Getting Infrastructure vs. Intermediary Right: EU Transfer of Funds Regulation and the US GENIUS Act

How the SEC’s User Interface Guidance Aligns with APC’s Framework Recent guidance from the SEC’s Division of Trading and Markets on broker-dealer registration for user interfaces (the “Staff Statement”) marks an important step toward bringing clarity to digital asset regulation. While the statement focuses specifically on user interfaces interacting with crypto asset securities, its broader significance lies in the analytical framework it adopts. That framework closely aligns with the Avalanche Policy Coalition’s (APC) long-standing position: Regulation should turn on the nature of the activity, not the technology used to perform it. In our May 2025 submission to the SEC Crypto Task Force, we articulated this concept as the “nature of the activity test.” The Staff Statement demonstrates that this approach is increasingly reflected in regulatory practice. The Core Question: When Does a Tool Become an Intermediary? The SEC’s statement addresses a central issue in modern market structure: When does a software interface that enables transactions become a broker-dealer? Rather than creating a new category for “crypto interfaces” or focusing on the use of blockchain technology, the Staff applies a familiar inquiry rooted in existing law. The analysis turns on whether the provider is engaging in traditional intermediary activities, such as: Soliciting transactions Recommending securities Exercising discretion Receiving transaction-based compensation Custodying assets Acting as an intermediary between buyers and sellers If these hallmarks are present, broker registration is required. If they are not, the provider should not be treated as a broker.  This is a functional test—one that looks to what the entity does, not the means by which it is done. APC’s “Nature of the Activity” Test This approach closely mirrors the framework proposed in Ava Labs’ May 2025 submission to the Task Force. In that letter, APC articulated the nature of the activity test as a method for determining when infrastructure providers should be treated as securities intermediaries. The test asks a simple question: Are the activities ones performed by a broker, dealer, or investment adviser? If the answer is yes, existing regulatory obligations apply. If not, registration should not be required. This framework is grounded in decades of securities law. As the submission explains, the SEC has long evaluated whether entities fall within the scope of broker, dealer, or adviser regulation based on factors such as: Engagement in the business of effecting transactions Providing investment advice Receipt of transaction-based compensation Active solicitation of trades Participation in negotiations Custody of customer funds or securities Notably, none of these factors depend on the technology used. They were developed in an era of paper-based markets and continued to apply as markets digitized. We went on to say that the same logic should apply to blockchain-based systems, which represent the next iteration of digital market infrastructure. Infrastructure vs. Intermediation A central theme of the APC submission is the distinction between infrastructure providers and intermediaries. Infrastructure providers—such as validators, software developers, and communications providers—perform essential technical functions. They enable networks to operate but do not: Solicit transactions Provide advice Exercise discretion Control assets Know or influence the nature of specific transactions As the submission explains, these actors are: “invisible and indiscriminate in verifying, recording, and enabling transactions.” Their role is analogous to that of internet service providers, cloud service providers, API and RPC providers, and similar technical services.   These functions have never been treated as regulated financial intermediation, even though they are essential to the operation of financial markets. Our recent blog post comparing the GENIUS Act’s exceptions for infrastructure with the exceptions for “ancillary infrastructure” in the EU’s Transfer of Funds Regulation reinforces this distinction. SEC’s User Interface Guidance: A Practical Application The Staff Statement reflects this same distinction, even if it uses different terminology. The statement identifies a category of providers—those offering interfaces assisting users in crypto asset securities transactions (“Covered User Interfaces”)—for which broker-dealer registration is not required, provided they satisfy certain conditions. These conditions effectively define what it means to operate as infrastructure rather than an intermediary. To remain outside broker-dealer status, an interface provider must: Allow users to set all transaction parameters Avoid recommendations or investment advice Refrain from soliciting trades Operate without discretion or control Present execution options using objective criteria Maintain neutral, non-conflicted compensation structures Provide clear disclosures These requirements collectively describe a passive, neutral conduit—precisely the type of actor that has historically received no-action relief.  