Category: Regulation

Posted on

South Korea bids to lift ICO Ban

Categories Blockchain, Cryptocurrency, ICOs, Law, Regulation

South Korea bids to lift ICO Ban

Eight months ago, South Korea rocked the crypto world by imposing a blanket bank on initial coin offerings (ICOs). In an announcement last week, the country’s National Assembly made an official recommendation to reintroduce domestic ICOs. This proposal is backed by the three-hundred-member national legislature, on the proviso that ICOs. will adhere to the relevant investor protection provisions.

A mass exodus of crypto-companies

The special committee of the National Assembly went as far as accusing the government of ‘neglecting its duty’ in responding appropriately to the blockchain boom, resulting in the mass exodus of domestic companies working in the sector.

The Assembly hopes to encourage and accelerate discussions on blockchain and ICOs and a legislative and policy proposal that supports ICOs has also been tabled. The committee on the 4th industrial revolution has also called on the government to form a task force that will comprise of public officials and private experts to “improve transparency of cryptocurrency trading and establish a healthy trade order”.

“The administration also needs to consider setting up a new committee and building governance systems at its level in a bid to systematically make blockchain policy and efficiently provide industrial support. We will also establish a legal basis for cryptocurrency trading, including permission of ICOs, through the National Assembly Standing Committee.”

A bill to legalise ICOs

This legislative effort first emerged after a group of legal experts and lawmakers, led by Rep. Hong Eui-Rak of the Democratic Party of Korea, began the process of drafting a bill that would legalise ICOs within the country.

“The bill is aimed at legalizing ICOs under the government’s supervision[…],” he said at the time. “The primary goal (of the legislation is helping remove uncertainties facing blockchain-related businesses.”

This turn of events comes after recent remarks from Korea’s financial watchdog who aims to focus on the “positive aspects” of crypto whilst suggesting that the government should relax cryptocurrency rules in the world’s largest cryptocurrency trading market.


If you have any questions in relation to ICOs, please contact us on [email protected]

Read More
Posted on

Ohio plans to be the next US State to legally recognise blockchain data

Categories Blockchain, Cryptocurrency, Law, Technology, Regulation

Ohio plans to be the next US State to legally recognise blockchain data

Senate Bill 300 which was introduced by Senator Matt Dolan could pave the way for Ohio to be the next US state to legally recognise smart contracts and record on the blockchain. The bill makes amendments to the Uniform Electronic Transactions Act so it will now allow for smart contracts to be as legally enforceable as any other contract.

If the bill is passed, it would introduce a new language, stating that blockchain technology can be used to process and store electronic information as well as providing ownership rights.

“Notwithstanding any other law, a person that, in or affecting interstate or foreign commerce, uses blockchain technology to secure information that the person owns or has the right to use retains the same rights of ownership or use with respect to that information as before the person secured the information using blockchain technology.”

The bill continues: “This division does not apply to the use of blockchain technology to secure information in connection with a transaction to the extent that the terms of the transaction expressly provide for the transfer of rights of ownership or use with respect to that information.”

Notably, the bill makes amendments to language in a different section that pertains to electronic contracts, adding that “smart contracts may exist in commerce”. It also states that whilst a contract may be denied legal effect or enforceability solely because an electronic record was used in its formation, it goes further and specifies that smart contracts may be used for legal documents.

If the law is passed in Ohio, the state should join Arizona, California, Florida, and Tennessee in recognising both smart contracts and blockchain transactions in electronic records.


Are you looking for ICO Legal Advice? Click this link to know more.

Read More
Posted on

Understanding the GDPR: General Data Protection Regulation

Categories Law, GDPR, E&S Group, European Parliament, Regulation, Data Protection, Data Protection Officer

Understanding the GDPR: General Data Protection Regulation

Guest Post by Tenfold.


The GDPR–or General Data Protection Regulation–is a regulation passed by the European Union on April 27, 2016, with an effective start date of May 25, 2018. Officially classified as regulation 2016/679, the GDPR expands upon and replaces the Data Protection Directive 95/46/EC of 1995. It serves as the EU’s effort to synchronize and harmonize laws on citizen and resident data privacy throughout its member states.

