Crypto Law Profile

BaFin ICO and Crypto Token Classification Guidance

BaFin guidance explains how Germany classifies ICO and crypto tokens case by case under securities, prospectus, investment and authorisation rules, focusing on rights, transferability and negotiability.

Germany Effective Agency guidance Feb 20, 2018

At a glance

Jurisdiction Germany; issued by BaFin for ICO and crypto-token classification.
Status Agency guidance in force; current use should be read with MiCAR.
Core Test BaFin reviews token rights and structure case by case, not labels alone.
Main Impact Tokens may trigger securities, prospectus, market abuse or authorisation analysis.

Overview

BaFin ICO and Crypto Token Classification Guidance is a German agency-guidance profile covering BaFin’s 2018 advisory letter on ICO token classification and its 2019 crypto-token guidance on prospectus and authorisation questions. As of July 3, 2026, the guidance is best read as part of Germany’s broader financial-regulatory perimeter, including securities supervision, banking authorisation rules, and the EU Markets in Crypto-Assets Regulation (MiCAR).

The guidance is not a standalone crypto statute. It explains how BaFin approaches tokens, coins and cryptocurrencies underlying ICOs when deciding whether existing German and EU financial-market laws apply. The core message is technology-neutral: BaFin looks at the token’s legal and economic features, not only its label or marketing category.

BaFin ICO token classification approach

BaFin’s first advisory letter states that its Securities Supervision/Asset Management Directorate assesses tokens case by case. Depending on the structure, a token may be a financial instrument under the German Securities Trading Act (WpHG) or MiFID II, a security under the German Securities Prospectus Act (WpPG), or a capital investment under the German Capital Investment Act (VermAnlG).

This means the guidance is most relevant to token issuers, ICO organisers, trading venues, brokers, advisers, custodians, and other firms whose business model touches token issuance or secondary-market activity in Germany. It does not say that every token is a security or that every ICO is prohibited. Instead, it frames a classification process that can lead to different legal consequences depending on the rights attached to the token and the activities carried out around it.

Key provisions for crypto-token classification

Case-by-case review

BaFin emphasises that a token’s classification requires a precise assessment of the individual facts. The label “utility token” is not decisive if the token’s rights and market features point toward a regulated financial instrument. The analysis focuses on the token’s transferability, negotiability, embedded rights, payment function, and relationship to existing statutory categories.

Security-token criteria

A token may be treated as a security if it is transferable, negotiable on the financial or capital market, embodies rights comparable to shareholder rights or creditor claims, and is not a payment instrument. BaFin also states that certificated paper form is not required; documentation through distributed ledger or comparable technology can be sufficient for holder identification.

Prospectus and authorisation issues

The 2019 crypto-token guidance supplements the earlier classification letter by addressing prospectus and authorisation questions for token issuance. It also reflects BaFin’s administrative practice of using broad token categories, including utility tokens, payment tokens, and security-like tokens, as an initial screen while still requiring individual assessment.

  • Utility-style tokens may raise fewer financial-regulatory issues where they function like access or usage rights rather than investment claims.
  • Payment tokens may be relevant under German banking-law concepts, particularly where token-related services are provided commercially.
  • Security-like tokens can trigger prospectus, securities-law, market-abuse, or licensing analysis where they convey asset-like rights.

Germany, MiCAR and current regulatory context

MiCAR now provides an EU-wide framework for crypto-asset issuance and crypto-asset service providers. That framework does not erase the importance of BaFin’s older classification guidance for instruments that may fall under securities law, banking law, investment-fund law, or other financial-regulatory regimes. It does, however, change the practical context for token projects by adding harmonised EU rules for crypto-assets that are not otherwise financial instruments.

For CryptoSlate taxonomy purposes, this profile should be treated as German agency guidance with an “In force” status, subject to editor review because the underlying BaFin materials are guidance and because MiCAR has added a newer EU-level regime. Readers should not treat this profile as legal advice or as a substitute for reviewing the official sources and current law.

Key provisions

Case-by-case token classification

BaFin assesses whether a token is a financial instrument, security, investment product or other regulated instrument based on its features.

Regulatory perimeter Feb 20, 2018 Source

Security-token criteria

A token can be a security if it is transferable, negotiable, embodies shareholder- or creditor-like rights, and is not a payment instrument.

Securities Feb 20, 2018 Source

Prospectus and authorisation review

The second guidance addresses when crypto-token issuance may raise prospectus obligations or authorisation questions under German and EU regimes.

Token issuance Aug 16, 2019 Source

Token categories as an initial screen

BaFin practice distinguishes utility, payment and security-like tokens as a starting point, while mixed forms still require individual analysis.

Token types Aug 16, 2019 Source

MiCAR context

MiCAR now supplies EU-wide rules for crypto-assets and CASPs, so the BaFin guidance should be read with newer EU and German implementation rules.

EU framework Dec 30, 2024 Source

Timeline

  1. Initial ICO advisory letter

    BaFin stated that tokens underlying ICOs are assessed case by case under securities-supervision rules.

    Enacted Source
  2. Second crypto-token guidance

    BaFin issued guidance on prospectus and authorisation requirements for crypto-token issuance.

    Enacted Source
  3. English guidance page listed

    BaFin’s English source listed the second advisory letter as Guidance Notice crypto tokens.

    Enacted Source
  4. MiCAR entered into force

    EU MiCAR entered into force, adding EU-wide rules relevant to crypto-asset issuance and services.

    In force Source
  5. MiCAR main application date

    MiCAR CASP and general rules became applicable, shaping how older national guidance is read.

    In force Source

Who it affects

Actors

BaFin, Deutsche Bundesbank, EBA, ESMA

Asset classes

Crypto-tokens, Payment tokens, Security tokens, Utility tokens

Official sources

Editorial note

Guidance profile, not an enacted statute. Treat 2018-02-20 as the initial publication/effective date for the first BaFin advisory letter. Read current application alongside MiCAR and German financial law.