Sections 309 & 409 of the CLARITY Act: Winners and Losers in America’s New DeFi Rules

On May 14, 2026, the US Senate Banking Committee voted 15-9 to advance the Digital Asset Market Clarity Act (CLARITY Act) to the full Senate floor. For the first time in US legislative history, a major federal crypto market structure bill cleared a Senate committee with bipartisan support. Two Democrats, Senators Ruben Gallego (D-AZ) and Angela Alsobrooks (D-MD), joined all 13 Republicans to push the bill forward.

Buried inside that milestone vote is a provision that has flown under the radar in most mainstream coverage: a direct, codified carve-out for decentralized finance. Sections 309 and 409 of the CLARITY Act (House-passed H.R.3633) explicitly exclude DeFi activities and non-custodial developers from the registration and compliance requirements that apply to centralized exchanges, brokers, and dealers.

This is not a vague safe harbor. It is raw statutory language that separates regulated intermediaries from permissionless infrastructure. And it has direct, concrete consequences for winners and losers across the entire crypto industry.

Here is exactly what the DeFi carve-out says, who it protects, who it leaves exposed, and what still has to happen before any of it becomes law.

Sections 309 and 409 of the CLARITY Act: What the Bill Actually Says

Most coverage of the CLARITY Act focuses on asset classification, the SEC vs. CFTC turf war, and the stablecoin yield compromise. Sections 309 and 409 get far less attention, but they are among the most consequential provisions in the entire bill for onchain builders.

Section 309 sits under the Securities Exchange Act amendments and covers the SEC side of the regulatory framework.

Section 409 mirrors that exclusion on the Commodity Exchange Act side, covering CFTC jurisdiction. Together, they carve out ‘decentralized finance activities’ from the registration requirements that govern digital commodity exchanges, brokers, dealers, and trading platforms.

What is excluded under these sections:

• DeFi lending and borrowing protocols
• Decentralized liquidity pools and automated market makers
• Non-custodial software developers who build blockchain applications
• Validators, sequencers, and nodes that compile and process transactions
• Developers performing activities “related solely to software development”

What is NOT excluded:

• Centralized exchanges operating custody functions
• Brokers and dealers holding customer assets
• Any protocol or entity that exercises control over user funds
• Projects where a single entity controls 20% or more of token supply or governance rights

The bill draws a hard line between custodial intermediaries (regulated) and non-custodial infrastructure (excluded). If your protocol never touches user funds and no single party controls its governance, the CLARITY Act largely leaves you alone.

‘Sufficiently Decentralized’ Is Now a Measurable Legal Standard, Not Just a Buzzword

For years, ‘sufficiently decentralized’ was a phrase thrown around by legal teams and founders hoping to avoid SEC scrutiny, with no statutory definition backing it up. The CLARITY Act changes that for the first time.

Under the bill’s asset classification framework, a token qualifies as a ‘digital commodity’ (CFTC jurisdiction, lower regulatory burden) rather than an ‘investment contract asset’ (SEC jurisdiction, full securities laws apply) if no single entity controls 20% or more of:

1. Total outstanding token supply
2. Governance rights over the blockchain system

This is the bill’s ‘mature blockchain test.’ Meet those thresholds and your token migrates from SEC oversight into the cleaner CFTC lane. Fail them and you stay under securities law.

For DeFi protocols specifically, this threshold matters because it determines whether the underlying governance token triggers the securities registration requirements that Sections 309 and 409 are otherwise carving out. Claiming the DeFi exclusion only works if the protocol’s token structure genuinely clears the decentralization criteria defined elsewhere in the bill.

Developer Liability Protection: First Real Statutory Shield for Builders

Before the CLARITY Act, developers faced a genuinely dangerous legal landscape. Litigation theories and some court decisions had begun creeping toward applying money transmission liability to non-custodial software developers, meaning someone who wrote open-source smart contracts could theoretically face the same compliance obligations as a licensed financial institution.

