SaaS staking is a security. The SEC's Howey Test hinges on a 'common enterprise' where investor profits derive from the efforts of others. In liquid staking protocols like Lido or Rocket Pool, stakers' returns are inextricably linked to the protocol's centralized managerial efforts—node operation, slashing protection, and oracle updates.
the-sec-vs-crypto-legal-battles-analysis
Blog
Why the 'Common Enterprise' Argument Seals the Fate of SaaS Staking
A technical and legal analysis of why pooling user funds for validator operation creates horizontal commonality, satisfying a core prong of the Howey Test and placing SaaS staking squarely in the SEC's crosshairs.
introduction
THE LEGAL FRONTIER
Introduction
The SEC's 'common enterprise' doctrine transforms SaaS staking from a technical service into a regulated security.
The technical architecture is the evidence. Unlike solo staking, where an operator controls their own keys, SaaS models like EigenLayer or Figment create a horizontal dependence. Stakers pool funds into a managed service, creating the exact financial interdependence and reliance on a promoter that defines a common enterprise under U.S. law.
The precedent is set. The SEC's enforcement against Kraken for its staking-as-a-service program established that offering a turnkey profit-sharing arrangement constitutes an unregistered securities offering. This legal reality, not technological nuance, dictates the future of institutional staking.
key-insights
THE REGULATORY KILL SWITCH
Executive Summary
The SEC's 'common enterprise' framework is not a theoretical risk; it is the precise legal mechanism that will dismantle the current SaaS staking model.
01
The Howey Test's Perfect Fit
SaaS staking services check every box of the Howey Test, creating a clear path for SEC enforcement.
- Investment of Money: Users deposit ETH or stablecoins.
- Common Enterprise: The staking pool's profits are inextricably linked to the provider's managerial efforts and the collective pool performance.
- Expectation of Profit: The entire value proposition is yield generation from staking rewards.
4/4
Howey Criteria Met
02
The Lido Precedent
Lido's $20B+ stETH ecosystem is the primary target. The SEC's case against Coinbase explicitly named staking-as-a-service, setting a direct precedent.
- Centralized Manager: Lido DAO and node operators perform the essential managerial functions.
- Pooled Assets: User funds are commingled, creating the 'common enterprise'.
- Regulatory Domino: A successful action against Lido would immediately implicate Rocket Pool, Stakewise, and all centralized exchanges offering staking.
$20B+
TVL at Risk
03
The Technical Solution: DVT & Solo Staking
The escape hatch is architectural decentralization. Technologies like Obol's Distributed Validator Technology (DVT) and SSV Network enable non-custodial, fault-tolerant staking without a central manager.
- Breaks 'Common Enterprise': No single entity controls the validation keys or execution.
- Shifts Legal Onus: Responsibility and rewards flow directly to the individual staker.
- Future-Proof: This is the only viable path for institutional participation post-regulation.
32 ETH
Solo Staking Unit
~0%
Managerial Control
04
The Capital Flight Catalyst
Enforcement will trigger a massive, rapid migration of capital from compliant-vulnerable pools to non-custodial frameworks.
- Liquidity Crisis: A run on stETH and similar liquid staking tokens is inevitable.
- Winners: Infrastructure for solo staking, DVT, and restaking protocols (EigenLayer) will absorb the fleeing capital.
- Timeline: This is not a 5-year forecast; the legal groundwork is already laid. The migration will occur over months, not years.
Months
Migration Timeline
thesis-statement
THE LEGAL FLAW
The Core Argument: Pooling is the Poison Pill
The centralized pooling of user assets by SaaS staking providers creates an inescapable 'common enterprise' that triggers securities law.
The Common Enterprise Test is the legal trap. The SEC's Howey Test defines an investment contract by a common enterprise where investor fortunes are intertwined. Centralized asset pooling by providers like Lido or Rocket Pool directly satisfies this prong, creating a shared financial fate for all stakers in the pool.
Contrast with Non-Custodial Models like EigenLayer's native restaking. Here, the user's assets remain in their own validator, managed via smart contracts. This architecture avoids the pooling nexus and severs the direct financial link between participants that defines a common enterprise.
