On paper, giving a DAO (decentralised autonomous organisation) a legal identity looks like a contradiction in terms. In practice, operating a DAO without one exposes founders, token holders and smart-contract contributors to personal liability they did not intend to accept. Mauritius has emerged as a workable solution for cross-border DAOs that need a credible legal home without the administrative weight of a major financial centre. The VAITOS Act 2021 (the Virtual Asset and Initial Token Offering Services Act) gives Mauritius-based digital-asset structures a statutory foundation, and the island's common-law inheritance – itself rooted in the same tradition as Singapore and the UK – makes it legible to counterparties, banks and institutional investors worldwide.
This guide walks through the legal basis for a DAO wrapper in Mauritius, the step-by-step process from entity selection to regulatory filing, the cross-border interactions with tax and banking, and the decision point where a DAO builder should choose Mauritius over or alongside another hub. Each step flags the specific legal issue it resolves and the common mistake founders make at that stage.
Why legal wrappers matter for DAOs
A DAO without a legal wrapper is, in most jurisdictions, an unincorporated association – meaning every member who takes an active governance role may bear joint and several personal liability for the DAO's obligations. That is not a theoretical risk. Regulators across the EU, the US and Asia have signalled that the absence of a formal entity does not remove accountability; it simply distributes it unpredictably. For a DAO that controls a treasury, issues tokens or executes real-world contracts, the question is not whether to have a wrapper but which jurisdiction to use and which structure fits the governance model.
The VAITOS Act 2021 is the statutory instrument in Mauritius that brought virtual-asset services within the supervised perimeter. Under its provisions, a business providing virtual-asset services – broadly interpreted to include exchange, custody, token offering and portfolio management – must register or obtain a licence from the Financial Services Commission (FSC) of Mauritius. The FSC has developed specific guidance for digital-asset structures, and its posture toward innovative entrants has been notably constructive compared with several European regulators in the same period.
In our practice, the first conversation with a DAO founder almost always turns on the same question: is the DAO itself the regulated entity, or is the wrapper an operational vehicle that interacts with an on-chain governance layer that remains legally separate? The answer shapes the entity choice, the regulatory filing strategy and the tax analysis.
The process above describes the standard path. Your facts – the entity, the user base, the banking – change the analysis. For a scoped assessment of your DAO's wrapper options, contact OBOLUS at info@oboluslaw.com.
Step 1: Classify the token before selecting the entity
Token classification is the legal prerequisite for every subsequent decision, and getting it wrong at this stage compounds every cost downstream. A utility label on a whitepaper does not settle the legal classification – substance controls, not marketing. The rights a token confers, the economic expectations it generates and the degree of centralised management behind it are the factors that determine whether the token is a virtual asset, a security, an e-money instrument or something else entirely under the applicable regime.
Under the VAITOS Act, Mauritius applies a substance-over-form classification methodology that is broadly aligned with the FATF Recommendation 15 framework for virtual assets. A token that confers profit rights or governance rights with an economic dimension will attract closer regulatory scrutiny than a pure utility token redeemable only for in-protocol services. Where a token approaches the security end of the spectrum, the FSC licence category changes, the required disclosures expand, and the interaction with third-country regulators – particularly the SEC, ESMA or the FCA – becomes a live issue from day one.
The common mistake at this step is conflating legal classification with technical architecture. A token can be non-custodial, permissionless and on-chain and still meet the definition of a regulated instrument under Mauritius law or the law of the jurisdiction where token holders are located. We assess classification against the substance of rights conferred, not the marketing label.
A second classification question concerns the DAO's smart contracts themselves. Mauritius has not yet enacted specific smart-contract recognition legislation, but contracts executed through code are generally enforceable under Mauritius civil and commercial law where the elements of a valid agreement – offer, acceptance, consideration and intention – are demonstrable. Founders should document the governance logic with sufficient precision that a court could reconstruct the parties' intentions from the code and the associated governance documentation.
