Key Takeaways
On May 14, 2026, the US Senate Banking Committee voted 15-9 to advance the Digital Asset Market Clarity Act (CLARITY Act) to the full Senate floor. For the first time in US legislative history, a major federal crypto market structure bill cleared a Senate committee with bipartisan support. Two Democrats, Senators Ruben Gallego (D-AZ) and Angela Alsobrooks (D-MD), joined all 13 Republicans to push the bill forward.
Buried inside that milestone vote is a provision that has flown under the radar in most mainstream coverage: a direct, codified carve-out for decentralized finance. Sections 309 and 409 of the CLARITY Act (House-passed H.R.3633) explicitly exclude DeFi activities and non-custodial developers from the registration and compliance requirements that apply to centralized exchanges, brokers, and dealers.
This is not a vague safe harbor. It is raw statutory language that separates regulated intermediaries from permissionless infrastructure. And it has direct, concrete consequences for winners and losers across the entire crypto industry.
Here is exactly what the DeFi carve-out says, who it protects, who it leaves exposed, and what still has to happen before any of it becomes law.
Most coverage of the CLARITY Act focuses on asset classification, the SEC vs. CFTC turf war, and the stablecoin yield compromise. Sections 309 and 409 get far less attention, but they are among the most consequential provisions in the entire bill for onchain builders.
Section 309 sits under the Securities Exchange Act amendments and covers the SEC side of the regulatory framework.

Section 409 mirrors that exclusion on the Commodity Exchange Act side, covering CFTC jurisdiction. Together, they carve out ‘decentralized finance activities’ from the registration requirements that govern digital commodity exchanges, brokers, dealers, and trading platforms.

What is excluded under these sections:
What is NOT excluded:
The bill draws a hard line between custodial intermediaries (regulated) and non-custodial infrastructure (excluded). If your protocol never touches user funds and no single party controls its governance, the CLARITY Act largely leaves you alone.
For years, ‘sufficiently decentralized’ was a phrase thrown around by legal teams and founders hoping to avoid SEC scrutiny, with no statutory definition backing it up. The CLARITY Act changes that for the first time.
Under the bill’s asset classification framework, a token qualifies as a ‘digital commodity’ (CFTC jurisdiction, lower regulatory burden) rather than an ‘investment contract asset’ (SEC jurisdiction, full securities laws apply) if no single entity controls 20% or more of:
This is the bill’s ‘mature blockchain test.’ Meet those thresholds and your token migrates from SEC oversight into the cleaner CFTC lane. Fail them and you stay under securities law.
For DeFi protocols specifically, this threshold matters because it determines whether the underlying governance token triggers the securities registration requirements that Sections 309 and 409 are otherwise carving out. Claiming the DeFi exclusion only works if the protocol’s token structure genuinely clears the decentralization criteria defined elsewhere in the bill.
Before the CLARITY Act, developers faced a genuinely dangerous legal landscape. Litigation theories and some court decisions had begun creeping toward applying money transmission liability to non-custodial software developers, meaning someone who wrote open-source smart contracts could theoretically face the same compliance obligations as a licensed financial institution.
The CLARITY Act shuts that door. It explicitly protects software developers and DeFi network participants from federal and state securities laws for:
This is not just an SEC carve-out. It reaches into state money transmission laws, which is where some of the most aggressive enforcement theories had been originating.
Mari Tomunen, General Counsel at DoubleZero, told CCN:
“Both the March SEC/CFTC guidance and the advancement of the Clarity Act address one of the industry’s biggest open questions by creating a clearer path for compliant token launches in the United States. The biggest missing piece in the SEC guidance was the disclosure framework. Without clear standards, projects are often incentivized to disclose less to avoid creating additional securities risk. Clarity will close this gap. The second major issue is developer liability. Existing guidance suggests non-custodial activity generally should not create money transmission exposure, yet some litigation theories and court decisions have pointed in the opposite direction. The Clarity Act helps create clearer statutory boundaries for decentralized and non-custodial activity.”
