Non-Custodial DeFi Policy Principles 

  1. Regulatory Obligations Should Follow Custody or Control 
    • Financial regulatory obligations should apply to entities that custody user assets or exercise discretionary control over transactions on behalf of users. 
  1. Non-Custodial Developers Are Not Money Transmitters 
    • Developers who do not hold or control users’ digital assets should not be subject to financial regulations simply for building, publishing, or maintaining open-source DeFi software. 
  1. Permissionless Protocols Are Infrastructure, Not Intermediaries 
    • Open source, permissionless protocols are core digital infrastructure, and should be treated as such.  Classifying these protocols as financial intermediaries, whether as money transmitters, money services businesses, or other financial institutions, fundamentally mischaracterizes what they are and how they function. 
  1. Software Maintenance Does Not Create Financial Intermediary Status 
    • Financial regulators should clarify that maintaining, upgrading, or debugging non-custodial protocols, liquidity pools, smart contracts, oracles, or similar infrastructure does not make an individual or organization a financial intermediary. 
  1. Developer Protections Apply Across the Protocol Lifecycle 
    • Legal protections for open-source protocol development should extend to the full lifecycle of decentralized systems, including deployment, upgrades, security improvements, and ongoing maintenance. 
  1. Law Should Distinguish Between Digital Assets and Smart Contract Software 
    • Regulatory frameworks should clearly differentiate between digital assets, which function as property, and open-source smart contracts, which are software infrastructure (not property). 
  1. Developers Are Not Liable for Third-Party Use of Open Infrastructure 
    • Developers who create open-source software tools should not face civil or criminal liability solely for the independent actions of third parties who use those tools. 

Intermediated (Institutional) DeFi Policy Principles 

  1. Intermediaries Bear Compliance Obligations When Using DeFi 
    • Financial intermediaries and custodians that access DeFi protocols on behalf of clients should remain responsible for regulatory compliance obligations. 
    • Developers who build or maintain related smart contract software should not be treated as financial intermediaries solely for creating the underlying code. 
  1. Regulatory Obligations Follow Institutional Control 
    • Maintaining or upgrading decentralized infrastructure should not trigger financial intermediary status, though regulatory and data protection obligations should apply when such systems are created, owned, and operated by financial institutions. 
    1. Protect Proprietary Financial Software and Assign Responsibility Accordingly
      • When financial infrastructure is built using proprietary code or intellectual property—such as smart contracts, liquidity pools, vaults, algorithms, or AI agents—it should not be treated as open-source software.
      • Entities that control or deploy such proprietary systems should bear regulatory obligations proportionate to the financial activities those systems perform on behalf of users. 
      1. Institutional Use of DeFi Supports Fiduciary Obligations 
        • Digital asset institutions have the fiduciary obligation to act in the best interest of their clients.
        • Institutions should therefore not be excluded from leveraging DeFi vaults, protocols and platforms to perform their duty of best execution. 

          If you have any questions, please reach out to policy@digitalchamber.org