The SEC & CFTC Joint Crypto Release: A Practitioner’s Guide to the New Asset Classification Framework

On March 17, 2026, the U.S. Securities and Exchange Commission (“Commission” or “SEC”) and the U.S. Commodity Futures Trading Commission (“CFTC”) issued a joint interpretation and guidance titled “Application of the Federal Securities Laws to Certain Types of Crypto Assets and Certain Transactions Involving Crypto Assets” (Release No. 33-11412; 34-105020) (“SEC & CFTC Release”). 

The SEC & CFTC Release is the first time the SEC has issued a Commission-level interpretation that systematically classifies crypto assets and defines the circumstances under which particular crypto assets and crypto-asset activities are, or are not, securities or securities transactions.

The SEC & CFTC Release supersedes the staff’s 2019 Framework for “Investment Contract” Analysis of Digital Assets (“Staff Framework”), as well as all prior staff statements on staking, liquid staking, meme coins, stablecoins, and proof-of-work mining referenced in the SEC & CFTC Release. Those staff statements no longer represent the operative position of the Commission. As the Commission stated: “That statement and any other staff statement referenced in this release is not a rule, regulation, guidance, or statement of the Commission, and the Commission has neither approved nor disapproved its content. Staff statements have no legal force or effect: they do not alter or amend applicable law, and they create no new or additional obligations for any person.”

This guide walks through each substantive section of the SEC & CFTC Release, including the five-category taxonomy, the investment-contract transition framework, protocol mining, protocol staking, wrapping, and airdrops, with practical analysis and hypothetical examples illustrating how the interpretation applies in practice.

I. The Five-Category Taxonomy

The SEC & CFTC Release classifies crypto assets into five categories based on their characteristics, uses, and functions: (1) digital commodities; (2) digital collectibles; (3) digital tools; (4) stablecoins; and (5) digital securities. Digital commodities, digital collectibles, and digital tools are not themselves securities. Stablecoins may or may not be securities depending on their characteristics. Digital securities are securities.

The taxonomy is not exhaustive. The Commission acknowledges that some crypto assets may not fall within any of these five categories, and some may have hybrid characteristics that place them in more than one category. Importantly, the interpretation in SEC & CFTC Release does not supersede or replace the investment contract analysis established in SEC v. W.J. Howey Co., 328 U.S. 293 (1946) (“Howey test”). Accordingly, courts will continue to apply the Howey test when evaluating whether a given crypto asset constitutes an investment contract under the federal securities laws.

A. Digital Commodities

A digital commodity is a crypto asset that is intrinsically linked to and derives its value from the programmatic operation of a “functional” crypto system, as well as supply and demand dynamics, rather than from the expectation of profits from the essential managerial efforts of others. The SEC & CFTC Release defines a crypto system as “functional” if its native crypto asset can be used on the system in accordance with the system’s programmatic utility.

A digital commodity does not have intrinsic economic properties or rights, such as generating a passive yield or conveying rights to future income, profits, or assets of a business enterprise. However, a digital commodity may convey technical rights (staking, consensus participation) and governance rights (voting on software upgrades and treasury expenditures).

The SEC specifically identifies the following tokens as digital commodities: Aptos ($APT), Avalanche ($AVAX), Bitcoin ($BTC), Bitcoin Cash ($BCH), Cardano ($ADA), Chainlink ($LINK), Dogecoin ($DOGE), Ether ($ETH), Hedera ($HBAR), Litecoin ($LTC), Polkadot ($DOT), Shiba Inu ($SHIB), Solana ($SOL), Stellar ($XLM), Tezos ($XTZ), and XRP ($XRP). The Commission notes that each of these tokens underlies an active futures contract, a factor the SEC & CFTC Release identifies as further support for digital commodity classification, though not a determinative one. The Commission also identifies Algorand ($ALGO) and LBRY Credits ($LBC) as digital commodities, notwithstanding the absence of futures contracts for these tokens, confirming that the existence of a futures market is not a prerequisite for digital commodity classification.

This is a seismic shift. Several of these tokens were previously the subject of SEC enforcement actions or enforcement threats. The explicit classification of these assets as non-securities at the Commission level effectively resolves (or at a minimum severely undermines) the basis for those prior actions. Exchanges can now list these assets without securities-law registration concerns, and intermediaries can custody and trade them without broker-dealer or alternative trading system registration. These assets are not, however, free from regulatory oversight.

The CFTC confirms in the SEC & CFTC Release that non-security crypto assets could meet the definition of “commodity” under the Commodity Exchange Act. This means digital commodities fall under the CFTC’s jurisdiction for purposes of derivatives regulation and anti-fraud/anti-manipulation enforcement.

However, market participants should note that the CFTC’s anti-fraud and anti-manipulation authority under the Commodity Exchange Act applies to spot market transactions in digital commodities, notwithstanding the current absence of comprehensive CFTC oversight authority over spot markets generally. This enforcement authority is not contingent on the existence of a derivatives nexus.

