Smart Contracts and DAOs: A Lawyer’s Point of View

I recently returned from the iTech Law Conference in Washington, DC, where I spoke on a panel about smart contracts and DAOs (decentralized autonomous organizations). I was joined by two impressive international tech lawyers, Julia Pazos (Brazil) and Katarzyna Szczudlik (Poland). These are some of the questions our panel discussed.

How Do Lawyers Think About and Read Smart Contracts?

Smart contracts on blockchains like Ethereum are essentially computer programs written in specialized programming languages like Solidity. Smart contracts serve two main functions – acting as an “account” to hold, receive and send cryptocurrencies/tokens, as well as code that automatically executes one or more actions when certain conditions are met.

From a legal perspective, smart contracts alone are usually not sufficient. They need to be accompanied by traditional legal prose terms and conditions that govern the broader context of the transaction or agreement. Lawyers will always focus on what specific information, assets, and rights are governed by the smart contract code.

Many smart contracts, especially for DAOs, focus on voting parameters like quorum thresholds and which governance tokens allow voting rights. In a DAO, participants must make a formal proposal to the group which is then voted on by token holders for approval or rejection.

What Contract Issues Would a DAO Encounter?

Some key issues a lawyer would analyze for a DAO include:

– Is this running on a truly decentralized public blockchain or a more closed/permissioned system with preapproved validator nodes?

– What is the minimum threshold of token holders that must participate in a vote for it to be valid (some DAOs have quorum requirements as low as 15%)?

– At what point do participants legally assent to be governed by the DAO’s smart contract code and associated traditional terms?

Analyzing the Project for Effective Legal Advisement

To properly advise blockchain projects like DAOs, lawyers look at factors like:

– The background and intent of the founding team.

– How the project is funded (token sale, investor rounds, etc.).

– The mechanisms for new participants to join, fund the project, and exit.

– Any maximum number of participants (e.g. there used to be a 500-participant limit for certain exemptions in the U.S., but that was increased to 2,000).

What Applicable Laws and Jurisdictional Issues Arise in Web3 Projects?

The laws and regulations that could apply to a DAO or smart contract system include:

– U.S. federal securities laws like the Securities Act, Exchange Act, and SEC regulations.

– State securities laws and money transmitter laws.

– Newly passed crypto-specific laws like Wyoming’s DAO addendum, Wyoming’s new DUNA act, or Utah’s DAO act.

Since these are multiparty, decentralized systems, there are complex jurisdictional questions over which bodies of law take precedence.

Liabilities and Fiduciary Duties

In decentralized projects without a traditional corporate governance structure, how are liabilities and potential fiduciary duties treated? The high-profile case of the bZx/Ooki DAO exploits highlighted some of these issues among founders and successor projects or entities.

Regulations Around AML, KYC, and Cybersecurity

In the U.S., there are increasing regulations around:

– Anti-money laundering (AML) and know your customer (KYC) rules like the Corporate Transparency Act and FinCEN regulations under the Bank Secrecy Act.

– Cybersecurity requirements, though the US has no unified federal law on cybersecurity at this time. Laws like HIPAA (Health Insurance Portability and Accountability Act), GLBA (Gramm-Leach-Bliley Act), ECPA (Electronic Communications and Privacy Act), and NIST (National Institute of Standards and Technology) framework provide a patchwork of rules and guidance.

Smart contract and DAO projects must ensure they have robust security practices and comply with the relevant data protection and anti-money laundering rules based on their specific characteristics.


This covers some of the key legal areas that lawyers have to grapple with in the realm of smart contracts and decentralized autonomous organizations. Per my copanelists, the EU’s new MiCA regulatory framework will require significant input from attorneys, while Brazil has very limited laws and regulations that currently apply to web3 projects. It is an emerging domain with increasing regulatory scrutiny, and no project should take any significant material steps without at least consulting a competent lawyer who understands the technology, laws, and regulations that will or could apply to the venture, especially those with a US or EU nexus.

For more information, see:

Which Industries Can Benefit from Smart Contracts?

Are Smart Contracts Legal Contracts?

Key Considerations for a DAO Legal Entity Type