The crypto industry is evolving rapidly, and keeping up with the constantly evolving regulatory landscape around the nascent industry is not for the faint of heart. It becomes especially challenging, as crypto represents a global phenomenon that blurs the lines between different jurisdictions and stakeholders.
15.3.2019
Regulation of Crypto – Fostering an Emerging Industry Through Legacy Frameworks
Related services
Tags
This post provides an overview of the technology and serves as an introduction to the regulatory developments within the crypto space.
Blockchains are data structures that allow data to be stored in a transparent and decentralised manner. This post purposely excludes enterprise/private blockchains, and focuses on open blockchain networks (crypto networks) that are not controlled by any central authority.
The Regulator’s Dilemma
With crypto, regulators globally are yet again faced by the challenge of regulating a global, fast-paced industry – this Regulator’s Dilemma is a consequence of high-growth technology companies being built in an environment of slow-to-change legacy frameworks. We have previously witnessed the clash of these two extremes, e.g. when ride sharing and data gathering were introduced as novel business models.
Often, in cases of groundbreaking innovation, the approach of regulators is to either (i) remain neutral, (ii) apply existing and/or new legislation, or (iii) ban the activity related to the new technology.
The Regulator’s Dilemma stems from the trade-off between permitting and promoting innovation while simultaneously ensuring fair markets, protecting consumers, and preventing criminal activity. Moreover, the global nature of a technology puts pressure on regulators of economically and politically influential markets, as the rest of the world waits for them to introduce harmonised industry-wide standards.[1]
Initially, the very same attributes that raise the interest of early adopters of a novel innovation (anonymity, digital cash, fundraising on steroids etc.), also attract fraudulent actors who are able to benefit from the immaturity and unregulated nature of the industry. This regulatory uncertainty is often mitigated by the fact that forward-looking stakeholders have incentives to collaborate and issue self-regulation[2] and best practices, in order to stand out from fraudulent actors. Eventually, these best practices develop into industry-wide standards.
What and Who Are We Regulating?
Stateless vs. Stateful Protocols
In order to meaningfully regulate an emerging industry, it is essential to understand the core tenets of its underlying technology.
Crypto networks are protocols that represent the next generation of internet protocols.
A protocol sets a standard for communication between computers. The internet as we know it is made up of a suite of stateless protocols. By being stateless, a protocol is only able to transmit data but not store it – this immediately presents a problem for usability, as you are only able to send copies over the internet. The reason all messages are copies is because stateless protocols cannot record the activity happening in the protocol – they cannot detect whether the same message has been sent multiple times.
Take the SMTP (Simple Mail Transfer Protocol) for example, it provides the communication standard for computers wishing to exchange email messages. Without a user-facing application being built on top of the SMTP protocol (such as Gmail), it would be impossible for the user to keep track of what has been sent to whom and when.
That is to say, stateless protocols require stateful applications, with proprietary databases, to be built on top of them. These applications store a record of all user activity on their platforms – such as likes, shares, messages, etc. It is this history of user interactions that enables companies like Google and Facebook to provide their users an order of magnitude better user experience (UX). It is also this history of user interactions that has made these companies incredibly valuable.
Crypto protocols, however, differ from early web protocols in that they are stateful, which means that they are able to both transmit and store data. This new data storing capability enables crypto protocols to capture much of the value previously captured by companies like Google and Facebook.
Take the Bitcoin protocol as an example. It enables the exchange of unique messages. This means that a transaction in the Bitcoin protocol cannot be double-spent, as all transactions are recorded in the Bitcoin protocol and, therefore, duplicate transactions are automatically deemed invalid as already spent. It is this uniqueness that enables these protocols to transmit value, and as that value is now transmitted in the form of digital messages, it can also be programmed.[3]
These messages can be made arbitrarily complex. They can be encoded to contain much of the exact same business logic or transaction workflow (‘if A, then B, else C’) previously provided and monetised by applications built on top of stateless protocols.
Companies Become ‘Lighter’
The execution of business logic is coordinated more efficiently by a protocol than a single company.
As a result, the execution of business logic migrates from applications to their underlying crypto protocols. Since it is this same business logic that the large incumbent tech companies have previously monetised on, much of the value capture will likewise move from the applications to the underlying crypto protocols.
In order to access this value creation, one needs to purchase and own tokens native to these crypto protocols. The ownership (which is not possible for our current internet protocols) of crypto protocols is represented through their native tokens. Additionally, these tokens serve as the incentive and coordination mechanism for the development and maintenance of these protocols.
