Risks · Taxonomy
Failure-mode taxonomy
Every way the architecture can fail, organized by mechanism.
Failure-Mode Taxonomy
The architecture’s failure modes are categorized into five families. Each family has different mitigations, different escalation triggers, and different operational implications.
The five categories
| Category | What it covers | Mitigation type |
|---|---|---|
| Regulatory | Securities, commodity, and consumer-protection regimes characterizing the architecture adversely | Architectural perimeter + outside counsel review |
| Legal | Property-law and contract-law issues at the NRD-lite or wrapper-entity layer | Per-jurisdiction counsel work + drafting discipline |
| Operational | Smart contract bugs, treasury operations, KYC, audit cycles, banking | Engineering discipline + audit cadence + operational redundancy |
| Strategic | Stakeholder alignment (especially the co-architect), pilot selection, public positioning, communications | Stage-by-stage co-signing + outside review for sensitive matters |
| External | Land-trust politics, methodology evolution, jurisdictional change, Landseed’s own continuity | Continuity planning + multi-jurisdictional resilience |
Regulatory category
| Subcategory | Examples |
|---|---|
| Securities classification | SEC characterization of benefit units; foreign equivalents (Argentina CNV, etc.) |
| Commodity classification | CFTC characterization of Earth Credits; foreign equivalents |
| Consumer protection | Foreign consumer-protection laws applied to permissioned membership |
| Sanctions and AML | Marshall Islands AML watchlists; banking access |
| Tax classification | LLC vs. partnership tax treatment; foreign tax characterization |
Most architecture-killer risks live in this category. The eight bright lines (04-perimeter/) are the perimeter against the worst outcomes.
Legal category
| Subcategory | Examples |
|---|---|
| Property-category mismatch | NRD-lite is recorded but not honored as property right; treated as personal contract |
| Recording-office rejection | Document is technically deficient; cannot be filed |
| Term-limit collision | Civil-law jurisdiction caps below 99 years; enforcement uncertain beyond cap |
| §170(h) qualification | Wrapper LLC doesn’t qualify; landowner deduction unavailable |
| Cross-jurisdictional dispute | Property and wrapper jurisdictions disagree; dispute spans both |
| Easement coordination conflict | Easement holder blocks measurement (carve-out fails) |
| Wrapper entity dissolution | Named holder dissolves before term-end |
Most legal failures are preventable with disciplined per-jurisdiction template work and pre-deployment counsel review.
Operational category
| Subcategory | Examples |
|---|---|
| Smart contract bug | Vulnerability in a Tier 2 template module is exploited |
| Treasury operations failure | Multi-sig key loss; banking partner failure; stablecoin operational issues |
| KYC/AML failure | KYC vendor fails; identity records lost |
| Audit cycle fragility | Audit firm goes out of business; continuity disruption |
| Methodology version mismanagement | Multiple deployments out of sync; backward compatibility issues |
| Distribution operations failure | Distribution mechanics break; members don’t receive payments |
Per-property isolation contains most operational failures. The audit cadence and operational redundancy are the discipline.
Strategic category
| Subcategory | Examples |
|---|---|
| the co-architect pull-back | After partial implementation, the co-architect's institutional instincts surface a deal-breaker |
| Architectural overshoot | Architecture is more than what was actually wanted |
| Landowner-acceptance complexity | Kitchen-table conversation fails; landowners walk away |
| Coalition entity reputation damage | Exchange or Fund’s bad behavior damages the whole ecosystem |
| Pilot selection wrong | First pilot is in a jurisdiction or with a stakeholder shape that doesn’t represent the architecture’s strengths |
| Public positioning miscalibrated | Marketing or communications damage credibility |
These are the most insidious failures because they don’t trigger architectural alarms. They erode through accumulated bad decisions.
External category
| Subcategory | Examples |
|---|---|
| Wrapper jurisdiction statute change | Vermont, Marshall Islands, Wyoming change DAO LLC statute adversely |
| Methodology version conflict | Multiple methodologies in use; market confusion |
| Landseed PBC fails | Landseed runs out of capital; methodology stewardship interrupted |
| Land-trust politics | Existing land-trust ecosystem treats DAOs as competition |
| Indigenous-rights concerns | Template C deployment found paternalistic by outside review |
| Climate event affecting deployments | Major catastrophes affecting multiple properties simultaneously |
| Buffer pool absence | Reversal of credits from catastrophic events; no buffer pool to draw from |
External factors are partly outside Landseed’s control. Continuity planning (methodology IP into a foundation, multi-jurisdictional resilience, partner relationships) is the response.
Risks that span multiple categories
Some risks span categories. For example:
| Risk | Categories spanning |
|---|---|
| Earth-Credit-denominated distribution | Regulatory (securities) + Operational (mechanics) |
| Cross-jurisdictional dispute | Legal + Strategic + External |
| Smart contract bug exploits | Operational + Regulatory (if it triggers regulator attention) + Reputational |
| the co-architect pull-back from Template C | Strategic + Reputational + Indigenous-rights External |
| Methodology version conflict | Operational + External + Strategic |
Multi-category risks require multi-track mitigation.
How to use the taxonomy
The taxonomy organizes the pressure tests in 02-pressure-tests.md and the open questions in 03-open-questions.md. When a new failure mode is identified:
- Categorize it into one of the five families
- Add it to the appropriate pressure test
- Identify whether it surfaces a new open question
- Add to proposed resolutions if applicable
- Update Defend/Accept/Monitor categorization
This is the maintenance discipline.
Cross-references
- Pressure tests organized by these categories:
02-pressure-tests.md - Open questions organized by resolution track (counsel / operational / strategic / resourcing):
03-open-questions.md - Proposed resolutions:
04-proposed-resolutions.md - Defend/Accept/Monitor:
05-defend-accept-monitor.md