Research Summary: When is a DAO Decentralized?

TLDR

• Decentralized Autonomous Organizations (DAO) have grown rapidly in recent years. DAOs typically emerge around the management of decentralized financial applications (DeFi) and thus benefit from the rapid growth of innovation in this sector.
• Global regulators increasingly voice the intent to regulate DeFi activity. This may impose an excessive compliance burden on DAOs unless they are deemed sufficiently decentralized to be regulated. Yet, decentralization is an abstract concept with scarce legal precedence.
• We investigate dimensions of decentralization through thematic analysis, combining extant literature with a series of expert interviews. We propose a definition of “sufficient decentralization” and present a general framework for the assessment of decentralization.
• We derive five dimensions for the assessment of decentralization in DAOs: Token-weighted voting, Infrastructure, Governance, Escalation, and Reputation (TIGER).
• We present a discretionary sample application of the framework and five propositions on the future regulation and supervision of DAOs.

Citation

H. Axelsen, J. R. Jensen, and O. Ross, “When is a DAO Decentralized?” Complex Systems Informatics and Modeling Quarterly, CSIMQ, no. 31, pp. 51–75, 2022. Available: When is a DAO Decentralized? | Axelsen | Complex Systems Informatics and Modeling Quarterly

Core research question

When is a DAO (sufficiently) decentralized?

Background

• Compliance in crypto: Regulators view blockchain as transformational and imperative to innovation, growth, and global competitiveness. While crypto remains primarily unregulated, regulators across the globe are motivating and implementing crypto regulation to meet the challenge of ensuring consumer protection, innovation, and growth without stifling innovation.
• Decentralization: As the first major bloc, the EU passed the Markets in Crypto Asset regulation in June 2022 to become effective in Q1, 2023. If a DAO is sufficiently decentralized, it may be able to conduct otherwise regulated financial activity without compliance constraints such as capital, liquidity, and centralized control and reporting. Yet, no definition of decentralization is provided by regulators.
• Origins of decentralization: The concept of decentralization has been applied mainly within the government of nation-states and political science, administration, fiscal area, and environment, but also across a diverse range of disciplines, such as complex systems engineering, space safety engineering, cybernetics, management science, economics around principal agents theory, finance, law and technology, and crypto-economic systems. Within the nascent literature on crypto, the most applied definition of decentralization was proposed by Ethereum co-founder Vitalik Buterin with the introduction of the term “DAO” in 2013.
• DAO reference model: DAO tends to operate through bottom-up interaction and coordination among a set of independent and distributed rational agents, mitigating principal-agent problems through shifting power dynamics. Centralized attack vectors exist in multiple dimensions – in the protocol layer, the application layer, and the interface and user layers, through which a DAO community functions.

Summary

• As a working definition, we propose that “sufficient decentralization” is defined as a verifiable state, where (1) the design of the DAO is collusion resistant and based on long-term equilibrium; (2) its governance processes have unrestricted and transparent access.
• Given the pseudonymous nature of blockchain, it can be difficult to assess to what extent a DAO is decentralized. Through literature review and industry stakeholder and expert input, we investigate elements of decentralization across political, technological, social, and economic dimensions.
• Through analysis of how verifiably independent agents behave and interact with each other in critical DAO business systems, we develop a pragmatic framework for assessing decentralization
• The artifact was ex-ante field-tested with a DeFi expert from an EU financial regulator. Second, we applied the framework to assess the level of decentralization on Compound Finance, an algorithmic money market DAO operating on the Ethereum blockchain.

Method

• We chose thematic analysis as a method to reflect and unravel the surface of the “reality” of DAO decentralization through eight expert interviews and literature review. We analyzed the data in six phases: (1) familiarize yourself with the data, (2) generate initial codes, (3) search for themes, (4) review themes, (5) define and name themes, and (6) produce the report.
• The coding procedure comprised several rounds of analysis and refinements of the codes. The topic of decentralization is multi-dimensional and complicated. In the search for themes, we clustered initial 52 first-order concepts across 7 DAO subsystems, 4 policy dimensions, and 4 technical architectural layers, further synthesizing these into 15 second-order themes across 5 aggregate dimensions. Once we had derived the first-order concepts, second-order themes, and aggregate dimensions, we built the data structure. Example of theme coding structure as follows:
  

  Coding of data to themes1236×1255 234 KB
• Evaluation was 2-fold: (1) ex-ante field testing with a DeFi expert from a European financial services regulator as well as (2) desktop study and assessment of algorithmic money market DAO Compound Finance, which operates on the Ethereum blockchain.