The SaaS Staking Death Spiral is now clear. To offer liquid staking tokens (LSTs), providers must pool. Pooling creates a common enterprise. The common enterprise makes the staking service a security. This is why Lido's stETH and similar tokens face existential regulatory risk, while non-custodial restaking does not.
market-context
THE LEGAL FRAMEWORK
The Regulatory Battlefield: SEC vs. Kraken as Precedent
The SEC's settlement with Kraken establishes a legal blueprint that directly implicates all SaaS-based staking services as securities offerings.
The Howey Test's Third Prong determines if a security exists. The SEC's core argument against Kraken's staking-as-a-service program was that user funds pooled into a common enterprise generated profits from Kraken's managerial efforts.
This is a direct analog to the operational model of major staking providers like Lido Finance and Rocket Pool. Their liquid staking tokens (stETH, rETH) represent a share in a pooled validator set managed by the protocol's node operators and DAO.
The precedent is definitive. The SEC's settlement establishes that any service offering pooled staking with managerial discretion is a security. This invalidates the 'pure software' defense used by protocols like Ethereum's solo staking.
Evidence: The SEC's cease-and-desist order explicitly states Kraken's program involved 'an investment of money in a common enterprise with a reasonable expectation of profits to be derived from the efforts of others.' This language is now a legal weapon.
HOWEY TEST APPLICATION
The Commonality Continuum: From Service to Security
A legal and technical breakdown of how staking-as-a-service (SaaS) models fail the Howey Test's 'common enterprise' prong, while decentralized protocols pass.
| Legal & Operational Dimension | Centralized SaaS Staking (e.g., Coinbase, Kraken) | Semi-Decentralized Pool (e.g., Lido, Rocket Pool) | Fully Decentralized Protocol (e.g., EigenLayer, Babylon) |
|---|---|---|---|
Profit Source for Staker | Pooled validator rewards, minus service fee | Pooled validator rewards, minus protocol fee + node operator margin | Native protocol rewards + potential restaking yield |
Operator Selection & Control | Service provider exclusively controls all validators | Permissioned (Lido) or permissionless (Rocket Pool) node operator set | User delegates to self-selected, permissionless operators |
Capital Pooling Mechanism | Centralized treasury; user funds are co-mingled by the entity | Smart contract pool (e.g., Lido's stETH); funds are programmatically aggregated | Direct delegation or smart contract restaking; no protocol-level pooling of principal |
Profit Correlation (Common Enterprise) | High. All user returns are directly tied to the service provider's operational success and fee structure. | Moderate. Returns are tied to the performance of the curated node operator set and the protocol's fee logic. | Low. Returns are tied to the performance of individually selected operators and the underlying protocol's security, not a centralized profit pool. |
Legal Entity Liability | Single, identifiable entity (the service provider) bears all operational risk and regulatory exposure. | Foundation + DAO structure dilutes liability, but core devs and node operators retain some exposure. | No central entity. Risk and liability are distributed across operators, restakers, and the protocol's cryptoeconomic security. |
SEC Enforcement Precedent | Established (SEC vs. Coinbase, Kraken). Settled with charges of unregistered securities offering. | Pending/Unclear. Active SEC scrutiny (Wells Notice to Lido), hinges on 'common enterprise' argument. | Theoretical Pass. Designed to avoid horizontal commonality by eliminating a centralized profit pool. |
Key Technical Dependency | Service provider's internal infrastructure and business continuity. | Protocol smart contract security and governance of node operator set. | Underlying blockchain consensus security and cryptoeconomic slashing conditions. |
deep-dive
THE LEGAL FRAMEWORK
Deconstructing the Legal Trap: Horizontal vs. Vertical Commonality
The Howey Test's 'common enterprise' prong is the decisive legal mechanism that classifies SaaS staking as a security.
Horizontal commonality is the trap. This legal standard, used in cases like SEC v. Kik, defines a common enterprise as the pooling of investor funds. SaaS staking services like Coinbase Cloud and Lido create this exact structure by aggregating user assets into a single validator pool.
Vertical commonality is irrelevant. This alternative standard, which requires a direct link between investor and promoter success, is a weaker argument. The SEC's enforcement actions against Kraken and Coinbase explicitly target the horizontal pooling model, not vertical dependency.
The protocol is the security. The legal precedent is clear: when a service pools assets from multiple users to generate returns from a common source (the blockchain's consensus mechanism), it creates a common enterprise. This is the core of the SEC's case.
