The main source of payments law in Belgium is the European legislator. The European Union strongly harmonised both the prudential rules (which concern the eligibility, the licensing process and the conditions to be met to offer payment services) and the rules of conduct (which concern the mandatory pre-contractual and contractual rules about payment service users). These rules are laid down in the EU Directive 2015/2366 of 25 November 2015 on payment services in the internal market (the “PSD2”). This directive has been transposed into Belgian national law in two distinct acts: the law of 11 March 2018 on the status and control of payment institutions and electronic money institutions, which mainly concerns the prudential rules applicable to payment and electronic money institutions, and Book VII of the Belgian Economic Law Code, which mostly covers the rules of conduct. While most of the law of 11 March 2018 is only applicable to payment institutions and electronic money institutions, some of its chapters apply to all payment service providers, i.e. the credit institutions and certain (semi-) public entities such as Bpost, the National Bank of Belgium, the European Central Bank and local authorities. Book VII of Belgian Economic Law is applicable to all payment service providers. Besides these laws, special attention must also be paid to the rules enacted by the regulators at both the European level (the European Banking Authority Guidelines) and the Belgian level (the National Bank of Belgium). Furthermore specific EU regulations must be taken into account, such as EU Regulation 2015/751 of 29 April 2015 on interchange fees for cardbased payment transactions (the “MIF Regulation”, also known as “IFR”), EU Regulation 260/2012 of 14 March 2012 establishing technical and business requirements for credit transfers and direct debits in euro, EU Regulation 2021/1230 of 14 July 2021 on crossborder payments in the Union (the “Cross Border Payment Regulation”), and EU Regulation 2015/847 of 20 May 2015 on information accompanying transfers of funds (the “FTR2”), which is currently being reviewed as part of the upcoming EU Commission new Anti-Money Laundering package. For 2024 we are particularly looking forward on how the text proposals for the PSD3/PSR will evolve

Yes, the electronic money institutions (“EMIs”) and payment institutions (“PIs”) may provide payment services too. Those entities are regulated and must get a licence from the National Bank of Belgium before starting their activities. The licence as an e-money or payment institution is subject to several requirements, e.g. the quality of the shareholders and the management, the organisation and the governance of the entity, minimum capital and own funds requirements, security requirements or the business model. The candidates must file a licence application documenting their compliance with the different requirements set out by law (as specified in applicable EBA guidelines implementing PSD2). Since the entry into force of PSD2 in Belgium, the licence requirements for EMIs and PIs are very similar. The most significant difference lies in the minimum capital requirements, which are higher for EMIs than for PIs. In addition to those licencing requirements (which must be continuously complied with during the lifespan of licenced entities), PIs and EMIs are subject to specific obligations and prohibitions about the pursuit of their business, e.g. authorisations to be obtained for specific transactions, restriction to their activities, – as well as a significant amount of reporting obligations. Regulated entities authorised in Belgium are allowed to provide payment services or issue e-money in all the other EEA Member States. A simple prior notification to the home country national regulator (which is in charge of informing the national regulators of the target countries) is required. Besides banks, PIs and EMIs, certain (semi-) public entities such as Bpost, the National Bank of Belgium and local authorities are also allowed to provide payment services (see above the question on the sources of payment legislation).