The CFTC has previously exercised this authority in connection with spot transactions involving digital commodities. Accordingly, the classification of a crypto asset as a non-security digital commodity does not insulate market participants from CFTC enforcement with respect to fraudulent or manipulative conduct in spot markets. Intermediaries operating trading platforms, providing trading advice, managing pooled investment vehicles, or acting as counterparties in leveraged or margined transactions in digital commodities should evaluate their obligations under applicable CFTC registration, capital, reporting, and customer asset protection requirements.

Hypothetical: Layer-1 Protocol Token

Suppose a team launches a new Layer-1 blockchain (call it “ABCChain”) with a native token, $ABC. The network is live and functional: $ABC is used to pay gas fees, participate in the network’s proof-of-stake consensus mechanism, and vote on protocol upgrades. $ABC does not generate passive yield and does not convey rights to any entity’s income, profits, or assets. Under the SEC & CFTC Release, $ABC would qualify as a digital commodity and would not itself be a security. The fact that the ABCChain Foundation continues to fund ecosystem development, run a grants program, and market the network does not change this classification – so long as $ABC’s value derives from the programmatic operation of the functional crypto system and supply/demand dynamics rather than from the expectation of profits from the Foundation’s managerial efforts.

B. Digital Collectibles

A digital collectible is a crypto asset that is designed to be collected or used and may represent or convey rights to artwork, music, videos, trading cards, in-game items, or digital representations of memes, characters, current events, or trends. A digital collectible does not convey rights to future income, profits, or assets of a business enterprise.

The SEC specifically names CryptoPunks, Chromie Squiggles, Fan Tokens, WIF (dogwifhat), and VCOIN as examples of digital collectibles.

The SEC & CFTC Release also treats meme coins as a subset of digital collectibles. Meme coins are acquired for artistic, entertainment, social, and cultural purposes, and their value is driven by supply and demand rather than any essential managerial efforts of others. The SEC & CFTC Release notes that meme coin holders may create uses for their coins, and that a meme coin may later become a digital commodity if it becomes functional within a crypto system. The SEC & CFTC Release also addresses creator royalties in the context of digital collectibles, noting that automated royalties set at the time of creation do not give holders any rights in or with respect to a business enterprise and do not convert a digital collectible into a security.

The Commission draws an analogy between digital collectibles and traditional art: buying a digital collectible with the hope that its subject matter, popularity, or scarcity will increase its price is comparable to buying a piece of art with the hope that market forces will create demand and increase its price. While the value of a digital collectible may be impacted directly or indirectly by the activities or reputation of the creator, the creator of a digital collectible typically does not make representations or promises to undertake essential managerial efforts from which a purchaser would reasonably expect to derive profits.

However, a fractionalized digital collectible, one that enables individuals to acquire a fractional ownership interest in a single NFT, could constitute the offer or sale of a security, because it may involve essential managerial efforts from which a purchaser would reasonably expect to derive profits.

This approach is rooted directly in the Howey test, where the Supreme Court held that the subdivision of a citrus grove into individual parcels, combined with centralized management of those parcels, meant that purchasers depended on the seller’s essential managerial efforts for profits, transforming a real estate sale into an investment contract. The same logic applies to fractionalization of NFTs.

Hypothetical: Profile-Picture NFT Collection

A creator launches a 10,000-piece generative art collection on Ethereum. Each NFT is unique, has no associated utility beyond display and commercialization rights, and is priced at mint. The creator collects royalties on secondary sales via smart contract. Under the SEC & CFTC Release, these are digital collectibles and not securities. The existence of creator royalties does not change this classification. However, if a third-party platform fractionalized one of these NFTs into 1,000 tradeable units and marketed them as an investment opportunity, the fractionalized units could be securities.

C. Digital Tools

A digital tool is a crypto asset that performs a practical function, such as a membership, ticket, credential, title instrument, or identity badge. Digital tools are often non-transferable. Their value derives from their practical functionality, not from any expectation of profit. The SEC & CFTC Release identifies Ethereum Name Service domain names and CoinDesk’s Microcosms NFT Consensus Ticket as examples. As the Commission notes, persons acquire digital tools for their functional utility rather than with any expectation of profit.

Hypothetical: DAO Membership Token

A decentralized autonomous organization issues a non-transferable token to each verified member. The token grants access to the DAO’s governance platform, proposal submission, and voting. It does not appreciate in value, cannot be resold, and does not generate yield. Under the SEC & CFTC Release, this is a digital tool and not a security. Note that while the SEC & CFTC Release states that digital tools “often are non-transferable or ‘soul-bound,’” non-transferability is not a required element of the classification – transferable digital tools could still qualify.

D. Stablecoins

The SEC & CFTC Release establishes a two-tier framework for stablecoins.

Tier 1: Payment stablecoins under the GENIUS Act.

The GENIUS Act, Pub. L. No. 119-27, 139 Stat. 419 (2025) (“GENIUS Act”) categorically excludes “payment stablecoins issued by a permitted payment stablecoin issuer” from the definition of “security.” Under the GENIUS Act, a payment stablecoin is a digital asset that (i) is used, or designed to be used, as a means of payment or settlement; (ii) the issuer is obligated to convert, redeem, or repurchase for a fixed amount of monetary value; and (iii) the issuer represents will maintain a stable value relative to that fixed monetary value. The issuer is prohibited from paying interest or yield to holders solely for holding the stablecoin. The exclusion of payment stablecoins from the definition of “security” takes effect on the earlier of 18 months after the GENIUS Act’s enactment or 120 days after the primary federal regulators issue final implementing regulations.

