February 5, 2024

Fully Decentralized Protocols: Important Legal Steps for Minimizing Governance


This article is part of a series of playbooks tailored for Web3 builders focusing on crafting legal strategies for their projects. In our articles on legal strategizing for Web3 projects and progressive decentralization for Web3 projects, we discussed the best decentralized strategy for Web3 teams with the ultimate goal of achieving “sufficient decentralization” for their protocol.

This strategy can help the team address informational asymmetry by transferring project ownership and governance from the team ("insiders") to the community (DAO). The project's legal status is thereby transitioned from a business unit operated by a common enterprise to a “public good” that is owned and governed by the ecosystem. In our playbook on progressive decentralization, we set out this pathway for Web3 builders to attain sufficient decentralization. However, as decentralized technologies evolve, alternative methods to achieve a state of sufficient decentralization will also emerge. So, where does that leave us?

Empowering Web3 builders with a greater understanding of the concept of sufficient decentralization

As helpful as practical playbooks can be, it is crucial for Web3 builders to understand the principles and criteria of sufficient decentralization, rather than focusing on specific measures to implement it. This article aims to explore these principles based on technical, economic, governance, IP, and other parameters—or dimensions—of Web3 protocols. This will help Web3 builders find the most efficient way to achieve this state for their protocols in the rapidly growing Web3 industry.

This playbook is brought to you by the team at Legal Nodes, with leading contributor Nestor Dubnevych. Legal Nodes is a platform for tech companies operating globally and helps Web3 builders establish and maintain compliant legal structures in 20+ countries.

Disclaimer: none of this information should be considered as legal, tax, or investment advice. Whilst we’ve done our best to make sure this information is accurate at the time of publishing, laws and practices may change, as this industry is evolving very fast and more regulations and guidance will likely be released soon. Whilst we aim to update this playbook from time to time, we recommend that founders continually check for the latest developments in the industry themselves. For help with legally strategizing, structuring, or wrapping your Web3 project, speak to us.

Parameters (Dimensions) for Measuring the State of Decentralization in Web3 Projects

Web3 projects often have complex structures and we’ve recently examined how to differentiate DLTs, protocols, and dApps to ensure effective legal structuring of a Web3 project. In this article, we explored Web3 projects and concluded that most of them consist of three technical layers, each with its own functionality and structure. To analyze the functionality and structure of the “protocol layer” of a Web3 project in relation to its state of decentralization, we suggest using the following parameters or dimensions:

  • Technology
  • Business model (monetization)
  • Intellectual property
  • Native tokens

Having agreed on the list of parameters to be analyzed for sufficient decentralization, the next step is to determine the criteria to be applied to each parameter to identify their degree of decentralization.

At the very heart of this criteria lies the question of governance. Ultimately, we need to establish who governs each aspect of the project and to what extent? There is a sliding scale from fully autonomous to completely governed by a body or group. For each parameter, we can ask questions like “who controls this specific parameter?”, “who has the ability to influence it?”, and “who can perform specific actions such as changing the parameter, updating it, or make any other decisions that could cause changes to its operation?”

Before we begin analyzing each parameter through the lens of governance, let's define our benchmark or our “north star” that will guide our analysis of the state of protocol’s decentralization. Our north star is the concept of “minimized governance” for the Web3 protocol, which (as was suggested by Paradigm) should be considered as a foundation of sufficient decentralization.

The concept of minimized governance

In our article on progressive decentralization, we discussed the governance transition from the development team to the DAO. The concept of minimized governance should be viewed as the next and final stage in the decentralization roadmap. In this stage, the DAO's governance powers are minimized to such an extent that the protocol becomes fully permissionless and autonomous, requiring no governance at all. This concept of minimized governance was introduced by Paradigm and has since become a guiding principle for many Web3 builders seeking to improve their projects' decentralization levels.

Once ownership and governance have been transferred to the DAO, its primary objective becomes minimizing its impact on the protocol. This can be achieved by transforming as many protocol functions (parameters) as possible from DAO-governed (semi-permissionless and quasi-autonomous) to fully permissionless and autonomous. This means that no protocol functions or parameters require any administration or governance from third parties.

