If the controls are "we don't want to" instead of "we can't do it" then it's custodial. What if I set up a bank and established a policy of "we don't let our employees touch customer funds" -- would that exempt me from needing a banking license? No. Amazon shouldn't get special treatment and neither should voltage. If they have access to unencrypted user keys in device memory then they are custodians of money.

(Btw I don't think licenses to transmit money or to do banking should exist in the first place. But custody exists and people who have it should be clear about it.)

super_testnet

secp256k1

bitcoin

Is Voltage a regulatory time bomb?

theoretically, yes. practically, no. there are many layers of technical and policy controls in place to keep random SREs from touching customer instances. 