In the UK there is no universally accepted definition of “cryptoassets”. The UK’s Financial Services and Markets Act 2023 introduced a definition of cryptoassets into the Financial Services and Markets Act 2000 (FSMA) in the context of financial services regulations (and the incoming regime under the Financial Services and Markets Act 2000 (Cryptoassets) Regulations 2026) as “any cryptographically secured digital representation of value or contractual rights that (a) can be transferred, stored or traded electronically, and (b) that uses technology supporting the recording or storage of data (which may include distributed ledger technology)” (section 69 Financial Services and Markets Act 2023/section 417 of FSMA).
A new statutory framework for the regulation of certain cryptoasset activities was introduced by the Financial Services and Markets Act 2000 (Cryptoassets) Regulations 2026 (the “Cryptoasset Regulations”) which will come into force on 25 October 2027. Within the broader definition of cryptoassets, those falling within the Cryptoasset Regulations include:
- Qualifying cryptoassets (those which are fungible, transferable, not solely a record of value or contractual rights, including rights in another cryptoasset, and not otherwise excluded, for example, e-money).
- Qualifying stablecoins (cryptoassets which seek to maintain a stable value in relation to a particular fiat currency or other assets used to maintain a stable value).
- Specified investment cryptoassets (for example, tokenised versions of existing specified investments).
In November 2019, the UK Jurisdiction Taskforce (a body established by the UK government, the Judiciary and the Law Society) (UKJT) published a Legal Statement on Cryptoassets and Smart Contracts (the “Legal Statement”) describing the novel features of cryptoassets, which include:
- intangibility;
- cryptographic authentication;
- use of a distributed transaction ledger;
- decentralisation; and
- rule by consensus.
There is no universal definition of a non-fungible token (NFT), however the Law Society of England & Wales explains a non-fungible token as “a unique, non-divisible token, often linked to an object (e.g. a collectable, digital art or in-game asset) which uses blockchain technology to record ownership and validate authenticity. Currently used predominantly for digital collectables, digital art and, more recently, interactive entertainment”.
The introduction of the Cryptoassets Regulations in 2026 (due to take effect in October 2027) now provides a framework for the regulation of certain specified activities relating to qualifying cryptoassets or stablecoins and specified investment cryptoassets. The activities which will become regulated under the regime and require authorisation with the Financial Conduct Authority (FCA) include:
- Issuing qualifying stablecoins.
- Safeguarding/custody of qualifying cryptoassets and relevant specified investment cryptoassets.
- Operating a qualifying cryptoassets trading platform (CATP).
- Dealing in qualifying cryptoassets and arranging deals.
- Qualifying cryptoasset staking.
The Cryptoassets Regulations also establish a market abuse regime for cryptoassets to prohibit insider dealing and market manipulation.
Additionally, firms which are authorised to undertake regulated cryptoasset activities will also need to comply with other FCA requirements that apply to other authorised firms including Principles for Businesses and the Consumer Duty, certain governance and system requirements to manage risk and internal controls, the Senior Managers and Certification Regime and Conduct of Business requirements.
Under the existing regulatory framework, certain cryptoassets and firms (including cryptoasset exchange providers, custodian wallet providers, and those marketing cryptoassets to UK consumers) may be subject to certain regulation including:
- Anti-money laundering regulations (under the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017) (MLR).
- Financial promotions regime (under FSMA (Financial Promotion) (Amendment) Order 2023).
- Firms carrying out regulated activities in the UK under FSMA (e.g. managing investments, issuing electronic money and arranging deals in investments relating to cryptoassets) need to be authorised under FSMA with the relevant regulatory permissions.
The Cryptoasset Regulations will further expand the financial promotions regime and will also introduce certain designated activities relating to market abuse (prohibiting insider dealing and market manipulation for certain cryptoassets) and public offers and admissions to trading (prohibiting any person from making a public offer of a qualifying cryptoasset in the UK unless a specified exception applies).
However, English law does not necessarily need statutory intervention to deal with cryptoassets. The courts of England & Wales have been agile in their response to multiple cases involving cryptoassets, accommodating them within the existing English legal framework and applying existing principles to cryptoasset disputes (see Question 12, below).
