The United States Department of Justice (DOJ) has clarified its stance on crypto regulation: writing and publishing open source code, in the absence of criminal intent, is not a priority target for prosecution. This was reiterated by the Acting Assistant Attorney General Matthew R. Galeotti during a legal summit in the State. In this context, the focus shifts from the code itself to the behavior of the author.
According to the data collected from public analyses and institutional reports consulted for this article, the DOJ has repeatedly emphasized the centrality of the subjective element in criminal actions against crypto operators. Industry analysts note that this approach is consistent with the Cryptocurrency Enforcement Framework published by the DOJ, which guides priorities and investigative tools.
The text and context of the intervention can be consulted in the official version of the DOJ and in the policy framework:
What the DOJ said
In his official remarks, Galeotti shifted the focus from the “form” of the code to the subjective element of the author. The operational guideline, in summary, can be summarized as follows:
- The code, by itself, is not enough: the mere publication or contribution to open source projects does not constitute a crime if there is no specific intent to facilitate illegal activities.
- Focus on conduct and control: priority to cases with participation in conspiracies or management/control of services that transfer value.
- Case-by-case analysis: evaluations based on facts, roles, flows, and governance of the protocols.
The text and context of the speech are available at https://www.justice.gov/opa/speech/acting-assistant-attorney-general-matthew-r-galeotti-delivers-remarks-american.
Where the limits are drawn: exceptions and enforcement
The position of the DOJ does not equate to an amnesty. The authors who remain prosecutable are those who:
- act with intent to facilitate money laundering, fraud, or other criminally relevant conduct (e.g., 18 U.S.C. § 1956/1957 text);
- manage or control infrastructures that transfer value without applicable compliance requirements (e.g., 18 U.S.C. § 1960 text, money transmitting activities without a license);
- violate international sanctions or participate in criminal networks (e.g., IEEPA/OFAC OFAC release — Tornado Cash, August 8, 2022).
In other words: the writing of smart contracts or privacy tools does not automatically make one “financial operators”. It should be noted that roles of admin, pause/upgrade keys, interfaces that route flows, or direct monetization can still impact the analysis.
Legal context and precedents
The clarification comes after years of debate on where technical development ends and where criminal liability begins. On August 8, 2022, the OFAC sanctioned Tornado Cash, triggering disputes and questions about “code is speech” and the boundaries of USA crypto regulation.
Regulatory framework of reference:
- 18 U.S.C. § 1960 — Crimes related to unlicensed money transmitting businesses (text).
- 18 U.S.C. § 1956/1957 — Money laundering and transactions with illicit proceeds (text).
- Bank Secrecy Act (BSA) — AML/KYC obligations for money services businesses (FinCEN: resources).
- IEEPA/OFAC — Sanctions regime and SDN lists (SDN — OFAC).
The DOJ has also historicized the topic in the “Cryptocurrency Enforcement Framework” (October 2020), which outlines risks, tools, and priorities of federal enforcement and remains an operational reference for prosecutors and law enforcement agencies.
Practical implications for developers and protocols
For those who contribute to open source projects and DeFi, the clarification reduces uncertainty but does not eliminate it. An interesting aspect is the operational translation into daily practices. Some useful good practices:
- Document technical purposes, design choices, and usage limitations of the code.
- Separate governance and control: avoid unnecessary privileged access; prefer transparent mechanisms and time-lock. See also our guide on decentralized governance.
- Avoid claims that could be interpreted as an invitation to violate laws or sanctions.
- Evaluate if front-end, relayer, or auxiliary infrastructures can configure money transmission activities; for more details, visit the page on compliance and AML.
- Monitor developments in the AML/CFT field and update internal policies.
Markets and industry: possible effects
The immediate effect could be an improvement in confidence among developers, investors, and legal teams. In general, greater clarity tends to favor:
- resumption of finanziamenti for open source projects;
- more innovation on privacy and interoperability tools;
- requests for written guidelines to anchor investigative practice.
No reliable and verifiable market data directly and uniquely linked to the statements are reported at the moment. For statistical updates and industry trends, refer to sector reports and data from entities like Chainalysis.
Quick FAQ
What does it mean for open source developers?
Writing code is lawful if there is no proof of criminal intent. The legal risk increases with roles of control, direct monetization, or intermediation of value flows.
Are privacy tools in the spotlight?
Not for their existence. The authorities focus on illicit use, intent, and governance. OFAC sanctions and AML/CFT regulations remain in effect (see OFAC statement on August 8, 2022).
Is it necessary to register or obtain licenses?
It depends on the model. If the activity integrates money transmission under the BSA/FinCEN, registrations and AML controls might be needed. The assessment remains case by case; for practical guides, consult the compliance and AML section.
Conclusions
The DOJ aligns enforcement with substance: punish criminal intent, not the code itself. For developers and blockchain teams, it is a sign of openness, but compliance, governance, and precise evaluations remain central. The sector now awaits written guidelines that establish clear boundaries between innovation and responsibility.