Abstract

In August 2022, the United States Office of Foreign Assets Control designated Tornado Cash — an autonomous smart contract protocol with no directors, no registered office, and no territorial jurisdiction — as a Specially Designated National. The most territorial of instruments, the sanctions list, was deployed against the most post-territorial of entities. The state won. This article argues that this episode is not an anomaly but a structural revelation: digital sovereignty contains an internal contradiction. The same technologies that decentralise territorial authority simultaneously create new architectures of control that may be more granular, more automated, and more difficult to contest than the territorial sovereignty they displace. Drawing on the regulation of decentralised autonomous organisations, the emergence of central bank digital currencies, extraterritorial sanctions enforcement, platform governance, and digital identity infrastructure, the article traces the mechanisms through which states have adapted to post-territorial governance not by abandoning sovereignty but by relocating it — from the border to the compliance layer, from the passport to the wallet address, from the prison to the frozen account. The article situates this transformation within a broader account of digital infrastructure as the new territory of sovereign power, engages critically with the libertarian origins of the digital sovereignty thesis, and identifies the governance implications of a world in which whoever controls the infrastructure controls the governance.

Keywords: digital sovereignty; blockchain; decentralised autonomous organisations; CBDC; programmable compliance; Tornado Cash; platform governance; infrastructure; Leviathan; post-territorial governance

1. Introduction

In August 2022, the United States Treasury sanctioned Tornado Cash — an autonomous smart contract protocol that had processed over seven billion dollars in transactions without directors, employees, or a registered jurisdiction. No human being ran it. No office housed it. No territory contained it. The Office of Foreign Assets Control placed it on the Specially Designated Nationals list anyway.^[1]

The Fifth Circuit Court of Appeals subsequently held that immutable smart contracts cannot constitute ‘property’ within the meaning of the sanctions statute — a significant doctrinal limitation. But the enforcement apparatus remained intact. A developer was arrested in the Netherlands. Exchanges blocked wallet addresses associated with the protocol. The compliance layer functioned precisely as designed, regardless of what any court said about the underlying code. The state did not regulate the protocol. It regulated everything the protocol needed to operate in the real economy.

This episode encapsulates the central paradox of digital sovereignty. The early theorists of a borderless digital world were not wrong that code could escape territory.^[2] Satoshi Nakamoto’s 2008 white paper described a peer-to-peer electronic cash system designed to operate without trusted third parties — without banks, without governments, without the territorial anchors through which law traditionally operates.^[3] The cypherpunks understood cryptography as a political tool. Decentralisation was not merely a technical architecture; it was a constitutional theory. The blockchain was a social contract written in code.

What the theorists did not anticipate was that digital infrastructure, once built at scale and once interfacing with the regulated economy, produces its own Leviathan.^[4] Not the Hobbesian sovereign constituted by individual consent and exercising power through physical force within a defined territory. A different kind: one that requires neither territory nor coercion, but only control over the infrastructure through which all economic life flows. Hobbes’s mortal god governed through the sword. The digital Leviathan governs through the algorithm.

This article advances two related arguments. First, that the same technical properties which make digital infrastructure resistant to territorial regulation — its networked, distributed, programmable character — also make it an exceptionally effective medium for non-territorial regulation. Decentralisation distributes governance capacity. Programmability concentrates enforcement capacity. These are not competing tendencies; they operate simultaneously, at different layers of the same infrastructure. Second, that the question of digital sovereignty is therefore not whether states can regulate digital infrastructure — they demonstrably can — but who controls the infrastructure through which regulation is exercised, and with what accountability.

The article proceeds as follows. Section 2 examines the intellectual origins of the digital sovereignty thesis and identifies what it underestimated. Section 3 documents the three regulatory strategies through which states have reasserted jurisdiction over post-territorial governance systems. Section 4 analyses the emergence of programmable compliance as a new modality of sovereign power. Section 5 identifies the structural dialectic at the heart of digital sovereignty. Section 6 addresses the governance implications. Section 7 concludes.

2. The Original Promise of Digital Sovereignty

The intellectual roots of the digital sovereignty thesis run deeper than Bitcoin. Friedrich Hayek’s argument for the denationalisation of money (1976) established the theoretical foundation: if currency issuers competed for users on the basis of monetary quality, states would lose their monopoly over money, and the inflationary temptations of managed fiat currency would be disciplined by market competition.^[5]

John Nash’s concept of asymptotically ideal money, developed across several decades and delivered as a lecture in St Petersburg in 2008, refined this analysis. Nash observed that the emergence of inflation targeting among central banks represented an implicit admission: monetary quality could in principle be controlled through managed supply. This created the conditions for competitive comparison of currencies by quality — and, Nash suggested, an evolutionary tendency toward more stable monetary standards. What Nash could not have anticipated was that the relevant competitor would not be another central bank but a cryptographic protocol.^[6]

Satoshi’s Bitcoin whitepaper translated the economic intuition into operational architecture. Nakamoto’s key innovation was not the cryptographic techniques themselves, which were well-established, but the combination of distributed consensus, proof-of-work, and a fixed supply schedule into a system that could maintain monetary integrity without any trusted authority. The blockchain was constitutionally designed to be ungovernable by any single actor — including states.^[7]

The twenty-one million bitcoin supply cap, enforced by protocol rather than by any central bank commitment, was an architectural answer to the inflationary temptations that Hayek had identified as the fundamental flaw of state monetary monopoly. Where Hayek proposed market competition between currency issuers as the discipline mechanism, Nakamoto embedded the discipline directly into the protocol itself. The constitutional constraint was mathematical, not political — and therefore, the theory held, immune to the political pressures that had eroded every previous attempt at rules-based monetary governance. It was an elegant solution to a centuries-old problem. Its vulnerability lay not in the protocol but in the perimeter.

Ethereum extended this architecture from currency to governance. Vitalik Buterin’s programmable blockchain enabled smart contracts — self-executing agreements written in code and enforced automatically without judicial or administrative intervention.^[8] Decentralised Autonomous Organisations (DAOs) emerged as governance structures capable of managing collective resources, establishing procedural rules, and making binding decisions through token-weighted voting — all without incorporation, without a registered address, without a territorial jurisdiction of legal personality.