Tomunen’s framing captures exactly why the carve-out matters beyond DeFi protocol operators. Disclosure reform and developer liability have both been festering problems with no clear statutory resolution for years. Sections 309 and 409, combined with the bill’s disclosure framework, are the first federal attempt to address both at once.
The CLARITY Act could become one of the most important regulatory shifts yet for decentralized finance, offering long-awaited legal protections to validators, sequencers, open-source developers, DAOs, and decentralized protocols operating without custodial control.
By distinguishing infrastructure providers and software builders from traditional financial intermediaries, the bill aims to reduce regulatory uncertainty that has hung over the DeFi sector for years while creating clearer disclosure standards for crypto projects operating in the US.
Node operators who validate transactions or sequence blocks on layer-2 networks have operated in legal gray territory since the first L2 launched. If courts treated their activity as financial intermediation, they could face broker-dealer or money transmission registration requirements. Sections 309 and 409 explicitly exclude this activity. Validators and sequencers provide computational work, not custody. That distinction now has statutory backing.
Developers writing non-custodial smart contracts or deploying permissionless protocols get direct protection from securities law and state money transmission claims. The bill covers “activities related solely to software development,” which is broad enough to protect most legitimate open-source builder activity.
DAOs receive explicit recognition under the CLARITY Act. The bill states that a DAO ‘would not be treated as a single person for purposes of the control provisions of the securities laws.’ This directly addresses one of the core legal ambiguities that had exposed DAO participants to liability: the fear that a distributed group of token holders could be treated collectively as a single controlling entity. Under this framework, a DAO with dispersed governance that clears the 20% threshold is not a securities issuer simply by virtue of existing.
DeFi lending protocols, AMMs, liquidity pool platforms, and similar infrastructure that genuinely operates without custodial control or concentrated governance stand to benefit most. These systems remain outside CFTC and SEC registration frameworks as long as they meet the decentralization criteria. No registration fees, no compliance overhead, no broker-dealer licensing.
As Tomunen notes, the absence of clear disclosure standards had actually pushed some projects toward less transparency. When there are no rules, legal teams advise silence. The CLARITY Act’s disclosure framework gives builders a roadmap that makes responsible transparency safer, not riskier.
Cathy Yoon, General Counsel at Harmonic, told CCN:
“Clarity advancing out of committee with bipartisan support is a major step forward for the industry. Moving from markup toward a full Senate vote signals growing recognition that not every participant in crypto is acting as a financial intermediary. Thoughtful legislation can create rules for custodians and centralized actors while still preserving space for permissionless infrastructure (such as validators and sequencers), open networks, and software developers to continue innovating responsibly in the US.”
Not every DeFi project benefits equally from the CLARITY Act. Protocols with concentrated governance, custodial elements, or centralized control structures could still face securities compliance and SEC oversight, particularly if insiders retain significant influence over tokens or platform operations.
The bill also leaves unresolved questions around Treasury’s authority to sanction non-custodial DeFi protocols, after a proposed amendment targeting services like Tornado Cash failed to pass during committee markup.
Projects that brand themselves as DeFi but where a founding team, VC firm, or small group of insiders holds more than 20% of token supply or governance rights will not qualify for the Section 309/409 exclusion. They fall back into the securities framework, where their tokens are investment contract assets and their platforms may require SEC registration. For a large number of projects that call themselves decentralized but fail this test, that is a material compliance burden.
If a platform holds user assets at any point, even briefly or under a smart contract wrapper that a controlling entity can upgrade or freeze, it likely will not qualify for the DeFi exclusion. The carve-out is for genuinely non-custodial infrastructure. Platforms that route through centralized backstops may not pass.
