A regulatory game of ‘Red Light, Green Light’

Regulators across countries worldwide are facing a crossroads when it comes to  cryptocurrency, tokens and Decentralised Autonomous Organisations (DAOs). Generally,  such decentralised ecosystems struggle to fit within legal frameworks and clearly defined  lines. To boot, the constant changing and evolving nature of the crypto ecosystem makes  regulating these technologies increasingly difficult. Additionally, these digital assets often  have no directly accountable legal entity. This can be problematic because they can be used  to facilitate criminal activity, such as the purchase of illicit items, as well as money  laundering. For this reason, countries have taken different measures and stances to attempt  to regulate this activity.

And to put this into a very current analogy, it is a bit like a game of ‘Red Light, Green  Light’ from the latest Netflix craze, Squid Game, which has attracted over 142 million  viewers from 94 countries making it the most watched Netflix original production. Okay, not  quite! But hear me out. Without giving away any spoilers, in this game the players have to  carefully approach the Doll (in the image below). When the Doll says “Green Light” the  players move towards the finish line, but stay perfectly still when the Doll says “Red Light”,  or else face elimination. 

“Red light. Green light. Player 027 Eliminated.” 

Source: cheqd.io (courtesy of Netflix) 


Before the inception of the internet, regulation was much simpler. It stood that if you were  on the land of a country, you were bound by the laws of that country. Then the internet  came along and made everything a little bit more complex, with cyberlibertarianism  declaring the internet independent from regulatory clutches. The Dark Web, for example, is  a good example of this in practice. It is the internet in its rawest form, detached from  indexing services like Google which, unfortunately, has made it into a playground for  cybercriminals. Cryptocurrencies and tokens have, to a large degree, enjoyed similar  lawlessness of existing outside of national borders. 

Elon Musk wrote a tweet last year lampooning various concepts. Firstly, it is a direct  reference to the 1984 sci-fi film, Dune, but secondly, it is an indirect reference to many  articles that have come out since then (Dune referring to gating access to services such as  the internet and net neutrality). The suggestion in these articles was that you cannot  regulate the internet directly, but if you control the pipes and the access to the internet,  you can regulate who uses it. Musk, of course, parodies this idea, instead suggesting that  the control of the crypto universe is based on the communities (and memes) that thrive in the background, rather than through the control of a centralised state or system. This tweet, referencing the capacity of the state to control crypto assets is at the heart of the  regulatory game of Red Light, Green Light. 

Red Light 

To deal with the lawlessness of new digital assets such as coins and tokens on decentralised  networks, countries can either decide to try and regulate them or simply prevent access to  them. 

Blanket ban 

The idea of technology functioning outside of a country’s jurisdiction and legal framework is  a difficult pill to swallow. Furthermore, the oversaturation of different types of coin, token  and stablecoin makes keeping up, from a regulatory perspective, a huge challenge. As such,  in 2013, China banned its banks and financial services from making transactions using  Bitcoin, and in January 2018, China’s leading internet-finance regulator issued a  notice requiring Bitcoin-mining companies to ‘orderly’ stop their business. Recently in  2021, China has made all cryptocurrency transactions illegal. This method of giving crypto a  full Red Light is effective to a certain extent, in the sense it removes the problem rather  than dealing with it, although it does not make any inroads into progressing cryptocurrency.  Moreover, it pushes cryptocurrency into being used in a black-market, beyond the visibility  of the State – which is not a desirable outcome either. 

