{"id":9909,"date":"2026-04-27T12:01:37","date_gmt":"2026-04-27T12:01:37","guid":{"rendered":"https:\/\/ofero.news\/?p=9909"},"modified":"2026-04-27T12:01:37","modified_gmt":"2026-04-27T12:01:37","slug":"the-law-is-not-the-constraint-mihai-voicu-partner-at-onv-law-on-how-romanian-companies-should-navigate-ai-crypto-and-blockchain-regulation","status":"publish","type":"post","link":"https:\/\/ofero.news\/?p=9909","title":{"rendered":"\u2018The law is not the constraint\u2019 – Mihai Voicu, Partner at ONV LAW, on how Romanian companies should navigate AI, crypto and blockchain regulation"},"content":{"rendered":"

Romania\u2019s regulatory framework for AI, crypto and blockchain is largely in place through directly applicable EU legislation – but deployment is outpacing governance, and the liability is landing on companies that assumed compliance was their vendor\u2019s problem. In this interview, Mihai Voicu, Partner at ONV LAW and head of the firm\u2019s Code\/Lex technology, AI and digital assets practice, discusses how Romanian businesses should approach the gap.<\/strong><\/h3>\n

ONV LAW\u2019s Code\/Lex practice advises Romanian companies and founders on the legal architecture for AI, blockchain and digital assets, across transactions, disputes and regulatory compliance. Voicu argues that EU-wide frameworks: the AI Act, MiCA, and DORA, give Romanian entrepreneurs a level playing field, but that the real work sits in the institutional build-out and in product-level decisions taken early.<\/p>\n

Recent developments, including an emergency ordinance adopted last month designating BNR and ASF as competent authorities for digital operational resilience under DORA, confirm that the supervisory architecture is being formalised with penalties of up to 10 million lei or 5% of annual turnover for breaches.<\/p>\n

More on the first legal risks companies should flag, how courts are likely to handle AI and crypto disputes, and the three recommendations Voicu gives every founder, in this interview with Mihai Voicu, Partner at ONV LAW.<\/p>\n

Looking at Romania specifically, how prepared is our legal and regulatory framework for AI, crypto and blockchain compared to other EU countries, and where do you see the biggest gaps between how fast technology moves and how fast institutions adapt?<\/strong><\/p>\n

Mihai Voicu:<\/strong> The legal framework is largely in place – the EU AI Act, MiCA, and DORA apply directly across all member states, Romania included. A Romanian company building an AI product or a blockchain service operates within the same rules as its counterpart in Amsterdam or Dublin. The law is not the constraint.<\/p>\n

What takes longer to develop is the institutional layer – secondary norms, administrative guidance, and the regulatory dialogue that gives businesses predictability. Romania is moving on this front. Just last month, the Government adopted an emergency ordinance designating BNR and ASF as competent authorities for digital operational resilience under DORA – a concrete step showing the institutional architecture is being built out. In the meantime, Romanian entrepreneurs and developers are technically sophisticated and commercially ambitious; what they need is legal architecture that translates across borders, because their products rarely stop at the Romanian frontier. Bridging the EU civil law framework with the common law environments of their investors and partners is where we do most of our practical work.<\/p>\n

When Romanian companies start using AI in day-to-day operations – from HR to credit scoring or internal decision-making – what are the first local legal risks you flag for management?<\/strong><\/p>\n

Mihai Voicu:<\/strong> The first conversation is always about classification. Systems used in recruitment, employee performance assessment, or credit decisioning fall into the high-risk category under the AI Act, triggering specific obligations around documentation, human oversight, and transparency. Most management teams we speak to are genuinely surprised by this. They have purchased a platform, integrated it into their workflow, and assumed compliance was the vendor\u2019s concern. It is not.<\/p>\n

In a recent case, a company using a well-regarded international HR platform discovered its automated candidate-scoring function was, in its default configuration, non-compliant with data protection rules on automated decision-making. The liability sat entirely with the employer. The practical rule we give every client is straightforward: AI can inform, rank, and flag – but a human must own the decision. Documented AI-related incidents nearly doubled globally between 2024 and 2025, a trajectory that reflects precisely this gap between deployment speed and governance readiness.<\/p>\n

