Note: The ideas and suggestions mentioned in this Article are the personal views of the authors and can in no way be attributed to the Government of Malta or any of its agencies unless and until actually adopted in legislative or other state instruments.
Innovative Technology Arrangements (“ITAs”), including Decentralized Autonomous Organizations (“DAOs”), are beginning to challenge existing constructions of legal personality for non-human business entities around the globe. At a technical level, DAOs almost function as a reductio ad absurdum case for corporate governance. Instead of relying upon static mechanisms to regulate the personality rights of a business entity, which execute at the speed of people, DAOs offer algorithmic governance mechanisms that execute at the speed of code. Decentralized execution of code ensures that commands are executed as specified in the code without allowing for any party to alter the process or interfere. With all of the governance processes reduced to self-executing code, the native structure of an ITA enables businesses to operate more efficiently and transparently.
However, this is not without risk. Absent adequate technical diligence assurances being undertaken during development, bugs can be exploited by hackers or produce unintended consequences for those inside the business, and even worse, for those using or relying on the business for their own affairs. As a practical matter, the collaborative, distributed, and potentially anonymous processes used to create and deploy these code-based governance algorithms have the distinct potential to create an accountability gap2 between the designers of an ITA and the outcomes of that ITA. All of these points underscore the need to modernize the guardrails of legal personality to accommodate or catch up with the technological revolution of the last decade.
This paper examines the ways that legal personality is addressed in the Maltese and the American legal systems, with a specific focus on recent legislative amendments and proposals to cater innovative technology. The paper is organized as follows. Section II gives an overview of the possible technical interpretations of the term DAO, while Section III gives an overview of legal personality. Section IV discusses the similarities between the two in the context of blockchain. Section V presents a proposal on a new model of legal personality for DAOs currently under discussion in Malta. Section VI follows with an analysis of how such an approach would fit within the context of legislation in the United States. Section VI discusses some of the challenges of granting legal personality to technology arrangements before concluding remarks in Section VII.
Although the term “DAO” can be traced to Vitalik Buterin3 and the work of De Filippi and Wright,4 its use has been largely shaped by the specific crowdfunding instance of such a structure which took place in 2016.5 The individual words composing the term adopted by this platform, (i) decentralized; (ii) autonomous; and (iii) organization, are broadly derived from its underlying technical features. Independently analyzing the makeup of the terms, organization6 suggests a coming together and coordination of an activity amongst various participating parties. Autonomous can be defined as coordinated effort that occurs according to pre-specified, transparent, and executable rules in the form of contracts. Finally, decentralized indicates that no single party has the power to destabilize or jeopardize the organization. Beyond the prototypical DAO, the definition has been expanded to other systems to accommodate various options in the design and operation of such systems.
Prior to discussing the features of DAOs that call for legal recognition, we will provide a range of interpretations and issues with each of these core features.
The term decentralization evades definition, particularly because it encapsulates various aspects, including: (i) the underlying hardware, in that Distributed Ledger Technologies (DLTs) reside on multiple distributed nodes through a decentralized protocol; (ii) the underlying platform, the DLT itself, which operates in a peer-to-peer decentralized manner; (iii) the administration and management aspect of the underlying hardware and the platform, which includes no central orchestrating entity with the power to single-handedly interfere with the operations; (iv) the application logic level — the smart contracts governing the behavior amongst parties — independent of the underlying platform may, or may not, be decentralized depending upon the encoded logic; and finally (v) the data upon which the process consumes, produces or stores, which may be controlled in a decentralized manner. Many self-declared decentralized systems may cover many, but not necessarily all of these aspects of decentralization, and often many points of centralization still exist within such decentralized systems.
Various points of centralization are frequently implicitly accepted or disregarded. For instance, most proposed DLT solutions operate on existing Internet infrastructure, which has various points of centralization (including, for example, Domain Name System infrastructure). Furthermore, beyond the management of digital assets with no real-world counterpart, most systems have to interact with the physical world where decentralization is hard, if not impossible, to achieve. Often, the physical real-world involves centralized players and entities, be it jurisdictions, legal entities, individuals or Internet-connected devices which do not provide immutable truths nor guaranteed execution of processes. Therefore, decentralization is not of a (crisp) binary nature as many purport it to be, but is rather a multivariate measure that may range from fully centralized to fully decentralized.
The notion of autonomy, especially when applied to autonomous agents, refers to behavior without undue external interference. In other contexts, the use of the term assumes a degree of intelligence in how behavioral decisions are undertaken, and an internalized notion of maximizing ones self-interest. In contrast, the use of the term in the context of the original DAO refers to the automated nature of intermediation between the participating parties and behavior of the entity as a whole, similar to how a body attains autonomy through the aggregation of its constituent parts. As with the case of decentralization, the complexity of the logic specifying the nature of autonomy and the degree of internal representation of purpose or goal may range from simple branching logic to complex, artificially intelligent agents.
The third distinguishing feature of DAOs is that they are an organization made up of participating parties. Although the underlying technology typically acts as an enabler of organizational behavior by providing — for instance, protocols through which decisions may be taken and carried out — in some DAOs, one may consider technological components as entities or parties forming the organization itself. For instance, such a system may effectively act as an algorithmic trader independent of the human parties themselves. Similarly, components of a DAO providing compliance functions may be seen as parties in the organization with a specific role. Given the spirit in which many DAOs have been created — basing their design on that of public and permissionless DLTs, with parties corresponding to equal peers acting as part of a network — one typically finds flat organizations in which the parties have similar rights of participation. However, this is not necessarily the case, and the automated nature of the decision-taking protocol may (and has been) leveraged for an arbitrarily fine-grained way of taking decisions. This organizational decision-taking protocol can, in fact, be argued to be a distinguishing feature of such organizations.
As a legal construct, a juridical or artificial person (i.e., the different flavors of legal personality) has played an important role in the cultural and economic development of the world since it was conceived centuries ago.7 Such legal persons emerged for various reasons, effectively as a product of organizational requirements, but grew to accommodate structured organizations with some social impact, and finally evolved to fully fledged organizations with legal personality. As it is today, these legal personhood rights enable organizations to engage fully in all areas of social and economic activity, as if they were natural persons.8 Legal persons have now become very sophisticated, having powers and features that go beyond those of a natural person — at least in terms of effectiveness and security. The process by which the different flavors of legal personality emerged are as varied as the goals, processes, outcomes, and histories of those who created them.9
Each legal system has its own story and outcomes. In this article we will be focusing on the future, not the past. Due to the experience of the authors, this article will necessarily reflect, first, the story in Maltese law, essentially a civil law system based on Roman law and French Civil law, but which has since been seriously impacted, especially in commercial law, by English law.10 The issues will then be considered from the perspective of the American law experience, a purely common law case study. The law of legal organizations and persons is evidently a bridge between the two legal models.11
The discussion on legal personality for blockchain platforms and/or arrangements began as a consequence of scholars, including some of the authors, regarding blockchain as having resemblance to a legal organization, sharing numerous common features including purpose, assets, governance, voting, sharing of profits, and autonomy. On that basis, we have seen American scholars suggest that there may exist a partnership among the participating parties in an organization, owed to a participative role in decision making or profit sharing.12 Other scholars in Europe more recently have arrived at similar conclusions following analyses of American, English, French and German law.13 This naturally raises very serious risk issues for participants.
As Rolo points out when discussing the DAO case:
“Even though the 2016 DAO founders tried to do so, they could not waive joint and several unlimited liability, and they were at risk for the full total of the firm’s debt.”14
While it is possible to disagree with this assertion, many of the practical aspects of how software is developed, especially open source software, lead to some intricate situations that would necessarily raise questions about which parties are actually in a partnership with one another.15
In Malta, analysts argued, at the early stages of strategic proposals to the Government,16 that recognition of blockchain arrangements or platforms as legal organizations, and extending to them legal personality, should be seriously considered in a quest to achieve greater legal certainty. This would reduce the risk of unknown and unpredictable liability for users who are unaware of the risks associated with being part of such organizations.
The establishment of a legal organization to own, control, and operate the arrangement would solve another issue: offering a point of recourse. However, existing forms of legal organizations which can, and are, being used in the present situation, raise other issues. Clarity on such a fundamental aspect of legal and economic relationships would support innovation in this important area for emerging technologies.
The similarity in features of the blockchain and legal organizations are stark. Figure 1 and 2 below illustrate some basic commonalities. These examples are evidently generalized into basic clusters of features as a way to show that both legal organizations and DLT platforms have: governance mechanisms, a defined purpose, an operational or management statement or document, and assets which could be the organization’s or held for third parties.
