In 2024, the Securities and Exchange Commission (SEC) issued Wells notices to at least 13 crypto companies – several of which were decentralized finance (DeFi) platforms – including Uniswap Labs (Uniswap), the second largest decentralized exchange (DEX) by trading volume. While the outcome of the SEC’s probe is unclear for most of the companies, the agency closed its investigation of Uniswap in February 2025 without any enforcement action, a stark and puzzling departure from the treatment of peers like Kraken[1] and Binance[2].
Possible explanations include legal, structural, and strategic factors, such as Uniswap’s non-custodial model and proactive SEC engagement. While the decision to spare Uniswap from enforcement might also hint at a shift in the SEC’s approach to DeFi regulation, lingering risks for DeFi reflect the evolving and uncertain nature of the regulatory landscape at both the federal and state level.
SEC Enforcement Trends in DeFi
The SEC has escalated its DeFi oversight in the past year, targeting platforms it views as unregistered securities exchanges that suffer from structural limitations. This enforcement wave spans centralized exchanges offering DeFi services and decentralized autonomous organizations (DAOs), reflecting SEC concern over investor protection, fraud, and market stability under federal securities laws.
A notable action on the regulatory front includes the Commodity Futures Trading Commission (CTFC)’s lawsuit against Ooki DAO, which marked a significant development in regulatory treatment of DAOs, establishing that decentralized governance does not absolve entities from regulatory action, particularly when the DAO is sued in its capacity as an unincorporated association.[3] Centralized platforms like Kraken and Binance have also faced litigation over staking services and token trading[4], reinforcing the SEC’s stance that existing regulations apply irrespective of a platform’s architecture.
These cases frame a pattern: Federal regulatory bodies, particularly the SEC, prioritize entities resembling conventional financial actors. That pattern raises questions about regulators’ jurisdictional limits over DeFi’s evolving landscape and emphasizes the oddity of Uniswap’s apparent exemption from similar scrutiny.
Lessons from Uniswap’s Exemption
The SEC’s closure of the Uniswap investigation offers strategic lessons for the sector and informs compliance tactics amid an uncertain regulatory environment.
First, Uniswap’s proactive engagement with the SEC stands out. Unlike platforms that adopted a defiant posture toward the SEC, Uniswap sought clarification of SEC policies and facilitated mutual, transparent communication. By aligning with evolving SEC expectations, it avoided the “rogue” label, suggesting that open dialogue with regulators may reduce enforcement risk.
Second, Uniswap’s non-custodial design – user’s control their assets – sets it apart from targets like Kraken and Binance, whose custodial staking and listing prices draw SEC scrutiny.[5] This decentralization hinders arguments that Uniswap operates as an unregistered exchange or broker, implying that minimizing custodial elements strengthens a platform’s legal footing to assert that it operates outside SEC purview.
Third, Uniswap’s legal strategy – positioning itself as a software provider rather than a financial intermediary – bolsters its defense. Supported by a robust legal team, this framing challenges the applicability of traditional securities laws, a tactic other projects could emulate through careful governance design.
While Uniswap’s case underscores that transparency, decentralization, and open engagement with regulatory agencies may mitigate regulatory exposure, the SEC’s inconsistent approach signals ongoing uncertainty for DeFi.
Future Regulatory Risks for DeFi
Despite Uniswap’s successful tactics, its case offers little assurance of immunity for DeFi. As legal frameworks at both the federal and state level and agency priorities evolve, Uniswap and its peers could become targets again.
Uniswap’s early liquidity mining, distributing UNI tokens to encourage participation, remains a regulatory vulnerability. Under the Howey test, the SEC could argue that early liquidity mining constitutes an investment contract if users anticipate profits from Uniswap’s efforts – a “common enterprise” contention[6]. The SEC’s win in SEC v. LBRY (D.N.H. 2022), which classified LBC tokens as securities due to LBRY’s centralized promotion of the tokens, underscores this risk[7]. The court agreed with the SEC that LBRY’s marketing and promotional efforts of its tokens led investors to reasonably expect profits based on the company’s work.
However, Uniswap’s decentralized nature may distinguish it from LBRY. Where LBRY directly promoted and distributed LBC tokens, Uniswap conducted no direct sales of its tokens and exercised no central control over them once distributed to investors. Consequently, Uniswap investors were not reliant on Uniswap itself for profits in the same manner that LBRY investors relied on LBRY’s promotional efforts. This distinction mirrors ongoing debates in SEC v. Coinbase (currently pending as of this date), where a key question is whether secondary-market transactions of crypto tokens constitute securities.[8]
Given the unanswered questions posed in SEC v. Coinbase, Uniswap’s automated market makers (AMMs), which enable token swaps, also risk scrutiny if the SEC succeeds in labeling traded assets as unregistered securities – a task prioritized by the Crypto Task Force launched in January 2025 under Acting SEC Chair Mark T. Uyeda. Additionally, evolving federal rules, multi-agency competition, and unpredictable legislative priorities remain critical risk factors, meaning that Uniswap and other DeFi companies face regulatory threats beyond SEC enforcement.
