Documents from the Parliamentary debate show that there has been much discussion about cryptocurrency, digital payment methods, and virtual currency over the past few years. In general terms, these are referred to as: “Digital means that can be exchanged between users based on blockchain technology without the intervention of an (official) central counterparty”.
Bitcoin and other cryptocurrencies are not classified as legal tender and are generally not financial products either. Even though a definition of cryptocurrencies has not been included in law to date, from a tax perspective, they do have value and therefore lead to taxation as a source of income or (income from) an asset.
With the long-anticipated arrival of European-level regulations, many changes have and will arise for the European crypto market. Given the fact that the obligations under the Markets in Crypto-Assets Regulation (MiCAR) are directly binding for all EU Member States, the definition of a cryptoasset must be distilled from Article 3(5) of MiCAR: “a digital representation of value or a right that can be transferred and stored electronically, using distributed ledger technology or similar technology”.
When it comes to regulation regarding cryptocurrency, the Netherlands, as a Member State, has awaited the actions of the European Commission. Previously, there was no specific national crypto legislation. As of May 2020, crypto exchanges have been required to register with De Nederlandsche Bank/Dutch Central Bank (DNB/DCB) in accordance with the Anti-Money Laundering and Terrorist Financing Act, in order to offer services in the Netherlands. With MiCAR entering into force, since 2024, supervision has shifted partially to the Authority for the Financial Markets (AFM). The AFM is now responsible for licensing and ongoing supervision, while DNB/DCB continues to exercise prudential supervision and supervises specific stablecoins. DNB/DCB also remains responsible for the Anti-Money Laundering and Sanctions Act supervision if the provider is a bank or electronic money institution.
The Public Prosecution Service, the Fiscal Intelligence and Investigation Service (in Dutch: FIOD) and the Tax and Customs Administration are responsible for investigating and prosecuting tax-related issues and criminal offences. Specifically related to any type of cybercrime, the FIOD’s Financial Advanced Cyber Team (FACT) works internationally to detect financial and tax crime.
FACT conducts criminal investigations into the latest forms of financial cybercrime and investigates new phenomena. The team includes a variety of disciplines: tactical investigators, financial experts and technical investigators with backgrounds in artificial intelligence (AI), software engineering, cryptography and physics. The team was set up because cybercrime and the use of cryptocurrencies are becoming increasingly common (Annual Reports FIOD 2023 and 2024).
National legislation does not distinguish between different types of cryptoassets in terms of their treatment. With the advent of MiCAR, various types of cryptocurrencies are now regulated. This does not apply to cryptocurrencies that fall outside this scope, such as non-fungible tokens (NFTs), unbacked coins and decentralised finance (DeFi) projects.
As of 2025, 58 companies have successfully registered as cryptoasset service providers (CASPs) and have received a licence from the AFM in the Netherlands (AFM licence register for crypto parties).
As mentioned, crypto companies were required to register with DNB/DCB in order to offer services in the Netherlands from 2020 onwards. The most important condition for that registration was that the companies complied with the regulations under the AML.
With the arrival of MiCAR, a licensing process has been implemented. Companies that had registered with DNB/DCB by 30 December 2024 as providers of services for exchanging virtual and fiat currencies and/or providers of custodial wallets (now CASPs) were allowed to offer their services in the Netherlands without a MiCAR licence until 30 June 2025, based on a transition regime. From that date, every CASP is required to apply for a licence from the AFM.
A CASP licence application takes several months to process. Experience shows that even in the best-case scenario, it takes at least five months. The best-case scenario generally means that the application is complete and of high quality in terms of content, but also that the services and products are not very complex or risky and that no significant organisational changes are required. In practice, it often takes longer, for example, because the applicant has to implement certain changes (AFM website).
The AFM has published “best practices” for CASPs when submitting an application for a licence. They must acquire knowledge of the MiCAR rules and determine which rules apply to their organisation, seek (legal) advice (if necessary) for preparation of the application, be prepared to answer questions from the AFM and/or DNB/DCB in a timely manner, and submit a comprehensive licence application with a clear overview of the documents provided. It is possible for CASPs making licence applications to request a pre-scan procedure prior to submitting the application.
The total statutory period is approximately five months (105 working days). However, this period is often longer for various reasons (e.g. an applicant being required to make adjustments).
In the Netherlands, advertising is regulated by the Dutch Advertising Code (Nederlandse Reclame Code). The Advertising Code applies to all advertising, regardless of the medium used, unless expressly stated otherwise in the Code. In general terms, the Code stipulates that advertising must not be misleading or untruthful. The Advertising Code Committee (RCC) assesses complaints about advertisements and checks whether they comply with the Dutch Advertising Code. Anyone who has a complaint can submit it to the RCC. An appeal against a ruling by the RCC can be submitted at the Court of Appeal (College van Beroep). Penalties for violating the Dutch Advertising Code are mainly self-regulatory, but there are exceptions and alternative options. The RCC can order an advertiser to discontinue advertising. For specific codes, such as the alcohol code, the RCC or the Court of Appeal can impose a fine of up to EUR 50,000, which is donated to charity. Violations may also result in legal action through the courts or a fine by the Dutch Authority for Consumers and Markets (ACM) if the advertising also constitutes a misleading commercial practice.
