Written by: Daniel Barabander, Deputy General Counsel of Variant Fund
Compiled by: Saoirse, Foresight News
Founders in the crypto space know that 'control' has significant legal risks. While I am pleased to see that everyone is finally recognizing the importance of 'control' (there has indeed been considerable progress in recent years), I also notice that there is some confusion about how to reasonably view 'control.' Founders generally seem to think 'control = minefield,' but they are not very clear on how to analyze the underlying logic.
I believe a more accurate understanding is that control is essentially a spectrum concept. If you want to clarify your position on this spectrum, you need to ask yourself two core questions:
Who exercises control?
What is the scope of control?
Regarding 'who exercises control'
The core variable is the degree of decentralization, and the spectrum is as follows (control from strong to weak):
Single entity control → Internal multi-signature control → Independent multi-party multi-signature control → Decentralized Autonomous Organization (DAO) control → Completely immutable
Regarding 'the scope of control'
The core variable is the boundary of authority, and the spectrum is as follows (control from strong to weak):
Complete upgrade rights → Complete upgrade rights with time lock → Specific external dependency upgrade rights (e.g., changing oracles) → Pause function rights → Completely immutable
After clarifying the positioning of these two dimensions on the spectrum, it can be applied to the target legal system. I firmly believe that control analysis applies to almost all legal fields. The core logic of legal accountability usually revolves around 'who has control over what.'
Taking the example of the legal definition of money transmission: I previously proposed that unilateral control over user funds is a necessary condition for determining whether an entity qualifies as a money transmitter (although the ruling in the Tornado Cash case holds a different view, I have elaborated my objections to this legal interpretation in related papers). In defining 'unilateral control,' it is necessary to consider: (1) the degree of decentralization; (2) the boundaries of authority.
Scenario A: A single administrator holds the key but can only pause the protocol in emergencies;
Scenario B: A truly decentralized DAO has complete upgrade control.
Neither of these scenarios constitutes unilateral control by insiders; therefore, legally, it can be argued that the related projects do not constitute money transmitters.
This control analysis can also extend to other legal fields. Taking the Howey test in securities law as an example, the core of the 'efforts of others' requirement is essentially to determine whether there is a manager with control, and the technical control hierarchy of the protocol is an important basis for this determination.
As for how to position oneself on the control spectrum, it requires careful decision-making in conjunction with specific legal systems and legal advisors. However, from a macro perspective: control brings convenience from a business perspective but entails costs from a risk perspective. The key is to ensure the balance of cost-benefit analysis and clarify the core purpose of retaining control. For example, if the main demand for retaining control is to respond to emergencies, the 'control cost' (in terms of legal liability) of merely retaining the pause function will be significantly lower than that of complete upgrade rights. It is essential to accurately identify the truly indispensable control needs in the business and match them with the corresponding level of control.