EU Crypto Trading Platforms Need a Bitcoin Whitepaper
Posted
Time to read
While the US is embroiled in yet another act of the drama that is crypto regulation, the EU seems to be on a relatively steady path. Already, licenses have been issued to more than 20 Crypto-Asset Service Providers (CASPs) under the Markets in Crypto-Assets Regulation (MiCAR). This moment, however, might also mark the point where a future European crypto drama begins. After all, regulation might yield adoption, and adoption yields problems. Today, we might already be setting in motion future waves of litigation. This post deals with one such potential wave.
Under MiCAR, any crypto-asset offered to the public or admitted to trading on a trading platform must be accompanied by a whitepaper, a crypto-prospectus (see Art. 6, 8 & 9 MiCAR). Trading platforms will want to list some popular crypto-assets on their own initiative, especially those assets without a central entity behind them such as Bitcoin. Generally, trading platforms that list assets on their own initiative must publish the whitepaper themselves and bear the liability attached (Art. 5(2), 15 MiCAR). For assets such as Bitcoin, however, there seems to be a way out: Recital 22 states that ‘[w]here crypto-assets have no identifiable issuer, they should not fall within the scope of Title II, III or IV of this Regulation.’ At first glance, this also exempts trading platforms wanting to list Bitcoin and similar assets. In this post, however, I will argue that this is not the case, for two reasons relating to (1) the concept of ‘identifiability’ and (2) the scope of the exemption. [1]
The Issue of ‘Identifiability’
First, there is the issue of what ‘not identifiable’ means. MiCAR offers no definition. With Bitcoin in mind, a literal reading seems plausible: Satoshi Nakamoto may be ‘not identifiable’ simply because we do not know who they are, because we do not know their name. Under this reading, a person is already ‘not identifiable’ if they act under a pseudonym. That, however, cannot be right. If a pseudonym is all it takes to avoid regulation, we can brace ourselves for a wave of fraudulent ICOs under pseudonyms—and (judging by the average meme-coin) rather unimaginative pseudonyms, too.
There is a more convincing reading of ‘unidentifiable’. Consider the context of the exemption: It is part of recital 22, which also exempts ‘fully decentralised’ service providers. In this context, ‘not identifiable’ can also be read as synonymous with ‘fully decentralised’. The wording, of course, suggests the opposite. Why use two terms for the same concept within one recital? But looking at what recital 22 is meant to do, this reading makes sense. The first sentence of recital 22 states: ‘This Regulation should apply to natural and legal persons and certain other undertakings […] and activities performed, provided or controlled, directly or indirectly, by them, including when part of such activities or services is performed in a decentralised manner.’ The exemptions included in recital 22, then, can be read as opposites of the general rule: cases where activities are not ‘performed, provided or controlled’ by individual persons. ‘Fully decentralised’ and ‘not identifiable’ are then simply two terms for the fact that a person does not fall under the general rule.
Legislative history also supports this reading. Again, this requires some context: There was no DeFi-exemption in the original Commission Proposal. The European Parliament (EP) then adopted a first version of the exemption. This exemption was worded differently, exempting ‘decentralised issuers of crypto-assets unless and until the issuance of their crypto-assets is centralised’ (recital 13), yet requiring that the competent authorities ‘ensure that steps identical to those’ applicable to all offers or admissions have been taken (Art. 5(3b)). This amendment, however, also introduced the concept of ‘identifiability’, defining the issuer as an ‘identifiable natural or legal person or other entity’ (Art. 3(1)(6)). There is no other mention of this concept in the EP text. This strongly suggests that ‘identifiable’ was simply the opposite of what had been excluded in recital 13—a person was either decentralised and therefore exempt or identifiable and therefore not exempt. Recital 13 was later reworked into recital 22 of the final text, obscuring the relationship between both concepts by using both in the negative (‘decentralised’ and ‘not identifiable’). There is no indication, however, that this was supposed to be a substantive change.
That means that, yes, ‘not identifiable’ and ‘fully decentralised’ mean the same thing. The test for both exemptions is the same, and it is a strict one. Under this reading, few issuers will qualify for the exemption. Bitcoin, for example, did originally have an identifiable issuer, though a pseudonymous one. Arguably, its maintenance today qualifies as a separate issuance and one that is carried out in a ‘fully decentralised’ manner. But the test for this will be the same as for service providers under recital 22.
The Scope of the Exemption
Second, and more importantly, there is the issue of scope. Again, a literal reading of recital 22 seems to offer a straightforward path to exemption. It offers an exemption for the ‘crypto-asset’ in question, not the issuer (more clearly expressed in other languages such as German, Spanish or French). Therefore, one could argue, anyone doing anything with those crypto-assets is exempt, as, in the eyes of MiCAR, the asset in question is always unregulated. Recital 22, of course, reels some businesses right back into the regulatory perimeter by requiring that ‘[c]rypto-asset service providers providing services in respect of such crypto-assets should, however, be covered by this Regulation.’