With effect from 2024, the provisions of MiCAR regarding the obligations for the publication of white papers and regulations on advertisements also apply. According to MiCAR, CASPs must provide their clients with accurate, clear and non-misleading information, including in advertising, which must be recognisable as such, in accordance with Article 66(2). CASPs shall not mislead their clients, either intentionally or through negligence, with regard to the real or perceived benefits of cryptoassets. MiCAR also stipulates that CASPs must warn clients about the risks associated with transactions in cryptoassets (Article 66 (3)). These MiCAR standards are similar to comparable standards in the Markets in Financial Instruments Directive (MiFID II) and the Financial Supervision Act (Wet op het financieel toezicht).
In the Netherlands, no distinction is made between brokers and custodians with regard to applying for a licence from the AFM. Naturally, when applying for a licence, they must explain the nature of their activities, and the process may vary. However, overall, the obligations under MiCAR apply.
For customer cryptoassets, Article 75(7) of MiCAR stipulates that these must be segregated from the CASP’s cryptoassets. It is important that this segregation is both legal and operational. This means that clients’ cryptoassets must be held in one (or more) separate wallet(s) and the CASP’s own cryptoassets must be held in one (or more) other wallet(s).
So-called omnibus wallets can be used to hold customer balances. A CASP’s own cryptoassets may not be held in an omnibus wallet containing customer balances. Accurate records are necessary so that it is always possible to verify which cryptoassets belong to which customer.
For many years before the implementation of the European regulation and directive, the Netherlands has had the “Wet ter voorkoming van Witwassen en Financiering van Terrorisme” (Wwft) in place. This is a direct implementation of the European Anti-Money Laundering Directive. Based on this legislation, financial institutions are obliged to report unusual transactions to the Financial Intelligence Unit. When accepting clients, they are also obliged to investigate their background and identify them (Know Your Customer). As mentioned, cryptocurrencies are not considered legal tender, but when converting fiat to crypto and vice versa, or depositing crypto from an external wallet, transactions can be reported by either the CASP and/or the bank.
In the “Electricity Judgment” of the Supreme Court of 1921 (ECLI:NL:HR:1921:186), it was already ruled that electricity is a “good” in the sense of theft (Article 310, Criminal Code) because it has economic value. Based on the same reasoning, cryptocurrencies could be classified as goods. However, there is no specific definition in national legislation. The reason for this is probably that the existing system is considered sufficient. Numerous examples can be found in case law from which it can be deduced that cryptocurrencies are regarded as goods and therefore as assets or property from a civil law perspective.
In a procedure before the District Court of Rotterdam (ECLI:NL:RBROT:2022:11517), a crypto exchange claimed the recovery of unlawfully obtained bitcoins by its employee. In the judgment, the ownership of the cryptocurrency was also discussed. The cryptocurrency is owned by the exchange and, pursuant to the general terms and conditions, the customer has a contractual claim against the exchange for delivery of the same amount of cryptocurrency. This means that, in case of custodial accounts, the exchange holds the private key and therefore is the actual owner of the cryptocurrency.
In my article in the journal Procedural Tax Law (Blurring boundaries: under what circumstances does the extended reassessment period apply to cryptocurrencies? TFB 2024/1) I argue that, for the purposes of applying the extended assessment period, consideration should be given to where the private key is held. Based on national legislation, a period of five years applies to assets held in the Netherlands, and 12 years if held abroad. The distinction between self-custody and custody by an exchange becomes relevant here. If the funds are held by a foreign exchange, this means that the 12-year period applies, even though the taxpayer lives in the Netherlands. So, in conclusion, where the private key is held, that is where the (proof of) ownership is.
There are no specific rules regarding DAOs. However, the AFM has indicated that it is closely monitoring the development of DAOs and may draw up regulations in the future.
In the Netherlands, we have a deposit guarantee scheme. All money in current and savings accounts held at a bank is protected by the deposit guarantee. The guarantee automatically protects the money of all individuals and virtually all companies and other organisations up to EUR 100,000. However, products that do not qualify as deposits are not protected. These include investment products (such as shares and bonds), insurance policies and cryptocurrencies. CASPs are not equivalent to banks, which means that the regulations of the deposit guarantee scheme do not apply to them. Most crypto exchanges, on the other hand, offer a limited Account Guarantee Programme. This basically comes down to the same protection but is only granted if specific circumstances occur.
For instance, in case of an:
- unauthorised withdrawal of crypto — someone gains unauthorised access to your account and withdraws crypto to a wallet or platform that you do not control; or
- unauthorised withdrawal of euros — someone completes an unauthorised withdrawal of euros to a bank account or online account.
In the event of bankruptcy, a trustee will be appointed. The trustee will take over the management and administration of the company. He/she will first pay the estate creditors, then the separate creditors (with priority given to specific goods), then the legally preferred creditors (such as the tax authorities and employees), and finally the unsecured creditors. Separate creditors are creditors with special rights, such as mortgage rights or liens. A separate creditor’s claim is independent of bankruptcy. A separate creditor may even demand immediate payment of a debt. Unsecured creditors are those who do not have any priority in bankruptcy.