Card payments and credit transfers are the two main (retail) payment methods in Belgium. Credit transfers occur directly between different banks, PIs and EMIs are cleared by the local Centre for Exchange and Clearing (“CEC”) or European Target2 payment system. These payment operations can be initiated online (as the case may be, via a banking or payment app) or offline at banks’ offices through automated teller machines (“ATM”). Card payments rely on a card scheme (Bancontact/Visa/MasterCard/American Express) and generally include the intervention of a card issuer (mostly banks, EMIs or PIs), a payment acquirer and a retail payment processor (Worldline in Belgium). Although historically, in Belgium, payment cards have for a long time been strongly relying on the use of physical payment cards, virtual solutions are now gaining market share very quickly (payment apps, digital pass-through wallets on mobile phones / connected watches, etc). It is also worth noting that in 2022, contactless payments account for more than half of all in-store card payments. In addition, international payment methods linked to credit cards (such as Paypal, Google and Apple Pay etc.) are also available to customers. At the moment, third party solutions for e-commerce (such as Sofort) are less developed in Belgium than in some other countries, but the ecosystem is quickly evolving. Money remittance providers are also common in Belgium and allow both foreigners and locals to send money to their relatives living abroad. Over the past years, Belgium has become the preferred country for foreign money remitters to set up their European HQ post Brexit (such as MoneyGram, Wise, WorldRemit, Sendwave, Taptap Send and Atlantic Money) as they prefer to be supervised by the same regulator as their direct competitors. Since a few years there has been a surge in alternative payments / methods such as “Buy Now Pay Later (BNPL)” solutions which are mostly only payments in disguise but are in fact unregulated credit solutions. The BNPL sector is expected to feel an important impact of the second consumer credit directive adopted in October 2023 which will make most existing solutions fall within the scope of regulated credit.

With the transposition of the PSD2 in Belgium by the law of 11 March 2018, credit institutions must open their infrastructure to authorised third party payment service providers, i.e. the account information service providers (“AISP”) and the payment initiation service providers (“PISP”). AISPs and PISPs are payment institutions within the meaning of the law of 11 March 2018. They must thus be authorised by the National Bank of Belgium before exercising their activities. The rules on open banking are currently laid down in the European Commission’s Regulated Technical Standards 2018/389 of 27 November 2017 on Strong Customer Authentication and common and secure open standards of communication (“RTS SCA”). These RTS SCA contain the concrete rule on the opening of banking infrastructure. Although their implementation was a challenging process for banks, many Belgian credit institutions now comply with the RTS SCA and provide PISPs and AISPs with access to their payment accounts. Finally, it is worth mentioning that some of the rules contained in the RTS SCA are expected to be amended in the coming months by a new delegated regulation, which will introduce some changes regarding the access to payment accounts through AISPs. Finally the upcoming Payment Service Regulation (PSR) is likely to change the rules around open banking and SCA as of 2026.

By their digital nature, fintech initiatives are very often exposed to data protection issues. With regard to the protection of personal data, the most important regulations are the Regulation 2016/679 of 27 April 2016 (“GDPR”), the Directive 2002/58/EC of 12 July 2002 (“ePrivacy Directive”) and its transposition into Belgian law. The Belgian legislator also adopted the Belgian Data Protection Act of 30 July 2018, which partially incorporates the generally applicable provisions of the GDPR and partially provides for additional provisions. These laws however do not specifically address data protection within the context of providing financial services. For the processing of data within the scope of PSD2 and within the context of open banking in particular, it is generally agreed upon that the PSD2 and the GDPR are jointly applicable. According to the Belgian transposition of the PSD2, the processing and retention of personal data necessary for the provision of payment services may only take place with the explicit consent of the payment service user. It is assumed that this explicit consent under the transposition of the PSD2 should be regarded as an additional requirement of a contractual nature on the access to, and subsequently, processing and storage of personal data to provide payment services and differs from the (explicit) consent under the GDPR which is subject to strict conditions of validity. The contrary would impose significant additional (practical and financial) responsibility on payment service providers. Parties to a framework agreement may agree that the explicit consent of the payment service user to the access, processing and storage of personal data – this being necessary for the provision of payment services, and falling within the scope of the framework agreement concerned – is effectively given through the consent to the execution of the payment transactions. However, as the GDPR applies to these processing activities, the payment service provider should always process the personal data on a legitimate basis (e.g. necessity for the performance of a contract) and should at all times respect all principles of lawful processing. Therefore, the payment service provider should process personal data in a manner that ensures appropriate data security and integrity, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures (e.g. through pseudonymisation or encryption of personal data) and embedding data protection by design and by default. On 15 December 2020, the European Data Protection Board adopted additional guidance on the above as well as processing of silent party data (i.e., personal data concerning a data subject who is not the user of a specific payment service provider, but whose personal data are processed by said payment service provider for the performance of a contract between the provider and the payment service user (mostly relevant within the context of AISPs and PISPs)) and the processing of special categories of personal data (see the European Data Protection Board’s Guidelines 06/2020 on the interplay of the PSD2 and the GDPR).

