January 26, 2024

Differentiating DLT, Protocol, and dApp for Proper Legal Structuring of a Web3 Project


If you’ve ever wondered how to legally structure a Web3 project, this article is for you. We break Web3 projects into three components; the DLT, the protocol, and the dApp, explaining how they work, before exploring the different legal risks and regulation requirements that affect each one. Finally, we look at how to weave the three ‘layers’ of legal structuring together to form a complete legal wrapper for your Web3 project.


This is not a technical article. We have used some technical terms and simplified them for easier understanding. This may result in these technical terms being used in a way that is not 100% accurate from a technical standpoint. We’ve simplified these technical terms to explain the differences between the distributed ledger technology (block-producing base layers also known as blockchains), the protocol, and the dApp so that a non-technical Web3 audience (such as business founders, legal counsels, etc.) may better understand this topic. We also think it is important to emphasize the categorization of Web3 projects for legal structuring purposes.

This guide is brought to you by the team at Legal Nodes, including co-founder Nestor Dubnevych. Legal Nodes is a platform for tech companies operating globally and helps startups establish and maintain legal structures in 20+ countries.

Disclaimer: none of this information should be considered as legal, tax, or investment advice. Whilst we’ve done our best to make sure this information is accurate at the time of publishing, laws and practices may change. For help with the legal structuring of your project, speak to us.

Identifying the moving parts of Web3 projects and understanding why they should be differentiated for legal structuring purposes

What are the moving parts of Web3 projects?

In short, most Web3 projects have a complex technical structure consisting of multiple layers, each with its own functionality, governance, and even its own tokens.

Why is it important to identify these different aspects of Web3 projects?

Web3 projects therefore have different risk structures and require different regulations and compliance measures for each layer.

What are the layers in these Web3 projects?

Typically, Web3 projects consist of three technical layers:

  1. The Protocol (the middle/core layer). This is the set of rules or a settlement layer, allowing different types of data to be shared between computers in a particular and highly standardized way.
  2. The dApp (the top layer). This layer serves as the client-facing interface and operates as a business/monetization vehicle for the protocol. It acts as a bridge between real-world users and the virtual/on-chain protocol.
  3. The Blockchain (the bottom layer). This layer utilizes distributed ledger technology and functions as a decentralized server for the protocol deployed on the blockchain network.

We will explore these layers in more detail further on.

How are the layers of Web3 projects regulated?

Each of the layers mentioned above may fall under specific regulatory regimes, such as VASP/CASP regimes, or they may be outside the scope of regulations altogether due to their autonomous, ownerless, and permissionless nature. Therefore, when it comes to the legal structuring of Web3 projects, it is crucial to distinguish these "moving parts" from each other, as each part/layer may require its own legal structure or legal wrapper.

This approach was suggested by a16z in their article series "Regulate Web3 apps, not protocols", which was addressed to regulators to encourage them to focus on regulating dApps instead of protocols. In this article, we will take a closer look at this concept from the perspective of legal structuring for Web3 projects. The terminology and definitions that we use and promote in this article can also be found in the various playbooks for Web3 founders that are published on the Legal Nodes Blog. Therefore, let’s align on some of the terminology before going any further. This may also help you to better understand other playbooks published on our blog.

User-facing layer (dApp)

When we refer to dApps in this article and in general on our blog, we are talking about decentralized applications. These have the following characteristics:

  • They are industry-focused, for example, social networks, video games, fintech, etc.
  • They operate with centralized governance.
  • They might have own tokens (utility, RWA (real-world asset), security, or stablecoin) that are issued in a centralized manner.

Ultimately, these are decentralized applications, such as wallets, trading platforms,  play-to-earn games, NFT marketplaces, etc.

Settlement layer (protocol) 

When we speak about protocols, these have the following characteristics:

  • They are industry-focused, for example, DeFI, digital identity or decentralized governance.
  • They operate with decentralized governance (DAO).
  • They operate with tokens that serve for DAO membership and voting (governance tokens).

