Il termine ‘blockchain’ si molto è diffuso tra i media negli ultimi anni e rappresenta un’innovazione molto discussa nel settore tecnologico. Gli smart contract sono il prossimo grande sviluppo nell’adozione di tale tecnologia.
Questo paper esamina le correlazioni tra le blockchain, gli smart contract e alcuni elementi di governance delle blockchain. La governance delle blockchain ruota principalmente intorno al controllo dei cosiddetti ‘nodi’, e quindi diversi modelli di governance determinano diversi tipi di blockchain. L’esame di queste differenze è il primo passo per (i) capire come funzionano le blockchain e gli smart contract eseguiti su di esse; (ii) affrontare la nozione più ampia di ‘blockchain space’, che comprende casi d’uso legati alle blockchain come le criptovalute, le decentralized application, gli exchange e i wallet.
È molto importante che i professionisti del settore legale comprendano questi concetti base per affrontare correttamente le questioni legali relative a una tecnologia basata su una blockchain e, in particolare, per identificare e allocare correttamente le responsabilità coinvolte in un determinato caso.
The term ‘blockchain’ has rippled through the media in recent years and is a hotly discussed innovation in the technology sector. Smart contracts are the next major development in the adoption of this technology.
This paper looks at the intersecting relationships between blockchains, smart contracts, and certain elements of governance of the blockchains. Governing blockchains primarily revolves around control over the so-called ‘nodes’, and therefore different governance models lead to different types of blockchains. Examining these differences is the first step to (i) understanding how blockchains and smart contracts executed on them work; (ii) dealing with the broader notion of ‘blockchain space’, which includes blockchain-related use cases such as cryptocurrencies, decentralized applications, exchanges, and wallets.
It is very important for legal professionals to understand this in order to properly address legal matters concerning a blockchain-based technology and, specifically, to correctly identify and allocate liabilities involved in a given case.
Introduction - 1. The governance of blockchains - 1.1. The blockchain space - 1.2. Vulnerabilities in the blockchain space - 1.3. From governance to liability - 2. Legal recognition of blockchains and smart contracts - 2.1. Legislations on blockchains in the USA - 2.2. Legislations on blockchains in the EU - 2.3. Legislations on Blockchains in the non-EU countries of the European continent - 2.4. Legislations on blockchains in the Middle East and Asia - 2.5. Legislations on smart contracts - 3. Layers of liability - 3.1. On public permissionless blockchains for transacting cryptocurrencies - 3.2. On the execution of smart contracts - 3.3. On the functioning of dApps and digital platforms in general - 3.4. On data processing under the GDPR - Conclusion - NOTE
The term ‘blockchain’ has rippled through the media in recent years and is a hotly discussed innovation in the technology sector. A subject initially pursued by a group of technology enthusiasts has now spread into the walls of classrooms, board meetings, and law firms. A blockchain is an example of distributed ledger technology (hereinafter referred to as ‘DLT’), meaning it is a list of transactions that are distributed over a network of computers rather than being stored on a single network or server. It is a general-purpose tool for creating a peer-to-peer application that is secure and decentralized. DLT is not new but became increasingly popularized with the creation of ‘Bitcoin’, a currency that can be traded digitally through blockchain. Bitcoin was created by researcher(s) under the pseudonym of Satoshi Nakamoto and was launched in 2008, along with the related white paper which describes the vision of which Bitcoin is now based (although not many details about the creation of Bitcoin have been disclosed). [1] Bitcoin’s blockchain was the first example of blockchain, and Bitcoin itself established the concept of ‘cryptocurrency’, namely a digital currency in which algorithms and encryption techniques are used to regulate the generation of units of currency and verify the transfer of funds, operating independently of a central bank. [2] In recent years, we have seen blockchain technology being used more frequently and in more integrated ways in society. This paper will begin by explaining what blockchain is and how it works, and asking if blockchain is a legally valid mode to carry out transactions. The main objective of blockchain is to establish a peer-to-peer transaction system, effectively eliminating the need for intermediaries. There have been questions raised about blockchain and its practical application. Specifically, if blockchain is exclusively tied to Bitcoin and/or other cryptocurrencies, its applicability in day to day uses, and its functionality in business. Many media outlets have dubbed blockchain as the ‘next big thing’ in the current technological revolution. [3] Broadly speaking, a blockchain, like any other form of DLT, is a register, a record-keeping technology where data is spread across multiple computer devices, and stored in sync. All the computer devices involved in the maintenance of the active blockchain are jointly referred [continua ..]
