REGULATORY FLASH UPDATE
SEC/CFTC Joint Interpretive Release on Crypto Asset Classification
Release Nos. 33-11412 / 34-105020 | Published March 17, 2026
The Bottom Line
The SEC, jointly with the CFTC under "Project Crypto," has published its first comprehensive interpretive release on crypto asset classification. Announcing the release, SEC Chairman Paul Atkins stated: "After more than a decade of uncertainty, this interpretation will provide market participants with a clear understanding of how the SEC treats crypto assets under federal securities laws." The 68-page release establishes a five-category taxonomy, provides binding interpretive clarity on how the Howey test applies to crypto assets, and supersedes the 2019 staff framework and all prior staff statements. The release creates no new legal obligations. It interprets existing law.
Asset Classification: Five Categories
Digital Commodities — Not securities. Assets intrinsically linked to functional crypto systems, valued by programmatic operation and supply/demand. Named examples: BTC, ETH, SOL, XRP, ADA, AVAX, DOT, LINK, XLM, HBAR, LTC, DOGE, SHIB, BCH, APT, XTZ. ALGO and LBC also named. The CFTC confirms these could meet the "commodity" definition under the Commodity Exchange Act.
Digital Collectibles — Not securities. NFTs, meme coins, fan tokens. Value driven by artistic, entertainment, social, or cultural significance. Exception: fractionalized collectibles may constitute investment contracts.
Digital Tools — Not securities. Functional utility tokens: memberships, credentials, identity badges. ENS domain names cited as example.
Stablecoins — Mixed. Payment stablecoins under the GENIUS Act excluded from the security definition by statute. "Covered Stablecoins" per the April 2025 staff statement confirmed as non-securities by Commission interpretation. Other stablecoins assessed case by case.
Digital Securities — Securities. Tokenized versions of instruments that already qualify as securities, regardless of format.
Key Structural Interpretations
Investment contract separation. A non-security crypto asset can become subject to an investment contract without the asset itself becoming a security. The investment contract is the security; the token remains a non-security. Crucially, the release establishes a "separation doctrine": non-security crypto assets can detach from associated investment contracts once the issuer fulfills or demonstrably abandons its promised managerial efforts. After separation, secondary market transactions are no longer securities transactions.
Staking and mining safe harbors. Protocol mining (PoW) and protocol staking (PoS) are interpreted as non-securities activities across all configurations: solo, delegated, custodial, and liquid staking. Staking Receipt Tokens and Redeemable Wrapped Tokens inherit the securities status of their underlying asset.
Airdrops. Airdrops of non-security crypto assets where recipients provide no consideration fail the first Howey prong and fall outside securities law.
Concordium Implications
CCD classification. CCD meets the "digital commodity" definition: intrinsically linked to a functional crypto system, deriving value from programmatic operation and supply/demand. The interpretation provides a clear basis for CCD to be treated as a non-security under U.S. Federal securities law.
Staking and validation. The staking safe harbor covers the full range of Concordium's staking architecture, including delegation. Custodial staking and liquid staking are explicitly cleared, provided the service provider acts as agent without guaranteeing returns or exercising discretion over staking amounts. Directly relevant for institutional validator operations on Concordium.
Identity, privacy, and accountability. The release does not address protocol-level identity verification, privacy architecture, or accountability frameworks. That is expected. The SEC's mandate is to clarify which assets and transactions fall under securities law, and the release fulfills that mandate. Questions of identity, accountability, privacy, and revocability fall under separate regulatory authorities: FinCEN and FATF for AML/KYC and transaction monitoring; eIDAS 2.0 and the EU Anti-Money Laundering Authority (AMLA) for digital identity and compliance frameworks; MiCA for crypto-specific market regulation in Europe.
With the SEC now providing interpretive clarity on asset classification, regulatory momentum at these other bodies can be expected to accelerate. Once the "is this a security?" question is settled, the next question becomes: how do we ensure identity, accountability, and privacy in the systems that handle these assets? That is the question Concordium was built to answer.
Sources