We now have a set of “thinking tools” that include:

  • A list of parameters for analyzing the protocol: the technology, business model, intellectual property, and native tokens.
  • Criteria for analyzing each of these parameters: we must ask who governs each parameter.
  • A benchmark or guiding principle for assessing the state of decentralization: we can now assess the degree of minimized governance.

Using these tools, we can analyze each parameter, apply the criteria, and compare our results to the decentralization benchmark for certain protocol functions (see the image below). 

Technical decentralization

In the early stages, most protocols are deployed as semi-permissionless, meaning the DAO (or developers) can control the protocol's functions, such as freezing transactions, suspending withdrawals, or adding commissions of other charges, etc. This control is vital during these stages as the protocol is in “testing mode”, and so the DAO or developers need a certain level of control that is flexible and enables quick changes.

However, as the protocol's Total Value Locked (TVL) grows, the DAO that retains substantial control over the technical functions of the protocol from one side should take on more responsibility for maintaining the protocol's compliance on the other side. The fact that the DAO controls the protocol's technical functions implies it can maintain its governance. As more protocol functions become fully permissionless via immutable smart contracts with no third-party control, and as more of the DAO's technical capabilities decrease, the DAO’s responsibilities regarding protocol maintenance (including compliance) will decrease. This is how governance minimization works at a technical level and how a protocol can reach sufficient decentralization.

Therefore, Web3 builders should structure their projects to ensure the protocol is:

  1. Composable and interoperable: enabling easy integration with other protocols and dApps.
  2. Non-custodial: ensuring no third parties have access to users' funds.
  3. Permissionless: so no third party can freeze transactions, suspend withdrawals, or control or influence users' funds in any way.
  4. Open to all interfaces: allowing any front-end provider to easily connect their interface to the protocol.

The ultimate goal of a DAO is to minimize its governance role to a point where it can only manage upgradability for cybersecurity reasons. If vulnerabilities occur, the DAO should freeze the protocol until upgrades are implemented and the vulnerabilities are resolved. The market might find a way to decentralize this technical aspect of the protocol at some point in the future, but for now this seems to be the standard approach.

Economical decentralization

Decentralization is crucial not only at a technical level but also at the economic level of the protocol. This implies that all assets and value that the protocol accrues, including the protocol's native tokens and fee pool, should have decentralized and fully transparent distribution mechanisms.

A state of sufficient economic decentralization means that the distribution process for the accrued value doesn't require any governance. It's handled by autonomous smart contracts that distribute value to incentivize all ecosystem participants (e.g. validators, node operators, block producers, oracles, contributors, and liquidity providers) to continue supporting and improving the ecosystem.

This approach also helps the DAO to reduce the risks that the DAO might qualify as a beneficiary of the protocol if it controls the protocol’s revenue (fee pool). The DAO’s control over the protocol’s revenue could lead to a situation where the DAO is incentivized to maximize the profits of the protocol. This could potentially risk unbalancing the interests of the DAO between revenue maximization and the requirements for the DAO to maintain the financial compliance of the protocol. Ultimately, this leads to an internal conflict of interests.

With sufficient decentralization, the DAO's role should be defined as a neutral community focused on improving the protocol as a “public good”. This is in contrast to a “common enterprise” that has a primary goal of revenue maximization.

Decentralization of token minting and distribution

When discussing the economic decentralization of the protocol, we noted that if a DAO controls the protocol's assets, it may be viewed as the protocol's beneficiary. Since the protocol's native tokens are usually part of its assets and used for liquidity bootstrapping, community building, and ecosystem incentivization, it's crucial to examine this aspect of economic decentralization separately.

The DAO's strategy for token minting and distribution (fully pre-minted tokens, a fair token launch, or a combination of the two) may result in it controlling a substantial number of tokens. This level of control could lead to risks, like market manipulation of the token price or insider trading. Therefore, to exclude any technical possibility of these risks and to adhere to the concept of sufficient decentralization, developers should structure the pre-minting of tokens (the genesis token release) and subsequent distribution transparently, avoiding the accumulation of a substantial number of tokens within a single group.