In order to examine the notion of liability within a blockchain-based system, it is important to first map the players involved in the use and governance of a blockchain. The functioning of a blockchain involves a network of participants interested in conducting transactions based on the cryptocurrency issued on that very blockchain. It is a peer-to-peer network; [9] namely a network that partitions tasks or workloads between the nodes that form such a network. Depending on the blockchain that is examined, there may be different roles that the nodes could play. These roles determine different categories of nodes. All the nodes belonging to the same category contribute to the maintenance and functioning of the network by providing computational power; they are both suppliers and consumers of such resources. Maintaining the network and ensuring its functioning essentially means granting access to users, exchanging data, storing, and validating transactions taking place on the blockchain. Usually, each computing device that contributes to the maintenance of the blockchain is deemed to be a node. Generally speaking, nodes operate and validate transactions according to the consensus mechanism adopted by the blockchain. For instance, in the Bitcoin’s blockchain, the so-called ‘full node’ is a complete copy of the blockchain which is able to verify all transactions since its beginning, and then relay them to other nodes. A ‘mining node’ or, simply, a ‘miner’, is a node that extends the chain by creating new blocks with the new transactions relayed from other nodes. When a miner attempts to add a new block to the chain, it broadcasts the block to all the nodes on the network. Based on the block’s legitimacy (validity of the signature and transactions), nodes can accept or reject the block. Each node makes decisions irrespective of how other nodes act. The consensus mechanism adopted by Bitcoin is named ‘proof-of-work’, and it provides that the participants in the blockchain invest resources – i.e., computational power and consequently electricity (sometimes jointly referred to as ‘mining power’) – to solve a computational puzzle, before proposing a valid block. Miners are rewarded in cryptocurrency for their activities. The cryptocurrency is generated by the algorithms that governs the blockchain. A new block is created at the end of this process and is stored by the [continua ..]
Blockchains are the main pillar of something larger usually referred to as ‘blockchain space’. The blockchain space includes, first and foremost, representations of value referred to as ‘cryptocurrencies’, ‘tokens’, ‘crypto-assets’, or ‘crypto-tokens’. This paper prefers to use the term ‘token’, which is a neutral term for any digital cryptographic asset that represent a value. ‘Cryptocurrencies’ is generally used in the blockchain space as a synonym for ‘payment tokens’, namely a sub-category of tokens that are mined by users, which are then used to exchange value in the performance of payments. Besides payment tokens, we distinguish: – ‘security tokens’, non-mineable tokens that represent securities, hence fungible and tradeable financial instruments issued by a company, representing equity or debts of that company; – ‘utility tokens’, usually referred to as non-mineable tokens that are issued by a company and offered to potential users to grant those users the right to use products or services issued by the company itself. The blockchain space also includes the so-called ‘decentralized application’ (also referred to as ‘dApp’ or ‘DApp’), namely software applications consisting of a backend code in the form of smart contracts that are stored and executed by blockchains, and a frontend code serving as a user interface. Most of them involve the use of payment tokens or utility tokens. To give the reader some examples of dApps and their diversity, several projects are discussed: – CryptoKitties, a game application running on Ethereum where users purchase, collect, breed and trade virtual cats. [16] Each virtual cat is – technically speaking – a non-fungible token based on the ERC-721 token standard on Ethereum. The ownership of cats, as well as purchase/sell operations, are tracked and executed by means of smart contracts on the Ethereum blockchain. The advantage of using a blockchain for this game lies in the impossibility for anyone – including the developers of the game – to transfer or replicate any cat without the permission of the owner. In other words, no one can cheat. Even the creators of the dApp who manage the dApp cannot re-assign cats to other players or alter the economic value of the cats. Everything is transacted [continua ..]
