Legal risks involved with DAOs

Legal risk is the potential that an individual or organisation may be exposed to private legal action (for example, breach of contract or negligence) or public enforcement action (for example, violating laws or regulations) – including the potential of associated costs, consequences, and penalties. Legal disputes could originate from between participants, between the DAO and third parties, and between the DAO and external regulators.

While legal risk is a feature of any business operating environment, regulatory uncertainty has caused heightened legal risk for DAO participants.

What follows is not legal advice or legal education – but an introduction to some of the legal risks associated with DAOs.

DAOs and Participants – Code is Law?

Many DAO participants claim to subscribe to the “code as law” approach – where it is agreed that the rules and constraints are hardwired into the blockchain-enabled smart contract code.

Although this does not always happen in practice.

What should happen when a flaw in the underlying protocol is exploited?

This occurred in “The DAO” hack. While developers were working on fixing bugs identified in the smart contract code, an attacker drained around US$50m worth of ETH from The DAO’s funds. One view is that the attacker had not done anything ‘illegal’ – the funds were not stolen but transferred as allowed for in the code. Ultimately, that view did not prevail and there was a ‘hard fork’ of the Ethereum network that had the effect of undoing the smart contact execution.

A more recent example comes from the Cosmos Ecosystem, where the [Juno Blockchain Community voted to revoke airdropped tokens from a “whale”].(https://www.coindesk.com/layer2/2022/04/29/juno-blockchain-community-officially-votes-to-revoke-whales-tokens/).

Sources of legal risks between participants, therefore, include that the smart contract code will not operate as intended – and that the community may seek to change the code after the fact.

DAOs and Third Parties

DAOs may form contractual agreements with third parties – such as individuals that may work for the DAO, with other companies that provide services to the DAO, or customers.

The idea of “incomplete contracts” recognises that rarely is it possible for parties to consider and write down (or code) every possible situation. It might be that there was an unforeseen event, that negotiating for every small contingency is too costly, too time consuming, or is too difficult to verify. This theory applies to traditional contracts, but also to blockchain-enabled smart contracts.

DAOs may become insolvent – or deal with a person or entity that becomes insolvent. The legal risk in these cases is that contracts become unenforceable against the insolvent entity, and having to deal with the insolvency processes which are typically assisted through the courts. There are also practical difficulties with an external administrator or courts dealing with DAO participants who may not be known or located in the same jurisdiction as the proceeding.

And so, when DAOs interact with third parties, there is an inevitability that a dispute will arise as some point. How these disputes are resolved – from traditional courts through to decentralised dispute resolution services like Kleros – is an important governance decision for DAO members.

DAOs and Regulators

Another source of legal risk is the regulatory environment and regulators around the world are closely watching DAO activity.

For example, in the United States, a 2017 report from the Securities and Exchange Commission (SEC) found governance tokens in “The DAO” where subject to federal securities law. Although the SEC chose not to take action on that occasion, the SEC has more recently taken injunctive action against American CryptoFed DAO LLC, while the US Commodities and Futures and Trading Commission have brought action against Ooki DAO for operating as an unregistered futures commission merchant. Whether governance tokens are securities has not been tested in the US courts – and similar regulatory uncertainty exists in most jurisdictions.

The legal risks here is that legal action is taken against the DAO – whether incorporated or unincorporated – and against individual participants. These questions are important because unlike civil actions brought by participants or third parties, regulatory enforcement may come with significant consequences such as imprisonment.

Managing Legal Risk

You can never completely remove legal risk, but there are several ways to manage it.

1. Stay informed. The legal and regulatory environment is constantly changing. Ensure that you keep up to date with the latest developments – particularly those in your own jurisdiction. If you are a DAO participant, the actions of a DAO may expose you to legal risks. Be across the activities of the DAO and have input into the decision making.

2. Maintain records. If a dispute or regulatory enforcement action arises, parties will need access to key documents to get a complete picture. Ensure that you have kept records of token holdings, agreements, contracts, policies, and procedures, and so on.

3. Obtain Smart Contract Audits. “Doing your own research” may extend to commissioning a smart contract audit – or this may be done by the DAO founders prior to issuing tokens. Auditors will conduct an in-depth examination of a DAOs smart contract code, producing a comprehensive report addressing any flaws and security concerns.

4. Obtain legal advice. Obtaining legal advice at the beginning of a new venture or new investment, for issues like business structuring, reviewing contracts, regulatory compliance can help to avoid legal problems in the first place. If a legal dispute or regulatory action arises, a lawyer can provide representation and guidance throughout the litigation process, and work to resolve the dispute.