Seems like the tl;dr is "Self-custody is protected; enforcement tools remain sharp."

Here's my full walk-through of the Digital Asset Market Clarity Act (HR 3633 substitute). Market structure is the headline, but the provisions that matter most for DeFi, privacy, self-custody, and developers live in Title III (illicit finance) and Title VI (software + self-custody).

The bill’s core bargain is familiar: push compliance pressure onto the web UI, while trying to avoid treating non-controlling protocol/software actors as regulated intermediaries. A mullet, but with section numbers.

Section 302 defines a “distributed ledger application layer” as a web-hosted app that lets a user submit an instruction/communication/message to a distributed-ledger app or DeFi trading protocol to execute a transaction.

302 then excludes the backend: it is not the distributed ledger app/protocol/system itself; not the DeFi trading protocol; not nodes/validators/infra; and not a software/hardware wallet used for self-custody.

302 does not directly impose a full BSA/CIP/KYC program. It orders Treasury, within 360 days, to issue guidance on sanctions duties and “applicable” AML/CFT requirements for app layers owned/operated by US persons.

The guidance must cover, at a minimum: commercially reasonable chain-analytics screening to identify sanctioned wallets/jurisdictions/FIs; and blocking/rejecting/routing-restricting attempted transactions prohibited by US sanctions.

It also calls out blocking/restricting transactions showing ransomware indicators, illicit-finance typologies, or other patterns presenting a significant, identifiable illicit-finance risk (based on a commercially reasonable analytics assessment).

And it requires risk-based AML/CFT measures (consistent with applicable law), including monitoring/limiting exposure—plus complying, as applicable, with any Treasury “special measures” under 31 U.S.C. 5318A.

Section 303 expands 31 U.S.C. 5318A (the “Section 311” special-measures toolkit) by adding a new measure tailored to digital-asset illicit finance.

If Treasury finds a foreign jurisdiction, foreign FI, or transaction class tied to a foreign jurisdiction is a primary ML concern via digital assets, it may prohibit/condition certain “transmittals of funds” by US financial institutions/agencies.

Translation: Treasury can lean on US rails to isolate an offshore venue or transaction class even if the underlying protocol is non-custodial. The practical reach turns on how Treasury defines “transmittals of funds” by regulation.

Title VI tackles the “developer = intermediary” reflex. Section 601 adds a new Exchange Act §15H safe harbor: you aren’t subject to the Exchange Act solely for relaying/validating txs or running nodes/oracles/bandwidth.

§15H also covers developing/publishing/“constituting” DLT systems and self-custody tooling (wallets, etc.). It preserves SEC anti-fraud/anti-manip/false-reporting authority and says the carve-outs don’t expand SEC jurisdiction by implication.

§15H directs SEC rulemaking to clarify when DeFi-adjacent activity alone is not enough: UI that reads/accesses data; governance systems; DeFi “messaging systems”; liquidity pools; and distributing wallet/self-custody tools (with First Amendment nods).

§15H also preempts state securities/commodities/digital asset laws for the core §15H(b) dev activities—while explicitly preserving state AML, anti-fraud, and anti-manipulation authority.

BRCA is incorporated (Section 604): a “non-controlling” developer/provider is not a money transmitting business (31 U.S.C. 5330) or “engaged in money transmitting” (18 U.S.C. 1960) solely because they build or support the stack.

“Non-controlling” is defined tightly: in the regular course of operations, you lack the legal right or unilateral, independent ability to control, initiate on demand, or effectuate user transactions without another party’s approval/consent/direction.

And the BRCA safe harbor is explicit about covered conduct: (A) publishing/maintaining distributed-ledger software/services, (B) providing hardware/software for a customer’s own self-custody, or (C) providing infra support to maintain the service.

Keep Your Coins (Section 605): a federal agency may not prohibit, restrict, or otherwise impair a US individual’s ability to self-custody digital assets using a self-hosted wallet (or other means) for any lawful purpose.

But 605 expressly preserves Treasury/SEC/CFTC/banking regulators’ authority to carry out enforcement actions and special measures under the BSA, sanctions authorities, and other illicit-finance laws. Self-custody is protected; enforcement tools remain sharp.

Stablecoin yield (Section 404): a digital asset service provider may not pay any “interest or yield” (cash, tokens, or other consideration) solely for holding a payment stablecoin.

The ban does not cover activity-based rewards/incentives tied to: transactions/payments/settlement; wallet/account/platform/app/protocol/network use; loyalty/promos/subscriptions; acceptance/acquiring rebates; liquidity/collateral; or governance/validation/staking.

Marketing limits: no deposit/FDIC talk; no “issuer pays”; no “risk-free/bank-interest” pitch; no mislabeling who pays; no material omissions. Disclosures must be clear/accessible. Issuers aren’t deemed to pay yield unless they direct the rewards program.

Here's a Lummis tweet on the act:
https://x.com/SenLummis/status/2010939496830030038

As well as a Cointelegraph tweet:

And a shitcoiner's take: https://x.com/ishraq8/status/2011071711827882147