The Decentralisation Test Under the Clarity Act and MiCA: When a Decentralised Exchange Falls Within the Regulatory Perimeter

The Decentralisation Test Under the Clarity Act and MiCA: When a Decentralised Exchange Falls Within the Regulatory Perimeter

2026-06-06

A Functional Inquiry into the Identification of Controlling Persons Behind Nominally Autonomous Protocols

Robert Nogacki, Managing Partner, Kancelaria Prawna Skarbiec (Warsaw)

Abstract

This Article advances a single thesis: because neither the Markets in Crypto-Assets Regulation nor the emerging United States framework supplies a definition of “full decentralisation,” the dispositive question is not the taxonomic one—whether a given arrangement constitutes decentralised finance—but the qualificational one: whether a particular decentralised exchange falls within the regulatory perimeter. The answer, it is submitted, cannot be furnished by a lexicon; it requires an operational test capable of locating an identifiable person behind a nominally autonomous protocol. Part I situates the interpretive lacuna created when the European legislature elevated the decentralisation carve-out from recital to enacted text without defining it. Part II proposes a four-criterion functional test—fees, interface, administrative keys, and governance—organised around the question of who, in fact, exercises control. Part III examines the Ooki DAO and Van Loon decisions as the most developed common-law treatment of ownerless code. Part IV juxtaposes the Clarity Act and MiCA as two models of the same determination: the former legislates a definition, the latter preserves a test. Part V marshals recent empirical evidence—most notably a 2026 European Central Bank study—demonstrating that governance power in leading protocols remains concentrated and, paradoxically, frequently unidentifiable. Part VI concludes by reframing that very unidentifiability as a burden-shifting device.

 

The Interpretive Lacuna: Why a Test, Rather Than a Definition

When decentralised finance emerged as a fast-growing segment of the crypto-asset universe, it presented regulators with a structural difficulty that conventional frameworks were ill-equipped to resolve. Traditional financial regulation is, at bottom, a law of persons who do things rather than of activities that occur of their own accord; both the Howey inquiry[1] and the definition of a crypto-asset service provider under Article 3 of MiCA presuppose an actor who renders a service in a professional capacity.[2] The architecture of each regime is identical in this respect: liability attaches to an identifiable undertaking.

The interpretive difficulty arises from a legislative choice whose consequences were arguably underappreciated. The European legislature relocated the formulation concerning a service provided “in a fully decentralised manner without any intermediary” from the preamble—recital 22—into the operative text of Article 2(3).[3] The carve-out thereby acquired binding force; yet it was nowhere defined. MiCA contains no legal definition of full decentralisation, no threshold, and no criteria. The Joint Report of the European Banking Authority and the European Securities and Markets Authority candidly acknowledges that the Regulation does not specify how the references to full decentralisation are to be understood, and deliberately refrains from advancing legislative recommendations.[4]

From this lacuna the governing thesis follows. If the statute supplies no definition, the question “is this decentralised finance?” is malposed; the proper question is “when does this particular decentralised exchange fall within the regulatory perimeter?” That question yields not to a dictionary but to a decentralisation test—a procedure that interrogates whether an identifiable person stands behind a nominally decentralised protocol. As Part IV develops, the United States, in legislating statutory criteria for decentralised trading in the Clarity Act, has chosen the path of definition, whereas MiCA has preserved a test. The distinction is not cosmetic; it represents two models of the same determination, and their juxtaposition reveals precisely what the European exclusion requires the practitioner to seek.

 

An Operational Test: Four Criteria for Locating Control

The analytical core of this Article is a functional test that proceeds in two stages and along four criteria. The first stage asks whether the protocol is operationally decentralised—whether, that is, the software functions without ongoing human intervention. The second, and more demanding, stage asks whether governance is decentralised—whether control over the protocol’s evolution remains distributed or has, in substance, devolved upon an identifiable group. The Danish Financial Supervisory Authority has articulated a cognate principle: an activity may be regarded as decentralised only where users cannot identify a counterparty with whom to contract.[5]

Four “seams” operationalise the inquiry. Each is a point at which control, if it exists, becomes visible; each corresponds to a layer of the protocol stack as described in the recent literature.[6]

 

A.  The First Seam: Who Collects the Fees

Where a protocol routes a fee to a designated address—a so-called protocol fee switch—the recipient is, prima facie, a person deriving an economic benefit from the service. The relevant evidence is the address encoded in the smart contract and any link between that address and a team or foundation. The characteristic defence—that the fee is “merely gas for the network”—founders upon the on-chain record.

