Web3 is full of intriguing new concepts that were irrelevant for startup founders in the recent past, such as decentralized governance, game theory, economic incentives, sovereign data, and many others. The space is also known for speculative narratives and regular hacks, which places it on a very special place in the regulators’ agenda.
This guide aims to assist web3 founders in navigating novel legal and regulatory challenges. It is designed to cover a broad range of topics without necessarily going very deeply into each of the areas. Instead, the guide provides numerous links to external publications and resources where the reader can dive deeper. This should not be treated as an endorsement or confirmation of the correctness of such external materials. We simply find these materials useful or illustrative.
Speaking of nomenclature, we use web3 and crypto interchangeably. Under “web3” we understand the next development stage of the internet characterized by a decentralized structure, open-source code, permissionless access, and other features eloquently described by a16z here.
1. Corporate Structure
This section discusses whether the web3 team should set up a legal entity, which jurisdiction to choose, and other relevant corporate considerations. The structuring of decentralized autonomous organizations (“DAOs”) is discussed in a separate section.
1.1. Whether and When to Set Up a Legal Entity
In the traditional startup world, founders usually incorporate a Delaware C-corporation from day one using one of the abundant software tools (Stripe Atlas, Clerky) or engaging their law firm of choice. In the web3 world, the decision is sometimes not that obvious due to unique features of a web3 startup.
Table 1. Traditional vs. Web3 Startups
As you can see, some of the traditional arguments in favor of having a legal entity can be turned on their head for web3 startups. At this point, there is no universally agreed rule on how crypto startups should approach structuring their legal entities. While lawyers tend to say that having a legal entity is a must due to limitation of liability, the short history of web3 startups is full of diverse examples and different opinions. Let’s look at some of the leading projects and their corporate structures based on publicly available information.
Table 2. Legal Structure of Certain Leading Projects
The only conclusion that one can draw from the above overview is that there is no single path when it comes to selecting a legal structure. Note that as of May 22, 2022, the projects listed above account for over 66% of the total crypto market cap and for almost 10% if BTC and ETH are excluded from the sampling.
If we look closer and take into account the different categories of the above projects, we can observe the following:
A modern-day L1/L2 solution would usually have several legal entities with its structure, including a developer entity (often in the US) and a separate token generation entity (often structured as a nonprofit foundation or association)
Some of the prominent DeFi protocols that stay within the realm of on-chain assets and interactions are successful without having any legal entities in place
While other DeFi projects, especially with the founding teams and investors from the US, have opted for a more traditional path and registered a C-corp
Blockchain games and NFT studios tend have legal entities in place, presumably due to the need to protect IP and lower regulatory risks
The above projects in Table 2 are blockchains or protocols built upon them with their own tokens with varying functionality. However, the web3 ecosystem also includes developer tools, wallets, DeFi interfaces, NFT studios, off-chain oracles, onboarding ramps, and many other products and services. Those projects do not necessarily have to be built on the blockchain or have tokens, at least at the initial stage. In this case, setting up a typical C-corp may be a reasonable default choice. This is especially true if the team is looking to raise early-stage financing from VC investors.
Such reports often become outdated within a few months after their publication because the space evolves so quickly. Given the constant rate of change and the number of potential jurisdictions, we decided to avoid getting into any detailed comparisons and will instead lay out the basic principles and practices informing the choice of jurisdiction.
Even though there are almost 200 countries with varying legal systems, the majority of incorporated web3 projects tend to gravitate towards only a few jurisdictions.
We observe that many teams with US founders tend to establish legal entities in their home jurisdiction. Although the U.S. Securities and Exchange Commission (“SEC”) is deemed hostile to crypto, many founders still decide to stay within the familiar environment. This makes perfect sense because the SEC can (and has done so in the past numerous times) pursue legal action against a foreign entity if it breaks US laws. So hiding in a foreign jurisdiction while breaking US laws will not help much. As a corollary, if you don’t plan to break any US laws, why bother with offshore entities in the first place?
