SERBIA Law and Practice Contributed by: Željka Motika, Ivana Bulatović and Jovana Spasojević Gligorijević, Motika i partneri
10.12 NFTs The Law on Digital Assets provides a broad framework for the issuance of digital assets by dividing them into two main categories: digital tokens and virtual cur - rencies. The law does not define NFTs as a separate, standalone type of digital asset. Instead, depending on their purpose and the specific rights and obliga - tions they grant to investors, NFTs may be classified under one of the two regulated categories. Alterna - tively, if an NFT exhibits features of both virtual curren - cies and digital tokens, it may be treated as a hybrid digital asset. 10.13 Stablecoins In Serbia, stable digital assets are defined by law as digital assets issued with the aim of minimising fluc - tuations in their value. Their value is linked to the value of legal tender or to one or more low‑volatility assets (for example, pegged to the official exchange rate of the Serbian dinar or to a relatively stable foreign cur - rency). A stablecoin may fall into one of two categories of digital assets – digital tokens or virtual currencies – depending on its intended purpose and the rights it grants to investors. Stablecoins may be issued by any issuer, whether domestic or foreign, and whether a natural or legal person. Unlike the regulatory framework in the EU, Serbia does not require a licence for the issuance of stablecoins. However, in order for a stablecoin to be offered pub - licly, the competent regulatory authority must approve the publication of its White Paper.
account held with another payment service provider, and Account Information Services (AIS), which enable the collection and consolidation of information from one or more user accounts across different payment service providers. For practical implementation, the National Bank of Serbia has adopted subordinate legislation, includ - ing technical regulatory standards. However, the full application of these standards has been deferred, providing existing payment service providers with a transition period to make the necessary technical and organisational adjustments. The final deadline for compliance is 1 January 2026. 11.2 Concerns Raised by Open Banking Banks and payment service providers are subject to strict compliance obligations that are fully aligned with EU law, including GDPR and PSD2. All providers – banks, PISPs, and AISPs – must ensure a high level of protection for personal and banking data, with account access permitted only on the basis of explicit user consent. AISPs may access only those accounts and data that the user has authorised. Strong Customer Authentication (SCA), including multi‑factor authen - tication, is mandatory for online account access and electronic transactions and must dynamically link each transaction to the specific amount and payee to minimise fraud risk. As ASPSPs, banks must ensure secure data exchange through standardised APIs, enabling reliable identification of TPPs and secure messaging. The Payment Services Act further requires providers to implement a comprehensive operational and secu - rity risk management framework. This includes regular risk assessments, procedures to detect, classify, and resolve significant incidents, and the application of security controls that protect users from fraud and misuse. Banks must submit updated risk assessments to the NBS. Where services are outsourced, providers must demonstrate that external ICT systems maintain a high level of protection and must notify the NBS in advance of any intended outsourcing arrangements. The framework also establishes clear inci - dent‑response obligations. Providers must promptly inform the NBS of any significant operational or secu -
11. Open Banking 11.1 Regulation of Open Banking
Although Serbia is not an EU member state, as a candidate country it has transposed PSD2 provi - sions through amendments to the Payment Services Act, thereby establishing a regulatory framework for open banking. This framework includes the regula - tion of Payment Initiation Services (PIS), which allow third parties to initiate payments directly from a user’s
717 CHAMBERS.COM
Powered by FlippingBook