How can DeFi protocols obtain exemptions under the European MiCA crypto regulations?

Navigating the European MiCA Crypto Regulations Exemption Options for DeFi Protocols

Author | BCAS Legal Group

Translation | GaryMa Talks Blockchain

Original Article Link:

https://blog.bcas.io/meaning-of-fully-decentralised-under-mica

• LD Capital Track Weekly Report (10.30) Market Sentiment Bullish
• LianGuaiWeb3.0 Daily | HashKey announces upcoming issuance of ERC-20 platform token HSK
• Rush to issue cards, the business secrets behind encrypted payment cards

Words cannot express how dissatisfied I am with the use of the term “fully decentralized” in MiCA. As a “legal romantic,” I cannot accept the use of a term that is practically unachievable in the final version of MiCA, even though it is only in the preamble and not part of the formal law. I firmly believe in the principle that “the law does not require people to do futile or impossible things, or to perform tasks that are impossible for them to execute.”

It seems that the European Securities and Markets Authority (ESMA) agrees with the above viewpoint, as evident in MiCA’s RTS/ITS Second Consultation Paper (referred to as “2CP”). To set the tone for the following arguments, we recommend reading our previous articles on MiCA and DeFi, as well as the controversial statement quoted below from Article 22:

This regulation should apply to natural persons and legal entities, as well as certain other legal entities, and to crypto-asset services and activities provided or controlled directly or indirectly by them, even if some parts of those activities or services are performed in a decentralized manner. If crypto-asset services are provided in a fully decentralized manner without any intermediation, they should not be included in the scope of this regulation. This regulation covers the rights and obligations of crypto-asset issuers, providers, traders, and crypto-asset service providers.

In the previous part we published, we came to a conclusion that testing to determine if a person falls within the scope of MiCA, particularly when it comes to DeFi-related topics, involves two stages:

1. Does the person meet the definition of CASP (crypto-asset service provider) as specified in MiCA Article 3(1)(15)?

2. If the person meets this definition, do they provide one or more crypto-asset services defined in MiCA Articles 3(1)(16) to 3(1)(26)?

The major issues identified are the broad definition of CASP (crypto-asset service provider) and certain crypto-asset services, which is reasonable and understandable, but raises some concerns regarding the determination of what falls within or outside the scope in Recital 22. However, ESMA’s Second Consultation Paper provides some crucial clarity to this heated debate.

As the most comprehensive consultation document by ESMA on MiCA to date, it covers multiple themes, and the purpose of this article is to address the continuity and regularity of the enforcement of crypto services, particularly with regard to the use and interaction with permissionless distributed ledger technology (DLT).

ESMA has proposed the following definition for permissionless DLT:

“Permissionless distributed ledger technology” refers to a technology that enables the operation and use of a distributed ledger, in which there is no entity controlling the distributed ledger or its use, and no entity providing core services for the use of this distributed ledger. DLT network nodes can be established by anyone who meets the technical requirements and protocols.

Other organizations such as FATF and IOSCO have a common theme running through their legislative and regulatory efforts for DeFi, which is similar to this theme. The aim is to maintain a permissionless and/or decentralized ecosystem, where no single entity can be considered as exercising control over the underlying ledger. The proposed definition further indicates that control over the distributed ledger should not extend to its use, and similarly, a single entity should not be able to provide core services at its endpoint, which would be deemed as exercising control to an extent that is fundamental and necessary for the use of the distributed ledger.

In other words, a single entity is not allowed to render a distributed ledger non-functional or non-existent without the core services it provides. These are the conditions that must be met for a technology to be defined as a “permissionless distributed ledger”. In this case, the distributed ledger must be free from control by a single entity, and its use should not depend on any core services provided by a single entity. Regarding the latter point, I have taken the liberty of offering some further explanation, as anyone can provide core services for the maintenance and normal operation of a permissionless DLT; the best examples I can think of are Blockstream for Bitcoin, and ConsenSys for Ethereum. Of course, the existence of certain individuals may be considered more important in terms of their role in development than others, but this does not mean that the underlying distributed ledger network cannot be used without them. It can be reasonably argued that the proposed definition should be adjusted to better reflect the neutral fact of the relevant technology, to ensure that the law faithfully reflects the actual situation of the technology involved.

Speaking of the technical reflection within the law, it is gratifying that ESMA itself seems to be confused by the legislators’ use of the term “fully decentralized,” as shown in point 108 of 2CP:

ESMA acknowledges that in MiCA’s Recital 22 it is mentioned that “(…) if crypto asset services are provided in a fully decentralized manner, without any intermediaries, it should fall outside the scope of MiCA, but notes at the same time that the exact scope of this exemption remains uncertain. ESMA believes that each system should be assessed on a case-by-case basis, taking into account the characteristics of the system. In this context, ESMA considers it necessary to clarify how the former trading transparency should apply to these protocols. This does not affect any clarifications that may be made in the future concerning the scope of the exemption for fully decentralized systems.”