Tier 2: “Covered Stablecoins” under the Staff Stablecoin Statement.

Pending the GENIUS Act’s effective date, the SEC & CFTC Release serves as a bridge: the Commission adopts as its own the position set forth in the April 2025 Staff Stablecoin Statement, elevating it from a staff view to a Commission-level interpretation. Under this position, the offer and sale of “Covered Stablecoins,” dollar-backed stablecoins redeemable at par, with reserves held in low-risk, highly liquid assets, does not involve the offer and sale of securities. Once the GENIUS Act’s exclusion takes effect, Tier 1 will govern payment stablecoins directly by statute, and the Tier 2 interpretation will become largely academic for issuers that qualify as permitted payment stablecoin issuers.

Stablecoins that fall within neither tier remain subject to case-by-case analysis under the federal securities laws and may constitute securities depending on their specific facts and circumstances. Risk areas include yield-bearing stablecoins (where holders receive returns funded by the issuer’s deployment of reserves), algorithmic stablecoins that lack full reserve backing, and stablecoins issued by entities that do not qualify as permitted issuers under the GENIUS Act.

Hypothetical: Yield-Bearing Stablecoin

A company issues a dollar-pegged stablecoin that automatically distributes a 5% annual yield to holders, funded by the issuer’s deployment of reserve assets into U.S. Treasuries and money-market funds. Unlike a payment stablecoin under the GENIUS Act (which prohibits yield payments), this stablecoin generates returns for holders and creates a reasonable expectation of profit derived from the issuer’s management of the reserve portfolio. Under the SEC & CFTC Release, this stablecoin is not a “Covered Stablecoin” and could constitute a security – likely an investment contract or, given its debt-like characteristics, a note.

E. Digital Securities

A digital security (commonly known as a “tokenized” security) is a financial instrument enumerated in the definition of “security” that is formatted as or represented by a crypto asset. A security is a security regardless of whether it is issued onchain or offchain. All devices and instruments that have the economic characteristics of a security are securities regardless of format or label.

The SEC & CFTC Release distinguishes between (1) securities tokenized by or on behalf of the issuer, and (2) securities tokenized by third parties unaffiliated with the issuer, which may involve a separate security linked to the underlying instrument. In both cases, the rights of the holder of the tokenized version may be materially different from the rights of a holder of the underlying offchain security, including economic and voting rights, and these differences must be evaluated on a case-by-case basis.

Hypothetical: Tokenized Corporate Bond

A fintech company tokenizes $50 million of a publicly traded corporate bond on a permissioned blockchain. Each token represents a fractional interest in the bond and entitles the holder to a pro rata share of coupon payments and principal at maturity. These tokens are digital securities. Their issuance, transfer, and trading are subject to the full panoply of federal securities laws, including registration under the Securities Act of 1933 (“Securities Act”) (or an applicable exemption), Securities Exchange Act of 1934 (“Exchange Act”) reporting and trading requirements, and applicable intermediary registration. The fact that the tokens are recorded on a blockchain does not exempt them from these requirements.

II. How Non-Security Crypto Assets Become, and Cease to Be, Subject to an Investment Contract

This is perhaps the most consequential section of the SEC & CFTC Release for crypto-asset issuers. The Commission provides a framework for understanding when a non-security crypto asset, such as a digital commodity, digital collectible, or digital tool, becomes subject to an investment contract – and, critically, when it separates from that investment contract and is no longer subject to the federal securities laws.

A. How Investment Contracts Are Created

A non-security crypto asset becomes subject to an investment contract when an issuer offers it by inducing an investment of money in a common enterprise with representations or promises to undertake essential managerial efforts from which a purchaser would reasonably expect to derive profits.

The SEC & CFTC Release places issuer representations and promises at the center of the investment-contract analysis. The Commission states that a purchaser’s reasonable profit expectations depend on the issuer’s representations or promises to engage in essential managerial efforts. Absent such representations or promises being conveyed to purchasers, it would not be reasonable for a purchaser to expect profits from the contract, transaction, or scheme.

Who can create the expectation:

Only the issuer, including affiliates and agents. At the same time, representations by unaffiliated third parties, community members, ecosystem advocates, token holders, do not create an investment contract unless they are authorized by the issuer and conveyed to purchasers. This is a significant departure from the prior enforcement approach, where the SEC sometimes pointed to third-party statements as evidence of reasonable profit expectations.

For representations to form a purchaser’s reasonable expectations, they must be conveyed to the purchaser before or contemporaneously with the offer or sale. Post-sale representations by the issuer do not retroactively convert a prior sale into a securities transaction.

The SEC provides examples of circumstances in which a purchaser may reasonably expect profits based on representations conveyed through: (i) written or oral agreements; (ii) the issuer’s website or official social media accounts; (iii) direct private communications between the issuer and purchasers; (iv) regulatory filings; or (v) documents clearly attributable to the issuer, such as a whitepaper.