The network state thesis represented the logical culmination of this trajectory: political communities constituted through shared digital identity and coordinated through blockchain governance, seeking territorial or legal recognition only after achieving sufficient institutional coherence.^[9] De Filippi and Wright gave this emerging legal order its jurisprudential name: ‘lex cryptographia’ — rules administered through self-executing code, operating independently of territorial law.^[10]

2.1 What the Thesis Underestimated

The digital sovereignty thesis rested on a structural assumption: that distributing control across a network would prevent any single actor from exercising the kind of monopolistic authority that territorial states exercise. This assumption was correct at the protocol layer. Bitcoin transactions cannot be blocked by any single state actor. A sufficiently determined user can access the Bitcoin network from virtually any jurisdiction. At the base layer, the censorship resistance is genuine.

What the thesis underestimated was the fiat perimeter problem. Crypto assets must interface with banking systems to have economic value beyond their native ecosystem. Exchanges, custodians, and wallets are physical entities with physical locations, licensable by regulatory authorities. The human layer — developers, founders, foundation members — is always locatable, always prosecutable. The infrastructure layer — cloud providers, RPC node operators, front-end websites — is concentrated in a small number of jurisdictionally accessible entities. And the consumer protection imperative — the principle that when code governs real money and real people are harmed, states will intervene — proved more politically durable than the libertarian thesis anticipated.

The state could not regulate the protocol. It did not need to. It regulated everything the protocol needed to function in the real economy. This is not a story of regulatory failure. It is a story of regulatory adaptation.

The speed of this adaptation was itself significant. Between 2017 and 2024, the major financial regulatory jurisdictions moved from treating blockchain-based assets as an unclassified novelty to developing comprehensive licensing frameworks, enforcement doctrines, and international coordination mechanisms. The FATF Travel Rule, MiCA, the SEC’s enforcement actions against token issuers, the CFTC’s assertion of jurisdiction over DAO governance structures, and the G20’s coordinated approach to crypto-asset regulation collectively represent a regulatory response of unusual speed and breadth. The libertarian thesis had assumed that the distributed architecture of blockchain systems would impose structural barriers to regulation that would take decades to overcome. It took less than a decade for states to develop effective regulatory responses that did not require overcoming those barriers at all.

3. The Return of Jurisdiction

The history of state responses to blockchain-based governance systems reveals three distinct regulatory strategies, each targeting a different layer of the post-territorial governance architecture. Together, they demonstrate that jurisdictional reach does not require territorial presence — it requires only access to the points at which the post-territorial system interfaces with the territorial one.

3.1 Regulating the Perimeter

The Financial Action Task Force’s 2019 Guidance on Virtual Asset Service Providers established the first systematic perimeter regulation: AML/KYC obligations applied to exchanges, custodians, and wallet providers at the points of entry and exit between the crypto economy and the regulated financial system.^[11] The EU’s Markets in Crypto-Assets Regulation (MiCA, 2023) extended this architecture into a comprehensive licensing regime requiring legal personality, registered offices, capital requirements, and governance structures that presuppose territorial accountability.^[12] The protocol itself remained unregulated. The regulated perimeter contracted inward around it, leaving less and less economic space in which the unregulated protocol could operate without encountering compliance requirements.

The MiCA framework is particularly instructive as a model of perimeter regulation at scale. By requiring crypto-asset service providers to obtain authorisation, maintain a registered office within the EU, satisfy capital adequacy requirements, and submit to ongoing supervisory oversight, it essentially applies the logic of financial services regulation — designed for territorially incorporated intermediaries — to entities whose technical architecture was designed to operate without any of these features. The result is a bifurcated ecosystem: a compliant, regulated layer that functions as an extension of the conventional financial system, and a residual unregulated layer that operates at the margins of economic relevance. The protocol is free. The economy around it is not.

3.2 Attaching Liability to the Human Layer

Where no legal entity existed, regulators found the humans behind the code. Roman Storm, a developer of Tornado Cash, was indicted in the Southern District of New York for money laundering conspiracy — notwithstanding that the protocol he had written operated autonomously and could not be modified or controlled after deployment.^[13] The CFTC’s action against Ooki DAO was more structurally significant: the Commission sued the DAO itself as an unincorporated association, serving process through the protocol’s online governance forum and securing a default judgment against the DAO’s token holders as members of that association.^[14] The legal fiction of leaderless governance collapsed when courts looked through it to find responsible parties. Decentralisation, it transpired, is a matter of degree, not of kind — and partial decentralisation affords only partial protection from legal liability.

The Ooki DAO case merits particular attention as a precedent. The CFTC’s theory of liability treated participation in DAO governance — the act of voting on a governance proposal using a protocol token — as sufficient to constitute membership of an unincorporated association for regulatory purposes. This dramatically expanded the potential regulatory exposure of anyone who participates in on-chain governance of a protocol touching regulated financial activity. It also revealed the structural tension at the heart of DAO governance theory: if token-weighted voting is the mechanism of decentralised governance, and if voting constitutes membership, then decentralised governance is also distributed liability. The promise of collective governance without collective accountability proved legally unsustainable.

3.3 Domesticating the DAO

Most revealing of all was the offer of domestication. Wyoming’s DAO LLC legislation (2021) and the Marshall Islands DAO Act (2022) extended legal personality to DAOs — but on terms that required registered agents, state filings, and attachable liability.^[15] The offer was voluntary. But the alternative — operating without legal personality — meant no bank accounts, no enforceable contracts, no limited liability for members, and no legal interface through which the DAO could interact with the regulated economy. Domestication was presented as a choice. The structure of the choice made refusal economically prohibitive for any DAO seeking real-world economic relevance.

These three strategies reveal the same structural logic. States cannot regulate the protocol, so they regulate everything the protocol needs to function in the real economy. Post-territorial governance exists at the protocol layer. But economic relevance requires territorial interface. And territorial interface creates regulatory entry points. The state does not need to be everywhere. It needs only to be at the exits.