GDPR is based on Privacy by Design/Default, a set of user-centric principles that bequeath a sacred status to user privacy from the get-go rather than as an afterthought. Piggybacking on that is ability of users to sue organizations under the GDPR who might mishandle personal data. To accomplish this, the GDPR mandates new user-oriented information-handling processes to which EU companies will soon find themselves beholden, not to mention subject to significant penalties in the event of a violation.

The complete text of the GDPR legislation clocks in at 88 pages. There exist within it 173 recitals and 99 articles, each one applying universally to all EU member states. The key provisions of this sweeping legislation are provided below, and constitute the essence of what the law entails and how it affects data storage and retrieval for all related EU entities.

Who the Law Protects

There is a slight bit of confusion when it comes to just who falls under the protective auspices of the GDPR measure. The term “natural person” appears frequently throughout the text, and while this indeed refers to EU citizens, it actually extends further to those merely residing in the EU.

To wit, a natural person in EU nomenclature is any human possessing “legal personality”. That’s a very law-like definition that essentially boils down to a person who acts on their own behalf rather than in the interests of a business entity (sometimes known as a “legal entity”) or a government entity (or “public entity”).

To simplify matters, all humans native to or residing inside the EU with data to protect are blanketed under the term “data subject”. The rights of these data subjects to control and even extensively delete their private data is at the heart of the GDPR.

How GDPR Defines Personal Data

The GDPR defines personal data quite simply: Information (“data”) that can be used to identify a natural person (“data subject”). This seems self-evident on its surface, and indeed, certain identity-related elements fall naturally within this definition, such as name, ID number, home address, and more. But in the current era of sophisticated online data tracking technology, the amount of transmittable, personally identifiable data has ballooned (at least in the EU’s opinion), and with it, the number of privacy touch points potentially available to corporate and government bodies.

This massive list includes, but is not limited to, online identifiers such as IP addresses, social media accounts, email addresses, accounts numbers, browser cookies, and more. Constituent to this are direct identifiers and indirect identifiers, both of which establish the data subject’s identity by degrees. For instance, a direct identifier is a name, ID number, home address, and so on. Indirect identifiers include date of birth, location, or even title, and while they don’t pinpoint data subjects directly, they can nevertheless unmask a person’s identity when used in concert.

Personal Data vs Sensitive Personal Data: What’s the Difference?

In short, sensitive personal data is more or less a subset of personal data. However, as the name implies, sensitive personal data is information that is not as objectively verified as standard personal data. For instance, a data subject’s home address or date of birth can be independently and objectively verified. Under the GDPR, this is personal data, but it’s not “sensitive”. Another way to think of sensitive data is as “privileged” information, i.e. data that must be communicated by the subject themselves.

Some examples of sensitive personal data include:

  • Racial or ethnic origin
  • Religious beliefs
  • Genetic data
  • Trade union membership
  • Biometric data
  • Health data
  • Sexual orientation
  • Data pertaining to the subject’s sex life

The GDPR’s aim is not to restrict the processing of personal data altogether, only to eliminate those instances where data might be processed without the full and clear consent of the data subject. In any respect, the GDPR dictates that data must be processed transparently and equitably at all times. This sounds simples on the surface, but unfortunately for the controllers handling personal data, there are a number of requisites in the GDPR that reveal the attendant difficulty involved.

At least one of the following requisites must be met for lawfully processing personal data:

  • Direct consent from the data subject
  • Execution of an agreed-upon contract or as a preliminary step thereof
  • Legal compliance on the controller’s behalf
  • Protection of the subject’s vital interests or those of another person
  • Tasks performed in the public interest or as an extension of the controller’s official authority
  • Tasks performed in the controller’s legitimate interests or that of a third party unless superseded by the rights and natural protections of the subject, especially children

While not exceedingly divergent from the above, the standards for lawfully processing sensitive personal data are nonetheless more tightly confined to at least one of the following (some of which are duplicated from personal data):

  • Explicit consent of the subject
  • Necessary for obligations to employment, social protection and social security laws, and collective agreements
  • Protection of subject’s interests when subject is incapable of consent, whether physically or legally
  • Processing of data belonging to members or former members of and by a not-for-profit entity with a political, philosophical, religious, or trade union affiliation; strictly prohibited from divulging said data to third parties
  • Data made public by subject
  • Necessary for legal claims
  • Tasks performed in the public interest
  • Administering preventative or occupational medicine, assessing subject’s working capacity, medical diagnosis, health or social care
  • Public health as a public interest, including protection against cross-border health threats or to guarantee quality healthcare, medicine, or medical devices
  • For purposes of data storage, inquiry, and statistics

What Is a Controller?