In attempting to map the future of legal personality from a traditional legal organization onto a blockchain-based organization, such as a DAO, it is imperative to analyze the factual context in which these new technology “organizations” are situated.
The similarities to a traditional legal organization are even more pronounced when one looks at the relationships generated through a blockchain platform. As shown in Figure 3, DLT Platform relationships could equally apply to those of a legal organization. Notably, the knowledge processes and governance structures are almost identical. The only missing aspect is a DLT’s powers of representation, and it appears that this will need to be fulfilled by some human integration with this technology structure.
However, the need for human interaction in this aspect of the process of containing a legal entity can create a problem for the integration of each entity type into the other. When owned, controlled, or operated by an existing form of legal organization, the problems are duplicated. We have two potential organizations — the formal one and the de facto one. We have two or more centers of governance — the board of directors, for example, and the governance nodes operating the consensus algorithm. We have two ownership instruments — the registered shares and the proprietary or equity tokens. We have two voting instruments. We have two accounting methodologies. We have two participation entitlements, and so on. This analysis of duplication deserves an article on its own, but it is at least apparent that such concerns exist and pose a problem. Hence, the proposal to consider two paths which will avoid duplication with a clear outcome for each, especially the technology organization which will reflect its particular realities, rather than a different reality underpinned by associations with foundations in the middle ages, companies a few centuries ago, or co-operatives even more recently.
The Maltese legal system includes a framework for assurances for DLTs or systems using DLT-based technologies. In Maltese laws, the term adopted for these systems is that of “Innovative Technology Arrangements.”17 The framework provides a certification process for such systems, requiring a rigorous technical audit. Whilst the approach proves a degree of legal certainty, the issues discussed above regarding legal personality of such systems are not addressed. Nevertheless, it forms the foundations for Decentralized and Autonomous Innovative Technology Organizations (DAITO) – a model for providing such legal personality.
The following discussion highlights: (i) the fundamental need for DAOs to have some way that they can interact with the state, (ii) identifies the key elements of legal personality that would need to be represented in some modernized design, and (iii) explores some of the qualifying characteristics and challenges of identifying these new technologies that might help shape such a design.
We must first address a fundamental issue: the requirement of recognition through registration with a State.
Legal personality is granted by law to support associations or endowments for beneficial purposes. As it is a fiction of the law, a legal personality must have some external manifestation, typically through a written instrument that expressly states promoter intent and the purposes of the organization. A statutory registration process, including signatures of the founders, is typically required in order to create such containers of legal personality.18 Aside from registration, an equally important element is required: publicity. Publicity ensures that the existence of the legal organization under the law stands, communicating important information regarding the organization’s purpose, governance, and representation to the public. Registration can be in a public ledger, such as is found in common law countries. Alternatively, registration can be done via public notary procedures or court processes of recognition, with or without a centralized ledger entry.
The above is absent in most of the typical DAOs, which have only been created through code on a blockchain. It is important to note that, in fact, DAOs can only meet some of the above elements when appropriately designed with standard legal requirements in mind. In much of the current debate on DAOs, registration with a public registry or authority is not one of the prominent considerations from the perspective of the developers.
Without registration there is no State recognition and thereby no legal personality within many legal systems. Most countries recognize each others’ legal persons and give them status in their own legal system which allows them to operate in a cross border manner.19 Public international law has developed methods to recognize legal personality of institutions created by treaties. There are long standing assumptions underpinning this mutual recognition system. Together, international law for entities with legal personality permits certain right when operating in a cross-border manner.
The DAO cannot operate as a “person” within the legal system. At most it is an unregistered organization, like a civil partnership, which can exist within a legal system without having legal personality. However, there are requirements that must be met in order to have a valid civil partnership, as well.
Legal personality cannot be created through private agreements or actions as its impacts have grave consequences within the legal system. More importantly, its potential effect on third parties can create harm. The basic legal position with unregistered organizations is that persons creating and operating them are personally liable for all matters performed through the organization. This, however, assumes an important detail: the organization has a small number of identifiable persons20 but that is another discussion.
Legal systems usually give legal personality on the above basis but also lock it into known legal forms. As previously discussed, there are specific types of legal organizations which can become legal persons. A fairly broad design scope is permissible amongst known forms., but we are unable to invent new forms on our own. The legal systems stipulate requirements through the law, usually special laws like the Companies Act. The law then sets out important requirements on constitution governance, publicity, liability, accounts, and winding up; some aspects are mandatory, while others have more flexibility.
The short conclusion is that individuals cannot just invent new forms of legal persons that are capable of functioning with legal protections in existing legal frameworks. The challenge to confer legal personhood to DAOs is clear: a new law or statutory mechanism is required if we want to realize the potential of these new digital organizations.
Of course we can tinker with existing legal personality forms to allow DAOs to operate as blockchain arrangements to carry out and achieve their stated purposes. Certainly, application of the traditional form is feasible. However, there rests two key issues: (1) features that were previously inconceivable (i.e., decentralized governance) and (2) the automation of an entity to such a degree that human involvement is no longer required.
These are only two elements in the digital transformation we are seeing in relation to legal organizations. It is evident to the authors that there is an opportunity to rethink the concepts of legal organizations, beginning with the ITA. Then, we will be able to determine where that takes us consistently with its behaviors, features, qualities,21 and aspects.22 We currently stand at the foot of promising, new legal organizations. Perhaps it is the DAO or as we are suggesting in Malta, a DAITO — a combination of the “decentralized and autonomous” with the “innovative technology arrangement.” That is what will produce the technology based legal person of the future.
As a construct, legal personality exists as a type of exchange — certain legal protections are granted in favor of a certification of compliance with some governing rule. Examples of this are numerous and include: those entities made up of persons, such as business organizations and governments; non-human living things, such as animals and certain landmarks; and inanimate things, such as temples, church buildings, ships.23 In each of these cases, lawmakers determined that when certain elements were present, a new set of legal protections should exist. As DAOs become more popular, many are wondering what elements will a new law for legal personality address, focus on, and regulate? What are the problems with applying existing elements to the new reality of ITAs?24
In this respect, it may be easier to address these questions through a comparative analysis from a traditional perspective. Indeed, a similar approach has been suggested by Wassim Alsindi for classifying cryptographic assets in TokenSpace.25 The following section will walk through the ordinary steps of conferring legal personality, with an added commentary on potential issues and benefits for ITAs.
Every legal organization is required to have a name so that it is able to be identified and distinguished from other organizations and even from the people involved in it. There are varying rules in many countries to avoid organizations using the same name as others already in existence.26 ITAs have also adopted this element of identification for purposes of internet access.27 One notes the effort to come out with clever and attractive names, just like we do with companies and foundations, often seeking to indicate some element in the ITA, although they may be merely code numbers or meaningless names as well. As this is a common element in legal organizations, it is easy to require it for a new distributed, decentralized, and autonomous organization — and more so if registered as a legal person.
Every legal organization is required to have a registered office, or place of incorporation. Current laws have recognized that the seat of incorporation or registered office could differ from the principal place of business. Nevertheless, the place of registration remains an important and often strategic decision. What about the case for ITAs? Currently, digital addresses associated with the deployed DAO exist, but are not formally connected to any territory or legal system. This results in serious legal ambiguity. For a digital address to be permissible for the purposes of this discussion, it should enable communication. The registration of the address should connect the chosen jurisdiction and forum.
The volatility and transitory nature of digital addresses as identities is incompatible with existing laws of incorporation. If we want to elevate an ITA as a new form of legal personality, then a new path is required. Specifically, a stable digital address needs to be part of the registration process and publicly and accessible.28 one of the challenges is the volatile and transitory nature of the addresses which is incompatible with an address of a legal organization which anchors it to a legal system, the altering of which is a legal process requiring the consensus mechanism to operate in a public and recordable manner equal to a public registration action. This is one of the compromises that is perhaps necessary in order to bridge and obtain a form of legal personality that is granted as an act of recognition by a state, or in extreme cases under international law through treaties.29
Could this remain a physical space? Given the need for human intervention, however minimal, there is an expectation that a registered office remains an important requirement. The state in which the registered office is located could provide a foundation for the legal structure of an ITA.
Further, the question of legal residency is increasingly relevant in the field of tax law. With the rise of global transactions, tax evasion is not uncommon. Equally, organizations that exist entirely in cyberspace do not fit neatly within the established, analog construction of a tax residency set at some physical location. This all suggests that new solutions on how to tax ITAs or other legal organizations that own and operate ITAs are necessary. Certainly, policy and lawmakers must act prudently to avoid further aggravating existing gaps in cross border taxation. New solutions need to be able to harness technology to collect the right levels of data about an organization’s performance and tax the profits made, or at least attribute those earnings to the appropriate individuals. If desired, this could be done in such a way that does not require the ITA or its owners or controllers (i.e., the relevant parties as determined by the consensus mechanisms and other automations) into one location through requirement of a physical address.
