API/RSS

Social

a16z: How to regulate Web3 applications?

23-01-12 10:55

Read this article in 36 Minutes

AI summary

View the summary

Original Title: "A16z: Framework for Regulating Web3 Applications - Part 2"

Original Authors: Miles Jennings, Brian Quintenz

Translated by: Block unicorn

This is the second part of the "Regulating Web3 Applications, Not Protocols" series, which establishes a Web3 regulatory framework that preserves the benefits of Web3 technology, protects the future of the internet, and reduces the risks of illegal activities and consumer harm. The core principle of this framework is that enterprises should be the focus of regulation, not decentralized autonomous software (underlying protocols).

When it comes to regulatory issues in Web3, two extremes often clash. 1) The first group advocates for the extensive expansion of existing regulations and their application to Web3, ignoring the key characteristics of Web3 technology and failing to recognize the significant differences in risk between Web3 products and services compared to traditional ones. This failure leads the organization to advocate for the same exact regulation of decentralized finance (DeFi) and centralized finance (CeFi) without any subtle differences. 2) Conversely, opponents advocate for the complete exclusion of Web3 from existing regulations, ignoring the real economics of many Web3 products and services and attempting to abandon many successful regulatory frameworks, including those that have made the US capital market the envy of the world.

Both extremes may be popular, but neither withstands scrutiny and both will produce bad policy results.

The correct way to regulate Web3 lies somewhere in between. In this article, we will explore a pragmatic framework for regulating Web3 applications that follows the principles established in the initial article of this series, which states that Web3 regulation must only apply at the application level (meaning it operates on software that is aimed at end-users and provides access to the protocol), rather than at the protocol level (underlying decentralized blockchains, smart contracts, and new native functionalities for the internet).

In simpler terms: regulate the enterprise, not the application.

Enterprises can customize applications to comply with regulations, but software protocols designed for global use and autonomy cannot make subjective judgments that local regulations may require. That's why throughout the history of the Internet, governments have always chosen to regulate application providers (such as Gmail) rather than basic protocols like Simple Mail Transfer Protocol (SMTP). Potential subjective and global conflicts of regulations hinder the interoperability and autonomy of protocols, rendering them ineffective.

In the explosive growth of the Internet over the past few decades, regulating applications rather than protocols has been in the public interest. While the spread of Web3 technology adds a layer of complexity to regulating the Internet, the regulatory framework for Web3 applications does not need to address illegal activities at the protocol level. We did not regulate SMTP because it facilitated illegal activities through email. However, recommendations for a Web3 regulatory framework must be able to achieve policy goals by reducing the risk of illegal activities, providing strong consumer protection, and eliminating incentives that run counter to policy goals - which can be most effectively accomplished at the application level.

We believe that the regulatory framework for Web3 applications should focus on three interrelated factors:

First, the policy objectives of the expected regulations must be evaluated. If the regulation cannot achieve legitimate objectives, it should not be adopted. Next, the characteristics of the applications to be regulated must be considered. Web3 applications work in many different ways, which should directly affect the scope of regulation. Finally, the constitutional meaning of a regulation must be analyzed. Fact-based refinement analysis can provide reference for regulatory activities and judicial opinions, which should accompany any Web3 regulation.

Based on these factors, we can roughly describe the starting point of this regulatory framework as follows - it should be noted that the ultimate scope and application of any regulation will depend on specific facts and circumstances:

Using the first principles approach, let us explore each field in more detail to better understand how rules should be applied, where they should be applied, and why they should be applied to Web3 applications.

Web3 Application Supervision Policy Objectives

A popular saying is "same activity, same risk, same rules." In other words, regulations should be consistent. This seems intuitive and applies to many Web3 applications that appear similar to Web2 or other traditional products and services. However, upon closer inspection, it becomes apparent that this statement fails in Web3 due to the different functionalities and risk configurations of Web3 applications and protocols. Therefore, we must focus on the policy objectives of a given regulation to determine whether different regulatory approaches are needed for Web3 in terms of functionality and risk profiles.

