The change in the law affects all companies that take care of crypto assets as a service for third parties. The companies that are primarily affected are those that already store crypto assets for their customers in a collective inventory without the customers themselves having any knowledge of the corresponding private keys.
These are primarily crypto-exchanges. Today, they usually store most of their customers’ assets in so-called cold wallets. This means that the corresponding crypto assets were encrypted with a public key whose private key was generated completely offline. As a result, the assets are relatively well protected, since potential attackers have difficulty accessing the corresponding data through the internet.
However, case law will show which other stakeholders will also be affected. Depending on the interpretation of the relevant legal changes, other companies could also fall under this regulation. One example of this are the so-called crypto backed stablecoins, which try to keep the value of the issued stablecoin more or less stable by keeping the corresponding crypto currencies as an underlying value. Structured products and other investment instruments based on crypto currencies could also be affected. In addition, it must be checked to what extent crypto currencies collected by ICO/STO projects and hold in collective wallets will fall under this regulation.
Furthermore, this new regulation does not only concern companies, which have their head office in Germany. All companies that actively offer their services to German customers will have to comply with the new law – regardless of where the legal domicile of the company is.