This is especially the case for more traditional web3 tools and infrastructure projects, like the blockchain explorers, DeFi interfaces, analytics tools, etc.
One particular advantage of the US as a jurisdiction for web3 startups is a developed financial ecosystem serving the needs of the crypto industry. There you can find traditional banks working with crypto companies, crypto custodians, crypto exchanges, and insurance companies underwriting crypto-related risks. If you see those financial intermediaries as integral to your business model, the US will be a good choice.
However, the US may be a less than ideal place for other teams either because of the high regulatory burden in the US or the team’s focus on different geographical markets, such as Europe or Asia. In this case, we suggest considering jurisdictions closer to your customer base. For example, for teams targeting Asian markets, the most popular jurisdictions are Singapore and Hong Kong.
Based on what we also see, many other smaller projects decide to incorporate offshore in jurisdictions like the Cayman Islands, BVI, and Panama. Over the past few years, we have also witnessed that many projects are being incorporated in Europe (Netherlands, Estonia, the UK).
As mentioned above, an important consideration in selecting a jurisdiction is access to its local financial infrastructure. For example, if your startup lies at the intersection of web3 and FinTech, you should look for jurisdictions in which banks and payment providers are open to working with crypto companies.
If you aren’t happy with the above overview because it does not give you a clear answer on where to set up a company, neither are we. The thing is that it depends on a number of factors. To triangulate the choices, we suggest asking yourself the following questions:
Team. Where are the founders based? Where is the majority of the team based? Most likely, you would still need a legal entity in the jurisdiction where your team is based.
Market. What is your target geographical market? If your answer is “the entire world,” be prepared to budget for an extensive analysis of various jurisdictions. If you start with a specific geographical market in mind, consider establishing a company there, especially if you need access to local banks or payment providers.
Product. Is your product subject to regulations or licensing in a given market? Are you willing to pursue the license for that market? If so, consider establishing a company in that jurisdiction.
Infrastructure. Does your business model require any financial or technical infrastructure? If so, in which jurisdictions can you access such services?
Having answered these questions, you will end up with only a few choices. After that, reach out to a local counsel to obtain jurisdiction-specific advice.
Some jurisdictions have developed legal environments and offer standardized legal documents for startups. Those documents are not web3-specific, but you may still find them useful:
The concept of a DAO was popularized by the writings of Vitalik Buterin back in 2014 when he published the blog post “DAOs, DACs, DAs and More: An Incomplete Terminology Guide.” One of the most well-known DAOs, conveniently named The DAO, was formed 2 years after that in April 2016. The DAO was subsequently exploited and had to shut down only within a few months. A year later, the SEC issued its investigative report, which was one of the first major regulatory decisions in the crypto industry.
Despite a bumpy start, the idea of a DAO kept evolving and has become one of the major crypto trends in 2021 with hundreds of DAOs appearing here and there. According to DeepDAO, there are just a bit fewer than 5,000 DAOs by the date of this publication.
There is no uniform definition of a DAO, and we will not attempt to give one, in part because every team has its own vision of what benefits forming a DAO can bring to the product or ecosystem, for example:
Incentivizing the community
Decentralizing the governance (or establishing “ungovernance”)
Amplifying the product development roadmap
Rewarding the early adopters
Simply raising capital
Before we discuss any legal implications of forming and running a DAO, we encourage you to check out at our DAO Legal Canon, a collection of articles, legal documents, and other pieces of content on the legalities of DAOs.
From the legal perspective, DAOs face the following three main risks:
Issuing DAO tokens can be viewed as an unregistered issuance of securities
DAOs can be classified as a general partnership in which every DAO member has unlimited liability for the performance of obligations and debts of the partnership
DAOs have very unclear tax treatment
We briefly comment on each of the above risks. For more details and updates on the regulation of DAOs, sign up for Web3 Newsletter below.
