The feds are coming for the metaverse — from Axie Infinity to Bored Apes – NFTs in the metaverse should generally be considered securities, but developers have been slow to recognize that fact. Expect a regulatory reckoning to come swiftly for Axie Infinity, Bored Apes, and other projects that have thrown caution to the wind.
Related: Crypto and decentralization could influence voters in 2022 US midterm elections
The metaverse is a futuristic iteration of the internet, featuring a digital economy and an immersive virtual environment alongside other interactive features. This relatively nascent space has gained so much traction in recent years that conservative estimates suggest that by 2024, its total valuation could top $800 billion. Meta (the parent body behind Facebook and Instagram), Google, Microsoft, Nvidia, Nike and others have made Fortune-100-sized metaverse splashes.
But with great valuations comes great scrutiny from increasingly tech-savvy financial regulators. Unlike traditional tech products, which often spend years putting growth over revenue, some metaverse projects push questionable monetization schemes on their users prior to launching a live experience. Metaverse real estate is a prime example of this practice, with platforms like Big Time games selling land in their metaverse before opening up access to the game.
Typically, the United States Securities and Exchange Commission doesn’t step in unless retail investors face predatory courting of their dollars without full disclosure of what they are investing in. The line for what classifies as a security is often blurry — but in the case of the metaverse, the practice of land sales should generally be considered a security under U.S. law.
GameFi platforms like Axie Infinity demonstrate the speed at which metaverse projects can birth multi-billion-dollar economies. Their sheer scale necessitates internal controls and monetary policies similar to multinational banks or even small countries. They should be required to staff compliance officers who coordinate with government regulators and even conduct Know Your Customer for large transactions.
The metaverse is intrinsically linked with financialization. While no bodily harm can be inflicted in the metaverse (yet), a lot of financial harm has already been caused. The company behind the Bored Apes Yacht Club nonfungible tokens (NFTs) saw a hack this year after a community manager’s Discord was compromised. Hackers walked away with NFTs worth 200 Ether (ETH).
A swath of Wall Street banks was recently fined $1.8 billion for using “banned” messaging apps. Metaverse projects like Yuga Labs should face similar proactive fines for not implementing secure monetary and technical controls.
A key first step for any metaverse project will be to classify what type of asset(s) they are issuing. For example, is it a security? A utility token? Or something else? This might seem like a daunting task, but the groundwork has already been laid by the initial coin offering era in 2017, and further efforts should be undertaken by regulators and protocols to provide clarity and protect consumers.
After the classification process is complete, the next step will be to develop a regulatory framework that can be applied to the metaverse. This will likely include rules and regulations around things like securities offerings, Anti-Money Laundering and consumer protection.
It’s crucial to strike the right balance. Too much regulation could stifle innovation and adoption, but too little could lead to widespread abuse. It will be up to policymakers to work with founders to find that sweet spot.
Despite concerns, the metaverse brings together a suite of emerging technologies: virtual reality (VR), augmented reality (AR) and NFTs. They all come together to drive the space forward with increasing momentum in the near-to-mid term.
Risks associated with operating in the metaverse
Cybercriminals are continually discovering new tactics to exploit users of the metaverse — i.e., through hacking schemes or identity theft. Because AR and VR wearables associated with these ecosystems generate massive volumes of personal data — including biometric info from eye-tracking and body-tracking technology — the metaverse is a tantalizing playground for bad actors.
Outside of financial theft, privacy concerns abound as three-dimensional data sets will reveal increasingly sensitive personal information. The General Data Protection Regulation in Europe and the California Consumer Protection Act are comprehensive pieces of privacy legislation that have forced tech platforms to hire data protection officers and data privacy compliance officers. Metaverse platforms will need to fill similar roles and could face even greater regulatory scrutiny, given the sensitivity of the data they might collect.
As the demand for the metaverse continues to spike, so will the need for better internet services since the former requires a lot of bandwidth (estimated to be several orders of magnitude from internet traffic levels today). As a result, it is quite possible that many telecom networks and their existing data dissemination infrastructures may become overloaded.
One way to solve this issue is by investing in 5G technology and building out a stronger infrastructure. But this takes time, money and resources. The other solution is to develop more efficient data compression algorithms that can help reduce the amount of bandwidth required to transmit data within the metaverse.
Lastly, aside from all the technical risks, an aspect of the metaverse to consider is the negative impact it can potentially have on one’s mental health. Since the ecosystem is unencumbered by criminal law, there can be no path of recourse when users are faced with online abuse (such as racism).
Challenges to regulation
Because any network operator, firm or business, on paper, can exist outside of a proposed regulatory framework if they chose to do so — any given country’s efforts at regulation will have limited impact.
This is perfectly illustrated by the fact that many of the social media platforms we use today, including Twitter and Facebook, are not based in the U.S., but instead, operate from countries like Ireland and Singapore, where data protection laws are much more relaxed.
The same logic applies to the metaverse. Even if a country were to pass a law attempting to regulate this space, it is doubtful that all businesses would agree to abide by it.
Therefore, unless every participant of the metaverse aligns and agrees with the vision of setting up a uniform code of governance, there is no way of stopping a third-party entity (such as an offshore investment firm) from creating its own unregulated pocket within the metaverse, which users of other digital ecosystems can then access without any apparent restrictions.
Looking ahead toward a decentralized future
The metaverse is all set to reshape our lives whether we like it or not. Ultimately, the “move fast and break things” ethos of technology development is alive and well, and history has shown that founders move much faster than regulators can keep up with. But it will be crucial for regulators to step up and take proactive steps to allow for innovation to flourish without causing catastrophic financial damage to retail investors. After all, the choices we make today will determine how this technology will shape our tomorrow.
Huy Nguyen is the co-founder of KardiaChain, Southeast Asia’s first interoperable blockchain infrastructure. Since May 2022, he has served as the vice president of the Vietnam Blockchain Association, the official government body to push for mass adoption in Vietnam. He previously served as a senior tech lead manager at Google and holds more than 10 years of experience building large-scale distributed infrastructures, including the Google Access Wireless Platform and Google Fiber Network Infrastructure.