Cryptoassets and artificial intelligence in EU regulation

FinTech Perspectives

As in other fields of digital transformation, the EU Commission wants to set a standard with its draft regulations for both cryptoassets, and artificial intelligence. But is it ready for the challenge? Both technologies will bring profound changes – in finance and elsewhere. Drafting adequate provisions for questions that are genuinely new is challenging, especially when the Commission stated priority is to ensure that the EU financial services regulatory framework should be innovation-friendly and should not pose obstacles to the application of new technologies. It is difficult to strike the balance right between legal certainty and the agility needed for future adjustments in a highly dynamic field.

Our FinTech Perspectives series, will explore the content, potential, and shortcomings as well as the areas that require further clarification in this important field of European legislation on digital transformation in the financial services sector.

Europe’s digital agenda

Within its overarching plan to Shape Europe’s Digital Future, The European Commission is determined to make the lead-up to 2030 Europe’s Digital Decade. This ambition has, aside from activities in other fields, resulted in an outpouring of legislative initiatives. The great majority of these initiatives aims to get an ever better handle on our digital reality to date. These legislative activities in more established fields of digitalization include:

For all of these, the European legislator needs to reconcile its desire to support technology and business innovation on the one side with the necessary protection for individuals and business in the EU on the other side. Getting this balance right is vital for the success of each of those initiatives. It is also a relevant foundation for additional regulations that aim to address new digital technologies that will change markets even further.

New digital technologies

These new digital technologies are in particular, in the Commission’s view, quantum computing, distributed ledger technology (DLT) and artificial intelligence (AI). Among those, quantum computing is still distant from any relevant application in practice. Accordingly, the Commission’s  Quantum Strategy focuses predominantly on research & development to promote technology advancement in this field of computing. Any legal regulation for quantum computing needs to wait until its application takes further shape. Once it materializes, it will probably require a re-write of many parts of the digital legislation as its computing power may transform current e-commerce, cyber security and blockchain systems.

DLT and AI are at a different place. They have taken off already. Among the industries affected, financial services deserve a special place. The effects of both technologies on finance are considerable. Just two examples to illustrate this point:

  • DLT (and the blockchains it enables) has permitted the creation of cryptographically secure tokens which represent assets in their own right and, unlike most other digital items, may not just be a representations of something that exists already elsewhere. They can be traded and managed by its participants, without necessary intermediation by any third party institution. They can be used as means of payment or reward in any automated system, including smart contracts, enabling decentralized applications and decentralized organizations. Taken together, they create an ecosystem that differs quite significantly from anything that had been there before.
  • AI performs in finance new ways of risk evaluation, prediction modelling, credit rating and quantitative trading, to name just a few examples. It ushers in a new area of asset management. On the back of (typically) machine learning enabled data analytics, it reaches conclusions and makes recommendation that are not fully predictable and still ought to be smart. These conclusions and recommendations are machine produced – and cannot directly be attributed to any human person. Their decision-making-process cannot be deciphered retroactively - as it is the result of the AI’s self-learning abilities. The opaqueness of the process and the unpredictability of the outcome will have its impact on the way we look at, among others, responsibility, liability and risk prevention in asset management and elsewhere.

The EU legislator needs to be commended for having understood the profound impact cryptoassets and AI are about to make – as well as for the attempt to create a comprehensive legal framework for them. Still, more work needs to be done. A number of open issues have to be addressed and a number of assumptions still need to be revised. We will deal with these open issues and questions in future issues of FinTech Perspectives. Some of the most relevant questions shall be flagged already here.


The draft Regulation on Markets in Crypto-Assets (MiCA) of 24 September 2020, is part of the EU’s Financial Package which also includes a Regulation for a Pilot-Regime for DLT based Market Infrastructure. MiCA provides a legislative framework for all cryptoassets that are not regulated elsewhere – such as financial instruments under MiFID II or e-money under the E-Money Directive. It establishes varying levels of requirements for different cryptoassets, depending on the risk they create for the market overall and individual market participants in particular. The current version of the draft raises a number of questions, which we are going to explore in more detail, such as:

  • Is it really appropriate to take all cryptoassets that qualify as either financial instruments or e-money under existing EU legislation out of MiCA’s scope of application? Does MiCA’s subsidiary nature correspond to the specific and somewhat unique legal challenges that are common to all blockchain based assets?
  • Is there an over-regulation for cryptoasset service providers, making it unattractive to operate these activities in the EU? Will that create a competitive disadvantage vis-à-vis those countries that take a more flexible approach?
  • Is the balance right between the detail of regulation for some tokens, such as stable coins, on the one side and some other tokens that are hardly specified at all, such as currency or non-fungible tokens?
  • Is it justified to exempt non-fungible tokens (NFTs) from most of the relevant duties? Does this ignore the specific crypto qualities that NFTs possess?
  • Can any regulation of blockchain technology be complete without addressing the system that it creates, a system that enables all sorts of decentralized applications, including decentralized finance (“DeFi”)?

AI Regulation

The draft Regulation on Artificial Intelligence of 21 April 2021, has an extremely broad scope of application, both geographically (all AI that has an impact in the EU) and in terms of the types of AI covered (all forms of machine learning and also any algorithms that use certain types of logic/statistic/etc. approaches). It prohibits some AI (such as for certain real time biometric recognitions or social scorings) and qualifies other as “high-risk AI” (covering a wider range of product components and applications, such as credit worthiness evaluations). The Regulation’s main focus is to regulate this high risk AI, imposing a wide range of transparency, diligence and documentary requirements. Among the questions that this draft regulation raises are:

  • Are the comprehensive obligations imposed on AI providers putting European business in a competitive disadvantage in comparison to those in all other regions – none of which provides for such a set of stringent and comprehensive requirements?
  • Is there an under-regulation with regard to most pressing legal question relating to AI: who is responsible if something goes wrong? How should and adequate liability scheme look like?
  • Where to draw the lines to all the other regulations that provide for product safety of compound products that include AI?
  • Does the wide geographic application make sense? Does it create a workable framework to enforce the wide ranging obligations under the Regulation?

We will pick up on those and other topics in future issues of our FinTech Perspectives.

Authored by Leopold von Gerlach and John Salmon


This website is operated by Hogan Lovells International LLP, whose registered office is at Atlantic House, Holborn Viaduct, London, EC1A 2FG. For further details of Hogan Lovells International LLP and the international legal practice that comprises Hogan Lovells International LLP, Hogan Lovells US LLP and their affiliated businesses ("Hogan Lovells"), please see our Legal Notices page. © 2024 Hogan Lovells.

Attorney advertising. Prior results do not guarantee a similar outcome.