Law on Digital Assets of the Republic of Serbia

LAW ON DIGITAL ASSETS (RS Official Gazette, No 153/2020) I. GENERAL PROVISIONS Subject matter Article 1 This Law governs:

1. the issuance of digital assets and secondary trading in digital assets in the Republic of Serbia (hereinafter: Republic);

2. the provision of services in connection with digital assets;

3. pledge and fiduciary rights on digital assets;

4. the competences of the Securities Commission (hereinafter: Commission) and the National Bank of Serbia;

5. supervision over the application of this Law. Definitions Article 2 For the purposes of this Law, the following definitions shall apply:

6. digital assets, or virtual assets, means a digital representation of value that can be digitally bought, sold, exchanged or transferred and used as a means of exchange or for investment purposes, whereby digital assets shall not include digital representation of fiat currencies and other financial assets governed by other laws, unless otherwise provided by this Law;

7. virtual currency means a type of digital assets that is not issued or guaranteed by a central bank or public authority, that is not necessarily attached to a legal tender and that does not have the legal status of money or a currency, but that is accepted by natural or legal persons as a means of exchange and that can be bought, sold, exchanged, transferred, and stored electronically;

8. digital token is a type of digital assets and means any intangible property representing, in digital form, one or more property rights, which might include the right of a digital token user to specific services;

9. supervisory authority means the National Bank of Serbia and the Commission, in line with the competences established by this Law;

10. digital asset service provider means a legal person providing one or more services in connection with the digital assets defined in Article 3 of this Law;

11. advisory service provider means a person providing digital asset advisory services;

12. crypto ATM means an automated machine that allows the purchase and sale of digital assets for money or the exchange of digital assets for other digital assets;

13. portfolio of digital assets means a set of digital assets in which a person invests;

14. white paper means a document published at the issuance of digital assets in compliance with this Law, which contains information on the issuer of digital assets, information on the digital assets, and the risks associated with the digital assets, so that investors are able to make an informed decision;

15. subsequent white paper means a document published after the issuance of digital assets for which a white paper has not been published, that contains information on the issuer of digital assets, information on the digital assets, and the risks associated with the digital assets, so that investors are able to make an informed decision;

16. digital assets trading platform means a multilateral system for trading in digital assets, which is run by the platform operator, and which brings together or facilitates the bringing together of third-party buying and/or selling interests in digital assets, and/or exchange of digital assets for other digital assets, in accordance with its non-discretionary rules and in a way that results in a contract;

17. member of management means a general director, executive director, executive board member and a supervisory board member of a legal person, depending on the governance structure of the person, including legal representative of a general partnership and a limited partnership, or a third party to whom the management authority in the general partnership or limited partnership has been assigned;

18. issuer means a domestic or foreign natural person, entrepreneur or legal person that has issued digital assets;

19. digital assets OTC market means a market for trading in digital assets where transactions are conducted directly between the buyer and the seller of a digital asset without the mandatory participation of a digital asset service provider and outside of the digital assets trading platforms;

20. financial institutions supervised by the National Bank of Serbia are banks, insurance undertakings and reinsurance undertakings, insurance brokerage companies, insurance agency companies and insurance agents, financial leasing providers, voluntary pension fund management companies, payment institutions and electronic money institutions, in compliance with special laws governing the operations of these institutions;

21. persons related to financial institutions supervised by the National Bank of Serbia are defined by the special laws governing the operations of these institutions;

22. payment service provider means a bank, payment institution, electronic money institution and a public postal service operator established in the Republic, pursuant to the law governing payment services;

23. qualifying holding exists when a person has: (1) direct or indirect right or ability to exercise 10% or more of voting rights of a legal person, and/or direct or indirect ownership of 10% or more of capital of such legal person, or (2) the ability to effectively exercise significant influence over the management of another legal person;

24. controlling holding exists when one person has: (1) direct or indirect right or ability to exercise 50% or more of voting rights of a legal person, and/or direct or indirect ownership of 50% or more of capital of such legal person; or (2) the ability to appoint and/or dismiss at least a half of the members of management of the legal person, or (3) the ability to effectively exercise dominant influence over the management of another legal person;

25. group of companies means a group of undertakings which consists of a parent company, its subsidiaries and legal persons in which the parent company and/or its subsidiaries have a holding, as well as companies linked by common management;

26. parent company of a legal person means a company with a controlling holding in the legal person;

27. subsidiary of a legal person means a company in which such legal person has a controlling holding;

28. companies linked by common management means companies not linked by a parent-subsidiary relationship, or by a holding in capital within the meaning of item 20) of this paragraph, but which include: (1) companies managed on a unified basis pursuant to a contract concluded between them, or pursuant to the provisions of their articles of incorporation or articles of association, or (2) companies with the same persons making up the majority of the members of their management;

29. close links means a relationship between two or more natural and/or legal persons where: (1) one of them has a direct or through holding in a subsidiary indirect right or ability to exercise 20% or more of voting rights of a legal person, and/or ownership of 20% or more of capital of the legal person, (2) one of them has a controlling holding in another legal person, (3) these persons are permanently linked to the same third party based on a controlling holding;

30. money (funds) means cash, scriptural money and electronic money;

31. cash means banknotes and coins;

32. electronic money (e-money) has the meaning as defined by the law governing electronic money;

33. financial instrument has the meaning as defined by the law governing the capital market;

34. market operator has the meaning as defined by the law governing the capital market;

35. broker-dealer company has the meaning as defined by the law governing the capital market;

36. retail trade has the meaning as defined by the law governing trade;

37. consumer has the meaning as defined by the law governing trade;

38. advertising has the meaning as defined by the law governing advertising, unless provided otherwise by this Law;

39. digital asset transaction means buying, selling, accepting or transferring of digital assets or exchanging digital assets for other digital assets;

40. user of digital assets means a natural person, entrepreneur or legal person who is using or has used a service in connection with digital assets or who has approached a digital asset service provider with a view to using that service;

41. holder of digital assets means a user of digital assets and a person who has acquired digital assets independently of a business relationship established with a digital asset service provider, or a transaction executed through that provider (e.g. a person who has earned digital assets by mining, contributing by their computer in the validation of transactions in the digital assets information systems);

42. digital asset address means a unique identifier of a virtual spot containing information on a digital asset;

43. stable digital assets means digital assets issued with the objective to minimise the volatility of their value which is pegged to fiat currency or one or more property rights with low volatility (e.g. their value is pegged to the official exchange rate of dinar or a relatively stable official exchange rate of a foreign currency);

44. smart contract means a computer program or a computerised protocol based on the distributed ledger technology (DLT) or similar technologies, which is partly or wholly performed by software and which

automatically executes, controls or documents legally relevant events and actions according to the terms of a contract already concluded, whereby the contract may be concluded electronically by such program or protocol; 40) business day means a day or a part of the day in which a digital asset service provider who participates in the execution of a digital asset transaction operates, enabling the execution of such transaction to the digital asset user. Types of digital asset services Article 3 Digital asset services include:

1. reception, transmission and execution of orders relating to the purchase and sale of digital assets on behalf of third parties;
2. purchase and sale of digital assets for cash and/or scriptural money and/or e-money;
3. exchange of digital assets for other digital assets;
4. custody (safekeeping) and administration of digital assets on behalf of digital asset users and the related services;
5. services pertaining to the issuing, offering and placing of digital assets on a firm commitment basis (underwriting) or without a firm commitment basis (uncommitted placement/agent services);
6. maintaining a register of pledges on digital assets;
7. digital assets acceptance/transfer services;
8. digital asset portfolio management;
9. operation of a digital assets trading platform. The custody (safekeeping) and administration of digital assets on behalf of digital asset users and the related services include control over the means by which digital assets are accessed (e.g. cryptographic keys), as well as the related services (e.g. administration of collateral). Digital asset portfolio management (hereinafter: portfolio management) means managing individual portfolios of digital assets in accordance with mandates given by a user, in a special contract concluded with the digital asset user. Underwriting means the service pertaining to the offering and placing of digital assets on a firm commitment basis, where the underwriter guarantees to purchase the assets. Uncommitted placement/agent service means the service pertaining to the offering and placing of digital assets by an agent, with no commitment on the part of the agent to purchase the assets. Digital asset acceptance/transfer service means a service provided by a digital asset service provider to a trader within the meaning of the law governing trade by accepting from a consumer the appropriate value of the digital asset, which corresponds to the price of goods sold and/or services provided to the consumer, by exchanging it for the appropriate amount of legal tender and transferring the amount to the account of the trader. The services referred to in paragraph 1, items 2) and 3) of this Article may be provided also by a crypto ATM. Activities of digital asset service providers Article 4

A digital asset service provider shall be authorised to provide these services after obtaining a licence for the provision of digital asset services from the supervisory authority. In addition to digital asset services, a digital asset service provider shall be allowed to perform only the activities and services directly related to the digital asset services. Notwithstanding paragraph 2 of this Article, legal persons already authorised by the Commission to perform the activities of a broker-dealer company or a market operator pursuant to the law governing the capital market shall be allowed to provide digital asset services in accordance with this Law after obtaining from the supervisory authority the licence to provide digital asset services. Digital asset advisory services Article 5 Digital asset advisory services (hereinafter: advisory services) include the provision of investment advice, investment recommendations, advice on capital structure, business strategy, issuing of digital assets and similar, as well as other digital asset advisory services. Investment advice means the provision of personal recommendations to a user of digital assets, in respect of one or more transactions relating to digital assets. Investment recommendation means investment research or other information for the public that explicitly or tacitly recommends or suggests an investment strategy regarding digital assets. Exclusions from the scope of this Law Article 6 The provisions of this Law shall not apply to digital asset transactions if those transactions are executed exclusively within a limited network of persons accepting the digital assets (e.g. the use of digital assets for certain products or services as a form of loyalty or reward, without the possibility of selling or transferring the assets). The acquisition of digital assets by contributing to computer validation of transactions in the digital asset information systems in relation to a specific digital asset – the so-called mining, shall be allowed, and the provisions of this Law shall not apply to such holders of digital assets (“miners”) during that acquisition. The “miners” may freely dispose of the digital assets acquired as described in paragraph 2 of this Article, either by using the services of a digital asset service provider, in which case the provisions of this Law on digital asset users shall apply, or by performing OTC transactions. The provisions of this Law shall not apply to the issuing of e-money and the provision of e-money services, as these are regulated by the law governing the provision of payment services and the issuing of e-money. The conditions and manner of applying exclusions from the scope of this Law referred to in paragraph 1 of this Article may be regulated in more detail by the supervisory authority. Digital assets qualifying as financial instruments Article 7 Unless otherwise provided by this Law, the law governing the capital market shall apply to the issuing of digital assets that have all the features of a financial instrument and to the secondary trading and the provision of services connected with such digital assets. Notwithstanding paragraph 1 of this Article, the law governing the capital market shall not apply to the issuing of digital assets that have all the features of a financial instrument, nor to the secondary

trading and the provision of services connected with such digital assets, if all of the following conditions are met:

1. digital assets have no characteristics of shares;
2. digital assets are not fungible with shares;
3. the total value of digital assets issued by a single issuer during a period of 12 months does not exceed EUR 3,000,000 in the dinar equivalent at the official middle exchange rate of the dinar against the euro determined by the National Bank of Serbia on the day of the issue, i.e. during the primary sale. Technology-neutral approach Article 8 The provisions of this Law shall apply to all digital assets regardless of the underlying technology, including stable digital assets. The provisions of this Law shall apply to the provision of all digital asset services referred to in Article 3 of this Law regardless of the technology underlying the provision of such services. Principle of procedure efficiency, cost-effectiveness and digitalisation Article 9 A legal or natural person initiating an administrative procedure in accordance with the provisions of this Law (e.g. filing an application for approval for publishing a white paper, an application for licence to provide digital asset services etc.) shall file the relevant application through a special web portal operated by the Republic of Serbia Government service for the design, harmonisation, development and functioning of the electronic administration system, and shall support the application with the complete documentation required by this Law and the regulations based on this Law, in order to prove the fulfilment of stipulated conditions. The documentation referred to in paragraph 1 of this Article shall be filed as a single copy, and the National Bank of Serbia and the Commission shall each decide on the application within their respective scope of competences, within the set timeframe. An issuer of digital assets and a company that provides or intends to provide digital asset services that fall under the competence of both the National Bank of Serbia and the Commission, shall file all information, applications, notices and other documents to be submitted both to the National Bank of Serbia and the Commission – through the web portal referred to in paragraph 1 of this Article, as a single copy. The timeframe set for deciding on the application submitted through the web portal referred to in paragraph 1 of this Article shall start on the day of receiving a duly completed application on the portal. All documents filed to the supervisory authority pursuant to this Law may be submitted electronically, in compliance with the law governing electronic documents, electronic identification and trust services in electronic business. The National Bank of Serbia and the Commission shall ex officio share between themselves the information and documents at their disposal, which are required for the decision-making process in accordance with the provisions of this Law, and they may share the information and documents via already established electronic channels within the electronic administration system (the so-called Government Service Bus, pursuant to the law governing electronic administration), and other methods used for sharing electronic documents among public authorities in compliance with the law on electronic documents, electronic identification and trust services in electronic business. Division of competences

Article 10 The National Bank of Serbia shall be responsible for the matters under this Law concerning the decision-making in administrative procedures, adoption of secondary legislation, supervision and the exercise of other rights and obligations of the supervisory authority in the part relating to virtual currencies as a type of digital assets. The Commission shall be responsible for the matters under this Law concerning the decision￾making in administrative procedures, adoption of secondary legislation, supervision and the exercise of other rights and obligations of the supervisory authority in the part relating to digital tokens as a type of digital assets, as well as in the part relating to digital assets qualifying as financial instruments. When it comes to hybrid digital assets – assets having the features of both a virtual currency and a digital token, the provisions of paragraphs 1 and 2 of this Article shall accordingly apply to the decision￾making in administrative procedures, adoption of secondary legislation, supervision and the exercise of other rights and obligations of the supervisory authority. The National Bank of Serbia and the Commission shall cooperate in the performance of their respective competences established by this Law. The National Bank of Serbia shall prepare and issue opinions on the application of this Law and the regulations based on this Law in the part relating to virtual currencies as a type of digital assets, with the exception of the application of Article 14 of this Law, while the Commission shall prepare and issue opinions on the application of this Law and the regulations based on this Law in the part relating to digital tokens as a type of digital assets and in the part relating to digital assets qualifying as financial instruments. Administrative procedure Article 11 Based on the competences established by this Law, the supervisory authority shall make decisions regarding the rights, obligations and legal interests of persons in the procedure established by this Law. The provisions of the law that governs general administrative procedure shall apply accordingly to the procedure referred to in paragraph 1 of this Article, unless otherwise provided by this Law. The supervisory authority may take additional activities in the procedure referred to in paragraph 1 of this Article to verify the accuracy of information and documentation submitted by the persons from that paragraph. The supervisory authority shall adopt a decision on the administrative matter that is subject to the procedure referred to in paragraph 1 of this Article. If the supervisory authority fails to decide on the applicant’s application in the procedure established by this Law within a stipulated timeframe (i.e. administrative silence), it shall be deemed that the application has been adopted on the day following the expiry of the timeframe for decision-making. The decision referred to in paragraph 4 of this Article shall be final. An administrative dispute may be initiated against the decision referred to in paragraph 4 hereof, but such an action against the decision shall neither prevent nor delay its execution. In an administrative dispute against the decision referred to in paragraph 4 of this Article, the court may not resolve an administrative matter whose resolution is in the competence of the supervisory authority, as stipulated by this Law. Digital asset-related payments Article 12

All dinar payments, collections and transfers in respect of digital asset transactions shall be effected in accordance with the regulations governing payment services. All foreign currency payments, collections and transfers in respect of digital asset transactions shall be effected in accordance with the regulations governing foreign exchange operations. Foreign currency payments, collections and transfers referred to in paragraph 2 of this Article may be prescribed in more detail by the National Bank of Serbia. Prohibition of owning digital assets and providing digital asset services Article 13 Financial institutions supervised by the National Bank of Serbia shall not own digital assets and digital asset instruments as their property, and the stakes in the capital of such institutions shall not be in digital assets. Financial institutions supervised by the National Bank of Serbia shall be neither providers nor users of the digital assets services. Notwithstanding paragraph 2 of this Article, banks may provide the service referred to in Article 3, paragraph 1, item 4) of this Law only in the part relating to the custody (safekeeping) of cryptographic keys. Financial institutions supervised by the National Bank of Serbia and the persons related to these financial institutions shall not be the founders, nor have a direct or indirect holding in a legal person providing digital asset services, and such institutions and such persons shall not participate in the management, nor be the members of bodies of the legal person or its representatives, and they shall not be the persons who directly manage the provision of digital asset services in the legal person. Notwithstanding paragraph 4 of this Article, financial institutions supervised by the National Bank of Serbia may hold ownership stakes in a broker-dealer company and a market operator providing digital asset services, unless prohibited by the law governing the operations of a financial institution concerned. Financial institutions supervised by the National Bank of Serbia shall not accept digital assets as a collateral. Notwithstanding paragraph 1 of this Article, the National Bank of Serbia may prescribe the conditions under which financial institutions supervised by the National Bank of Serbia may invest in digital tokens qualifying as financial instruments or used exclusively for investment purposes. Operations of legal persons and entrepreneurs in connection with digital assets Article 14 Virtual currencies shall not be used as a stake in a company, but they may be converted (exchanged) for money and paid into a company as a contribution in money. In-kind contributions into a company – in digital tokens are allowed if the digital tokens are not related to providing services or execution of work. Notwithstanding paragraph 2 of this Article, in-kind contributions into a general partnership or limited partnership may be in digital tokens related to providing services or execution of work. The list of digital tokens referred to in paragraph 2 of this Article shall be established by the Commission. The provisions of the law governing enforcement and security shall apply to the enforced collection of digital asset claims by judgment creditors.