Target Law on middlemen 

In 2017, the European Parliament amended the fourth Anti-Money Laundering Directive to  incorporate Virtual Currency Provisions. Article 32a of the Directive was amended to ensure  that ‘Member States put automated centralised mechanisms in place […] which allow for the  timely identification of any natural or legal persons holding or controlling payment accounts,  

and bank accounts held by a credit institution within their territory’. The objective of the  amendment was to ensure that money laundering could not occur through  exchanges or custodian wallet providers, making these third-party sites accountable for the  persons in their user-base. Similarly, the UK has recently implemented a new rule known as  the ‘Travel Rule’ which requires that any virtual-asset transfer of above £1,000 must be  accompanied by detailed personal information of both the originator and beneficiary. Currently, this would be achieved through an exchange or custodian doing KYC  on its users and making this information available. Again, this type of regulation has worked  to a certain extent. However, given the inconsistency of regulation amongst countries, users  can simply hold and exchange their coins and tokens through services in countries where it  is allowed, or use a decentralised exchange (DEX) which does not rely on a centralised  middleman but facilitates peer-to-peer transactions. In this way, the regulation only has a limited effect. 

Target Law on tokens 

Most countries around the world have Securities Laws which digital assets, such as crypto, may fall under. The strength of the Securities Law and the nuances in the detail determine  whether an exchange token will be able to be launched, exchanged and stored in that  jurisdiction. The USA, for example, has a strong Securities Law, based on many years of legal  precedent – notably the famous Howey Test. This does have a degree of effect on regulating tokens, since the SEC has not been shy in cracking down on creators of tokens that  constitute securities, based in the USA. 

However, Securities Law differs vastly around the world. So a token constituting a Security  in the US does not mean that it will constitute Security in other jurisdictions and vice versa. This means that tokens which are prevented from being held in one country can quite easily  be held, and given a green light in another, diluting the strength of global regulation on  cryptocurrency. 

Green Light 

Owing to the success and resilience of digital assets (such as cryptocurrency and tokens) and  their non-reliance on banks or centralised bodies, some countries have given the Green  Light to digital assets within a certain scope. For example, recently El Salvador made Bitcoin  legal tender meaning that it can be freely traded without the regulatory hurdles to navigate.  The only regulation in place here is that service providers, such as exchanges and  custodians, need to onboard onto a Service Providers Register. This low barrier to entry  enables not only citizens of El Salvador to access these services but persons from other  countries can also benefit from the lack of regulatory barriers – and store or trade their  assets through an exchange or custodian based in El Salvador. 

Red Light, Green Light 

A combination of the rigidity of existing law, the inconsistency of law across multiple  countries and the rapid evolution of new tokens and coins makes regulatory clarity around  digital assets problematic for regulators worldwide. Gating access and putting up a ‘Red  Light’ is largely ineffective at preventing the use of crypto at scale, when exchanges and  custodians can exist in ‘Green Light’ countries. For this reason, digital assets can, due to  their decentralised structure, function outside of regulatory frameworks – and a different  approach to regulating them is needed. 

A different approach 

There is a fundamental misalignment between the will to regulate digital assets and crypto  and the practicalities of regulating digital assets and crypto. For this reason, countries need  to look beyond the law to regulate – and take proactive steps – to encourage safer, more  trustworthy systems which are regulated by the network architecture itself. What if the  parties in the transaction itself had verified digital identities, and could share verified proof  that they were a verified, actual person? And this was done in a privacy-preserving manner. Upon entering a transaction, the originator could create a direct channel with the  beneficiary, sharing a Verifiable Credential, entirely off-ledger, to maintain privacy. Below  £1000 this could just be proof of being an actual, verified person, and above £1000 this  could be an actual exchange of personal information. Such an architectural shift would  enable greater compliance with new regulations, enabling trusted transactions by default. It  would also disincentivise criminals from using the token for illicit activities because there  would be a much higher risk when transacting alongside a verified identity. 

Bridging cryptocurrency and tokens with digital identity (something that cheqd is working  on) opens up a range of new options to achieve trust, transparency and regulatory  compliance in transactions. This not only makes crypto and tokens safer but also more commercially viable for real-world use cases and transactions in regulated industries, such  as financial services. This can potentially create a world in which most countries do not have  to pick Red Light or Green Light, but can find a strong middle ground.