Blockchain & Cryptocurrency Laws and Regulations 2022

Government attitude and definition 

Boosting the adoption of digital technologies has been a priority for Italy’s government over the past few years.  In fact, to this end, dedicated government schemes have been set up to fund digital start-ups as well as to promote and finance Artificial Intelligence as a means to innovate business practices.  Such initiatives are especially aimed at industries that, traditionally, have been the cornerstone of the Italian business community, such as fashion, food, art and hospitality, but also specialist industrial sectors.

In this context, blockchain in general, and specifically its application in the field of cryptocurrencies, has been the centrepiece of the latest government’s efforts to promote innovation.  Such efforts, however, have been partially stymied by a general resistance to adopt new payment systems in a country where cash is still the most common way to settle bills, which of course might facilitate tax evasion.

This resistance led the government to press ahead with its plan to turn Italy into a cashless society, by passing a law granting significant rebates to taxpayers who avoid paying in cash.  Whilst such a measure is primarily aimed at fighting tax evasion, it will very likely make alternative payment methods, including cryptocurrencies, more popular with the general public.  Such government programme, dubbed “Cash Back”, has now been called into question as critiques say it has not delivered on its promises to reduce tax evasion, but political pressure is mounting to keep it in force.  A further boost towards cashless payment has of course been prompted by the COVID-19 crisis, during which cash was seen as a potential means of infection and online purchases warranted digital payment.

Italy has also passed legislation aimed at introducing a statutory definition of blockchain and smart contracts.  In fact, by way of Law Decree no. 135/2019, distributed ledger technologies (“DLTs”) have been defined as follows: “Technologies and IT protocols which make use of a ledger which is shared, distributed, replicable, simultaneously accessible, with a decentralized architecture based on cryptography such that it allows for the recording, validation, updating, storing of verifiable data by each participant, non-alterable and non-modifiable.”  Of course, such an attempt to provide a statutory definition of DLTs has been received critically by a number of commentators, but the government has informally signalled that it would be happy to amend it if need be.  In particular, critics have pointed out that the definition of DLT does not seem to include permissioned blockchain in which, depending on the applicable governance rules, administrators may be allowed to alter ledgers, in determined circumstances. 

Law Decree no. 135 of 2019 also provides a definition of smart contracts as a software programme that operates on DLTs and whose execution automatically binds two or more parties based on pre-determined arrangements between the same parties.  Smart contracts meet the written requisite, as required under Italian law in certain circumstances, by way of digital identification of the interested parties as per certain guidelines to be issued by Agenzia per l’Italia Digitale, a government agency charged with overseeing and promoting the adoption of innovative digital technology in Italy.  In general, the coronavirus pandemic forced Italian small and mid-size businesses to embrace e-commerce and digital innovation, with many commentators forecasting new blockchain use cases.

The Italian legal system does not include a general definition of cryptocurrencies (although, as we will analyse later, sector-specific definitions have been introduced).  Therefore, commentators have debated whether cryptocurrencies should be regarded as currency or goods from a legal standpoint.  This is not just a theoretical issue, as it would have an immediate effect on a number of levels, including whether or not cryptocurrencies are suitable means of payment.  After years of debate and uncertainty, consensus seems now to have been reached in the sense that cryptocurrencies are subject to the same legal regime as currencies that are not legal tender in Italy, e.g. outdated currencies, such as the Italian Lira, which has been replaced by the Euro, and currencies of another country.  Based on this theory, if a contractual payment is stipulated in a cryptocurrency, whilst the creditor is not entitled to payment in a currency other than that which was contractually agreed, the debtor can also make the payment in the currency having legal tender at the exchange rate of the date on which the payment obligation becomes due.  Although, to date, no case law has confirmed such theory, it has been applied in an arbitration ruling ((Hyperlink)).

As for the legal nature of cryptocurrencies, it should be pointed out that Italian Courts have not always aligned with the majority of commentators.  In fact, the Italian Supreme Court has very recently regarded the online sale of bitcoin as the promotion of Financial Instruments, whilst the Court of Florence has labelled certain cryptocurrencies, which were held in deposit at an e-wallet and exchange outfit that later became insolvent, as “fungible goods” (Court of Florence, ruling no. 18 of 2019).

