Behind the meter on the CLARITY Act fight, there is a single clause that decides whether the United States stays a competitive jurisdiction for protocol engineering or quietly exports it. Section 604 is the safe harbor that draws a legal line between people who write open-source code and people who use that code to commit crimes. Charles Hoskinson, founder of the Cardano network, spent the week telling lawmakers in plain language that removing it would be an own-goal.
His framing was sharp. Charging a maintainer for what a downstream user does with their compiler output, he argued, is the equivalent of charging a novelist for a reader's violent act. The analogy hits because it maps onto how the stack actually works. A signed binary, a published smart contract, a public Git repository — these are artifacts. The runtime behavior is determined by the wallet holding the keys, the validator running the node, and the human pressing the button. Liability that ignores that separation collapses into prior restraint on software itself.
Decompiled, the CLARITY Act tries to do three things at once: assign jurisdiction between the SEC and CFTC, define when a token is a security versus a commodity, and draw a line around who can be prosecuted when bad things happen on a permissionless network. The first two are the policy headline. Section 604 is the load-bearing wall holding up the third. Strip it, and any anonymous transaction that touches an open-source DeFi protocol becomes a vector for criminal exposure on the people who shipped the original commit, regardless of whether they ever ran a server or held a user key.
The technical reality is that most protocol code is non-custodial by construction. A Cardano smart contract, an Ethereum router, a Solana program — none of them give the author the ability to freeze, seize, or claw back the user's funds once deployed. That immutability is the security model. It is also why prosecutors love DeFi as a theory of liability: the developer is the only party in reach when the actual perpetrators are mixers and burner wallets. Section 604 exists to say that reach is not enough.
Hoskinson's intervention matters because it joins the Blockchain Association, Coin Center, and a quiet bench of corporate counsel making the same point. The competing jurisdictions are not theoretical. Switzerland's DLT framework, Singapore's MAS guidance, and the EU's MiCA regime all carry explicit safe harbors for software publication. If U.S. legislation does not match that baseline, the migration is mechanical. GitHub commits move to entities domiciled in Zug, Singapore, or Lisbon. Validator sets do not care about IP geography.
What this changes for builders. Watch the markup language on Section 604 line by line, not the bill summary. If the safe harbor survives intact, U.S.-resident maintainers can keep shipping non-custodial code without buying liability insurance against strangers. If it gets carved down to "developers who did not intend illicit use," that intent test becomes a litigation magnet, and the rational response is to publish from a foreign entity. Plan your contributor agreements and corp structure for both outcomes now, before reconciliation closes the window.