Blog

Raising capital through securities offerings can be an attractive alternative to traditional bank financing for companies. Is it generally required to prepare a securities prospectus for such an offering, and are there any exceptions to this rule?

Crypto asset white papers do not need to be approved by BaFin or any other competent authority prior to the launch of the token sale. Nevertheless, BaFin has certain regulatory powers to intervene in the case of MiCAR violations.

The EU Listing Act aims to increase the harmonization and attractiveness of the European capital market and remove barriers for smaller companies raising capital. What does this mean in concrete terms for issuers of small-volume capital market issues? In which cases can the obligation to prepare a prospectus be omitted?

ESMA is already having a significant impact on MiCAR supervisory practice through numerous guidelines. The EU Commission is considering transferring supervision of CASPs entirely to ESMA in the future. BaFin would then lose its supervisory mandate with regard to CASPs.

Utility tokens are no longer what they used to be. Since MiCAR came into force, utility tokens have been clearly defined in legal terms and, in certain cases, can unlock attractive regulatory advantages for their issuers and providers.

Even after the end of the so-called MiCAR grandfathering period, existing institutions still have the option of obtaining a MiCAR license to expand their business to include crypto assets via the notification procedure with relatively little effort. Who is eligible and how does the procedure work?

The tokenization of real-world assets, and real estate in particular, is currently a hot topic of discussion. Is the tokenization of real estate actually possible in Germany? What requirements need to be taken into account?

The PRIIPs Regulation requires issuers of packaged retail investment products to prepare a key information document. The legal nature of the product is irrelevant. Can the obligation to publish a PRIIPs KID also apply to token issuances?

From basic testing to threat-led penetration testing—since January 2025, financial companies have been required to test their digital resilience in accordance with strict EU regulations. But what does this mean in concrete terms for testing programs, and who is affected by the demanding TLPTs?

DORA clearly distinguishes between threats, incidents, and attacks—but what reporting obligations do they trigger? An overview of the new requirements.

ICT contracts under DORA: Between minimum standards and power shifts. The regulation not only sets high requirements for digital resilience, but also changes the dynamics of contract negotiations. Financial companies must now enforce strict requirements—but which services actually fall under DORA, and how can exit strategies, audit rights, and risk management be regulated in a contractually watertight manner?

Under the prohibition of contribution in the State Treaty on Gambling, payment institutions are not permitted to execute payments in connection with illegal gambling. Cases in which original gambling providers do not have the necessary permission are clear-cut. However, difficulties arise in cases where gambling is not the focus of the customer’s business activities.