Also noteworthy is a ruling of the Court of Brescia of 2018 (Decree no. 7556 of 18 July 2018) in which the Court clarified the requirements that crypto assets must meet to be eligible to be paid in as share capital of a Società a Responsabilità Limitata (broadly speaking, the Italian equivalent of a limited liability company).  In fact, the Court confirmed that cryptocurrencies are eligible to be paid in as share capital on the condition that their value is determinable, typically as determined in broadly used exchanges.  Hence, the request of certain shareholders to increase the company’s share capital by paying in certain currencies that they had just created and negotiated on a very small, homemade crypto exchange has been quashed by the Court.  As for determining the legal nature of cryptocurrencies, the ruling of the Court of Brescia has not shed additional light, as it merely mentioned that under Italian law, both goods and services, in addition to cash, may be paid in as share capital.

Although, in the political arena, there have been talks of adopting “parallel cryptocurrencies”, nothing has ever come of it for fear that their implementation would impact the monetary policy that, as Italy is a Euro area country, is the exclusive responsibility of the European Central Bank.

Cryptocurrency regulation

Although, as mentioned above, the Italian legal system does not include a general definition of cryptocurrencies, a statutory definition of “virtual currencies” for anti-money laundering (“AML”) purposes has been included in Legislative Decree no. 90 of 2017, which transposed in Italy the Fourth Anti-Money Laundering Directive, as follows: “[A] digital representation of value, which has not been issued or backed by a central bank or a public authority and which is not necessarily pegged to a legal tender, but which is used as a means of exchange for the purchase of goods or services or for investment purposes, and may be transferred, stored or negotiated electronically.”  This is certainly just an initial attempt to define such a complex phenomenon as cryptocurrencies and one in which virtual currencies are defined broadly, as the aim of the statute including the definition was to capture the wider possible range of digital assets to prevent them from being used for money laundering and to facilitate terrorism.

Thus, the use, storage and exchange of virtual currencies is not prohibited, although, over the years, both the Bank of Italy and CONSOB have issued quite stern warnings on the perils of cryptocurrencies.  In fact, the banking regulator and the financial watchdog have pointed out the risks, respectively, for the banking system and for Italian investors of relying on still-unregulated technology and investment assets.  Such warnings, however, do not appear to question the significance of crypto assets or imply that they will not increasingly play an important role going forward, but only remind the public of the current risks associated with them in the current unregulated landscape.

Also, from a data protection standpoint, crypto exchanges and crypto wallet service providers must be regarded as data controllers with respect to their customers’ private keys as well as any other personal data that they process.  In fact, one of the most significant obligations that they must carry out as per article 32 of the EU General Data Protection Regulation is to adopt and maintain security measures adequate to the outcome of an ad hoc Data Protection Impact Assessment.  The punctual performance of such an obligation on the part of the firms operating crypto exchanges and crypto wallets is of particular significance since the appropriation of the customers’ private keys by malicious third parties may result in the loss of the cryptocurrencies, with some crypto assets that, given their characteristics, may be nearly impossible to trace.

Of course, if crypto exchanges and crypto wallet service providers must adopt adequate security measures on the one hand, then any third parties who carry out hacks to steal the holders’ private keys and take control of the cryptocurrencies may be criminally sanctioned on the other hand.  In fact, under section 640-ter of the Criminal Code, those who alter an IT or network system or unlawfully tamper with data contained therein for a profit, causing and damaging third parties may be sentenced to imprisonment for up to six years as well as to a fine of up to EUR 3,000.  The above-mentioned maximum imprisonment and financial sanctions may be applied if the crime was perpetrated by way of stealing or unlawfully using a third party’s digital identity, which may, in fact, consist of the victim’s private keys.  Phishing is regarded, and punished, as hacking.