The CLARITY Act shuts that door. It explicitly protects software developers and DeFi network participants from federal and state securities laws for:

• Compiling network transactions
• Providing computational work for distributed ledgers, including mining, validating, and staking
• Activities ‘related solely to software development’

This is not just an SEC carve-out. It reaches into state money transmission laws, which is where some of the most aggressive enforcement theories had been originating.

Mari Tomunen, General Counsel at DoubleZero, told CCN:

“Both the March SEC/CFTC guidance and the advancement of the Clarity Act address one of the industry’s biggest open questions by creating a clearer path for compliant token launches in the United States. The biggest missing piece in the SEC guidance was the disclosure framework. Without clear standards, projects are often incentivized to disclose less to avoid creating additional securities risk. Clarity will close this gap. The second major issue is developer liability. Existing guidance suggests non-custodial activity generally should not create money transmission exposure, yet some litigation theories and court decisions have pointed in the opposite direction. The Clarity Act helps create clearer statutory boundaries for decentralized and non-custodial activity.”

Tomunen’s framing captures exactly why the carve-out matters beyond DeFi protocol operators. Disclosure reform and developer liability have both been festering problems with no clear statutory resolution for years. Sections 309 and 409, combined with the bill’s disclosure framework, are the first federal attempt to address both at once.

DeFi Winners: Validators, Open-Source Developers, DAOs and Permissionless Protocols

The CLARITY Act could become one of the most important regulatory shifts yet for decentralized finance, offering long-awaited legal protections to validators, sequencers, open-source developers, DAOs, and decentralized protocols operating without custodial control. 

By distinguishing infrastructure providers and software builders from traditional financial intermediaries, the bill aims to reduce regulatory uncertainty that has hung over the DeFi sector for years while creating clearer disclosure standards for crypto projects operating in the US. 

Validators and Sequencers

Node operators who validate transactions or sequence blocks on layer-2 networks have operated in legal gray territory since the first L2 launched. If courts treated their activity as financial intermediation, they could face broker-dealer or money transmission registration requirements. Sections 309 and 409 explicitly exclude this activity. Validators and sequencers provide computational work, not custody. That distinction now has statutory backing.

Open-Source Software Developers

Developers writing non-custodial smart contracts or deploying permissionless protocols get direct protection from securities law and state money transmission claims. The bill covers “activities related solely to software development,” which is broad enough to protect most legitimate open-source builder activity.

Decentralized Autonomous Organizations (DAOs)

DAOs receive explicit recognition under the CLARITY Act. The bill states that a DAO ‘would not be treated as a single person for purposes of the control provisions of the securities laws.’ This directly addresses one of the core legal ambiguities that had exposed DAO participants to liability: the fear that a distributed group of token holders could be treated collectively as a single controlling entity. Under this framework, a DAO with dispersed governance that clears the 20% threshold is not a securities issuer simply by virtue of existing.

Protocols with Genuine Decentralization

DeFi lending protocols, AMMs, liquidity pool platforms, and similar infrastructure that genuinely operates without custodial control or concentrated governance stand to benefit most. These systems remain outside CFTC and SEC registration frameworks as long as they meet the decentralization criteria. No registration fees, no compliance overhead, no broker-dealer licensing.

Builders Who Needed Disclosure Standards

As Tomunen notes, the absence of clear disclosure standards had actually pushed some projects toward less transparency. When there are no rules, legal teams advise silence. The CLARITY Act’s disclosure framework gives builders a roadmap that makes responsible transparency safer, not riskier.

Cathy Yoon, General Counsel at Harmonic, told CCN:

“Clarity advancing out of committee with bipartisan support is a major step forward for the industry. Moving from markup toward a full Senate vote signals growing recognition that not every participant in crypto is acting as a financial intermediary. Thoughtful legislation can create rules for custodians and centralized actors while still preserving space for permissionless infrastructure (such as validators and sequencers), open networks, and software developers to continue innovating responsibly in the US.”

