My thoughts are prepared having regard to several pieces of policy work including:

1. IOSCO Crypto-Asset Roadmap for 2022-2023 available here, which sets out the high level requirements of the workstream on DeFi, with a consultation paper to land soon (April/May 2023) and report due at the end of 2023

2. European Commission’s work to produce a report on DeFi before the end of 2024 as mandated by the MiCA Regulation

3. European Commission, ‘Decentralized Finance: information frictions and public policies, approaching the regulation and supervision of decentralized finance’, (June 2022), available here

4. IOSCO, ‘Decentralized Finance Report, Public Report’ (March 2022), available here

5. Financial Stability Board, ‘Assessment of Risks to Financial Stability from Crypto-assets’ (February 2022), available here

6. Australian Securities and Investments Commission, ‘Regulating complex products’ (January 2014) available here

Fundamental questions

1. What consumer-level harms are sought to be addressed by existing financial services laws and current definitions of regulated ‘financial products’ and regulated ‘financial services’?

   Existing financial services laws seek to protect investors from detriment or the likelihood of detriment because of:

   • ‘financial products’ and ‘complex financial products’, the risks of which investors may not understand because of:

   -lack of experience with same or similar products; and/or

   -lack of appropriate disclosure (pre- and post-sale); and/or

   -lack of qualification processes to test an investor’s understanding of risks before they engage with the product; and

   • negligence (by requiring professionals with the relevant skills and expertise to design and distribute the financial product, as well as adequate resources to monitor use of the financial product, and a registration process to afford the regulator an opportunity to review the plan for compliance with existing law before the products are offered to the market).

2. What are the reasons why DAOs have not complied with the abovementioned requirements of financial services laws?

   Arguably, the offering of financial products or complex financial products in analogue or digital or programmatic (i.e. smart contract) form does not change such harms that existing law seeks to protect against. However, to the extent an appropriately qualified independent third party can review the ‘compliance plan and quality of professional skills and experience’ then arguably the registration requirement is superfluous. Have DAO’s been seeking out such review? If not, why not?

   DeFi application interfaces typically do not provide the same sort of disclosure or qualification processes to inform and test an investor’s understanding of risks before the investor engages with the product, nor does the interface or documentation typically describe in sufficient detail how the DeFi application has been developed and/or reviewed by professionals with the relevant skills and expertise to design and distribute the DeFi application (if the function of the DeFi application is analogised to its analogue equivalent). Easy to read blogs and video tutorials to teach how to engage with the DeFi application are often freely available and are arguably more informative and engaging than lengthy disclosure documents, however often these are unofficial blogs and video tutorials made by people without financial services experience or qualifications and their motivations for producing the content are not often clear.

3. What market-level harms are sought to be addressed by existing financial services and markets laws?

   Note that existing markets laws seek to protect fair, orderly and transparent markets. Responsibility for supervising domestic markets is often shared between the financial services/ securities regulator as well as each licensed market operator.

   Note: DeFi applications that facilitate the exchange of one crypto-token for another (whether fungible or non-fungible) are arguably markets worthy of supervision to ensure financial markets are fair, orderly and transparent. Since there is no legal person operator per se in a decentralised exchange (instead there can be many liquidity providers to each independent liquidity pool), it could be more appropriate to require a DAO-governed decentralised exchange to provide factory contracts that permit liquidity providers to set liquidity pool halt parameters (similar to market trading halt powers exercised by a market operator) in defined times of market distress. Arguably, the Uniswap v3 factory contracts allow for this but without specific mention that the setting of parameters should be undertaken with regard to circumstances beyond the investor and include market integrity. The Financial Standards Board could assist in the identification of potential systemic risk in the DeFi sector and the policy actions that could address these risks. See for example, FSB ‘Assessment of Risks to Financial Stability from Crypto-assets’ linked above.

4. What are the reasons why DAOs have not complied with the abovementioned requirements to ensure fair, orderly and transparent markets?

   For example, why haven’t DAO-governed decentralised exchanges sought to develop their own version of a market operator policy? Whilst not a DEX, see, for example, Six Digital Exchange market policy documents here with nuances for their distributed ledger based exchange.

5. Do DeFi applications constitute ‘complex financial products’? If so, what are the indicators of complexity?

   A complex financial product is something that an investor cannot alone determine the level of risk they are exposing themselves to, to make an informed decision about engaging with the product.

   The democratisation of financial products and services through DeFi means that complex/structured financial products once only available to sophisticated investors are now ‘consumer products’. In addition, DeFi applications could facilitate ‘simple’ financial products but due to the use of smart contracts and DAO-governance there is perceived or actual technology complexity and technology risk for investors to understand.

   In DeFi applications, the indicators of complexity could source from: • the nature of the financial product (Is it is collateralised lending (e.g. provide crypto-token collateral subject to liquidation if the price of the crypto-token declines to a known price, to receive loan proceeds denominated in another crypto-token)? Is it putting crypto-tokens to smart contract risk to earn a return (e.g. staker in a liquidity mining scheme that emits new crypto-tokens)? Is it putting crypto-tokens to trading risk to earn a return (e.g. liquidity provider in an exchange trading pool protocol)? Is it putting crypto-tokens to counterparty lending risk to earn a return (e.g. lender in a lending pool protocol)?); • the use of one or more smart contracts; • the use of one or more crypto-tokens; • the interaction with one or more other DeFi applications (DAO-governed or legal person-governed), which would indicate how exposed the application is to systemic or contagion risk from other DeFi applications failing; • the nascent and evolving nature of DAO governance; and • the number (and quality) of smart contract security audits and availability of a bug-bounty program.

   Arguably, further requirements are required for the ‘technology complexity’ to facilitate the offering of financial products through DeFi applications to sophisticated investors who may have financial experience but not technology experience to adequately inform themselves of the risks.

6. What are the harms arising out of DeFi applications – both at the consumer level and market level?

   The offering of financial products in programmatic form, and subject to DAO-governance, introduces new risks, both to the investor as well as to the market where the DeFi application is ‘systemically important’.

   Consumers or retail investors do not have the sophisticated understanding or experience to inform themselves of the risks, and how to manage such risks, of complex financial products. Nor do traditional sophisticated investors have the experience or understanding of nascent and evolving models of DAO-governance to inform themselves of the idiosyncratic risks.

   The priority of application of policymaking, regulator and supervisory resources should be dedicated to the most serious and most systemic actual and potential harms identified out of responses to this question.

7. Does DAO governance of a DeFi application pose additional risks or afford additional protections to investors and the market?

   What are the features and risks of DAO governance models that would help or hinder confidence in the quality and upgradeability of DAO-governed DeFi applications?

8. Has the DeFi / DAO market attempted to mitigate or eliminate these harms? If so, how?

   The DAO Model Law was produced by COALA (Coalition of Automated Legal Applications) in 2021 to set minimum safeguarding standards for legal recognition of DAOs. Utah has recently passed legislation based on the DAO Model Law, and other jurisdictions are increasingly legislating their requirements for legal recognition of a DAO. See for example, Vermont BBLLC, Wyoming DAO LLC, and the Marshall Islands DAO LLC.

   There is still time for industry to step up and seek to comply where possible with existing laws. Through the regulatory interoperability working group that I coordinate, DAOstar is working on standards to improve the visibility of DAOs and how the technology can offer ‘technology protections’ that meet or exceed existing laws, as well as where there are outstanding ‘technology risks’.

9. What role would regulation play in further mitigating or eliminating these harms, assuming that the policymaker’s objective is to require safeguards while encouraging innovation and reducing the regulatory burden for individuals, businesses and community organisations?

   Regulation could stipulate that regulatory equivalence is permitted and allow an amnesty period for DAO-governed DeFi applications to ‘come into compliance’. Simply, regulatory equivalence requires the same policy outcome but by different, more fit-for-purpose and nuanced, means.

10. What are the idiosyncrasies of:

    • the nature of financial products and services facilitated by DeFi applications compared to financial products and services facilitated by clearly regulated legal persons; and

    • the nascent and evolving stage of DAO governance over DeFi applications versus the long-standing recognition of legal persons such as companies and trusts; and

    • the open-source nature of source code that makes up a DeFi application, which allows for independent third parties to use the code as is and without any warranties.

11. How do these idiosyncrasies suggest existing law is ineffective or inappropriate to apply, and if so how would the same policy outcomes be achieved through different means?

Author: Joni Pirovich, Principal, Blockchain & Digital Assets Pty Ltd.

Acknowledgement: We acknowledge the Traditional Custodians of the lands we live and work on. We pay our respects to Elders past, present and emerging, of all First Nations peoples.

Content License: All rights are reserved in respect of this work. Blockchain & Digital Assets Pty Ltd grants a non-exclusive, royalty free license to use this work for the following purposes:

a) to read and discuss for educational purposes;

b) to copy and redistribute the work for educational purposes as long as appropriate attribution is made to the author and Blockchain & Digital Assets Pty Ltd; and

c) to sell the NFT collectible linked to this work if the holder no longer wishes to hold it as a collectible.

Other persons and DAOs (to the extent DAOs are not recognised as persons) are granted a non-exclusive, royalty free license to use this work for the same purposes as stated above.

Subscribing: By subscribing you will be prompted to enter your wallet address and email. This enables you to be notified via email when new entries are published. Support at mirror.xyz do not share your email address with us, only your wallet address and display name.

Collecting: By collecting a BADASL NFT you will be promoted to pay the collection fee which is inclusive of Australian Goods and Services Tax (GST) if you are an Australian resident or GST-free if you are a non-Australian resident. A tax invoice and receipt can be provided to you upon request to info@badasl.com. Each BADASL NFT is deployed on Optimism, an Ethereum Layer 2 network. No royalty has been set for secondary sales of NFTs so secondary sales are treated as a commercial exchange between the NFT holder and purchaser where the NFT holder is responsible for the legal and tax implications of resale while respecting the license rights. Blockchain & Digital Assets Pty Ltd reserves all rights to set a royalty on secondary sales.

Disclaimer: If you subscribe to BADASL, or pay to collect BADASL NFTs, all amounts received into the badasl.eth wallet will be treated as assessable income. You are responsible for seeking independent and professional legal and tax advice regarding your eligibility to subscribe to or collect BADASL NFTs and associated works. None of the content constitutes legal, tax, financial or security advice.

With thanks to Chris Were at Verida and Jo Spencer at Sezoo for their valuable contributions to this submission.

Submission

Question: The standard ETA process gives people the right to withhold their consent for electronic communications. As a consumer, have you ever experienced any of the following issues relating to giving your consent? If your organisation represents a group of other individuals or entities, please answer based on their common experiences. You may select more than one.

I have wanted to use paper transactions (and didn’t give my consent) – but the other party used electronic tools anyway.

I have felt pressure to consent to use electronic tools, when I didn’t really want to.

A government department didn't ask my consent before transacting electronically with me.

This hasn't been an issue for me, because I would generally prefer to use electronic tools over paper-based transactions if available.

This hasn’t been an issue for me, because I’ve never thought about my right to give or withhold consent.

Other

Please expand by providing further background details about your answer/s above, e.g. what happened as a result of the issue/s, or why did you feel this way? Please use examples where possible and let us know which issue/s you’re talking about.

Both myself and clients of Blockchain & Digital Assets Pty Ltd prefer to use electronic tools over paper-based communications and transactions.

However, the electronic signing of a blockchain transaction – often through a digital wallet such as Metamask – and the electronic communication that is the subject of the electronic signature are matters for clarification of application of the Electronic Transaction Act 1999 (Cth) (Act) as well as the State and Territory iterations.

One particular issue is whether, as part of obtaining consent, there should be a requirement upon the ‘requestor’ to convert the electronic communication into plain english language. Additional things to consider include:

• Maintaining an audit log of consents given

• The requestor digitally signing the consent request to enhance trust

• The requestor identifying themselves in such a way that links their DID to a real world identity

• Delegation of authority where a third party is approving consent on behalf of a user

Some would go further that there should be a requirement to clearly identify the risks of receiving the electronic communication or signing the electronic transaction where the plain english conversion does not make the risks prominent. Where messages are sent from one decentralised identity (DID) address to another, there can be risks that are similar to receiving scam emails or texts, where upon opening the message or clicking on a link (in this case, a non-fungible token) malicious software is installed on a device and/or the digital wallet.

As cyber-threats and cyber-attacks increase, so too does the policy question of whether security considerations should be ‘built in’ to pieces of law such as this Act.

Mere ‘consent’ is required by the Act and not ‘informed consent’, thus leaving a ‘requestor’ exposed to arguments that a transaction should be invalidated on grounds that the person gave consent without being informed sufficiently to understand the consequences of their consent. Further, that the ‘requestor’ is liable for consequential losses suffered by the person such that any prominent disclaimers or limitation of liability clauses are ineffective.

In an interconnected digital context, where a digital wallet controls access to value and information of a person, 'informed consent’ becomes a necessary safeguard to mitigate against the potential compounded economic losses from and that can lead to leakage or interception of sensitive and personal information.

Whilst decentralised interaction models using DIDs allows multiple endpoints to be defined for a single wallet (so you don't need a single "wallet" per token to manage exposure to risk), it is worth noting early stage private market solutions such as Fireblocks. Fireblocks’ software abstracts away the complexity of security for consumers in the way their proprietary software automatically creates a new wallet per new token and per new type of interaction so that risk is not consolidated in one digital wallet. Before such software is available for retail use, there will inevitably be points of uncertainty and thus inhibitors to business and community confidence in the use of these such forms of electronic transactions.

Question: The standard ETA process requires people to confirm consent from people before communicating or signing documents electronically.

In operating your business, have you ever experienced any of the following issues relating to getting consent from others?

If your organisation represents a group of other individuals or entities, please answer based on their common experiences. You can select more than one.

I have wanted to communicate electronically with a government department, but they didn’t consent so I needed to use paper methods.

Someone didn’t consent to transact electronically, and this led to delays / postage costs / other issues.

Someone didn’t consent to transact electronically, but they didn’t have any good reason for doing so.

I wasn’t sure at what point I needed to collect consent from the other person.

I couldn’t think of an appropriate way to collect consent.

It wasn’t clear whether the other person had consented or not.

This hasn’t been an issue for me – I’ve always been sure that other people consent for me to transact electronically.

This hasn’t been an issue for me – I’ve never thought about the need to collect consent.

Other

Please expand by providing further background details about your answer/s above, e.g. what happened as a result of the issue/s, or why did you feel this way? Please use examples where possible and let us know which issue/s you’re talking about.

It would appear the objects of the Act should be updated to allow for a regulatory framework that recognises the importance of data minimisation and the associated role of tokenisation (token proofs and token attestations) and information security in protecting business and the community when engaging in electronic communications and transactions.