Step 2: Choose the right legal structure for the wrapper
Mauritius offers several entity types that have been used as DAO wrappers; the choice turns on governance architecture, liability management and the intended relationship between the legal entity and the on-chain layer.
The Global Business Company (GBC) is the most commonly used vehicle for cross-border digital-asset operations in Mauritius. A GBC is a company incorporated under Mauritius company law and holding a Global Business Licence issued by the FSC. It benefits from Mauritius's extensive treaty network, which covers a substantial number of jurisdictions including India, China, France and numerous African markets. The GBC can hold the DAO's operational agreements, employ contributors, hold the treasury and interface with regulated counterparties – banks, custodians and exchanges – that require a corporate counterpart.
A Foundation structured under Mauritius law is an alternative that more closely mirrors the governance logic of some DAOs. A Mauritius foundation has no shareholders; it operates for defined purposes and may allocate assets to beneficiaries as defined in its charter. For a DAO whose token holders function more like stakeholders in a commons than shareholders in a company, a foundation structure can reflect that economic reality more accurately. The foundation's council plays a governance role analogous to a DAO's elected or algorithmic leadership tier.
A Limited Partnership is a third route, particularly relevant for DAOs with a fund-like structure – for example, a decentralised investment protocol or a yield-strategy DAO. Mauritius limited partnerships can be structured with a digital-asset mandate and, where required, can be registered with the FSC as a collective investment scheme or a private equity fund equivalent.
The cross-border dimension is critical here. Founders based in the US, the EU or the UK will need advice from allied counsel in the relevant jurisdiction on whether the Mauritius wrapper adequately insulates them from domestic regulatory obligations. The wrapper does not make a US-person exempt from SEC jurisdiction, nor does it override MiCA obligations where EU users are involved.
Step 3: FSC registration and VAITOS filing
Registration under the VAITOS Act is the regulatory step that converts a Mauritius entity into a legally permitted virtual-asset service provider. The FSC operates a tiered registration and licensing system: some activities require only registration, while others – particularly exchange services, custody and token offering – require a full virtual-asset service provider licence with more extensive disclosure and capital requirements.
The application package for FSC registration typically includes a business plan, a description of the technology architecture and smart-contract logic, AML/CFT policies aligned with FATF standards, details of beneficial owners and key personnel, and a description of the governance model – including, where the applicant is a DAO, a mapping of the on-chain governance mechanism to the legal entity's decision-making structure. The Financial Services Commission has issued guidance on the content of these disclosures, and applications that address the governance mapping explicitly tend to progress more smoothly.
Timeline for FSC review varies by activity and completeness of the application. In our experience advising on comparable structures in comparable jurisdictions, applications that arrive complete – with no material outstanding items – move considerably faster than those submitted in stages. The FSC has shown willingness to engage in pre-application dialogue, which is an underused tool. A pre-application meeting surfaces the regulator's concerns before the formal clock starts.
The common mistake at this step is submitting a generic fintech business plan rather than one tailored to the DAO's specific governance and token model. Regulators in every hub, not only Mauritius, now read governance documentation with close attention. A business plan that describes a DAO as "a community of token holders" without specifying the legal relationships, the voting mechanism and the dispute resolution pathway will draw requests for further information and delay.
Step 4: Build the AML/KYC programme and address the Travel Rule
Any Mauritius-registered virtual-asset service provider must maintain an AML/CFT programme that meets the standards set out in Mauritius's financial-crime legislation, itself aligned with FATF Recommendations. For a DAO wrapper, this creates a structural challenge: the on-chain layer may be permissionless, but the legal entity – the GBC or foundation – bears the compliance obligation.
The practical resolution is a layered compliance model. The legal entity applies KYC/AML controls at the interface points it controls: treasury distributions, fiat on- and off-ramps, contributor agreements and token sale participation. The on-chain layer, where it is genuinely permissionless, is documented as such – but the DAO's legal entity does not represent to the FSC that it has no exposure simply because some on-chain activity is open to anonymous participants.