The Law Commission (a statutory independent body which recommends law reform where it is needed) published its final report on Digital Assets in June 2023 (“the Commission Report”) which supported a tripartite approach to Digital Assets including:
- targeted legislative reform;
- continued development of common law through the courts; and
- guidance from a panel of industry specific technical experts.
The Commission Report supported the common law as the “primary means by which crypto claims should be resolved” given the speed of change.
Qualifying stablecoins, qualifying cryptoassets and specified investment cryptoassets will fall within the scope of the incoming Cryptoassets Regulations, requiring FCA authorisation for certain activities.
See responses to Questions 2, 4 and 5 for further detail.
From 10 January 2020, cryptoasset exchange providers and custodian wallet providers offering services in the UK are required to register with the FCA under the MLR. Registration requires the submission of detailed information about the firm. The FCA will register a firm only if it is satisfied that the firm, its beneficial owners, officers, and managers are “fit and proper”. In order to achieve registration, and ensure ongoing compliance, registrants are required to implement various measures including:
- Identifying money laundering and terrorist financing risks applicable to the business (“the Risks”).
- Implementing appropriate policies, systems and controls to mitigate the Risks.
- Depending on the size of the firm and nature of the business, appoint an appropriate Money Laundering Reporting Officer responsible for overseeing compliance and establish an internal audit function.
- Conducting customer due diligence when entering into a business relationship or transaction including verifying a customer’s identity, any beneficial owners, the intended use of the account.
- Apply enhanced due diligence measures where a customer presents as higher risk (for example, in relation to politically exposed persons).
- Conducting ongoing monitoring of customers and transactions, including sanctions screening.
- Undertake screening of employees.
- Keeping adequate records including Know Your Client (KYC) information, public keys of relevant parties, details of the nature, date and amount of transactions.
- Reporting any suspicious activity to the National Crime Agency and implementing measures to manage suspicious activities, such as freezing or holding funds.
The new Cryptoassets Regulations due to take effect on 25 October 2027 will require FCA authorisation for certain activities in relation to qualifying stablecoins, qualifying cryptoassets and specified investment cryptoassets. Firms involved in the sale or subscription of a qualifying cryptoasset to or by a UK consumer must obtain authorisation, regardless of whether that firm is based overseas. The territorial scope for firms issuing qualifying stablecoins is narrower and will only apply to UK firms issuing qualifying stablecoins or arranging for stablecoins to be issued in the UK.
Ahead of that date, firms requiring authorisation for regulated cryptoasset activities under the incoming regime will be expected to apply during the application period for authorisation between 30 September 2026 and 28 February 2027. The FCA expects to determine applications submitted during that period before the regime takes effect on 25 October 2027.
Firms which are already registered under the MLRs will need to apply for authorisation and those with Part 4A permission seeking to carry out regulated cryptoasset activities will need to apply for a variation of permission.
From 8 October 2023 all firms marketing cryptoassets to UK consumers, including firms based overseas, must comply with the financial promotion regime under section 21 of FSMA. Section 21 prohibits a person in the course of business from communicating “an invitation or inducement to engagement in investment activity”, which now includes qualifying cryptoassets.
Under the incoming Cryptoassets Regulations, the definition of qualifying cryptoassets for the purposes of the financial promotion regime will be aligned with the definition under the Cryptoassets Regulations.
The financial promotion regime applies to a broad range of marketing typically carried out in the crypto industry, including Initial Coin Offering whitepapers, tube and radio advertisements, websites, mobile applications and social media. The FCA have said that they “expect that most, if not all, cryptoasset firms with UK retail customers will be within scope of the regime”.
There are currently four routes to legally promote qualifying cryptoassets:
- The communication is made by an FCA authorised firm.
- The communication is approved by an FCA authorised firm.
- The promotion is made by a cryptoasset business registered with the FCA for the purpose of the MLRs (however, under the new Cryptoassets Regulations, firms registered for MLR purposes will no longer be permitted to approve their own financial promotions).
- The promotion otherwise complies with the conditions of an exemption in the Financial Services and Markets Act 2000 (Financial Promotion) Order 2005. However, the exemptions applicable to cryptoasset promotions are narrower than other asset classes. For example, there is no self-certified sophisticated investor exemption for cryptoasset promotions.