Evidence: The Kraken Settlement. The SEC's 2023 settlement with Kraken's staking service established the enforcement blueprint. The complaint focused on the pooling of customer funds and the marketing of returns, cementing the horizontal commonality argument as the primary legal weapon.
case-study
THE HOWEY TEST RE-EXAMINED
Protocol Spotlight: How Top Models Incur Commonality Risk
The SEC's 'common enterprise' argument targets the centralized coordination of staking services, creating systemic legal risk for SaaS models.
01
The Problem: Centralized Managerial Effort
SaaS staking providers like Lido, Rocket Pool, and Coinbase don't just provide software; they actively manage node operations, slashing protection, and governance. This creates a 'common enterprise' where user profits are tied to the manager's skill, a core prong of the Howey Test.
- Active Management: Node selection, software updates, and slashing insurance are centralized services.
- Profit Dependency: User rewards are directly contingent on the provider's operational competence.
- Legal Precedent: The SEC's case against Kraken established this as a precedent for enforcement.
$30B+
TVL at Risk
>90%
Provider-Controlled
02
The Solution: Non-Custodial, Permissionless Infrastructure
Protocols must architect for managerial decentralization. The legal safe harbor is infrastructure where the protocol, not a company, coordinates the network. This mirrors the argument for Bitcoin and Ethereum as sufficiently decentralized.
- Permissionless Node Operation: Anyone can run a node without whitelist (e.g., Ethereum solo staking).
- Protocol-Enforced Rules: Rewards and slashing are automated by smart contracts, not human managers.
- Reference Architecture: Look to SSV Network, Obol, and DVT for distributed validator tech that decentralizes the operational layer.
0
Central Manager
1000s
Independent Operators
03
The Pivot: From SaaS to Public Good Protocols
The endgame is treating staking infrastructure as a credibly neutral public utility. This requires a protocol-first treasury, decentralized governance, and open-source code—removing any single point of legal failure.
- Protocol-Owned Liquidity: Fees accrue to a DAO treasury, not a corporate balance sheet.
- Forkability: The stack must be open-source and forkable, eliminating control (see Cosmos SDK model).
- Legal Arbitrage: A sufficiently decentralized protocol operates under the 'Code is Law' paradigm, not securities law.
DAO-Controlled
Treasury
Fully Auditable
Codebase
counter-argument
THE LEGAL REALITY
The Steelman Defense (And Why It Fails)
The most coherent legal defense for SaaS staking collapses under the Howey Test's 'common enterprise' prong.
The Steelman Argument posits that staking-as-a-service is a pure software rental. Protocols like Lido and Rocket Pool provide non-custodial tooling, and users retain control of their keys. This frames the relationship as a bilateral service contract, not an investment contract.
Common Enterprise is Fatal. The SEC's position is that all stakers' funds are pooled into a single validator node or smart contract. This creates horizontal commonality, as user rewards are mathematically interdependent on the collective performance of the pool. The service is the enterprise.
Precedent Exists. The SEC v. Kik Interactive ruling established that a single blockchain ecosystem constitutes a common enterprise. Applying this logic, a staking pool's shared slashing risk and reward mechanics are indistinguishable. The legal architecture of the Ethereum Beacon Chain or Solana validators reinforces this pooled structure.
The Technical Nuance Fails. Arguments about distributed validator technology (DVT) or non-custodial designs like SSV Network are legally irrelevant. The economic reality—not the technical implementation—defines the common enterprise. Regulators look at the economic outcome, not the cryptographic plumbing.
future-outlook
THE LEGAL FRONTIER
The Inevitable Pivot: What Comes After SaaS Staking?
The 'common enterprise' legal doctrine makes SaaS staking an untenable business model, forcing a shift to non-custodial infrastructure.
SaaS staking is a legal dead end. The SEC's application of the Howey Test hinges on a 'common enterprise' where investor fortunes are pooled. Centralized staking services like Coinbase Cloud or Figment create this exact legal nexus by managing pooled validator keys and distributing rewards, making the staked asset a security.
The pivot is to pure infrastructure. The only viable path is to provide non-custodial middleware that never touches user funds. Protocols like EigenLayer and SSV Network demonstrate this by enabling permissionless node operation and decentralized validator technology (DVT), separating software from financial management.
