Malta Asks When DeFi Is Decentralized Enough to Dodge MiCA

Malta's financial regulator wants to settle a question MiCA left open: when is a DeFi protocol decentralized enough to escape the rules entirely? The Malta Financial Services Authority put the issue out for public comment in a discussion paper published Wednesday, zeroing in on governance, accountability, and what "full decentralization" actually means in practice.

The gap is written into the law. MiCA carves out crypto services offered "in a fully decentralised manner without any intermediary," then never says where that line sits. The MFSA's read is that almost nothing clears the bar. Real protocols keep administrator keys, concentrated governance, the right to push upgrades, and control over the interfaces users actually touch. So the regulator is asking whether decentralization should be treated as a spectrum instead of an on-off switch, and whether the EU needs a standard test for when a protocol drops out of MiCA's reach.

For licensed firms, the stakes are concrete. The paper floats whether regulated crypto companies should have to run smart-contract audits, governance reviews, and risk assessments before wiring a DeFi protocol into their own products. It also sketches legal wrappers a project might adopt, naming DAOs and segregated cell companies as candidates.

The stranger idea is what the MFSA calls guardian agents. It defines them as automated mechanisms that "monitor, evaluate, and constrain the behaviour of other autonomous systems to ensure compliance with predefined objectives and risk tolerances." Compliance enforced by code watching other code.

For now it is a consultation, not a rule. The MFSA is taking written responses until July 10, with the definition of "fully decentralised" still unwritten.