In the authors’ view, the establishment of a legal organization with a fixed physical address within a country would be a preliminary solution for transparency in taxation. It can be imagined that a local tax law might require any locally registered DAO to keep statistics of the nationality of users and then collect the tax due to each country or alternatively to collect tax on each transaction and then determine the jurisdiction to which the collected tax is payable based on any pre-selected party to the transaction. One possible technology oriented way to overcome this challenge is for the state to establish its own virtual jurisdiction in the cryptosphere, though that would require not only the development of advanced cryptographic solutions, but also the awareness and willingness of a State to represent the rule of law with actual computer code.
Legal organizations require an intent and purpose. The purpose must be lawful and consistent with public policy. The same would apply to software if it was to have legal personality. The purposes can be multiple and varied, ranging from charity to commerce, or from passive holding to active trading.
The purpose should be explicit and clear. As discussed, provided the sensitivity of global arrangements and conditions of private international law, the legal organization must articulate the language of operation. From country to country, such language can vary. In anticipated instances where an organization operates across multiple borders and in different languages, this choice will be based on, among other things, which target user would be appropriate.
The achievement of the purpose of any legal organization is considered to be one of the statutory duties of the administrators and as a result there emerged the theory of ultra vires in the event that the directors of a company, for example, went beyond the purposes of the organization. This is also a fiduciary duty of the directors, as the purpose of the organization defines their mandate as agents or representatives of the legal organization. In some cases, this means there would be liability towards the organization for certain losses incurred and, at least in older laws, there could be nullity of the actions entered into with third parties, even if they were in good faith. More modern law now protects third parties in good faith against abuse of purpose by ensuring that such a breach is treated as an internal problem and would not impact outsiders. This is on the basis of assumed powers of administrators on which third parties must be able to rely for normal economic activities to remain smooth and effective.
For certain legal organizations, capital is a central feature. Typically, company law, focused on trading contexts centers on capital, including the raising and retention of capital, as well as insolvency considerations. In the digital context, this leads to an interesting question: how should the role of capital be addressed if the core asset of ITAs is software?
If the new organization trades for profit, it becomes relevant. If the purpose of the ITA is charitable, capital is less relevant. As an example, the fiduciary obligations of foundations involve the holding, safeguarding, and administration of the assets. The concepts of risk, speculation, and debt are far from the ethos of these organizations.
With ITAs, we see a utility to perform tasks as users. An entity with software that qualifies as an ITA and can act as the core asset of a new tech orgnaization is, in our view, closer to the model of a foundation than the model of a company. Indeed, one of the primary goals in establishing a legal personality wrapper is to provide protection to its members from third party actions. In this context two new questions arise: (1) should a public decentralized and autonomous ITA and its software stack be given any “value” (in terms of an asset); (2) and should it ever be considered to be the guarantee of third parties dealing with the organization/ A better more promising perspective is that the software artifacts should not be considered to be part of the patrimony available to creditors and should never be an asset over which enforcement is traditionally possible. The idea, then, of treating these organizations as a capital fund, over which investors have a proportionate share of ownership, is inappropriate.
Evidently, there are expenses and liabilities to be met. Should liability be managed through complex capital rules, as we have seen in companies or more simply in other organizations, i.e. leaving the onus internally to the administrators? This question helps demonstrate that the practical need of a reserve fund to meet unforeseeable expenses. The same would apply to ITAs where, if there is no method of paying service providers, for example miners and others positively contributing to the maintenance and existence of the ITA, then the ITA would be required to cease operations.
A clear framework for reference already exists in charitable organizations. Nevertheless, innovative solutions around reserve funds, cashflows, insurance, and third party sources of guarantees and funding are required to deal with viability and sustainability. These frameworks will no doubt run into issues being applied to the new technological domain of ITAs. For example, unforeseen bugs in the software code of an ITA, potentially causing loss, creative options are required for managing liability, insurance, and fundraising.
This point is where traditional organizations diverge from DAOs and ITAs. Traditional legal organizations have a board of governors. ITAs, on the other hand, currently are not required to have a certain body of governance, though it is worth noting that as a practical matter ITAs indeed do have governance mechanisms. It would appear then, that the current environment has two extremes. However, the transformation of an organization from physical to digital would seem to suggest that a third option in between these two states is possible. For example, a hybrid solution that is predominantly automated with occasional human intervention. The direction automated governance is taking to date suggests a need to balance between the varying levels of human support and the need to uphold the integrity of the design.
This issue is particularly complex because of its close association with liability. In particular, it will be important to determine how liability applies to the automated governance of a DAO. With the knowledge of how liability currently operates, there should be clear distinctions between the responsibilities of the decentralized, automated, and human-specific interactions. This will ensure that humans involved with ITAs carry out designated and defined functionalities, and, importantly, are not liable for situations that extend beyond their own engagements. Moreover, such definition would ensure these functionaries are not be held liable for the effects of fully automated technology, nor are they liable for the decisions taken by the consensus algorithms or the accuracy of the data feeds (oracles) happening without their knowledge or control, except to the extent that such behavior amounts to reckless or negligent. We will not need to address the question as to whether the user nodes and users forming part of the consensus mechanisms incur liability for actions of the nodes. This could include supporting, not supporting, not doing anything, or even allowing their computers to carry out verification functions and responding without their knowledge. Furthermore, the question of liability presents itself again when a consent or confirmation is made or denied by a smart contract and not a human.
As in company law with shareholders, it should be easy to state that user nodes are not liable for the actions they take when participating in a consensus mechanism, unless there is a direct causality. This is not necessarily obvious as majority shareholders voting in a general election meeting are never liable on that count alone. While they are not administrators, similar to directors in a company, absent administrators in a tech organization, the controllers become a target for potential liability (with the exception of a decision taken on policy grounds that would not render a node liable). One could decide that this should always be the case, that exceptions apply when fraud or malicious intent is involved.30 In accordance, with legal principles this would not create liability.
Many will argue that the law should not operate differently here from the ordinary cases of participants in existing companies or foundations. The matter is, however, far more complex because nodes could be different from one another, with unequal powers and rights. Tokens giving powers and rights may be different from shares in companies or proprietary interests in foundations or companies. A general rule may be far too stringent and numerous standards at this stage of development may be premature. Further considerations in addressing this issue are required because unpredictable outcomes will be a critical obstacle to innovation and freedom in design of decentralized and autonomous organizations.
In adopting a rule that ensures participants would not be liable for unforeseeable breaches and damages caused by code, the focus would be redirected to the developers who wrote the code. Therein exists another set of problems in regards to who wrote the code, when it was written, how it was amended, by whom, and so on.31 This is equally speculative and legally complex.
A simple practical approach may provide a solution: making the tech organization directly liable for losses and breaches to the exclusion of others. Similar to human functionaries, the like users and human functionaries, requiring transparency of recourse assets, impose minimum reserve funds relative to user assets, impose specified types of insurance, and require compliance and quality standards, in addition to other assurances to help minimize risk. Under Maltese law, we have already introduced certification of ITAs. One of the requirements fo certification is to have a “technical administrator” with the power to intervene and address losses and breaches of mandatory laws. Should malicious intent or fraudulent behavior be found, then liability would evidently incur at the individual level.32
A practical example: if RegTech on prevention of money laundering had to be of sufficient quality to be deployed, that would mean that there would be no need of a human money laundering reporting officer. If there were a breach owed to an unexpected glitch, assuming prior good faith and competent systems audits the error occurs not as a result of an intentionally poor design of the code, or malicious intent, it stands that the legal organization deploying the RegTech would be held responsible for the breach. Criminal law would subsequently apply pecuniary penalties — non-conviction liability —on the legal organization. In this case, there should be an obligation for a human functionary to address the bug or technical glitch immediately and, to the extent possible, without any risk of liability for the unintended and unforeseeable breaches. The human functionary would, however, be liable for the omission or failure to act when required to do so.
In the authors’ view, this would be better than the legal vacuum and uncertainty that exists today. Indeed, there is a clear policy incentive to encourage the use of such a new form of legal organization with personality rather than allowing for the proliferation of ITAs which are not legal organizations, even if arguments can be made tat they are partnerships.33
Typically with centralized organizations, ownership is vested in identifiable persons. For charitable foundations, however, the requirement of private owners is not necessary. Instead, there are identifiable controllers, featured in legal organizations as administrators.
