Author: Hu Changming; Source: ThePrimediaDAO
Since the new crypto policy in Hong Kong, a large number of insightful domestic venture capital friends have tried to enter the crypto world through the Hong Kong compliance market, and use this to complete the iteration of their own projects from Web2.0 to Web3.0. Practice has proved that this path is feasible, but there will be some difficulties. The best idea is to be based in Hong Kong and look at the world. On the occasion of the "Hong Kong Blockchain Week" in 2024, we sorted out the problems and paths of Web3.0 "international compliance" to share with domestic Web3.0 practitioners who are trying to integrate into the crypto world through Hong Kong compliance.
Web3.0 is usually compared with Web2.0 and Web1.0. Web1.0, also known as the static web, is the first iteration of the Internet, consisting of simple static websites that can be accessed using a browser; Web2.0, also known as the interactive web, introduced more complex features such as search engines and social media, allowing greater interactivity and online collaboration; Web3.0, a decentralized network based on blockchain technology, is the next generation of Internet infrastructure.
Web3.0 is built on decentralized technologies such as blockchain, which can improve the security and control of personal data, which means that users can interact with Web3.0 applications more securely and privately and have more control over the information shared on the Internet. Web3.0 envisions a more open and secure Internet that gives users control over their own data and eliminates the need for central institutions.
The main features of Web3.0 include:
1.1. Decentralization: Web3.0 is built on blockchain technology and does not rely on centralized servers. Instead, it is a decentralized network composed of nodes distributed around the world. There is no single point of control, but it is jointly maintained and managed by multiple nodes in the network. Changes in a single or a small number of nodes cannot affect the entire network.
1.2. Tamper-proof: Based on the characteristics of decentralization, the decisions of a single or a small number of nodes in Web3.0 cannot tamper with the data of the entire network. Once the information is recorded on the blockchain, it cannot be changed or deleted, ensuring the fairness and credibility of all data in the entire network.
1.3. Traceability: All data in Web3.0 is open and transparent to all nodes, and all data is traceable, which promotes the transparency and openness of information and reduces the problem of information asymmetry.
1.4. Smart Contract: Web3.0 smart contract can realize code is law, with programmability and interoperability, improve the scalability and flexibility of the system, so that the system can better cope with future development needs.
1.5. Anti-censorship: Web3.0 does not rely on the credibility endorsement of any intermediary agency or public authority, removes the monopoly of centralized institutions and control over users, and is naturally censorship-resistant and anti-blocking, making information dissemination freer.
1.6. High security: The Web3.0 network is not easily attacked or paralyzed because there is no single attack target and no single point of failure risk. The data is distributed on multiple nodes of the network, there is no single point of failure, and the system is more stable and reliable.
1.7. Community autonomy: Web3.0 implements community autonomy and has a decentralized autonomous organization (DAO), which is open, fair, inclusive and inclusive, allowing users to have a greater say in the direction of the platform they use, promoting autonomous, free, equal and democratic application scenarios, and is conducive to achieving a more fair and equal allocation of resources and reducing social inequality.
1.8. Data rights confirmation: Web3.0 users have more privacy rights and data control rights, and truly realize data rights confirmation. For example, in online games, through web3.0, users can own non-fungible tokens, which means that even if they stop playing the game or the game creator deletes their account, they can retain ownership of their in-game items.
1.9. Privacy protection: Web3.0 implements decentralized identity management, and accounts are identities, which provides a single, secure login across censored and anonymous platforms, supports the implementation of decentralized identity authentication and digital identity, and protects user privacy to the greatest extent.
1.10. Cryptocurrency: Web3.0 can realize consensus as value, and it naturally has the attribute of encrypted digital currency, which promotes the development of new finance and reduces transaction costs and intermediary fees.
1.11. Decentralized Application (DAPP): In Web3.0 projects, currency holders are users, which is a reconstruction of the traditional business model, encouraging more innovation and experimentation, because decentralized networks are more flexible. In the Web3.0 ecosystem, anyone can create value and realize benefits by developing smart contracts, building decentralized applications (DAPP), participating in cryptocurrency transactions, etc. This open and inclusive innovation environment helps to stimulate more innovative vitality and promote the continuous evolution of technology and business models.
1.12. Globalization: Web3.0 naturally has the attribute of globalization, breaking geographical restrictions, allowing people to conduct cross-border transactions and cooperation more freely, promoting globalization and international cooperation, and providing opportunities for economic development in different countries and regions. Web3.0 provides a more open and transparent market mechanism, supports a more open and easy network participation mechanism, lowers the entry threshold, promotes competition and innovation, provides a broader stage for innovators, and attracts more talents and project participants.
Because of the uniqueness of Web3.0, it may involve many places where national authorities need to supervise, so it is very important to ensure the compliance of Web3.0 projects.
