This is a self-archived – parallel published version of this article in the 

publication archive of the University of Vaasa. It might differ from the original. 

Regulating Crypto-Assets: Investor Protection 

Strategies and the 5-I’s Model 

Author(s): Salo-Lahti, Marika 

Title: Regulating Crypto-Assets: Investor Protection Strategies and the 5-I’s 

Model 

Year: 2023 

Version: Published version 

Copyright ©2023 Kluwer Law International BV, The Netherlands. 

Please cite the original version: 

 Salo-Lahti, M. (2023). Regulating Crypto-Assets: Investor Protection 

Strategies and the 5-I’s Model. European Business Law Review 34(4), 

585–618. https://doi.org/10.54648/eulr2023032 

 



Regulating Crypto-Assets [2023] EBLR 585

Regulating Crypto-Assets: Investor Protection Strategies and 
the 5-I’s Model

Marika Salo-Lahti*

Abstract

Crypto-assets are often marketed with high expected returns but as a detriment, very 
high price volatility comes in the same package. It is hard to imagine more contro-
versial investment objectives than crypto-assets – their status varies worldwide from 
legal currency to totally prohibited illegality. Crypto-assets have been an almost 
unregulated field in the EU. However, the Crypto Wild West days are soon to be over, 
as the new EU regulation is finally coming. The growing consumer demand for 
crypto-assets forces to strengthen investor protection. In this paper, investor protec-
tion strategies of the crypto-asset market are systematised with the 5-I’s Model devel-
oped by the author. The model examines crypto-assets from the perspective of 
investor, investment, information, intermediary and issuer – parts that constitute the 
five ‘Is’ in the model.

Keywords

5-I’s model, crypto-assets, EU regulation, MiCA, DLT, blockchain, investor protec-
tion, FinTech, regulatory sandbox, decentralised finance

1.	 Crypto-Assets as Investment Objectives

1.1.	 The Definition of Crypto-Assets and Recent Regulatory Activities

Crypto-assets are used both in lawful and unlawful activities. Special attention has 
been paid to the usage of crypto-assets to buy and sell illegal goods and services 
online, money laundering, and tax avoidance. Most legal activities take place on 
crypto-exchanges. Crypto-assets serve new financing opportunities for businesses, in 
an electronic and decentralised way. For investors, they can serve diversification 
possibilities.1 

* D.Sc. (Econ.), Assistant Professor (tenure track), digitalisation and business law, University of 
Vaasa, Finland. E-mail: marike.salo-lahti@uwasa.fi.

1 High Level Forum, A New Vision for Europe’s Capital Markets. Final Report of the High Level 
Forum on the Capital Markets Union, 14 (2020).

Salo-Lahti, Marika, ‘Regulating Crypto-Assets: Investor Protection Strategies and the 5-I’s Model’. 
European Business Law Review 34, no. 4 (2023): 585-618.
©2023 Kluwer Law International BV, The Netherlands



Marika Salo-Lahti586

Consumer interest on crypto-assets, including both virtual currencies and new 
types of crypto-assets, has grown significantly.2 One reason for that is the search for 
yield in the unprecedently turbulent market conditions.3 The market of crypto-assets 
includes wide range of different actors and assets. In March 2023, CoinMarketCap4 
lists over 22,700 different crypto-assets, Bitcoin and Ethereum being the most well-
known.5 The skyrocketed price of Bitcoin has led to strong investor demand, and this 
is followed by the assumption that crypto-assets will eventually achieve mainstream 
acceptance.6

When considering crypto-asset markets, the terms ‘cryptocurrency’ or ‘virtual 
currency’ have been widely used,7 but the emergence of new subsets, such as utility 
tokens, stablecoins and central bank digital currencies, advocates using a broader 
‘crypto-asset’ term.8 The term ‘token’ is often used as a synonym for crypto-assets. 
Crypto-assets can serve many functions: they can be payment methods as well as 
investment objectives. Utility tokens are used to access applications or services. Some 
crypto-assets, such as Bitcoin, have more than one of these functions.9 New EU-wide 
regulation proposal on Markets in Crypto-assets (hereinafter ‘MiCA’)10 defines 
‘crypto-asset’ as a digital representation of value or rights which may be transferred 

2 See, e.g., European Commission, Disclosure, Inducements, and Suitability Rules for Retail 
Investors Study: Final Report, 69 (2022). According to the study, interest in crypto-assets is increasing 
in all of the studied Member States, especially among young and risk-seeking investors.

3 ESMA (European Securities and Markets Authority), ESMA Report on Trends, Risks and 
Vulnerabilities, ESMA50-165-1524 54 (2021).

4 CoinMarketCap, Today’s Cryptocurrency Prices by Market Cap, https://coinmarketcap.com 
(accessed 6 Mar 2023).

5 ESAs (European Supervisory Authorities), EU Financial Regulators Warn Consumers on the Risks 
of Crypto-Assets, 3 (2022).

6 ESMA, supra n. 3, at 53.
7 See Apolline Blandin, Ann-Sofie Cloots, Hatim Hussain, Michel Rauchs, Rasheed Saleuddin, 

Jason Grant Allen, Bryan Zhang & Katherine Cloud, Global Cryptoasset Regulatory Landscape Study, 
34–35 (Cambridge Centre for Alternative Finance, University of Cambridge, 2019). Based on their study 
on crypto-asset regulation in different jurisdictions, the authors found that official statements utilised 
at least ten different terms, such as ‘virtual currency’, ‘digital currency’ and ‘Bitcoin’, on crypto-assets 
between 2013 and 2019.

8 Robby Houben & Alexander Snyers, Crypto-assets – Key Developments, Regulatory Concerns 
and Responses, 8 (Study for the Committee on Economic and Monetary Affairs, Policy Department for 
Economic, Scientific and Quality of Life Policies, European Parliament, 2020).

9 See, e.g., EBA (European Banking Authority), Report with Advice for the European Commission 
on Crypto-assets, 6–7 (2019). EBA notes in its report that currently there is no common taxonomy of 
crypto-assets used by international standard-setting bodies.

10 European Commission, Proposal for a Regulation of the European Parliament and of the Council 
on Markets in Crypto-assets, and amending Directive (EU) 2019/1937 (MiCA proposal) COM(2020) 
593 final (2020). At the time of writing this article, MiCA was not yet published in the Official Journal 
of the European Union. The latest available version was approved by the Council of the European 
Union 5 October 2022. See Council of the European Union, Proposal for a Regulation of the European 
Parliament and of the Council on Markets in Crypto-assets, and amending Directive (EU) 2019/1937 
(MiCA) – Letter to the Chair of the European Parliament Committee on Economic and Monetary 
Affairs (2022).



Regulating Crypto-Assets [2023] EBLR 587

and stored electronically, using distributed ledger technology (DLT)11 or similar 
technology. The European Parliament version from March 2022 added to the defini-
tion that a crypto-asset uses cryptography for security and is in the form of a coin or 
a token or other digital medium, but the later Council version from October 2022 
removed this addition.12 An important example of DLT is blockchain, which is under-
lying, for instance, Bitcoin.13 Crypto-assets are one of the main applications of block-
chain technology.14 

From the EU regulatory perspective, blockchain is a current topic also otherwise. 
In 2018, the European Blockchain Partnership was created by the Joint Declaration.15 
One of the main aims of the declaration was to establish the European Blockchain 
Services Infrastructure (EBSI).16 The EBSI is a peer-to-peer network of intercon-
nected nodes that enable using blockchain in the cross-border public sector services.17 
The EBSI helps to verify information, such as identity information and diplomas, and 
to boost the trustworthiness of services. The EBSI is the first EU-wide blockchain 
that is driven by the public sector.18 The first version of the EBSI was released in 
2020.19

In 2020, the EU launched its digital finance package,20 which included, for instance, 
the Digital finance strategy, as well as legislative proposals on crypto-assets.21 The 
MiCA regulation poses many requirements for crypto-asset issuers and service 

11 While there is no standard definition of DLT, it can include certain features, such as the use 
of cryptography, distribution of data across multiple participants, automation of functions, and in 
certain cases decentralisation of control. See HM Treasury, UK Regulatory Approach to Cryptoassets, 
Stablecoins, and Distributed Ledger Technology in Financial Markets: Response to the Consultation and 
Call for Evidence, 25 (2022). See also European Parliament, Report on the proposal for a regulation of 
the European Parliament and of the Council on markets in crypto-assets and amending Directive (EU) 
2019/1937. (COM(2020)0593 – C9-0306/2020 – 2020/0265(COD)) (2022). The European Parliament 
included the DLT definition in its amendments to the MiCA proposal. According to it, DLT means 
protocols and supporting infrastructure that enable nodes in a network to propose, validate, and 
record changes and updates without the need for central trusted parties. DLT is built upon public-key 
cryptography which includes pairs of keys: public and private.

12 European Parliament, supra n. 11; Council of the European Union, supra n. 10.
13 See, e.g., EBA, supra n. 9, at 8.
14 European Commission, supra n. 10, at 1.
15 The Partnership includes all EU Member States, as well as Norway and Liechtenstein.
16 Cooperation on a European Blockchain Partnership Declaration (2018).
17 European Commission, Commission Decision of 19.1.2022 on the Distribution of European 

Blockchain Services Infrastructure (EBSI) Software, C(2022) 407 final (2022).
18 European Commission, Introducing EBSI, https://ec.europa.eu/digital-building-blocks/wikis/

display/EBSI/Home (accessed 20 Jun. 2022). 
19 European Commission, New Steps in the Development of the European Blockchain Services 

Infrastructure (EBSI) (2020), https://digital-strategy.ec.europa.eu/en/news/new-steps-development-
european-blockchain-services-infrastructure-ebsi (accessed 20 Jun. 2022).

20 European Commission, Digital Finance Package, https://ec.europa.eu/info/publications/200924-
digital-finance-proposals_en (accessed 29 Jul. 2022).

21 The digital finance package includes also a legislative proposal on digital operational resilience, 
which is meant to ensure that financial sector firms, including fintechs, have strict standards in order 
to prevent and limit their ICT-risks.



Marika Salo-Lahti588

providers. The regulation (EU) 2022/858 on a pilot regime for market infrastructures 
based on DLT22 is completing the EU-wide crypto-asset regulation and is targeted to 
the crypto-assets that have already been covered by existing legislation.23 The DLT 
pilot regime is meant to provide financial firms possibilities to utilise DLT and be 
exempted from certain requirements of the existing law. The regulation notes that the 
current financial services legislation was not developed with DLT and crypto-assets 
in mind, and it contains provisions that may hinder the use of DLT. In addition, inves-
tors must be effectively protected from potential operational failures and other risks 
related to the use of DLT.24 The regulation also enables more efficient secondary 
market for crypto-assets that are classified as financial instruments.25 

1.2.	 The Aim of the Paper

There are many regulatory questions concerning crypto-assets. They can relate to, for 
instance, payment industry, when the main issue is how the conversion of fiat cur-
rency to crypto-asset and back is executed with proper care.26 An important question 
is also how to prevent tax evasion and other fraudulent actions. The investment-role 
of crypto-assets invokes important questions on proper investor protection in the 
highly volatile crypto-asset markets. This paper concentrates on the role of investor 
and the possible investor protection strategies that can be utilised in crypto-asset 
regulation. 

