In the last four pieces of this series, we explored why decentralization can’t be measured solely by legal structure, ownership, governance, or even code. We unpacked why foundations don’t automatically create decentralization, why ownership and control aren’t the same thing, why governance doesn’t always translate into authority, and why even the most decentralized code still depends on people to operate it.
This time, we turn to a different question; one that tends to surface only when something goes wrong. Because having rules is one thing. Enforcing them is another.
If you’ve ever played a sport, you already understand this concept. Every game has rules. Some are written, some are understood, some are so fundamental that nobody even bothers to talk about them. Yet, regardless of how well-crafted the rulebook may be, one question inevitably arises: What happens when someone breaks the rules?
More importantly: Who has the authority to do something about it? Oddly enough, this is one of the most overlooked questions in decentralized governance. Spend enough time around DAOs and you’ll find no shortage of rules. Constitutions. Governance frameworks. Codes of conduct. Conflict-of-interest policies. Treasury guidelines. Security council mandates. Community principles. The list goes on and on. The ecosystem has become remarkably good at creating governance documents. Whether it has become equally good at enforcing them is a different conversation.
A rule, standing alone, doesn’t create accountability. A rule creates accountability only when there is a mechanism capable of enforcing it. That distinction sounds obvious, yet it’s frequently overlooked. Most governance frameworks are built around expectations where participants are expected to disclose conflicts, council members are expected to act in the best interests of the protocol, contributors are expected to follow governance processes, operators are expected to respect the outcome of governance votes (and so on and so forth). And in most cases, they do.
The overwhelming majority of participants across the ecosystem are acting in good faith and trying to improve the systems they help build, but governance systems aren’t tested when everyone behaves. They’re tested when someone doesn’t. The true measure of accountability isn’t whether participants understand the rules, it is whether meaningful consequences exist when those rules are ignored.
There’s a significant difference between: “This should not happen” and “This cannot happen without consequences.” But decentralized systems often blur that line and this is where an accountability gap can emerge. A protocol may have governance rules, operational standards, disclosure requirements, security procedures, and decision-making frameworks that appear comprehensive on paper. But when those obligations are violated, it may be surprisingly difficult to identify who has standing to challenge the conduct, who has authority to investigate it, who can remove the offending actor, or who can compel compliance moving forward.
In traditional corporate environments, the answers are usually easier to identify. Shareholders can bring claims. Boards can remove officers. Counterparties can enforce contracts. Regulators can investigate misconduct. Whether those mechanisms always work is a completely separate question, but they generally exist. In decentralized systems, accountability pathways are often less obvious. Sometimes they’re fragmented, sometimes they’re intentionally limited, other times they simply haven’t been fully developed yet. The result is that a protocol may have extensive governance rules while lacking clear mechanisms to enforce them.
That doesn’t make governance meaningless; far from it. Governance creates expectations, enforcement creates accountability, and the two often work together, but they’re not the same thing.
Who Can Actually Say No?
Throughout this series, we’ve repeatedly returned to variations of the same question. Who controls? Who decides? Who executes? And accountability introduces another: Who can actually say no? Who can stop a conflicted decision? Who can challenge an abuse of authority? Who can remove a participant who violates established obligations? Who can force compliance when governance requirements are ignored?
As lawyers, we’re trained to ask these questions because they tend to reveal where power truly resides, and in decentralized systems, the answers aren’t always so obvious. That’s not necessarily a flaw. Decentralized governance is still evolving and the industry is actively experimenting with different accountability models, enforcement structures, and governance frameworks.
But the question does highlight an important reality: the existence of rules tells us far less than the existence of mechanisms capable of enforcing them.
There’s a common misconception that accountability somehow conflicts with decentralization. In reality, mature decentralized systems require both. The objective isn’t to recreate traditional corporate governance, nor is it to eliminate every form of authority. The objective is actually to ensure that authority, wherever it exists, is paired with meaningful accountability. This is because power without accountability creates risk, accountability without enforceability creates theater, and neither creates durable governance.
The Bigger Picture
The first article in this series challenged the idea that decentralization could be achieved through legal structure alone. The second challenged ownership. The third challenged governance. The fourth challenged operational assumptions.
This fifth piece challenges something even more fundamental: The belief that having rules is enough. Because in any system, whether centralized or decentralized, the strength of the rules ultimately depends on the mechanisms that support them. Without accountability, governance becomes aspiration. Without enforceability, obligations become suggestions. And without meaningful checks on power, decentralization risks becoming another word for trust. The question isn’t whether decentralized systems need rules. The question is whether anyone is capable of enforcing them when it matters most