To the extent that non-government identity methods are used in an e-commerce solution, such as DID methods and verifiable credentials, proofs and attestations, then either the Act alone or more likely the Act and its periphery of laws produce uncertain outcomes and inhibit consumers and small businesses from benefiting from e-commerce efficiencies that are secure and privacy-enhancing*. The primary benefit of a decentralised approach to data sharing is that it emulates existing (physical) interactions and doesn't look to include unhelpful intermediaries, whilst increasing trust in those involved and the shared information. Consent management in decentralised interaction models are simpler as the customer is typically involved and consent shared directly between those involved.

Where it is not clear whether the other person had consented or not, the issues for clarification revolve around ‘identity’, ‘identity verification’, ‘just-in-time’ consent and related and necessary security considerations. The combination of these issues relate to one of the commonly cited reasons for not consenting, being the hesitancy to provide personal information where there are privacy-enhancing methods of ‘identity verification’ available that do not require the sharing of personal information (such as tokenisation of proofs and attestations, e.g. tokenised proof of being over 18 rather than all personal information that would be conveyed by a drivers’ licence or passport).

Traditional consent frameworks assume use of the existing -- centralised -- methods of identity verification to prove that a particular 'identity' is giving consent. For example, the requirement to create a MyGov account and use MyGov when interacting with Commonwealth entities carries a default assumption that the person using the MyGov account is the correct 'identity'. Equally, identity verification software providers typically default to government issued forms of identity and they are required to retain that information for a period of years stipulated by law, increasing their personal data management obligations, associated information security obligations and risk of cyber-attack or cyber-threats based on the data they hold.

Multiple factors of authentication are typically recommended by the provider upon account set-up to mitigate against the risk that an account is used by a person other than the named accountholder. However such security steps have not been proscribed by the law as a necessary part of the identity verification process each time consent is required, which further inhibits confidence to use electronic forms of communication and transactions. Furthermore, data retention laws with respect to identity verification providers have not been reviewed in the context of an increasingly digital world where cyber-attacks are on the rise and have the necessary and inconvenient consequence of identity fraud where full identity documents are typically required to satisfy ‘identity verification’ methods.

What is required by the Act when a signature is to be given to a non-Commonwealth entity (i.e. private actor) is that 'a method is used to identify the person and to indicate the person's intention in respect of the information communicated'. However, what does ‘identify the person’ mean? Does it permit mere proof of the person’s attributes such as being over 18 in order to electronically sign? Does it require the person to have legal capacity (and not incapacity) at the time of electronically signing? Does it require the identification of a legal person (human or legally recognised entity) so as to avoid artificial intelligence signing electronic transactions?

The policy question is whether, just for digital contexts or increasingly where paper forms are generated from digital contexts, the security and verification components of 'identity' and 'consent' need to be strengthened despite the context. Principles of security and privacy-enhancing verification should be embodied in at least the objects of the Act so that innovations around each can flourish with certain minimum safeguards.

Centralised methods of identity and consent are evolving. Concurrent with the introduction of government digital identity frameworks, a drivers' licence may be reduced to a driving credential and not an identity document (but transitionally retained to have the status of an accepted identity document), and a passport may be reduced to a travel credential and not an identity document. See, for example, the NSW Digital ID (https://www.nsw.gov.au/nsw-government/projects-and-initiatives/nsw-digital-id) and NSW Digital Driver Licence (https://www.service.nsw.gov.au/campaign/nsw-digital-driver-licence), and the European Digital Identity (https://commission.europa.eu/strategy-and-policy/priorities-2019-2024/europe-fit-digital-age/european-digital-identity_en).

In addition, decentralised methods of identity and consent are evolving. Thus the Act's objects and consent requirements should embody permissive and safeguarding principles that allow for flexibility from innovation in areas of identity, verification of identity, social recovery of identity (for non-government issued identities and reputation), and consent.

There are significant structural efficiencies and privacy benefits gained by both public and private sector using a common set of open-source standards for proving identity, trust and reputation. This is especially so when done in such a way that critical personal identifiable information (PII) does not need to remain stored on centralised servers. The current regulatory environment forces organisations to retain sensitive PII (drivers license etc.) which in turn creates honey pots of valuable data that are being hacked on a regular basis.

An electronic transactions regulatory framework that would contribute towards privacy-enhancing approaches to identity and consent management include:

1. Flexibility to support moves to models of identification that don't require centralised storage of sensitive information; and

2. Flexibility to move to a dynamic information sharing model where organisations request information in a standard way from a user on demand, and destroy it immediately after its use.

*Privacy-enhancing means a method that preserves a person's personally identifiable information and relies on the principles of data minimisation (don't collect more data than is necessary) and tokenisation of data (don't share the actual data such as the bank account, share a verifiable presentation (a token) that the bank account exists).

For more information on DIDs, and secure storage of verifiable credentials, see for example Verida: https://www.verida.io/ and Sezoo: https://www.sezoo.digital/.

Question: What methods do you think are appropriate to make sure a person can access, and is comfortable with, electronic communication and signature tools?

You can choose more than one (e.g. if your answer depends on the transaction type)

There should be clear consent for every type of e-transaction.

There should be clear consent from each person I transact with.

People should use 'consent form' or something similar to confirm consent

If you have communicated electronically without complaint in the past, this should demonstrate consent.

If you provide an email or accept an e-signing link, this should demonstrate consent.

These days, it should be fair to assume that everyone is fine with electronic communications (unless they say otherwise).

I've never really thought about e-commerce consent.

Other

Please expand on your selections above

Further to responses above, there should be a risk-based approach to determining the consent requirements based on principles of data minimisation and tokenisation. The objects of the Act should allow for this flexibility of innovation in electronic communications and transactions with certain minimum safeguards for understanding (‘informed consent’) and security. Note that our mobile devices already provide access to multiple solutions that rely on cryptographic solutions, key management and the technology necessary for electronic communications, wallets etc.

Question: What methods do you use to ensure a person can access, and is comfortable with, electronic communication and signature tools? (i.e. If you regularly send information/documents to other parties, or engage in e-signing.)

If your organisation represents a group of other individuals or entities, please answer based on their common experiences.

Esignature platforms are widely used but legal documents uploaded for electronic signature often do not include a clause that the parties' consent to sign electronically. Perhaps this is because if the person signs electronically then they have implied their consent to sign as such.

Tick or check boxes are also widely used for standard form contracts that allow a person to sign or agree to the particular terms and conditions, without creating a user account. Thus no 'person' is actually identified but proof of personhood may be established with tools such as CAPTCHA.

Each approach does not typically garner the person's intent in respect of the information communicated nor 'identify the person'. Clarification of application of the law is required. Moreso to prevent the inefficient use of resources for a class action suit that may arise from widespread economic loss directly or indirectly from the illegal use or interception of personal data collected in respect of compliance (or perceived compliance) with this Act.

Finally, if an entity develops a smart contract and deploys it to a permissionless blockchain so that it functions autonomously as it is coded to function upon receiving certain instructions, then the extent to which that entity is required to obtain consent from the consumer, 'identify the person' and ensure an 'indication of the person's intention in respect of the information communicated' is unclear. Based on the above examples, perhaps only proof of personhood is required and the intent of the person in respect of the information communicated is implied by their engaging in the ensuing conduct.

Question: The requirement to collect consent makes it difficult to conduct electronic commerce in Australia

Strongly agree

Agree

Neither agree nor disagree

Disagree

Strongly disagree

Please expand on your selection

Per above responses, the collection of consent involves answering uncertain and evolving legal questions related to 'identity' and 'verification of identity' which is what increases the difficulty of collecting consent. This is particularly so if the small business or consumer seeks to adopt privacy-enhancing methods, such as DID and verifiable credentials, in managing consent while concurrently practicing the principle of data minimisation (don't collect more data than you need in relation to the consent/action).

Question: Apply your answers to the statements below:

Strongly agree Agree Neither agree nor disagree Disagree Strongly disagree The consent requirement is necessary to prevent unjust outcomes.

Consent is an important aspect of transacting electronically.

Please expand on your selections

The key policy questions for this consultation are those of enhancing the 'future-fitness' of the Act. As more transactions are undertaken online and cyber-threats and cyber-attacks are on the rise, consent and identity continue to be important but must be better articulated with the principles of data minimisation, tokenisation and security in mind.

Consent is a loaded term that also implies the 'identity' of the person consenting has been verified. In paper-based consent, typically paper-based identity documents are presented that are either the original and official document produced by a government authority or are certified as a true and correct document by a justice of the peace or notary. Paper documents can be fraudulently produced, as can certifications.

The velocity of frauds able to be perpetuated in paper-based systems is much slower than the velocity of frauds that can occur in a digital and interconnected global economy.

Consent in decentralised solutions are typically simpler as the person needing to provide consent is typically involved in the transaction. Additionally, with a decentralised interaction model, the individual also has the capability of initiating secure communications using the same cryptographic solutions as that used to share verifiable credentials and in these contexts additional/specific solutions are not required.

Identity verification is an important aspect of some electronic transactions but not all. The electronic transactions for which full identity should be verified (and not just proof of personhood, for example) is the subject of contentious debate, but which has largely occurred in the context of detecting and pursing financial and tax crime in the context of token transactions for financial value on permissionless and global digital infrastructure that allows for pseudonymity. There has to be a level of abstraction and thus clarification between where full identity is required under this Act for the Act's own objects and purposes versus where full identity is required in other legislative contexts such as for anti-money laundering and counter-terrorism financing in relation to the legal validity of electronic transactions.

Finally, permissionless and global digital infrastructure is and will increasingly be used for token transactions for non-financial value -- trusted transactions -- because of the integrity of the ledger records in the context of increasingly false information generated by humans and artificial intelligence. The integrity and security of the permissionless and global digital infrastructure could be, and perhaps already is, trusted more than any one centralised actor (such as Google for emails or search engines for credible and peer-reviewed search results). Accordingly, the Act should be flexible enough to enable confidence in electronic communications and transactions as the innovation around trust and safeguards related to identity and verifications in respect of communications and transactions also evolve.

Question: Is there anything further you would like to raise with the government about the ETA consent provisions?

The ability to revoke a consent should be possible and under the control of the appropriate party. The existing legislative framework does not cater for revocation of consent.

The opportunity to discuss this submission further with relevant stakeholders is welcome, along with the offer to invite businesses working on innovative solutions to demonstrate how clarifications in the application of the Act would promote safer innovation in electronic communications and transactions.

Question: When signing a document or entering a contract, do you (or your organisation) use electronic signatures as your most-preferred option?

If your organisation represents a group of other individuals or entities, please answer based on their common experiences.

Yes

Question: Do you think that it is difficult to determine whether an electronic signature will be valid for any given document? Yes No Please expand on your response

Depends on the 'document'. See previous responses regarding smart contracts and whether there should be a requirement to convert into plain language in order to obtain a higher level of 'informed consent' rather than mere 'consent'.

Question: What verification or identity methods do you think are appropriate for the electronic signature tools you use? If your organisation represents a group of other individuals or entities, please answer based on their common experiences.

Please refer to responses to earlier questions in relation to data minimisation, tokenisation and security which go towards collecting on the data required (which may not be full identity documents), and thus enabling innovation and flexibility of choice for consumers and businesses to adopt fit-for-purpose and privacy-enhancing methods of verification of credentials or identity.

Question: How might this change based on what document you’re signing?

The Act should strive to uphold principles of data minimisation, where tokenisation assist to achieve this principle. This principle could be broadly applicable to all types of documents being signed electronically.

Question: Generally, the ETA allows paper-commerce to take place electronically. However, other legislation or the ETR can override these provisions and affect the validity of e-commerce options. With that in mind – have you ever needed to search to see whether an e-commerce activity was affected by specific legislation or regulations?

If your organisation represents a group of other individuals or entities, please answer based on their common experiences.

Yes

No

Yes

Question: How did you conduct this search? You may select more than one.

By reviewing the legislation directly.

By reviewing the ETR.

Elsewhere online, like on a government or consumer website.

By seeking professional advice.

On physical materials, like pamphlets or books.

I have never needed to search for an ETA exemption.

I did not know about the existence of ETA exemptions until now.

Reviewing the legislation directly, reviewing the ETR, elsewhere online and seeking professional advice.

Question: How did you find the search process?

Very easy

Easy

Neither difficult nor easy

Difficult

Very Difficult

If you found it difficult or complicated, why?

Not difficult in the sense I am a trained lawyer, but not easy in the sense that it takes more time than it should to answer such basic questions.

What do you think would make the process easier?

Consumers and small businesses would be assisted by a mapping exercise that clearly shows what electronic activities map to what laws (Cth and State/territory) and where the areas of legal uncertainty remain any why.

Questions: Which exemption/s did you find affecting your e-commerce activity? How did this effect you?

Signing and witnessing of wills and deeds.

Question: Do you or your organisation save important records (including communications and documents) electronically or physically? If your organisation represents a group of other individuals or entities, please answer based on their common experiences.

Electronically (like on the desktop, on the cloud, or on file management programs)

Physical paper records

We record documents in both electronic and physical form It depends on the record or document.

Please expand on your response

Electronically

Question: Do you think that it is difficult to determine whether a record is allowed to be kept in electronic form?

No

Question: Is there any further feedback you or your organisation would like to provide on record-keeping under the ETA?

In order to keep documents in purely electronic form, the organisation should be required to undertake a cyber security audit each year to reach assurance over:

1. Information security such as passwords and permissions to core systems and data

2. Vulnerabilities to cyber-threat or cyber-attack and recommended mitigating measures

3. Ease of retrieval of back-up information and exposure period in the event of information loss.

The government will look to publish resources which encourage greater use of e-commerce in accordance with the Act. What information or content do you think would best help users navigate the legal requirements of Australia's e-commerce framework?

As referred to earlier, clarification of application of the law in the examples provided would assist the Act's usability and areas for reform to make it more future fit.

A mapping exercise would be helpful that clearly shows what electronic activities map to what laws (Cth and State/territory) and where the areas of legal uncertainty remain any why.

Finally, a list of cyber auditing firms that could reliably perform cyber security audits would be of great assistance to small businesses.

Question: Do you have any suggestions about the form or style of this information? This style has been very easy to engage with.

Question: Do you consent to make your submission public? Note: your submission may be made public unless you request it not be made public or the Attorney-General's Department considers it should not be made public. That will usually only occur for reasons associated with fairness. Submissions that are made public may include redactions made as the Attorney-General's Department considers appropriate. (Required) I agree to my submission being made public under my name I agree to my submission being made public anonymously I do not want my submission to be made public

Consent

Question: Any further information?

With thanks to Chris Were at Verida and Jo Spencer at Sezoo for their valuable contributions to this submission.

Reference materials

Electronic Transaction Consultation:

https://consultations.ag.gov.au/legal-system/eta/

Electronic Transactions Act 1999 (Cth): http://classic.austlii.edu.au/au/legis/cth/consol_act/eta1999256/index.html#s5

** Electronic Transactions Act Regulations 2020 (Cth): http://classic.austlii.edu.au/au/legis/cth/num_reg/etr2020202000956381/**

Director – Crypto Policy Unit Financial System Division The Treasury Langton Crescent Parkes ACT 2600 Submitted by email: crypto@treasury.gov.au

Dear Director, Token Mapping Consultation Paper

Thank you for the opportunity to provide a submission to the consultation questions contained within the Token Mapping Consultation paper released in February 2023.

