An EU view on the SEC-CFTC joint interpretative release and MOU on crypto-assets

RegCORE Client Alert | EU Digital Single Market, financial services and crypto-assets

Quick Take

The United States’ Securities and Exchange Commission (SEC), in coordination with the Commodity Futures Trading Commission (CFTC), has issued a landmark joint interpretative release (Release Nos. 33-11412 / 34-105020, dated 17 March 2026)Available along with a factsheet here.Show Footnote providing comprehensive guidance on the application of U.S. federal securities laws to crypto-assets. This release was preceded by a formal Memorandum of Understanding (MOU) between the SEC and CFTC dated 11 March 2026,Available here.Show Footnote which establishes the institutional architecture for inter-agency coordination and supersedes the prior 2018 MOU.

The interpretative release supersedes prior staff guidance, including the 2019 "Framework for Investment Contract Analysis of Digital Assets," and represents a significant departure from the SEC's previous "regulation by enforcement" approach-an approach that has been criticised for creating regulatory uncertainty for market participants and failing to provide clear ex ante guidance. The interpretation was developed under "Project Crypto," a joint SEC-CFTC initiative to harmonise federal oversight of crypto-asset markets, informed by extensive public input received through the Crypto Task Force established in January 2025. This shift reflects a broader attempt to integrate crypto-assets into the mainstream regulatory architecture, overcoming the fragmented approach that had previously characterised the U.S. system.

Together, these instruments represent a fundamental reorientation of U.S. crypto regulation-from enforcement-led ambiguity to a structured, taxonomy-based framework underpinned by formalised inter-agency coordination. The regulatory responses analysed in this Client Alert can be understood not merely as technical exercises in financial regulation, but as expressions of deeper institutional choices concerning the future of private money. Stablecoins and other crypto-assets challenge the traditional architecture of monetary systems by allowing private actors to issue digital instruments that may function as money-like assets within payment systems and financial markets. This Client Alert examines the substance of both instruments, compares the emerging U.S. framework with MiCAR and the broader EU legislative architecture, and assesses the implications for EU-regulated firms and U.S. firms operating in the EU.

The SEC-CFTC Memorandum of Understanding

The MOU establishes a formalised framework for coordination, information-sharing and harmonisation between the SEC and CFTC in areas of common regulatory interest. It is driven by a recognition that financial markets are "evolving rapidly and becoming more interconnected through global technologies", and that "[n]ew trading models, digital infrastructure, and on-chain, automated systems increasingly blur traditional jurisdictional lines". The MOU commits both agencies to provide "regulatory clarity and certainty built on technology-neutral regulations" and to "closely coordinat[e] and cooperat[e] to remove obstacles where appropriate, to the lawful introduction of novel derivative products, crypto-asset products, or other products".

A key feature of the MOU is the concept of "Covered Firms", defined broadly to include firms that are dually registered with both agencies-for example, firms registered both as broker-dealers and futures commission merchants, or as investment advisers and commodity pool operators/commodity trading advisors, or as clearing agencies and derivatives clearing organisations. This creates a single coordination framework for the many financial institutions that straddle both regulatory regimes.

The MOU sets out five guiding principles:

1. respect for statutory mandates, with an express commitment to "reject a 'turf war' mentality"; 
2. regulatory efficiency, including a commitment not to "regulat[e] through enforcement"; 
3. good faith collaboration; 
4. regulatory clarity and consistency; and 
5. functional and risk-based regulation.

The MOU reflects a shared commitment to a "'minimum effective dose' regulatory strategy" and expressly contemplates facilitating "alternative compliance" and enabling "a path for appropriately tailored and regulated 'super-apps'". This signals a willingness to accommodate innovative market structures that combine multiple financial services within a single platform.

The MOU establishes detailed procedures for coordinated examinations of Covered Firms to "avoid duplicative examinations", and for coordinated enforcement, including consultation at the outset of overlapping investigations, conferring on potential charges and relief and coordinating public communications. The MOU predates the interpretative release by six days and provides its institutional foundation, with Article III expressly identifying "providing a fit-for-purpose regulatory framework for crypto-assets and other emerging technologies" as a core area for coordination.

Building on this institutional foundation, the interpretative release introduces a comprehensive token classification system.