Crypto-assets are probably the most controversial investment objectives in the 
market. According to the studies, they are mainly used for speculative purposes.27As 
one type of speculation, Grobys and Junttila have found that cryptocurrencies face 
lottery-like demand. Investors then lack diversification and bet on investment objects 
that have exhibited highest daily returns.28 Consumers often see crypto-assets as an 
easy way to wealthy life, without proper understanding of their characteristics.29 

22 Regulation (EU) 2022/858 of the European Parliament and of the Council of 30 May 2022 
on a pilot regime for market infrastructures based on distributed ledger technology, and amending 
Regulations (EU) No 600/2014 and (EU) No 909/2014 and Directive 2014/65/EU (hereinafter ‘DLT 
pilot regime’).

23 The regulation on DLT pilot regime is applied from 23 March 2023.
24 It should be noted that the DLT pilot regime is optional, and the same services can be provided 

under existing EU financial services legislation.
25 DLT pilot regime, supra n. 22, at Recitals (4), (6).
26 Marek Bočánek, First Draft of Crypto-Asset Regulation (Mica) With the European Union and 

Potential Implementation 22 Financial Law Review 37, 47 (2021).
27 See e.g., FCA (Financial Conduct Authority), Research Note: Cryptoasset Consumer Research 

2021 (2021), https://www.fca.org.uk/publications/research/research-note-cryptoasset-consumer-
research-2021 (accessed 17 Jan. 2023). The most popular use of cryptocurrencies was ‘as a gamble 
that could make or lose money’ (Chart 17).

28 Klaus Grobys & Juha Junttila, Speculation and Lottery-Like Demand in Cryptocurrency Markets 
71 Journal of International Financial Markets, Institutions & Money 1, 1–2 (2021).

29 See FCA, supra n. 27, at Charts 1 and 6. Although the percentage of people who have heard of 
cryptos have risen, the overall understanding of their meaning has fallen. 71 % of the people who have 



Regulating Crypto-Assets [2023] EBLR 589

Instead of official sources of information, few influential recommendations can affect 
on purchase decisions.30 High volatility makes crypto-assets very risky investment 
objects, and the industry suffers from lack of trust.31 The need for stronger investor 
protection is apparent. However, the specific features of crypto-assets must be taken 
into account when developing investor protection regime for crypto-asset market. 
This paper aims at systematically evaluating investment protection strategies that are 
typically used in the financial market law. This is carried out with the 5-I’s Model 
which is created by the author and utilised earlier to analyse crowdfunding regulation 
– another novel EU-wide fintech regulation.32

In order to systematically examine investor protection strategies, the problems and 
challenges of regulating crypto-assets are first examined. The objectives and possible 
regulating strategies are then considered, as they resonate behind the investor protec-
tion regime, as well. 

2.	 The Controversial Nature of Crypto-Assets and Worries on Investor 
Protection

The exponential rise in the price of Bitcoin has increased interest to use crypto-assets 
as investment objectives.33 However, the prices of crypto-assets have also undergone 
severe crashes in 2022. In addition to Bitcoin, wide variety of other crypto-assets can 
be easily offered to retail investors. Especially initial coin offerings (ICOs) have 
raised investor protection concerns as the offering documents, called white papers, 
of ICOs have contained misleading and inadequate information. There have also been 
fraudulent ICOs, where crypto-assets have not even existed, or the issuer has disap-
peared after the ICO.34 Some crypto-assets have faced price manipulations and cyber-
attacks. This harms not only investors but also crypto-asset markets. Edwards et al. 
refer to the ‘lemons problem’ of the economist theory, where bad actors poison the 
market and the good actors suffer from that.35 

Due to many fraudulent uses of crypto-assets, regulators have tended to handle 
crypto-assets more as risks than as welcomed new innovations. Many standard-setting 

heard of crypto identified correctly its definition from the list of statements. This can lead to risk that 
consumers buy crypto-assets without proper understanding of them. 

30 See also ibid., Charts 13–14, which confirm the influence of friends and family as an important 
source of information when purchasing crypto-assets.

31 Joseph Lee & Florian L’heureux, A Regulatory Framework for Cryptocurrency 31 European 
Business Law Review 423, 437, 441 (2020).

32 See Marika Salo-Lahti & Vesa Annola, Investor Protection Strategies in Crowdfunding Regulation. 
The 4-I’s Model, in Responsible Finance and Digitalization. Implications and Developments, 171–185 
(UK and US: Routledge, 2022).

33 Franklin R. Edwards, Kathleen Hanley, Robert Litan & Roman L. Weil, Crypto Assets Require 
Better Regulation 75 Financial Analysts Journal 14, 14 (2019).

34 ESMA, Advice – Initial Coin Offerings and Crypto-Assets, ESMA50-157-1391 14 (2019).
35 Edwards et al., supra n. 33, at 15.



Marika Salo-Lahti590

bodies worldwide have issued warnings on crypto-assets to investors.36 In March 
2022, the European Supervisory Authorities (ESAs)37 warned again consumers that 
many crypto-assets are highly risky and speculative, and as such, they are not suited 
for most retail consumers either as an investment or as a means of payment or 
exchange. Some crypto-assets are also very complex, and difficult to understand for 
many consumers. According to the ESAs, one of the central risks of crypto-assets is 
misleading advertisements which can be channelled via social media and influencers. 
Special caution should be paid if the promised returns look too good to be true. Prices 
can also fall and rise very quickly as the volatility is typically very high. The risk of 
scams, fraud, operational errors and cyberattacks must be taken into account, as well. 
Due to the current regulatory framework, consumers may not have any rights to pro-
tection or compensation if these risks realise. All the invested money can be lost.38 

The ESAs had issued its earlier warning on virtual currencies (VCs) in 2018.39 The 
ESAs stressed then that VCs are neither issued nor guaranteed by central banks, and 
they are not legally ‘currency’ or ‘money’.40 The ESAs doomed VCs as unsuitable 
for most consumer purposes, such as investment or retirement planning, due to their 
high volatility, uncertainty about their future, and unreliability of the exchange plat-
forms and wallet providers.41 In its 2021 warning on crypto-assets, ESMA worried 
that especially stablecoins could raise concerns on financial stability. ESMA also 
noted the potential problems concerning the anonymity in the DLT which is typically 
used by crypto-assets.42 The new EU anti-money laundering package given in the 
summer 2021 tries to tackle this problem. A proposal of AML/CFT regulation43 (Anti-
Money Laundering/Combating the Financing of Terrorism) included in the package. 
According to the proposal, crypto-asset transfers should be traced in the same way as 
traditional money transfers. Anonymous crypto-asset wallet services will be prohib-
ited. Technological solutions are meant to ensure that crypto-asset transfers are indi-
vidually identified. However, the rules do not apply to person-to-person transfers 
without the service provider. For some part, crypto-assets have already been under 

36 See also Iris H-Y Chiu, Regulating the Crypto Economy: Business Transformations and Finan
cialisation, 81 (UK; Hart Publishing, 2021). According to Chiu, warnings can lead to biases in token 
offerings as the offerings can be skewed towards sophisticated and high-net-worth investors, leaving 
retail investors out. 

37 The ESAs consist of EBA (European Banking Authority), ESMA (European Securities and 
Markets Authority) and EIOPA (European Insurance and Occupational Pensions Authority).

38 ESAs, EU Financial Regulators Warn Consumers on the Risks of Crypto-Assets, ESA 2022 15 
1–2 (2022).

39 Different EU authorities have issued warnings on crypto-assets also earlier. For instance, the EBA 
had issued its first warning on virtual currencies already in 2013. See EBA, Warning to Consumers on 
Virtual Currencies, EBA/WRG/2013/01 (2013).

40 Currently, some countries have made Bitcoin as legal currency. The first one was El Salvador.
41 ESAs, ESMA, EBA and EIOPA Warn Consumers on the Risks of Virtual Currencies, 1–2 (2018).
42 ESMA, supra n. 3, at 53–54.
43 European Commission, Proposal for a Regulation on the Prevention of the Use of the Financial 

System for the Purposes of Money Laundering or Terrorist Financing, COM(2021) 420 final (2021).



Regulating Crypto-Assets [2023] EBLR 591

AML/CFT legislation, as AML/CFT Directive (EU) 2018/84344 added exchange ser-
vices between virtual currencies and fiat currencies, and custodian wallet providers 
to the Directive. Member States have the responsibility to ensure that providers of 
exchange services and custodian wallets, are registered. 

In addition to different types of warnings, some financial market authorities have 
decided to ban certain types of crypto-assets. In 2020, the UK’s Financial Conduct 
Authority (FCA), prohibited the sale of derivatives and exchange traded notes that 
reference certain crypto-assets for retail consumers.45 The FCA noted that retail con-
sumers have inadequate understanding of crypto-assets and they cannot reliably assess 
the value and risks of these types of products. In addition to the extreme volatility of 
crypto-asset markets, other reasons for the prohibition was the nature of the underly-
ing assets that do not have inherent value, as well as market abuse and financial crime 
in crypto-asset markets.46 

The controversial nature of crypto-assets appears also in the fact that while some 
countries, such as El Salvador, have made Bitcoin as a legal currency, some others, 
such as China and North Macedonia, have decided to prohibit the exchange of crypto-
assets altogether. Despite the problems linked to crypto-assets, they have remained 
mostly unregulated. However, some national legislations have existed. Malta was 
among the first ones in the world to have a detailed cryptocurrency regulation. For 
instance, Germany and France have also enacted national crypto regulation. These 
national regulations have different regimes. Rules can be optional, such as in France, 
or mandatory, like in Germany and Malta. The scope of crypto-assets and activities 
covered also differ, as well as the requirements imposed to issuers and service provid-
ers. In addition, the measures to ensure market integrity are not equivalent.47 In the 
next chapter, the main principles underlying proper regulatory framework on crypto-
assets will be considered. The new MiCA regulation will also be examined.

3.	 Regulatory Objectives and the New EU Regulation

One of the priorities in the Digital finance strategy48 is to ensure that the EU regula-
tory framework facilitates digital innovation. Innovations utilising DLT or artificial 
intelligence can benefit both consumers and businesses. One role of the regulatory 
framework is to ensure that these new technologies are used in a responsible way. In 
addition to its many opportunities, digital finance brings challenges for the existing 
legal framework which cannot always ensure financial stability, consumer protection, 

44 Directive (EU) 2018/843 of the European Parliament and of the Council of 30 May 2018 amending 
Directive (EU) 2015/849 on the prevention of the use of the financial system for the purposes of money 
laundering or terrorist financing, and amending Directives 2009/138/EC and 2013/36/EU.

