背景：Web3。 Web3.0在不同的时期会有不同的含义，而最近的Web3.0最大的特点就是允许用户拥有网络的一部分，真正成为自己数字资产的主人。 在这种情况下，web1.0时代最大的特点就是集中的网络，比如新浪、搜狐等门户网站。网络空间发布的信息完全由大型企业和平台控制，个人对自己的网络资产并不重要；在web2.0时代，随着互联网技术的发展，用户可以更多地参与网络空间的内容创作，无论是微博、Facebook、twitter还是哔哩哔哩。 在web2.0的背景下，用户通过手机和电子邮件注册的网络账户已经成为用户的重要虚拟资产，但在大多数情况下，平台会通过用户协议规定平台拥有网络账户的最终所有权，用户只有使用权。因此，我们看到了太多的案例。在网络游戏或平台服务终止运营后，用户只能己的账户和内容告别。 Web3.0的概念是基于非集中的网络架构，用户可以通过私钥将自己的数字资产存储在自己的数字货币包中，并从链中的一个平台迁移到另一个平台。这种愿景在商业模式和监管方面都是颠覆性的。即使Web3.0不能完全取代现有的网络架构和商业模式，面临的法律挑战也值得关注。 二、分散化：每个人都是网络运营商？ 网络运营商是网络安全法中最基本的概念之一。它指的是网络所有者、管理者和网络服务提供者。基于管理中心网络的理念，网络运营商需要承担大量的法律义务，如保留日志、审查网络系统内容、保护网络系统处理的个人信息等。 在web3.0的概念下，如果用户真的能够拥有网络系统的一部分，虽然他们会为分散的网络做出贡献，但他们也会成为《网络安全法》意义上的网络运营商，理论上他们需要承担相应的法律责任。因此，在web3.0的结构下，用户需要更多地管理自己的数据、内容和代币，因为客观上，平台无法干预用户的内容。 以网络运营商为主要监管对象的理念是，运营商需要能够对服务器中的数据负责，这是网络集中时代的监管理念。这也导致了以区块链信息服务管理条例为代表的区块链监管。区块链信息服务提供商和备案系统是监管的起点，没有真正考虑分散监管带来的挑战，更不用说分散自治组织（DAO）运作带来的监管挑战，特别是考虑到各种海外公共链对国内居民的影响，一刀切的屏蔽不能成为长期政策。 《区块链信息服务管理条例》最核心的监管方式是备案。2022年3月，微信禁止了多个数字收藏平台，理由是用户投诉，平台审核，未取得法定许可证或许可证，发布、传播或从事相关业务活动，账号已停止使用。微信官方信函提醒说，经过平台检测，您的官方账号涉嫌NFT数字收藏交易业务，您需要提供NFT数字收藏交易业务资格证书。基于区块链的web3.0也将无法逃脱备案系统的约束，平台自然会占据运营商的地位，从而淡化分散化的特征。 此前，在快播案中，快播公司作为基于P2P技术的播放器运营商，也被认定承担审计责任。可以看出，分散的架构从来都不是逃避监管的理由。 在责任设置方面，《网络安全法》没有考虑分散网络的管理，也没有免除个人作为网络运营商的合规义务。由于每个人都可以成为网络运营商，那么每个人都可以成为信息处理者。在这种情况下，《个人信息保护法》第72条规定，因个人或家庭事务处理个人信息的自然人不适用本法也可能有更多的适用场景。 三、数字资产：NFT能否打破数字权力的平衡。 Web3.0最大的特点就是会改变用户持有数据的方式。依靠区块链技术，Web3.0概念下的数字收藏大多以NFT(非同质代币)的形式存在，以确保每个收藏的独特性。所谓NFT，即非同质代币(non-fungible代币)，主要相对于同质代币，如比特币。在法语中，NFT资产是一种特定的东西，也就是说，每个分割NFT都是不同的；比特币等同质代币的每一个份额都是一样的，也就是说，你钱包里的0.1比特币和我钱包里的0.1比特币没有本质区别。 传统上，用户主要依靠平台的账号持有自己的网络数据进行登录，而在用户协议中，通常规定账号的所有权属于平台，用户只有账号的使用权。这种所有权安排主要受技术结构的限制。由于在web2.0的结构下，用户无法真正使用自己的数据，数据需要存储在平台的服务器中，平台可以很容易地绕过用户操作数据库中的数据，因此数据控制本质上是在平台的一侧。 在web3.0的背景下，借助加密货币技术，数字钱包中的token可以绕过平台。即使平台运行，钱包中的token仍然可能存在于链中。这种设计有助于扭转当前数据产权设置的偏向平台状态。 然而，在实践中，数字收藏的所有权仍然需要仔细筛选，因为不同平台的NFT所有权差异很大。特别是在许多平台上，NFT交易选择保留知识产权，这为购买数字资产的用户使用数字收藏埋下了法律隐患。 此外，国内数字收藏交易平台通常以私有链为基础提供服务。与web2.0时代一样，用户仍然通过注册账户与他们购买的数据收集建立联系，他们无法通过自己的数字钱包实现真正的控制。然而，由于国内对数字资产的政策，通常会设禁止数字资产转移的限制，或禁止转移消费者购买的数字资产，或要求在一定时间内禁止转移。 例如，在阿里拍卖中的数字收藏中，在大多数情况下，用户可以通过拍卖获得除个人权利外的财产权，并自动完成新版本链中作品的所有权转让。然而，阿里拍卖设定了90天的交易冷却期，即90天内不能在阿里拍卖中转售。从本质上说，用户可以在阿里拍卖上购买一张90天内限制转售的纸质证书。 但是，根据《作权法》第二十七条的规定，作品的转让(财产)权可以订立书面合同，不需要登记。