Cryptocurrencies as an investment/sales regulation 

CONSOB has long been concerned with protecting retail investors to whom cryptocurrencies or crypto assets are offered, typically through the Internet.  In fact, crypto assets are still considered a risky asset class, because of both their extreme volatility and opacity.  Whilst cryptocurrencies do not fall within the definition of Financial Instruments as set out in MiFID II and transposed in the Italian legislation, they may be regarded as Financial Products, which are defined in the Capital Markets Code (Testo Unico della Finanza, or “TUF”) as any type of financial investments different from Financial Instruments.  Over the years, CONSOB has clarified this notion, stating that a three-pronged test must be passed for a financial investment to be regarded as a Financial Product: (1) funds must be deployed; (2) there is a promise or at least an expectation of a financial return; and (3) the relevant investor takes up a risk that is directly connected to the funds’ deployment.  Should a cryptocurrency pass such test, it would be regarded as a Financial Product and be subject to the national financial regulations as set out in the TUF.  In particular: (a) pursuant to article 94 of the TUF, a draft prospectus will need to be filed with CONSOB and obtain its approval before its final version is published and the relevant crypto assets are offered to Italian customers; and (b) the requirements for distance offers must be met.  Of course, such obligations are only triggered if the Financial Products are offered to potential Italian customers.  In this respect, typically CONSOB regards crypto assets as targeting Italian customers when they are offered through a website in Italian; however, in some recent decisions, the financial watchdog appears to have taken a harder stance, claiming that an offer was directed to Italian customers simply because the website owner had not taken any active measure to prevent Italian customers from accepting the offer.  In this context, however, the Italian Supreme Court (ruling no. 26897 of 25 September 2020) has added additional uncertainty, as it has sentenced certain individuals to harsh criminal punishment for selling Bitcoins on the web for investment purposes.  In fact, the Supreme Court found that, given the methods and context within which the Bitcoins were promoted, they should have been regarded and authorised as Financial Instruments.

The above being the general landscape, over the past few years, CONSOB has on several occasions sanctioned initial coin offerings (“ICOs”) for breaching Italian law.

In fact, CONSOB has pointed out that, depending on the characteristic of the relevant crypto assets, they may or may not fall within the definition of Financial Products.  Indeed, whilst payment tokens are typically not Financial Products and security tokens are, so-called utility tokens constitute a grey area that needs to be assessed on a case-by-case basis.  For example, utility tokens often seem to only entitle the token-holder to receive a product or service in the future, but the token-holder may also intend the purchase of the token as an investment, hoping, in fact, that the future services or goods will appreciate over time, consequently causing an appreciation of the underlying “utility” token.  In such a case, what at first may seem a utility token, on further analysis may reveal itself to be an investment token.  Equally, some payment tokens may be purchased as a speculative investment instrument in light of their high volatility.

However, CONSOB soon realised that regulating ICOs in such a way based on an ad hoc analysis of the characteristics of the tokens to be issued does not guarantee the level of legal and regulatory certainty that is necessary to promote ICOs as a mainstream way to fund new entrepreneurial initiatives.

Furthermore, in 2019, CONSOB launched a public consultation on ICO regulation in Italy.  In the consultation, CONSOB depicted a draft ICO regulation to be applied to crypto assets that fall within the definition of Financial Products under the TUF with the exclusion of those assets that, as Financial Instruments, fall within the field of application of MiFID II and therefore cannot be regulated on a national basis.  According to the draft project, crypto asset issuers may opt to offer crypto assets through authorised platforms, which, at least initially, may coincide with those offering equity crowdfunding services under the relevant CONSOB regulation.  The idea was to incentivise promoters to launch ICOs through ad hoc “platforms for the offer of crypto assets” by exempting them from the prospectus and distance offering rules.  At the same time, customers would be more willing to purchase crypto assets offered through such CONSOB-regulated platforms.  In January 2020, CONSOB published the comments received – mostly from financial institutions, universities and law firms – which covered a number of issues, from the definitions of DLT and blockchain that in the consultation document appeared to coincide, to the security measures that ICO platform managers should adopt.  COVID-19 has generally slowed down the government’s action outside the urgent measures to weather the pandemic, and CONSOB has not yet followed through on its plan to regulate ICOs.



Cryptocurrency taxation is still unregulated in Italy.  In fact, the Italian tax authority (Agenzia delle Entrate) has been trying to address the taxation of crypto assets by regarding them as falling within the definition of other, more traditional assets and applying the relevant tax regimes.