2.1. DAO Tokens as Securities
The main legal risk of launching a DAO has not changed since the 2016-17 era of ICOs: the regulators may characterize such efforts as an unregistered issuance of securities. While regulators in many countries have been vocal about such risks, the SEC remains the most active and vocal authority in this field.
Under the U.S. federal securities law, the term “security” has an open-ended definition and includes so-called “investment contracts” that deem to exist where there is (1) an investment of money (2) in a common enterprise (3) with a reasonable expectation of profits (4) to be derived from the efforts of others.
These four prongs constitute the famous Howey test dating back to 1946. The first DAO that was analyzed through the lens of this test was The DAO mentioned above. The SEC’s Report of Investigation (PDF) of The DAO remains one of the seminal legal sources when it comes to applying the Howey test to digital assets and DAOs. To learn more, visit the SEC’s Framework for “Investment Contract” Analysis of Digital Assets.
Nowadays, most of the token issuers try to avoid the US jurisdiction and exclude US retail investors by any means. This strategy didn’t help Telegram, whose token sale was halted by the SEC in 2018, even though the issuing entity was located in the BVI and only US accredited investors were allowed to participate. We will discuss this case and existing token sale practices in the next section.
2.2. DAO as a General Partnership
The concept of general partnerships exists in many jurisdictions. Under US law, a partnership is “an association of two or more persons to carry on as co-owners of a business for profit” (Section 102 of the Uniform Partnership Act of 1997). In the opinion of legal minds, many DAOs can be deemed general partnerships.
One noticeable feature of general partnerships is that their members sometimes have unlimited liability for the performance of obligations and debts of the partnership. This can potentially expose DAO members to significant liability. However, this area of law is quite complex, and for the sake of brevity we will not discuss it any further in this guide. If you want to learn more, read a very well-written DAO Operator’s Manual authored by the members of LeXpunK, a DAO for lawyers.
While this risk has been discussed for several years, up until recently there was no real example of when DAO members were held accountable for the obligations of the DAO as its general partners. This may change soon in light of a recently filed class action by bZx users against bZx DAO.
To avoid this liability exposure, many DAOs decide to have some legal entity in place. The approaches here vary significantly with no single leading “legal wrapper” recognized by the market as uniform.
Table 3. DAO Legal Structures Evolution
We will discuss the various approaches listed above in a follow-up article and share it with the readers of our Web3 Newsletter and on this website.
2.3. Tax Treatment of DAOs
Many lawyers agree that tax and reporting obligations of DAOs is one of the most complicated areas in crypto law. All DAOs today have very uncertain standing in terms of taxation. Some of the major protocols start to ponder this matter and consider creating a taxable entity to ringfence potential tax risks.
If you want to learn more about US tax implications for DAOs and DeFi, we encourage you to read the following materials:
Let us now discuss the issuance of tokens in more detail.
3. Token Issuance
3.1. Brief History
In the beginning there was bitcoin – one token to rule all. The only way it could have been issued is by mining. Nodes mine bitcoin, then miners spend it on whatever they agree with buyers, and that’s how bitcoin gets distributed.
The protocols that followed bitcoin had to find more creative ways of distributing their tokens due to technical, marketing, or other reasons. Ethereum did a token sale or initial coin offering (“ICO”) in 2014 by selling ETH to the crowd online in exchange for bitcoins. Already then, the project team was aware of the potential risks that the token sale could be deemed an unregistered issuance of securities. To cover for this scenario, they requested a legal opinion from a US law firm. This was perhaps the first legal opinion analyzing the legal ramifications of a token sale. One source mentioned in The Infinite Machine claims that it was about that time the idea of a “utility token” first emerged.
Fast forward into 2016-17, and there were hundreds of ICOs backed by legal opinions authored by law firms from all over the world. However, the SEC was also getting more vocal with its view that many ICOs were in fact unregistered issuances of securities, famously finding that tokens offered by The DAO were securities.
