An official website of the United States government
Here’s how you know
Official websites use .gov
A .gov website belongs to an official government organization in the United States.
Secure .gov websites use HTTPS
A lock
()
or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.
Please find written input submissions to the Crypto Task Force below. The written input is posted without modification. We hope sharing the submissions will help encourage productive dialogue and continued engagement. Please note that the “Key Points” and “Topics” are AI generated. AI can make mistakes, and the Key Points and Topics are not a replacement for you reading the submissions. The Crypto Task Force has not reviewed these AI-generated summaries for accuracy or completeness. If you believe a Key Point or Topic is inaccurate, please email the Crypto Task Force at crypto@sec.gov. The written input provided to the SEC and posted on this page does not necessarily reflect the views of the Crypto Task Force or others in the U.S. Securities and Exchange Commission.
All pilot participants—including broker-dealers, custodians, and technology providers—must undergo structured conformance testing and certification to validate adherence to operational playbooks and reference implementation profiles. Certification is a prerequisite for participation and includes baseline and enhanced tiers with annual recertification requirements.
The pilot establishes a multi-tiered governance framework, including a Pilot Steering Committee and Change Control Board, with defined authority over standards evolution, incident coordination, and regulatory engagement. Supervisory access is governed by tiered models (Tier 0–2) to ensure due process, privacy, and non-surveillance principles.
The Operationalization Track is strictly limited to U.S. domestic institutional markets and does not create new legal obligations beyond those required for pilot participation. It complements existing federal securities laws and SRO rules, focusing on operational specificity for tokenized securities without replacing existing infrastructure or extending to retail or cross-border markets.
Zack Tickman, Claude & Friends: Risk Analytics Research Group
Custody, RFI Responses, Safe Harbor, Security Status
Zcash and Aleo rely on zkSNARKs requiring a “trusted setup,” which introduces a permanent trust assumption. If the setup’s entropy (“toxic waste”) is not securely destroyed, it could allow undetectable token counterfeiting, undermining supply integrity.
Zcash’s opt-in privacy model results in most transactions being transparent, enabling deanonymization through statistical analysis. This undermines its claim to privacy-preserving status and exposes users to surveillance risks.
Aleo’s programmable privacy increases protocol complexity, which has led to real-world data leaks (e.g., unencrypted KYC data). This complexity heightens the likelihood of implementation flaws, expanding the attack surface and compromising user privacy.
Securities Industry and Financial Markets Association (SIFMA)
Tokenized securities traded via DeFi or CeDeFi platforms must comply with U.S. securities laws, including the Exchange Act, regardless of claims of decentralization or minimal intermediary involvement.
A clear and nuanced taxonomy is essential to distinguish between natively issued digital securities, wrapped tokens, SBS, and non-security instruments, ensuring proper application of securities laws and investor protections.
Fragmentation between tokenized and traditional securities markets poses risks to market integrity, and regulators must ensure fungibility, consistent trade reporting, and integration with existing infrastructures like Reg NMS, CAT, and SIPC.
The framework enforces strict adherence to the Illinois Biometric Information Privacy Act (BIPA) and California Consumer Privacy Act (CCPA/CPRA) by implementing local-only biometric processing, purpose limitation, and secure destruction protocols for biometric data.
It aligns institutional authentication procedures with the Uniform Commercial Code Article 4A by incorporating phishing-resistant authentication, dual control, and hardware-backed cryptographic protocols, establishing a benchmark for commercially reasonable security procedures.
The framework embeds appealable, time-bounded attestations and dispute resolution pathways, ensuring representatives can challenge erroneous integrity flags and maintain employment rights, consistent with regulatory expectations for procedural fairness.
The "Chains of Trust" model enables cryptographic self-certification of digital identities and data, which can enhance customer due diligence and reduce synthetic identity fraud in digital asset markets.
Institutions can use VDCs to attest to a customer’s compliance status without transmitting sensitive personal data repeatedly, supporting privacy and interoperability across financial institutions.
Linking legal entity identifiers to VDCs provides cryptographic proofs of beneficial ownership, while immutable provenance records offer regulators and law enforcement reliable audit trails for supervisory and enforcement purposes.
The SEC has jurisdiction over leveraged crypto ETFs and related securities products, and has previously blocked filings for extreme 5x leveraged ETFs to protect investors.
Leveraged crypto instruments offered to U.S. persons via unregistered platforms may fall under SEC oversight, especially when tied to assets potentially classified as securities.
Joint SEC-CFTC efforts in 2025 have initiated regulation of onshore perpetual contracts with leverage limits, but offshore platforms remain largely unregulated, posing risks to U.S. retail investors.
DeFi Education Fund, Andreessen Horowitz, The Digital Chamber, Orca Creative, J.W. Verret, and Uniswap Foundation
The letter argues that Citadel’s attempt to classify all entities and technologies involved in DeFi transactions as SEC-registered intermediaries is legally flawed, as autonomous software and developers without custody or control over user assets do not meet the statutory definitions of “broker” or “dealer.”
The signatories assert that expanding the definitions of “exchange” and “broker-dealer” to include DeFi protocols exceeds the SEC’s statutory authority and risks misclassifying non-intermediary software infrastructure, undermining innovation and regulatory clarity.
The letter supports notice-and-comment rulemaking for tokenized equities but urges the SEC to adopt frameworks—such as safe harbors—that distinguish between centralized and decentralized systems, ensuring that only entities posing traditional risks are subject to registration.
The framework proposes that Solana-based ETP issuers provide periodic public disclosures detailing validator allocations, concentration policies, and incidents, enabling the SEC to monitor systemic risks without prescribing protocol-level changes.
The SEC is urged to formally acknowledge that stake concentration in Solana ETPs poses material investor protection risks, including transaction censorship, governance capture, and network halts, thereby falling squarely within its jurisdiction.
Validators receiving ETP stake must disclose governance voting intentions and maintain independence from issuers and custodians to prevent proxy-advisory style influence and ensure fair market access.
GUARDD urges the SEC to use its exemptive authority under Section 36 of the Exchange Act to formally recognize "Qualified Disclosure Publishers" (QDPs), enabling compliant secondary trading of exempt and tokenized securities without requiring full Exchange Act reporting.
The proposal includes a request for federal preemption of inconsistent state Manual Exemption provisions, aiming to streamline secondary trading across jurisdictions while preserving states’ anti-fraud enforcement powers.
GUARDD recommends that QDPs be required to publish token-specific data (e.g., contract address, blockchain network, transfer restrictions, audit status) alongside Rule 15c2-11(b) disclosures to support on-chain secondary trading on regulated venues.
All smart contract code and automated system outputs are explicitly subordinate to written legal documentation. In any conflict, ambiguity, or inconsistency, the written terms of the agreement govern, ensuring that legal rights and obligations are not overridden by code execution.
The pilot does not seek exemptions from existing securities laws. All securities issued remain subject to Securities Act registration or exemption requirements, and all intermediaries (broker-dealers, custodians, transfer agents) retain their regulatory obligations under SEC, FINRA, and state law. The system is modular and can operate under SEC jurisdiction independently of other agencies.
The framework provides for a multi-body emergency override mechanism, allowing correction of errors or reversal of transactions only under strict conditions (e.g., arbitration award non-compliance, fraud, system malfunction, or imminent harm). All such actions require supermajority approval from three governance bodies and are subject to post-event independent review and public disclosure.
