The regulatory framework, consequences for Tezos Bakers, and why everyone should care!

As a result of the Act Implementing the Amending Directive to the Fourth EU Money Laundering Directive, the crypto-custody business was included in the German Banking Act as a new financial service. Companies wishing to provide these services will require a permit from BaFin (BaFin = Federal Financial Supervisory Authority, similar to FINMA, SEC, FCA) when the Act enters into force on January 1, 2020.

A crypto asset is a financial instrument (according to § 1 Abs. 11 Satz 1 Nr. 10 KWG) and is defined (according to § 1 Abs. 11 Satz 4 KWG) as

  • digital representations of a value that
  • is not issued or guaranteed by any central bank or public authority, and
  • does not have the legal status of a currency or money, but
  • of natural or legal persons on the basis of a
    • agreement or actual practice as
    • means of exchange or payment is accepted or
    • serves investment purposes and
  • can be transmitted, stored, and traded electronically.

Hence XTZ is qualified as a crypto asset.

At the beginning of March 2020, the BaFin published a leaflet that explains and describes the facts of the crypto custody business.

The legal facts of the crypto custody business are fulfilled if someone:

  • stores, administrates, and secures
  • crypto assets or private cryptographic keys [which are] used to hold, store or transmit cryptographic values
  • for others

It basically means that

  1. if you store crypto assets/PK for others, you need a crypto-custody license or
  2. if you administer crypto assets/PK for others, you need a crypto-custody license or
  3. if you secure crypto assets/PK for others, you need a crypto-custody license

Let us do a quick check for bakers within the corresponding framework:

  1. No, bakers do not store crypto assets/PK for others.
  2. What does administrate mean?
  3. No, bakers do not secure crypto assets/PK for others.

Now that we know that bakers do not store or secure crypto assets for others, we have to look into the word “administrate”. Looking at the leaflet, “administration is in the broadest sense the ongoing perception of the rights from the crypto value”. This one sentence alarmed us! That’s why we approached one of the most renowned and respected law firms in terms of financial regulation (Noerr LLP, Dr. Jens H. Kunz). We asked them to assess whether our business model (Tezos Delegation Service / StakeNow) falls within the scope of the crypto-custody business and to give us an opinion. The assessment was paid for by us. It did cost a lot of money and we spent a lot of time explaining to the lawyers how Tezos works from A-Z. We have derived the definition of a delegation (to delegate) from the dictionary which says to give a particular job, duty, etc. to someone so that they do it for you. In our opinion, this is the most accurate statement.

We wanted an answer to the following questions:

  1. Does the staking service by “pure” delegation fall within the scope of the crypto-custody business?

  2. Does the assessment from question 1 change if the validation rights and not the voting rights are only assigned within the scope of delegation? Does it have any influence on whether the client’s opinion is queried or whether the client could overrule a vote of StakeNow?

  3. Does the service of staking through bond pooling fall within the scope of the crypto-custody business?

  4. Does the classification of the staking service within the scope of the crypto-custody business depend on whether only StakeNow’s bond or also that of the client may be subject to losses in the course of slashing?

We basically received the following answers from the lawyers (in much more detail of course):

  1. It does not fall within the scope of store and secure. If you look into administrating, you have to differentiate between validation- and voting rights. We should be good with validation rights, voting rights are a little bit more dangerous.
  2. It would be better if clients could vote on their behalf.
  3. Yes, bond pooling is within the scope of the crypto-custody business.
  4. Yes, there is a likely chance that slashing is within the scope of the crypto-custody business.

What can we extract from that? The design of Tezos with its LPOS is awesome. We are glad to operate only on Tezos. However, voting on behalf of others could be dangerous. One could argue that a baker “buys” votes from his “delegators”. However, according to the definition, this sentence is wrong in itself.

We received those answers within an 18 pages document. 7 of those 18 pages are explaining the Tezos protocol. On the advice of our lawyers, we issued a letter of intent (Absichtsanzeige nach § 64y Abs. 1 KWG) at the end of March, the last day of the deadline. The letter of intent stated that we would like to apply for a permit by the end of November if it turns out that our business model requires a permit. This was the only way to ensure that we could stay within our jurisdiction and benefit from a transition period. Operating a business model without permission is a serious criminal offense. The BaFin has quite a lot of power like prohibition and settlement, administrative compulsion`. Powers also exist in relation to involved parties, house searches by BaFin investigators, and account retrieval procedures. And as we probably all know - ignorance does not protect against persecution.

At the end of July, we handed in the document to the BaFin. On December 3, 2020, we received a written answer from the BaFin which we also wanted to share with the community. Unfortunately, they do not fully agree with the lawyers.

