Is DeFi really excluded from MiCA’s scope?


Jonathan Galea

Much has been said on the topics of decentralised finance (DeFi) and the draft Markets in Crypto Assets Regulation (MiCA), with the general understanding being that DeFi is excluded from MiCA’s scope, including by way of unofficial & verbal corroboration by officials hailing from EU institutions & authorities. However, in this article, we shall be exploring whether this understanding is correct, whether it is safe to treat it as definitive, and why, potentially, it is too early to conclusively state that DeFi is really excluded from MiCA’s scope.

The presumed exclusion is based on Recital 12a, with the relevant part of the recital stating:

This Regulation applies to natural, legal persons and other undertakings and the activities and services performed, provided or controlled, directly or indirectly, by them, including when part of such activity or services is performed in a decentralized way. Where crypto-asset services as defined in this Regulation are provided in a fully decentralised manner without any intermediary they do not fall within the scope of this Regulation.

This all-important Recital merits a detailed breakdown, as it sets the tone for the argumentation to be laid out. Firstly & clearly, MiCA applies to natural, legal persons, and other undertakings that perform, provide, or control services & activities that constitute crypto-asset services as defined, both directly and indirectly – including when part of such activity or services are performed in a decentralised way. This is a potential shot across the bow to those who believe that there is sufficient comfort if services are provided through smart contract-enabled platforms.

Unfortunately, it only gets more problematic. The legislator seems to confuse decentralisation and disintermediation in the next sentence, by stating that the provision or performance of crypto-asset services is only excluded if such are provided in a fully decentralised manner without any intermediary. Disintermediation and decentralisation are distinctly separate concepts; indeed, one can decentralise intermediaries further without necessarily eliminating them, depending on the intermediaries involved. Furthermore, the notion of ‘full decentralisation’ is a fallacy – decentralisation is not a switch that one can toggle on & off, and neither is it an absolute concept. It is a multi-faceted creature, and one can only speak of decentralisation as a range rather than a determinable state of fact. At most, we can entertain the idea of ‘sufficient decentralisation’, but then again, establishing the metrics for such is a tricky business (no pun intended). However, Recital 12a requires both full decentralisation and disintermediation – a very lofty threshold indeed.

A search for the term ‘decentralised finance’ throughout the text yields results in only one other section, being Title IX (transitional and final provisions), where the Commission is tasked with the delivery of two reports both of which, inter alia, should include “an assessment on the development of decentralised-finance in the crypto-assets markets and of the adequate regulatory treatment of decentralised crypto-asset systems”, as well as assessing whether it is actually necessary and feasible to regulate decentralised finance. It is clear, therefore, that the legislators were caught off-guard with the rapid rise to prominent of DeFi, and rather than further delay the promulgation of MiCA, introduced Recital 12a as a backstop of sorts. With this Recital being hastily bungled together, there is no other option but to study the definition of a crypto-asset service provider (CASP) and some of the key crypto-asset services in order to determine whether DeFi operators are truly excluded or not.

Article 3(1)(8) defines a CASP as follows:

‘crypto-asset service provider’ means legal person or other undertaking whose occupation or business is the provision of one or more crypto-asset services to third parties on a professional basis, and are allowed to provide crypto-asset services in accordance with Article 53;

The phrase “on a professional basis” has been highlighted as it is emphasised in Recital 12, which states that “any person that provides such crypto-asset services on a professional basis should be considered as a ‘crypto-asset service provider’”. This is further emphasised in the CASP definition which states such services are provided by way of exercising an occupation or business, reasonably excluding those who provide services on a non-professional basis as well as outside their main occupation. However, contrary to certain opinions, it does not exclude natural persons; rather, being a legal person or other undertaking is a sine qua non requirement to offer crypto-asset services. This theory is supported by Recital 12a itself, which states that MiCA “applies to natural, legal persons and other undertakings and the activities and services performed”.

Speaking of undertakings, it is an important term to examine, as it determines whether the provision of services by non-profit entities is excluded or not for example. In the case Ministero dell’Economia e delle Finanze v Cassa di Risparmio di Firenze SpA and Others (decided on 10 January 2006), the European Court of Justice stated that the concept of undertaking “covers any entity engaged in an economic activity, regardless of its legal status and the way in which it is financed”. Moreover, in the case Motosykletistiki Omospondia Ellados NPID (MOTOE) v Elliniko Dimosio (decided on 1 July 2008), the ECJ stated that “the fact that the offer of goods or services is made on a not-for-profit basis does not prevent the entity which carries out those operations on the market from being considered an undertaking, since that offer exists in competition with that of other operators which do seek to make a profit”. Finally, in the case Congregación de Escuelas Pías Provincia Betania v Ayuntamiento de Getafe (decided 27 June 2017), the ECJ stated that “Services normally provided for remuneration are services that may be classified as ‘economic activities’”. Therefore, it is clear enough that the term ‘undertakings’ should be interpreted widely, and covers entities such as non-profit foundations, as long as some form of remuneration is being paid in return for the provision of services.

So far, everything is pointing towards most DeFi ‘operators’, for lack of a better term, actually being within scope of MiCA rather than outside. It is likewise difficult to argue that the mere operation of a front-end should not fall within scope of MiCA, as the definition of a front-end, ergo an ‘online interface’ as termed, reads as follows:

any software, including a website, part of a website or an application, that is operated by or on behalf of an offeror or crypto-asset service provider, and which serves to give holders of crypto-assets and clients of crypto-asset service providers access to their crypto-assets or services”.