U.S. crypto-asset taxonomy: The five-category classification

A central feature of the interpretative release is the introduction of a coherent token taxonomy classifying crypto-assets into five categories based on their characteristics, uses and functions:

1. Digital Commodities = Not Securities: Digital commodities are crypto-assets intrinsically linked to and deriving their value from the programmatic operation of a "functional" crypto system, as well as supply and demand dynamics, rather than from any expectation of profits from the essential managerial efforts of others. The SEC has named specific tokens falling within this category, including Bitcoin (BTC), Ether (ETH), Solana (SOL), XRP, Cardano (ADA), Chainlink (LINK), Dogecoin (DOGE), Polkadot (DOT) and others. The CFTC has joined the interpretation to confirm that certain non-security crypto-assets could meet the definition of "commodity" under the Commodity Exchange Act.
2. Digital Collectibles = Not Securities: Digital collectibles are crypto-assets designed to be collected or used, representing artwork, music, videos, trading cards, in-game items or digital representations of memes, characters or cultural trends. They do not have intrinsic economic properties such as generating passive yield or conveying rights to future income. This category expressly includes meme coins, the value of which is driven by supply and demand rather than by essential managerial efforts. However, the SEC has cautioned that fractionalised digital collectibles may constitute securities.
3. Digital Tools = Not Securities: Digital tools are crypto-assets performing a practical function such as a membership, ticket, credential, title instrument or identity badge. Their value is derived from functional utility, and they often are non-transferable or "soul-bound". Persons acquire digital tools for their functional utility and do not acquire any rights or interest in a business enterprise.
4. Stablecoins = Conditional Treatment: Payment stablecoins issued by a "permitted payment stablecoin issuer" under the GENIUS Act are categorically excluded from the definition of "security". The GENIUS Act prohibits such issuers from paying interest or yield solely in connection with holding the stablecoin. Other stablecoins, including "Covered Stablecoins" as described in the prior Staff Stablecoin Statement,See here.Show Footnote are also treated as not involving the offer and sale of securities, though stablecoins falling outside these categories may meet the definition of "security" depending on facts and circumstances.
5. Digital Securities = Securities: Digital securities (or "tokenised securities") are financial instruments enumerated in the definition of "security" formatted as or represented by a crypto-asset. The SEC has emphasised that a security is a security regardless of whether it is issued off-chain or on-chain.

Beyond this taxonomy, a critical question remains: when does a non-security crypto-asset become subject to securities regulation?

The investment contract analysis: formation and separation

A non-security crypto-asset becomes subject to an investment contract when an issuer offers it by inducing an investment of money in a common enterprise with representations or promises to undertake essential managerial efforts from which a purchaser would reasonably expect to derive profits.

The SEC has clarified that a purchaser's expectations must be based on representations or promises made by the issuer (or its affiliates and agents), not unaffiliated third parties; that such representations must be conveyed prior to or contemporaneously with the offer or sale; and that reasonable expectations may be formed from written or oral agreements, public communications, regulatory filings, white papers or documents clearly attributable to the issuer.

Critically, the SEC has confirmed that the fact that a non-security crypto-asset is subject to an investment contract does not transform the crypto-asset itself into a security.

The SEC has provided guidance on how a non-security crypto-asset may separate from an investment contract: 

1. Fulfilment of Representations or Promises-the investment contract ceases to exist once the issuer has fulfilled the essential managerial efforts it represented or promised it would undertake; or 
2. Failure to Satisfy Representations or Promises-an investment contract also ceases where a purchaser could no longer reasonably expect the issuer to fulfil its representations, for example where a sufficiently long period has passed without performance, or the issuer publicly abandons the project. However, the SEC has stressed that issuers remain potentially liable under anti-fraud provisions for material misstatements or omissions even after an investment contract ceases to exist.

Protocol mining, protocol staking, wrapping and airdrops

The March 2026 interpretative release also provides specific guidance on common crypto activities and their treatment under U.S. federal securities law.

