An in-depth discussion on multi-jurisdictional crypto compliance, legal architecture for Web3 startups, and emerging regulatory trends across Asian markets

The intersection of law and innovation in the Web3 space presents both unprecedented opportunities and complex regulatory challenges. As blockchain technology evolves from experimental protocols to real-world financial infrastructure, legal frameworks worldwide are racing to catch up, creating a patchwork of regulations that Web3 entrepreneurs must carefully navigate.

Heema Shirvaikar brings a unique perspective to these challenges. As a technology, media, and data privacy lawyer with extensive experience in Web3 and crypto law, she has worked on major deals including the Disney-Viacom18 joint venture and has witnessed firsthand how different regulatory approaches across India, Dubai, and Singapore impact emerging blockchain businesses. Currently serving as Legal Manager at Ascent Advisors after her tenure as Senior Associate at Khaitan & Co, Heema specializes in providing thoughtful legal solutions that empower rather than intimidate clients operating at the cutting edge of technological innovation.

In this comprehensive interview, Heema shares her insights on the most critical legal considerations facing Web3 startups today, from token classification and governance structures to the evolving regulatory landscape across Asian markets. Her perspective offers valuable guidance for founders, investors, and legal practitioners working to build compliant, innovative projects in an increasingly regulated crypto ecosystem.

Question 1: Multi-Jurisdictional Web3 Compliance

Working across India, Dubai, and Singapore, you see firsthand how different regulatory approaches impact Web3 startups. What are the key differences in crypto compliance requirements across these three jurisdictions, and how do you help clients navigate conflicting regulatory frameworks when operating regionally?

I’ve found the structuring of a Web3 startup to be fundamentally different from a traditional tech company. Especially in jurisdictions like India for example, we have seen a wave of reverse flips, where startups previously domiciled in jurisdictions like Singapore or the USA are now shifting their business base back to India due to evolving domestic incentives. But this trend is unlikely for Web3, where India has taken a relatively conservative approach. While the formal regulatory landscape is largely lacking, it is governed by indirect means like taxation which largely remains punitive, creating significant friction for startups, especially token-centric projects, from operating locally. There is also ambiguity and uncertainty with the legal framework, making it inhospitable in terms of being a jurisdiction for carrying out primary operations. By contrast, Dubai has created a more comprehensive framework for Web3 and virtual assets through VARA which offers clarity, along with a relatively favourable tax regime. Singapore, while traditionally seen as Web3-friendly, is now taking a more cautious approach with the DTSP regime, increasing its compliance complexity.

Each jurisdiction offers its own unique regulatory approach when it comes to Web3 and crypto assets, ranging from proactive to deterrent to uncertain. This is made even more challenging by the fact that the regulatory landscape is rapidly evolving. This makes it important to understand the business operations for each Web3 entity and assess the jurisdictions where its activities would be low, medium or high risk. If a Web3 project includes multiple layers, there may be different jurisdictions best suited for each according to its risk and compliance requirements. Like a protocol layer housed within a DAO wrapper in a jurisdiction like Cayman with a user-facing interface operated by an entity based in Singapore. This would ensure that if there is a change in the legal landscape in Singapore affecting how the user-facing entity operates, it would not disrupt the protocol logic. Secondly, certain features or functionalities might be tolerated in one jurisdiction and not another, which would require use of robust jurisdiction-specific disclaimers and geo-fencing. In a way it’s like hedging your regulatory exposure, rather than betting on one jurisdiction to stay favourable.

Question 2: Web3 Startup Legal Architecture

When advising Web3 startups on legal documentation and structuring, what are the most critical legal considerations that founders often overlook? How do you balance regulatory compliance with the innovative, decentralized nature that these companies are trying to achieve?

One of the key legal blind spots for Web3 startups is how fundamentally different their risk exposure is, compared to say traditional tech companies, in terms of token design, governance and the speed at which they can scale up. In a Web2 context, scaling up might trigger some corporate restructuring. But when it comes to Web3, flipping into a DAO or launching a token could trigger securities, AML or tax scrutiny across multiple jurisdictions. Founders might assume that setting up in a crypto-friendly jurisdiction would insulate their project from global regulations, but we have seen real-life instances where that has not been the case. While Telegram launched its token sale through a BVI entity, it was forced to shut down the project by the SEC because it involved investors based in the USA. Binance faced enforcement actions in the USA despite operating in places like the Cayman Islands, because regulators are looking past entity structuring and focusing on other factors like where token sales are being conducted and jurisdictions from where users are engaging with the project.