45 The prohibition came into force in January 2021.
46 The FCA, Prohibiting the Sale to Retail Clients of Investment Products That Reference Crypto

assets, Policy Statement PS20/10 4 (2020).
47 European Commission, supra n. 10, at 148.
48 The Digital finance strategy builds on the 2018 Fintech Action Plan.



Marika Salo-Lahti592

market integrity, fair competition and security in the digital finance. The Commission 
has adopted the principle ‘same activity, same risk, same rules’ in order to ensure the 
balance between traditional financial institutions and new participants.49

When new innovative technologies are regulated, the impact of the regulation on 
willingness to create and use new innovations must be carefully considered. On the 
other hand, uncertainty of the legal situation can harm innovations, as well. It can be 
unsure whether the securities laws should apply and are there certain types of disclo-
sure requirements that must be followed. The regulation of crypto-assets should 
concern worries on cyberattacks. In addition, capital requirements are one typical tool 
in the financial market regulation in order to protect investors and to build trust in the 
market.50 

In general, the regulation on new digital finance innovations has been fragmented. 
Some countries have adopted national regulation while others have refrained from 
regulating the new phenomena. Harmonisation of the regulation between EU-coun-
tries is crucial in order to ensure cross-border actions. The passporting system enables 
offering financial services across EU countries with single authorisation. The EU 
Crowdfunding regulation (EU) 2020/150351 enabled passporting for crowdfunding 
services, and the new MiCA regulation brings passporting to EU crypto-asset markets 
as well.52 

It has also been ambiguous whether more traditional EU financial market regula-
tion can be applied to crypto-assets. One problem is to define what a crypto-asset is 
or can be. Crypto-assets are not coins, banknotes or scriptural money. That is why 
they are typically not ‘funds’ as qualified in the PSD2 (second Payment Services 
Directive (Directive 2015/2366/EU)).53 However, the EBA has noted that in some 
cases, a crypto-asset can be qualified as ‘electronic money’ which is regulated in the 
EMD2 (second Electronic Money Directive (Directive 2009/110/EC)).54 Electronic 
money is, in turn, in the scope of the PSD2.55 

Crypto-assets can also qualify as ‘financial instruments’, when appropriate finan-
cial market regulation can be applied.56 Due to the technological neutrality principle 
of the EU law, same regulation should be applied to the same instruments and services 
regardless of the technology used. This is the case, for instance in investment advising 

49 European Commission, Digital Finance Strategy for the EU, COM(2020) 591 final 4–5 (2020).
50 Edwards et al., supra n. 33, at 17.
51 Regulation (EU) 2020/1503 of the European Parliament and of the Council of 7 October 2020 

on European crowdfunding service providers for business, and amending Regulation (EU) 2017/1129 
and Directive (EU) 2019/1937.

52 European Commission, supra n. 49, at 7.
53 Directive (EU) 2015/2366 of the European Parliament and of the Council of 25 November 2015 on 

payment services in the internal market, amending Directives 2002/65/EC, 2009/110/EC and 2013/36/
EU and Regulation (EU) No 1093/2010, and repealing Directive 2007/64/EC.

54 Directive 2009/110/EC of the European Parliament and of the Council of 16 September 2009 
on the taking up, pursuit and prudential supervision of the business of electronic money institutions 
amending Directives 2005/60/EC and 2006/48/EC and repealing Directive 2000/46/EC.

55 EBA, supra n. 9, at 12–15.
56 ESMA, supra n. 34, at 21–36.



Regulating Crypto-Assets [2023] EBLR 593

– MiFID II (Directive 2014/EU/65)57 is applied to traditional investment advising as 
well as robo-advising.58 Likewise, crypto-assets that can be qualified as ‘financial 
instruments’ defined in the MiFID II, should be treated the same as traditional finan-
cial instruments.59 However, there are gaps and issues in current legal framework 
when applied to crypto-assets.60 Hence, the regulation on the DLT pilot regime grants 
certain exemptions from the MiFID II for crypto-assets that qualify as financial 
instruments.

So, the current legal framework has been difficult to apply, as the specific charac-
teristics of a certain crypto-asset may have led to an interpretation that a crypto-asset 
is a financial instrument, electronic money or none of them. The European Parliament 
notes in its amendments to the MiCA proposal that crypto-assets can also qualify as 
deposits as defined in the Directive 2014/49/EU.6162 The Council again changed the 
list, and stated in its October 2022 amendments that the MiCA will not be applied to 
crypto-assets that qualify as, for instance, financial instruments, deposits, funds, or 
non-life or life insurance products. Electronic money is deleted from the list. The 
Council states that as electronic money and funds received in exchange for electronic 
money should not be treated as deposits, electronic money tokens cannot be consid-
ered as deposits that are exempted from the MiCA regulation.63 For the most part, 
crypto-assets have still remained outside the field of financial market regulation and 
consequently are unregulated.64 In addition to forming new legal terms, some tradi-
tional terms may need to be amended. In the regulation on DLT pilot regime Article 
18 it is stated that the definition of the ‘financial instrument’ in the MiFID II should 
be amended to include financial instruments that are issued by DLT. 

When new innovative phenomena are regulated, the ‘regulatory sandbox’ approach 
can also be utilised. In the EU, it has been noted that flexibility and experimentation 
can be effective tools for innovation-friendly and future-proof legislation. Regulatory 
sandboxes are increasingly used in various sectors, such as in finance, health and legal 
services, often including the use of new technologies, such as DLT.65 The DLT pilot 
regime regulation can be seen as an example of the ‘regulatory sandbox’ approach 
with its limited six years’ period for the exemptions and permissions. The aim is to 
test DLT market infrastructures. The DLT pilot regime is meant to provide experiences 

57 Directive 2014/65/EU of the European Parliament and of the Council of 15 May 2014 on markets 
in financial instruments and amending Directive 2002/92/EC and Directive 2011/61/EU.

58 See, e.g., Marika Salo-Lahti, Good or Bad Robots? Responsible Robo-Advising 33 European 
Business Law Review 671 (2022).

59 European Commission, supra n. 10, at Recital (6).
60 ESMA, supra n. 34, at 37.
61 Directive 2014/49/EU of the European Parliament and of the Council of 16 April 2014 on deposit 

guarantee schemes.
62 European Parliament, supra n. 11, at Recital (2a).
63 Council of the European Union, supra n. 10, at Recital (6). 
64 EBA, supra n. 9, at 14–15.
65 Council of the European Union, Council Conclusions on Regulatory Sandboxes and Experimen

tation Clauses as Tools for an Innovation-Friendly, Future-Proof and Resilient Regulatory Framework 
That Masters Disruptive Challenges in the Digital Age, 13026/20 3 (2020).



Marika Salo-Lahti594

of the opportunities and risks relating to crypto-assets that qualify as financial instru-
ments, and it can help to develop practical proposals for future regulatory framework. 
If the pilot regime deems successful, it might be made permanent in the future. This 
can be made by amending financial services regulation in order to establish one coher-
ent framework, instead of two parallel DLT and non-DLT infrastructures.66 

In general, regulating crypto-assets means balancing between innovation and 
investor protection. New legal requirements mean also new compliance costs for 
market actors. Despite of the aim at strengthening investor protection, the reactions 
of the investors to new legal actions are not always positive. Koenraadt and Leung 
found that news about regulation aimed at increasing transparency by requiring more 
disclosures led to negative market reaction according to the price data from Coinmar-
ketcap. Investors may sometimes perceive new requirements as burdensome or 
costly.67 

The MiCA regulation proposal has four main objectives. First one of them is legal 
certainty. A sound legal framework that is grasping all crypto-assets is needed in order 
to develop an EU-wide crypto-asset market. The second objective is to support inno-
vation and fair competition. The third objective takes into account proper levels of 
consumer and investor protection as well as market integrity. Finally, the fourth 
objective is to safeguard financial stability.68 Bearing these objectives in mind, in the 
next chapter, crypto-asset regulation will be analysed utilising the 4-I’s Model which 
is completed to the 5-I’s Model.

66 DLT pilot regime, supra n. 22, at Recitals (6), (53). Resembling the pilot regime idea, the UK 
government will implement a Financial Market Infrastructure Sandbox in 2023. The FMI Sandbox aims 
at supporting firms using technologies, including DLT, by providing modifications to existing regulation 
when regulation can be seen as a barrier to adoption. One goal of the sandbox is to provide regulators 
information on what changes are needed in the existing regulation. HM Treasury, supra n. 11, at 5–6.

67 However, these reactions were less negative among higher quality and transparent token issuers 
which were already more transparent and engaged with the holders. The importance of information 
was still evident: investors valued voluntary disclosure. It should be noted that at the time of the study 
sample, there were no mandated disclosures for crypto tokens. Instead, crypto-markets have developed 
without investor protection rules or disclosure requirements. Information asymmetries have been reduced 
with voluntary and mainly unverifiable disclosures. These disclosures can be channelled via corporate 
websites, product information and social media. White papers are the primary sources of information. 
Crypto exchanges can also put pressure on transparency with their listing requirements. Jeroen Koenraadt 
& Edith Leung, Investor Reactions to Crypto Token Regulation 31 European Accounting Review 2–4, 6, 
19, 23 (2022). See also Thomas Bourveau, Emmanuel T. de George, Atif Ellahie & Daniele Macciocchi, 
The Role of Disclosure And Information Intermediaries in an Unregulated Capital Market: Evidence 
from Initial Coin Offerings 60 Journal of Accounting Research 129, 130, 138, 160 (2022). Bourveau et 
al. also noted the importance of information, as higher levels of disclosure were associated with better 
success in raising external capital. Market-based information intermediaries such as rating platforms, 
enhanced the credibility of voluntary disclosures. Intermediaries can serve in a certification role and 
build trust in the market. https://www.tandfonline.com/doi/full/10.1080/09638180.2022.2090399?scrol
l=top&needAccess=true&role=tab.

68 European Commission, supra n. 10, at 2–3.



Regulating Crypto-Assets [2023] EBLR 595

4.	 Investor Protection Strategies in the Crypto-Asset Market: From the 
4-I’s Model to the 5-I’s Model

4.1.	 Explaining and Expanding the 4-I’s Model

Salo-Lahti and Annola have created the 4-I’s Model in order to systematise the inves-
tor protection strategies especially in crowdfunding regulation.69 However, the aim 
of the model is not to be limited to the crowdfunding regulation, but it is meant to 
serve as a systematisation tool for financial market regulations. There are certain 
similarities between the EU crowdfunding regulation and the MiCA regulation. Both 
of them are totally new regulations aiming at harmonisation of the fragmented regu-
latory fields of the new financial innovations. Both crowdfunding and crypto-assets 
can include wide variety of actors with different levels of risk to investors. 