• Protocol Mining and Protocol Staking = Not Securities Transactions: The SEC has interpreted that Protocol Mining (on PoW networks) and Protocol Staking (on PoS networks), as described in the release, do not involve the offer and sale of a security. This extends across solo mining/staking, self-custodial staking with a third party, custodial staking and liquid staking. The SEC considers the activities of service providers-including node operators, custodians and liquid staking providers-to be "administrative or ministerial" in nature, not constituting essential managerial efforts. Staking Receipt Tokens issued in liquid staking arrangements are treated as receipts for non-security crypto-assets and therefore also fall outside the definition of "security," provided the underlying deposited asset is itself a non-security crypto-asset not subject to an investment contract.
• Wrapping = Not a Securities Transaction: The wrapping of a non-security crypto-asset (i.e., depositing a crypto-asset with a custodian or cross-chain bridge and receiving a Redeemable Wrapped Token on a one-for-one basis) does not involve the offer and sale of a security, provided the underlying asset is a non-security crypto-asset not subject to an investment contract. The wrapping process is characterised as administrative or ministerial.
• Airdrops = Not Securities Transactions (in Covered Circumstances): Airdrops of non-security crypto-assets to recipients who do not provide consideration in exchange for the airdropped tokens do not satisfy the "investment of money" prong of the Howey test and therefore do not give rise to investment contracts. However, if recipients provide consideration (such as performing a service) in exchange for the airdropped token, the interpretation does not apply.

Comparative Analysis: U.S. Framework vs MiCAR and EU Legislation

Having examined the U.S. framework in detail, it is important to contrast how it compares with the EU's regulatory approach under MiCAR. These comparative differences are not merely technical-they reflect deeper divergences in regulatory philosophy. Whereas the EU has created a new and self-contained legislative regime through MiCAR specifically designed for crypto-assets, the U.S. has chosen to interpret existing regulatory frameworks and adapt them to digital asset markets. This difference in legislative design reflects a broader divergence: the EU treats crypto-assets as a new class of financial instrument requiring a dedicated regulatory framework, whilst the U.S. seeks to apply traditional securities and commodities law to new technological contexts.

a. Asset Classification Comparison: The U.S. framework introduces five categories (digital commodities, digital collectibles, digital tools, stablecoins and digital securities), whereas MiCAR establishes three categories (asset-referenced tokens, e-money tokens and "other" crypto-assets). Under the U.S. framework, digital tools and digital commodities are categorically not securities, whilst utility tokens under MiCAR are "other" crypto-assets subject to white paper obligations and conduct rules. NFTs and collectibles are categorically not securities under the U.S. framework (including meme coins), whereas MiCAR's Recital 10 carves out "unique and non-fungible" crypto-assets but may bring fractionalised or large-series NFTs within scope. 

b. Named Tokens: A significant feature of the U.S. framework is the naming of specific tokens (BTC, ETH, SOL, XRP, ADA, LINK, DOGE, DOT, etc.) as non-securities, providing bright-line certainty. MiCAR does not classify individual tokens; classification depends on structural features assessed on a case-by-case basis. Tokenised securities remain fully subject to federal securities laws under the U.S. framework and are excluded from MiCAR scope under Article 2(4)(a), remaining subject to MiFID II, the Prospectus Regulation, etc.

The points in (a) and (b) can be expressed visually as follows:

c. Stablecoin Treatment: GENIUS Act payment stablecoins are excluded from "security" by statute under the U.S. framework, with Covered Stablecoins also not securities by interpretation. Under MiCAR, e-money tokens require e-money institution or credit institution authorisation, and asset-referenced tokens require specific authorisation and reserve requirements. Both frameworks prohibit yield/interest on regulated stablecoins and require at-par redemption rights.

The points under (c) above can be expressed visually as follows:

d. Regulatory Architecture Comparison: The SEC and CFTC act jointly, coordinated via the MOU, whereas in the EU, ESMA and EBA serve as lead regulators with national competent authorities (EBA leads for ARTs and EMTs). The U.S. framework provides no bespoke crypto licensing-existing securities/commodities frameworks apply where applicable-whilst MiCAR requires comprehensive licensing for CASPs, ART issuers and EMT issuers. The U.S. framework expressly repudiates "regulation by enforcement" and commits to "fair notice," whereas MiCAR operates an ex ante authorisation and supervision model.
 
e. Super-Apps and Passporting: The MOU expressly facilitates "super-apps" and alternative compliance, whereas MiCAR permits CASPs to provide multiple crypto-asset services under a single authorisation but each service must meet specific conduct requirements. MiCAR authorisation provides an EU-wide passport for CASPs-a feature not applicable in the single U.S. federal jurisdiction. MiFID II firms may provide certain CASP services under a simplified notification procedure under MiCAR Article 60.

