Project Crypto: SEC and CFTC Finally Draw the Bright Lines Between Securities and Commodities

General
1

On January 30, 2026, something happened that many of us have been waiting years for. SEC Chair Paul Atkins and CFTC Chair Michael Selig stood together at a joint press event and announced that Project Crypto – previously an internal SEC initiative – would become a coordinated interagency effort to harmonize federal oversight of digital asset markets.

As someone who spent years inside the SEC before moving to the private side, I cannot overstate how significant this is. For the first time, both agencies are publicly committing to draw bright-line distinctions that answer the question crypto firms have struggled with since 2017: Am I regulated by the SEC, the CFTC, or both?

The Core Announcement: Most Crypto Assets Are Not Securities

CFTC Chairman Selig aligned himself squarely with Chair Atkins’s position that many crypto assets currently trading in secondary markets are not securities – including digital commodities, digital collectibles, and digital tools – even when they are sold as part of an investment contract.

That last part is the real headline. The traditional Howey test from SEC v. W.J. Howey Co. (1946) has been the governing framework, but the agencies are now signaling that the investment contract wrapper does not automatically make the underlying asset a security. This is a categorical shift from the Gensler-era enforcement posture.

CFTC staff have been instructed to work with the SEC on a joint token taxonomy – a codified classification framework that will serve as an interim measure while Congress works on statutory definitions.

Three Pillars of the Initiative

The joint workstreams are organized around three core pillars:

1. Regulatory Clarity

Bright-line jurisdictional rules: which assets fall under SEC oversight, which under CFTC commodity jurisdiction, and how mixed assets (tokenized securities, derivatives on crypto commodities) are handled.

2. Market Structure Modernization

Expansion of tokenized collateral frameworks, facilitation of novel derivatives products (including perpetual contracts that have historically only been available offshore), and reassessment of leveraged/margined retail commodity transaction rules.

3. Innovation Safe Harbors

Protecting software developers from automatic classification as regulated intermediaries. This is huge for the DeFi space – the idea that writing open-source code does not automatically make you a broker-dealer or futures commission merchant.

The MOU: Formalizing the Relationship

The agencies plan to sign a comprehensive Memorandum of Understanding covering:

  • Information sharing and data protocols
  • Joint surveillance coordination
  • Supervisory cooperation
  • Leadership-level engagement designed to survive beyond current political appointees

That last point matters. One of the biggest risks in crypto regulation has always been regime change. The fact that they are building institutional structures – not just issuing guidance letters – suggests this framework is meant to be durable.

What This Means Practically

Chair Atkins acknowledged the historical “turf war” between the agencies and described the fragmented oversight as “not a safeguard for investors so much as a source of confusion.” That is a remarkable admission from the head of the SEC.

For builders and companies operating across both securities and commodities regulation – trading venues, token issuers, asset managers, custodians, fintech platforms – the practical implications include:

  • Reduced compliance duplication: No more having to register with both agencies for overlapping requirements
  • Clearer product structuring: Definitive guidance on whether your token is a commodity or a security
  • Accelerated rulemaking: Formal rules over 12-24 months rather than regulation-by-enforcement
  • Onshoring incentives: Explicit goal of bringing crypto activity back to U.S. markets

The prediction markets space also gets clarity – the CFTC is withdrawing its 2024 proposed rule restricting political and sports-related event contracts, and will develop clearer standards instead.

My Take

I have been saying for years that compliance enables innovation, and this announcement validates that thesis. The pivot from enforcement-driven policy toward statute-based rulemaking is exactly what the industry needed. But I want to be clear-eyed about what this is and what it is not.

This is a framework commitment, not finished regulation. The details will be filled in through rulemakings, interpretations, and legislation over the next 12-24 months. There will be comment periods, lobbying, and inevitable political pressures.

What gives me confidence is the institutional design – the MOU, the joint workstreams, the explicit goal of durability beyond current leadership. This is not another no-action letter that gets withdrawn by the next administration.

I will be tracking every development closely and sharing analysis here. For those of you building products or running protocols, now is the time to engage with the rulemaking process. The comment periods are where the real policy gets made.

Sources and further reading:

What are your thoughts? How does this change your roadmap?

2

Rachel, this is an outstanding breakdown. Thank you for putting this together so quickly.

As someone in the middle of raising a pre-seed round for a Web3 startup here in Austin, I have to tell you – this news changes the entire fundraising conversation. Up until last month, every VC meeting I had started with the same question: “What is your regulatory risk exposure?” And my honest answer was always some version of “we do not know yet, because no one has told us the rules.”

That answer killed deals. Full stop.

The Fundraising Angle

If the token taxonomy gets codified the way Selig is describing it – where utility tokens and digital commodities are clearly outside SEC jurisdiction – that removes the single biggest objection investors have had. Right now, the crypto venture market has been sitting on the sidelines because nobody wanted to fund a project that might get a Wells notice six months later.

