Written in Hong Kong Blockchain Week: Analysis of the Path to "International Compliance" of Web3.0

Original source: ThePrimediaDAO

Original author: Hu Changming

Original editor: Jerry@TPDAO

Introduction:

Since the new crypto policy in Hong Kong, a large number of insightful domestic venture capital friends have tried to enter the crypto world through the Hong Kong compliance market, and use this to complete the iteration of their own projects from Web2.0 to Web3.0. Practice has proved that this path is feasible, but there will be some difficulties. The best idea is to be based in Hong Kong and look at the world. On the occasion of the 2024 “Hong Kong Blockchain Week”, we sorted out the problems and paths of Web3.0 “international compliance” to share with domestic Web3.0 practitioners who are trying to integrate into the crypto world through Hong Kong compliance.

1. Overview of Web3.0

Web3.0 is often compared with Web2.0 and Web1.0. Web1.0, also known as the static web, is the first iteration of the Internet, consisting of simple static websites that can be accessed using a browser; Web2.0, also known as the interactive web, introduced more complex features such as search engines and social media, allowing greater interactivity and online collaboration; Web3.0 is a decentralized network based on blockchain technology and is the next generation of Internet infrastructure.

Web3.0 is built on decentralized technologies such as blockchain, which can improve the security and control of personal data, which means that users can interact with Web3.0 applications more safely and privately and have more control over the information shared on the Internet. Web3.0 envisions a more open and secure Internet that gives users control over their own data and eliminates the need for central institutions.

The main features of Web3.0 include:

1.1. Decentralization: Web3.0 is built on blockchain technology and does not rely on centralized servers. Instead, it is a decentralized network composed of nodes distributed around the world. There is no single point of control, but it is jointly maintained and managed by multiple nodes in the network. Changes to a single or a small number of nodes will not affect the entire network.

1.2. Unalterable: Web3.0 is based on the decentralized characteristics. The decisions of a single or a small number of nodes cannot tamper with the data of the entire network. Once the information is recorded on the blockchain, it cannot be changed or deleted, ensuring the fairness and credibility of all data in the entire network.

1.3. Traceability: All data of Web3.0 is open and transparent to all nodes, and all data is traceable, which promotes the transparency and openness of information and reduces the problem of information asymmetry.

1.4. Smart Contract: Web3.0 smart contract can realize code is law, with programmability and interoperability, which improves the scalability and flexibility of the system and enables the system to better cope with future development needs.

1.5. Anti-censorship: Web3.0 does not rely on the credibility endorsement of any intermediary agency or public authority, eliminates the monopoly of centralized institutions and control over users, and is naturally resistant to censorship and blocking, making information dissemination more free.

1.6. High security: The Web3.0 network is not easily attacked or paralyzed because there is no single attack target and no single point of failure risk. The data is distributed on multiple nodes of the network, there is no single point of failure, and the system is more stable and reliable.

1.7. Community autonomy: Web3.0 implements community autonomy and has a decentralized autonomous organization (DAO). It is open, fair, inclusive, and allows users to have a greater say in the direction of the platforms they use. It promotes autonomous, free, equal, and democratic application scenarios, and is conducive to achieving a fairer and more equal allocation of resources and reducing social inequality.

1.8. Data Confirmation: Web3.0 users have more privacy and data control rights, which truly realizes data confirmation. For example, in online games, through web3.0, users can own non-fungible tokens, which means that even if they stop playing the game or the game creator deletes their account, they can retain ownership of their in-game items.

1.9. Privacy protection: Web3.0 implements decentralized identity management, where account is identity. This provides a single, secure login across censored and anonymous platforms, supports decentralized authentication and digital identity, and protects user privacy to the greatest extent.

1.10. Cryptocurrency: Web3.0 can realize consensus as value, and naturally has the attributes of encrypted digital currency, which promotes the development of new financial systems and reduces transaction costs and intermediary fees.

1.11. Decentralized Applications (DAPP): In Web3.0 projects, users are the holders of coins, which is a reconstruction of the traditional business model. It encourages more innovation and experimentation because decentralized networks are more flexible. In the Web3.0 ecosystem, anyone can create value and realize profits by developing smart contracts, building decentralized applications (DAPP), participating in cryptocurrency transactions, etc. This open and inclusive innovation environment helps to stimulate more innovative vitality and promote the continuous evolution of technology and business models.

1.12. Globalization: Web3.0 is naturally globalized, breaking geographical restrictions, allowing people to conduct cross-border transactions and cooperation more freely, promoting globalization and international cooperation, and providing opportunities for economic development in different countries and regions. Web3.0 provides a more open and transparent market mechanism, supports a more open and easy network participation mechanism, lowers the entry threshold, promotes competition and innovation, provides a broader stage for innovators, and attracts more talents and project participants.

2. Analysis of major compliance issues of Web3.0

Because of the uniqueness of Web3.0, it may involve many areas that require supervision by national authorities, so it becomes very important to ensure the compliance of Web3.0 projects.