Who Loses: Concentrated Governance Protocols, Treasury’s Sanctions Push and Pseudo-DeFi Projects

Not every DeFi project benefits equally from the CLARITY Act. Protocols with concentrated governance, custodial elements, or centralized control structures could still face securities compliance and SEC oversight, particularly if insiders retain significant influence over tokens or platform operations. 

The bill also leaves unresolved questions around Treasury’s authority to sanction non-custodial DeFi protocols, after a proposed amendment targeting services like Tornado Cash failed to pass during committee markup.

Protocols with Concentrated Governance

Projects that brand themselves as DeFi but where a founding team, VC firm, or small group of insiders holds more than 20% of token supply or governance rights will not qualify for the Section 309/409 exclusion. They fall back into the securities framework, where their tokens are investment contract assets and their platforms may require SEC registration. For a large number of projects that call themselves decentralized but fail this test, that is a material compliance burden.

Hybrid Models with Custodial Components

If a platform holds user assets at any point, even briefly or under a smart contract wrapper that a controlling entity can upgrade or freeze, it likely will not qualify for the DeFi exclusion. The carve-out is for genuinely non-custodial infrastructure. Platforms that route through centralized backstops may not pass.

Treasury’s DeFi Sanctions Push

Senator Elizabeth Warren introduced an amendment during the May 14 markup that would have given the Treasury Department explicit authority to sanction DeFi services, directly targeting protocols like Tornado Cash, the mixer Treasury sanctioned in 2022 before courts partially unwound that action.

Warren’s amendment was rejected on straight party lines, 11 in favor and 13 against, with all 13 Republicans voting no. That rejection is a direct win for non-custodial protocols. Treasury’s authority to sanction immutable, code-based infrastructure remains legally contested, and Congress just created a legislative record showing it specifically considered and declined to hand Treasury that power. That record matters in future litigation. DeFi protocols fighting sanctions actions can now point to this vote as evidence Congress drew a deliberate line.

Warren’s Tornado Cash Amendment: What It Was and Why It Failed

Warren’s rejected amendment proposed granting Treasury ‘the authority to sanction DeFi services’ of the kind used against Tornado Cash in 2022. The Tornado Cash case had been partially unwound by court rulings finding the Treasury lacked statutory authority to sanction immutable smart contract code.

Warren’s amendment would have legislatively restored and expanded that authority. Every Democrat voted for it. Every Republican voted against.

Two practical consequences follow from that rejection:

• First, Treasury’s DeFi sanctions authority remains in legal limbo until further court decisions or separate legislation resolves it.
• Second, DeFi protocols now have a stronger legislative record showing Congress specifically considered and declined to expand sanctions authority over non-custodial code, which could carry weight in future litigation.

What the DeFi Carve-Out Still Does Not Cover

Sections 309 and 409 are significant, but they are not a blanket DeFi immunity provision. Several major questions remain open:

• DeFi lending protocols: Excluded from registration requirements but given no affirmative licensing framework or safety harbor. ‘We are not regulating this yet’ is not the same as ‘this is fully legal and protected in all contexts.’
• Prediction markets: Sections 309 and 409 do not touch CFTC Regulation 40.11 on event contracts. Federal vs. state jurisdiction over on-chain prediction markets continues through separate CFTC rulemaking and litigation.
• NFTs: Title V mandates a study on non-fungible tokens but does not classify or regulate them. NFT marketplaces remain in unresolved territory.
• AML at the application layer: Senator Warner’s adopted amendment directed regulators to develop rules for how Bank Secrecy Act anti-money laundering obligations apply to non-fully-decentralized protocols. Projects that centralize their front-end or application layer may still face AML compliance questions even if their underlying smart contracts qualify for the Section 309/409 exclusion.