Infrastructure / base layer (DLT)

When we speak about DLTs, we are referring to distributed ledger technology, also referred to as blockchain or blockchain technology. These have the following characteristics:

  • They are industry agnostic.
  • They do not require any forms of governance (they are self-governing/self-autonomous).
  • They operate with “gas fee” tokens.

What is a Blockchain Network?

For simplicity, blockchain can be understood as a distributed ledger supported by a decentralized network of servers. To interact with each other and add new information to the distributed ledger, these distributed servers rely on a cryptography-based "consensus algorithm" that enables trust between servers, even if they have not “met” before. It is important to note that this ledger is often fully autonomous, requiring no governance or administration, thanks to the consensus algorithm mentioned above. Popular examples of fully autonomous and decentralized blockchain networks are Bitcoin and Ethereum. There are many others, including Solana, XRPL, Cosmos, Cardano, and Polygon.

The distributed ledgers mentioned above are industry-agnostic, meaning they can store any type of data. However, industry-specific protocols (discussed below) can be deployed into the blockchain, allowing them to utilize the distributed ledger for storing more specific data related to the industry. For instance, a DeFi protocol can store value-related data in the blockchain where it is deployed.

From a technical perspective, blockchains are also protocols (sets of rules/standards along with the consensus algorithm that enables decentralized data processing and storage), but for the purposes of this article, we will treat them as a separate entity as they act as block producers of the DLT and therefore are used as a base layer for industry-focused protocols (DeFi, governance, identity, etc.).

What is a decentralized protocol?

A decentralized protocol serves as a settlement layer for information processing and exchange. It consists of a set of highly standardized rules that are ensured by mathematical and cryptographic laws to maintain trust. This level of standardization allows different users, entities, and institutions to share information and data with confidence, knowing that it will not be manipulated or falsified during transmission (thanks to the underlying blockchain layer where the protocol is deployed).

The main distinction between a protocol and a blockchain is the nature of the information that can be stored and processed by each. As previously mentioned, a blockchain functions as a universally applicable distributed ledger capable of storing any kind of information. Conversely, a protocol is designed for a particular industry and handles a specific type of data or information. This is why, within the layers of a Web3 project, numerous protocols are deployed and operated on top of blockchain networks, utilizing them as distributed ledgers to record industry-specific data.

Depending on the type of data being processed by the protocol, there are different types of protocols:

  • For value-exchange information transfer, there are DeFi protocols such as dYdX for decentralized exchanges, Maker for lending and borrowing, and UniSwap for decentralized market making.
  • For information transfer related to votes and decision-making, there are decentralized governance protocols like Aragon and DAOHaus.
  • For information transfer related to identity, there are digital identity and zero-knowledge proof protocols like Rarimo.

What are the differences between Web1 and Web3 protocols?

As mentioned in the articles by a16z, there is a key difference between Web1 protocols (such as HTTP for websites and SMTP for emails) and Web3 protocols (from the realms of DeFi, decentralized governance, and ZK proofs). Web1 protocols do not accumulate value, which means no stakeholders are profiting from them. This makes Web1 protocols a "public good" and eliminates the need for governance since there is no value to manage.

On the other hand, Web3 protocols (particularly those focused on value exchange, like DeFi) do accrue value. This necessitates governance and distribution of the accrued value. This is why Web3 protocols often require governance (DAO) and incorporate protocol-native tokens to structure governance and incentivize contributors. Unlike fully autonomous Web1 protocols, Web3 protocols are often "semi-autonomous" as they require some level of management, especially in the case of value exchange protocols like DeFi, which have their own fee pools and require governance of reserve funds, among other things.

