Can projects going overseas avoid Chinese law? Web3's compliance misunderstandings cannot be ignored

Since the ten ministries and commissions issued the "924 Notice" in 2021, many Web3 project parties have expressed their willingness to "actively respond to Chinese supervision and stop services in mainland China" and move the main body of the project overseas. However, as we all know, there are still many crypto companies that continue to provide services to mainland users.

At the same time, many developers are considering transitioning from Web2 projects to Web3. Compared with practitioners who have been deeply involved in Web3 for many years, technical personnel who intend to enter the game often pay more attention to the legality of the project, hoping to decide whether to actually enter the game on the basis of clarifying the legal boundaries and effectively controlling risks.

Whether it is a Web3 technician who has already entered the game, or an engineer and development manager who is planning to transition from Web2, they will encounter a common problem when the project starts from 0 to 1: where should the project be located?

Considering that mainland China has always maintained high-pressure supervision on Web3, especially innovative projects with financial attributes, many entrepreneurial teams tend to "export projects overseas" - the registration place is chosen overseas, and the technical team is distributed in Hong Kong, Singapore, Southeast Asia and other places.

In the eyes of the technical founders or technical leaders of Web3 projects, this "overseas registration + remote deployment" method seems to have a natural "compliance" advantage - if the project is not implemented in China, it is naturally not within the legal red line of China.

But the reality is far more complicated than imagined. Based on the experience of Shao Shiwei's lawyer team in representing many criminal cases in recent years, what we see is that even if the project structure is overseas, as long as it touches the bottom line of Chinese law, there is still a high risk of being held accountable.

Therefore, this article hopes to help technical decision makers in Web3 entrepreneurial teams understand a core question: Why can "projects overseas" also trigger Chinese legal risks?

(Note: Given that many Web3 startup teams are led by technical personnel, this article is specifically aimed at project founders, CTOs, and core developers with technical backgrounds)

1 Why do most Web3 projects choose to go overseas? Survival logic under the regulatory background

For most entrepreneurs, the most important demand in the early stage is to "survive first." Compliance seems important, but in the early stages when resources are tight and the pace is tight, it is often ranked behind priority.

However, entrepreneurs with long-term plans will pay attention to regulatory policies earlier, understand legal boundaries, and judge what can and cannot be done, so as to decide how the project should be built and where it should be landed.

Otherwise, the consequences of stepping on thunder may be very serious. We once encountered a Web3 project that took only 13 days from birth to death, which is a typical negative case under a high-pressure regulatory environment.

So, what are the key regulatory documents on Web3 in China that project technical leaders must focus on? Although there are many relevant policies, if we only start from the perspective of criminal risk prevention and control, we can focus on the following two:

• The Announcement on Preventing the Risks of Token Issuance and Financing ("94 Announcement") issued in 2017

• The Notice on Further Preventing and Dealing with the Risks of Virtual Currency Trading Speculation ("924 Notice") issued in 2021

The core spirit of these two policy documents is: prohibiting initial coin offerings (ICOs) and clearly identifying virtual currency-related businesses as illegal financial activities.

Especially the 924 Notice, which is directly called the "strongest regulatory document" by the industry. It not only explicitly states that virtual currency trading activities are illegal, but also clearly states that "overseas virtual currency trading platforms engaged in related businesses are not allowed to provide services to residents in China."

Because of this, most Web3 projects choose to "go overseas" to avoid risks.

But the question is: if the project really goes overseas, is it really safe?

2 Can going overseas circumvent Chinese laws? Analysis of common misunderstandings of technical leaders

Many project parties actively consult lawyers at the start-up stage: In which country should the company be registered? Should I choose Cayman, BVI, or Singapore? Build a foundation or a parent-subsidiary structure? These questions seem to be company strategies, but in fact there is often a core assumption behind them - that "registering overseas can circumvent Chinese laws."

However, based on our team’s experience in representing multiple criminal cases, we must clearly point out that although offshore structures do play a role in commercial risk isolation, tax optimization, and capital operation, they cannot constitute an exemption shield from Chinese law at the level of criminal liability.