Responses to each consultation question are set out in Annexure A.

Regulation of the ‘crypto ecosystem’, or more appropriately, ‘web3’ (the open internet), is one of the key policy challenges of this decade, and the way in which Australia responds will determine its prospects of prosperity relative to other jurisdictions.

Regulation by enforcement is not the answer. Guidance from regulators is also not the answer if they are forced to continue to give guidance on legislation introduced before borderless and permissionless blockchain technology was available. This is especially so if regulators do not have the resources to acquire a full understanding of the technology and its contexts, and without powers that are appropriate and adapted to guide the innovation rather than stifle or kill it, and without clear policy positions from Government on the various issues.

The Consultation Paper has focussed on token mapping to the Australian financial services framework but makes a key finding that many ‘network tokens’ and ‘public smart contracts’ do not map to existing legal and regulatory frameworks that rely on promises, intermediaries, and agents. As such, the mantra of ‘same activity, same risk, same regulation’, mostly used in the financial services regulation context, is inadequate and outdated because the promises, intermediaries and agents are either not the same, do not exist or have been replaced by autonomously functioning technology protocols that perform as coded. A more sensible approach for the fast-paced and borderless paradigm we are now in is ‘similar activity, similar risk, specialised regulation, same outcome’. This more sensible approach should be informed by an overriding principle and duty upon innovators using blockchain technology to strive for regulatory equivalence (i.e. the same outcomes that the laws were put in place to achieve even if the application of existing law is unclear).

In summary, this submission advocates as follows:

1. Clear defensive and strategic policy positions from Government on the various issues.

2. A policy approach informed by ‘similar activity, similar risk, specialised regulation, same outcome’ and a duty upon innovators to strive for regulatory equivalence.

3. A dedicated web3 agency to assist with more timely, dynamic, and sensible guidance, legislative amendments, industry codes and interventions that evolve as the web3 market evolves.

4. A safeguarding consolidated legislative package that is activities based and focussed on consumers and investors, but which is informed by the idiosyncratic features of permissionless blockchains, and which assumes that mainstream consumers and retail investors will likely engage with intermediated token custody, exchange and management arrangements.

5. Incentives to attract key skills that support the safety and security of permissionless blockchains and token activities possible on those blockchains such as experienced developers and code security auditors.

6. An actively supervised and resourced sandbox that results in an endorsement from one or more regulators as satisfying the regulatory requirements would encourage the allocation of capital for the development of smart contracts that implement a ‘regulated workflow’ of token activities. The European Union’s recently released blockchain sandbox should be leveraged and learned from.

7. Global market integrity concerns arise in respect of DAO tokens which could trickle into potential consumer and retail investor harms. Thus, Australia should be involved in international standard setting initiatives to manage the idiosyncratic risks and likely need for novel approaches to managing those risks in a coordinated international fashion with web3 participant support rather than by any one country.

The Government is responsible for policy leadership that enables Australia to thrive, not to merely survive. Businesses involved with permissionless blockchain technology and token activities in Australia are hardly surviving. Most of the talent has already moved offshore or are in the process of moving offshore. This needs to change quickly for Australian to participate in the economic upside of the global shifts towards permissionless blockchain innovation.

I welcome the opportunity to discuss this submission and assist the Treasury with their ongoing efforts.

Yours sincerely,  

Joni Pirovich
Principal
Blockchain & Digital Assets – Services + Law (BADAS*L)
A web3 focussed firm providing legal, strategic and policy services.

Annexure A

1. What do you think the role of Government should be in the regulation of the crypto ecosystem?

   The Government is responsible for setting policy that strategically positions Australia to defend itself from threats (including geopolitical competition) as well as to grow and prosper. In an emerging and maturing environment, policy principles are more helpful than proscriptive law. The Government is also responsible for appropriately defining the terms of regulatory bodies and ensuring they are adequately resourced to uphold their mandates in accordance with the Government’s strategic policy intent.

As such, there are important questions in dire need of a policy position from Government but which are beyond the scope of this submission. These include:

(a) Whether the Government seeks to limit use of blockchain technology to permissioned blockchains only, which could effectively silo Australia away from the innovation occurring with permissionless and borderless blockchain technology.

(b) What are the digital safety and national security considerations that should inform the Government’s approach to supporting web3 activities through sensible regulation?

(c) How can web3 innovation and skills strategically position Australia to harness economic growth in the web3 global and borderless economy?

(d) How could agencies like ASIC, the ACSC, the ACCC and the ATO be more responsive to issue timely and useful guidance for web3? What is holding them back?

The role of Government in the regulation of web3, and specifically in relation to token custody and regulation and/or licensing of businesses offering or facilitating token activities, should be to amend existing laws or introduce new laws that address harmful behaviour without stifling innovative approaches to addresses those harms. Since Government is a slow-moving institution, the case has become abundantly clear for a dedicated web3 agency to assist with more timely, dynamic, and sensible guidance, legislative amendments, industry codes and interventions that evolve as the web3 market evolves.

A central bank digital currency (CBDC) and privately issued Australian dollar pegged stablecoins will not be enough to defensively position Australia even in relation to financial stability including stability of the Australian dollar. Currency substitution is already occurring towards digital US dollars away from Australian dollars. There are millions if not trillions more online interactions that can be undertaken using blockchain technology and for which there is an increasing incentive to use blockchain technology as a trusted digital infrastructure. Despite an Australian CBDC or Australian dollar stablecoins, if the infrastructure and applications that support trusted transactions are trusted because of their level of decentralisation and autonomy from interference rather than any national licensing framework, then the value capture of consumer dollars and data and potential tax revenue from fees autonomously earned by those protocols will bypass Australia. An Australian CBDC and Australian dollar stablecoins would be most effective defensively and for growth when combined with an ability to use them with decentralised and autonomous protocols for trusted transactions.

Regulation of the ‘crypto ecosystem’ should be about protecting consumers but it should concurrently be about strategically positioning Australia from a growth and national security perspective. Without a policy environment that retains or attracts blockchain businesses in or to Australia – using permissioned and permissionless blockchains - Australia will be a net importer of trusted transactions and will have declining prospects of becoming a net exporter of trusted transactions.

To the extent that blockchain technology, and its networks of miners or validators, become the global infrastructure for trusted online transactions – not just payments, but trusted online transactions – Australia should defensively position itself in relation to each major blockchain network as critical global financial and security infrastructure. Bluntly, this means that miners and validators, and their supply chains which include silicon and crucial knowledge skills, need to be incentivised to do business from here. Australia’s ability to participate in web3 effectively and strategically will become increasingly important to preserve the integrity of our sovereignty, maintain national security, and to replace our existing tax base with new and structural sound forms of tax revenue from the decentralised digital economy.

2. What are your views on potential safeguards for consumers and investors?

One of the best safeguards is education and understanding. The web3 ecosystem and how it should be regulated should move away from ‘it is a duck if it looks and sounds like a duck’ and move towards a more fitting analogy that encompasses ‘fruit, tree, orchard (internal environment than can be controlled), and weather (external environment that cannot be controlled without international standards or coordination by either the web3 industry and /or governments)’.

An illustration is included below to show that the traditional financial services framework does not cater for ‘weather’ and thus is incomplete in its ability to protect consumers and retail investors dealing with tokens deployed on permissionless blockchains. If all or most tokens or arrangements involving intermediated token systems are treated as financial products, substantial work would still be required by the traditional financial services industry to understand the idiosyncrasies of tokens deployed on permissionless blockchains and token activities programmed to execute on permissionless blockchains and appropriately manage risk.

But for a few exceptions, the existing financial services framework should be appropriate to deal with tokens and smart contracts deployed on permissioned blockchains and token activities controlled by the authorities permitted to operate permissioned blockchains. One exception is the secondary market trading of shares in private companies. In addition, in some cases laws other than financial services laws need to be amended to permit use of permissioned blockchains for innovative activities using tokens such as amendments required to state based land and stamp duty regimes to facilitate the secondary market trading of tokenised real-world assets such as real property.

In contrast, the regulation of tokens and smart contracts deployed on permissionless blockchains and tokens native to permissionless blockchains should be informed by the suggested policy approach below.

A safeguarding consolidated legislative package that is activities based and focussed on consumers and investors, but which is informed by the idiosyncratic features of permissionless blockchains and which preserves their censorship resistance (and ability to be maximally decentralised), could comprise the policy approach as set out below. The policy areas are set out in order of sequential priority if a consolidated package cannot be presented and the sequence assumes that mainstream consumers and investors will likely seek out token custody, exchange and management services before other token activities, and engage with fiat-pegged stablecoins (and the consequential programmability).

(a) Token custody: The Government should announce a policy position that distinguishes between the harmful practices known or anticipated to arise from the separate categories of: intermediated custody arrangements, self-custody, or smart contract-custodial arrangements. Whilst resources may only be available to set out the harmful practices that would ordinarily be regulated by the financial services framework, a holistic token custody package well-equipped to protect consumers and retail investors should also consider harmful practices that would typically fall within the purview of AML/CTF, consumer, privacy, and tax laws.

Despite the separate and distinct categories of custody arrangements, legislation should stipulate the intended policy outcomes are that persons or protocols (with or without DAO-governance) involved in providing a token custody arrangement should strive for: • clear and reliable segregation of each person’s token balance; • non-use of a person’s token balance, including a prohibition on use for voting in DAO governance; • clear expression of the terms of the custody arrangement, including how fees are charged and a person’s rights to withdraw tokens from a custody arrangement; • real time assurance on their ‘proof of state’ which takes account of the custodied token balances and how fees may be deducted from those balances, and any other assets available to offset against liabilities of providing the token custody services; • risk-flagging to enable warnings to the consumer such as where scam tokens are airdropped to the custody arrangement, either by disclosure on the official interface and/or reporting to a dedicated web3 agency; • transparency of intermediaries that are relied upon to provide the custody arrangement; • best security practices, which may include cold storage and/or distributed authorisations and/or a continuing and resourced model of governance for ongoing identification and prompt addressing of harms.

Intermediated custody arrangements should be clearly delineated between arrangements where one service provider can authorise a token activity without the client’s involvement versus arrangements where multiple independent providers are required to authorise a token activity with or without the client’s involvement. Japan’s existing legislation should be leveraged and learned from in this regard.

A dedicated web3 agency could be tasked with retaining expert knowledge of custodial arrangements and evolving best practices to ensure token custody arrangements offered or available to Australians and Australian businesses meet the stated policy principles or that Australians and Australian businesses are well-equipped to review the custody arrangement to determine if different custody arrangements should be used.

(b) Token exchange: The Government should announce a policy position that states the outcomes that centralised token exchanges and decentralised token exchanges (DEXs) should strive for when listing and permitting purchases and sales of ‘DAO tokens’ transferable on permissionless blockchains.

Jurisdictions like Switzerland have already introduced laws to permit the issue and transfer of ‘regulated tokens’ on permissionless blockchains with template disclosure documentation. However, DAO tokens are those tokens deployed to a permissionless blockchain without any person retaining control to stop or pause token circulation or destroy tokens or recover them if lost or stolen, and may not have an up to date white paper or single location for its important information. Global market integrity concerns arise in respect of DAO tokens which could trickle into potential consumer and retail investor harms. Thus, Australia should be involved in international standard setting initiatives to manage the idiosyncratic risks and likely need for novel approaches to managing those risks in a coordinated international fashion rather than by any one country.

Simply displaying the whitepaper, and even audit reports of the audited token contracts, is insufficient to protect consumers and retail investors. In addition, it is inappropriate for a web3 project to define and be responsible for global distribution mechanisms (and consumer protections related to those distribution mechanisms) of their token to consumers and retail investors.

Legislation should stipulate the intended policy outcomes are that centralised exchanges and DEXs (with or without DAO-governance) involved in providing token exchange services should strive for: • clear and reliable recording of each person’s token balances transacted; • clear expression of the terms of the exchange services, including how fees are charged; • easily accessible official information about the tokens listed; • risk-flagging to enable warnings to the exchange and/or consumer before a transaction is completed (whether it be a trade, deposit or withdrawal) including by disclosure on the official exchange interface and/or reporting to a dedicated web3 agency; • data reporting standards that allow customers to keep or obtain appropriate records to comply with their tax and other reporting obligations; • monitoring of tokens listed, or listing requirements, so that security or other treats are notified to consumers as quickly as possible; • transparency of intermediaries that are relied upon to provide the exchange services; and • best security practices, which may include compliance with standards like ISO27001, and listing tokens only where the token contract (and related protocols connected to that token) have been audited and no material or serious risks remain, and/or continuing and resourcing a model of governance for ongoing identification and prompt addressing of harms.

One outcome could be that exchanges strive to mitigate against a consumer or investor losing more value than they can afford to. For example, the exchange should have the discretion to implement innovative procedures to enable a person to limit their exposure to losses. In a similar way that centralised token exchanges have fiat currency daily withdrawal limits and processes to increase those limits (which is an AML/CTF law driven requirement), exchanges could be required to have, but have the flexibility to design, their own procedures to limit or phase a person’s purchasing and sales of DAO tokens (i.e. tokens deployed to a permissionless blockchain without any person retaining control to stop or pause token circulation or destroy tokens or recover them if lost or stolen).

(c) Token management arrangements (staking for yield, exposure to risk to produce yield such as lending and borrowing strategies, staking or other behaviours to receive newly emitted token rewards, to participate in governance): The Government should announce a policy position that distinguishes between the harmful practices known or anticipated to arise from the separate categories of: intermediated token management arrangements and smart contract-token management arrangements. Whilst resources may only be available to set out the harmful practices that would ordinarily be regulated by the financial services framework, a holistic token management package well-equipped to protect consumers and retail investors should also consider harmful practices that would typically fall within the purview of AML/CTF, consumer, privacy, and tax laws.

Despite the separate and distinct categories of token management arrangements, legislation should stipulate the intended policy outcomes are that persons or protocols (with or without DAO-governance) involved in providing a token management arrangement should strive for: • clear and reliable recording or segregation of each person’s token balance; • clear expression of the terms of the token management arrangement, including how fees are charged, how tokens will be managed and put at risk, and a person’s rights to withdraw tokens from the management arrangement; • real time assurance on their ‘proof of state’ which takes account of the token balances being managed and how fees may be deducted from those balances, the gains, losses or rewards made from management of the tokens, and any other assets available to offset against liabilities of providing the token management arrangement; • risk-flagging to enable warnings to the exchange and/or consumer before a management activity is undertaken or as soon as identified including by disclosure on the official interface and/or reporting to a dedicated web3 agency; • transparency of intermediaries that are relied upon to provide the token management arrangements; and • best security practices, which may include distributed authorisations, and allowing management of tokens only where the token contract (and related protocols connected to that token) have been audited and no material or serious risks remain, and/or a continuing and resourced model of governance for ongoing identification and prompt addressing of harms.