A regulation can achieve many different policy objectives. Reasonable objectives may include: protecting investors and consumers, encouraging innovation, promoting capital formation and market efficiency, encouraging (or unfortunately discouraging) competition, protecting national interests, and so on. However, sometimes regulation fails to achieve its objectives, or even has no legitimate objective. This may be because a regulation goes beyond its original purpose, because its scope is too broad, because it produces unforeseen negative effects, or because implementing such a regulation would negate the value of the technology it is trying to regulate. In these cases, continuing to implement a regulation may be to protect vested interests; or, it is simply regulating for the sake of regulating, both of which are unacceptable.

An example from history illustrates this point. In 1865, the British Parliament passed a Locomotive Act, which required road vehicles in cities to not exceed a speed of 2 miles per hour and required a man to walk in front of them waving a red flag. While the "Red Flag Act" may have been appropriate in an era with few cars and pedestrians everywhere, if enforced today it would be absurd and highly detrimental to the well-functioning development of the transportation economy. With advancements in car technology, road infrastructure, preferred modes of transportation, and agreements for managing traffic flow, this law has become outdated. Considering the technological progress represented by Web3, any one-size-fits-all regulatory approach will be as outdated as the Locomotive Act and likely to become obsolete soon. This will greatly weaken the legitimacy and effectiveness of regulatory actions.

Applying regulations to protocols (rather than Web3 applications) would also lead to similarly absurd results. Just as cars brought faster travel, the new computational paradigm brought by Web3 technology also adds new forms of local internet functionality (such as lending, exchange, social media, etc.). The ability to transmit value at internet speeds is an extremely powerful primitive capability, and is still in its infancy. If regulators impose subjective and globally conflicting regulations on Web3 protocols (such as restricting the trading of certain assets with non-objective features, such as securities or derivatives, or reviewing speech categories), compliance may require development teams to undergo an impossible "re-centralization" process to create the illusion of governance commands and controls. While it is understandable that regulators are looking for a central position of control and responsibility, blockchain protocol governance is often globally distributed and decentralized. If this is not the case, or if forced centralization/centralized management will backfire, it will destroy the functioning and useful features of Web3 protocols.

To achieve true "technological neutrality", regulation should not undermine the technology it seeks to regulate. This is why regulation only applies to Web3 applications, as they are operated by businesses that can adhere to subjective rule-making rather than underlying protocols, as they are essentially software and cannot be. Similar arguments hold further up the technology stack to protect underlying functionality such as validators and miners. Regulatory actions that undermine the value of technology are more akin to legalism than anything else.

Decentralization is one of the key benefits brought by blockchain technology, which has a significant impact on regulation. Critics often mock decentralization as a deceptive rhetoric, but blockchain decentralization is real and a big deal.

Consider the difference between CeFi and DeFi. In the world of CeFi, many regulations aim to eliminate the risks of trusting financial intermediaries. The goal is to reduce the potential risks that exist whenever there is a potential conflict of interest or outright fraud when one person has to trust another person's money or assets (see: FTX&Alameda, Celsius, Voyager, 3AC, MF Global, Revco, Fannie Mae, Lehman Brothers, AIG, LTCM, and Bernie Madoff). In the world of DeFi, traditional financial services are broken down and there are no intermediaries that can be trusted. Therefore, in true DeFi, the decentralization, transparency, and lack of trust brought by blockchain technology eliminates many of the risks that CeFi regulations are primarily designed to address. By eliminating trust and dependence on intermediaries, DeFi can keep users away from the centralized risks that are common in CeFi (such as project running away, user assets being seized, and other malicious behaviors). DeFi does better than any "self-regulation" or "public regulation" system in CeFi. In other words, applying CeFi's "red flag behavior" to DeFi is meaningless, or to put it another way:

Therefore, it is illogical to apply all CeFi regulations to decentralized network 3 applications that do not provide similar intermediary services. In addition, any regulatory intervention will backfire. Regulatory intervention will hinder DeFi from achieving many legitimate policy goals pursued by financial regulations, such as transparency, auditability, traceability, responsible risk management, and so on. Resistance to such regulation should be resolute.

