Why writing open-source code is suddenly an existential risk, and the five-page bill designed to fix it
Two senators have introduced a brief bill with an unusually large ambition: to cease US legislation from treating individuals who write and publish blockchain software program as in the event that they had been working a shadow funds firm.
The proposal, titled the Blockchain Regulatory Certainty Act of 2026, goals to make clear that “non-controlling” builders and infrastructure suppliers (i.e., those that don’t have the authorized proper or unilateral means to transfer different folks’s funds) shouldn’t be swept into the authorized bucket reserved for cash transmitters.
It’s an argument crypto has been making for years, sadly, typically in the summary language of decentralization and autonomy.
But the stakes have grow to be more durable to ignore. Prosecutors have examined aggressive theories of legal responsibility in high-profile instances involving non-custodial instruments, and builders have watched as a patchwork of federal guidelines and state licensing regimes turned compliance right into a guessing sport.
In their very own 2024 letter to Attorney General Merrick Garland, Sens. Cynthia Lummis and Ron Wyden warned {that a} broad interpretation of money-transmission legislation “threatens to criminalize Americans providing non-custodial crypto asset software program providers.”
The new bill tries to flip that warning right into a rule.
The deeper story is that outdated regulatory structure, written for Western Union-era wiring and pay as you go playing cards, is straining to map itself onto open-source code, decentralized networks, and software program that can be utilized with out the writer ever touching buyer funds.
When code turns into conduct
To perceive why a developer would possibly care about being labeled a “cash transmitter,” you have got to begin with how the US polices funds.
At the federal degree, FinCEN, the Treasury bureau accountable for anti-money-laundering (AML) guidelines, treats many cost intermediaries as cash providers companies (MSBs).
MSBs should register, run AML packages, file suspicious exercise stories, and hold information.
FinCEN’s 2019 guidance lays out the precept in plain phrases: Money transmission includes accepting and transmitting “worth that substitutes for forex,” and it doesn’t matter whether or not the worth is moved via a financial institution wire, an app, or a blockchain transaction.
Layered on prime is a prison statute, 18 U.S.C. § 1960, that makes it an offense to knowingly function an unlicensed cash transmitting enterprise.
That “unlicensed” piece may be triggered in a number of methods: by failing to register federally when required, by violating state licensing necessities, or by transmitting funds related to illegal exercise.
States matter right here greater than many outsiders understand. Even if a enterprise believes it’s exterior federal MSB guidelines, state money-transmitter licensing can nonetheless chew, and it may be costly, sluggish, and inconsistent.
Some states interpret their statutes broadly, whereas others provide clearer exemptions.
For a startup that touches buyer funds, this is painful and in the end acquainted.
But for a developer who publishes open-source pockets code, runs a node service, or maintains infrastructure different folks use, the concept that they is likely to be compelled into the similar licensing regime as a remittance store feels each absurd and existential.
That pressure has been on show in the authorized fights round privateness instruments and DeFi.
The US Justice Department’s prosecution of Tornado Cash co-founder Roman Storm helped crystallize a worry that has hovered over crypto for a decade: that writing software program could possibly be handled as working a monetary enterprise, even the place the software program itself doesn’t maintain buyer cash.
The Justice Department has argued that the service functioned like a cash transmitter and ought to have carried out compliance controls.
Storm’s facet has emphasised the autonomy of the code and the lack of custody over customers’ funds.
The case did nothing to resolve the coverage debate, appearing as a substitute as gasoline to an already roaring hearth.
A jury delivered a mixed outcome in 2025, convicting Storm on an unlicensed money-transmission conspiracy cost whereas deadlocking or acquitting on extra severe counts.
Crypto advocates learn the consequence as a warning flare for builders of non-custodial programs.
Against that backdrop, Lummis and Wyden’s bill is finest understood as a bid to draw a shiny line between two worlds: software program publishing and funds custody.
The “non-controlling” line
The bill itself is compact, coming in at simply 5 pages, however it’s dense with definitions, as a result of definitions are the place regulation lives.
First, it defines who counts as a coated “developer or supplier”: primarily, anybody who creates or publishes software program that facilitates a distributed ledger or gives upkeep to it, or presents a service related to a distributed ledger.
It additionally defines “distributed ledger service” broadly sufficient to embody programs that allow customers to ship, obtain, alternate, or retailer digital property.
Then it introduces the key idea: a “non-controlling” developer or supplier.
The bill’s core declare is that if you happen to don’t management the property, can’t unilaterally transfer them, and don’t have the authorized proper to seize them, you shouldn’t be handled as a cash transmitter for the functions of federal cash transmission legal guidelines.
In observe, that’s an try to formalize a distinction regulators already lean towards, however typically go away fuzzy in utility.
FinCEN’s 2019 steerage notes that an individual performing a sure position in growing or promoting a software program utility may be completely different from the particular person utilizing the utility to settle for and transmit worth.
The compliance obligation attaches to the transmitter, not essentially the toolmaker.
