Malta's Financial Regulator Opens Consultation on a 'Software-Based Organization' Legal Category for DAOs in New DeFi Rulebook

Key Highlights

• Malta's financial regulator published a discussion paper on June 12 proposing a 'software-based organization' legal category that would cover DAOs and other blockchain-governed entities, separating the organization itself from the protocols and code it operates as a way to create clearer accountability in DeFi systems.

• The MFSA noted that while MiCA formally excludes fully decentralized models from its regulatory scope, many projects that describe themselves as decentralized retain concentrated governance structures, a finding reinforced by an ECB working paper in March that found decision-making power concentrated among a small number of participants in four major DeFi protocols.

• The consultation runs through July 10 and arrives as MiCA's enforcement deadline of July 1, 2026 approaches, with only 194 authorized crypto-asset service providers having obtained approval across Europe by May despite more than 3,000 virtual asset service providers having operated in the bloc in 2024.

Malta's financial regulator has opened a public consultation on how decentralized finance could be regulated under the European Union's crypto framework, proposing a new category of legal entity called a software-based organization that would allow DAOs and similar blockchain-governed structures to obtain a formal legal identity without being classified under existing corporate or financial service provider frameworks. The Malta Financial Services Authority published the discussion paper on June 12 and is seeking industry feedback through July 10.

The proposal addresses one of the core problems that regulators across Europe have struggled with when trying to apply financial services rules to DeFi: the question of who, if anyone, is legally responsible for a protocol's actions. Many DeFi systems are nominally governed by token holder votes processed through smart contracts, with no directors, officers, or registered legal entity in any jurisdiction. The MFSA's software-based organization concept would create a structure that distinguishes the organization from the code and protocols it operates, giving regulators and courts a legal counterparty to engage with without requiring projects to incorporate as traditional companies. The regulator argued that separating those elements could address governance and accountability questions that have continued to emerge across DeFi projects as they have grown in scale.

MiCA, the EU's Markets in Crypto-Assets regulation, formally excludes fully decentralized services from its scope on the grounds that there is no intermediary or central controller to regulate. The MFSA acknowledged that carve-out but noted that the practical reality of many projects does not match the theoretical ideal of full decentralization. An ECB working paper published in March reinforced that concern, finding that governance and decision-making across four major DeFi protocols remained concentrated among a limited group of participants, a pattern that could make it difficult for those projects to qualify for the MiCA exemption while also leaving regulators uncertain about how to classify them. Malta has been one of the earliest EU members to attempt comprehensive crypto regulation, having introduced an initial digital asset framework in 2018, and the MFSA's consultation continues that tradition of attempting to build legal structures that can accommodate new forms of blockchain-based organization.

The consultation lands at a critical moment for EU crypto regulation. MiCA's final enforcement deadline is July 1, 2026, after which crypto exchanges, brokers, and wallet providers that have not obtained authorization will no longer be permitted to serve customers in the bloc. The European Securities and Markets Authority has said that unauthorized firms remaining in operation after that date will be in breach of EU law and should establish orderly wind-down plans. According to data cited by law firm Hogan Lovells, Europe had more than 3,000 virtual asset service providers in 2024, yet only 194 authorized crypto-asset service providers had obtained MiCA approval by May 2026, illustrating the scale of the transition still underway. The European Commission also launched a targeted review of MiCA in May to assess whether the regulation adequately covers stablecoin interest payments, DeFi activity, and other areas that may require additional rules, suggesting that the Malta consultation is likely to feed into a wider EU-level conversation about how to extend regulatory coverage to decentralized systems without requiring them to transform into the centralized entities the regulation was originally designed to govern.