 

B.  The Second Seam: Who Operates the Interface

The front-end through which users access the underlying contracts is frequently controlled by a single entity that maintains the domain, imposes terms of service, and implements geofencing. A protocol may thus be lost at the interface even where the contract layer is genuinely autonomous: the regulator need not reach into the depths of the stack where a person holds the domain. The defence that “the protocol is ownerless; the front-end is a separate matter” underestimates the doctrinal significance of the access point.

 

C.  The Third Seam: Who Holds the Keys

Administrative privileges—the capacity to upgrade, to pause, or to alter parameters—are the most direct evidence of control. The relevant indicia include multi-signature configurations, the roster of signatories, and the existence of a proxy with an upgrade function. The assertion that “the key has been renounced” or “lies in the hands of the community” is precisely the proposition that must be proved, not assumed.

 

D.  The Fourth Seam: Who Writes the Future

The fourth seam concerns governance. Where an identifiable team sets the development agenda, deploys successive versions, and administers the treasury, control may be attributed to it notwithstanding the formal participation of token holders in voting. The community may vote, but another party sets the order of business. The empirical record here is unforgiving: the Joint Report records participation rates in DAO governance frequently below ten percent, and between three and five percent for significant decisions in protocols such as Aave and Compound.[7] Proof is therefore sought in turnout, in the concentration of governance tokens, in the identity of those who in fact implement resolutions, and in the control of the treasury.

The most recent and most rigorous evidence on this seam is furnished by a 2026 European Central Bank working paper, the import of which is twofold and is taken up in Part V.[8] It suffices here to observe that the four seams convert an otherwise indeterminate standard into a structured evidentiary inquiry: a checklist for any opinion on the status of a decentralised exchange.

The inquiry may be summarised as follows, with the factual question on the left, the evidence demanded in the centre, and the defence that thereby fails on the right.

Seam (factual question) Evidence demanded Defence that fails
1. Who collects fees Fee-recipient address in contract; link to team or foundation. “Merely gas; not our revenue.”
2. Who operates the interface Control of domain and front-end; terms of service; geofencing and KYC. “The protocol is ownerless; the front-end is separate.”
3. Who holds the keys Admin/upgrade/pause rights; multisig and signatory roster; upgrade proxy. “The key is renounced; control lies with the community.”
4. Who writes the future Turnout; concentration of governance tokens; who implements resolutions; treasury control. “A decentralised community governs.”

Ooki DAO and Van Loon: The Common Law of Ownerless Code

Two American decisions furnish the most developed treatment of how law engages a protocol that purports to have no owner; each, it is submitted, has a European counterpart. In CFTC v. Ooki DAO, the court held a decentralised autonomous organisation liable as an unincorporated association, reasoning that the transfer of nominal control to a token-holder collective did not extinguish the substance of control or the consequent accountability.[9] The doctrine survives translation: the proposition that someone must answer, and that the diffusion of control does not dissolve it, is a proposition of logic rather than of policy.

The boundary is drawn from the opposing direction by Van Loon v. U.S. Department of the Treasury, in which the Fifth Circuit set aside sanctions imposed upon a mixing protocol on the narrow ground that the immutable contracts at issue were not “property” within the meaning of the governing sanctions statute.[10] The exception proves the rule: the law declined to reach precisely that code which was genuinely ownerless, while everything over which a person retained a hand remained within its grasp. One caveat is essential to candour—the holding rests upon the statutory concept of property, not upon the First Amendment argument that the court below had declined, and the practitioner citing the case should verify the ratio accordingly.

 

The Clarity Act and MiCA: Two Models of a Single Determination

The American legislative endeavour throws the European model into sharp relief precisely because it proceeds by the opposite route. The House of Representatives passed the Clarity Act in July 2025, establishing a framework for the issuance and trading of crypto-assets that, as the Congressional Research Service observes, largely excludes decentralised finance from its scope.[11] Activities such as compiling and validating transactions, providing computational power, and operating a decentralised trading protocol are expressly placed beyond the statute’s reach; a non-controlling blockchain developer is, moreover, deemed not to be a money transmitter.