According to GDPR lingo, a controller is the entity–natural person, legal entity, public agency, authority, or similar–that makes the decision on why personal data is being processed. They specify whose data will be collected, which categories of data to include, the length of time needed to store the data, and more. Not only that, but a controller determines if the data subject needs to be alerted that their personal data is about to be processed or if the subject’s consent is needed prior.

In that same vein, controllers are most often with whom data subjects will directly come in contact. As the public “face” of the data processing endeavor, controllers are the ones responsible for ensuring tight controls on how the subject’s information is managed. Aside from protecting the trust and privacy of the subject, the controller must ensure compliance with the GDPR at every turn.

But just as the data subject need not be an EU citizen, neither must the controller be based in the EU. Controllers can originate anywhere across the globe; so long as they engage in the processing of data for natural persons currently in the EU, they are bound by GDPR guidelines. The best examples of this come by way of social media giants such as Facebook and Twitter; search engines like Yahoo!, Bing, and Google; or retail outlets like Amazon, eBay, and more. Despite being headquartered within the US, these companies must regardless fulfill the requirements of the GDPR or risk non-compliance.

To make matters slightly more complicated, controllers not originating within the EU must designate a representative from inside the EU to help process data in a way that satisfies the GDPR. The representative accomplishes this by coordinating with that nation’s governmental body in charge of overseeing GDPR compliance, also known as the supervisory authority. It’s more or less a checks and balance system to prevent non-EU nations from roguish data processing.

What Is a Processor?

While controllers oversee the whys and whats of personal data processing, processors are the entities designated by the controller to perform the processing itself. The processor may be a natural person, a legal entity, public agency, authority, or similar, and as with controllers, they may also originate outside the EU. No matter the location or the type of entity, the bottom line remains the same: as long as the processor is managing personal data belonging to a natural person within an EU member state, GDPR still applies.

Rather than micromanaging every processing-related task, controllers may choose to rely on the processor’s systems and data security. However, controllers are the ones ultimately responsible for making sure this happens.

What is a Supervisory Authority?

Each member of the EU is required by GDPR to arrange a supervisory authority whose chief duty involves monitoring whether the regulation is being faithfully applied. The GDPR states in no uncertain terms that the regulation must be enforced consistently within every EU member state. To make this a reality, supervisory authorities are mandated to cooperate with one another when it comes to the free flow of data. Member nations are allowed to arrange for multiple supervisory authorities, but one must be chosen as a representative before the European Data Protection Board (EDPB). The same supervisory authority is also required to guarantee that the other supervisory authorities are following GDPR.

What is a Data Protection Officer?

A Data Protection Officer (DPO) is required under GDPR rules to manage and implement an organization’s data protection policies. This applies to any entity that archives extreme levels of personal data. And it doesn’t necessarily apply only to customers or users; any organization with a significant data burden even for its own employees is obligated to elect a DPO. The definition of who constitutes a data subject are far-reaching in the GDPR.

Each DPO will be in charge of educating its parent entity from top to bottom in the requirements for satisfying the regulation. He or she also conducts training for staff members who are directly involved in processing personal data, routinely audit the organization’s data security, and recommend fixes accordingly. In addition, DPOs also liaison with supervisory authorities and enforce the entity’s compliance not only with the GDPR, but with member state laws as well.

Data subjects may interact with DPOs as their main point of contact, too. As the public “face” of the data processing operation, DPOs carry a host of responsibilities, all with the goal of remaining as open, transparent, and subject-focused as possible. These include:

  • Inform subjects for which purposes their data is being processed
  • Provide access to their data
  • Explain the safeguards enacted by the company to secure their data
  • Disclose the involvement of third parties
  • Disclose the duration that their data will be archived
  • Respect the subject’s right to have their data deleted
  • Fulfill all data requests from subjects with timeliness and/or inside of one month from receiving the request

Take, for instance, a security firm that utilizes closed-circuit TV to surveil and monitor either communal areas or private businesses. Because their core activities constitute a public task, this firm would need to elect a DPO. The same is true for any processor that engages in minimal data retrieval or processing such as call centers. By contrast, entities that provide ancillary support, including payroll and IT support, need not install a DPO.