Web3.0 compliance issues mainly include:

2.1. Compliance with laws and regulations: Web3.0 projects should comply with local laws and regulations, including but not limited to corporate law, data privacy law, digital asset law, etc. The compliance team should work with local professional legal advisors to ensure that the project is legal and compliant. If the project involves cross-border business, it is necessary to consider the laws and regulations of different countries and regions to ensure that the project is legal and compliant globally.

2.2. KYC/AML Compliance: Web3.0 projects should take KYC (Know Your Customer) and AML (Anti-Money Laundering) measures to prevent triggering illegal activities such as money laundering and terrorist financing in the location. These measures may include real-name verification, identity verification, transaction monitoring, etc.

2.3. Data security compliance: Web3.0 projects should take measures to protect the security of user data, comply with local data protection laws and regulations, and disclose security incidents such as data leaks in a timely manner.

2.4. Privacy protection compliance: Web3.0 projects should attach importance to user data privacy protection, comply with local data privacy laws, and take measures to protect user personal data from being abused or leaked.

2.5. Technical security compliance: Smart contracts play an important role in Web3.0, so their compliance and security must be ensured. Web3.0 projects should review smart contract codes to ensure that they comply with local laws and regulations and do not contain any vulnerabilities or security risks.

2.6. Financial regulatory compliance: Web3.0 projects involving encrypted digital currencies and digital asset transactions need to comply with relevant local financial regulatory laws, including but not limited to securities laws, currency laws, payment laws, etc.

2.7. Community governance compliance: The community governance mechanism of the Web3.0 project should be compliant, abide by community norms and local laws and regulations, and ensure the safety and stability of community operations.

2.8. Social media and advertising compliance: When Web3.0 projects promote projects on social media, they must comply with local social media policies and regulations to prevent false advertising, rumor-mongering and other violations. When advertising, advertising regulations must be followed to ensure that the content of the advertisements is true, legal and compliant.

2.9. Audit compliance: Web3.0 projects should conduct compliance audits regularly to ensure the project’s compliance with local laws, finance, and technology, and adjust and improve compliance measures in a timely manner.

2.10. Compliance reporting and disclosure: Web3.0 projects should submit compliance reports to local regulatory authorities on a regular basis and publicly disclose information such as project operations and financial status to ensure transparency and compliance.

3. Web3.0 project compliance solutions

If a Web3.0 project involves encrypted digital currency, it may be a compliance that involves the regulatory level of financial projects. To achieve global compliance of Web3.0 projects, compliance must be carried out in accordance with the following principles:

First, in some special countries and regions, such as North Korea, Cuba, Iran, Syria, etc., a strict KYC review system is implemented, and business will not be conducted for customers in such regions before obtaining local cryptocurrency licenses or Web3.0 licenses.

Secondly, in all countries and regions around the world that have formally formulated relevant laws and policies on cryptocurrencies or Web3.0, such as Australia/Canada/Estonia/Indonesia/Japan/Korea/Lithuania/Malaysia/Malta/Pala/Philippines/Poland/Singapore/Switzerland/Thailand/UAE/USA/Hong Kong, China, etc., a strict KYC review system is implemented. For customers in such regions, they must obtain a license issued by the local area that allows them to conduct cryptocurrencies or Web3.0 business before they can officially conduct business. They can directly apply for a local compliance license, or acquire an existing local compliance license, participate in an existing local compliance license, or use an existing local compliance license as a business channel, etc.

Third, in all countries and regions around the world that have not formally formulated relevant laws and policies on encrypted digital currencies or Web3.0, a strict KYC review system is implemented, and customers in such regions can conduct business normally. For example, in regions with relatively liberal laws and policies such as Cayman, BVI, and Bermuda, business licenses are registered normally, and the business scope is as wide as possible, including “Internet technology development and promotion”, “blockchain technology development and promotion”, “artificial intelligence technology development and promotion”, “venture capital”, “investment consulting”, etc.

The specific compliance measures are as follows:

3.1. KYC/AML and cross-border transaction compliance

KYC (know your customer) and AML (anti-money laundering) requirements in the traditional financial system are often difficult to implement for decentralized networks. Due to the anonymity and decentralization of the Web3.0 environment, it is difficult to effectively verify the identity of transaction participants, making it difficult to meet KYC/AML requirements, leading to difficulties in transaction supervision. Transactions in the Web3.0 environment may be more anonymous and decentralized, but the laws of many countries and regions require identity verification and KYC/AML checks. Therefore, corresponding solutions need to be developed to meet these requirements. The global nature of Web3.0 has led to an increase in cross-border transactions, but the laws and regulations of different countries and regions vary greatly, making cross-border transaction compliance more complicated. In particular, cross-border transactions involving cryptocurrencies are often easy to become channels for money laundering and terrorist funds due to their anonymity and difficulty in tracking. Since Web3.0 is a global network, it involves many cross-border transactions and cooperation. Therefore, it is necessary to consider the laws and regulations of different countries and regions and ensure that applicable legal standards are followed in cross-border transactions. Solutions include:

Develop decentralized identity verification systems to ensure the authenticity of transaction participants; integrate KYC/AML check processes into blockchain transactions to ensure that transactions comply with legal requirements; work with legal experts to ensure that transactions and contracts comply with cross-border legal requirements; develop cross-border transaction compliance solutions to ensure legality and validity across different jurisdictions.