The points under (d) and (e) above can be expressed visually as follows:

f. Treatment of Key Activities: Protocol staking (solo, self-custodial, custodial, liquid) is categorically not a securities transaction under the U.S. framework. Under MiCAR, staking is not specifically addressed but may fall within "crypto-asset services" if provided to third parties; ESMA has indicated staking services may require CASP authorisation. Protocol mining is similarly carved out in the U.S. but not addressed in MiCAR. Wrapping of non-security crypto-assets is not a securities transaction under the U.S. framework but may implicate custody and exchange obligations under MiCAR depending on structure. Airdrops without consideration do not satisfy the Howey "investment of money" prong in the U.S., whilst MiCAR white paper exemptions may apply where crypto-assets are provided free of charge.

g. Secondary Market Trading: Under the U.S. framework, non-security crypto-assets that have separated from an investment contract can trade freely. Under MiCAR, all crypto-asset trading platforms must be authorised CASPs with no "separation" concept-ongoing conduct obligations apply regardless of any detachment from an initial offering.

The points under (f) and (g) above can be expressed visually as follows:

These regulatory divergences have significant practical consequences for market participants operating across both jurisdictions. The differing approaches to reserve composition, redemption rights and supervisory structures create challenges for globally operating firms seeking to comply with multiple regimes simultaneously. A stablecoin designed to comply with the U.S. framework's restrictive reserve requirements may not align with business models contemplating broader reserve diversification permitted under MiCAR, and vice versa. These tensions may lead to jurisdiction-specific products rather than globally uniform offerings.

Key implications for EU firms operating in the U.S.

For EU firms operating in the U.S. these recent changes may have a number of impacts, such as but not limited to: 

• Dual compliance burden: EU firms operating in or servicing clients in the United States will need to navigate two fundamentally different regulatory architectures. MiCAR imposes comprehensive ex ante authorisation and ongoing conduct obligations on crypto-asset service providers, whereas the U.S. framework is largely interpretative and taxonomy-driven, relying on existing securities/commodities law where applicable. This divergence creates a significant dual compliance burden, particularly for firms offering cross-border services. A stablecoin or crypto-asset product designed to comply with MiCAR's requirements may require material adaptation to align with the U.S. framework's classifications and carve-outs, and vice versa.
• Staking services: The SEC's express carve-out of protocol staking activities-including custodial and liquid staking-from securities regulation is a material development for EU firms offering staking-as-a-service. Under MiCAR, such services may require CASP authorisation and must comply with conduct-of-business rules. EU firms providing staking services to U.S. clients should note the SEC's express limitations: if a service provider guarantees or sets the amount of rewards, or exercises discretion over whether, when, or how much to stake, the carve-out does not apply. Firms must therefore carefully design their service models to remain within the described parameters in both jurisdictions.
• Stablecoin issuance: EU stablecoin issuers authorised under MiCAR (whether as EMT or ART issuers) will not automatically qualify as "permitted payment stablecoin issuers" under the GENIUS Act, which requires formation in the United States and specific U.S. regulatory approvals. This creates a market access barrier for EU issuers seeking to distribute stablecoins in the U.S. market. Conversely, the GENIUS Act contemplates a regime for "foreign permitted stablecoin issuers" registered with the Comptroller of the Currency, which may provide a pathway for EU issuers, though such issuers' stablecoins would be treated as "Covered Stablecoins" rather than benefiting from the full statutory exclusion.
• Competitive dynamics: The U.S. framework's express naming of major tokens as non-securities and its categorical carve-outs for staking, mining, wrapping and airdrops may attract crypto-asset activity to the U.S., potentially at the expense of the EU, which imposes more prescriptive requirements. The SEC's expectation that the interpretation will "reduce the perceived risk of engaging in the crypto-asset markets and encourage more crypto-asset activity in the United States" signals a deliberate competitive strategy. Whilst MiCAR is expected to reduce legal uncertainty concerning redemption rights, disclosure and prudential safeguards, it may also raise entry costs and, to a certain extent, dampen market dynamism. EU firms may face pressure to advocate for a more accommodating MiCAR implementation or Level 2 measures.
• The MOU's "Super-App" concept: The MOU's facilitation of "super-apps"-platforms combining multiple regulated financial services-represents a significant departure from the EU's approach, where different activities (e.g., investment services, payment services and crypto-asset services) generally require separate authorisations under MiFID II, PSD2/PSD3 and MiCAR respectively. EU firms competing with U.S. platforms that are able to consolidate services under alternative compliance frameworks may find themselves at a competitive disadvantage.
• Secondary market trading: The release's treatment of secondary market transactions is particularly noteworthy. Where a non-security crypto-asset has separated from an associated investment contract-whether by fulfilment or abandonment-secondary market sales are not securities transactions. This provides important clarity for exchanges and trading platforms, but also requires ongoing monitoring of whether issuer representations remain connected to traded assets. Under MiCAR, by contrast, all trading platforms must be authorised CASPs and ongoing conduct obligations apply irrespective of any "separation" from an initial offering.
• Access to enhanced legal certainty: The SEC expects the interpretation to reduce uncertainty and compliance costs for market participants, potentially spurring competition and innovation. The named examples of digital commodities (including BTC, ETH, SOL, and XRP) provide a degree of bright-line certainty previously absent from U.S. crypto regulation. EU firms with exposure to these assets may benefit from reduced U.S. regulatory risk.