As we expected:
“In the memo [the 18 pages document] presented, it is correctly stated that in the case of the staking service in the form of delegation, neither the payment tokens nor any associated private cryptographic keys would be transferred to vDL [StakeNow] and placed in its custody. The delegation did not result in any actual custody within the meaning of § 1 (1a) sentence 2 no. 6 KWG, so that the first option [store / actual custody] of the crypto custody business is not applicable.”

“According to regulatory assessment, the delegation of voting rights results in the administration of those payment tokens in terms of the crypto custody business. This result cannot be changed by differentiating to what extent vDL [StakeNow] exercises the voting rights as a result of instructions [polls on Twitter or Telegram / GitHub as a signaling mechanism] from the client and thus acts without any scope for decision-making.”

The answer from the BaFin focused on voting only. The delegation of the validation rights was disregarded for the time being.

You may think “Wow, I’m really sorry for StakeNow - glad my baker/business is not in Germany”. Well, let’s look at the website of BaFin: “The permit requirement also applies to persons and companies that do not maintain a branch or other physical presence in Germany and wish to conduct their business solely by way of cross-border service transactions. It, therefore, applies regardless of whether the business in question is conducted exclusively in Germany for customers in Germany, from abroad into Germany or out of Germany into other countries.” By now, I should have your attention. If you vote with one single German customer, you would basically need a license according to the current view. I can’t speak on behalf of Coinbase but the US might have a similar understanding. It would be great to have more insights into that.

These were our first thoughts:

  1. Go to court. Unfortunately, the answer from the BaFin does not have instructions on legal remedies. It is not yet an administrative act. They just “shared” their view with us. There are definitely a number of attack points. However, that would probably put us out of business for an uncertain time. A victory in the first instance is questionable. If someone wants to pay the opportunity costs and the lawyers, then we can talk about it.
  2. Restrain from voting.
  3. Get a license (please see point 3) which means you need
  • the initial capital of at least 125.000 Euro,
  • pass certain requirements for IT,
  • reliable and professionally qualified business directors (at least one, better two),
  • prevention of money laundering and terrorist financing and
  • fee for the granting of permission (10.750 Euro)

Unfortunately, we must act immediately. For the time being, StakeNow will not vote anymore - even if it is very difficult for us. Points 1 and 3 are currently not an option for us. However, we will make a suggestion for proposal 009 shortly which could not only solve the regulatory aspect but also advances the Tezos governance process (spoiler: overriding is not enough). If you are based outside of Germany and in “reachable” distance to BaFin, we would consider excluding German clients for now. If you are based inside of Germany, we would consider not to vote on proposals for now. However, please get an opinion from your lawyers in your country. We will gladly share the answer from BaFin (in German language) in a call if there is a legitimate interest.

Let us find common ways to solve it.


The “tokens”/coins aren’t administered by the delegation-service. Just a function attached to the tokens, which is needed for the TECHNICAL Governance process.

I think “BAFIN” is not aware what this “voting rights” are about. It looks like, they think it’s like a share of a company. This is not the case. Tezos is an open-source project. BAFIN needs to amend their rules.


How am I to know if any of my delegators reside in Germany? That’s impossible to know.

In legal the thing that is to be judged is not a word but what happens.

The vote leads to the change of a protocol. The change leads to adoption of new technology. The new technology leads to more usage and demand for the token. Therefore the vote impacts the value of your holding.


I think we all know, that technology isn’t relevant for token values.

But i agree, it would be an interesting case for lawyers.

1 Like

Good question. You can’t but you would need to make sure that you do not have any which is your responsibility. Part of the license is e.g. also that you need to do KYC with your customers…

There is of course the way of excluding German customers in your terms of service and stating it prominently on your website. But normally you have to make sure that there is no “foreseeable misuse”. As a customer you can just ignore the terms of service and delegate to you anyway. I guess in court you would have to make clear what measures you have taken to exclude a specific customer group (KYC e.g.)

1 Like

Have a look at our proposal to solve the issue!

1 Like

Not voting means stagnating the protocol to a specific implementation, governance is a key feature that provides the token with value, stakeholders would want to sell an asset that cannot be used as it was intended if legal framework will prevent it, thus crashing the price.

If Bafin works like the SEC, with the final purpose of protecting investors from potential harm, then “not voting” should be considered an action, just as “voting”, as both actions are actually impacting the price, and I would suggest that “not voting” can only impact negatively, where “voting” may actually have a positive impact.

Thus, if you’re a baker under Bafin jurisdiction, shouldn’t the whole operation be halted as voting/not voting are similarly affecting the token value?