• IOTA and other industry players respond to the ACPR report on DeFi regulation, highlighting the need for a regulatory framework.
• IOTA underscores the importance of addressing risks and vulnerabilities in DeFi through formal certification and auditing of smart contracts, along with continuous monitoring and regular security audits.

The IOTA Foundation has been leading when it comes to establishing the regulatory framework and rules in the European blockchain market. They have been working in tandem with the European Blockchain Association, European Crypto Initiative, as well as the Global Blockchain Business Council (GBBC) in framing regulations for Europe’s decentralized finance (DeFi) market.

Earlier this year in March, the French Fintech Innovation Hub of the Autorité de Contrôle Prudential et de Résolution (ACPR) published a report titled “‘Decentralised’ or ‘Disintermediated’ finance: what regulatory response?” seeking an explanation over a Decentralized Finance (DeFi) ecosystem, the challenges, use cases, and other limitations.

Furthermore, the ACPR also explores the concentration and technology risks, oracle-related risks, as well as other supervisory challenges associated with the complexity of DeFi products.

What does the ACPR Report suggest?

The report by the ACPR suggests different ways to regulate DeFi to address the risks involved. They propose adapting regulations to the unique characteristics of DeFi and being flexible rather than rigid. They also recommend combining traditional financial regulations with regulations from other economic sectors to create a regulatory framework.

One of the main suggestions is to have a certification process for public blockchains based on factors like the accuracy of the computer code, the number of validators, and limits on validation concentration. This certification would also apply to smart contracts, taking into account the specific services provided and governance.

The ACPR also considers the idea of prohibiting interaction with uncertified smart contracts. The certification would have a limited duration, could be withdrawn at any time, and would require renewal if there are significant changes to the code. They also propose the possibility of embedding certification requirements directly into the code in the future.

Instead of implementing MiCA, which has its own report deadline, the ACPR has initiated a public consultation based on the points highlighted in its report.

Industry Response to ACPR

IOTA and other players such as the European Blockchain Association, GBCC, and many others have issued a joint response to the ACPR report touching down on different points.

• Different Definitions of DeFi: IOTA and the team disagrees with the ACPR report’s definition of DeFi, saying it overlooks crucial elements like user control, trustless interactions, and governance structures. They argue that DeFi combines decentralization and disintermediation, as it distributes control and decision-making while leveraging blockchain and smart contracts.
• DeFi as a Democratizing Force in Financial Industry: IOTA believes that despite being in its early stages, DeFi has the potential to transform the digital economy by facilitating seamless virtual transactions. However, challenges related to centralization, cyber-attacks, and scalability persist. They argue that emerging governance models, along with Layer 1 and Layer 2 solutions, can address these challenges effectively.
• Formal Certification As a Solution to Risks and Vulnerabilities: IOTA argues that risks in DeFi primarily stem from Layer 2 solutions and the application layer. Transparency issues, systemic vulnerabilities, and risks to retail customers are highlighted. Certification and auditing of smart contracts are important, along with suggestions for certified and auditing tools. While formal verification is preferred for security, continuous monitoring, bug bounties, and regular audits are also necessary for ongoing safety.
• Regulating Intermediary Services: IOTA emphasizes the importance of regulating DeFi intermediaries. They argue against a one-size-fits-all approach and suggest focusing on higher layers of the infrastructure for user protection while preserving decentralization and innovation.