As much of the value capturing activity is moved down to the protocol level, the business model for user-facing companies or applications will shift to focus even more on improving the UX for their end users. Companies will eventually become lighter UI clients that tap into the functions and liquidity provided by the underlying crypto protocols.
Who Should We Regulate?
A crypto protocol is developed by a decentralised community of contributors. In the early stages of a protocol’s lifecycle, it is owned and maintained by the core developers and a small group of early adopters. As the protocol develops, it should attract participants globally.
From a regulator’s point of view, identifying the participants who should be held legally responsible for the activity of the crypto protocol becomes more difficult over time. When a protocol is up and running and governed by a global and decentralised community of contributors, it encompasses multiple jurisdictions and stakeholders, making it a nightmare for regulators.
It is partly for this reason that the regulators in the US have been of the opinion that as long as a crypto protocol is dependent of a dedicated core team in the development of the protocol, its tokens should be subject to customary securities laws. Once the protocol passes a certain level of decentralisation, its tokens should no longer be deemed as securities and become freely tradable on the open market.
Although, it is still too early to say that this line of reasoning would be broadly applicable to all crypto protocols. The classification of different crypto protocol tokens is something I will touch upon more thoroughly in my next blog post.
Companies that build their businesses on top of crypto protocols (see graph above) are subject to customary regulation as corporations. They are traditional companies registered with some local jurisdiction and have opted to replace their proprietary databases with crypto protocols. This category comprises plain UI companies, but also exchanges and custodians of crypto assets. These exchanges and custodians are responsible for implementing sufficient AML & KYC standards and processes, and depending on their jurisdiction, are obliged to obtain licenses or permits for their operations.
As is evident from this division, the companies or applications themselves are not the problem for regulators.
Instead, it is the crypto protocols that cause extreme headache for regulators and policy makers around the world. Regulating a phenomenon that enables value transfer across the internet is hard, especially since this activity is no longer governed by a clearly identifiable third-party but rather by a global and decentralised community of contributors.
Recent Developments and Future Outlook
Crypto is increasingly catching the interest of regulators globally. As more and more legacy institutions, such as Goldman Sachs, Intercontinental Exchange, and Fidelity are entering the space, we have witnessed a push for increased regulatory transparency and certainty among authorities globally.
Crypto as a phenomenon has not evolved in a silo. In order to fully understand the regulatory debate surrounding the industry, it is necessary to tie relevant market events to those regulatory decisions that have been made thus far:
In the US, the Securities and Exchange Commission (SEC) plays a substantial role in the public discourse around crypto. Decisions made by the SEC also actively shape the regulatory debate in the EU (and UK). Both the European Banking Authority (EBA) and the European Securities and Markets Authority (ESMA) – in addition to several member state FCAs – have finally taken a stance on crypto and are engaged in forming new regulatory initiatives to enable the development of common standards for European companies operating in the crypto space.
Regardless of the uncertain and rocky road ahead, we can be certain that a unified regulatory framework, which will unleash the full potential of crypto, will become a reality – probably sooner rather than later. The increasing momentum of market forces will eventually lead to a sound and unified regulation of the crypto industry.
For comments, questions or further discussion, please contact me at aleksis.tapper@castren.fi
[1] For example, US based companies decided to conduct their ICOs in jurisdictions outside the US and prohibited their offerings from being marketed to US consumers due to the lack of clear regulation of ICOs in the US.
Latest insights
Article published 14.1.2026 – Tax & Structuring
VAT deductions for private equity investors under the microscope
Article published 7.11.2025 – Capital Markets & Public M&A
AIFMD II – implications for alternative investment fund managers in Finland
Article published 9.7.2025 – FDI Regulatory Service
Defence sector investments and acquisitions – key facts about the Finnish FDI regulation
Article published 7.4.2025 – Private Equity
Tax credit for major clean transition investments passed in Parliament – application period until 29 August 2025
Mikko Alakare & Lotta Manu
Hannu Huotilainen & Freja Väyrynen
Kiti Karvinen & Markus Rahnu
Janne Juusela, Mikko Alakare, Samuli Tarkiainen, Marius af Schultén, Jarno Tanhuanpää, Kanerva Sunila & Noora Ahonen
Latest references
Taaleri – Acquisition of a majority stake in Nordic Science Investments
We are acting as legal adviser to Taaleri Plc on its acquisition of a 51 per cent ownership stake in Nordic Science Investments Oy (NSI), marking Taaleri’s expansion into deeptech-driven venture capital. Through the transaction, Taaleri broadens its private equity offering into early-stage venture capital funds as well as the commercialisation and scaling of research-driven innovations. NSI is a Finnish venture capital fund manager operating across the Nordic and Baltic regions, focusing on early-stage investments in research- and science-based technologies. Its portfolio companies develop, among other things, health technologies, life sciences, advanced materials and AI-driven solutions. In addition to providing growth capital, NSI supports spin-out companies with strategic guidance, access to networks and assistance in building teams during the early phases of business development. NSI’s first fund, the EUR 45 million NSI Nordic Science I Ky, was established in 2024 and has to date invested in 22 early-stage companies in Finland, Sweden and the Baltic countries. Taaleri is a specialist in investments, private asset management and non-life insurance, with a strong position in renewable energy, bioindustry and housing investments as well as credit risk insurance. Taaleri has EUR 2.7 billion of assets under management in its private equity funds, co-investments and single-asset vehicles, employs approximately 130 people and is listed on Nasdaq Helsinki. The founders of NSI will continue in their operational roles following the transaction. The completion of the transaction is subject to approval by the FIN-FSA.