  1. VAT.  When dealing with the VAT regime of cryptocurrencies, the Italian tax authorities have relied on the Court of Justice of the European Union’s (“CJEU”) finding in Skatteverket v David Hedqvist Case C-264/14.  In such a ruling, the CJEU stated that cryptocurrencies may be treated as foreign currencies for VAT purposes, and therefore the exchange of cryptocurrencies should be exempted from VAT pursuant to article 135, para 1, letter e) of EC Directive 112/2006 (the “VAT Directive”).  Consequently, in its Deliberation no. 72/E of 2016, the Agenzia delle Entrate confirmed that the exchange of cryptocurrencies is exempted from VAT under the applicable Italian legislation transposing the VAT Directive in Italy.
  2. Corporate taxation.  The Italian tax authorities have stated that the profits deriving from cryptocurrency trading are relevant for the purposes of corporate income tax (IRES and IRAP) and must be included in the company’s financial statements.
  3. Personal income tax.  The profits generated by non-professional crypto asset trading are regarded as those deriving from forex trading for personal tax purposes, and capital gains taxation will only apply to such profits if the relevant individual has held on his/her accounts more than EUR 51,645.69 worth of cryptocurrency (at the applicable exchange rate on 1 January each year).  In their annual tax return, individuals residing in Italy must specify whether they have any cryptocurrencies held in e-wallets, just as they have to declare if they have money held in foreign bank accounts.

Money transmission laws and anti-money laundering requirements 

EU Directive 2016/0208 (the “AML 5 Directive”) has been implemented in Italy by way of Legislative Decree no. 125 of 2019 (“Decree 125”).  In fact, even before transposing such directive into its legal system, Italy had imposed strict KYC and AML requirements upon crypto exchanges, but with the implementation of the AML 5 Directive, AML obligations have also been imposed upon crypto wallet service providers.  In addition, both crypto exchange and crypto wallet providers must now enrol with the Register of Financial Agents and Credit Mediators.  Decree 125 has also clarified the definition of crypto exchange, which under the previous regime was limited to firms exchanging fiat money with cryptocurrencies and vice versa, whilst under the new rules also applies to the activity of converting a certain cryptocurrency into another cryptocurrency.  AML provisions also apply to any “provider of services relevant to the use of virtual currencies” that provides services instrumental to the issuing, offering, transfer and settlement as well as any other services aimed at the acquisition, negotiation, and intermediation of cryptocurrency exchanges (along with exchange and wallet service providers, the “Crypto Service Providers”).  The lawmaker’s intent is, of course, to cast its net as wide as possible to encompass as many crypto activities as possible within the field of application of Decree 125.

As for the specific AML obligations imposed upon Crypto Service Providers, they include adequate customer due diligence, record retention and suspicious transactions reporting.

In fact, Crypto Service Providers must provide adequate information as to the provenance of the funds that their customers request them to store, exchange or settle against other positions as well as on the identity of their customers, including, for example, their profession and tax status, residence, or residence in terrorism-financing countries, etc.  Customer due diligence, however, must not only be carried out when “onboarding” a customer, but must also continue over time by way of monitoring the relevant customer’s operations (e.g. has the customer tried to fly below the radar by fragmenting fund transfers?  Has the customer focused his/her activities on Altcoins that impede tracing, etc.).

Crypto Service Providers must also retain records of documents, data, and information instrumental to preventing, identifying or ascertaining potential money-laundering or terrorism-funding activities that may be useful in order for the relevant financial investigation authorities to do their job, for a period of 10 years.

Finally, Crypto Service Providers must report suspicious transactions to the competent authorities. 

Promotion and testing

A long-awaited piece of legislation introducing regulatory sandboxes for Fintech businesses was recently passed.  In fact, on 2 July 2021, the Decree of the Ministry of Economy and Finance no. 100 of 30 April 2021 was published on the Italian Official Legal Bulletin and entered into force on 17 July 2021 (the “Sandbox Decree”).  Whilst the Sandbox Decree is aimed at fostering all types of Fintech innovation, blockchain will likely play a prominent role in the sandbox experiment.

The idea behind the Sandbox Decree is to set up a Fintech Committee composed of representatives of all the authorities potentially involved in the authorisation or supervision of Fintech businesses, i.e. the Italian Financial Markets Watchdog (CONSOB), the communications authority (AGCOM), the competition authority (AGCM), the data protection authority, the governmental body in charge of digitalisation, the tax agency, and the insurance watchdog.  The working of the Fintech Committee is described in detail in an effort to establish a comprehensive but efficient process to evaluate sandbox applicants.  Sandbox rights, if granted, last 18 months and, in certain circumstances, can be extended.

Don’t Stop Here

More To Explore