Senator Elizabeth Warren introduced an amendment during the May 14 markup that would have given the Treasury Department explicit authority to sanction DeFi services, directly targeting protocols like Tornado Cash, the mixer Treasury sanctioned in 2022 before courts partially unwound that action.
Warren’s amendment was rejected on straight party lines, 11 in favor and 13 against, with all 13 Republicans voting no. That rejection is a direct win for non-custodial protocols. Treasury’s authority to sanction immutable, code-based infrastructure remains legally contested, and Congress just created a legislative record showing it specifically considered and declined to hand Treasury that power. That record matters in future litigation. DeFi protocols fighting sanctions actions can now point to this vote as evidence Congress drew a deliberate line.
Warren’s rejected amendment proposed granting Treasury ‘the authority to sanction DeFi services’ of the kind used against Tornado Cash in 2022. The Tornado Cash case had been partially unwound by court rulings finding the Treasury lacked statutory authority to sanction immutable smart contract code.
Warren’s amendment would have legislatively restored and expanded that authority. Every Democrat voted for it. Every Republican voted against.
Two practical consequences follow from that rejection:
Sections 309 and 409 are significant, but they are not a blanket DeFi immunity provision. Several major questions remain open:
The CLARITY Act’s advancement has also drawn strong support from major blockchain infrastructure companies, many of which see the bill as a turning point for regulatory certainty in the US crypto industry. Industry leaders argue that clearer market structure rules could help keep blockchain innovation and talent within the United States rather than pushing projects offshore.
Avery Ching, CEO of Aptos Labs, told CCN:
“The Clarity Act moving forward to the Senate floor today is a critical step towards building a digital asset market structure framework for the United States. There is still work ahead to get the details right, but real momentum toward thoughtful, well-designed matters for our shared goal of keeping American blockchain innovation growing here at home. I had the privilege of testifying before the House Agriculture Committee last June on the need for clear market structure rules, and I was honored to have that perspective included in the committee’s official report on the Clarity Act. Builder input is necessary to create the very best framework for digital assets, and I am grateful to the lawmakers engaged with our industry for the opportunity to keep contributing to this conversation. The next generation of financial infrastructure is already being built. The question is whether America creates the environment for that innovation to scale responsibly here.”
Ching’s point about builder testimony making it into the official committee record is worth noting. On-chain infrastructure companies were treated as authoritative drafting voices in this process, not just lobbying footnotes. That shift in how Congress engages with crypto builders is itself a meaningful development.
Clearing the Senate Banking Committee is one step in a long chain. Here is what still has to happen:
Industry sources and lawmakers have indicated the floor vote needs to happen by August 2026, before the legislative calendar tightens ahead of November midterm elections.
Sections 309 and 409 of the CLARITY Act represent the first time US federal legislation has drawn a clear, codified line between regulated financial intermediaries and non-custodial, permissionless infrastructure. Validators, open-source developers, DAOs, and genuinely decentralized protocols stand to gain real legal clarity for the first time.
Losers are not hard to identify: projects with concentrated governance that cannot clear the 20% control threshold, pseudo-DeFi platforms with custodial backstops, and the Treasury enforcement wing that lost its push to restore DeFi sanctions authority.
None of this is final. Sixty Senate votes, two committee reconciliations, and a presidential signature still stand between today’s committee win and actual law. But the raw direction of the legislation is now clear. Congress has decided, at least for now, that DeFi infrastructure is not a financial intermediary. Building permissionless protocols in America just got meaningfully safer.
It exempts non-custodial DeFi protocols, validators, and software developers from certain SEC and CFTC registration and compliance requirements entirely. Validators, DAOs, open-source developers, and genuinely decentralized protocols gain clearer legal protections and reduced regulatory uncertainty across the United States. Centralized exchanges, custodial platforms, and governance-concentrated protocols exceeding 20% control thresholds still face securities law compliance obligations significantly. No, the bill still requires Senate approval, House reconciliation, and presidential signature before becoming enforceable federal legislation within America.