Token classification is also an area where a lot of risk concentrates. Public-facing materials like whitepapers, website and social channels are often overlooked simply as marketing tools, but they can be as consequential as the underlying token mechanisms. Poorly articulated, vague or overly promotional claims around utility, governance or value may be interpreted as investment solicitations, so legal precisions in all communications, not only legal documentation is essential.

Another often overlooked issue, and I think this may be uniquely prevalent in Web3, is how often important decisions with legal or financial consequences are made through informal channels like Telegram or Discord. I recently reviewed an OTC token purchase agreement, where the price per token was to be based on the best bid on an exchange at a specified time. However, the contract deferred the specified time to be ‘mutually agreed on Telegram’ between the parties. This is a prime example of informal governance bleeding into formal documentation. Messages on Telegram can be deleted or edited, and without a verifiable audit trail, agreements like these become difficult to enforce. For decisions with real financial impact, this kind of ambiguity could create real legal exposure and open doors not only to contractual disputes but also regulatory scrutiny over lack of transparency or improper governance. Ultimately, legal considerations in Web3 shouldn’t be an afterthought once things go wrong, or be seen purely as risk mitigation. Especially in a space that often operates in legal grey zones, it should be proactive, intentional and integrated from the start.

Question 3: Emerging Regulatory Trends

Given your focus on the intersection of law and innovation in the Web3 space, what regulatory trends are you seeing emerge across Asian markets? How should crypto businesses prepare for upcoming changes, and where do you see the most opportunity for compliant innovation?

The regulatory journey of crypto globally has been anything but linear. In the early stages, a lot of jurisdictions reacted with scepticism, often leading to reactive and restrictive measures. In 2018, the Reserve Bank of India issued a circular prohibiting banks from dealing in virtual currencies. This was a classic knee-jerk reaction to perceived systemic risk. The Supreme Court of India overturned the ban in 2020, ruling it unconstitutional. Since then, India has transitioned towards a more regulated posture, introducing a 30% crypto tax regime and joining global AML alignment through FATF standards. In the USA as well, early crypto oversight was disjointed, with both the SEC and CFTC asserting jurisdiction over various aspects of crypto, further causing regulatory ambiguity. The SEC initiated several enforcement actions against players in the crypto industry. But the global regulatory position on crypto is seeing a dramatic shift in 2025 with policymakers now leaning towards proactive and engagement driven regulation instead of reactive bans and enforcement actions. Stablecoins are no longer niche instruments and are being increasingly recognised in the mainstream for their potential in cross-border payments and digital commerce. The USA has recently passed the GENIUS Act, providing a comprehensive federal framework for stablecoin issuers, meanwhile, the Clarity Bill if enacted, would further clarify stablecoin regulation for issuers. The MiCA Regulation also provides a legal framework for stablecoins in Europe. Regulatory frameworks for stablecoins are also underway in Hong Kong and Singapore. We are seeing a global trend of convergence between crypto and traditional finance, with the integration of stablecoins, real-world asset tokenization and the growing interoperability with on-chain systems. A standout example is that of Project Guardian, which is an ambitious initiative by the MAS in Singapore to test the applicability of Web3 protocols to real-world financial markets in a controlled and permissioned environment. For Web3 businesses, the regulatory bar is rising, but so is the opportunity, with crypto moving beyond its impression as a fringe technology or a speculative asset towards real economic utility. I think the biggest opportunity for compliant innovation lies in enabling the real-world use of blockchain technology and integration of crypto into real economy in a way that is secure, compliant and at scale. The most promising projects in Web3 will be the ones that build not in spite of regulation, but because of it.

Want to contribute to our Q&A series? If you're a legal expert in the web3/AI space and would like to share your expertise by joining our Q&A series, please reach out to hi@databirdjournal.com