The supervision of the financial sector is shared by the National Bank of Belgium (NBB) and the Financial Markets and Services Authority (FSMA) (twin-peaks model). Both these regulators have created a common dedicated ‘Contact Point for FinTech’. Fintechs are welcome to contact the regulators through this medium and they will answer their queries within three business days. This should be seen as a so-called “sound box” rather than an actual “sand box”. Generally, both the NBB and the FSMA are open to innovation in the financial sector and certain dedicated operational teams have been reinforced with tech-savvy profiles. Specially for the payment sector, the NBB has supported the creation of “Pay Belgium” an organisation gathering all regulated payment and e-money institution in order to improve a better dialogue between regulators and the industry. Regulators furthermore accept to organise informal intake meetings with fintechs to discuss their project before launching any formal licence application process (if need be). Licence applications, meetings and contacts can be held in French, Dutch, or English, which greatly facilitates the dialogue with foreign entrepreneurs and fintechs. We have observed that the Belgian regulators have acquired a strong reputation at the international level, attracting numerous foreign entities to choose Belgium as their point of entry on the European market.

Not particularly. To the contrary, the central position of Brussels tends to attract fintechs in the country. Overall, we see more and more international (non-European) groups coming to Belgium willing to use this jurisdiction as a base camp from which they can easily passport their activities throughout the entire European market.

Generally, Belgian tax environment features interesting rules for the fintech sector. At the domestic level, the higher personal income tax burden is countered by attractive tax regimes for benefits in kind, option and warrant plans in particular. The corporate income tax rate has decreased to 25% (and even 20% in the lowest bracket for SMEs). Moreover, the participation exemption has recently been extended from 95% to 100%, and provides for flexible conditions in an investment context. At the international level, Belgium has a wide treaty network of over 100 double tax treaties. It is interesting to note that it is possible to obtain a ruling from the Belgian Ruling Commission to confirm the tax treatment of envisaged transactions or structures. The proactive but diligent attitude of the Ruling Commission is considered an important plus for the Belgian tax environment. In addition, the Belgian corporate income tax regime has an innovation income deduction that exempts up to 85% of income related to qualifying intellectual property rights. This regime can be applied to software. Moreover, the Federal Government has created a “tax shelter” to foster startup and scale-up investments. Under certain conditions, investors may benefit from a tax reduction ranging from 25% to 45% on their invested amounts. Another interesting feature that can be useful for some fintechs is the exemption of professional withholding tax for R&D projects, again under certain conditions. Increased tax deductions are also organised to favour investments in digital assets allowing for the integration and exploitation of electronic means of payment and invoicing, as well as in systems increasing IT and communication security.

Fintechs active in payments and regulatory applications (‘regtech’) are still very popular on the market. The insurance (‘insurtech’) and accounting (‘accounttech’) sectors as well as certain more isolated challenger bank projects should also be mentioned. The so-called “Buy Now Pay Later” solutions market attracted attention too.

Belgium seems to attract fintechs for several reasons. Geographically, Belgium is at the heart of Europe and benefits from many high-speed train connections with key EU capitals (Paris, London, Amsterdam, Berlin, etc.). As a multicultural and multilingual country (with a bilingual French-Dutch capital, Dutch-speakers in the North and French-speakers in the South), Belgium is also seen as an interesting test market for FinTech companies. Regulators are pragmatic, tech-savvy, have a very personalised approach of each project (unlike larger jurisdictions) and, in our experience, they adopt an open and no-nonsense approach to disruptive business models. They also accept applications in English and voluntarily translate many applicable regulations and guidelines in this language. Some of our clients have also stressed the fact that they appreciate the multi-lingual and educated character of the Belgian workforce. Finally, Belgium hosts most EU institutions and is generally a pro EU country. Nowadays, this is a reassuring factor for fintechs which rely on their aptitude to passport their licence across the EU.

