Crypto News Exchanges Regulation & Policy

Malta Seeks Feedback on DeFi/DAO Rules Under MiCA Framework

Malta Seeks Feedback On Defi/dao Rules Under Mica Framework
Malta Seeks Feedback On Defi/dao Rules Under Mica Framework

Malta’s financial regulator has opened a public consultation that proposes a dedicated legal framing for decentralized finance (DeFi), including how decentralized autonomous organizations (DAOs) and other “software-governed” structures might be recognized under European rules. The move arrives as EU policymakers continue working through the practical question of which aspects of DeFi can be treated as falling outside existing crypto legislation—and which cannot.

On June 12, the Malta Financial Services Authority (MFSA) launched its consultation on DeFi in connection with the EU’s Markets in Crypto-Assets (MiCA) regime. Stakeholders have until July 10 to respond. The discussion paper introduces the concept of a new category—“software-based organizations”—intended to capture entities whose governance is implemented through code or software logic, while distinguishing governance and liability at the organization level from the technical operation of the underlying blockchain protocol.

Key takeaways

  • The MFSA consultation proposes treating DAOs and similar DeFi actors as “software-based organizations,” separating the legal status of governance from protocol/software mechanics.
  • The paper is positioned within the MiCA context, while underscoring that “fully decentralized” arrangements may not be intended to fall within MiCA’s scope.
  • Malta’s regulator argues that many DeFi projects still contain centralized elements that complicate claims of full decentralization and raise accountability questions.
  • The consultation is designed to solicit industry feedback before potential EU and national approaches to DeFi governance and responsibility solidify.
  • The MFSA’s 2018-era regulatory experience suggests Malta intends to remain an active jurisdiction for digital-asset legal development as Europe refines its compliance expectations.

Malta MFSA proposes “software-based organization” concept under MiCA

The MFSA’s discussion paper centers on legal classification and regulatory accountability. Rather than treating DAOs as a freestanding legal category, the authority suggests mapping DAOs into a broader construct: software-based organizations. In this framework, the organization governed via decentralized software would be assessed separately from the software/protocol itself.

Regulators across Europe have grappled with a recurring compliance challenge in DeFi: decentralization is often presented as eliminating intermediaries, but many real-world arrangements still exhibit concentrated control, identifiable decision-makers, or operational structures that effectively function like centralized entities. The MFSA’s approach reflects that tension by focusing on governance and responsibility—areas that directly affect how supervision and enforcement might work.

In laying out its position, the MFSA also reiterated MiCA’s underlying boundary. The paper notes that MiCA excludes fully decentralized models from its regulatory scope, meaning projects without intermediaries or central control may not need to comply with MiCA requirements. At the same time, the regulator highlights that DeFi projects can be difficult to characterize as “fully decentralized,” especially when legal or operational levers point to someone who can be held responsible.

This distinction matters in practice for institutional stakeholders because it can determine whether a DeFi activity is treated as an exempt decentralized service or as a regulated offering that triggers licensing, disclosures, and ongoing compliance obligations. For legal and compliance teams, the MFSA proposal is therefore not simply a theoretical classification—it is an attempt to clarify how governance arrangements influence regulatory reach.

EU-wide focus on DeFi decentralization tests and regulatory gaps

Malta’s consultation is taking place within a wider EU conversation about how MiCA should apply to decentralized finance and DAOs. Multiple EU institutions have recently examined whether major DeFi systems can realistically satisfy the thresholds implied by “fully decentralized” treatment.

In March, an European Central Bank working paper concluded that governance and control across four major DeFi protocols remained highly concentrated. The finding suggested that many projects may struggle to qualify as “fully decentralized,” potentially keeping them within regulatory sight rather than outside MiCA.

In May, the European Commission initiated a targeted review of MiCA. Among the issues flagged for consideration were stablecoin-related questions, the treatment of DeFi, and whether the current framework contains gaps that might require additional regulation. The Commission’s focus signals that EU lawmakers see decentralization as an operational and legal variable—one that may not be fully resolved by the existing text.

At the same time, there is no single policy consensus. Speaking to Cointelegraph at the WAIB Summit Monaco earlier this month, European Commission adviser Peter Kerstens argued that policymakers should prioritize integrating tokenization into a broader digital asset framework rather than developing a second version of MiCA specifically aimed at DeFi. The position underscores a key uncertainty for market participants: whether Europe will address DeFi through an expanded MiCA architecture, through targeted adjustments to existing rules, or through a broader tokenization-centric framework that incidentally covers DeFi governance risks.

Why the “decentralization” question drives compliance risk

The core policy tension behind the MFSA proposal is that decentralization is not only a technical characteristic of a protocol; it also determines how liability and oversight can be assigned. For compliance monitoring, the practical question is whether there is an identifiable governance structure, decision-making center, or operational intermediary—factors that can pull a project back into regulated territory even if the software is deployed in a decentralized manner.

The MFSA’s discussion paper explicitly leans on this point. By distinguishing governance of an organization from the protocol and software that run it, the regulator appears to be aiming at a more enforceable legal mapping: if there is a “software-based organization” with governance that can be linked to a responsible set of actors or decision processes, then regulators need a legal framework that can be operationalized.

For exchanges, banks, payment firms, and other institutional partners that may interact with DeFi systems, these distinctions can affect risk controls and onboarding policies. In cross-border contexts, where counterparties may rely on a mixture of local interpretations, clearer classification concepts can also reduce uncertainty about regulatory expectations for lawful access, custody, or service provision.

However, unresolved questions remain. The EU’s legal treatment of DeFi depends on how “fully decentralized” is interpreted in practice, how governance concentration is measured, and how regulators determine whether intermediaries exist in substance even when they are not named in a traditional corporate form. Any national proposals—such as Malta’s—may influence EU thinking, but they will also likely be tested against divergent interpretations across jurisdictions.

Malta’s regulatory posture and implications for the next policy step

Malta has previously played an early and prominent role in European crypto regulation, including establishing one of the region’s first comprehensive frameworks for digital assets in 2018. Against that background, the MFSA consultation suggests Malta intends to contribute actively to the emerging European approach to DeFi governance and legal responsibility.

Still, the consultation does not signal an automatic shift in MiCA’s scope. Instead, it aims to build a conceptual bridge between existing EU rules and the operational realities of DeFi structures. By inviting industry feedback through July 10, the regulator is effectively testing whether market participants can provide workable perspectives on how to identify governance, intermediaries, and accountability in software-governed systems.

Institutional stakeholders—including compliance officers, counsel, and risk committees—may want to focus their responses on how the proposed “software-based organization” concept would apply to concrete governance arrangements, including how decision authority is exercised, how upgrades or parameter changes are handled, and what level of control would be considered incompatible with “fully decentralized” treatment.

As the EU considers its MiCA review agenda and as enforcement attention continues to evolve across member states, consultations like Malta’s are likely to play a role in shaping the compliance baseline for DeFi. The immediate next step is the MFSA’s assessment of submissions and any resulting amendments to the framework. Longer-term, the open question for the broader EU market is whether legislators will converge on a consistent method for separating protocol decentralization from organization-level legal accountability—or whether decentralization will remain a contested, case-by-case determination.

Risk & affiliate notice: Crypto assets are volatile and capital is at risk. This article may contain affiliate links. Read full disclosure

The Crypto Breaking News editorial team curates the latest news, updates, and insights from the global cryptocurrency and blockchain industry.

Related Posts