Representations containing a detailed business plan with milestones, timelines, personnel, funding sources, and an explanation of how token holders will profit “likely would reasonably create an expectation of profit.” In contrast, vague representations with no actionable business plan “likely would not create reasonable expectations of profit.”

The SEC & CFTC Release reaffirms that even where a non-security crypto asset is subject to an investment contract, the asset itself does not become a security. The investment contract is the security. This distinction matters because it means that the same crypto asset can trade as a non-security in some transactions and as part of a securities transaction in others.

An important consequence of this framework is that, while the investment contract remains in existence, secondary market transactions in the associated non-security crypto asset may also constitute securities transactions, because the purchaser may reasonably be acquiring the asset together with the representations or promises that gave rise to the investment contract. The SEC & CFTC Release does not expressly delineate the circumstances under which a secondary market transaction in a crypto asset subject to an existing investment contract is or is not a securities transaction, and this remains an area requiring fact-specific analysis.

As a practical matter, however, trading platforms, market makers, and institutional investors should treat this as a risk area and evaluate whether a given crypto asset is currently subject to an investment contract before facilitating transactions.

B. How Investment Contracts Cease to Exist: The Separation Framework

The SEC & CFTC Release provides two principal pathways through which a non-security crypto asset separates from an investment contract.

Pathway 1: Fulfillment of Representations or Promises

The issuer fulfills the essential managerial efforts it represented or promised it would undertake. Once fulfilled, purchasers no longer have any reasonable expectation of profits from those efforts, and the investment contract ceases to exist. Fulfillment could include, for example, achieving functionality for the crypto asset, reaching development milestones on a roadmap, or open-sourcing computer code.

Importantly, the Commission states that whether the issuer has “fulfilled” its promises is measured against how the issuer itself defined or described those efforts, not against a general market conception of what constitutes functionality or decentralization. For example, if the issuer represents or promises to achieve decentralization of an associated crypto system, whether the issuer has achieved decentralization would be based on how the issuer defined or otherwise described decentralization, not a general market conception of what constitutes decentralization.

However, separation under this pathway extinguishes the investment contract prospectively but does not retroactively cure any failure to comply with the Securities Act at the time of the initial offering.

Pathway 2: Failure to Satisfy Representations or Promises

A purchaser can no longer reasonably expect the issuer to fulfill its promises. This could occur because (i) a sufficiently long period of time has passed and the issuer has neither conducted the essential managerial efforts it represented or promised it would undertake nor indicated that it still intends to conduct such efforts; or (ii) the issuer publicly announces that it will no longer perform the essential managerial efforts it represented or promised it would undertake (for example, if the issuer abandons development of the crypto platform, this would indicate that it will no longer undertake such efforts). In either case, the investment contract ceases to exist.

However, the issuer remains potentially liable under the federal securities laws for its failure to perform, including under the anti-fraud provisions, even after the investment contract ceases to exist.

Hypothetical: ICO-to-Mainnet Transition

In 2024, a project raises $30 million through a Simple Agreement for Future Tokens (“SAFT”) offering to accredited investors under Regulation D. The SAFT promises delivery of ALPHA tokens upon launch of the AlphaChain mainnet, with specific milestones: testnet launch (Q1 2025), security audit (Q2 2025), and mainnet launch (Q4 2025). At the time of the SAFT, the ALPHA tokens are subject to an investment contract. The SAFT offering must comply with Securities Act registration or exemption requirements.

In Q4 2025, AlphaChain launches its mainnet. The network is fully functional, ALPHA is used for gas fees and staking, and the team publicly announces completion of all promised milestones. At this point, under the SEC & CFTC Release, ALPHA separates from the investment contract. Subsequent secondary-market sales of ALPHA are not securities transactions. The SAFT investors can freely trade their ALPHA tokens.

Now suppose instead that the team runs out of funding in Q3 2025 and publicly announces that it is abandoning AlphaChain development. ALPHA still separates from the investment contract under Pathway 2, but the team faces potential liability for material misstatements or omissions in connection with the SAFT offering and any conduct during the existence of the investment contract.

Hypothetical: Immediate Delivery

A project conducts an initial coin offering, delivering BETA tokens immediately to purchasers. The whitepaper contains a detailed roadmap promising a decentralized exchange, a mobile wallet, and an NFT marketplace. At the time of sale, BETA is subject to an investment contract. When the project completes all three deliverables and publicly discloses this, BETA separates from the investment contract. But if the project only delivers the exchange and abandons the wallet and marketplace, BETA still separates under Pathway 2, though the project may face anti-fraud liability for the unfulfilled promises.

III. Protocol Mining

The SEC & CFTC Release provides a Commission-level interpretation that protocol mining activities on public, permissionless proof-of-work (“PoW”) networks do not involve the offer and sale of a security.

A. Solo Mining

A miner’s solo mining is not undertaken with a reasonable expectation of profits derived from the essential managerial efforts of others. The miner contributes its own computational resources to secure the PoW network, validate transactions, and receive rewards distributed by the protocol. These activities are “administrative or ministerial” (a characterization also used in the prior staff statement on proof-of-work mining) – they are mechanical functions performed in accordance with the protocol’s rules. The rewards are compensation for services rendered to the network, rather than profits from anyone’s essential managerial efforts.

