Why I’m pushing back against the KYC creep

Hi everyone,

​I’ve been in the crypto space for 5 years, and I’ve dedicated the last 2 specifically to the Arbitrum ecosystem. I’ve seen this network grow and I’ve been a firm believer in its potential. However, I’m writing today to share my deep disappointment with the direction we are heading regarding KYC requirements.

​I didn’t join this revolution 5 years ago to spend my time filling out forms and linking my identity to my on-chain activity. If I wanted that level of surveillance and centralized compliance, I would have stayed with traditional banks or centralized companies.

​We are seeing KYC creep into almost every corner of the DAO—from delegate rewards to grant programs. While some argue this brings ‘order,’ I see it as a betrayal of the core values that brought many of us here. A DAO should be a space for meritocracy and technical excellence, not a place where we replicate the friction of the legacy system.

​I believe in an ‘aristocratic’ model of expertise and order, but it must be decentralized and permissionless. Otherwise, we are just building another corporation with a different name. I hope the community reflects on whether this is the path we truly want to take.

​Are we just accepting this as the new normal, or do others still value the anonymity and freedom that crypto originally promised?"

I resonate strongly with much of what you’re expressing here.

For me, the core issue isn’t really the existence of identity, but rather importing the wrong identity model into a space that was meant to be fundamentally different.

I don’t think the real dilemma is “no identification ever” versus “bank-style KYC everywhere.”
Some degree of identity, continuity, or accountability becomes inevitable if DAOs want to run grants, delegate programs, or long-term initiatives in a sustainable way.

The central question is how we address that need.

Traditional KYC carries inherited assumptions: centralized databases, excessive data collection, and a strong linkage to off-chain, real-world identity. That’s where the friction appears — and where many feel a betrayal of crypto’s original ethos.

I’m much more interested in exploring crypto-native, DAO-specific identity primitives: minimal disclosure, contextual use, permissionless and verifiable, without forcing contributors into the traditional banking compliance stack.

In that sense, I think of something like an ARB Passport not as traditional KYC.
Rather, I see it as a potential contextual, inter-DAO identity layer — portable across governance spaces, built from on-chain actions and participation, and activated only when it truly makes sense.

Not a global identity.
Not a real-world identity.
Just the minimum continuity needed to reduce coordination friction between and within DAOs, without breaking pseudonymity or recreating institutional gatekeeping.

For me, the challenge isn’t resisting all forms of structure, but ensuring that the structure we build is natively decentralized, not just a rebranding of legacy systems.
That feels much closer to crypto’s original promise, while still acknowledging the needs that growth inevitably brings.

Thanks for the reply. I understand that KYC/KIC is being required in some specific programs and payout flows — and in fact, to receive incentive payments (e.g., DIP / grants), participants currently end up going through a compliance process with the Arbitrum Foundation or the program operators.

That said, my point is mainly about direction / principles: whenever possible, I’d like the DAO and ecosystem to keep moving toward a permissionless model, where access to core functionality and general participation does not depend on KYC, and where KYC is the exception due to operational/regulatory necessity, not a default that spreads everywhere.

I’m also concerned about the precedent of requiring KYC in the future to access economic benefits that feel like “dividends” or broad protocol rewards. For many of us, privacy/anonymity and permissionless access are foundational values.

I understand the trade-offs, but I think we should be very careful about the scope of KYC/KIC and aim to minimize it rather than normalize it.

This is a genuinely important discussion, and I’m glad it’s being surfaced openly.

The tension between privacy, decentralization, and operational sustainability is something many DAOs inevitably face as they scale. What can feel like “KYC creep” may sometimes reflect regulatory realities, treasury risk management, or attempts to introduce accountability structures.

That said, the discomfort being expressed shouldn’t be dismissed. If identity requirements begin to resemble traditional financial systems too closely, DAOs risk reintroducing the very friction and exclusion that crypto originally aimed to reduce, particularly for globally distributed, pseudonymous contributors.

It seems the more productive path may not be a binary choice between anonymity and full KYC, but rather the development of crypto-native identity approaches: minimal disclosure, purpose-specific verification, and mechanisms that preserve privacy while enabling accountability where genuinely necessary.

It could be valuable for the DAO to clearly communicate:

Where identity is strictly required

The rationale behind those requirements

Whether lighter or privacy-preserving alternatives are viable

Clarity and proportionality may help reduce the perception of “creep” while still supporting the DAO’s long-term resilience.

I’m also curious whether others have seen privacy-preserving identity models work effectively in other DAO ecosystems.

I want to add a perspective that I think is missing from this conversation.

I am building a multi-chain payment app in Africa and I work across Africa daily. The majority of people I build for have never had a bank account. No passport. No utility bill in their name. No credit history. These are not edge cases. These are millions of people who found crypto because it was the first financial system that did not ask them to prove they were worthy of access before letting them in.

When a DAO starts layering KYC requirements, even with good intentions, it is making a quiet decision about who belongs here. And the people it quietly excludes are almost always the ones who need permissionless systems the most.

I have watched a market woman in Togo receive money from her son in France through a crypto wallet. No bank. No form. No waiting. That is the promise. The moment we start asking her for documents to participate in governance or earn rewards, we have already broken it.

Identity in Web3 should be earned through what you do on-chain, not what paper you can produce off-chain. Your votes, your contributions, your consistency over time. That is a richer and more honest picture of who someone is in this ecosystem than any government document will ever be.

The real question is not how do we verify people. It is who are we building this for.