The CFTC’s growing DeFi focus, evidenced by commodity-derivative probes[9], and state law frameworks like New York’s BitLicense regime, heighten multi-jurisdictional exposure. The BitLicense regime, which demands comprehensive license and compliance for any entity engaging in “virtual currency business activity” with New York residents[10], serves as a prime example of how fragmented state-level frameworks add layers of complexity to DeFi regulation.
Adopted in 2015, New York’s BitLicense regime stands out for its stringent requirements, ranging from cybersecurity controls and anti-money-laundering (AML) procedures to capital reserves. Though other states have refrained from copying BitLicense, several have drawn inspiration from it and introduced or contemplated specialized licensing for crypto activities. Louisiana, for instance, enacted a Virtual Currency Business Act (VCBA) in 2020, which established a regulatory framework for companies engaging in “virtual business activities with Louisiana residents.” The state required these companies to obtain a license from the Louisiana Office of Financial Institutions (OFI) and empowered the OFI to enforce compliance, conduct examinations, and impose penalties for violations of the VCBA.[11]
California’s Digital Financial Assets Law (DFAL) marks a departure from earlier, stalled proposals by establishing a modern, risk-based framework tailored to the fast-evolving digital asset ecosystem. Designed to balance innovation with robust investor protection, the law sets clear compliance guidelines for digital financial services – including decentralized platforms like Uniswap’s AMMs – preemptively addressing concerns that have emerged in cases such as SEC v. Coinbase. Its agile, iterative design mirrors startup methodologies to integrate stakeholder feedback and aligns with industry best practices, ensuring that regulations can adapt to unpredictable federal and multi-agency priorities. While California’s framework draws lessons from multi-jurisdictional models like New York’s BitLicense and Louisiana’s Virtual Currency Business Act, it also invites scrutiny of its long-term efficacy in an increasingly fragmented regulatory landscape.
While states like New York, Louisiana, and California embraced state-level regulation of digital financial assets, jurisdictions like Wyoming took the opposite approach, establishing pro-innovation frameworks (e.g., special-purpose depository institution charters) that encourage crypto businesses to domicile there.[12] Attempting to balance innovation with consumer protection, Colorado took an intermediary approach. Exemptions for certain “consumptive” utility tokens and no unified crypto license akin to those required in New York and Louisiana temper the state’s otherwise strict securities regulations.[13]
New York’s regime exemplifies the more aggressive approach, where operating without the required BitLicense can incur severe penalties. Protocols that inadvertently serve New York could face BitLicense requirements, particularly if their operations include token listings that meet New York’s Department of Financial Services’s definition of “virtual currency business activity.” Even if a platform like Uniswap asserts that its model is a fully decentralized, governance-token distributions (e.g., UNI) or liquidity mining programs may be construed as offering services under certain states’ legal definitions. Public calls to combat crypto fraud heighten this risk as they spur more states to replicate – or exceed – New York’s strict standards.
This regulatory patchwork among the states means DeFi projects must often juggle multiple, sometimes conflicting, obligations. Protocols like Uniswap, which rely on open smart contracts accessible worldwide, raise questions as to whether and how they can comply with stringent state-level requirements if they do not directly control user activity. Though DeFi developers like Uniswap may aim to remain “software providers,” and thereby avoid the most stringent regulatory regimes, this strategy is far from perfect. Many states, such as Texas, consider all DeFi enterprises (“software providers” included) money transmitters or even broker-dealers, mandating licenses and compliance measures.
The Finance Innovation and Technology for the 21st Century Act (FIT21), passed by the U.S. House in May 2024 (279-136) but stalled in the Senate as of March 2025, exemplifies how federal inaction can funnel DeFi compliance into a state-by-state patchwork.[14] FIT21 classifies digital assets as either SEC-regulated “restricted digital assets” (effectively digital securities) or CFTC-regulated “digital commodities” based on blockchain decentralization and functionality. Under this framework, developers like Uniswap could face regulation fy both entities. Uniswap’s automated market maker (AMM) transactions might fall under CFTC oversight if certified as decentralized, requiring registration as a Digital Commodity Exchange (DCE) with enhanced disclosures. Meanwhile, Uniswap could also face regulation of its UNI token if the SEC objects to a certification claiming that the token is not a “restricted digital asset” within the prescribed 60-day review period.
Despite the broader predictability and uniformity FIT21 proposes with its digital asset classifications, stablecoins introduce additional layers of complexity, as they are excluded from both “restricted digital assets” and “digital commodities” categories unless traded by CFTC registrants. Furthermore, due to the Biden administration’s opposition ot FIT21 due to its lack of investor protections (May 2024 S.A.P.)[15], the fate of the bill, and federal DeFi regulation in general, remains uncertain. Absent a unified federal framework, DeFi operators risk uneven treatment across jurisdictions, particularly if the second Trump administration pursues different priorities.[16]
This fractured environment is further complicated by the possibility of self-regulation measures, such as Know Your Customer (KYC) adoption, which might preempt stricter enforcement but collide with DeFi’s permission-less ethos — a dilemma FIT21 sidesteps.[17] Meanwhile, the SEC’s litigation-driven stance, ongoing CFTC rivalry, and broader political flux (e.g., post-2024 election shifts and shifting enforcement agendas under new attorneys general) all sustain an unstable climate for DeFi regulation.