A dedicated web3 agency could be tasked with retaining expert knowledge of token management arrangements and evolving best practices to ensure token management arrangements offered or available to Australians and Australian businesses meet the stated policy principles or that Australians and Australian businesses are well-equipped to review the token management arrangement to determine if different management arrangements should be used.

(d) Fully collateralised fiat-pegged stablecoin arrangements

Legislation be introduced to set collateral/reserve requirements, including proof of state / auditing requirements, and currency or currency equivalent treatment for fully collateralised fiat-pegged stablecoin arrangements. The key amendments required have been set out in the previous submission made by BADAS*L to Treasury on 31 May 2022.

(e) Foundational policies (i) Criteria for legal recognition of DAOs: A framework for legal recognition of DAOs that covers their distinct legal personhood and limited liability so that consumers and investors can participate safely and with confidence in the innovation occurring in web3 projects using DAO structures. Australia could leverage from the COALA DAO Model Law, including recent implementation of the Model Law by Utah and proposed implementation by New Hampshire, as well as learnings from the significant interest towards the Marshall Islands DAO, lack of uptake of the Vermont BBLLC and Wyoming DAO structures, and shortcomings of ‘DAO legal wrappers’. Absent legal recognition criteria, at least tax entity deeming should be considered to prevent uneconomic anomalies in the application of tax laws to DAOs and DAO tokens.

(ii) Regulation appropriate and adapted to the idiosyncrasies of DAOs: To the extent token activities offered by DAOs should be regulated similarly to a financial product, the legal construct of a DAO will enable a ‘person’ to be identified in order to comply with applicable laws. However, the idiosyncrasies of DAOs warrant a nuanced application of financial services laws to a ‘person’. For example, the law could be amended to state that a ‘responsible council’ of a DAO is the relevant person in respect of the obligation to govern open source software with programmed token activities and ensure the software upholds consumer and retail investor protections. Appropriate and adapted regulation should also be considered in respect of AML/CTF, privacy, consumer, insolvency, unfair contracts, ESG and tax laws.

(iii) Token activities: The Government should announce a policy position that is more nuanced than treating all tokens as financial products and that instead focuses on the policy outcome intended from anticipated increased mainstream consumer use of token activities. The policy should set out how web3 projects can issue a transferable token on a permissionless blockchain to raise capital (category 1) and to use that same token to align incentives between their different stakeholder classes (category 2) and permit speculation and secondary sale trading of the token (category 3).

The potential harms and regulatory considerations are different for each activity and regulators around the world appear to be treating the protections promised by compliance with securities laws as being sufficient to protect against harms from categories 2 and 3 when they are not. There are idiosyncrasies to each category when tokens are deployed on a permissionless blockchain that must be addressed in amended or new laws.

For example, in category 1, if a web3 project reserves an allocation of its tokens to be held in its treasury to liquidate those tokens for other tokens or fiat currency to fund the project’s efforts, then regulation could stipulate an outcome that ensures that reserve is not subject to ‘rug-pull’ risk or other risks such as misuse of tokens. By specifying the outcome to be achieved, the onus is then on the web3 project to disclose to its community and put measures in place to prevent ‘rug-pull’ risk and misuse of tokens. Some projects may automate the liquidation of treasury tokens to occur at regular but random intervals of only sufficient funds to pay for each month’s budgeted expenses. Other projects may have different means of achieving the same outcome of mitigating ‘rug-pull’ risk. Stepping back, the web3 project should be required to have had regard to, and continue to have regard to, key risks anticipated and put in place mitigating measures for those risks.

Another example relating to category 2 could be to specify that web3 projects should strive for the outcome of social cohesion, where a cohesive social group has been proven as a self-protecting measure to quickly and effectively address harms as they arise or are identified in a group in order to maintain the strong social cohesion. Token incentive alignment is an idiosyncratic feature of tokens and global communities which requires further policy thought before amending or making new laws, or inappropriately imposing financial services laws.

A final example relating to category 3 could be to specify that speculation and secondary sale trading are ancillary and not primary uses of a token issued by a web3 project and thus, draw a clearer line between what a web3 project is and is not responsible for in matters of integrity and stability of financial markets. If one or more DAO tokens accrue a systemically significant market capitalisation which poses systemic risks and contagion risk to the traditional financial sector, it is likely that remedial efforts would require international coordination – of either or both of the web3 industry and regulators.

Token transferability is a necessary incidence of operating in a web3 ecosystem that relies on composable technology with standardised transferable tokens that can be used in many different protocols. Token transferability is also necessary in order to attract new members to participate with a web3 project. However, policy thought should be given to introducing a default assumption that the mere fact that a person purchases a token to speculate or trade or use in protocols outside of the primary uses stated by the web3 project does not mean that person is a member or participant of the web3 project. A person must actively participate in a token activity governed by the web3 project in order to fall within the regulatory framework that applies to the web3 project.

(f) Tax policy A simplified opt in tax framework for recording and reporting tax from token activities, at least in the period in which the existing tax laws are being reviewed to determine appropriate amendments that need be made. Tax uncertainty and confusion is a key contributor to consumer harm, particularly where unintended tax consequences arise from seemingly innocuous token activities. Please refer to BADAS*L’s detailed submissions regarding tax policy which are available at https://badasl.com/policy.

(g) Economic incentives Economic incentives to attract key skills such as developers and code auditors to Australia as well as capital to invest in infrastructure required to support staking and mining for globally significant permissionless blockchain networks.

3. Scams can be difficult for some consumers to identify.

a) Are there solutions (e.g. disclosure, code auditing or other requirements) that could be applied to safeguard consumers that choose to use crypto assets?

First and foremost, scams should be distinguished from smart contract vulnerabilities where the risk of loss from the latter could be mitigated by requiring code auditing.

Yes, solutions are available but are constantly evolving to help safeguard consumers engaging in token activities. For example, a policy principle stated above is that exchanges (centralised and decentralised) should only be able to list tokens for which their contract has been audited and no material or serious risks remain. If a staking activity is made available by the web3 project, then that contract or contracts should also be audited (with no material or serious risks remaining).

It is critical to note that the reliance on the quality and availability of code security auditing skills means that policy incentives to attract these skills to Australia are of strategic importance and should form part of the Government’s policy position.

b) What policy or regulatory levers could be used to ensure crypto token exchanges do not offer scam tokens or more broadly, prevent consumers from being exposed to scams involving crypto assets?

A dedicated web3 agency could be tasked with retaining expert knowledge of latest scams and evolving best practices to disclose them publicly and thereby limit and prevent exposure to token scams offered to Australians and Australian businesses. Exchanges could be required to submit reports to the web3 agency within a short period of becoming aware of a crypto scam, in a similar way that centralised exchanges are required to provide suspicious matter reports to AUSTRAC within a stipulated time frame.

4. The concept of ‘exclusive use or control’ of public data is a key distinguishing feature between crypto tokens/crypto networks and other data records.

a) How do you think the concepts could be used in a general definition of crypto token and crypto network for the purposes of future legislation?

The concept of ‘exclusive use or control’ is flawed and is not appropriate in and of itself. Without a technology framework or legislated framework for digital identity and attestation and verification of the person’s identity at a particular time of ‘holding’ tokens or at the time of initiating a permissionless blockchain transaction, it cannot be proven that a person does have ‘exclusive use or control’ – e.g. they could have shared their private key with another person intentionally or inadvertently. Auditors of self-managed superannuation funds that ‘hold’ tokens are dealing with this very problem presently with some concerned that qualified audit opinions perhaps should have been issued in the absence of independent evidence of exclusive use or control.

Tokens are arguably at best a form of ‘semi-property’. Without a right of recovery of lost or stolen tokens (or the right to recover the ability to initiate token transactions if passwords and private keys are lost or stolen), tokens are imperfect forms of property because they represent neither a chose in action nor chose in possession. The ‘digital currency exchange’ amendments made to the AML/CTF Act were inserted on the basis that ‘digital currency’ was its own thing and was expressly excluded from the AML/CTF Act definition of property. Similarly, the ‘digital currency’ amendments made to the GST law carve out when tokens will be granted ‘digital currency’ status and thus currency equivalent treatment versus treatment akin to the supply of an intangible asset. On the contrary, the Commissioner of Taxation’s public guidance states that ‘holding rights’ amount to a proprietary interest in tokens such as bitcoin but this guidance continues to receive criticism. The Tulip Trading case being heard in the UK will be pivotal in understanding whether equitable rights are owed by a blockchain network’s core developers in relation to at least bitcoin tokens, which if they are then there are more secure grounds for the Commissioner’s view that tokens, or at least bitcoin tokens, give rise to an equitable right which is one of the ways in which a thing can be a CGT asset. Again, an equitable right is imperfect if no effective remedy can realistically be granted.

b) What are the benefits and disadvantages of adopting this approach to define crypto tokens and crypto networks?

Accounting and auditing standards define their own concepts of control, and international accounting and auditing standards bodies have not issued guidance on the matter. In some cases, the Corporations Act and the tax laws refer to internationally accepted accounting principles. To the extent that these pieces of legislation continue to or will refer to accounting concepts of control, then the above approach is flawed as it will not create the certainty intended by legislative amendment.

5. This paper sets out some reasons for why a bespoke ‘crypto asset’ taxonomy may have minimal regulatory value.

a) What are additional supporting reasons or alternative views on the value of a bespoke taxonomy?

A framework of token activities is more sensible than a taxonomy of tokens since tokens can be multifunctional.

b) What are your views on the creation of a standalone regulatory framework that relies on a bespoke taxonomy?

A standalone token activities framework is an appropriate and adapted approach to regulation for the fast-paced and global nature of token activities on permissionless blockchains.

The existing regulatory framework could arguably be applied, perhaps with minor amendments, to token activities on permissioned blockchains.

c) In the absence of a bespoke taxonomy, what are your views on how to provide regulatory certainty to individuals and businesses using crypto networks and crypto assets in a non-financial manner?

In the absence of a bespoke taxonomy, the Government should announce a clear policy position as to its support or not for a web3 project to:

• issue a transferable token on a permissionless blockchain to raise capital (category 1); • use that same token to align incentives between their different stakeholder classes (category 2) – where category 2 most likely pertains to use of permissionless blockchains and tokens deployed on those blockchains in a non-financial manner; and • permit speculation and secondary sale trading of the token (category 3).

To reiterate the points made above, the point of a clear policy position in relation to category 3 is to specify that speculation and secondary sale trading of tokens deployed on permissionless blockchains are ancillary and not primary uses of a token issued by a web3 project. This achieves a clearer line between what a web3 project is and is not responsible for in matters of integrity and stability of financial markets versus the internal and non-financial behaviours of its DAO community.

6. Some intermediated crypto assets are ‘backed’ by existing items, goods, or assets. These crypto assets can be broadly described as ‘wrapped’ real world assets.

a) Are reforms necessary to ensure a wrapped real-world asset gets the same regulatory treatment as that of the asset backing it? Why? What reforms are needed?

Where fiat pegged stablecoins are fully collateralised and are intended to be treated as money, the law does require amendment to treat such tokens as money or currency. Some of the key amendments required have been set out in the previous BADAS*L submission made to Treasury on 31 May 2022 regarding the consultation on crypto asset secondary service providers, available at https://badasl.com/policy.

To the extent other real world assets are wrapped and similarly ‘fully collateralised’, it is likely that laws applicable to the asset as well as the financial services and tax laws require amendment to treat such tokens the same as a transfer of the underlying asset. Further economic and policy thought is required to the extent real world assets can be intangibly fractionalised but not tangibly fractionalised, and whether application of existing stamp duty, land tax, GST and income tax laws inhibit the economic benefits that are anticipated from such innovation.

b) Are reforms necessary to ensure issuers of wrapped real-world assets can meet their obligations to redeem the relevant crypto tokens for the underlying good, product, or asset?

To the extent tangible assets are fractionalised through tokenisation, and traded on secondary and potentially global markets, then reforms are likely necessary to deal with the idiosyncrasies that arise in dealings with fractions of a whole tangible asset and to ensure appropriate application of existing provisions that regulate foreign ownership of Australian real property.

7. It can be difficult to identify the arrangements that constitute an intermediated token system.

a) Should crypto asset service providers be required to ensure their users are able to access information that allows them to identify arrangements underpinning crypto tokens? How might this be achieved?

To the extent that DAO tokens can be used in governance behaviours and those governance behaviours are predefined and programmed in code, then human involvement in that predefined manner for the governance of tokens and/or open-source smart contract protocols that are deployed on one or more permissionless blockchains should be excluded from constituting an intermediated token system. This is because the technology provides the ‘real-time regulation’ of input by humans such that the humans can only act in ways predefined by the governance model.

In this regard, web3 projects that issue tokens and open-source smart contract protocols should be required to publish information in plain language the describes the token activities that are: • possible from the contract that deployed the tokens; • possible with related contracts that the web3 project (as a traditional legal entity or a DAO); and with respect to each of the above categories, that describes which of the activities are subject to programmed forms of human governance and input.

Where intermediaries are involved in a token activity, such as where hosting of data referenced by an NFT is managed by a centralised provider such as Amazon or Microsoft rather than a decentralised data storage system, then there should be transparency of those intermediaries (a form of ‘supply chain mapping’).

b) What are some other initiatives that crypto asset service providers could take to promote good consumer outcomes?

Each should strive to keep abreast of latest innovations and best practices concerned with good consumer outcomes.

8. In addition to the functional perimeter, the Corporations Act lists specific products that are financial products. The inclusion of specific financial products is intended to both: (i) provide guidance on the functional perimeter; (ii) add products that do not fall within the general financial functions.

a) Are there any kinds of intermediated crypto assets that ought to be specifically defined as financial products? Why?

Perhaps tokens that are issued and used on permissioned blockchains where there is a person that is appropriate to apply the financial services licensing framework to, and where that person can also predefine and control token recovery to ‘perfect’ property rights in relation to those tokens.

However, with respect to tokens and token activity protocols deployed on permissionless blockchains the financial product definitions and financial services framework is not appropriate or adapted. This is particularly so where tokens can be multifunctional depending on how they are used on a permissionless blockchain and which can freely circulate globally on permissionless blockchains beyond the control of the token issuer or network supporting the underlying permissionless blockchain.

Instead, a duty should be imposed upon web3 projects to faithfully implement the software having regard to regulatory equivalence achieved through the lens of ‘similar activity, similar risk, specialised regulation, same outcome’.

b) Are there any kinds of crypto asset services that ought to be specifically defined as financial products? Why?

To the extent that token activities based on token deployed to permissionless blockchains are being offered and facilitated through an intermediary to Australians and Australian businesses, then the principles stated above in the response to Question 2 are more appropriate and adapted than the existing financial product definitions and financial services licensing requirements.