B. Mining Pools

When miners combine computational resources in a mining pool, each miner still performs the actual mining activity by contributing computational power. The pool operator’s role, such as coordinating resources, maintaining hardware and software, managing security, distributing rewards, is administrative or ministerial in nature. The Commission concludes that mining pools do not involve securities transactions, provided that miners receive a pro rata share of rewards based on their contribution of computational power. Any expectation of profits that the miners have is not derived from the efforts of a third party, such as a pool operator: “even when participating in a mining pool, individual miners still perform the actual mining activity by contributing their computational power to solve the cryptographic puzzles for validation of new blocks.”

However, the interpretation does not cover arrangements where (i) non-miners can purchase interests in the pool, or (ii) miners can pay to receive a greater-than-pro-rata share of rewards based on their contribution of computational power. These arrangements could involve securities and are outside the scope of the SEC & CFTC Release. Notably, while the SEC & CFTC Release does not expressly address cloud mining, its scope limitation, excluding arrangements where non-miners can purchase interests in a pool, would appear to leave cloud mining arrangements outside the interpretation’s safe harbor, as cloud mining users typically contribute capital rather than computational power.

Hypothetical: Bitcoin Mining Operation

A mining company operates a large-scale Bitcoin mining facility and joins a proportional mining pool. The company contributes computational power, the pool distributes BTC rewards proportionally, and the pool operator deducts a 2% fee. Under the SEC & CFTC Release, none of these activities, the mining, the pool operation, or the fee arrangement, are securities transactions.

Now, suppose instead that the mining company sells “mining shares” to passive investors who contribute capital but no computational resources. The investors receive a share of the mining rewards proportional to their capital contribution. This arrangement is outside the scope of the SEC & CFTC Release and likely constitutes an investment contract, because the investors are relying on the mining company’s managerial efforts for their returns.

IV. Protocol Staking

The SEC & CFTC Release addresses staking on public, permissionless proof-of-stake (“PoS”) networks and concludes that protocol staking activities do not involve the offer and sale of a security.

A. Self (Solo) Staking

A node operator’s self-staking is administrative or ministerial. The node operator stakes its own digital commodities, secures the PoS network, validates new blocks, and earns rewards distributed by the protocol. The expectation of rewards is not derived from any third party’s essential managerial efforts. Rewards are compensation for services provided to the network.

B. Self-Custodial Staking via Third Party

When an owner grants validation rights to a third-party node operator while retaining custody and control of its digital commodities and private keys, the node operator’s service is administrative or ministerial. The node operator does not guarantee or set the amount of rewards. This arrangement does not involve a securities transaction.

C. Custodial Staking

In a custodial arrangement, the owner deposits digital commodities with a custodian who facilitates staking on the owner’s behalf. The custodian does not decide whether, when, or how much to stake; it acts as an agent. Taking custody and selecting a node operator are administrative or ministerial activities that do not constitute essential managerial efforts. The custodian does not guarantee or set reward amounts.

However, if the custodian decides whether, when, or how much to stake, or if the custodian guarantees or otherwise sets reward amounts, the arrangement falls outside the scope of the SEC & CFTC Release and may involve securities.

D. Liquid Staking

Liquid staking, where depositors receive staking receipt tokens (“LSTs”) evidencing ownership of deposited digital commodities and accrued rewards, is covered by the SEC & CFTC Release. The liquid staking provider does not provide essential managerial efforts. Its role is administrative: holding deposited assets, selecting node operators, and issuing/redeeming LSTs. The Commission concludes that liquid staking does not involve securities transactions.

The SEC & CFTC Release classifies LSTs as “receipts” for the deposited digital commodities. Since the definition of “security” includes “receipt for” any security, an LST that is a receipt for a non-security crypto asset that is not subject to an investment contract is not itself a security. An LST does not generate rewards independently; rewards are generated by the underlying protocol staking activities, which the SEC & CFTC Release has already determined are not securities transactions.

The SEC & CFTC Release also addresses several ancillary services that staking providers may offer: slashing coverage (reimbursing or indemnifying against slashing losses), early unbonding (returning assets before the protocol’s unbonding period expires), alternate rewards payment schedules (paying rewards at a different cadence), and aggregation of digital commodities (combining assets to meet minimum staking thresholds). All of these are administrative or ministerial and do not convert the staking arrangement into a securities transaction.

Hypothetical: Exchange Staking Program

​​A crypto exchange offers ETH staking to its customers. Customers deposit ETH, the exchange stakes all deposited ETH using third-party validators, and customers receive protocol staking rewards minus a 15% commission. The exchange does not guarantee any minimum reward rate, does not exercise discretion over whether or how much of a customer’s ETH to stake, and clearly discloses the commission structure and slashing risk.

Under the SEC & CFTC Release, this arrangement falls within the “custodial staking” category and does not involve a securities transaction. The exchange’s role (taking custody, selecting validators, and distributing rewards) is administrative or ministerial. This represents a significant shift from the enforcement theory the SEC applied in its 2023 action against Kraken, where the staking program involved features that the SEC characterized as an unregistered securities offering, including advertised yield rates, pooling of customer assets, and the exercise of discretion over how staked assets were deployed.