Why isn’t that sufficient? Because FinCEN steerage is not the similar as a statutory protected harbor.
Guidance may be reinterpreted, narrowed, or just ignored by a special company in a special context.
Builders additionally fear about what occurs when federal ambiguity meets state licensing statutes, or when prison prosecutors take a look at expansive readings of what it means to “conduct” a cash transmitting enterprise.
That’s why the 2024 Lummis-Wyden letter leaned on the time period “accepting,” arguing that Congress meant to seize actors who really obtain buyer funds, not those that publish code folks use to transfer their very own property.
If you’re searching for the bill’s sensible promise, it’s this: to make it safer to do the boring, foundational work crypto runs on (sustaining pockets software program, publishing open-source libraries, working infrastructure that relays transactions) with out waking up to the existential query of whether or not you’ve by chance grow to be a regulated monetary middleman.
But the line is not so simple as custody versus no custody.
The hardest instances dwell in the center, the place the “management” the bill refers to is shared, oblique, or exercised via design.
Consider a developer who deploys good contracts that may be upgraded, paused, or parameter-changed with admin keys, or a group that controls a front-end interface, units charges, and has discretion over which transactions are routed or prioritized.
The farther you progress from pure publishing and nearer to ongoing operational discretion, the extra a prosecutor, or a state regulator, could argue that you just’re not simply offering software program, you’re working a service.
That’s why the bill’s deal with unilateral means and authorized proper is so essential.
It tries to protect room for enforcement in opposition to actors who really can transfer or seize person funds whereas giving cowl to those that can’t.
Whether it succeeds will depend upon how clearly the time period “non-controlling” maps onto real-world programs that usually combine open-source parts with hosted providers, admin dashboards, and managed interfaces.
There’s additionally a legislative subtext.
An analogous concept has circulated in the House: there’s a Blockchain Regulatory Certainty Act bill launched in 2025 that would offer a protected harbor for non-controlling builders and service suppliers.
The Senate model arrives at a second when lawmakers are concurrently wrestling with broader market-structure questions, together with who regulates what, how AML ought to apply to DeFi, and whether or not stablecoin regimes ought to look extra like banking guidelines or securities guidelines.
In that context, developer protections can grow to be both a principled boundary or a bargaining chip.
What occurs subsequent
The onerous reality about Washington is that launched doesn’t equal handed.
Bills like this typically perform as indicators: they inform businesses how lawmakers need an issue framed, they offer lobbyists a textual content to rally round, and they stake out a negotiating place in a bigger bundle.
The proposal is a standalone push to lock in developer protections as the Senate nears a broader market-structure unveiling, a reminder that the combat over definitions is occurring in parallel to the combat over jurisdiction.
Lummis’s personal press launch explicitly frames it as defending builders and infrastructure suppliers who don’t management person funds from being handled as cash transmitters beneath federal legislation.
The most helpful query right here is what this bill adjustments, even when it doesn’t cross shortly.
One reply is that it narrows the narrative area prosecutors and regulators can occupy.
When senators put a definition into bill textual content, like writing “non-controlling” right into a statutory body, they create a reference level that protection attorneys, business teams, and judges can cite to argue what Congress thinks the legislation ought to imply.
That has been seen in different crypto fights, the place legislative proposals, even failed ones, grow to be a part of the broader interpretive ecosystem.
Another reply is that it forces a sharper dialog about compliance design.
If the future authorized boundary is management, then system architects have incentives to decrease management.
That may imply eradicating admin keys, limiting upgradeability, decentralizing interfaces, or making it clear, each technically and contractually, {that a} developer can not unilaterally transfer property.
It additionally creates a brand new type of threat tradeoff: the extra you decrease management for authorized security, the more durable it could also be to reply shortly to hacks, bugs, and governance crises.
For the public, the bill is a lens right into a quieter shift.
The early crypto argument was that software program is impartial, and customers are accountable for their actions.
The trendy regulatory pushback is that instruments may be designed to facilitate abuse, and that revenue, governance, and operational involvement can flip that impartial code right into a managed service.
The 2026 bill is an try to protect an area for open-source infrastructure to exist with out being regulated out of existence, whereas nonetheless leaving room to punish precise intermediaries who deal with different folks’s cash.
The consequence will doubtless be messy as a result of that’s how the actual world is.
Wallets may be self-custodial however default to hosted routing. Decentralized protocols can have small teams with significant levers.
Interfaces may be open-source however managed via domains, app shops, and curated endpoints.
Regulators know this, and so do builders.
The subsequent section of crypto regulation shall be determined by who controls the levers that transfer worth, and by whether or not Congress can write guidelines that acknowledge the distinction between a instrument, a service, and the grey territory in between.
If Lummis and Wyden get their method, at the least one line shall be clearer than it is at the moment: writing code is not the similar factor as transferring cash.
The publish Why writing open-source code is suddenly an existential risk, and the five-page bill designed to fix it appeared first on CryptoSlate.