A company operating in the Republic and having the status of a judgment debtor as defined by the law governing enforcement and security shall cooperate with the competent authorities in the enforcement procedure in accordance with that law, and shall provide all notices and data needed for the settlement of claims against digital assets, including the instruments for accessing digital assets (e.g. cryptographic keys). Paragraph 6 of this Article shall apply accordingly to other legal persons and entrepreneurs operating in the Republic. In case of liquidation of a company that has liabilities in respect of digital assets, the holders of digital assets shall have the status of creditors known to the company, as defined by the law governing companies. Exclusion of liability Article 15 The Republic of Serbia, the National Bank of Serbia, the Commission and other competent bodies and public authorities do not guarantee for the value of digital assets and do not accept any liability for potential damage and losses that the users and other holders of digital assets and/or digital asset service providers and/or third parties may suffer in respect of the performance of digital asset transactions. Before establishing a business relationship with a digital asset user or before performing a digital asset transaction, a digital asset service provider shall inform the digital asset user about the risks of a digital asset transaction, including the risk of a partial or complete loss of money, or other assets, as well as about the fact that digital asset transactions are not subject to regulations governing deposit insurance or investor protection or regulations governing financial services consumer protection. II. ISSUING OF DIGITAL ASSETS Initial offering of digital assets Article 16 The provisions of this Chapter shall apply to the initial offering of digital assets issued in the Republic. The issuing of digital assets in the Republic, regardless of whether the relevant white paper has been produced and/or approved, is allowed. The advertising of the initial offering of digital assets issued in the Republic is allowed only in accordance with the provisions of this Chapter. Advertising of the initial offering of digital assets without an approved white paper Article 17 No initial offering of digital assets without an approved white paper shall be advertised in the Republic, unless so provided by an enactment of the supervisory authority. Notwithstanding paragraph 1 of this Article, an issuer may advertise the initial offering of digital assets without an approved white paper in the following cases:

1. the initial offering is addressed to fewer than 20 natural and/or legal persons;

2. the total number of digital tokens issued does not exceed 20;

3. the initial offering is addressed to buyers/investors buying/investing in digital assets no less than EUR 50,000 in the dinar equivalent at the official middle exchange rate of the dinar against the euro determined by the National Bank of Serbia on the date of purchase/investment, per buyer/investor;

4. the total value of digital assets issued by a single issuer during a period of 12 months does not exceed EUR 100,000 in the dinar equivalent at the official middle exchange rate of the dinar against the euro determined by the National Bank of Serbia. The publishing of a white paper that has not been approved in accordance with this Law is allowed only if clearly indicated at the publishing and during the initial offering of digital assets that the relevant white paper has not been approved. Advertising of the initial offering of digital assets with an approved white paper Article 18 An issuer shall make sure that any type of advertising relating to the initial offering of digital assets with an approved white paper is in accordance with the provisions of this Article. For the purposes of this Article, advertising includes advertisements:

5. relating to a specific initial offering of digital assets;

6. aimed at promoting the purchase of / investment in digital assets. Advertisements shall be clearly recognisable as such and the information contained therein shall not be inaccurate or misleading, but consistent with the information in the white paper, if already published, or information that should be stated in the white paper, if the white paper is to be published. When advertising the initial offering, the issuer shall indicate whether the white paper has been or will be published, specifying where and how investors can access it. Even if not used for advertising purposes, all information about the initial offering, communicated orally or in writing, shall be consistent with the information contained in the white paper. Should the issuer disclose important information orally or in writing to one or more selected buyers/investors, that information shall be included in the white paper or its supplement if the white paper has been already approved. The issuer’s advertising activities shall be supervised by the supervisory authority, and all types of advertisements shall be posted on the issuer’s website at the latest on the day of publishing of the advertisement itself. Drawing up a white paper Article 19 Prior to the issuing of digital assets, an issuer may draw up a white paper that contains all the relevant data which, having regard to the special characteristics of the issuer and the digital assets offered, enable investors to make an investment decision and to assess the risks associated with investment in digital assets, and that meets all other white paper requirements laid down by this Law. Information in the white paper shall be concise, clear and comprehensible and its layout conducive to easy analysis. Data in the white paper shall be accurate, complete, clear and not misleading. The white paper referred to in paragraph 1 of this Article shall be approved by the supervisory authority (hereinafter: approval of white paper publishing).

If the issuer fails to act in accordance with paragraph 1 of this Article or if the publishing of the white paper is not approved in accordance with paragraph 4 of this Article, Article 17 of this Law shall apply to the advertising of the initial offering of digital assets. Content of the white paper Article 20 The issuer shall make sure that the white paper contains all the information about the issuer and the initial offering enabling buyers/investors to make an informed decision on the purchase of / investment in digital assets and to understand the risks associated with the initial offering and the digital assets offered. The white paper shall contain the following data and information:

1. data about the issuer, including about the main participants in the design and development of digital assets;

2. detailed description of the reasons behind the initial offering and the intended use of the funds raised;

3. data about digital assets offered, including a detailed description of the rights and obligations attached to digital assets, data about secondary trading in digital assets, as well as data about the quantity (number of units) of the digital assets offered, or the method of determining the quantity of the digital assets offered;

4. detailed description of the terms of initial offering, including a detailed description of all specific terms applying to different categories of acquirers, particularly with regard to digital assets acquired by the issuer and the persons related with the issuer, and the success threshold (if any);

5. description of the risks associated with the issuer, digital assets, initial offering of digital assets and the implementation of the relevant project;

6. detailed description of the technical procedures underlying the issuance of digital assets;

7. detailed description of the procedures and technologies used to safeguard funds and digital assets raised in initial offering;

8. description of the procedures that ensure compliance with duties relating to anti-money laundering and combating the financing of terrorism (hereinafter: AML/CFT);

9. applicable regulations and competent courts;

10. statements of responsible persons. The white paper shall contain a warning about the risks typical for the purchase of / investment in digital assets being the subject of the initial offering. Detailed content and additional elements of the white paper shall be prescribed by the supervisory authority. Liability for the content of the white paper Article 21 The issuer and the issuer’s responsible person or legal representative shall be held liable if the white paper contains incorrect, inaccurate or misleading data, or significant omissions. In addition to the issuer, liable for the data referred to in paragraph 1 of this Article shall be also:

11. independent auditors of the issuer (audit firm, auditor entrepreneur and/or licensed certified auditor), solely in connection with the information from the financial statements that have been included in the white paper and covered by their audit report;

12. other person responsible for the accuracy and completeness of information in the part of the white paper he has assumed responsibility for – solely in connection with that information. The white paper shall contain all information about the persons responsible for the accuracy and completeness of information contained therein – name, surname and title in a legal person for natural persons and business name, or name and head office for legal persons. The white paper shall also include a statement by each person responsible for the accuracy and completeness of information contained therein, stating that the information in the white paper is, to the best of their knowledge, consistent with facts, and that no facts that might affect the accuracy and completeness of the white paper have been omitted. The supervisory authority accepts no liability for the accuracy and completeness of information in any part of the white paper whose publishing has been approved. Applying for a white paper publishing approval Article 22 The application for a white paper publishing approval shall be submitted to the supervisory authority by the issuer or an authorised person in the name of the issuer. The applicant shall submit the following documentation along with the application referred to in paragraph 1 of this Article:

13. draft white paper produced in accordance with the provisions of this Law;

14. issuer’s decision on the issuing of digital assets;

15. issuer’s articles of incorporation and articles of association;

16. issuer’s financial statements for the last business year with the auditor’s report, if the issuer was subject to mandatory audit in the last year;

17. relevant documentation attesting to the assertions in the white paper;

18. evidence of payment of the supervisory authority’s fee;

19. оther documentation determined by the supervisory authority’s regulation. If the application referred to in paragraph 1 of this Article is submitted by a natural person, the application shall not be supported by the documentation set out in paragraph 2, items 2) to 4) of this Article. The content of the documentation supporting the application for approval of white paper publishing and the approval procedure shall be prescribed in more detail by the supervisory authority. Approval of white paper publishing Article 23 The supervisory authority shall approve the publishing of a white paper by issuing a decision. In the approval procedure, the supervisory authority shall verify whether the white paper meets the conditions under Articles 19 to 21 of this Law. The approval of white paper publishing does not mean that the supervisory body approves the expediency of the issuing of digital assets or confirms the financial and technical information disclosed.

The supervisory authority shall issue a decision on the approval of a white paper publishing within 30 days following the receipt of a duly completed application and shall submit the decision to the applicant. If the white paper draft does not meet the conditions laid down in this Law or if the relevant documentation supporting the application referred to in Article 22, paragraph 1 of this Law has not been submitted or if other conditions for the approval of white paper publishing have not been met, or if any changes or additional information are needed, the supervisory authority shall notify the applicant thereof within 15 days following the receipt of the application and shall request a correction and/or supplement to the documentation, or compliance with other conditions for the white paper publishing approval and shall set a timeframe for the applicant’s action upon such request. Rejecting an application for white paper publishing approval Article 24 The supervisory authority shall issue a decision rejecting an application for a white paper publishing approval for one of the following reasons:

1. the application is filed by an unauthorised person;
2. the application is incomplete or incomprehensible and the applicant failed to remedy this within the set timeframe;
3. the fees envisaged by the supervisory authority’s rules on fees have not been paid;
4. other conditions for the procedure have not been met. Denying an application for white paper publishing approval Article 25 The supervisory authority shall issue a decision denying an application for a white paper publishing approval for one of the following reasons:
5. the white paper or information, and/or documentation supporting the application do not meet the conditions prescribed by this Law or enactments adopted pursuant to this Law, and the applicant failed to remedy this within the set timeframe;
6. the white paper contains incorrect, inaccurate or misleading information or significant omissions resulting in incorrect, inaccurate or misleading information for investors, and the applicant failed to remedy this within the set timeframe;
7. the applicant is an issuer in respect of which the supervisory authority has imposed a supervisory measure due to non-compliance with the provisions of the law governing the capital market, law governing investment funds, law governing alternative investment funds, law governing the prevention of money laundering and the financing of terrorism, laws governing the operations of financial institutions or this Law, and the issuer failed to act pursuant to the measure imposed;
8. data in the white paper are not in line with the issuer’s decision on the issuing of digital assets or with other data that must be submitted along with the application;
9. the decision of the issuer’s competent body on the issuing of digital assets is null and void or rescinded;
10. preliminary bankruptcy procedure has been initiated against the issuer;
11. bankruptcy procedure has been initiated against the issuer;
12. liquidation or forced liquidation has been initiated against the issuer.

The supervisory authority may deny an application for a white paper publishing approval for one of the following reasons:

1. a preliminary procedure for establishing the eligibility for opening a bankruptcy procedure in accordance with a pre-packaged reorganisation plan has been initiated against the issuer;
2. the issuer is implementing reorganisation in accordance with the reorganisation plan, and/or in accordance with the pre-packaged reorganisation plan. White paper supplement Article 26 Should in the period from the date of white paper approval until the closing of the initial offering a new material fact arise or should a material error or imprecision be determined in the white paper information which may affect the decision-making on the purchase of / investment in digital assets, the issuer shall promptly draw up a supplement to the white paper and file to the supervisory authority an application for the approval of its publishing. The issuer shall without delay by publishing on its website notify investors of the filing of the white paper supplement to the supervisory authority, and shall publish the supplement as soon as it gets the relevant approval. The provisions of Articles 19 to 25 of this Law shall apply accordingly to the supervisory authority’s decision-making on the application for the approval of the white paper supplement publishing, and the timeframe for the decision-making shall be seven days following the receipt of the duly completed relevant application. The supervisory authority shall publish the white paper supplement applying accordingly Article 27, paragraphs 7 and 8 of this Law. The buyers/investors who committed to buy or subscribe for the digital assets before the supplement is published have the right to withdraw from the purchase or subscription within a timeframe indicated in the supplement which may not be shorter than two business days after the date of supplement publishing. White paper publishing upon approval Article 27 Upon obtaining the relevant approval, the issuer shall publish the white paper within a reasonable time, but no later than the start of the initial offering of digital assets. The issuer shall publish the white paper in the Serbian language on its website. If the white paper is published in more languages, the Serbian version shall prevail in case of any conflict with translated versions, except when the issuer is a foreign legal person in which case the prevailing version shall be in the language determined by the issuer in the white paper. The white paper published shall be identical to the white paper whose publishing has been approved by the supervisory authority and shall not be changed after the approval, except in the cases set out in Article 26 of this Law. The white paper shall be published on a dedicated section of the issuer’s website which is easily accessible from the website homepage. It shall be downloadable, printable and in searchable electronic format that cannot be modified. Access to the white paper shall not be subject to the completion of a registration process, the acceptance of a liability disclaimer or the payment of a fee.

The supervisory authority shall publish on its website all the white papers whose publishing has been approved or a list of such white papers, including hyperlinks to the dedicated website sections referred to in paragraph 2 of this Article. The list referred to herein, including the hyperlinks, shall be regularly updated. All the white papers whose publishing has been approved shall remain publicly available in electronic form for at least 10 years after their publication on the website referred to in paragraph 2 of this Article. Subscription and payment of digital assets Article 28 Where the publishing of the white paper for the initial offering of digital assets has been approved, the timeframe for the beginning of subscription and payment of digital assets shall commence at the latest within 30 days following the day of receipt/issuing of the decision on the white paper approval. The payment of digital assets shall be made in money (funds), digital assets, and/or services of the acquirer of those digital assets (e.g. transfer of issued digital assets to the “miners” of those digital assets). The subscription and payment of digital assets, as well as the transfer of digital assets to lawful holders shall be made in accordance with the characteristics of the technology underlying the issue of digital assets. The payment of digital assets in funds shall be made in accordance with the law governing payment services. Following a successfully completed initial offering of digital assets, the issuer shall promptly notify the supervisory authority thereof. The procedure of digital assets subscription and payment may be regulated in more detail by the supervisory authority. Report on the outcome of initial offering Article 29 Where the publishing of a white paper for the initial offering of digital assets has been approved, the issuer shall publish a report on the outcome of the initial offering on its website by no later than three business days after the offering is closed. The report referred to in paragraph 1 of this Article shall contain data on the quantity (number of units) of purchased digital assets, paid-in funds, or digital assets, as well as information on whether the initial offering was successful or not. The report referred to in paragraph 1 of this Article shall be published in the same way as the white paper. The form and content of data in the report referred to in paragraph 1 of this Article shall be prescribed by the supervisory authority. Following a successfully completed initial offering of digital assets with an approved white paper the issuer shall inform investors through its website about secondary trading in digital assets. III. SECONDARY TRADING IN DIGITAL ASSETS Platform operator Article 30

The tasks of operating a digital assets trading platform may be performed only by a digital asset service provider licensed to provide the service referred to in Article 3, paragraph 1, item 9) of this Law. The tasks performed by the platform operator include:

1. bringing together or facilitating the bringing together of different third-party buying and/or selling interests in digital assets, and/or exchange of digital assets for other digital assets on the digital assets trading platform, in accordance with its non-discretionary rules and in a way that results in a contract concerning digital assets admitted to trading;
2. keeping and disclosure of information on demand, supply, quotation and market prices of digital assets and other information important for digital assets trading, both before and after a transaction;
3. establishment and implementation, in accordance with the enactments and approval of the supervisory authority, of: (1) conditions for acquiring the status of a digital asset user and conclusion of a contract with such user, (2) conditions for admission of digital assets to the digital assets trading platform, exclusion from trading and temporary suspension of trading in some or all types of digital assets, (3) conditions for purchase, sale and exchange of digital assets admitted to trading on the digital assets trading platform, (4) market supervision of trading in digital assets admitted to the digital assets trading platform in order to prevent and detect non-compliance with rules concerning the platform, provisions of this Law and enactments of the supervisory authority, particularly non-compliance with the provisions of Chapter IV of this Law, (5) procedure for initiating disciplinary procedures against the digital asset users who behave contrary to the provisions of this Law, enactments of the supervisory authority and general enactments of the platform operator, (6) procedure for resolving disputes between digital asset users, in connection with transactions in digital assets admitted to trading on the digital assets trading platform;
4. performance of other tasks in connection with the digital assets trading platform in accordance with this Law and enactments of the supervisory authority. In addition to the tasks referred to in paragraph 2 of this Article, the platform operator may also provide all other digital asset services referred to in Article 3, paragraph 1 of this Law, except the service referred to in item 8) of that paragraph. The platform operator may not provide the investment advice services referred to in Article 5 of this Law either. Secondary trading in digital assets Article 31 Secondary trading in digital assets that are issued in the Republic and in respect of which the white paper was approved in accordance with this Law, as well as digital assets that are issued abroad and in respect of which the white paper was approved in accordance with this Law is allowed. The provision of digital asset services referred to in paragraph 1 of this Article and their advertising and admission to trading on the digital assets trading platform are allowed. Secondary trading in digital assets that are issued in the Republic and in respect of which the white paper was not approved in accordance with this Law, as well as digital assets that are issued abroad and in respect of which the white paper was not approved in accordance with this Law is allowed.

