The enterprise blockchain industry has been selling the same story to capital markets for over a decade. The problem with public blockchains, the story goes, is that anyone can join, even if it’s messy, pseudonymous, and with regulatory uncertainty baked in. The solution was a permissioned network: known participants, audited validators, a governance structure regulators can actually talk to. Essentially Compliance through Centralized Control.

That pitch worked well enough to get Goldman Sachs and Digital Asset to build Canton Network, Hedera Hashgraph to spend years signing enterprise brands onto its Governing Council, and R3’s Corda onto a dozen bank infrastructure roadmaps. But how are those bets looking with the recent Senate draft of the Clarity Act?

A little introduction: The Clarity Act, now moving toward Senate markup, is possibly the most consequential regulatory development this industry has encountered, because it picked the other side of that debate.

How We Got To This Point

The first generation of enterprise blockchain, roughly 2015 through 2020, ran on a simple premise: the SEC and banking regulators would never accept a public blockchain for regulated financial activity. The answer was to build the same ‘distributed’ ledger technology in a known-participant environment. If you could tell a regulator who every node operator was, what their identity verification looked like, and who could kick them off the network, you’d have something that felt like a financial institution.

In the Gensler-Warren-Chokepoint era that wasn’t crazy. It was a reasonable and risk-averse read of the regulatory environment at the time. The SEC was actively hostile to crypto, the CFTC was confused, and banking regulators were watching. And sometimes they did more than just watch.

But the permissioned blockchain narrative never resolved a core problem: if you know who every validator is, if they can all be removed, if the governance council decides who participates, you don’t actually have a blockchain in any meaningful sense. You have a semi-distributed database with a consensus mechanism. The token you issue on that database carries all the regulatory characteristics of a security, because the value of the token depends on the identifiable group running and governing the network. It’s not your older brother’s degen DLT.

For years, this didn’t matter in a legally concrete way. There was no clean statutory framework for what made something a commodity versus a security in the digital asset context. The SEC and CFTC fought over turf, the Howey Test got applied inconsistently, and everything sat in legal gray area, albeit backed by powerful financial firms that could afford to take on and maybe sway regulators.

With this latest - maybe suprising - recent draft, The Clarity Act ends that ambiguity, and where it lands is not good news for Canton or Hedera.

What the Act Actually Says

The Digital Asset Market Clarity Act (H.R. 3633), passed by the House 294-134 in July 2025 (but still in Senate Markup and Amendment before heading back to the House), creates a two-tier classification system for digital assets.

The central question: is a digital asset a “digital commodity” or a “digital asset security”?

The Act defines a “mature blockchain system” as “a blockchain system, together with its related digital commodity, that is not controlled by any person or group of persons under common control.” Once a blockchain system qualifies as mature, its native digital asset can qualify as a digital commodity and is regulated by the CFTC, tradeable on Digital Commodity Exchanges, and accessible without the full SEC securities registration stack.

That’s a pretty strong definition.

In plain terms: decentralization is a legal requirement for the most favorable regulatory treatment, not a philosophical preference. If your network is controlled by a consortium, a council, or a set of vetted validators who must be approved by existing insiders, your digital assets are securities.

What projects are most impacted by this?

Let’s start with the Canton Network: When “Invite Only” Is Your Business Model

Canton Network launched its mainnet in 2024 and, by its own description, is currently operating in an “invite-only phase.” Per Canton’s documentation, new validators and apps “need to first be approved following a request made by an existing super validator, validator, application provider or member of the Canton Foundation.”

Sounds like a members-only club, doesn’t it?

That is literal permission to participate in the network’s consensus layer, granted by existing insiders, with IP whitelisting required for validator nodes. Canton’s architecture describes data as “segmented and replicated only to those validators permissioned to view the data.” Canton’s privacy model is a genuine technical innovation, and it’s built on a foundation of permissioning that runs deep into the protocol.

Canton’s proponents argue this is a transitional phase. As more participants join and governance moves toward the Canton Foundation, the network will become progressively more decentralized. That may turn out to be right. The problem is that “we intend to decentralize eventually” does not equal “we are currently a mature blockchain system” under the Clarity Act’s definition. The Act’s maturity certification requires demonstrating that the network is not controlled by any person or group under common control, present tense. A network that requires sponsor approval for every new validator today does not meet that standard today.

For enterprises that have deployed asset tokenization on Canton: are those assets securities? And if they are, what does that mean for secondary market access, for the intermediaries involved, for the compliance burden on every transfer? Canton’s legal team and every Canton-deploying institution’s legal team should be working through those questions now.

Hedera’s Council Model: Governance as the Problem

Lesser known but around longer than Canton, Hedera is the OG Federated Network.

Hedera Hashgraph has always been transparent about its governance model, which is both admirable and clarifying. The Hedera Governing Council - currently comprising Google, IBM, Boeing, LG, and others - controls the network’s consensus nodes. Per Hedera’s own documentation: “The Hedera Mainnet is currently comprised of permissioned consensus nodes operated by the Hedera Governing Council.”

