The Markets in Crypto-Assets regulation came into full effect in the European Union at the end of 2024, completing a legislative process that began in 2020. MiCA is, by any measure, the most comprehensive crypto regulatory framework enacted by any major jurisdiction. It is also, by the assessment of most practitioners who have spent the past year implementing compliance against it, a framework with genuine strengths, notable gaps, and implementation details that will be litigated for years.

For most of the past decade, crypto companies operating in the United States have been navigating regulatory uncertainty using a combination of legal creativity, jurisdictional arbitrage, and optimism that clarity would eventually arrive. The SEC’s enforcement-first approach — pursuing actions against specific actors rather than publishing comprehensive guidance — left the industry in the position of learning the rules from the outcomes of cases it was not party to.

The taxonomic guidance that the SEC published in early 2026 does not resolve every question. It resolves enough of them to allow compliance functions to make decisions they have been deferring for years.

The word permissionless has been doing a lot of work in DeFi. It carries a promise: that financial infrastructure can be built and accessed without gatekeepers, without identity verification, without the approval of a regulator or a bank. Smart contracts execute automatically. Code is law. The system does not care who you are.

Regulators have spent the past three years methodically dismantling this framing, and they are not wrong to do so.