Now suppose the exchange instead markets a “Staking Yield Program” that promises “up to 12% APY” on ETH deposits, exercises discretion over which assets to stake and which validators to use, and guarantees a minimum 5% return regardless of actual protocol rewards. Any one of these features (discretionary allocation, advertised yield targets, or guaranteed minimum returns) could be sufficient to place the arrangement outside the scope of the SEC & CFTC Release. Taken together, the program would likely be analyzed as an investment contract: the exchange is performing essential managerial efforts (discretionary deployment of customer assets) from which customers reasonably expect to derive profits (the guaranteed return), consistent with the enforcement theory applied in the Kraken action.

E. Restaking

The SEC & CFTC Release expressly declines to address restaking – the process by which digital commodities already staked on their native network are used to provide economic security to additional crypto systems. Neither the SEC nor the CFTC has taken a position on restaking at this time.

This deliberate deferral is significant given the rapid growth of restaking protocols and the complexity of the multi-layered economic arrangements they create. Because restaking falls outside the scope of the SEC & CFTC Release, market participants engaged in restaking activities cannot rely on the interpretation’s conclusions regarding staking and should evaluate the securities law and Commodity Exchange Act implications of those arrangements independently.

V. Wrapping

The SEC & CFTC Release addresses the wrapping of crypto assets, the process through which a person deposits a crypto asset with a custodian or cross-chain bridge and receives an equivalent amount of “Redeemable Wrapped Tokens” on a one-for-one basis without directly or indirectly offering any return, yield, profit opportunity, or additional good or service. Common examples include Wrapped Bitcoin and Wrapped Ether.

A. How Wrapping Works

The depositor sends a crypto asset to a wrapped token provider, either a custodian or a cross-chain bridge smart contract. The provider holds the deposited asset in a manner intended to ensure that for every redeemable wrapped token in circulation, there is an equivalent amount of the deposited crypto asset being held. The deposited asset is locked up and cannot be transferred, lent, pledged, rehypothecated, or otherwise used. The holder of a redeemable wrapped token can redeem it for the deposited crypto asset on a fixed one-for-one basis, at which point the wrapped token is burned.

B. Redeemable Wrapped Tokens Are Not Securities

The SEC & CFTC Release concludes that redeemable wrapped tokens that are receipts for non-security crypto assets not subject to an investment contract are not securities.

The reasoning follows two tracks.

First, a redeemable wrapped token does not constitute any of the financial instruments enumerated in the definition of “security.” It is not a stock, bond, note, or any derivative instrument. It is a “receipt;” and since a receipt for a non-security is not a receipt for a security, it falls outside the statutory definition.

Second, a redeemable wrapped token is not offered and sold subject to an investment contract. Holders are not making an investment in an enterprise and their funds are not pooled or deployed by promoters. The value of the wrapped token derives from the value of the deposited crypto asset, not from anyone’s essential managerial efforts. The wrapping process itself is administrative or ministerial.

Hypothetical: Cross-Chain Bridge

A DeFi protocol operates a cross-chain bridge that allows users to wrap SOL (a digital commodity) into wSOL for use on an Ethereum-based DeFi application. The bridge locks SOL in a smart contract and mints an equivalent amount of wSOL on Ethereum. Users can redeem wSOL for SOL at any time on a one-for-one basis. Under the SEC & CFTC Release, wSOL is a receipt for a non-security crypto asset and is not a security. The bridge’s operation is administrative/ministerial and does not involve a securities transaction.

In contrast, if a wrapped token provider offered “wrapped” tokens that were backed not one-for-one but instead deployed the deposited assets to generate yield for the provider (with the wrapped tokens redeemable at a premium), the arrangement would fall outside the scope of the SEC & CFTC Release and could involve a securities transaction.

VI. Airdrops

The SEC & CFTC Release addresses the investment-contract status of certain crypto-asset disseminations known as “airdrops” and concludes that, under specific conditions, airdrops of non-security crypto assets do not constitute securities transactions.

A. Background

An airdrop is a means for crypto asset issuers to disseminate their crypto assets in exchange for no or nominal consideration. Issuers use airdrops for a variety of purposes: generating interest, rewarding early users, promoting software applications, building communities, decentralizing governance, or awarding players of an associated video game.

Before this SEC & CFTC Release, there was no formal Commission guidance on airdrops. The Staff Framework was broad enough to potentially capture airdrops under the investment-contract analysis, particularly where recipients performed services (retweeting, writing articles, referring friends) in exchange for airdropped tokens. Projects routinely geo-blocked U.S. users from airdrops out of caution.

B. The Interpretation: No Investment of Money = No Investment Contract

The Commission concludes that where recipients do not provide money, goods, services, or other consideration to the issuer in exchange for the airdropped non-security crypto asset, the first element of the Howey test, an investment of money, is not met. Since the Howey test is conjunctive, meaning that all elements must be satisfied, the absence of the first element means there is no investment contract. Accordingly, these airdrops do not need to be registered under the Securities Act.