3.2. Data security and privacy protection compliance

In the Web3.0 environment, personal data privacy protection still faces challenges. Traditional data privacy legal frameworks usually rely on centralized data management agencies, while in the decentralized Web3.0 environment, data transmission and storage are more decentralized, and the storage and transmission of personal data are more dispersed and anonymous, so it is necessary to ensure data privacy and security. When designing and implementing Web3.0 applications, data privacy laws and regulations must be taken into account and corresponding measures must be taken to protect user data.

Solutions include: developing encryption and privacy protection technologies to ensure the security and privacy of user data; working with data protection experts to ensure that applications comply with applicable data privacy regulations.

3.3. Technical security compliance

Web3.0 technology is a new Internet technology built on blockchain and cryptocurrency, which enables decentralized applications (DApp) to be created, deployed and run. Since it involves digital assets and decentralized transactions, security and compliance become critical considerations. Solutions include:

Encryption and key management: It is very important to protect private keys because they control the user’s assets on the blockchain. Use a secure hardware wallet or multi-signature scheme to protect private keys. Also, make sure to use encryption when transferring data.

Smart Contract Security: Smart contracts are a core component of Web3.0 technology, so their security must be ensured. Conduct adequate security audits and follow best practices, such as simplifying contracts as much as possible, avoiding reentrancy attacks, and ensuring correct permissions.

Security education and training: Security training and education for developers and users is crucial. Make sure they understand common security threats and prevention measures, as well as what to do if they encounter security issues.

3.4. Financial regulatory compliance

Web3.0 platforms may involve issuing cryptocurrency tokens or conducting decentralized finance (DeFi) transactions, which involves compliance issues under securities laws. According to the securities laws of different countries or regions, tokens that meet the definition of securities need to be registered, reported, and supervised. Compliant Web3.0 platforms should comply with the local securities laws and regulations of securities regulators to ensure that their business complies with relevant legal requirements.

Solutions include: applying for a compliant securities license; and registering in compliance with regulations in the local location.

3.5. Community Governance Compliance

Web3.0 communities typically exist in the form of decentralized autonomous organizations, so appropriate governance mechanisms need to be developed to ensure that the community’s operations and decisions comply with laws and regulations.

Solutions include: designing a community governance model that complies with legal requirements to ensure the legality and effectiveness of community decisions; working with legal experts to review the community governance model to ensure that it complies with applicable legal standards.

3.6. Social Media and Advertising Compliance

Due to the special nature of Web3.0, which involves cryptocurrencies and decentralized applications, some specific compliance issues need to be considered.

Solutions include:

Transparency and authenticity: Ensure full transparency in advertising and social media content, including information related to cryptocurrency projects or blockchain projects. Avoid false or misleading claims, including inaccurate prices, unsubstantiated claims, and exaggerated claims.

Risk Disclosure: Appropriate risk disclosure must be included in advertisements and social media communications, especially when it comes to investment advice or financial products. Clearly communicate investment risks to users and remind them to fully investigate and understand before making an investment.

Prevent fraud and scams: Take steps to prevent fraud and scam activities from spreading on social media and advertising platforms. This may include reviewing advertising content, establishing reporting mechanisms, strengthening identity verification, etc.

3.7. Audit compliance and compliance report disclosure

In the Web3.0 field, audit compliance is an important part of ensuring project security and transparency. Solutions include:

Smart Contract Audit: Smart contracts are a core component of Web3.0 technology and need to undergo rigorous audits to ensure their security and functionality. Compliance audits typically include checks on code quality, security vulnerabilities, functional consistency, and compliance. Ensure that auditors have in-depth blockchain and smart contract development experience and strictly follow best practices and security standards.

Data privacy audit: For Web3.0 projects that involve user data processing, data privacy audits must be conducted to ensure compliance with applicable data privacy regulations. The audit includes checks on data collection, storage, processing, and sharing to ensure that user data is adequately protected and handled in compliance.

Compliance reports and certifications: After completing the audit, compliance reports and certifications are usually required to prove to stakeholders that the project complies with relevant regulations and standards. The report should include audit results, problem fixes, compliance assessments, and recommended improvement measures to provide transparency and trust.

Continuous monitoring and updating: Once the audit is completed, the project team should establish a continuous monitoring mechanism and regularly update the audit content to adapt to changing regulations and security threats. This includes regularly re-auditing the project to ensure that it continues to meet the latest compliance requirements and best practices.

Compliance reporting and disclosure: After completing the compliance report, the Web3.0 project should submit compliance reports to the local regulatory authorities on a regular basis and publicly disclose information such as project operations and financial status to ensure transparency and compliance.

Appendix: Countries and regions around the world that have formally formulated laws and policies related to cryptocurrency or Web3.0

Note: This article was co-researched and co-created by ThePrimediaDAO. The co-researchers and co-creators include TPDAO initiator Jerry and TPDAO builder, Digital Asset Investment Co., Ltd. (BVI) Hu Changming; friends who are interested in participating in TPDAO build can communicate with the head of the operation guild, fredo (X: @jonesenjiang).