There are also practical linkages between crowdfunding and crypto-assets. Actu-
ally, crowdfunding and ICOs (initial coin offerings) appear very similar methods to 
digitally collect financing from large crowds of people. In the ICO, a venture sells 
tokens to a crowd using DLT, such as blockchain technology.70 Crowdfunding, 
instead, is a form of fundraising involving open calls to the public, typically via online 
platforms, to finance projects through monetary contributions in exchange for a 
reward, product pre-ordering, lending, or investment.71 Chiu notes that ICOs take the 
peer-to-peer idea and distributed finance one step further than crowdfunding.72 Both 
financing methods are typically used in rather early stages of company lifecycle, 
compared to initial public offerings (IPOs) where companies go public to sell stock 
shares to the public.73 Some researchers suggest even to combine crowdfunding and 
ICOs in order to overcome the inefficiencies of crowdfunding and the shortcomings 
of ICOs.74 

There are also many differences between crowdfunding and ICOs. Unlike in 
crowdfunding, crypto-tokens are tradable assets that resemble more traditional secu-
rities.75 Block et al. also notes that the motivations of the backers76 in crowdfunding 
and ICOs differ, as ICOs are expected to attract more technology-oriented investors 

69 Salo-Lahti & Annola, supra n. 32. 
70 Joern H. Block, Alexander Groh, Lars Hornuf, Tom Vanacker & Silvio Vismara, The Entrepre

neurial Finance Markets of the Future: A Comparison of Crowdfunding and Initial Coin Offerings 57 
Small Business Economics 865, 866 (2021). 

71 European Commission, Crowdfunding, https://ec.europa.eu/growth/access-finance/policy-areas/
crowdfunding_en (accessed 21 Jul. 2022).

72 Chiu, supra n. 36, at 55.
73 Angelos Delivorias, Understanding Initial Coin Offerings. A New Means of Raising Funds Based 

on Blockchain, European Parliamentary Research Service PE 696.167 2–3 (2021). 
74 Lars Hornuf, Theresa Kück & Armin Schwienbacher, Initial Coin Offerings, Information 

Disclosure, and Fraud 58 Small Business Economics 1741, 1755 (2022).
75 Ibid., at 1743.
76 It must be noted that the motivations differ also among different types of crowdfunding. For 

instance, backers of reward-based crowdfunding projects and equity-based crowdfunding projects have 
different motivations.



Marika Salo-Lahti596

than crowdfunding campaigns. The role of platforms is another important difference. 
Platforms play a crucial role in crowdfunding, whereas they have been of minor 
importance in ICOs. As a consequence, ICOs have been much less fraud resistant 
than crowdfunding – due diligence checks by the crowdfunding platforms can disclose 
many of the fraudulent projects. However, recently ICOs have been more often con-
ducted through exchanges, so these differences may diminish.77 The ICOs will be 
partly regulated when the new MiCA regulation will be applied. One specific objec-
tive of the MiCA is to increase the funding sources of companies through increased 
initial coin offerings.78

The 4-I’s Model consists of Investor, Investment, Information, and Intermediary. 
By Investor, the model refers to the protection elements of financial market regulation 
that are based on the characteristics of investors. Client classification is an example 
of this – financial market regulation typically safeguards especially retail investors. 
Investment in the model refers to the regulatory tools that are directly bound to the 
investment itself, such as limits concerning invested amounts. Information part refers 
to the disclosure duties which are typical tools to protect investors in different fields 
of financial market regulation. The Intermediary refers to the service providers, such 
as crypto-asset exchanges and wallet providers.79 Differing from crowdfunding regu-
lation, the role of issuers is strong in the crypto-asset regulation. As a consequence, 
a fifth ‘I’ – Issuer – will be added to the model in order to serve as a proper systema-
tisation tool for crypto-asset regulation. Despite of their role in the regulation, in 
reality there may not be any particular issuer, depending on the characteristics and 
the decentralisation of the crypto-asset in question. The Figure 1 describes the content 
of the 5-I’s Model.

4.2.	 Investor: The First ‘I’

Classifying investors into groups by their experience and knowledge is a common 
way to direct investor protection regulation to the client groups that need the protection 

77 Block et al., supra n. 70, at 866, 869–870, 872.
78 European Commission, supra n. 10, at 145.
79 Salo-Lahti & Annola, supra n. 32.

Figure 1. The 5-I’s Model.

 

 
 

The 5-I's Model – a systematisation tool for investor protection

Investor
(e.g. investor 
classification)

Investment
(e.g. crypto-asset 

classification, 
limitations and 

bans)

Information 
(factors influencing 

in the disclosure 
duties)

Intermediaries 
(characteristics 

influencing in the 
responsibilities)

Issuers
(noting the 
meaning of 

decentralisation)



Regulating Crypto-Assets [2023] EBLR 597

most. In the financial market regulation, investor protection is often targeted espe-
cially to retail clients. This regime takes into account the different protection needs 
of investors – while more vulnerable retail clients are under stricter protective meas-
ures, products and services can be offered to sophisticated investors with lighter rules 
and lower costs.80

Client classification can be implemented in many ways and different wordings. 
Client classification is in a central role, for instance, in the MiFID II, which divides 
clients into three classes. Retail clients are under the strongest protection, while pro-
fessional clients and counterparties can be served with less strict rules.81 The Crowd-
funding regulation (EU) 2020/1503 distinguishes between sophisticated and 
non-sophisticated investors, when determining the appropriate level of investor pro-
tection. Despite using different terms, this classification builds on the MiFID II 
definitions of professional clients and retail clients.82

Quite surprisingly, the term ‘retail investor’ is not even mentioned in the original 
MiCA proposal. However, retail investors are still in a very central role in the crypto-
asset market, as crypto-asset platforms usually give direct access to retail investors. 
Client classification is implicitly part of the original MiCA proposal, as the term 
‘qualified investors’ is used several times. Lighter rules are imposed when crypto-
assets are offered only to qualified investors. According to the Article 3, the term 
refers to the qualified investor of the Prospectus regulation (EU) 2017/1129.83 The 
Prospectus regulation, in turn, refers to the definition of professional clients found in 
the MiFID II and its predecessor MiFID. In practice, Ferrari notes that instead of 
qualified investors, initial coin offerings (ICOs) are typically addressed to the crowds 
of retail investors.84 Unlike the original version, the term ‘retail holder’ was included 
in the Council version of the MiCA in October 2022. According to the amended Arti-
cle 3, retail holder means any natural person ‘who is acting for purposes which are 
outside his trade, business, craft or profession’. It is not further explained, whether 
this definition is somehow broader than the MiFID II Article 4 definition of the retail 
client who ‘is not a professional client’. Remarkable is, that the Council version refers 
to the protection of retail holders in several occasions.

The DLT pilot regime also utilises retail investor classification. The DLT infra-
structure would be difficult to match with MiFID II and retail investors, and that is 
why the pilot regime regulation gives certain temporary exemptions on the strict rules 
of the MiFID II so that retail investors can also be given direct access to market with-
out intermediaries. Adequate investor protection issues must be considered and retail 

80 Ibid., at 173.
81 See also ibid., at 173–175.
82 Crowdfunding regulation, supra n. 51, at Recital (42).
83 Regulation (EU) 2017/1129 of the European Parliament and of the Council of 14 June 2017 on 

the prospectus to be published when securities are offered to the public or admitted to trading on a 
regulated market, and repealing Directive 2003/71/EC.

84 Valeria Ferrari, The Regulation of Crypto-Assets in the EU – Investment and Payment Tokens 
under the Radar 27 Maastricht Journal of European and Comparative Law 325, 332 (2020).



Marika Salo-Lahti598

investors must fulfil certain prerequisites.85 The Article 4 states that natural and legal 
persons can be admitted to trade on their own account, if they, for instance, are of 
sufficient good repute, have sufficient level of competence and experience, including 
knowledge of the functioning of DLT, and they have been adequately informed. The 
position of retail investors is given special attention also in the Article 7, concerning 
the transition strategy which should describe how issuers, clients and other parties 
are handled in the event of a withdrawal or discontinuation of a specific permission 
or a cessation of business. The transitional strategy must set out how especially retail 
investors are protected from any disproportionate impact in such cases.

4.3.	 Investment as the Second ‘I’

One important question concerning the regulation on crypto-assets is what exactly is 
a crypto-asset. Crypto-asset markets also develop rapidly. Is it even possible to for-
mulate future-proof regulation in this type of area? When regulating crypto-assets, it 
is important to notice that there are different types of crypto-assets with differing 
characteristics and risk levels. A one-size-fits-for-all regulation is not possible. In 
order to systematise the crypto-asset market and to build effective regulation and 
investor protection, a justifiable classification of crypto-assets is needed so that 
stricter regulation can be targeted to those crypto-assets that impose higher risks to 
the market and investors. 

In general, classification of instruments is an important tool in the financial market 
law as it determines the applicable rules and supervisory powers of competent author-
ities. Uncertain classifications may lead to regulatory arbitrage where actors seek the 
most favourable regulatory environment.86 However, classification is a particularly 
problematic area for crypto-assets. There are different types of crypto-asset classifi-
cations among jurisdictions which can lead to high level of fragmentation and com-
plexity. The hybrid and transformative nature of crypto-assets makes it challenging 
to establish a comprehensible classification.87 Ferrari refers to the ‘temporal dimen-
sion’ of the problem of tokens’ classification: tokens can have different functions 
during their lifecycle. Therefore ‘substance over form approach’ that considers the 
actual functions in specific circumstances might work best.88 

So, the classification is not just for theoretical purposes – quite the contrary: crypto-
assets are not homogeneous group and different crypto-assets must be treated 

85 DLT pilot regime, supra n. 22, at Recital (26).
86 Dirk A. Zetzsche, Filippo Annunziata, Douglas W. Arner & Ross P. Buckley, The Markets in 

Crypto-assets Regulation (MiCA) and the EU Digital Finance Strategy 16 Capital Markets Law Journal 
203, 209 (2021). 

87 Jérôme Saulnier & Ilaria Giustacchini, Digital Finance: Emerging Risks In Crypto-Assets – Regu
latory and Supervisory Challenges in the Area of Financial Services, Institutions and Markets, European 
added value assessment, European Parliament PE 654.177 8, 29 (2020).