Continuity with SEC No-Action Precedent The APC submission places heavy emphasis on the SEC’s long history of granting no-action relief to technology providers performing neutral functions. Examples include: Messaging systems connecting brokers Electronic bulletin boards posting trade information Matching platforms linking investors and issuers Data providers offering analytics and research In each case, the SEC focused on whether the provider: Exercised control Participated in negotiations Provided advice or recommendations Handled funds or securities Earned transaction-based compensation Where these elements were absent, the SEC consistently declined to require registration. The user interface guidance follows the same pattern. It does not create new rules; it applies existing principles to new technology.  The Staff Statement even frames its conclusion in terms that closely resemble traditional no-action relief:  In circumstances where a Covered User Interface Provider takes the measures discussed below relating to its creation, offering, and/or operation of a Covered User Interface, the Staff will not object to the Covered User Interface Provider creating, offering, and/or operating a Covered User Interface without registering as a broker-dealer pursuant to Section 15(b) of the Exchange Act. Conclusion The convergence between APC’s framework and the SEC’s guidance has important implications. First, it confirms that existing law is sufficient when applied correctly. There is no need to create new categories for blockchain-based actors. Second, it reinforces the importance of functional analysis. Regulatory outcomes should depend on what an entity does—not on labels, technology, or proximity to financial activity. By focusing on the nature of the activities conducted, regulators can distinguish between: True financial intermediaries, and The infrastructure and tools that support modern markets Third, it provides a path forward for innovation. By clarifying that neutral infrastructure and tools are not automatically subject to intermediary regulation, the SEC reduces uncertainty and enables development within a compliant framework. APC is encouraged to see this clear alignment with its “nature of the activity” test. It demonstrates that longstanding principles of securities law remain vibrant and adaptable—even as markets evolve. The next step is to apply this same logic consistently across the digital asset ecosystem, ensuring that regulation remains targeted, coherent, and grounded in how these technologies actually operate. As our 2026 policy priorities make clear: Infrastructure providers are not intermediaries. Getting this distinction right is essential—not only for regulatory clarity, but for ensuring that robust, competitive markets can develop within a coherent and predictable framework.

A recent European Central Bank working paper looks to analyze decentralization in DeFi protocols from the standpoint of governance.  It finds concentration in governance and that this undermines decentralization.  This claim, however, rests on a conceptual error: it conflates system decentralization with governance concentration. And governance concentration that does not affect transaction finality or asset ownership is not relevant to whether a system is decentralized. The distinction matters and clarifies both the paper’s findings and their implications. At Avalanche Policy Coalition, we have consistently defined decentralization from a technical standpoint. A system or network is decentralized when there is no single source of truth, no single point of failure, and no authority with the ability or responsibility to change data, transactions or balances.  It is a definition focused on finality. It ensures that users can trust what they see regarding ownership of assets and the completion of transactions.  The working paper errs by reframing decentralization as a governance question rather than a matter of network finality.  It compounds this error by trying to answer the question of who to regulate in DeFi by looking at concentration of governance power and participation across major DeFi protocols.  What the paper actually demonstrates is not a failure of decentralization, but the presence of concentrated governance layered on top of decentralized infrastructure. Confusing governance concentration with decentralization risks pushing regulation toward infrastructure rather than actors—undermining the very properties that make these systems trustworthy. Here is a summary of the paper’s empirical findings:  Token ownership is heavily skewed, with the top 100 holders controlling more than 80% of supply across the studied protocols, and the top five holders often control a substantial fraction of that total. Governance systems also rely extensively on delegation, whereby token holders assign voting power to intermediaries. As a result, a relatively small number of delegates exercise a disproportionate share of voting power, in some cases controlling the majority of delegated votes. Delegation thus operates as a structural amplifier of concentration. The paper also notes that concentration of governance power is further compounded