On March 17, 2026, the SEC released a significant interpretive framework on crypto assets and crypto transactions. The takeaway is not that “crypto is unregulated.” The real takeaway is that the SEC is drawing sharper lines.
The SEC is trying to distinguish between:
- crypto assets that are not themselves securities, and
- transactions or arrangements in which the way a token is sold, marketed, distributed, or operated creates, or continues to create, a securities transaction, usually under an investment contract theory. (SEC press release ; SEC fact sheet )
This release matters immediately for founders, platforms, and investors for three reasons.
First, the SEC introduces a five-part token taxonomy: digital commodities, digital collectibles, digital tools, stablecoins, and digital securities. It then explains how each category may, or may not, fit within federal securities laws.
Second, the SEC clarifies how a crypto asset that is not itself a security can still be sold or distributed through an investment contract, and how that investment contract can later end. In the SEC’s framing, a non-security asset can eventually “separate” from the issuer’s promises, so that later transactions in that asset are no longer subject to federal securities laws.
Third, the SEC gives practical interpretations on common token mechanics that many crypto teams rely on in the real world, including protocol mining, protocol staking, liquid staking receipt tokens, wrapped tokens, and airdrops. (SEC press release ; SEC fact sheet )
What the SEC Said
Core definitions and why they matter
The SEC defines a “crypto asset” as any digital representation of value recorded on a cryptographically secured distributed ledger. It also defines “crypto network,” “crypto application,” and the broader term “crypto systems,” while distinguishing between “onchain” and “offchain.”
Notably, the SEC says this definition of “crypto asset” is identical to the GENIUS Act’s definition of “digital asset.” That matters because it suggests that regulators and lawmakers are moving toward a more unified vocabulary. For founders, that is a drafting signal. Whitepapers, token documentation, disclosures, and terms of service should be written in regulator-grade language, not casual market shorthand.
The SEC’s five-category token taxonomy
The SEC says it grouped crypto assets based on their characteristics, uses, and functions, and then analyzed each category under the federal securities laws.
1. Digital commodities
As described by the SEC, digital commodities are not securities. These are assets whose value is tied to the programmatic operation of a functional crypto system and to supply-and-demand dynamics, rather than to a reasonable expectation of profits based on the essential managerial efforts of others.
The SEC says a system is “functional” when the native asset can actually be used according to its intended programmatic utility. It says a system is “decentralized” when it operates autonomously and no person, entity, or group has operational, economic, or voting control.
The SEC includes examples such as BTC, ETH, SOL, XRP, and others, while noting that some of the listed assets were selected because they underlie futures contracts on CFTC-regulated markets. It also makes clear that being the underlying asset for a futures contract is not a prerequisite to being treated as a digital commodity.
2. Digital collectibles
The SEC treats digital collectibles, as described, as non-securities. These are framed as onchain equivalents of physical collectibles and can include assets tied to art, media, in-game items, or cultural phenomena such as meme coins.
The SEC says features like creator royalties do not automatically turn a collectible into a security. At the same time, it warns that fractionalized collectible structures can raise securities issues.
3. Digital tools
The SEC also describes digital tools, as described, as non-securities. These are tokens or assets that perform a practical function, such as serving as a membership credential, ticket, identity badge, title instrument, or domain-style identifier.
Many of these may be non-transferable or “soul-bound.” The SEC gives examples such as Ethereum Name Service domains and NFT-based ticket concepts.
4. Stablecoins
The stablecoin category is more nuanced. The SEC explains that, once the GENIUS Act becomes effective, payment stablecoins issued by permitted payment stablecoin issuers will not be securities by operation of statute. It also notes that permitted issuers are prohibited from paying interest or yield solely for holding, using, or retaining a payment stablecoin.
At the same time, the SEC says other stablecoins may still be securities depending on the facts and circumstances.
5. Digital securities
The SEC defines a digital security as a financial instrument already covered by the statutory definition of “security,” but represented in crypto-asset form and recorded in whole or in part on a crypto network.