Under this framework, already, one could argue that CASPs are not only subject to Title V under this carve-back but, more broadly, to all requirements within MiCAR—including Art. 5(2). However, there is a more fundamental issue with the literal reading. Again, we need to consider the legislative history. While the DeFi exemption was undergoing the stages of metamorphosis outlined above, so was the other crucial concept relevant to recital 22: the concept of ‘issuer’. Under the Commission Proposal, an ‘issuer’ was simply a person engaged in offering a crypto-asset to the public or seeking admission to a trading platform (Art. 3(1)(6))—‘issuer’ was the category, ‘offeror’ and ‘person seeking admission’ the only sub-types. The EP did not change this. The final text, however, is different. An issuer is now, in a stunning tautology, a ‘person, or other undertaking, who issues crypto-assets’—a person decidedly different from both offeror and person seeking admission, because under the final text only the issuer is allowed to do either in respect of an asset-referenced token or an e-money token(Art. 16(1), 48(1))—issuer is now a separate category and not all offerors and persons seeking admission belong in that category. Issuers as such no longer bear any obligations.
Recital 22, it seems, got caught up in this shift. The final draft sticks to the EP wording by referring to the issuer—even though this term now means something entirely different. This, it seems, is the only reason recital 22 now exempts the asset instead of the person: to make the recital work at all now that issuers are not as such subject to regulation. That, however, casts doubt on whether an entirely asset-based exemption is what recital 22 is really meant to do. Consider, again, the legislative history: Under the EP text, a centralized entity offering any crypto-asset was always expressly covered. The original idea, therefore, was to exempt only those individual actions conducted in a decentralised manner. Under the final text, this is in line with the carve-back for CASPs. There is no further indication that the new recital 22 deviates from this concept, aside from the language itself. As the language itself, however, might just be an attempt to make the old issuer-based language work within the new framework, it is not itself an indication of a changed policy. Under these circumstances, it is preferable to let the original principle stand: Recital 22 only exempts individual actions.
This has implications for trading platforms and beyond: If recital 22 only applies to the individual action, then centralized trading platforms are never exempt from Art. 5(2)and neither are other centralised entities (eg, DAO foundations/trust/associations) that are conducting public offers for a DAO.
Now, is this interpretation quite a stretch? It is. But I do not think it is an impermissible one, considering we are dealing with a recital only, not an authoritative provision. The narrow interpretation presented here is also in line with the general tendency of the Court of Justice of the European Union (CJEU) to interpret exemptions narrowly and to give as much effect to underlying policies as possible (cf eg, Case C-384/02 para. 27). In the end, for trading platforms at least, the same arguments could be brought forward for why the carve-back for CASPs also reactivates Art. 5(2), which is less of a stretch.
To be clear: From a policy perspective, the argument can be made that this is an unnecessary burden. At the same time, it is entirely in line with the MiCAR framework to let someone shoulder the regulatory burden for assets they have not issued—after all, this is why offerors and persons seeking admission are regulated, whether they have issued the asset or not. And whatever one thinks of the whitepaper as a regulatory tool, investor protection is certainly strengthened when there are more whitepapers rather than fewer.
Conclusion and Practical Implications
In conclusion, trading platforms must publish whitepapers on Bitcoin and similar assets, even those that meet the high standard of ‘fully decentralised’. In practice, what remains is a significant liability risk for trading platforms. Trading platforms that do not publish whitepapers for Bitcoin and similar assets not only face regulatory action but also liability under Art. 15 MiCAR and national law (though it remains to be seen whether Art. 15 MiCAR applies to cases where no whitepaper is published at all as this is not expressly covered by the provision). Art. 15 MiCAR especially might prove expensive for defendants. Under MiCAR, damages are not capped at the original offering price (which, in any case, the platform itself did not receive). Trading platforms are practically forced to buy back an asset at any market price paid by the claimant. Trading platforms bear the full risk of a speculative downturn—claimants can buy high, sue low. In the notoriously volatile crypto-market, this is a significant risk.
Other circumstances exacerbate the risk: It is unclear whether Art. 15 MiCAR imposes strict liability. Even if it does not, the CJEU has ruled (in competition law) that there is no ‘advice of counsel defence’ under EU law and that even actions of national regulators (such as no-action letters) do not shield defendants from liability, where the law provides no authority for such letters (Case C-681/11 para. 41-42). The same reasoning can be applied to financial regulation and potentially affects not only actions by national regulators but also clarifications provided by ESMA without statutory authority (eg, in the Q&A).
The issue of whitepapers under recital 22, therefore, bears all the hallmarks of a veritable liability storm. There is only one way out for trading platforms: publishing a whitepaper. Some of them, it seems, have already come to this conclusion. The LCX platform (which has applied for a license in Liechtenstein), for example, has published ‘voluntary’ whitepapers on Bitcoin, ETH, XRP, and others. Other trading platforms should consider doing the same. Platforms already in operation which listed assets prior to December 30th, 2024, benefit from a generous grandfathering clause (Art. 143(2)): they must ensure compliance only by December 31st, 2027. For platforms that want to seek regulatory clarity first, however, the clock has already started ticking.
Benedikt Bartylla is a PhD Candidate and Research Assistant at the Philipps-University Marburg Institute for the Law and Regulation of Digitalisation (IRDi).
[1] Some parts of the arguments presented here have also been included in a (German) book chapter co-authored by Andreas Dieckmann, see Meier J (ed.), Handbuch MiCAR, 2025, Chapter 8, ‘Haftung für Whitepaper’.
Share
YOU MAY ALSO BE INTERESTED IN
With the support of