by opacity. A substantial share of the most influential participants cannot be linked to identifiable individuals or institutions, making it difficult to determine whether governance power is independent or coordinated, whether incentives are aligned or conflicted, and whether influence is exercised by insiders, intermediaries, or diffuse communities. At the same time, governance processes themselves do little to redistribute power. The paper shows that most proposals concern operational parameters—risk settings, asset listings, and similar adjustments—while very few address governance structure. As a result, the paper concludes, existing distributions of power tend to reproduce themselves over time. The paper then concludes that decentralization is a property of governance. Under this view, a system is decentralized to the extent that decision-making authority is widely distributed, no small group can dominate outcomes, and the relevant actors are identifiable and accountable. If governance power is concentrated, the paper concludes that decentralization is incomplete or illusory.  This definition is viscerally appealing, particularly from a regulatory perspective. Regulators require identifiable points of control, and the paper emphasizes the difficulty of relying on governance token holders, developers, or exchanges as regulatory “anchor points” precisely because of opacity and fragmentation in governance structures.  Yet this definition departs from the more established understanding of decentralization in distributed systems, where the concept refers not to governance dispersion but to system architecture: whether there is a single point of failure, a single source of truth, or a single authority capable of altering data or transactions. On the more technically precise definition of decentralization, the protocols studied in the paper—built on public blockchains—remain decentralized. Framed in these terms, the paper’s findings are best understood as documenting concentrations of governance power, not undercutting decentralization.  The paper does not show that any individual token holder, delegate, or developer can rewrite transaction history, override consensus, or unilaterally alter the state of the ledger. Nor does it show that the voting groups have this power.  It also implicitly recognizes that where governance does not affect asset ownership or transaction finality, regulatory hooks are difficult to establish.  Indeed, as noted above, the proposals on which votes are sought have nothing to do with transaction finality or asset ownership.   At best, the paper can conclude that the infrastructure remains decentralized even if governance becomes concentrated. This distinction suggests a more precise analytical framework. At the infrastructure layer, finality is distributed, consensus is collective, and no single point of failure exists. At the governance layer, ownership can become concentrated, voting power aggregated, and influence unevenly distributed. These are not contradictory observations but complementary ones. DeFi systems can be both decentralized and concentrated, depending on the layer of analysis. Recognizing this layered structure clarifies the nature of the challenges identified in the paper. The difficulty regulators face is not that decentralization has failed, but that concentration exists without clear attribution.  This produces a structural asymmetry.  Governance actors can shape protocol outcomes—adjusting parameters, allocating resources, and influencing development trajectories—but they do so within systems whose core integrity cannot be compromised by that concentration. The result is a hybrid condition in which decentralized infrastructure coexists with concentrated influence over things that do not undercut decentralization. Reframing the issue in terms of concentration rather than decentralization also shifts the focus of regulation. For regulators, the challenge is not identifying a centralized intermediary in the traditional sense (i.e., one that controls transactions or custodies assets), but understanding how concentrated influence operates within systems that lack formal control points on the areas of typical regulation. Addressing these issues will require regulatory approaches that focus on identifiable actors and activities, rather than attempting to impose control at the infrastructure layer where it does not exist. The ECB paper makes a significant contribution by documenting the realities of DeFi governance. But its conceptual framing requires greater precision. Decentralization and concentration are not opposing descriptions of the same phenomenon; they operate at different levels of analysis. The systems studied in the paper are not failed attempts at decentralization. They are decentralized systems with concentrated governance structures. And where those structures do not affect transaction finality or asset ownership, the system remains decentralized. Recognizing this distinction provides a clearer understanding of both the risks and the possibilities inherent in DeFi. To hear more on this and related topics, please listen to this webinar from Global Blockchain Business Council.

