After three years in this “safe harbor,” projects would have to evaluate their own progress toward decentralization and file a report with the SEC.
After three years in this “safe harbor,” projects would have to evaluate their own progress toward decentralization and file a report with the SEC. If they fail to meet certain standards, such as development from outside of the core team, they then would have to register as a security within another three months. That would effectively be an admission that the growth of the system still depended mainly on the work of the core development team, meaning it would fail the Howey Test that defines a security.
www.coindesk.com