88 Ferrari, supra n. 84, at 329–330.



Regulating Crypto-Assets [2023] EBLR 599

differently by regulators.89 The MiCA regulation proposal divides crypto-assets into 
three sub-categories, which all have specific requirements. First group consists of 
‘utility tokens’ that are meant to provide digital access to a good or service. Hence, 
they are non-financial by nature and only accepted by their issuer. The second class 
of crypto-assets are ‘asset-referenced tokens’. Their value is intended to be stable as 
it is tied to reference assets, such as fiat currencies like Euro or US Dollar, or com-
modities such as gold, or a combination of many assets. The third category of crypto-
assets are ‘electronic money tokens’ or ‘e-money tokens’ which main function is to 
serve as a stable payment tool with reference only to one fiat currency.90 The Council 
modified the categories by broadening the scope of the former utility token class by 
defining the sub-category as ‘other crypto-assets that are not asset-referenced tokens 
or e-money tokens’. This category includes utility tokens.91

The European Economic and Social Committee (EESC) stated in its opinion on 
the MiCA proposal that a greater degree of clarity could be achieved with more 
detailed specifications of the sub-categories of crypto-assets and their scope. The 
EESC called for a definition of ‘security token’ with clear guidance on the features 
of a crypto-asset that can be classified as a financial instrument, as this determines 
the applicable law.92 The European Central Bank (ECB) noted in its opinion that 
asset-referenced tokens and e-money tokens defined in the MiCA proposal are, in 
whole or in part, money substitutes.93 The ECB also stated that the crypto-asset defi-
nition in the MiCA proposal is ‘a wide, catch-all definition’. Deviating from the 
technology neutrality principle, the ECB deemed the definition to be technology-
specific. The ECB was also of the opinion that the scope of the regulation should be 
further clarified. Most of the confusion relates to the distinction between crypto-assets 
that can be characterised as financial instruments falling under the MiFID II regula-
tion, and crypto-assets belonging under MiCA.94 In general, it is important to notice 
that not all crypto-assets are under the MiCA regulation. Some of them are regulated 
with traditional financial law. Szwajdler notes that these two groups of crypto-assets 

89 Pawel Szwajdler, Considerations on the Construction of Future Financial Regulations in the Field 
of Initial Coin Offering 23 European Business Organization Law Review 671 (2022).

90 European Commission, supra n. 10, at Recital (9).
91 Council of the European Union, supra n. 10, at Recital (9).
92 EESC (European Economic and Social Committee), Opinion of the European Economic and 

Social Committee on: Proposal for a Regulation of the European Parliament and of the Council on 
Markets in Crypto-assets, and amending Directive (EU) 2019/1937 (COM(2020) 593 final – 2020/0265 
(COD)), Proposal for a Regulation of the European Parliament and of the Council on a pilot regime 
for market infrastructures based on distributed ledger technolog,y (COM(2020) 594 final – 2020/0267 
(COD)) 35 (2021). 

93 The ECB refers to the three functions of money as a medium of exchange, store of value and 
unit of account. Asset-referenced tokens are targeting especially to the store of value function, whereas 
e-money tokens have both the medium of exchange and unit of account functions. ECB, Opinion of the 
European Central Bank of 19 February 2021 on a Proposal for a Regulation on Markets in Crypto-
assets, and amending Directive (EU) 2019/1937 CON/2021/4 1–2 (2021).

94 Ibid., at 1–2.



Marika Salo-Lahti600

should be discussed separately, and that the MiCA regulation leads to the fragmenta-
tion of legal approaches to different crypto-assets.95

The UK crypto-asset categorisation differs from the categories in the MiCA. The 
FCA lists crypto-assets in its guidance as security tokens, e-money tokens, and 
unregulated tokens. The latter category includes both exchange-tokens, and utility 
tokens.96 Huang criticises the classification of the UK regulation for being too com-
plicated. One reason for that is the case-by-case identification of crypto-asset classes. 
Crypto-assets can also move from one category to another during their existence. 
According to Huang, the unclear classification can cause problems including slower 
licencing process and possibilities of financial misconduct. The regulation also 
encompasses only some of the crypto-assets while others remain unregulated.97

The study of the Cambridge Centre for Alternative Finance – enclosing crypto-
asset regulations in 23 countries – found that crypto-assets are typically classified as 
payment, utility, and security tokens, while some jurisdictions add fourth category of 
hybrid tokens sharing characteristics of multiple categories.98 In addition, the UK 
government will add a new category of regulated tokens in its categorisation: stable-
coins.99 Stablecoins are designed to maintain a stable value by pegging their value to 
another reference asset. In the MiCA proposal, stablecoins are considered as the 
riskiest category of crypto-assets, as they can become quickly more common and 
cause higher risks for investors, counterparties and the financial system. Hence, 
stablecoins are the most strictly regulated category of crypto-assets in the MiCA 
regulation. However, the term ‘stablecoin’ is not even mentioned in the regulation. 
In the Explanatory Memorandum it is stated that stablecoins are complex by their 
structure and they comprise many interdependent functions. Stablecoins share many 
features with e-money. That is why they can fall under the ‘e-money token’ definition 
of the MiCA. However, a stablecoin can also be an ‘asset-referenced token’, depend-
ing on its specific structure. So, despite they are not explicitly mentioned in the 
regulatory text, stablecoins include in the two mostly regulated categories of crypto-
assets in the MiCA.100 To further strengthen investor protection, some asset-refer-
enced tokens and e-money tokens are considered significant, and they are subject to 
additional requirements, such as higher capital and a duty to have a liquidity manage-
ment policy and procedures. In its amendments, the European Parliament added a 
category of ‘quasi-e-money tokens’. They are significant asset-referenced tokens that 

95 Szwajdler, supra n. 89, at 7, 20.
96 FCA, Guidance on Cryptoassets. Feedback and Final Guidance to CP 19/3, Policy Statement 

PS19/22 13–14 (2019).
97 Sherena Huang, Crypto Assets Regulation in the UK: An Assessment of the Regulatory Effectiveness 

and Consistency 29 Journal of Financial Regulation and Compliance 336, 343–344, 346 (2021).
98 Blandin et al., supra n. 7, at 13, 18. See also EESC, supra n. 92, at 35. According to the EESC 

opinion on the MiCA proposal, hybrid tokens should be classified more clearly.
99 See, e.g., HM Treasury, Financial Services Bill to Unlock Growth and Investment across the UK, 

Press release (2022), https://www.gov.uk/government/news/financial-services-bill-to-unlock-growth-
and-investment-across-the-uk (accessed 1 Aug. 2022).

100 European Commission, supra n. 10, at 5, 8, 10.



Regulating Crypto-Assets [2023] EBLR 601

have become widely used as a means of exchange.101 However, this category was not 
included in the Council version of October 2022.102

In general, crypto-assets differ in the way they resemble traditional financial instru-
ments. They can be ‘blockchain-based variants’ of them, or they can have unique 
properties requiring new regulatory actions. The Cambridge Centre for Alternative 
Finance study suggests that the categorisation of crypto-assets should be made after 
case-by-case analysis, taking into account their functions, underlying infrastructure 
and other key attributes.103 For instance, Ferrari also notes the importance of case-by-
case approach when evaluating risks and legal position of crypto-assets. Classification 
categories are to be considered as archetypes that steer crypto-assets towards specific 
areas of regulation. Legal uncertainty may remain, as innovative crypto-assets can be 
difficult to fit in to defined classes.104 Some new type of crypto-assets may also cat-
egorically fall outside regulation. As an example, non-fungible tokens (NFTs), which 
are unique digital assets representing real objects, such as memes or art, were excluded 
from the MiCA. The European Commission will later assess whether a specific NFT 
regime is necessary.105 

The Figure 2 describes the relationship of different crypto-asset categories and the 
future applicable regulation. In the Article 2 of the MiCa proposal it is stated that the 
regulation does not apply to crypto-assets that qualify, for instance, as financial instru-
ments as defined in the Directive 2014/65/EU, deposits (Directive 2014/49/EU), 
structured deposits (Directive 2014/65/EU), or securitisation (Regulation (EU) 
2017/2402).106 These instruments are subject to traditional financial market law. The 

101 European Parliament, supra n. 11, at Article 40.
102 Council of the European Union, supra n. 10.
103 Blandin et al., supra n. 7, at 20–21.
104 Ferrari, supra n. 84, at 340–341.
105 Council of the European Union, Digital Finance: Agreement Reached on European Crypto-

assets Regulation (MiCA), Press release (2022), https://www.consilium.europa.eu/en/press/press-
releases/2022/06/30/digital-finance-agreement-reached-on-european-crypto-assets-regulation-mica/ 
(accessed 1 Aug. 2022).

106 Regulation (EU) 2017/2402 of the European Parliament and of the Council of 12 December 
2017 laying down a general framework for securitisation and creating a specific framework for simple, 
transparent and standardised securitisation, and amending Directives 2009/65/EC, 2009/138/EC and 
2011/61/EU and Regulations (EC) No 1060/2009 and (EU) No 648/2012.

 

 
MiCA

•Asset-referenced tokens
•E-money tokens
•Others, such as utility 
tokens

Other financial 
market regulation

•Crypto-assets that are, 
e.g., financial instruments 
or deposits

Unregulated

•E.g. NFTs

Figure 2. Regulatory Regimes for Different Crypto-Assets.



Marika Salo-Lahti602

Council added to the list also funds, as well as certain non-life and life insurance 
products, and pension products.107

Separating e-money tokens of the MiCA proposal and electronic money of the 
Directive 2009/110/EC may be sometimes tricky. Both are electronic surrogates for 
coins and banknotes and used for making payments. It is important to note, that 
despite many similarities, electronic money and e-money tokens of the MiCA have 
also important differences, concerning, for instance, redemption rights. In addition, 
e-money tokens are crypto-assets by their nature, and they can raise challenges that 
are typical to crypto-assets and as a consequence, the must be subject to the MiCA 
regulation. According to the MiCA proposal and its later amendments, any definition 
of ‘e-money tokens’ should be ‘as wide as possible’ to capture all crypto-assets that 
reference one single fiat currency that is a legal tender.108 

Taking into account the problematics of the crypto-asset classification and its legal 
relevance, crypto exchanges have typically required legal opinions on the classifica-
tion of crypto-assets. These legal opinions are commonly drafted by legal profession-
als. In the MiCA proposal, legal opinions are required from issuers of asset-referenced 
tokens that need to include a legal opinion in their application for authorisation. This 
legal opinion is meant to confirm that the token does not qualify as a crypto-asset that 
are excluded from the scope of the MiCA, such as a financial instrument; or an 
e-money token. To specify this requirement, the Council added that EBA shall, in 
close cooperation with ESMA, develop standard forms, templates and procedures to 
be met by these legal opinions in order to ensure uniformity across the Union.109

In the US, the U.S. Supreme Court has developed the ‘Howey test’ that can be used 
to determine whether a crypto-asset is a ‘security’ which would be regulated under 
securities laws. Under the Howey test, an ‘investment contract’ exists when ‘there is 
the investment of money in a common enterprise with a reasonable expectation of 
profits to be derived from the efforts of others’. The test focuses not only to the form 
and terms of the instrument itself but also on the circumstances that surround the asset 
and the manner in which it is offered and sold.110 Resembling the rather flexible 
definition of the ‘investment contract’ in the Howey test, the term ‘security’ has not 
fixed boundaries in the EU law. Like in the Howey test, several functional criteria 
can be utilised in order to identify whether an asset is a security or not. The typical 
features of securities are tradability, negotiability on capital markets, and standardisa-
tion. They must also include a financial risk.111

In addition to carefully considering the classification of crypto-assets and targeting 
regulation based on it, investor protection could be improved by limiting the amount 
that investors can invest in crypto-assets. This investor protection strategy is utilised, 

107 Council of the European Union, supra n. 10, at Article 2.
108 European Commission, supra n. 10, at Recitals (9)–(10). The Council version of October 2022 

states similarly. See Council of the European Union, supra n. 10, at Recital (10).
109 Council of the European Union, supra n. 10, at Article 16.
110 SEC (U.S. Securities and Exchange Commission), Framework for “Investment Contract” 

Analysis of Digital Assets, https://www.sec.gov/files/dlt-framework.pdf (accessed 2 Aug. 2022).
111 Ferrari, supra n. 84, at 331.