这就让以下场景成为可能：假设我通过阿里拍卖获取到某作品的著作权后，尽管阿里拍卖设定了“交易冷却期”，但我大可与（善意）第三人书面签订该作品的著作权转让协议。在此场景下，阿里拍卖及做著作权登记的“新版链”很难对抗善意第三人，而且第三人可以直接去中国版权保护中心或其他省级版权保护机构办理著作权登记。纠纷难免发生。

而这样的潜在风险只是沧海一粟，其他诸如展览权的错位、以及信息网络传播权对数字藏品的束缚等都不必提。Web2.0与Web1.0时代的法律，在适用于Web3.0时会出现各种卡顿，因为不太兼容。

四、都Web3了，代码与法律的相互成就

莱斯格教授在《代码》一书中认为，网络秩序会同时受到法律、准则、市场与代码的规制。Web3.0已经遥指网络架构的变革，进而不可避免会给网络秩序带来滔天巨浪。哪怕比特币只是惊鸿一瞥，也已经给网络金融秩序带来至今没有平息的浪潮。Web3.0的潜力，在于重塑网络空间中的财产机制。

Web3.0更有可能帮助个人行使自己在《个人信息保护法》下的个人权利。比如现有的网络平台可能因为加密货币技术的阻却，无法识别用户的个人信息，必须通过给予用户更多利益的方式来“交易所”用户的个人信息。就好比在微信等基于网络的通信工具出现后，电信运营商仅能够提供流量方面的支持，如果想参与到信息的处理则必须通过互联网平台。Web3.0也同样具有让平台边缘化的能力。

Web3.0的时代，数字钱包有希望成为互联网资源的入口，甚至是连接数据资产与用户个人的桥梁。即通过数字钱包，用户有望绕开平台直超越理自己的数据。但在这样的架构下，数字钱包的安全性同样值得忧虑，数字钱包携用户资产跑路或赛博空间内的“扒手”得手的新闻更是屡见不鲜。网络入口的变迁，也自然会带来网络空间中新巨头的诞生，反垄断法也必定会有新的施展空间。

在实体法未必能及时响应Web3.0所带来挑战的情境下，基于技术的自治与合约将成为行业合规发展的稳定器，最大限度地让Web3.0兼容现有的法律制度与监管体系。

区块链、时间戳、加密货币技术将成为Web 3.0的技术基础，是网络空间中自力救济与自我防卫的原材料，将会直接决定壕沟的样式、城墙的材质，以及城门上锁钥的规格。

而合约则是让Web 3.0与现实法律接轨的一条捷径，通过合约条款可以让现实中司法机构直接介入网络空间中的纠纷，不用复杂的法律推理就让法律得以适用。而能否起草一份贴合Web 3.0特点的合约（包括用户协议、隐私政策）也会是考验Web 3.0运营者及其背后律师的一道难题。

