In May 2025, the SEC released new guidance on crypto staking services that impacts both U.S. platforms and global staking-as-a-service providers. This shift clarifies which models are legally compliant and which remain under regulatory scrutiny.
The implications go beyond the U.S, as similar regulatory frameworks evolve in the EU, UK, and Asia, understanding the principles behind the staking regulation 2025 is crucial to building scalable and legal DeFi infrastructure.
For a view on disciplined system workflows that applies here, see Twendee Labs’ AI Workflow Strategy Guide.
What’s Allowed Now: Clarified Staking Models
Under the SEC’s new statement, the following Proof-of-Stake models are explicitly treated as non-securities (when structured properly):
- Solo (Self) Staking. A validator runs a node and stakes its own tokens. The SEC confirms this is purely an administrative activity, not an investment contract.
- Delegated Staking (Non-Custodial). A coin-holder delegates or nominates a third-party validator (e.g. in Polkadot or Cosmos) while retaining custody of the asset and keys. Because the delegator keeps title and the node operator only does validation, this is also allowed.
Ethereum Solo Staking: Asset remains with staker, validator operated directly by user (Source: Ethereum.org)
- Custodial Staking. An exchange or platform stakes customers’ tokens on their behalf. This is allowed if user funds are held in a separate custodian wallet (user retains ownership at all times) and the custodian merely follows protocol rules. In other words, as long as the custodian does not use the assets for its own business (no lending, rehypothecation, or leverage), staking rewards can be shared normally.
- Excluded Models: Liquid Staking and Derivatives. The SEC guidance excludes complex products like liquid-staking tokens (LSTs) and restaking derivatives. Platforms issuing fungible “staking tokens” or pooling rewards beyond basic custody risk falling outside this safe harbor and must be evaluated case-by-case. In short, simple staking and delegation are now validated models, but tokenized or leveraged staking products remain legally unclear.
Compliance Checklist
To operate a staking-as-a-service platform within the law, follow these key steps:
- Licensing & Registration: Determine required licenses in each jurisdiction. In the US, custodial staking was once treated as an unregistered security, so consult regulators or legal counsel. In the EU and UK, ensure you meet crypto custody or CASP authorizations under MiCA/FCA rules.
- Custody and Ownership: Use a secure, segregated wallet so customer tokens remain distinct. User agreements must explicitly state that owners retain title to their assets. Under the SEC’s view, the custodian’s role is purely administrative, it cannot decide when or how much to stake or fix the reward amount. In practice, do not promise a fixed APY to users; any fees should only be deducted from actual protocol rewards.
- KYC/AML: Implement strict customer due-diligence and transaction monitoring. Global regulators treat staking platforms like other crypto service providers
For example, EU AML/CTF rules (and MiCA’s custody provisions) will apply if you hold client crypto. Similarly, agencies like MAS and FinCEN require KYC/KYB and travel-rule compliance on crypto asset flows. In short, maintain full KYC records and AML surveillance on deposits/ withdrawals.
- Risk Disclosures & Promotions: Fully disclose staking risks (slashing, lock-up periods, network downtimes) to clients. Don’t advertise staking returns in a way that triggers securities-like promotions. In the UK/ EU, financial promotion rules apply to yield claims. Ensure all marketing materials comply with local regulator guidelines.
- Audit Trails & Reporting: Keep detailed, immutable logs of every staking transaction (deposits, stakes, rewards, claims). This aids audits and tax reporting.
For example, track which block rewards were earned and distributed, and maintain audit-ready reports. If operating in regulated markets, you may need to report earnings to authorities.
Importance of verifiable audit logs in compliance systems – even medical devices share the same pattern (Bruce D. Adams et al., Qual Assur J, 2005.)
- Security & Insurance: Regularly audit your code and systems (especially smart contracts, if any). Use industry-standard security like HSMs, enclave computing, hardware wallets to protect keys. Consider insurance or indemnity policies for staked assets. As SEC guidance suggests, assets should never be re-used for trading or lending – treat them as off-limits collateral.
Tech Architecture for a Secure Staking Service
Example staking-as-a-service architecture.
The system includes a front-end (user onboarding and KYC), a custodial wallet layer (multi-sig or HSM-secured) that holds client tokens, a staking engine and a compliance/audit module tracking all operations.
Under SEC guidance, the custodian holds the staked crypto at all times and never commingles or reuses it. By separating components (user interface, custody/back-end, and monitoring), every action – from deposit to stake to reward payout – is logged and auditable. In practice, each staking event should record the asset ID, validator details, timestamp, and distributed reward, so auditors or regulators can trace assets end-to-end.
This clear separation of concerns aligns with best practices and creates a provably secure, compliant staking-as-a-service platform.
Future-Proofing: Adapting to Global Changes
- United States: The SEC’s stance could evolve. Watch for enforcement (e.g. Coinbase reviews) and proposed crypto legislation (stablecoin or broader digital asset bills). To stay safe, continue strict custody practices and avoid features the SEC warned about (like fixed yields. Consider registering or cooperating with regulators proactively if your model blurs lines.
- EU & UK: MiCA is now active (Dec 2024), so maintain CASP authorization and comply with ESG-like disclosure rules. The UK’s new law (Jan 2025) exempts plain staking pools, but the FCA will likely issue more staking-specific regulations soon (expected in 2025). Follow EBA/ESMA guidance: their joint reports emphasize liquidity/slashing risks in liquid staking and the need for better customer disclosures. Be ready to update terms or systems if regulators require, e.g. extra capital buffers or transparency.
Example of cross-chain interaction complexity with compliance layers across protocols (Source: Wormhole Bridge Whitepaper Illustration)
- Asia-Pacific: Rules vary widely. Hong Kong’s SFC now permits licensed exchanges to offer staking under strict conditions: assets must stay in platform custody and risks (slashing, lock-ups) must be fully disclosed. In contrast, Thailand’s SEC banned crypto lending and staking on exchanges for retail users in 2023. Other markets (Singapore, Japan, Korea) are tightening KYC and tax rules on staking. Keep your platform modular so you can easily turn features on/off per country.
Ready to build a compliant staking solution?
Twendee Labs specializes in blockchain development and DeFi compliance. Our team can help you design secure, regulation-ready staking-as-a-service platforms – from architecture and smart contracts to licensing and audit processes.
Contact us to learn how we can tailor a staking service that meets global regulatory standards.
Explore our blockchain & AI services at Twendee Labs
Follow our insights on X and LinkedIn