C. When Airdrops Are (and Are Not) Covered

The SEC & CFTC Release analyzes airdrops through the first element of the Howey test: whether there is an “investment of money.” Federal courts have interpreted “money” broadly: it is not limited to cash but includes goods, services, and other exchanges of value. If the first element is not satisfied, the Howey test fails and the airdrop is not a securities transaction, regardless of whether the remaining elements are met.

The analytical fulcrum is the announcement – the point at which the issuer communicates to the public that an airdrop will occur. The timing of any consideration relative to the announcement determines whether the airdrop falls within the interpretation.

The interpretation covers three scenarios:

(1) No consideration at any point. The recipient provided nothing to the issuer in exchange for the tokens. The first element of the Howey test is not satisfied. Examples include:

— Surprise airdrops to holders of another crypto asset, with no prior announcement;

— Retroactive airdrops to testnet users, where the airdrop was not announced during the testnet phase as an incentive for participation;

— Airdrops to application users based on prior activity, with no prior announcement of the airdrop.

(2) Consideration preceded the announcement. The recipient previously provided money, goods, services, or other consideration to the issuer, but that consideration was provided before the announcement and was not provided in exchange for the airdropped tokens.

Consideration that preceded the announcement could not have been motivated by the expectation of receiving the airdropped tokens, and therefore does not satisfy the “investment of money” element. A common example is a retroactive airdrop to users who paid fees to use a protocol before any airdrop was announced: the fees were consideration for the protocol’s services, not for the future tokens.

(3) Consideration followed the announcement – NOT covered. Where the recipient provides consideration after the issuer announces the airdrop, the consideration may have been provided in exchange for the airdropped tokens. The “investment of money” element is potentially satisfied, and the airdrop falls outside the interpretation and remains subject to full Howey test analysis.

Consideration in this context is not limited to cash payments. Examples of activities that constitute consideration when performed as a condition for receiving an announced airdrop include (i) following the issuer on social media; (ii) retweeting or reposting the issuer’s content; (iii) writing articles about the project; (iv) referring other users to the project; (v) fixing bugs in the project’s software.

The SEC & CFTC Release does not distinguish among these activities based on their economic significance. Whether the required action is minimal (a social media follow) or substantial (debugging code), the analysis is the same: if the airdrop is conditioned on the recipient’s performance of the action after the announcement, the action constitutes consideration and the airdrop is not covered.

The testnet context illustrates this principle. If an issuer announces an airdrop during a testnet phase and limits eligibility to persons who use the testnet, the announcement creates a causal link between the user’s testnet participation and the expected receipt of tokens. Participation that might otherwise have been voluntary and uncompensated becomes consideration provided in exchange for the airdrop. The airdrop is therefore not covered by the interpretation, regardless of whether the testnet activity would independently qualify as a “service.”

An open question remains as to what precisely constitutes an “announcement.” The SEC & CFTC Release does not define the term with specificity. It is unclear whether informal hints, leaked internal plans, or community speculation about a forthcoming airdrop would qualify. Projects should treat any public-facing communication that creates a reasonable expectation of a future airdrop as a potential announcement for purposes of this analysis.

Hypothetical: Governance Token Airdrop

A DeFi protocol launches a governance token, GOV, and airdrops it to every wallet that interacted with the protocol’s smart contracts in the preceding 12 months. The airdrop was not announced in advance. Users did not know they would receive GOV when they used the protocol. Eligibility is based solely on historical on-chain activity. Under the SEC & CFTC Release, this airdrop is not a securities transaction because there was no “investment of money” – recipients did not provide consideration in exchange for GOV.

Now suppose instead that the protocol announced on January 1: “All users who interact with our smart contracts between January 1 and March 31 will receive a GOV airdrop proportional to their activity.” Users who use the protocol after January 1 are doing so (at least in part) in exchange for the promised airdrop. Their activity constitutes consideration. This airdrop falls outside the SEC & CFTC Release’s safe harbor and remains subject to Howey test analysis.

Hypothetical: Quest-Based Airdrop

A new Layer-2 network runs a “quest” campaign: users who complete specific tasks (bridging assets, making swaps, minting NFTs, and following the project on X/Twitter) receive points that convert to token allocations at TGE. Each task is an explicit condition for receiving the airdrop. Under the SEC & CFTC Release, this is not covered by the safe harbor. The tasks constitute consideration provided in exchange for the airdropped tokens. The project would need to analyze the airdrop under the full Howey test and, if it qualifies as a securities offering, register it under the Securities Act or conduct it under an available exemption.

Secondary market implications:

The SEC & CFTC Release notes that even where an airdrop itself is not a securities transaction, the airdropped tokens may become subject to an investment contract in a subsequent transaction. For example, if an investment contract is associated with the token through a separate offering (such as a SAFT), airdrop recipients who sell their tokens on the secondary market may be participating in a securities transaction. The SEC & CFTC Release directs that any such secondary transaction must be registered under the Securities Act or conducted pursuant to an available exemption.

