Blockchain is a distributed ledger technology which operates without a middle single party. This raises significant challenges for parties relying on existing laws and regulations. Indeed, blockchain ledgers are not subject to a specific legislation and existing legislations may be hard to apply.
Liability is an important legal issue pertaining to the Blockchain. Who is responsible if the system fails? Can Decentralized Autonomous Organizations (DAOs) be held accountable? What law is applicable to determine liability and damages?
It must be underlined that there are two types of Blockchain. On the one hand, un-permissioned Blockchains and on the other hand permissioned Blockchains. The former is open to anyone whereas the latter is maintained by a limited group of actors which retains power to access, check and add transactions to the ledger. Permissioned Blockchains are less transparent and decentralized than un-permissioned Blockchains and raise different issues. Despite their differences, both blockchain ledgers operate in the same way.
Mathias Avocats draws an overview of the liability concerns regarding the Blockchain.
Permissioned and un-permissioned blockchain ledgers
DAOs are a new form of legal structure in which ownership, management and control are automated and human intervention is limited. They can be understood as a bundle of smart contracts by which a set of governance rules are automatically enforced and executed through the Blockchain. They are similar to control authorities in the sense that they set the rules governing the transactions on the Blockchain.
However, as a new form of legal structure, they have yet to be defined. Are DAOs corporations or are they something else? Without a precise definition, it is arduous to determine an applicable regulation. Moreover, what, if any is their liability? What about the liability of the creators of DAOs? Who is claimed against in the case of a legal dispute? The issues have yet to be addressed.
One of the significant issues affecting public Blockchain ledgers is the inability to control and stop its functioning. If a person decided to sell illegal products, how can the illegal business be brought down? For example, if DAOs were programmed to trade illicit goods or banned products, it would be difficult for victims to recover damages or to obtain an injunction against the malicious DAO unless it were programmed for such cases. And, if this were the case, what about the programmer’s liability?
Another problem arises regarding identity. Although other people on the Blockchain see a person’s public key and his or her name, anonymity is still a possibility. If this is the case, and a person suffers a damage, but cannot identify the alleged wrong-doer, how can a remedy be awarded?
These concerns have yet to be addressed.
The issue of liability is not as controversial for permissioned Blockchains. Seeing as only a pre-selected group can add transactions to the ledger, the identity of the persons in the group is more readily assessed. If a harm were to occur, both persons could settle and go to court because they know who they are.
The general issues of liability
For both types of blockchain ledgers, jurisdiction and the applicable legislation must be defined prior to any transaction. What law is applicable for liability? Which court has jurisdiction? Providing specific provisions for these issues could be a solution. However, considering the varying complexity of the Blockchain and the fact that is has no geographical limitation, such provisions may be difficult to draft.
Generally, if a problem were to occur in the Blockchain, who would be responsible? The owner? The developer or programmer? The malicious person?
Furthermore, a question arises as to the applicable contractual law for transactions. Which law is to be applied? If the contract is wrongly encoded, how can it be changed? Are amendments possible? Regarding transactions, what is the legal status of the users? Are they consumers? Must they be professionals when providing specific services (financial services for example)? What protection can they claim?
If a user steals a private key, which is unique to each user and can be defined as the encrypted identity card of a user, how can it be proved? The fraudulous transactions could not appear as such and be validated. If several private keys are stolen, the Blockchain is no longer secure. How can users be warned? How can the Blockchain be secure again?
What is the outcome?
In conclusion, the Blockchain raises many concerns. Answers have yet to be found. This topic was developed in a previous article on Mathias Avocats’ blog.
Current legislations and regulations are not necessarily fit or adaptable to a blockchain ledger. Nonetheless, the allocation and attribution of risk and liability in relation to a malfunctioning blockchain service should be careful though through.
In the current state of affairs, the only available means to allocate the risk of liability are through contracts and negotiations. The contract should namely consider the imminent coming into force of the General Data Protection Regulation (GDPR) to which the Blockchain could be subject. It should also address Intellectual Property issues.
Mathias Avocats will soon publish an article on the relation between the GDPR and the Blockchain.