In recent years, there were many scandals related to the blockchain space. Among the examined cases below, only the so-called ‘DAO case’ can be defined as a real sabotage of the blockchain-smart contracts system; the other cases involved hacks on other channels outside the blockchain, i.e. exchanges of cryptocurrencies. Nevertheless, all of these events resulted in a climate of mistrust towards blockchain based technologies, especially among groups that have yet to learn about the fundamentals of blockchain. Ironically, this sentiment is exactly the opposite of one of the goals of blockchain technology: to solve the problem of mistrust between the parties of transactions. These events include hacks to the most important Bitcoin exchanges, such as Mt. Gox (which subsequently declared bankruptcy, citing losses from the hack amounting to USD 473 million), [20] Bitstamp (loss of 19,000 Bitcoins, valued at about USD 5.1 million), [21] and Bitfinex (loss of 119,756 Bitcoins, valued between USD 66 and 72 million). The event that highlighted the vulnerabilities of blockchain more than any other is the DAO case, an attack inflicted on a decentralized autonomous organization launched on Ethereum, called ‘The DAO’. [22] The DAO was conceived of and programmed by the team behind the German start-up Slock.it. It was meant to serve as a decentralized venture capital fund and to act as a hub for large and small investors willing to initiate blockchain-based projects. The DAO launched on 30 April 2016, collecting over USD 150 million from thousands of individuals across the world within a 28-day crowdfunding window, thus completing the largest crowdfunding campaign on record for cryptocurrency at that time. [23] Once the sale was over, there was much discussion of first addressing vulnerabilities before starting to fund proposals. In particular, Stephan Tual, one of the DAO’s creators, announced on 12 June 2016, that a ‘recursive call bug’ had been found in the software but that no DAO funds were at risk. [24] Unfortunately, while programmers were working on fixing this and other problems, an unknown hacker took advantage of that bug to start draining the DAO of Ether (which is the cryptocurrency for operations on Ethereum) collected from the sale of its tokens. No one had the ability to fix the code because no one was truly in control of the organization, and therefore able to update [continua ..]
Chapter 1 looked at different models of governance for blockchains and explained how the governance model is determined: first and foremost, by the ownership of the nodes and control over them. It is crucial to understand (i) whether or not a central authority manages all the nodes of a given blockchain or, at the minimum, the majority of such nodes; (ii) which categories of nodes exist and the functionality of each category. This type of examination is useful to map out a first layer of liabilities between the players involved in the blockchain. Chapter 1.1 sheds light on the terrain of the blockchain space and discusses how a blockchain could be the network adopted within a larger group of stakeholders, software, platforms, or services, all connected to form an ecosystem. In such a scenario, provided that a central authority managing the nodes exists, it is important to understand whether this authority serves as a ‘promoter’ of a blockchain, [28] without control over the majority of the nodes, or this authority controls the blockchain and operates as a ‘blockchain provider’ in order to carry out business relationship with companies that develop dApps. [29] Chapter 1.2 discussed a few violations in the blockchain space, and pointed out that most were not hacks of a given blockchain but hacks on other components of the ecosystem built around that blockchain. It is important to understand how the integrated, yet separate software systems operate. For example, where there is different software working together to provide a well-integrated and all-inclusive user experience, one must question which software is affected in the case of a malfunction. The blockchain? The dApp running on that blockchain? The embedded exchange? The wallet? Methods for allocating liabilities among software providers and their related partners could help legal professionals map out a second layer of liabilities, provided that careful examinations and investigations are carried out. To conclude, understanding some of the technical aspects involved in the blockchain space allows one to identify a first layer of liabilities. Deeper understanding in this area may eventually dictate how a blockchain could interact in the blockchain space with other software, platforms, and players; this could contribute to determining a second layer of liabilities. That being said, Chapter 2 maps out several domestic legislations governing blockchains and smart [continua ..]