The increasing risks of ICOs in the US led lawyers to develop alternative frameworks designed to comply with US securities law, namely, with the exemption contained in Regulation D under the Securities Act of 1933 (“Reg D”).
In 2017, a team comprising reputable entrepreneurs and lawyers proposed a template for a simple agreement for future tokens (“SAFT”). The SAFT was modeled on Y Combinator’s simple agreement for future equity (“SAFE”) and designed to be offered to accredited investors only.
At that point, the SAFT and its improved versions became the standard mechanism to issue tokens to accredited investors in the US.
But this did not last long. In 2019, the SEC obtained a temporary restraining order to prevent the launch of Telegram Open Network, one the largest ICOs at that time. This was despite the fact that Telegram was supposedly following the Reg D exemption by offering its tokens known as Grams only to accredited investors via SAFTs. After a fierce legal battle, the court decided that the distribution to initial purchasers and the highly likely future resale should be viewed as a single “scheme” to distribute Grams to US retail investors via the secondary market in an unregistered securities offering.
SAFTs are still widely used to sell tokens. However, the issuers and launching platforms take significant steps to avoid US retail and sometimes even accredited investors. For example, Coinlist, a platform that runs token sales, admits only non-US investors to participate in the sales.
3.2. Modern Token Sales
The modern approach to token sales includes a mix of three fundraising strategies: private sale, public sale, and airdrop. Below we briefly discuss each of these approaches.
Table 4. Token Sale Mix
In private sales, the project offers accredited investors the rights to future tokens under a SAFT, token purchase agreement, or some other legal instrument.
If a project seeks to raise funds from professional investors, such as VC funds, it would usually offer them both equity and tokens. Major VC funds would prefer to have equity and a piece in the future token sale to ensure the alignment of incentives for the founding team. Some crypto-native funds may agree or even want to invest in tokens only.
To structure a double financing round, where both equity and tokens are offered, one should keep in mind a few important things.
First, the percentage of tokens to be issued to an investor does not have to correspond to the percentage of common stock offered to this investor. This stems from the fact that the total of supply of tokens is usually allocated among a broader set of stakeholders than shares of common stock. Based on the research by Lauren Stephanian and Cooper Turley, the optimal token distribution strategy allocates 35% to the team and investor, i.e. the stakeholders that have equity in the world of traditional startups.
Therefore, in the double financing round, it would be reasonable for an investor who receives 5% in the company’s equity to receive 5% from the 35% of tokens allocated to shareholders, or 1.75% of the total supply.
Second, the price of tokens is not always known in advance. While the team may have some estimates, the crypto market is very difficult to predict.
If the project is raising funds during a bear market, the token price may be set at a low enough valuation to attract investors. In subsequent token sales or a public listing on exchanges, the token price may be multiple times higher due to the cycle change. This means that the project has made its early investors very rich at the expense of allocating more tokens to the project development. In the alternative scenario, if the team is raising during a bull market, its early token investors may overpay if the market falls into a downturn when the token is actually issued.
Both scenarios are suboptimal. For this reason, the parties sometimes agree on a variable token price. For example, the team may offer its investors the right to purchase tokens at a discount to the next pricing event. Such event can be the public sale or the price set by the market when the token is listed on exchanges.
Third, the token sale agreement in the private round should be flexible enough to allow the team sufficient room for maneuver. There is usually a period of 12-24 months between the time the token sale agreement is entered into and the issuance of tokens. During this time, the best practices and market narratives may change. For example, the team should be able to (a) change its token economics by issuing more than one token, (b) use a different affiliated entity to be the token issuer, or (c) even abandon its plans to issue tokens at all.
Public token sales are usually facilitated by launching platforms. It may be a standalone platform, such as Coinlist, or a cryptocurrency exchange that also offers launchpads for token issuers. The launching platform would usually handle the legal formalities or recommend outside counsel for that. Importantly, the platform would also carry out the important functions of KYC/AML and implement any geographical restrictions if necessary.