9. Some regulatory frameworks in other jurisdictions have placed restrictions on the issuance of intermediated crypto assets to specific public crypto networks. What (if any) are appropriate measures for assessing the suitability of a specific public crypto network to host wrapped real world assets?

As stated in previous BADAS*L submissions, the policy goal worth protecting is decentralisation because of the security, integrity and trust that follows for ‘trusted transactions’ to occur on that global digital infrastructure.

Accordingly, the health of the network supporting a blockchain, including the sustainability of tokens emitted to incentivise the network participation, the geographic spread of the network, and the protocol and network’s resistance to censorship or interference from hostile state or non-state actors, are critical metrics that should feed into Australia’s defensive approach to understanding and supporting permissionless blockchain innovation and Australia’s participation in that innovation.

10. Intermediated crypto assets involve crypto tokens linked to intangible property or other arrangements. Should there be limits, restrictions or frictions on the investment by consumers in relation to any arrangements not covered already by the financial services framework? Why?

The harms arising to consumers from tokens linked to intangible property should be identified before regulation is introduced or clarified to limit or restrict investment by consumers into these arrangements.

Confusion around rights to use and commercially exploit intellectual property has been commonplace, and existing laws in place to protect consumers from misleading and deceptive conduct are still out of reach for consumers unable to afford legal advice or cross-border litigation. The policy principles and outcomes stated above in the response to Question 2, combined with a dedicated web3 agency, would greatly assist in identifying and warning consumers about particular arrangements.

11. Some jurisdictions have implemented regulatory frameworks that address the marketing and promotion of products within the crypto ecosystem (including network tokens and public smart contracts). Would a similar solution be suitable for Australia? If so, how might this be implemented?

Regulation targeted at marketing and promotion of tokens is a band aid solution to the greater problems that arise from:

• lack of appropriateness of defining tokens as securities or financial products such as where jurisdictions have adopted taxonomies comprising security, payment and utility token, so token marketing and promotion rules become necessary to re-introduce securities-like disclosure and registration requirements similar to financial services licensing;

• lack of resources available to a regulator to maintain a list of which tokens are securities or financial products, from which to enforce disclosure standards;

• lack of ability for consumers and retail investors to clearly identify scam tokens and scams related to or that use tokens; and

• lack of delineation between category 1, 2 and 3 tokens as set out in the above response to Question 2, and the idiosyncrasies for each category, which would serve to practically and usefully inform and protect consumers and retail investors.

12. Smart contracts are commonly developed as ‘free open-source software’. They are often published and republished by entities other than their original authors.

a) What are the regulatory and policy levers available to encourage the development of smart contracts that comply with existing regulatory frameworks?

b) What are the regulatory and policy levers available to ensure smart contract applications comply with existing regulatory frameworks?

An actively supervised and resourced sandbox that results in an endorsement from one or more regulators as satisfying the regulatory requirements would encourage the allocation of capital for the development of smart contracts that implement a ‘regulated workflow’ of token activities. The European Union’s recently released blockchain sandbox should be leveraged and learned from.

As stated above, it may be appropriate to amend the law to enable a ‘responsible council’ each with relevant skills and experience to be appointed and resourced on an ongoing basis to supervise the operation of an autonomous and open-source smart contract protocol. This would be an example of adopting a policy approach of ‘similar activity, similar risk, specialised regulation, same outcome’.

13. Some smart contract applications assist users to connect to smart contracts that implement a pawn-broker style of collateralised lending (i.e. only recourse in the event of default is the collateral).

a) What are the key risk differences between smart-contract and conventional pawn-broker lending?

One of the key risk differences is the propensity for perpetual loans to the extent the collateral increases or maintains a value sufficient not to trigger a liquidation. The propensity for perpetual loans causes issues from a tax treatment perspective as well as the true nature of the arrangement and economic consequences that may flow is one or more classes of collateral become economically significant and systemic.

b) Is there quantifiable data on the consumer outcomes in conventional pawn-broker lending compared with user outcomes for analogous services provided through smart contract applications?

Data could be retrieved and analysed with respect to permissionless token activities considered as ‘pawn-broker styles of collateralised lending’. However, conventional pawnbrokers operating as centralised entities likely each need to be approached for their business specific information.

14. Some smart contract applications assist users to connect to automated market makers (AMM).

a) What are the key differences in risk between using an AMM and using the services of a crypto asset exchange?

AMMs are criticised as not being as economically efficient as proprietary order books maintained by centralised token exchanges. However, reliable comparison data is not publicly available to verify the accuracy of this criticism. Further, innovation with AMMs, such as the developments seen in Uniswap v3, are enabling more tools for consumers and retail investors to be better informed about the risks involved in the allocation of capital (i.e. liquidity) to AMMs and using the tools to adjust exposure to those risks.

In addition, during a staking contract exploit investigation I have been involved with, chainalysis experts were able to analyse the AMM liquidity pool behaviour and identify indicators of a potential attack that if known to watch out for perhaps the exploit could have been prevented.

b) Is there quantifiable data on consumer outcomes in trading on conventional crypto asset exchanges compared with user outcomes in trading on AMMs?

Data could be retrieved and analysed with respect to permissionless token activities with AMM trading. BADAS*L would be pleased to bring its industry insight and experience to bear if Treasury would like assistance in this regard.

This is an experiment about how a centralised company like BADASL can begin taking steps to grow its place in the web3 ecosystem, and eventually transition or restructure to a DAO (if that is ever going to be a tax effective / tax neutral exercise)! Your NFT does not grant any rights at this stage and is a mere expression of support. The mint price is treated as GST inclusive if you are an Australian resident, and GST free if you are not an Australian resident. Send an email to info@badasl.com if you would like a tax invoice. 

Please subscribe and collect each edition to support more of the good work happening at BADASL.

So what happened in January 2023?

Breaking new ground:

• Started working with DAO* as captain of their Regulatory Interoperability working group. DAO* is an alliance of DAO builders in a race to build standards that will realise the promise of this technology. First key focus for me and my working group is building a data standard that leverages EIP-4824 as well as a Proof-of-Concept DAO* Registry Interface. We have a unique opportunity now to build our own, privacy-preserving DAO infrastructure that helps make DAOs more understandable to the everyday person, including policy makers and regulators.

• Started working with COALA (coalition of automated legal applications) Foundation to assist with:

  • Utah’s adoption of a DAO bill based on the COALA DAO Model Law - note also New Hampshire of a DAO bill on similar basis

  • Response to UK Law Commission Call for Evidence on DAOs

  • The DAO Model Law review and update process – it was only launched in 2021 but web3 moves quickly and there’s been a lot of feedback

  • Responding to requests for tender applications to develop DAO policy frameworks and legislation

  • Grant applications

• Launched BADASL Legal CPD sessions (below) with more to come - bookings and recordings via the BADASL website:

  • 2023 Policy & case law update – DAOs and token activities

    1. Australian Treasury consultation paper: token mapping

    2. Australian Board of Taxation review into tax treatment of digital assets

    3. Treasury Laws Amendment (2022 Measures No. 4) Bill 2022 (to exclude BTC from being treated as a foreign currency)

    4. Industry standards and proposed regulations for: token custody; token exchange services; stablecoins; DAOs

    5. Recent case law in Australia and overseas

  • 2023 DAO tax masterclass

    1. Tax entity classification and pitfalls of common 'legal wrapper' structures

    2. Taxable permanent establishments and transfer pricing consideration

    3. Anti-avoidance and integrity provisions

    4. Tax risk management approaches

• BADASL DAO Health Checks and Legals

  • Supporting DAOs with a fixed cost high level legal or strategic review of their governance and operations, workshop discussion and health check note with key action items.

  • Template for high level transfer pricing analysis and risk assessment of a DAO.

  • Template for assessing central management and control of a DAO for Australian tax purposes.

  • DAO service entity agreements and deeds of delegation (where DAO does not have legal capacity to enter contracts or hold property).

  • Disclaimers and terms for participation incentive schemes involving staking - a key focus is social cohesion of the DAO to eliminate or address quickly any harmful practices. See here for Bankless’ take on social cohesion.

  • Litigation work increasing across tax, regulatory and consumer areas of law.

• Talks and roundtables

  • 19 Jan 2023: Amsterdam Centre for Tax Law-CPT Talks: In discussion with Joni Pirovich about taxation of DAOs, available here.

  • AASB roundtable on digital asset accounting as part of joint research by AASB, CPA Australia and UNSW.

• Policy and publications

  • World Economic Forum DAO Policy Toolkit launched, which I contributed to throughout 2022.

  • Submission to Australian Senate Economics Legislation Committee regarding the Bill introduced in late 2022 to clarify retrospectively that BTC cannot be treated as a foreign currency for income tax purposes, available here.

  • COALA submission to UK Law Commission Call for Evidence on DAOs, which should be available on the COALA website shortly.

  • Discussions with the Australian Law Reform Commission about DAO policy.

What’s on in February?

• LawFi DAO Digital Organisation Design workshop series, facilitated by the team at Multilateral Group (Australia) Pty Ltd. You can watch the recordings here and sign up for them via the event buttons on the LawFi DAO LinkedIn page.

• Continue work with DAO*, COALA and BADASL legal work.

• Submission to Australian Treasury’s token mapping consultation paper, available here.

• Submission to the Australian Law Reform Commission’s Background Paper on New Business Models, Technologies and Practices, available here.

• Talk on Crypto Assets and DAOs with the Corporate Law and Financial Regulation Research Program, in association with the ALRC at 5.00 pm AEDT on 15 February. You can register here.

• UK Law Commission DAO Advisory Panel session.

Author: Joni Pirovich, Principal, Blockchain & Digital Assets Pty Ltd.

Acknowledgement: We acknowledge the Traditional Custodians of the lands we live and work on. We pay our respects to Elders past, present and emerging, of all First Nations peoples.

Content License: All rights are reserved in respect of this work. Blockchain & Digital Assets Pty Ltd grants a non-exclusive, royalty free license to use this work for the following purposes:

a) to read and discuss for educational purposes;

b) to copy and redistribute the work for educational purposes as long as appropriate attribution is made to the author and Blockchain & Digital Assets Pty Ltd; and

c) to sell a BADASL Monthly Mint NFT if the holder no longer wishes to hold it as a collectible.

Other persons and DAOs (to the extent DAOs are not recognised as persons) are granted a non-exclusive, royalty free license to use this work for the same purposes as stated above.

Subscribing: By subscribing you will be prompted to enter your wallet address and email. This enables you to be notified via email when new entries are published. Support at mirror.xyz do not share your email address with us, only your wallet address and display name.

Collecting: By collecting a BADASL Monthly Mint NFT you will be promoted to pay the collection fee which is inclusive of Australian Goods and Services Tax (GST) if you are an Australian resident or GST-free if you are a non-Australian resident. A tax invoice and receipt can be provided to you upon request to info@badasl.com. Each BADASL Monthly Mint NFT is deployed on Optimism, an Ethereum Layer 2 network. No royalty has been set for secondary sales of NFTs so secondary sales are treated as a commercial exchange between the NFT holder and purchaser where the NFT holder is responsible for the legal and tax implications of resale while respecting the license rights. Blockchain & Digital Assets Pty Ltd reserves all rights to set a royalty on secondary sales.

Disclaimer: If you subscribe to BADASL Monthly Mints, or pay to collect BADASL Monthly Mint NFTs, all amounts received into the badasl.eth wallet will be treated as assessable income. You are responsible for seeking independent and professional legal and tax advice regarding your eligibility to subscribe to or collect BADASL Monthly Mints. None of the content constitutes legal, tax, financial or security advice.

DAO builders are building for the utility of digital public goods, security, privacy, composability, and portability. Despite the volatility in price of tokens, the (arguably more important) values being upheld by builders will continue to be relevant in an increasingly digital world. To put it simply, individuals are craving a simple environment to build and contribute to things that make our lives better through more transparent and secure use of technology.

It’s almost 6 months since LawFi DAO came into existence.

Existence is exactly what we’ve spent most of our time thinking and talking about. How does a DAO really come into existence? At what point does it become or cease to be decentralised, autonomous and an organisation? And what are the incentives and/or purpose/s that allow it to maintain not just its existence but its relevance?

These are questions not only applicable to new organisations that come into existence purely digitally, such as through the minting and distribution of a token, but also to existing centralised organisations that either seek to involve a broader stakeholder base in their strategic and governance decisions or are facing pressure for more transparency from the broader stakeholder base. Can you demerge a DAO from an existing organisation? Currently for legal and tax purposes, no.

Look at the twitter poll that Elon Musk just ran with users – a ‘yes’ or ‘no’ vote on whether he should step down as head of twitter following his release of a policy prohibiting linking to competitor social media sites. Typically, this sort of decision would be made by the board of directors, with influence from shareholders, powerful (enough) factions of management and other external interests. More than one million votes were cast in just under 15 minutes. After about an hour, Elon announced that going forward, a poll would be taken before future strategic decisions are taken.

Regulators are asking: Why can’t a DAO be contained to existing legal entity types and the legal frameworks that apply to those entities?

In theory, decentralisation of governance is occurring at twitter and within the ‘legal entity’ of twitter for the platform to maintain its relevance and thus existence with its users. The same users who are increasingly appreciating their power to influence the utility they get from the ‘digital good’ that is twitter, in addition to expectations around privacy, security, data ownership and portability. But what if more day-to-day decisions start going to twitter poll from the CEO? Would those that vote yes, or no be liable in the same way that Ooki DAO members that voted on proposals are the subject of proposed liability in the CFTC complaint?

Policymakers are considering ‘why not’ to recognise DAOs as a new form of ‘thing’ and the basis to recognise and/or regulate them. They are considering whether to approach DAOs:

• as things that can be given thin legal recognition for our interactions with them (so we can treat them as a counterparty with legal personality),

• if they should be an entity that is regulated in a similar way to corporations with directors’ duties, disclosure, and reporting obligations, and

• how their activities (such as token distribution and staking arrangements) should be regulated.

Most want to create the ‘DAO regime’ that attracts all DAOs to register in their jurisdiction with a head office and workforce in the same way that multinational corporations can be attracted to one jurisdiction or another. This ignores the features of digital-first organisations such as DAOs which support decentralised decision making and remote workforces, autonomy and self-sovereignty, and the freedom to be a digital nomad.

The fundamental question remains: Why are DAOs important? Particularly unwrapped DAOs?

Over the centuries the corporate structure has become widespread and has allowed multinational enterprises to do trade and commerce across borders. However, the corporation and existing legal frameworks are suffering because they are not natively transparent nor natively international or transnational (nor are government administrations). The compliance costs to maintain ‘trust’ (what Davidson, Novak and Potts coin as ‘cost-of-trust’) in opaque government and corporate structures is estimated to be ~35% or US$29 trillion. With rising cost pressures in the global economy, the transparency and real time compliance that autonomously governed organisations can offer may be one key part of reclaiming costs that can otherwise be spent more productively. In addition, despite increased use of ‘legal wrappers’ for DAOs it is still unclear to what extent a DAO can exist inside or separate to its ‘legal wrapper’. The question is: what is the legal and tax status of an autonomous open-source protocol that functions (such as the wrapped ether contract) where no admin or controller keys remain? Is it no longer a DAO because there are only users of the protocol and no active human governance?