Interest in blockchain technology began increasing in 2009, and it caught, fervently, the attention of the legal world beginning in 2017. Specifically, the idea of using blockchain technology and smart contracts in day-to-day business, and the implications of this, caught the interest of lawyers. According to Ron Quaranta, the founder, and Chairman of Wall Street Blockchain Alliance, the legal industry was one of the fastest growing sectors within the Blockchain Alliance. David Fisher, the co-founder of Integra Law, opined that on a blockchain, once a contract is signed, it is available now and forever, and we can confirm the details at any time we want. [30] Aaron Wright, a Professor at Cardozo Law School, Chair of the Legal Working Group of EEA, and the co-author of the book ‘Blockchain and the Law’, [31] opines that “blockchain can be used as a ‘spine’ in the entire legal industry and we can use blockchain to build more efficient systems, decrease legal costs and ensure that people get the legal services they need.” [32] He also says, ‘with an immutable record of the finalized contracts, with time-stamped signatures, there will be less room for disputes’. [33] These are important statements but challenges continue to exist. The biggest hindrance is the lack of clear regulations on the use and the legalities of this technology. While the state of Vermont in the USA passed laws in 2017 legalizing the use of blockchain and digital signatures, and made such documents/records admissible in courts of law, [34] for example, there are still many nations lacking the necessary capacity and infrastructure to pursue these important developments. In the next section, we will provide a brief overview of various nations and legislative initiatives to regulate blockchains and smart contracts.
Blockchain initiatives in the USA can be traced back to the so-called ‘Delaware Blockchain Initiative’. This reform process was a response to administrative inefficiencies related to mergers and acquisitions which often result in litigation. With approximately two-thirds of Fortune 500 companies incorporated in Delaware, a considerable portion of American corporate litigation occurs in that state. Two disputes in particular were characteristic examples of transactional litigation arising out of administrative inefficiencies: namely, In re Appraisal of Dell, Inc. [35] and In re Dole Food Co., Inc. [36] The Delaware Blockchain Initiative was introduced in 2016 by Jack Markell, Delaware’s Governor at the time. As a result, on 1 August 2017, the Delaware General Corporate Law was amended through Senate Bill 69, the so-called ‘Blockchain Bill’. In the aftermath of the Delaware Blockchain Initiative, many states within the U.S. began to pursue avenues for the regulated implementations of blockchain technology. Below is a brief summary of the current scenario. a) Delaware – The State of Delaware is one of the first states to develop regulations relating to blockchain technology, starting with the above-mentioned Senate Bill 69 in August 2017. This act provides a specific statutory authority to oversee the use of blockchain technology by the corporations in Delaware and for maintaining corporate ledgers.[37]It is a part of a new initiative that is aimed at allowing small scale industries to equip themselves with the latest technology and to improve their businesses. This initiative promoted the expansion of these businesses by developing export transactions through technology. b) Wyoming – HB 70, passed in March 2018, relates to the ease of use of blockchain in the day-to-day course of business, allowing users to avoid being subjected to certain security laws.[38]The representatives have agreed on another bill, HB 101, which complements the Wyoming Business Corporations Act and authorizes blockchains to be used to store records such as shareholder identification and vote acceptance. [39] c) California – The state of California passed a Bill that will enable the state to update its records on a blockchain; this Bill defines what blockchain is and evaluates a number of uses of the technology.[40]Clause ‘h’ of Section 1633.2 of the Civil Code of California includes [continua ..]
Many European states have provided clarity on important elements of the legality of cryptocurrency but few states have specific legislation designed exclusively for blockchain technology. In response, the EU is launching the ‘EU Blockchain Observatory and Forum’ in order to encourage blockchain initiatives within the European Union. [44] In April 2018, a number of nations came together to sign a Declaration creating the European Blockchain Partnership. [45] Later that year, five additional nations, including Italy, joined the initiative. The main focus of the Partnership is cybersecurity, privacy, energy efficiency, and interoperability, all in full compliance with the laws of the EU. [46] The southern European states of France, Italy, Spain, Malta, Cyprus, Portugal, and Spain signed a joint declaration in 2018 to promote the adoption of blockchain in the region in order to ‘transform’ their economies. They further committed to collaborating on the development of the technology in order to become “a leading region in this sector.” [47] These are exciting and promising developments that point towards the EU’s recognition of the greater need for governance structures on the use and implementation of blockchain technology. Next, we provide a brief overview of several of the specific regulatory interventions that have taken place in a couple EU countries. a) Malta – Malta created the first regulatory framework in the EU for the use of blockchain technology or DLT in the form of three Acts: I. Malta Digital Innovation Authority Act (MDIA Act) – this Act establishes the legal legitimacy of DLTs, defines the internal governance of the processes, and outlines the duties and responsibilities of competent authorities to certify the platforms used. This Act also provides legal certainty for prospective users to make use of any established DLT platform. [48] II. Innovative Technology Arrangement and Services Act (ITAS Act) – this Act primarily addresses the certification of DLTs for companies involved in cryptocurrency trading. [49] III. Virtual Financial Assets Act (VFA Act) – this Act is exclusively enacted for the purpose of governing ICO trading. [50] It is intended to have regulatory authority over companies or individuals who engage in cryptocurrency trading, ICO trading, and providing wallet facilities for [continua ..]
