DeFi Governance Is a Question of Concentration, Not Decentralization

Financial regulation has always looked to capture intermediaries, the money transmitters, brokers, exchanges, custodians, and others that move, hold or control assets on behalf of end users. In traditional financial services, that boundary is relatively clear: regulation attaches to those who intermediate transactions, control client assets, or provide financial services. It does not attach to the wider infrastructure that supports those activities. As digital asset ecosystems become more complex, that same boundary is being tested in new ways, making it important to defend the underlying principle. This piece examines how the EU’s implementation of the Travel Rule (via the recast Funds Transfer Regulation or “TFR”) correctly draws that line using the concept of “ancillary infrastructure,” and how a similar distinction appears in the U.S. GENIUS Act. At its core, the analysis is simple but consequential: when does a participant in a crypto system become a regulated intermediary, and when are they merely part of the infrastructure that makes the system work? These two pieces of legislation on both sides of the Atlantic show how policy makers can ensure regulation remains in force for the activities they want to capture, without blurring the distinction between infrastructure providers and financial intermediaries. In the EU: Where the Concept Comes From The EU’s idea of ancillary infrastructure appears in the recitals of the TFR, which guide how the regulation should be interpreted. The regulation explains (emphasis added): Persons that provide only ancillary infrastructure, such as internet network and infrastructure service providers, cloud service providers or software developers, that enable another entity to provide transfer services for crypto-assets, should not fall within the scope of the Regulation unless they perform transfers of crypto-assets. That is the entirety of it. The term is not further defined. There is no formal category or test in the operative provisions of the TFR, just this functional description and a few examples. But that short passage does a lot of good work. A Working Definition Taking the recital’s examples and its express limit together, ancillary infrastructure can be more specifically understood as: Infrastructure that is used by others in connection with crypto-asset transfers, but does not itself effect, execute, or control the transfer of crypto-assets, or provide custody of such assets. This is not a technology-based definition. It is a role-based definition, grounded in the regulatory perimeter. (This is consistent with other EU Regulations in the crypto-space, such as the Markets in Crypto-Assets (MiCA) Regulation.) What matters is not what the system looks like, but what the activity actually is. Two elements define the boundary: 1. Used in Connection with Transfers The infrastructure is part of the ecosystem that enables crypto-asset transfers. It may be essential to the functioning of the system. It may sit directly in the transaction flow. But it operates in a supporting role to the financial transaction, and is used by other entities such as CASPs and end users. 2. No Transfer or Custody Function The infrastructure provider does not: effect or execute transfers, control the movement of crypto-assets, or provide custody or control over those assets. That is the dividing line. Once a provider crosses into movement or control of value, it begins to look like an intermediary. If it does not, it remains infrastructure. What Counts as Ancillary Infrastructure The TFR itself provides only a handful of examples, but they point to a broader and consistent categorization. They are infrastructures that enable the system to function, without themselves engaging in the activities of financial intermediation. Internet Network Providers, such as internet service providers and network connectivity providers. These entities move data, not value. They carry transaction information across networks, but they have no relationship to the underlying assets being transferred or parties making the transfers. Cloud Service Providers, such as infrastructure-as-a-service providers and cloud hosting platforms. These providers supply computing power, storage, and hosting. They make it possible to run nodes, exchanges, and applications, but do not execute transfers, hold assets or interact directly with customers. Software Developers, such as developers of non-custodial wallets, developers of blockchain protocols, and providers of APIs and developer tools. These actors create the tools that others use to interact with crypto-assets. Once deployed, they do not control how those tools are used, nor do they execute or custody transactions. Technical Infrastructure Providers, such as node infrastructure providers, remote node access (RPC) providers, blockchain data indexing services, and validators and miners. These entities maintain and operate the underlying networks. They validate transactions, order and record them according to protocol rules, and ensure the system continues to function. They do not act on behalf of users, determine the purpose of transactions, or take custody of assets. Their role is protocol-level infrastructure and maintenance, not financial intermediation. Data and Analytics Providers, such as blockchain analytics firms, transaction monitoring tools, and risk scoring services. These providers analyze and interpret blockchain data. They support compliance, investigation, and risk management, but they do not initiate, execute, or control transfers. As we see, the concept of ancillary infrastructure covers a lot of different providers and activities, none of which intermediates or has direct responsibility for transfers or custody. This recognition provides a critical distinction between who is and who is not subject to regulation. A Parallel Approach: The GENIUS Act The same boundary appears explicitly in the U.S. GENIUS Act, which introduces the concept of a Digital Asset Service Provider (DASP) and provides exceptions for infrastructure providers. The Act defines DASPs by reference to familiar intermediary activities: exchanging digital assets, transferring them to third parties, acting as custodians, and providing financial services tied to issuance. In other words, DASPs are intermediaries. But the definition goes further by explicitly stating what is not an intermediary. The definition of DASP explicitly excludes: a distributed ledger protocol; developing, operating, or engaging in the business of developing distributed ledger protocols or self-custodial software interfaces; an immutable and self-custodial software interface; developing, operating, or engaging in the business of validating transactions or operating a distributed ledger; or participating in a liquidity pool or other similar mechanism for the provisioning of liquidity for peer-to-peer transactions. This is the same idea as ancillary infrastructure in the TFR, but stated directly in the text (rather than the recitals), and in greater detail. The Same Line, Two Drafting Styles The TFR and the GENIUS Act take different drafting approaches, but they arrive at the same place. The TFR uses a functional exclusion (“ancillary infrastructure”) The GENIUS Act uses explicit statutory carve-outs Both frameworks draw the same distinction: Intermediaries are regulated because they effect or execute transactions, or control or custody assets - activities that are traditionally within the regulatory perimeter. Infrastructure providers are not, because they enable systems rather than effect transactions or custody assets - activities that have never been captured within the regulatory perimeter, although firms using the infrastructure to undertake regulated activities may themselves require regulatory authorization. In both, that principle holds across network providers, software developers, validators and miners, and other technical actors. Conclusion: Why This Distinction Matters This boundary is not just a drafting detail, it continues to apply a foundational principle. Crypto systems are built in layers. Many actors contribute to how transactions are created, transmitted, and recorded. Without a clear distinction, regulation could easily expand to capture the entire stack. The concept of ancillary infrastructure prevents that outcome. It ensures that providing infrastructure, which is neutral and only indirectly involved, is not treated the same as acting as an intermediary in transactions. That principle is now reflected on both sides of the Atlantic. As digital asset markets evolve, it is likely to remain one of the most important lines in crypto regulation. And together these two pieces of legislation show how policy makers can update rulebooks for new technologies without unwittingly regulating the technology itself. We at Avalanche Policy Coalition have discussed this point multiple times over the last year, including in our April and May comment letters to the SEC Crypto Task Force, our response to the Australian Treasury consultation, and this blog post. Preserving the distinction between infrastructure and intermediary is one of our 2026 policy priorities.

Introduction On March 17, 2026, the U.S. Securities and Exchange Commission (SEC), together with the Commodity Futures Trading Commission (CFTC), issued its most comprehensive statement to date on how federal securities laws apply to crypto assets. The Interpretation represents a significant step in clarifying how regulators view token classification, interpret “investment contract”, and categorize core blockchain activities. Of course, we were very pleased that the agencies classify AVAX as a digital commodity and not a security in the Interpretation. But there is much more to dig into. Over the past year, Avalanche Policy Coalition (APC) has advanced a framework for crypto regulation centered on three principles: (1) the nature of the asset matters, (2) infrastructure and intermediaries must be treated differently, and (3) regulation should be workable and grounded in real market structure. Our April, May and September 2025 comment letters to the SEC Crypto Task Force articulated these ideas in detail. This post compares the SEC Interpretation with that framework, highlighting where they align, where they differ, and how the two approaches relate conceptually. Token Classification: Converging on Function One of the most important developments in the SEC Interpretation is the introduction of a five-part taxonomy for crypto assets: digital commodities, digital collectibles, digital tools, stablecoins, and digital securities. This approach aligns closely with APC’s long-standing emphasis on token classification based on function, which we call the nature of the asset test and is grounded in the functions and features of the token rather than how it is marketed or what it is called. APC has described “protocol tokens” as a distinct category of assets integral to the functioning of blockchain networks. The SEC’s category “digital commodities” captures much of this same concept. These assets derive value from the programmatic operation of a functional crypto system and supply-and-demand dynamics, rather than from the expectation of profits based on managerial efforts. The SEC definition of digital commodity as part of a crypto system emphasizes functionality at both the Layer 1 and application layer, much as APC’s protocol token is agnostic about the layer on which the protocol functions. This is an important recognition that digital commodities may exist at various levels of the tech stack. Also important, the SEC does not opt for a slavish application of a “decentralization” requirement as the deciding factor for the nature of the asset.  Rather, it remains focused on functionality and consumptive use.  This flows as well into its interpretation of “investment contract,” discussed below. The two approaches therefore converge in substance, reflecting a growing consensus around function-based token classification, which we have championed for many years. Both the SEC and APC recognize that tokens such as AVAX, BTC, and ETH do not have the features or functions of securities and should be analyzed accordingly. The difference lies primarily in structure: APC proposed a distinct legal category for protocol tokens, subject to distinct treatment, while the SEC states that digital commodities may fall into the broader world of commodities. Similarly, the SEC addresses stablecoins, particularly those covered by the GENIUS Act and prior staff guidance, finding them to not be securities while noting that other stablecoin arrangements may require further analysis. This reflects its alignment with the nature of the asset test APC articulated, which evaluates tokens based on their specific characteristics and functions. Assets vs. Transactions: A Shared Distinction A central theme of the SEC Interpretation is the explicit distinction between a crypto asset and the transaction in which it is offered or sold. For example, a digital commodity is not itself a security; however, it may be sold pursuant to an investment contract. This is a point of strong alignment with APC’s framework. APC has consistently emphasized that digital assets should not be classified as investment contracts or other types of securities simply because they are involved in activities that look like capital-raising. The SEC Interpretation adopts this principle directly, clarifying that the legal analysis should focus on the contract, transaction, or scheme, rather than the asset itself.  This phrase, taken directly from Howey, has often been overlooked.  The SEC correctly recognizes that it is the lynchpin of how Howey defines investment contract. Oranges simply are not and never will be securities. This brings crypto assets into alignment with other areas of law, where non-security assets (such as commodities or real estate) can be part of securities transactions without themselves becoming securities.  Investment Contract Analysis: Different Approaches One of the main areas of divergence is how to define and apply the concept of an “investment contract.” APC has proposed a framework with clearer boundaries for when securities laws apply. In particular, we encouraged the following definition: “an express agreement between a seller and buyer that provides for the investment of money in a common enterprise with a reasonable expectation of profits solely from the undeniably significant managerial or entrepreneurial efforts of the seller.” This definition starts with the basic articulation from Howey and adds modifications based on prevailing Supreme Court case law and other precedent. By reviving the word “solely” from the original Howey test and requiring an express agreement, this definition provides greater certainty about the “who” and the “what” of the investment contract. The SEC, by contrast, provides guidance on how it will apply the originally articulated version of the Howey test to crypto assets, resulting in less definitive regulatory boundaries. The SEC Interpretation places significant emphasis on issuer representations and promises, including their source, timing, and specificity, in determining whether purchasers have a reasonable expectation of profits from the efforts of others. These concepts reflect a close reading and application of Howey and its progeny, which we agree with. We just wish for something that is easier to apply. Both approaches aim to clarify the same issue, but they differ in methodology. APC emphasizes clearer rules and definitions, while the SEC relies on interpretive guidance within an existing legal framework. Lifecycle and “Separation”: Different Structures, Similar Outcomes APC has proposed a lifecycle-based framework distinguishing between pre-functionality and functional protocol tokens for purposes of determining SEC jurisdiction. Under that approach, protocol tokens sold prior to protocol functionality would be presumed to be the subject of an investment contract, resulting in a securities law framework for their offer and sale.  In contrast, tokens used in a functioning protocol would fall outside the federal securities laws. The SEC does not adopt this structure in full but incorporates elements of it in the Interpretation. Instead, it introduces the concept of “separation” under which a non-security crypto asset can cease to be subject to an investment contract once purchasers no longer reasonably expect the issuer’s essential managerial efforts to remain connected to the asset. This test does not rely solely on “sufficient decentralization” or related concepts, but looks at the overall facts and circumstances to determine whether separation has occurred. While the mechanisms differ, the underlying idea is similar: the regulatory treatment of a token as part of an investment contract or not can change over time as the network evolves and other events occur. APC’s approach uses a more structured lifecycle model, while the SEC relies on a fact-specific analysis tied to issuer activities and market expectations. Infrastructure vs. Intermediaries: Alignment in Core Activities APC has consistently argued that regulation should focus on intermediaries, not infrastructure providers. Validators, node operators, and protocol participants perform technical functions and should not be treated as financial intermediaries. The SEC’s Interpretation reflects this principle in its treatment of specific activities. It concludes that, when conducted as described, the following do not involve securities transactions: Protocol mining Protocol staking Certain wrapping arrangements Certain no-consideration airdrops In each case, the SEC characterizes these activities as administrative or ministerial, rather than managerial or intermediary in nature. Rewards created through staking and delegation are treated as compensation by the network for services performed, not profits derived from the efforts of others. This represents a clear point of convergence. The SEC recognizes that core protocol activities operate at the infrastructure layer and should be treated differently from traditional intermediary services. Token Issuance and Market Structure: Different Levels of Detail APC’s framework includes proposals for a more comprehensive regulatory structure, including tailored approaches to token issuance, disclosures, and the role of intermediaries. The SEC’s Interpretation does not address these areas in detail. It focuses primarily on classification and the application of existing law, rather than introducing new exemptions, disclosure regimes, or intermediary frameworks. Conclusion The SEC’s Interpretation and APC’s framework share a common foundation. Both approaches recognize the importance of functional token classification, the distinction between assets and transactions, and the need to treat infrastructure differently from intermediaries. They also reflect a broader convergence around core securities law principles; particularly, the focus on economic reality, consumptive use, and the distinction between managerial and non-managerial activity. At the same time, they differ in how those principles are implemented. The SEC relies on interpretive guidance within existing legal frameworks, while APC has proposed more structured approaches to classification, lifecycle analysis, and market design. Taken together, the two perspectives reflect an evolving consensus around the core concepts that should guide crypto policy. As regulatory discussions continue, these shared principles provide a foundation for further development of a coherent and workable framework. Avalanche Policy Coalition will continue to engage with policymakers and stakeholders to support thoughtful, functional approaches to crypto regulation.

London Calling Part 2: The UK’s Journey from Roadmap to Reality Eight months ago, we wrote about the UK’s crypto journey being still largely about direction of travel. The legislative perimeter had been sketched out, regulators had published their roadmap, and the ambition to become a global hub for digital assets was firmly back in the political vocabulary. The framework was coming, but for firms on the ground, it still felt a step removed from current reality. That is no longer the case. Since then, the UK has moved from strategy to execution at a pace that is difficult to ignore. The government has now laidthe statutory instrument that brings cryptoasset activities formally into the financial services regime, creating new regulated activities from trading platforms to stablecoin issuance and giving the FCA the legal foundations for a full rulebook. At the same time, the FCA has finalised a core package of consultations covering market structure, admissions and disclosures, market abuse, and a dedicated prudential regime - the operating manual for the future UK crypto market. Add to that the Bank of England’s systemic stablecoin proposals, a new stablecoin-focused regulatory sandbox and sprint, the confirmation of the authorisations gateway timeline, and even primary legislation clarifying that digital assets can attract property rights, the picture becomes clear: the UK is no longer designing a regime in theory. It is building one in real time. Authorisations Approaching The new regime will take effect on October 25, 2027. From 30 September 2026, firms will be able to apply for licences, with a five-month window in which early applicants gain the significant advantage of being able to continue operating while their applications are assessed (even after commencement). But there will be no automatic transition. Every firm, regardless of its current status, will need to pass through the gateway if it wishes to conduct regulated business in the UK. The shift from the MLR framework to FSMA authorisation changes the evidential threshold at the gateway. Applications will need to set out not only what the firm intends to do, but how its governance, risk management, capital planning and operational arrangements will meet the relevant Handbook standards by go-live. Early engagement through the FCA’s specialist crypto authorisations teams and the pre-application support service should help firms interpret those expectations, but authorisation will depend on the credibility and completeness of the proposed operating model not just the timing of the application. For the market, this is the moment when regulatory policy becomes a commercial timetable. From Speed to Calibration For years, the standard critique of the UK was that it was moving too slowly. But that argument no longer passes muster. Few major jurisdictions have attempted to deliver, in parallel, a full conduct regime, a market-structure framework, a prudential rulebook, a systemic stablecoin model, an authorisation gateway and a legislative perimeter, all on a clearly sequenced and short timeline. The UK is now doing exactly that. The question has therefore changed. It is no longer whether the UK can move fast enough. It is whether the regime, once complete, will be calibrated well enough to compete. At Avalanche Policy Coalition, we hope that the calibration will properly take into account a workable token classification system that differentiates financial instruments from other types of assets so that the regulatory perimeter is correctly scoped, as well as preserve the distinction between infrastructure and intermediation. Developers, validators, node operators, and open-source contributors, among others, who do not custody assets or exercise unilateral discretion should not be treated as financial intermediaries. Protecting infrastructure neutrality will support innovation without weakening consumer protection. The Coherence and Competitiveness Challenge The UK’s great structural advantage has always been its integrated regulatory architecture. With HM Treasury setting the perimeter and the FCA and Bank of England dividing responsibilities along clear conduct and financial-stability lines, the system is far less fragmented than in jurisdictions where multiple federal and state authorities overlap. That should make it easier to deliver a single, coherent framework. But coherence is not automatic. It has to be designed. Firms are now looking at how the layers fit together in practice: how the FCA’s stablecoin rules interact with the Bank’s systemic regime, particularly as firms consider the transition from an FCA-only framework to dual supervision once systemic thresholds are reached; how prudential requirements align with conduct expectations; and how market-abuse, disclosure and trading-platform rules operate as a unified whole rather than as separate compliance exercises. This is not an academic question. Global firms do not build to individual consultations; they build to the overall regime. That determines where they locate trading infrastructure, where they base senior management, where they deploy capital and where new products are launched first. If the cumulative effect is predictable and proportionate, capital and talent will follow, and the UK will continue to be a competitive force around the world. Birdseye View The UK has reached the point where it can no longer be described as a jurisdiction “planning” its crypto regime. It is implementing it, on a defined timeline, with a full licensing process in sight. That is a significant achievement and one that only a small number of global financial centres have matched. The question is no longer one of speed or first mover advantage. It is about identifying the right risks and calibrating them appropriately, allowing firms to operationalise with confidence. The UK is at a crossroads. If the final framework is as coherent and proportionate, the UK has a genuine opportunity to translate regulatory progress into market leadership. Coherence requires not only institutional alignment, but clarity that different asset types and activities are appropriately regulated (or not). That is what will attract firms who are not simply looking for certainty, but for a regime within which they can scale. Otherwise, the UK will struggle to convert historical and structural advantage into long-term competitive advantage.