Results

• To assess whether agents operate independently and if each critical dimension of a DAO meets the definition of sufficient decentralization, we define 3 types of agents (Verifiably Independent Agent (VIA), Presumably Independent Agent (PIA) and Unidentifiable Agents (UIA)
• We assess decentralization using a pragmatic framework with 15 components across 5 dimensions: Token Weighted Voting; Infrastructure; Governance, Escalation, and Reputation (“TIGER”) where we assess each component and the aggregate dimension either quantitatively (11 components) or qualitatively (4 components) assigning a score of 1-5, as exemplified below:

• We present a cursory application of the TIGER framework, utilizing a score-card methodology in which we assign a score between 1–5 for each dimension. While there are clearly identifiable areas of improvement, we assess that the Compound DAO is “sufficiently decentralized” when we factor in the protocol age. Over time, we expect a gradually increasing decentralization as the protocol matures and increasingly larger private and institutional stakeholders join the DAO.
  

  Compound decentralization radar1271×703 84.9 KB

Discussion and key takeaways

• From a regulatory perspective, an alternative approach could simply be to analyze (1) if the DAO is conducting a regulated activity, and if so, (2) if there is an accountable legal or physical person upon whom regulation can be enforced; if not, then the DAO being sufficiently decentralized must be acknowledged. In our view, such an approach is too simplistic and does not accept the fundamental premise that DLT/Blockchain is a transformative technology that will foster innovation and growth.
• We extrapolate our contributions into the following generalized propositions:
  • P1: The concept of technology-neutral regulation is challenged by DLT/Blockchain. DAOs exist and realize benefits through increasing degrees of decentralization. DAO legal design should therefore support the internal decentralization accomplished by the DAO so that a balance is achieved between external and internal decentralization, not the other way around.
  • P2: Regulators need to embrace the concept of a “grace period” for a DAO to achieve sufficient decentralization. The MiCA regulation did not include this, but it seems challenging to embrace DeFi and the concept of sufficient decentralization without it. We suggest an assessment approach where not only the point-in-time assessment is material to the decision of decentralization but also the design intent, thereby introducing a grace period from a risk-based perspective.
  • P3: In the short term, for “Institutional DeFi,” a level playing field needs to be developed by financial regulators and supervisors, including a “cut-off” strategy, with clear boundaries for acceptable centralized activity, to allow DLT/Blockchain-based businesses to develop properly, respecting the new technological feature regime. Regulators must accept that a new playing field for DAOs will develop over the coming years.
  • P4: Regulatory practices around DAO decentralization will evolve across blockchains and business models, each with its own strengths and weaknesses regarding centralized attack vectors and regulatory importance. A risk-based approach to DAO supervision, where required, will therefore need to be developed with a holistic view of decentralization across political, technological, social, and economic dimensions, as well as across underlying technology infrastructures that behave very differently from a risk perspective. We foresee regulators will designate some blockchains to have more systemic risk than others.
  • P5: DLT/Blockchain will transform how regulators supervise and enforce the regulation. The number of DAOs grew by a factor of 8x in the past year. With the increasing certainty on the regulation of crypto, the number of DAOs will likely continue to evolve, and the growth of the token economy and innovation of blockchain-based business models as well. Regulators need to adapt to this development with improved toolkits, competencies and more automated supervisory methods.

