Malta drafts DeFi framework for “software-governed organizations” under MiCA-era rules

Malta’s regulator is shopping around a new legal framework for “software-governed organizations.” The draft is designed to sit inside the European Union’s MiCA-era regulatory sweep, and it directly takes aim at DeFi projects that use DAO branding while keeping effective control with a small group.

The key move here is jurisdictional, not cosmetic. Malta is not treating DAOs as a free-for-all. Instead, it is arguing that many DeFi organizations are “not fully decentralized,” which matters because that claim can justify bringing them under licensing, governance, and compliance expectations that more traditional firms face.

Why Malta is bothering with DAOs at all

Cointelegraph reports that Malta’s regulator says industry feedback is needed for a legal framework for software-governed organizations. The paper’s starting point is a familiar regulatory argument in crypto. “Many DeFi projects are not fully decentralized,” Cointelegraph writes, implying that the operational reality of some DAOs looks more like corporate governance than open-source coordination.

If that framing sticks, the practical consequence is simple. Entities that can be steered by identifiable actors, through privileged code access, off-chain control, or governance capture, can be treated as regulated organizations rather than “pure” decentralized networks.

MiCA-era logic, applied to governance

MiCA is built for crypto asset services and issuers, not for every governance model that shows up around decentralized apps. So Malta’s approach is an attempt to map governance and control structures into the EU’s existing regulatory mindset.

Cointelegraph’s report is careful on implementation details in the excerpt provided, but the direction is clear. The framework targets software-governed structures where decentralization is incomplete. That gives regulators a lever to demand accountability even when a project points to a DAO and claims it is beyond corporate-style oversight.

From a reader’s standpoint, this is the difference between “the token is decentralized” and “the organization behind the token is decentralized.” The former is often a marketing line. The latter is what regulators will test.

What “industry feedback” usually signals

Cointelegraph says the regulator is seeking industry feedback on the proposed legal framework. That typically means two things in policy filings like this. First, regulators expect technical input on how governance is implemented, audited, and controlled. Second, they are trying to avoid blunt instruments that break real systems while still capturing those with centralized choke points.

For DeFi operators, this is not a passive consultation. The questions that tend to shape outcomes are the boring ones. Who has update rights. How governance decisions are executed. Whether voting reflects actual control or just a wrapper around privileged actions.

Watch the next milestone

Cointelegraph’s report flags feedback as the immediate step. The next milestone will likely determine whether Malta treats software-governed organizations as a distinct legal category or as an application of existing organizational concepts to DAO-like structures.

Either way, the deadline to watch is not just for responses. It is for how the regulator defines “fully decentralized” versus “not fully decentralized,” because that line will decide how much room compliant teams get to operate without becoming regulated entities.