Introduction On March 17, 2026, the U.S. Securities and Exchange Commission (SEC), together with the Commodity Futures Trading Commission (CFTC), issued its most comprehensive statement to date on how federal securities laws apply to crypto assets. The Interpretation represents a significant step in clarifying how regulators view token classification, interpret “investment contract”, and categorize core blockchain activities. Of course, we were very pleased that the agencies classify AVAX as a digital commodity and not a security in the Interpretation. But there is much more to dig into. Over the past year, Avalanche Policy Coalition (APC) has advanced a framework for crypto regulation centered on three principles: (1) the nature of the asset matters, (2) infrastructure and intermediaries must be treated differently, and (3) regulation should be workable and grounded in real market structure. Our April, May and September 2025 comment letters to the SEC Crypto Task Force articulated these ideas in detail. This post compares the SEC Interpretation with that framework, highlighting where they align, where they differ, and how the two approaches relate conceptually. Token Classification: Converging on Function One of the most important developments in the SEC Interpretation is the introduction of a five-part taxonomy for crypto assets: digital commodities, digital collectibles, digital tools, stablecoins, and digital securities. This approach aligns closely with APC’s long-standing emphasis on token classification based on function, which we call the nature of the asset test and is grounded in the functions and features of the token rather than how it is marketed or what it is called. APC has described “protocol tokens” as a distinct category of assets integral to the functioning of blockchain networks. The SEC’s category “digital commodities” captures much of this same concept. These assets derive value from the programmatic operation of a functional crypto system and supply-and-demand dynamics, rather than from the expectation of profits based on managerial efforts. The SEC definition of digital commodity as part of a crypto system emphasizes functionality at both the Layer 1 and application layer, much as APC’s protocol token is agnostic about the layer on which the protocol functions. This is an important recognition that digital commodities may exist at various levels of the tech stack. Also important, the SEC does not opt for a slavish application of a “decentralization” requirement as the deciding factor for the nature of the asset.  Rather, it remains focused on functionality and consumptive use.  This flows as well into its interpretation of “investment contract,” discussed below. The two approaches therefore converge in substance, reflecting a growing consensus around function-based token classification, which we have championed for many years. Both the SEC and APC recognize that tokens such as AVAX, BTC, and ETH do not have the features or functions of securities and should be analyzed accordingly. The difference lies primarily in structure: APC proposed a distinct legal category for protocol tokens, subject to distinct treatment, while the SEC states that digital commodities may fall into the broader world of commodities. Similarly, the SEC addresses stablecoins, particularly those covered by the GENIUS Act and prior staff guidance, finding them to not be securities while noting that other stablecoin arrangements may require further analysis. This reflects its alignment with the nature of the asset test APC articulated, which evaluates tokens based on their specific characteristics and functions. Assets vs. Transactions: A Shared Distinction A central theme of the SEC Interpretation is the explicit distinction between a crypto asset and the transaction in which it is offered or sold. For example, a digital commodity is not itself a security; however, it may be sold pursuant to an investment contract. This is a point of strong alignment with APC’s framework. APC has consistently emphasized that digital assets should not be classified as investment contracts or other types of securities simply because they are involved in activities that look like capital-raising. The SEC Interpretation adopts this principle directly, clarifying that the legal analysis should focus on the contract, transaction, or scheme, rather than the asset itself.  This phrase, taken directly from Howey, has often been overlooked.  The SEC correctly recognizes that it is the lynchpin of how Howey defines investment contract. Oranges simply are not and never will be securities. This brings crypto assets into alignment with other areas of law, where non-security assets (such as commodities or real estate) can be part of securities transactions without themselves becoming securities.  