Joint Industry Response to FCA CP25/40 in the UK
IOTA & Co Signatories at the Forefront of Crypto Regulation
TL;DR:
On February 12th 2026, we submitted a joint response to the UK Financial Conduct Authority’s Consultation Paper CP25/40 on regulating cryptoasset activities. This was led by the IOTA Foundation, together with Sui Foundation, Cardano Foundation and Avalanche Policy Coalition.
Our Response to FCA 25/40
This response is a joint effort by the IOTA Foundation, the Sui Foundation, the Cardano Foundation, and the Avalanche Policy Coalition, to provide industry input to the FCA’s Consultation Paper CP25/40. As organizations actively operating within the cryptoasset and blockchain technology ecosystem, we find it important to ensure that the regulatory framework in the UK is robust, proportionate and forward-looking. We appreciate the FCA’s continued engagement with the industry and its objective of strengthening consumer protection while supporting the UK’s position as a competitive and innovative market for cryptoasset activities.
In this submission, we focus on staking and decentralized finance (DeFi), as these are the areas where the current regulatory proposals raise the most significant questions of scope, proportionality and technical interpretation. Both staking and DeFi involve a wide range of operational models, from fully custodial and intermediary-based services to non-custodial and protocol-native mechanisms, and therefore require particular regulatory precision to avoid unintended consequences. We believe that clarity in these areas is essential to ensure that regulatory obligations are aligned with actual sources of risk, while preserving the UK’s ability to support innovation in decentralized and non-custodial technologies.
A consistent theme across our feedback on both staking and decentralized finance is the importance of clearly distinguishing between infrastructure functions and intermediary functions. We recommend that regulatory obligations remain focused on entities that exercise custody, discretion, or commercial intermediation, while preserving the neutrality of public blockchain infrastructure. Actors that provide software development, validation, communications, or other protocol-level services without controlling client assets or exercising unilateral decision-making are performing infrastructure roles rather than financial intermediation, and warrant a proportionate and differentiated regulatory treatment.
With respect to staking, we strongly recommend the FCA to include a clear and explicit distinction between custodial and non-custodial staking models. Where staking is provided through a custodial arrangement, and the firm safeguards client assets and intermediates the staking process, we recommend applying the proposed requirements on information provision, key contractual terms, express prior consent for retail clients, and record-keeping. We also recommend that these requirements apply only to retail clients, and in particular only in custodial contexts, as this is where information asymmetries, operational risk and counterparty exposure are most acute. Consequently, we strongly believe that non-custodial staking must be treated differently. For non-custodial and delegated staking arrangements, where firms do not control client assets or private keys, we recommend that such activities remain outside the scope of regulated staking activity, as this maintains proportionality and aligns regulatory obligations with the actual sources of risk. Non-custodial and delegated staking arrangements happen on-chain, without the staking provider taking custody of the user’s assets. This means that it is entirely different from custodial staking, where the user’s assets are directly controlled by the staking provider.
With respect to decentralized finance, we recognise the FCA’s intention in CP25/40 to capture situations where a clearly identifiable controlling person is effectively carrying on regulated cryptoasset activities. At the same time, we recommend that the concept of a “clear controlling person” be defined in a technically precise and objective manner. DeFi systems are structurally different from custodial or intermediary-based models, relying on self-custody, automated execution and open participation. These characteristics change both how risks arise and how they are mitigated. We therefore recommend that regulatory expectations scale with demonstrable, unilateral control over protocol operation, governance or economic outcomes, and not be triggered by development activity, governance participation or infrastructure provision alone.
Overall, we recommend that regulatory obligations are anchored to the presence of custody, discretion and unilateral control, while preserving space for non-custodial and decentralized systems to operate within a proportionate and innovation-friendly framework. We firmly believe this approach would strengthen legal certainty, enhance consumer protection where it is most needed, and reinforce the UK’s position as a jurisdiction that understands the architectural realities of decentralized technologies. We would welcome the opportunity to engage further with the FCA to discuss these recommendations and to support the development of guidance that reflects both regulatory objectives and technical realities.