For an EU citizen (and by extension any EEA citizen), the fundamental principle of the free movement of workers applies (Article 45 TFEU), whereby this person is allowed to work and live in another Member State without the need to acquire a work permit in this other Member State. Any non-EU citizen who wishes to work in Belgium must obtain either a work permit (for employees performing services in Belgium on a salaried basis for a Belgian or the foreign parent company) or a professional card (for self-employed persons). The work permit or professional card must normally be applied for and issued before the person starts working in Belgium. The application process usually takes up to four months for a work permit and up to six months for a professional card. Highly skilled personnel and executive-level personnel (employees) earning a yearly gross salary exceeding a threshold that is adjusted on a yearly basis can, however, apply for a fast track application. Certain exemptions and a range of specific limitations may also apply to employees. For example, Ukrainian nationals residing in Belgium under temporary protection do not need to hold a permit or professional card to work in Belgium. With respect to self-employed persons, there is an exemption for business travels not exceeding three consecutive months.

In practice, the most noticeable gap in access to talent lies at the level of the compliance functions. There is sufficient skilled staff on the market, but it turns out to be no sinecure to have relatively experienced compliance officers take the step of leaving incumbents (large institutions, fixed values) for fintech companies and start-ups in this sector. Such officers need to be familiar with the specific Belgian regulations, which also quickly restricts the eligible public for this task. In Belgium, however, the regulator itself does not actively look or facilitate to fill these gaps. However, more and more smaller innovative newcomers and already established fintechs on the market are able to attract and inspire the talent their organisation requires.

Depending on the specific nature, activities and creations of the fintech concerned, it may rely on various intellectual property rights existing under Belgian law. The most prevalent ones are the following. Fintechs may protect their trademark under a Benelux or European trademark. Registration is required to benefit from such protection and may only be obtained if the sign is susceptible to be a clear and precise representation, has distinctive character, and is permissible and available. By contrast, a fintech’s trade name is protected simply by first use and offers protection only in the geographical area where it is used for the activities that are identical or similar to those engaged in under the trade name. As most fintechs strongly focus on digital presence, it is important to note that they may register a domain name on the Internet and that their computer programmes (e.g. mobile applications) may be protected by copyright laws provided there is originality, and a precise and objective expression of that originality. If investments are made for building databases, specific protection rights for databases may be relied upon. Furthermore, the technical IT solutions containing a computer programme which constitute an invention may be eligible to patent protection if all conditions thereto are fulfilled. Finally yet importantly, fintech organisations must organise themselves to keep their (commercial and technical) confidential information and business secrets secret. If they can prove that such an organisation is implemented, they can be protected against malicious misappropriation of such information.