This logic applies with equal force to the Tornado Cash episode. A sanctioning authority with no territorial jurisdiction over the relevant parties and no ability to modify the relevant code was nonetheless able to render the protocol economically unusable for the vast majority of its potential users. Exchanges, front-end operators, and wallet software providers implemented blocking at the infrastructure layer in response to regulatory signals. The protocol continued to function at the base layer. The infrastructure around it made that function economically marginal. The digital Leviathan does not need to destroy; it needs only to deny access. And access, in a digital economy, is everything.

Bratton’s concept of the Stack — the layered sovereignty exercised by platform operators over the computational infrastructure through which all digital activity is mediated — captures something of this structure. But the Stack, as Bratton originally conceived it, described primarily the power of private platform operators. What the regulation of blockchain systems reveals is that the Stack has been progressively incorporated into state regulatory architecture. Governments exercise sovereignty through the infrastructure layer by mandating compliance at the private points of concentration. The architecture of the Stack has not changed. The regulatory logic running through it has.

4. From Territorial Coercion to Programmable Compliance

The regulatory strategies described in Section 3 operate at the perimeter of the post-territorial system. A more fundamental transformation is underway at its core. Digital infrastructure is not merely being regulated by states; it is being incorporated into sovereign governance architecture as a mechanism of programmable compliance. The shift is from the border checkpoint to the compliance layer; from the passport to the wallet address; from territorial coercion to infrastructural exclusion.

4.1 Central Bank Digital Currencies and Programmable Money

Nash’s concept of asymptotically ideal money envisaged competitive evolution toward stable monetary standards through market discipline.^[16] Central Bank Digital Currencies represent the state’s answer to that competition: not monetary discipline, but monetary programmability. As of 2024, 134 countries representing 98 per cent of global GDP are exploring CBDCs; three have fully launched.^[17] A CBDC is not merely a digital version of existing currency. It is money with embedded conditional logic: the capacity to programme expiry dates, geographic constraints, category restrictions, and usage conditions directly into the monetary instrument itself. Cash cannot be programmed. A CBDC can be made to expire if unspent, restricted to approved categories of expenditure, or rendered inoperable outside defined geographic parameters. The monetary instrument becomes a governance instrument.

The governance implications of CBDC programmability extend beyond the headline cases of expiry dates and spending restrictions. A programmable monetary system enables fine-grained policy implementation that conventional monetary instruments cannot achieve. Welfare payments could be restricted to approved categories of goods, preventing expenditure on alcohol or tobacco without requiring any administrative enforcement mechanism. Business subsidies could be automatically restricted to specific supplier categories, implementing industrial policy through the payment instrument itself. Tax obligations could be collected automatically at the point of transaction, eliminating the compliance gap between tax liability and tax collection. Each of these applications has a plausible policy rationale. Each also represents an expansion of state capacity to condition individual economic behaviour that has no equivalent in the history of fiat currency. The question is not whether these capacities will be used, but how, by whom, and subject to what constraints.

4.2 Automated Sanctions Enforcement

The extraterritorial reach of sanctions regimes has expanded dramatically as digital financial infrastructure has become the mechanism of enforcement. Secondary sanctions — measures penalising third-country entities for transacting with sanctioned parties — operate by conditioning access to dollar-clearing systems and correspondent banking networks rather than through direct territorial enforcement.^[18] Blockchain surveillance infrastructure, provided by firms such as Chainalysis and Elliptic, embeds sanctions compliance into exchanges, wallets, and DeFi protocol front-ends automatically.^[19] The OFAC sanctions list becomes, in effect, a distributed compliance protocol enforced at the infrastructure layer without requiring any territorial presence by the sanctioning authority.

The structural significance of this development extends beyond its immediate regulatory effects. Secondary sanctions implemented through digital financial infrastructure operate without the procedural constraints that attach to conventional territorial enforcement. A company subject to sanctions administered through correspondent banking restrictions has at least a formal channel through which to contest the designation — through US courts, through diplomatic channels, through OFAC’s own review procedures. A wallet address blocked simultaneously by fifty independent exchanges, wallet providers, and protocol front-ends in response to an OFAC designation embedded in a shared compliance database has no equivalent procedural recourse against the infrastructure-level blocking, even if the underlying designation is legally contestable. The enforcement is distributed; the accountability is not.

4.3 Digital Identity as Governance Infrastructure

The EU’s eIDAS 2.0 framework (2024) establishes a European Digital Identity Wallet — a portable, state-issued digital identity credential enabling citizens to authenticate themselves across digital services throughout the Union.^[20] Digital identity is not merely a convenience infrastructure. It is a governance prerequisite. Where identity verification becomes a precondition for participation in digital services, whoever controls the identity infrastructure controls the conditions of participation. ‘Know your customer’ becomes ‘know your citizen’. The permissionless layer of digital participation — the base-layer censorship resistance that the early blockchain theorists celebrated — shrinks as the identity-gated participation layer expands.

4.4 Platform Governance as Regulatory Intermediation

Large digital platforms have long exercised quasi-regulatory functions: content moderation, account suspension, demonetisation, dispute resolution. What has changed is the relationship between platform governance and state authority. The EU’s Digital Services Act (2022), the UK Online Safety Act (2023), and Germany’s Network Enforcement Act have progressively converted platform governance from private discretion into a mandatory regulatory function performed by private actors under state direction.^[21] The platform becomes a regulatory intermediary. Its content moderation decisions are no longer merely commercial choices; they are the implementation of legal obligations, enforceable by state regulators, subject to appeal mechanisms, and increasingly standardised across jurisdictions.

Lessig identified the structural logic decades ago: code is law, in the sense that technical architecture constitutes behaviour as effectively as legal rules.^[22] Zuboff’s surveillance capitalism analysis adds the political economy: behavioural data is both the product of digital systems and the mechanism through which those systems are governed. Together, they identify the key feature of programmable compliance that territorial sovereignty lacked: the capacity to govern behaviour predictively and at scale, through infrastructure rather than through enforcement.

5. The Dialectic of Digital Sovereignty

5.1 The Digital Leviathan

Hobbes conceived the Leviathan as the sovereign power produced by social contract: absolute, indivisible, constituted by the surrender of individual liberty in exchange for collective security, exercising power through physical force within a defined territorial space.^[23] The early blockchain theorists understood themselves as liberating individuals from precisely this bargain. Code would replace the sovereign. The network would replace the state. Decentralisation would make monopolistic authority structurally impossible.