Several non-EU states on the European continent have adopted extensive legislation related to blockchain. The small size of these states and their relative lack of bureaucracy have undoubtedly helped the adoption of these regulations, aimed at turning these states into hubs for investors and blockchain-related projects. Several countries in Eastern Europe are also endeavouring to foster environments for blockchain based businesses to develop with ease. Below is a brief overview: a) Gibraltar – In 2017, Gibraltar passed its ‘Financial Services (Distributed Ledger Technology Providers) Regulations 2017’, aimed at providing businesses or companies who intend to engage in services through distributed ledger technology to obtain a license to carry out a controlled and regulated form of these services. The Act also focuses on financially disciplining such businesses as a part of the Gibraltar Financial Services Commission (GFSC).[53] The GFSC requires companies doing business in blockchain to adhere to nine main principles: honesty and integrity; customer care; adequate resources; effective risk management; protection of client assets; effective corporate governance; systems and security access; financial crime prevention; and resilience. [54] The Act also provides for various exemptions on legislation related to financial institutions once the companies have applied and obtained specific operating licenses for the use of blockchain technology. b) Belarus – This country was among the first on the European continent to adopt a regulatory framework for the blockchain industry, the ‘Digital Economy Development Ordinance’ in March 2018. This Bill provided for the creation of a Hi-Tech Park (HTP) to cater and cultivate blockchain and cryptocurrency-based businesses. The Bill provides for the categorization of the HTP as a special zone with a special tax and legal regime for businesses based on blockchain and cryptocurrency.[55] Another blockchain law imposed by Belarus in 2018 focused on the prevention of terrorism financing, money laundering, and propagation of weapons of mass destruction by means of any blockchain-related activities. [56] c) San Marino– The Delegated Decree no. 37 issued by the Republic of San Marino on February 27, 2019, in order to regulate Initial Token Offerings, gave a very precise definition of blockchain under Article 1 (1) (a): “a Distributed Ledger composed of validated [continua ..]
Many Middle Eastern and Asian countries are moving forward with the use and implementation of blockchain and cryptocurrencies. While clear cut regulations on blockchain technology itself have not be clearly defined, regulatory moves related to the use of cryptocurrency have taken place. Middle East – There are no specific laws in place for the governance of blockchain technology but many Middle Eastern countries are implementing the technology into as numerous and important spheres of society. UAE, Bahrain, and Saudi Arabia have already implemented blockchain in their financial and healthcare sectors. a) The United Arab Emirates (UAE) is the first Middle Eastern countries to have established a Blockchain Court. This court is established in collaboration with the Smart Dubai initiative by the Dubai International Financial Center (DIFC).[57]This is aimed at creating a blockchain-based judiciary system, focused, and equipped with the knowledge to handle disputes arising out of blockchain transactions. Smart Dubai is another initiative taken up by the Emirate to further cultivate blockchain development and implementation. It is working towards making Dubai a fully blockchain powered and run economy by the end of 2020, thereby making it the first paperless economy in the world. The expectation from this initiative is easing processes in various sectors of governance, enhancing efficiency and creating new specialized sectors to achieve global leadership. [58] Dubai is also the home of the world’s first blockchain council: the Global Blockchain Council was established to bring people together to discuss current trends and future possibilities of blockchain technology. [59] b) Asia is progressing in the area of blockchain development. While many Asian countries do not have any regulations exclusively related to blockchain, exemplary countries such as Singapore and Malaysia are providing regulations for the issuance and use of cryptocurrencies, which in turn enables certain elements of blockchain technology. c) China is working through competing regulatory mandates related to the technology. While the Chinese State Council[60]welcomes blockchain and cryptocurrencies, the People’s Bank of China banned the use of cryptocurrencies and shut down all exchange houses that transacted with cryptocurrencies. Later, the Ministry of Industry and Information Technology launched a program called ‘Trusted Blockchain Open Lab’ [continua ..]