However, due to the multiple potential policy objectives that such regulations may have, it is difficult to provide comprehensive exclusions for all regulations, even in the field of financial services and intermediary-focused regulation. For example, consider the difference between the "broker-dealer" (BD) regulations under the US Securities Act and the "introducing broker" (IB) regulations under the US Commodity Derivatives Act. One purpose of the Securities Trading Act is to protect investors from the inherent risks of intermediary institutions that hold investor assets. This is different from the scope of the IB law, which focuses on how conflicts of interest can lead to intermediary institutions influencing trades without holding investor assets, as emphasized by the CFTC (US Commodity Futures Trading Commission) through the IB law. The decentralization of Web3 technology clearly eliminates the need for BD law in terms of custody, but this alone may not eliminate the need for IB law, especially when DeFi applications represent users in making decisions (such as routing trades).

Now consider the regulations governing the issuance and sale of securities and derivatives in the United States. There are many purposes behind these regulations, some of which are not avoided through decentralization or Web3 technology, including those related to investor protection. When the same risks and considerations apply to both centralized and decentralized businesses and technologies, the default position may be that the rules should be consistent, without some overriding policy objective to prove that different rules are reasonable. For example, it may be difficult to argue for prohibiting centralized businesses (such as Coinbase) from earning commissions from securities and derivatives trading, but allowing another business that facilitates access to decentralized infrastructure (such as a for-profit website that provides access to decentralized trading protocols like Uniswap) to earn commissions from these same types of trades. Such a regulatory framework could give enterprises using decentralized protocols a significant competitive advantage over centralized trading platforms and lead to regulatory arbitrage. Therefore, differences in this approach need to have a convincing policy objective, such as promoting decentralized innovation (which we will discuss further below).

When it comes to a wide range of regulations that may apply to Web3 applications, the above examples are just the tip of the iceberg. However, from the above examples, it should be clear that effective regulation should have clear and relevant objectives, appropriate scope, and effective results. The classification and categorization issues mentioned above are the bottom line of analysis: how DeFi works must be understood at a subtle level. Every sincere regulator who begins their blockchain learning journey learns that the apparent similarity between traditional finance and blockchain finance masks deep operational, organizational, and functional differences.

Characteristics of Web3 Applications

The characteristics of a particular Web3 application determine the risks that such an application may pose, so it has played an important role in determining whether and to what extent regulatory aspects should be applied. For example, many Web3 applications may not be completely untrustworthy because they keep users' assets, intermediate users' transactions, promote or advertise certain assets, products, or services to users. Applications with these features are most likely to require regulation because they are more likely to bring legacy centralized risks to users or contradict policy goals if not regulated. In addition to the features that introduce centralized risks, two important features of Web3 applications have regulatory significance when Web3 technology does not hinder regulatory purposes. These two features are: (1) whether the application is operated by a company for profit; (2) whether the expected primary purpose of the application is to promote the activities to be regulated (i.e., whether the primary purpose is legal or illegal). We will analyze many other factors in future articles, but for now, these two factors are useful jumping-off points.

Profit and Non-Profit

If Web3 technology cannot avoid the purpose of regulation, then regardless of whether Web3 applications use truly decentralized protocols, if they are operated by enterprises for profit, the strong presumption is that such enterprises should be subject to such regulation. First, the fact that the application is operated by an enterprise for profit itself may expose users to certain risks. For example, if such applications facilitate certain types of financial transactions, the operator's profit from these transactions may create inherent conflicts of interest. Secondly, if such regulations do not apply and fail to prohibit enterprises from profiting from illegal activities that such regulations aim to prevent, then such regulations are actually encouraging the promotion of such illegal activities and may lead to an increase in such activities. For example, allowing enterprises to charge commissions for illegal transactions of tokenized securities or derivatives may lead to an increase in such illegal transactions, which would contradict the policy objectives behind such regulation (reducing the prevalence of such transactions), and assist and advocate the legal argument as a core principle behind such regulation.

