Key Takeaways:
Malta's financial regulator proposed a legal framework for decentralized autonomous organizations and DeFi protocols on June 12, arguing that many projects claiming full decentralization retain centralized features that may bring them under the European Union's Markets in Crypto-Assets Regulation.
"MiCA excludes fully decentralized models from its regulatory scope, meaning that projects without intermediaries or central control may not need to comply with MiCA," the Malta Financial Services Authority said in a discussion paper published June 12.
The paper proposes recognizing DAOs as a type of "software-based organization," separating the legal framework governing the entity from the rules governing the underlying protocol. It also examines segregated cell companies as potential legal wrappers for DeFi projects and explores "guardian agents" — automated tools designed to embed risk controls directly within protocols. The MFSA noted that most DeFi protocols retain administrator keys, concentrated governance, upgrade rights and control over user-facing interfaces — all indicators of incomplete decentralization.
The consultation, open for feedback until July 10, positions Malta to shape how the EU treats DeFi under MiCA as the bloc's crypto framework matures. The outcome could determine whether hundreds of DeFi protocols face compliance obligations or operate outside the regulatory perimeter, with implications for an industry that managed more than $80 billion in total value locked across Ethereum and Solana as of June.
The MFSA's paper builds on Malta's 2018 Virtual Financial Assets Act, which established one of the first comprehensive crypto regulatory frameworks in Europe. The authority has since become a primary EU licensing base, where Blockchain.com won EU-wide approval through the MFSA to offer custody and wallet services across the European Economic Area, and BVNK secured a MiCA license to expand stablecoin infrastructure.
The discussion arrives as European policymakers intensify scrutiny of DeFi. A European Central Bank working paper published in March found that governance and control across four major DeFi protocols remained highly concentrated, suggesting many projects may struggle to qualify as "fully decentralized" and therefore fall outside MiCA's scope. In May, the European Commission launched a targeted review of MiCA seeking feedback on whether gaps in the framework warrant additional regulation for DeFi.
Not all policymakers agree a new DeFi rulebook is necessary. European Commission adviser Peter Kerstens said earlier this month that policymakers should prioritize integrating tokenization into a broader digital asset framework rather than pursuing a second version of MiCA focused on DeFi, speaking at the WAIB Summit Monaco.
The MFSA also flagged financial crime risks, citing Financial Action Task Force and Chainalysis data showing stablecoins accounted for roughly 84 percent of illicit virtual asset transaction volume in 2025. The regulator said persons exercising control over a protocol may qualify as virtual asset service providers under the FATF's "same risk, same rule" principle.
The authority stressed the paper sets out no policy position and its proposals remain non-binding. It will review feedback before deciding whether to develop detailed proposals.
This article is for informational purposes only and does not constitute investment advice.
