Unregulated But Not Invisible: The Legal Risks of Operating in a Grey Area

In the world of startups—especially in sectors like fintech, crypto, digital health, or wellness—“we’re

not regulated” often gets thrown around like a badge of honor. Founders frame it as agility. Investors

frame it as innovation.

But here’s the truth: just because you’re not licensed doesn’t mean you’re invisible to regulators.

Operating in that twilight space between “clearly legal” and “definitely illegal” isn’t new. But what has

changed is the speed of enforcement, the cross-border scope of regulators, and the legal risk appetite of platforms, payment providers, and investors who now demand clarity before commitment.

Let’s unpack what it means to operate in a regulatory grey area—and what you can do to ensure you’re

safe there, or whether you may want to consider leveling up..

What Is a Regulatory Grey Area?

A grey area exists when:

• Your product or service resembles a regulated activity—but hasn’t been explicitly categorized

yet and/or resembles a regulated activity, but is not.

• There’s no clear guidance or legal precedent, either because the technology is new, or regulation

is outdated.

• You believe you're outside the perimeter of regulation, but authorities might disagree.

Examples include:

• A wellness app offering “diagnostic insights” without being a licensed healthcare provider.

• A DAO providing pooled investment vehicles without being a fund.

• A crypto platform offering staking-as-a-service without a Virtual Asset Service Provider

(VASP) license.

• A neobank providing quasi-banking services using third-party rails.

You’re not formally regulated. But you’re definitely not under the radar.

Why This Matters (Even If You Think You’re Safe)

Most founders assume that if they’re not required to be licensed, they’re in the clear.

That’s wrong. Because regulators care less about what you call yourself—and more about what you

actually do, its extremely important to ensure you’ve gotten the correct advice and protect yourself as

much as possible, when operating “in the grey-area”.

Courts and regulators usually apply a “substance over form” test. If your product functions like a

financial service, health service, insurance product, or investment vehicle, you may need to have gotten

regulated—regardless of branding.

How to Navigate the Grey (Without Turning Red)

1. Get a Regulatory Mapping Done

Before you start up, ship or scale, have a legal advisor map our the licensing regimes that would apply

to you, clearly define your activities and what your obligations under those are, and what specifically

you may not do with your license (especially if you are a “grey area” company, the triggers for when

you cross the threshold (e.g. custody, solicitation, fiduciary duty)).

This is not the same as asking “Do we need a license today?”

It’s about knowing what could go wrong tomorrow and taking a decision accordingly.

2. Disclose, Don’t Deflect

To the public, but more importantly to the Regulator.

Your communications, applications(s) and/or other information to regulators and customers should be

clear, truthful and not misleading. If you are hiding something, chances are you know you should be

regulated.

If you are not ready to be regulated yet, be open to speaking about how your business model can be

changed to conform to the “unregulated” options for opening and/or operating your business.

Transparency builds trust—and gives you space to adapt. Its better to sleep peacefully knowing you are

compliant with the rules and regulations applying to you, than to worry about “what-if”.

3. Plan for Regulation Before It Lands

Most grey-area startups that start to (or will start to) veer into regulated territory wait too long. By the

time they are required to “get regulated”, they are not ready.

Final Thought: Visibility Without a License Is Not Freedom

If your product creates trust, handles money, or affects health or data, you don’t live in a vacuum. You

live in a legal environment that will catch up to you—and often faster than you think.

Operating in a grey area is a strategy—not a shield. Sometimes businesses have a legitimate reason to

be in the “grey area”. Other times, the grey area is a momentary purgatory which must be moved on

from. Play it wisely, build it transparently, and treat compliance as a competitive edge—not a burden.