One possible solution is for Web3 builders to consider a fair launch only (like Ethereum) or a combination of a genesis token release with simultaneous token distribution (for community building) and a fair launch for the remaining tokens (with the model of continuous token distribution). Consequently, the DAO's role might be limited to decision-making about distributing tokens among different pools (strategic reserve, liquidity pool, dev fund, ecosystem incentives, etc.) and setting up separate organizational structures (subDAOs or dedicated legal entities) to govern these token pools per the pre-set purposes of the pools.

Decentralization of intellectual property

Every decentralized protocol is a program code deployed on a “decentralized server” (blockchain). Thus, it's accurate to say that the person who controls the software's source code also controls the software program. In line with the concept of sufficient decentralization, protocol developers aim to prevent centralized control over the source code by minimizing their governance of it. This can be achieved by open-sourcing the protocol's program code. Otherwise, the group of individuals or entities possessing proprietary rights to the protocol's source code could be considered protocol insiders, with potential risks related to the status of a common enterprise, and so on.

Legal structuring of fully (sufficiently) Decentralized protocols

When analyzing each parameter of the protocol from a decentralization perspective, it's clear that some functions cannot be fully decentralized and autonomous due to the current stage of technology and market development. For technical parameters, the protocol's upgradability needs to be controlled by the DAO for cybersecurity reasons. Economically, certain asset pools need centralized governance to ensure the protocol's sustainability, such as a strategic reserve for managing protocol liquidity. Regarding intellectual property and interface issues, a front-end operator should retain trademark rights and domain names to maintain a non-exclusive interface for the protocol.

To safeguard DAO members from unlimited liability, the DAO needs to consider legal structuring for its governance functions, especially for semi-permissionless and quasi-autonomous protocol functions. This legal structuring can be achieved through the creation of an organizational structure consisting of entities serving as legal wrappers for different DAO functions. This approach could provide legal protection for the DAO until decentralized technologies evolve to a level where DAO governance can be minimized (reduced to “0”), achieving full decentralization.

Legal roadmap for a fully decentralized protocol

Regulatory uncertainties regarding the criteria and future development of sufficient (full) decentralization 

In the decentralization test article, we discussed how Web3 regulations are in the early stages of their development. As a result, many aspects of the decentralized economy are not yet covered by these regulations. One such aspect is the term “full/sufficient decentralization” which has been referenced by US regulators (SEC, CFTC) in proceedings against various Web3 projects. The term was also briefly mentioned in MiCA, which we discussed in previous articles. Other regulatory initiatives have highlighted decentralization matters, but they all agree that sufficiently decentralized projects should fall outside the scope of crypto / VASP regulations. This is because a fully decentralized state implies there are no insiders in the project, eliminating informational asymmetry between developers (Web3 builders) and the market. This makes the project community-owned and a public good rather than a business enterprise.

However, none of the aforementioned regulations provide clear criteria for what should be considered “sufficient” decentralization. This leads to a situation where treating a sufficiently decentralized protocol as a public good is more of a legal assumption than a legal conclusion. Rapid technological evolution makes it nearly impossible for regulators to establish criteria that will remain relevant for any significant period after publication. Often, when regulations for Web3 are released, they are already partially outdated as the market has advanced beyond them. This creates risks for builders who strive to create fully decentralized protocols without clear criteria.

At Legal Nodes, we’re sure that this concept will evolve in crypto-related regulations as it’s one of the key principles of building a New Internet (Web3). Therefore, we've attempted to collect, analyze, and unify both international and local regulations, along with market practices and case studies from major players to build a resource center of practical guidance. At the very least, we aim to provide Web3 builders with a starting point for thinking about how to achieve a state of sufficient decentralization that is suitable for their protocols. Speak to us to discuss how we could help your decentralized project with legal structuring.

Build a legal strategy for your protocol

Get started

Nestor is a Co-founder & Head of Web3 Legal at Legal Nodes. Having over seven years of legal consulting experience, Nestor loves working with innovative startups and Web3 projects, helping them navigate the regulations and scale on global markets.

Explore popular resources