Summary

Situation Overview: This past Monday, the Securities and Exchange Commission (SEC) and the Commodity Futures Trading Commission (CFTC), published a highly anticipated interpretive release that lays the foundational groundwork for the regulation of crypto assets by the two agencies.[1] Effective March 23, the guidance establishes five categories of digital assets, explains when a non-security token becomes (and ceases to be) a security, and outlines safe harbors for common crypto activities.

What: Under the new framework, market participants and potential markets entrants have greater clarity into what activities and products are considered securities.

Who: Current market participants and potential market entrants.

In Depth

On March 17, 2026, the SEC and the CFTC jointly issued an interpretive release (interpretation) clarifying the definition of “security” as applied to certain crypto assets and certain transactions involving crypto assets. The interpretation identifies five categories in its token taxonomy, defines when a non-security token becomes (and ceases to be) a security, and clarifies other specific activities.

While this interpretation is a major step in providing important guidance and developing a clear and coherent crypto assets framework, it is only one piece of a broader regulatory framework. In the coming weeks, the SEC is expected to advance both further exemption issuances and a formal rulemaking that may include certain exemptions.[2]

The interpretation went into effect on March 23, 2026, upon publication in the Federal Register. Although the guidance is an interpretive rule and not a formal rulemaking, the SEC has requested comments on the interpretation, which may further inform changes to the guidance or potentially support formal rulemakings in the future.

The Five-Category Token Taxonomy

The guidance establishes five discrete categories of digital assets. The first four categories are generally classified as non-securities. The fifth category, digital securities, is classified as securities, and remains subject to the full registration and disclosure requirements of the federal securities laws. Each category is briefly described below.

Digital Commodities

According to the interpretation, a digital commodity is a crypto asset that is intrinsically linked to, and derives its value from, the programmatic operation of a crypto system that is functional, as well as supply and demand dynamics, rather than from the expectation of profits from the essential managerial efforts of others. A digital commodity itself, therefore, is not a security because it does not have the economic characteristics of a security.[3]

Digital Collectibles

A digital collectible is “a crypto asset that is designed to be collected and/or used and may represent or convey rights to artwork, music, videos, trading cards, in-game items, or digital representations or references to internet memes, characters, current events, or trends, among other things.”[4] The interpretation generally classifies digital collectibles as not securities.

Digital Tools

Digital tools are defined as “a crypto asset that performs a practical function, such as a membership, ticket, credential, title instrument, or identity badge.”[5] The interpretation states that digital tools, as described in the release, are not considered securities.

Stablecoins

Turning to stablecoins, the interpretation defines stablecoins as crypto assets that are “designed to maintain a stable value relative to a reference asset like the U.S. dollar.” The interpretation points to the Guiding and Establishing National Innovation for U.S. Stablecoins (GENIUS) Act which created a comprehensive regulatory framework for a specific type of stablecoin called “payment stablecoins,” defined as a digital asset that is, or is designed to be, used as a means of payment or settlement, and the issuer of which generally is obligated to convert, redeem, or repurchase the digital asset for a fixed amount of monetary value, and represents that it will maintain, or create the reasonable expectation that it will maintain, a stable value relative to the value of a fixed amount of monetary value. Prior to the enactment of the GENIUS Act, the SEC Division of Corporation Finance issued a statement on stablecoins, addressing the characterization of certain stablecoins under the definition of securities. Noting that the GENIUS Act is not yet effective and to clarify the SEC’s views on the application of the Howey test to stablecoins, the interpretation stated that the offer and sale of stablecoins addressed in the Division of Corporation Finance’s statement does not involve the offer and sale of securities within the meaning of Section 2(a)(1) of the Securities Act or Section 3(a)(10) of the Exchange Act.[6]

Digital Securities (or Tokenized Securities)

The only category not designated as a non-security was digital securities. A digital security, or tokenized security, is a financial instrument enumerated in the definition of “security” that is formatted as, or represented by, a crypto asset, where the record of ownership is maintained in whole or in part on or through crypto networks. The interpretation stated that “[a] security is a security regardless of whether it is issued, or otherwise represented, offchain or onchain” and that “[a]ll devices and instruments that have the economic characteristics of a security are securities regardless of format or label.”

When a Non-Security Token Becomes (and ceases to be) a Security

One of the interpretation’s most important aspects is the application of the Howey test in determining when a crypto asset may become subject become subject to the federal securities laws when it is offered as part of an investment contract and how such a classification may cease in the future. The Howey test is derived from SEC v. W.J. Howey Co., 328 U.S. 293 (1946) where the U.S. Supreme Court created a legal standard to determine whether a transaction qualifies as an investment contract and is therefore subject to federal securities laws.