The Travel Rule (the obligation to pass originator and beneficiary data with a virtual-asset transfer, derived from FATF Recommendation 16) applies to covered transfers above the applicable threshold. The threshold varies by jurisdiction and is subject to ongoing regulatory revision; founders should consult current FSC guidance rather than relying on a figure from any secondary source. What is stable is the principle: the legal entity operating the transfer function must have a Travel-Rule-compliant technical and procedural solution in place before going live.
Operators we advise routinely discover that their chosen technology stack – whether a smart-contract-based settlement layer or a custodial wallet – has not been assessed for Travel Rule compliance. Addressing this after launch is substantially more expensive than building it in at the design stage.
Step 5: Structure the tax and banking interaction
A Mauritius GBC holding a Global Business Licence benefits from a partial exemption regime under Mauritius tax law that can reduce the effective corporate tax rate on foreign-source income. The specific rate and the conditions for qualifying as a GBC are matters of current Mauritius tax legislation; founders should obtain current tax advice rather than treating any published figure as definitive, because Mauritius has periodically revised its GBC regime in response to OECD/BEPS developments.
The treaty network is strategically significant for DAOs with contributors or treasury activity in multiple jurisdictions. A Mauritius GBC can, where treaty conditions are met, be used to manage withholding tax on royalties, interest and dividends flowing through the structure. However, treaty access requires genuine substance in Mauritius – physical presence, local directors with relevant competence, board meetings held on the island. Post-BEPS anti-avoidance provisions mean that a brass-plate GBC is unlikely to sustain treaty claims.
Banking is the acute operational pain point for Mauritius-registered digital-asset entities. Local banks apply risk-based onboarding criteria that are, in practice, more stringent for crypto businesses than for conventional financial services clients. Founders should expect the banking process to run in parallel with – not after – the FSC registration, and should identify more than one banking relationship as a contingency. In our cross-border practice, we structure licensing, banking and tax as one mandate rather than three disconnected workstreams, because delays in one typically create delays in the others.
The cross-border banking question also touches on the currency of the treasury. A DAO holding a stablecoin treasury needs banking that can interface with both fiat and on-chain settlement. Not all Mauritius correspondent banking relationships extend to digital-asset-native counterparties, and the selection of a banking partner requires assessment of their digital-asset-specific compliance policies, not just their general AML posture.
If prior banking applications have stalled or your structure has outgrown an earlier legal opinion, a second read can surface the structural reason and the route forward. Write to OBOLUS at info@oboluslaw.com or message us at t.me/oboluslaw.
A recent instruction: DAO treasury wrapper and regulatory registration
In a recent matter, a cross-chain yield protocol operating across two blockchains approached us after its token distribution triggered a query from its home jurisdiction's financial regulator. The protocol had no legal entity; its contributor team was distributed across four countries. We structured a Mauritius GBC as the operational wrapper, mapped the governance token rights against the VAITOS Act classification framework, and prepared the FSC pre-application submission. We coordinated the AML programme design and the banking engagement concurrently. The FSC pre-application meeting identified one classification issue with the protocol's fee-distribution mechanism; we restructured that component before the formal application was filed. Registration was obtained within the expected review window. The protocol's contributors had a legal entity, a bank account and a regulatory permission before the next token distribution event.
Decision point: when does Mauritius make sense as the wrapper jurisdiction?
Mauritius is not the right wrapper jurisdiction for every DAO, and the decision matrix depends on three variables: the DAO's user geography, its token classification and its banking needs.
A DAO with significant African or Asian exposure – particularly South or Southeast Asia, or Sub-Saharan Africa – benefits most from the Mauritius treaty network and the FSC's familiarity with cross-regional capital flows. A DAO whose primary user base is in the EU or the UK faces a more complex analysis: MiCA or FCA obligations may apply directly to the DAO's activities regardless of where the legal wrapper sits, and a Mauritius entity does not provide passporting access to the EU single market. For EU market access, a parallel CASP authorisation in a member state remains necessary.