Other restrictions include the need to include fair and clear risk warnings; allowing a minimum 24 hour cooling off period for first time investors; and a prohibition on incentives such as “refer a friend” or new customer bonuses. The FCA rules for cryptoasset financial promotions are set out in its Policy Statement (PS23/6) and it has since published further guidance (FG23/3) setting out its expectations of the communication and approval of such financial promotions.
Breach of section 21 of FSMA amounts to a criminal offence punishable by an unlimited fine and/or up to two years imprisonment. The FCA have said that they “will take robust action against persons illegally promoting to UK consumers. This may include, but it is not limited to, placing firms on our warning list, taking steps to remove or block any illegal financial promotions such as websites, social media accounts and apps, and enforcement action.” In October 2025, the FCA took its first enforcement action and commenced proceedings in the English High Court against crypto exchange HTX (formerly Huobi) for breaches of the financial promotion regime.
The Cryptoassets Regulations will now require all firms marketing cryptoassets to UK consumers to be authorised by the FCA, and the FCA has confirmed in March 2026 following consultation that the Consumer Duty will apply to regulated cryptoasset activities for UK retail customers. The Duty requires cryptoasset firms to act in good faith, avoid causing foreseeable harm and enable and support customers to achieve their financial objectives throughout their business from governance to product design and communications with customers.
Cryptoasset custodians are currently regulated under the MLRs (see response to Question 4, above). Under the incoming Cryptoassets Regulations, firms providing custodial services in relation to qualifying cryptoassets will need to obtain authorisation from the FCA. The FCA has updated its CASS 17 rules, creating a tailored regime for qualifying cryptoasset custodians and specified investment cryptoasset custodians. Firms are required to segregate client cryptoassets from their own and hold client cryptoassets as a bare trustee under a non-statutory trust. Firms are permitted to use individual or omnibus wallets for segregation provided that the terms of the trust are followed and that adequate books and records are held for all client assets. Client-specific records must be maintained, including the type, quantity, blockchain address, nature of the client’s legal interest and details of any third parties entitled to control the cryptoassets, and records must be maintained independently of on-chain records. Firms are required to reconcile their off-chain and on-chain records on a daily basis and inform the FCA of any unresolved discrepancies.
The technological approach to management of private keys and security has been left to the determination of individual custodians, however, firms will be required to meet certain standards including the secure generation, storage and control of private keys; maintaining accurate key-mapping records; and using secure back-ups to mitigate the risk of loss or compromise of access. Custodians may appoint third parties to assist in the safeguarding of cryptoassets, subject to conducting due diligence, ensuring such arrangements are in the client’s best interest and implementing certain contractual obligations between the custodian and third party including in relation to notification obligations, segregation and liability.
As outlined in the responses to Questions 2 and 4 above, cryptoasset exchange providers and custodian wallet providers offering services in the UK are required to register with the FCA under the MLRs and have various ongoing requirements under the regime, including undertaking KYC checks and ongoing monitoring of all customers.
From 1 September 2023, cryptoasset exchange providers or custodian wallet providers in the UK are subject to the “Travel Rule”. This requires crypto businesses to collect, verify and share information and account details of the parties to cryptoasset transfers with the counterparty. Sanctions screening must also be undertaken.
The Economic Crime and Corporate Transparency Act 2023 introduced amendments which adapted existing confiscation powers to enable law enforcement to seize, freeze, and recover cryptoassets more easily where there are reasonable grounds to believe assets are associated with criminal activity such as money laundering and terrorism financing. The added powers include a crypto wallet freezing order available in respect of UK-connected cryptoasset service providers.
Since 30 August 2022, cryptoasset exchange providers and custodian wallet providers are required to comply with the Office of Financial Sanctions Implementation’s reporting obligations. This means that they have an obligation to inform Treasury as soon as practicable if they know, or have reasonable cause to suspect, that a person is a sanctioned person or has committed an offence in connection with financial sanctions.
English law traditionally categorises property as either a chose in possession or a chose in action. The difficulty with cryptocurrencies is that they do not fit squarely in either category since they are virtual, not tangible and therefore not capable of possession, nor do they embody any right capable of being enforced by action.