What they produced instead were the conditions for a digital Leviathan of a different kind. Not constituted by consent, not limited to a defined territory, not exercising power through physical force. Constituted by infrastructure dependency, operating through every jurisdiction simultaneously, exercising power through the capacity to include or exclude from economic participation. Whoever controls the infrastructure controls the governance. And infrastructure control, unlike territorial control, admits of no geographical limit.

5.2 Three Dimensions of the Contradiction

The internal contradiction of digital sovereignty operates across three dimensions that are structurally inseparable from the technology itself. Each dimension involves a pairing of properties that the early digital sovereignty theorists treated as aligned but that in practice operate in tension, and in some cases in direct opposition. Understanding these pairings is essential to understanding why the promise of digital freedom has produced, in parallel, some of the most effective mechanisms of digital control ever developed.

First, censorship resistance coexists with total transparency. Bitcoin is censorship-resistant at the protocol layer: no single authority can block a valid transaction from being included in the blockchain. But every transaction is permanently and publicly recorded on a distributed ledger, traceable from its origin to its current location.^[24] The same architecture that prevents censorship enables comprehensive financial surveillance. Privacy and transparency are not competing features; they are complementary properties of the same cryptographic design.

Second, permissionless access coexists with identity-gated participation. The Bitcoin base layer requires no identity: anyone with a private key can generate an address and receive funds. But economic participation in the broader crypto ecosystem — exchanges, DeFi protocols, wallet services, fiat on/off ramps — increasingly requires KYC verification, identity documents, and institutional approval. The permissionless layer is real but shrinking. The identity-gated layer is expanding in proportion to the economic relevance of what it governs.

Third, decentralised governance coexists with concentrated infrastructure. DAO governance may be genuinely distributed across thousands of token holders in dozens of jurisdictions. But the cloud infrastructure on which most DeFi applications run, the RPC providers through which most users access blockchains, and the front-end websites through which most users interact with protocols are concentrated in a small number of entities, each jurisdictionally locatable, each regulatable.^[25] The governance is decentralised. The infrastructure is not.

These three dimensions are not independent. They are manifestations of a single structural feature: the layered architecture of digital systems creates different properties at different levels of the stack, and regulatory authority can be exercised effectively at any layer, regardless of the properties of the other layers. Base-layer censorship resistance does not prevent application-layer exclusion. Protocol-level permissionlessness does not prevent interface-level identity gating. Governance decentralisation does not prevent infrastructure concentration. A regulatory strategy that targets any single layer can produce governance effects across the entire system, because the layers are economically interdependent even where they are technically separable. This is the architectural fact that the libertarian digital sovereignty thesis underestimated: technical decentralisation at one layer does not produce political decentralisation across the system.

5.3 The Krasner Analogy

Krasner identified territorial sovereignty as organised hypocrisy: the gap between the universally proclaimed norm of sovereign equality and the systematic practice of its violation.^[26] Digital sovereignty exhibits a structurally similar gap. The decentralisation norm — that blockchain-based systems operate independently of any territorial authority — is systematically undermined by the centralisation reality of infrastructure control, regulatory perimeter management, and human-layer accountability. The norm and the practice diverge in the same structural pattern. What differs is the direction of the hypocrisy: where Krasner’s states proclaimed sovereignty and violated it in practice, the digital sovereignty theorists proclaimed decentralisation and produced centralisation in practice.

6. Beyond Utopia and Dystopia: Governance Implications

The analysis developed in this article should not be read as a normative endorsement of digital authoritarianism, nor as a counsel of despair about the possibilities of decentralised governance. The structural paradox of digital sovereignty is not unique to authoritarian contexts. Liberal democracies have demonstrated the same capacity for programmable exclusion, albeit with different accountability structures.

The contrast between authoritarian and democratic deployments of digital infrastructure is instructive precisely because the technical capacities are structurally identical. China’s digital yuan architecture and Social Credit System demonstrate programmable financial infrastructure deployed without constitutional constraint: real-time transaction monitoring, identity-linked participation, geographic and categorical spending restrictions, and the capacity to exclude individuals from economic life as an instrument of social discipline. Russia’s sovereign internet (RuNet) architecture represents the same logic applied to connectivity: the state as exclusive gatekeeper of digital access within its territory. These are not merely more extreme versions of what liberal democracies are building. They are the same technical capacities, deployed without the procedural and institutional constraints that, in democratic systems, limit their exercise. The distinction matters enormously for the people governed by these systems. It matters less for the structural analysis of what digital sovereignty is.

In February 2022, Canada invoked the Emergencies Act to freeze the bank accounts of participants in the Ottawa truckers’ protest — not through judicial order but through administrative direction to financial institutions, enforced through the digital payment infrastructure on which the protesters depended.^[27] The Rouleau Commission subsequently concluded that the invocation was legally justified but noted significant concerns about the use of financial measures against protesters without prior judicial authorisation. The digital financial infrastructure functioned as designed. The accountability mechanisms eventually constrained its exercise. But the capacity existed, was deployed, and remains.

The distinction between authoritarian and democratic digital sovereignty is not technological but constitutional. The same infrastructure that authoritarian states use to enforce ideological conformity was deployed, in attenuated form, in a liberal democracy in a state of emergency. The difference lay not in the capacity but in the accountability: parliamentary oversight, judicial review, and electoral consequences eventually constrained that capacity. The risk is not that liberal democracies will become authoritarian overnight. It is that digital infrastructure, once built, outlasts the emergencies that justify it — and that the constitutional constraints which distinguish democratic from authoritarian digital governance may prove more fragile than the infrastructure they are supposed to govern.

The structural logic of digital exclusion also has deeper historical antecedents than the blockchain era.^[28] Programmable infrastructure is not the first mechanism through which governance has operated through conditioned access rather than physical coercion. Understanding this genealogy matters for the governance implications that follow.

6.1 Three Governance Implications

First, the democratic legitimacy of programmable compliance requires the same constitutional discipline as territorial law. If governance increasingly operates through automated compliance architecture — CBDC programmability, wallet screening, smart contract restrictions — those mechanisms require contestability, proportionality review, and judicial oversight equivalent to that applied to traditional regulatory instruments. Code that governs is law. Law requires legitimacy. Legitimacy requires accountability.