The provision of services in connection with the digital assets from paragraph 3 of this Article, as well as the admission of such assets to trading on the digital assets trading platform are allowed. Advertising in connection with the digital assets referred to in paragraph 3 of this Article is allowed only in accordance with the enactment of the supervisory authority, except in the following cases:

1. the subsequent white paper is approved for such digital assets;
2. the white paper or the document corresponding to the white paper was approved for such digital assets in an EU member state;
3. such digital assets are traded to a significant extent in the global market through licensed and/or registered platforms in accordance with EU AML/CFT regulations, and/or other relevant AML/CFT regulations. The platform operator shall notify the National Bank of Serbia about the admission of virtual currencies referred to in paragraph 5, item 3) of this Article to trading on the digital assets trading platform by no later than 30 days before their admission to trading. The provisions of this Law governing the approval of white paper publishing shall accordingly apply to the approval of publishing of the subsequent white paper referred to in this Article. The content and manner of approving the publishing of the subsequent white paper referred to in this Article shall be regulated in more detail by the supervisory authority. Trading via platform Article 32 Companies licensed by the supervisory authority for the provision of digital asset services and all other legal persons, entrepreneurs and natural persons may trade via the digital assets trading platform in the Republic. Pre-transaction transparency Article 33 The platform operator shall publish current prices and the volume of supply and demand for digital assets at prices published via the system of trading in digital assets admitted to trading. Such data shall be regularly and continuously presented to the public during the usual trading hours, as much as possible in real time. Post-transaction transparency Article 34 The platform operator shall disclose the price, volume and time of execution of a transaction in digital assets admitted to trading. The data on all such transactions shall be published on a reasonable commercial basis and as much as possible in real time. Temporary suspension of trading and exclusion of digital assets from trading Article 35 The platform operator may temporarily suspend trading in digital assets admitted to trading if it assesses this is necessary to protect investors or eliminate risks to smooth or stable trading in digital assets. In such case, the platform operator shall notify the supervisory authority about the suspension of such trading without delay.

The supervisory authority may order to platform operator to temporarily or permanently suspend trading in specific digital assets if such trading contravenes this Law or if such action is necessary to preserve financial stability. The platform operator may temporarily suspend trading in specific digital assets or exclude digital assets from trading if such trading is no longer compliant with the rules of the platform operator. The decision on temporary suspension shall be published on the websites of the operator of the platform on which such digital assets are admitted to trading and of the supervisory authority. OTC trading Article 36 OTC trading in digital assets in the Republic is allowed and the contracting parties are not required to use the services of any digital asset service provider for the conclusion and implementation of transactions in OTC trading. Smart contracts Article 37 The use of smart contracts in secondary trading in digital assets is allowed. If a digital asset service provider provides services which involve the use of smart contracts, it shall obtain the consent of the digital asset user for the use of smart contracts. IV. MARKET ABUSE Application Article 38 The supervisory authority shall apply the prohibitions and requirements under this Chapter to activities carried out in the Republic in connection with digital assets admitted to trading on the digital assets trading platform, and/or in respect of which the publishing of the white paper or the subsequent white paper has been approved. Inside information Article 39 Inside information means information about specific facts that are non-public and relate directly and indirectly to one or more issuers or one or more types of digital assets, which, if made public, would be likely to have a significant effect on the price of such digital assets. A significant effect on the price of digital assets exists if a reasonable investor is likely to take into consideration such information when making investment decisions. The information referred to in paragraph 1 of this Article means information about specific facts if it indicates a number of circumstances which exist or may be reasonably expected to come into existence, or an event which took place or may be reasonably expected to take place, if it is specific enough to enable making conclusions about the potential influence of such circumstances or events on the price of digital assets. For persons responsible for carrying out orders in connection with digital assets, inside information also means information about specific facts obtained from a digital asset user in connection with future orders of the user, relating directly or indirectly to one or more issuers or one or more types of digital assets, which, if made public, would be likely to have a significant effect on the price of those digital assets.

Prohibition of abuse of inside information Article 40 No person in possession of inside information is allowed to use such information directly or indirectly during the acquisition, alienation or attempts to acquire or alienate for own account or the account of a third party the digital assets to which such information relates. The provisions of paragraph 1 of this Article shall apply to a person who came into possession of inside information through:

1. membership in the issuer’s management;
2. stake in issuer’s capital;
3. access to information obtained in the normal exercise of employment, profession or duties;
4. criminal offences the person perpetrated. If the person referred to in paragraph 2 of this Article is a legal person, the prohibition referred to in that paragraph shall also concern natural persons participating in the decision-making on carrying out a transaction for the account of a specific legal person. The provisions of this Article shall not apply to transactions carried out during the execution of a due obligation of the acquisition or alienation of digital assets, if such obligation results from the contract concluded before the person came into possession of inside information. Exchange of inside information Article 41 No person referred to in Article 40 of this Law shall:
5. reveal and make available inside information to any other person, unless information is revealed and made available in the normal exercise of employment, profession or duties;
6. recommend or induce another person to acquire or alienate, based on inside information, digital assets to which such information relates. Other persons subject to the prohibition of inside information abuse Article 42 The provisions of Articles 40 and 41 of this Law shall also apply to other person in possession of inside information who knows or ought to have known that the information is inside information. Mechanisms and procedures to prevent inside information abuse Article 43 The fact that a legal person possesses or possessed inside information does not imply that the person used such information in trading, and/or that it traded based on inside information, if such legal person introduced, implemented and maintained appropriate and effective internal mechanisms and procedures preventing inside information abuse. Internal mechanisms and procedures preventing inside information abuse are such that they ensure that not a single natural person who, in the name of the legal person, made the decision on the acquisition or alienation of digital assets to which information relates, or any other natural person who could influence such decision, had inside information, i.e. that no natural person encouraged, recommended or otherwise influenced the natural person who, in the name of the legal person, made the decision on the acquisition or alienation of digital assets to which such information relates.

Public disclosure of inside information directly relating to the issuer Article 44 The issuer shall without delay inform the public of inside information directly relating to such issuer. The issuer shall not inform the public of the information referred to in this Article in a misleading way. The issuer shall inform the public in the manner enabling fast access to information and the possibility of complete, accurate and timely assessment of such information. The issuer shall publish on its website all inside information it is obliged to disclose and shall make such information available for at least five years following the disclosure. The supervisory authority shall prescribe the facts to be taken into consideration when making the decision on disclosure of inside information. Change in inside information directly relating to the issuer Article 45 The issuer shall disclose each material change in the information referred to in Article 44 of this Law which has already been published immediately after the change takes place, in the same manner in which the original information was disclosed. Delayed public disclosure of inside information Article 46 The issuer may, at own responsibility, delay the public disclosure of information referred to in Article 44 of this Law in order not to violate its legitimate interests, on condition that such delay will not mislead the public and the issuer can ensure the confidentiality of such information. The issuer referred to in paragraph 1 of this Article shall, without delay, notify the supervisory authority about its decision to postpone the public disclosure of inside information. The supervisory authority shall define in detail the circumstances which may indicate the existence of legitimate interest referred to in paragraph 1 of this Article, and the measures and decisions the issuer must implement in order to ensure the confidentiality of inside information. Disclosure of inside information in the normal exercise of employment, profession and duties Article 47 If the issuer or the person acting in its name and for its account discloses inside information to a third party in the normal exercise of employment, profession or duties, it shall make such information public in its entirety – at the same time in the event of intentional disclosure and without delay in the event of inadvertent disclosure, unless the person receiving the information is obliged to keep the confidentiality of such information. Market sounding Article 48 Market sounding means communication of information to one or more potential investors prior to the announcement of a transaction, in order to gauge the interest of potential investors in a possible transaction and its conditions, such as the potential size or pricing, by:

1. an issuer;

2. a seller of digital assets in the secondary market in such quantity or value that the transaction is distinct from ordinary trading and includes the method of sale based on prior interest assessment by the potential investor;

3. a third party acting in the name or for the account of persons referred to in items 1) and 2) of this paragraph. The market participant communicating information in accordance with paragraph 1 of this Article shall consider whether he shall include the disclosure of inside information in market sounding, and shall compile thereon and update written records which he shall submit to the supervisory authority on request. This obligation shall apply to each disclosure of information throughout the course of market sounding. The disclosure of inside information shall not constitute market abuse if before disclosure the disclosing person:

4. obtains the consent of the person participating in market sounding to receive inside information;

5. notifies the person participating in market sounding that he is prohibited from using such information or attempting to use it, in such way that he acquires or alienates digital assets to which such information relates, for his own account or the account of a third party, directly or indirectly;

6. notifies the person participating in market sounding that he is prohibited from using such information or attempting to use it by withdrawing or changing the order already made and connected with digital assets to which such information relates;

7. notifies the person participating in market sounding that he is obliged to keep the obtained information confidential. The disclosing person shall compile and keep records of all information given to the persons participating in market sounding, the identity of potential investors to whom information was disclosed, and legal and natural persons acting in the name of potential investors, and the date and time of each disclosure. When information disclosed during market sounding stops being inside information in accordance with the assessment of the disclosing person, this person shall, as soon as possible, notify thereof the person referred to in paragraph 4 of this Article, and shall submit the records thereof to the supervisory authority. Notwithstanding the provisions of this Article, the person participating in market sounding shall assess on his own whether he possesses inside information and when he shall stop possessing it. The disclosing person shall keep the records referred to in this Article in the period of at least five years following the disclosure. The supervisory authority may prescribe in more detail the conditions and manner of market sounding and record keeping within the meaning of this Article. Market manipulation Article 49 Market manipulation includes:

8. transactions and orders for digital assets trading: (1) whereby false or misleading signals or information on supply, demand or price of digital assets are given or likely to be given,

(2) whereby the person and/or persons who act in collaboration maintain the price of one or more digital assets at an abnormal or artificial level, unless the person participating in the transaction or issuing the order proves that he has legitimate reasons for that and that these transactions and orders comply with the accepted market practices; 2) transactions or orders for digital assets trading where fictitious actions or any other form of deception and contrivance are applied; 3) dissemination of information through the media, including the internet, or by any other means, which gives or is likely to give false or misleading signals about digital assets, including the dissemination of rumours and false and misleading news, by the person who knew or ought to have known that such information is false or misleading; 4) transmitting false or misleading information or providing false or misleading inputs in relation to a benchmark when the person transmitting the information or providing the inputs knew or ought to have known that they were false or misleading, or any other behaviour manipulating the calculation of the benchmark. The dissemination of information referred to in paragraph 1, item 3) of this Article by journalists performing their professional duty shall be assessed taking into account the rules governing their profession, unless such persons derive, directly or indirectly, profits or advantages from the dissemination of such information. The behaviour considered market manipulation, in view of the provisions of paragraph 1 of this Article, shall include in particular:

1. conduct by a person or more persons acting in collaboration to secure a dominant position over the supply or demand of digital assets, which has the effect of fixing, directly or indirectly, purchase or sale prices, or creates other unfair trading conditions;
2. buying or selling of digital assets at the start or end of the trading day, which has or is likely to have a misleading effect on investors acting on the basis of the prices displayed, including opening or closing prices;
3. taking advantage of occasional or regular access to traditional or electronic media by voicing an opinion about digital assets or indirectly about the issuer, while having previously taken a position in such digital assets and profiting subsequently from the impact of the opinion voiced on the price of digital assets, without having simultaneously disclosed that conflict of interest to the public in a proper and effective way. The supervisory authority shall define in more detail the behaviour which can be considered market manipulation and obligations of supervisory authorities and digital asset service providers with the aim to prevent and detect such manipulation. Prohibition of market manipulation Article 50 Market manipulation referred to in Article 49 is prohibited. The persons participating in market manipulation shall bear joint and several liability for the damage arising from market manipulation. The operator of the digital assets trading platform shall prescribe and implement procedures and measures aimed at detecting and preventing manipulation on the platform, and shall fully support the supervisory authority in examining such manipulation and implementing supervisory measures. Reporting market abuse

Article 51 Digital asset service providers shall, based on data available to them, notify the supervisory authority about the cases they have reasonable grounds to suspect to be market abuse. V. DIGITAL ASSET SERVICE PROVIDERS

1. Legal form, capital and licence to provide services Legal form of digital asset service providers Article 52 A digital asset service provider shall have the legal form of a company within the meaning of the law governing companies. Application of the law governing companies Article 53 The provisions of the law governing companies shall apply to digital asset service providers if not in contravention with this Law. Minimum capital Article 54 The minimum capital of the company submitting the application for a licence to provide digital asset services shall be no less than:

1. EUR 20,000 in the dinar equivalent at the official middle exchange rate of the dinar against the euro determined by the National Bank of Serbia – if the company intends to provide digital asset services referred to in Article 3, paragraph 1, items 1) to 6) of this Law;
2. EUR 50,000 in the dinar equivalent at the official middle exchange rate of the dinar against the euro determined by the National Bank of Serbia – if the company intends to provide digital asset services referred to in Article 3, paragraph 1, items 7) and 8) of this Law;
3. EUR 125,000 in the dinar equivalent at the official middle exchange rate of the dinar against the euro determined by the National Bank of Serbia – if the company intends to provide digital asset services referred to in Article 3, paragraph 1, item 9) of this Law. Notwithstanding paragraph 1, item 3) of this Article, if the company intends to operate a platform for trading in digital tokens of a single issuer, the minimum capital of such company shall be no less than EUR 20,000 in the dinar equivalent at the official middle exchange rate of the dinar against the euro determined by the National Bank of Serbia. The minimum capital referred to in this Article may be monetary and in-kind (e.g. software), and at least a half of minimum capital shall be subscribed and paid in money. A digital asset service provider shall maintain its capital at all times at no less than the amount of minimum capital referred to in paragraphs 1 and 2 of this Article. The manner of calculating the capital referred to in paragraph 4 of this Article shall be prescribed by the supervisory authority. In the event that the capital of a digital asset service provider falls below the amount of capital referred to in paragraph 4 of this Article, the supervisory authority shall order such digital asset service provider to eliminate irregularities in a specified period, and/or impose some of the supervisory measures prescribed by the provisions of this Law.