The message is simple: tokenization does not remove an asset from securities laws. A security remains a security whether it exists offchain or onchain.
Investment Contracts Can Begin — and End
One of the most important parts of the release is the SEC’s treatment of investment contracts involving non-security crypto assets.
The SEC’s fact sheet says that a non-security crypto asset becomes subject to an investment contract when an issuer offers it in a way that induces an investment of money in a common enterprise, with representations or promises that the issuer will undertake essential managerial efforts from which purchasers would reasonably expect profits.
But the SEC also says that this investment contract does not necessarily last forever. It can terminate when those promises are fulfilled, or when the issuer fails to satisfy them. The interpretation frames this as a “connectivity” concept: once purchasers can no longer reasonably view the issuer’s promises as still connected to the asset, the asset can “separate” from the investment contract and later transactions in the asset may no longer be subject to federal securities laws.
That is a major point for token issuers and secondary markets. The SEC is acknowledging that a token can begin life inside a securities transaction and later trade outside one, depending on the facts.
Operational Interpretations Founders Actually Care About
The release is especially relevant because it addresses real token mechanics that many teams use in distribution, growth, and protocol operations.
Airdrops
The SEC says certain airdrops do not involve an “investment of money” under Howey, but only if recipients provide no money, goods, services, or other consideration in exchange for the non-security asset.
That limitation matters. Task-based airdrops, where users perform social, referral, or other services in exchange for tokens, fall outside this covered interpretation. The SEC also notes that even if the initial airdrop falls outside the covered bucket, later transactions involving the same asset could still be part of an investment contract depending on the surrounding facts.
Liquid staking receipt tokens
The SEC discusses both protocol-based and third-party liquid staking structures and treats certain staking receipt tokens as receipts for deposited assets.
The key line it draws is this: if the underlying deposited asset is a non-security crypto asset that is not subject to an investment contract, then the receipt token is not a receipt for a security. But if the underlying asset is a digital security, or is itself subject to an investment contract, then the receipt token is a security.
Wrapped tokens
The SEC applies similar logic to redeemable wrapped tokens. A one-for-one redeemable wrapped token can be treated as a receipt for the underlying asset, and if that underlying asset is a non-security crypto asset not subject to an investment contract, the wrapping itself does not involve the offer or sale of a security.
By contrast, a wrapped token referencing a digital security or an asset still tied to an investment contract can itself fall within securities treatment.
Commercial Implications
This release is not a compliance waiver. It is a design constraint.
It rewards teams that can clearly document what their token does, how it functions, and what they did not promise to the market.
1. Token design now faces a regulator-facing functionality test
Whether a token looks more like a digital commodity, digital tool, or digital collectible depends heavily on actual programmatic utility and on whether value is tied to system use and supply-demand dynamics, rather than to the issuer’s future managerial efforts.
The SEC’s definition of “functional” gives founders a concrete target. It is no longer enough to say a token will be useful. Teams should expect to show that the utility actually works.
That pushes crypto projects toward compliance by architecture. Token design, protocol design, and documentation now need to be built with a regulator-facing functionality story in mind.
2. Fundraising now requires a sharper communications audit
If your token sale is supported by statements that reasonably sound like promises that your team will do essential work to drive price appreciation, you are in investment-contract territory.
That includes statements around roadmap execution, exchange listings, token value growth, or future ecosystem buildout if those statements create a reasonable expectation that buyers will profit from your team’s efforts.
The SEC’s separation framework makes timing important here. Teams should think carefully about when core promises are fulfilled, how that fulfillment is documented, and what post-fulfillment communications should avoid saying.
3. Secondary markets are not automatically “free,” but the SEC is acknowledging termination
The SEC is now expressly recognizing that an investment contract tied to a non-security crypto asset does not necessarily continue forever.