It is an accepted fact that all transactions are a form of a contractual obligation. The world as we know it is undergoing profound changes, including in the way we handle transactions. The rapidly changing global norms are bound to laws that are centuries old and often, they pose significant challenges when dealing with issues associated with the so-called ‘new world’. Let us focus on one aspect of these laws: contract law. The world’s laws are broadly classified into common law and civil law jurisdictions, and these two jurisdictions differ widely in their contract laws. There are major differences between these two systems. One example is the concept of ‘good faith’, which is essential for a contract in the civil law jurisdiction but is entirely absent in the common law jurisdiction (or its requirement is not mandatory). This gives us an idea of how fragmented the legal world can be. Understanding of boundaries becomes further blurred when these jurisdictions are removed entirely, and this is the case when it comes to the governing of smart contracts. These borderless smart contracts make it difficult to ascertain a standard rule or even a legal status for their operations. In light of this, UNCITRAL is developing laws related to the role of electronic communication, attempting to categorize information in the smart contracts such as offer and acceptance, and once the transaction is expressed and stored in a block, the contract is signed and is legally enforceable. [65] At the same time, certain countries and states are working towards crafting definitions and basic regulation for smart contracts. Below are a few legislative interventions around the world that have created guidelines for the governance of smart contracts. Legislations in the USA: a) Arizona – In House Bill 2417, the State of Arizona defines a smart contract as “an event-driven program, with state, that runs on a distributed, decentralized, shared and replicated ledger and that can take custody over and instruct transfer of assets on that ledger.” It also validates smart contracts as contracts similar to conventional paper written contracts and assigns a legal status to these contracts making them admissible in courts.[66] b) Tennessee – The State of Tennessee passed Senate Bill 1662 that recognizes the legal authority of the use of smart contracts. Section 2 of the Bill defines it as “an event driven computer [continua ..]
The technology sector is evolving but legal frameworks supporting emerging innovations is lagging. As a result, governing the proliferation of technologies, especially as novel as DLT, blockchain, and smart contracts is an uphill battle. In Chapter 1.3, the importance of understanding the governance of a given blockchain was stressed. Under this umbrella, we will give greater focus on liabilities. We have shown that nodes carry out the most relevant activities within a blockchain. The players that control the nodes directly or indirectly ultimately can affect many functions related to the use of blockchain. The argument that the players controlling the nodes hold the greatest deal of responsibility, and therefore, possible liabilities sets us up for Chapter 3. Next, we will focus on explaining liabilities relating to the following fundamental functions of blockchains: – transacting cryptocurrencies; – execution of smart contracts; – dApps functioning; – data processing under the GDPR.
In a public permissionless blockchain designed for transacting cryptocurrencies, presumably no one controls the nodes, so there is no accountable central authority. Theoretically, this scenario may be framed as a sort of unlimited mutual liability of the nodes, precisely of people or entities controlling the nodes. Therefore, the unfair player (possibly someone who controls the 51% on the nodes, which is not practically feasible on the Bitcoin’s and Ethereum’s blockchains due to the immense amount of computational power and electric energy required, but plausible on other small blockchains for minor cryptocurrencies) who attacks a blockchain and subverts the rules of the network, should be considered liable for the damage caused to the other participants in the network. However, in such blockchains, establishing compensation for damage is complicated, if not impossible, for the following reasons: 1. Identifying the liable person or entity is difficult due to the pseudonymization of the participants on which public permissionless blockchains such as Bitcoin and Ethereum are based (here, we are assuming that the users are using the blockchain and their wallets, not a dApp that provides for solid know-your-customer procedures); 2. Quantifying damages in terms of actual loss is difficult, since the participants could not lose an asset, but it is highly likely that as a result of the attack the cryptocurrency issued by that blockchain will lose partial value; 3. Quantifying damages in terms of loss of profit is difficult due to the volatility of cryptocurrencies; and 4. The attack may not be considered illegal since there is no breach of contract in such a governance model, and there is no breach of law due to the absence of laws regulating attacks to blockchains. In sum, a public permissionless blockchain is subject to automated governance; in other words, its governance – and consequently the very act of transacting cryptocurrencies – is solely based on the execution of an IT protocol, which tends to result in a lack of accountability. We acknowledge that is a very unsatisfying answer, nonetheless this view is shared by important authorities. The FINRA, in its January 2017 report, said: “Recent events have shown that lack of a central governing body for the evolving Bitcoin Network has created concerns for the network, as participants try to determine an approach to handle increased transaction volume. Therefore, [continua ..]