To run a consensus node on Hedera, you join the Governing Council. The Council controls consensus, network updates, and treasury. Hedera is now introducing “block nodes” as a permissionless participant type, which is a meaningful evolution, but block nodes don’t participate in consensus and don’t determine finality. The Governing Council retains control over the consensus mechanism.

Under the Clarity Act’s analysis, the Governing Council is almost certainly “a group of persons under common control” for purposes of the maturity test. It’s a defined membership set. It makes decisions by specified voting procedures. It has explicit authority over the network’s operation and code.

Hedera was built on an architectural premise - corporate council governance as the path to institutional acceptance - that is now in direct conflict with the legal framework that determines your assets’ regulatory classification. The council was supposed to be what made regulators comfortable. The Clarity Act looked at council-governed networks and put them on the wrong side of the commodity/security line.

Who wins in the new Draft? The Public Chain Argument Just Got Better

For years, public chain advocates in the RWA space had to win a qualitative argument: “yes, it’s Ethereum, but here’s why that’s fine for institutional use.” That required convincing skeptics case by case, without clear statutory backing.

The Clarity Act changes that public chain argument entirely, because it creates specific statutory benefits that flow to public chain tokenization and not to permissioned networks.

Section 202 provides a fundraising exemption from traditional securities registration for digital commodity issuers - those operating on networks that qualify as mature blockchain systems. The disclosure requirements are lighter than full registration, and permissioned network tokens can’t easily access this pathway because their underlying networks can’t certify maturity. Assets classified as digital commodities can trade on Digital Commodity Exchanges with commodity-framework compliance requirements, not the full securities intermediary registration stack required at every step for tokenized securities. The Act’s safe harbor provisions for noncustodial developers and validators apply specifically to decentralized networks, providing liability protection that simply doesn’t map to the vetted, known-participant validator sets on Canton or Hedera. And digital commodity trading moving under CFTC jurisdiction means cleaner regulatory relationships for intermediaries (the CFTC’s framework is mature and well-understood) while SEC securities regulation for tokenized assets is still being invented in real time.

The Deeper Problem: Gatekeeping Is Antithetical to the Value Proposition

Many see the value of tokenized assets in terms of the liquidity and market access they create. If you tokenize a real estate fund but can only trade it on a permissioned network where three administrators control who can participate, you haven’t solved the illiquidity problem. You’ve added technology to an already-gated system. You’ve traded one liquidity problem for another.

The permissioned blockchain pitch was always “we’ll handle the compliance, you’ll get the efficiency.” Efficiency without liquidity is just a faster database, and liquidity requires open market access, which requires open network access, which requires the kind of permissionless validator participation that Canton and Hedera in their current forms don’t provide.

The Clarity Act didn’t create this tension, instead it revealed what was already happening in the market. Ethereum-based RWA tokenization (Ondo Finance, Franklin Templeton’s onchain money market fund, BlackRock’s BUIDL) is growing faster than anything on enterprise permissioned chains. Public chain infrastructure is where actual adoption is happening, and the Act gives that momentum a legal tailwind that enterprise chains can’t match without fundamentally redesigning their architectures.

What Should Happen Now

For institutions that have deployed on Canton, Hedera, or similar permissioned networks: get a clear legal opinion on whether your assets are securities under the Clarity Act framework. Don’t assume the existing compliance posture carries forward. The maturity test is new, and its application to your specific network architecture needs fresh analysis.

For Canton and Hedera: the path forward, if they want to capture the benefits of the Act, is genuine architectural decentralization, effectively aspirational roadmaps, but actual permissionless validator admission. That’s a hard design problem to retrofit onto a network built around known-participant consensus, and it may not be achievable without breaking the privacy and composability features that make these networks attractive to institutional users.

For enterprises evaluating tokenization infrastructure in 2026: “Does this network architecture qualify as a mature blockchain system?” belongs right next to “what’s the TPS?” and “what’s the custody model?” on your checklist. The answer determines whether your tokenized assets are securities or commodities, and that distinction will shape your compliance costs, market access, and liquidity options for years.

The Final Boss

The enterprise blockchain industry made a bet. It bet that regulators would reward permissioning, that known-participant networks would earn the regulatory goodwill that messy public chains couldn’t. Looking backl, that was a reasonable bet in 2016, 2018, 2020, 2022, and even 2025 (as evidenced by the fundraising success of private-permissioned networks).

But The Clarity Act just scored it as a not-that-good-bet. A decade of enterprise blockchain architecture was optimized for the exact characteristic the Act now classifies as a securities liability. Canton and Hedera aren’t dead, but the cost-benefit analysis of building on them has changed materially, and anyone who deployed tokenized assets on those networks without a fresh Clarity Act legal opinion is already behind.

The public chains weren’t wrong about the fundamentals. They were just early, and harder to explain to a compliance officer in 2019. Now they have the statute on their side. I am fully expecting the Empire to Fight Back. Why wouldn’t they? But whose side will they be on?