However, due to the benefits brought by Web3 technology, it may be reasonable to adopt more flexible regulatory approaches for profit-oriented Web3 applications. In particular, since the decentralized protocols of Web3 add native functionality to the internet that anyone can use, they can effectively serve as public infrastructure (similar to SMTP/email). Adopting flexible regulatory approaches for profit-oriented Web3 applications can promote the development of these protocols, facilitate development, and even allow developers to raise funds by operating profit-oriented applications. Conversely, overly burdensome regulatory barriers or economies of scale in regulation will not be conducive to fully realizing the future potential of this technology. Requiring developers to register under overly burdensome regimes or obtain expensive and time-consuming licenses to deploy a front-end website that provides access to decentralized protocols may have a chilling effect on Web3 innovation in the United States. Therefore, there are strong public policy arguments supporting the protection of nascent Web3 applications from cumbersome regulation to incentivize the development and availability of Web3 infrastructure in the United States.

If Web3 applications are not operated by enterprises for profit, then there is even more persuasive reason to relax the handling. For example, many Web3 applications effectively operate as public goods - interacting with decentralized protocols as purely non-custodial communication and consensus software. These Web3 applications may not raise the same concerns as mentioned above, because if no one profits, the motivation for conflicts of interest or encouraging operators to promote illegal activities will be reduced or eliminated. As mentioned above, the goal of any Web3 application regulatory framework should be to reduce the risk of illegal activities and suppress illegal activities, rather than eliminate the possibility of their occurrence. Therefore, if Web3 applications are not operated by enterprises for profit, they should resist cumbersome regulation as much as possible, because such regulation will undermine important policy goals that promote US innovation.

Even if Web3 applications are not operated by profitable enterprises, their potential purposes may be important, even very important, for regulatory purposes. If the application is specifically designed to facilitate activities that should be regulated, then there is an assumption that such applications should be regulated. In fact, many such applications may already be subject to regulation on this basis, even if they are just front-end websites displaying blockchain information and assisting users in communicating with such blockchains. For example, through its enforcement actions, the CFTC previously determined that certain communication systems were swap execution facilities (SEFs) and therefore subject to certain regulations. The CFTC found that these communication systems were managed by a centralized entity, established for trading derivatives, and provided enhanced functionality that met the definition of a SEF. However, it is important to note that other similar communication systems with similar SEF functionality have not been identified as SEFs, possibly because they were not built to facilitate derivative trading, although such derivative trading is conducted on these communication systems.

Based on these examples from the CFTC, people might expect different treatment for a front-end specifically designed for derivative trading agreements (such as the infamous Ooki protocol) and a decentralized trading platform capable of listing and trading any digital asset without permission (such as the Uniswap protocol), while a simple blockchain explorer (such as Etherscan) should receive the most lenient treatment. This different regulatory treatment makes sense because the main purpose of the Ooki front-end is reportedly to facilitate illegal trading in the United States, while the main purpose of the Uniswap front-end and Etherscan is to facilitate essentially legal activities.

However, even in some cases where applications are specifically designed to facilitate regulated activities, exempting the application from heavy regulatory regimes may be in the public interest. For example, if the trading of digital assets is regulated in the United States and all trading platforms are required to register, there is good reason not to extend this regulation to an application that is specifically designed to provide users with a decentralized trading protocol (assuming it is not operated for profit or in its early stages of development). In particular, the decentralized nature of the protocol and the characteristics of the application may eliminate many of the risks that regulatory intentions seek to address (as discussed in the previous section), and the potential social benefits of granting the internet unrestricted trading capabilities may far outweigh all regulatory policy objectives.

Finally, regardless of whether Web3 applications are for profit or not, and regardless of whether their primary purpose is legal, all applications should continue to be subject to certain existing legal frameworks, and many applications should be subject to new narrow customer protection requirements. First, maintaining existing legal frameworks related to fraud and other types of prohibited malicious activity has value. However, enforcement actions against protocols or application operators who have not engaged in malicious activity violate basic concepts of due process and justice. Second, consumer protection regulations, such as disclosure requirements, can help inform users of the risks of using specific DeFi protocols, while code audit requirements can protect application users from the impact of smart contract failures in underlying protocols. However, any such requirements also need to be tailored to allow Web3 applications and their developers to comply without even controlling the decentralized protocols they provide access to.