Exactly who can serve as DPO is left largely to the entity’s discretion. The DPO may be “in-house” or external, and they may perform other tasks for the company as well. However, they may do so with the proviso that their work for the company and their work as DPO does not create a conflict of interest.

While the role of DPO will look different from company to company, there are a few qualifications that the DPO must meet as outlined in the GDPR. These include:

  • Expertise in data protection law, both national and European
  • In-depth knowledge of the GDPR
  • Comprehensive understanding of the organization’s data processing structure
  • Ethics and integrity
  • Free to carry out their tasks independently

Data Breaches

We tend to think of “data breach” in rigid terms connoting the theft of confidential information from within the confines of an otherwise guarded data security system. With the GDPR, however, a data breach does not begin or end at theft but instead is defined much more broadly. It can include accidental or illegal destruction, loss, change, unauthorized access to or disclosure of personal data whether processed or archived. Once a breach occurs, controllers must notify the supervisory authority without “undue delay” or inside of 72 hours. This deadline holds true whether the breach was discovered by the processor or by the controller, although it is the controller’s responsibility, not the processor’s, for notifying the supervisory authority.

Controllers must then notify the data subject that their data has been compromised, otherwise known as an individual notification. Despite the thoroughness of the GDPR’s overall coda, it does not mandate individual notifications if certain conditions have been met. These include:

Regarding that last condition, the entity or controller is still required to alert data subjects through public means.

The Right to Erasure

The right to erasure is EU parlance for the right to be forgotten, or the right for a data subject to have their personal data comprehensively deleted. A data subject may invoke their right to erasure under four primary scenarios:

  • The initial purpose for archiving the personal data no longer applies
  • The subject removes their consent
  • The subject requests erasure in the event of non-compliance with GDPR guidelines or breach of data security
  • Legal reasons

Data Minimization

Data minimization is one of the more important Privacy by Design/Default principles mandated by the GDPR, and as the name suggests, it’s all about minimizing the amount of data that is collected, processed, and archived. Controllers are duty-bound to gather only as much personal data as is needed to perform the required task and reserve said data exclusively for the task in question, i.e. no migrating personal data from Task A over to Task B unless the data subject has consented.

Keeping with similar principles laid out elsewhere in the GDPR, data minimization requires controllers to limit the processing of a subject’s personal data according to certain stipulations. More specifically, this means only data that is relevant, adequate, and necessary to the purpose for which it was originally collected. Anything beyond this violates the GDPR and opens the entity to fines.

Right to Rectification

Privacy by design/default may be at the heart of the GDPR as a whole, but part-and-parcel therein is the right of data subjects to contest the processing of inaccurate or incomplete data. They may do so by requesting that the controller in question rectify their associated data, whether correcting false information, filling in missing data, or amending data with a clarifying statement. Controllers must respond to such requests in a timely manner or no later than one month from receipt. 

Consequences for Failure To Comply

The consequences for failing to comply with the GDPR vary depending upon the transgression and can be divided between administrative fines and fines for breaches, whether a data breach or breach of consent, privacy, and the like. For failure to comply with administrative or preparedness standards, entities may be fined the greater of 2% annual global turnover or 10 million euros. Fines for breaches are double at 4% of annual turnover and 20 million euros, whichever is greater.


Without a doubt, the GDPR poses many new risks and challenges for data processing entities across the world who traffic in the personal data of EU residents. Perhaps even scarier is that the stress on collection, processing, and record keeping systems won’t be entirely calculable until after the regulation has actually gone into effect, leaving controllers and processors doing their best to tread water, so to speak, and avoid fines for non-compliance. The trade-off for successfully implementing the regulation, however, is worth it. Users’ personal data will be much less prone to abuse, translating to renewed confidence and trust on the part of data subjects, and greater engagement between all parties involved.


This article was originally published by Tenfold

Read More
Posted on

Can blockchain and GDPR coexist?

Categories Blockchain, GDPR, Regulation

Can blockchain and GDPR coexist?

