EU to Review DeFi Regulation: Lawmakers Plan to Monitor Protocols They Can't Define

The European Commission opened a public consultation on whether to expand its landmark crypto rulebook, known as Markets in Crypto Assets or MiCA, to cover decentralized finance  which the current framework left untouched. 

But regulators cannot seem to agree on how to define what counts as “genuinely decentralized.” 

Under the current MiCA framework, services provided in a “fully decentralized manner without any intermediary” are excluded from MiCA’s scope entirely, which means they are exempt from the supervision of regulators. 

The Commission’s concern is that DeFi is no longer a niche activity. It has grown into significant financial infrastructure, increasingly used by retail actors and institutional players.

Now the Commission is seeking input from digital assets industry representatives such as cryptocurrency service providers, and public authorities on six criteria for assessing whether a DeFi software is “not fully decentralized” and therefore subject to regulation. 

Responses close August 31 and are open to anyone.

Tornado Cash vs. Uniswap: Who Controls The Code?

The judge assigned to Roman Storm’s case has come to drastically different conclusions on what constitutes control in her dismissal of a case against Uniswap.

The RageL0la L33tz

What The EU Wants to Know

The EU would first like to know what DeFi services are most widely used, from exchange to payments, transactions, and custody services, and whether shareholders believe such technologies pose operational, money laundering, or terrorist financing risks, among other things. 

Three of the most consequential questions EU regulators then ask are on the existence of an identifiable intermediary (person or group of persons) providing a crypto-asset service, presence of control by an identifiable person or group of persons (e.g. via admin keys) over the key functionalities of a DeFi protocol, and significant concentration of governance power over the key functionalities of a DeFi protocol. 

If the Commission adopts these criteria, any protocol where governance power is concentrated, where someone holds administrative keys, or where an identifiable operator provides services would fall under MiCA’s scope. That means a bundle of compliance obligations like transaction monitoring, sanctions screening, and regulatory reporting are coming to protocols across DeFi – and the potential obligation to obtain a costly MiCA license to make software available in the EU. 

The consultation also asks whether regulators should require certification of DeFi protocols, impose due diligence obligations on intermediaries connecting users to DeFi, or mandate blockchain analytics to flag illicit flows. 

The Commission’s consultation also asks whether intermediaries that connect users to DeFi should face compliance obligations. But the language is vague. 

Does it refer to self-custodial wallets, DEX frontends, exchanges offering DeFi gateways, and other pieces of infrastructure that allows a user to interface with protocols?

Take intermediaries. If these face due diligence obligations toward DeFi protocols, the regulatory burden shifts downstream. Rather than regulating protocols directly, regulators would regulate the services through which users access them. 

‘Pro Law Enforcement Bill’ Clarity Passed Out of Committee

Feelings are mixed as U.S. Senate Banking Committee passes landmark cryptocurrency regulation while tension over core components remain.

The RagePedro Solimano

The Challenge: Defining Control

In early April, a European Central Bank working paper examined governance structures across four major DeFi protocols: Aave, MakerDAO, Uniswap and Ampleforth. The findings show what many protocols actually look like behind claims of decentralization. 

Across the four protocols, the top 100 token holders control over 80% of voting power, according to the ECB. In Ampleforth, the top five holders alone account for nearly 60%, while Aave’s top five holders come at 48% and Uniswap at 46%. MakerDAO sits at 36%. The ECB adds that “top voters are mostly delegates, who, in many cases, could not be identified nor linked to token holders,” implying that a determination of control is, in some cases, not possible.

The question on what constitutes control over a software has drawn itself throughout regulatory discussions across the world – and the conclusions appear not much clearer. In the US, a judge has found that Uniswap is in fact decentralized and does not exert control over the protocol. At the same time, that same judge let arguments proceed to trial that the immutable privacy protocol Tornado Cash could exert control via its front-end interface.

At the very least, it shows that defining control in decentralized software remains difficult, if not outright subjective.

Notably, when it comes to regulating DeFi, the industry appears to have experienced a shift in overton window – away from whether developers can control funds, to whether someone can unilaterally modify core parameters, or if a small group of people can pause or upgrade the protocol at will.

All of these approaches assume regulators can identify which protocols are genuinely decentralized and which merely claim to be, while a clear framework on what constitutes control continues to be lacking.

Independent journalism does not finance itself. If you enjoyed this article, please consider making a donation. If you would like to note a correction to this article, please email corrections@therage.co