史宇航：法学博士，执业律师，注册信息安全专业人员（CISP），注册信息隐私管理人员（CIPM）

Background: Web3. Web3.0 will have different meanings in different periods, and the biggest feature of recent Web3.0 is that it allows users to own a part of the network and truly become the masters of their own digital assets. In this case, the biggest feature of the web1.0 era is the centralized network, such as portals such as Sina and Sohu. Information released in cyberspace is completely controlled by large enterprises and platforms, and individuals are not important to their own network assets; in the web2.0 era, with the development of Internet technology, users can participate more in content creation in cyberspace, whether it is Weibo, Facebook, twitter or Bilibili. In the context of web 2.0, online accounts registered by users through mobile phones and emails have become important virtual assets for users. However, in most cases, the platform will stipulate through the user agreement that the platform has the final ownership of the online account, and users can only use right. So we see too many cases. After the operation of online games or platform services is terminated, users can only say goodbye to their accounts and content. The concept of Web3.0 is based on a non-centralized network architecture. Users can store their digital assets in their own digital currency wallets through private keys and migrate them from one platform to another in the chain. This vision is disruptive in both business model and regulatory terms. Even if Web 3.0 cannot completely replace the existing network architecture and business model, the legal challenges it faces are worthy of attention. 2. Decentralization: Everyone is a network operator? Network operator is one of the most basic concepts in cybersecurity law. It refers to network owners, managers and network service providers. Based on the concept of management center network, network operators need to bear a large number of legal obligations, such as retaining logs, reviewing network system content, and protecting personal information processed by network systems. Under the concept of web3.0, if users can really own part of the network system, although they will contribute to the decentralized network, they will also become network operators in the sense of the "Network Security Law". In theory, they Need to bear corresponding legal responsibilities. Therefore, under the structure of web3.0, users need to manage their own data, content and tokens more, because objectively, the platform cannot interfere with users' content. The concept of focusing on network operators as the main subject of supervision is that operators need to be responsible for the data in the servers. This is the supervision concept in the era of network concentration. This has also led to blockchain supervision represented by the Blockchain Information Service Management Regulations. Blockchain information service providers and filing systems are the starting point for supervision, without really considering the challenges brought by decentralized supervision, let alone the regulatory challenges brought by the operation of decentralized autonomous organizations (DAO), especially considering various overseas public chains With regard to the impact on domestic residents, one-size-fits-all shielding cannot be a long-term policy. The core supervision method of the "Blockchain Information Service Management Regulations" is filing. In March 2022, WeChat banned multiple digital collection platforms on the grounds that user complaints, platform review, and failure to obtain legalTo publish, disseminate or engage in related business activities, the account has been stopped. WeChat’s official letter reminds that after platform testing, your official account is suspected of NFT digital collection and trading business, and you need to provide an NFT digital collection and trading business qualification certificate. Blockchain-based web 3.0 will also be unable to escape the constraints of the registration system, and the platform will naturally occupy the position of an operator, thus diluting the characteristics of decentralization. Previously, in the Kuaibo case, Kuaibo Company, as a player operator based on P2P technology, was also found to bear audit responsibility. It can be seen that a decentralized architecture has never been a reason to evade regulation. In terms of liability setting, the Cybersecurity Law does not consider the management of decentralized networks, nor does it exempt individuals from compliance obligations as network operators. Since everyone can be a network operator, everyone can be an information processor. In this case, Article 72 of the Personal Information Protection Law stipulates that this law is not applicable to natural persons who handle personal information for personal or family matters, and there may be more applicable scenarios. 3. Digital assets: Can NFT break the balance of digital power. The biggest feature of Web3.0 is that it will change the way users hold data. Relying on blockchain technology, digital collections under the Web3.0 concept mostly exist in the form of NFTs (non-fungible tokens) to ensure the uniqueness of each collection. The so-called NFT, that is, non-fungible tokens, is mainly compared to homogeneous tokens, such as Bitcoin. In French, an NFT asset is a specific thing, that is, each split NFT is different; every share of a homogeneous token such as Bitcoin is the same, that is, 0.1 in your wallet There is no essential difference between Bitcoin and the 0.1 Bitcoin in my wallet. Traditionally, users mainly rely on the platform's account to hold their own network data to log in. However, in the user agreement, it is usually stipulated that the ownership of the account belongs to the platform, and the user only has the right to use the account. This ownership arrangement is primarily limited by the technical structure. Since under the structure of web2.0, users cannot really use their own data, the data needs to be stored in the platform's server, and the platform can easily bypass users' manipulation of data in the database, so data control is essentially part of the platform. side. In the context of web 3.0, with the help of cryptocurrency technology, tokens in digital wallets can bypass the platform. Even if the platform is running, tokens in the wallet may still exist in the chain. This design helps reverse the platform-biased status of current data property rights settings. However, in practice, the ownership of digital collections still needs to be carefully screened, as NFT ownership varies greatly between platforms. Especially on many platforms, NFT transactions choose to retain intellectual property rights, which creates legal risks for users who purchase digital assets to use digital collections. In addition, domestic digital collection trading platforms usually provide services based on private chains. As in the web 2.0 era, users still connect with the data collection they purchased by registering for an account, and they cannotGet real control with your own digital wallet. However, due to domestic policies on digital assets, there are usually restrictions prohibiting the transfer of digital assets, or prohibiting the transfer of digital assets purchased by consumers, or requiring a ban on transfers within a certain period of time. For example, in the digital collection in Alibaba Auction, in most cases, users can obtain property rights in addition to personal rights through the auction, and automatically complete the ownership transfer of the works in the new version chain. However, Ali Auction has set a 90-day transaction cooling period, that is, it cannot be resold in Ali Auction within 90 days. Essentially, users can purchase a paper certificate on Alibaba Auction that restricts resale for 90 days. However, according to the provisions of Article 27 of the Copyright Law, the transfer (property) rights of works can be concluded in a written contract and registration is not required.