The supervisory authority may determine that the amount of capital requirement of a digital asset service provider be calculated by applying one of the following methods:

1. method of total value of digital asset transactions, and/or total value of digital assets kept and administered by the digital asset service provider;

2. method of fixed costs. The method referred to in paragraph 7 of this Article which uniformly applies to all digital asset service providers, the method of calculating capital and capital requirement in accordance with this method, and the manner and timeframes of reporting on capital and capital requirement, shall be defined in more detail by the regulation of the supervisory authority. Advisory service providers Article 55 An advisory service provider is not required to obtain a licence from the supervisory authority for the provision of such services. An advisory service provider may provide services connected with digital assets after obtaining a licence from the supervisory authority for the provision of such services in accordance with this Law. An advisory service provider shall have the legal form of a company or entrepreneur or be registered as a natural person performing a free profession as an activity in accordance with separate regulations. If an advisory service provider operates without a licence from the supervisory authority, it shall inform thereof each of its users and disclose this information on its website. Digital asset service providers may also provide advisory services. Licence application Article 56 A company intending to provide digital asset services shall submit to the supervisory authority an application for a licence to provide digital asset services. The application referred to in paragraph 1 of this Article shall be supported by the following:

3. decision on entry in the register of business entities;

4. list of services referred to in Article 3, paragraph 1 of this Law which the applicant intends to provide;

5. general enactments of the applicant;

6. programme of activities defining in more detail the manner and conditions of the provision of digital asset services;

7. business plan with the revenue and expenditure projection for the period of the first three years of operation, based on which it is possible to conclude that the applicant will be capable of meeting adequate organisational, personnel, technical and other conditions for continuous, safe and sound operation, including the number and type of expected digital asset users, and the expected volume and amount of digital asset transactions, for each type of service connected with digital assets it intends to provide;

8. description of planned measures for the protection of funds of digital asset users in accordance with Article 78 of this Law;

9. description of the governance and internal controls systems in accordance with Article 92 of this Law;

10. description of internal control measures introduced to fulfil the obligations determined by AML/CFT regulations;

11. description of the planned staff training programme in connection with digital asset transactions;

12. description of the organisational structure, including data on the planned outsourcing of some operational tasks relating to the provision of digital asset services;

13. description of planned measures for managing the security of the information and communications system;

14. data on persons who are members of the applicant’s management and persons to directly manage the activities of the provision of digital asset services (hereinafter: director of the digital asset service provider), with data and evidence proving that these persons have a good business reputation in accordance with Article 60 of this Law;

15. data on persons with qualifying holding in the applicant, level of their holding, and evidence on the eligibility of these persons in accordance with Article 65 of this Law;

16. data on the external auditor that performs the audit of financial statements of the applicant in the year when the application is submitted, if the applicant is subject to the audit of financial statements in accordance with law;

17. data on persons closely linked with the applicant and the description of such close links;

18. evidence of holding minimum capital referred to in Article 54 of this Law;

19. evidence that the applicant is not convicted by a final judgment of a criminal offence and that it is not subject to a criminal procedure within the meaning of the law governing the responsibility of legal persons for criminal offences, and that it is not convicted by a final judgment of an economic offence which makes it unfit to provide digital asset services within the meaning of the law governing economic offences;

20. evidence of fee payment in accordance with the supervisory authority’s rules on fees. Notwithstanding paragraphs 1 and 2 of this Article, the bank intending to provide the service referred to in Article 3, paragraph 1, item 4) of this Law in the part relating to the custody (safekeeping) of cryptographic keys shall, by no later than 30 days before the start/cessation of the provision of that service, notify the National Bank of Serbia of its intention to start/cease providing such service. Along with the notification about the intention to start providing the service, the bank shall also submit to the National Bank of Serbia the documentation referred to in paragraph 2, items 4) tо 11) and item 18) of this Article. The timeframe referred to in this paragraph shall start from the day of submission of duly completed documentation referred to in that paragraph. The data on persons referred to in paragraph 2, items 12) to 15) of this Article shall be considered particularly the following:

21. for natural persons: (1) name and surname of the natural person, (2) address of the permanent residence and/or temporary residence of the natural person (place, street and number), and the name of the country for a natural person without the citizenship of the Republic,

(3) unique citizen identification number, and/or other relevant identity designation for a natural person without the citizenship of the Republic (e.g. passport number or identification number determined by the competent government authority); 2) for legal persons: (1) business name or abbreviated business name of the legal person, (2) address of the head office of the legal person (place, street and number), and the name of the country for a legal person without the head office in the Republic, (3) registration number of the legal person, and/or other relevant identity designation for a legal person without the head office in the Republic (e.g. record number determined by the competent government authority), (4) tax identification number of the legal person. In addition to data referred to in paragraph 4 of this Article, the data on persons shall also include other data and documents containing data on persons which shall be submitted in accordance with paragraph 2, items 12) tо 15) of this Article (e.g. data and evidence that these persons have a good business reputation). The supervisory authority shall prescribe in more detail the conditions and manner of granting the licence for the provision of digital asset services, and may also prescribe additional documentation to be submitted along with the licence application. Licensing decision Article 57 The supervisory authority shall decide on granting the licence to provide digital asset services within 60 days following the receipt of a duly completed application. If the application referred to in paragraph 1 of this Article is incomplete, the supervisory authority shall, within 20 days from the receipt of the application, notify the applicant of how to complete the application, in which case the timeframe referred to in paragraph 1 of this Article shall start from the day when a duly completed application was submitted in accordance with the notification referred to in this paragraph. The supervisory authority shall adopt the decision on granting the licence once it determines that all conditions have been met in accordance with this Law. The supervisory authority shall specify in the licensing decision the services from Article 3, paragraph 1 of this Law which the digital asset service provider is authorised to provide. The supervisory authority shall deny the application referred to in paragraph 1 of this Article if it determines the following:

1. one or more conditions for obtaining the licence referred to in this Law and the regulations based on this Law have not been fulfilled;

2. members of the applicant’s management and the director of the digital asset service provider do not have a good business reputation in accordance with this Law;

3. due to close links between the applicant and other persons, the exercise of supervision over the digital asset service provider in accordance with this Law would be impossible or significantly hindered;

4. the applicant’s ownership structure is such that effective supervision over the applicant is impossible;

5. internal control measures introduced to fulfil the obligations determined by AML/CFT regulations are not appropriate;

6. the application contains incorrect or misleading data or significant omissions so that the assertions in the application cannot be verified. If the supervisory authority denies the application referred to in paragraph 1 of this Article, the applicant may not re-apply for a licence for the provision of digital asset services within one year from the adoption of the decision of the supervisory authority. Licence supplement for service provider Article 58 If it also intends to provide services referred to in Article 3, paragraph 1 of this Law which are not specified in the decision on granting the licence to the digital asset service provider, such provider shall submit to the supervisory authority an application for licence supplement. The provisions of Articles 56 and 57 of this Law shall apply accordingly to the procedure of deciding on the application referred to in paragraph 1 of this Article. Change in circumstances after licensing Article 59 A digital asset service provider shall without delay notify the supervisory authority of any changes in facts or circumstances based on which the decision was made on granting the licence referred to in Article 57 of this Law to that provider, and shall at the same time submit to the supervisory authority the changed documentation and data determined by Article 56 of this Law. In the notification referred to in paragraph 1 of this Article, the digital asset service provider shall describe in more detail the nature and scope of the changes. Management of the digital asset service provider Article 60 A management member and director of the digital asset service provider must have a good business reputation. A management member and director of the digital asset service provider shall not be:

7. a person convicted by a final judgment of criminal offences against economy, property, legal transactions, public order and official duty or judiciary, or criminal offences of money laundering or terrorism financing or similar or comparable criminal offences in accordance with regulations of a foreign country, and/or other criminal and/or punishable offence making this person unfit to perform this function;

8. a person whose associate is convicted by a final judgment of criminal offences referred to in item 1) of this paragraph;

9. a person subject to a final protective measure of prohibition of performing the activity making him unfit to perform this function;

10. a person who on the day of delicensing the legal person, and/or the day of introduction of receivership or initiation of the bankruptcy or forced liquidation procedure over the legal person was authorised to represent this legal person or was a member of its management, apart from the receiver, unless more than two years elapsed from the initiation of the bankruptcy or forced liquidation procedure. The digital asset service provider shall obtain the consent of the supervisory authority to the appointment of the management member and director of the provider in accordance with Article 61 of this Law, and shall notify the supervisory authority about dismissal, and/or resignation of the management member or director of the provider by no later than the day following the dismissal, and/or resignation.

A management member of the digital asset service provider referred to in this Article means director, executive director, member of the executive board, and legal representative of a general partnership and limited partnership within the meaning of the law governing companies, and/or a third party to whom the management authority in the general partnership or limited partnership has been assigned. The management member and director of the digital asset service provider shall not be members of the board of the provider with supervisory functions in the provider. The supervisory authority shall prescribe in more detail the conditions to be fulfilled by the management member and director of the digital asset service provider, and evidence submitted along with the application for consent, and/or notification referred to in paragraph 3 of this Article. Granting consent to the appointment of the management member and director of the digital asset service provider Article 61 The supervisory authority shall adopt the decision on granting consent to the appointment of proposed management members and director of the digital asset service provider based on evidence that the conditions prescribed by this Law and the regulations based on this Law have been fulfilled, and when it assesses that the proposed management members and director of the provider have a good business reputation. The supervisory authority shall adopt the decision referred to in paragraph 1 of this Article within 30 days following the receipt of a duly completed application for consent referred to in that paragraph. If the application for consent referred to in paragraph 1 of this Article is not duly completed, the supervisory authority shall, within 15 days following the receipt of the application, notify the applicant of how to complete it, in which case the timeframe referred to in paragraph 2 of this Article shall start from the day when a duly completed application is submitted in accordance with the notification referred to in this paragraph. By the decision on granting the licence for the provision of digital asset services, the supervisory authority shall also grant consent to the appointment of the management member and director of the digital asset service provider. Withdrawal of consent to the appointment of the management member and director of the digital asset service provider Article 62 The supervisory authority shall withdraw consent to the appointment of the management member and director of the digital asset service provider if:

1. that person does not assume duty within six months following the adoption of the decision on granting the consent;

2. it determines that the management member or director does not meet the conditions under which the consent was granted;

3. it determines that the consent was granted based on false, incorrect or misleading data, and/or in another irregular way;

4. it determines that the management member or director is in the conflict of interest and therefore cannot fulfil his obligations and duties;

5. it determines that the management member or director violated the prohibition of trading or execution of transactions, and/or issuing trading orders based on market abuse;

6. it determines that the management member or director committed a grave violation, and/or repeated violations of the provisions of this or other laws, particularly if this jeopardised the liquidity or capital of the digital asset service provider or if he violated regulations twice in three years;

7. it determines that the management member or director was deprived of legal capacity by a final decision;

8. it determines that the management member or director did not ensure the implementation or did not implement the measures ordered by the supervisory authority or did not enable the supervisory authority to smoothly carry out supervision. The supervisory authority may withdraw consent to the appointment of the management member or director of the digital asset service provider if:

9. the management member or director did not ensure adequate organisational, personnel and technical conditions in accordance with this Law;

10. in other cases when it determines that the management member or director violated this Law or enactments of the supervisory authority. The management member, and/or director shall cease to perform all functions in the digital asset service provider from the day of the submission of the decision withdrawing the consent to the appointment of the management member, and/or director of the digital asset service provider. The management of the digital asset service provider shall, by no later than 30 days following the submission of the decision referred to in paragraph 3 of this Article, submit to the supervisory authority the application for consent to the appointment of a new management member, and/or director. Personnel, organisational and technical capacity Article 63 At the time of granting the licence and during operation, a digital asset service provider shall fulfil the conditions of personnel, organisational and technical capacity prescribed by the enactment of the supervisory authority, including possessing the data processing system and maintaining continuity and regularity in the provision of services and performance of activity. A digital asset service provider shall establish adequate rules and procedures ensuring that the operation of the company, its management, director and employees is compliant with the provisions of this Law and enactments of the supervisory authority. A company performing the activity of the platform operator shall, at the time of granting the consent and during operation:

11. have the systems for clear detection and removal of potential negative consequences on the functioning of the digital assets trading platform and trading participants, which arise from the conflict of interest between the platform operator and its owners on the one hand, and stable functioning of the platform, on the other hand, particularly when such conflict of interest may be detrimental to the functions performed by the platform operator in accordance with the provisions of this Law and enactments of the supervisory authority;

12. be adequately equipped in order to manage the risks it is exposed to, implement appropriate measures and systems for the identification of all significant risks to its operation, and shall have adopted effective measures to mitigate these risks;

13. have the procedures for stable management of the technical functioning of its systems, including the establishment of effective systems in the event of unforeseen circumstances, with the aim to counter risks of system failure;

14. have transparent and non-discretionary rules and procedures enabling fair and regular trading and establishing objective criteria for efficient execution of orders;

15. have effective procedures facilitating efficient and timely conclusion of transactions executed within these systems;

16. have sufficient financial resources to facilitate normal functioning of the digital assets trading platform, given the nature and volume of transactions concluded on the platform, and the scope and degree of risks it is exposed to. The supervisory authority shall prescribe in more detail the conditions concerning personnel, organisational, technical and information capacity of the digital asset service provider, particularly taking into account concrete market circumstances, significant risks, potential conflict of interest, financial resources and the necessary professional, technical and information capacity. General enactments of the digital asset service provider Article 64 The general enactments of a digital asset service provider shall be the articles of incorporation, and/or articles of association and operating rules of the company. The supervisory authority shall grant prior consent to the general enactments of the digital asset service provider referred to in paragraph 1 of this Article, as well as to any amendments and/or supplements to those general enactments. Persons with qualifying holding in the digital asset service provider Article 65 A person with qualifying holding in a digital asset service provider shall at all times fulfil the following eligibility criteria for the purpose of ensuring stable and safe management of such provider:

17. have a good business reputation;

18. the associate of the person with qualifying holding in the digital asset service provider has a good business reputation;

19. management members of the legal person with qualifying holding in the digital asset service provider and persons closely linked to that legal person have a good business reputation;

20. the financial situation of the person with qualifying holding in the digital asset service provider is appropriate;

21. supervision of the digital asset service provider in accordance with this Law is not prevented or significantly hindered due to close links of the person with qualifying holding with other persons;

22. the group of persons to which the legal person with qualifying holding belongs is transparent and it is possible to fully determine the ownership of all persons with direct or indirect ownership in that legal person, and each direct or indirect ownership of that legal person in other legal persons;

23. business and other activities of the person with qualifying holding are not connected with money laundering or terrorism financing, do not jeopardise the safety and soundness of operation of the digital asset service provider, and do not prevent or significantly hinder the exercise of supervision of the digital asset service provider;

24. it is possible to determine the source of funds for the acquisition of qualifying holding.

The supervisory authority shall prescribe in more detail the eligibility criteria that persons with qualifying holding in the digital asset service provider must fulfil. In addition to conditions referred to in paragraph 1 of this Article, the supervisory authority may also prescribe other eligibility criteria to be fulfilled by the person with qualifying holding in the digital asset service provider. Prior consent to acquisition, and/or increase of qualifying holding Article 66 A person intending to acquire qualifying holding in a digital asset service provider, or increase it so as to gain from 20% tо 30%, more than 30% tо 50% or more than 50% of voting rights or capital in the provider, and/or so that it becomes its parent company – shall obtain prior consent of the supervisory authority to this acquisition, and/or increase. The supervisory authority shall decide on the application for the consent referred to in paragraph 1 of this Article within 30 days following the receipt of a duly completed application. If the application for the consent referred to in paragraph 1 of this Article is not duly completed, within 15 days following the receipt of the application, the supervisory authority shall notify the applicant about how to complete the application, in which case the timeframe referred to in paragraph 2 of this Article shall start from the day when a duly completed application was submitted in accordance with the notification referred to in this paragraph. By the decision granting the consent referred to in paragraph 1 of this Article, the supervisory authority shall determine that the person referred to in that paragraph shall acquire, and/or increase qualifying holding in the digital asset service provider by no later than within a year following the submission of the decision. The consent referred to in paragraph 1 of this Article shall cease to be valid if the person referred to in that paragraph fails to acquire and/or increase qualifying holding in the digital asset service provider within the timeframe referred to in paragraph 4 of this Article. If the person acquires, and/or increases the holding within this timeframe, but not at the level for which the consent was granted, the consent shall continue to be valid only for the level of the acquired, and/or increased qualifying holding in that digital asset service provider. The person submitting the application referred to in paragraph 2 of this Article must fulfil the eligibility criteria referred to in Article 65 of this Law. Article 68 of this Law shall apply accordingly to the procedure of decision-making on the application for the consent referred to in paragraph 2 of this Article. The supervisory authority shall prescribe evidence, documentation and data that the person referred to in paragraph 1 of this Article must submit along with the application referred to in paragraph 2 of this Article. Joint action during acquisition, and/or increase of qualifying holding Article 67 It is considered that, for the purpose of acquisition, and/or increase of qualifying holding in a digital asset service provider, the following persons act as a single acquirer:

1. the legal person and persons participating in managing that legal person or other legal person with close links to that legal person;

2. the legal person and persons directly appointed and dismissed by the management body of that legal person or other legal person with close links to that legal person;

3. the legal person and representatives and liquidation administrators of that legal person or other legal person with close links to that legal person;

4. natural persons considered related persons within the meaning of the law governing companies;

5. legal persons in which the persons referred to in item 4) of this paragraph participate in management or have a controlling holding in them;

6. legal persons – members of the same group of companies;

7. persons participating in management of the same legal person;

8. persons with controlling holding in the same legal person;

9. person enabling other person to secure funds for acquisition, and/or increase of qualifying holding in the digital asset service provider and the other person;

10. principal and proxy;

11. two or more legal or natural persons not related as stated in items 1) to 10) of this paragraph, but related in such way that there is a possibility that due to deterioration or improvement of the financial position of one person, the financial position of other person or more of them deteriorates or improves, and the supervisory authority, based on documentation and data it has at its disposal, assesses that there is a possibility of a transfer of loss, gain or creditworthiness. For the purpose of acquisition, and/or increase of qualifying holding in a digital asset service provider, a person shall act as a single acquirer with another person even when between them there is no relation referred to in paragraph 1 of this Article if each such person acts as a single acquirer with the same third party, in one of the ways determined in that paragraph. Associates and business reputation Article 68 At the time of filing the application referred to in Article 56 of this Law and at the request of the supervisory authority, a legal person intending to provide digital asset services shall submit a list of associates of the persons acquiring a qualifying holding, members of management and the director of the digital asset service provider, as well as the beneficial owner of the digital asset service provider within the meaning of the law governing the prevention of money laundering and the financing of terrorism, along with evidence of no conviction of the associates, for the purpose of assessment of their business reputation. Within the meaning of this Law, an associate shall be:

12. any natural person who is a member of management or another responsible person in a legal person whose beneficial owner is a person having and/or acquiring a qualifying holding in the digital asset service provider or in which this person is a member of management or is occupying another managing position;

13. any natural person who is a beneficial owner of a legal person in which the person referred to in item 1) of this paragraph is a member of management or is occupying another managing position;

14. any natural person who together with the person referred to in item 1) of this paragraph holds beneficial ownership of the same legal person.

