The Evolution of Web3 Project Structure Design and Compliance Challenges

In the past decade, the project structural design in the Web3 field has shown a clear "avoidance-oriented" characteristic. From overseas funds to foundations, DAO governance, and multi-location registration, these designs consider governance optimization and efficiency, and also serve as a strategy to cope with regulatory uncertainties, creating an operable and flexible gray area for project parties.

However, recent strategic structural designs are facing the risk of failure. Major global regulatory agencies, such as those in the United States, Hong Kong, and Singapore, have begun to shift from focusing on superficial forms to conducting in-depth examinations of actual control situations. The new regulatory rules clearly state that the emphasis is not on the registration form, but on the actual operating methods, the identity of the leaders, and the flow of funds.

In light of this, we will analyze five common high-risk structures and, combined with practical cases, help Web3 project teams identify design blind spots that seem safe but actually have potential issues.

Foundation structure of "Surface Neutrality, Actual Dominance"

In the past, many project teams packaged token issuance and governance structures as "foundation-led" to evade regulatory responsibilities. These foundations are often registered in places like the Cayman Islands, Singapore, or Switzerland, operating independently on the surface, but in reality, the core authority is still controlled by the project founding team.

As the regulatory focus shifts to "substantive control", this structure is becoming a key target for scrutiny. Once regulatory agencies determine that a foundation lacks true independence, the project founders may be regarded as the actual issuers or operators of the tokens, thereby facing relevant legal responsibilities. The criteria for judgment are no longer limited to the place of registration or documentation, but rather to "who can control decisions and promote circulation".

In 2023, Synthetix's adjustment of its foundation structure is a typical case. In the face of potential regulatory risks, Synthetix proactively liquidated the foundation originally registered in Singapore, reverted the governance structure to DAO, and established a dedicated entity to manage core functions. This adjustment is seen as a direct response to the "crisis of neutrality in the foundation."

Another notable case is Terra (LUNA). Although Terraform Labs claimed that the Luna Foundation Guard (LFG) independently managed its reserve assets, it was later found that the foundation was actually fully controlled by the project team. In the allegations by U.S. regulators, LFG failed to provide effective legal separation, and the project leaders were still held accountable as the actual issuers.

A regulatory authority in a certain international financial center has clearly stated that it does not accept foundation structures with "personnel vacancies". Only foundations with actual operational capabilities and independent governance mechanisms may serve as effective legal isolation tools. Therefore, foundations should not be viewed as "exemption shells"; if the project party retains core permissions, the foundation will be regarded as a structural disguise rather than a liability isolation. In contrast, operational structures with clearly defined responsibilities planned early on may be more sustainable.

The Formalization Trend of DAO Governance

Decentralized governance was originally a key mechanism for Web3 projects to break traditional single-point control and achieve the decentralization of rights and responsibilities. However, in practice, many DAO governance structures have become severely "hollowed out". Common situations include: proposals initiated unilaterally by the project team, voting dominated by wallets under internal control, and approval rates close to 100%, reducing community voting to a mere formality.

This governance model of "decentralized appearance + centralized essence" is becoming a key focus for regulatory agencies. Once a project faces legal accountability, if the DAO cannot prove that it has substantial governance capabilities and transparent processes, regulators may directly view the project party as the actual controller, rather than an exempt "product of community consensus." The so-called "DAO co-governance" may instead become reverse evidence, highlighting the intention to evade.

In 2022, a regulatory agency sued the Ooki DAO case, marking the first time a lawsuit was initiated against the DAO itself, clearly stating that it "is not exempt from liability due to its technical structure." Although the project team had transferred operational authority to the DAO governance contract, all major proposals were pushed by the original operating team, and the voting mechanism was highly centralized. Ultimately, the regulatory agency listed former team members alongside the Ooki DAO as defendants, deeming it an "illegal derivatives trading platform."

The important implication of this case is that it points out that a DAO cannot automatically assume the function of liability isolation. Only when the governance structure truly possesses distributed decision-making capabilities can regulation recognize its independence.

In addition, several regulatory agencies have indicated that they will focus on the "substance of governance" and "concentration of interests" in DAOs, no longer accepting governance claims that rely solely on "on-chain voting contracts." Therefore, DAOs should not be viewed as a form of liability insurance. If the governance process cannot operate independently and actual power remains concentrated in the original team, then "decentralization" will not constitute a transfer of liability in a legal sense. A truly resilient governance structure should achieve power transparency and multi-party checks and balances in rule design, voting mechanisms, and actual execution.

Conclusion: Substance Over Form

The compliance challenges of Web3 projects are not just about whether a "structure" has been established, but rather whether that "structure" is genuinely functioning and whether the rights and responsibilities are clear and distinguishable. Foundations and DAOs, which are often regarded by project parties as a "compliance protective layer," may actually become entry points for risk exposure from a regulatory perspective.

In the future, we will continue to analyze other high-risk structures, including "service outsourcing", "multi-location registration", and "on-chain publishing", to further explore the compliance blind spots at the operational level that are often overlooked.

Project parties need to realize that superficial "avoidance" strategies may be viewed as "intentional" behavior in the eyes of regulators. Therefore, establishing a genuinely transparent and responsible operating model is more important than creating complex but hollow legal structures.