Blockchain Bites... twenty key legal issues to navigate

1. Uncertainty: the biggest legal challenge with blockchain at the moment is not knowing exactly how blockchain solutions will work as the landscape is still evolving. This inhibits a definitive view of the legal issues it will create or solve. In this note, "blockchain" is used to represent distributed ledger technology whether or not using a pure blockchain structure.

2. Range of use cases: blockchain is essentially a business process performed by technology. It is the function which it is performing which will determine the legal issues it creates. For example, in some use cases transparency is a benefit (eg public register of assets) in others it is a burden (eg commercial impact of complete transparency of share trades). Sometimes even that depends on perspective – regulator or regulated. This makes it difficult to generalise about what the legal issues with blockchain are – though there are some issues which apply widely. It also means that the commercial issues it creates vary which may result in new legal solutions being needed, eg for netting and short-selling, if the blockchain automatically transfers title to the ultimate owner.

3. Regulation: the regulation which will apply to a blockchain solution, if any, will depend on the function it is performing. Often the relevant regulations will not have been designed with a blockchain solution in mind. This may mean that it does not permit it when it should or does not prevent it when it should. It may be that there is, technically, no regulation which will apply to it but it is reasonably clear that it would be contrary to regulatory policy so regulation may be developed which would impact it even before the solution gets to launch. It means that the legal and regulatory analysis of blockchain needs to be performed by those who are experts on the legal and regulatory framework which applies to that function. 

4. Validation/legal status: When is a transaction legally valid/concluded? Depends on the structure of solution and the consensus model – legal rules will probably also need to evolve on this for when the unexpected happens or the protocols are not clear. 

5. Change control: how are changes to the consensus protocols/software agreed eg to deal with changes to commercial environment/force majeure/regulatory change. These are familiar challenges in traditional outsourcing arrangements but how will it be dealt with when the process is effectively outsourced to a decentralized ledger – will the consensus protocols be adequate? Are we in effect creating a "strategic alliance" with all the legal bells and whistles which go with that.. 

6. Unwinding transactions: given the virtual immutability (so cannot be voided) how will transactions be unwound eg where there is input error or fraud? Will need rules to agree to transfer back? How will they be enforced?

7. Transparency: how will confidentiality and commercial advantage be secured if all transactions are transparent? Although participants' identities may be coded with the intention that they will not be identifiable (pseudonymous) there may be a risk that it can be reverse-engineered when linked to off-chain information so then the ID would be known going forward. There may need to be different levels of access. How will that be regulated? What if it can be hacked? Could inequality of market information, particularly in permissioned blockchains lead to "insider dealing"/market disclosure type issues? Conversely, could the additional transparency assist with regulatory supervision leading to it being supported by regulators?

8. KYC/AML/e-identity: Blockchain may support creating new shared ways of complying with KYC/AML/e-identity. Who is responsible if that goes wrong and for what losses/regulatory breach? There may be different answers in different scenarios eg where users self-certify or where an ID utility has drawn in data via APIs from passport office, tax authorities, mobile phone companies.  

9. Data Privacy: will it be possible to identify participants? If all transactions are stored forever on blockchain then what happens if the cryptography is able to be breached by future technology advances? How could a right to be forgotten be dealt with? How can compliance with data privacy laws be secured in context of evolving technology and the possibility of future technology, such as quantum computing, to unlock hashed data.  

10. Cybersecurity: will having multiple nodes (and therefore access points) increase cybersecurity risk? Will the chain be as strong as its weakest link? Will one organisation be responsible to the others if a lapse in its systems enabled a breach of security?

11. Immutability: If a blockchain is used for regulatory reporting or auditing then does is immutability need to be absolute or virtually immutable with any mutations being traceable?

12. Interoperability: Many current process issues in financial services are as a result of lack of interoperability of legacy systems rather than technology solutions not being available so increasing interoperability, eg through open source code, seems likely to be key to optimising the value of blockchain. This can create issues of its own with all parties being committed to the cost of upgrades and ensuring that cooperation with a plan for implementing them simultaneously and questions over who will pay to maintain the code.

13. Competition law: how will access to a permissioned blockchain be regulated? Could it become "market dominant"? Can competition law rules cope with automated behaviour which becomes anti-competitive due to external events – who would be responsible? Would that mean that the consensus protocols/rules would need to change? How should a level playing field be secured?

14. Manipulation: does the validation method adopted allow for manipulation by a majority of authenticators or an undisclosed consortium? Could a permissioned network create new manipulation risks for market movements or LIBOR-scandal style fraud?

15. Systemic Risk: does the blockchain structure mean that market responses will be automated or exaggerated thereby increasing systemic risk?

16. Jurisdiction: with a distributed ledger operating in cyberspace and across jurisdictions, whose laws will regulate activities? Whose courts will have jurisdiction to legislate disputes? Can we look to the cloud computing analogy to solve some of these issues? How will consumer protection laws be applied?

17. Link to the Cash leg: how will blockchain solutions link to the cash leg of a transaction/ deal with delivery versus payment (DvP)? Will it need to be prepaid? Or could fiat currency be moved via blockchain avoiding current correspondent banking model (in line with the recent Santander/Ripple announcement).

18. Technology: there will also be traditional technology issues to address. Who owns the source code if not using open source? Resilience should be enhanced by having multiple nodes but does there need to be any commitment as to availability or computational power being made available? 

19. Smart contracts: smart contracts are essentially pieces of code which automate behaviour according to predetermined instructions. How do the parties demonstrate agreement on what that code is supposed to do? How do they agree to vary it? Does a wraparound contract or industry model need to be agreed?

20. Legal status of a DAO: what is the legal status of a DAO? Who would be responsible for its actions, omissions or errors? Could it be seen as analogous to a partnership (ie parties coming together with a view to make a profit) and would the current partnership law work for that eg who would the partners be and what if it is not designed to make a profit?

Share Back to main blog
Loading data