Legal risk is an umbrella category for any risk that might land a company in court. Failure to manage legal risk can lead to loss of reputation and/or money. In extreme cases, it can lead to company failure.

Of course, legal risk only applies to legal entities – people and corporations – that can appear in court. DAOs are not recognized legal entities so, theoretically, are not exposed to legal risk. In practice, however, law enforcement have and will try very hard to attack DAOs via entities participating in DAOs.

Most of today's DAOs are exposed to legal risk because a legal entity, usually a foundation, exists to (a) get the DAO ball rolling and (b) manage the DAO's treasury. The intent is usually to dissolve this entity when the DAO can stand on its own. This reduces exposure to legal risk but ongoing participants are still potential attack vectors. The only way to eliminate these vectors is via anonymity. No one can attack someone or something that is unknown.

Quantifying legal risk is difficult, but rating agencies in Traditional Finance have developed techniques for doing so. These techniques allow us to bucket exposure into categories (e.g., low, medium, and high). This is less satisfying than other types of risk evaluation (e.g., liquidity risk can be computed with relative precision) but the law is messy because it ultimately depends on human interpretation.

We are currently dividing legal risk into four categories:

• investor risk,

• protocol risk,

• tax risk, and

• regulatory risk.