Applicability

• Our findings suggest that decentralization in DAOs is not a myth. Still, due to the technical features of blockchains, it can be complicated to investigate and assess the true level of DAO decentralization. Our contribution is a pragmatic framework that can guide aspiring DAOs, regulators, and supervisors to advance the decentralization agenda as the crypto and traditional economies increasingly overlap and integrate.

great summary @haxelax quite easy to comprehend.
I have a couple of questions though.
Incentives, the issuance of risk and conclusion rights, and the distribution of residual claims are all operationally governed by the use of both inferential and explicit agreements, which in the case of DAOs contracts are “trustless” smart contracts. The prominent, underlying issue at stake is how smart contracts vary from their counterparts written in the raw language. Smart contracts are illustrated and implemented in computer code and require no “trust,” whereas the natural language contracts that currently form the footings of modern corporations require “trusted” parties for their interpretation, monitoring, and enforcement because of the inherent subjectivity of the natural language used to write them. Therefore, smart contracts ideally do not demand interpretation, monitoring, and enforcement, and hence there should also be no need for conflict resolution, all of which are important factors in current theories of corporate governance (however some of these assumptions are challenged by the case of The DAO).
This makes solving disputes or managing unforeseen events involving smart contracts difficult since there is no central governance or legal framework available. The DAO exhibits, that this can create a serious threat to an organization’s ability to react and survive crises.

my questions are;

1. how will threats like these be addressed?
2. how will risk be allocated in a DAO?
3. how does the concept of “minority” exist in a DAO?
4. When hit by a crisis who does it affect the most?

Thanks for your excellent questions @GloriaOkoba,
To some extent I think your questions are potential future research questions that require more thought, but I do think it is critical to implement an escalation mechanism in a DAO “constitution” up front when it is designed, as it may prove impossible to implement, once decentralized. As relates the threats and risks questions (1&2), although this sounds very centralized and controlled, the way to approach it in a flexible manner in a DAO could be to implement a policy requirement up front in the DAO statutes for an escalation mechanism to always exist and a resilience testing mechanism, which must be further detailed in the DAO’s chosen operations and governance procedures and be subject to regular review and updating through the chosen democratic voting implemented. Inspired by recovery and resolution planning, digital and financial resilience requirements and dispute resolution in the traditional world, the implementation should include a requirement to regularly identify and assess critical vulnerabilities and risks, develop mitigation plans and allocate capital and other measures to deal with those risks, as is already standard in many DAOs.
In terms of the minority concept in a DAO, in this paper we refer to minority token-holders / owners, when we discuss ‘minority’, and we were obviously concerned about the ability of the majority to abuse. When we conducted our research we found from US activist shareholder experience that it is sometimes possible to launch a successful campaign with less than 2 pct of the outstanding shares in well diversified companies, the test is really very specific and should be assessed quantitatively using some of the methods we mention in the paper, where there is doubt on the composition of the token holders and delegates.
As to whom a crisis affects most is also an interesting question, we do not have an answer. I recall an interesting study from the 1980’s by Oxford University looking into the impact of catastrophes on shareholder value. Many interesting findings that have been used since for compliance and risk management more broadly; perhaps a future research paper should investigate crisis experience in DAOs, impact and lessons learned, I am sure the effects hit different stakeholders differently depending on the nature of the crisis. This would be something one would gain a better understanding of in a particular DAO through the steps mentioned above.

Since decentralization is at the center of Web 3 practices, I am happy that the decentralization of DAOs is being considered by your work @haxelax.

One of the four ethos of a DAO outlined by @danielo in their research paper and subsequent summary on the forum is decentralization. On my part, I consider that research a remarkable work as it establishes reasonable foundations upon which a DAO is built. We may, therefore, agree that DAO decentralization is crucial. The more decentralized a DAO is, the better the chance of it achieving its goals and staying secure.

Considering that the regulation of DeFi will have a ripple effect on DAOs, are you insinuating that decentralization will help DAOs “evade” regulation?

Thanks for the question @Ulysses.
Well, “insinuating” has a rather negative or manipulative connotation, I merely reflect on the (still unpublished) draft MiCA recital 12a, which was proposed by the EU Council negotiation mandate in November 2021, which, in my understanding, is still the wording that moved forward. Recital 12a clearly states that if “crypto assets have no offeror and are not traded in a trading platform which is considered to be operated by a service provider, the provisions of (this regulation, ed.) do not apply”. An offeror is defined in the MiCA draft as “a natural or legal person, or undertaking including, as the case may be, the issuer of crypto-assets, which offers crypto-assets to the public”. In my opinion an “offeror” that is sufficiently decentralized may evade regulation as there is then no longer any “person” to hold accountable. Bearn in mind though, that if the native token is traded, then a competent authority may ban it even in the case of no offeror, cfr recital 65. This effectively means the ecosystem of service providers are no longer allowed to service it. Which again suggests that to evade regulation a DAO should not only be sufficiently decentralized, but also avoid trading on a platform that is serviced by a regulated service provider (CASP).
I suggest in the paper that any aspiring DAO should understand these regulatory implications from early on.

