Malta Financial Services Authority Proposes New DAO Category Under MiCA DeFi Rulebook

Malta’s financial regulator, the Malta Financial Services Authority (MFSA), has proposed a new legal category for decentralized autonomous organizations as part of a consultation on how decentralized finance could be regulated under the European Union’s crypto framework.

“Malta’s financial regulator has launched a public consultation on how decentralized finance services could interact with the European Union’s crypto rules”

CoinCentral

In a discussion paper published on June 12, the MFSA proposed a “software-based organization” category intended to include DAOs and other DeFi entities governed primarily through software, while distinguishing the organization itself from the protocols and code it operates.

CoinCentral

The MFSA said many DeFi projects may not qualify as fully decentralized under MiCA due to concentrated governance, and it tied the consultation to EU regulators’ review of DeFi oversight ahead of MiCA’s July 1, 2026, enforcement deadline.

The consultation opened on June 12 and runs through July 10, seeking industry feedback on a potential framework for DeFi activities and on whether “software-based organizations” could provide a legal structure for governance and accountability issues.

The MFSA also noted that “MiCA excludes fully decentralised models from its regulatory scope,” meaning projects without intermediaries or central control may not need to comply with MiCA.

The MFSA’s discussion paper frames decentralization as a compliance and accountability problem, arguing that many DeFi projects retain centralized features such as administrator keys, governance concentration, protocol upgrade rights, and control over user-facing interfaces.

In the consultation, the MFSA is seeking feedback on whether decentralization should be assessed as a spectrum rather than a binary concept, and whether a standardized framework should determine when a protocol falls outside MiCA’s scope.

Cointelegraph

The regulator also asked whether regulated crypto firms should be required to conduct smart-contract audits, governance reviews and risk assessments before integrating DeFi protocols into their services.

The consultation additionally outlines potential legal structures for DeFi projects, including DAOs and segregated cell companies, and it examines guardian agents as mechanisms that “monitor, evaluate, and constrain the behaviour of other autonomous systems.”

The MFSA’s approach is positioned within MiCA’s boundary, while emphasizing that many real-world arrangements make it difficult to characterize services as “fully decentralised” without intermediaries or central control.

Malta’s consultation arrives as EU institutions continue reviewing MiCA’s practical fit for DeFi, including a European Commission targeted review launched in May that requested feedback on stablecoin interest payments, DeFi activity, and potential gaps that could require additional rules.

“Malta’s financial regulator has proposed a new legal category for decentralized autonomous organizations as part of a consultation on how decentralized finance could be regulated under the European Union’s crypto framework”

crypto.news

A June 12 MFSA discussion paper also cites a March European Central Bank working paper finding that governance and decision-making across four major DeFi protocols remained concentrated among a limited group of participants.

The MFSA’s consultation is part of a broader transition timeline in which the transition period ends on July 1, 2026, after which crypto exchanges, brokers, and wallet providers without authorization will no longer be permitted to serve customers in the bloc.

ESMA said firms operating without a MiCA license after the deadline would be in breach of EU law, and it added that providers that fail to obtain authorization should establish orderly wind-down plans and help customers transfer assets to either authorized firms or self-hosted wallets.

Against that backdrop, the MFSA’s “software-based organization” concept seeks to clarify how governance and responsibility should work when activity is coordinated through code, while keeping the legal status of governance distinct from the underlying protocol and software.