Virtual Assets

On 30 April 2025, PwC published the third edition of the Crypto-assets Management Survey, an annual study commissioned by the Luxembourg House of Financial Technology. For this year’s edition, input was gathered from 128 respondents across the asset management, asset servicing and broader financial services industries in Luxembourg.

Some key insights include:

• an increasing number of participants consider the crypto-assets market important for the future of asset management in Luxembourg;
• perception of the crypto-assets management as a niche market has decreased from 44% to 19% of the respondents; and
• alternative investment funds are considered the most relevant for tokenisation, highlighting their potential to improve accessibility and efficiency in the market.

However, there are still some roadblocks and risks identified in relation to the further development of crypto-asset management in Luxembourg:

• regulatory uncertainty remains the main risk to crypto-assets growth;
• while the perceived anti-money laundering risk of crypto-assets has decreased, fear for reputational damage remains;
• 64% of respondents identify limited local expertise as a barrier to the growth of crypto-assets in Luxembourg.

The report concludes with seven ‘call to action’ points to address participants’ concerns and further support growth of the crypto-asset market in Luxembourg.

The CSSF has published three updates on DORA. The updates include:

• a clarification on definition of “ICT services;
• a new notification form to notify the CSSF about (a) any planned contractual arrangement regarding the use of ICT services supporting critical or important functions as well as when (b) a function has become critical or important; and
• an updated notification of critical or important ICT outsourcing, applicable to supervised entities who are not in scope of DORA, such as branches of credit institutions and investment firms.

With these updates, the CSSF provides clarity and an unified form of providing information.

On 9 April 2025, the CSSF confirmed that it has updated an old circular on the ICT risk management framework, applicable to entities subject to DORA. The old circular aligned with EBA Guidelines, which have been updated to align with DORA’s requirements. Now, CSSF circular 25/881 is aligned with both DORA and the revised EBA Guidelines. Meanwhile, the requirements of Circular CSSF 20/750, which were also applicable to non-DORA entities, remain applicable to them.

Furthermore, the CSSF has decided to amend Circular CSSF 22/806 on outsourcing arrangements regarding the provisions related to ICT outsourcing, which are largely replaced by the DORA provisions on ICT third-party risk management, thereby aligning DORA and non-DORA entities.

On 9 April 2025, the CSSF published Circular 25/882. The purpose of this circular is to provide financial entities within DORA’s scope with practical instructions on the submission of certain information and reporting in relation to the use of ICT third-party providers. The circular also complements the DORA Regulation, notably by emphasising certain general requirements regarding the use of ICT services provided by third parties, considering the Luxembourg national laws related to financial services.

On 30 April 2025, in this circular, the CSSF confirmed that it applies the Guidelines of the European Supervisory Authorities on templates for explanations and opinions, and the standardised test for crypto-assets as required under MiCAR (the ‘Guidelines’). Consequently, the CSSF has integrated the Guidelines into its administrative practice and regulatory approach. The Guidelines provide offerors and publishers of ‘crypto-assets other than e-money tokens and asset referenced tokens’ with templates needed to submit their whitepaper. With respect to offerors of e-money tokens, the Guidelines contain the template needed to issue the required legal opinion.