Crypto assets remain a sensitive topic for Romanian authorities. How do ANAF, ASF and other regulators currently approach crypto and token-related activity, and what should Romanian businesses be most careful about if they want exposure in this space?<\/strong><\/p>\n

Mihai Voicu:\u00a0<\/strong>The picture has become considerably clearer since MiCA came into full application in December 2024. Last month\u2019s Government ordinance designated BNR as the competent authority for digital resilience supervision over credit, payment and e-money institutions – including those that are also crypto-asset service providers – while ASF covers investment firms, fund managers, and remaining financial sector entities. For crypto-asset service providers specifically, supervisory competence is still to be assigned under MiCA implementing legislation, but the framework around it is operational.<\/p>\n

The most consequential issue in practice is classification. Every engagement involving a token or platform starts with the same question: what exactly is this? Utility token, e-money token, asset-referenced token, or something exhibiting the characteristics of a financial instrument? The answer determines disclosure obligations, marketing rules, and authorisation required. Getting it wrong at the outset is far more expensive to correct than getting it right to begin with.<\/p>\n

On taxation, ANAF treats crypto gains as income from other sources at a 10% flat rate, with crypto-to-fiat exchanges treated as taxable events. The most common issue we encounter is not deliberate evasion, but unawareness of the declaration obligation, particularly among individual investors and smaller businesses.<\/p>\n

Blockchain is often promoted in Romania for land registries, supply chains and public procurement. Beyond the buzz, what concrete use cases do you see as realistically implementable in the next five years, and what legal issues would need to be solved first?<\/strong><\/p>\n

Mihai Voicu:\u00a0<\/strong>Realism matters more than enthusiasm here. Three areas are genuinely actionable within five years in the Romanian context, and in each case the technology is not the bottleneck – legal recognition is.<\/p>\n

Supply chain traceability in agri-food and pharmaceuticals is the most immediately viable. EU legislation already mandates traceability in these sectors; blockchain provides an auditable, tamper-resistant record that regulators can inspect and trading partners can trust across borders.<\/p>\n

Document certification is another near-term opportunity: blockchain as an immutable notarisation layer for diplomas, corporate records, and professional credentials. This does not displace existing institutions, it adds a verifiable layer on top.<\/p>\n

Land registry on blockchain, possibly intersecting with smart contracts, is a longer-horizon project. The institutional appetite is there; the legislative groundwork is not yet in place.<\/p>\n

You are very active in corporate, M&A and high-stakes disputes. Have you started to see AI, crypto or blockchain aspects appear in Romanian transactions or litigation, and how do you expect Romanian courts and arbitrators to handle these technologies?<\/strong><\/p>\n

Mihai Voicu:\u00a0<\/strong>Yes, and it is no longer occasional. In transactions, AI compliance has become a standard component of technology due diligence. Buyers want to know whether a target is using high-risk AI systems without the required documentation, whether there is unresolved crypto tax exposure, and whether AI-generated content in the product carries unresolved IP ownership questions. We address these alongside traditional tax and litigation review, not as an afterthought.<\/p>\n

The enforcement stakes are significant. Under the DORA implementing ordinance, ASF can impose fines of up to 10 million lei or 5% of annual turnover on entities breaching digital resilience requirements – and up to 1 million lei on responsible individuals – with possible licence suspension for up to 12 months or a management ban of up to five years. In M&A, these translate directly into warranty exposure that buyers now price at the negotiating table.<\/p>\n

In disputes, crypto asset valuation and ownership have already come up in business dissolution proceedings and cross-border commercial arbitration. Questions like who bears liability for a harmful algorithmic decision, the legal status of a digital asset as property, or whether a stablecoin-denominated obligation is enforceable, do not yet have domestic answers. Our expectation is that jurisprudence will develop first in international arbitration – where judges can appoint technically literate experts and apply more flexible evidentiary standards – before filtering into domestic courts. Parties in technology-driven transactions should be building dispute resolution clauses that anticipate these gaps now.<\/p>\n

One practical note: a recent international study evaluating AI models on document-grounded legal reasoning tasks found accuracy rates of around 70-75% for the best available systems – meaningful capability, but a material error rate. AI-assisted analysis in due diligence is a tool, not a substitute for expert judgment.<\/p>\n

For Romanian employers, AI tools bring both efficiency and new tensions at the workplace. How should companies approach AI in performance evaluation, monitoring, or recruitment so that they can innovate but stay compliant?<\/strong><\/p>\n