Currently, Belgium has adopted several pieces of legislation which cover some activities relating to cryptocurrencies. These consist of: (i) the regulation of the FSMA (i.e. the Belgian regulator in charge of the oversight of financial services and markets) of 3 April 2014 banning the distribution of derivative products based upon the value of one or several cryptocurrencies to retail clients, (ii) the newly adopted law of 1 February 2022, which amends the Law of 18 September 2017 on the prevention of money laundering and terrorist financing and limiting the use of cash to introduce provisions on the status and supervision of providers of virtual currency exchange services and fiat currency exchange services and custodian wallet providers, (iii) the Royal Decree of 8 February 2022 on the status and the supervision of service providers for the exchange of virtual currency and fiat currency and custodian wallet providers, as well as (iv) the Royal Decree of 5 January 2023 approving the regulation of the Financial Services and Markets Authority that imposes restrictive conditions on the commercialisation of virtual coins among consumers. The Belgian rules currently establish the rules and conditions for the registration with the FSMA of virtual asset service providers (“VASPs”) who offer custody or exchange (crypto/fiat only) services and who are established on the Belgian territory, as well as the ongoing conditions for exercising these activities and the supervision thereof. In addition, they also set forth the marketing rules for persons commercialising virtual coins to the Belgian consumer market. At the European level, Regulation 2023/1114 of 31 May 2023 on markets in crypto-assets (also known as the “MiCA Regulation”) will further regulate crypto-assets and crypto-asset service provider (“CASPs”), who are currently still out of the scope of the regulatory framework for traditional financial services. The MiCA Regulation will introduce a common licencing regime across the EEA Member States, where the chapter on ‘stablecoins’ will apply from 30 June 2024, while the rest of the provisions will apply from 30 December 2024. At the same time, Regulation 2023/1113 of 31 May 2023 on information accompanying transfers of funds and certain crypto-assets (the “TFR”) will extend the so-called ‘travel rule’ to the transfer of crypto-assets. The TFR will equally apply from 30 December 2023. Lastly, Regulation 2022/858 of 30 May 2022 on a pilot regime for market infrastructures based on distributed ledger technology allows for Belgian institutions to request a specific authorisation for the trading and settlement of financial instruments that are based on distributed ledger technology. This regulatory sandbox has been open for applications since 23 March 2023.

Initial coins offerings (“ICOs”) are not specifically regulated (or forbidden) in Belgium. This does not mean, however, that they may not be subject to existing (general) regulations. The local FSMA, the EBA and the ESMA, have made it clear that depending on their legal structure and on the characteristics of the issued tokens, ICOs could be subject to various laws and regulations. For instance, an ICO with tokens that are considered to be investment instruments could fall directly or indirectly under: the Law of 11 July 2018 on public offers of investment instruments and on the admission of investment instruments to trading on regulated markets or under the EU Regulation 2017/1129 on the prospectus to be published when securities are offered to the public or admitted to trading on a regulated market (the “Prospectus Regulation”), and its delegated regulations, if they are considered as transferable securities. The law of 11 July 2018 requires notably the preparation of a prospectus to be approved by the FSMA in the event of a public offering of investment instruments within the territory of Belgium. Furthermore, it could also fall within the scope of Regulation 2020/1503 of 7 October 2020 on European crowdfunding service providers for business, which sets out the conditions for authorisation as a crowdfunding service provider. Finally, there are also the Law of 2 August 2002 on the supervision of the financial sector and on financial services (Belgian transposition law of MiFID 2) and the delegated MiFID Regulations at the EU level as well as the Law of 19 April 2014 on alternative investment funds and their managers. The legal regime applicable to ICOs should be assessed on a case-by-case basis. In Belgium, the FSMA pro-actively looks into ICO projects having a connection with Belgium and invites issuers to clarify their projects (through questionnaires focussing on the scope of the offer, the underlying assets, the business model and AML aspects) in order to verify whether any of the existing financial legislation applies. However, this regime is set to change with the upcoming MiCA Regulation, which will regulate the ICOs of so-called utility tokens (which are currently defined as tokens that that are only intended to provide access to a good or a service supplied by the issuer of these tokens), asset-referenced tokens (which are currently defined as a type of crypto-asset that is not an electronic money token and that purports to maintain a stable value by referencing another value or right or a combination thereof, including one or more official currencies), as well as e-money tokens (which are defined as tokens that purport to maintain a stable value by referencing the value of one official currency).

The blockchain scene remains rather immature compared to other jurisdictions. However, a few projects are emerging while some blockchain start-ups are now entering into their scale-up phase. Among other projects: Credix is a platform that allows the borrowing of liquidity on the blockchain through the tokenisation and securitisation of real-world assets; Isabel group has developed a blockchain-based solution for banks allowing them to on board companies online; Keyrock aims at developing the liquidity of crypto-markets by enhancing the accessibility of such markets; and Venly is providing multiple blockchain solutions (such as wallet services, Non-Fungible Tokens (‘NFT’) tools and marketplace) for app developers to integrate within their own blockchain project.