A current and burning question circulating in the legal-tech industry is: who is liable if the smart contract is not correctly executed? This question must be unpacked. In particular, when a problem of execution occurs, it must be determined whether it can be attributable to the smart contract software or if it is due to problems relating to breach of contractual obligations by the end users of the smart contract. Regarding the malfunctioning of the smart contract software, Commissioner Brian Quintenz of the Commodity Futures Trading Commission (CFTC) opined that smart contract developers can be held liable for violation of CFTC rules if it could be determined that the smart contract created was intended to violate or circumvent CFTC rules. He categorizes the parties involved in a smart contract into four categories: a) the core developers of the blockchain software; b) the miners/nodes that validate the transactions; c) smart contract code and application developers; and d) the end users of the smart contract. Using the process of elimination, he discusses the most likely actor to be held liable. He opines that the core developers of the blockchain and the nodes are less likely to be responsible for issues concerning one single smart contract as these players usually impact the whole ecosystem; while end users are not in a position to affect the functioning of code. Hence, smart contract developers have the strongest connection with the functioning of smart contracts. This makes sense, if one considers that the relation between blockchain developers or providers and smart contract developers resembles other very common software development scenarios in which there is software executed by means of services provided by other parties. As an example, we suggest the reader to think of a ‘software as a service’, also referred to as ‘SaaS’, executed by means of servers provided by a server provider: where the issue of malfunctioning depends on the SaaS itself and on not the servers that execute the SaaS, liability for malfunctioning is attributable to the software developer, not to the party that provides servers. In the same way, where malfunctioning issues of smart contracts depends exclusively on their programming, liability is attributable to the smart contract developer, not to the parties involved in programming and executing the blockchain. However, depending on how smart contracts are provided to end users, smart contract [continua ..]
In most cases, digital platforms are used by end users upon acceptance of contractual terms. Broadly speaking, we can distinguish between two types of platforms: 1. Platforms used without requiring the end user to make any payments or to undertake any legal obligations (except for very general obligations such as the prohibition to tamper with the platform or to violate the intellectual property rights inherent in the platform). The relationship between the owner(s) of these type of platforms and end users are usually regulated by means of the so-called ‘terms of service’ or ‘terms of use’, i.e. very general contractual terms that illustrate the purpose of the platform and how the user is expected to use it. These terms are usually found at the bottom of home pages. Usually, users must agree to these terms of service in order to use the platform. The user can use the platform for free and no commitment is required; therefore, the owner of the platform can exclude most of its liability for malfunctioning of the platform. This is usually done by including in the terms of service the so-called ‘AS IS’ clause – essentially a clause that states that the platform and its services are provided without warranty of any kind, either express or implied, arising by law or otherwise; 2. Platforms that require the user to pay a consideration or to undertake specific legal obligations to use the functions or services provided by the platform. There is usually a requirement for the user to explicitly accept (e.g. by means of point-and-click procedure or electronic signatures) more stringent contractual terms and conditions. Usually these types of terms also include a jurisdiction and applicable law clause, so as to avoid ambiguity and challenges deriving from the application of private international law. AS IS clauses are less viable for these platforms but it is still possible to include clauses for limiting liabilities on the owner’s side as far as such clauses do not result in infringing mandatory rules under the applicable law. Use of dApp usually takes places in the form digital platforms. In other words, users access a website or an application for mobile devices, which serves as fronted code, i.e. user interfaces. By means of such user interfaces, users access the core functions of the dApp, which are provided by sets of smart contracts that constitute the backend code of the digital platform, and so of the [continua ..]