Thanks for your quick response and for bringing to light the draft MiCA recital 12a. At least it would serve as a resource to anyone trying to create a DAO.

Since the evasion of DAO regulation was not explicitly stated, I used the seemingly offending word. I never intended your idea as being manipulative. Thanks for your understanding.

Whenever the draft MiCA recital 12a gets published please do tag to this post for easy reference. Or is there a relevant link to this that you can help share currently?

All good :-) The draft is indeed published, it is the final version that is not, sorry for that misunderstanding. The EU Council mandate is on the following link: https://www.consilium.europa.eu/media/53105/st14067-en21.pdf. DAOs were included in the parliament proposal draft that came out in the March 2022, but it is my understanding that that proposal was withdrawn during the trilogue negotiations. You can find more on that here: REPORT on the proposal for a regulation of the European Parliament and of the Council on markets in crypto-assets and amending Directive (EU) 2019/1937 | A9-0052/2022 | European Parliament

Alright, great. Thanks for the links.

Also Coindesk had a piece on steps required before the agreement becomes a regulation fyi: Here's What Still Needs to Happen Before the EU's MiCA Bill Becomes Law

Hi @haxelax, your beautiful summary and its subject matter inspired me to write a comment for the Writer’s Cohort:

DAOs have grown a lot since the DAO hack of 2016. The DAO hack set the decentralized organization concept back a few years, but then with the emergence and gradual popularity of DeFi, it was apparent that decentralized governance was needed. As a result, the DeFi industry has also seen a lot of growth, causing it to inevitably catch the eye of millions of worldwide users and, ultimately, global regulators.

From stablecoin deliberations and regulations to probes on how Automated Market Makers (AMMs) work, financial regulators have maintained a strong interest in DeFi activity. DeFi protocols and DAOs go hand in hand because DAOs are the most optimal way to achieve consensus and govern protocol matters in a non-centralized way. This co-existence between the two phenomena has also placed a strain on DAOs, as they must prove they are sufficiently decentralized lest they face strict regulations. That said, the concept of decentralization is very abstract, with little to no legal precedence.

Decentralization is important, if not the most important, aspect of a DAO. But then, when exactly is a DAO decentralized? How do we measure a DAO’s decentralization?

I believe Vitalik’s "DAOs are not Corporations: where decentralization in autonomous organizations matters" makes the argument for three situations where decentralization is important in an organization.

Here they are:

• Decentralization as credible fairness: This involves circumstances where DAOs take on nation-like functions like providing infrastructure with managed funds. Here, traits like transparency, predictability, robustness, and impartiality are valued over traits like efficiency.
• Decentralization to resist censorship: Here, the focus is on resisting attacks and threats from powerful third-party entities.
• Decentralization to make better decisions in concave environments: In this situation, compromise and plural trains of thought are encouraged. This situation trumps centralized organizations’ traditional hierarchical chain of command/communication.

With the abovementioned situations, we can infer that a DAO is sufficiently decentralized when it meets these conditions. But that’s not enough, as it is only viewed from a DAO participatory point of view.

The research authors present a framework that anyone - especially regulators - can use to access the decentralization of organizations. The framework involves a combination of data on the DAOs’

• Token-weighted voting
• Infrastructure
• Governance
• Escalation
• and Reputation

This framework is also known as TIGER, and they apply it to Compound Finance, a DeFi protocol DAO on Ethereum. Their experiment assigns scores (1-5) to each area. The image below contains the protocol DAOs scores.

• Token-weighted voting: 3
• Infrastructure: 5
• Governance: 3
• Escalation: 5
• Reputation: 3

A total of 19! While three areas have the same average score, the researchers infer that Compound DAO is “sufficiently decentralized.”

The authors give a succinct definition of what “sufficient decentralization” is. According to them, sufficient decentralization is a verifiable state where (1) the DAO infrastructure is collusion and conspiracy resistant; (2) the DAO’s governance can be accessed by anyone and is transparent for all to see.

