Estonia -- Securities Classification Regulatory Overview

Estonia classifies cryptocurrency tokens as securities based on the definitions in the Securities Market Act (SMA) and Law of Obligations Act (LOA), focusing on substance over form: tokens qualify if they represent ownership rights in an instrument (e.g., shares, bonds, derivatives), give investors rights in the issuer company, or have value tied to the issuer's future profits or success. [1][2] This approach differs from the US Howey test, as there is no direct equivalent; instead, the Financial Supervision Authority (FSA, or Finantsinspektsioon) assesses tokens individually against EU MiFID II criteria for transferable securities or non-MiFID securities, without automatic classification of crypto assets as securities under the Crypto Assets Market Act (alongside EU MiCA).[1][2][3]

Tokens considered securities (security tokens) include:

• Tokenized shares, bonds, derivatives, investment fund units, or other instruments representing ownership rights on distributed ledger technology (DLT).[1]
• Tokens tied to commodity prices (classified as derivatives) or equity in the issuer (e.g., subscription rights to shares).[1][2][4]
• NFTs or other tokens that, based on characteristics, grant financial rights related to the issuing entity.[5] Utility tokens (granting access to products/services without ownership) and cryptocurrencies (valued by supply/demand) are not securities but may face lighter regulation under contract or consumer protection laws.[2][4]

Registration and exemption requirements for token issuers:

• Issuers must conduct a legal analysis before issuance; security tokens are regulated like traditional securities.[1]
• Public offerings require a prospectus and information document unless exemptions apply (e.g., private placements).[1]
• Companies providing investment services for security tokens need an investment firm license under the SMA.[1]
• Under MiCA (via Crypto Assets Market Act), asset-referenced tokens (ARTs, e.g., stablecoins tied to asset baskets) and e-money tokens (EMTs, pegged to fiat) require FSA authorization, with rules on capital reserves, governance, and transparency; other tokens are assessed case-by-case.[3] No harmonized EU-wide security token offering rules exist, so Estonian rules apply equivalently to non-tokenized securities.[1]

Secondary trading rules:

• Security tokens follow MiFID II for transferable securities (e.g., central securities register obligations) or non-MiFID rules, depending on classification.[1]
• Trading requires licensed investment firms; platforms must comply with investor protection and market integrity under SMA.[1][2] Virtual currency services (e.g., exchanges, wallets) are regulated for AML/CTF but not as financial services unless qualifying as securities.[7]

Enforcement examples: No specific cases are detailed in available sources, but the FSA supervises security tokens and recommends pre-issuance analysis to avoid violations; non-compliance leads to standard securities enforcement under SMA.[1][2]

Key legislation and regulatory guidance:

• Securities Market Act (SMA): Defines securities; applies to tokenized instruments.[1][2]
• Law of Obligations Act (LOA): Relevant for certain token rights.[2]
• Crypto Assets Market Act: Regulates crypto assets, ARTs, EMTs alongside MiCA (effective with EU adoption).[3]
• FSA Guidance: https://www.fi.ee/en/finantsinspektsioon/innovation-hub/tehnoloogiad-ja-arimudelid/security-token (security tokens); ICO legal status text linked therein.[1]
• EFSA/FSA Interpretations: Tokens as securities if tied to issuer rights/profits (historical EFSA, now FSA).[2]