This principle has concrete implications for digital infrastructure design that existing regulatory frameworks have not yet addressed. When a government mandates that a CBDC wallet cannot be used to purchase certain categories of goods, or that a digital identity credential can be suspended pending investigation, or that an exchange must implement sanctions screening automatically and in real time, it is making regulatory decisions that affect individual rights without the procedural safeguards that would attach to equivalent decisions made through conventional administrative processes. A bank account frozen by court order can be challenged through established legal procedures. A wallet address blocked simultaneously by multiple infrastructure operators in response to a regulatory signal embedded in a compliance layer may be far harder to contest effectively — and may produce its effects before any challenge is lodged. The speed and automation of programmable compliance is precisely what makes it attractive to regulators, and precisely what makes the absence of procedural constraints most significant.

Second, the fragmentation of digital regulatory regimes across jurisdictions produces regulatory arbitrage without producing freedom.^[29] The GDPR and the US approach to data governance, the EU’s MiCA and the SEC’s securities-based approach to crypto regulation, the Chinese CBDC and the Bahamian Sand Dollar, all represent national implementations of digital sovereignty that interact without coordination. Users face inconsistent obligations. Platforms face compliance complexity. No jurisdiction achieves its regulatory objectives fully. International coordination of digital infrastructure governance is not merely convenient; it is structurally necessary if the accountability deficits of post-territorial governance are to be addressed.

Third, the democratic governance of private infrastructure requires institutional mechanisms that do not yet exist.^[30] When cloud providers, blockchain node operators, and wallet software implement state-mandated compliance at scale, they exercise quasi-public functions over which affected individuals have no direct democratic recourse. The accountability frameworks that constrain public regulatory action — judicial review, parliamentary scrutiny, proportionality requirements — do not automatically apply to private entities performing equivalent functions at the direction of public authorities. Closing this gap is one of the central challenges of digital governance in the coming decade.

7. Conclusion

The early theorists of digital sovereignty were correct that code could escape territory. They were wrong that escaping territory meant escaping sovereignty. Digital infrastructure, once built at scale and once integrated with the regulated economy, does not eliminate sovereign power. It relocates it: from the border to the compliance layer, from the passport to the wallet address, from the prison to the frozen account.

The three regulatory strategies documented in Section 3 — perimeter regulation, human-layer liability, and DAO domestication — demonstrate that states have adapted to post-territorial governance with surprising speed and structural sophistication. The programmable compliance mechanisms identified in Section 4 — CBDCs, automated sanctions enforcement, digital identity infrastructure, platform intermediation — demonstrate that this adaptation is not merely reactive but generative: digital infrastructure is becoming an instrument of sovereign governance, not merely its object.

The structural dialectic of Section 5 identifies what is genuinely new in this transformation. Digital infrastructure simultaneously decentralises governance capacity and concentrates enforcement capacity. Censorship resistance and total transparency coexist in the same cryptographic architecture. Permissionless access and identity-gated participation operate at different layers of the same system. The decentralisation norm and the centralisation reality diverge in the same structural pattern that Krasner identified in territorial sovereignty: organised hypocrisy, in a new medium.

This article has developed these arguments as part of a longer research trajectory. The ‘dialectics of regulatory rhetoric’ that the author identified in conference presentations in 2017–2018 — the gap between what regulators said about digital assets and what they did — was an early manifestation of the structural paradox analysed here.^[31] Recognition Beyond Territory (2026) established the doctrinal framework: functional authority normalises before formal recognition. This article has applied that framework to its most challenging implication: functional authority in digital infrastructure may produce a form of governance more complete than territorial sovereignty could ever achieve, because it operates at the level of infrastructure rather than enforcement.

Hobbes called the sovereign the Leviathan: mortal god, absolute power, indivisible will. The territorial Leviathan governed through the sword. It required a body, a location, a physical capacity for violence. The digital Leviathan requires none of these. It requires only that you need to transact — and that all transactions pass through infrastructure it controls.

The question is no longer whether sovereignty will become digital. The question is who will govern the infrastructure through which digital sovereignty operates — and whether those who are governed will have any meaningful say in the answer.

Three research questions follow from this analysis, each pointing toward a different dimension of the problem. First, what constitutional and administrative law frameworks are adequate to govern programmable compliance mechanisms? The existing literature on administrative law was developed in relation to discretionary human decisions made by identifiable officials subject to procedural constraints. Automated compliance architecture operates differently: decisions are made at the point of system design rather than at the point of application, effects are simultaneous and distributed rather than sequential and targeted, and the chain of accountability between regulatory mandate and infrastructure-level effect runs through multiple private intermediaries each exercising their own discretion. Adapting administrative law to this environment is one of the central jurisprudential challenges of the next decade.

Second, what does international law have to say about the extraterritorial exercise of digital sovereign power? Article 1 of this research trajectory established that functional authority precedes formal recognition in international law. The present article identifies a related but distinct question: when a state exercises governance effects in another jurisdiction through infrastructure-level compliance mandates — blocking wallet addresses globally, restricting platform access across borders, mandating transaction surveillance through international correspondent banking networks — it is exercising extraterritorial prescriptive jurisdiction without the territorial nexus that international law traditionally requires. The effects doctrine, developed in antitrust law and extended by the GDPR and secondary sanctions regimes, provides a partial framework, but one that was not designed for the speed, scale, and automation of infrastructure-level enforcement.

Third, and most fundamentally, can the structural paradox of digital sovereignty be resolved, or only managed? The analysis developed in this article suggests that the paradox is not a contingent feature of current regulatory choices but a structural property of the technology itself. Layered digital architecture will always produce different governance properties at different layers. The tension between base-layer freedom and application-layer control, between protocol-level permissionlessness and infrastructure-level concentration, is built into the design. What can be managed — through constitutional constraints, international coordination, and democratic accountability mechanisms — is who exercises control at the concentrated layers, and subject to what procedural and substantive limits. The digital Leviathan is not going away. The question is whether it can be constitutionalised.