The Property (Digital Assets etc) Act 2025 provided legislative certainty that a thing (including a thing that is digital or electronic in nature) is not prevented from being the object of personal property rights merely because it does not fit within the traditional two categories of personal property.
The Commission Report also considered the concept of control over cryptoassets and recommended that the definition of ownership and control be given flexibility and developed in English common law and through the creation of a panel of industry-specific technical experts, legal practitioners and judges to provide non-binding guidance on the factual and legal issues relating to control over cryptoassets.
In March 2026, the UK Jurisdiction Taskforce (UKJT) published a report from an expert panel seeking to clarify the concept of ownership and “control” of cryptoassets. The report considers that control is the key factual and legal relationship between a person and a digital asset and a strong indicator of factual power over an asset and therefore a basis for attributing proprietary consequences. It further recognised that “control” is not binary when it comes to cryptoassets and recognises that it can be shared, delegated or layered (for example, through custodians, exchanges and multi-signature wallets), it may be practical rather than absolute and legal control may diverge from technical control. Establishing who controls a cryptoasset is central in determining who can assert proprietary and equitable interests to those assets, for example in the case of fraud or theft or exchange insolvencies.
Cryptoassets are also capable of being held on trust under English law, including where the underlying entitlements are, firstly, held on a consolidated unallocated basis for the benefit of multiple users, and, secondly, potentially even commingled with unallocated entitlements held for the benefit of the holding intermediary itself.
The UKJT has also published a further legal statement on digital securities which concluded that cryptoassets can, in principle, be securitised and digital securities (whether debt, proprietary or equity securities) can be issued and transferred using blockchain or other distributed ledger technology (DLT) under English law.
There is no specific registration regime for DAOs in the UK. In July 2024, the Commission published its scoping paper on the treatment of DAOs under English law. The Commission suggested that a DAO is not a clearly defined legal category and recognised that DAOs operating in the market exist on a wide spectrum (for example, the governance of a DAO may be determined by smart contracts or computer programs, or governance could be controlled by a limited class of token holders) and use a variety of different tools and organisational structures to mitigate risks.
The paper concluded that English law is already flexible enough to accommodate the concept of a DAO and that DAOs will inevitably be characterised using existing English legal doctrines. DAOs without any formal centralised structure or registration are likely to be considered either an unincorporated association or general partnership under English law. Unincorporated associations and general partnerships do not have separate legal personality from their participants as a matter of English law and therefore members may be jointly and severally liable and generally will be unable to limit liability.
In summary, an unincorporated association must:
- consist of two or more persons with a common purpose other than making a profit;
- have contractual relations between those persons (which may be express or implicit based on a clear understanding);
- be governed by rules;
- be non-temporary; and
- not have a distinct legal personality.
General partnerships are governed by the Partnership Act 1890 and to exist:
- must be a business;
- carried on by persons acting in common; and
- with a view to profit (even if profit is not actually realised).
A partnership may be express or be inferred from the parties’ conduct.
It is possible to structure DAOs in England using a range of different corporate structures to limit liability, for example by utilising limited liability partnership or company structures. Depending on the structure used, there will be varying incorporation requirements (such as registration with Companies House and regular filing requirements such as accounts) but such structures will generally have separate legal personality and may limit the liability of members. However, there is currently no bespoke DAO legal form in England and Wales and the Commission in its scoping paper did not consider one to be necessary where existing legal concepts were broad enough to accommodate a DAO.
There is no particular regime governing crypto insolvency in the UK to date. The Commission Report considered that the allocation of losses in an insolvency will depend on the legal nature of the intermediated holding arrangement and the rights granted to users under it but favoured a broadly applicable pro rata approach to shortfall allocation in general terms. The UKJT published a Legal Statement on Digital Assets and English Insolvency Law in April 2024 to provide clarity to the market about how English insolvency law applies to digital assets. The key takeaways from the statement are:
- Digital assets are a form of personal property to which existing insolvency laws apply.
