Tokenised Securities In Luxembourg : Concept And Legal Considerations To Be Taken Into Account Upon An Issuance – Technology

To print this article, all you need is to be registered or login on

DLT, blockchain and security tokens are hot topics among
legal authors and numerous publications have been made to date.
Distributed ledger technology
DLT“) is
increasingly used by businesses in different sectors, with many
Fintech start-ups flourishing in Luxembourg and Europe. In
Luxembourg, the Commis sion de Surveillance du Secteur Financier
(the “
CSSF“) has over
the last couple of years been contacted by numerous promoters of
projects involving DLT and gained expertise in relation
2, without however releasing
extensive guidelines or analyses, unlike e.g. the
3 or BaFin4.
The Luxembourg legislator has been active in the same period with
some amendments made to its legislation to take into account DLT.
However, we currently see a gap between this new technology which
attracts an increasing number of actors willing to use it and the
absence of clear legislative framework regulating the issuance of
tokens, in par ticular those qualifying as financial instruments
(the so-called security tokens). Nevertheless, Luxembourg law does
not prevent the tokenisation of traditional securities (and more
specifically securities in registered form) which will be the focus
of this paper. The objective of this paper is to draw the attention
on different legal considerations to take into account when
contemplating an issuance of tokenised securities.

As we write this paper5, the
European Commission has finally launched its digital finance
strategy with different proposals that we will briefly touch upon.
This is an important step towards the digital transformation of the
economy and the financial industry and will lead market actors,
regulators and supervisors to work together in order to create a
sound legal framework within the European Union. We can also
anticipate that the launch of the digital finance strategy will
lead to the introduction of new regulations under Luxembourg law
which, one may hope, will create an attractive legal framework for
Fintech actors and will continue to position Luxembourg as a leader
in digital finance in Europe.


In order to fully understand what entails an issuance of
tokenised securities and distinguish it from an issuance of tokens
only, one must first understand how DLT functions and we consider
that in that context, some clarifications should also be made as
regards the legal terminology associated with DLT (A). We will then
turn to what issuers will need to consider when issuing tokenised
securities, in particular, in terms of securities that can be
tokenised and arrangements necessary for the tokenisation process
to occur (B).

A) General considerations on DLT and legal terminology

To understand the legal issues that companies and issuers may
face when using DLT, it is important to first explain, in
layman’s terms, certain technological concepts and clarify the
terminology which is often not correctly or heterogeneously used
and can lead to confusions if readers are not familiar with this
technology6. The objective of the following developments
is to provide the readers with some useful and simplified
explanations on how DLT and tokenisation work but should not be
viewed as an exhaustive overview of how this technology functions
(1). In the second part of this section, we will attempt to clarify
the legal terminology used in respect of tokens, in particular in
light of the recent proposals of regulation made by the European
Commission (2).

1. A brief introduction to DLT

We will briefly present how the technology works and key
concepts associated with that technology (a) before introducing the
notions of coins and tokens from a technological perspective

  1. DLT: DLT is not a new
    technology but a combination of existing technologies. Put in
    simple terms a DLT is a distributed database or ledger using
    cryptography. Blockchain constitutes one specific type of
    DLTtarget=_blank7, but it is the DLT most frequently
    referred to in legal publications8 because it is the
    most simple and common form of DLT. For the purposes of this paper,
    we will use the term “DLT” rather than
    “blockchain” when referring to the underlying technology
    in general, however, our analysis will mainly focus on blockchain
    technology. DLT has become more popular among businesses in recent
    years because its functionalities permit to ensure the
    immutability, security and decentralisation of data. How does it

    A distributed ledger is maintained on a network that has the
    specificity of being decentralised. The first key characteristic of
    DLT is indeed that it relies on a decentralised network, which
    means that each node9 of the network has a copy of the
    ledger and can transfer information to other nodes without having
    to go through a central server. In addition to being decentralised,
    the network is distributed which is to say that all the servers and
    computers of the network are interconnected and can share
    information10. The second key characteristic of DLT is
    the use of cryptography. The aim of this paper is not to explain in
    detail what cryptography is and how it works, but to set out
    certain underlying concepts which are essential to understand the
    tokenisation process.

