The Clarity Act Passed Committee. Now Someone Has to Build the Stack.

The Senate Banking Committee voted 15-9 to advance the Digital Asset Market Clarity Act to the full Senate floor. The bill defines, for the first time, what compliance obligations look like for digital asset intermediaries. What it doesn't define is how the industry actually operationalizes them. Those are two different problems, and only one got meaningfully addressed today.

I've spent a good part of the last decade building cryptographic systems for environments where compliance and confidentiality have to coexist: regulated markets, institutional custody, high-stakes financial infrastructure. The pattern I've seen repeatedly is that the gap between "a compliance requirement exists" and "infrastructure exists to meet it" is usually measured in years, not months. The Clarity Act is a meaningful step. What comes next is harder, and less discussed.

AML Obligations Create a Privacy Tension the Bill Doesn't Resolve

The bill classifies digital commodity brokers, dealers, and exchanges as financial institutions under the Bank Secrecy Act, subjecting them to AML programs, customer identification, and due diligence requirements. That's the right framework. The obligation is now clear where it previously wasn't.

The implementation question is harder than it looks. Traditional AML compliance assumes underlying data can be shared with auditors and regulators through access-controlled institutional channels. On public blockchains, the same data is visible to everyone — there's no access control at the ledger layer. A firm can satisfy a regulator's verification requirement, but the disclosure that satisfies the regulator also exposes sensitive position data to the broader market at the same time.

For a fund managing treasury operations on stablecoins, or a regulated custodian trying to demonstrate reserve adequacy without telegraphing its book, that's a real operational constraint. The bill establishes the obligation but leaves the mechanism open. Figuring out how to build compliance workflows that satisfy regulators without creating unintended public exposure is one of the more genuinely interesting engineering challenges to come out of this legislation, and it's one the industry will need to solve before compliance becomes fully operational, not after.

DeFi Developer Liability Remains Undefined, and That's Actually an Opportunity

The debate over DeFi oversight was the day's most contested ground. There are legitimate concerns across the spectrum about illicit finance risk, about software developer liability, about what "decentralized" means in practice as a legal threshold. The bill hasn't fully resolved any of them, and the conversation will continue into the full Senate floor debate. That's not a failure of today's vote. These are genuinely hard definitional questions, and the right answer matters more than a fast one.

For protocol developers, this ambiguity is uncomfortable but not necessarily the worst outcome. A premature, poorly-fitted compliance framework imposed before the technology is mature enough to meet it would have been harder to recover from than an unresolved question. The window between now and final rules is actually the right time to build compliance infrastructure that works for distributed systems, before the requirements lock in rather than retrofitting whatever the industry defaults to once deadlines arrive.

The challenge is that most compliance tooling in financial services was designed around identifiable intermediaries with clear accountability structures. Much of the DeFi stack doesn't have that. Building verification infrastructure for systems that are genuinely distributed, without simply making everything centralized enough to regulate, is a problem that cryptographic tooling is well-positioned to address. That work needs to start now, not after the Senate Agriculture Committee reconciles its version of the bill with this one.

AI Agents Are a Compliance Surface the Industry Hasn't Mapped Yet

An amendment to create regulatory sandboxes for AI tools passed 15-9, one of the cleaner consensus moments in an otherwise closely contested markup. The amendment reflects something real: AI and financial infrastructure are converging faster than the regulatory frameworks governing them. Autonomous agents executing transactions, managing treasury positions, or routing payments on behalf of institutions are production realities today in early form. The compliance framework for them is essentially undefined.

Traditional compliance assumes a human or institutional actor who can be held accountable for a decision. An AI agent operating on-chain doesn't fit that model cleanly. The sandbox approach gives the industry and regulators space to figure out what accountability actually looks like for autonomous systems before requirements get locked in. That's the right instinct. But the tooling to make those agents auditable to verify what they did, under what operating parameters, using what model, barely exists at the scale or reliability compliance workflows require. Building that infrastructure during the sandbox period, rather than at the end of it, is what will determine whether the experiments produce anything regulators can actually evaluate.

The BSA Compliance Buildout Will Define the Industry's Next Phase

The BSA treatment of digital asset intermediaries is the provision with the most immediate operational consequence for the broadest set of firms. Exchanges, brokers, and dealers will need AML programs at a standard that wasn't formally required before. The timeline is compressed:

White House advisers have indicated a July 4 signing target if Senate negotiations move at pace, and the House passed its version 294-134 last July, giving the conference process a defined scope to work from.

What this creates structurally is a compliance infrastructure buildout the industry hasn't yet done. Traditional finance compliance tooling was built for centralized custodians, identifiable counterparties, and private ledgers. Applying those tools directly to crypto rails introduces friction that doesn't have clean solutions off the shelf today. The firms that start working on that gap now, before final rules are locked in, will be in a different position than the ones that wait. That's not a prediction specific to any particular technology approach. It's just how compliance buildouts have gone in every other context I've watched from close range.

The CLARITY Act still has meaningful ground to cover. It needs 60 votes to clear the full Senate, and the outstanding negotiations including language around government officials and digital assets, and reconciliation with the House version passed 294-134 last July adding complexity to the timeline. Whether it reaches the President's desk this summer or later in the year, the direction of travel has been clear for a while.

What I'd watch over the next 12 to 18 months isn't the legislative debate. That part is largely settled in terms of direction. It's whether the industry builds the operational layer to actually deliver on what this framework requires. Regulatory clarity and compliance infrastructure are not the same thing. The first is a policy achievement. The second is an engineering problem. We made meaningful progress on the first one today. The second one is just getting started.

About Author:

Rob Viglione is co-founder and CEO of Horizen Labs, a cryptographic engineering company building privacy and verification infrastructure for high-stakes environments. He holds a PhD in finance, served as an officer in the US Air Force, and has spent the last decade building and operating large-scale cryptographic protocols in production. His research interests span zero-knowledge proof systems, privacy-preserving financial infrastructure, quantum security,. and the intersection of cryptography and institutional compliance.