If you didn’t know what the GDPR was a few weeks ago, I can guarantee that you know what it is now. The GDPR came into force on the 25th of May and it has totally overhauled privacy for EU citizens. But do some of these regulations have the capacity to cut some of the benefits of blockchain technology? Or will DLT actually increase the effectiveness of the new laws?

According to many, the answer is “a little bit of both”. In many ways, the blockchain can actually reinforce the need for individual privacy when it comes to online transactions as GDPR and blockchain actually have a few goals in common. A traditional centralised database doesn’t give individuals much control over their data and how it is managed or disclosed. DLT means that they can freely decide the scope of the data that is shared, as well as its recipients. It also allows users to mitigate certain security risks regarding the sharing of personal information.

Challenges and requirements

A recent paper from a student at the University of Zurich addressed some of the potential challenges and requirements that are involved in preparing blockchain networks for the enforcement of the GDPR. It was suggested that blockchain and torrent technologies could be a part of a new foundation for decentralised platforms that will help to provide safe and secure data storage as well as processing that allows users to retain full control over every aspect of their data.

The blockchain will allow any shared data to be fully encrypted and then validated on the network and by including a Personal Certificate Authority, this means that users can limit data sharing to specific recipients, ensuring GDPR compliance.

There are, however, some DLT arrangements that may need to be rethought and tweaked accordingly. Any entity that employs or exchanges data with European customers or partners is subject to the rules, even if they are not based in the EU. The rules are designed to harmonise the data protection laws in the EU which were very out of date, as well as providing more protection and empowerment for EU citizens data privacy.

Points to be addressed

To ensure that a blockchain meets the requirements that are imposed by GDPR, the following points need to be addressed and considered.

The blockchains public nature: If both the public key and the hashed transaction data can be linked to an individual person then they are both considered as personal data and as such would fall under the scope of GDPR.

Immutability: The fact that DLTs are immutable is not in harmony with the GDPR as the right to be forgotten is one of its core points. Contrast this with the fact that one of the selling points of blockchain is that data entered into it cannot be edited, changed, or removed and it presents a problem. Whilst this can be addressed through fully migrating the blockchain, this is an expensive and long-winded effort.

Transferring data out of the EU: DLTs and blockchains are built on nodes that are then distributed across globe-spanning networks- the complete opposite of what the GDPR is trying to achieve. However, on the public blockchain, each node should contain an exact copy of the complete ledger and can, therefore, be considered as a controller of personal data under the scope of the GDPR.

Anonymisation vs pseudonymisation: Whilst steps can be taken to avoid storing personal information on the blockchain, or keeping it completely anonymous, with GDPR the threshold for data anonymisation is very high. Methods such as encryption, hashing, and tokenisation don’t usually provide anonymisation but rather pseudonymisation and encrypted data can often still be traced back to an individual.

In terms of GDPR, a user is considered to be safe when they have full power over the data that is shared on the platform. This is a rather ambitious goal to achieve but in a time when user trust in how companies handle their data is at an all-time low, ensuring compliance with GDPR would help to restore confidence. By decentralising data ownership via the use of the blockchain, it means that every user has a small chunk of the data which does make it much harder to pack and obtain personal information through illegitimate means.


Are you looking for ICO Legal Advice? Click this link to know more.

Read More
Posted on

Strict regulations on cryptocurrencies are set by Royal Decree.

Categories Blockchain, Cryptocurrency, Regulation

Strict regulations on cryptocurrencies are set by Royal Decree.

The Royal Family of Thailand has recently announced a regulatory framework that will outline cryptocurrencies and how they will be governed within the country. An important vote of confidence from the ruler, the new laws which consist of 100 different sections, were published in Thailand’s Royal Gazette and define cryptocurrency as both “digital assets and digital tokens”. Cryptocurrencies will now fall under the jurisdiction of Thailand’s Securities and Exchange Commission (SEC).

New laws designed to encourage growth

The SEC and the country’s finance minister, Apisak Tantivorawong have come out in support of cryptocurrencies and ICOs and the new laws are designed to encourage the future growth and development of the space. Providing clear legal guidelines for the sector will not only protect all involved stakeholders but it will promote further expansion and innovation.

As the royal decree becomes official, any entity that wishes to sell digital assets or tokens is obliged to register with the SEC within the following 90 days. Anyone that fails to do so could end up with a hefty fine that totals up to twice the value of any unauthorised transaction, or a minimum of $15,700. Anyone that tries to play the system and deliberately falls foul of the law could find themselves facing up to two years in prison.

