The European Securities and Markets Authority published a report outlining multiple risks to investors and financial stability stemming from decentralized finance.

"Although investors' exposure to DeFi remains small overall, there are serious risks to investor protection, due to the highly speculative nature of many DeFi arrangements, important operational and security vulnerabilities, and the lack of a clearly identified responsible party," the report said.

The independent EU authority warned that DeFi operates in the absence of trusted intermediaries, which "could otherwise mitigate risks pertaining to financial stability and investor protection."

The report, published Wednesday, highlighted the regulator's primary concerns regarding DeFi innovations. It separated smart contracts into five categories to help regulators understand the "enormous technological complexity of these systems."

Risks posed by DeFi

The report warned against a prevailing "code is law" principle that it claims permeates existing DeFi governance.

"Smart contracts remain an unregulated phenomenon where the accepted principle is exemplified by the notion that 'code is law,'" the regulator asserted. It said adherence to this principle creates a tendency to accept smart contract outcomes, "regardless of any moral or legal consideration."

The study does accept that the automated, immutable functions of DeFi pose less of a risk to counterparties defaulting than traditional settlement. However, it stressed that developer pseudonymity can enable a proliferation of illicit smart contracts.

"The pseudonymity of the developers who deploy smart contracts and their unaccountability favored the rise of 'illicit' smart contracts, such as Ponzi schemes," the paper added.

The regulator said the composability of smart contracts could amplify system faults and lead to increased contagion risk.

"The composability feature of smart contracts, which allows for DeFi protocols to build on top of each other, enabling a variety of services for users, also creates dependencies among protocols, leading to a risk of contagion," the paper added. "The default of one actor can quickly propagate through the system."

A model for categorizing smart contracts

The regulatory body has developed a model for helping supervisors discern the purpose of various smart contracts, classifying them as Financial, Operational, Tokens, Wallet, and Infrastructure.

The EU markets regulator also acknowledged challenges in enforcing regulation due to the borderless and decentralized nature of DeFi. ESMA is set to oversee rules under the EU's Markets in Crypto Assets legislation known as MiCA.