DAO (Decentralized Autonomous Organization) — Regulatory Status

A decentralized autonomous organization (DAO) is an organisation whose governance rules and treasury are encoded in smart contracts on a blockchain, with operational decisions made through on-chain voting by token holders rather than by directors, executives, or other traditional corporate decision-makers. DAOs have been used to govern DeFi protocols (Compound, Uniswap, MakerDAO), investment vehicles, NFT communities, and grant programmes. The DAO structure’s core features — its decentralisation, permissionless membership, and smart contract automation — create regulatory uncertainty that has not been resolved in most jurisdictions.

Definition and Mechanics

A DAO typically consists of:

• Governance token: An ERC-20 or equivalent token that grants voting rights in proportion to holdings
• Smart contract treasury: Funds (typically in ETH, stablecoins, or governance tokens) held in a multi-signature wallet or smart contract controlled by governance votes
• Governance process: Proposal submission, discussion period, on-chain voting, and automatic execution of passed proposals through smart contracts
• Core contributors: Often a small group of developers or administrators who implement off-chain activities that smart contracts cannot automate (legal agreements, regulatory filings, human resources)

The degree of actual decentralisation varies enormously. Some DAOs are effectively controlled by their founding team through large governance token allocations; others have genuinely distributed governance with no identifiable controlling party.

Legal Wrapper Options

Without a legal wrapper, a DAO is not a recognised legal entity in most jurisdictions. This creates severe liabilities for participants: courts may treat the DAO as a general partnership, making every token holder jointly and severally liable for the DAO’s obligations — an outcome that could expose thousands of retail participants to unlimited liability.

Wyoming DAO LLC: Wyoming enacted the Decentralized Autonomous Organization Supplement in 2021, allowing DAOs to register as Limited Liability Companies in Wyoming. The DAO LLC provides liability protection for members (limited to their capital contribution) while accommodating smart contract governance. However, it requires filing and imposes ongoing compliance obligations; truly anonymous membership is incompatible with US LLC requirements.

Marshall Islands DAO LLC: The Marshall Islands Republic’s Non-Profit Entities Act (amended 2022) permits DAO registration as a non-profit LLC. Several DeFi DAOs (including Manta Network and Shipyard Software) have registered. The Marshall Islands framework is relatively permissive regarding membership anonymity but provides limited regulatory recognition outside its jurisdiction.

Swiss Association (Verein): Switzerland’s Verein (unincorporated association) structure has been used by foundations and DAOs that prefer a civil law jurisdiction. The Ethereum Foundation and Web3 Foundation are organised as Swiss Stiftungen (foundations); some DAOs use the Verein for governance bodies. Swiss associations have legal personality and defined membership structures.

Cayman Islands Foundation Company: The Cayman Foundation is a flexible vehicle with members, directors, and a supervisor role, capable of accommodating DAO governance. Widely used for DeFi governance layer separation from operating entities. Cayman Foundations have been used by major DeFi protocols to hold intellectual property and enter contracts while allowing on-chain governance to control treasury and protocol parameters.

FATF Treatment: Potential VASPs

FATF’s updated 2023 guidance on virtual assets explicitly addresses DAOs. FATF’s position is that whether a DAO constitutes a VASP depends on the substance of its activities, not its label:

• If a DAO provides virtual asset exchange, transfer, custody, or related services to third parties for profit, it is a VASP regardless of its governance structure
• If a DAO has a controlling group — founders, developers, major governance token holders — that group may bear VASP obligations even if governance is nominally decentralised
• Truly decentralised protocols with no identifiable controlling party may fall outside the VASP definition, but FATF considers this genuinely rare

The practical implication is that compliance officers at institutions interacting with DAO-governed protocols must conduct due diligence on whether the DAO has identifiable VASP obligations and whether appropriate AML/CFT controls are in place.

SEC Ooki DAO Enforcement Precedent (2022–2023)

In September 2022, the CFTC filed charges against the Ooki DAO — the decentralized governance successor to the bZx protocol — for illegally offering leveraged trading in digital assets without registration and without AML programme. The CFTC’s legal theory was that the DAO was an unincorporated association, and that governance token holders who voted on protocol proposals were liable as members of that association.

The CFTC obtained a default judgment in 2023 after the DAO failed to appear (having no legal person to accept service of process). The Ooki DAO was ordered to pay $644,000 in fines and to permanently cease operations. The case established that US regulators are willing to pursue enforcement against DAOs as unincorporated associations and that governance token holders face potential liability — a significant precedent.

EU MiCA DeFi Gap

MiCA explicitly excludes “crypto-asset services provided in a fully decentralised manner without any intermediary” from its scope. However, MiCA recital 22 clarifies that this exclusion is intended for genuinely decentralised activities and does not apply where intermediaries exist — even if those intermediaries are DAO participants or a foundation. The European Commission committed to reviewing the DeFi/DAO regulatory position as part of MiCA’s post-implementation review. As of early 2026, MiCA created a regulatory gap for genuinely decentralised protocols, which ESMA is monitoring through its DeFi working groups.

Related entries: FATF Virtual Asset Standards, Smart Contract, MiCA, Security Token Offering (STO)

Primary sources: FATF 2023 Guidance on Virtual Assets and DeFi | CFTC Ooki DAO Enforcement | ESMA MiCA Q&A on DeFi