The European Markets in Crypto-Assets Regulation (Regulation (EU) 2023/1114 – MiCA), which entered into force on 29 June 2023, is a significant new regulation that will impact the treatment of cryptocurrencies and digital assets. MiCA requires the European Securities and Markets Authority (ESMA) to develop a series of regulatory technical standards (RTS) and implement technical standards (ITS) and Guidelines. Many of these regulations are to be developed in close cooperation with the European Banking Association (EBA).   

In addition, the German Federal Ministry of Finance and the Federal Ministry of Justice have launched a draft bill on the financing of future-proof investments, the Future Financing Act (“ZuFinG”). This will put Germany ahead of the curve as it is intended to advance the digitalisation of the capital market by opening up German law to electronic shares and crypto securities.

What does MiCA do?

One of the key objectives of MiCA is to protect consumers against some of the risks associated with investment in crypto-assets and help them to avoid fraudulent schemes. Currently, consumers have very limited rights to protection or redress, especially if the transactions take place outside the EU. With the new rules, crypto-asset service providers (CAPSPs) will have to take steps to protect consumers wallets and keys and will become liable if they lose investors’ crypto-assets or keys. MiCA will also cover any type of market abuse related to any type of transaction or service, notably for market manipulation and insider dealing.

To achieve this aim, CASPs that offer crypto-asset services such as trading, custody, or portfolio management in the EU must safeguard the ownership rights of clients as well as keep their clients’ assets in accounts separate from their own.

In this regard, MiCA will impose additional licensing and authorisation obligations on CASPs. For example, a CASP license is required if the company is not already regulated as a credit institution or financial institution.

National authorities will be required to issue authorisations to a CASP within three months if all application requirements are fulfilled and will be required to report certain information to ESMA on a regular basis in relation to large CASPs. Non-fungible tokens (NFTs), i.e., digital assets representing real objects like art, music, and videos, will be excluded from the scope of MiCA except if they fall under existing crypto-asset categories.  However, the European Commission is tasked with assessing in the future whether a regime for NFTs to address the emerging risks of this new market will also be necessary.

How is Germany leading the way in the EU?

In mid-April 2023, a draft bill for a law on financing future-proof investments (Zukunftsfinanzierungsgesetz – RefE ZuFinG) was announced in Germany. After consultation the German government agreed on a government draft (RegE ZuFinG) which was published on 17 August 2023. Although the draft law must pass the legislative procedure and may be amended, the German legislator proposes new rules which will likely be implemented before MiCA becomes effective at EU level.

The ZuFinG is a framework bill which is implemented in various German legal acts, in particular in the German Banking Act (Kreditwesengesetz – KWG). One major change in the KWG is to create more protection for customer assets in the crypto world. The regulations primarily relate to the obligations of banks and financial institutions that wish to offer crypto-asset services such as trading, custody, or portfolio management.

Assuming ZuFinG is implemented as drafted it will have the following impact:

Obligations of financial institutions  

An institution, which operates in the crypto custody business, must ensure that the crypto-assets and private cryptographic keys of its customers are kept separately from the crypto-assets and private cryptographic keys of the institution. This can be achieved by using separate public addresses. The draft rule in the KWG states:

Section 26b (1) “An institution engaged in the crypto custody business shall ensure that the crypto-assets and private cryptographic keys of the customers are kept separately from the crypto-assets and private cryptographic keys of the institution. (…)”

In the case of a bundled custody (joint custody) there is an exception to the segregation requirement. However, it should be noted that an individual customer’s share of the bundled assets must be able to be determined at any time.

Section 26b (1) cont. “(…) If crypto-assets of several customers are held in custody in a bundle (joint custody), it shall be ensured that the shares of the total assets held in joint custody to which the individual customers are entitled can be determined at any time.”

Further, the  draft KWG rules set out how institutions should deal with crypto-assets and already reflects in many respects the provisions of MiCA.  In particular the draft Section 26 (2) of the KWG states the requirement of a prior consent if the institution wants to use the asset for its own purposes:

“(2) The institution shall ensure that the crypto assets and private cryptographic keys of the customer held in custody may not be disposed of for the institution’s own account or for the account of another person without the customer’s express consent.”

