LUXEMBOURG Law and Practice Contributed by: Andreas Heinzmann, Valerio Scollo and Angela Permunian, GSK Stockmann
that UCITS and UCIs addressing non-profes - sional customers and pension funds are not allowed to invest, directly or indirectly, in virtual assets (as defined in the AML Law). 10.11Virtual Currencies In accordance with the AML Law, virtual cur - rencies, ie, digital representations of value that are not issued or guaranteed by a central bank or a public authority, which are not necessarily attached to a legally established currency and do not possess a legal status of currency or mon - ey, but are accepted by persons as a means of exchange and which can be transferred, stored and traded digitally, are also considered to be virtual assets. Therefore, the relevant AML/CFT obligations also apply to virtual currencies (see 10.3 Classification of Blockchain Assets ). 10.12Non-Fungible Tokens (NFTs) There are currently no specific provisions relating to non-fungible tokens (NFTs) and NFT platforms in Luxembourg. Unless NFTs are considered to be virtual assets or financial instruments, they would not fall within the scope of existing finan - cial services regulations. For example, guidance issued by the FATF outlines that digital assets which are unique, rather than interchangeable, and which are used as collectibles rather than as payment or investment instruments, would generally not be considered as virtual assets. Nonetheless, whether or not NFTs could be used for payment or investment purposes, and thus qualify as virtual assets, should be assessed on a case-by-case basis. If an NFT qualifies as a virtual asset under the AML Law, specific reg - istration and AML/CFT obligations would apply (see 10.3 Classification of Blockchain Assets ). Moreover, NFTs are also excluded from the scope of MiCA, unless their de facto uses or
features would qualify as crypto-assets under MiCA.
11. Open Banking 11.1 Regulation of Open Banking
The main regulation governing open banking, PSD2 has been transposed into Luxembourg law by the Law of 20 July 2018 amending the Payment Services Law. PSD2 enables custom - ers to share their data securely via application programming interfaces with banks and third parties, allowing the customers to compare products, initiate payments and request account information. Although PSD2 has significantly impacted the payment sector in the EU, it can be argued that so far open banking in Europe has not fully lived up to its expectations. Some technical issues faced by third-party providers due to PSD2 rules have required further fine-tuning to the legal framework, which has, for example, required the EBA to extend the frequency of customer re-authentication from 90 days to 180 days. 11.2 Concerns Raised by Open Banking Concerns raised by open banking include risks relating to data protection and security breach - es. Both topics are highly regulated by the EU, as the GDPR also applies to open banking, and financial sector regulation, including PSD2 and DORA, which applies from January 2025 and includes strict requirements to increase cyber - security and the resilience of ICT infrastruc - tures. So far, there have not been any significant enforcement actions by the competent authori - ties in Luxembourg relating to open banking.
520 CHAMBERS.COM
Powered by FlippingBook