On October 20, 2025, a DNS configuration error at Amazon Web Services cascaded into a 15-hour outage affecting 113 cloud services and over a thousand companies. The Base Layer 2 network, processing billions in transactions, saw finalization times spike from 14 minutes to 78 minutes, and throughput dropped about 40 percent. Users couldn’t complete transactions. During the same window, distributed blockchain networks continued operating without interruption, with no degradation or delays.
The difference wasn’t luck. It was architecture. For institutions evaluating blockchain technology for regulated assets, this incident crystallized a question that deserves more attention than it typically receives: What are the legal and risk management implications of your technology choice? The five questions institutions should be prepared to answer: How concentrated is power on your chosen network? Who controls the network, and what happens if their interests diverge from yours? Can regulators and auditors verify on-chain data independently? What are the potential points of failure? How will you meet regulatory requirements and enforcement orders?
Institutions should be prepared to answer key questions about control and risk. How concentrated is power on your chosen network, and who controls it? What happens if their interests diverge from yours? Can regulators verify on-chain data independently, and what are the potential points of failure? How will you meet regulatory requirements and enforcement orders?
The October AWS outage exposed a specific vulnerability: Base operates with a single sequencer—the entity that orders transactions and proposes blocks. That sequencer is operated by Coinbase. Its systems run on AWS. When AWS failed, Base degraded, and the same happened with other Layer 2 networks like Optimism and Arbitrum.
This is concentration risk in its purest form. A single operator. A single cloud provider. A single point of failure.
Layer 2 networks are often described as open because they settle to public blockchains like Ethereum. But the transaction processing layer—the region where users actually interact—frequently recentralizes around a single sequencer. What starts as open technology ends with a configuration that reintroduces the concentration risks blockchain was supposed to eliminate. Metrika’s post-mortem was direct: the incident underlines the significant single point of failure risk inherent to L2 blockchains that rely on a centralized entity model.
Private blockchains present a different form of concentration risk. When a network is controlled by a consortium or a dominant company, institutions building on that network are subject to the unilateral decisions of someone else. That company might become a competitor. That consortium might change its rules. And critically: regulators can only verify what the controllers allow them to see. For regulated institutions, concentration risk isn’t just an operational concern. It’s a governance question. Boards and risk committees will increasingly need to understand—and document—how technology choices align with their risk management frameworks.
The instinct to prefer private or permissioned over open networks is understandable. It maps to familiar corporate IT thinking: control access, limit exposure, own your environment. But this framing confuses two different ideas: control over the network versus control over the assets. Open doesn’t mean uncontrolled. Open means no single controller. On open networks with distributed validators, no individual party can unilaterally change network rules. The network is neutral because no one owns it. But—and this is the point many observers miss—asset issuers are able to retain full control over their assets. They can determine who holds them, freeze them when required, execute clawbacks for fraud or regulatory enforcement. The openness is at the network layer; the controls exist at the asset layer. This distinction matters legally. Open networks provide the resilience and neutrality benefits of decentralization. Asset-level controls provide the compliance capabilities regulators require. These aren’t in tension—they’re complementary. The institutions that have moved furthest on tokenization—BlackRock, Franklin Templeton, Fidelity, U.S. Bank—have concluded that this combination represents the superior architecture for regulated assets.
Three legal advantages of open networks are superior auditability and regulatory access, competitive neutrality, and operational resilience. Open networks enable regulators to observe transactions directly and independently verify records.
This auditability is complemented by competitive neutrality: private gatekeeping can distort access and leverage. With open networks, no single party can decide who participates.
Operational resilience follows: distributed validator networks can maintain services during outages, unlike centralized systems. Regulators increasingly expect assets to be able to operate through failures.
The regulatory trajectory is technology-neutral, focusing on outcomes rather than network design. Open architectures are therefore aligned with regulatory direction.
The real question is whether today’s technology choices justify building critical financial operations on technology controlled by a single operator. Or on a single cloud provider. Or subject to a competitor’s decisions. When the next outage occurs—and it will—what will you tell your board and regulators?
The shift already in progress is clear: open blockchain technology is underway, and the largest asset managers have moved. Regulatory frameworks are adapting, and the October outage underscored the operational stakes. What remains is helping institutions understand how open networks work in practice—how distributed validation provides resilience, how asset-level controls enable compliance, and how the architecture answers the questions regulators will ask. Failing to explore open networks to improve operational resilience and compliance is not merely complacency; it’s an omission that amounts to strategic risk. Because the case for open networks isn’t just technical. It’s legal, operational, and strategic. It’s a powerful case that is overlooked at one’s peril.
Leave a Reply