The provisions of paragraph 2 of this Article shall accordingly apply to an associate of a member of management and the director of the digital asset service provider, as well as the beneficial owner of the digital asset service provider within the meaning of the law governing the prevention of money laundering and the financing of terrorism. The evidence of no conviction referred to in paragraph 1 of this Article shall mean the evidence that the associate is not a person convicted for criminal and/or other punishable offences referred to in Article 60, paragraph 2, item 1) of this Law. If, for justified reasons, it is unable to procure the evidence of no conviction of associates referred to in paragraph 1 of this Article, the applicant referred to in that paragraph may also submit a statement issued under material and criminal liability that its associates have not been convicted. The supervisory authority may, at any time, request the applicant to submit evidence of no conviction of such persons or request such evidence directly from the competent authority. Broker-dealer companies and market operators in accordance with the law governing the capital market Article 69 When applying for a licence to provide digital asset services, a broker-dealer company and market operator licensed by the Commission in accordance with the law governing the capital market shall file an application for such licence, along with the documentation referred to in Article 56, paragraph 2 of this Law, other than the documentation referred to in that paragraph which the broker￾dealer company and/or market operator has already submitted to the supervisory authority in accordance with the law governing the capital market and which does not change due to the filing of the application for licence to provide digital asset services (e.g. decision on entry in the register of business entities, data on members of management, data on persons with a qualifying holding, evidence of holding minimum capital, etc.). A broker-dealer company and market operator referred to in paragraph 1 of this Article shall submit the documentation referred to in Article 56, paragraph 2, item 12) of this Law only if the persons that will directly manage the provision of digital asset services are not at the same time the members of management. A broker-dealer company and market operator referred to in paragraph 1 of this Article shall ensure the technical, personnel and organisational segregation of the activities they are licensed to perform under the law governing the capital market from the activities they are licensed to perform in accordance with this Law. A broker-dealer company and market operator referred to in paragraph 1 of this Article shall perform the activities for which they are licensed under this Law in a manner which does not threaten the safety and soundness of the part of their operations which refers to the performance of the activities for which they are licensed under the law governing the capital market or which does not impede the conduct of supervision under that law. The supervisory authority may prescribe additional conditions to be met by a broker-dealer company and market operator licensed subject to the law governing the capital market in order to obtain the licence to provide digital asset services. Change of business name and head office Article 70 Prior to applying for entry of a change of business name and head office in the register of business entities, a digital asset service provider shall notify the supervisory authority of the change it is making.

Status changes Article 71 Before applying for entry of a status change in the register of business entities, a digital asset service provider participating in a status change shall obtain the approval of the supervisory authority for such status change. A digital asset service provider which, following the status change, continues to exist and provide digital asset services shall, along with the application for approval referred to in paragraph 1 of this Article, also submit to the supervisory authority:

1. decision on status change;
2. amendments to general enactments;
3. documents referred to in Article 56, paragraph 2 of this Law which change due to the status change;
4. evidence of fee payment in accordance with the supervisory authority’s rules on fees. The supervisory authority may request the digital asset service provider referred to in paragraph 2 of this Article to submit other data and documents as well. If, as a result of status change, the assets and liabilities of the digital asset service provider are transferred to another digital asset service provider (hereinafter: the acquiring company), paragraphs 2 and 3 of this Article shall apply to the filing of application for approval referred to in paragraph 1 of this Article by the acquiring company. If, as a result of status change, a new company is established, or the assets and liabilities are transferred to an existing company which is not licensed to provide digital asset services in accordance with this Law, the provisions of this Law relating to the granting of licence to provide digital asset services shall apply. The supervisory authority shall decide on the application for approval referred to in paragraph 1 of this Article within 60 days from the day of receiving a duly completed application. If the application for approval referred to in paragraph 1 of this Article is not duly completed, within 20 days from receiving such application the supervisory authority shall notify the applicant in what way to complete the application duly, in which case the deadline referred to in paragraph 6 of this Article shall start running from the day when the duly completed application was submitted, in accordance with the notification referred to in this paragraph. Register of digital asset service providers Article 72 The supervisory authorities shall maintain registers of digital asset service providers. The following information shall be entered in the registers referred to in paragraph 1 of this Article:
5. digital asset service providers licensed by the supervisory authority to provide digital asset services;
6. branches of digital asset service providers in foreign countries and/or digital asset service providers providing these services directly in a foreign country subject to the approval of the supervisory authority.

The registers referred to in paragraph 1 of this Article shall be maintained in electronic form and the data from such registers shall be published on the websites of the supervisory authorities and on the portal referred to in Article 9, paragraph 1 of this Law and they shall be regularly updated. The supervisory authority shall prescribe in more detail the terms, content and manner of maintaining the registers referred to in paragraph 1 of this Article and the manner of deleting data from such registers. Termination of licence to provide digital asset services Article 73 The licence to provide digital asset services shall terminate in the following cases:

1. if the supervisory authority issues a decision on revoking the licence;
2. if the digital asset service provider has been deleted from the register of business entities as a result of status change;
3. if bankruptcy or forced liquidation procedures have been instituted against the digital asset service provider.

2. Obligations of the digital asset service provider Application of the law governing the prevention of money laundering and the financing of terrorism Article 74 The provisions of regulations governing the prevention of money laundering and the financing of terrorism, regulations governing the freezing of assets for the purpose of preventing terrorism and the proliferation of weapons of mass destruction and the provisions of this Law regulating special AML/CFT duties of digital asset service providers shall apply to such providers. Digital assets and/or virtual currency shall be considered property, proceeds or another corresponding value within the meaning of regulations governing the prevention of money laundering and the financing of terrorism and regulations governing the freezing of assets for the purpose of preventing terrorism and the proliferation of weapons of mass destruction. Actions and measures to be taken by digital asset service providers Article 75 A digital asset service provider shall take actions and measures to prevent and detect money laundering and the financing of terrorism prescribed by the law governing the prevention of money laundering and the financing of terrorism. A digital asset service provider shall establish a business relationship with each user of digital assets and establish and verify the identity of users of digital assets in accordance with the law governing the prevention of money laundering and the financing of terrorism, except in cases established by that law. Principles of safe and sound business operations of digital asset service providers Article 76 When providing services to the users of digital assets, a digital asset service provider shall place the interests of such users before its own interests and shall act honestly, fairly and professionally in

accordance with the best interests of the users, adhering to the principles set out in the provisions of this Law. All information, including marketing communications, addressed by a digital asset service provider to its users or potential users shall be true, clear and not misleading for the users, and the marketing communications shall be clearly identifiable as such. In order for digital asset users to be able to understand the nature and risks of the services provided by digital asset service providers and the risks of investing in digital assets, a digital asset service provider shall provide appropriate information to such users or potential users in the manner understandable to an average natural person user of digital assets, more specifically:

1. basic status data on the digital asset service provider and the services it provides;
2. information on digital assets and the proposed investment strategies, including appropriate guidance on and warnings of the risks associated with investment in such digital assets and/or with such strategies;
3. information on the risks of performing digital asset transactions, including the risk of a partial or complete loss of money and/or other assets, and on the fact that regulations governing deposit insurance or protection of investors, or regulations governing the protection of financial services consumers, do not apply to digital asset transactions;
4. transaction execution venues;
5. costs and charges. The information referred to in paragraph 3 of this Article may be provided in a standardised form. When providing portfolio management services, a digital asset service provider is required to obtain the necessary information regarding the knowledge and experience of a user or potential user of digital assets in the investment field, the financial situation and investment objectives of the user relevant to the specific type of digital assets or service, in order for the digital asset service provider to be able to recommend to the user or potential user the digital asset service and/or digital assets that are suitable for him. Procedures and mechanisms for protecting the rights of digital asset users Article 77 When holding the digital assets of a user, a digital asset service provider shall set up adequate procedures and mechanisms for protecting the rights of users in order to prevent the use of a user’s digital assets for the account of the digital asset service provider, other than subject to such user’s explicit consent. A digital asset service provider may not:
6. pledge or alienate a user’s digital assets without such user’s prior written authorisation;
7. exercise a user’s orders in a manner contrary to this Law or the enactments of the supervisory authority and/or of the platform operator;
8. purchase, sell or borrow for its own account the digital assets that are the subject of the user’s order, prior to acting according to the user’s order;
9. charge fees and other charges from the digital assets it holds in custody and administers;
10. encourage users to make frequent transactions for the sole purpose of charging fees.

Protection of the money of digital asset users Article 78 In order to safeguard the rights of its users, a digital asset service provider holding money and/or digital assets of a user shall comply with the following requirements:

1. it shall keep records and accounts as are necessary to enable it at any time and without delay to distinguish the assets held for one user from the assets held for another user, and from its own assets, and to provide accurate data on such assets;
2. it shall maintain accurate and precise records, accounts and correspondence in connection with the users’ digital assets and money in the accounts it manages, in accordance with Article 80 of this Law;
3. it shall conduct, on a regular basis, reconciliations between its internal accounts and records and the users’ accounts it manages in accordance with Article 80 of this Law;
4. it shall set up appropriate measures to minimise the risk of loss or diminution of the users’ assets and/or of the rights in connection with those assets, as a result of misuse of the assets, fraud, poor governance, inadequate record-keeping or negligence. A digital asset service provider shall protect the money it has received from a user of digital assets or its payment service provider in connection with the execution of a digital asset transaction, in accordance with the provisions of this Article. A digital asset service provider shall keep the money referred to in paragraph 2 of this Article in an account with a bank separately from its own money, in accordance with Article 80 of this Law. The digital assets held in custody and administered by the digital asset service provider for the account of the user, including money in transit, shall not be the property or assets of the digital asset service provider, shall not be used for the payment of such company’s liabilities to creditors or be the subject of enforced collection and enforcement in respect of such digital asset service provider, nor shall they be included in the bankruptcy or liquidation estate of such service provider. The supervisory authority shall prescribe in detail the content and form of the records to be maintained by the digital asset service provider which holds the user’s money and/or digital assets in accordance with this Law. Transfer of money for the purpose of executing digital asset transactions Article 79 A digital asset service provider referred to in Article 3, paragraph 1, items 2), 3) and 7) of this Law may receive the money of digital asset users solely for the purpose of executing a digital asset transaction. A digital asset service provider referred to in Article 3, paragraph 1, items 2), 3) and 7) of this Law shall transfer the money referred to in paragraph 1 of this Article to the recipient of such money no later than the next business day from the day of receiving such money. Notwithstanding paragraph 2 of this Article, in the case of a transfer of money in accordance with regulations governing foreign exchange operations, the digital asset service provider referred to in Article 3, paragraph 1, items 2) and 3) of this Law shall initiate the transfer of such money to its recipient within the deadline referred to in paragraph 2 of this Article, if such transfer is impossible to be executed within that deadline despite the reasonable measures it has taken.

If it fails to transfer the money referred to in paragraph 1 of this Article to its recipient within the deadline referred to in paragraph 2 of this Article and/or if it fails to act in accordance with paragraph 3 of this Article within that deadline, the digital asset service provider referred to in Article 3, paragraph 1, items 2), 3) and 7) of this Law shall return such money to the sender. Notwithstanding paragraph 2 of this Article, subject to explicit consent of the user of digital assets, a digital asset service provider referred to in Article 3, paragraph 1, items 2), 3) and 7) of this Law may transfer the money referred to in paragraph 1 of this Article to the recipient of such money within three business days from the day of receiving such money, but it shall be required to provide an appropriate copy of the consent which it shall keep in accordance with Article 84 of this Law. In that case as well, if it fails to transfer such money to its recipient within the deadline referred to in this paragraph, the digital asset service provider shall return the received money to the sender. The received money referred to in paragraph 1 of this Article shall not be deemed a deposit within the meaning of the law governing banks or electronic money. Money accounts Article 80 A digital asset service provider licensed to provide digital asset services referred to in Article 3, paragraph 1, items 1), 8) or 9) may open a money account for a user of digital assets with a bank, separate from the digital asset service provider’s money account, and no separate consent or authorisation of the user shall be required to open the money account. Notwithstanding paragraph 1 of this Article, a digital asset service provider licensed to provide digital asset services referred to in Article 3, paragraph 1, item 4) of this Law may, for the sole purpose of receiving payments in connection with digital assets and transferring such money to a user of digital assets, open a money account of the user of digital assets with a bank, separate from the digital asset service provider’s money account, and no separate consent or authorisation of the user shall be required to open the money account. A digital asset service provider referred to in paragraph 1 of this Article may use one or more accounts for the money of the users of digital assets and shall continuously maintain accurate records of each user’s money that is included in the omnibus account. The money from the money account of a user of digital assets shall be used by the digital asset service provider referred to in paragraph 1 of this Article solely for the purpose of making payments for liabilities in connection with the services which it is licensed to provide by the supervisory authority. The money in the money account of a user of digital assets, including money in transit, shall not be the property or assets of the digital asset service provider referred to in paragraph 1 of this Article, shall not be used for the payment of such company’s liabilities to its creditors or be the subject of enforced collection and enforcement in respect of such digital asset service provider, nor may it be included in the bankruptcy or liquidation estate of such service provider. Execution of users’ orders Article 81 A digital asset service provider shall set up measures and systems which provide for prompt, fair and efficient execution of the orders of a digital asset user relative to the orders of other users of digital assets or of the digital asset service provider. The measures and systems referred to in paragraph 1 of this Article shall allow for the execution of users’ orders in accordance with the time of their receipt by the digital asset service provider.

A digital asset service provider shall keep a book of orders in electronic form, which shall record the users’ orders for the purchase or sale of digital assets and cancellations of such orders in the manner whereby such orders are time stamped immediately upon receipt and which prevents any subsequent alteration of the order that has not been authorised by the user or of the time when the order was received. A digital asset service provider may receive the orders of the users of digital assets on its business premises or by any means of telecommunication or by other electronic means, provided that such means are authorised in its contract with the user. In that case, a digital asset service provider shall employ adequate safeguards, such as recording devices, to ensure the accuracy and integrity of such orders in its records. A digital asset service provider shall refuse the execution of an order if it has grounds to suspect that the execution of such order would be in contravention of the provisions of this Law or the law governing the prevention of money laundering and the financing of terrorism, or that it would result in committing an act punishable by law as a criminal offence, economic offence or infringement. In the case referred to in paragraph 5 of this Article, a digital asset service provider shall notify the supervisory authority thereof, without delay. Contract with a user of digital assets Article 82 A digital asset service provider shall conclude a contract with a user of digital assets stipulating the rights and obligations of contractual parties and other terms on which the digital asset service provider provides services. The rights and obligations of contractual parties may also be regulated by reference to the general terms of business of such provider and legal and other documents easily accessible to the user. The contract referred to in paragraph 1 of this Article shall contain a statement from the user that it is informed about the rules of operation of the digital asset service provider. A digital asset service provider shall make available to its users any amendments to its general enactments not later than seven days prior to the start of their application. The contract referred to in paragraph 1 shall be concluded in writing, including the concluding of the contract on a durable data medium using means of remote communication (internet, e-mail, etc.). Dealing with complaints Article 83 A digital asset service provider shall set up appropriate procedures for adequate resolution of complaints of the users of digital assets, enabling users to file their complaints in a simple manner, without additional costs. The information on the procedure of filing complaints shall be published on the website of the digital asset service provider. A digital asset service provider shall respond to users’ complaints within a reasonable deadline which may not be longer than 15 days from receiving the complaint. A digital asset service provider shall keep the documentation on all complaints and measures taken in response to such complaints, in accordance with Article 84 of this Law. The supervisory authority may regulate in more detail the manner in which a digital asset service provider is to deal with users’ complaints. Obligation to keep records and reporting by a digital asset service provider Article 84

A digital asset service provider shall keep in electronic form, and store for at least ten years, data in respect of all digital asset transactions it has carried out, whether for its own account or in the name and for the account of a user of digital assets. Where the transactions were carried out in the name and for the account of the user, these records shall contain all information relating to the identity of the user and the information required by the law governing the prevention of money laundering and the financing of terrorism. A digital asset service provider shall enable access to the information referred to in paragraph 1 of this Article to the supervisory authority. Data on business entities which are holders of virtual currencies Article 85 Digital asset service providers shall submit to the National Bank of Serbia the following information on legal persons and entrepreneurs which are the users of virtual currencies:

1. business name or abbreviated business name of the user of virtual currencies;
2. head office address of the user of virtual currencies, and name of the country for users which are foreign legal persons;
3. registration number of the user of virtual currencies and/or another appropriate identity designation for a user of virtual currencies which is a foreign legal person (e.g. record number determined by the competent government authority);
4. tax identification number of the user of virtual currencies;
5. date of establishing and terminating the business relationship with the user of virtual currencies and date of another change in connection with this business relationship;
6. type of the virtual currency service which is the subject of the business relationship referred to in item 5) of this paragraph;
7. virtual currency address which is and/or was used by the user of virtual currencies to execute virtual currency transactions, and, if several addresses are used, all virtual currency addresses;
8. other data prescribed by the National Bank of Serbia. The virtual currency service providers shall be liable for the accuracy and completeness of data referred to in paragraph 1 of this Article. The holders of virtual currencies – legal persons and entrepreneurs with head office in the Republic which did not use virtual currency services with virtual currency service providers shall submit to the National Bank of Serbia reports containing the data referred to in paragraph 1, items 1) to 4), 7) and
9. of this Article and shall be liable for their accuracy and completeness. The National Bank of Serbia shall keep records in electronic form on the holders of virtual currencies referred to in paragraphs 1 and 3 of this Article. The National Bank of Serbia shall be responsible for making sure that the data referred to in paragraphs 1 and 3 of this Article are identical to the data in the records referred to in paragraph 4 of this Article. The data from the records referred to in paragraph 4 of this Article are not publicly available and are subject to the provisions of Article 87 of this Law. The National Bank of Serbia shall prescribe in detail the conditions and manner of keeping the records referred to in paragraph 4 of this Article, the manner and deadlines of data submission and the manner of accessing such data.