A DAO with a pure utility token and a treasury denominated in on-chain assets may find the Mauritius GBC more straightforward to operate than the ADGM or VARA regimes, which carry more extensive capital and supervision requirements. A DAO whose token approaches the security end of the classification spectrum should assess whether the FSC regime's disclosure requirements are sufficient to insulate it from US SEC or EU ESMA scrutiny – the answer is jurisdiction- and fact-specific.
Profile A: a cross-chain yield protocol with no EU or US users, a utility token and a treasury held in USDC. The Mauritius GBC with VAITOS registration is a strong fit. Timeline to operational status is a matter of weeks for the entity and months for the full FSC licence, depending on application completeness.
Profile B: a governance DAO issuing tokens that confer profit-sharing rights, with significant EU token-holder participation. Mauritius may provide the treasury-holding entity, but a parallel MiCA CASP authorisation in an EU member state is likely required for the token-distribution activity. The Mauritius and EU structures operate in parallel, governed by an intercompany agreement.
Profile C: an investment DAO functioning as a decentralised fund. A Mauritius limited partnership with a fund manager holding the relevant FSC licence – potentially combined with a Cayman or BVI feeder for institutional investors – reflects the structure we have seen work in practice for this profile.
Related at OBOLUS
- DeFi, Tokenization & Smart-Contract Law – our full practice overview for digital-asset builders and protocol operators
- Real-World Asset Tokenization for Early-Stage Founders – structuring tokenized assets from concept to issuance
- Token Issuance and Offering Rules Under EU MiCA – the CASP and whitepaper regime for EU market access
FAQ
Can a DeFi protocol be regulated?
Yes. Regulatory treatment depends on the substance of the activity, not the technical architecture. A DeFi protocol that facilitates exchange, custody or lending of virtual assets may fall within the regulated perimeter under the VAITOS Act in Mauritius, MiCA in the EU, the Payment Services Act in Singapore or applicable frameworks elsewhere. Permissionless design reduces but does not eliminate regulatory exposure for the developers and the legal entity behind the protocol.
What legal wrapper suits a DAO?
The answer depends on the DAO's governance model and economic activity. A Mauritius Global Business Company is well-suited for operational DAOs that need to contract, bank and employ. A Mauritius Foundation better reflects a purpose-based governance structure with no shareholders. A limited partnership suits investment or fund-like DAOs. Each structure has different regulatory-filing obligations under the VAITOS Act and different tax treatment, so entity selection must follow token classification, not precede it.
Who is liable when a smart contract fails?
Liability for a smart-contract failure turns on the legal relationship between the parties, the terms of any associated legal agreement, and the jurisdiction whose law governs. Where a legal wrapper exists, the entity and its directors or officers may bear liability for the wrapper's obligations. Where there is no entity, courts in several common-law jurisdictions have been willing to impose liability on identifiable participants who exercised control or made representations. A well-drafted legal wrapper, with governance documentation that maps the code to the parties' intent, reduces but does not eliminate this exposure.
OBOLUS is an independent digital-asset law boutique acting only for businesses. We advise exchanges, custodians, token issuers, protocols and funds on licensing across 70+ jurisdictions, on disputes and on-chain asset recovery across 25+ forums, and on the tax, banking and compliance that sit around them. Digital assets are the whole of our practice. We assess token classification against substance, not marketing labels, and we structure licensing, banking and tax as one mandate. To discuss your DAO structure, contact info@oboluslaw.com.
By Roman Levitt, Technology & DeFi Counsel – specialising in smart-contract legal architecture, DAO structuring and DeFi protocol regulatory analysis across common-law and civil-law jurisdictions.
This publication is general information about the law and does not constitute legal advice. It is not a substitute for advice tailored to your circumstances. OBOLUS accepts no liability for action taken or not taken on the basis of this material. For advice on your situation, contact info@oboluslaw.com.