Even Uniswap’s non-custodial design and collaborative posture do not definitively shield it from scrutiny, as state authorities could interpret UNI token distributions to liquidity mining as “virtual currency business activity,” subjecting Uniswap to state regulation.[18] Rising capital flows into DeFi draw increased attention from policymakers, underscoring that the next wave of oversight may hinge on how each state – or a newly energized federal regime – chooses to define, license, or sanction decentralized platforms.
Conclusion
Uniswap’s reprieve from SEC enforcement highlights strategies for DeFi platforms in a volatile regulatory climate. Yet, the SEC’s litigation-heavy tack, its CFTC rivalry, increasing state regulation, and FIT21’s uncertain fate[19] perpetuate a fragmented landscape.
DeFi must reconcile compliance with its permissionless core. Uniswap’s model provides a roadmap, but self-regulation – such as KYC – may strain ideological bounds. Platforms should stress-test governance against liability precedents and track legal shifts. Uniswap’s case, less a triumph than a diagnostic, urges resilience in navigating crypto regulation’s complexity.
ENDNOTES
[1] SEC v. Kraken, No. 23-cv-5889-KPF (N.D. Cal. filed Nov. 20, 2023).
[2] SEC v. Binance Holdings Ltd., No. 23-cv-1599-ABJ (D.D.C. filed June 5, 2023).
[3] Commodity Futures Trading Comm’n v. Ooki DAO, No. 3:22-cv-05416-WHO (N.D. Cal. Dec. 20, 2022).
[4] Securities & Exchange Commission v. Kraken, No. 23-cv-5889-KPF (S.D.N.Y. Nov. 20, 2023); Securities & Exchange Commission v. Binance Holdings Ltd., No. 23-cv-1599-ABJ (D.D.C. June 5, 2023).
[5] SEC v. Kraken, No. 23-cv-5889-KPF (N.D. Cal. filed Nov. 20, 2023); SEC v. Binance Holdings Ltd., No. 23-cv-1599-ABJ (D.D.C. filed June 5, 2023) (targeting custodial practices).
[6] SEC v. W.J. Howey Co., 328 U.S. 293 (1946).
[7] SEC v. LBRY, Inc., No. 21-cv-260-PB, 2022 U.S. Dist. LEXIS 198293 (D.N.H. Nov. 7, 2022).
[8] SEC v. Coinbase, Inc., No. 23-cv-4738-KPF, 2024 U.S. District. LEXIS 56997 (S.D.N.Y. Mar. 27, 2024), appeal certified Jan. 7, 2025.
[9] CFTC, CFTC Issues Order Against Uniswap Labs for Offering Illegal Digital Asset Derivatives Trading (Sept. 4, 2024), https://www.cftc.gov/PressRoom/PressReleases/8961-24.
[10] N.Y. Comp. Codes R. & Regs. tit. 23, § 200 (2015) (BitLicense requirements).
[11] Louisiana Virtual Currency Business Act, Act No. 341 (2020).
[12] [12] Wyo. Stat. Ann. § 34-29-101 et seq. (Special Purpose Depository Institutions).
[13] Colo. Rev. Stat. §§ 11-110-101 et seq. (Digital Token Act).
[14] H.R. 4763, 118th Cong. (passed House May 22, 2024), https://www.congress.gov/118/bills/hr4763/BILLS-118hr4763rfs.pdf.
[15] White House, Statement of Administration Policy, H.R. 4763 (May 22, 2024), https://www.whitehouse.gov/wp-content/uploads/2024/05/SAP-HR4763.pdf.
[16] SEC, SEC Announces Enforcement Results for Fiscal Year 2024 (Dec. 17, 2024), https://www.sec.gov/newsroom/press-releases/2024-186.
[17] Uniswap Labs, Wells Submission on Behalf of Uniswap Labs (May 21, 2024), https://blog.uniswap.org/wells-notice-response.pdf(emphasizing permission-less ethos over KYC).
[18] N.Y. Comp. Codes R. & Regs. tit. 23, § 200 (2015) (BitLicense requirements).
[19] H.R. 4763, 118th Cong. (passed House May 22, 2024), https://www.congress.gov/118/bills/hr4763/BILLS-118hr4763rfs.pdf.
This post comes to us from Richard Fair at the University of North Texas’ G. Brint Ryan College of Business. It is based on his recent article, “Breaking the Chains: DeFi, the Dormant Commerce Clause, and the Battle for a Unified Regulatory Future.”