The new model is protocol fees, not yield. Post-SaaS revenue comes from charging for cryptographically verifiable work, not from taking a cut of staking rewards. This aligns with the safe harbor principles for decentralized networks and mirrors how Lido's oracle network or Chainlink's DONs operate.
Evidence: The SEC's 2023 lawsuit against Kraken explicitly targeted its staking-as-a-service program, forcing an immediate shutdown and $30 million settlement. This established the enforcement precedent that defines pooled staking rewards as an investment contract.
takeaways
THE LEGAL FRONTIER
TL;DR: The Unavoidable Conclusions
The SEC's 'common enterprise' test doesn't just apply to tokens—it's the legal framework that dismantles centralized staking-as-a-service.
01
The Howey Test's New Target
The SEC's core argument hinges on proving an investment of money in a common enterprise with an expectation of profits from the efforts of others. SaaS staking providers are the perfect target.\n- Efforts of Others: The provider's node operation, slashing protection, and software updates are the essential managerial efforts.\n- Common Enterprise: User funds are pooled into a shared validator set, creating horizontal commonality.\n- Profit Expectation: Rewards are explicitly marketed as yield, fulfilling the final prong.
4/4
Howey Prongs Met
100%
SEC Focus
02
The Lido Precedent
Lido's stETH is the canonical case study for applying securities law to staking. Its structure is a blueprint for enforcement against centralized SaaS.\n- Pooled Capital: All user ETH is aggregated into the same smart contract and validator set.\n- Managerial Role: The DAO and node operators perform the critical technical work.\n- Liquid Token: stETH is a tradable receipt representing the profit-sharing arrangement. The SEC's logic for Lido applies directly to any provider pooling user assets.
$20B+
TVL at Risk
SEC v. Lido
Key Case
03
The Technical Escape Hatch
The only defensible architecture is non-custodial, permissionless staking software. This shifts the 'efforts' from a third party to the user.\n- Solo Staking: Tools like DappNode or Stereum provide software, but the user runs the hardware.\n- DVT Clusters: Obol and SSV Network enable decentralized validator operation without a central coordinator.\n- Legal Shield: The user's own effort (or a truly decentralized network's) breaks the Howey test, moving the activity from investment contract to infrastructure operation.
0% Custody
Provider Risk
DVT
Key Tech
04
The VC-Backed Trap
Venture-funded staking services are uniquely vulnerable. Their corporate structure and profit motives directly evidence a 'common enterprise.'\n- Centralized Control: A corporate entity makes all key decisions on fees, infrastructure, and upgrades.\n- Profit Motive: Equity investors expect returns from the company's managerial success.\n- Enforcement Magnet: The SEC targets clear, centralized entities with deep pockets. This makes Coinbase Staking, Kraken, and other VC-backed services primary targets over anonymous pools.
$1B+
VC Investment
SEC v. Kraken
Settled
05
The Global Regulatory Mismatch
While the US moves to crush centralized staking, other jurisdictions are formalizing it as a regulated financial service, creating an untenable split.\n- EU's MiCA: Treats staking-as-a-service under clear licensing rules, acknowledging its investment-like nature.\n- US's Howey Ambush: Applies a 70-year-old test retroactively, creating catastrophic compliance uncertainty.\n- Market Fragmentation: Providers must choose jurisdictions, fracturing liquidity and pushing innovation offshore to regions with clearer rules.
MiCA
EU Framework
2-Tier Market
Result
06
The Inevitable Pivot to Infrastructure
The legal endgame forces a fundamental business model shift: from selling 'yield' to selling 'software and security.'\n- Product Shift: Dashboard fees replace yield share. Charge for MEV-boost relays, monitoring alerts, and key management.\n- Tech Stack Focus: Become the AWS for solo stakers—providing robust, decentralized tooling without custody.\n- Survival Strategy: This is the only path for existing SaaS providers to decouple from securities regulation and survive the coming enforcement wave.
SaaS -> IaaS
Pivot
Tooling Fees
New Model
ENQUIRY
Get In Touch
today.
Our experts will offer a free quote and a 30min call to discuss your project.
NDA Protected
Confidentiality24h Response
Time to ValueDirectly to Engineering Team
No Sales Fluff10+
Protocols Shipped
$20M+
TVL Overall