Duties and responsibilities of digital asset service providers, members of management, director and employees Article 86 Digital asset service providers, members of management, directors, procurators and employed persons or persons engaged on any other grounds in the digital asset service provider shall:

1. act prudently and honestly, in line with the rules of profession when performing their activities and/or their duties;

2. act in the best interest of digital asset users and/or participants in trading and protect the integrity of the digital assets market;

3. establish processes and effectively employ the resources needed for the proper performance of activities;

4. take all reasonable efforts to avoid conflicts of interest and, when they cannot be avoided, ensure that digital asset users and/or participants in trading are treated fairly;

5. comply with the provisions of this Law and the regulations based on this Law, in order to act in the interest of digital asset users and/or participants in trading, and the integrity of the digital assets market. Business secret Article 87 The information obtained by a digital asset service provider in the course of its operation regarding the user of such services, including information on its personality and data on the digital asset transaction, other than the information accessible to the general public, shall be deemed a business secret. A digital asset service provider, members of its bodies and persons employed or engaged by such provider, and other persons which due to the nature of their work have access to the data referred to in paragraph 1 of this Article (hereinafter: person under confidentiality obligation) shall not disclose or submit these data to third parties, nor shall they enable third parties to have access to such data. The obligation to keep the business secret referred to in paragraph 1 of this Article shall not cease to exist for the persons under confidentiality obligation even after the termination of the status based on which they had access to confidential data. Notwithstanding paragraph 2 of this Article, a person under confidentiality obligation may disclose or make available to third parties the data referred to in paragraph 1 of this Article, and/or allow access to such data:

6. subject to prior written consent issued by the person to which such data relate;

7. upon request from a supervisory authority or other regulatory authority in the Republic for the purpose of performing supervision or for the purpose of performing activities under this or another law;

8. based on the decision or request of the competent court;

9. for the purposes of the ministry competent for internal affairs, the authority competent for combating organised crime and the authority competent for money laundering prevention, in line with regulations;

10. for the purposes of the tax administration;

11. in connection with property proceedings, based on the request of the guardian of assets or consular representative offices of foreign states, upon submission of written documents proving the legitimate interest of those persons;

12. upon request of a foreign regulatory authority, in compliance with law;

13. in connection with the enforcement procedure or placing of collateral on the assets of the user of digital assets, based on the request of the court, enforcement officer or other competent authority in this procedure;

14. in other cases prescribed by this or another law. A digital asset service provider has the right to communicate and/or submit the data referred to in paragraph 1 of this Article to the investigative judge, public prosecutor and courts and/or other bodies that have public authorities, solely for the purpose of protecting its rights, in compliance with law. The persons to whom the data referred to in paragraph 1 of this Article have been disclosed in compliance with paragraphs 4 and 5 of this Article shall use these data solely for the purpose for which such data were obtained and shall not communicate or submit such data to third parties or enable third parties to gain access to such data, except in cases stipulated by law. The provisions of paragraph 6 of this Article shall also apply to persons who are employed or engaged, and/or were employed or engaged by persons to whom the data referred to in paragraph 1 of this Article were disclosed in compliance with paragraphs 4 and 5 of this Article, as well as other persons who obtained access to such data due to the nature of their work. Protection of personal data Article 88 When collecting and processing personal data referred to in Article 87, paragraph 1 of this Law, digital asset service providers shall act in accordance with the law governing the protection of personal data. Business books and financial statements Article 89 A digital asset service provider shall keep business books, recognise and value assets and liabilities, revenues and expenses, compile, present, submit and publish information from financial statements, and perform internal audit, in accordance with laws governing accounting and audit, unless otherwise specified by this Law. A digital asset service provider providing virtual currency services shall record business changes relating to virtual currency services separately from the services in connection with other digital assets and from all the other activities it performs. Audit of financial statements Article 90 A digital asset service provider shall have its financial statements audited, if required to do so in accordance with the law governing audit. Notwithstanding paragraph 1 of this Article, if the total value of digital asset transactions exceeds RSD 220,000,000 annually, the digital asset service provider shall have its financial statements audited. The external auditor carrying out the audit of financial statements of a digital asset service provider referred to in paragraphs 1 and 2 of this Article shall notify the supervisory authority without delay of the following:

15. any fact that may constitute a violation of law or regulation that has been or is being committed by a digital asset service provider;

16. a materially significant change in the financial result disclosed in unaudited annual financial statements of a digital asset service provider;

17. circumstances which could lead to a significant material loss for a digital asset service provider or could jeopardise the continuity of its operations;

18. any qualification contained in the external auditor’s opinion on the financial statements of a digital asset service provider. The external auditor shall also notify the supervisory authority of the facts and circumstances referred to in paragraph 3 of this Article if it becomes aware of such facts and circumstances while auditing the financial statements of a legal person closely linked to a digital asset service provider. The notification referred to in paragraphs 3 and 4 of this Article shall not constitute a breach of data confidentiality and the external auditor shall not be held liable therefor. Submitting financial statements to the supervisory authority Article 91 A digital asset service provider shall submit individual financial statements for the previous year, together with the external auditor’s report if it is required to have its financial statements audited in accordance with Article 90 of this Law, to the supervisory authority, within no more than 30 days from the day the financial statements were submitted in accordance with the law governing accounting. If it is required to compile consolidated financial statements, a digital asset service provider shall also submit the consolidated financial statements for the previous business year, along with the external auditor’s report, to the supervisory authority, within no more than 30 days from the day the consolidated financial statements were submitted in accordance with the law governing accounting. Governance and internal controls systems Article 92 A digital asset service provider shall establish, maintain and improve reliable, efficient and comprehensive governance and internal controls systems that ensure responsible and reliable management of such digital asset service provider. The governance and internal controls system referred to in paragraph 1 of this Article shall contain in particular:

19. an organisational structure with precisely and clearly defined, transparent and consistent division and separation of activities, as well as duties and responsibilities relating to the provision of digital asset services;

20. effective and efficient procedures for identifying, measuring and monitoring risks to which a digital asset service provider is or might be exposed, particularly the risk of money laundering and the financing of terrorism, and for managing and/or reporting on these risks;

21. appropriate accounting procedures and procedures for assessing compliance with AML/CFT regulations, and other procedures. The supervisory authority may prescribe in detail the manner and conditions of establishing, maintaining and improving the systems referred to in paragraph 1 of this Article. Outsourcing operational activities of a digital asset service provider to a third party

Article 93 A digital asset service provider may outsource some operational activities related to the provision of digital asset services to a third party. A digital asset service provider intending to outsource some operational activities related to the provision of digital asset services to a third party shall previously notify the supervisory authority thereof, no later than 30 days before such outsourcing. A digital asset service provider shall be responsible for the lawful operation of the person to which it has outsourced some operational activities. The activities of the digital asset service provider may not be outsourced to a third party if such outsourcing would reduce the quality of internal controls of such provider or could pose a significant threat to the lawfulness of such provider’s operations, its financial condition or stability. A digital asset service provider shall ensure, to the extent possible for the service provider, that the supervisory authority supervises the person to which it has outsourced some operational activities and shall ensure the supervisory authority’s access to such person’s business books and other documents and data relating to the performance of those activities. Provision of digital asset services in a foreign country Article 94 A digital asset service provider may provide digital asset services in a foreign country either through a branch or directly, in accordance with the regulations of that country and the provisions of this Article. In order to establish a branch in a foreign country or directly provide digital asset services in a foreign country, a digital asset service provider shall file an application for approval to the supervisory authority. Along with the application referred to in paragraph 2 of this Article, a digital asset service provider shall also submit the following data and documentation:

1. name and address of the branch, if it establishes a branch in a foreign country;
2. description of the organisational structure of the branch, if it establishes a branch in a foreign country;
3. business plan of the branch and/or the plan of direct provision of digital asset services in a foreign country for the first three business years, with the description of digital asset services it intends to provide in the foreign country, including the number and type of expected users of digital assets, and the anticipated volume and amount of digital asset transactions, for each type of digital asset services which it intends to provide in a foreign country;
4. data on the persons who will manage the branch’s operations and/or the direct provision of digital asset services in a foreign country, with data and evidence that such persons have a good business reputation in accordance with Article 60 of this Law;
5. evidence that the regulations of the foreign country in which it establishes a branch and/or directly provides digital asset services are harmonised with international AML/CFT standards, particularly in the part relating to digital assets and the obligations of digital asset service providers;
6. evidence that there are no impediments for the supervisory authority to conduct supervision over the operations of a branch in a foreign country where the branch is established and/or over direct provision of digital asset services in a given foreign country.

The supervisory authority shall decide on the application referred to in paragraph 2 of this Article within 60 days from the day of receiving a duly completed application. If the application referred to in paragraph 2 of this Article is not duly completed, within 10 days from receiving such application the supervisory authority shall notify the digital asset service provider how to complete the application duly, in which case the deadline referred to in paragraph 4 of this Article shall start running as of the day of submission of the duly completed application, in accordance with the notification referred to in this paragraph. The supervisory authority shall prescribe in detail the conditions and manner of granting and revoking the approval referred to in paragraph 2 of this Article. Regulatory compliance Article 95 A digital asset service provider shall at all times operate in compliance with the organisational, personnel, technical and other requirements established by this Law and other regulations. Provision of services in connection with financial leverage Article 96 A digital asset service provider licensed to provide digital asset services referred to in Article 3, paragraph 1, items 1), 8) or 9) of this Law may lend money or digital assets to its users for the sole purpose of financial leverage for trade in digital assets, in accordance with a contract with such users. A digital asset service provider may perform the lending of money and digital assets referred to in paragraph 1 of this Article from its assets only, and not from the assets of the users. The supervisory authority may prescribe the conditions and restrictions regarding the provision of services in connection with financial leverage. Financial leverage is any method by which a user of digital assets increases its exposure to digital assets intended for trading, either through borrowing money or digital assets from a digital asset service provider, or by taking positions in financial assets or derivatives with inherent financial leverage, or in some other manner. A digital asset service provider licensed to provide digital asset services referred to in Article 3, paragraph 1, item 1) of this Law which intends to lend money and digital assets referred to in paragraph 1 of this Article to its users shall previously increase its minimum capital up to the amount referred to in Article 54, paragraph 1, item 2) of this Law and submit evidence thereof to the supervisory authority, and shall maintain such capital level in accordance with Article 54 of this Law. Acceptance/transfer of digital assets Article 97 The acceptance of digital assets in exchange for goods sold and/or services provided in retail trade shall only be done through a digital asset service provider licensed to provide digital asset services referred to in Article 3, paragraph 1, item 7) of this Law. A digital asset service provider referred to in paragraph 1 of this Article shall accept from a consumer an appropriate value of digital assets, corresponding to the price of the goods sold and/or services provided to such consumer, exchange it for a corresponding amount of legal tender and transfer this amount to an appropriate account of the trader. Acceptance and/or transfer of digital assets directly from a consumer to a trader is not allowed.

VI. PLEDGE AND FIDUCIARY RIGHTS ON DIGITAL ASSETS Pledge agreement Article 98 Based on the digital assets pledge agreement (hereinafter: pledge agreement), the pledgor is obligated to provide to the creditor (hereinafter: pledgee) collateral for its claim on the pledgor or a third party by establishing the creditor’s right of pledge on the pledgor’s digital assets in accordance with this Law. The pledge agreement shall include in particular:

1. date of conclusion;
2. data about the creditor, pledgor and debtor, where debtor and pledgor are different persons, specifically: (1) name and surname, and/or the business name or name of those persons, (2) address of permanent residence and/or head office of those persons, (3) registration number and tax identification number, if it exists, of those persons;
3. type and quantity of digital assets that are the object of the right of pledge;
4. data about the claim being secured;
5. manner of establishing the pledge. The pledge agreement may be a separate agreement or an integral part of a framework or another agreement between the creditor and the debtor. Within the meaning of this Article, the pledge agreement may also be executed by using a smart contract. The pledge agreement shall be concluded in paper or electronic form, or on a durable data medium which enables the storage and reproduction of source data in an unaltered form. The supervisory authority may prescribe additional elements which the pledge agreement must contain, as well as special rules governing the execution of the pledge agreement by using a smart contract. Acquisition of the right of pledge Article 99 The right of pledge shall be acquired by entering into the pledge register, kept by a digital asset service provider licensed by the supervisory authority to keep the register of pledges on digital assets, as well as to safekeep and administer digital assets on behalf of the user, and to carry out the related services. A condition for entering a right of pledge on digital assets into the pledge register shall be that the digital assets, which are the object of the right of pledge, were previously entrusted for custody and administration to а digital asset service provider licensed to keep a register of pledges on digital assets. When entering a right of pledge, a digital asset service provider that keeps the pledge register in which the right of pledge is entered, shall at the same time prevent any further use of the pledged digital assets, as well as ensure that the pledged digital assets may not be disposed of until the secured claim has been settled, and/or the right of pledge deleted.

Notwithstanding paragraph 3 of this Article, the pledge agreement may establish that the disposal of the digital assets will be allowed. In such case, the pledged digital assets shall be in custody of the digital asset service provider which keeps the pledge register in which the right of pledge on those digital assets has been entered, and shall be so until the secured claim has been settled, and/or the right of pledge on those digital assets deleted, in accordance with the pledge agreement. If the pledgor has pledged digital assets over which it does not have ownership rights, or if the pledge is not valid for other reasons, the entry in the pledge register shall not have a legal effect. The creditor or the pledgor may request that the right of pledge be entered in the pledge register. If the creditor requests that the right of pledge be entered, the pledgor’s explicit statement is required, in which the pledgor agrees that the right of pledge be entered in the pledge register. Legal effect of the right of pledge Article 100 A creditor whose right of pledge has been entered in the pledge register may make a collection from the value of the object of the pledge right before other creditors, if its claim is not paid in full. Claims secured Article 101 The right of pledge may secure a financial claim in the local or foreign currency in accordance with law, as well as a non-financial claim expressed in digital assets. The right of pledge shall secure a certain amount of the principal claim, due interest and costs associated with debt collection (hereinafter: collection costs). The right of pledge can also secure future, as well as conditional claims. Legal effect in bankruptcy Article 102 In case of a bankruptcy procedure over a pledgor’s property, the rules of the law governing bankruptcy procedure shall apply to the settlement from the value of the object of the right of pledge, unless otherwise stipulated by this Law. Pledgee Article 103 Within the meaning of the law governing bankruptcy procedure, a pledgee means a secured creditor that has acquired the right of pledge in accordance with this Law. Appointing an authorised person Article 104 By way of the pledge agreement or a special authorisation, one or more pledgees may authorise a third party to take legal actions in order to protect and settle the secured claim (hereinafter: authorised person). Relative to the pledgor, the authorised person shall have the rights of a pledgee. In order to waive the right of pledge, the authorised person must have a special authorisation. When entering the right of pledge in the pledge register, data about the authorised person shall be entered instead of the data about the pledgee.

