apply for specific permission to operate a DLT settlement system. These two groups may apply for the operation of a combined DLT trading and settlement system, whereas new entrants will have the option to apply for temporary authorisations as investment firms, market operators or CSD to apply for the pilot regime.
  • Adopted in May 2022, the EU DLT Pilot Regime will enter into force on 23 March 2023.
  • On 27 September 2022, a bill of law was filed aiming at implementing the EU DLT Pilot Regime in Luxembourg by amending the Law of 5 April 1993 on the financial sector, the Law of 5 August 2005 on financial collateral arrangements and the Law of 30 May 2018 on markets in financial instruments. The bill of law is currently receiving the opinions of professional chambers and will thereafter be discussed in Parliament.

The Market in Crypto-Assets Regulation proposal (“MiCA”)

  • MiCA is set to regulate the market of crypto-assets and set up obligations of registrations, authorisations, publication to the competent authorities, governance and compliance for the issuers of crypto-assets.
  • Once adopted, MiCA will apply to all natural and legal persons and other undertakings that are engaged in the issuance, offer to the public and admission to trading of crypto-assets or that provide services related to crypto-assets in the Union. However, MiCA will not apply to crypto-assets qualifying as financial instruments under MiFID II (which include shares/units in collective investment undertakings).
  • On 30 June 2022, an agreement was reached between the EU Parliament, the Council and the Commission (trilogues) and the final text must now be formally approved by the EU Parliament in plenary meeting. The vote is expected to take place in February 2023. MiCA will apply 12 to 18 months after the final text is published in the Official Journal.

The Digital Operational Resilience for the financial sector Regulation proposal (“DORA”)

  • DORA sets out rules for financial entities, including full responsibility of the management body in ICT risks, the requirement to set up, maintain and test resilient ICT systems and tools, and the requirement to report to the competent authorities only deemed major ICT-related incidents.
  • All investment firms, managers of alternative investment funds, management companies and multiple other financial entities regulated at EU level will fall under DORA’s scope of application.
  • On 10 May 2022, an agreement was reached between the EU Parliament, the Council and the Commission (trilogues) and on 10 November 2022, the final text was formally approved by the plenary meeting of the EU Parliament. The adoption process is now completed and the final version of DORA will be published in the Official Journal in the coming weeks. Dora will apply 24 months after its entry into force.