VII. Practical Implications

A. For Token Issuers

The SEC & CFTC Release provides a clear roadmap for projects seeking to issue tokens that are not securities. The key design principles are:

First, build functionality before or concurrent with the token sale. A token associated with a functional crypto system is a digital commodity and is not itself a security. If the system is not yet functional at the time of sale, the sale likely involves an investment contract, but the investment contract can terminate once functionality is achieved and the issuer’s promises are fulfilled. However, even after separation, the issuer’s obligations under the initial offering remain: if the issuer failed to register the offering of the investment contract or conduct it pursuant to an available exemption, the issuer will violate the Securities Act and investors will have certain rights against the issuer under the federal securities laws for this failure, even if the non-security crypto asset subsequently separates from the associated investment contract.

Second, be precise about what you promise. The Commission evaluates whether an investment contract exists based on the issuer’s specific representations and promises. Vague language with no actionable business plan likely does not create reasonable expectations of profit. Detailed roadmaps with milestones, timelines, and funding plans likely do, but they also provide a clear path to separation once those milestones are met.

Third, publicly disclose completion. The SEC & CFTC Release emphasizes that separation occurs when a purchaser would not reasonably expect the issuer’s representations to remain connected to the token. Public disclosure of milestone completion is the clearest way to trigger separation.

B. For DeFi Protocols

The SEC & CFTC Release’s treatment of staking, liquid staking, and wrapping provides substantial clarity for DeFi infrastructure. Liquid staking protocols now have a Commission-level interpretation confirming that their core operations, such as holding deposited assets, selecting node operators, and issuing and redeeming liquid staking tokens, are not securities transactions, provided the protocol does not exercise discretion over staking decisions or guarantee returns. Whether any particular protocol satisfies these conditions requires a fact-specific analysis of its governance structure, fee mechanics, and operational design.

Cross-chain bridges that wrap non-security crypto assets on a one-for-one basis similarly fall within the interpretation’s scope, subject to the same requirement that the deposited assets are not deployed, lent, or otherwise used by the provider.

Yield aggregation and discretionary allocation remain risk areas. The SEC & CFTC Release does not address DeFi yield products or lending protocols directly, and its treatment of staking expressly excludes arrangements involving discretion over staking decisions or guaranteed returns, precisely the features that characterize most yield-aggregation products.

C. For Airdrop Design

Projects designing airdrops for U.S. recipients now have clear guidance: surprise airdrops based on historical activity are safe. Quest-based airdrops, bounty programs, and “earn-by-engagement” campaigns are not covered and remain subject to Howey test analysis. The critical factor is the announcement: once the issuer publicly announces a future airdrop and ties eligibility to specific user actions, those actions become consideration. The practical takeaway is that no announcement of token allocations should precede the activity the issuer wishes to incentivize.

VIII. Conclusion

The SEC & CFTC Release represents the most significant regulatory development in U.S. crypto law since the enactment of the GENIUS Act. For the first time, the SEC has issued a Commission-level taxonomy of crypto assets, a framework for the creation and termination of investment contracts, and clear statements that mining, staking, liquid staking, wrapping, and certain airdrops are not securities transactions.

That said, the SEC & CFTC Release is an interpretive rule under the Administrative Procedure Act – a statement of general applicability and future effect that takes immediate effect but does not carry the force and effect of law that would attach to a rule adopted through notice-and-comment rulemaking. The Howey test remains binding legal precedent, and the SEC & CFTC Release merely conveys the agencies’ views on how certain aspects of the test apply to crypto assets. Courts are not bound by this interpretation, particularly in light of the Supreme Court’s recent decision in Loper Bright Enterprises v. Raimondo, 603 U.S. 369 (2024), which overruled the Chevron deference doctrine and confirmed that courts must exercise independent judgment when assessing whether a federal agency has acted within its statutory authority, rather than deferring to the agency’s own interpretation of ambiguous statutory language.

The SEC & CFTC Release is binding on the SEC staff and will inform enforcement decisions going forward. However, as an interpretive guidance document rather than a final rule, it remains subject to future rulemaking, including notice-and-comment rulemaking that would carry the force of law, and to potential revision under future administrations. The Commission has opened the SEC & CFTC Release for public comment and may refine or expand the interpretation based on feedback.

Notwithstanding these limitations, the SEC & CFTC Release marks a substantial step forward for market participants. For founders, the SEC & CFTC Release provides a clearer path to compliance than has existed at any point in the prior decade. For investors, it provides a framework for understanding which assets are, and are not, subject to the protections of the federal securities laws. For intermediaries, it provides long-awaited clarity on the regulatory status of their core operations.

Finally, Congress is currently considering market structure legislation that may adopt a materially different application of securities law to crypto asset transactions and significantly expand the CFTC’s jurisdiction over digital commodity spot markets, including a comprehensive registration framework for digital commodity exchanges, brokers, and dealers. If enacted, such legislation could supersede or require reconciliation with the SEC & CFTC Release’s framework. Market participants should monitor these legislative developments and consult with counsel regarding their potential impact.

* * *

If you are building or investing in a crypto-asset project and need help with regulatory analysis, token classification, or structuring, our Fintech & Crypto team is available to discuss your specific situation. Reach us at crypto@buzko.legal.