Certain initiatives using AI are being developed, especially in the investment industry (robo-advisory, etc.), credit (especially credit scoring), and regtechs (automated KYC, etc.). Chatbots are also getting ever more common in the finance industry. At this stage, regulations dedicated to AI processes are rather seldom. One of the most important exceptions can be found in the GDPR which has put in place specific requirements for automated decision-making processes. AI-related requirements are likely to increase in the future. Some will be sector-specific. For instance, since 2021 Belgian law prohibits health and life insurers from discriminating their clients on the basis of whether or not they accept to share certain data via connected devices. Some will equally apply across all sectors. Typically, we now look forward to the implementation of the European “Artificial Intelligence Act”, on which an agreement was reached by the EU Parliament and Council on 9 December 2023. This will create a clear legal framework for the use of AI systems and will have a significant impact on AI initiatives in Belgium and across the EU in general.

Belgium is an attractive place for insurers and managed to attract the non-life business of the well-known Lloyd’s in the aftermath of Brexit. We have seen the development of several initiatives in the insurtech industry. Generally, insurtechs choose to intervene at the distribution level where they offer alternative distribution channels to traditional intermediaries – many of which are brokers in Belgium. A licence as insurance intermediary is indeed much easier to obtain than a full-blown licence of insurance company. By the same token, insurtechs tend to prefer the non-life sector (car insurance, rent insurance). Part of the reasons is due to the fact that life insurance products are subject to more stringent requirements, have a long contract duration, and are trickier to market in an online environment – people subscribing life insurance policy are often looking for face-to-face advice. The rise of “embedded insurance”, whereby the insurance product is integrated in the underlying product experience, is one of the key market trends.

After a few years of activity in the alternative lending and crowdfunding industries, we would say that today’s fintechs are mainly active in the fields of payment, regulatory tools (‘regtech’), insurance (‘insurtech’) and crypto-assets. The so-called “Buy Now Pay Later” solutions market also attracted attention.

Incumbent financial institutions were initially rather reluctant and reserved towards fintechs, which came to disrupt this specific sector. However, fintech has now become more mainstream and this reluctance has given way to a relationship of increased cooperation, incrementally blurring the boundaries between incumbents and technology companies. Four main trends of cooperation are noticeable: (1) there are incumbents which focus specifically on what is happening in the field of fintech and actively support particular fintechs; (2) more and more incumbents support fintech industry organisations, such as e.g. FinTech Belgium, where fintechs get a shared platform; (3) some promising fintechs are acquired by incumbents through M&A, which allows to benefit from the widest possible opportunities; (4) more and more often, due to the high cost of client acquisition, fintechs are called in to provide B2B services to incumbents, whereby the latter hence becomes a customer of the fintech.

Incumbents often organise and support the field in which fintechs can grow (dedicated incubators or “FinTech villages”). In this way, a cooperation is set up, whether or not with a view to an imminent takeover by the incumbent. It is important to note that fintechs may be favoured by specific regulations (e.g. PSD2), which makes this way of operating an attractive option. On the other hand, established banks are found to launch innovative projects, which are developed in-house.

Belgium is home to an important number of international money remitters and other payment service providers, also the rise of Itsme, a digital identity authenticator for financial services and the autorities adopted by the grand majority of the Belgian population (7 million on a total population of 11 million) is noticeable. There have furtehrmore been several sector specific initiatives that each have added value in their own way. Examples of this are Qover (insurance), Pom and Digiteal (both e-invoicing), Monizze (e-meal vouchers), Oper Credits (digitalisation of mortgage credit distribution)  and mozzeno (P2P lending). Although in recent years the trend has been for fintech projects to be primarily payment-centric, there is now a shift towards more diversity. We have reasons to believe that this trend will increase over the next few years along the future EU regulatory proposals on open finance.