Whilst the above considerations apply to EU firms, U.S. firms seeking to operate in the EU face their own distinct set of challenges.

Key implications for U.S. firms operating in the EU

For U.S. firms operating in the EU or with EU customers, there are a number of considerations – some of these may include: 

• MiCAR authorisation requirements: U.S. firms operating in the EU must obtain CASP authorisation under MiCAR, irrespective of their U.S. regulatory status. The U.S. framework's taxonomy and carve-outs have no legal effect in the EU. A U.S. firm that treats protocol staking as a non-regulated activity under the SEC's interpretation will still need to comply with MiCAR's requirements if it offers staking services to EU clients. Similarly, tokens classified as "digital commodities" in the U.S. (and therefore not securities) may nonetheless fall within MiCAR's scope as "other" crypto-assets, requiring compliance with white paper, disclosure, and conduct obligations.
• Stablecoin distribution: U.S. stablecoin issuers seeking to distribute payment stablecoins in the EU must comply with MiCAR's EMT or ART regime, regardless of their GENIUS Act status. This includes meeting reserve composition and custody requirements, establishing redemption mechanisms, and (for significant stablecoins) enhanced capital and liquidity buffers. The GENIUS Act's prohibition on yield aligns with MiCAR's similar restriction, but other requirements diverge materially.
• No equivalence framework: Neither MiCAR nor the U.S. framework currently provides for mutual recognition or equivalence determinations in the crypto-asset space. This contrasts with, for example, the MiFID II/MiFIR third-country equivalence regime for investment firms. U.S. firms cannot rely on their SEC or CFTC registration to obtain passporting rights in the EU and must establish EU-authorised entities. The jurisdictional tensions between these frameworks highlight the challenges of regulating inherently borderless technologies through national or regional legislation. International coordination efforts through bodies like the Financial Stability Board, Bank for International Settlements, and IOSCO aim to promote convergence and reduce fragmentation, but achieving meaningful harmonisation remains difficult given different policy priorities and regulatory traditions.
• AML/CFT and Transfer of Funds: The SEC's interpretation expressly states that it does not interfere with the Bank Secrecy Act or the Anti-Money Laundering Act. U.S. firms operating in the EU must additionally comply with the EU's Anti-Money Laundering framework (including the forthcoming AMLA and the new single EU AML Regulation), the Transfer of Funds Regulation (including the "travel rule" for crypto-asset transfers under Regulation (EU) 2023/1113), and MiCAR's own AML/CFT provisions. The coordination envisaged by the MOU does not extend to transatlantic AML coordination, which remains governed by separate bilateral arrangements and FATF standards.
• Data sharing and supervisory cooperation: The MOU's detailed provisions on data sharing and coordinated examinations are confined to SEC–CFTC cooperation and do not establish any framework for cooperation with EU authorities. U.S. firms operating in the EU should be aware that ESMA and national competent authorities will have independent supervisory and examination powers under MiCAR, and that EU-U.S. supervisory cooperation in the crypto space will depend on separate bilateral MOUs between ESMA/NCAs and the SEC/CFTC.
• Continuing enforcement risk: Firms should note that the interpretation does not create a safe harbour from anti-fraud liability. Issuers remain subject to the anti-fraud provisions of the federal securities laws for material misstatements or omissions, even where an investment contract has ceased to exist. The release is the SEC's "first step" towards a clearer framework, and further rulemaking – including potential revisions based on public comment – is anticipated.