Mihai Voicu:\u00a0<\/strong>Transparency is the starting point – not as a principle, but as a legal obligation. Romanian labour law requires employers to communicate the criteria by which employees are evaluated. When those criteria are generated or applied by an algorithm, employees have a right to that information. The AI Act adds a further layer: workplace monitoring tools designed to infer emotional states or score behavioural characteristics are either prohibited or subject to strict conditions depending on their configuration.<\/p>\n

In practice, we advise employers on three things. First, establish a clear internal AI use policy and engage employee representatives – this is both a legal safeguard and a dispute-prevention measure; the conflicts we want to avoid are those arising from employees feeling assessed by systems they did not know existed. Second, keep humans accountable for consequential decisions: an AI system can flag, rank, and recommend, but hiring, evaluation, and dismissal require a human decision-maker, and Romanian labour courts will scrutinise any dismissal in which the algorithm did the deciding. Third, audit your HR software stack – a significant number of standard HR platforms now embed AI-driven scoring by default, and the liability for how those tools affect employees sits with the employer, not the vendor.<\/p>\n

According to a recent international survey, GDPR remains the most cited regulatory influence on responsible AI practices in organisations – referenced by 60% of respondents – with the EU AI Act already cited by 43%, a figure that will only grow as enforcement matures. The companies best placed will be those that treated compliance as an architectural choice from the outset, not a remediation project after the fact.<\/p>\n

If you were advising a Romanian entrepreneur building an AI or blockchain business here, what are the top three legal and strategic recommendations to minimise local risks and maximise long-term credibility with regulators and investors?<\/strong><\/p>\n

Mihai Voicu: Build the legal architecture into the product from the start.<\/strong> Founders who come to us after a product is built and ask how to make it compliant face harder conversations and higher costs than those who involve legal counsel at the design stage. Regulatory requirements shape product decisions in ways that are far easier to address before the code is written than after. The share of businesses globally with no responsible AI policies fell from 24% to 11% in a single year – governance documentation is becoming the baseline expectation among investors and institutional partners, not a differentiator.<\/p>\n

Think carefully about where you authorise, not just where you operate.<\/strong> Romania is an excellent place to build a team and develop a product. But for regulated activities – operating as a crypto-asset service provider, deploying a high-risk AI system in a financial or professional context – the authorisation jurisdiction is a separate strategic decision with tax, corporate structure, and investor-relations implications. The domestic regulatory infrastructure is being built out; as that capacity matures, the calculus on where to authorise will evolve. For now, it should be part of the founding conversation, not resolved under time pressure when a deal is on the table.<\/p>\n

Invest in clarity of definition – for your product, your contracts, and your governance.<\/strong> The disputes that are hardest to resolve and the regulatory enquiries that are most damaging are those where the fundamental nature of the product was never precisely defined. What kind of asset is the token? What decisions does the AI system actually make, and who is accountable for them? What law governs the smart contract? These are not abstract legal questions – they are the foundation on which trust, enforceability, and commercial scalability are built. Getting them right early is one of the most durable investments a founder can make.<\/p>\n

This interview has been made with ONV Law.<\/p>","protected":false},"excerpt":{"rendered":"

Romania\u2019s regulatory framework for AI, crypto and blockchain is largely in place through directly applicable EU legislation – but deployment is outpacing governance, and the liability is landing on companies that assumed compliance was their vendor\u2019s problem. In this interview, Mihai Voicu, Partner at ONV LAW and head of the firm\u2019s Code\/Lex technology, AI and […]<\/p>\n","protected":false},"author":0,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-9909","post","type-post","status-publish","format-standard","hentry","category-uncategorized"],"_links":{"self":[{"href":"https:\/\/ofero.news\/index.php?rest_route=\/wp\/v2\/posts\/9909","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ofero.news\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ofero.news\/index.php?rest_route=\/wp\/v2\/types\/post"}],"replies":[{"embeddable":true,"href":"https:\/\/ofero.news\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=9909"}],"version-history":[{"count":0,"href":"https:\/\/ofero.news\/index.php?rest_route=\/wp\/v2\/posts\/9909\/revisions"}],"wp:attachment":[{"href":"https:\/\/ofero.news\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=9909"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ofero.news\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=9909"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ofero.news\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=9909"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}