SUMMARY The SEC and CFTC have ended years of crypto regulatory ambiguity with a joint interpretation that sorts digital assets into five categories and tells the market which are securities and which are not. Promises matter most. A token becomes a security when its issuer makes specific commitments to buyers and stops being one when those commitments are fulfilled or abandoned. Founders and compliance teams finally have a map.
After years of regulating cryptocurrency through enforcement actions rather than clear rules, the SEC and CFTC have jointly issued a long-awaited interpretation that tells the market exactly where the regulatory lines fall. Released on March 17, 2026, the guidance sorts crypto assets into five categories and explains which ones are subject to federal securities laws and which are not. For anyone who has been waiting for Washington to stop swinging the enforcement hammer and start writing the rulebook, this is that moment.
The five categories are:
- digital commodities
- digital collectibles
- digital tools
- stablecoins
- digital securities
Bitcoin, Ether, Solana and 13 other named cryptocurrencies fall into the digital commodity bucket and are not securities. NFTs and meme coins are digital collectibles, also not securities. Membership tokens, credentials and similar functional assets are digital tools, likewise not securities. Stablecoins occupy their own category, with payment stablecoins issued under the recently enacted GENIUS Act explicitly excluded from the definition of security by statute. Digital securities, meaning tokenized stocks, bonds and similar instruments, are securities regardless of whether they live on a blockchain. The message is clear–the asset’s economic substance determines its legal status, not its format or the label its creator slaps on it.
The most practically important part of the guidance explains when a non-security crypto asset can still become subject to securities law. The answer turns on what the issuer promises. If a developer sells a token while making specific commitments about building out a platform, hitting milestones or delivering functionality, those promises can create what the law calls an investment contract, which is a security. Once the developer fulfills those promises, or clearly abandons them, the token is released from securities regulation. This resolves years of confusion about whether tokens ever graduate out of securities status, and it puts developers on notice that their marketing language has legal consequences.
The agencies also clarified several specific activities that have generated enormous uncertainty in the market. Protocol mining and proof-of-stake staking, including pooled and custodial arrangements, are not securities transactions. Wrapping a token for use on another blockchain is not a securities transaction. Airdrops of non-security tokens to recipients who provide nothing in exchange are not securities transactions. Each of these conclusions removes a litigation target that regulators had left conspicuously unaddressed for years.
The practical takeaway for anyone building in the crypto space is straightforward. If you are issuing a token without making investment promises to buyers, you are likely outside securities regulation. If you are making promises about what you will build, you are inside it until you deliver. Founders, investors and compliance teams that have been operating under a cloud of regulatory ambiguity now have a map. The guidance does not change existing law, but it does something arguably more valuable: it tells market participants clearly and authoritatively how the regulators read it, and it signals that the era of regulation by enforcement is over.
You may also enjoy:
- Beyond Bitcoin: A Compendium of Cryptocurrency
- What is Cryptocurrency? A Guide for Everyone
- Whatever Happened to NFTs?
- Strategic Bitcoin Reserve
and if you like what you read, please subscribe below or in the right-hand column.