[1] Office of Foreign Assets Control (OFAC), 'OFAC Sanctions Tornado Cash' (US Department of the Treasury, 8 August 2022); Van Loon v Department of the Treasury, 90 F 4th 339 (5th Cir 2024) (holding that immutable smart contracts are not 'property' subject to OFAC designation). See further Matthew Jerzewski, 'Sanctioning Code: Tornado Cash and the Limits of OFAC Authority' (2023) 43 Yale Journal on Regulation Online 1.

[2] John Perry Barlow, 'A Declaration of the Independence of Cyberspace' (Electronic Frontier Foundation, 8 February 1996) <https://www.eff.org/cyberspace-independence> accessed May 2026.

[3] Satoshi Nakamoto, 'Bitcoin: A Peer-to-Peer Electronic Cash System' (2008) <https://bitcoin.org/bitcoin.pdf> accessed May 2026.

[4] Thomas Hobbes, Leviathan (first published 1651, Richard Tuck ed, Cambridge University Press 1991) ch 17. The present author has previously engaged with the Hobbesian framing of digital governance in conference presentations delivered to the Scientific-Practical Council of the Regional Bar Association of Kyiv Oblast (RAKO) of the National Bar Association of Ukraine and at Kyiv National Economic University (KNEU) in 2017-2018.

[5] FA Hayek, Denationalisation of Money: The Argument Refined (2nd edn, Institute of Economic Affairs 1978). For the connection between Hayek's currency competition thesis and cryptocurrency design see Lawrence H White, 'The Market for Cryptocurrencies' (2015) 36 Cato Journal 383.

[6] John Forbes Nash Jr, 'Ideal Money' (2002) 69 Southern Economic Journal 4; John Forbes Nash Jr, 'Ideal and Asymptotically Ideal Money' (Lecture, St Petersburg State University Graduate School of Management, 26 June 2008), published in (2008) 6(4) Russian Management Journal 3. Nash's concept of the Industrial Consumption Price Index (ICPI) as a monetary standard anticipates the programmable stability mechanisms embedded in CBDC design.

[7] Nakamoto (n 3). For the governance implications of programmable blockchains see De Filippi and Wright (n 9) 39-72.

[8] Vitalik Buterin, 'Ethereum White Paper: A Next-Generation Smart Contract and Decentralised Application Platform' (2014, revised 2023) <https://ethereum.org/en/whitepaper/> accessed May 2026. Buterin's white paper introduced the concept of a Turing-complete programmable blockchain enabling smart contracts and DAOs.

[9] Balaji Srinivasan, The Network State: How to Start a New Country (1729 Press 2022) 1-30.

[10] Primavera De Filippi and Aaron Wright, Blockchain and the Law: The Rule of Code (Harvard University Press 2018) 1-22. The authors argue that 'lex cryptographia' -- rules administered through self-executing smart contracts -- represents a new regulatory modality operating independently of territorial law.

[11] Financial Action Task Force, 'Guidance for a Risk-Based Approach to Virtual Assets and Virtual Asset Service Providers' (FATF, June 2019); FATF, 'Updated Guidance for a Risk-Based Approach for Virtual Assets and Virtual Asset Service Providers' (FATF, October 2021).

[12] Regulation (EU) 2023/1114 of the European Parliament and of the Council of 31 May 2023 on markets in crypto-assets [2023] OJ L150/40 (MiCA). MiCA requires crypto-asset issuers and service providers to obtain authorisation, maintain registered offices within the EU, and satisfy capital and governance requirements -- structural conditions that presuppose territorial legal personality.

[13] US v Roman Storm, 23 Cr 430 (SDNY, indictment filed 23 August 2023). For the developer liability question see Peter Van Valkenburgh, 'The Tornado Cash Indictment and the Future of Open-Source Software' (Coin Center, 2023).

[14] CFTC v Ooki DAO, Case No 3:22-cv-05416 (ND Cal, default judgment entered 9 June 2023). The CFTC served the DAO by posting the complaint in its online governance forum, establishing that decentralised governance structures may constitute unincorporated associations subject to federal regulatory jurisdiction.

[15] Wyoming Decentralized Autonomous Organization Supplement Act 2021, Wyo Stat ss 17-31-101 to 17-31-116; Republic of the Marshall Islands Non-Profit Entities (Amendment) Act 2022. See Shawn Bayern, 'The Implications of Modern Business-Entity Law for the Regulation of Autonomous Systems' (2016) 19 Stanford Technology Law Review 93.

[16] Nash (n 6). Nash's ICPI-based standard for monetary value -- designed to produce stable, competition-resistant currency -- prefigures the programmable stability mechanisms of CBDC architecture. The key structural difference is that Nash envisaged competition between currency issuers; CBDC represents the state's attempt to win that competition through technical programmability rather than monetary discipline.

[17] Atlantic Council GeoEconomics Center, 'Central Bank Digital Currency Tracker' (Atlantic Council, updated 2024) <https://www.atlanticcouncil.org/cbdctracker/> accessed May 2026. As of 2024, 134 countries representing 98% of global GDP are at some stage of CBDC exploration; 3 have fully launched (Bahamas Sand Dollar, Nigeria eNaira, Jamaica JAM-DEX). For the governance implications see Eswar Prasad, The Future of Money (Harvard University Press 2021) 167-220. For the governance implications see Eswar Prasad, The Future of Money: How the Digital Revolution Is Transforming Currencies and Finance (Harvard University Press 2021) 167-220.

[18] Anu Bradford, The Brussels Effect: How the European Union Rules the World (Oxford University Press 2020) 13-26; Paul Schwartz and Karl-Nikolaus Peifer, 'Transatlantic Data Privacy Law' (2017) 106 Georgetown Law Journal 115, 119-126. On OFAC's extraterritorial sanctions architecture see Matteo Giungi, 'Secondary Sanctions and the Extraterritorial Reach of US Financial Coercion' (2020) 51 Georgetown Journal of International Law 371.

[19] Chainalysis Inc, '2024 Crypto Crime Report' (Chainalysis, February 2024) <https://www.chainalysis.com/blog/crypto-crime-report-2024/> accessed May 2026. Chainalysis and Elliptic provide blockchain transaction monitoring and sanctions screening infrastructure to government agencies and regulated financial institutions globally. On the financial surveillance implications see Frank Pasquale, The Black Box Society (Harvard University Press 2015) 1-18.