This obligation is consistent with the more general requirements of Article 75 (1) MiCA which sets out in principle a customer’s entitlements to assets and keys held in custody, which is also relevant in insolvency cases. It reads as follows:

“Crypto-asset service providers providing custody and administration of crypto-assets on behalf of clients shall conclude an agreement with their clients to specify their duties and their responsibilities (…).”

The draft KWG rule follows Article 70(1) MiCA by requiring CASPs that hold crypto-assets belonging to customers or the means of access to such crypto-assets, must not use a customer’s crypto-assets for their own account.

Article 70(1) MiCA reads:

“Crypto-asset service providers that hold crypto-assets belonging to clients or the means of access to such crypto-assets shall make adequate arrangements to safeguard the ownership rights of clients, especially in the event of the crypto-asset service provider’s insolvency, and to prevent the use of a client’s crypto-assets for their own account.”

Allocation of crypto assets in custody; costs of segregation

How institutions are to use crypto assets is set out in the draft Section 46i KWG. It states in paragraph (1) that the crypto-value held in custody for a customer, within the scope of a crypto custody transaction, is deemed to belong to the customer, unless the customer has given his consent to dispose of it.

If consent is provided then under paragraph 1 of draft Section 46i KWG, the assets held in custody are not allocated to the customer’s assets anymore. Section 46i reads:

Section 46i (1) “(…) This does not apply if the customer has given consent to dispose of the crypto-value held in custody for the account of the institute or third parties.”

The effect of Section 46i also revokes insolvency protection if customers have granted a custodian a right to use their assets. For traditional assets such as securities, it is not granting a right of use but the exercise of such right by the custodian that leaves customers unprotected if a custodian enters an insolvency process. Therefore, if merely granting a right of use means that insolvency protection is lost, a wider use of crypto assets in the retail market may be difficult to achieve. Notably, the draft  Section 46i KWG complies with Art 75(7) MiCA, which requires that custodied crypto-assets are segregated from the custodian’s estate in the interest of the customers of the custodian.

Article 75(7) MiCA “Crypto-asset service providers providing custody and administration of crypto-assets on behalf of clients shall segregate holdings of crypto-assets on behalf of their clients from their own holdings and ensure that the means of access to crypto-assets of their clients is clearly identified as such. They shall ensure that, on the distributed ledger, their clients’ crypto-assets are held separately from their own crypto-assets.”

This will mean that creditors of the CASPs have no recourse to the crypto-assets held in custody, in the event of the CASP’s insolvency.

In addition, paragraph 2 of draft Section 46i KWG ensures that the private cryptographic keys are also protected from access by the institution’s creditors. It reads:

Section 46i (2) “Paragraph 1 shall apply mutatis mutandis to the share of crypto-values in joint custody to which the customer is entitled and to private cryptographic keys held in isolation.”

Furthermore, paragraph 3 of draft Section 46i KWG states that the segregation costs are to be paid by the customer if there is a lack of agreement from both sides. However, the provision provides for an exception in case of unreasonableness of the new custodian’s conditions. For example, if the new custodian offers less security than the previous one.

Section 46i (3) “If, in insolvency proceedings relating to the assets of the institution, the customer does not consent to a segregation by way of transfer of the entire portfolio held in custody by the institution to an institution designated by the insolvency administrator to operate the crypto custody business, the customer shall bear the costs of the segregation. This shall not apply if the conditions under which the other institution offers to continue the custody relationship are unreasonable for the customer. Sentences 1 and 2 shall apply mutatis mutandis to the transfer of substantial parts of the total portfolio held in custody.”

It should be noted that draft Section 46i KWG refers to “belonging” (“gilt als dem Kunden gehörig”) rather than using a legal term of legal ownership. Arguably, the provision aims to provide protection to clients without solving the more fundamental legal question – what legal right the “owner” of a crypto-asset or private cryptographic keys have?


Since the German legislator does not decide the fundamental question of what a crypto-asset “is”, the legislation cannot rely on the jurisprudence of the German Federal Court.  Instead, the ongoing regulatory supervision of compliance with the principle of asset segregation shall provide “objective evidence” that only those custody arrangements which confer the economic interest on the customer  are privileged. If enacted, the proposal will tie insolvency protection to compliance with regulatory law, which is new approach in Germany.