← Regulations / Luxembourg / securities
Grade A AI-Researched

Luxembourg -- Securities Classification Regulatory Overview

Published: 2026-04-22 Updated: 2026-04-22 Author: SearXNG+LLM Version 1 Sources cited in: English (6)

Methodology

AI-generated synthesis from web search results.

Limitations

  • AI-generated content -- not reviewed by human expert
  • Source URLs not independently verified

Luxembourg, through its financial regulator, the Commission de Surveillance du Secteur Financier (CSSF), adopts a substance-over-form and technology-neutral approach to classifying cryptocurrency tokens. Instead of a dedicated "crypto-test" like the US Howey Test, tokens are assessed against existing definitions of financial instruments under European Union (EU) legislation and transposed into national law.

The upcoming Markets in Crypto-Assets Regulation (MiCA) (EU Regulation 2023/1114), which will largely apply from December 2024 and mid-2025, will introduce a bespoke framework for most crypto-assets. However, for now, the existing financial services legislation remains the primary classification framework for crypto-assets that qualify as financial instruments.

1. Legal Test Used (Howey Equivalent)

Luxembourg does not have a "Howey test equivalent." The assessment focuses on whether a crypto-asset falls under the definition of an existing financial instrument as per Directive 2014/65/EU on Markets in Financial Instruments (MiFID II), the Prospectus Regulation (EU) 2017/1129, and other relevant financial legislation.

Key principles of the CSSF's approach:

  • Substance Over Form: The legal nature of a token is determined by its characteristics and rights it confers, not merely by the terminology used by the issuer.
  • Technology Neutrality: The fact that an instrument is issued using DLT does not change its fundamental legal classification if it possesses the characteristics of an existing financial instrument.
  • Assessment against existing financial instrument definitions: The primary legal test is to evaluate if the token embodies rights and obligations that correspond to categories like:
    • Transferable Securities: Shares in companies, bonds or other forms of securitised debt, and any other negotiable instruments which confer the right to acquire or dispose of any such transferable securities by subscription or exchange or which confer voting rights or any other rights similar to shares. (MiFID II, Annex I, Section C, Point 1)
    • Money-Market Instruments: Instruments normally dealt in on the money market, such as treasury bills, certificates of deposit and commercial paper, and excluding instruments of payment. (MiFID II, Annex I, Section C, Point 2)
    • Units in Collective Investment Undertakings: (MiFID II, Annex I, Section C, Point 3)
    • Derivatives: Options, futures, swaps, forward rate agreements, and any other derivative contracts relating to securities, currencies, interest rates or yields, emission allowances or other underlying instruments, financial indices or financial measures which may be settled physically or in cash. (MiFID II, Annex I, Section C, Points 4-10)

If a crypto-asset meets the definition of one of these financial instruments, it is subject to the full scope of relevant financial market regulations. If it does not, it may still be subject to other regulations, such as AML/CFT laws, or potentially MiCA in the future.

2. Which Tokens are Considered Securities

Based on the above legal test, tokens are generally classified as securities if they grant rights akin to traditional financial instruments:

  • Security Tokens: These are explicitly designed to represent traditional financial instruments. Examples include:
    • Equity tokens: Representing ownership shares in a company, conferring voting rights, dividend rights, etc.
    • Debt tokens: Representing bonds, loans, or other debt instruments, conferring interest payments and principal repayment.
    • Asset-backed tokens: Tokens representing fractional ownership in real-world assets like real estate, art, or commodities, where the primary purpose is investment.
    • Derivative tokens: Tokens whose value is derived from an underlying asset or index, such as tokenized options or futures contracts.
    • Investment contract tokens: Where the token confers rights that are intrinsically linked to an investment scheme, similar to collective investment undertakings.
  • Utility Tokens (Conditional): Generally, utility tokens that genuinely provide access to a product or service (e.g., software license, platform access) are not considered securities. However, a utility token could be reclassified as a security if:
    • Its primary purpose or the reasonable expectation of purchasers is an investment return rather than utility.
    • It also confers rights similar to traditional securities (e.g., profit-sharing, governance rights in a structure resembling a company).
  • Payment/Exchange Tokens (Generally Not): Cryptocurrencies like Bitcoin or Ethereum, primarily designed as a means of payment or exchange, are generally not classified as securities. However, they may fall under:
    • E-money regulation: If they purport to maintain a stable value and are issued by an e-money issuer against receipt of funds (e.g., certain stablecoins).
    • Payment services regulation: If services related to their transfer are offered.
    • AML/CFT regulation: As virtual assets.

3. Registration/Exemption Requirements for Token Issuers

The requirements depend on whether the token is classified as a security and the activities performed.

