Decentralized Finance (DeFi) and Decentralized Autonomous Organizations (DAO) represent the most innovative frontier of the crypto sector. In Europe and in Italy, however, due to disinterest or inability of legislators and regulators, a legal limbo has been created that harms both innovators and users.
It is time to address the issue of balanced regulation that protects without bureaucratizing.
The ecosystem of DeFi and DAO has reached a technological maturity and an economic relevance that can no longer be ignored by European regulators: we are talking about over 100 billion dollars of total value locked (TVL) in DeFi protocols and hundreds of DAOs managing multimillion-dollar treasuries.
With such dimensions, these phenomena now represent a structural component of the global digital economy.
Nonetheless, while technological innovation accelerates, the European and Italian regulatory framework lags behind, and has left a regulatory void that exposes users and operators to significant risks.
The recent European Regulation MiCAR, despite all its limitations, undoubtedly has the merit of having decisively pushed forward the regulation of crypto-assets. However, it has deliberately excluded from its scope precisely the most innovative and dynamic sectors of the blockchain landscape.
DeFi: the great excluded from MiCAR
The MiCAR (Reg. (EU) 2023/1114) explicitly excluded DeFi from its scope: Article 142 of the regulation merely tasked the European Commission with a specific assessment of decentralized finance by December 30, 2024.
With this, he implicitly admitted the inadequacy of the current framework.
This exclusion is not accidental, but reflects the enormous conceptual difficulties that traditional regulators encounter when dealing with truly decentralized architectures. How to legally qualify a protocol like Uniswap, which operates through automated smart contracts without a traditional corporate structure? How to identify the entity to be held responsible when an Aave algorithm automatically executes thousands of loans daily?
DeFi, in fact, replicates traditional banking services (loans, deposits, trading) but delivers them through decentralized protocols that operate on public blockchain, eliminating centralized intermediaries and replacing them with self-executing smart contracts.
For example, Compound allows lending and borrowing of cryptocurrencies without banks; Curve Finance facilitates the exchange of stablecoins without brokers; MakerDAO generates the stablecoin DAI through a completely decentralized governance system.
These protocols handle volumes that exceed those of many traditional banks, but they operate in a regulatory void that makes them, paradoxically, both omnipresent and legally non-existent.
DAO: organizations of the future with problems of the present
Decentralized Autonomous Organizations perhaps represent the most radical innovation introduced by blockchain technology in the field of organizational governance: a DAO is an entity governed by smart contracts and governance tokens, where decisions are made collectively by the members through on-chain voting mechanisms, without traditional hierarchical structures.
For example, MakerDAO manages a DeFi protocol with over 8 billion dollars of value locked through a completely decentralized governance system. MKR token holders vote on crucial parameters such as interest rates, accepted collateral types, and risk policies. And all of this, without a legal representative, a board of directors, or other typical corporate bodies, in the traditional sense.
This organizational model presents a series of evident advantages: total transparency of decisions, global participation without geographical barriers, resistance to censorship, and economic alignment among members.
However, it also poses unprecedented and very significant legal issues, which the Italian and European legal system struggles to address.
The risk of the de facto company: when innovation becomes unlimited liability
If we consider the national regulatory system, in Italy, the absence of legal recognition of DAOs in the Civil Code creates a paradoxical situation. Traditional corporate forms – S.p.A., S.r.l., partnerships – are all incompatible and inadequate for decentralized structures that, by definition, do not have identifiable administrators, a defined legal headquarters, or transferable nominative shares.
However, this implies that, by applying the general principles of law, a DAO (which is nonetheless the infrastructure through which economic activities are carried out in a regular and systematic manner) could be qualified as a de facto company.
And this with potentially devastating consequences for the participants: according to article 2267 of the Civil Code and the established legitimacy jurisprudence, a de facto company is considered to exist when a productive activity is carried out in an associated form, even without a formal constitutive act.
The constitutive elements – plurality of subjects, contributions, economic purpose, common management, and participation in profits – are easily identifiable in many contemporary DAOs. Governance token holders collectively participate in decisions on allocations of multimillion-dollar treasuries, receive rewards proportional to their holdings, and contribute to the management of the protocol.
Now, the qualification as a de facto company would entail a form of unlimited asset liability for all active members in governance (who would consequently be qualified as de facto partners and administrators). Therefore, they would end up being personally and jointly liable for the organization’s obligations, unlimitedly with all their assets. In a sector where hacks and smart contract vulnerabilities can cause losses of tens of millions of euros, this prospect represents a serious deterrent for any conscious participation.
The American example: when regulation enables innovation
While Europe hesitates, other jurisdictions are developing more pragmatic approaches. The state of Wyoming in July 2021 approved a specific law on DAOs, creating a dedicated corporate vehicle: the figure of the DAO LLC (Decentralized Autonomous Organization Limited Liability Company).
This corporate model allows for the incorporation of a DAO within a limited liability structure, recognizing the specificity of decentralized organizations without forcing them into inadequate legal categories. The DAO LLC can be managed by the members or by algorithms, provided that the smart contracts are operational at the time of establishment.
