By:Mark Schaub   Stanley Zhou & David Hong    King & Wood Mallesons

Introduction – the Rise of the ICO

Initial Coin Offerings (“ICO”) hit the global zeitgeist with a bang in 2017. In those heady times a small project team in East Europe with a white paper and a dodgy website could raise millions of dollars in the span of several minutes. The ICO investment phenomenon coupled with the meteoric rise of cryptocurrencies raised the profile of the underlying distributed ledger and blockchain technologies.

However, along with the market boom came the fraudsters. Bad faith projects were set up by unscrupulous founders that had no intention of building a platform on which the utility of their particular token could be realized. Rather than seek to revolutionize the world many of these founders clearly had the plan to take the money raised and run.

These bad actors moved the PRC government to take the hardline measure of banning all ICOs and their marketing on 4 September 2017.

Many people think that the PRC government banned blockchain technology but this is clearly not the case. On the contrary, the PRC government has been very supportive of blockchain technology but has been striking hard against illegal fundraising and fraud related to ICOs.

After over a year of reflection, it seems clear that the PRC government policy was sensible. Looking back at how the early ICO projects have progressed is disappointing. Few have delivered any viable product – and those that have delivered a product, the result was often mediocre. The failure of most ICO projects to deliver what they have promised has resulted in a significant backlash from investors and the crypto-community.

To Regulate or Not Regulate?

However, the dilemma for government was clear. On the one hand blockchain is a revolutionary technology that will have a major impact on the global economy. On the other hand, regulation is critically important in order to protect consumers and investors. Over regulate and you may miss the boost to your economy that blockchain will deliver; fail to regulate and there will be major fall out from consumers and investors alike.

Malta was the first jurisdiction to provide direct guidance as to the requirements for offering an ICO in early 2018. This guidance was followed up by a Virtual Financial Assets Act that was issued at the end of last year. These regulations provided certainty to both issuers and consumers in terms of what was expected in a coin/token offering. Since Malta, a number of other jurisdictions including Singapore, Hong Kong and Switzerland have released regulations or guidance on crypto-related projects.

The utility tokens issued in an ICO do not easily fit within established asset classes. For this reason, ICOs were seen as an unregulated area of law. The utility token was not quite a security and more of a digital asset which may have certain rights. Further the utility token may have specific rights; unclearly defined rights or in many cases no rights attached. For this reason, traditional regulations do not neatly apply. In response, and indicative of the conservative approach of many, larger countries, the SEC in the United States of America determined that regardless of whether a token is labeled as a utility or not it could (and likely would) be classified as a security and be required to comply with US securities regulations.

The importance of blockchain and cryptocurrencies means that governments faced with the dilemma of being hands off, regulating or prohibiting such activities do need to take decisions. As expected the common ground will be regulation. Blockchain and cryptocurrencies are too big for governments to ignore or treat in a laissez-faire manner. Equally blockchain and crypto-currencies are too big to just prohibit. Governments will not wish to impede the development of these new technologies.

In our opinion reasonable regulation is healthy for a number of reasons. New regulations will provide legitimacy to the market. At its peak, the entire crypto market was still less than the market capitalization of the world’s most valuable companies and now sits at around USD 120 billion – or how much Facebook lost in market capitalization in one day, after announcing 2018 Q2 earnings. Accordingly, although too big to ignore, cryptocurrencies’ current importance can also be easily over estimated. A major factor holding back the growth of cryptocurrency is due to the lack of large financial institutions that can be actively involved due to the uncertainty in regulations and lack of risk mitigation tools. Regulation should enable cryptocurrencies to move beyond the scams of the past and evolve to help fund real world applications in sectors such as fintech, medical data, supply-chain management, etc.

The PRC government’s move towards regulating rather than the outright ban of 4 September 2017 should be welcomed by the crypto-community and investors alike. The ideology that cryptocurrencies would be a completely free, decentralized and unregulated sector was never likely to survive interaction with government or investors. Regulations brings oversight, provides certainty and if done correctly should support the development of the sector.

Overview of Management of Blockchain Information Services

The Cyberspace Administration of China (CAC) announced on its website on Thursday, 10 January, 2019, that the new Regulations on the Management of Blockchain Information Services (the “Blockchain Regulations”) will go into effect from 15 February, 2019. China first released draft guidelines for these regulations in October 2018. The CAC supervises and manages blockchain legal compliance matters and each province in China has its own cyberspace administration body.

Main Obligations

The main obligations that the Blockchain Regulations set out include:

  • Requirement for real-name registration of blockchain information service user (“User”) is an individual or organization that uses blockchain information service.
  • Registration of blockchain information service providers with authorities. Blockchain information service is an information service provided to the public through internet websites, applications and other forms using blockchain technology or systems. The Blockchain information service Provider (“Provider”) is an entity or node that provides blockchain information service to the public as well as entity or organization that provides technical support.
  • Periodic inspections and meeting safety/security requirements
  • Compliance with PRC regulations in respect of content and information publications

Filing with the Cyberspace Administration of China (CAC)

Providers as defined above are required to make a filing to the CAC. The definition encompasses public chains, protocols, DAPPs and any other businesses that provide or use blockchain technology.