  • Public Offer or Admission to Trading (Prospectus Regulation):
    • If a token qualifies as a "transferable security" and is offered to the public in Luxembourg or admitted to trading on a regulated market in the EU, the Prospectus Regulation (EU) 2017/1129 applies.
    • This typically requires the publication of a CSSF-approved prospectus, providing detailed information about the issuer, the securities, and the risks.
    • Exemptions exist, for example, for offers below certain thresholds (€8 million over 12 months in the EU, or smaller amounts nationally without EU passporting), or offers made only to qualified investors.
    • Reference:
  • Investment Firm Authorisation (MiFID II):
    • If an issuer (or related entity) provides investment services (e.g., investment advice, portfolio management, brokerage, underwriting) related to security tokens, they may need authorization as an investment firm under MiFID II.
    • Reference:
  • AML/CFT Registration for Virtual Asset Service Providers (VASPs):
    • Regardless of whether a token is a security, entities providing services related to virtual assets (e.g., exchange between virtual assets and fiat currencies, custody, transfer, issuance, operation of trading platforms) generally qualify as Virtual Asset Service Providers (VASPs).
    • VASPs must register with the CSSF and comply with the Law of 12 November 2004 on the fight against money laundering and terrorist financing, which transposes the EU AML Directives. This involves implementing robust AML/CFT policies and procedures.
    • Reference:

4. Secondary Trading Rules

If a crypto-asset is classified as a security, its secondary trading is subject to standard financial market rules:

  • Trading Venues: Platforms facilitating the trading of security tokens may require authorization as:
    • Regulated Market: A multilateral system operated by a market operator which brings together or facilitates the bringing together of multiple third-party buying and selling interests in financial instruments (MiFID II).
    • Multilateral Trading Facility (MTF): A multilateral system, operated by an investment firm or a market operator, which brings together multiple third-party buying and selling interests in financial instruments (MiFID II).
    • Organised Trading Facility (OTF): A multilateral system, which is not a regulated market or an MTF, in which multiple third-party buying and selling interests in bonds, structured finance products, emission allowances or derivatives are able to interact in the system (MiFID II).
  • Post-Trade Transparency & Reporting: Transactions in security tokens on regulated venues would be subject to MiFID II's pre- and post-trade transparency requirements and transaction reporting obligations.
  • Market Abuse: Trading in security tokens is subject to the Market Abuse Regulation (EU) 596/2014 (MAR), prohibiting insider dealing, market manipulation, and unlawful disclosure of inside information.
  • DLT Pilot Regime: The DLT Pilot Regime (Regulation (EU) 2022/858), which came into effect in March 2023, allows for the temporary operation of DLT market infrastructures (DLT MTFs and DLT Settlement Systems) that admit to trading or record certain crypto-assets classified as financial instruments. This provides a sandbox-like environment for experimenting with DLT in traditional financial market infrastructures.

5. Enforcement Examples

The CSSF's enforcement actions regarding crypto-assets, particularly those classified as securities, are often administrative and may not always involve public court cases specific to a "security token" classification but rather broader regulatory non-compliance.

  • Focus on Unauthorised Activities: The CSSF frequently issues warnings and takes action against entities operating in Luxembourg without the necessary licenses or registrations, including those providing investment services, payment services, or VASP services related to crypto-assets.
    • These actions often involve cease-and-desist orders or public warnings, preventing entities from offering services until they comply with regulatory requirements.
  • AML/CFT Non-Compliance: A significant portion of public enforcement in the crypto space relates to breaches of AML/CFT obligations. The CSSF regularly imposes administrative fines on VASPs and other supervised entities for deficiencies in their anti-money laundering and counter-terrorist financing frameworks.
    • While not specific to "securities," these actions underscore the CSSF's vigilance in ensuring regulated entities adhere to financial crime prevention standards. For instance, public notices on CSSF's website regularly list administrative sanctions.
  • Investor Protection Warnings: The CSSF issues numerous warnings to the public about fraudulent crypto schemes, unregulated entities, and the risks associated with investing in volatile or speculative crypto-assets. These indirectly enforce regulatory compliance by deterring participation in unregulated markets.
  • Guidance and Prevention: The CSSF largely adopts a proactive approach, providing extensive guidance through FAQs, circulars, and direct engagement with market participants to ensure compliance before issues escalate. Many projects are guided towards proper classification and authorisation pathways, reducing the need for direct enforcement through litigation.

Specific Enforcement (Illustrative, not exhaustive of security token specific cases):

  • CSSF Public Warnings: Regular public warnings against unauthorized firms offering crypto-asset related services (e.g., investment platforms, trading venues) that are not authorized as investment firms or payment institutions. These warnings often state that the entity is not supervised by the CSSF and its activities are illegal in Luxembourg.
  • Administrative Sanctions: Public announcements of administrative fines for non-compliance with AML/CFT requirements imposed on supervised entities, including VASPs. While not always directly about the "security" classification of tokens, these demonstrate the CSSF's enforcement powers over entities operating in the crypto space.

Due to Luxembourg's relatively cautious and preventive approach, coupled with the EU framework still evolving pre-MiCA, specific, high-profile enforcement cases focused solely on a crypto-asset's classification as a security and subsequent prosecution for prospectus violations, for example, are less common than general AML or unauthorized operations fines. The focus is often on ensuring proper authorisation for the activities performed rather than just the token's nature in isolation.

Sources & Attribution

This article was generated by SearXNG+LLM .

Primary Sources

[1] https://eur-lex.europa.eu/eli/reg/2017/1129/oj (government-public)
[2] https://eur-lex.europa.eu/eli/dir/2014/65/oj (government-public)
[6] https://eur-lex.europa.eu/eli/reg/2022/858/oj (government-public)

Based on reporting by

[3] Unknown — https://legilux.public.lu/eli/etat/leg/loi/2004/11/12/n6/jo
[4] Unknown — https://www.cssf.lu/en/document/circular-20-746-faq-virtual-assets/
[5] Unknown — https://www.cssf.lu/en/pages/virtual-assets/

Edit History

2026-04-22 — auto-publish-pipeline: published — Auto-published: grade A

This article is maintained by AI research workers and reviewed by human editors. Learn about our methodology →