That matters because broader trading opportunities may depend on whether the market still reasonably views the asset as connected to issuer promises. For platforms, this creates a practical due diligence framework: an asset should not be treated as safely outside securities laws simply because the token itself is not inherently a security. The platform still needs to evaluate whether the market narrative remains anchored to the issuer’s ongoing efforts.
4. Staking, wrapping, and airdrops now have clearer boundaries
Many teams treat staking, wrapping, and airdrops as normal product or growth mechanics. The SEC is saying they can be structured outside securities treatment, but only if they stay within the patterns described in the release.
If you offer liquid staking, the design of the receipt token matters. The analysis turns on whether the token merely evidences ownership of deposited assets and whether the underlying asset is a non-security not subject to an investment contract.
If you offer wrapping or bridging, the SEC’s “receipt for” analysis pushes teams to preserve one-for-one redeemability and avoid adding rights or economics that start to look security-like.
If you plan airdrops, the distinction between true free distributions and service-for-token campaigns now matters more. Social tasks, referral campaigns, bug-fix programs, and other “earn” models should not be casually grouped together with no-consideration airdrops.
5. Stablecoins now sit inside a tighter statutory perimeter
The SEC’s stablecoin analysis is directly tied to the GENIUS Act framework. Payment stablecoins issued by permitted issuers will ultimately sit outside the securities definition by statute, and the no-yield rule is part of that perimeter.
But the SEC also makes clear that other stablecoin structures may still raise securities issues. That means founders need a structural answer, not just a branding answer. “Stablecoin” is not itself a safe harbor.
Immediate Action Checklist
If you are a founder or GC, this should be treated as a 30-day legal and product triage plan.
1. Classify your token
Map each token against the SEC’s taxonomy: digital commodity, digital collectible, digital tool, stablecoin, or digital security. Write down the factual basis for your conclusion.
2. Document functionality
Be able to show how the token is actually used according to its programmatic utility. If decentralization is part of the story, assess whether that claim is credible under the SEC’s framing.
3. Run a communications audit
Review your website, whitepaper, deck, blog posts, X account, Discord, Telegram, and partner announcements for statements that could look like issuer promises tied to buyer profit expectations.
4. Map every distribution event
List each private sale, SAFT-like instrument, public sale, grant, liquidity program, and airdrop. For each one, identify what purchasers or recipients gave, what was promised, and what ongoing obligations or expectations were created.
5. Build a separation roadmap
Prepare an internal memo identifying what would count as fulfillment of the team’s core promises and how the company will communicate once those promises are complete.
6. Stress-test staking mechanics
If your protocol supports staking or liquid staking, confirm whether receipt tokens are truly evidentiary and whether the underlying asset is a non-security not subject to an investment contract.
7. Stress-test wrapping mechanics
If you support wrapping or bridging, confirm one-for-one redeemability and make sure the wrapper does not add security-like economics. Your terms should clearly describe the token as a receipt for deposited assets where that framing is intended.
8. Rebuild airdrop plans carefully
Separate true free distributions from task-based campaigns. If recipients are performing services or completing marketing tasks in exchange for tokens, treat those programs as legally distinct from no-consideration airdrops.
9. Update platform and fund diligence
If you operate an exchange, marketplace, custody business, or investment fund, update your internal diligence frameworks to incorporate taxonomy placement, investment-contract connectivity, and separation signals.
10. Calendar the comment opportunity
Even though the SEC labels this release interpretive, it is soliciting public comment. Teams should build an issue list now while product and legal teams are still close to the facts.
Bottom Line
The SEC is not saying that every token is a security, and it is not saying that every token is free from securities law.
Instead, it is drawing lines around token category, token function, issuer conduct, purchaser expectations, and whether those expectations remain tied to the token over time.
For founders, the message is clear: token compliance is becoming more architectural, more communications-driven, and more lifecycle-sensitive. The teams that do best under this framework will be the ones that can clearly explain what their token is, what it does, what was promised, and when those promises ended.
