As the digital asset industry grapples with regulatory ambiguity, companies face a critical challenge: how to innovate and operate commercially while navigating the SEC's evolving enforcement approach and uncertain securities law application. From token offerings to DeFi protocols to NFT platforms, the question of what triggers securities regulation remains frustratingly unresolved—creating both legal risk and business complexity for an industry eager for clarity.

In this essential Q&A, Michael Fluhr, Of Counsel at DLA Piper, provides authoritative guidance on surviving and thriving in today's uncertain regulatory environment. Recognized as a Cryptocurrency/Blockchain/Fintech Trailblazer by the National Law Journal, Fluhr has earned national prominence for his innovative defense of digital asset companies in high-stakes litigation. As co-editor of the American Bar Association's comprehensive book "Cryptocurrency and Digital Asset Regulation: A Practical Guide for Multinational Counsel and Transactional Lawyers," and a sought-after speaker on blockchain law issues, he brings unparalleled expertise to the intersection of securities law and emerging technology.

His practice spans the full spectrum of digital asset legal challenges—from defending DeFi protocol founders against securities fraud claims to advising major film studios on NFT platform launches, professional sports teams on digital collectibles, and exchanges on regulatory compliance. Recent victories include securing appellate affirmation of dismissal in a high-profile DeFi case and defeating injunctions that threatened tens of millions in cryptocurrency sales.

With the SEC dismissing several enforcement actions while simultaneously issuing new guidance on staking, stablecoins, and meme coins, and with the GENIUS Act establishing clearer boundaries for certain stablecoins, the regulatory landscape continues to shift rapidly. Yet fundamental questions remain unanswered, leaving companies to operate with calculated risk tolerance rather than clear rules of the road.

Key Topics Covered:

• Current state of SEC enforcement and what recent dismissals really signal
• Practical frameworks for securities law analysis of tokens, NFTs, and DeFi protocols
• Strategic approaches to minimize U.S. regulatory risk while maintaining commercial viability
• The role of decentralization in regulatory strategy and its acceptance in legal circles

Question 1: With the SEC’s continued enforcement approach to crypto regulation, and ongoing uncertainty about which digital assets qualify as securities, how are you advising clients to navigate the current regulatory environment?

From the industry’s perspective, material uncertainty remains concerning what digital assets the SEC considers to be securities. 

Years ago, SEC staff, commissioners, and divisions began issuing various warnings and general guidelines about the potential reach of securities law in the digital asset space. In more recent years, the SEC ramped up enforcement action in non-fraud cases and took what many considered to be an expansive interpretation of securities law. The SEC won several of these cases but more recently dismissed several more, leading many to question the SEC’s current position. More recently, the SEC Division of Corporation Finance issued interpretive guidance on specific assets and activities, such as staking, stablecoins, and meme coins. The issue remains relatively untouched at the appellate and Supreme Court levels. Thus, material uncertainty remains, and no unified theory of application of securities law in the digital asset space has garnered consensus. 

Against this backdrop, clients have had to operate and innovate in the context of some legal uncertainty, understanding the various risks. Some risks, such as SEC enforcement outside of the fraud space, may have decreased. But clients should understand the SEC’s dismissals may reflect political considerations, enforcement priorities, or other considerations besides a change in legal analysis. 

Additionally, absent legislative intervention or countervailing caselaw, including from appellate courts, the risk of private enforcement, by plaintiffs in civil cases, may remain as strong as ever.

Question 2: Given recent court decisions and enforcement actions, what practical frameworks are emerging for determining when tokens, NFTs, or DeFi protocols might trigger securities laws?

As discussed above, the extent to which different types of digital assets may qualify as securities raises a very fact-specific inquiry and remains an open legal question, on which the industry, courts, and the SEC have offered differing analyses. While a firmer resolution may have to await Supreme Court review, appellate consensus, or clarifying legislation, several sources of analytical frameworks have emerged, albeit not always consistent.

 In 2019, the SEC Division of Corporation Finance issued a non-binding “Framework” setting forth numerous factors that the Division suggested might trigger application of securities laws. Many lawyers at least consider these factors when advising clients in the space. That said, the SEC has recently dismissed several enforcement actions, so its current position on these factors remains unclear. Additionally, absent clarifying legislation, courts are the ultimate interpreters of the scope of securities laws.

On that score, a number of lower courts have issued opinions weighing in on this issue. Many of these courts have sided with the SEC, at least in part, though the opinions aren’t necessarily consistent with each other. Still, these opinions at least inform analysis of the application of securities laws and how other courts may view the issue.

More recently, the GENIUS Act established or clarified the limits of securities law as applied to certain stablecoins. Also, the SEC Division of Corporation Finance has issued additional non-binding guidance on application of securities laws to specific types of digital assets and activities, including staking, stablecoins, and meme coins. While somewhat limited, projects offering such products would do well to at least consider the GENIUS Act and these guidelines as appropriate.

Question 3: How should projects structure their offerings and ongoing operations to minimize regulatory risk while maintaining commercial viability?

In my view, there is no one size fits all approach. Given the material uncertainty outlined above, projects must understand the risks of various approaches and assess based on their own business and technological goals and on their risk tolerance. 

There are several strategies that projects may consider to reduce US regulatory risk. Many projects exclude the US altogether from various product offerings (such as token sales or DeFi user interfaces). This strategy can be effective in that US regulations often apply only to interactions with persons in the US or US persons abroad. That said, this strategy often isn’t foolproof. For example, assets sold abroad may find their way to US persons on secondary markets, potentially triggering US regulations. Projects should also know that their location often plays less of a role in triggering US regulations than the location of ultimate users, and many projects are surprised to learn that locating abroad doesn’t always avoid US regulation.

Separately, certain types of activities are believed riskier than others. Some types of projects have operated for many years in the US without material regulatory objection, while other types have received intense regulatory scrutiny and generally attempt to avoid direct US contact. 

On a more controversial note, one school of thought holds that “decentralizing” various activities (moving them onto a decentralized network) can avoid regulatory reach. Some have argued, for example, that native tokens on a decentralized chain aren’t securities under Howey or that decentralized exchanges aren’t regulated by the ’34 Exchange Act. This theory has received mixed acceptance in many legal circles. Nevertheless, in my view, it has material appeal and is in many ways consistent with the ethos of blockchain. 

Ultimately, many projects must accept at least a certain level of uncertainty (if not risk) in the regulatory landscape to operate in the US. This is unfortunate, as many projects simply want to build their technology and business and would eagerly comply with clear, workable regulations. I think many in the industry are hopeful (if not optimistic) that regulators, legislators, and courts will perceive and remedy these ambiguities.

Want to contribute to our Q&A series? If you're a legal expert in the web3/AI space and would like to share your expertise by joining our Q&A series, please reach out to hi@databirdjournal.com