Regulating Crypto-Assets [2023] EBLR 603

for instance, in the crowdfunding regulation. However, the way in which the limit is 
set in different crowdfunding regulations, varies. It can depend on the personal 
income, wealth, or financial assets, or it can be some fixed amount of money. The 
limitation can concern each offering, or the crowdfunding market in total in a certain 
timeframe, such as 12 months.112 The limits can encourage diversification and protect 
investors from bigger losses.113 

However, these types of limits have also faced critiques, for instance, for being a 
form of hard paternalism, as limits are narrowing the freedom of investors by protect-
ing investors from themselves. Klöhn et al. states that this type of regime is foreign 
to financial market regulation. Despite this, the authors still concerned that the fea-
tures of crowdfunding market, such as high risks and the danger of market bubbles, 
can justify even paternalistic rules.114 Chiu notes that paternalism has increased in the 
regulation of consumer finance, and this regulatory design should not be rejected in 
relation to retail investment either.115 Crypto regulations worldwide utilise paternal-
ism also in the form of bans concerning crypto-assets. 

Differing from the crowdfunding regulation, the MiCA proposal does not address 
limits concerning invested amounts per investor. Instead of investor-specific limits, 
there can be more general market limits. The Council version of October 2022 states 
that when asset-referenced tokens are ‘widely used as means of exchange’ within a 
single currency area, issuers should be required to reduce the level of activity.116 The 
DLT pilot regime Article 3 sets monetary limits, not to invested amounts per investor, 
but to the financial instruments that are admitted to trading, and to the DLT market 
infrastructure. For instance, the issuer of shares that are admitted to trading on a DLT 
infrastructure must have less than EUR 500 million market capitalisation. The total 
market value of all the DLT financial instruments on a DLT market infrastructure 
should not exceed EUR 6 billion when new DLT financial instruments are admitted 
to trading. If the total market value otherwise reaches EUR 9 billion, the transition 
strategy defined in the regulation must be activated. Priem notes that limitations, such 
as the maximum number of customers or volume restrictions, are typical in the regu-
latory sandbox approach.117 The limitation tool adopted in the DLT pilot regime 

112 Salo-Lahti & Annola, supra n. 32, at 176.
113 FCA (Financial Conduct Authority), Loan-based (‘Peer-To-Peer’) and Investment-Based Crowd

funding Platforms: Feedback to CP18/20 and Final Rules, Policy Statement, PS19/14 18 (2019).
114 Lars Klöhn, Lars Hornuf & Tobias Schilling, The Regulation of Crowdfunding in the German 

Small Investor Protection Act: Content, Consequences, Critique, Suggestions 13 European Company 
Law 56 (2016). Also available at SSRN: https:// papers.ssrn.com/sol3/papers.cfm?abstract_id=2595773, 
16–17. See also Salo-Lahti & Annola, supra n. 32, at 175–177.

115 Iris H-Y Chiu, More Paternalism in the Regulation of Consumer Financial Investments? Private 
Sector Duties and Public Goods Analysis 41 Legal Studies 657 (2021). Also available at: https://
discovery.ucl.ac.uk/id/eprint/10126484/1/Chiu_LS_Revised_final.pdf, 2.

116 Council of the European Union, supra n. 10, at Recital (42d).
117 Randy Priem, A European Distributed Ledger Technology Pilot Regime for Market Infrastructures: 

Finding a Balance Between Innovation, Investor Protection and Financial Stability 30 Journal of 
Financial Regulation and Compliance 371, 375 (2022).



Marika Salo-Lahti604

protects investors only indirectly, as it constrains the impact of the DLT market infra-
structures to the financial stability.

Instead of limiting the invested amounts, more extreme means have also been 
adopted to protect especially retail investors. One example is the aforementioned 
UK’s prohibition of the sale of crypto derivatives to retail clients. This prohibition 
combines the Investor and Investment parts of the 5-I’s Model. Prohibition is a very 
strong tool to influence investor protection, and in many cases the protective tools 
are limited to retail investors. This, in turn, can lead to institutional or sophisticated 
investor domination in the crypto market.118 However, there are also exceptions, and 
issuing and exchanging crypto-assets are totally prohibited in some countries. Prohi-
bition can also be an efficient supervisory tool that can be used when needed. In the 
MiCA proposal, competent authorities have, as part of their supervisory power, right 
to prohibit an issuance of a crypto-asset or the provision of a crypto-asset service. 

In the MiCA proposal, there are also some other specific investor protection provi-
sions. For instance, retail investors, that are in the Council version of October 2022119 
called ‘retail holders’ have the right of withdrawal, giving them in certain specific 
cases 14 calendar days’ time to withdraw their agreement to purchase crypto-assets 
without any cost. Redemption rights can also protect investors. Still, one specific tool 
to improve investor protection is utilised in the MiCA as it tries to improve investor 
protection by influencing the preferred uses of asset-referenced tokens and e-money 
tokens. Holders of those tokens cannot be granted interest for the time they are hold-
ing the tokens. This is meant to ensure that these tokens are mainly used as a means 
of exchange and not as a store of value.120 However, one special objective behind the 
legislative proposal was to allow ‘investors to access new investment opportunities’.121 
The ECB noted in its opinion that the impact of the prohibition to pay interest depends 
on the interest rate environment. Inflows and outflows could be created when interest 
rate environment changes significantly. This, in turn, could affect on financial sta-
bility.122 However, the prohibition of interest is not unique in the EU financial law. 
The Electronic Money Directive 2009/110/EC also prohibits granting interest related 
to the length of time that electronic money is held.

Still one possible mean to protect investors would be product governance require-
ments. This type of regime is used in the MiFID II. The manufacturers of financial 
instruments must, for instance, determine beforehand the needs and characteristics of 
clients for whom the financial instrument is compatible. The distributors must ensure 
that the products are offered or recommended consistently with the target market 

118 Chiu, supra n. 36, at 88. Chiu notifies that prohibitions do not prevent national activities from 
migrating across borders. In addition, these regimes come too late as there is already wide circulation 
of cryptocurrencies. 

119 Council of the European Union, supra n. 10, at Article 12.
120 European Commission, supra n. 10, at Recitals (41), (46).
121 Ibid., at 145.
122 ECB, supra n. 93, at 2–3.



Regulating Crypto-Assets [2023] EBLR 605

definitions.123 However, this type of regime may not be appropriate for ICOs which 
are direct offer products. Product governance rules, instead, are based on the duty of 
suitability which is applied to investment advisors.124

4.4.	 Information Forms the Third ‘I’

Misleading and inadequate information is one of the main problems associated with 
crypto-asset markets. Disclosure duties are a powerful tool to improve investor pro-
tection. These duties have traditionally been in a central position in financial market 
regulations. However, the focus of these duties is shifting from the quantity of the 
information to the quality and suitability.125 Less is often more when it comes to 
information disclosures. Long and complex disclosure documents tend to be left 
unread, especially in the online settings, although we confirm that we have read them. 
Lannerö names this problem as ‘the biggest lie on the internet’.126 The High Level 
Forum set up by the European Commission also notifies this problem and suggest 
that disclosure rules should be re-assessed in order to make them more coherent, more 
understandable for retail investors and accessible in a ‘digitally-friendly way’.127

The MiCA regulation includes different informing duties, for instance, in the form 
of white papers and warnings as well as continuous informing duties. Some of the 
information obligations of the MiCA are meant to inform clients, as the others are 
directed to the supervisory body.128 This article concentrates on the role of investors 
and the obligations that are meant to protect investors. Comprehensibility of investor 
information is especially important from the investor protection perspective. Accord-
ing to the consumer research conducted by the FCA in the UK, only 58 % of the 
crypto users agreed with the statement ‘I believe I have a good understanding of how 
cryptocurrencies and the underlying technology works’.129 This means, that almost 
half of the crypto owners believed that they did not have proper understanding of 
what they have bought.

There are certain overall rules in the MiCA that can be seen as ethical rules that 
guide the informing duties. The issuers of crypto-assets must communicate with the 
holders in a fair, clear and not misleading manner. Similarly, crypto-asset service 
providers shall provide their clients fair, clear and not misleading information. In this 
issue, special attention is given also to the marketing communication and its 

123 Commission delegated directive (EU) 2017/593 of 7 April 2016 supplementing Directive 2014/65/
EU of the European Parliament and of the Council with regard to safeguarding of financial instruments 
and funds belonging to clients, product governance obligations and the rules applicable to the provision 
or reception of fees, commissions or any monetary or non-monetary benefits, Articles 9–10.

124 Chiu, supra n. 36, at 165.
125 Salo-Lahti & Annola, supra n. 32, at 179.
126 Pär Lannerö, Fighting the Biggest Lie on the Internet, Common terms betaproposal 3 (Metamatrix 

Stockholm, 2013), http://commonterms.org/commonterms_beta_proposal.pdf (accessed 2 Aug. 2022).
127 High Level Forum, supra n. 1, at 20.
128 Bočánek, supra n. 26, at 45.
129 FCA, supra n. 27, at Chart 6.



Marika Salo-Lahti606

identifiability as such. These formulations are similar than in the MiFID II. The MiCA 
proposal tries to tackle misleading information by prohibiting crypto-asset service 
providers to, either deliberately or negligently, mislead clients on the real or perceived 
advantages of crypto-assets. They must also warn clients of the risks involved when 
crypto-assets are purchased, and pricing policies must be publicly available.

