to the point: technology & digitalisation l January 2024

Approval of Bitcoin ETF: rationale and potential implications

The recent approval of the first exchange-traded fund (ETF) for Bitcoin by the US Securities and Exchange Commission (SEC) has sparked considerable interest and discussion within the cryptocurrency community. Despite initial hurdles, the SEC's decision marks a milestone in the history of Bitcoin and has the potential to reshape the cryptocurrency investment landscape.

Key points:

1. Historical significance: The approval of the Bitcoin ETF is being hailed as a breakthrough, as initial attempts to launch such a fund date back to 2013. The decision allows the creation of ETFs in the United States that invest directly in bitcoin, known as bitcoin spot ETFs. Eleven applications have been approved, including those from major investment players such as Blackrock and Fidelity.
2. Market reaction: Anticipation of the SEC's decision resulted in a significant event, wherein the SEC's Twitter account was hacked, leading to the spread of false information about the approval. This misinformation briefly impacted Bitcoin prices, causing a spike to nearly USD 48,000, although the gains were not sustained.
3. Price forecasts: Analysts at Standard Chartered estimate that Bitcoin ETFs could attract USD 50 – 100bln in investor funds this year alone. Speculations vary, some suggesting that the price of Bitcoin could increase to USD 100,000. But there are conflicting opinions, underscoring the inherent unpredictability of the cryptocurrency market.
4. "Sell the news" phenomenon: The approval is seen as a turning point in the history of Bitcoin. However, there is cautious acknowledgement of a potential "sell the news" event.
5. Impact on liquidity and volatility: The SEC's decision is expected to increase demand for Bitcoin as investors gain regulated access through ETFs. While there may be short-term volatility, the long-term expectation is for increased liquidity and reduced volatility.
6. Regulatory pressure: The SEC's historically cautious stance on cryptocurrencies continues. The approval was not entirely voluntary, as a court ruling last year forced the SEC to reconsider its rejection of a Grayscale application. The court highlighted the SEC's failure to clarify the distinction between approved and rejected assets.
7. Market safeguards: To address concerns about manipulation, the Nasdaq and CBOE, in conjunction with Coinbase, have implemented market surveillance mechanisms. ETF issuers plan to charge fees ranging from 0.20 % to 0.80 %, well below the average ETF market fees.
8. Simplified access to Bitcoin: The ETF approval simplifies access to Bitcoin, similar to traditional financial products such as stocks or bonds. Investors are relieved of the responsibility of self-custody, as the ETF issuer manages storage and purchases actual coins on behalf of investors.
9. Contrast with cryptocurrency exchanges: ETFs offer a more trustworthy investment option than cryptocurrency exchanges, which have been mired in scandal. The collapse of FTX, the second-largest crypto exchange, and the legal issues faced by others highlight the risks associated with unregulated platforms.

In conclusion, the approval of the Bitcoin ETF is a pivotal development in the cryptocurrency space. It not only opens up new opportunities for investors but also addresses concerns related to market manipulation and security, potentially paving the way for broader mainstream adoption of Bitcoin.

Different legal documents are required for a start-up's financing round, depending on factors such as the nature of the transaction (e.g. equity or convertible financing) and the jurisdiction of the company. In Austria, most financing rounds are structured as an equity participation in a capital increase. The company's capital is increased and the resulting new shares are issued to the investor against payment of the nominal amount plus a cash contribution. The following legal documents need to be executed as part of such a traditional equity financing round:

1. Investment agreement: This is the main transaction document that outlines the specifics of the investment. It details the amount invested, the valuation of the start-up, and other terms and conditions such as representations and warranties, use of funds, conditions precedent of the funds flow, etc. It is essentially the roadmap for the financial arrangement.
2. Shareholders' agreement: This document governs the relationship between the shareholders. It covers who gets a say in what. Typical shareholders' agreements include provisions for decision-making, board representation, share transfer restrictions (tag-along, drag-along, pre-acquisition rights, etc.), liquidation preference and authorisations of incentive programmes.
3. Amendments to the articles of association: During a financing round, adjustments to the company's articles of association are necessary. These amendments reflect changes in the share capital, voting rights and other key elements impacting the company's corporate governance.
4. Technical capital increase documentation: This set of documents is required to technically implement a share capital increase.