I have been tracking the numbers. U.S. crypto venture funding dropped significantly during the enforcement-heavy era, with a lot of that capital flowing to Singapore, Dubai, and the UK. If this framework sticks, I think we see a major repatriation of startup activity back to American markets.

The Practical Question

Here is what I want to understand from the legal side: during this 12-24 month rulemaking window, what is the status quo? Are projects that launch tokens today operating under the old enforcement framework or the new taxonomy-in-progress? Because there is a huge difference between “we intend to classify most tokens as commodities” and “most tokens are now officially classified as commodities.”

For founders like me, the gap between announcement and implementation is where careers go to die. I have seen too many startups plan around promised regulatory clarity that never materialized.

What I am Actually Doing About It

That said, I am cautiously optimistic. We are accelerating our token design work and have started conversations with two law firms about how to structure our launch to align with the expected taxonomy. The innovation safe harbor for developers is particularly relevant – we are building open-source tooling and the last thing we need is to be classified as a broker-dealer because we wrote a smart contract.

Better to be proactive than reactive, as Rachel likes to say. But I would love to hear from others who are making real business decisions based on this. Are you accelerating timelines? Restructuring token models? Moving operations back onshore?

This feels like a genuine inflection point, but I have been burned before.

3

Excellent analysis, Rachel. And Steve raises exactly the right practical questions.

I want to zoom in on something that I think is being overlooked in the excitement: what does this mean for DAO governance tokens?

Governance is a marathon, not a sprint, and the classification of governance tokens has been one of the most ambiguous areas in all of crypto regulation. A governance token that grants voting rights over a protocol treasury – is that a security? A commodity? A “digital tool”? Under the old regime, the answer depended entirely on which enforcement attorney you asked.

The Governance Token Question

The token taxonomy reportedly distinguishes between digital commodities, digital collectibles, and digital tools. Governance tokens could plausibly fall into any of these categories, or none of them. Consider the spectrum:

  • Pure governance tokens (voting only, no economic rights) – likely “digital tools” under the new taxonomy
  • Governance + fee sharing (voting rights plus protocol revenue distribution) – this starts looking more like a security under Howey
  • Governance + staking (vote-escrow models like veCRV) – economic incentives tied to locking, which complicates the analysis
  • Governance + treasury claims (tokens that can vote to allocate funds to themselves) – this is where it gets genuinely murky

Most major DAOs operate somewhere in the middle of this spectrum. MakerDAO, Compound, Uniswap – they all have governance tokens with varying degrees of economic linkage. The “bright line” needs to account for this complexity.

The DAO Liability Framework

The innovation safe harbor for developers is welcome, but it does not directly address DAO contributors. If you are a delegate in a major DAO, are you an “intermediary” under the new framework? What about core contributors who are not developers but participate in governance decisions that affect token value?

In many DAOs, the line between “user” and “operator” is deliberately blurred. That is by design – decentralization is a spectrum, and the most resilient governance structures distribute decision-making across many participants. But regulatory frameworks generally need to identify responsible parties.

What I Hope to See

I would love to see the joint taxonomy include a specific carve-out for governance mechanisms that meet certain decentralization thresholds. Something like: if no single entity controls more than X% of voting power, and governance decisions are executed through transparent on-chain processes, the governance token is classified as a digital tool rather than a security.

This would give DAOs a concrete target to aim for. Right now, many governance structures are designed by vibes rather than by reference to any regulatory standard. Code is law, but community is constitution – and both need to operate within a recognizable legal framework.

Rachel, from your time at the SEC, do you have any sense of how the staff thinks about governance tokens specifically? Has there been internal discussion about DAO-specific classification criteria?

4

Great thread. I want to bring a different perspective here as someone who works at the protocol layer.

The policy discussion is important, but I keep coming back to a fundamental technical question: can traditional regulatory categories even map cleanly onto how blockchain systems actually work?

The Technical Reality of Token Classification

When the taxonomy talks about “digital commodities” versus “digital tools” versus “securities,” it is imposing categories that were designed for clearly separable asset classes. But on-chain, a single token can serve multiple functions simultaneously through composability.

Take ETH as the canonical example. At any given moment, ETH is:

  • A commodity (fuel for computation on the network)
  • A staking asset (locked in validators earning yield – which looks like a security)
  • Collateral in DeFi protocols (used to mint stablecoins, provide liquidity)
  • A governance input (staking weight influences validator selection and thus network governance)
  • A medium of exchange (used to pay for goods and services)

Which category does it fall into? All of them. None of them. The answer changes depending on which smart contract is interacting with it at any given block.

This is not a problem that a taxonomy can solve by drawing brighter lines. It is a fundamental mismatch between regulatory ontology and technical architecture.

