An introduction to Blockchain: the key legal issues
Published on 11th Aug 2017
By now, most people have heard of ‘blockchain’ but not everyone would claim to understand it, or indeed what it can be used for. This emerging technology is generating a huge amount of interest amongst the technology community in Silicon Valley and elsewhere. It is widely predicted to transform huge swathes of industry over the next five to ten years and beyond. A vast number of potential applications have been identified, some of which are already starting to be exploited.
What is blockchain?
A blockchain is:
- a digital database (or ledger) that is
- distributed across a network of computers (i.e. a decentralised peer-to-peer network)
- containing an increasing number of data records that are
- protected by powerful cryptography; and, therefore,
- almost entirely protected against human error, editing, tampering, removal and revision.
Each record (or ‘block’) contains details of a transaction and is time-stamped and associated with certain data that links it to the previous ‘block’ in the chain. When a new transaction takes place, it is authenticated across the network by users known as ‘miners’ (using specialised IT equipment) before being recorded as a new ‘block’ and being made available to view by other members of the blockchain.
Some key points
Blockchain can best be described as a digital platform or database for securely storing information and recording transactions. However, there are some key points to be aware of:
- Firstly, there is no single or definitive ‘blockchain’. In fact, there can be an infinite amount of blockchains and anyone with the necessary coding skills can create one.
- Blockchains can be:
- ‘public‘, for example where used for trading shares; or
- ‘private‘, for example a real estate company’s blockchain that stores title documents of properties.
Whether a blockchain is private or public will, as the name suggests, determine the user group that has access to the information on that blockchain.
- Blockchains can also be:
- permissionless or unpermissioned, which allow anyone to contribute data with all participants possessing an identical copy of the ledger; or
- permissioned or private, which allow only specified actors (e.g. banks, approved individuals etc.) to submit transactions and/or validate them across the network. This submission and validation process is achieved via a control layer built into the ledger.
Smart contracts
One of the terms that almost inevitably comes up in the context of legal issues and blockchain is ‘smart contracts’. There is no universally established and accepted definition of a smart contract, but in essence they are coded instructions that self-perform when certain criteria are met.
The relevant computer code is uploaded to a ledger, in place of more basic passive data entries. A simple example might be a smart contract-enabled insurance policy that automatically pays out to a policyholder on the occurrence of an insured event. Smart contracts often use blockchain technology to record and execute transactions.
What are the legal issues associated with blockchain?
As with any new technology, blockchain gives rise to some interesting – and in some cases entirely new – legal challenges. Businesses are well advised to be aware of those issues, so that they can be addressed and managed to ensure that the technology is deployed in a compliant manner. Key points that businesses will need to consider include:
Smart contracts
- Will it be possible to capture all the elements of a ‘traditional’ contract in a set of computer-coded instructions? How will coders capture concepts and principles that require a degree of subjectivity or judgement on a case-by-case basis? How about capturing a non-exhaustive list of circumstances, such as force majeure events?
- Even if that is possible, how will smart contracts cope with events that occur outside their underlying code (in the ‘real world’)? If, for example, circumstances arise that would frustrate a contract or make its performance illegal or even contrary to business common sense, is it possible to hardwire that into the code of the smart contract, so that it does not automatically perform itself in those circumstances?
- It’s also crucial to note that some transactions, for example relating to the transfer of land, need to be in writing, which does not currently include computer code.
Data
- Any blockchain system that holds personal data will need to comply with applicable data protection laws. The distributed nature of blockchain causes concern here. Which data protection laws will apply? In reality, there may be a need to comply with the laws of numerous different territories in relation to personal data held on the blockchain in question.
- What mechanisms will be put in place to ensure that any cross-border transfers of data are compliant? In Europe, this could include implementing approved Model Clauses or (for transfers involving the US) recipients signing up the EU-US Privacy Shield, for example.
- The new General Data Protection Regulation will formalise an obligation on data processors to pseudonymise data and a right for data subjects to request erasure of their personal data (the ‘right to be forgotten’). While pseudonymisation tends to go hand in hand with data stored on a blockchain, the right to be forgotten presents more of a challenge in light of the immutability of records on a blockchain.
- Clearly, creating huge data repositories on a blockchain gives rise to the potential for security breaches. Blockchain operators will need to take cyber security particularly seriously to avoid potential regulatory action and – not to be underestimated – reputational damage.
Regulatory
- Most regulators are taking a ‘wait and see’ approach to blockchain (see our article here on a report by the European Securities and Market Authority, for example). While on one hand this approach tends not to stifle innovation and allows regulators to see the way in which the technology is used before taking any action, it does nothing to create certainty for businesses or blockchain innovators.
- As with any development, it seems likely that legal issues will be resolved in line with existing laws, principles and guidance. However, it’s no secret that laws can quickly fall out of date, so it’s almost inevitable that laws will need to be adapted, or that entirely new laws will need to be implemented, to cater for blockchain.