If there are more pledgees, they may appoint one of them to perform the duties of the authorised person, in the manner stipulated in paragraph 1 of this Article. Pledgor Article 105 Within the meaning of this Law, a pledgor is a person with the ownership right over digital assets or the capacity of the holder of digital assets which it can use at its will. A pledgor may be a debtor or a third party. Right to use pledged digital assets Article 106 A pledgor shall have the right to use the pledged digital assets in accordance with their usual purpose, as well as the right to enjoy the fruits of those digital assets, if such digital assets which are the object of the pledge right are giving fruits. The pledge agreement may stipulate that the pledgee has the rights from paragraph 1 of this Article. The right to use the pledged digital assets can be expanded or limited by the pledge agreement. Re-pledge Article 107 Unless otherwise stipulated in the pledge agreement, a pledgor may pledge digital assets on which the right of pledge has already been established. Special contractual provisions on settlement Article 108 The pledge agreement may stipulate that upon maturity of the claim the pledgee has the right to keep the digital assets for itself, at the market price, provided that the pledged digital assets have a market price. A pledgee and a pledgor may agree that the pledgee will be able to keep for itself the object of the pledge right at a certain price upon maturity of the claim. Ranking of the rights of pledge Article 109 A pledgee shall have the right to settle its claim from the price achieved by selling the object of the pledge right before other creditors of the pledgor, unless otherwise stipulated by this Law. If, in accordance with this Law, the same object of the pledge right has been pledged to a large number of creditors, the order of settling their claims from the value of that object shall be determined in accordance with the time (date, hour and minute) when the application for entering the right of pledge in the pledge register was received. The order of priority for securing the claims under public revenues or other claims of the Republic, the autonomous province and a local government unit, shall be established in the manner stipulated in paragraph 2 of this Article. Settlement Article 110

Upon maturity, the pledgee shall be entitled to collect its principal claim, interest and collection costs from the value of the object of the pledge right. Any excess of value, exceeding the amount of claims, obtained after the settlement from the object of the pledge right shall be paid to the pledgor by the pledgee on the following business day; otherwise, the pledgee shall pay to the pledgor the prescribed default interest for the period from the settlement day until the day when the excess value was paid out. Duty to cooperate Article 111 A pledgor shall cooperate with the pledgee in the procedure to settle the pledgee’s claim from the object of the pledge right. A pledgor shall provide the relevant notifications to the pledgee in order to perform the settlement. The pledgor’s obligations from paragraphs 1 and 2 of this Article shall also be the obligations of the debtor, where pledgor and debtor are different persons. In case of a violation of any obligation from this Article, the pledgor, or the debtor where they are different persons, shall indemnify the pledgee for the damage suffered. Pledgor’s duties Article 112 A pledgor shall suffer the settlement of the pledgee’s claim from the value of the object of the pledge right. Until the settlement is finalised, a pledgor shall refrain from actions that might diminish the value of the object of the pledge right. A pledgor shall also undertake other actions that are necessary for the pledgee to settle its claim. In case of a violation of any obligations from this Article, the pledgor shall indemnify the pledgee for the damage suffered. Extra-judicial sale of the object of the pledge right Article 113 A pledgee may initiate extra-judicial sale of the object of the pledge right upon maturity of the secured claim. A certificate from the pledge register shall give the pledgee authorisation to conclude a contract on the sale of digital assets in the settlement process in the name and for the account of the pledgor. A debtor may validly settle the debt at any time before the sale of the pledged digital assets. Within the deadline from paragraph 3 of this Article, a pledgor may, although he is not obligated to, fulfil the obligation of the debtor. Within the meaning of this Law, extra-judicial sale of the object of the pledge right shall also include a public auction sale. Acquisition of ownership at extra-judicial sale and other types of sale Article 114 A bona fide purchaser of an object of the pledge right at an extra-judicial public sale shall acquire the ownership over that object without any burden.

The ownership right which the bona fide purchaser acquired may not be disputed due to any oversights in the sale procedure. The provisions of paragraphs 1 and 2 of this Article shall also apply to other types of extra￾judicial sales in the settlement process, if a person bought an object of the pledge right at a market price or at a price at which a reasonable and careful person would sell it, taking due consideration of the interests of the debtor and the pledgor. Settlement from the object of the pledge right after obsolescence Article 115 A pledgee may be settled from the value of the pledged digital assets even after its claim has become obsolete. Cessation of the right of pledge Article 116 If a pledgee’s claim ceases by the payment of debt or otherwise, the right of pledge shall cease and be deleted from the pledge register at the request of the pledgee, debtor or pledgor, where these are different persons. The right of pledge shall cease and be deleted from the pledge register if the digital assets cease to exist. The right of pledge shall cease on the grounds of the public sale or another method of sale of the pledged digital assets, concluded for the purpose of settlement of the pledgee’s claim. Deletion of the right of pledge from the pledge register may also be requested when the pledgee waives the right of pledge in writing, when the same person has the capacity of the pledgee and that of the debtor, as well as when the pledgee acquires the ownership of the pledged digital assets. If the debtor or the pledgor, where these are different persons, requests the deletion of the right of pledge, it shall submit to the pledge register on digital assets a written statement of the pledgee that it consents to the deletion, a court decision or another appropriate document to the effect that the right of pledge has ceased. Register of pledges on digital assets Article 117 The pledge register is a register kept by the digital asset service provider licensed by the supervisory authority to keep the register, and in which, in accordance with this Law, the rights of pledge on digital assets are entered. The supervisory authority shall publish on its website the list of all digital asset service providers which keep the pledge register from paragraph 1 of this Article. The pledge register shall be available to all regardless of the location and territory from which they access the pledge register. Any and all persons may reach out to any digital asset service provider which keeps the pledge register, for the purpose of searching the register. Data from the pledge register shall be public and available at no cost on the website of the digital asset service provider which keeps the pledge register. The pledge register must be kept up-to-date. Entering data in the pledge register shall not constitute evidence of ownership or other rights of the pledgor with respect to the pledged digital assets, or of validity of the secured claim or pledge.

Several digital asset service providers which keep the pledge register on digital assets may conclude an agreement on establishing a joint pledge register. Article 118 The pledge register shall contain:

1. data about the pledgor and debtor, where these are different persons, as well as data about the pledgee or the authorised person;
2. data identifying in more detail the digital assets which are the object of the pledge right;
3. data about the amount of the secured claim, or data about the maximum amount of future or conditional claims;
4. data about the existence of any dispute in connection with the right of pledge or the object of pledge. If a party to a pledge is a domestic natural person, the data referred to in paragraph 1, item 1) of this Article shall comprise the name, surname, unique citizen identification number and the person’s place of permanent residence, and if a party to а pledge is a foreign natural person, the data referred to in paragraph 1, item 1) of this Article shall comprise the name, surname, passport number and issuing country. If a party to a pledge is a domestic legal person, the data referred to in paragraph 1, item 1) of this Article shall comprise the business name and registration number, and if a party to a pledge is a foreign legal person, the data referred to in paragraph 1, item 1) of this Article shall comprise the business name, designation in the foreign register of business entities, the name of this register and the name of the country where its head office is located. Any changes to the data referred to in paragraph 1 of this Article shall be entered in the pledge register. Amendments and supplements to material elements of the registered right of pledge shall have the character of a new entry. A digital asset service provider which keeps the pledge register shall keep the records about the time (day, hour and minute) when an application to enter a right of pledge in the pledge register was received. Note of dispute Article 119 A note of dispute shall be entered in the pledge register upon filing charges to delete a right of pledge or on grounds of another dispute in connection with the right of pledge. A final court decision or a settlement whereby the dispute in question was resolved shall be provided in order for the note of dispute to be deleted. The supervisory authority may prescribe other cases in which a note of dispute may be deleted. Storing documents from the pledge register Article 120 A digital asset service provider shall store the documents based on which data were entered in the pledge register, or based on which a right of pledge was deleted, for a period of five years from the day of the cessation of the right of pledge.

Documents from paragraph 1 of this Article which are in paper form shall be converted to electronic form and stored in line with the regulations governing the storage of electronic documents. Fiducia on digital assets Article 121 A fiduciary agreement on digital assets shall obligate a fiduciary debtor toward a fiduciary creditor (hereinafter: fiduciary) to transfer the ownership of digital assets to the fiduciary, for the purpose of securing a claim, while the fiduciary, in accordance with such agreement, shall return the received or equivalent assets to the fiduciary debtor upon the execution of the secured claim, or concurrently with the execution. Unless otherwise agreed, the fiduciary shall have the right to use the digital assets which are the subject of the fiduciary agreement from paragraph 1 of this Article, and shall have the right to dispose of those assets, including the right to sell the assets. A fiduciary debtor may also be a third party providing collateral security for someone else’s debt. A fiduciary agreement on digital assets may be concluded for purposes other than to secure the claim in accordance with paragraph 1 of this Article, in which case, the other purpose must be defined in the fiduciary agreement. The supervisory authority shall define in more detail the fiducia on digital assets and prescribe more closely the terms and the mandatory content of the fiduciary agreement. If prescribed by the operating rules of a digital asset service provider, and if defined in the fiduciary agreement, the provisions of this Law pertaining to the right of pledge on digital assets may be applied accordingly on the fiducia on digital assets. Status of fiduciary debtor in bankruptcy Article 122 If a fiduciary agreement is concluded in order to secure a claim in accordance with Article 121, paragraph 1 of this Law, the fiduciary debtor shall have the status of a secured creditor, within the meaning of the law governing the bankruptcy procedure. If a fiduciary agreement is concluded for any purpose other than to secure a claim, in accordance with Article 121, paragraph 4 of this Law, the fiduciary debtor shall have the status of an excluding creditor, within the meaning of the law governing the bankruptcy procedure. VII. SUPERVISION Subject of supervision Article 123 Supervision over the operation of digital asset service providers, digital asset issuers, as well as persons who are or used to be holders of digital assets, shall be carried out by the supervisory authority in accordance with its competences defined in this and other law. The supervisory authority shall supervise every segment of the operation of digital asset issuers and holders from paragraph 1 of this Article directly and/or indirectly connected with digital assets, as well as every segment of the operation of digital asset service providers, and may autonomously pronounce measures within its competences in accordance with this and other laws to such issuers, holders or digital asset service providers.

The aim of supervision shall be to verify the compliance of the operations of digital asset service providers, issuers and persons who are or used to be holders of digital assets (hereinafter: supervised entity) with this Law and the regulations based on this Law. The aim of supervision shall also be to verify the compliance of the operations of digital asset service providers and issuers with the law and other regulations governing the prevention of money laundering and the financing of terrorism, the law governing the freezing of assets for preventing terrorism and the proliferation of weapons of mass destruction, regulations governing foreign exchange operations, regulations governing accounting, regulations governing information system management and other relevant regulations. The supervisory authority may adopt a regulation prescribing the obligation of digital asset service providers to pay a fee for the conduct of supervision referred to in this Article, as well as prescribe the manner of calculation, payment deadlines and other matters related to such fee. Manner of conducting supervision Article 124 The supervisory authority shall conduct supervision:

1. indirectly or off-site – by collecting and analysing reports and other documents and data which the supervised entity provides to the supervisory authority in accordance with this Law, as well as other documents, and/or other data about the supervised entity’s operations which the supervisory authority has at its disposal;
2. directly or on-site – by insight into business books and other documents and data of the supervised entity. During supervision, the supervisory authority may also, as set out in paragraph 1 of this Article, conduct supervision of a person to whom the supervised entity has outsourced some operational activities in accordance with this Law, as well as of other persons having property, management or business links with the supervised entity. Persons being supervised according to this Article shall enable smooth conduct of supervision to the authorised persons of the supervisory authority and shall cooperate with them. The decisions, reports and other acts, including notifications, requests and other supervision￾related communications of the supervisory authority delivered to the supervised entity shall be deemed to have also been delivered to members of management and directors of the supervised entity and no proof to the contrary shall be admissible. The supervisory authority shall more closely define the conditions and manner of conducting supervision in accordance with its legal competences, and it may also prescribe the obligation of the supervised entities to ensure conditions for the receipt of decisions, reports and other acts, notifications, requests and communications of the supervisory authority in the form of electronic documents. Data and documents submitted to the supervisory authority Article 125 In order to enable supervision over its operations, the supervised entity and persons from Article 124, paragraph 2 of this Law shall submit, at the supervisory authority’s request, all requested data and documents, within the deadline stipulated in that request. If data and documents from paragraph 1 of this Article are compiled in a language other than Serbian, the supervisory authority may request that the supervised entity, or persons from that paragraph, provide translations of those data and documents into Serbian, at their expense.

The supervisory authority shall collect, process and analyse data in connection with the provision of digital asset services which the providers of those services submit to the supervisory authority for statistical purposes and for the purpose of conducting supervision. The supervisory authority shall prescribe in detail the content, deadlines and manner of submitting the data from paragraph 3 of this Article. Data confidentiality in conducting supervision Article 126 Data which become known to the employees of the supervisory authority and authorised and other employed persons from Article 128 of this Law in any manner, and which pertain to the operations of the supervised entity, as well as documents containing such data, including the measures from Article 132, paragraph 1, items 1) to 3) of this Law – shall be designated and protected as confidential data, with the confidentiality level “CONFIDENTIAL” or “RESTRICTED”, in accordance with the law governing data confidentiality. Persons from paragraph 1 of this Article shall keep the data and documents referred to therein as confidential data, i.e. they shall not make them available to any third parties, unless in cases stipulated by law. The confidentiality obligation for persons from paragraph 1 of this Article shall not cease even after the termination of employment, i.e. engagement in the supervisory authority, or after the cessation of another capacity based on which those persons had gained access to the data from that paragraph. Notwithstanding paragraph 2 of this Article, the supervisory authority may make data and documents from paragraph 1 of this Article available to domestic and foreign supervisory authorities, provided that those authorities use them solely for the purpose for which they were obtained. Publication of data from paragraph 1 of this Article in an aggregate form, such that it is not possible to determine the identity of supervised entities, i.e. natural and legal persons – shall not be considered a breach of the confidentiality obligation. Cooperation of the supervisory authority with other competent authorities Article 127 The supervisory authority and other competent authorities in the Republic shall cooperate and exchange data for the purpose of conducting and improving supervision, decision-making in administrative procedures and performance of other tasks defined by this Law. An agreement between the National Bank of Serbia and the Commission shall define more closely the manner of cooperation and exchange of data for the purpose of conducting and improving supervision, decision-making in administrative procedures and performance of other tasks defined by this Law. The supervisory authority shall have the right to request, at all times, from the competent authority that keeps the criminal conviction records the details of conviction of the persons, their associates or beneficial owners within the meaning of the law governing the prevention of money laundering and the financing of terrorism, to which the applications and notifications submitted to the supervisory authority in line with this Law pertain, or whose business reputation is relevant for acting and decision-making in connection with those applications or notifications. The supervisory authority shall cooperate with the competent authorities of foreign countries and, for the purposes set out in paragraph 1 of this Article, may exchange data with them pertaining to the supervision of supervised entities and unauthorised provision of digital asset services, in accordance with the provisions of this Law, and it may also conclude an agreement with those authorities.

On-site supervision Article 128 A supervised entity shall enable the supervisory authority to conduct on-site supervision of its operations and/or specific activities at its head office, branches or other organisational units. The supervision from paragraph 1 of this Article shall be conducted by employees of the supervisory authority in accordance with a special decision or an order adopted by that authority. The decision or order from paragraph 2 of this Article shall specify the supervised entity where the supervision is taking place and the subject of supervision. The supervised entity shall make available to the employees of the supervisory authority from paragraph 2 of this Article (hereinafter: authorised persons) its business books, documents and data which those persons require in a written or electronic form, as well as allow them access to all resources of the information system, including the equipment, data bases and computer programs it uses. Authorised persons shall conduct on-site supervision on business days, during the regular working hours of the supervised entity, and when necessary due to the scope or nature of such supervision – the supervised entity shall enable the authorised persons to conduct such supervision even on non￾business days, and/or outside working hours. In the course of on-site supervision, authorised persons have the right to:

1. access all premises of the supervised entity;
2. request to be granted a separate room in which to perform on-site supervision tasks;
3. request to be given data, or copies of documents relating to the subject of on-site supervision, as well as to be granted access to information system resources;
4. directly communicate with members of management, directors and responsible employees of the supervised entity in order to obtain the necessary clarifications. If the supervised entity processes data or keeps business books and other documents in an electronic form, it shall provide the necessary technical support to the authorised persons while they are accessing those data, or business books and documents. The supervised entity shall appoint a representative to provide all the necessary assistance to the authorised persons, enabling unimpeded conduct of on-site supervision. The supervisory authority may engage other persons to take part in on-site supervision in order to provide expert support to the authorised persons when conducting such supervision. The provisions of this Article shall apply accordingly in the case when the supervisory authority conducts on-site supervision of a person to which the supervised entity has outsourced some operational activities, as well as of other persons having property, management or business links with the supervised entity. Report on supervision Article 129 Authorised persons shall compile a report on the conducted supervision (hereinafter: report on supervision). The supervisory authority shall deliver the report on supervision to the supervised entity, which may file its objections within 15 business days from the receipt of the report.