[20] Regulation (EU) 2024/1183 of the European Parliament and of the Council of 11 April 2024 amending Regulation (EU) No 910/2014 as regards establishing the European Digital Identity Framework [2024] OJ L1183/1 (eIDAS 2.0). On digital identity as governance infrastructure see Luciano Floridi (ed), The Onlife Manifesto: Being Human in a Hyperconnected Era (Springer 2015).

[21] Regulation (EU) 2022/2065 of the European Parliament and of the Council of 19 October 2022 on a Single Market For Digital Services [2022] OJ L277/1 (Digital Services Act); Online Safety Act 2023 (UK); Netzwerkdurchsetzungsgesetz (Network Enforcement Act) 2017 (Germany). See Lorna Woods and William Perrin, 'Online Harm Reduction: A Statutory Duty of Care and Regulator' (Carnegie Trust UK, 2019).

[22] Lawrence Lessig, Code: Version 2.0 (Basic Books 2006) 121-141; Shoshana Zuboff, The Age of Surveillance Capitalism: The Fight for a Human Future at the New Frontier of Power (PublicAffairs 2019) 63-97.

[23] Hobbes (n 4) ch 17-18. For the application of Hobbesian analysis to digital governance see Evgeny Morozov, To Save Everything, Click Here: The Folly of Technological Solutionism (PublicAffairs 2013) 1-30; Benjamin Bratton, The Stack: On Software and Sovereignty (MIT Press 2015) 1-50.

[24] Satoshi Nakamoto, 'Bitcoin: A Peer-to-Peer Electronic Cash System' (n 3). On Bitcoin's censorship resistance at the protocol layer see Andreas Antonopoulos, Mastering Bitcoin: Unlocking Digital Cryptocurrencies (2nd edn, O'Reilly 2017) ch 1-2.

[25] Julie Cohen, Between Truth and Power: The Legal Constructions of Informational Capitalism (Oxford University Press 2019) 91-124; Frank Pasquale, The Black Box Society: The Secret Algorithms That Control Money and Information (Harvard University Press 2015) 1-18.

[26] Stephen Krasner, Sovereignty: Organised Hypocrisy (Princeton University Press 1999) 3-25. The parallel between Krasner's gap between sovereignty norm and sovereignty practice, and the gap between decentralisation norm and centralisation reality in digital governance, is a structural analogy rather than a direct application of Krasner's framework.

[27] Canadian Emergencies Act RSC 1985 c 22 (4th Supp) (invoked 14 February 2022, revoked 23 February 2022); Public Order Emergency Commission (Rouleau Commission), 'Final Report' (Government of Canada, February 2023). The Commission concluded that the invocation was justified but noted significant concerns about the use of financial measures against protesters without judicial authorisation.

[28] The structural logic of digital exclusion -- access conditioned on compliance, participation gated by identity verification, economic life mediated by programmable infrastructure -- has historical antecedents in territorial mechanisms of population management that operated through conditioned access rather than physical coercion. A full analysis of this genealogy falls outside the scope of this article. For the theoretical framework see Giorgio Agamben, Homo Sacer: Sovereign Power and Bare Life (Stanford University Press 1998); Glen Coulthard, Red Skin, White Masks: Rejecting the Colonial Politics of Recognition (University of Minnesota Press 2014).

[29] Benedict Kingsbury, Nico Krisch and Richard Stewart, 'The Emergence of Global Administrative Law' (2005) 68 Law and Contemporary Problems 15; Nico Krisch, 'The Pluralism of Global Administrative Law' (2006) 17 EJIL 247.

[30] Philip Alston, 'The Populist Challenge to Human Rights' (2017) 9 Journal of Human Rights Practice 1; Jan Aart Scholte, 'Reinventing Global Democracy' (2014) 20 European Journal of International Relations 3.

[31] The author\'s prior scholarly and professional engagement with these themes is documented in the following verifiable public records. First, Round Table on \'Blockchain Technologies in the Development of Corporate Finance\', Department of Corporate Finance and Controlling with the Institute of Financial Controlling, Kyiv National Economic University (KNEU), 2 November 2017 (author as principal speaker): <https://kneu.edu.ua/ua/science_kneu/ndi/Institute_for_Financial_Controlling/announced/bchain1/>. Second, Online Seminar \'How Blockchain and Cryptocurrencies Transform Banking Business\', Association of Ukrainian Banks (AUB), 29 October 2020, convened with the participation of the National Bank of Ukraine, the Ministry of Digital Transformation, and the Verkhovna Rada of Ukraine (author as speaker alongside the Head of the Legal Department of the NBU): <https://aub.org.ua/aub-provela-onlajn-seminar-yak-blockchain-ta-kriptovalyuti-transformuyut-bankivskij-biznes/>. Third, conference presentations to the Scientific-Practical Council of the Regional Bar Association of Kyiv Oblast (RAKO NAAU) on legal aspects of blockchain technologies, cryptocurrencies, digital assets and smart contracts (2018); \'Problems and Prospects of State Cryptocurrency Regulation and Control\' (KNEU, 2017); and \'New Challenges for Corporate Finance in the Context of Digital Capital Growth\' (KNEU, 2017). These contributions identified what the author termed \'the dialectics of regulatory rhetoric\' surrounding digital assets -- the structural gap between regulatory proclamation and regulatory practice -- which anticipates the central paradox analysed in this article.

