The UK is locking in a 2026–27 crypto regime that keeps “truly decentralised” DeFi outside scope but drags any protocol with an identifiable controlling entity into full FCA authorisation.

The UK is moving into the final phase of designing its cryptoasset regime, with full rules expected to be finalised this year and implemented by 2027, in a framework that explicitly distinguishes “truly decentralised” DeFi from services with an identifiable operator. HM Treasury’s draft statutory instrument for cryptoassets, laid before Parliament in December 2025, creates new regulated activities under the Financial Services and Markets Act 2000 and gives the Financial Conduct Authority (FCA) broad powers over trading platforms, intermediaries, lending, staking and decentralised finance.

Skadden, in an April client note, said “the U.K. government’s plans to regulate cryptoassets are advancing, with a view to finalizing proposed rules this year and implementing its regime by the end of 2027,” adding that the FCA will extend its remit far beyond today’s money‑laundering registration regime. The law will impose a “strict regulatory perimeter” requiring a UK‑authorised entity for most crypto activities targeting local consumers, while overseas firms serving only institutional clients may remain outside full authorisation so long as they do not intermediate retail users.

DeFi outside scope only if ‘truly decentralised’

Where DeFi is concerned, both HM Treasury and the FCA have drawn a formal line between genuinely decentralised systems and those with real‑world controllers. Treasury’s policy note on the future regime states that “where activities are being undertaken on a ‘truly decentralised basis, i.e., where there is no person that could be seen to be undertaking the activity by way of business’ then requirements to seek authorisation will not be applicable,” effectively leaving certain autonomous protocols out of scope.

However, that exemption is narrow in practice. Skadden notes that the FCA “plans to see if there is ‘an identifiable controlling entity’ for any DeFi services, and if so seek to apply its rules to this entity,” applying a “same risk, same regulatory outcome” approach on operational resilience, financial crime and prudential requirements. A separate briefing from Latham & Watkins underlines that under the final draft cryptoasset statutory instrument, “the FCA will determine in any given case whether there is an identifiable controlling person conducting specified activities by way of business,” with further guidance promised on how decentralisation will be assessed.

In practical terms, that means large DeFi front‑ends, foundation‑backed DAOs or protocol teams that clearly set parameters and capture fees are likely to be treated as regulated firms once the regime comes into force on 25 October 2027. Sidley cautions that “the FCA does not propose a bespoke regime for decentralised finance; instead, its core requirements will apply where there is an ‘identifiable controlling entity’ carrying on one or more of the new regulated cryptoasset activities,” bringing such players into the same prudential and conduct net as centralised exchanges and lenders.

The UK’s approach slots into a broader global trend towards mainstreaming crypto within existing regulatory architectures, rather than building separate DeFi‑specific silos. As Skadden points out, London’s timetable for cryptoasset rules is now converging with U.S. efforts like the CLARITY Act and the EU’s MiCA implementation, leaving protocol designers with a clear, if demanding, choice: embrace identifiable governance and live inside the perimeter, or push deeper into permissionless architectures that regulators themselves concede they cannot easily police.