Under the guidance, a non-security crypto asset becomes subject to an investment contract, and therefore securities regulation, when an issuer offers it by inducing an investment of money in a common enterprise with promises to undertake essential managerial efforts from which a purchaser would reasonably expect to derive profits. However, the fact that a non-security crypto asset is subject to an investment contract does not transform the non-security crypto asset itself into a security. However, when a purchaser of a non-security crypto asset that has been subject to an investment contract could no longer reasonably expect the issuer’s representations or promises to engage in essential managerial efforts to remain connected to the non-security crypto asset, the non-security crypto asset separates from such representations or promises, and thereafter the non-security crypto asset is no longer subject to the federal securities laws.[7]

Clarification of Specific Activities

The guidance also provides explicit clarification on several common crypto activities that had lacked comprehensive regulatory treatment including protocol mining, protocol staking, wrapping, and airdrops. Each is discussed briefly below.

Protocol Mining, Staking, and Wrapping

The interpretation determined that Protocol Mining Activities, Protocol Staking Activities, and Wrapping, as defined in the release, do not involve the offer and sale of a security within the meaning of Section 2(a)(1) of the Securities Act and Section 3(a)(10) of the Exchange Act and that, accordingly, participants in these activities do not need to register transactions with the Commission under the Securities Act or fall within an available exemption from registration when conducted in a manner consistent with the interpretation. These safe harbors were not without limitations, though. For instance, if a custodian or liquid staking provider exercises discretion over which assets to stake, when, or how much, or guarantees reward amounts, they fall outside the interpretation’s scope.[8]

Airdrops

The interpretation states that when an issuer conducts an airdrop of non-security crypto assets in the manner and under the circumstances described in the release, the non-security crypto asset does not become subject to an investment contract because the first element of the Howey test, requiring investment of money, is not met. Recipients of the airdropped non-security crypto asset are not making an “investment of money” because they provide no money, goods, services, or other consideration to the issuer in exchange for the airdropped non-security crypto asset, and the issuer is not offering them the non-security crypto asset in exchange for any such consideration.[9] Accordingly, issuers conducting airdrops of non-security crypto assets in the manner and under the circumstances described in this release do not need to register those transactions with the Commission under the Securities Act or fall within one of the Securities Act’s exemptions from registration.[10]

Put Patomak’s Expertise to Work

Patomak is uniquely positioned to help firms, developers, and others navigate the rapidly evolving regulatory environment. Our team brings broad expertise in as it has been ranked as one of the top financial technology consulting firms in the United States for two consecutive years by Chambers.[11] Patomak’s ranking reflects the firm’s strong record of building trusted client relationships and advising organizations as they navigate complex regulatory requirements, enhance risk management programs, and advance critical business and compliance initiatives.

In addition, Patomak has extensive expertise in building and enhancing compliance programs specifically tailored to crypto-related risks, ranging from establishing governance frameworks to implementing targeted improvements that enhance regulatory readiness. To learn more about how Patomak can support your compliance and strategic goals, please contact Laura Magyar at lmagyar@patomak.com or Kathleen Casey at kcasey@patomak.com.

---

[1] Application of the Federal Securities Laws to Certain Types of Crypto Assets and Certain Transactions Involving Crypto Assets, 91 Fed. Reg. 13714 (to be codified at 17 C.F.R. pt. 231 and 241) (Mar. 23, 2026) (hereinafter, “interpretation”).

[2] See Paul S. Atkins, Regulation Crypto Assets: A Token Safe Harbor (Mar. 17, 2026).

[3] The agencies listed the following sixteen examples of digital commodities: Aptos (APT); Avalanche (AVAX); Bitcoin (BTC); Bitcoin Cash (BCH); Cardano (ADA); Chainlink (LINK); Dogecoin (DOGE); Ether (ETH); Hedera (HBAR); Litecoin (LTC); Polkadot (DOT); Shiba Inu (SHIB); Solana (SOL); Stellar (XLM); Tezos (XTZ); and XRP (XRP).

[4] Examples include CryptoPunks, Chromie Squiggles, Fan Tokens, WIF, and VCOIN. The interpretation states that [a] digital collectible itself is not a security because it does not have the economic characteristics of a security. Nor does it constitute any of the financial instruments enumerated in the definition of “security” because it does not represent a digitized form of any such instruments, including an investment contract.

[5] Examples of digital tools include Ethereum Name Service domain names and CoinDesk’s ‘Microcosms’ NFT Consensus Ticket. The interpretation determined that digital tools are not securities as they do not have “have intrinsic economic properties or rights, such as generating a passive yield or conveying rights to future income, profits, or assets of a business enterprise or other entity, promisor, or obligor.”

[6] Interpretation at 22-23.

[7] Interpretation at 28-29.

[8] Similarly, the offer or sale of a Redeemable Wrapped Token that is a receipt for a digital security or a non-security crypto asset that is subject to an investment contract is an offer or sale of a security within the meaning of section 2(a)(1) of the Securities Act or section 3(a)(10) of the Exchange Act.

[9] See SEC v. W.J. Howey Co., 328 U.S. 293 (1946).

[10] Interpretation at 60-61.

[11] Chambers and Partners, Fintech Consulting, available at https://chambers.com/department/patomak-global-partners-fintech-consulting-fintech-49:2743:12788:1:23018544.