The last element in our token sale mix is airdrops. It has become popular to reward early adopters of the product with tokens issued months or even years after the product has first launched. Unlike in private or public token sales, airdrop participants do not pay anything to receive tokens.
While this should make inapplicable the first prong of the Howey test mentioned above, the SEC does not always see it this way. In particular, when considering a token sale accompanied by an intense bounty campaign, the SEC stated that “the lack of monetary consideration for ‘free’ shares does not mean there was not a sale or offer for sale for purposes of Section 5 of the Securities Act. Rather, a ‘gift’ of a security is a ‘sale’ within the meaning of the Securities Act when the donor receives some real benefit.” In re Tomahawk Exploration LLC, et al., Order Instituting Administrative and Cease-and-Desist Proceedings (Aug. 14, 2018).
This case should be viewed with a bit of skepticism, however, since the promoters of the token sale were acting quite aggressively in their marketing efforts in order to raise financing for a project that otherwise was unable to raise any funds from traditional sources.
Since 2018, when the SEC issued the order in the above proceedings, many projects have relied on airdrops as a way to distribute tokens among the early users. In most of the cases, US and certain other investors were excluded from the token distribution to the extent technically possible.
One of the biggest airdrops was conducted by Uniswap in 2020 in an attempt to counter the actions of a competing project, Sushiswap. In 2021, the SEC launched an investigation of Uniswap Labs, the entity behind the protocol. The results of this investigation are still pending.
Just like the investors in a web3 startup, the core team members are usually compensated and incentivized with the project’s own tokens. Tokens have both similarities to and differences from shares of common stock generally issued to early employees, which makes employee token option plans (“ETOP”) tricky. You’ve read this right – ETOP – something similar to traditional employee stock option plans (“ESOP”).
We haven’t seen anyone using an ETOP yet, but if allocation of tokens to the team persists, it may very well emerge given the industry’s tendency to borrow the terms from the traditional finance world.
When developing the terms of ETOPs, founders should keep in mind the following considerations:
Best practices of ESOPs should not be disregarded. For example, using options instead of free grants creates incentives for employees to think of increasing the value of tokens, especially if they are already freely tradeable. Plus, just like in ESOPs, vesting schedules are always part of the deal package. In crypto, such provisions are usually called “lock-ups.”
Be aware of the potential negative impact of freely tradeable tokens on the team’s morale. Employees in traditional startups do not have a chance to monitor stock prices until the company goes to IPO, which usually takes 6-10 years. During that period, they are not distracted by price movements. In contrast, employees of web3 projects with tradeable tokens will see the market reaction to the company’s announcements and successes. While such transparency is always luring, it is also distracting for early-stage teams.
Keep in mind the potential tax burden for the employees. While capital gains under ESOPs are not generally taxed until the company goes to IPO, the receipt of tokens may trigger a taxable event.
There is no ETOP template to be shared here, but we plan to develop an open-source document and post it at this repo “Web3 Team Legal Docs”.
4.2. Advisor Tokens
The practice of engaging advisors is very common among traditional startups. The company and the advisor would usually enter into a founder advisor standard template (“FAST”) or its variation. Under the FAST, the advisor is entitled to receive restricted common stock or options to purchase common stock.
Web3 projects that already have tokens or consider issuing them in the future usually offer their advisors only tokens or a combination of tokens and equity. Experienced advisors would prefer the latter, namely equity and tokens together, similarly to VC funds that invest in both equity and tokens as discussed in the previous section.
If you consider offering your advisors both equity and tokens, you may find this FAST Token Addendum helpful.
4.3. Insider Trading
The world of web3 and crypto is known for its liquidity. Many projects have their own tokens early on that are listed and traded 24/7 on global crypto exchanges or via decentralized exchange protocols.
This makes this market susceptible to market manipulation and insider trading. To minimize such risks within the team, it is recommended to adopt and implement insider trading policies from day one. An example of such policy is available here.