Avery Ching: Builder Input Is Shaping America’s Crypto Framework 

The CLARITY Act’s advancement has also drawn strong support from major blockchain infrastructure companies, many of which see the bill as a turning point for regulatory certainty in the US crypto industry. Industry leaders argue that clearer market structure rules could help keep blockchain innovation and talent within the United States rather than pushing projects offshore. 

Avery Ching, CEO of Aptos Labs, told CCN:

“The Clarity Act moving forward to the Senate floor today is a critical step towards building a digital asset market structure framework for the United States. There is still work ahead to get the details right, but real momentum toward thoughtful, well-designed matters for our shared goal of keeping American blockchain innovation growing here at home. I had the privilege of testifying before the House Agriculture Committee last June on the need for clear market structure rules, and I was honored to have that perspective included in the committee’s official report on the Clarity Act. Builder input is necessary to create the very best framework for digital assets, and I am grateful to the lawmakers engaged with our industry for the opportunity to keep contributing to this conversation. The next generation of financial infrastructure is already being built. The question is whether America creates the environment for that innovation to scale responsibly here.”

Ching’s point about builder testimony making it into the official committee record is worth noting. On-chain infrastructure companies were treated as authoritative drafting voices in this process, not just lobbying footnotes. That shift in how Congress engages with crypto builders is itself a meaningful development.

Remaining Legislative Path Before CLARITY Act Becomes Law

Clearing the Senate Banking Committee is one step in a long chain. Here is what still has to happen:

• Senate Agriculture Committee Reconciliation: The Banking Committee version must be reconciled with the Senate Agriculture Committee’s Digital Commodity Intermediaries Act, which passed the Ag Committee in January 2026. The Agriculture Committee’s draft has a DeFi section that is still bracketed and incomplete. That reconciliation process could alter Sections 309 and 409.
• Full Senate Floor Vote: Once reconciled, the merged bill needs 60 Senate votes to pass. Republicans hold 53 seats, meaning at least 7 Democrats must cross over. Both Gallego and Alsobrooks made clear their committee votes do not guarantee floor votes, particularly without a resolved ethics provision covering government officials profiting from crypto.
• House-Senate Reconciliation: After Senate passage, the bill must be reconciled with the House’s version of the CLARITY Act, which passed last year. Changes to the DeFi carve-out language in the Senate version must survive that process intact.
• Presidential Signature: President Trump’s administration has signaled support for crypto-friendly legislation but has drawn a hard line against any ethics provision targeting the presidency specifically. That conflict remains unresolved heading into the floor vote.

Industry sources and lawmakers have indicated the floor vote needs to happen by August 2026, before the legislative calendar tightens ahead of November midterm elections.

Why Sections 309 and 409 Could Reshape Crypto Regulation in the US

Sections 309 and 409 of the CLARITY Act represent the first time US federal legislation has drawn a clear, codified line between regulated financial intermediaries and non-custodial, permissionless infrastructure. Validators, open-source developers, DAOs, and genuinely decentralized protocols stand to gain real legal clarity for the first time.

Losers are not hard to identify: projects with concentrated governance that cannot clear the 20% control threshold, pseudo-DeFi platforms with custodial backstops, and the Treasury enforcement wing that lost its push to restore DeFi sanctions authority.

None of this is final. Sixty Senate votes, two committee reconciliations, and a presidential signature still stand between today’s committee win and actual law. But the raw direction of the legislation is now clear. Congress has decided, at least for now, that DeFi infrastructure is not a financial intermediary. Building permissionless protocols in America just got meaningfully safer.

FAQs

About the Author

Onkar Singh

Onkar Singh has three years of experience as a digital finance content creator. Throughout his career, he has collaborated with various DeFi projects and crypto media outlets. In his leisure time, he enjoys fitness activities at the gym and watching movies across different genres. Balancing his professional and personal interests, Onkar continues to contribute to the digital finance landscape while pursuing his hobbies.

[email protected]