In decentralized organizations like ITAs, there may be a similar situation. Hundreds of members could hold proprietary interests in the technology and its activities, share in the profits and capital growth, or merely exercise participation rights in decisions through voting mechanisms. In this context, there are clear arguments to regard the decentralized and autonomous technology arrangement as property in the public domain or as commons.34 Given the freedom and accessibility of the platforms on top of which ITAs may be formed, often open source software, it is the case that one can use it and stop using it like any other public utility. There is no centralized control and no one can claim proprietary rights over the software. This creates a tension. Absent owners or control, a type of legal vacuum is created in which the most suitable legal organization structure to enable members to freely engage with the organization would be a non-proprietary entity. However, few legal organizations of this type exist and most of them are referred to as purpose organizations.
If a new type of legal entity has to be designed, in order to be consistent with the decentralized and autonomous ITA, we may very well have to use very specific types of organizations as models. Foundations are one of the models that, so far, seem most amenable to the unique considerations that have been raised by DAOs. Nevertheless, without affecting the nature of the ITA, some proprietary interests should equally be considered in order to create additional financial incentives for the development or acquisition of such technology platforms, and to cover the repayment of loans or investments through cash-flows generated from the utilization of the platforms by users. This kind of private interest would be a problem in a charity, but here we are not necessarily dealing with charities because ITAs can be design with an intent to be for-profit, for the benefit of the members.35
In the context of distributing funds among members, after-tax income could be administered through tokens and smart contracts without effecting technology stacks. In Malta, there is an ongoing debate about placing the non-proprietary ITA in a segregated cell, designated as “non-recourse” to protect against court seizure and potential destruction of all user data and assets that do not belong to the ITA. This process is analogous to fiduciary assets held by banks. Moreover, the question arises as to whether to permit proprietary or security interests in non-recourse assets. Currently, the proposal recommends allowing such interests to be subjected to limitations on powers in relation to the fiduciary nature of the software assets. Security interests, for example, would have only have rights to cash-flow managed through smart contracts and would be unable to enforce rights to payment through the auction of the software.
This points to another set of issues that are down to the design of the tokens owned by the members. For example, the proposal to manage security interests via smart contracts could be iterated as a way to create a duty not to abandon the software without first implementing a solution that protects its users or creates triggers to substitute the governance mechanisms in the event of abandonment. Bankruptcy and insolvency law also represent opportunities where tokens could be designed in a way to programmatically resolve compliance issues that are difficult to track down, understand, and coordinate in traditional legal organizations.
Every legal person has a distinct patrimony, which includes everything one owns, as well as intangible rights. Creating a legal organization confers an organizational right to patrimony in such a way that the patrimony of an organization then includes the tangible and intangible ownership interests of the organization. For an organization represented as a technology, the principle is much the same but merits additional discussion.
As the core asset of the organization would be a qualifying ITA, the patrimony would evidently be the ITA, itself, and all other assets added to it, including the proceeds raised from a token issuance, contributions made throughout the life of the organizations, etc. One then deducts all costs and liabilities as they occur. If the patrimony is exhausted, and the organization cannot continue to operate, it would need to wind up. In the case of a tech organization, we should not treat the ITA as part of the patrimony available to meet liabilities. Assuming we treat it as public domain or commons, as suggested above, the asset would be owned by the organization under a different title, namely fiduciary ownership. The fiduciary obligation is to hold the ITA, administer it for its stated purposes, and to safeguard it for the benefit of its members. As fiduciary property, the ITA would effectively act as an “off-balance sheet” and is non-recourse, as it is held for public benefit and not for private interests.
Given that a tech organization may need funding to develop the ITA, security interests may be designed through tokens, relying on cash-flow payable on the basis of use through appropriate smart contracts. These security interests will attach to the ITA but will not allow creditors to enforce upon the ITA itself.
One needs to keep in mind that an ITA is a complex arrangement of software which could be proprietary. Examples include open source software under open source licenses, private software under commercial license, and the use of an open source software, such as Ethereum.36 It would be impossible to attach such an arrangement without destroying the ITA or its utility. There is also the possibility of parts of the software being withdrawn, e.g. due to nonpayment of commercial license fees, being modified in a versioning process, etc. So one must deal with these situations consistently and ensure that the vulnerabilities to users are carefully addressed.
All other assets, apart from the ITA, will constitute the effective patrimony of the tech organization. That will be fully available to creditors of every type.
All organizations start their lives following the creation of their constitution or articles of organization and die when they are terminated. The terms used for their death equivalent are dissolution and winding up which lead to their removal from the public registry. This occurs as a consequence of insolvency, illegality of activities, or other serious difficulties in administration. Not all circumstances for winding up or dissolution, however, are applicable to ITAs. Indeed, some could argue that public decentralized blockchain systems might not ever ‘die,’ living forever in the cryptosphere.
Here, again, we have a problem with duplication. The issue occurs when an operating ITA is embedded in an organization — simply dissolving the legal organization does not have a direct correlation to the dissolving of an ITA, as ITAs may continue to operate in accordance with the decentralized governance. Conversely, the decentralized governance of an ITA could be effectively terminated without the legal organization completing the dissolution process. Winding up, therefore, must by contingent on the TIA being removed from the organization and placed in a successor organization of a similar type. Until then, the tech organization would not be able to be wound up and struck off the register. Alternatively, the ITA could be orphaned, operating instead as a non-profit organization. However, as discussed, this is not a favorable option as it offers no protections to those involved, especially its users.
Under Maltese law, if an ITA is conceived as a segregated cell, such an operation is feasible through its transfer to another organization of the same type. The process would likely work as follows: (1) through the process of forking, changes would occur with the ITA; (2) nodes approve the changes; and (3) the ITA would continue under a new legal organization as a continuation of the segregated cell.
The segregated cell feature can also be a solution to an evident problem: the lack of knowledge or interest on the part of the nodes. In a crisis, it is clear that many users might not even react and that would mean that the shift of a cell operating all the software to a new organization may not garner the required support. Furthermore there may be an issue with the design of tokens which could refer to voting power. In these situations it would be important to vest the power of transferring the cell to a new organization specifically in the hands of the technical administrator with the responsibility of managing the transfer absent consensus. As the transfer of the cell is a sensitive process, the technical administrator must be willing to accept liability in the event of issues that arise from the transfer. Following the transfer, the former organization is able to be dissolved with its remaining assets divided amongst its creditors. If there is excess, the assets can be transferred to the successor organization (as excess assets are effectively imprinted with the same purpose of the original ITA) or to holders of proprietary tokens who have residual rights (if such exist in the context).
The legal person can then be struck off the registry with no continuing detriment and the successor organization can be allowed to continue operating the ITA in place. The ledger remains uninterrupted; user assets and data remain fully protected. A transfer does take place between the transferor organization and the new organization; assets and data will be retained in the new version of the organization in full protection of the rights of users and potential token holders. However, this is something that needs to be planned for at the design stage. It is broadly similar to the transitions that take place in a corporation at the moment it is the subject of a winding up order: there is the appointment of a liquidator and relevant procedures for liquidation are established. Admittedly, it may be impossible to fully delete data, and computational logic for the pre-transfer version. However, in this case there is still a responsibility to find a solution.
The process of winding up has an opportunity to be innovative in the context of traditional laws on legal organizations and bankruptcy. However, this is the challenge at hand: finding solutions to meet the peculiarities of decentralized and autonomous technology. In designing appropriate solutions, we must challenge existing assumptions.
When legal organizations and individuals carry out services that have legal effect, such as in financial service, fiduciary services, charities, health services, medicine, public utilities, and so on, we find that regulation is retroactively fit to apply to such services. The angles of focus for regulation typically focus on consumer protection, quality assurance, transparency in ownership and control, and the like. Occasionally, regulatory approval is required even prior to setting up an organization. To date, technology has not been central to the activities of both humans and legal organizations. It has been assumed that if in verifying the history and experience, the skills and reputation, integrity, and experience of people in ownership and management of an organization, it is sufficient to assume that any technology used would be of equal standard as the persons who control it.
It has been demonstrated numerous times that this assumption is not necessarily correct; subsequently, it has led to more stringent and demanding regulations. The reality of the regulatory landscape in most countries is that the traditional approach cannot cope with the massive proliferation of activity and projects. Regulators have been among the slowest in adopting and using technology to adapt to new realities. The rapid uptake and development of RegTech has helped in the management and imporvement of inefficiencies with regulatory systems. However, RegTech has not kept up with emerging, decentralized technologies, such as ITAs. Consequently, only technology of a similar caliber could appropriately capture, review, and analyze data in a manner that would be effective to govern ITAs.
Therefore, a radical change in our approach to the design of legal organizations is necessary to accommodate for this new paradigm. We must ask how this new design could account for regulation. Regardless of legal personality, this is a fundamental question that remains relevant.