• • Minutes of the general meeting: A record of the decisions taken during the general meeting, such as the formal resolution to increase the share capital and issue new shares to investors. The minutes need to be certified by a notary public.
  • Subscription declaration: This declaration is a formal commitment from investors to acquire new shares as part of the capital increase. At an Austrian limited liability company, such a declaration must be executed as a notarial deed.
  • Commercial Register filing: To legally effect the capital increase, a filing is made with the Commercial Register, updating the company's share capital. The signatures on the filing must be certified by a notary public.

Understanding and navigating these transaction documents are fundamental for a successful and legally sound start-up financing round.

On 15 January 2024, the European Commission successfully concluded its review of 11 adequacy decisions. An adequacy decision is a formal declaration ("implementing act") of the Commission that allows for a transfer of personal data to a third country (outside the EU or EEA) or an international organisation without any specific authorisation or other supplementing measures. An adequacy decision refers to a specific state and means that the Commission has concluded in its assessment that the state in question provides an adequate level of protection for personal data, particularly when it comes to the rule of law, respect for human rights and fundamental freedoms, the effective functioning of one or more independent supervisory authorities and effective and enforceable data subject rights.

The renewed adequacy decisions had originally been adopted under the 1995 Data Protection Directive and remained in force with the entry of application of the GDPR. However, adequacy decisions are subject to a periodical review and can also be suspended, amended or withdrawn. The Commission has found that these adequacy decisions remain in place and data can flow freely to Andorra, Argentina, Canada, Faroe Islands, Guernsey, the Isle of Man, Israel, Jersey, New Zealand, Switzerland and Uruguay.

The world of data protection is a fast-moving one, with changes and new findings in case law often occurring several times a week. Therefore, the Schoenherr privacy team has launched a "data protection monitor" that delivers the most important decisions and findings from the world of data protection law, briefly summarised in German, directly to your inbox every week. To have a look at the first editions and to register for the next ones, please go here.

The International Organization for Standardization (ISO) published ISO/IEC 42001:2023 on 18 December 2023. This new standard provides a framework for organisations involved in the development, deployment or use of AI-based products and services.

ISO/IEC 42001:2023 outlines requirements and provides guidance for establishing and maintaining AI management systems within an organisation's context. It provides a framework for organisations to responsibly manage AI systems. It addresses the need for specific management strategies due to the unique characteristics of AI, such as opaque decision-making and continuous learning. It aims to integrate AI management into the organisation's existing processes, focusing on AI-specific issues such as transparency, security and fairness. It emphasises a risk-based approach to managing different AI applications and aligns with other management system standards to ensure consistency across different parts of the organisation. The document does not prioritise requirements but provides guidelines for implementing processes that ensure the responsible use of AI and demonstrate organisational accountability in AI management.

Notably, this standard is expected to become a common reference point in vendor-buyer agreements, similar to other established standards from organisations such as the National Institute of Standards and Technology (NIST) and the ISO. A key distinction highlighted by the ISO is that ISO/IEC 42001:2023 is a management systems standard (MSS). This means that organisations must proactively create policies and standards to address the risks of AI systems following a "plan-do-check-act" methodology.

As AI continues to shape various industries, the ISO's latest standard sets the stage for the responsible development and use of AI and provides a structured approach for organisations to follow that may also help them to comply with the EU's AI Act in the future.

For more information or to purchase the full ISO/IEC 42001:2023 standard, please visit the ISO website here.

Stay tuned for more updates and insights on AI-related developments.

On 16 January 2024, Poland's lower house, the Sejm, appointed Mirosław Wróblewski as the new president of the Polish Data Protection Office. His candidacy was approved the next day by the Senate. In his speech, Mr Wróblewski pointed out that he has experience related not only to the protection of personal data, but also to civil rights in the broadest sense. He stated that effective protection and enforcement of internal and EU law should be priorities when it comes to personal data protection. Interestingly, he also noted that artificial intelligence is one of the biggest current challenges in this area and that he aims to strengthen the independence of the office, cooperate with other state bodies, and respond to the challenges of technological development and education.