- English courts will apply the “centre of main interest” (COMI) test in determining jurisdiction for insolvency proceedings concerning digital assets, starting with the rebuttable presumption that the COMI is the jurisdiction in which the debtor has its registered office, or where it is incorporated, alternatively the place where the company conducts the administration of its interests on a regular basis and which is ascertainable by third parties.
- While digital assets fall within the statutory definition of “property” for the Insolvency Act 1986, a claim for an unsatisfied digital asset obligation does not qualify as a debt for a fixed sum and therefore cannot be the subject of a statutory demand. Instead, failure to perform delivery obligations (for example in relation to repayment of a loan in cryptocurrency) would give rise to a claim for unliquidated damages.
- Office-holders can use their existing investigatory and enforcement powers to gain access to digital assets (including making an application for an order for disclosure of private keys). Office-holders should also consider the volatile nature of digital assets in complying with their obligations to exercise their powers in good faith and obtain the best price reasonably obtainable which may involve seeking the support of valuation experts.
On 25 November 2021, the Law Commission published its advice to government on smart legal contracts, concluding that the current English legal framework is clearly able to facilitate and support the use of smart legal contracts without the need for statutory law reform. That said, smart contracts should be distinguished from smart legal contracts. A smart contract is a computer program deployed on the blockchain to affect an outcome upon the occurrence of a triggering event (if X happens, do Y) and typically does not satisfy the formalities required to create a legally binding contract in English law. Smart legal contracts are legally binding agreements where some or all of the obligations are defined and/or enforced automatically by a computer program. In order for a smart legal contract to be legally binding, certain formalities must be met including:
- an agreement (an offer and acceptance);
- consideration;
- intention to create legal relations; and
- certainty of terms.
The use of computer code in smart legal contracts can give rise to issues regarding whether these formalities are met. For example, where a transaction is effected by self-executing code, query whether this is reflective of agreement and/or an intention to create legal relations, or merely a consequence of two sets of code which are programmed to automatically interact as a result of an attempt to automate a process.
In order to ensure victims of crypto fraud are not left without remedy, the English courts have been willing to accept jurisdiction and apply English law and remedies to crypto fraud cases where:
- damage was suffered in England;
- England is the place where the cryptoasset owner is domiciled; and/or
- England is the place where control could be exercised over the cryptoassets.
The remedies available from the English courts include:
- Freezing and proprietary injunctions. Such injunctions have been granted over cryptocurrencies including Bitcoin and NFTs. However, a note of caution: in the recent case of Piroozzadeh v. Persons Unknown and Others [2023] EWHC 1024 (Ch), the English court discharged an interim proprietary injunction obtained by a claimant against crypto exchange, Binance, given the availability to Binance of the bona fide purchaser for value defence. Binance explained that when a cryptoasset is deposited with it, it is “swept” into unsegregated wallet addresses where it is pooled together with the deposits of other users. The depositing user is therefore credited with the equivalent amount of the deposited cryptoasset as opposed to retaining its deposited cryptoasset and, as such, any cryptoasset deposited with Binance is essentially purchased in exchange for an equivalent account credit. As a result of this sweeping and pooling mechanism, Binance argued that as a bona fide purchaser without notice of any fraud, any proprietary rights held by the claimant would be extinguished.
- Third party disclosure orders. In October 2022, a procedural gateway (paragraph 3.1(25) of Practice Direction 6B) was introduced to enable third party disclosure applications to be served out of the jurisdiction allowing a victim of a cryptoasset fraud to obtain information to identify a potential defendant and what has become of the property of a claimant from crypto exchanges, even where the exchange is based overseas. In a consultation published in June 2025, the Law Commission has since recommended a freestanding information order to assist victims of fraud obtain information about the whereabouts of their crypto. A final report is expected in 2026.
- Alternative service. The English court has permitted alternative service of injunctive orders and claims in several crypto fraud cases by email and by airdropping an NFT into a known crypto wallet address.
- Third party debt order. The English court has also granted a third-party debt order against a crypto exchange which held the misappropriated assets of the judgment debtor.
- Delivery-up order. In Jones v. Persons Unknown [2022] EWHC 2543 (Comm), summary judgment was obtained following the theft of bitcoin and the relevant exchange was held to hold the stolen assets as a constructive trustee. Delivery up of the bitcoin by the crypto exchange was ordered.