Much has been written and debated about this topic and, to date, the focus in Malta has been to search for ways of bringing quality assurance to ITAs through the Malta Digital Innovation Authority (MDIA) registered systems auditors in advance of deployment.37 This would allow the ITA to be certified. On an on-going basis, the law requires what is called a technical administrator to have the powers of intervention and modification of the software in cases of loss or breach of law. This would apply in case of failure on the part of the ITA technology or is human functionaries carrying out specific tasks not covered by the technology (e.g., through physically intervening and addressing the issue.
Applying a similar direction in modeling the legal organization, the role of the MDIA could foreseeably focus on the quality of the technology underpinning both the constitutive ITA and any operational ITA, which this new legal entity, with legal personality, will own and deploy.
Of course, the review of human owners and controllers remains paramount. As ITAs are capable of a wide range of uses and can veer into many regulated sectors, there must be cooperation with other national and international regulatory bodies. Duplication must be avoided so that every regulatory body would carry out its own functions where its skillset is the strongest. For example, in the case of FinTech the MDIA and the Malta Financial Services Authority (MFSA) should work together to bring about quality assurance in the review and assessment of banking, insurance, or investment activities and management. Working together is then necessarily the future.
One would, therefore, expect that for a new tech organization to be registered and granted legal personality, MDIA will need to verify the qualifying nature of the technology, which the legal organization owns or plans to develop or acquire. The MDIA would need to set definitions and standards for the technology to confer legal personality. This would give what technology arrangements (i.e., software) currently lacks: capacity to enter into contracts and undertakings; liability for its actions and a point of recourse for persons who suffer damages or for law enforcement when there is a breach of mandatory law; registered or approved human functionaries to bridge gaps in the technology; legal protection through the special status of a qualifying ITA on which data and assets of users are recorded; and if need be, a process by which the ITA could transfer ownership or control, e.g., through a fork or other effective method adopted by the governance mechanisms.
Moreover, as important as regulation and oversight, a method for enforcement is also necessary. The powers to intervene and modify should fall in the hands of an approved technical administrator in the event of a regulatory breach. Thus, the questions asked of regulatory impacts should arise when freedom of design is granted through not only this new technology, but the appropriate regulatory framework that is to be applied to the new technology.
Registration is a feature of most legal organizations which are granted legal personality. Some organizations have been granted legal personality under common law through recognition of externalized evidence of intent, formal appointment of administrators to represent the organization, notarial or other forms of verification of identity, consent, and freedom of intent, and/or through different methods of publicity. Modern regulations tend to require formal registration with a state authority to create legal certainty on the existence of legal persons and their termination, on who represents them and on their purposes.
This allows for easier accessibility of information on legal persons by the general public and achieves the desired level of transparency. Legal entities are artificial creations of the law. It is evident that similar challenges exist with regards to ITAs and registration solutions will not necessarily be out of place.
How could this apply to an ITA? Could, for example, an ITA be registered in a similar manner to a traditional legal entity? Clearly not as there is no equivalent of a representative or administrative body which can bind it in the process. OF course, one can rely on the consensus mechanism for a decision to register once it is in compliance with any formal and substantive matters required by law, but even this is difficult to imagine under current law, keeping in mind the various points already raise above. The option of a hybrid ITA can certainly include human elements to cater for the mandatory roles of the organization. Nevertheless, the existing conflict between centralized and decentralized governance will need to be resolved. It is unlikely that a group of individuals will agree to act as administrators and bear the weight of liability without any powers or controls over the technology and consensus mechanisms.
Leaning on the assumption of a new form of legal personhood, the more urgent issue is ensuring that a digital organization can be registered without forcibly fitting it with existing structures that are fundamentally incompatible with the nature of ITAs. Given that a public ITA will be transparent and widely accessible, the requirement of public registry is already met, and thereby unnecessary. As this technology is capable of recording events in real time and in an immutable manner such that no retroactive changes are possible, equally renders many of the important benefits of state registration redundant. In sum, the technological features of ITAs offer the types of protections typically provided by state registration systems. As a result, these issues may be resolved internally through the ITA itself.
Each public blockchain, with its public ledger and open access, is effectively a public registry. However, familiarity with centralized public registries for all legal organizations potentially causes concern for blockchains that operate independently. Until a solution as to how ITAs owned and operated by special organizations could have legal personality, there would inevitably require a central registry to fill the current regulatory void.
This does not mean that once the link is made, every function and bit of relevant information should be duplicated. Should appropriate applications to replicate relevant information on a public registry site be established, then ITAs owned an operated by these new legal organizations can avoid mass duplication of processes and procure real-time information on changes and compliance. One might ask another logistical question: would the State’s public registry office become a node on every ITA as the core asset of a new form of legal tech organization? This is certainly conceivable provided the benefits of technology. Nevertheless, would states agree to this form of facilitation? What could be the possible policy considerations in favor or against? These discussions are beyond the scope of this article.
Any proposal to design a new form of legal person must be based on sound reasons from a policy perspective. It is, therefore, necessary to determine the factual context relevant to DLT and ITAs so that one can then identify weaknesses or gaps in existing legal organizations when comparing the innovative technology qualities against features of current designs. It is critical to determine a priority among the gaps that exist in order to make a determination as to whether such issues can be tolerated or need to be addressed in a substantive manner. There is evidently the option of working with existing models and tools. Nevertheless, ITAs provide a unique opportunity to design a better regulatory system that appropriately accommodates for emerging decentralized autonomous institutions.
In the United States, the literature suggests that the approach applied by some states is to adapt existing law to the new context created by ITAs. In contrast, the authors here propose that a new framework ought to be created that more closely aligns with the technology in question. The underlying incongruence between legal structures that were designed to govern a paper-centered paradigm and the features that underpin the digital-first paradigm of ITAs renders existing models of an insufficient mindset to govern this new context. Moreover, it is possible that certain ITAs do not qualify for legal personhood. One of the primary challenges remaining, then, is outlining the characteristics and features of ITAs that qualify for an extension of legal personhood.
From a governance perspective, and the operational aspects of achieving such governance, there is an argument for reducing centralized control and independence of operations.
An essential feature of DAOs is the decentralized governance through the use of formalized consensus mechanisms. Although there may be different classes of participating parties (e.g., contributors to a crowdfunding DAO and its beneficiaries), decisions are taken by a number of parties through an underlying protocol.
In order to ensure that the protocols enabling decentralized governance cannot be interfered with or overridden by a central body, the entity must be structured and operate in a distributed manner (i.e., decentralized geographically) and on a platform that is not operationally centralized (e.g., not a cloud service controlled by a single entity, but over a DLT platform).
Similarly, as for operational reasons, governance protocols require a degree of determinism and automation in order to ensure no point of centralisation and hence, focus of responsibility in the decision resolution processes.
As a whole, for an ITA to qualify as a DAITO, its governance protocol should ensure that its behavior demonstrates elements of autonomy (i.e., that it is acting as a single, unified body based on the behavior and decisions of its constituent participants).
Whilst the above constraints determine the manner in which the organization is governed and operated, in order to warrant awarding legal personality to an ITA, there needs to be an impact beyond merely the digital nature of the data. The underlying technology must provide functionality for external users (i.e., the entity extends beyond the parties partaking in governance processes, through which it may provide a real-world service or representation of such services of products).
In order to ensure that such organization can be regulated in the real world, it remains imperative that certain individuals would act on behalf of the organization. Therefore, organizational structures like ITAs must have some element of a centralized board of administrators or trustees who would act on behalf of the DAITO. Eventually, should a completely decentralized autonomous organization operate with legal personality and in jurisdictions that enable their function without human or centralized operation, control or interference, the principle could then be revisited.
One of the risks of immutable functionality in DLT platforms is that, in the event of a breach of law or technical malfunction, legal recourse does not necessarily guarantee technical recourse. In order to provide protection to external users, administrators of the DAO should have the power to intervene, ensuring the ITA complies with all applicable laws.
Our current position is that the DAITO, a legal organization that is adequate to host such decentralized, autonomous and automated operations, will enable a means of bridging a gap between existing regulatory frameworks for legal organizations on the one side and the processes of completely decentralized organizations on the other side. We acknowledge that interaction with other parties requires, ultimately, some real-world process in order to be executed. To what extent this is the case remains to be seen. We envisage that over time, interaction with many of these required real-world processes may be automated, minimized, or removed.
