France pushes DeFi to redo smart contracts and create ‘safe zone’ for European crypto users

If French regulators have their way, DeFi developers may need to rewrite virtually all of their smart contracts.

This is the potential upshot of a new push to regulate the linchpin of the decentralised finance marketplace, senior officials in the French Prudential Supervision and Resolution Authority told DL News in exclusive interviews.

The top French banking authority is weighing whether to require smart contracts — which powers a $44 billion DeFi market — to adhere to new compliance and security measures or risk being sidelined.

Under the proposal, regulators would then certify the smart contracts as compliant.

Safe zone

“The idea is to oblige intermediaries in Europe to interact only with other certified contracts,” said Olivier Fliche, director of fintech and innovation at the French Prudential Supervision and Resolution Authority, in an interview with DL News in a Banque de France office in Paris.

“We try to create a safe zone for the industry made up of smart contracts.”

But industry leaders are worried the potential intervention would “dramatically reshape the market” and could have an effect of prohibiting some smart contracts, said Mariana de la Roche Wills, a member of the board of directors for the International Association for Trusted Blockchain Applications and thinkBLOCKtank.

Restricting the operation of uncertified smart contracts and cutting them off from financial networks “can have similar effects to a ban in practical terms,” she told DL News.

Keen on becoming the crypto hub of Europe, France has helped shape the European Union’s landmark crypto asset framework, which is known as MiCA. Approved this year, it directs the bloc’s 27 member states to implement rules around crypto issuance and licensing.

As top officials start to design the next phase of crypto regulation, France is using its clout to influence the process.

The French Prudential Supervision and Resolution Authority, which is known as the ACPR, is a banking supervisory authority under the aegis of the central bank. It has been collecting ideas on how to regulate decentralised finance from experts over the past months.

Not a threat yet

“We are [...] doing everything we can to push and prepare for a future MiCA 2 regulation, following on from the adoption of MiCA, the pioneering European regulation,” François Villeroy de Galhau, governor of the Banque de France and chairman of the ACPR, told an event Paris in October.

French regulators are piecing together recommendations which it will then pass on to executive legislators at the European Commission.

“Our assessment is that DeFi is too small right now to be a threat to financial stability and there isn’t enough interconnection with TradFi to be a threat,” Julien Uri, fintech-innovation expert at the ACPR, told DL News. “But for consumer protection, it’s already quite risky.”

‘We probably will not be able to forbid non-certified smart contracts.’

—  Olivier Fliche, French Prudential Supervision and Resolution Authority

Smart contracts are coded mechanisms on certain blockchains that automatically execute transactions when the right conditions are met; they also allow users to transact without a third party.

But smart contracts can make blockchain networks vulnerable to technical problems and malicious actors looking to game the system.

DeFi hacks

More than 80% of the $3 billion in crypto stolen in 2022 stemmed from hacked DeFi protocols, according to Chainalysis. According to Defi Llama data, $308 million was lost to hacks iof DeFi protocols in September.

This is what concerns French regulators.

People who lose money on DeFi are usually “unsophisticated individuals,” Uri said.

The ACPR’s report said the risks in smart contracts that don’t meet the certification standards “would justify a ban on interactions for all users.”

But Fliche wants to be realistic: “We probably will not be able to forbid non-certified smart contracts.”

‘Not carved into marble’

Developers may need to update or rewrite their smart contracts to comply with the new standards before they can be certified, according to the proposal.

However, if the contract was designed to be immutable this might not be possible.

The potential certification rules may apply to both newly developed and existing smart contracts. That means mature ecosystems such as Ethereum might need to adapt inside the borders of the EU.

“The ecosystems could see a split between certified EU-compliant contracts and others,” de la Roche said.

“Limiting the interaction to only certified smart contracts could potentially impact the decentralisation and accessibility that ecosystems like Ethereum is known for,” she added.

Some protocols have immutable designs that cannot be upgraded, de la Roche said. That means that certification may be impossible.

But for the most part, the ACPR is convinced blockchain protocols won’t have an issue meeting new standards.

“They are not carved into marble,” Filche said. “I don’t see why existing smart contracts could not go through a certification process. And if they don’t pass the test, they could also evolve.”

MiCA 2?

The regulatory developments in France come as the EU’s member states are preparing for the Markets in Crypto-Assets to go live at the start of 2025.

The new rulebook sets consumer protection and market integrity rules for stablecoin issuance and licensing for crypto firms.

Decentralised protocols were left out of MiCA’s scope.

‘To verify if a protocol is fair or misleading, we have to lean on DeFi actors and developers of DeFi protocols.’

—  Charles Moussy, AMF

European Central Bank President Christine Lagarge has already called for a “MiCA 2″ to address the gaps.

For a smart contract to be certified in the future, they would need to comply with cybersecurity measures, plus have regulatory compliance built into the code.

The crypto industry is pushing back. The proposals seem “more stringent regulations on uncertified smart contracts than what we initially proposed,” said de la Roche.

These restrictions could raise the bar for market newcomers, she said, “leading to a bottleneck where the demand for certification overwhelms the available resources.”

Plus, the cost of certification and its maintenance could make the technology less accessible.

Dividing smart contracts into certification camps “could lead to a fragmented market, where a shadow economy of uncertified contracts might thrive, potentially outside of European jurisdiction,” de la Roche added.

“This scenario could invite regulatory arbitrage, with businesses seeking more lenient regulatory regions, undermining Europe’s position in the global DeFi landscape.”

Working groups

The details of how certification would work are still up in the air. But the DeFi industry will have a chance to provide its input.

The ACPR, together with the Financial Markets Authority, known as the AMF, is setting up working groups to iron out the technicalities of DeFi policies.

The regulators will work with DeFi leaders to get a better understanding of smart contracts and the “black boxes” in protocols, said Charles Moussy, head of innovation and digital finance at the AMF.

“To verify if a protocol is fair or misleading, we have to lean on DeFi actors and developers of DeFi protocols to see how the smart contracts could, in a technical way, be audited,” Moussy told DL News.

The process will take some time to play out.

The ACPR representatives said they hope the authority’s report on smart contracts will reach the European Commission after the 2024 elections.

And, the European Commission is due to publish a report about DeFi by the end of next year.

“This industry is still under construction,” said Fliche. “We don’t want to prevent the development but we are convinced that if we adequately follow the [development], we will not prevent it, but we will support it.”

Have tips on crypto policy? Contact the author at inbar@dlnews.com.