Therefore, if a person meets the criteria constituting the definition of a CASP, and they operate ‘any software’ which includes a website, and such software grants access their crypto-assets or crypto-asset services, then they would be falling squarely within the ambit of operating an online interface. One can argue that wallet software is what grants holders access to their crypto-assets, but it is much more difficult to argue in a like manner when it comes to the question of whether the online interface is granting holders of crypto-assets, and clients of CASPs, access to crypto-asset services. After all, the only alternative is for users to tap directly into the smart contract architecture, and few users are technically apt to that level when compared to the total number of users which make use of online interfaces.

The last bastion of defence resides within the multiple definitions of crypto-asset services in order to determine the individual criteria that must be met in order to be deemed as a provider of crypto-asset services. For the sake of brevity, I shall be covering the following principal services:

  1. the operation of a trading platform for crypto-assets,
  2. exchanging crypto-assets for other crypto-assets by dealing on own account,
  3. the service on behalf of third parties of ensuring the custody and administration of crypto-assets, and
  4. the transfer of crypto-assets

The operation of a trading platform for crypto-assets (Article 3(1)(11)): means the management of one or more multilateral systems, which brings together or facilitates the bringing together of multiple third-party buying and selling interests for crypto-assets – in the system and in accordance with its rules - in a way that results in a contract, either by exchanging one crypto-asset for another, or a crypto-asset for funds.

Straight off the bat, a core component of the operation of a trading platform is the management of one or more multilateral systems. This will be the strongest point of defence for persons deploying a decentralised exchange system that brings together multiple buying and selling interests, which may include automated market makers (AMMs). Doubtlessly, a completed transaction for the purchase or sale of a crypto-asset also results in a contract, and the legislator does not specify between who the contract must be concluded – what matters is that a contract, express or tacit, results. Therefore, the best argument against classification as a CASP offering this service is to state that the deployment of smart contracts without active management does not constitute operation of a trading platform. Conversely, active management over the platform, even if it operates through smart contracts, will likely meet the various criteria of this service.

The exchange of crypto-assets for other crypto-assets (Article 3(1)(13)): means concluding purchase or sale contracts concerning crypto-assets with third parties against other crypto-assets by using proprietary capital.

The first and most pressing activity which comes to mind is the provision of liquidity in DeFi protocols. Certainly, the criterion of ‘using proprietary capital’ is ticked in such instances; but what about the rest of the definition? Unlike the previous definition on the operation of a trading platform, here the legislator specifies the type of contracts that must be concluded, being purchase or sale contracts. It can well be argued that liquidity providers do not enter into purchase or sale contracts with those who make use of DeFi protocols, particularly AMMs; moreover, the liquidity provided is both fungible and pooled in most cases, further building on the argument that no purchase or sale contracts, between the liquidity providers and those purchasing or selling, are being concluded. Therefore, it is reasonable enough to conclude that liquidity providers are not dealing on own account as defined in MiCA, although the conclusion of purchase or sale contracts must be avoided.

The custody and administration of crypto-assets on behalf of third parties (Article 3(1)(10)): means safekeeping or controlling, on behalf of third parties, crypto-assets or the means of access to such crypto-assets, where applicable in the form of private cryptographic keys.

It is perhaps best to start off the tackling of this particular service by referring to Recital 59, which excludes “hardware of software providers of non-custodial wallets” from the scope of MiCA. However, what about those instances where users deposit their crypto-assets into an address or account, the keys of which are held by an individual or group of persons? Can it be argued that this would be tantamount to the safekeeping or control of crypto-assets or the means of access to such crypto-assets? In my opinion, this is one of the most contentious bones under MiCA, as it may well capture yield-bearing protocols where the funds belonging to the users are held in multi-sig wallets, the keys to which are held by third parties who, in most cases, are the developers or core team behind the protocol itself. It is even more problematic if such crypto-assets are actively managed by the persons holding the keys, as apart from being prohibited under MiCA, it would also potentially give rise to the provision of other services.

Providing transfer services for crypto-assets on behalf of third parties (Article 3(1)(17b)): means to transfer, on behalf of a natural or legal person, crypto-assets from one distributed ledger address or account to another.

Once again, starting this section by referring to the exclusion afforded to “validators, nodes, or miners that may be part of confirming a transaction and updating the state of the underlying blockchain”, as per Recital 63d. This is an important exclusion, and it must be noted that ‘confirming a transaction and updating the state of the underlying blockchain’ is not the only activity that is excluded, since the legislator likely means it by way of an example through the uses of the words “may be part of…”. However – what if one is not a validator, node, or miner? The argument becomes much more difficult, and if such transfer is being made on behalf of a person, natural or legal, then the criteria of this particular service are likely to be met.

It is worth noting that borrowing and lending in crypto-assets is not within scope of MiCA, as clearly stated under Recital 63e. While the legislator has not opted out regulating such activities in future revisions to the Regulation, it is also worth noting that any services ancillary to the borrowing and lending in crypto-assets may fall within scope of MiCA, such as the provision of transfer services of crypto-assets.

All in all, the thesis above is sufficient to cause concern on the extent of the exclusion of DeFi from MiCA’s scope. While the general understanding is that DeFi was meant to be omitted, ultimately the interpretation of the law is typically at the hands of the regulatory & supervisory authorities and the courts of the land, not the legislator. The only remaining saving grace would be by way of much-needed clarification being offered in the guidelines to be drafted by the EBA and ESMA, especially on the hotly debated topic of ‘full decentralisation’.

In any case, centralised service providers & operators using the terms ‘DeFi’ and ‘DAOs’ as a façade for the unregulated provision of crypto-asset services may well have their days numbered.

This article has been written on the basis of the latest MiCA draft published on the 5th of October 2022, and may be subject to further changes until its official publication in the European Union’s Official Journal.


Crypto regulation