In other words, the function of offshore structures is “commercial isolation” rather than “criminal protection”. Its main benefits are:

• Avoiding securities law constraints from regulatory authorities in the United States and other places;

• Avoiding double taxation and optimizing global tax arrangements;

• Achieving convenience at the capital level such as option incentives and financing structure design;

• Separating accounts and responsibilities from entities within China.

However, if the project itself involves acts expressly prohibited by Chinese law, such as illegal operations, opening casinos, money laundering, pyramid schemes, etc., even if the company is located abroad, according to the principle of "territorial jurisdiction" or "personal jurisdiction" in my country's criminal law, Chinese judicial authorities still have the right to pursue responsibility.

As for whether it will really be held accountable, this is a "probabilistic risk".

Therefore, when our team lawyers provide structural design consultation for the project party, they often go back to the project itself first to understand its business model, funding path, and user objects in detail, rather than discussing where to register and how to build the structure from the beginning. Only by understanding the essence of the project can we judge whether it has a compliance basis and provide the most practical problem-solving solutions.

3 What does “penetrating law enforcement” mean? Several dimensions that Web3 project parties need to focus on

In daily work, we often encounter similar questions:

• Is it okay if I set up the project in Cayman or Singapore?

• Is it okay if the project server is abroad and not open to Chinese users?

• I am just a technical consultant/outsourced developer, not involved in operations, and not in contact with funds. Is there still a risk?

• I found a foreign friend to be the nominal team founder, and I only work behind the scenes. Is it safer?

• I stated in the white paper that "we will not provide services to Chinese users", does that mean I am exempt from liability?

Behind these questions, in fact, they all reflect a core misunderstanding - a lack of understanding of the "penetrating law enforcement" model of my country's judicial organs.

The so-called "penetrating law enforcement" can be understood from two basic principles: the territorial principle and the personal principle.

▶ Territorial principle: Even if the project is registered overseas, if the following conditions exist, it may be regarded as "behavior occurring within the territory of China", triggering Chinese law:

• Project users are mainly from China (such as building a Chinese community, promoting projects to Chinese people, etc.);

• The core members or technical team of the project are located in China;

• There are domestic promotion, business cooperation, settlement and other activities (even if completed through outsourcing companies or agency companies).

▶ Territorial principle: According to Article 7 of the Criminal Law of my country, Chinese citizens who commit acts "which should be held criminally liable according to the laws of my country" abroad can also be held accountable.

For example, Chinese developers who participate in the construction of on-chain gambling platforms, virtual currency fundraising platforms, and OTC redemption channels in Dubai may still be investigated and punished by Chinese judicial authorities as long as they violate relevant provisions of my country's criminal law.

For example: In a typical case jointly released by the Supreme People's Procuratorate and the State Administration of Foreign Exchange in 2023, Guo Mouzhao built an illegal foreign exchange website (matching RMB and foreign currency transactions through virtual currency) and was sentenced to five years in prison by the Baoshan District Court of Shanghai for illegal business operations.

Therefore, common manifestations of “penetrating law enforcement” in the Web3 field include:

• Penetrating the place of registration: Even if a company is in Cayman, BVI, or Singapore, if its users and operations are in China, it may still be deemed to have “committed a crime within the country”;

• Penetrating technical identity: Even if the person in charge of technology is only a consultant or developer to the outside world, as long as there are code submissions, contract authority management, project profit sharing, private key control and other behaviors, they may still be identified as the “actual controller”;

• Penetrating on-chain data: Regulators can confirm whether a project “serves Chinese users” or involves illegal risks such as gambling, fraud, and money laundering through on-chain traceability, KYT audits, user portraits, and other methods.

For technical leaders, understanding the basic logic of "penetrating law enforcement" is the first step to do a good job in project risk control.

4 Conclusion

Many people think that as long as the project is "exported", they can get rid of the supervision of Chinese law once and for all. But the fact is that if a project has never undergone a legal risk assessment, it is difficult to say that it is safe even if it is located overseas.

I hope this article can remind entrepreneurs and technical leaders in the Web3 field: Whether a project has a compliance basis does not depend on where it is registered, but on whether the project itself tramples on the red line drawn by Chinese law.

Only by taking risk identification as the underlying thinking in the early stages can the project go further and live longer.