EU regulator warns of DeFi risks, pushes back against 'code as law'

Quick Take

  • EU regulator warns of multiple risks from DeFi and proposes way to categorize smart contracts.

The European Securities and Markets Authority published a report outlining multiple risks to investors and financial stability stemming from decentralized finance.

"Although investors' exposure to DeFi remains small overall, there are serious risks to investor protection, due to the highly speculative nature of many DeFi arrangements, important operational and security vulnerabilities, and the lack of a clearly identified responsible party," the report said.

The independent EU authority warned that DeFi operates in the absence of trusted intermediaries, which "could otherwise mitigate risks pertaining to financial stability and investor protection."

The report, published Wednesday, highlighted the regulator's primary concerns regarding DeFi innovations. It separated smart contracts into five categories to help regulators understand the "enormous technological complexity of these systems."

Risks posed by DeFi

The report warned against a prevailing "code is law" principle that it claims permeates existing DeFi governance.

"Smart contracts remain an unregulated phenomenon where the accepted principle is exemplified by the notion that 'code is law,'" the regulator asserted. It said adherence to this principle creates a tendency to accept smart contract outcomes, "regardless of any moral or legal consideration."

The study does accept that the automated, immutable functions of DeFi pose less of a risk to counterparties defaulting than traditional settlement. However, it stressed that developer pseudonymity can enable a proliferation of illicit smart contracts.

"The pseudonymity of the developers who deploy smart contracts and their unaccountability favored the rise of 'illicit' smart contracts, such as Ponzi schemes," the paper added.


Keep up with the latest news, trends, charts and views on crypto and DeFi with a new biweekly newsletter from The Block's Frank Chaparro

By signing-up you agree to our Terms of Service and Privacy Policy
By signing-up you agree to our Terms of Service and Privacy Policy

The regulator said the composability of smart contracts could amplify system faults and lead to increased contagion risk.

"The composability feature of smart contracts, which allows for DeFi protocols to build on top of each other, enabling a variety of services for users, also creates dependencies among protocols, leading to a risk of contagion," the paper added. "The default of one actor can quickly propagate through the system."

A model for categorizing smart contracts

The regulatory body has developed a model for helping supervisors discern the purpose of various smart contracts, classifying them as Financial, Operational, Tokens, Wallet, and Infrastructure.

The EU markets regulator also acknowledged challenges in enforcing regulation due to the borderless and decentralized nature of DeFi. ESMA is set to oversee rules under the EU's Markets in Crypto Assets legislation known as MiCA.

Regulatory bodies face a challenge when attempting to gain oversight of DeFi processes. However, European Blockchain Association Head of Policy Erwin Voloder said that crypto asset service providers involved in DeFi could act as a link for regulatory compliance. "If someone is releasing a smart contract that actually orders transactions, then they may also have a service provider placing the orders even if the trading venue is on a permissionless network. In this case, you have a tech company that's providing an anchor to the regulation."

Voloder outlined additional difficulties if the smart contract issuer is part of a DAO. "But if the automated market maker is somehow associated with a DAO as is often the case, I think it will be difficult to boilerplate rules and say 'ok you're a broker-dealer or MTF now' because 'who' are you actually referring to?"

"I think regulators are certainly looking at DeFi more closely and some form of communication is coming in the next 18 months. However, I don't get the feeling there is consensus as to whether this will be updating MiCA, a bespoke regime, or simply doing nothing and buying more time," Voloder added.

© 2023 The Block. All Rights Reserved. This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.

About Author

Brian McGleenon is a UK-based markets reporter for The Block. He has worked as a financial journalist and producer for multiple news outlets over the years, such as Fuji Television, The Independent, Yahoo Finance, The Evening Standard, and The Daily Express. Brian is also a screenwriter and producer with one feature film produced and one in development with Northern Ireland Screen. Apart from web3 and cryptocurrency developments, he is also interested in geopolitics, environmental issues, artificial intelligence, and longevity research. Get in touch via email [email protected].


To contact the editor of this story:
Nathan Crooks at
[email protected]