In a prior post we unpacked the idea that offshore foundations make systems decentralized. In this piece, we take the next step and look beyond structure to the quieter question of control. In Web3, ownership gets most of the attention. Think, Token distributions, vesting schedules, and supply caps , which are debated endlessly and often framed as the primary indicators of decentralization. But from a legal and governance perspective, ownership is frequently the wrong place to look. The more consequential question isn’t who owns what, but who controls.
Across DAOs, foundations, and development companies, legal risk tends to flow not from equity or token concentration alone, but from the mechanisms that allow individuals and coordinated groups to steer outcomes. Control can exist without ownership and when it does, it carries real consequences.
The Disconnect
Traditional corporate law assumes a close relationship between ownership and control. In. this framework shareholders elect directors, directors oversee management, and authority flows through clearly defined channels. Decentralized systems disrupt this alignment.
In many blockchain ecosystems, token ownership may be widely dispersed while operational authority can remain tightly held. Upgrade keys, emergency powers, parameter controls, and governance vetoes often sit with a small group; this is sometimes intentionally, and sometimes by inertia.
From the outside, the system appears decentralized. Internally, however, decision-making may still funnel through a narrow set of actors. This disconnect is where risk accumulates.
Where Control Actually Lives
Control in decentralized systems rarely announces itself plainly. It tends to emerge through design choices that feel technical rather than legal, including:
- Upgrade authority that allows a small group to modify protocol logic,
- Emergency pause or shutdown rights exercisable without broad governance approval
- Parameter controls that meaningfully influence economic outcomes,
- Governance thresholds that make community votes advisory rather than determinative, and
- Various informal coordination channels that effectively decide outcomes before votes occur.
None of these mechanisms require ownership, yet each can confer decisive influence over how a system operates, evolves, or responds to stress. From a legal standpoint, these forms of influence matter. Regulators, courts, and counterparties tend to look past labels and examine where discretion actually sits.
Why Disclaimers Don’t Neutralize Control
Many projects attempt to manage this risk through language: disclaimers that governance bodies are “non-binding,” foundations that claim to act “at the direction of the community,” or development entities that describe themselves as “purely technical.” But while these disclaimers may shape expectations, they do not eliminate factual control.
When a small group can unilaterally alter functionality, direct outcomes, or prevent certain actions from occurring, that group may still be viewed as exercising control, regardless of how the arrangement is described. In legal analysis, substance tends to prevail over form here.
Control as a Governance Design Problem
Note that this isn’t a moral critique. Early-stage systems often require tighter control to function, iterate, and secure their assets. The problem arises when control mechanisms persist without being acknowledged, governed, or intentionally unwound.
Unexamined control is more problematic than explicit, time-bound authority. When governance design fails to account for how control will shift, or whether it will shift at all, systems can drift into a state where decentralization is assumed rather than truly demonstrated. This creates uncertainty not just for regulators, but for communities, contributors, and service providers who rely on predictable governance.
Why Control Analysis Is Becoming Central
As decentralized ecosystems mature, external scrutiny increasingly focuses on who can say “no,” who can intervene, and who ultimately decides when things go wrong. Control analysis is becoming a central lens through which decentralization is evaluated—not just in theory, but in practice. This doesn’t mean decentralization has to be absolute, but it does mean that control should be intentional, transparent, and aligned with how the system presents itself to the world.
If Part I challenged the idea that legal structure alone can confer decentralization, Part II surfaces the harder truth: decentralization cannot be claimed if control remains concentrated, even when ownership is not.
In decentralized systems, authority often hides in plain sight. Identifying it and designing around it is one of the most important governance tasks a DAO can undertake. In Web3, decentralization isn’t measured by who holds the tokens, it’s measured by who holds the levers.
