Can Nostr Wallet Connect Defy Regulation?

Nostr Wallet Connect (NWC) is a new protocol to enable quicker payments and connect Bitcoin Lightning wallets with applications.

With NWC, Lightning wallets and services become more flexible and programmable to allow for more advanced payment features and applications. There are different functions of NWC, and a few of them are: 

• It allows you to trigger a payment similar to pull payments or direct debit.
• It functions as an open, permissionless and free protocol. 
• It offers more integration options for existing and new applications, providing developers with flexibility. 
• It functions as a relay that helps facilitate communication between a client application and a wallet. 

As an example, let’s imagine a games’ application that wants to offer in-app payments to sell items inside the game. To make the payment, the application first initiates a session with the connected Lightning Wallet, then, through the frontend, encrypts and relays a payment message through NWC. The message, which is encrypted, gets relayed to your wallet. Once your wallet receives it, it is decrypted and presented for you to sign the transaction or autosigns it on your behalf. 

Regardless of the NWC protocol’s innovation, it currently sits in a gray area because no current regulatory acts categorize it. This article attempts to answer an important question: How would regulators categorize it if current regulatory acts don’t cover NWC? 

How Flash Enables Interoperable, Self-Custodial Bitcoin Commerce with NWC

Why Regulatory Classification Matters

The landscape of regulation concerning  Bitcoin and decentralized protocols and services has become more comprehensive recently, as there has been an increase in attention towards the blockchain industry. 

There are more in-depth reasons why categorization matters, and we go through them below: 

• For companies developing a product, understanding the categorization under which they fall influences product design, funding opportunities, and, in some cases, compliance costs. Having this knowledge helps to achieve business certainty, stability, and predictability. Whereas in a case where a company falls under no categorization, there is uncertainty (legal or business) that would be priced in. 

• There is also the impact of categorization on the end users of a product. In the context of NWC, this could determine the experience and how developers use and integrate it. For example, before 2019, in the United States of America, cryptocurrency exchange users weren’t required to undergo verification. However, after a joint statement by CFTC, FinCEN, and SEC leaders, it became necessary, and BitMex faced actions for failing to comply; fortunately, it later reached an agreement. 

• There is also a risk associated with ambiguity (lack of categorization) and gray areas that could lead to criminal activity. A notable example is Tornado Cash, which led to the arrest of its founders. 

Comparing Regulatory Frameworks

Below, we compare different frameworks from various regions, focusing on their relevance to NWC. 

Region	Framework	Focus	Relevance to NWC
European Union	MiCA (Markets in Crypto Assets Regulation)	Licensing and supervision of crypto-asset service providers.	NWC falls outside this scope since it does not issue tokens or get custody of assets.
European Union	AML/CTF Directives	Anti-money laundering and counter-terrorist financing.	If NWC is seen as facilitating transfers, apps using it may be subject to KYC/AML rules. But this doesn’t cover NWC itself.
European Union	GDPR	Data protection and user privacy.	NWC itself does not store personal data, but apps using it must comply with GDPR obligations.
United States	FinCEN Guidance	Money transmission and AML obligations	NWC doesn’t meet the definition of a “money transmitter,” but integrations with NWC could fall under this scope.
Other Regions	FATF Standards	Recommendations that protect the global financial system	Since these cover over 40 recommendations, the risk-based approach would be used to assess if NWC poses any risk.

To better explain, under the FATF standards, some regions like Australia, Japan, South Korea, etc, exchanges were required to delist privacy coins such as Monero because they didn’t meet regulatory guidelines. Unlike privacy coins, NWC is not a financial asset or token but a communication protocol, which means its regulatory considerations are fundamentally different.

From the comparison table and example given above, none of these regulations currently cover or apply to the NWC protocol, which still highlights an important question or issue. How would regulators categorize the protocol? 

How are Regulators likely to categorize NWC?

Following the comparison and given that the NWC protocol doesn’t fit into existing regulatory  classes, public watchdogs could use a number of  possible approaches: 

1. It can be argued that regulators might want to treat and categorize the NWC as an API connector, where it would not be regulated, but businesses using the protocol would be. However, there are nuances to this, as NWC is a protocol specification for communication with an encryption focus, rather than an API endpoint.  However, it can be argued to work as an API because:

• It performs a connector role.
• Uses a relay model.
• It is free to use, decentralized, and permissionless. 

2. Although NWC does not claim to be a privacy-enhancing protocol, regulators might lean towards categorizing it as one because it abstracts away the interactions between client applications and wallets. And regulators might see it as an additional layer that complicates oversight, which can be argued because NWC itself never claimed to do any of these things. 

3. From a personal viewpoint, however, the most likely path that regulators might take, given recent trends, would be a risk-based approach that examines whether NWC presents an opportunity for systemic or criminal risk. This means NWC might be left outside any direct regulation categorization, but could be indirectly categorized through obligations of applications that integrate it. 

Regulated or not – NWC will remain an open standard 

While financial regulation suggests to maintain the stability of the monetary system, it actually creates direct risks for users as well as systemic risks. KYC, in particular, has raised concerns over privacy and security, and its broader societal value remains a topic of debate. With big bank bailouts, the market’s cleansing mechanisms get deferred, causing inherent fragility.

Decentralized protocols like NWC create open, inclusive and fair environments, self-regulated and safeguarded by standards set by its participants.

At present, the categorization of NWC is a gray area, though recent trends suggest regulators could lean towards a risk-based assessment approach. For NWC, this means its regulatory treatment will depend on how much risk it is perceived to carry. If classified as high risk, regulators would impose stricter oversight and monitoring on the protocol; whereas a lower risk categorization would mean lighter or no oversight. However, the final decision rests with regulators. With or without regulation, NWC will remain an open source protocol developers and businesses may utilize to enhance their apps and wallets.