Practically unpacking Treasury's proposed digital assets legislation

Overview

Treasury has released proposed new laws that will affect how the cryptocurrency industry is regulated in Australia.

The exposure draft of the Treasury Laws Amendment (Regulating Digital Asset, and Tokenised Custody, Platforms) Bill 2025 (Bill) is a significant milestone designed to grow the innovative capacity of Australia's financial services sector.

It proposes to materially amend the Australian financial services licensing (AFSL) regime under the Corporations Act 2001 (Cth) (Corporations Act) to cover digital asset activities.

The Bill precedes the payment systems reforms legislation, which will have a large focus on currency stablecoins.

We provide a technical deep dive into the proposed changes, and our practical analysis in this briefing.

New AFSL building blocks

The Bill proceeds with the distinction between digital tokens e.g. information that can be controlled and transferred, versus digital assets e.g. the bundle of legal rights attached to a token. It will add two new financial product definitions to the Corporations Act, both requiring a bespoke AFSL authorisation:

Digital asset platform (DAP): this is defined as a non-transferable facility under which a person, defined as the operator, possesses one or more digital tokens on trust for or on behalf of another person, defined as the client, or another person nominated by the client. Examples include multilateral trading platforms where operators facilitate the platform on which clients exchange digital tokens with each other; brokerage platforms, where operators undertake trades on their clients' behalf; market making platforms, where operators buy or sell digital tokens to clients from their own stockpiles ;wallet and custody platforms, where operators store and safeguard digital tokens on behalf of clients; and staking platforms, where operators contribute to the maintenance of a public network in return for a reward that is shared with clients. We also understand the DAP model is meant to capture contractual IOUs; and
Tokenised custody platform (TCP): this is defined as a non-transferable facility under which: a person, defined as the operator, identifies one or more assets, defined as the underlying assets; and for each underlying asset, the operator creates a single digital token, possession of which confers a right to redeem, or direct the delivery of, the underlying asset; and, the operator holds each underlying asset on trust for, or on behalf of, a person who possesses that digital token. An example is where the operator holds existing tangible assets (such as gold) or intangible assets (such as shares or bonds) or undertaking bridging or wrapping services (in essence, holding token A and creating token B with rights connected to token A) and creates tokens to identify the persons entitled to those assets.

Regulating infrastructure as a 'financial product' is recognition of the near impossibility of regulating up from a product level i.e. as many digital tokens don't have issuers per se. The approach is not a new one under the Corporations Act and, in substance, these financial products are most similar to investor-directed portfolio services (IDPS) e.g. which is essentially an arrangement for a provider to hold, deal in, and administer pools of investments chosen by individual clients. At its heart, the Bill revolves around two concepts: the operator is a custodian/trustee, and digital tokens are either possessed, or are used to record holdings of assets or other digital tokens.

There are exemptions to the need to hold an AFSL, including for: low value businesses i.e. less than $AUD 10 million in revenue; where these activities are an 'insignificant' part of a business e.g. a vineyard that tokenises purchase rights to wine, and in connection with physical infrastructure e.g. ATMs and telecommunications. There is also an exemption where a smart contract performs the role of a DAP e.g. self-hosted wallet applications or automated market makers.

Modifying existing foundations

Save for in very targeted ways, the Bill retains the features of the Corporation Act specific to AFSLs. The general conduct obligations apply e.g. offering services 'efficiently, honestly and fairly', reporting of breaches, AFCA membership, the Design & Distribution obligations apply e.g. publishing a Target Market Determination for these new products, and (largely) the unfair contracts regime and misleading and deceptive conduct regimes apply. Critically, it doesn't obviate the broader AFSL regime - where an underlying asset of a DAP or TCP is a financial product e.g. share, the operator of the platform may need additional authorisations on its AFS licence where it is providing financial services with respect to those financial products (unless pertaining to custody). Fascinatingly, however, if the DAP doesn't interact with the financial product (e.g. share) directly (and just its tokenised form) this may obviate the need for a securities authorisation, and corollary obligations e.g. issuing a PDS or prospectus. There are, however, targeted exemptions e.g. on disclosure to avoid regulatory overlap.