ESMA further acknowledges that decentralization is not binary but a spectrum ranging from centralization to increasing degrees of decentralization, the extent of which can never exceed a threshold that can be claimed as “fully decentralized”. This is proven in point 98 of 2CP, which states:

In DEX, blockchain replaces intermediaries. DEX uses automated code (typically referred to as “smart contracts”) to directly execute transactions (with varying degrees of decentralization) on the settlement layer of the blockchain.

In fact, it can also be safely assumed that to minimize the risk of a permissionless DLT not maintaining such decentralization, more individuals should be involved in various capacities, from development roles to participating in consensus mechanisms as validators, miners, or nodes. The more responsible individuals, the more decentralized the underlying network or protocol becomes. It is never possible to say that decentralization has been achieved now and no more individuals are needed, because establishing such a threshold would imply the opposite feeling, that is permissioned.

Indeed, ESMA clarifies that MiCA is by no means intended to prevent or prohibit CASPs from using permissionless DLTs according to point 71 of 2CP, where it stipulates that regulatory authorities should not favor one when determining certain differences between the use of permissioned and permissionless DLT infrastructures. Unreasonably requiring CASPs to comply with the outsourcing requirements mentioned in Article 73 without flexibility or distinction, when it comes to using permissionless distributed ledger infrastructures, may unintentionally hinder their use of permissionless distributed ledgers, which goes against the spirit of the MiCA regulation.

However, the key point of this paper lies in point 63 of 2CP, which states:

With regard to contractual arrangements, Article 73 of MiCA details how CASPs should address risks associated with third-party providers. However, there is no legal basis to consider permissionless DLTs used by CASPs as third-party providers, as interacting with permissionless blockchains does not require formal contractual relationships (such as service level agreements). If the use of permissionless DLT infrastructures does not constitute a third-party provider relationship (in the traditional contractual sense), then it would not fall within the scope of the MiCA outsourcing provisions. In such cases, permissionless DLT can be considered as a “public resource” as mentioned in point 63 of 2CP. Ideally, any factors that could lead to the establishment of a service provider-client relationship, such as fees (excluding transaction fees paid to validators/miners), should be minimized or eliminated to ensure the non-existence of such a relationship. This would provide a dual layer of “protection” for DeFi technology, allowing it to be fully exempted from the scope of MiCA.

This is not only interesting but also crucial, as ESMA firmly states that using permissionless DLTs should not be interpreted as formal contractual relationships for CASPs (crypto-asset service providers), as firstly, such relationships are not even necessary, and secondly, permissionless DLTs are a “public resource” operated by no single individual or entity, meaning formal contractual relationships cannot exist in any case, as legal contracts require at least two parties. In fact, ESMA is leveraging this line of reasoning to exclude the need for CASPs to comply with MiCA outsourcing provisions when using permissionless DLTs.

This supports an argument that as long as a specific protocol or platform (referred to as “technology”) meets the definition of “permissionless DLT,” meaning that no entity controls the technology or its use, or that the technology cannot be used without it, as long as the technological requirements are met and complied with, then the same technology can be classified as “permissionless”. According to the definition of “permissionless DLT,” this means that permissionless technology cannot be controlled by any single entity, which in turn means that the technology itself must be sufficiently decentralized, meaning that no one is in control of it or its use.

This theory can be practically applied to DeFi protocols or platforms that are based on or integrated with permissionless DLT. As long as the DeFi technology (typically including a set of smart contracts executed on a permissionless DLT and a frontend that provides a GUI for users to interact with the smart contracts) is not controlled by a single entity and there is no single entity controlling its use or providing core services without which the services cannot operate, then the same DeFi technology falls outside the regulatory scope of MiCA. This requires decentralization at multiple levels, including the existence of multiple frontends so that access to smart contracts through the GUI does not depend on a single frontend operated by an entity, as frontends can be considered the primary way of accessing the underlying smart contracts that constitute the DeFi technology.

In addition, by approaching this issue from different angles, in order for a DeFi protocol or platform to fall within the scope of MiCA, there must be a service provider-customer relationship, as we have previously suggested. Without a service provider-customer relationship, users accessing DeFi technology are not treated as customers of a CASP providing crypto asset services; it can be argued that users are accessing a “public resource,” as mentioned in point 63 of the 2CP. Ideally, any elements that could lead to the establishment of a service provider-customer relationship, such as fees (excluding transaction fees paid to validators/miners), should be minimized or eliminated to avoid the presence of such a relationship. This would provide a dual “protection” for DeFi technology to ensure that it fully meets the exemption criteria set out in MiCA.

Therefore, it can be concluded with confidence that as long as no one controls the DeFi protocol/platform and its use, and no one plays a fundamental and necessary role in the operation of the DeFi protocol/platform, without which the DeFi protocol/platform cannot be used, then the same DeFi protocol/platform can be regarded as unaffected by MiCA. Or, to use the term that the legislator likes and I dislike, it can be considered “fully decentralized”.

We will continue to update Blocking; if you have any questions or suggestions, please contact us!