Any authorities, compliance-related entities, or other external stakeholders with whom DAITOs will need to interact with in order to execute legal or other operational obligations will require some interface or mechanism through which it can communicate. Indeed, many such obligations and interactions with such external entities in the short term will still require manual interaction. These would be the responsibilities of appointed administrators. However, with time, various entities may provide digital interfaces that would allow automatic and autonomous interfacing with DAITOs. For traditional computing systems providing such interface is a relatively straight forward process (nowadays typically implemented as a REST API). However, decentralized systems, external interfaces may not always be something which they can interact with directly38 even though some platforms could allow for this. Different stakeholders indeed will have to factor in the types of interfaces they are willing to offer, and the various tradeoffs of providing one interface over another.
“The fact is, that each time there is a movement to confer rights onto some new ‘entity,’ the proposal is bound to sound odd or frightening or laughable.”39
“The question whether an entity should be considered a legal person is reducible to other questions about whether or not the entity can and should be made the subject of a set of legal rights and duties.”40
History has shown that when there is sufficient pressure for it, society is willing to grant new containers of legal personality to animate and inanimate things alike.41 Such legal fictions are the nature of corporations law. Traditionally, business organizations receive specific types of legal personhood in exchange for providing a state or other regulatory body with a set of specific assurances. As outlined in the analysis above, the features required for modern business organizations ought to include name, address, purposes, capital, governance, ownership and control, patrimony, winding up, regulation, and registration. In seeking to understand what might be required to regulate a DAO or other ITA, regulators will be challenged with identifying which features are required under what conditions in exchange for a new set of legal rights.
In an era characterized by technological advances, data, metadata, increased availability of information, increased capacity to share information, and changing business models, the operating system of modern organizations are able to do things that their paper-based predecessors could not imagine. Now, instead of existing on the periphery of an organization’s operations, technology is embedded in the very fabric of the operations.
This section explores various ways different jurisdictions in the United States have started experimenting with new forms of legal personality for ITAs and offers a discussion of potential implications of these different approaches. With each jurisdiction explored, five questions will be answered:
Which containers would be used to encapsulate ITAs?
Which legal personhood features are required in exchange for the legal personhood container?
What are the qualifying characteristics for the new legal personhood container?
What rights are granted to the new legal personality container, and in exchange for what assurances?
How have these new legal personhood containers have manifested in practice?
The basic presumption of legal personality rights for individuals collectively engaged in business together is that of a general partnership, in which all of the owners may be jointly or severally liable for the losses of the organization.42 In various other circumstances, individuals collectively engaged in business together may obtain a limitation of liability in exchange for registering with the governing state’s authority such as LLC, LLP, LLLC, LLLP, C-Corp, S-Corp, B-Corp, etc. There is quite a bit of flexibility in the federalist system of the United States for individual states to create new pathways wherein some container of legal personality rights, including a limitation of liability, may be exchanged for providing certain assurances to the governing state.
As laboratories for democracy, each state is empowered to experiment with new methods of regulation in order to “try novel social and economic experiments without risk to the rest of the country.”43 This means that the ability of states to create such legal personality containers extends to the domain of ITAs, such as DAOs. In the long term, such an aggregate approach allows for a large amount of flexibility, encourages innovation among states, and promotes competition among the best ideas
However, to date, only a limited number of states — Vermont, Wyoming, Delaware, and Montana — have embraced the challenge of regulating innovative technology arrangements as legal persons. While this is a relatively small sample size, there is much to be gained from analyzing those that have been brave enough to meet the challenge. Each of these states takes a slightly different approach in the way that they create this legal personality container, the rights provided by the legal personality container, the conditions under which the legal personality container is granted, and the These states share similarities and differences in the ways they allow these new legal persons formed, the powers that are granted to them, and the ways they function in practice.
The following analysis looks at the strategies used by Vermont, Wyoming, Delaware, and Montana to regulate digitally-enabled legal persons, with specific focus on the attributes required to register a DAO in the state.
As a practical matter, the Vermont legislature determined that the autonomous quality of DAOs merited greater safeguards than those of a traditional business entity. Perhaps the most proactive in directly addressing the challenges posed by ITAs, Vermont has explicitly accounted for the extension of legal personality through the explicit creation of a new entity type, Blockchain-Based Limited Liability Companies (BBLLCs).
“Pursuant to the Act, a BBLLC is allowed to customize its governance structure, in whole or in part and as it sees fit, given its own particular business and technology, through blockchain technology. More specifically, a BBLLC may adopt any reasonable algorithms that it chooses to validate records, as well as requirements, processes, and procedures for conducting its operations, and select the blockchain technology that it will use. To become a BBLLC, an entity must specify in its articles of organization that it has elected to become a BBLLC, and it must include in its operating agreement a summary of its mission and purpose. The BBLLC must also include in its operating agreement certain decisions regarding such items as access and permission protocols. These provisions include whether the BBLLC’s blockchain will be fully or partially decentralized or fully or partially public or private; the extent of a participant’s access to information and read and write permissions; how the BBLLC will respond to system security breaches or other unauthorized actions affecting the blockchain technology’s integrity; and the rights and obligations of each participant group within the BBLLC. The operating agreement must also set forth voting procedures, which may include smart contracts—that is, whether there will be software code stored on the blockchain that will execute a transaction automatically when certain conditions are met.”44
As with traditional business entities in Vermont, the BBLLC requires registration of basic criteria, including name, address, ownership and control, purpose, capital, governance, winding up.45 Additionally, Vermont has carved out space for the BBLLC to indicate which voting mechanisms are used, even specifically acknowledging smart contracts as one such voting mechanism.
In the short term, this approach has provided a great deal of clarity for how to register a DAO in Vermont. Resultantly, here have been 13 domestic BBLLCs formed in the state since the regulatory framework was enacted. In the case of dORG, whose operating agreement is available on Open Law, an “Administrative Member” was created in order to interact with Third Parties (accountants, lawyers, etc.).46 However, additional questions about how BBLLCs function with the remainder of the regulatory landscape are bound to arise over time.
Wyoming chose a different route for conferring legal personality rights to organizations that would otherwise amount to an ITA.47 In Wyoming, certificate Tokens may be issued on a blockchain in lieu of stock certificates. To understand the impact of this shift, it is important to understand how tokenization of assets applies in the context of legal personality. Gabriel Shapiro explains:
“Basically, ‘tokenization of assets’ refers to using a person’s ownership and control of a blockchain token as a proxy or a means of representing that person’s ownership interest in a particular asset—just like someone holding a paper bank check from another person made out to the first person’s name represents that first person’s claim on dollars in an account, or someone holding a paper stock certificate made out to their name represents that person’s ownership of the shares of stock identified on the certificate.”48
At a theoretical level, this approach is the richest in the United States. The 10+ blockchain-specific laws that have comprehensively updated an older regulatory framework in light of these new innovations.49 Further, the approach of Wyoming is one which, over time, ought to improve clarity and understanding for the ways additional regulated industries interoperate with Wyoming DAOs.
One specific area where Wyoming has extended the legal personality rights for ITAs beyond that of other states (at the time of writing), is in creating a type of special purpose depository institutions.50 This new regulation gives banks the ability to operate as custodians of various types of tokens, so long as they implement compliance safeguards to address KYC/AML concerns. “The special purpose depository institutions are treated as banks under Wyoming law, and will be permitted to conduct non-lending banking business for corporate clients. The permitted banking business includes ‘digital asset custodial services’ that are specifically authorized for banks”51
In practice, however, the results of this approach are actually not so different from Vermont’s requirements for certain additional information in the operating agreement of the BBLLC. For example, the operating agreement template for Lasso DAO clearly specifies many of the same roles as those of dORG (i.e., roles identified as necessary for this new type of legal person to effectuate the minimum necessary operating functions of an entity).52 As the competitive landscape for DAOs continues to grow, it is foreseeable that the thoughtful changes to Wyoming’s regulatory architecture will appeal to those in the DAO-space looking to do more complex operations.
Delaware has started adding language to its robust corporate regulatory framework to carve out the use of a distributed network as a means of administering records and transmissions of a corporation. In 2017, the Delaware code amended the Corporation statutes to include the following:
“Any records administered by or on behalf of the corporation in the regular course of its business, including its stock ledger, books of account, and minute books, may be kept on, or by means of, or be in the form of, any information storage device, method, or 1 or more electronic networks or databases (including 1 or more distributed electronic networks or databases), provided that the records so kept can be converted into clearly legible paper form within a reasonable time, and, with respect to the stock ledger, that the records so kept (i) can be used to prepare the list of stockholders specified in §§ 219 and 220 of this title, (ii) record the information specified in §§ 156, 159, 217(a) and 218 of this title, and (iii) record transfers of stock as governed by Article 8 of subtitle I of Title 6.”53
More recently, in 2019, the definition for “Electronic Transmission” in the Commerce and Trade Statutes was expanded to include “distributed electronic networks or databases.”54
Similar to Vermont and Wyoming, Delaware requires the registration of sufficient legal personality elements to balance for trust in their container for an artificial legal person. Like the other states, Delaware requires a registered agent, who is a natural person, and capable of accessing “records required to be maintained.”55 However, one distinct advantage that Delaware is playing into with the decision to update this particular section of the regulatory framework is in their robust body of corporate law. By only updating this specific section of their corporate law statutes, Delaware is able to maintain its image as a corporation-friendly state without sacrificing the opportunity to attract DAOs.
