How Congress Wants to Grade Crypto Decentralization

Tuesday evening's draft of CLARITY continues to bring our industry closer to well-defined rules of the road. One of the more interesting elements of the much-hyped crypto market structure bill draft is how it strictly defines rules for determining whether a crypto system is decentralized or not.

The technical term the draft uses for benchmarking whether a project remains centralized is the presence of "coordinated control," i.e., the idea that insiders under 'common control' can still direct or influence a crypto system in practice.

It's a binary classification: the project/token is either under coordinated control, or is not. If it's not, the project can take steps to certify that status with the SEC. If it is, the project keeps operating, but does so inside a disclosure-and-restriction regime aimed at corralling insiders.

Here's how the draft bill profiles these different entities. 👇

The SEC's Decentralization Criteria

The bill hands the SEC a list of criteria for identifying a lack of coordinated control.

Five carry the most weight:

• Open Code: The underlying protocol or application code is publicly available for anyone to inspect, review, or audit.
• Permissionless Participation: No person or group under common control can block, censor, or limit access to the system. The code also doesn’t give insiders special privileges or better treatment than other users.
• Ownership and Voting Concentration: No person or group under common control owns more than 49% of the token supply or governance voting power.
• Unilateral Authority: The system has reached what the bill calls an autonomous state, meaning no person or coordinated group can single-handedly change how it works, operates, or reaches consensus.
• Functional Value Mechanics: The token’s value comes from the network already being active and in use, not from promised features or functionality that haven’t launched yet.

How Influence Gets Defined

Another effort this draft bill makes is in highlighting individuals whose ownership size qualifies them for special disclosure and resale obligations. These figures, referred to as "related persons," need to meet certain criteria to qualify.

For holders who acquired their tokens directly from the party that created/distributed the token, they become a "related person" once they acquire 2% or more of the supply. For holders who bought on the open market, the bar is 10% of supply.

The bill carves out one important exception to common control that’s quite aligned with decentralization. In the latest rules, a decentralized governance system like a DAO is not inherently classified as a person or group acting under common control (as long as it doesn’t operate through centralized management).

In Case of Emergency

Under the current draft rules, projects can keep emergency security mechanisms without losing "decentralized" status, but only under tight conditions.

The fallback must be predefined, temporary, used only for a documented cybersecurity incident or imminent threat, authorized through publicly disclosed onchain mechanisms, strictly limited in scope and duration to addressing that threat, and not controlled unilaterally by any single person.

Essentially, this failsafe needs to be public beforehand, justified, narrowly scoped, and not just a big red button one person can press.

The SEC Certification Process

If projects believe they meet all these qualifications, they can file for certification with the SEC to officially classify them as not under coordinated control.

Once they do, the certification will become effective if the SEC declines to object, or 90 days pass without denial. To deny it, the agency must give 10 days' notice, hold a hearing, and vote on the findings that the project doesn't meet the standard. There is no leaving a filer in limbo. The SEC can also require third-party verification by rule, though the bill leaves the form of that verification to future rulemaking.

Not Decentralized Yet

For protocols that aren't ready for the decentralization stamp of approval, the regulatory regime they operate under resembles classic securities law, with self-monitoring and disclosure obligations triggered by token offerings, sales, or distributions.

Originators may need to publish initial and periodic disclosures covering corporate information, insider ownership, financial statements, governance, consensus mechanisms, source code, and control dependencies.

Disclosures include "if, how, and when" the system is expected to no longer be under coordinated control. The regime is a path through the controlled phase, not an end state.

But while a project sits inside this regime, insiders, like the related persons I mentioned above, face resale restrictions on covered tokens. An insider can only sell their covered tokens if the project's disclosures are on file, if their tokens have been held for at least 12 months, and if the sale stays under an SEC-set limit on how much can be sold in any rolling 12-month period. After certification, the holding period drops to 6 months and the sale limit relaxes.

The one key nuance here is that the disclosure trigger depends on project size. A project's token falls outside of needing disclosures if it raised $5M or less in gross proceeds during the 12-month window after its first offer, sale, or distribution, or averaged $5M or less in daily U.S. spot-market trading volume over a 12-month period (both adjusted for inflation).

Real Regulatory Progress

Overall, CLARITY in its current draft form takes a thoughtful approach to its decentralization framework by defining coordinated control through what insiders can still do.

The rules map onto many of the real insider issues we've seen play out over the years. Further, the framework gives projects a clearer compass for progress, with qualifications determined by external rules rather than internal claims.

While all this is subject to change, the framework is a promising step toward legal classification for projects that earn it, and a way to unmask those hiding behind false claims of decentralization.