The questions will no doubt continue, so what is the place of LawFi DAO in offering guidance or support? In accordance with its purposes, LawFi DAO’s efforts are set out below.

LawFi DAO activities from 1 July 2022 to 20 December 2022

Governance and establishment

1. On 1 July 2022, a few of us agreed to be bound by the LawFi DAO Rules. The LawFi DAO Rules were based on the model rules for an unincorporated association provided by Consumer Affairs Victoria and are written in plain language. This allowed us to start our organisation as one more familiar to regulators and policy makers and more clearly demonstrate the steps to operate as a ‘digitally native’ global organisation. A version of our rules will always be in plain language; however, our experiments will seek to progressively automate our governance and operational activities so that the LawFi DAO Rules do not have to be interpreted and applied but instead form the digital framework for interactions within and by LawFi DAO. Ideally, we will seek to complete the initial automation effort in a 2-year timeframe.

2. Several weeks of workshops held for the Establishment working group to discuss legal and tax considerations of various possible DAO structures and wrappers. We could have started as a cooperative, a trust, a partnership or one or more corporate entities or a combination of the above across Australia and other jurisdictions. All discussions were recorded and are available on our YouTube channel. This is an incredible open-source resource for anyone that wants to deep dive an upskill around the Australian legal and tax considerations when forming and operating as a DAO.

3. First draft white paper prepared and discussed with the LawFi DAO community in September 2022; second draft published for discussion in November 2022. Available on our website.

4. First general meeting of members in November 2022 to vote on four special resolutions: 2 were passed; 2 were not. Those resolutions that were not passed were the result of people abstaining to vote rather than voting no, indicating that more information and education was required before feeling comfortable to vote yes or no on a) to approve the draft white paper; and b) to register to incorporate the association with Consumer Affairs Victoria (and afford the association legal recognition in its own right - rather than in the names of its officers - and limited liability). POAPs sent to attendees to commemorate participation in the first general meeting.

5. Membership token is being deployed and the website upgraded to interact with web3. Thank you to member Roy Hui from Pellar Technology for all assistance.

6. Snapshot voting page established for future votes of members, capable of facilitating votes whether a token exists.

   Communications

7. Website established, LinkedIn and Twitter pages and YouTube channel created.

8. First community call in August 2022. POAPs sent to attendees to commemorate participation in the launch. Thank you to Bibi Barba and Vic Wells for the gorgeous artwork.

9. LawFi DAO discord server established; Console demo completed and LawFi DAO console recently established (a web3 native alternative to discord). One of the first votes to occur once our membership token is deployed will be a proposal to move from discord to Console.

   Treasury, financial and tax information

10. Multi signature wallet deployed to hold ENS name (lawfidao.eth) and to receive membership fees paid in ETH and USDC.

11. Application for bank account denied based on DAO structure – bank does not have sufficient risk processes to support banking services for a DAO.

12. Application to open account with centralised token exchange ongoing.

13. Bank account created in the name of Joni Pirovich, segmented from other personal and business accounts, as one of the officers of LawFi DAO.

14. Application for an Australian Business Number (ABN) denied initially; on reapplication ABN granted. Complaint made to ATO regarding entitlement to ABN and decision made without an answer to the grounds of complaint.

15. Registered office service engaged for privacy of officers’ addresses and to receive official mail.

16. Quotes requested for support in Australian tax filing preparation and lodgment.

17. Application for association liability insurance submitted, awaiting response from broker and insurers.

Policy and education

1. Submission to UK Law Commission on digital assets consultation lodged, following a few months of weekly workshops with members and friends to discuss the consultation paper and recommendations.

2. Assistance to the Australian Board of Taxation in their review of the tax treatment of digital assets by providing a copy of the draft LawFi DAO white paper and submissions

3. Expressed interest for LawFi DAO to participate in UK Law Commission Calls for Evidence on DAOs and Digital assets which law which court (Conflict of Laws).

4. Assistance to Australian Law Reform Commission regarding education about DAOs and recommendations around reform of the Corporations Act (and financial services regulation) related to emerging technologies following release of their FSL7 paper.

5. Guest lecture about DAOs at Swinburne University of Technology to students of the Applied Financial Services Project within the Master of Financial Technologies course.

6. BFF discord and twitter spaces to educate the BFF community about DAOs, thanks to connection through member Liya Dashkina.

7. Education session to the Australian Securities and Investments Commission regarding the options for the LawFi DAO protocol starting from basic pay-to-rely functions to peer review, insurance pool and a revenue or grant distribution pool and the ensuring legal complexities and uncertainties. Visit the #establishment channel of our discord server for more information.

8. Guest panelist at the Blockchain 4 Europe Summit in Brussels discussing ‘Why DAOs are a key building block for the future economy’ with Dr Joachim Schwerin, principal economist at the European Commission, Balazs Nemethi of kycDAO and Manuel Muller, strategy advisor at capneo DAO.

9. Guest speaker at the RMIT ‘What’s governing web3’ conference to provide commentary on the implementation in Australia of the COALA DAO Model Law, including participation in DAO governance workshops spanning game theory, ethnography, constitutional design.

10. Initial liaison with Consumer Affairs Victoria around the process for registering to incorporate an association, describing some of the difficulties around the not-for-profit exemptions in State law versus s 115 of the Corporations Act. Visit the #establishment channel of our discord server for more information.

    What’s ahead for 2023?

11. Digital design workshops scheduled for February 2023, led by member, Andrew Walton from Multilateral Group (Australia) Pty Ltd, and subject to the outcomes of those workshops and funding the following experiments may proceed.

12. Experimentation with LawFi DAO operating as an ‘accredited authority’ for DAOs seeking accreditation under the COALA DAO Model Law, to assist governments with understanding how such a model could be legislated.

13. Experimentation with DAOstar One to adopt and input to the interoperable standards.

14. Experimentation with ‘Know Your DAO’ processes to support risk-based and fit for purpose onboarding and support of DAOs by service providers (both centralised and decentralised).

15. Collaboration with Verida around their DID (decentralised identity) and Vault solution for managing verifiable credentials.

16. Experiment with kycDAO and KYC NFTs.

17. Participation in the ongoing policy consultations of the UK Law Commission, Australian Law Reform Commission, the OECD et al.

18. More speaking and panelist engagements, including the ACTL-CPT Talk on taxation of DAOs held out of Amsterdam by Dennis Post and Anna Vvedenskaya.

    Creator Spirit awards

    The first inaugural Creator Spirit recognition awards for 2022 have come about as a community tradition I’d like to instill and perpetuate to encourage members and friends to aspire to this special category of contribution and recognition. The awards are intended to recognise members and friends that have shown consistent dedication and support of the LawFi DAO purposes while demonstrating respect, reciprocity, kindness, and integrity while doing things differently and appreciating that time is our most precious resource.

    The 2022 awards go to (in alphabetical order):

    Andrew Walton, Arturo Rodriguez, Dimitrios Salampasis, Electra Frost, Ellie Rennie, Gordon Christian, Greg Metzmacher, Greg Oakford, Liya Dashkina, Michael Bacina, Myles McGregor-Lowndes, Roy Hui, Susannah Wilkinson, Victoria Wells.

    Thank you to all the members and friends that have joined or supported LawFi DAO in one way or another. Please take some time to rest and reflect over the next little while, enjoy playing and learning about the technology and the nuanced models of governance and participation that it heralds.

    Your Creator Spirit, Joni Pirovich

    A word from one of our members: Liya Dashkina

    “For me joining LawFi DAO was all about experimentation. As a non-lawyer, I was curious to join an organisation whose objective (among others) was to provide guidance, pave the way and lift the complex legal veil for other web3 startups. Over the last six months, I’ve had an incredible opportunity to observe the complexities of navigating the legal intricacies as an aspiring blockchain-based decentralised organisation. For a DAO entity that does not fit into the traditional legal framework, the importance of marking the legal boundaries has never been higher. The conversations being had today with the regulators and other government bodies, both in Australia and internationally, will likely help to shape the legal treatment of DAO structures for many years to come. I am excited to be a part of this exploratory journey!”

    Author: Joni Pirovich, as authorised representative of LawFi DAO member Blockchain & Digital Assets Pty Ltd. With thanks to Liya Dashkina for reviewing and providing a quote from her perspective as a member.

    Acknowledgement: We acknowledge the Traditional Custodians of the lands we live and work on. We pay our respects to all Elders, past, present and emerging, of all First Nations peoples.

    Content License: This work has been produced by Joni Pirovich as authorised representative of LawFi DAO member, Blockchain & Digital Assets Pty Ltd. All rights are reserved by that member in respect of this work, and that member provides LawFi DAO, currently an unincorporated association formed in Victoria, Australia, with a non-exclusive, royalty free license to use this work for the following purposes:

    a) to read and discuss for educational purposes.

    b) to copy and redistribute the work for educational purposes as long as appropriate attribution is made to the author and LawFi DAO and indications are clear about any changes made.

    c) to receive a portion of fees from collectors as donations to LawFi DAO in furtherance of its not-for-profit purposes.

    Other persons and DAOs (to the extent DAOs are not recognised as persons) are granted a non-exclusive, royalty free license to use this work for the same purposes as LawFi DAO stated above.

    Artwork License: With thanks to my 4-year-old son Leo for providing the artwork to accompany this blog post. All rights are reserved by him with respect to his artwork.

    Subscribing: By subscribing you will be prompted to enter your wallet address and email. This enables you to be notified via email when new entries are published. Support at Mirror.xyz do not share your email address with us, only your wallet address and display name.

    Collecting: By collecting this blog you will be promoted to pay the collection fee which is inclusive of Australian Goods and Services Tax (GST) if you are an Australian resident or GST-free if you are a non-Australian resident. All proceeds net of costs to Blockchain & Digital Assets Pty Ltd will be sent to lawfidao.eth treasury wallet. A tax invoice and receipt can be provided to you upon request to jp@lawfidao.com. Each collectible blog is deployed on Optimism, an Ethereum Layer 2 network. No royalty has been set for secondary sales of blog pieces so secondary sales are treated as a commercial exchange between the NFT holder and purchaser where the NFT holder is responsible for the legal and tax implications of resale. However, LawFi DAO and Blockchain & Digital Assets Pty Ltd reserve all rights to set a royalty on secondary sales.

    Disclaimer: If you subscribe to the LawFi DAO blog, or pay to collect blog pieces, all amounts received into the LawFi DAO Treasury wallet from subscriptions or collection fees will be treated as donations. The amounts received into the badasl.eth wallet will be treated as assessable income and go towards defraying the costs of preparing and minting the blog. At the date of posting this blog, LawFi DAO is a not-for-profit unincorporated association of persons, but it is not a charity registered with the Australian Charities and Not-for-profits Commission and nor does it hold income tax exempt or deductible gift recipient status. You are responsible for seeking independent and professional legal and tax advice regarding your eligibility to subscribe to or collect from the LawFi DAO blog. None of the content constitutes legal, tax, financial or security advice.

Copy slightly edited from version submitted on 5 September 2022 to reflect review comments from Dr Elizabeth Morton

Alex Bosinceanu HM Revenue and Customs (HMRC)

By email only: financialproductsbai@hmrc.gov.uk

Dear Alex,  

Call for Evidence: the taxation of decentralised finance involving the lending and staking of crypto-assets

Thank you for the opportunity to provide a submission on the Call for Evidence.  The Call for Evidence is a welcome initiative to clarify the application of existing tax laws and identify the areas for statutory tax reform.

The Call for Evidence was published just before the UK Law Commission’s consultation paper on digital assets (Law Commission Work). The Law Commission Work relevantly provides that without recognising a third category of personal property to allow for the nuanced and idiosyncratic approach to the legal characterisation of new things, it is difficult to provide well-reasoned, thoughtful and effective prudential, capital markets, tax and other regulations in relation to new objects of property rights. The Law Commission also indicates it will shortly commence a scoping study to explore and describe the current treatment of DAOs under the law of England and Wales.

As such, this submission provisionally supports Option 2 (Separate rules) and Option 3 (No gain no loss) since Option 2 is likely the most appropriate and future-fit to adapt with the proposed statutory, and perhaps eventual common law recognition, of a third class of property. Option 3, with respect to staking and reward arrangements, could be appropriate to align the tax treatment of DeFi staking activities with the concessional tax treatment afforded to early-stage investors to incentivise the allocation of capital to early stage and high-risk innovative ventures. This aptly describes what is really happening with staking arrangements – that is, an incentive arrangement to ‘bootstrap’ users to an application or blockchain network.

Some observations are set out at Annexure A, with policy recommendations set out at Annexure B, and responses to the consultation questions provided at Annexure C.

This submission is drafted from an Australian tax law perspective, noting that there are similarities but also some differences between the UK tax law and the Australian tax law.

I welcome the opportunity to discuss the recommendations and look forward to seeing the consultation progress.

This submission will be shared and discussed in the ‘Taxation of token activities’ working group of LawFi DAO with the view that the submission is ratified by the LawFi DAO committee and its members.

Yours sincerely,                        

Joni Pirovich Principal Blockchain & Digital Assets – Services + Law

Annexure A              Observations

A.         Importance of articulate language to accurately describe the relevant factual circumstances to which the law applies

[1]        This submission refers to ‘ownership of a token’ as shorthand and to reflect that several jurisdictions seek to treat tokens as property without providing full legal reasoning to support that view. As alluded to in the Law Commission Work, there has perhaps been an inaccurate or incomplete description of the legal relationship between a person, the tokens they ‘own’ and a global blockchain network. The case law across jurisdictions shows that courts are willing to recognise tokens as personal property without providing full legal reasoning behind the judgments. This is likely because tokens do not fit neatly into the existing categories of a ‘thing in possession’ or a ‘thing in action’, however the common law seeks to provide protection as if tokens are a form of property.

[2]        It is likely more accurate not to speak in terms of ‘ownership of tokens as property’ but rather a ‘right to use software for as long as the software is supported’. In a similar way that a person can create and use an email account if that person abides by the terms and conditions set by the email service provider and for as long as that email service provider continues providing the service, that person can only use the tokens they ‘own’ for as long as the miners (or validators or other type of participant in an alternate consensus mechanism) support the blockchain network that the tokens are compatible with.

[3]        Accordingly, and as set out in further detail below, policy that preserves the ability of miners (or validators or other) to continue to support a blockchain network is the critical policy goal that is necessary to support an ongoing or perfection of ‘ownership’ and preservation of any value of tokens on a blockchain network. In other words, the ‘perfection’ of ‘ownership’ in a token graduates by reference to either the geographic dispersion of the blockchain network’s miners (or validators or other) and / or the number of jurisdictions with friendly law (rather than unfriendly law) applicable to miners (or validators or other).