Important information duties concerning the offering of assets or admittance to 
trading are often executed via standardised documents. Depending on the financial 
market regulation in question, these documents can be called, for instance, prospec-
tuses, or key investment information sheets. In the MiCA – and otherwise in the crypto 
market – these documents are called white papers. The issuers of crypto-assets must 
produce, notify to their competent authority and publish a white paper which contains 
mandatory disclosures. These documents include, for instance, general information 
on the issuer, on the project that is meant to be carried out with the capital collected, 
on the public offer or on the admission to trading, on the rights and obligations 
attached to the crypto-assets, on the underlying technology and on the related risks. 
Clear statements must be included on the fact that crypto-assets may lose their value 
in part or in full, and they may not be always transferable or liquid. Statement from 
the management body of the issuer must confirm that information presented is cor-
rect. In its opinion on the MiCA proposal, the European Data Protection Supervisor 
suggested that crypto-asset white papers should also include information concerning 
personal data processing, and the main risks and mitigation strategies regarding data 
protection.130

The usability of information is taken into account when formulating the responsi-
bilities concerning white papers. Information presented in a white paper should be in 
a concise and comprehensible form. For further aiding the usability of information, 
the Article 5 of the MiCA proposal concerns the summary that must be included in 
white papers in a similar way than, for instance, in prospectuses. The summary should 
in ‘brief and non-technical language’ provide the key information of the offer or 
indented admission to trading on a trading platform, and the essential elements of the 
crypto-asset in question. 

The characteristics of the crypto-assets affect on the duties of issuers and service 
providers, as was discussed in the Chapter 4.3. That is true also concerning the inform-
ing duties. Asset-referenced tokens and e-money tokens have stricter requirements 
on white papers. For instance, detailed description of the issuer’s governance arrange-
ments and of the reserve assets are demanded for the asset-referenced tokens. White 
papers on asset-referenced crypto-assets should also include information on the sta-
bilisation mechanism. In addition, the issuers of asset-referenced tokens have con-
tinuous informing duties. They must disclose regularly the amount of tokens in 
circulation and the value of reserve assets. This information can be given on their 
website. Informing duties include also the outcome of the audit of the reserve assets, 
and any event that is likely to have a significant effect on the value of the tokens or 

130 EDPS (European Data Protection Supervisor), Opinion 9/2021 on the Proposal for a Regulation 
on Markets in Crypto-assets, and amending Directive (EU) 2019/1937 8 (2021).



Regulating Crypto-Assets [2023] EBLR 607

reserve assets. These continuous informing duties resemble those in the stock markets. 
They can enhance investor protection better than disclosures given only at the specific 
point in time. The ex ante disclosures of ICOs are typically early and speculative by 
nature, and investor protection could be more effectively based on an ongoing regime.131 

Resembling the Prospectus regulation, crypto-asset offers that do not exceed an 
adequate aggregate threshold are exempted from the obligation to compose a white 
paper. However, different from a prospectus, white papers for other than asset-refer-
enced tokens are not approved by competent authorities before publication. After 
publication, competent authorities can request additional information in the white 
paper or marketing communications. Due to this, white papers must contain a state-
ment noting that offerors are solely responsible for their content.

When considering the strength of the disclosure duties in protecting investors, it 
should be noted that these duties do not always safeguard the decision-making ability 
of investors. Although new financial market legislations typically take into account 
the comprehensibility of information, a European Commission study considering 
retail investors states that the rules on disclosure are still not focusing on making 
documents engaging. Capturing the attention of investors is an important precondi-
tion for understanding and making rational decisions. Hence, disclosures are insuf-
ficient means to support retail investors in their decision-making.132 Chiu notes that 
there is an ‘assistance’ or ‘advice’ gap in the protection of retail investors. Engaging 
in ‘do-it-yourself decision-making’ without any expert help can cause adverse effects 
on client welfare. As strictly regulated ‘official’ investment advices cover only some 
of the investment decisions made by retail investors, a broader access to pre-sale 
assistance could benefit retail investors. However, investment advices are strictly 
regulated, and possible legal risks can hinder the development of the ‘spectrum’ of 
advices.133

In the MiCA proposal, crypto-asset service providers can be authorised to give 
advices on crypto-assets. In the financial market regulation, advice-giving is typically 
regulated more strictly than general information sharing. This is meant to protect 
investors, as advising is a quite strong means to affect on investor decision-making. 
In the MiCA, an advice is defined as a personalised recommendation to a third party 
concerning one or more transactions relating to crypto-assets, or the use of crypto-
assets services. An initiative for the advice can be on either the customer or the service 
provider. This definition resembles of the ‘investment advice’ in the MiFID II. When 
giving advice on crypto-assets, the service provider must ensure that its staff has the 
necessary knowledge and experience to fulfil the obligations, resembling the similar 
requirement in the MiFID II Article 25.

It is also important to consider, what types of information are essential for crypto 
investors. In addition to information concerning the characteristics of the crypto-asset 
in question, investors should have some technological understanding. Investors should 

131 Chiu, supra n. 36, at 156.
132 European Commission, supra n. 2, at 13–14.
133 Chiu, supra n. 115, at 6–7.



Marika Salo-Lahti608

also be able to protect the devices that are used to buy, store or transfer crypto-assets.134 
Despite bringing some new information needs, technology can also bring many ben-
efits for investor information. The usage of DLT can improve the synchronisation 
and traceability of information, which in turn can enhance the visibility of market 
activity, as market data can be seen in real-time. Hence, DLT can prevent the frag-
mentation of data among different participants with separate unsynchronised 
databases.135 

The technical settings of the crypto-asset markets must be taken into account also 
in the format and layout of the information concerning crypto-assets. The MiCA 
proposal refers to the ‘machine readable formats’ of crypto-asset white papers, which 
will be guided by implementing technical standards.136 Machine-readability has 
recently been noted also elsewhere in the EU financial market regulation. For instance, 
the proposal for the regulation on European Single Access Point137 highlights the 
meaning of machine-readability of information. European Single Access Point is 
meant to be a centralised platform that gathers all the relevant financial information 
on business entities and their products, together. In order to be digitally usable, this 
information should be ‘in a data extractable format’ or, if required by the EU law, in 
a ‘machine-readable format’. The latter enables that software applications can easily 
identify and extract specific data.138 Digital tools have still been under-used in making 
information more accessible, although some recent regulative projects of the EU have 
already taken this into account. The key-finding of the fitness check on the EU frame-
work for public reporting by companies was that the potential of digital tools should 
be utilised in order to structure, re-use, secure, disseminate and give easier access to 
both financial and non-financial information.139 The Digital finance strategy of the 
EU sets machine-readability as an important target and states that by 2024, informa-
tion that is publicly released under EU financial services regulation, should be dis-
closed both in ‘standardised and machine-readable formats’. In the strategy, it is stated 
that the Commission will propose legislative amendments to the financial market 
legislation to require machine-readable formats of the public disclosures. This work 
starts with the crypto-asset regulation proposal.140

The investor information on crypto-assets could be constructed in a similar type 
of way than the Creative Commons licences in the Figure 3. The CC licences have 
three layers. The legal code layer is the ‘lawyer-readable’ version of the terms and 

134 ESAs, supra n. 5, at 1.
135 HM Treasury, supra n. 11, at 26.
136 European Commission, supra n. 10, at Recital (75).
137 European Commission, Proposal for a regulation of the European Parliament and of the Council 

establishing a European single access point providing centralised access to publicly available infor
mation of relevance to financial services, capital markets and sustainability, COM(2021) 723 final 
(2021).

138 Ibid., Recital (4).
139 European Commission, Fitness Check on the EU Framework for Public Reporting by Companies, 

SWD(2021) 81 final 7 (2021).
140 European Commission, supra n. 49, at 12–13.



Regulating Crypto-Assets [2023] EBLR 609

conditions. The second layer is the common deeds, which is a ‘human-readable’ ver-
sion of the terms. It summarises the legal code in a user-friendly way. The third layer 
is the machine-readable version of the license which is written in the format that 
applications, search engines and other technology can understand.141

4.5.	 Intermediaries Forming the Fourth ‘I’

When scrutinising the investor protection regulation, the whole lifecycle of the crypto-
assets must be considered. Crypto-assets are issued and distributed, after which they 
can be traded or kept in custody. Hence, the main parties concerning crypto-assets 
are the holder of the crypto-asset, the issuer of the crypto-asset, and intermediaries 
– called crypto-asset service providers142 – such as crypto-asset exchanges and wallet 
providers. Crypto-assets are often purchased and sold via crypto-exchanges, and wal-
let providers serve a means to store the assets. Crypto-asset holders are mainly pro-
tected by imposing requirements concerning, for instance, the organisation, 
management and procedures of the intermediaries and issuers. Crypto-asset service 
providers are protecting investors also by acting like a filter: crypto-assets are admit-
ted to trading via due diligence and approval processes. Depending on the crypto-asset, 

141 Creative Commons, 3.1 License Design and Terminology, https://certificates.creativecommons.
org/cccertedu/chapter/3-1-license-design-and-terminology/ (accessed 17 Jun. 2022).

142 Crypto-asset services are defined in the MiCA Article 3, and they include 1) the custody and 
administration of crypto-assets on behalf of third parties, 2) the operation of a trading platform for 
crypto-assets, 3) the exchange of crypto-assets for fiat currencies, or 4) other crypto-assets, 5) the 
execution of orders for crypto-assets on behalf of third parties, 6) placing of crypto-assets, 7) the 
reception and transmission of orders for crypto-assets on behalf of third parties, and 8) providing 
advice on crypto-assets. In its amendments, the European Parliament added to the list the transfer of 
crypto-assets, the exchange of crypto-assets for financial instruments, providing portfolio management 
on crypto-assets, and the provision of a portfolio management service. See European Parliament, supra 
n. 11, at Article 3. The Council of the European Union also made some slight changes to the wordings. 
See Council of the European Union, supra n. 10.

Figure 3. The 3-Layer Design of the Creative Commons License.
Sources: Creative Commons, About the Licences, <https://creativecommons.org/licences/>.



Marika Salo-Lahti610

there can also be miners creating new crypto-assets and verifying transactions.143 
However, this paper does not handle mining, as it is not at the core when investor 
protection issues are considered.

Intermediaries are typically highly regulated in the financial market law, due to 
their positions of control and trust.144 According to the MiCA proposal, crypto-asset 
services can be provided by legal entities that have a registered office in a Member 
State and are authorised as crypto-asset service providers by the national competent 
authority. Authorised credit institutions145 and investment firms146 are allowed to 
provide crypto-asset services without another authorisation. Resembling the signifi-
cance criteria of asset-referenced tokens and e-money tokens, the European Parlia-
ment added in its amendments the term ‘significant crypto-asset service providers’, 
which was included also in the Council version of October 2022. ESMA should ensure 
the supervision of these types of service providers in cooperation with national com-
petent authorities.147 The crypto-asset services are considered as ‘financial services’ 
that are regulated in the Directive 2002/65/EC148 which concerns distance marketing 
of consumer financial services.149 Service providers will also have duties to, for 
instance, establish complaint handling procedure, and manage and disclose possible 
conflicts of interest. Prudential requirements concerning financial situation as well 
as organisational requirements are posed in the MiCA proposal. The management and 
major shareholders must have necessary competence and good repute. The staff 
employed should also have necessary skills, knowledge and expertise. Service pro-
viders must have systems and procedures to ensure the confidentiality of information 
received, to record all transactions, and to detect potential market abuse. Resilient 
and secure ICT systems must be employed and business continuity policy, including 
disaster recovery plans, must be set up. 