The system could also work in Europe: an old treaty from 1954 between the USA and Germany allows for the automatic recognition of American DAO LLCs in Germany, and from there, due to the principle of freedom of establishment in Article 49 TFEU, throughout the entire European Union.
This approach would solve the fundamental problem of limited liability without stifling the innovative characteristics of DAOs. The simple token holders maintain asset protection, while those with active roles in management assume defined and proportionate responsibilities.
This does not change the fact that it would not be bad at all if even in the old continent a corporate vehicle dedicated to these realities were conceived, respecting their peculiarities.
The practical challenges: identification, territoriality, and algorithmic governance
The problem of responsibility, when talking about DeFi and DAO, is not the only one: there are other systemic challenges to traditional law. The first is the lack of uniquely identifiable subjects, which makes it difficult to attribute legal effects. In many protocols, participants are identifiable only through the public key of their wallets, creating insurmountable problems for the application of rules on identification, anti-money laundering, and consumer protection.
Then there is the territorial issue to further complicate the picture: a sufficiently distributed blockchain cannot be easily traced back to a specific jurisdiction. When the nodes of a DeFi protocol are distributed across different continents and the participants come from dozens of countries, which court has jurisdiction in case of disputes?
The “contract is in the code” (code is law) represents another conceptual revolution. In DeFi protocols, there is often no traditional contractual regulation: the rules are embedded in smart contracts, which can only be modified through decentralized governance processes. This creates situations where the “contractual clauses” are dynamic, votable, and sometimes not immediately intelligible without specific technical skills.
Anti-money laundering and DeFi: the impossible application of the Travel Rule
The recent D.Lgs. 204/2024, which has implemented the EU Regulation 2023/1113 on the Travel Rule for crypto-assets, further highlights the inadequacy of the current regulatory framework.
The decree imposes information obligations for transfers of crypto-assets exceeding 1,000 euros, and requires the transmission of identifying data between service providers. But how could this regulation ever be applied to an exchange on Uniswap, where there is no centralized service provider, but only smart contracts that automatically execute transactions?
The anti-money laundering regulations presuppose the existence of identifiable obligated entities, while DeFi operates precisely by eliminating these intermediaries. The result is a regulatory system that completely ignores the operational methods of the most innovative protocols, leaving both operators and users in a gray area of legal uncertainty.
In search of balanced regulation
The challenge for European and Italian regulators is not simple, but neither is it impossible. The experience of other innovative sectors – from traditional fintech to artificial intelligence – shows that it is possible to develop regulatory frameworks that balance protection and innovation.
The guiding principles for balanced regulation of DeFi and DAO should include:
Regulatory proportionality: not all DeFi protocols present the same risks. A decentralized lending system with billions in TVL requires different oversight compared to an experimental protocol with a few thousand euros. Regulation should be gradual and proportional to systemic relevance.
Technological neutrality: regulations should focus on outcomes and risks, not on specific technical implementations. If a protocol provides investment services, it should be subject to appropriate rules regardless of its decentralized architecture.
Regulatory sandboxes: Italy could introduce specific experimental regulatory spaces for DeFi and DAO, allowing controlled innovation while developing regulatory understanding of these phenomena.
Recognition of hybrid organizational models: Instead of forcing DAOs into inadequate corporate categories, specific legal forms could be developed that recognize their unique characteristics while maintaining adequate protections for participants.
The urgency to act: the risk of European irrelevance
While Europe hesitates, other ecosystems are positioning themselves as global hubs for DeFi innovation. Singapore has developed specific frameworks for digital assets, Switzerland has created clear regulatory pathways for blockchain-based organizations, the United Arab Emirates are attracting DeFi protocols with pragmatic regulations.
Here the risk (which unfortunately does not seem to be greatly perceived) is not only economic but also strategic: missing the train of DeFi means marginalizing oneself in what could be the future of the global financial infrastructure. The central bank digital currencies (CBDC) that many central banks are developing use technologies and conceptual architectures derived from DeFi. Not understanding and regulating these phenomena today means being unprepared for the monetary challenges of tomorrow.
By now it is quite evident that decentralized finance and DAOs are not technological fads destined to disappear, but represent structural evolutions of the financial and organizational system. Their ability to reduce costs, increase access to financial services, and democratize economic governance makes them potentially transformative tools for the entire society.
Europe and Italy have the opportunity to position themselves as leaders in the smart regulation of these phenomena, developing frameworks that protect users without stifling innovation. But this window of opportunity will not remain open indefinitely.
As demonstrated by the experience of MiCA with stablecoins, overly strict regulations risk pushing innovation towards more welcoming jurisdictions, leaving European users cut off from the benefits of technological progress.
It is time for European regulators to face with courage and pragmatism the challenges posed by DeFi and DAO, developing a regulatory framework that is both protective and enabling. The future of European finance could depend on this choice.
The stakes are too high to afford further hesitation: either Europe becomes a protagonist in DeFi regulation, or it risks remaining a spectator of its own decline in the global digital economy.