As a result, Delaware will still likely appeal to those seeking strong corporate protections. An example of this sort of thinking can be seen in the decision by the LAO, a for-profit venture DAO, to incorporate as a Delaware LLC.56 Effectively, Delaware’s reputation for being business friendly will enable it to see which approaches work the best for other states and build upon this initial action on down the road.
Montana occupies a unique space in the regulation of DAOs in the United States because they effectively created an exemption for DAOs in their regulatory architecture. As it is, Montana is the only state that has not enacted any form of money transmission statute.57 Consequently, Montana is able to regulate DAOs merely by exempting utility tokens from securities laws. This exemption applies under the following circumstances:
(23) (a) a utility token transaction that meets the following requirements: (i) the purpose of the utility token is primarily consumptive; (ii) the issuer of the utility token markets the utility token for a consumptive purpose and does not market the utility token to be used for a speculative or investment purpose; (iii) the issuer of the utility token files a notice of intent to sell utility tokens with the securities commissioner in a form prescribed by the commissioner. If the information contained on the notice required in this section becomes inaccurate in any material respect for any reason, the issuer shall file an amendment to the notice in writing with the securities commissioner within 30 days. (iv) either the utility token is available at the time of sale, or all of the following are met: (A) the consumptive purpose of the utility token is available within 180 days after the time of sale or transfer of the utility token; (B) the initial buyer is prohibited from reselling or transferring the utility token until the consumptive purpose of the utility token is available; and (C) the initial buyer provides a knowing and clear acknowledgment that the initial buyer is purchasing the utility token with the primary intent to use the utility token for a consumptive purpose and not for a speculative or investment purpose. (b) Except as provided in this subsection (23), the securities commissioner may enter into agreements 18 with federal, state, or foreign regulators to allow utility tokens issued, purchased, sold, or transferred in this state to be issued, purchased, sold, or transferred in another jurisdiction, and any utility tokens issued, purchased, sold, or transferred in another jurisdiction to be issued, purchased, sold, or transferred in this state. (c) As used in this subsection (23), the following definitions apply: (i) "Consumptive purpose" means to provide or receive goods, services, or content including access to goods, services, or content. (ii) "Utility token" means a digital unit that is: (A) created: (I) in response to the verification or collection of a specified number of transactions relating to a digital ledger or database; (II) by deploying computer code to a blockchain network that allows for the creation of digital tokens or other units; or (III) using any combination of the methods specified in subsections (23)(c)(ii)(A)(I) or (23)(c)(ii)(A)(II); (B) recorded in a digital ledger or database that is chronological, consensus-based, decentralized, and mathematically verified in nature, especially relating to the supply of units and their distribution; (C) capable of being exchanged or transferred between persons without an intermediary or custodian; and (D) issued to allow the holder of the digital unit access to a good or service delivered by the issuer without vesting the holder with any ownership interest or equity interest in the issuer."58
While it is certainly a fascinating way to carve out a place for DAOs, the regulatory architecture of Montana creates more questions than the approaches of Vermont, Wyoming, and Delaware, many of which require analysis of an on-going federal discussion about which DAO tokens qualify as securities or commodities. As thinking about what qualifies as a security continues, so too will the need to reexamine the legislation in Montana. Further, it is likely that such a limited initial attempt in regulating these new technology arrangements will be followed up by additional regulations as needed.
Each of the aforementioned states involved applied a different approach to ascribing legal personality rights to technology-enabled business entities — Vermont created a new type of business organization; Wyoming permitted the tokenization of stock shares; Delaware increased the scope of electronic records; and, Montana created a special exemption for DAOs with utility tokes, such that they do not qualify as securities. The practical results at this early stage are somewhat indistinguishable.
The state governments recognize the legitimacy of ITAs and respond by altering the legal requirements to create such an arrangement in congruence with the type of recognition provided in the statutory framework. In general, these practices follow a rough template: there is preliminary registration with the applicable state authority, a certification of the technical and governance framework deployed by the ITA (usually in the form of an internal governing document), and assurance that the governance mechanism can be altered to comply with laws and legal processes.
The activity in the United States demonstrates legislators do recognize the need to adapt the notion of legal personality, the regulations themselves avoid some key issues and as a practical matter leave them to be dealt with by the courts. But, what happens in the case of a fully automated and anonymous DAO? How far does the limitation of liability for ITAs extend? Does it cover open source developers who created a model smart contract but never worked specifically for a DAO that used the smart contract? Perhaps these questions best remain unanswered while the technology is being understood.
From a commercial perspective, regulatory fragmentation is not a desirable long term solution.59 As demonstrated by the popularity of Delaware with general corporate law in the United States, businesses will demand certainty and incorporate where those advantages are the clearest.
However, as new technologies disrupt traditional business models, this exercise of mapping legal personality rights will continue to center on an analysis of what protections to provide, what happens in the event that things go wrong, and what new opportunities and liabilities are created by the disruptive technologies. As in the case of the adoption of uniform laws, such as the Uniform Partnership Act, it is also foreseeable that once the landscape of ITAs becomes increasingly settled, there will likely be one or two flavors of such a standard will proliferate.
As the various approaches surveyed in this article indicate, there is not one simple solution that will work for everyone. Rightfully so, the following debate about how to regulate the legal personality of these interdisciplinary innovations features a diversity of opinions from almost as many stakeholders. Adding to the complexity of regulating ITAs are challenges that are fundamental to their design. The remainder of features a broad overview of the potential issues to be faced by DAOs and, subsequently, their regulation as ITAs.
The line between AI and DAOs seems well defined. AI might have decisional autonomy, but can easily be switched off (i.e., by physical intervention on the hardware that hosts the AI computational processes).
In contrast, DAOs enjoy operational autonomy. Their inner workings are mostly established through deterministic procedures, but they cannot easily be switched off in the event of malfunction or damaging behavior. This may be problematic.
While the deterministic procedural coding of DAOs lead some scholars to believe that liability is imputable to the actors creating, running and maintaining the technology arrangement,60 even if that were the case, liability cannot easily be enforced.
However, one must question the rationale of imputing liability to the creators of such technology arrangements. The complex network of dependencies muddies the relationships between authors of the code and teh harmful behavior that maybe exhibited directly or indirectly. Recalling the aphorism of “It is Chet’s fault” from the book Extreme Programming Installed, Chet Hendrickson states:
“[...] the team was having a "discussion" about something that had gone wrong. Someone was trying to find out who had messed up. Chet got fed up with the witch-hunt and announced, "It's my fault." He took a card [...] and wrote "It's my fault" on it and signed it. Then he put it in his desk and told everyone where to find it if we ever needed someone to blame.”61
Likewise, if we want to engage in a similar efforts to ascribe blame all the way up the chain of software developers, we could simply conclude with a “It’s Linus fault” (i.e, Linus Torsvald, the originator of the Linux operating system) who is to be held liable for any wrongdoing that eventually took place through his creation. Clearly it is an absurdity, because we all know it cannot be Linus’ fault. Yet, when chasing the creators in the dependency graph of software components, where does one draw the border line?
The problem is even worse.
Autonomous entities on a blockchain have the potential to become self-sufficient economic actors in their own rights. In tandem with a profitable operation, self-sufficiency will naturally follow from autonomy. Since its inception, the Bitcoin protocol and network is effectively acting as an elementary yet autonomous and economic self-sufficient digital entity. It transformed from a passive software artifact to an active software entity. De facto an autonomous economic operator, it provides services that previously were performed by banks and all other payment service intermediaries. Though not recognized as an economic entity in any jurisdiction, the Bitcoin protocol and network operates and transacts like one. More subtly, it can even be considered as a purchaser of the services that miners offer to keep the network operational. Interestingly, the Bitcoin protocol could even act as an employer of individual miners. Imagine software that could employ humans to perform critical operations for its subsistence. And to think software was always at the service of humans!
The Bitcoin system is conceptually straight-forward. Transferring an amount of money from one account to another is a simple operation. The protocol has operated flawlessly since its inception. It operates in the realm of decentralized storage of digital assets.