The modifications to the Corporations Act for these financial products are critical. Key ones include:

the usual rules will apply to activities in connection with a DAP / TCP product. This makes activities such as advising on, or dealing in, or arranging for others to deal in, DAPs or TCPs regulated activities requiring an AFSL. There are civil and criminal penalties for non-compliance. There is no change to overseas issuer rules e.g. if an overseas financial product is an MIS onshore, however, does not come with a PDS, that is a hurdle for the local secondary market. A single facility can contain multiple financial products / services, requiring various AFSL authorisations (e.g. DAP and market making) and can involve other activities, requiring other licences (e.g. markets licence / CS facility licence);
no new test will be introduced to determine whether activities involving digital assets are regulated under the existing financial services laws. A person may be subject to obligations under the financial services law where they hold a financial product, including where the law recognises them as the ‘holder’ of a financial product because they possess a particular digital token;
there is a requirement that a person agree to the DAP / TCP terms and conditions (which technically constitutes AFSL 'issuing' activity), and have possession of the token. Possession of the token, in and of itself, on a secondary market is not enough to make someone a client of the DAP / TCP - onboarding rules e.g. AML/CTF, retail/wholesale classification, etc apply;
there must be a ‘one-to-one’ relationship between the underlying asset and the relevant digital token under a TCP. Fractionalisation, or mixing of assets brings it within the MIS financial product. The focus on asset composition will therefore be critical - art, for example, resists fractionalisation, as opposed to petrol or BTC. Getting this wrong risks the TCP being an MIS, and there is various technical guidance in the Bill's Explanatory Memorandum to guide differentiation between the two. For example, unlike an MIS, clients of a DAP / TCP may have the right to redeem, or direct the delivery of, the underlying assets; the operator of the DAP / TCP acts only on lawful client instructions in relation to any decisions about the acquisition, disposal or use of the underlying assets; and the DAP / TCP cannot negotiate or determine, to a material extent, any rights of the clients relating to the underlying assets. There are additional rules for TCPs, consistent with the above, including all of the underlying assets belong to the same class of asset, and the digital token created for an underlying asset can only be divisible to the same extent that the underlying asset is reasonably capable of being divisible in a way that each part can be physically delivered.
there are interesting modifications to the granular AFSL authorisations needed when interacting with a financial product, which determine when an AFSL is needed. For example, issuers of tokens do not need to have an AFSL, nor do agents dealing on behalf of clients, provided their product will be distributed via or they are working with a DAP (within certain limitations). The definitions also cover the situation where the DAP / TCP authorises the operator or another person to engage in conduct in relation to a digital token for, or on behalf of, clients or client nominees (while remaining custodian);
custody for tokens, including those which represent financial products, does not require a custodial and depository service authorisation for a DAP / TCP (and corollary of RG 133 applicability, which sets out capital requirements). This appears to include the holding of predicate assets for a TCP. (There is also a nuanced conception of what possession / custody is in connection with tokens, centred around control (not 'right' to control) which can be joint). This is an important exemption - without it, an operator of a DAP / TCP is providing a custodial or depository service (being an AFSL activity) if the operator holds financial products on behalf of its clients. Now that is not the case, and instead the AFSL activity is the DAP / TCP issuance and operation;
intermediated staking arrangements are exempted from being considered a MIS or financial product, but only where the arrangement is offered through a DAP. There are associated rules e.g. the arrangement must also ensure that rewards from the staking activities, after deducting any fees and charges, are passed on to the client;
there are targeted exemptions for issuances of securities via a DAP / TCP, so that disclosure about the securities remains the responsibility of the issuer, while disclosure about the platform arrangements is delivered through the platform guide. It essentially removes duplication, so that the existing law does not attach to the tokenised security to recognise a new security issuance i.e. share and tokenised share. There are also notification obligations on issuers to notify the DAP / TCP on the amendment or replacement of a disclosure document with ASIC e.g. prospectus;
there are also exemptions from the market-making designation for TCPs, provided the issuer is stating the prices at which they acquire or dispose of the products only for the purposes of holding, redeeming or directing the delivery of those products under the platform, and to anti-hawking provisions (this is because clients do not hold the underlying asset, but instead a token via the DAP / TCP);
wrapped tokens do not, through the wrapping process, and subject to how the wrapper is crafted (i.e. not undertaking significant financial transmutation), create a financial product in and of itself e.g. derivative. There is effectively a 'look through' to the underlying asset, and mitigates a growing inception loop developing in financial services markets. In addition, TCPs do not apply to tokenised money i.e. stablecoins, as they are covered under the forthcoming payments reforms legislation.

Constructing new rooms

In addition to modifying the Corporations Act to apply to DAPs / TCPs, there are new requirements. Key among them are:

the heavy focus on whether a particular product is or is not a financial product e.g. BTC and ETH are not, are somewhat of a secondary consideration to whether a DAP / TCP is required (accepting that some products will require additional authorisations depending on how they are held and treated e.g. derivatives);
DAPs / TCPs will need to issue a new form of disclosure, called a DAP / TCP Guide. It will incorporate the general requirements of the existing IDPS Guide, and part of the main requirements of a PDS in section 1013D of the Corporations Act. For this reason, they are likely to be highly technical documents;
the DAP / TCP Guide is required to be given to the prospective client instead of a PDS, and irrespective of whether the token is a representation of another financial product e.g. share acquired through the platform. (This avoidance of doubling up is, however, accompanied by a requirement to provide the relevant disclosure e.g. PDS for the predicate financial product underlying the token. There are also technical updates to PDSs required when the issuer intends to offer via a DAP, and not all the surrounding obligations associated with PDSs are obviated by the DAP / TCP Guide e.g. contracting out of disclosure obligations.) The DAP / TCP Guide must: identify the licensee as the issuer of the product and any custodians of the platform and state the nature of their responsibilities and any relationships between them; include information a person would reasonably require to understand the nature of the platform and any risks, the method and extent of all charges, the differences between the rights of the client and rights of others under the platform, how the operator determines the underlying assets of the platform, total fees and expenses payable (and examples), and to whom; a client may make a complaint in relation to / in connection with the operation of the platform, underlying assets (where possible – e.g. BTC has no 'issuer' per se) and financial product advice provided in connection with the DAP / TCP. It is very much PDS-grade disclosure, together with the misleading and deceptive prohibition under s 12DA of the ASIC Act 2001 (Cth).
DAPs / TCPs will also need to issue Platform Rules, which may be part of their constitution and function as a contract between the DAP / TCP and the clients, and between clients themselves. The Platform Rules must set out: who can become a client; client obligations; details on executing / settling transactions involving the acquisition or disposal of underlying assets; disclosure of external liquidity sources, the licensee's responsibility for settlement / execution, the bearer of the counterparty or operational risk of transactions, how acquisitions of underlying assets will be recorded in their registers, and anything else prescribed by the regulations.
ASIC can set new rules regarding asset holding, including possessing and safeguarding the underlying assets of the platform; record keeping, reconciliation and reporting in relation to the underlying assets; or how the underlying assets of the platform are used (we can expect rehypothecation to be heavily scrutinised);
ASIC can also set new standards on facilitation of acquisitions, disposals, encumbrances or settlements of the underlying assets of a platform; matched principal trading and other execution models; handling, prioritising and executing of the instructions of a client of a platform (including across different business models such as market operation, marking making, liquidity provision, brokerage or dealing); the conduct of persons engaged by the issuer licensee of such a platform in relation to the performance of any of these actions;
How ASIC sets the standards on asset holding, and trading mechanics will be critical to the operation of DAPs / TCPs. There is an ongoing focus on the interplay between digital asset exchange models of execution e.g. broker/dealer, market-maker or markets licensee / CS facility. That is not surprising given T+0 execution model, and the fact that most digital assets 'inventory' e.g. ETC or BTC is held offshore in global liquidity pools. In this regard, the Minister retains the discretion to designate certain trading and execution models as requiring a markets license / CS facility licence (it is made very clear in the drafting that a DAP / TCP can also require a markets licence / CS facility licence) or prohibit certain DAP / TCP activities. This applies irrespective of whether the operator is based overseas as the Explanatory Memorandum states a: 'facility is taken to be operated in this jurisdiction if it is covered by a declaration in force, even if the facility is based overseas. This means the operator of a facility covered by the declaration is subject to the licensing regime under Part 7.2 or 7.3 (as applicable) of the Act. For this reason, the Minister must have regard to whether the facilities covered by the declaration have a material connection to this jurisdiction before making the declaration';
There is also an ability for the Minister to declare that conduct that involved a specified financial product is prohibited through the platform, and there is a power to prescribe tokens which may not be a financial product (and disclosure obligations attaching to the prescribed tokens may be prescribed). In essence, anti-avoidance provisions. It is a broad 'catch all' power, complementing ASIC's broad product intervention powers under the Design & Distribution Regime; and
Finally, DAPs / TCPs will need to maintain and disclose a voting policy. Similar to IDPSs, this policy will cover the exercise of any voting rights or governance rights arising for the platform’s underlying assets and any other assets held or possessed through the platform.

Retrospective permits

It is sensible, and in line with past consultations, to bring digital assets within the scope of the ASFL regime. Obtaining an appropriate AFSL is the tip of the iceberg though. Operating it in line with ASIC's expectations, especially in the wake of the 2019 Royal Commission into Financial Services, involves a deep consideration of organisational capability, capital/liquidity availability, operations, custody settings, product design, trading / execution models, distribution channels, conduct obligations, technical disclosure, policies, procedures and controls.

There are many existing idiosyncratic nuances and technicalities under the AFSL regime and they are about to have an additional overlay.

There are also existing challenges to still grapple with e.g. the concept of 'perfection by control' in security arrangements under the PPSR (though we understand that the drafters considered this in the legislative design, it will still be a matter of instrument calibration and usual securitisation processes).

Consultation submissions on the Bill close on 24 October 2025, though the direction of travel is set. Many organisations will now require an AFSL, and those AFSLs will be new structures.

By mapping the total field of impact, first at a high level covering the areas we have set out above, and potentially engaging tested specialist advisors, organisations subject to the new regime will give themselves the best opportunity to adapt.

If you would like to discuss the proposed changes and how they might affect your operations, please contact our Financial Services team.