[4]        However, if a centralised provider is offering a custody or management service for tokens and where they represent themselves as being responsible for their customers’ ongoing ability to use the tokens then a person is not dealing with a global blockchain network anymore they are dealing with a centralised provider which gives rise to a ‘thing in action’.

[5]        Based on the above, the ‘perfection’ of ‘ownership’ of tokens is a circumstance driven by geographic dispersion of nodes rather than legal recognition, relies on multiple countries pursuing this same policy goal and establishes that no country can act in isolation to ‘perfect’ any property right vis-à-vis tokens native to a blockchain network that may exist or be deemed to exist as the common law and/or statutory law reform eventuates. The case may be different for application-level DAOs (sometimes referred to as protocol DAOs) and their token/s.

[6]        At any one time, a person has the ability but not necessarily a legal right to use the blockchain ledger software – the ability to use only subsists in a person vis-à-vis the ongoing support for a network. A person’s ability to use relies on their access to the private key, where the public-private keypair represents that there is a positive balance to the associated public address recorded per the state of the ledger that a consensus of nodes agree to. In other words, if a person loses access to their private key or the private key is stolen by an unknown actor that person has no legal right against any one or collection of miners (or validators or other) to restore the balance of tokens they claim to have which would require proof from sources other than the ability to use the ledger software with the applicable private key.

[7]        The UK Law Commission Work states that the ledger record will be the correct factual record but not necessarily the correct legal record. This statement is poignant and brings into focus legislation introduced by countries such as Luxembourg in January 2021 to give legal status to the ledger record by virtue of legally recognising ‘DLT-based issuance accounts’ that can be used for the issue of dematerialised securities.[1] In addition, whether the ledger record is the correct factual and legal record is a question tested and being tested with at least one hard fork: the ETH-ETC hard fork in 2016 which followed The DAO attack. The blockchain ledger we refer to as Ethereum Classic records the ‘ownership’ of stolen ETH (now referred to as ETC post hard fork) to the attacker’s public address and the blockchain ledger we refer to as Ethereum does not represent the attacker’s ‘ownership’ of ETH because the Ethereum community acted to implement a contentious hard fork.

[8]        Litigation has been on foot in Australia (ASZ21 v Commissioner of Taxation) since late 2020 to determine the nature of rights held by a taxpayer prior to and post the ETH-ETC hard fork, with respect to that taxpayer’s ‘ownership’ of ETH pre- and post-hard fork for the purpose of ascertaining the correct application of tax law to the taxpayer’s circumstances. The Commissioner of Taxation has commenced a number of interlocutory proceedings such that the substantive property law issues have not yet been heard in court.

[9]        Understanding the full factual circumstances informs a proper understanding of the nature of the legal relationship and is a critical first step before the tax treatment can be properly determined or appropriate tax policy developed.

B.         Global decentralisation is the policy goal worth protecting

[10]      Further to the point made above at A[3], the ability for any miner or validator (or other) to continue to provide support to a blockchain network, and the ability for miners (or validators or other) to be geographically dispersed around the world, may increasingly be impacted by regulation.

[11]      For example, the recent (failed) attempt through the European Union to ban bitcoin mining (or rather impose minimum environmental sustainability standards)[2] could have prevented geographic spread of bitcoin miners in EU states. In addition, the recent sanctions by the US Treasury’s Office of Foreign Assets Control (OFAC) on 38 smart contract addresses associated with Tornado Cash has raised questions about sanctions compliance by miners (or validators or other) and whether a blockchain network can and should be ‘resilient’ to domestic law (more colloquially, ‘censorship resistant’).[3] Whichever law is used for the next type of ‘influence’ upon the borderless technology will be highly controversial, as the preceding examples have shown such legislative and regulatory attempts to be.

[12]      The OFAC sanctions upon smart contract addresses evidence that there is a willingness within OFAC to apply the law to a ‘non-person’, which is novel and may lack validity upon review by a court (if an eligible applicant can bring the matter). To date, there have been no similar efforts by any tax regulator with regard to a DAO or smart contract addresses that are no longer actively governed by a DAO.

[13]      The right or licence to use is only valuable if there is a global network of nodes that continue to support their use of the blockchain ledger software to validate transactions recorded on the ledger. The number of independent nodes and level of global decentralisation is a proxy for the integrity and trustworthiness of the ledger record, and often the value of tokens referable to that blockchain network. The number of accounts and transactions on a blockchain ledger is indicative of the level of trust and desire to transact with that blockchain ledger software and its network over another blockchain ledger software and its network.

[14]      Based on the above points, global decentralisation of a blockchain network is a policy goal worth protecting but the right balance must be struck between the protections our existing laws seek to uphold (including tax compliance) and the resilience of a blockchain network. The attempt to enshrine a legal relationship between a person and a node, or a person and many nodes, for legal and / or tax purposes could be a type of ‘influence’ that a majority consensus of nodes reject and then ‘hard fork’ to refute what may be deemed an improper ‘influence’ from the law of one or more countries. However, the legal relationship between a person and a DAO governed protocol may be a less controversial legal and relationship to define albeit not necessarily an easier exercise.

C.         Scope of Call for Evidence

[15]      The Call for Evidence is limited in scope to investors interacting with DeFi lending and staking and further states as follows:

a.         “An individual holding crypto assets and engaging in DeFi transactions is unlikely to be trading.”

b.         “…no UK tax implications for individuals who are not UK resident but who transact with a UK-based platform.”

[16]      The first statement is a welcome clarification but requires further detail to be useful for individuals or the tax agents with individual client bases. Without clarification, the typical tax agent is likely to assume an individual engaging in DeFi transactions does so on capital account and would treat tokens used in lending and staking arrangements as capital assets with no disposal or cancellation (or other) tax event, and the returns generated from those activities as assessable income at the time those returns are derived.

[17]      The second statement is also a welcome clarification but requires further consideration of what constitutes a ‘UK-based platform’.

Meaning of ‘trading’ needs to be clarified with respect to clear categories of DeFi transactions

[18]      An individual may not be ‘trading’ in the commonly understood sense of the word but may meet the common law test of ‘venturing the asset into trade for a profit-making purpose’ by interacting with DeFi staking and lending protocols once or multiple times.

[19]      The common law allows that a profit-making scheme can take many years to complete (Whitfords Beach; and more recently Greig v FC of T [2020] ATC 20-733). This challenges the general understanding and shorthand application by tax agents and taxpayers that an investment is made on capital account if the intention is to hold that investment for the medium to long-term including where the capital asset can be deployed to revenue producing purposes (i.e. an investment property listed for rent). In this context, it is unclear whether tokens ‘staked’ or ‘lent’ to earn token rewards or token returns respectively constitute ‘venturing the asset into trade for a profit-making purpose’ even if only done once.

[20]      Where a token is ‘ventured into trade’, such action could have the effect of changing a person’s holding of the token or tokens from being held on capital account to revenue account, which is itself a tax event. As such, it is unclear whether person that engages with a one or a few DeFi protocols or interacts a few times with one DeFi protocol continues to be an investor on capital account. The corollary is when an individual’s token activities are such that that their holding of tokens changes from revenue account to capital account, which is also a tax event.

[21]      Furthermore, it is unclear if a person interacts with the same or similar DeFi protocol on two or more blockchains (e.g. Uniswap on Ethereum and Serum on Solana) whether this activity is indicative of a person carrying on a business of token activities (‘trading’ for short hand) or more akin to a share investor using both the Australian Stock Exchange and the London Stock Exchange to conduct their activities of investing in shares on capital account.

[22]      Accordingly, the categories of DeFi staking and lending transactions for which clear guidance about whether a person ‘ventures their tokens into trade with a profit-making purpose’ include:

a.         staking of one class of tokens in a liquidity mining scheme[4] offered by the DAO (e.g. ILV liquidity mining scheme, overseen by Illuvium DAO governance);

b.         staking of one class of tokens to increase voting weight, which may also increase rate of token rewards (e.g. veCRV with Curve protocol, overseen by Curve DAO governance);

c.          lending tokens to a liquidity pool to receive ‘trading fee’ token returns (e.g. ETH and COMP in a Uniswap v1, v2 or v3 liquidity pool);

d.         lending tokens to a liquidity pool to receive ‘trading fee’ token returns and the LP token with the intention to stake the LP token in a liquidity mining or staking rewards scheme;

e.         lending tokens to a protocol that represents you will accrue token rewards in consideration for your tokens being lent out to another legal person or another protocol; (e.g. Aave and Compound protocols);

f.           staking tokens to a protocol that represents you will receive loan proceeds (in tokens) and ‘interest’ or an ‘interest-like’ obligation accrues for the duration that the loan is owing and where the tokens are not available for use by other legal persons or another protocol (e.g. Maker protocol);

g.         staking of one class of tokens to participate in simple proof of stake (sPoS) (e.g. ETH post-merge);

h.         staking of one class of tokens to participate in delegated proof of stake (dPoS);

i.           undertaking any of the above activities with more than one class of token; and

j.           undertaking any of the above activities on more than one blockchain network.

[23]      A chain analytics firm may be able to produce data that estimates the potential tax revenue from assumed UK residents based on various scenarios of tax treatments of the above categories of DeFi transactions.

[24]      Whilst the categories may be relatively easy to articulate now, the way in which each protocol is designed could substantially impact the application of tax laws such that one protocol in a DeFi category does create one or more tax events whereas others do not.

[25]      Tax arbitrage opportunities should be front of mind for the UK HMRC in clarifying the operation of existing law and setting tax policy that attracts innovators to the UK and DeFi users that can sensibly understand and apply tax laws to their DeFi staking and lending activities.

[26]      There are also centralised providers that intentionally and unintentionally mislead the public about their level of decentralisation or use of DeFi protocols. Popular examples include Celsius, BlockFi and Nexo. Such providers may have clear terms and conditions that define the legal relationship between them and their customer (e.g. as bare trustee, as agent, as transferee with no obligation to return the principal, etc) but often customers won’t read or understand the terms, the terms are not in the customer’s interests and are not analogous to the deposit guarantees that go along with a bank savings account. As such, customers have likely unintentionally transferred beneficial ‘ownership’ of their tokens to the provider and triggered a tax event that they likely have not reserved any fiat currency from which to pay a tax bill.

Time of derivation of token returns or token rewards in DeFi staking and lending arrangements is unclear

[27]      There is perhaps more contention amongst tax agents with individual client bases around when staking and lending returns are derived than whether a disposal or cancellation event has occurred on entering the arrangement.

[28]      There are several protocols that deliberately challenge the interpretation of ‘derived’ or seek to defer the time of derivation of token rewards. For example, the HEX protocol and its ‘Good Accounting’ function.[5] More protocols may copy the ‘Good Accounting’ function or implement ‘upgrades’ with the intention that a person does not derive assessable income at the time token rewards accrue or are claimable.

The user experience does not clearly suggest there should be one or more tax events on staking or lending

[29]      Often it does not make economic sense to the lay person interacting with smart contracts via a simplified user interface that there has been a disposal (or multiple) or cancellation of ‘ownership’. A number of taxpayers would not realise that their ETH is converted to WETH by the wrapping contract in a number of Ethereum-based protocols, which at least the Australian Taxation Office appears to be treating as a disposal event.

[30]      The language of the tax statute and common law requires that there be ‘ownership’ and where a tax event typically arises when beneficial ownership is transferred or cancelled. As set out in Annexure A the ’perfection’ of a person’s ‘ownership’ of tokens native to a blockchain network subsists vis-à-vis an active network of independent nodes that agree to the state of the ledger. In this regard, a person’s ‘ownership’ could in effect be cancelled or destroyed or changed if the blockchain network becomes progressively centralised and does not maintain its sufficient global decentralisation. The everyday taxpayer is not equipped to maintain such an ongoing assessment of each blockchain network, nor will they necessarily understand whether a token is a native blockchain token (such as BTC, ETH, AVAX, or SOL) versus an application-level token (such as COMP, UNI, MKR, CRV).

[31]      Since a person’s ‘ownership’ of tokens is not equal to having ‘rights in action against any recognised legal person’, the legal analysis must necessarily be more fluid and focus on a person’s activity with a token or protocol rather than each transaction recorded to the blockchain ledger. The ‘rights’ only crystalise during a person’s interaction with the blockchain, to either transfer tokens to another public address or interact with a contract (which includes DeFi staking and lending activities). In this regard, despite that a token may be burnt or sent to a zero address or sent to a lock/escrow address (which is a transaction recorded to the ledger) the tax treatment of the person’s interaction with each individual contract within a protocol is not a standalone transaction and should not be looked at separately when it is part of a bundle of transactions that make up an arrangement.

[32]      I refer you to my recent article published in the Australian Tax Review, ‘Shifting to More Equitable and DAO-based Global Economies: The Case for Micro Auto-taxing Standards and a Framework for Auto-tax Revenue-sharing’ (2021) 50 AT Rev 22. The article provides an analysis of possible tax treatments of a person’s lending of tokens to a liquidity pool to receive LP tokens and trading fee accrual and highlights the complexity of analysis involved in determining the tax treatment of a person’s interaction with one DeFi protocol. Individual taxpayers should not be exposed to this level of complexity, and cannot afford the tax advice for one DeFi protocol let alone multiple.

‘No gain no loss’ treatment worthy of tax policy consideration

[33]      The ‘no gain no loss’ recommendation is supported for staking arrangements because a person’s purchase of tokens with the intention to stake and earn the returns (where the schemes are often marketed as ‘liquidity mining’ or ‘staking rewards’ or ‘incentivised pools’) is the intended behaviour sought from token projects ‘bootstrapping’ the expansion of their network or users through such early-stage incentives.

[34]      If the token project does not garner enough of a network and liquidity pools of sufficient depth in its early stage, the protocol may not have enough value transacted through it or locked to it to test and prove its function and resilience. If such a network has not grown from the first few months to a year of a blockchain or protocol being released with its incentive scheme, it may not have good enough or better utility than already exists or it may just be a ponzi scheme.

[35]      It is exactly this testing that occurs in the early phases of a token incentive scheme being on offer that is required of protocols to experiment and push innovation forward. What is often not understood by everyday taxpayers is that the ‘whales’ (persons with large token holdings) will test a new blockchain network or protocol with a small amount of tokens before using large amounts. Once ‘whale’ wallets trust a blockchain or protocol, this is industry shorthand for an increased level of trust in a blockchain or protocol that means use and utility will likely continue after the token incentive scheme is exhausted. The collapse of UST and LUNA is a recent example of this – the token incentives offered by staking with Anchor protocol were lucrative but showed that more needed to be done, or different activities were required, to accelerate the growth of the network of individuals and businesses transacting with UST to a level that new users weren’t simply attracted by the staking incentives but rather a large community of UST users.   

[36]      Everyday people attracted to such incentives may not be able to afford to risk more than A$5,000 to A$10,000, maybe less, but they should be empowered to choose based on being properly informed about the risk. The ‘no gain no loss’ tax policy could also be an opportunity to highlight the early stage and high-risk nature of the token project and its incentives.