    First, the concept of hash and hash functions must be
    explained. Hash functions permit in essence to transform an
    information, transaction or a document into a fixed length series
    of numbers and letters which is unique to that information or
    document and is called a hash. In other words, the hash is the
    fingerprint of a document in the sense that any change in the
    content of that document would create a different hash. In a
    distributed ledger functioning as a blockchain, a block in the
    blockchain contains a large number of transaction data to which a
    specific hash is assigned. Each block of the blockchain has its own
    hash and the hash from the previous block which thus permits, at
    least in theory, to prevent any tampering in the data of the
    previous block. To make it more secure and avoid having hackers
    tampering the transaction data in one block and recalculating all
    the different hashes, consensus mechanisms are put in place by the
    participants of the blockchain to agree on the rules to be followed
    by the nodes to accept new entries in the blockchain. The Bitcoin
    Blockchain for example uses a consensus mechanism called
    “proof-of-work” which is “a computational
    challenge that is hard to solve (in terms of computing power and
    processing time) but easy to verify
    11. That
    process is often referred to as “mining“.
    As it takes some time to resolve the computational challenge (about
    10 minutes for the Bitcoin Blockchain), it makes it much more
    difficult for hackers to tamper the data and change all the hashes
    from the previous blocks as they would need to go through that
    proof-of-work process for each previous block. To continue with the
    example of the Bitcoin blockchain, it is important to note that
    each person, a so-called “miner”, that “produces
    a valid proof-of-work in the Bitcoin network receives Bitcoins as a
    reward (sort of like a transaction fee), which serves as an
    economic incentive to main
    tain system
    12“. However, this consensus
    mechanism is not the only consensus that exists. The Ethereum
    Blockchain, which is another wellknown blockchain, is currently in
    the process of upgrading its blockchain with Ethereum 2.0 which
    will use the consensus mechanism called
    “proof-of-stake”13. With proof-of-stake, the
    probability to validate a new block does not depend on your
    computing power but on how much stake or amount of cryptocurrencies
    (e.g. Ether) you have14. The more cryptocurrencies you
    have deposited to validate a new block the more likely you are to
    validate the new block and get the transaction fee. If the new
    block is fraudulent15, then the validator will lose the
    cryptocurrencies deposited. With proof-of-stake, the terminology is
    slightly different and instead of miners and mining, the terms
    validators and minting or forging a new block are being used.
    Distributed ledger technologies other than blockchain use other
    consensus mechanisms but they are beyond the scope of this

    Another concept to present is the concept of digital
    . Digital signatures are an essential part of
    cryptography as they permit to authenticate and identify the sender
    of information within the DLT while encrypting the data that is
    being sent. DLT is based on asymmetric cryptography which means
    that the digital signatures used by DLT correspond in fact to a set
    of two keys: a public key which is known by all the participants of
    the network and therefore permits to identify the sender of
    data16, and a private key which is personal to each
    individual user and is used to sign and encrypt the data sent to
    the network17. Each public key is uniquely linked to a
    private key by a mathematical algorithm. Thus, a public key
    uniquely corresponds to a given private key. To give an example, a
    user A willing to send a message or information to a user B will
    send such message or information in an encrypted form using its
    private key and the public key of user B, and user B will in turn
    be able to decrypt the message with its own private key and user
    A’s public key. User A does not need to know the private key of
    user B to send its message and no central counterparty is required
    to validate the transaction. The transaction between A and B will
    be validated by the participants to the blockchain through the
    relevant consensus mechanism and will then be added to a block of
    transactions that all participants to the blockchain will include
    in their own record or copy of the blockchain.

    It is therefore essential that public and private keys be kept and
    stored safely by each individual user, especially private keys
    since it is not possible from a technical perspective to recreate
    the private key with the public key. This is the reason why wallet
    service providers offer a number of services in relation to public
    and private keys, and in particular, for their safe custody. As
    explained by the European Securities and Markets Authority
    (“ESMA“), in its advice on initial coin
    offerings and crypto-assets dated 9 January 2019, “digital
    crypto-asset wallets are used to store public and private keys and
    to interact with DLTs to allow users to send and receive
    assets and monitor their balances. Crypto-asset
    lets come in different forms. Some support multiple
    crypto-assets/DLTs while others are crypto-asset/ DLT
    18. As further discussed in section
    II) A)2.b) below, it is therefore crucial to ensure that wallets
    are compatible with the underlying blockchain and the smart
    contract generating the tokens. It is also important to clarify
    that a wallet used in the context of a blockchain does not contain
    the tokens held by a particular user but only his or her public and
    private keys.

    With this brief overview of the technology, the concepts of coins
    and tokens can be introduced.

  2. Coins and tokens:
    coins and tokens should not be used interchangeably as there is a
    technological difference between them19. A coin
    is an asset or unit of value that is native from a specific
    blockchain, such as Bitcoin which is the coin native from the
    Bitcoin Blockchain or Ether for the Ethereum Blockchain.
    Tokens on the other hand do not have their own blockchain
    and are built on top of existing blockchains. They are generated
    and created through a smart contract that is built on the
    blockchain and permits to automatically execute transactions in
    accordance with the smart contract code. A smart contract is a
    computer programme that enables the creation, transfer and
    cancellation of tokens (see further in section I)B)2.a) below). A
    large number of tokens have been issued on the Ethereum Blockchain
    which has developed certain standards of tokens such as the
    “ERC-20 tokens”. ERC-20 tokens are only one of the many
    forms of tokens that exist on the Ethereum Blockchain, and other
    standards of tokens exist on other blockchains. Each standard of
    tokens has its own specific rules and functions, which makes them
    compatible with different wallets or crypto-exchanges supporting
    these standards20. In light of the increasing attention
    of regulators worldwide to regulate the issuance of tokens, and in
    particular security tokens, it is worth mentioning that a new
    standard ERC-1400 has been developed on the Ethereum Blockchain to
    integrate additional functionalities specifically dedicated to
    security tokens and permitting for example to regulate the holding
    period, to whitelist and restrict the sale of tokens to
    non-accredited investors or put a threshold on

    Finally, one should keep in mind that in order to transfer or
    effectuate transactions relating to tokens, a certain number of
    coins will be needed as transaction fees. For example, on the
    Ethereum Blockchain, a certain amount of Ethers will be used to
    “fuel” transactions on the Ethereum
    Blockchain22 in order to send a token from one wallet to
    another wallet. This shows that tokens and coins are not the same
    thing and should therefore be distinguished.

    With these clarifications on how blockchain technology functions
    and the role of coins and tokens, we can turn to the legal analysis
    of the different types of instruments based on DLT.

Click here to continue reading …


1. The views expressed in this paper are
those of the authors and do not necessarily reflect the views of
the law firm Elvinger Hoss Prussen, société

2. CSSF Annual Report 2019, p.32

3. Autorité des marchés
financiers, the financial regulatory authority for France (see in
particular, “Synthèse des réponses à la
consultation publique portant sur les Initial Coin Offerings (ICO)
et point d’étape sur le programme
and “Etat des lieux et analyse relative à
l’application de la réglementation financière aux
security tokens “

4. Bundesanstalt für
Finanzdienstleistungsaufsicht, the financial regulatory authority
for Germany (see in particular, “Initial Coin Offerings:
Advisory letter on the classification of tokens as financial
instruments”, 28 March 2018
) and “Second advisory
letter on prospectus and authorization requirements in connection
with the issuance of crypto tokens”, 22 November 2019

5. This paper was written as of 10
October 2020.

6. J. Lee and F. L’heureux, “A
Regulatory Framework for Cryptocurrency”, European
Business Law Review 31, no.3 (2020): 423-446
, paragraph

7. For completeness, we note that two
main categories of distributed ledgers exist: the private or
permissioned blockchains, which put certain conditions to access
the network and to become a node, and the public or permissionless
blockchains, which can be accessed by anyone.

8. G. Cywie, “La numismatisation de
l’économie”, Droit du financement de
l’économie, Legitech, December 2018
; G. Canivet,
“Blockchain et régulation”, Semaine Juridique
– Entreprises et Affaires n°36, 7 September 2017
D. Legeais, “Blockchain”, Jurisclasseur Commercial,
March 2017
; G. Kolifrath, M. Goupy, “Blockchain : les
enjeux en droit français”, Revue internationale des
services financiers
, 2017, n°4, pp.19-24 ; M. Melki,
“Les mystères de la blockchain”, Recueil
Dalloz, 2 November 2017, n°37
; B. Barraud,
“Les blockchains et le droit”, Revue Lamy Droit de
l’immatériel, April 2018

9. A node is a participant to the network
which may take several forms such as a server, a computer or even a

10. A. Tordeurs, “Une approche
pédagogique de la Blockchain”, Revue internationale
des services financiers
, 2017, n°4, pp.8-18.

11. World Bank Group, “Distributed
Ledger Technology (DLT) and Blockchain”, FinTech Note
, 2017, p.6.

12. Ibid, World Bank Group,
“Distributed Ledger Technology (DLT) and Blockchain”,
FinTech Note No.1, 2017, p.6.

13. For further details on the concepts
of “proof-of-work” and “proof-of-stake”, see
for example, A. Pinna, W. Ruttenberg, “Distributed ledger
technologies in securities post-trading”, European Central
Bank, Occasional Paper Series No. 172, April 2016
, paragraph

14. Additional criteria in fact come into
play to determine which users will be able to participate in the
forging process of a new block, including in particular the methods
of “randomised block selection” and “coin age
selection”. These two methods (which we will not explain in
this paper as it would be too technical) permit to avoid a
situation where the consensus mechanism would rely solely on the
wealth of the different nodes of the network, which could cause
some issues if certain nodes were to own large stakes of coins.

15. This may occur in the event that the
new block contains illegitimate or invalid transactions or if there
is an attempt to create a fork. In such cases, the network will not
validate the new block.

16. Because the public key is the only
one known to the entire network, it is often referred to as the
“blockchain address”.

17. For additional developments, see for
example, Ibid, A. Tordeurs, “Une approche pédagogique
de la Blockchain”, Revue internationale des services
, 2017, n°4, pp.13-14 ; Ibid, World
Bank Group, “Distributed Ledger Technology (DLT) and
Blockchain”, FinTech Note No.1, 2017, pp.8-9.

18. ESMA, “Advice on Initial Coin
Offerings and Crypto-Assets”, 9 January 2019, paragraph

19. “Token vs Coin: What’s
the Difference


20. “Security Tokens – An
ERC-Standards Comparison”, microbo Market Research,
December 2018

21. “Security Token Standard ERC
1400 – tokenization of assets”, Bitcademy, 1 May 2019

22. The term “gas” is also used
to refer to the payment of a transaction fee.

This article was first published in Bulletin Droit &
Banque, n°67, ALJB, December 2020, pp. 29-53

The content of this article is intended to provide a general
guide to the subject matter. Specialist advice should be sought
about your specific circumstances.