A Safe Harbour law to shield token issuers from US securities law?

If you plan to issue crypto-tokens to people in the US, you better make sure the token issue is not covered by US securities law. If it is,  you’ll need to comply with extensive disclosure obligations. But you might not be quite sure if your token issue is a securities offering under the existing legal framework.

SEC officials have repeatedly warned token issuers that they cannot escape their duties under securities law simply by calling something a ‘token’. The Howey test looms large over crypto issues in the US.

Yet the SEC’s approach has been criticized as ‘regulation by enforcement’. Although SEC staff has published some guidance on when a token issue may be a securities offering, it remains a legal grey area, to the frustration of many in the crypto-asset sector.

For DeFi (decentralized finance), the boundaries between securities and non-security tokens is even more fluid. A DeFi project may start off as a relatively centralised project, slowly decentralizing over time. If it is truly decentralized, it likely won’t meet the Howey test. But what about the early days, when a project needs a level of centralization to get off the ground and get going? Can early developers face SEC enforcement actions even

SEC Commissioner Peirce proposed a Safe Harbour, publishing a second, finetuned version of the proposal earlier this year. Her proposal would shield token issuers from securities law for the early stages, for a maximum of three years. After the 3-year period, issuers would need to show either that the project is truly decentralized at that point or is fully functional. If not, they would still need to register the tokens as securities.

The Safe Harbour proposal was warmly received among crypto-enthusiasts, but had not received any legislative follow-up. Until now.

Rep. Patrick McHenry proposed the Clarity for Digital Tokens Act that echoes much of Commissioner Peirce’s Safe Harbour proposal.

The Bill wants to shield token issuers form securities law if their token issue meets certain conditions. Instead of the heavy-weight disclosure obligations under securities law, the Bill proposes light-touch disclosure obligations for exempt token issues.

Like Commissioner Peirce’s proposal, the Bill exempts certain token offerings from securities law for a period of maximum three years.

To qualify for the exemption, 3 conditions need to be met:

  • The initial development team must intend for the network to reach maturity within 3 years,
  • The token is sold “for the purpose of facilitating access to, participation on, or the development of the network.”
  • The initial development team discloses certain information on a website.

The initial development will also need to inform the SEC that it is relying on the safe harbour provision and submit an ‘exit report’ after the 3-year grace period.

Disclosure obligations

The disclosure obligations for token issuers relying on the safe harbour would be much lighter than those imposed on securities offerings.

Information that needs to be published on a public website include:

  • Source code,
  • A description of how people can check the transaction history (that shouldn’t be too hard, at least at a basic level, for any on-chain history),
  • Token economics (including governance arrangements; and how many tokens will be issued in total; the Bill does not say what happens if there is no fixed limit on the amount of tokens to be issued, as is the case for Ether, for example. Presumably this is fine as long as it is disclosed, but it would be helpful to have that clarified in the text),
  • Development plan,
  • Any token sales prior to the new law,
  • Information on the initial development team, the token each member of the team holds and transferability restrictions, as well as any special rights to buy tokens at a future date,
  • Secondary trading platforms on which the tokens will be issued, “to the extent known”,
  • Related party transactions, and
  • A general warning to users about the risks of investing in crypto-assets.

Most of these elements would form part of whitepapers in any case, although not all (for example, not all members of the initial team would provide their actual name, qualifications and experience in a whitepaper). It makes sense to impose at least minimal disclosure obligations, such as a description of token economics and governance structures, or information on the tokens held by initial team members and whether they have the right to buy tokens at a future date on better terms than the general public.

The development team would need to give half-yearly updates on the development plan to continue to remain exempt of US securities law.

After a token issue, the team would also need to publish information on the token sale, such as number of tokens sold and price or consideration received. Much, if not all of that information should be available on-chain in any case, but the Bill wants the team to give that information in prose, including descriptions of any limitations on transferability, for example.

Moreover, ‘insiders’ (initial development team members) also have to disclose when they sell 5% or more of their tokens.

All of this information would need to be disclosed on a public website.

In addition, the team would need to file some information with the SEC separately. The team would need to inform the SEC that they wish to rely on the exemption. In that reliance notice, they need to give the SEC the names of the team members, an attestation that the team members complied with the requirements for the exemption, the website url and an email address. The Bill does not ask for any other contact details – obviously no headquarters address has to be provided, nor phone numbers or anything else.

After the 3-year grace period, the team has to file an exit report. There are 3 possible scenarios:

  1. genuine decentralization has been achieved à no securities filings are required. The team needs to show that “network maturity has been reached for a decentralized network”. In that case, the team needs to provide a legal analysis to support that conclusion, including an analysis on the level of decentralization “across a number of dimensions, including voting power, development efforts, and network participation. The analysis also needs to outline how the team’s “pre-network maturity activities are distinguishable from the team’s ongoing involvement with the network”. For example, the team has to show that its efforts cannot reasonably be expected “uniquely” to drive token value increase. The team also has to confirm it has no material insider information going forward.
  2. The network has become functionalà no securities filings are required. As in the previous scenario, the team will have to provide a legal analysis to back up this conclusion, showing the utility of the token on the network, among other things.
  3. No network maturity has been achieved (no genuine decentralization and no functional network) à the SEC has to be notified and the team has to give information such as next steps, and a confirmation that the tokens will be registered as securities within 120 days.

Network maturity of a genuinely decentralized network requires that the network is not “economically or operationally” controlled by any person, entity or group of persons. If the initial development team controls 20% of the tokens, the network will not be deemed decentralized. That seems reasonable – but what about someone who’s not part of the initial team obtaining 20% of the tokens before the end of the 3-year safe harbour?

Likewise, if anyone controls 20% of “the means of determining network consensus”, the network will not be considered truly decentralized. That’s a bit of confusing formulation. If a DeFi protocol is built on Ethereum, for example, the Bill seems to require that the protocol’s initial development team cannot control 20% of the Ethereum mining power.  

Other parties involved: exchanges, dealers, brokers

The Bill also wants to provide legal certainty to  parties other than the token issuers, who may be involved in one way or another with the token sale and trading. It has exemptions and transitional grace periods for crypto exchanges, for example, as well as for dealers, brokers, clearing agencies or transfer agents.


If adopted, the Bill would clarify when token issues are exempt from US securities law. That would be helpful to the sector and anyone involved (such as advisors, accountants or regulators). The Bill does not answer all questions – such as, importantly, what criteria would the SEC accept to determine whether a network is sufficiently decentralised? The Bill leaves much of the legal analysis to the initial development team (for example, by requiring the team to describe any quantitative decentralization metrics used to conclude that the network has achieved maturity after the 3 year safe harbour period).

It will be interesting to watch how the pro-crypto Bill will be received by a crypto-sceptic Biden administration. It looks unlikely to be adopted any time soon, although it is a welcome counterweight in the current US regulatory landscape.

Contact us

Subscribe to our news Letter

Subscribe to our news Letter

Subscribe to our newsletter

Thank you!