The Markets in Crypto-Assets Regulation (MiCAR) excludes crypto-asset services that are provided in a fully decentralised manner without any intermediary from the scope of the regulation. In contrast, partially decentralised DeFi services can be covered by MiCAR. However, the legislator does not define what exactly is meant by “full decentralisation” of the DeFi protocols. This leads to the unanswered question of whether DeFi applications truly fall outside the scope of the regulation in practice.
The members of the DeFi ecosystem operate based on various decentralisation models.
In a technical sense, decentralisation of DeFi applications means that running transactions, which are running in the “DeFi-background” and the overall DeFi structure, are governed by independent network members or by algorithmic governance.
Technically, DeFi consists of different stack layers (namely: settlement, asset, protocol, application and aggregation layers) and each layer can offer its own “decentralisation component” to the particular DeFi application. For example, governance tokens can be issued at the asset layer. Later, these governance tokens can be used for the decentralised “management” of the particular DeFi protocol – namely, for creating proposals and voting on them.
At the same time, some degree of centralisation can be seen at every DeFi layer. For example, the protocol layer can include access to an admin key, which allows its owners (in most cases developers) to have an influence on the functionality of existing smart contracts – for instance, to modify them.
Based on the concentration of power, three subcategories of DeFi governance models can be identified in practice (see for a similar classification, especially, DeFi Policy-Maker toolkit, p. 9: https://www3.weforum.org/docs/WEF_DeFi_Policy_Maker_Toolkit_2021.pdf ):
“Centralised” DeFi – DeFi developers or the company behind the DeFi project control the governance of the protocol and can implement any changes – e.g., in smart contracts, fees, assets, etc.
Partially decentralised DeFi – holders of governance tokens only receive limited “governance rights”, or, e.g., their voting power is centralised by the veto power of a few large (multisig) wallets, etc.
Fully decentralised DeFi – token holders govern the system independently through algorithmic governance (e.g., DAO).
In practice, it is challenging to find the dividing line between these three subcategories of DeFi applications.
Defining DeFi types under MiCAR
MiCAR generally distinguishes between partially decentralised DeFi and fully decentralised DeFi:
Partially decentralised DeFi under MiCAR – Recital 22 of the MiCAR outlines that “regulation should apply to natural and legal persons and certain other undertakings and to the crypto-asset services and activities performed, provided or controlled, directly or indirectly, by them, including when part of such activities or services is performed in a decentralised manner”.
Fully decentralised DeFi under MiCAR – according to the Recital 22 of the MiCAR “where crypto-asset services are provided in a fully decentralised manner without any intermediary, they should not fall within the scope of this Regulation”. In addition, “where crypto-assets have no identifiable issuer, they should not fall within the scope of Title II, III or IV of this Regulation”.
This means that a relevant feature for the decentralised nature of a DeFi protocol under MiCAR is the existence of identifiable natural and legal persons or certain other undertakings that generally “control” (partially) decentralised DeFi services. Thus, the legislator aims to avoid potential legal uncertainty by making this person/undertaking liable for DeFi activities later.
However, it is still an open question at which DeFi layer these “intermediaries” should act and, in this way, lead to the partial concentration of power in a DeFi project.
For example, should these persons/undertakings perform, provide or control crypto-asset services and activities only at the core layer of governance of the DeFi protocols – at the protocol layer? What happens in the case of the aggregation layer of DeFi where completely different (even centralised and decentralised) DeFi applications can be combined? Or maybe these persons that bring partial decentralisation to DeFi applications should perform their activities only at the asset layer of DeFi where governance tokens emerge? Can crypto staking be seen as “partially decentralised” under MiCAR? Can centralisation of the liquidity in case of the DeFi lending be seen as “partial decentralisation” in a sense of the MiCAR?
All these questions cannot always be answered in a uniform manner since the legislator fails to adequately define the concept of “full decentralisation.”
It is worth noting that, in practice, at different stages of the development of DeFi applications, we can mostly find certain actors who, at least partially, “control” DeFi governance at different layers. The mechanisms to “correct” DeFi-governance will be needed in most cases, and these mechanisms will result in “partial centralisation”. Without some degree of centralisation, it would be impossible to operate DeFi protocols.
Furthermore, difficulties can arise in the case of DeFi services that combine different DeFi applications. There will be cases, when the same DeFi provider simultaneously performs activities that fall within the scope of the MiCAR and activities that fall out of the scope of the MiCAR.
In general, every DeFi project should be evaluated carefully and for full decentralisation of the governance process (especially, in the case of the token-based governance) it is essential that there does not exist a (partial) concentration of voting/proposal rights. More precisely, there can be DeFi applications, that are based on at least partial concentration of voting rights, e.g., token holders can propose and vote for decisions, but the transactions, as delegated transactions can be solely executed by multisig groups, that as a result leads to the partial decentralisation and falls under MiCAR.
All in all, there are many small technical and organisational details that should be considered when assessing whether a DeFi service has a fully decentralised nature and falls outside the scope of the MiCAR. It should be mentioned that the legislator does not provide clear guidelines for this examination.