Looking ahead, these developments signal a new era for transatlantic crypto regulation.

Outlook

The combination of the SEC–CFTC MOU and the joint interpretative release represents a paradigm shift in U.S. crypto-asset regulation, moving from an enforcement-led approach towards a structured interpretative framework underpinned by formalised inter-agency coordination. These developments may be viewed as part of a broader reconfiguration of payment and monetary systems in which private digital instruments, bank-based tokenised deposits and potential central bank digital currencies might coexist within different regulatory frameworks.

For EU-regulated firms, this creates both opportunities and challenges. On the opportunity side, the U.S. framework provides greater regulatory clarity and reduced compliance uncertainty for named tokens and carved-out activities such as staking, mining, wrapping, and airdrops. On the challenge side, the regulatory divergence from MiCAR imposes a dual compliance burden, and the U.S. framework's more accommodating posture may create competitive pressure on EU firms and regulators alike. A lesson to be drawn from this comparison is that stablecoin and crypto-asset regulation is not only a question of investor protection or financial stability but also touches upon the institutional organisation of money in the digital age.

For U.S. firms operating in the EU, the key message is that the U.S. framework's carve-outs and classifications carry no legal weight in the EU; MiCAR compliance remains mandatory and independent. The absence of any equivalence or mutual recognition framework means U.S. firms must establish EU-authorised entities and comply fully with MiCAR's authorisation, conduct, and AML/CFT requirements.

Both sets of firms should closely monitor the public comment process on the interpretative release and any subsequent rulemaking, as well as potential EU-level responses to the competitive dynamics created by the U.S. framework's more accommodating approach. The emerging regulatory frameworks in the EU, U.S. and UK (as explored in a further Client Alert in this series) illustrate a broader institutional contest that is likely to shape the future evolution of digital financial systems-one in which different conceptions of the relationship between private money creation, financial stability and monetary sovereignty will continue to inform regulatory outcomes.

About us

PwC Legal is assisting a number of financial services firms and market participants in forward planning for changes stemming from relevant related developments. We have assembled a multi-disciplinary and multijurisdictional team of sector experts to support clients navigate challenges and seize opportunities as well as to proactively engage with their market stakeholders and regulators.  

Moreover, we have developed a number of RegTech and SupTech tools for supervised firms, including PwC Legal’s Rule Scanner tool, backed by a trusted set of managed solutions from PwC Legal Business Solutions, allowing for horizon scanning and risk mapping of all legislative and regulatory developments as well as sanctions and fines from more than 2,500 legislative and regulatory policymakers and other industry voices in over 170 jurisdictions impacting financial services firms and their business. 

Equally, in leveraging our Rule Scanner technology, we offer a further solution for clients to digitise financial services firms’ relevant internal policies and procedures, create a comprehensive documentation inventory with an established documentation hierarchy and embedded glossary that has version control over a defined backward plus forward looking timeline to be able to ensure changes in one policy are carried through over to other policy and procedure documents, critical path dependencies are mapped and legislative and regulatory developments are flagged where these may require actions to be taken in such policies and procedures.   

The PwC Legal Team behind Rule Scanner are proud recipients of ALM Law.com’s coveted “2024 Disruptive Technology of the Year Award” and the “2025 Regulatory, Governance and Compliance Technology Award in 2025”.  

If you would like to discuss any of the developments mentioned above, or how they may affect your business more generally, please contact any of our key contacts or PwC Legal’s RegCORE Team via de_regcore@pwc.com or our website.