Required registration

All cryptocurrency exchanges, brokers, and dealers that operate within the country are required to register with the authorities in a move that is designed to both protect investors and to ensure that crypto isn’t used for money laundering, tax evasion, or other criminal activities.

This framework was first announced in March and since then it has gone through a range of changes. Before the laws, there was a rather high level of apprehension on the part of Thailand’s central bank which has subsequently banned all domestic banks from facilitating cryptocurrency trading or investments. There were widespread concerns within the Thai crypto community that the banks and government would outlaw all forms of cryptocurrency completely. ICOs and related activity had already become banned entirely and ICO trading was banned by the Thai Digital Asset Exchange in February for the same reasons although normal trading was allowed.

In Thailand, cryptocurrency assets are already subject to taxation such as a 7% VAT on trades and a 15% capital gains tax on all crypto-related returns.

Interested in Learning More about ICOs Legislation in Malta? Contact us directly on +356 20103020 or by mail at [email protected] to find out more.

Read More
Posted on

Does crypto have what it takes to survive 2018?

Categories Blockchain, Cryptocurrency, Regulation

Does crypto have what it takes to survive 2018?

At the time of writing, there are almost 2000 cryptocurrencies in circulation. These digital currencies can be used to pay for online services such as casinos, betting, and mobile bingo, as well as on certain e-commerce sites. A transaction that is executed with a cryptocurrency is unique in the fact that it is verified through the use of cryptography and once it has been made, it is logged in a database and cannot be changed, edited, or tampered with in any way.

Will crypto prevail?

Back in the 1990s, there were several attempts at creating virtual currencies, but nothing worked or came to real fruition until 2009 when Bitcoin burst onto the scene. Created by the anonymous developer Satoshi Nakamoto, its value has increased at a meteoric rate, and its popularity has sparked the introduction of countless other cryptocurrencies and platforms over the last nine years. Today, many are asking whether Bitcoins popularity will prevail, whether it will be replaced by other coins, or whether the concept of cryptocurrencies will die out altogether.

Popular opinion would suggest that only the main cryptocurrencies will survive in the long term and the smaller, less established ones will crash and burn, due to a lack of interest or requirement for their purpose. This is because many of the almost-2000 coins on the market are very similar in the way that they work and they don’t bring any new ideas, concepts, or services to an already full table. It is highly likely that any coins that don’t have a unique selling point will become completely superfluous to requirements and will be ignored in favour of those offering something special. Although the value of Bitcoin has dropped a bit in 2018, it remains the strongest cryptocurrency on the market due to its history and reputation. For this reason, it seems likely that it will survive the year and continue to thrive as time goes on.

Differing of opinions

There are, however, no shortage of naysayers that have jumped at the opportunity to publicly decry cryptocurrencies. Take, for example, the governor of the Bank of England who said they are a scam and a leading Goldman Sachs analyst who went as far as to say that he believes Bitcoin will reach a value of zero shortly. Many believe that these critics are only critics because they have a vested interest in crypto’s failure, and for every critic, there are figures such as the CEO of Pantera Capital who believes the value of a single Bitcoin will peak at around $500,000. He also added that the value of some of the other leading coins such as Ethereum and Ripple would stabilise and continue to grow in the coming months, a statement in direct contradiction of Goldman Sachs.

While it seems that crypto will survive the year, that doesn’t mean that 2018 will be without its challenges. Issues such as regulations, safe storage, and maintenance of platforms will be integral to their continued success. Innovation and development must be continuous to keep up with demands and popularity, and this could pose a problem for the smaller currencies with fewer resources.

Survival of the fittest

Cryptocurrencies, by their very nature, are volatile and unpredictable and it seems that in this industry, the phrase “survival of the fittest” will ring especially true. In a market where coins can crash at any moment, it seems that the ones that enjoy widespread adoption, as well as being accepted as payment methods by more vendors, are the ones that are likely to be here for the long run.


If you have any questions in relation to ICOs, please contact us on [email protected]

Read More
Posted on

3 Bills are published – Malta is reassuring itself as the Blockchain Island.

Categories Malta, The Blockchain Island, DLT Regulation, Regulation

3 Bills are published – Malta is reassuring itself as the Blockchain Island.

Yesterday, the Maltese government published the 2nd reading of the 3 progressive laws regulating blockchain companies. The government launched these laws in the wake of the launch of the Delta summit which is happening in Malta on the 3rd to the 5th October 2018.