Bibliography

Primary Sources

Legislation and Regulatory Instruments

Canadian Emergencies Act RSC 1985 c 22 (4th Supp) (invoked 14 February 2022, revoked 23 February 2022)

Financial Action Task Force, 'Guidance for a Risk-Based Approach to Virtual Assets and Virtual Asset Service Providers' (FATF, June 2019)

Financial Action Task Force, 'Updated Guidance for a Risk-Based Approach for Virtual Assets and VASPs' (FATF, October 2021)

Netzwerkdurchsetzungsgesetz (Network Enforcement Act) 2017 (Germany)

Office of Foreign Assets Control (OFAC), 'OFAC Sanctions Tornado Cash' (US Department of the Treasury, 8 August 2022)

Online Safety Act 2023 (UK)

Regulation (EU) 2022/2065 of the European Parliament and of the Council of 19 October 2022 on a Single Market For Digital Services [2022] OJ L277/1 (Digital Services Act)

Regulation (EU) 2023/1114 of the European Parliament and of the Council of 31 May 2023 on markets in crypto-assets [2023] OJ L150/40 (MiCA)

Regulation (EU) 2024/1183 of the European Parliament and of the Council of 11 April 2024 amending Regulation (EU) No 910/2014 [2024] OJ L1183/1 (eIDAS 2.0)

Republic of the Marshall Islands Non-Profit Entities (Amendment) Act 2022

Wyoming Decentralized Autonomous Organization Supplement Act 2021, Wyo Stat ss 17-31-101 to 17-31-116

Cases

CFTC v Ooki DAO, Case No 3:22-cv-05416 (ND Cal, default judgment entered 9 June 2023)

US v Roman Storm, 23 Cr 430 (SDNY, indictment filed 23 August 2023)

Van Loon v Department of the Treasury, 90 F 4th 339 (5th Cir 2024)

Other Primary Sources

Atlantic Council GeoEconomics Center, 'Central Bank Digital Currency Tracker' (2024) <https://www.atlanticcouncil.org/cbdctracker/> accessed May 2026

Barlow JP, 'A Declaration of the Independence of Cyberspace' (Electronic Frontier Foundation, 8 February 1996) <https://www.eff.org/cyberspace-independence> accessed May 2026

Buterin V, 'Ethereum White Paper: A Next-Generation Smart Contract and Decentralised Application Platform' (2014) <https://ethereum.org/en/whitepaper/> accessed May 2026

Nakamoto S, 'Bitcoin: A Peer-to-Peer Electronic Cash System' (2008) <https://bitcoin.org/bitcoin.pdf> accessed May 2026

Public Order Emergency Commission (Rouleau Commission), 'Final Report' (Government of Canada, February 2023)

Secondary Sources

Books

Agamben G, Homo Sacer: Sovereign Power and Bare Life (Stanford University Press 1998)

Antonopoulos A, Mastering Bitcoin: Unlocking Digital Cryptocurrencies (2nd edn, O'Reilly 2017)

Bradford A, The Brussels Effect: How the European Union Rules the World (Oxford University Press 2020)

Bratton B, The Stack: On Software and Sovereignty (MIT Press 2015)

Cohen J, Between Truth and Power: The Legal Constructions of Informational Capitalism (Oxford University Press 2019)

Coulthard G, Red Skin, White Masks: Rejecting the Colonial Politics of Recognition (University of Minnesota Press 2014)

De Filippi P and Wright A, Blockchain and the Law: The Rule of Code (Harvard University Press 2018)

Floridi L (ed), The Onlife Manifesto: Being Human in a Hyperconnected Era (Springer 2015)

Hayek FA, Denationalisation of Money: The Argument Refined (2nd edn, Institute of Economic Affairs 1978)

Hobbes T, Leviathan (first published 1651, Tuck R ed, Cambridge University Press 1991)

Krasner S, Sovereignty: Organised Hypocrisy (Princeton University Press 1999)

Lessig L, Code: Version 2.0 (Basic Books 2006)

Morozov E, To Save Everything, Click Here: The Folly of Technological Solutionism (PublicAffairs 2013)

Pasquale F, The Black Box Society: The Secret Algorithms That Control Money and Information (Harvard University Press 2015)

Prasad E, The Future of Money: How the Digital Revolution Is Transforming Currencies and Finance (Harvard University Press 2021)

Srinivasan B, The Network State: How to Start a New Country (1729 Press 2022)

Zuboff S, The Age of Surveillance Capitalism: The Fight for a Human Future at the New Frontier of Power (PublicAffairs 2019)

Articles, Reports and Other Secondary Sources

Alston P, 'The Populist Challenge to Human Rights' (2017) 9 Journal of Human Rights Practice 1

Bayern S, 'The Implications of Modern Business-Entity Law for the Regulation of Autonomous Systems' (2016) 19 Stanford Technology Law Review 93

Chainalysis, 'The Chainalysis 2024 Crypto Crime Report' (Chainalysis, 2024)

Giungi M, 'Secondary Sanctions and the Extraterritorial Reach of US Financial Coercion' (2020) 51 Georgetown Journal of International Law 371

Jerzewski M, 'Sanctioning Code: Tornado Cash and the Limits of OFAC Authority' (2023) 43 Yale Journal on Regulation Online 1

Kingsbury B, Krisch N and Stewart R, 'The Emergence of Global Administrative Law' (2005) 68 Law and Contemporary Problems 15

Krisch N, 'The Pluralism of Global Administrative Law' (2006) 17 European Journal of International Law 247

Manyuta O, 'Legal Aspects of Blockchain Technologies: Cryptocurrencies, Digital Assets and Smart Contracts' (Presentation to Scientific-Practical Council, RAKO NAAU, Kyiv, 2018)

Manyuta O, 'New Challenges for Corporate Finance in the Context of Digital Capital Growth' (KNEU, 2017)

Manyuta O, 'Problems and Prospects of State Cryptocurrency Regulation and Control' (KNEU, 2017); speaker at AUB Online Seminar 'How Blockchain and Cryptocurrencies Transform Banking Business' (Association of Ukrainian Banks, 29 October 2020) <https://aub.org.ua/aub-provela-onlajn-seminar-yak-blockchain-ta-kriptovalyuti-transformuyut-bankivskij-biznes/>

Nash JF, 'Ideal Money' (2002) 69 Southern Economic Journal 4

Nash JF, 'Ideal and Asymptotically Ideal Money' (2008) 6(4) Russian Management Journal 3

Scholte JA, 'Reinventing Global Democracy' (2014) 20 European Journal of International Relations 3

Schwartz P and Peifer K-N, 'Transatlantic Data Privacy Law' (2017) 106 Georgetown Law Journal 115

Van Valkenburgh P, 'The Tornado Cash Indictment and the Future of Open-Source Software' (Coin Center, 2023)

White LH, 'The Market for Cryptocurrencies' (2015) 36 Cato Journal 383