- As noted above, records on a blockchain are intended to be immutable. On that basis, it remains to be seen how a blockchain system will cope with changes to the law. For example, where blockchain holds personal data in a way that complies with the law at a particular date, but the law subsequently changes, how will the relevant records be amended to comply with the new rules?
Liability and responsibility
- What is the legal status of an entirely blockchain-enabled organisation (DAO or distributed autonomous organisation), which operates through pre-programmed smart contracts, without human involvement? Does it have its own legal personality?
- If no business entity has been formed to ‘host’ a DAO, would the blockchain operators and/or participants have unlimited liability (on the basis that the DAO falls within one of the existing categories of unincorporated business types, e.g. a general partnership)?
- In the absence of certainty about the nature of a DAO, how will ownership and control be determined? Can a contribution of crypto-currency be deemed to be an ownership stake in the same way as shares? It’s worth noting that most issuers of crypto-currencies do not attach ownership rights to their tokens.
- Similarly, how will DAOs contract with third parties if they have no legal personality? This could be solved by having the DAO ‘members’ contracting in their own name or, more likely, setting up a dedicated business entity to operate the system and deal with customers and suppliers.
- Who will be responsible for defects in a blockchain system/DAO? Would it be the ‘managers’ of the DAO or, perhaps, if defects arise due to the way in which the underlying code was written, it would be the coder?
- For now (in the UK at least) these questions remain unanswered and the legal landscape will develop over time. However, we expect that the status of a DAO and questions of liability will depend on a number of factors, e.g. how the DAO code is used, the purpose for which the DAO has been established, who ‘controls’ it and how many owners there are.
Litigation and dispute resolution
- Players in a blockchain system will – by definition – be ‘distributed’ and are likely to be spread around the globe. How will the parties determine which laws apply and which forum should be used to resolve disputes? Should that be determined, for example, by reference to the location of the parties themselves, or perhaps to the location of the relevant computer servers? What happens where those laws conflict?
- Will current dispute resolution mechanisms be sufficient to settle blockchain disputes? Technology disputes are common and the English court system can cater for them, but it may take some time for judges to develop their expertise in this specialist area. There have been several suggestions of ‘decentralised’ dispute resolution mechanisms, whereby members of the blockchain community effectively vote on the issues in question. While these present challenges of their own, it is certainly a space to watch.
- If the parties are in different jurisdictions, advance thought should be given to which dispute resolution mechanism is the most appropriate. For example, might an arbitral award be easier to enforce against an overseas counterparty than a court award? Similarly, how would decisions made by the blockchain community be enforced?
- In practice, it would seem advisable for parties to define the applicable law and jurisdiction in advance, perhaps in the ‘terms’ (i.e. code) of the relevant smart contract. Over time, we may see blockchain-based service providers requiring customers to sign up to governing law and jurisdiction in the same way as for websites, i.e. via ‘terms of use’. In the case of a private blockchain, users could be required to sign up to specific terms of service or an MSA before being granted access to the blockchain solution in question.
- How will blockchain-enabled assets, such as Bitcoin, be recovered if they are stolen? There are a number of legal theories that may assist, e.g. claims for unjust enrichment, but none has yet been tested in the courts. When that happens, some big questions will need answering, in particular whether such assets constitute ‘property’ capable of being ‘owned’.
Blockchain in practice
The potential use-cases for blockchain are vast and broad ranging, reaching across multiple sectors and industries. While there are many perceived benefits (not least reduced transaction processing times and cost for financial institutions), there are some significant barriers to adoption, including the legal challenges outlined above.
There are also some practical considerations. For example, it is expensive, slower and less efficient for each participant in a network to retain a copy of all transaction data all the time. Businesses will need to consider carefully whether blockchain will add sufficient value in any given area to outweigh those costs.
Secondly, a blockchain is also only as good as the data that is added. For example, if a transaction is not posted, or is posted incorrectly (whether unintentionally or maliciously), the value of that chain is undermined or entirely lost. Participants will, therefore, need to give consideration to how they should interact with blockchain, and how they will allow others to do so.
However, the most immediate challenge lies in identifying the applications that will really benefit from blockchain, namely where the existing technology (or a simple database) is not already sufficient. Despite the hype, blockchain will not be a viable solution to every problem.
Nevertheless, as the use and implementation of blockchain becomes more widespread, businesses will need to be able to respond to increased customer demand for more efficient and secure service delivery methods and blockchain may offer an attractive solutions to these issues.
Next steps and further reading
For now, we recommend businesses take the following practical steps so they can best prepare for the impact of blockchain technology:
- Keep up to date with blockchain developments and check out our upcoming notes on our insights pages.
- For a more in-depth discussion, and pan-European view, on the issues discussed in this note, you can read our blockchain report.
- Raise awareness within your organisation about the technology and start thinking about the ways in which blockchain could be used.
- Keep an eye on what competitors are doing with the technology. Blockchain is cutting edge technology, so being able to demonstrate awareness and understanding of it could give a competitive advantage.