Investment Contract Analysis: Different Approaches One of the main areas of divergence is how to define and apply the concept of an “investment contract.” APC has proposed a framework with clearer boundaries for when securities laws apply. In particular, we encouraged the following definition: “an express agreement between a seller and buyer that provides for the investment of money in a common enterprise with a reasonable expectation of profits solely from the undeniably significant managerial or entrepreneurial efforts of the seller.” This definition starts with the basic articulation from Howey and adds modifications based on prevailing Supreme Court case law and other precedent. By reviving the word “solely” from the original Howey test and requiring an express agreement, this definition provides greater certainty about the “who” and the “what” of the investment contract. The SEC, by contrast, provides guidance on how it will apply the originally articulated version of the Howey test to crypto assets, resulting in less definitive regulatory boundaries. The SEC Interpretation places significant emphasis on issuer representations and promises, including their source, timing, and specificity, in determining whether purchasers have a reasonable expectation of profits from the efforts of others. These concepts reflect a close reading and application of Howey and its progeny, which we agree with. We just wish for something that is easier to apply. Both approaches aim to clarify the same issue, but they differ in methodology. APC emphasizes clearer rules and definitions, while the SEC relies on interpretive guidance within an existing legal framework. Lifecycle and “Separation”: Different Structures, Similar Outcomes APC has proposed a lifecycle-based framework distinguishing between pre-functionality and functional protocol tokens for purposes of determining SEC jurisdiction. Under that approach, protocol tokens sold prior to protocol functionality would be presumed to be the subject of an investment contract, resulting in a securities law framework for their offer and sale.  In contrast, tokens used in a functioning protocol would fall outside the federal securities laws. The SEC does not adopt this structure in full but incorporates elements of it in the Interpretation. Instead, it introduces the concept of “separation” under which a non-security crypto asset can cease to be subject to an investment contract once purchasers no longer reasonably expect the issuer’s essential managerial efforts to remain connected to the asset. This test does not rely solely on “sufficient decentralization” or related concepts, but looks at the overall facts and circumstances to determine whether separation has occurred. While the mechanisms differ, the underlying idea is similar: the regulatory treatment of a token as part of an investment contract or not can change over time as the network evolves and other events occur. APC’s approach uses a more structured lifecycle model, while the SEC relies on a fact-specific analysis tied to issuer activities and market expectations. Infrastructure vs. Intermediaries: Alignment in Core Activities APC has consistently argued that regulation should focus on intermediaries, not infrastructure providers. Validators, node operators, and protocol participants perform technical functions and should not be treated as financial intermediaries. The SEC’s Interpretation reflects this principle in its treatment of specific activities. It concludes that, when conducted as described, the following do not involve securities transactions: Protocol mining Protocol staking Certain wrapping arrangements Certain no-consideration airdrops In each case, the SEC characterizes these activities as administrative or ministerial, rather than managerial or intermediary in nature. Rewards created through staking and delegation are treated as compensation by the network for services performed, not profits derived from the efforts of others. This represents a clear point of convergence. The SEC recognizes that core protocol activities operate at the infrastructure layer and should be treated differently from traditional intermediary services. Token Issuance and Market Structure: Different Levels of Detail APC’s framework includes proposals for a more comprehensive regulatory structure, including tailored approaches to token issuance, disclosures, and the role of intermediaries. The SEC’s Interpretation does not address these areas in detail. It focuses primarily on classification and the application of existing law, rather than introducing new exemptions, disclosure regimes, or intermediary frameworks. Conclusion The SEC’s Interpretation and APC’s framework share a common foundation. Both approaches recognize the importance of functional token classification, the distinction between assets and transactions, and the need to treat infrastructure differently from intermediaries. They also reflect a broader convergence around core securities law principles; particularly, the focus on economic reality, consumptive use, and the distinction between managerial and non-managerial activity. At the same time, they differ in how those principles are implemented. The SEC relies on interpretive guidance within existing legal frameworks, while APC has proposed more structured approaches to classification, lifecycle analysis, and market design. Taken together, the two perspectives reflect an evolving consensus around the core concepts that should guide crypto policy. As regulatory discussions continue, these shared principles provide a foundation for further development of a coherent and workable framework. Avalanche Policy Coalition will continue to engage with policymakers and stakeholders to support thoughtful, functional approaches to crypto regulation.