DAOs that are built as a collection of smart contracts have a much higher degree of complexity than the Bitcoin protocol. They operate in the realm of decentralized computation. As there is more code being executed, and performing far more complex operations, it is obviously possible that defects and bugs will appear. Such bugs might give rise to vulnerabilities that are exploited by malicious actors; this was the case of The DAO Hack.62
The permanence of code often invokes unpredictable and unintentional consequences. For example, the aforementioned bugs in the system may activate much later than the moment they are created or even far beyond the foreseeable life of a program.63 In these instances, even if liability were imputable to such actors, there would be nobody against which recourse could be directed. Decentralized autonomous entities have the potential to outlive the humans involved in their creation and maintenance. However, provided a certain threshold economic viability, it is not unforeseeable that DAOs may continue to be operational indefinitely. The DAO Hack even suggests that once such defects are discovered, as an extreme course of action, the underlying Blockchain could be forked. That is what gave rise to Ethereum and Ethereum classic.64 Alas, we need to reflect on what the future might look like. Such a course of actions might not be feasible at all.
Conceivably, in the future, some blockchain could carry a substantial share of all global trade transactions. In such an instance forking the chain would be an unacceptable proposition. One cannot just roll-back billions (or even trillions) of dollars worth of transaction because there was some bug — no matter how much it might have been exploited. Furthermore, the vast majority transaction on such a huge blockchain would probably be unaffected by the exploit.
Not to mention the chaos that would ensue if a supplier of a service would choose to continue with one branch of the fork while a client would choose the other one! Someone would have to come up with cross-fork atomic swaps; however, in that case the purpose of the forking would be lost in the first place.
Imputing liability to the actors sustaining the operation, rather than the creation, of a blockchain also needs to be reevaluated in light of the new generation of blockchain technologies. In particular, we need to reflect on the possibility of widespread distributing validating participants (e.g., the Snow/Avalanche family of consensus protocols)65 that can result in every smartphone, microprocessor, or connected sensor turning into a potential miner. This would result in another absurd situation: anyone could be liable for anything.
Why would developers prefer establishing a DAITO, as opposed to a DAO? On the one hand there is the economic appeal of offering a certified technology arrangement for public consumption. there is more certainty and guarantee than a DAO, where "Code is Law” and there is limited space for recourse.
In the near future, it may be possible for AI and decentralized autonomous computation to be packaged together. Digital entities that have both decisional and operational autonomy, as well as economic self-sufficiency then become a potential reality. In this scenario, an even higher degree of legislative innovation would be required. Reflecting on Satoshi Nakamoto: the use of game theory and incentivization schemes to leverage the self-interests of actors in the system. The reason behind incentivization must be extended further from entity to the ecosystem because it is foreseeable that there will be new economic networks that result from the emergence and interoperation of multiple DAOs, DAITOs, and other technology arrangements.
By extending the liability to cover the scope of a value chain, we can see to create a corresponding chain of responsibility. In practice, courts will determine where the ultimate liability lies. In a virtual world, such capabilities do not exist (or at least, not yet). By establishing standards of recognizing the legal personality of such entities, we may foster an ecosystem of actors that have a common interest, rather than independent actors that act solely for their exclusive benefit. While these entities would be autonomous, their sphere of action would be limited by the network of interactions they can build and sustain with other similarly autonomous entities.
By creating an economic network, we are beginning to address the issue of economic self-sustainability. An autonomous digital entity without legal personality would lose the market share that another equivalent entity could gain instead. In other words, and expressed rawly, we need to develop an economic system of autonomous digital entities that would demand legal personality to survive in the market. Driven naturally by economic forces, the self-interest of relevant actors would ensure that entities that do not have legal personality could not survive. And further building into the algorithms and AI a sense of self-preservation that would seek to maximize their own self-sustainability. If they get those self-preserving factors right, then the actors that do not play by the rules will be kicked out and disappear through the means of economic competition. A DAO might be autonomous, but if nobody uses its services, it will be made innocuous.
In this “Big Picture” we see the development of a thriving decentralized economic ecosystem. And thus, the opportunity to create market forces that incentivize the survival of autonomous technology arrangements that exhibit lawful behaviors, and adhere to principles of legality, transparency and integrity.
Just as other forms of legal personality have been granted to non-human entities, there should be a new form of legal personality for DAOs. Existing literature has demonstrated that certain rights are required for certain protections.
Granting a DAO legal protections would have obvious benefits, including: 1) bringing transparency to a process that has been stained with opacity and confusion, 2) enabling new forms of businesses to provide new types of value to consumers, 3) ushering in a new era of economic resilience, 4) and creating regulatory frameworks that are as efficient as the technologies they seek to regulate. While such an idea is transformational, it is not without risk. Absent basic protections and safeguards, these new technologies could create more problems than they solve.
The question then becomes, how do we create a new type of container for legal personality that encapsulates all of the good these technologies are capable of and none of the bad? As outlined in this paper, the two-fold answer is based on the notion of a basic exchange. Certain rights and assurances are provided in favor of certain protections.
First, we must define these new legal persons. In our case, we are talking about organizations that have traditionally existed under corporations law. However, a distinction here is critical. The organizations we are describing have certain qualifying characteristics, particularly related to governance, that need to be specified in such a way that preserves both trust and flexibility.
For new, technology-enabled business organizations, the aim should be to better manage risk through limitations of liability that can be granted through the state. Corporations law the world round requires a similar set of features in order for the associated protections, including name, address, purpose, capital, governance, ownership and control, patrimony, winding up, regulation, and registration.
As these new technologically-enabled organizations operate using a structure that enables them to do things that classic organizations simply cannot, the most astute regulators looking at these new forms of legal personality will not only catalog those foundational characteristics of legal personality that are required for these new entities, but will also leverage the natural abilities of the unique ability of these new technologies. In the case of DAOs, this would include a transparent and accurate list of different records that are maintained, specification of governance protocols, acknowledgment of the opportunities to preserve trust offered by new technologies, and a recognition of those areas requiring further accountability.
Blockchain and DAOs are exciting because they represent an opportunity to revisit the way society itself is organized; in the same way, they are scary because of the unknowns associated with how these new technologies will fit into the world around us. As a result, we are left with two choices. We can ignore this opportunity to act, remain content with the landscape as it is, or we can choose to try, learn, and do better.
Max Ganado is an advocate and senior partner at Ganado Advocates, Malta. He has co-authored an article on this subject with Steve Tendon “Legal Personality for Blockchains, DAOs and Smart Contracts”, Revue Trimestrelle De Droit Financier, 1(2018) pp.1-9 and subsequently authored “Maltese Technology Foundations”, Chapter 11 pp.181-229 in DLT Malta, Thoughts from The Blockchain Island (May 2019).
Joshua Ellul is the Chairman of the Malta Digital Innovation Authority and Director of the Centre for Distributed Ledger Technologies at the University of Malta which offers a multidisciplinary Masters in Blockchain and DLT covering IT, Law and Business related aspects to students.
Gordon J. Pace is a Professor of Computer Science at the University of Malta, who has authored various scientific articles on DLT-related topics.
Steve Tendon, Managing Director of ChainStrategies, is a senior management consultant, adviser, speaker and author. In 2016 he was the strategic adviser for the Ministry of Economy, Investment and Small Business (MEIB) of the Maltese Government, developed the vision of the "Blockchain Island" and designed Malta’s National Blockchain Strategy (approved by the Cabinet of Ministers in April, 2017). Subsequently he was appointed as the Strategy Lead to Malta’s National Blockchain Task Force advising the Financial Services, Digital Economy and Innovation (FSDEI) Office of the Prime Minister on implementing the country's Blockchain strategy. In 2017 he founded and was the first Chairman of the Blockchain Malta Association. In 2018 he was a founding Member of the Oxford Blockchain Foundation (OXBC) and founded the "My Blockchain Island" business club. In 2018 he was acclaimed in the "Lattice80 Blockchain 100" list of global Blockchain influencers. In 2018 he received the Malta Blockchain Award for "Outstanding Contribution to the Blockchain Island 2018" as well as the “ANGI Malta Business Award 2018” at the House of Representatives of the Italian Government in Rome. He holds a MSc in "Software Project Management" with the University of Aberdeen, a "MIT Fintech Innovation: Future Commerce" certificate with the Massachusetts Institute of Technology, and an "Oxford Blockchain Strategy Programme" certificate with the Saïd Business School at the University of Oxford.
Bryan Wilson is a fellow in the MIT Connection Science Research Group under the direction of Alex “Sandy” Pentland, the Editor-in-Chief of the MIT Computational Law Report, Founder and Co-Manager of KC Legal Hackers, and the Founder of low tech design, a consulting operation. In 2018, Bryan was listed by law.com as one of eighteen Millenials Changing the Face of Legal Tech.