The objections from paragraph 2 of this Article relating to factual changes which have arisen in the period after the completion of supervision shall not be considered by the supervisory authority. A supplement to the report on supervision shall be made in cases where, upon verification of the allegations stated in objections from paragraph 2 of this Article, the factual state is determined to be materially different from the one described in the report. The supplement to the report on supervision shall be delivered to the supervised entity within 15 business days following the submission of the objections to the report. If it determines that the supervised entity’s objections to the report on supervision are unfounded or that they do not materially influence the established factual state, the supervisory authority shall make an official note thereof and deliver it to the supervised entity. Decision on termination of the procedure Article 130 A supervisory authority shall adopt a decision on the termination of the supervision procedure conducted with a supervised entity if no irregularities or deficiencies in the operations of the supervised entity have been established in the report on supervision, or if the supervised entity, in its objections submitted within the timeframe specified by this Law, has successfully disputed all findings from the report on supervision. The decision from paragraph 1 of this Article shall be delivered to the supervised entity. Verification and prohibition of unauthorised provision of digital asset services Article 131 If there is doubt that digital asset services are being provided by a legal person, entrepreneur or a natural person not licensed by the supervisory authority to provide digital asset services in accordance with this Law, the supervisory authority may directly or indirectly verify whether any such person is providing digital asset services contrary to the provisions of this Law. The provisions of Articles 123 to 130 of this Law shall apply accordingly to the verification from paragraph 1 of this Article. If a person from paragraph 1 of this Article fails to provide all data and documents requested by the supervisory authority within the deadline set out in the request, or if it fails to enable the supervisory authority to conduct on-site supervision, or fails to cooperate with authorised persons, the supervisory authority may issue a fine to such person, ranging:

1. from RSD 100,000 to RSD 500,000 for legal persons and from RSD 30,000 to RSD 100,000 for responsible persons in the legal person;
2. from RSD 30,000 to RSD 100,000 for natural persons. If the verification from paragraph 1 of this Article establishes that the person from that paragraph engages in unauthorised provision of digital asset services, the supervisory authority shall issue a decision prohibiting such activity and deliver it to the competent authorities. By the decision from paragraph 4 of this Article, the supervisory authority shall at the same time impose a fine on the person from that paragraph, ranging:
3. from RSD 100,000 to RSD 5,000,000, or up to 20% of the total revenue earned in the previous business year, if this amount exceeds RSD 5,000,000 for legal persons, and from RSD 30,000 to RSD 1,000,000 for responsible persons in the legal person;
4. from RSD 30,000 to RSD 2,000,000 for natural persons.

If, in a subsequent verification, the supervisory authority establishes that a company or an entrepreneur that was issued a prohibition from paragraph 4 of this Article has not ceased with the unauthorised provision of services from that paragraph, such unauthorised provision of digital asset services shall constitute an incurable reason for initiating the forced liquidation procedure, or deletion of the entrepreneur from the register of business entities by force of law, in accordance with the law governing the legal position of companies. In the case from paragraph 6 of this Article, the supervisory authority shall pass a decision on unauthorised provision of digital asset services and deliver it to the authority in charge of keeping the register of business entities for the purpose of initiating a forced liquidation procedure, or deleting the company and the entrepreneur from the register. By the decision from paragraph 7 of this Article, the supervisory authority shall pronounce a measure to freeze all accounts of the company and the entrepreneur until the forced liquidation procedure is launched, or the entrepreneur is deleted from the register. The provisions of Article 136 of this Law shall apply accordingly to the imposition of fines from paragraphs 3 to 5 of this Article. The total revenue from paragraph 5 of this Article has the meaning as defined by the law governing the protection of competition. Measures in the supervision procedure Article 132 If deficiencies and irregularities in the operations of the supervised entity are identified during the supervision procedure, or if it is determined that the entity has acted in contravention of this Law or regulations based on this Law, the supervisory authority shall take one of the following measures with respect to that entity:

1. send a recommendation;
2. send a letter of warning;
3. issue orders and specify measures for removing the identified irregularities;
4. pass a decision on revoking the licence for the provision of digital asset services. The measures from paragraph 1 of this Article shall be taken by the supervisory authority based on the factual state established in the report on supervision, in accordance with Article 129 of this Law. The supervisory authority shall pass a decision on taking the measure from paragraph 1, item 3) of this Article. Once it establishes whether and to what extent the supervised entity has complied with the measures from paragraph 1, items 1) to 3) of this Article, the supervisory authority shall either terminate the supervision procedure or take a new measure with respect to this entity. Recommendation Article 133 If it establishes in the supervision procedure minor irregularities and deficiencies in the operations of the supervised entity, which do not pose a significant risk, the supervisory authority shall send an appropriate recommendation to such entity. The recommendation shall include a deadline for the removal of irregularities or deficiencies from paragraph 1 of this Article, as well as the deadline within which the supervised entity is required to

deliver to the supervisory authority a report about the removed irregularities or deficiencies, with appropriate evidence. Letter of warning Article 134 The supervisory authority shall send a letter of warning to the supervised entity if it establishes in the supervision procedure irregularities that do not have a significant and direct impact on the entity’s operations, but might have such impact unless eliminated, or if the entity failed to act in compliance with the recommendation. The letter of warning shall include a deadline for removing the irregularities from paragraph 1 of this Article, as well as the deadline within which the supervised entity is required to deliver to the supervisory authority a report about the removed irregularities, with appropriate evidence. Orders and measures for removing the identified irregularities Article 135 If it establishes in the supervision procedure that the supervised entity has failed to comply with this Law or regulations based on this Law, or with the letter of warning, the supervisory authority shall pass a decision imposing on the supervised entity orders and measures for removing the identified irregularities, within a deadline that may not be longer than 60 days following the receipt of the decision. The decision from paragraph 1 of this Article shall order the supervised entity to perform one or several of the following activities:

1. align its operations with this Law or regulations based on this Law;
2. temporarily suspend the provision of certain digital asset services;
3. take appropriate measures to protect the users of digital assets, in accordance with this Law;
4. dismiss members of management and/or directors of the supervised entity if they no longer meet the conditions stipulated by this Law, or if they act in contravention of the provisions of this Law;
5. take or suspend other activities. The decision from paragraph 1 of this Article shall include a deadline within which the supervised entity is required to deliver to the supervisory authority a report about the removed irregularities, with appropriate evidence. Imposing fines Article 136 If it establishes in the supervision procedure that the supervised entity has failed to comply with this Law or regulations based on this Law, and in particular if identical violations have been made in a certain period by taking advantage of the same situation or a lasting relationship with digital asset users – by virtue of the decision from Article 135 of this Law, the supervisory authority may impose a fine on such entity, as well as a member of management and a director of that entity. The fine from paragraph 1 of this Article, imposed on a supervised entity, shall not be lower than RSD 100,000 or higher than RSD 5,000,000, and the fine from that paragraph imposed on a member of management and the director of the supervised entity shall not be lower than RSD 30,000 or higher than RSD 1,000,000.

If 10% of the supervised entity’s total revenue earned in the prior year exceeds RSD 5,000,000, the fine from paragraph 2 of this Article imposed on the supervised entity may even be higher than RSD 5,000,000, but may not exceed 10% of the supervised entity’s total revenue earned in the previous year. The fines from this Article may also be imposed on natural persons who, at the time the fine is imposed, no longer have the capacity of a member of management or director of the supervised entity – for failure to act, or violations from paragraph 1 of this Article, committed while these persons performed these functions within the supervised entity. When imposing the fines from this Article, the supervisory authority shall take into consideration the criteria from Article 138 of this Law. When imposing a fine on a member of management and director of the supervised entity, in addition to the criteria from Article 138 of this Law, the supervisory authority shall also assess the level of accountability of such person taking into account the distribution of accountability for the tasks in the remit of that body as defined by law and the internal enactments of the supervised entity, as well as the authorisations and responsibilities in the management of the supervised entity. If a fine is imposed during the supervisory procedure, the decision from paragraph 1 of this Article shall be made without having to obtain a special prior statement of the supervised entity, or a member of management or director of the entity about the facts and circumstances relevant to the adoption of the decision imposing such fine, unless it concerns a person whose function in this supervised entity has ceased. The supervised entity shall deliver the report on supervision and the decision on imposing a fine to the person who performed the function of a member of management and director of the supervised entity in the period to which the supervision report pertains. Upon the expiry of 30 days from the delivery to the supervised entity – it shall be deemed that the report on supervision and the decision on imposing a fine have been delivered to these persons. The decision on imposing a fine shall be enforceable upon delivery to the person from paragraph 1 of this Article. If a member of management and director of the supervised entity, including persons who used to perform these functions within the supervised entity, fail to pay the fine within the deadline defined in the decision on imposing a fine – the supervised entity shall pay the fine within eight days after the expiry of the deadline set out in the decision. The fines from this Article shall be paid to the account of the supervisory authority. The supervised entity shall provide to the supervisory authority evidence of the payment of the fines from this Article to the supervisory authority’s account within the deadline set out in the decision on imposing a fine, or within eight days after the expiry of that deadline if the supervised entity is paying the fine instead of the persons from paragraph 10 of this Article, in accordance with that paragraph. If the obligation under the fine from this Article is not paid within the deadline set out in the decision on imposing a fine, the supervisory authority shall be entitled to calculate default interest on the amount of such debt. Enforceable decisions on imposing a fine from this Article shall constitute grounds for enforced collection from the account of the supervised entity in accordance with the law governing payment transactions. The total revenue from paragraph 3 of this Article has the meaning as defined by the law governing the protection of competition. Revoking the licence for the provision of digital asset services

Article 137 The supervisory authority shall pass a decision on revoking the licence for the provision of digital asset services in the following cases:

1. if it establishes that a digital asset service provider did not commence providing these services within six months of the day of licensing or if it did not provide these services for a period of more than six months;

2. if a digital asset service provider notifies the supervisory authority in writing that it no longer intends to provide these services or intends to implement the liquidation procedure;

3. if it identifies grave violations of the regulations governing the prevention of money laundering and the financing of terrorism;

4. if a digital asset service provider fails to enable the supervisory authority to conduct supervision over its operations. The supervisory authority may pass a decision revoking the licence for the provision of digital asset services in the following cases:

5. if it establishes that a digital asset service provider no longer meets the conditions from Article 56 of this Law;

6. if it establishes that the decision on granting a licence to provide digital asset services was made based on false data;

7. if it establishes that the activities of a digital asset service provider are associated with money laundering and terrorism financing;

8. if it establishes that a digital asset service provider failed to execute the orders and measures from Article 135 of this Law within the deadline;

9. if it establishes that a digital asset service provider does not maintain minimum capital in accordance with the provisions of this Law;

10. if it establishes that a digital asset service provider has committed a grave violation of the provisions of this Law or regulations based on this Law. A digital asset service provider shall submit the notification from paragraph 1, item 2) of this Article to the supervisory authority within no later than 30 days before the day it ceases to provide digital asset services or the day the liquidation procedure is initiated, and shall submit, at the supervisory authority’s request, the documents defined in the request and evidence that it has sufficient funds to settle all of its obligations in relation to digital asset service provision. The deadline from this paragraph shall start on the day when duly completed documentation from that paragraph is delivered. Information about revoking the licence for the provision of digital asset services shall be posted on the supervisory authority’s website. Discretionary right of the supervisory authority Article 138 The supervisory authority shall decide on the measure to be taken in respect of a supervised entity based on its discretionary evaluation:

11. of the severity of identified irregularities;

12. demonstrated readiness and capability of the supervised entity’s members of management and directors to remove the identified irregularities;

13. other relevant circumstances under which the irregularity was committed. In assessing the severity of the identified irregularities, the following shall be evaluated in particular:

14. the supervised entity’s level of exposure to certain types of risk;

15. impact of the committed irregularity on the supervised entity’s future operations, or performance of activities;

16. number and interdependence of identified irregularities;

17. duration and frequency of the committed irregularities;

18. legality of the supervised entity’s operations, or performance of activities. In assessing the demonstrated readiness and capability of the supervised entity’s members of management and directors to remove the identified irregularities, the following shall be evaluated in particular:

19. ability of these persons to identify, measure, monitor, evaluate and manage risks in the supervised entity;

20. efficiency in eliminating any previously identified irregularities, and particularly in implementing the measures referred to in Article 135 of this Law;

21. awareness of persons with a qualifying holding and the management of the supervised entity of the difficulties in the supervised entity’s operations, or performance of activities;

22. cooperativeness with authorised persons during supervision. Disclosure of imposed measures and sanctions Article 139 A supervisory authority may inform the public about the pronounced measures and/or sanctions in relation to the violation of the provisions of this Law, and may do so publicly, on its website and/or in another appropriate manner, once the supervised entity has been notified about the measure and/or sanction. The manner of disclosing data from paragraph 1 of this Article may be more closely defined in a regulation issued by the supervisory authority. VIII. PENAL PROVISIONS Criminal offences Article 140 Whoever uses inside information with the intention of acquiring financial benefits for themselves or for other persons, or causes damage to other persons:

23. directly or indirectly during the acquisition, alienation or attempts to acquire or alienate for own account or the account of another holder the digital assets to which such information relates, or

24. by disclosing and making available inside information to any other person, or

25. by recommending or inducing another person, based on inside information, to acquire or alienate digital assets to which such inside information relates, shall be fined or sentenced to imprisonment for up to one year.

If the actions from paragraph 1 of this Article resulted in the acquisition of financial benefits or caused damages to other persons in the amount exceeding RSD 1,500,000, the perpetrator shall be punished by imprisonment for up to three years and a fine. If the actions from paragraph 1 were committed by a person who came into possession of inside information by virtue of membership in management or supervisory bodies of the issuer, a stake in the issuer’s capital, access to information obtained in the normal exercise of employment, profession or duties, or by way of criminal offences that he has committed, the perpetrator shall be punished by a fine or imprisonment of up to three years. If the actions from paragraph 3 of this Article resulted in the acquisition of financial benefits or caused damages to other persons in the amount exceeding RSD 1,500,000, the perpetrator shall be punished by imprisonment of six months to five years and a fine. Any attempt to commit the actions from paragraph 1 of this Article shall be punished. Article 141 Whoever engages in market manipulation to gain financial benefits for themselves or for another person, or causes damage to other persons by:

1. concluding transactions or issuing orders to trade which give, or are likely to give, false signals as to the supply of, demand for or the price of digital assets, or where the price of one or more digital assets is maintained at an abnormal level by a person or persons acting in collaboration, or
2. concluding transactions or issuing orders to trade which employ fictitious actions or any other form of deception or contrivance, or
3. disseminating information through the media, including the internet, or by any other means, which gives or is likely to give false or misleading signals about digital assets, where the person who made the dissemination knew or ought to have known that the information was false or misleading, shall be punished by imprisonment of six months to five years and a fine. If the actions referred to in paragraph 1 of this Article have caused a significant disruption in the digital assets market, the perpetrator shall be punished by imprisonment of three to eight years. Any attempt to commit the actions from paragraph 1 of this Article shall be punished. Measures and sanctions for financial institutions supervised by the National Bank of Serbia Article 142 The National Bank of Serbia shall pronounce measures and sanctions to financial institutions under its supervision, in accordance with the provisions of special laws governing the operations of these institutions, if it establishes that such financial institutions have violated the provisions of this Law. Fines for legal persons, entrepreneurs or natural persons Article 143 The National Bank of Serbia shall pass a decision imposing a fine of RSD 50,000 to RSD 5,000,000 to a legal person that, as a person related to a financial institution supervised by the National Bank of Serbia, acts in contravention of Article 13, paragraphs 4 and 5 of this Law (Article 13, paragraphs 4 and 5). For the actions referred to in paragraph 1 of this Article, the National Bank of Serbia shall also pass a decision imposing a fine of RSD 50,000 to RSD 1,000,000 on the responsible person in the legal person.

For the actions referred to in paragraph 1 of this Article, the National Bank of Serbia shall pass a decision imposing a fine of RSD 50,000 to RSD 2,000,000 on an entrepreneur. For the actions referred to in paragraph 1 of this Article, the National Bank of Serbia shall pass a decision imposing a fine of RSD 30,000 to RSD 1,000,000 on a natural person. The supervisory authority shall pass a decision imposing a fine of RSD 50,000 to RSD 5,000,000 on a legal person that:

1. advertises an initial offering of digital assets for which a white paper has not been approved, contrary to Article 17 of this Law (Article 17);
2. advertises digital assets for which a white paper has not been approved, contrary to Article 31, paragraph 5 of this Law (Article 31, paragraph 5);
3. without a prior consent of the supervisory authority, acquires a qualifying holding in a digital asset service provider or increases the holding so as to acquire 20% to 30%, more than 30% to 50%, or more than 50% of the voting rights or capital in that provider, or so that it becomes its parent company (Article 66). For the actions referred to in paragraph 5 of this Article, the supervisory authority shall also pass a decision imposing a fine of RSD 50,000 to RSD 1,000,000 on the responsible person in the legal person. For the actions referred to in paragraph 5 of this Article, the supervisory authority shall pass a decision imposing a fine of RSD 50,000 to RSD 2,000,000 on an entrepreneur. For the actions referred to in paragraph 5 of this Article, the supervisory authority shall pass a decision imposing a fine of RSD 30,000 to RSD 1,000,000 on a natural person. Fine for external auditor Article 144 The supervisory authority shall pass a decision imposing a fine of RSD 100,000 to RSD 5,000,000 on an external auditor performing the audit of the financial statement of a digital asset service provider from Article 90, paragraphs 1 and 2 of this Law, if it fails to notify the supervisory authority without delay about the facts and data from paragraph 3 of that Article. For the action referred to in paragraph 1 of this Article, the supervisory authority shall also pass a decision imposing a fine of RSD 50,000 to RSD 1,000,000 on the responsible person in the external auditor. IX. TRANSITIONAL AND FINAL PROVISIONS Alignment of operations Article 145 Within six months of the day this Law enters into force, persons providing services in connection with digital assets shall align their operations and general enactments with the provisions of this Law and the regulations based on this Law, and shall submit an appropriate application for licensing to the supervisory authority. Entry into force and start of applicability Article 146 This Law enters into force on 29 December 2020 and shall apply as of 29 June 2021.