The Developer Safe Harbor Problem

I am encouraged by the safe harbor language for developers, but the devil is in the implementation. As someone contributing to Ethereum core development and building cross-chain infrastructure, I need to understand what “developer” actually means in this context.

Consider a typical open-source contribution flow:

  1. I write a smart contract library for cross-chain messaging
  2. Someone forks it to build a DEX
  3. That DEX lists tokens that might be securities
  4. The DEX generates fees that flow to liquidity providers

At which point in this chain does “developer” become “intermediary”? If I write the underlying protocol code, am I protected? What if I also run a validator node that processes transactions on the protocol I helped build? What about MEV searchers who extract value from the ordering of transactions – are they developers, operators, or something else entirely?

The existing financial regulatory frameworks assume clear intermediary relationships: broker connects buyer to seller, exchange provides the venue, clearinghouse settles the trade. On-chain, these functions are performed by code, and the “intermediaries” are often just anyone who runs a node.

What Would Actually Work

Rather than trying to classify tokens into static categories, I would advocate for a functional regulatory approach – regulate the activity, not the asset. If someone is providing exchange services, regulate them as an exchange regardless of what assets they list. If someone is offering investment returns, apply investor protection rules regardless of whether the underlying asset is called a commodity or a tool.

This is how the EU approached MiCA, and while it is far from perfect, at least it maps more cleanly onto how the technology actually works.

David raises excellent points about governance tokens. From a technical standpoint, the distinction between “pure governance” and “governance plus economic rights” is often a single boolean parameter in a smart contract. Should one line of Solidity code determine whether an entire protocol falls under SEC or CFTC jurisdiction?

I will be watching the technical advisory process closely. If the rulemaking does not include engineers who understand how these systems are built, we will end up with classifications that look clean on paper but are impossible to implement in practice.

5

Brian nails the core technical problem, and I want to build on it from the DeFi protocol side specifically, because this is where the rubber meets the road for my work.

I run yield optimization strategies across multiple DeFi protocols. Every single day, my systems interact with tokens that would fall into different regulatory buckets under the proposed taxonomy – sometimes within the same transaction. The idea that you can draw a static bright line around assets that are inherently dynamic and composable is… well, it is optimistic.

The DeFi Composability Challenge

Let me walk through a real example that happens thousands of times per day on Ethereum:

  1. A user deposits ETH (“digital commodity” under the taxonomy) into Lido
  2. They receive stETH (a liquid staking derivative – commodity? security? tool?)
  3. They deposit stETH into Aave as collateral (now it is functioning as a financial instrument)
  4. They borrow USDC against it (stablecoin – separately regulated)
  5. They deposit the USDC into a Curve pool to earn yield (liquidity provision – is this an investment contract?)
  6. They receive CRV rewards (governance token with economic rights – David, this is your question)
  7. They lock CRV for veCRV to boost their yields (vote-escrowed governance plus economic participation)

That is seven regulatory classification decisions in a single user flow. Under the current system, nobody knows which agency has jurisdiction over each step. Under the proposed taxonomy, we might at least know which category each asset falls into – but the interactions between them create novel regulatory questions that no taxonomy can fully anticipate.

What Excites Me

That said, I am genuinely excited about two things:

Perpetual contracts coming onshore. This is massive. The perps market is enormous – dYdX, GMX, and others have been operating offshore precisely because the CFTC had not created a viable path for U.S.-based perpetual futures trading. If the rulemaking opens a path for regulated perps markets in the U.S., that is a multi-billion dollar opportunity for American DeFi protocols.

Tokenized collateral expansion. My yield optimization work depends heavily on collateral efficiency. If regulators formally recognize tokenized RWAs and on-chain derivatives as eligible collateral, that massively expands the capital efficiency of DeFi lending markets. We could see institutional treasuries using tokenized T-bills as collateral in DeFi protocols, which would bring unprecedented liquidity depth.

What Worries Me

The 12-24 month rulemaking timeline is both too long and too short. Too long for protocols that need clarity today to make design decisions. Too short to get the technical details right for something as complex as cross-protocol composability.

Steve asked about the gap between announcement and implementation – from my experience, this is where the real risk is for DeFi. During the rulemaking period, we are in a gray zone. Do you keep building and hope the final rules align with your architecture? Or do you freeze development and wait for certainty?

I am choosing to keep building, but I am stress-testing every design decision against both the current enforcement framework and the likely direction of the new taxonomy. Data-driven decisions, not hopium.

Rachel, one specific question: the MOU mentions “joint surveillance coordination.” For DeFi protocols that operate through immutable smart contracts, what does surveillance even look like? You cannot subpoena a smart contract. Does this imply increased scrutiny on front-end operators and RPC providers like our friends at BlockEden?