Trust can be the foundation of web3 success: Here’s how to start building it

Example pattern for mobile
Example pattern for desktop


  • Regardless of where you are in your web3 journey, the foundation of success is likely the same: trust.
  • Any approach to build trust in web3 should have consistent, timely reporting, cost-effective regulatory compliance and match your corporate values.
  • Your web3 environment should offer security, resiliency, compliance, societal benefits and safe experiences.

Whether you’re a startup focused on web3, or a multinational considering web3 as a way to help boost customer engagement and sales, the foundation of success is likely the same: trust. Trust in web3 is crucially important, because if a breach occurs, both the potential reputational hit and the costs of reengineering your web3 environment can be enormous.

Web3 has many definitions. However, note the convergence of emerging technologies such as the metaverse, blockchain and digital assets — combined with an ethos of user control and decentralization. Trust in this emerging digital world can depend on secure identities, data, intellectual property, assets and experiences. It often requires dividing web3 revenue consistently and transparently. It should have consistent, timely reporting, cost-effective regulatory compliance and match your corporate values. Most of all, trust in web3 should have a human-led, tech-powered approach: Technology solutions can automate aspects of controls and provide people with vital information, but people will always be in the loop, making the most important decisions.

If you’re starting web3 activities today, you’ll likely have more sustainable and cost-effective outcomes if you design trust in from the start. If you already have pilots or growing initiatives up and running, it’s imperative to act so that you and your stakeholders can trust your web3 experiences, transactions and data activities. And whether you are just beginning or are already a web3 leader, the same approach to trust is needed: a framework specifically designed for web3.

Trust in web3: a scalable, practical framework

Trust in web3 requires a new approach. Both its technology and its ethos typically offer users far greater control over their identities, data, assets and activities than on today’s internet. Yet, your web3 environment still should offer security, resiliency, compliance, societal benefits and safe experiences. A web3 trust framework including the following seven pillars can help.

Trust in web3

Identity/authentication: Know your users are who they say they are

If you’re constructing a web3 environment — such as an add-on to an existing loyalty program — your first task is to grant access correctly. Web3 tends not to use simple passwords. Instead, users often use digital wallets not only to hold assets, but also for authentication.

You’ll want to decide if your users will use digital wallets which they or a third party control, or if you’ll offer your own. If they use external wallets, a special NFT can serve as their unique identifier for your web3 space. In both cases, you’ll want to prepare to defend against possible bot attacks: mass-produced, fraudulent digital identities that could try to infiltrate your space.

Security: Protect data, build resilience, support compliance

Web3’s decentralized ethos creates new choices. You can leave customers responsible for their personal and financial data. Or you can give them good reasons to entrust you with it. If you do invite customers to share some data, you should have controls over security and privacy. As part of the protection you offer customers — and which you should also have for your own operations — be sure to consider the new attack vectors that web3 environments and technologies are enabling for malicious actors.

To help make data protection easier, assess which data you actually need — and gather only this data. Classify it into risk categories. You can then design your blockchain, extended reality and other technologies to help enhance resilience and data governance. You should also consider compliance. The “right to erase” in General Data Protection Regulation (GDPR) and California Consumer Privacy Act (CCPA), for example, may not be feasible in blockchains unless you design it in from the start.

Commercialization: Boost trust in advertising and transactions

Your web3 platform may support advertisements, from you and allies, and financial transactions. That will likely require new ways to measure impressions and target demographics. It may also require new methods to allocate revenue, as new business partners are engaged to help meet customers’ demands.

Financial transactions — whether with you, with outside advertisers or among your users — may require new revenue-sharing models. Smart contracts and web3 governance and controls can help with both transactions and recordkeeping. Explicit policies and monitoring technologies can help keep advertising aligned with your brand and values.

User/societal tools: Empower and protect your customers

Web3 users want to be safe. But, with web3’s decentralized ethos, they also want to be in control. One way forward can be to define explicit standards for how you use content — including any GenAI generated content — and invite your users to help enforce these standards.

Users will likely need channels to tell you about offensive or noncompliant content. Your response can be partly automated, but escalation protocols should bring a human into the loop when needed. You may also want to consider preventative measures, backed by technology, to keep some problems from occurring.

Societal/regulatory policies: Enforce standards that match your values

Malicious, offensive or illegal content could slip by your users. Yet, if you moderate content with a heavy hand, you may come across as Big Brother. Instead, you can set clear standards that align with the decentralized web3 ethos, applicable regulations and your corporate values. You should have methods (likely a mix of smart contracts and protocols to escalate to human reviewers) to help enforce the rules for your users, advertisers and outside vendors.

A good way to help achieve broad-based acceptance and trust in your policies is to define and state your social objectives for your web3 initiatives. You may also want to evaluate the impact of your web3 activities on both your users and communities.

Transparency: Generate information for reporting and controls

Web3 will likely require you to build and deepen integration with other businesses, which can depend on trust and transparency. Adding to the challenge, much web3 activity and related data may be anonymous — but you’ll still need insights into it. As you design your web3 environment, embed protocols (likely including smart contracts) to help generate information for controls and external reporting. You should be able to show that activity is trustworthy and compliant.

If you offer real-world assets (such as fiat money or loyalty rewards) in return for digital assets (such as cryptocurrency or NFTs), you should be able to show that these real-world assets exist as promised and that you’ve accounted for them on your balance sheet.

Governance: Oversee operations

Effective web3 oversight begins with accountability. As you set up your environment, set clear rules and reach agreements with third parties for who is responsible for consumer error, lost or stolen assets, service disruptions and other risks. For the risks that you have to manage, you’ll likely need to evolve product governance and monitoring techniques.

New technology solutions, such as bots to track blockchain activity, can help. A risk-based approach is fundamental: Based on the data, brand capital and money at stake, assess the most effective method to deploy your governance resources. Depending upon how much is at risk, you may have to complement your existing governance by hiring web3 specialists and upskilling your lines of defense.

Five guidelines to get started

The web3 trust framework is designed to be thorough. It’s not designed to be onerous. Established companies can often adapt and supplement existing controls and processes. Startups can make this framework their foundation as they deepen the controls and risk management that investors and regulators demand. These five guidelines can help you get started:

  1. Assess where web3 investments are going or should be going to grow your business.
  2. Build controls into the design of web3 environments — rather than adding them after the fact, which can increase the total cost of compliance and slow innovation.
  3. Bring in the right stakeholders from the start to confirm that web3 trust is an enterprise-wide initiative and mindset.
  4. Determine the regulations and reporting that will likely apply to your web3 environments, so your trust initiatives can align with these needs.
  5. Align overall decisions with your societal values and governance priorities.

The key takeaway from these five steps is: start early. When trust is designed into web3 from the start, it won’t slow your initiatives down. It can help you avoid costly fixes, such as needing to reverse-engineer the environment to enhance trust later. You can then better manage the total cost of risk management and compliance — and be a trusted provider and business partner from day one.

Digital assets are changing the game. Let’s plan your next move

Digital assets like crypto, NFTs and metaverse are game changers. Now is the time to understand the space and find your opportunities.

Learn more

With you in the metaverse

Building trust and delivering value in the next digital world with PwC’s metaverse services.

Learn more

Contact us

Joe Walsh

PwC Trust Partner, TMT, PwC US


Emmanuelle Rivet

Incoming PwC US Chief Risk Officer, PwC US


Next and previous component will go here

Follow us