This makes the following scenario possible: Suppose that after I obtain the copyright of a certain work through Ali Auction, although Ali Auction has set a "transaction cooling period", I can still negotiate with a (well-intentioned) third party. The person signs a written copyright transfer agreement for the work. In this scenario, it is difficult for Alibaba’s “Xinbian Chain” to auction and register copyrights against a bona fide third party, and the third party can directly go to the China Copyright Protection Center or other provincial copyright protection agencies to register copyrights. Disputes are inevitable.

And such potential risks are just a drop in the ocean, and there is no need to mention other issues such as the dislocation of exhibition rights and the constraints of information network dissemination rights on digital collections. The laws of the Web2.0 and Web1.0 eras will encounter various lags when applied to Web3.0 because they are not compatible.

4. It’s all Web3, the mutual achievement of code and law

Professor Lessig believes in the book "Code" that the network order will be affected by laws, norms, markets and laws at the same time. Code regulation. Web3.0 has already pointed to the transformation of network architecture, which will inevitably bring huge waves to the network order. Even if Bitcoin is just a glimpse, it has brought waves to the Internet financial order that have not yet subsided. The potential of Web3.0 lies in reshaping the property mechanism in cyberspace.

Web3.0 is more likely to help individuals exercise their personal rights under the Personal Information Protection Act. For example, existing network platforms may not be able to identify users' personal information due to the obstruction of cryptocurrency technology, and must "exchange" users' personal information by giving users more benefits. Just like after the emergence of network-based communication tools such as WeChat, telecom operators can only provide traffic support. If they want to participate in information processing, they must go through the Internet platform. Web3.0 also has the ability to marginalize the platform.

In the era of Web 3.0, digital wallets are expected to become the entrance to Internet resources and even a bridge between data assets and users. That is, through digital wallets, users are expected to directly manage their data, bypassing the platform. But in such a frameUnder this structure, the security of digital wallets is also a cause for concern. News about digital wallets running away with user assets or being stolen by "pickpockets" in the cyberspace is not uncommon. Changes in network portals will naturally lead to the birth of new giants in cyberspace, and antitrust laws will also have new room for application.

In a situation where substantive law may not be able to respond to the challenges brought by Web3.0 in a timely manner, technology-based autonomy and contracts will become a stabilizer for the development of industry compliance and maximize the compatibility of Web3.0 with modern There are legal systems and regulatory systems.

Blockchain, timestamp, and cryptocurrency technologies will become the technical foundation of Web 3.0 and the raw materials for self-relief and self-defense in cyberspace. They will directly determine the style of trenches, the material of city walls, and Specifications of the key on the city gate.

Contracts are a shortcut for integrating Web 3.0 with real-world laws. Through contract clauses, real-life judicial agencies can directly intervene in disputes in cyberspace, and the law can be applied without complicated legal reasoning. Whether a contract (including user agreement and privacy policy) that fits the characteristics of Web 3.0 can be drafted will also be a difficult problem for Web 3.0 operators and the lawyers behind them.

Shi Yuhang: Doctor of Laws, practicing lawyer, Certified Information Security Professional (CISP), Certified Information Privacy Manager (CIPM)