Web3.0 compliance issues mainly include:
2.1. Compliance with laws and regulations: Web3.0 projects should comply with the laws and regulations of the location, including but not limited to company law, data privacy law, digital asset law, etc. The compliance team should cooperate with professional legal advisors in the location to ensure that the project is legal and compliant. If the project involves cross-border business, it is necessary to consider the laws and regulations of different countries and regions to ensure that the project is legal and compliant globally.
2.2、KYC/AML compliance: Web3.0 projects should take KYC (know your customer) and AML (anti-money laundering) measures to prevent triggering illegal activities such as money laundering and terrorist financing in the local area. These measures may include real-name verification, identity verification, transaction monitoring, etc.
2.3、Data security compliance: Web3.0 projects should take measures to protect the security of user data, comply with local data protection laws and regulations, and disclose security incidents such as data leaks in a timely manner.
2.4、Privacy protection compliance: Web3.0 projects should attach importance to user data privacy protection, comply with local data privacy laws and regulations, and take measures to protect user personal data from being abused or leaked.
2.5、Technical security compliance: Smart contracts play an important role in Web3.0, so their compliance and security must be ensured. Web3.0 projects should review smart contract codes to ensure that they comply with local laws and regulations and do not contain any vulnerabilities or security risks.
2.6、Financial regulatory compliance: Web3.0 projects involving encrypted digital currency and digital asset transactions need to comply with relevant local financial regulatory laws, including but not limited to securities laws, currency laws, payment laws, etc.
2.7、Community governance compliance: The community governance mechanism of Web3.0 projects should comply with community norms and local laws and regulations to ensure the safety and stability of community operations.
2.8、Social media and advertising compliance: When Web3.0 projects promote projects on social media, they must comply with local social media policies and regulations to prevent false propaganda, rumors and other violations. When advertising, advertising regulations must be followed to ensure that the content of the advertisements is true, legal and compliant.
2.9、Audit compliance: Web3.0 projects should conduct compliance audits regularly to ensure the compliance of the projects in local laws, finance and technology, and adjust and improve compliance measures in a timely manner.
2.10、Compliance Report and Disclosure: Web3.0 projects should submit compliance reports to local regulatory authorities on a regular basis, and publicly disclose information such as project operations and financial status to ensure transparency and compliance.
If Web3.0 projects involve encrypted digital currencies, they may be subject to compliance at the regulatory level of financial projects. To achieve global compliance of Web3.0 projects, compliance must be carried out in accordance with the following principles:
First, in some special countries and regions, such as North Korea, Cuba, Iran, Syria, etc., a strict KYC review system is implemented, and no business is conducted for customers in such regions before obtaining local encrypted digital currency licenses or Web3.0 licenses.
Secondly, in all countries and regions around the world that have formally formulated relevant laws and policies on encrypted digital currencies or Web3.0, such as Australia/Canada/Estonia/Indonesia/Japan/Korea/Lithuania/Malaysia/Malta/Pala/Philippines/Poland/Singapore/Switzerland/Thailand/UAE/USA/Hong Kong, China, etc., a strict KYC review system is implemented. For customers in such regions, they must obtain a license issued by the local area that allows them to conduct encrypted digital currency or Web3.0 business before they can officially conduct business. They can directly apply for a local compliance license, or acquire a local compliance license, participate in a local compliance license, or borrow a local compliance license as a business channel, etc.
Third, in all countries and regions around the world that have not formally formulated relevant laws and policies on encrypted digital currencies or Web3.0, a strict KYC review system is implemented, and customers in such regions can conduct business normally. For example, in regions with relatively liberal laws and policies such as Cayman, BVI, and Bermuda, business licenses are normally registered with as wide a business scope as possible, including "Internet technology development and promotion", "blockchain technology development and promotion", "artificial intelligence technology development and promotion", "venture capital", "investment consulting", etc.
The specific compliance measures are as follows:
3. 1. KYC/AML and cross-border transaction compliance
The KYC (know your customer) and AML (anti-money laundering) requirements in the traditional financial system are often difficult to achieve for decentralized networks. Due to the anonymity and decentralization of the Web3.0 environment, it is difficult to effectively verify the identity of transaction participants, making it difficult to meet KYC/AML requirements, resulting in difficulties in transaction supervision. Transactions in the Web3.0 environment may be more anonymous and decentralized, but the laws of many countries and regions require identity verification and KYC/AML checks. Therefore, corresponding solutions need to be developed to meet these requirements. The global nature of Web3.0 has led to an increase in cross-border transactions, but the laws and regulations of different countries and regions vary greatly, making cross-border transaction compliance more complicated. In particular, cross-border transactions involving cryptocurrencies are often easy to become channels for money laundering and terrorist funds due to their anonymity and difficulty in tracking. Since Web3.0 is a global network, it involves many cross-border transactions and cooperation. Therefore, it is necessary to consider the laws and regulations of different countries and regions and ensure that applicable legal standards are followed in cross-border transactions. Solutions include:
Develop a decentralized identity authentication system to ensure the authenticity of the identities of transaction participants; integrate KYC/AML inspection processes into blockchain transactions to ensure that transactions comply with legal requirements; work with legal experts to ensure that transactions and contracts comply with cross-border legal requirements; and develop cross-border transaction compliance solutions to ensure legitimacy and validity between different jurisdictions.
3.2, Data Security and Privacy Protection Compliance
In the Web3.0 environment, personal data privacy protection still faces challenges. Traditional data privacy legal frameworks usually rely on centralized data management agencies, while in the decentralized Web3.0 environment, data transmission and storage are more decentralized, and the storage and transmission of personal data are more dispersed and anonymous, so it is necessary to ensure the privacy and security of data. When designing and implementing Web3.0 applications, data privacy laws and regulations must be taken into account and corresponding measures must be taken to protect user data.
Solutions include: developing encryption and privacy protection technologies to ensure the security and privacy of user data; working with data protection experts to ensure that applications comply with applicable data privacy regulations.
3.3, Technical Security Compliance
Web3.0 technology is a new Internet technology built on blockchain and cryptocurrency, which enables decentralized applications (DApp) to be created, deployed and run. Because it involves digital assets and decentralized transactions, security and compliance become critical considerations. Solutions include:
Encryption and key management: It is very important to protect private keys because private keys control users' assets on the blockchain. Use secure hardware wallets or multi-signature schemes to protect private keys. Also, make sure to use encryption when transmitting data.
Smart Contract Security: Smart contracts are a core component of Web3.0 technology, so their security must be ensured. Conduct adequate security audits and follow best practices, such as simplifying contracts as much as possible, avoiding reentry attacks, and ensuring correct permissions.
Security Education and Training: Security training and education for developers and users is critical. Make sure they understand common security threats and prevention measures, as well as what to do when they encounter security issues.
3.4, Financial Regulatory Compliance
Web3.0 platforms may involve the issuance of cryptocurrency tokens (Tokens) or decentralized finance (DeFi) transactions, which involves compliance issues under securities laws. According to the securities laws of different countries or regions, tokens that meet the definition of securities need to be registered, reported, and regulated. Compliant Web3.0 platforms should comply with the local securities laws and regulations of securities regulators to ensure that their businesses comply with relevant legal requirements.
Solutions include: applying for a compliant securities license; registering in compliance with the locality.
3.5. Community governance compliance
Web3.0 communities usually exist in the form of decentralized autonomous organizations, so it is necessary to develop appropriate governance mechanisms to ensure that the community's operations and decisions comply with laws and regulations.
Solutions include: designing a community governance model that complies with legal requirements to ensure the legality and effectiveness of community decisions; working with legal experts to review the community governance model to ensure that it complies with applicable legal standards.
3.6. Social media and advertising compliance
Due to the special nature of Web3.0, which involves cryptocurrencies and decentralized applications, some specific compliance issues need to be considered.
Solutions include:
Transparency and authenticity: Ensure full transparency in advertising and social media content, including information related to cryptocurrency projects or blockchain projects. Avoid false or misleading propaganda, including inaccurate prices, unsubstantiated claims, and exaggerated propaganda.
Risk disclosure: Appropriate risk disclosure must be included in advertising and social media promotions, especially when it comes to investment advice or financial products. Clearly communicate investment risks to users and remind them to fully investigate and understand before making an investment.
Prevent fraud and scams: Take measures to prevent fraud and scam activities from spreading on social media and advertising platforms. This may include reviewing advertising content, establishing reporting mechanisms, strengthening identity verification, etc.
3.7. Audit compliance and disclosure of compliance reports
In the field of Web3.0, audit compliance is an important part of ensuring the security and transparency of the project. Solutions include:
Smart contract audit: Smart contracts are a core component of Web3.0 technology and need to undergo rigorous audits to ensure their security and functionality. Compliance audits typically include checks on code quality, security vulnerabilities, functional consistency, and compliance. Ensure that auditors have in-depth experience in blockchain and smart contract development and strictly follow best practices and security standards.
Data privacy audit: For Web3.0 projects that involve user data processing, data privacy audits must be conducted to ensure compliance with applicable data privacy regulations. Audits include checks on data collection, storage, processing, and sharing to ensure that user data is adequately protected and handled in compliance.
Compliance reports and certifications: After completing the audit, compliance reports and certifications are usually required to prove to stakeholders that the project complies with relevant regulations and standards. The report should include audit results, problem fixes, compliance assessments, and recommended improvement measures to provide transparency and trust.
Continuous monitoring and updates: Once the audit is completed, the project team should establish a continuous monitoring mechanism and regularly update the audit content to adapt to changing regulations and security threats. This includes regular re-audits of the project to ensure that it continues to comply with the latest compliance requirements and best practices.
Compliance reporting and disclosure: After completing the compliance report, the Web3.0 project should regularly submit compliance reports to the local regulatory authorities and publicly disclose information such as the project's operations and financial status to ensure transparency and compliance.
Appendix: Countries and regions around the world that have formally formulated relevant encrypted digital currency or Web3.0 laws and policies
Countries or regions
Full name in Chinese
English abbreviation
Policies, regulations and progress
Australia
Commonwealth of Australia
Australia
Several digital currency licenses have been issued
Canada
Canada
Canada
Several Cryptocurrency Licenses Have Been Issued
People's Republic of China
China
Prohibit Cryptocurrency
Cuba
Republic of Cuba
KYC Special Countries
El Salvador
Republic of El Salvador
El Salvador
left;">The First Country in the World to Use BTC as Legal Tender
Republic of Estonia
Estonia
Several Digital Currency Licenses Have Been Issued
Indonesia
Republic of Indonesia
Indonesia
Several Cryptocurrency Licenses Have Been Issued
Iran
Iran
left;">KYC Special Countries
Ireland
Ireland
Several Cryptocurrency Licenses Have Been Issued
Japan
Several Cryptocurrency Licenses Have Been Issued
Korea
Republic of Korea
Korea, South left;">Several digital currency licenses have been issued
Lithuania
Republic of Lithuania
Lithuania
Several digital currency licenses have been issued
Malaysia
Malaysia
Several digital currency licenses have been issued
Maldives
Republic of Maldives
Maldives
Maldives left;">Malta
Republic of Malta
Malta
Several digital currency licenses have been issued
Palau
Republic of Palau
Palau
Several encrypted digital currency licenses have been issued
North Korea
Democratic People's Republic of Korea
KYC special countries
left;">Philippines
Republic of the Philippines
Philippines
Several cryptocurrency licenses have been issued
Poland
Republic of Poland
Poland
Singapore
Singapore
Singapore
Several cryptocurrency licenses have been issued
Switzerland
Swiss Confederation
Switzerland
Syria
Syrian Arab Republic
Syria
KYC Special Countries
Kingdom of Thailand
Thailand
Several Digital Currency Licenses Have Been Issued
United Arab Emirates
United Arab Emirates
United Arab Emirates
Several digital currency licenses have been issued
United States
United States
Several digital currency licenses have been issued
Venezuela
Venezuela
The world's first country to use digital currency (Petro) as its national legal tender
Hong Kong, China
style="text-align: left;">Hong Kong Special Administrative Region of China
Hong Kong
Has issued multiple digital currency licenses (new license No. 7: virtual asset exchange)
Note: This article was co-researched and co-created by ThePrimediaDAO, and the co-research and co-creation collaborators include TPDAO initiator Jerry and TPDAO builder, Digital Asset Investment Co., Ltd. (BVI) Hu Changming; friends who are interested in participating in TPDAO build can communicate with the head of the operation guild, fredo (X: @jonesenjiang).
Hong Kong has once again gathered a group of crypto professionals under the name of Web3. Amid the diverse collisions among retail investors, projects, KOLs, VC/PE and even government officials, the future of Hong Kong and crypto is also constantly unfolding.
JinseFinance"Earth From Another Sun" is a science fiction adventure game developed by Multiverse team.
JinseFinanceIndia Blockchain Week (IBW), an important series of blockchain and Web3 events in Bangalore from December 4-10, 2023
OliveTaipei Blockchain Week, scheduled for December 11-16, 2023 to be a spectacular convergence of minds, ideas, and innovations, doubling its footprint from the previous year.
OliveBlockchain Genesis, Thailand Blockchain Week 2023, held for the 6th consecutive year under the concept “Build in Bear, Rise in Bull,” to catch up with every trend in the blockchain arena, including Bitcoin, Ethereum, and more.
OliveJinseFinanceBlockchain Genesis, Thailand Blockchain Week 2023, embracing the 6th year in the concept of "Build in Bear, Rise in Bull,"
OliveHKEX Synapse is a pivotal component of the Stock Connect program, facilitating connectivity between Hong Kong and mainland China's markets.
DavinThe first day of the main stage event included a keynote presentation from Ethereum’s Vitalik Buterin, 1inch Network's Sergej Kunz, and Klaytn Foundation’s Sam Seo.
CointelegraphOn the first day of the biggest blockchain event of the year so far, CZ, Nicolas Cary, Ken Timsit and many other important personalities took to the stage to speak.
Cointelegraph