The MiCA proposal imposes service providers a general ethical duty to always act 
honestly, fairly and professionally in the best interests of their clients. Although some 
of the general duties can be similar for different service providers, one central prob-
lem is the diverse nature of the crypto-asset services. The nature and intensity of risks 
on investor protection can vary widely depending on the service type. These risks can 
relate to, for instance, financial situation of the service provider, its operations, or 
cybersecurity. Accordingly, some requirements on service providers posed by the 
MiCA depend on the characteristics of services provided in order to bring proportion-
ate requirements for service providers and to ensure adequate protection for custom-
ers. For instance, the original MiCA proposal imposes service providers liability for 

143 See, e.g., FCA, supra n. 96, at 49.
144 Chiu, supra n. 36, at 223.
145 Credit institutions are subject to Directive 2013/36/EU.
146 Investment firms are subject to Directive 2014/65/EU.
147 European Parliament, supra n. 11, at Article 53.
148 Directive 2002/65/EC of the European Parliament and of the Council of 23 September 2002 

concerning the distance marketing of consumer financial services and amending Council Directive 
90/619/EEC and Directives 97/7/EC and 98/27/EC.

149 European Commission, supra n. 10, at Recital (55).



Regulating Crypto-Assets [2023] EBLR 611

damages resulting from cyberattacks if they provide the service of custody and admin-
istration of crypto-assets on behalf of third parties. Zetzsche et al. note that it is an 
extremely strict rule as to liability, and it makes crypto-custodianship a risky and 
unwanted business.150 The European Parliament amended this rule by stating that 
those service providers should not restrict the liability to their clients for the loss 
resulted from malfunction or hacks that are attributed to the provision of the relevant 
service and the operation of the service provider.151 This was again amended by the 
Council in October 2022, according to which crypto-asset service providers that are 
authorised for the custody and administration of crypto-assets should be liable for the 
loss of any crypto-assets as a result of ‘an incident that is attributable to the provision 
of the relevant service or the operation of the service provider’.152

When operating a trading platform, service providers must have operating rules. 
Before new crypto-assets are accepted to the trading platform, service providers must 
ensure that the crypto-asset complies with the operating rules and assess the quality 
of such crypto-asset. In the Council version of October 2022, the term ‘quality’ was 
replaced with ‘suitability’.153 In this suitability evaluation, the experience, track record 
and reputation of the issuer and its development team are significant issues. However, 
the suitability term is strongly associated with investment advising and may confuse 
in this context. Trading platforms are also an important source of market information 
for crypto-assets. Those service providers that are authorised for trading platforms 
shall make public the bid and ask prices and the depth of trading interests at those 
prices. The price, volume and time of the transactions in the platform must be made 
public, as well. The service providers that are authorised for exchanging crypto-assets 
against fiat currency or other crypto-assets, are also mediating market information, 
such as transaction volumes and prices.

Crypto-asset service providers can also have a Know Your Customer duty (KYC), 
which is a common investor protection tool in the financial markets law, with differ-
ing strengths depending on the service and product provided. The European Parlia-
ment added an explicit KYC duty in its amendments to the MiCA154 with the Article 
61a on Know-your-customer policy. However, the article relates to the prevention of 
money laundering and terrorist financing, and was not included in the Council version 
of October 2022. Generally, the KYC rule has multiple functions. It can help to pre-
vent certain unwanted behaviours while it also enables offering of financial services 
that take into account the personal circumstances of customers. When crypto-asset 
service providers give advices on crypto-assets, they should assess client’s experi-
ence, knowledge, objectives and financial situation, including the ability to bear losses 
and a basic understanding of risks involved in purchasing crypto-assets. If this infor-
mation is not received or if it is clear that the clients do not have sufficient knowledge, 

150 Zetzsche et al., supra n. 86, at 217–218.
151 European Parliament, supra n. 11, at Article 67.
152 Council of the European Union, supra n. 10, at Article 67.
153 Ibid., Article 68.
154 European Parliament, supra n. 11.



Marika Salo-Lahti612

experience, or the ability to bear losses, the clients should be informed that crypto-
assets may be inappropriate for them and issue them a warning on the risks concern-
ing crypto-assets. The term ‘inappropriate’ is replaced with ‘suitable’ in the Council 
version of October 2022,155 adding linkages to the MiFID II. Regardless of the result 
of assessment, the service providers must warn clients that the value of crypto-assets 
may fluctuate. The European Parliament added that clients should also be warned that 
crypto-assets may be subject to full or partial losses, they may not be transferable or 
liquid, and that crypto-assets are not covered by public compensation or deposit guar-
antee schemes.156 

The European Parliament made also several other amendments to the Article 73 
concerning advice on crypto-assets. These changes were included also in the Council 
version of October 2022. Clients must be informed whether the advice is given on an 
independent basis, and whether it is based on a broad or a more restricted analysis of 
different crypto-assets. Resembling the independent advice in the MiFID II, the Euro-
pean Parliament version and the Council version prohibit the acceptance of fees, 
commissions or any monetary or non-monetary benefits from any third parties in 
relation to the provision of advices. These formulations are very similar than in the 
MiFID II Article 24, adding again linkages to the traditional financial market regula-
tion. Crypto-asset service providers must also establish a report on suitability that 
specifices the given advice, and how it meets the client’s preference, objectives and 
characteristics.157 The duty to establish a report on the advice resembles the respon-
sibilities laid down in the MiFID II Article 25.

Advising constitutes only a proportion of crypto-asset services and purchase situ-
ations. To ensure an adequate knowledge level of investors, similar type of more 
general entry knowledge test than in the EU crowdfunding regulation could be effi-
cient way to safeguard retail crypto-asset investors. According to its Article 21, 
crowdfunding service providers must examine the prospective non-sophisticated 
investor’s experience, investment objectives, financial situation and basic understand-
ing of risks before giving them full access to investing in their crowdfunding platform. 
This type of duty could be introduced to crypto-asset service providers to strengthen 
investor protection.

Although granting many exemptions from the strict financial service rules, the 
regulation on DLT pilot regime also imposes several duties and requirements for the 
DLT market infrastructures in order to protect investors. They must, for instance, 
have a clear business plan that clarifies how the DLT will be used and what are the 
applicable legal terms. They must also have robust IT and cyber arrangements that 
ensure the continuity, transparency and security of the services provided. Resembling 
other financial services regulation, client complaint handling procedures must be in 
place also in the operators of DLT market infrastructure, and clients and other parties 

155 Council of the European Union, supra n. 10, at Article 73.
156 European Parliament, supra n. 11, at Article 73.
157 Ibid., Council of the European Union, supra n. 10, at Article 73.



Regulating Crypto-Assets [2023] EBLR 613

must be served with clear and unambiguous information concerning the functions, 
services and activities carried out.158

4.6.	 Issuers as the Fifth ‘I’ in the Model

In the crypto-asset regulation, the role of issuers is much more emphasised than in 
crowdfunding. In crowdfunding, platforms organised by crowdfunding service pro-
viders, can be seen as channels via which investor protection is executed. The regula-
tion imposes duties to service providers instead of issuers which are called ‘project 
owners’. In crypto-asset regulation, instead, issuers are in a central position, along 
with service providers. Hence, the 4-I’s Model used to assess crowdfunding regula-
tion must be expanded to 5-I’s Model in the crypto-asset setting, including Issuer as 
one of the I’s. 

The decentralisation is one important issue to be considered when regulating 
crypto-assets and the role of issuers. Although issuers are in the central position in 
the MiCA regulation, depending on the crypto-asset, there may not be a single issuer 
at all. In these cases, investor protection can be channelled via intermediaries, if 
crypto-asset services are used. Unlike the original MiCA proposal, the amended 2022 
version of the European Parliament included the term ‘offeror’, which is kept in the 
Council version of October 2022. Sometimes the offers of crypto-assets are conducted 
by offerors instead of issuers. This can be the case, for instance, when the crypto-asset 
is decentralised and has no single issuer. The offerors must ensure compliance with 
publication and audit requirements.159 

Decentralised finance (DeFi) is an emerging field that replicates key features of 
traditional finance system through innovative solutions utilising public blockchains 
and smart contracts.160 The DeFi is seen as ‘the next step in the development of crypto 
asset ecosystems’. The first public blockchain was Bitcoin which aimed at being an 
alternative peer-to-peer electronic cash system. DeFi uses public blockchain where 
transactions are processed by a decentralised network of nodes instead of one central 
authority. There are no custody services but instead users have full responsibility to 
safekeep their assets and ‘private keys’. DeFi challenges the traditional financial 
market regulation which has been entity-based and focused on the role of intermedi-
aries. Shifting the focus from entity-based regulation to more activity-based regulation 
could be one solution.161 

158 According to the Article 7, operators of DLT market infrastructures serve this information on 
their websites.

159 European Parliament, supra n. 11, at Article 68.
160 See also The European Union Blockchain Observatory & Forum, Decentralised Finance (DeFi), 

6 (2022), https://www.eublockchainforum.eu/sites/default/files/reports/DeFi%20Report%20EUBOF%20
-%20Final_0.pdf (accessed 2 Aug. 2022). DeFi is defined as an umbrella term including a collection 
of financial products relying on smart contracts and blockchains in order to enable open, peer-to-peer 
financial services and automation of specific procedures.

161 European Commission, European Financial Stability and Integration Review 2022, SWD(2022) 
93 final/2 6, 43–44, 53–54, 58–59 (2022).



Marika Salo-Lahti614

Pavlidis has also noted that decentralised systems may not be compatible with the 
regulation and this can cause problems to accommodate a single legal entity as a 
crypto-asset service provider either.162 The original proposal of the MiCA did not 
address the problems caused by decentralisation but in the spring 2022, the European 
Parliament made several amendments to the proposal concerning decentralisation. 
The European Parliament stated that decentralised issuers should not be required to 
organise as a single legal entity and they are not subject to regulation until their offer-
ing or issuance of crypto-assets to the public is centralised. The amended regulation 
proposal noted that some crypto-assets are managed by decentralised autonomous 
organisations instead of legal entities. However, the Council removed decentralised 
autonomous organisations from its later version, and the issuer is defined as ‘a natu-
ral or legal person or other undertaking’.163 

The regulation is stricter for the issuers of asset-referenced crypto-assets than for 
other