When a DAO is sufficiently decentralized, it becomes easier and less limiting to conduct financial activities without looking over their shoulders for regulators. That said, regulators have failed to provide their definition of decentralization, making the situation more confusing.

DAO decentralization is not a myth. However, accessing the right level of DAOs decentralization can get complicated. Using the TIGER framework could help DAOs, regulators, and supervisors adequately measure an organization’s level of decentralization and hopefully advance the concept of decentralization until crypto and the traditional economy interact more in the future.

I look forward to the near future, where both industries integrate with little to no friction.

Hi @Harvesto, thanks for the kind words. I do agree the correct approach to decentralization is to first and foremost ask why we need to decentralize in the first place. The outline proposed by Buterin is interesting. In terms of the near future, I was, however, a bit put off by the US regulatory action around Tornado Cash (U.S. Treasury Sanctions Notorious Virtual Currency Mixer Tornado Cash) and more recently bZeroX and founders of Ooki DAO (CFTC Imposes $250,000 Penalty Against bZeroX, LLC and Its Founders and Charges Successor Ooki DAO for Offering Illegal, Off-Exchange Digital-Asset Trading, Registration Violations, and Failing to Comply with Bank Secrecy Act | CFTC), both evidencing that regulators are not shy of inventing new rulebooks on the fly and/or blanket sanction, if some outcome of decentralization is not as expected. My hope is that regulators consider the unique capabilities of DLT and blockchain and start developing more appropriate regulation, while also accepting that decentralization is a highly relevant objective that needs to be carefully considered in its own right. Whether that will happen in the near future remains to be seen, but given the 2 cases mentioned, I would caution DAOs to put too much faith into our suggested TIGER framework just yet.

Yes! The DAO decentralization landscape is still murky and unchartered, giving these regulators the leverage to make up things on the fly.

That said, I am glad these situations are happening in the space.

I’m not happy about the arrests, code shutdowns, and monetary fines, as the Tornado incidents left a bitter taste in my mouth.

However, it puts a spotlight on regulators and DAO participators alike.

IMO, what we can do is learn from what has happened so far, find ways around it and iterate forward. But, of course, that could open things up for more made-up regulatory violations.

In that context, I share your hopes that regulators and governments recognize and ACCEPT the capabilities of DLT, blockchain, and, most especially, decentralized governance. The cognizance and acceptance would undoubtedly reduce the pressure they feel trying to keep us in check.

Let’s see how it goes!

In the world of blockchain, there are two main types of decentralized applications (DApps): those that are run on a traditional blockchain and those that are run on a decentralized autonomous organization (DAO).

A DAO is a decentralized autonomous organization works with DeFi development company. It’s a new kind of company that’s run by algorithms instead of people. Instead of hiring employees and delegating tasks, DAOs are run by code that automatically takes care of basic functions like governance and funding. The core concept is that the organization should be self-governing and run by its members without any central control.

This summary is nice @haxelax I’ll like to highlight more on the reason DAO is decentralized.

The use of blockchain technology to offer a secure digital ledger to trace digital activities across the internet, toughened against forgery by trustworthy timestamping and distribution of a distributed database, is a representative example of decentralized autonomous organizations. With this strategy, there is no longer a need for any decentralized digital contact or bitcoin transaction to involve a mutually trusted third party. The removal of the trusted third party and the requirement for repetitively recording contract exchanges in various records may significantly outweigh the expenses of a blockchain-enabled transaction and the associated data reporting.

The core of a DAO is its smart contract, which holds the group’s funds and establishes the organization’s rules. Once the contract has gone live on Ethereum, only a vote will allow for changes to the terms. Anything that is attempted that is not permitted by the logic and principles of the code will fail. Furthermore, since the smart contract also establishes the treasury, no one is permitted to utilize the funds without the consent of the group. DAOs are therefore not dependent on a centralized authority. Instead, decisions are made jointly by the group, and when votes are successful, payments are immediately issued.

Because smart contracts are impenetrable once they are live on Ethereum, this is conceivable. The code can’t just be changed and this makes DAOs decentralized.

Published a follow up short paper on the topic where we focus on the challenges associated with regulating DAOs and the necessity of a transformational shift in the existing regulatory paradigm here: