web3 and compliance
This week I am summarising recent posts and readers' comments about the principles behind a new class of regulation needed for the redesigned and fixed internet, which is web3, and some thoughts around how some of this might be done using NFTs.
An awful lot of regulation we have today comes from two problems:
1. How we can we stop money laundering and how we can we know who is doing something? This is KYC (know your customer etc) and AML (anti money laundering)
2. Protect consumers so that their data is not mis-used and they are not mis-sold something (e.g. GDPR in Europe etc.)
I think that in web3 as we now have an internet designed around users and around their ownership of data that this removes much of the pain in points 1 and 2 above.
We establish your identity by issuing you with digital ID like a driving license or passport or you earn a pseudo-anon reputation. You hold this in your wallet and every transaction you do can be linked to this identity information - either exactly who is behind every transaction or maybe metadata about that who - like “an adult.â€
I think this removes most of the pain in the financial surveillance economy we are moving into today. Every transaction has appropriate personally identifiable information with it from the very source of the transaction. Banks don’t have to do KYC anymore! Financial surveillance of you by your bank is over!
Second you own and therefore control access to your data everytime it is used, such as your health data. You (or an autonomus agent acting on your behalf) may grant anonymised access to your data for research. Maybe you grant access to an autonomus agent to run ML with your data and the only data that actually moves (that anyone else can see) is the resulting decision or analytics result. Your data never left - it never moved. Or you apply ZKP so only certain data moves with a transaction, like your age but not your name. This is an adult doing this.
So you see it is a big mistake to think we must just blindingly copy today’s regulation into tomorrow’s technology. A fixed internet means new regulation is needed.
Zones of regulation
Alan Llyod reminded me about Vitalik Buterin's post - to avoid serious security issues with cross connected chains he says "the zones of interoperability should align to zones of soverignty." As Alan says thats called jurisdictional controls over the identity of everything in the system's "zones" thats enforced under regulations.
NFTs can play a part ion this new web3 regulation, for example, I can grant access to my health record via an NFT - DNA is unique after all. There was a lot of debate about this NFT chart below that I liked from Harbor research
I mentioned that the chart is missing the business value chain when for example every item (SKU), purchase order, goods despatch, goods received, and invoice becomes an NFT. That is just supply chain, We also need issue - hold - verify for identity credentials as NFTs. It is also missing governance - who gets to be an issuer of a credential? How are disputes handled etc. So I would add two extra layers being the business value chain and the governance layer capabilities. A capability is not just technical it is also business and governance.
I think if any data is valuable it moves from web2 to web3 in order to builld large (virtual) data sets for AI/ML where ownership and control of data stays with the owner using say Ocean or Fetch. (I would add Fetch.AI right next to Ocean). Without these other business and governance capabilities, NFTs will never become mainstream.
Evangelos Pappas asked of this chart "where's your user? In web3, the identity is in the centre and in the driving seat." So really we need to redraw this chart working back from user and add in governance and business process. Tamas Mihalyi pointed out that whether something is fungible - so you use utility tokens - or if its is non fungible - so you use an NFT - is not always straight forward. For example I could make the Mona Lisa in to a utility token by fractionalising ownership across hundreds, thousands or even millions of tokens. We should ask if we could use a utility token in this grey area instead of an NFT.
In the Token economy to come we need to regulate -
- Free and open trade between sovereign identities
- Trading anything for anything
- Where value is exchanged simultaneously with ownership
- Where value & ownership is defined digitally on-chain
- Where liquidity is created autonomously by code
- Where value realised is aligned to value creation by design of fair incentives to collaborate & share data
- Within zones of sovereignty
Where we need to ensure 3 certainties for users
- Of who I am dealing with (by verifying credentials issued by trusted authorities and held in wallets)
- Of what i am buying as provenance of who has owned what and who has done what is on-chain
- Of payment - if I do this - I will get paid
Governance & regulation of all the above is the true challenge ahead so that -
- Taxes to society are paid
- Confidence in the code to perform as advertised
- Recovery of ownership of assets on loss of keys
- Assets can interoperate x-chains
- Privacy of who can see what
- No-one is left behind - inclusion for all
Etc.
Chief Solutions Architect, Public Sector at TrustGrid | Sky Web Team Practice Lead | LFDT and INATBA
2 å¹´Well balanced view of Web 3 actors, goals, responsibilities, operating model, governance, value delivered. Thanks
?? Web3 consulting & engineering + 60 dirigeants accompagnés ??
2 年Cédric Nicolas
With a deep-rooted focus on maximizing revenue and engagement in football, I drive growth and innovation across all key pillars: engagement, technology, revenue, and staffing.
2 å¹´Great aricle Andy! Indeed a lot of potential with tokenization models. Logging in with a general KYC-ed account instead of creating single accounts at everywhere company will save a lot of time and will benefit both user and company. To one thing I'm stuggling with is privacy. How to avoid spam-tokens getting in to your publicly open adress? Shall a simple dashboard with linked companies be the answer? One where you can easily press the toggle to stop sharing data, unsubscribe or change communication preferences per individual company? Curious how it will evolve :)
Vice President Business (International) at e& (Etisalat)
2 年Great thoughts Andy! Fully agree with ‘zones of interoperability should align to zones of soverignity’. Yet the question remains, how can web3.0 and NFT eco system truly avoid a super regulator or in other words an ‘Authenticator of the authenticated’ (for example the central banks)? More food for thought I guess …