Alongside the Clarity Act stands the GENIUS Act, which regulates stablecoin issuers and whose connection to decentralised finance is, in the words of the Research Service, tangential but not nil.[12] The statute requires issuers to monitor suspicious activity and to possess the technical capacity to block, freeze, and reject transactions—a requirement conceived, tellingly, as a counterweight to an environment in which no one any longer screens the customer. It is, in substance, a legislative concession that the point at which law genuinely takes hold remains the centralised edge of the system.

The subtlety that constitutes the constitutional difference merits emphasis. The American legislator drafts a statute that excludes decentralised finance expressly; the European legislator drafts a regulation that excludes it only where it is genuinely decentralised, leaving the content of that condition to a test. The first path purchases certainty at the price of a gap; the second purchases a tool at the price of certainty. The divergence is one not of degree but of direction: the one defines the exit and declines to examine it, the other examines the exit and declines to define it. That the divergence is real rather than academic is confirmed by Congress itself, where senior members of the Senate Judiciary Committee have warned that exempting non-controlling developers from money-transmitter status would create a material enforcement gap susceptible to exploitation.

The two regimes may be compared as follows.

 

The Empirical Turn: Concentration, Delegation, and the Question of Unidentifiability

The most consequential recent contribution is a European Central Bank working paper bearing the apposite title “Who to Regulate? Identifying Actors Within DeFi’s Governance.”[13] Its authors undertook what had not previously been attempted with comparable rigour: a manual examination of the hundred largest holders and the twenty largest voters across four protocols—Aave, MakerDAO, Ampleforth, and Uniswap. The findings are doubly significant for the present thesis. First, concentration is extreme: the top hundred addresses hold more than eighty percent of governance tokens, and in Aave and Uniswap the five largest holders command nearly half. Second, and decisively, the largest voters are predominantly delegates—the top voter for Uniswap being the venture-capital firm a16z, with one hundred and twenty-five delegators. A substantial share of voting power thus flows not from a diffuse community but from identifiable addresses: protocol treasuries, exchanges, and funds.

The deeper paradox, which candour requires one to confront, is this: the same study cautions that between roughly one-third and one-half of those delegates cannot be identified from public sources. That datum reads, at first, as a counter-argument to the fourth seam—if it cannot be ascertained who holds power, how may it be attributed? The inference, it is submitted, runs the other way. If even a central bank, deploying resources unavailable to any private litigant, could not establish dispersion from public data, then a client invoking decentralisation is a fortiori unable to do so. The invisibility of the delegate is not evidence of the absence of control; it is evidence of opacity—and opacity, as Part VI develops, operates against the party bearing the burden of proof.

It bears observing that the two most recent documents on either side of the Atlantic, though composed independently, speak with one voice. The Congressional Research Service observes that American legislation targets centralised intermediaries, which is itself an admission that the market is re-intermediating rather than disintermediating; the ECB working paper demonstrates the same proposition from the data. Both, moreover, rest upon the functional framework of Aquilina, Frost, and Schrimpf, according to which decentralised finance reproduces the functions of traditional finance notwithstanding its differing technology, and therefore reproduces a comparable concentration of power.[14] If the function is the same and the concentration is the same, the burden of demonstrating that, this time, no intermediary exists must rest upon the party so contending.

 

Conclusion: Unidentifiability as a Burden-Shifting Device

Because the exclusion is an exception to the rule of regulation, the party invoking it must establish it. An opinion on the status of a decentralised exchange ought therefore not to assert that the protocol is decentralised, but rather that, measured against the four seams, the client has adduced no evidence of the absence of control in any of them. This construction shifts the burden from the supervisor to the undertaking and is, it is submitted, the only candid architecture for such an opinion.

The European Central Bank study supplies that construction with unexpected force. If a central bank could not establish the identity of a substantial fraction of decisive delegates from public sources, the client will certainly not establish dispersion by its own means. The opacity upon which the defence ordinarily relies is thus turned against it: the impossibility of identifying who governs does not prove that no one governs; it proves only that the client has not discharged the burden that rests upon it. The practitioner who confronts a client bearing an American headline—that a protocol has been “freed” from regulation—should answer with two propositions. First, it was not the law that changed its mind about protocols, but an administration, and enforcement resting on prosecutorial priorities endures only until the next election. Second, and dispositively for European purposes, MiCA knows no statutory exclusion for decentralised trading of the kind the Clarity Act contemplates; it knows only a functional test, in which a single seam leading to a person suffices. An American headline is not, therefore, a European legal basis.

The boundary of decentralised finance, in short, is not located by definition but drawn by evidence. Where any seam leads to a person, the protocol falls within the perimeter; where none does—a condition that, on the present record, no leading protocol has been shown to satisfy—the exclusion may apply. Until that record changes, the prudent course for the adviser is to treat purported decentralisation as a proposition to be proved, and to construct the opinion accordingly.

[1]SEC v. W.J. Howey Co., 328 U.S. 293 (1946).

[2]Regulation (EU) 2023/1114 of the European Parliament and of the Council of 31 May 2023 on markets in crypto-assets, OJ L 150, 9.6.2023, p. 40 (hereinafter “MiCA”).

[3]MiCA, recital 22 and art. 2(3). The exclusion applies where crypto-asset services are provided “in a fully decentralised manner without any intermediary.”

[4]EBA & ESMA, Joint Report on Recent Developments in Crypto-Assets (Article 142 of MiCAR), 16 January 2025. The report expressly declines to define “full decentralisation” or to advance legislative recommendations.

[5]Danish Financial Supervisory Authority (Finanstilsynet), Principles for the Assessment of Decentralisation in the Markets for Crypto-Assets (2024).

[6]P. Tierno, An Overview of Decentralized Finance (DeFi), Cong. Rsch. Serv. R48883 (16 March 2026).

[8]A. Born, Z. Gati, C. Lambert, M. Naeem & A. Pellicani, Who to Regulate? Identifying Actors Within DeFi’s Governance, ECB Working Paper Series No. 3208 (2026). The views are those of the authors and do not necessarily reflect those of the ECB. Data are drawn from October 2022 and May 2023 snapshots.

[9]CFTC v. Ooki DAO, No. 3:22-cv-05416 (N.D. Cal. 2023) (default judgment holding the DAO liable as an unincorporated association).

[10]Van Loon v. U.S. Dep’t of the Treasury, 688 F. Supp. 3d 454 (W.D. Tex. 2023), rev’d, 122 F.4th 549 (5th Cir. 2024) (holding that immutable smart contracts are not “property” within the meaning of the IEEPA). Cf. Carman v. Yellen, 112 F.4th 386 (6th Cir. 2024).

[11]Digital Asset Market Clarity Act of 2025, H.R. 3633, 119th Cong. (as passed by the House, July 2025) (hereinafter “Clarity Act”); see also Blockchain Regulatory Certainty Act, H.R. 3533.

[12]Guiding and Establishing National Innovation for U.S. Stablecoins Act, Pub. L. No. 119-27 (July 2025) (hereinafter “GENIUS Act”), § 4(a)(5).

[14]M. Aquilina, J. Frost & A. Schrimpf, Decentralized Finance (DeFi): A Functional Approach, 10 J. Fin. Reg. 1 (2024).

Topical publications

The Grind: Inside the Telegram-Group Investment Con
2026-06-03

The Grind: Inside the Telegram-Group Investment...

It began, as these things tend to, with a stranger who seemed to want nothing. Marta—a composite, assembled from the…

read more
The Crypto-Asset Market Act: A Guide to the MiCA Regime in Poland
2026-05-30

The Crypto-Asset Market Act: A Guide...

On 22 May 2026, the Crypto-Asset Market Act (Sejm print 2363) was transmitted to the President for signature. For a…

read more
Why Was a Polish Crypto C.E.O. Collecting Offers for Mortars, Submarines, and Gold?
2026-05-25

Why Was a Polish Crypto C.E.O....

The founder of Poland’s largest bitcoin exchange led two parallel lives. Polish prosecutors have spent four years not asking why.…

read more
See more publications