The GDPR, issued by the EU in 2016, has generated controversy within blockchain circles because of certain characteristics of the blockchain technology – i.e. general lack of central authorities, peer-to-peer model to replace the idea of central servers, and immutability of recordings – conflict with certain provisions contained in the Regulation. Moreover, data processing stresses the importance of governance of blockchains – and thus control over the nodes – for mapping out liabilities in a blockchain ecosystem, maybe more than any other legal issue does. The following lines will provide arguments for the strict connection between governance and liabilities deriving from data processing. First, the reader must keep in mind that a blockchain is a record-keeping IT instrument, therefore all the operations executed by a blockchain include some kind of data processing. [82] That being said, The GDPR applies to data processing: – that concerns personal data; [83] – that takes place in the EU, or outside the EU where the processing activities are related to (i) to the offering of goods or services to data subject located in the EU, and to (ii) the monitoring of data subjects’ behaviours that takes place within the EU. [84] Under the GDPR, the main categories of actors involved in data processing are the data controller (the party that determines the purposes and means of processing) and the data controller (the party that processes data on behalf of the controller). For instance, in the case of a web application managed by a company that stores data on servers provided by server provider company, the first company is the data controller and the latter is the data processor to which storage activities are delegated. Under the GDPR, such parties must determine their roles as controllers or processors and agree on a contract that sets out their responsibilities, i.e. the data processing agreement regulated under Article 28 of the GDPR. Moreover, both the data controller and the data processor are subject to the sanctioning powers of the data protection authorities of the EU. In light of the legal framework briefly summarized so far, the following question arises: how is it possible to define who is the data controller and who is the data processor – and frame liabilities accordingly – where data processing activities are carried out by means of a blockchain, which runs on [continua ..]
In this paper, we have sought to provide clarity on governance models of blockchains, smart contracts, and dApps, with a focus on liabilities. The end goal of this paper was to provide a general overview of the most common questions posed to legal professionals related to blockchain governance. To answer most other questions would first require a correct understating of the blockchain in use, its governance, and allocation of liabilities according to the method that we summarized and is reiterated below. Chapter 1.1 provided the basis for understanding a first ‘layer’ in the governance framework of blockchains: namely, control over nodes, which may give rise to liabilities. Chapter 1.1 showed how blockchains are contextualized within the broader space of tokens, dApps, wallets, and exchanges. Businesses related to the blockchain space are providing users with technologically integrated services, commonly called ecosystems, where many software programs overlap. When an issue arises, the root cause of the malfunction is not immediately identifiable. It could be in the dApp, the blockchain serving as an infrastructure, or a problem in the embedded wallet or exchange, among others. Addressing issues related to a given ecosystem requires careful analysis of blockchain governance, players, and business relationships. We concluded Chapter 1 by providing a method for legal and non-legal professionals to map out an understanding of liabilities relating to a given ecosystem. Namely, one should ask whether or not there is a company, federation, body or other legal entity serving as a central authority for a given blockchain. If the answer is yes, the next question should be whether or not such a central authority owns/controls the majority of the nodes. Answering this first set of questions allows us to map out a first layer of liabilities. After that, one should: Examine the whole ecosystem in which the issue to be investigated arose: Understand the business/contractual relationships that take place in that ecosystem – especially where the issue affects the functioning of a dApp; As a result of applying point 1 and 2, map out a second layer of liabilities. This first identification of liabilities – based on the examination of roles and relationships among the players of a given ecosystem – should be adjusted in the light of the applicable laws. For this reason, Chapter 2 provided a succinct guide on legislation adopted by [continua ..]
Iscrivendoti alla nostra newsletter, non riceverai spam, ma bensė gli aggiornamenti sulle nuove uscite di tuo interersse, sconti e iniziative promozionali.
Inoltre, subito per te, un coupon per una spedizione gratuita
Copyright G. Giappichelli Editore - 2020
ISSN 2499-3158- Diritto ed Economia dell'Impresa (Online)
Iscrizione al R.O.C. n. 25223
Per informazioni: ufficioabbonamenti@giappichelli.it