The Influence of the Constitution

The regulation of Web3 has potential constitutional implications, and we have ample reason to believe that the courts will ultimately defend Web3. While today's constitutional debates defending Web3 focus on the discrete issues raised, they portend a series of fundamental and important national and global legal competitions regarding individual, collective, and state sovereignty.

Now, consider the issues of these trend lines and inferences. Although these frameworks are formulated in terms of the US Constitution, the similarities with other constitutional and international legal frameworks are self-evident:

Many people believe that the First Amendment can protect software developers, because code is law. Does the series of rights under the First Amendment cover the rights of cryptocurrency transactions? Does freedom of trade include the basic right to privacy on the chain?

Many people still believe that the Fourth Amendment may protect DeFi protocols from having to use intermediaries to collect customer information or comply with regulatory burdens. Do people have the right to secure their on-chain identities, games, social networks, and assets from unreasonable searches and seizures (for example, by expanding global civil asset forfeiture regimes)?

Recent case law further indicates that regulatory agencies expanding their jurisdiction to cover rule-making for Web3 without specific authorization from Congress may be unconstitutional. What should multi-agency cooperation look like to ensure constitutional norms, transparency, legitimacy, and ultimately effectiveness? This applies not only to the SEC and CFTC, but also to the US Treasury, the Federal Reserve, the Federal Trade Commission, the Department of Justice, and global regulatory agencies.

All of these are valid areas of discussion and raise fundamental civil rights issues. However, no matter how certain these constitutional challenges may seem, their power remains uncertain. Therefore, it would be foolish for participants in the Web3 industry to refuse to participate in policy-making or to reject all regulation based on the constitution that would protect Web3, as such protection may ultimately not be realized. Web3 industry participants must work with policy makers and regulators to develop regulatory policies and rely solely on the courts to uphold constitutional rights and prevent specific abuses of power.

Considering the potential constitutional challenges, Web3 regulation needs to be carefully formulated. Otherwise, the well-intentioned efforts of policymakers to provide regulatory transparency to the industry may inadvertently bring greater uncertainty. In addition, the rule-making of regulatory agencies needs to be treated seriously and publicly processed on the basis of a complete cost-benefit analysis; it should not be decided through opaque law enforcement actions or implicitly through broader reforms of existing regulations.

Conclusion

(This content contains HTML tags and English characters, so it will not be translated and will be returned as is.)

Effective regulation of Web3 applications is a significant task. This requires a reassessment of existing regulatory plans, a deep understanding of Web3 technology, and a delicate balance of policy objectives. Executing these tasks is crucial. If Web3 applications continue to be subject to existing regulatory frameworks applicable to traditional businesses without any room for reassessment and technical nuances, the development of the US internet will come to a standstill. The outdated "Red Flag" Act must be reconsidered, and new regulations must be implemented to achieve policy objectives.

This process must start with clear policy goals for Web3. It is important that these goals are properly calibrated to ensure that the social benefits created by Web3 technology far outweigh its costs. This does not require eliminating the possibility of Web3 technology being used for illegal activities, but measures need to be taken to reduce the risk of illegal activities and suppress them. The subsequent parts of this series will explore how to further suppress illegal activities, as well as other important topics related to Web3 policy, including discussions of specific regulatory plans, differences between applications and protocols, and the importance of US leadership. Ultimately, the use of Web3 technology and its ability to transfer value at internet speeds will lead to the addition of many new forms of local internet functionality and generate millions of new internet businesses. However, to achieve this, we must apply regulation carefully to support innovation and limit the unnecessary creation of "gatekeepers". To achieve this goal, policymakers, regulators, and Web3 participants should continue to engage in respectful, open, well-intentioned, and thoughtful discussions.