Case published 13.4.2026
Aurevia and Labquality – Strategic reorganisation
We advised Aurevia Oy, a portfolio company of French private equity sponsor Mérieux Equity Partners, in a strategic reorganisation that involved splitting Aurevia and its parent companies into two independent groups of companies and reorganisation of its existing debt-financing arrangements. Following the reorganisation, the newly formed Aurevia continues as a leading provider of Contract Research Organization (CRO) and Quality Assurance and Regulatory Affairs (QARA) services, while the newly formed Labquality focuses on delivering External Quality Assessment (EQA) services. Aurevia serves operators in the medical devices, in vitro diagnostics and pharmaceutical sectors. Labquality’s customers include clinical laboratories and social and healthcare organisations. The reorganisation positions Aurevia and Labquality to allocate investments more effectively, accelerate growth within their respective customer segments, and respond to evolving market and client needs. The transaction was implemented through multiple parallel demergers and required comprehensive legal and tax structuring across several jurisdictions. Our team supported Aurevia throughout the planning and implementation phases, covering corporate, tax, employment law, and regulatory matters, as well as the optimisation of each group’s financing structure.
Case published 7.4.2026
CapMan Growth – Investment in Kuntokeskus Liikku
We are assisting CapMan Growth in its significant investment in Kuntokeskus Liikku, a Finnish gym chain known for its high-quality self-service facilities and excellent value for money. The investment will further strengthen Liikku’s position as a market leader and support the continued execution of its growth strategy. Liikku is one of Finland’s leading fitness chains, with more than 70 locations across the country serving nearly 90,000 members. The company’s concept is to offer high-quality self-service gyms at an exceptionally competitive price point which, combined with strong operational efficiency, provides a solid foundation for profitable growth. The company’s main shareholder is COR Group, a long-time partner of CapMan Growth, and a Finnish health and wellness conglomerate known for active ownership and long-term value creation. CapMan Growth is a leading Finnish growth investor that makes significant investments in entrepreneur-led growth companies with a turnover of €10–200 million. CapMan Growth is part of CapMan, which is a leading Nordic private equity investor engaged in active value creation work. CapMan has been listed on the Helsinki Stock Exchange since 2001.
Case published 27.2.2026
GEA – Cornerstone investment in Solar Foods’ share issue
We acted as legal adviser to GEA Group AG in a directed share issue carried out by Solar Foods Oyj, in which GEA Finland Oy, a wholly owned subsidiary of GEA Group AG, acted as a cornerstone investor with an equity investment of EUR 8 million. Solar Foods raised a total of approximately EUR 25 million in gross proceeds from the share issue to accelerate the implementation of its new production facility Factory 02. In connection with the share issue, GEA Liquid Technologies GmbH and Solar Foods signed an exclusivity agreement under which Solar Foods appoints GEA Liquid Technologies as its exclusive process equipment vendor for the supply, design, construction and delivery of the process equipment for the Factory 02. Additionally, the parties have undertaken to negotiate terms and conditions of a long-term strategic partnership in the area of gas fermentation and related technologies. GEA is one of the world’s largest systems suppliers for the food, beverage and pharmaceutical sectors. GEA’s portfolio includes machinery and plants as well as advanced process technology, components and comprehensive services. GEA is listed in the DAX and the STOXX® Europe 600 Index and is also among the companies comprising the DAX 50 ESG and MSCI Global Sustainability Indices. Solar Foods produces Solein®, a protein created using carbon dioxide and electricity. This innovative production method is independent of weather and climate conditions, eliminating the need for traditional agriculture. Founded in Finland in 2017, Solar Foods is listed on the Nasdaq First North Growth Market Finland.
Case published 26.1.2026