The legal status of tokens in Estonia

This article gives an overview of the legal status of the different types of tokens issued in an initial coin offering (ICO) in Estonia. Among other things, the regulatory regimes and requirements for licensing shall be covered. 

What is a token?

The Estonian Financial Supervisory Authority (EFSA) has defined “token” as a certificate of any value or right in a blockchain system. Similarly, the Securities Market Stakeholders Group (SMSG), whose aim is to facilitate European Securities and Markets Authority’s (ESMA) consultation on its work with relevant securities markets stakeholders from around the European Union (EU), has noted that token is a broad term that encompasses many virtual assets and can be defined by opposing it to account-based assets; additionally, that the term’s definition may vary depending of the specific network.
The tokens are initially created in a blockchain process, aka mined, and issued in a publicly held bidding process to subscribers. The creation process of tokens by the initiator is called Initial Coin Offering (ICO). The term ICO is used for the initial offering of any crypto assets – it is an innovative way for raising funding for a project from early backers.

What type of tokens are there?

The characteristics and purpose of tokens may vary across ICOs. Some coins or tokens serve give to access to or purchase a service or product that the issuer develops using the proceeds of the ICO; and others provide voting rights or a share in the future revenues of the issuing venture. Some coins or tokens are traded and/or may be exchanged against fiat or virtual currencies – however, some tokens may have no tangible value.
The tokens issued in an ICO may broadly be divided into two categories according to the EFSA as follows:

Tokens, that do not promise any profits or monetary claims

This kind of tokens derive their value from how it is used and are often treated as coupons, meaning that its issuer may use the tokens to gather funds for their project which in the future could be exchanged to access the products or services of the issuer.

Tokens, which grant its owner a reasonable expectation for profit or governance rights

This kind of tokens derive their value from an external, tradeable asset (e.g., stocks, precious metals, real estate) and represent an investment. Security tokens grant its owner a reasonable expectation for profit or governance rights.

The regulatory environment and licensing requirements differ substantially, depending on the token’s classification.

But into which category does the stable coin fall into?

The European Central Bank Crypto-Assets Task Force has noted that stable coins are generally defined as digital units of value that are not a form of any specific currency, or basket thereof, and that rely on a set of stabilisation tools to minimise fluctuations of their price against such currency, or currencies. Also, adding that an element common to all stablecoin initiatives is their reliance on an open market to reinstitute par value by providing arbitrage opportunities. To determine, where do stablecoins belong within the two regulatory requirements that Estonia offers, such coins need to be analized in detail. Although on the face of it, they may look morer like securities as, their value is also backed with some other asset. However, contrary to securities, stablecoins do not necessarily, and most of the time, do not grant a proprietary right, liability of or a financial claim against the issuing entity.

Licensing requirements for entities engaging with ICOs

If a token classifies as a utility token, it will be regulated under the Estonian Money Laundering and Terrorist Financing Act. The definition of a utility token corresponds to the one of virtual currency under the Estonian legislation and the entities engaging in the provision of providing virtual currency services, meaning exchange and wallet services, must apply for a relevant authorization within the Financial Intelligence Unit (FIU). The FIU is the supervisory authority for the providers of side financial services, meaning, gambling and, in particular, analyses and verifies information about suspicions of money laundering or terrorist financing, takes measures for preservation of property where necessary and immediately forwards materials to the competent authorities upon detection of elements of a criminal offence. 
However, if the token classifies as a security, it will be regulated under the Estonian Securities Market Act (SMA) and the Prospectus Regulation of the European Union may also apply. The Estonian law does not currently provide exceptions or special provisions for ICOs other than the existing regulation of securities. If a token is qualified as a security under the SMA, providing exchange services that include such token qualifies the entity providing the exchange service as a trading venue, meaning, it could be a regulated securities market, a multilateral trading facility or an organized trading facility. Like securities, the entity providing the exchange service as a trading venue must apply for a relevant authorization within the EFSA. The EFSA is a financial supervision and crisis resolution authority with autonomous responsibilities and budget that works on behalf of the state of Estonia and is independent in its decision-making, carrying out supervision over financial service providers, such as, banks, investment firms and payment institutions.
The EFSA has emphasized that every token issuance is unique and should be assessed on its own characteristics. Even though new technologies are involved, and what is being created and sold is referred to as a token instead of a share or equity, a token may still qualify as a security under the Estonian legislation. Therefore, businesses should complete an analysis on whether a security is involved and determine which license ins needed for their activity. The EFSA emphasizes that professional advice may be useful in making this determination.

Connect with our experts

Our experts will tell you how to do it as quickly and easily as possible.


    By clicking the button, I confirm that I have read the privacy policy and consent to the collection and processing of my personal data in accordance with the GDPR rules.

    Thank you

    Thank you for reaching us. Our team is working on your request, and we will contact you soon.