According to the Dutch Civil Code (Burgerlijk Wetboek), an agreement (contract) is a multilateral legal act whereby one or more parties enter into a commitment towards one or more other parties (Article 6:213, Dutch Civil Code). The agreement is concluded by means of an offer and its acceptance (Article 6:217, Dutch Civil Code). The commitments in the agreement must be determinable. To close an agreement a legal act is required and must be intentionally aimed at a legal consequence that has been expressed through a declaration (mutual consent). A legal act that is contrary to public morality or public order in terms of its content or purport is void.
An agreement is formed by an offer made by one person and the acceptance of that offer by another. There are no requirements regarding the form of a contract. They are form-free and can therefore also be concluded verbally. In terms of evidence, this can of course lead to problems, but in principle the agreement is concluded after verbal agreement, provided that the legal requirements as mentioned above are met.
A smart contract is also created by an offer and its acceptance by another person. There must be at least two parties who agree on the obligations they are entering into and the conditions under which they are doing so. In the case of a smart contract, there is the additional requirement that those obligations must be able to be fulfilled entirely automatically. However, if all the legal requirements are met and there are no evidentiary issues, a smart contract should be enforceable as legal contract.
In principle, there are three options:
- you address the exchange;
- you report the offence to the police; and/or
- you file a claim based on civil law.
As shown in the answer to Question 10, some exchanges have an account guarantee programme, but it is possible that they are only reimbursing funds to a certain level and under specific circumstances. If it is clear that theft has occurred, it is always wise to report the crime to the police. There may be other victims, and an investigation may be launched.
If the name and address details are known, civil proceedings can be initiated. Although the process can be lengthy, it does offer a decisive way to recover funds.
Civil proceedings may also be initiated in the event of actions by an exchange that may be considered unlawful towards the client. However, please note that many exchanges limit their liability in their terms and conditions, which clients agree to in advance.
Even though cryptocurrencies are not legal tender they are considered part of income or assets. This means that both individuals and businesses are subject to taxation on trading or payments received (if related to their operational activities) in crypto, just like fiat. Therefore, income and/or assets must be declared in tax returns. Direct payments in cryptocurrency are permitted.
Private individuals are subject to the Dutch Income Tax Act 2001. If there is a source of income, the income earned during the year is taxed progressively. The highest rate of 49.5% applies to incomes above EUR 79,137. There has been much debate about the system of taxation for capital gains. Previously, a flat-rate return was assumed based on the size of the capital (until 2017). Partly due to the low interest rates on savings in recent years, this return proved unachievable in several cases.
The solution was to distinguish between savings and investments, with a higher percentage naturally applying to the latter category. This system, however, has also been deemed to be unrealistic. The intention is to move to a system in which the actual return is taxed, with effect from 2028. Taxpayers are already given the option of declaring their actual returns as of 2020 onwards. This new system means that capital gains will also be liable to tax and be included in the tax assessment. Given the volatility of the market this could be a major concern for owners of cryptocurrencies, as it means they will have to pay tax regardless of whether they have actually made a profit because, under the new system, unrealised gains will also be taxed. This was also the case under the flat-rate system but, particularly in the event of a significant bull market surge, this can result in a significant loss of liquidity and capital if tax needs to be paid on the unrealised gains.
Companies that qualify as legal entities are subject to the Corporate Income Tax Act 1969. For profits made up to EUR 200,000 a tax rate applies of 19% and for profits above that threshold a rate of 25.8% applies.
In its judgment on 22 October 2015, the Court of Justice of the European Union ruled that no value-added tax (VAT) is payable on the sale of bitcoin. Cryptocurrencies are not considered money, but they do serve the same function, and therefore have a special status for VAT purposes (ECLI:EU:C:2015:718).
Apart from the regulations that have been in force since MiCAR and the GDPR, the Netherlands has no specific legislation regarding the protection of privacy. Both refer to the same European privacy legislation that protects the personal data of citizens within the EU.
At present, there is specific national legislation governing this area. In particular, NFTs, unbacked cryptocurrencies and DeFi are not currently regulated.
Since the implementation of the Directive on Administrative Cooperation (DAC8), these regulations must be transposed into national law by 1 January 2026. Crypto exchanges will be required to report all their clients’ transactions. This does not yet have any direct consequences for taxation but serves as a means for government agencies, such as the tax authorities and the public prosecutor’s office, to exercise their supervisory powers.
Among other “stakeholders”, I have been invited by the Ministry of Finance to contribute ideas for the implementation of the directive. The interest group for crypto exchanges expressed concerns that other Member States will implement these regulations in different ways, which will lead to refuge to those states. From a legal perspective, I consider the risk of those differences to be minimal. It is clear that the directive imposes heavy administrative obligations on crypto exchanges but, together with MiCAR, it is an important step towards regulation and maturity of the crypto market within the EU.