4.4. Internal Delegation of Crypto Funds
Sometimes you need to designate a person within your company to handle certain transactions with crypto funds belonging to the company. For example, an accountant may need to convert some of the company’s own tokens into stablecoins to pay salaries. Or a marketing team needs some crypto to carry out on-chain operations, such as issuing NFTs.
In the above cases, it may be prudent to sign simple delegation or crypto management agreements with your employees to formalize the relationship and allocate risks. You can find our model Internal Crypto Funds Management Agreement at Github. Please pay close attention to the provisions related to procedures, reporting, and liabilities.
5. Intellectual Property
In this final section, we very briefly address two specific topics related to the intellectual property (“IP”) in the world of web3. However, the IP aspect of web3 is developing very rapidly, and we will be posting more content on this topic in the future. Check out Web3 IP Hub for other materials related to IP in web3. Also, read our guide for startup founders to learn more about traditional trademarks, patents, and copyrights.
5.1. IP Aspects of NFTs
IP rights have received a lot of attention recently due to the boom of non-fungible tokens (“NFT”) over the last couple of years. In its conventional form, NFTs represent unique digital tokens with metadata that provide URLs to pictures. Such pictures are usually stored in regular datacenters, such as AWS, or in distributed systems, such as IPFS. NFTs can link to other digital files, such as music or video, but for the purposes of this article we will only focus on pictures.
Two questions usually arise with picture-based NFTs. The first question is whether one needs to obtain a permission from a third party to generate an NFT that references a picture to which copyrights are owned by that third party? The short answer is yes. The copyright owner has exclusive rights of reproduction, adaptation, publication, performance, and display of its picture. In our opinion, this includes the minting or creation of a NFT token that contains a link to a copyrighted picture.
Moreover, if you look into the terms of major NFT platforms, most of them state that users must have obtained all rights or licenses necessary to create or submit NFT tokens. There is also usually a procedure by which a copyright owner can take down NFT tokens that infringe the owner’s rights.
There have been several reports of ongoing legal battles related to NFT, including a lawsuit by Miramax against Quentin Tarantino over his NFT collection based on the unpublished scenes from Pulp Fiction.
The second question or rather a set of questions relates to the sale and transfers of NFTs. What happens when an NFT is sold from the legal perspective? Does the purchaser of an NFT acquire any commercial rights over the underlying picture?
The purchase and ownership of a digital NFT token does not by definition confer any copyrights to the owner of the token, unless otherwise is stated in the terms or agreement governing the sale.
For example, the terms of NBA Top Shot Moments grant a license to use, copy, and display the purchased moments solely for personal, non-commercial use; whereas CryptoPunks have been allegedly sold under the so-called Nifty license that allows for the commercialization of NFT picture for up to $100,000 revenue per year.
Therefore, if you plan to issue an NFT collection, think about the applicable terms if advance. If you plan to purchase an NFT and, for example, produce NFT-based merchandize, make sure to review the governing terms.
5.2. Open-Source Smart Contracts
It has become common for crypto projects to openly publish their smart contracts, such as Uniswap v3 Core smart contract available on Github. Naturally, this can result in copycats. To restrict such copycats and create a competitive advantage, some projects publish their source code under more restrictive licenses.
For example, the smart contracts of Uniswap are subject to three different licenses, namely GNU General Public License, MIT License and, notably, Business Source License. This later license restricts the unauthorized use of the entity’s source code for two years.
* * *
We hope this guide will help navigate new legal challenges presented by the dynamic world of web3. If you have any questions or ideas on how to improve this guide, please reach out to us at firstname.lastname@example.org. Sign up to our Web3 Newsletter to be notified on any updates to this guide and web3 legal updates in general.
The guide is authored by Roman Buzko, Evgeny Krasnov, Filipp Petkevitch and Vasily Agateev.
Crypto Law NewsLetter
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.