PORTUGAL Law and Practice Contributed by: Jorge Silva Martins, João Carminho and Inês Coré, CS’Associados
use and development. Key aspects of the legal landscape include, without limitation, taxation, AML requirements, and securities regulation: • Taxation: The State Budget Law for 2023 introduced a tax regime for cryptocurrency transactions, bringing greater clarity to this area. For individuals, gains from cryptocur - rency transactions are taxed at a flat rate of 28%, unless the cryptocurrency is held for more than a year, in which case the gains are tax-exempt. For businesses, cryptocurrency transactions are subject to corporate income tax as part of their taxable revenue. • Anti-money laundering: Under Law No 83/2017 (which establishes measures to com - bat money laundering and terrorism financ - ing), companies engaged in virtual asset activities (as defined in this regime) must comply with stringent AML and CTF regula - tions. These include mandatory registration with Banco de Portugal, the supervisory authority for such entities. • Securities regulation: Initial Coin Offerings (ICOs), Security Token Offerings (STOs), and other token-based financing mecha - nisms may fall under Portuguese securities laws (particularly, the Portuguese Securities Code, approved by Decree-Law No 486/99), depending on the specific characteristics of the tokens issued. In Portugal, compliance with these regulations is overseen by the Portuguese Securities Market Commission (CMVM), which ensures that issuers meet the necessary legal requirements for investor protection and market transparency. By implementing these regulatory measures, Portugal is positioning itself as a forward-think - ing jurisdiction for blockchain and cryptocur - rency activities. These frameworks not only pro - mote legal certainty but also foster innovation
and trust in the use of blockchain technologies in the digital economy.
2. Cloud and Edge Computing 2.1 Highly Regulated Industries and Data Protection In Portugal, cloud and edge computing, as they fundamentally involve data processing, are pri - marily regulated by the General Data Protection Regulation, along with national legislation. The GDPR establishes rules governing the protection and free movement of personal data, imposing obligations on entities processing personal data, including cloud and edge computing service providers. Key requirements focus on security of processing, obligations for data processors, and the transfer of personal data to third countries. At the national level, Law No 46/2018 establishes Portugal’s cybersecurity framework, transposing Directive (EU) 2016/1148 (NIS Directive) on net - work and information security. This law imposes security requirements on operators of essential services and digital service providers, including cloud computing providers. Additionally, Law No 58/2019 implements the GDPR in Portugal, pro - viding further guidance on compliance with data protection laws. The Portuguese Data Protection Authority (CNPD) has also issued Guideline No 2023/1, which details organisational and security measures applicable to the processing of per - sonal data. Certain regulated industries, particularly those handling large volumes of sensitive data, are subject to stricter security and compliance requirements. These include sectors such as banking, insurance, healthcare, finance, and telecommunications, which must implement
384 CHAMBERS.COM
Powered by FlippingBook