In this article, Sadia discusses web3 technology and the various legal considerations that must be considered by regulators.

What is Web3?

In 2014, Gavin Wood, co-founder of the Ethereum network, coined the term “Web3”.  Web3 has often been described as the next phase of the internet.  Gavin Wood defines it as a “decentralized online ecosystem based on blockchain.”[1] The internet or “the web” as we know it, has evolved over the years, and today, web3 is seen as the answer to the internet being monopolised by large technology companies.  This article explains the concept of web3 and identifies some of the legal considerations that may need to be taken into account when exploring this new technology.

The early internet (known as web 1.0  used during 1990 to 2004) was developed with decentralisation in mind, to create an information sharing network that people can access anywhere in the world and at any time.  Websites were owned by few companies and there was minimal interaction and socialisation between users.  This is known as the “read-only” web.[2]

Web 2.0 is the internet we use  today, where users can share content, interact with others and participate in various ways.  As opposed to “read-only” it is now “read-write”.  Users are able to engage on social media platforms and make online purchases.  However, this model is highly centralised, as large tech companies collect and use users’ data which can be a security risk and carry privacy rights implications.  Furthermore, users can be banned from widely used platforms, and there is no real oversight in how users’ data are exploited.  On most platforms, users are also bombarded with tailored and personalised advertisements to generate revenue.

Web3 is quite different to web 2.0.  Web3 aims to create a decentralised platform for users where every individual is in control of the data they create.  The user has power over their data and is the only person that decides how and with whom to share it to.  This is known as the “read-write-own” model.  In such a situation, large companies do not have access to your data unless you consent to it.  The technology that powers web3 is blockchain technology.   For example, with web 2.0, websites and online services are hosted on servers that are rented or owned by large organisations, and these organisations have complete control over the servers.  You can think of this as where the website “lives”.  However, with web3, and because of its decentralised nature, it is possible for a website or an app to “live” on many different servers, each one being independently operated so that no single organisation owns or operates it.  This technology eliminates the need for intermediaries, third parties and centralised authorities because the blockchain facilitates decentralisation.  This means that it can eliminate fees and other rules that service providers may charge for use of their services. Practically, this also means that users will no longer require usernames and passwords to access content on the web, and there is no central authority that could lock them out or limit access to the site.  

Web3 further has the potential to be more secure and privacy-protective than web 2.0.  Blockchain technology utilises cryptography to ensure that transactions that take place over its network is secure.  Cryptography  is a method where sets of transactions are grouped in a block, and each transaction produces a unique output with a unique transaction ID.  This ID can be used to verify the validity of any block (transaction).  If there is an attempt to alter the block’s data, the ID would also be altered, and users would pick up this activity and reject the entire block. The use of this technology enforces the principles of data confidentiality and integrity. 

Some legal considerations concerning Web3 and blockchain technology

Web3, blockchain technology, and cryptocurrencies are grey regulatory areas in many jurisdictions, since it is relatively new technology.  Regulators around the world are still considering issues of jurisdiction, virtual governance (in decentralised autonomous organisations), intellectual property (in non-fungible tokens i.e., NFTs and other virtual assets), data privacy, ownership and infringement.  Therefore, it is important for lawyers and regulators to understand the nature of web3 technologies and its implications. 


The issue of jurisdiction is an important legal consideration because blockchain is essentially a decentralised ledger that can span multiple jurisdictions across the world.  Practically, this means that every transaction potentially falls within each and every jurisdiction in which a node of the network is situated.  Therefore, an overwhelming number of legislations may apply to the blockchain network, and each transaction would have to comply with all the applicable laws.  This is one of the major issues that will need to be determined, especially considering fraudulent transactions that may take place on the blockchain.

Virtual Governance

A key question is who should be held accountable for these decentralised systems? Decentralised Autonomous Organisations (“DAOs”) are autonomous organisations that are run by rules that are coded on the blockchain. They are run by very little human interference and usually utilise smart contracts to execute transactions. The emergence of DAOs has raised other ancillary issues such as the legal status of DAOs, whether they are traditional companies, responsibilities for the violations of laws, and who should be held liable in these instances.

Data Privacy

A key characteristic of the blockchain network is its immutability.  Whilst this has many benefits, laws such as the General Data Protection Regulation (“GDPR”) and the Protection of Personal Information Act (“POPIA”) provides for rights of the data subject to be able to alter, correct or delete their information.  Organisations may encounter issues in providing for data subjects the ability to exercise their rights when using the blockchain for transactions.

Another issue relating to data privacy is “pseudonymity” or “anonymity”.  Blockchains may records large amounts of personal data, and although some of them preserves anonymity and privacy, not all of them will hold up to the provisions of GDPR or POPIA requiring anonymity.  There are methods that can be used to link individuals to public keys by analysing blockchain transactions to identify them. 


New technologies and new ways of doing business over the internet requires legal professionals who can understand and adapt to the complicated landscape.  Innovators in the tech space will require legal advice and assistance as more users get involved.  This undoubtedly means legal experts who can advise on the creation of legal frameworks and the rights and obligations of parties’ to protect their interest.

It is evident from the above that there are many legal considerations and challenges concerning web3 and blockchain technology that will need to be cleared up by regulators. However, we have witnessed these challenges before, during adoption of the internet, smart phones, and e-commerce.  Regulators will need to identify the risks and legal challenges and adopt adequate and protective measures to manage these new risks.

Contact us for more good, clear, precise advice.

[1] https://www.wired.com/story/web3-gavin-wood-interview/.

[2] https://www.practicalecommerce.com/Basic-Definitions-Web-1-0-Web-2-0-Web-3-0.

Filter By

Must Reads

Subscribe to receive our latest articles

Follow Us

Related Posts

Imitation is the greatest form of flattery, but we don’t think so in this case.

We are aware of the phishing email that has been circulated to many people. Although we are not the firm mentioned in the phishing email you may have received, we’ve received several calls because of the similarity to our firm name so, unless you’d like to have a chat about other technology law matters, please don’t call us as we won’t be able to help. 

We know the firm in the phishing email is a genuine law firm, based in Cape Town, and we’ve alerted them to what is likely an impersonation scam.

If you’d like to learn more about phishing, click on the following link (we promise this is a legitimate link ) to watch this entertaining video we did eight years ago.