[37]      From a tax policy perspective, the UK HMRC should investigate whether the evolution of token incentives to attract a user base to a blockchain-based start-up should be treated as assessable income.

Proposed framework to support analysis of appropriate basis of taxation for DeFi lending arrangements

[38]      The HMRC should consider developing a framework to distinguish ‘Account to Contract’ arrangements where a person initiates and signs a transaction from their digital wallet (referred to as an ‘account’ in blockchain parlance) to transfer tokens to a smart contract, from ‘Account to Contract to Account’ and ‘Account to Contract to Contract’ arrangements. In the former category, a person’s ongoing economic ownership of a token is typically clear; in the latter two categories, a person’s tokens are put at risk by their availability for use by other people or by automations, respectively.

[39]      Further work is required to ascertain the appropriate tax treatment and tax reform for the latter two categories. A chain analytics firm could assist with analysis of available data to determine potential tax revenue gained or lost from the UK adopting various tax treatments.

D.         Individual tax treatment is a helpful starting point for tax treatment of funds investing in tokens

[40]      Several comments in this submission are directed at the potential tax treatment for individuals but often the tax analysis is similar for funds with trust structures that are expected to increasingly allocate capital to tokens that can be used in lending and staking arrangements. The tax revenue impact at the individual level may not be as material as it is at the fund level; however is a useful starting point to discuss relevant clarifications required for the allocation of capital through fund structures which will be distributed to individuals.

UK-based platform

[41]      The Call for Evidence excludes from scope the tax treatment of transactions entered into by an individual or entity as part of a trade, such as running a platform.

[42]      The bar could be very low for ‘running a platform’ and is worthy of clarification. For example, a person can engage with fractional.art to fractionalise the shares to profits on sale of an NFT in a set number of fungible tokens and then seed a liquidity pool on Sushiswap protocol with ETH and the ERC-20 tokens referable to the NFT for auction. This can be set up in a matter of minutes and whilst perhaps the person is not running either fractional.art or sushiswap (if they as Ethereum based protocols are platforms), the person could arguably be running a business via a platform which would be relevant for tax purposes.

[1] See further: P Degehet, N Doyle, L Lazard, ‘New Luxembourg Law allows issuance of dematerialised securities using distributed ledger technology (DLT)’ (25 January 2021), available at: https://www.bsp.lu/publications/newsletters-legal-alerts/newsflash-new-luxembourg-law-allows-issuance-dematerialised.

[2] See, for example, E Nicolle and L Pronina, ‘EU Crypto Proposal Seen as De-Facto Bitcoin Can Fails in Vote’ (15 March 2022), available at: https://www.bloomberg.com/news/articles/2022-03-14/eu-crypto-proposal-seen-as-de-facto-bitcoin-ban-fails-in-vote#:\~:text=A%20proposal%20that%20would%20have%20effectively%20banned%20the,pushes%20ahead%20with%20regulation%20of%20the%20fast-growing%20sector.

[3] See, for example, CoinYuppie, ‘OFAC sanctions and Ethereum PoS: some technical nuances’ (22 August 2022), available at: https://coinyuppie.com/ofac-sanctions-and-ethereum-pos-some-technical-nuances/; and A Thorn, C Kim, C Yu and R Rybarczyk, ‘OFAC Sanctions Tornado Cash: Issues & Implications’ (10 August 2022), available at: https://www.galaxy.com/research/insights/ofac-sanctions-tornado-cash-issues-and-implications/.

[4] I narrowly define a scheme as a liquidity mining scheme where the tokens are distributed for the first time via a contract that is ‘pre-loaded’ with an undistributed supply of a DAO’s native tokens and where the scheme is run for the purpose of attracting a broader global audience because of the incentive of liquidity mining rewards so as to distribute transferable tokens that can be used to express sentiment or cast a vote.

[5] See, for example, Howtopulse.com, ‘Hex: End Staking v Good Accounting’ (2 January 2022), available at: https://www.howtopulse.com/end-staking-vs-good-accounting/.

Annexure B              Policy recommendations

A.         The legal and tax characterisation of the DAO that is referable to the DeFi protocol is required before the tax treatment of DeFi activities can be properly determined

[1]        The completion of the Law Commission’s proposed scoping study to explore and describe the current treatment of DAOs under the law of England and Wales is crucial to inform the appropriate application of existing tax law and tax reform required.

[2]        The full facts of the scheme and the actual legal rights and obligations (or representations about such rights and obligations) created from a person’s interaction with a DeFi protocol must be understood before the tax treatment of a person’s interaction with a DeFi protocol can be determined. This can be a very difficult exercise for even the most experienced practitioners because often a white paper does not describe in plain language how the protocol operates. For example, often the white paper does not mention that the wrapping contract is required in the suite of smart contracts that make up a protocol but for tax purposes some tax authorities consider the exchange of ETH to WETH a tax event (although the position has not been supported by comprehensive legal reasoning).

[3]        In addition, the facts of the scheme can change where DeFi protocols are governed by DAOs which a person may or may not be aware of. For example, how does the legal relationship and arrangement change if a vote is approved by the DAO members to deploy a version 2 of the protocol and where the user interface will only support version 2, version 1 is no longer supported by the DAO and where version 1 continues to be available for persons to access by interacting directly with the blockchain protocol. Lack of active governance by a DAO could arise because there are insufficient incentives for DAO members to participate in governance or in the case of Tornado Cash, it becomes illegal to vote on proposals to upgrade the smart contract programming.

[4]        The full facts of the scheme include facts that allow for the legal and tax entity characterisation of the DAO to be determined. If the DAO can be characterised, for UK tax purposes, as a resident (such as a trustee, or ‘tax law partnership’ or ‘tax law company’) or non-resident entity, then perhaps the tax treatment of a person’s DeFi staking and lending activities is more straightforward. However, this will likely not be a static analysis given that the characterisation of a DAO as resident or non-resident could change as quickly as with a vote on one proposal.

[5]        The collection of relevant facts, and application of facts to the tax law, is an exercise that is out of reach and administratively burdensome for individuals and tax practitioners that have individual client base. This is the basis for policy recommendation D below.

B.         Framework of contract interactions is required

[6]        As referred to in Annexure A, paragraphs [38] and [39], the UK HMRC should set out a framework to support analysis of the appropriate basis of taxation for DeFi lending arrangements.

[7]        For example, Maker DAO is the DAO referable to the Maker protocol. Maker protocol is a public good that allows persons to ‘deposit’ collateral (in tokens) and receive loan proceeds (in tokens – DAI, a USD-pegged token collateralised). The Maker protocol is an example of an ‘Account to Contract’ arrangement, where economic ownership is retained by the taxpayer. The Aave protocol is an example of an ‘Account to Contract to Account’ arrangement, where it is the intention that economic ownership is retained but the token is risk-exposed by virtue of the other Account’s use of the token.

[8]        The tax exemption for securities lending was introduced to support market trading and behaviour that was thought to be helpful for price discovery. A similar exercise should be conducted to determine the ‘price discovery’ or other benefits to be gained in blockchain markets from a ‘securities lending-like’ tax exemption for ‘Account to Contract to Account’ and ‘Account to Contract to Contract’ arrangements.

C.         A tax sandbox should be introduced to allow sufficiently globally decentralised DAOs to experiment with automating the calculation and collection of tax from person’s that interact with a DeFi protocol

[9]        It will become increasingly complex for individuals to understand their tax obligations when interacting with one or more DeFi protocols, as well as GameFi protocols and digital identity and data management protocols where persons can own their data and be remunerated for it.

[10]      Other than the PAYG-W regime and Electronic Distribution Platform rules in Australia, an employer or platform operator, respectively, is not empowered to collect income tax or GST on behalf of an individual and remit it to the taxation office. Furthermore, the taxation office can only receive currency which inhibits the programmability of collecting and remitting the tax component on token activities directly to a taxation authority-controlled wallet.

D.         Token issuers, whether they be DAOs or not, should be required to prepare a statement of general tax consequences of a person’s interaction with the blockchain network or protocol

[11]      Confusion about whether token activities are taxable is widespread, in large part because of the confusion about whether a token is a security or financial product. Since the majority of projects appear to take the position that the token is not a security or financial product, there is no disclosure document produced which would typically include a statement about the general tax implications of a person’s acquisition and use of the token.

[12]      As a result, a number of tokens have been issued with an array of different activities possible and tax authorities cannot physically keep up with the pace of innovation and range of potential tax treatments.

Annexure C              Responses

1.         HMRC would like more information about the UK DeFi lending and staking sector. Please provide any information you hold that is relevant to the following questions. Where appropriate, please summarise data using appropriate ranges or categories, rather than providing only totals or minima and maxima.

a.         How many DeFi lending and staking platforms are you aware of that are based in the UK? What is the approximate value of their assets?

b.         Approximately how many UK-based individuals engage in DeFi lending and staking, and how much do they lend/stake?

c.         How many non-UK-based individuals are served by UK platforms and what amounts do they invest?

d.         How frequently do individuals transact, and what is the duration of each lending or staking transaction?

e.         Approximately what percentage of UK-based individuals engaging in DeFi are serviced wholly or mainly by UK platforms? Where else are the platforms UK individuals use commonly based?

DeFi Pulse is a helpful beginning resource: www.defipulse.com. DeFi protocols can be sorted by category (Lending, DEXes, Asset Management, Yield Generator), and official links to the relevant protocol are usually available. From the protocol webpage you can access the governance documentation, which must be reviewed to determine the governance model and understand what other materials are required to collate the facts to determine whether the DAO is a UK tax resident or has a permanent establishment in the UK. A chain analytics company such as Chainalysis or Elliptic could assist with blockchain data ingestion and further work to approximate geography of DeFi users to respond to (b) and (c). In addition, a chain analytics company could prepare a model to respond to (d), which is relevant information to determine whether a securities lending or like exemption is appropriate.

2.Bearing in mind that UK individuals are subject to the same tax treatment for DeFi lending and staking wherever the platforms they use are located, does the current tax treatment make the UK less attractive to platforms as a place to do business? If so, which jurisdictions are favoured and why?

For the UK to attract entrepreneurs involved in building or contributing to DAO-governed platforms further work should be done to define minimum standards of legal recognition of the DAO and its platform, such as the requirement for security audits of smart contracts before deployed and dispute/complaint management processes. The entrepreneurs and core contributors typically receive the largest allocation of tokens, where any gain is presumed to be subject to tax upon disposal.

Any country that seeks to regulate DAOs, particularly if that regulation seeks to treat them as another class of company and subject to company tax, will likely not see DAO founders and contributors seek to reside in that country. For example, Wyoming’s introduction of the DAO LLC has not attracted any of the top 20 DAOs to register there. In addition, a number of high corporate tax countries have not seen significant DAOs launch in their jurisdiction because the runway to build the protocol is significantly less after taking corporate tax into account.

Currently, the Caribbean countries are favoured because of the perception that they offer a ‘regulatory haven’ and ‘tax haven’. However, several projects and their founders have not moved to those locations to warrant true economic substance prior to protocol launches or token distribution events. Such efforts may obfuscate regulators but will likely not be effective for legal and tax purposes in several cases.

3.Approximately what proportion of DeFi lending and staking transactions give rise to disposals for tax purposes under the current rules?

Possibly all of them if tokens are treated as ‘cancelled’ when lent or staked.

As stated previously in this submission, a framework should be introduced and data collated to determine the fiat currency value of activity and associated tax revenue based on various scenarios of tax treatments. That framework should distinguish between: ‘Account to Contract’, ‘Account to Contract to Account’ and ‘Account to Contract to Contract’ arrangements, where at least the first category should not give rise to a disposal or cancellation event for tax purposes.

4.Of the transactions giving rise to the disposals, what proportion would fall within the (i) Repo rules and (ii) Stock Lending rules, if cryptoassets were treated as securities?

Potentially all activities with governance tokens (i.e. at least a right to express sentiment and often a right to cast a vote) could arguably meet the definition of security for tax purposes but not regulatory purposes.

5.Do you favour changes to the current rules?

Yes, this submission provisionally supports changes to the current rules being set out in separate rules (Option 2) which ‘switch off’ existing tax rules where tax policy warrants the incentive/concessional treatment and/or where certain conditions are met which would be defined once the data is available from a chain analytics company.

6. Do you consider Option 1 to be a suitable model for DeFi lending and staking transactions? What are the pros and cons? If appropriate, should the Repo, the Stock Lending or both regimes be expanded to apply to DeFi transactions?

Option 1 is unlikely to be suitable because most DeFi lending and staking arrangements entered into by everyday taxpayers are not short term or exited within one or two days which is the premise of the Repo and Stock Lending regimes. Once the average length of DeFi lending and staking arrangements is understood from the data analysis, appropriate tax policy can be determined to incentivise longer or shorter behaviour with DeFi lending and staking transactions. Tax policy could be a more useful reflex than regulatory reform to protect consumers from allocating capital unwisely to high-risk protocols offering token incentives.

7.Do you consider Option 2 to be a suitable option? What are its pros and cons? Should the new rules be modelled on the Repo rules or the Stock Lending rules, or would both sets of rules be needed to cater for different contractual arrangements?

This submission provisionally supports Option 2 subject to what the data shows and the policy outcomes desired that can be impacted through tax policy. Relevant data to inform tax policy will include average capital used (in fiat currency terms) in DeFi lending and staking, average days that the lending or staking arrangement is on foot, and an approximation of tax payable or tax losses incurred when a person exits the lending or staking arrangement per reasonable tax treatment scenario. To the extent the tax policy should incentivise innovation and investment in such early stage innovation, separate rules could also introduce the conditions applicable to the tax concessionary treatment. For example, token rewards not assessable income if the DAO meets the minimum standards of legal recognition set down by the UK parliament (as advised by the UK Law Commission and UK HMRC).

8.Do you consider Option 3 to be a suitable option? What are its pros and cons?

Yes, to the extent that it can encourage innovation an investment in early stage ventures.

9.Are there alternative approaches to the taxation of DeFi lending and staking that have been adopted by other jurisdictions that the government could consider? If so, please provide more details and reasons.

Japan has recently proposed easing company taxation from issuing of tokens and introducing tax breaks for individuals investing in tokens to strengthen its economy.

10.Besides the options outlined above, are there any further options for change that the government could consider?

Introduction of a tax sandbox would allow and attract DAOs to experiment in a safe environment how to best support its users to comply with the UK tax regime. Further detail is set out above in this submission.

11.How could the government be confident that any proposed rules would not discriminate in favour of users of DeFi services?

The law is already not technology neutral. Centralised technology providers have certainty of legal status and applicable regulations, DAOs offering DeFi services do not. If decentralisation is a policy goal worth protecting to encourage blockchain-based innovation that puts the consumer first and, in a position, to control their own data, then new rules could operate to put DAOs on more of a level playing field with centralised technology providers at least insofar as providing the market with certainty about the legal and tax implications of being able to choose between web2 and web3 services.