During a video conference call, Malta’s Prime Minister Joseph Muscat stated that “Malta is one of the first countries worldwide to regulate this technology creating an ideal ecosystem for companies, start-ups and investors to meet and share insights. Also, to build the future of blockchain together.”

The government’s vision is to attract more blockchain based businesses to choose “The Blockchain Island.” Consequently, Malta has already set blockchain based projects which are underway to be used in the public.

Due to strict regulations implemented by other jurisdictions around the world, Malta’s clear approach on blockchain is attracting new businesses to the island. Malta’s clear set bills are one step ahead from other countries with a vigorous ecosystem, thus become aware of unlawful business dealings within the industry. In the process, many blockchain based companies have shifted their business to Malta.

These set bills will regulate the whole sphere of blockchain in a positive outlook, supporting the growth of this ever so important industry. The government is setting up the Malta Digital Innovation Authority (MDIA) operating under the Malta Financial Services Authority (MFSA), which shall provide legal certainty to all Distributed Ledger Technology (DLT) based companies. The second bill, the Virtual Financial Assets Act will regulate all cryptocurrencies, Initial Coin Offering (ICOs) and also regulate crypto exchange companies. The last bill is the Innovation Technology and Arrangement Services Act, which encompasses the framework on how the MDIA will work. If you would like to read more on the laws please click on the respective law below.


E&S Group is a leading law firm offering various services with regards to ICOs. Feel free to contact us directly on +356 20103020 or by email at [email protected] to find out how E&S can help you in ‘making things happen’.

For more information click the link.


Read More
Posted on

Malta’s government has published the Virtual Financial Assets Act.

Categories Malta, Law, The Blockchain Island, Regulation

Malta’s government has published the Virtual Financial Assets Act.

Today, 22nd May, the Maltese government has published Virtual Financial Assets Act. Through this law, Malta will become a jurisdiction which DLT based companies can work better through a regulated jurisdiction.

The Maltese government have been in talks with various key stakeholders in the DLT realm. A public consultation had also taken place back in March. The Virtual Financial Assets Act (VFA) is one of three laws which are yet to be published. To read the Virtual Financial Assets Act, please click here.

The Government has succeeded in creating a transparent yet straightforward legislation which is attracting new DLT and Crypto-based companies to the island. No wonder Malta is being dubbed as “Blockchain island”.

E&S Group is a leading law firm offering various services with regards to ICOs. Feel free to contact us directly on +356 20103020 or by email at [email protected] to find out how E&S can help you in ‘making things happen’.

For more information click the link.


Read More
Posted on

A cryptocurrency fund of hedge funds is launched for the retail sector.

Categories Blockchain, Cryptocurrency, ICOs, Regulation

A cryptocurrency fund of hedge funds is launched for the retail sector.

An investment manager who deals specifically in cryptocurrency and blockchain has announced the launch of a hedge fund that will cater to the needs of retail investors. The fund is called “The Apex Token Fund”, and it is hoping to raise up to $100m from non-US based investors via a token offering.

The launch comes after Mark Carney, the Bank of England governor stating that cryptocurrencies need more regulation to help combat issues with illegal activities while limiting the potential harm to consumers.

The managing partner of Apex Token Fund, Christopher Keshian said: “to truly bring crypto-assets into the mainstream; we must develop more mature financial products suitable for a larger base of investors. The Apex Token Fund uses technology that will unlock liquidity, manage volatility, and lower barriers to entry for a larger market of global investors. Cryptocurrencies are growing in a jagged upward trajectory, and we believe that the best way to build a portfolio in this space is by diversifying investment strategies and fund managers.”

Apex made it clear that to invest in the fund of hedge funds, an investor doesn’t need to have a large sum of money as the minimum investment, nor do they have to commit to multi-year lock-in periods.

The fund is designed to target those that are already au fait with the world of cryptocurrencies but that are keen to seek out a more diversified exposure.

To know more about ICO legislation in Malta, please follow this link.

Contact us directly on +356 20103020 or by mail at [email protected] to find out more.

Read More