While I think it’s very heartening they seem to draw a distinction between custodial and non-custodial wallet services, Bitcoin Magazine reports that some in the Netherlands are unsure what would qualify as “custodial” and what wouldn’t. Bitonic CEO Jouke Hofman:
Under the current provision, it’s not that clear who or what the regulation applies to, exactly. It covers wallet providers that hold onto private keys of their users. But does it also include wallet providers that hold onto one key for a two-of-three multisig address? What if bitcoins are time-locked and wallet providers cannot spend the funds now, but perhaps in the future? And if the regulation applies to any key holder, where does the definition of a wallet provider begin? Could the regulation perhaps even apply to Lightning Network nodes?
This kind of uncertainty is exactly why we need absolutely clear language both in AML and consumer protection rules. Typically you want to avoid over-specifying when you draft a law, but in this case you want to be as clear and specific as possible to make sure you are exempting applications that should not be covered. For example, here’s the definition of “control” (i.e. custodial) that we helped the ULC develop for its draft Virtual Currency Business Act:
(3) “Control” means possession of sufficient virtual currency credentials or authority on a virtual currency network to execute unilaterally or prevent indefinitely virtual currency business transactions. The term does not include possession, for a reasonably time-limited period, of virtual currency credentials sufficient to prevent virtual currency transactions to provide a service such as an escrow, provided that the user is able to regain unilateral rights to execute transactions following the period in which the escrow was in effect.
We think such clear language would address all of Hoffman’s questions.