The ACPR's discussion paper submitted for consultation provided a description of the specific risks associated with decentralised or disintermediated finance (DeFi), distinguishing schematically between the three main strata that make it up: blockchain infrastructure, the application layer of “services”, and the devices by which users can access these services. It also noted the high level of concentration that characterizes the DeFi ecosystem, as well as the sometimes highly centralised governance of its applications.

Since some of DeFi risks are closely linked to the characteristics of the technologies that make it attractive, the approach of the discussion paper was to propose regulatory options tailored to the specific characteristics of DeFi, without merely replicating the arrangements currently governing traditional finance.

The interest generated by the discussion paper and the responses received during the consultation broadly validate these choices. The consultation also helped to clarify or deepen some of the issues under consideration.

Thus, as regards the concentration phenomena described in the discussion paper, the consultation provides two new points for reflection. First, the concentration of ecosystem players does not necessarily reflect the immaturity of the DeFi ecosystem; on the contrary, it could well be due - as more generally in the digital world - to the existence of increasing returns, leading to situations of monopoly or oligopoly. This situation, already apparent at the level of the blockchain infrastructures themselves, could also be observed at the level of certain services provided. To be relevant, any future regulation of DeFi will naturally have to consider this trend, if it is confirmed. Second, some respondents highlighted another aspect of DeFi concentration: the physical infrastructure hosting the blockchain nodes and the central role played by cloud providers in this regard. This point, which is in line with the operational resilience concerns recently addressed by the DORA Regulation for traditional finance, does indeed merit consideration.

The main areas for regulation mentioned in the discussion paper call for the following comments.

The overwhelming majority of respondents supported the idea that public blockchains can host DeFi activities, and there are strong reservations about the possibility of a transition to private blockchains (usually in the name of the ability to innovate). At the same time, many participants recognized the need to strengthen the resilience of public blockchains and agree on the need to audit their functioning on a regular basis, in line with the discussion paper’s idea of setting security standards. However, there were major differences of opinion on how this should be achieved. In this regard, it is important to include in the regulatory debate the “layer 2” solutions used for the large-scale management of blockchain transactions. The consultation thus highlighted a wide variety of views on the risks linked to these solutions, to be compared with the wide variety of technical solutions themselves, which is a sign of a technological landscape that is still immature and rapidly changing.

The idea that public authorities manage archive nodes of certain public blockchains, in particular to help restore the registry after an attack, was rather consensual among the participants.
The principle of certifying smart contracts received a broad support. The scope of such certification and its practical modalities are more controversial; several respondents nevertheless put forward interesting avenues in this area (proportionality, smart contracts ‘user manual’, escalation of incidents to a central authority, etc.). Mention should also be made here of the concept – yet to be explored - of “governance minimization”, developed by some respondents as a means of limiting the risks that too much concentration of voting rights could pose to the “decentralised” protocols and services they provide.

Finally, there was broad agreement on the idea of a regulatory framework for intermediaries or user interfaces: however, contrary to some comments received, this approach does not seem to exempt the authorities from thinking about a framework for the other two layers of DeFi. A point of attention lies in the way decentralised (and rapidly developing) interfaces will have to be regulated in practice, with numerous feedback from the consultation indicating that they cannot be regulated in the “same way” as centralised intermediaries.