Another key difference is related to the DLT (the blockchain) that serves as a base layer for the protocols. This new decentralized infrastructure has unlocked the ability to make the algorithms of the protocols "smart" (also known as “smart contracts”). Blockchain allows the protocol to operate in a permissionless manner, eliminating the need for centralized intermediaries between users (e.i. centralized servers or cloud server providers). This creates the possibility of creating "self-executing" algorithms known as smart contracts. In these contracts, users or parties involved can trust each other without relying on centralized intermediaries. This is one of the reasons why Web3 protocols have been adopted quickly, especially in the financial sphere where centralized and untransparent intermediaries present numerous challenges.

What is a decentralized app (dApp)?

Decentralized applications, frequently referred to as dApps, are user-facing software applications. They serve as a bridge between on-chain protocols with smart contracts and off-chain (real-world) users, providing them with an interface to interact with the protocol. Examples of dApps include:

  • Wallets (such as Metamask, Trust, etc., which serve as interfaces for DeFi many protocols)
  • DAO platforms (like Snapshot, Colony, etc., which serve as interfaces for governance protocols)
  • Play-to-earn games (Axie Infinity, Gods Unchained, etc., which serve as interfaces for GameFi protocols)
  • Digital identity verification apps (Polygon ID, etc., which serve as interfaces for ZK proof protocols)

The user interface software mentioned above can be structured in various forms, such as a website, mobile app, browser extension, and more.

As mentioned earlier, dApps are typically the "monetization" layer of Web3 projects. They can introduce fees (such as subscription fees, transactional fees, access fees, etc.) at the user interaction level. This also means that dApps require extensive regulatory compliance work. Since the users of such dApps are based in specific jurisdictions, the local laws of those jurisdictions may be recognized as applicable to these dApps

Companies providing dApps must adhere to regulatory requirements to protect consumers' rights, ensure their safety, and comply with financial, tax, and other regulations in ALL countries where such dApps target and acquire users.

DLT, protocol, and dApp compared

The following table compares the distinguishing characteristics of distributed ledger technology (DLT), protocols, and dApps. It compares the functionality, industries, tokens, monetization, governance, and more.

As shown in the table above, the various technical layers of Web3 projects have different functionalities and technological structures when it comes to controlling users' funds, governance, tokens, and monetization models. This leads to different risk profiles, which in turn have different legal and tax implications, as well as compliance requirements for each layer.

Risks presented by different technological structures 

The different technological structures, such as custodial versus non-custodial, have different legal qualifications. Non-custodial permissionless protocols generally are outside the scope of VAPS/CASP regulations (as they are “public goods”), while custodial and permission-based dApps may need such authorizations and the incorporation of KYC/KYT procedures for their users.

Risks presented by different monetization models

Different monetization models and structures of protocol treasuries have different tax implications. For example, a protocol with a treasury consisting of a strategic reserve of initially pre-minted and locked tokens, with the limited purpose of incentivizing the protocol's ecosystem, may be qualified as a “public good” with no tax consequences. On the other hand, a protocol with a fee pool that is distributed between contributors and engineers may have more complicated tax consequences.

Risks presented by different governance structures

Different governance structures may result in different liability implications for participants and stakeholders in the protocol's ecosystem as it will show that the DAO possesses control over the transactions through the protocol and the protocols’ tokens which leads to the responsibility of such DAO to ensure that the sufficient measures have been implemented in the protocol to prevent illicit activities and to protect customers.

Navigate the regulation and avoid legal risks with help from Legal Nodes

We’re currently working hard to bring you more details on the regulation risks and requirements that could affect Web3 founders and builders. You can find out more on the Legal Nodes blog, including:

These playbooks will help you navigate the complex and fragmented world of virtual asset regulations. You can search our blog to find more support with your specific project or visit our use case pages to see how Legal Nodes helps Web3 founders and builders to launch their protocols and dApps.

Nestor is a Co-founder & Head of Web3 Legal at Legal Nodes. Having over seven years of legal consulting experience, Nestor loves working with innovative startups and Web3 projects, helping them navigate the regulations and scale on global markets.

Explore popular resources