Please note that under the regulation, only individuals and entities that use or provide blockchain technology are required to make the filing to CAC. Accordingly, businesses which would not constitute blockchain information service companies are excluded from the filing requirement. However, it should be borne in mind that they may need to obtain other relevant licenses for their particular sector as required by PRC law.

Providers must submit the filing to the CAC blockchain filing system within 10 business days from the date of its operation. For existing Providers, they have 20 business days from the effective date of the Blockchain Regulations (15 February 2019) to submit the filing.

Provider’s name, service category, form of services, application fields and address of the server and other related information must be provided as part of the filing process.

The filing will be approved within 20 business days and a filing number will be provided. The Provider is required to display the filing number on its website or application.

Requirements and Duties for Providers?

The main requirements and duties for Providers provided under the Blockchain Regulations are:

  1. Technical capabilities must meet relevant PRC standards.
  2. Have the ability to handle illegal content in a timely manner in respect of publishing, recording, storage and propagation of possible illegal content.
  3. Provider shall establish and improve the management systems in respect of User registration, information review, emergency response, and safety protection.
  4. Must develop and disclose management rules and platform conventions, sign service agreements with Users that clarify the rights and duties of both parties and require the User to obey the laws and regulations and the platform conventions.
  5. Provider shall perform real-identity authentication of Users based on national ID number and mobile phone number. If a User refuses to accept real-identity authentication, the Provider shall not provide the related services to the User.
  6. If the User violates the laws and regulations, the Provider must take actions to warn, restrict or close down such accounts and handle illegal content published by the User in order to prevent the spread of information and report this to the relevant authorities after storing such records.
  7. Providers shall cooperate with the supervision and inspection conducted by relevant departments according to the law and provide necessary data support and technical assistance.
  8. Provider shall voluntarily accept social supervision, set up convenient entrance for complaints and reports, and handle public complaints and reports in a timely manner.
  9. Crucially the Provider is obliged to keep records of User information such as contents and logs for no less than 6 months and provide to relevant authorities as required.
  10. Providers will be required to conduct KYC in respect of its Users. This will have a negative impact on anonymity of Users. However, in practice most investors in blockchain projects also need to meet KYC requirements and therefore the actual impact may be less dramatic than expected. In addition, privacy related projects such as ZCash or Monero will likely to continue to operate offshore from China beyond the reach of the Chinese regulators.

If Providers fail to comply with the Regulations they may face warning, suspension of service, fines and even potentially criminal prosecution.

Security Assessment

If the Provider develops or wishes to launch a new product, application or function then this requires reporting to CAC or its relevant local authority to conduct a security assessment. It is unlikely that the security assessment will be purely based on technical aspects of the blockchain but is also likely to assess whether the new product/application or function also complies with existing PRC laws and regulations. In this case it is likely that applications which touch upon taboo subjects in China (e.g. gambling) would not pass the security assessment.

Extraterritorial effect beyond China

“Engaging in Blockchain information services within the PRC” under Article 2 of the new Regulations will apply to foreign blockchain businesses under the following circumstances:

  • The foreign blockchain business has a legal presence (e.g. has registered a company) in China and operates in the blockchain related sector as defined by the Provider.
  • There is a licensing agreement or other arrangement that allows an entity in China to run the foreign blockchain business’ blockchain technology or nodes. In such case the party that operates the blockchain nodes or technology in China will have to make a filing with the CAC.

Accordingly, if the blockchain business operates offshore, that is, nodes and all blockchain related business operations are based outside of China then we believe it is still unlikely to be strictly regulated under the Blockchain Regulations. This is so even if there are Chinese consumers using the technology while geographically located within China.  Our reading of the Blockchain Regulations is that the PRC authorities have alluded to an opening for extraterritorial enforcement but that due to the practical difficulties involved and their track record it is likely that this would only be attempted in the most extreme of circumstances.


The Blockchain Regulations should give heart to the crypto-community that the PRC authorities are evolving their position in respect of ICOs and blockchain away from the hard ban.

In many ways the closest analogy to the Blockchain Regulations is the PRC Cyber Security Law of 2017. Both pieces of legislation sought to regulate new technologies and both were passed and implemented quickly after an announcement of the draft for public comment.

As was the case with the PRC Cyber Security Law, the Blockchain Regulations are general but do provide a basic framework for the sector. However, although the trend towards regulation and away from prohibition is clear, it will take time for interpretation and enforcement guidelines to develop. We expect local officials will act conservatively and take a wait and see approach as this area of law continues to evolve.

Disclaimer: This article is for general information only and does not constitute legal advice. Please reach out to one of our authors if you are seeking specific legal advice.