- Criminal freezing and recovery orders. The Economic Crime and Transparency Act 2023 strengthened the UK’s ability to seize, freeze and recover cryptoassets in cases involving the proceeds of crime without first requiring a criminal conviction. This added a new route to recovery for fraud victims as an alternative to the civil route.
Claimants may also turn to other remedies including interim delivery-up orders and search orders which could be a useful tool when seeking to ensure that property (for example, crypto held in cold wallet storage or private keys/seed phrases granting access to a crypto wallet) is preserved pending trial.
In Yuen v. Li & Another (2026) EWHC 532, concerning a claim over allegedly misappropriated Bitcoin, the court confirmed that a claim in conversion (relating to the intentional interference with another’s property) could not be pursued in respect of Bitcoin as it was intangible property and a claim in conversion was limited to claims relating to possessory rights in tangible property.
Cryptoassets are treated as property by HM Revenue & Customs (HMRC) and therefore may be subject to capital gains tax (CGT) or income tax depending whether you are disposing of a cryptoasset or have earnt it. Taxable events giving rise to CGT include: selling an asset; exchanging it for a different type of cryptoasset; using them to pay for goods or services; or giving them to another person. Individuals may be liable for income tax where cryptoassets are received by way of compensation from employers or in relation to mining, staking and airdrops. Taxpayers will need to self-report disposals (in excess of the GBP 3,000 allowance) in their HMRC Self-assessment tax return.
HMRC has a number of guides aimed at individuals, employers and service providers in relation to taxation of cryptoassets depending on the circumstances relevant (see www.gov.uk/government/collections/cryptoassets).
From 1 January 2026, HMRC began receiving direct reports from crypto service providers including individual user names, addresses and transaction history, under the OECD Cryptoasset Reporting Framework (CARF).
Crypto firms are required to process personal data in accordance with the Data Protection Act 2018 and the UK General Data Protection Regulation (UK GDPR) (which largely mirrors the key principles and rules of the EU GDPR). The UK GDPR applies where the firms are UK based or where they are based elsewhere but offer goods or services to, or monitor, individuals based in the UK. The UK GDPR principles require that personal data be: used fairly, lawfully and transparently; collected for specified purposes; adequate, relevant and for limited purpose; accurate and kept up to date; stored no longer than necessary; and processed securely. Firms are required to process personal data by means of appropriate technical and organisational measures and, where appropriate, consider measures including pseudonymisation and encryption.
Personal data breaches involving personally identifiable information must be reported to the Information Commissioner’s Office within 72 hours. Non-compliance carries serious consequences and may lead to fines of up to GBP 17.5 million or 4% of global turnover.
While there are no crypto-sector specific data protection laws, the Cryptoasset Regulations do impose requirements which intersect with data protection and cybersecurity, including, for example, in relation to operational resilience and custody of private keys (per the upcoming Cryptoasset Regulations). KYC data collected in accordance with the MLR must also be processed in compliance with the UK GDPR.
Staking will be a new regulated cryptoasset activity under the Cryptoasset Regulations, requiring firms to obtain specific FCA permission. Staking will fall within the scope of regulated activity where a firm facilitates, pools or acts as a custodian of client cryptoassets for staking, especially when intermediated.
Yield farming activities may qualify as a regulated activity under the new Cryptoasset Regulations depending on the mechanics (as it could fall within intermediated staking services or within the lending/borrowing activities).
The FCA approach to decentralised finance (DeFi) activities reflects its “same risk, same regulatory outcome” principle and to treat such activities as falling within the scope of the regulatory regime under the Cryptoasset Regulations where there is an identifiable controlling person or entity carrying out a regulated activity. It is likely that only activities which are carried out on a truly decentralised basis without any identifiable controlling person or persons will fall outside of the regulatory regime.
See Question 2, further legislation dealing with a financial services regulatory regime for cryptoassets and fiat-backed stablecoins will come into full force on 25 October 2027.
We are awaiting the final report from the Law Commission on following its June 2025 consultation paper on reforms to private international law as it applies to cryptoassets (including on jurisdiction and applicable law).