Blockchains and distributed ledgers: law as a factor in DLT structuring (Altius)
Author: Jonathan De Landsheere (Altius)
Publication date: 14/03/2019
What is distributed ledger technology (“DLT”)?
Distributed ledgers (“DLs”), of which blockchains form a subset, are peer-to-peer networks of computers, known as nodes, which both participate in the network and monitor transactions. Every transaction is recorded on each node, generating a platform of trust based on several identical copies of the ledger. The data once stored on the DL cannot be manipulated or changed – it is immutable. This enables the creation of a public or private ledger that can be traced and recorded in an efficient, secure and reliable manner by all participants. In doing so, the need for a centralised third party is removed.
DLT found its origin in digital currencies like Bitcoin and is often associated with the payments and financial services industry, but it may potentially be applied in a wide array of sectors, such as in shipping (implementing a DL to trigger and record invoicing, bills of lading and customs compliance), healthcare (for clinical trials’ data-sharing and the tracking of patient records), and commerce (the registration of luxury items on a DL to halt counterfeiting). It could also have an impact on the pledging of collateral, on the registration and issuing of shares, bonds and other securities (“security tokens”), on the transfer of property titles, on the operation of land registers, etc.
Whilst DLs are considered by some as a panacea and are praised for their trustless, secure and cost efficient nature (thanks to the cryptographic security elements and disintermediation), the underlying technology is however still in its ‘infancy’. The vast technical hurdles that have to be overcome lead some to question the technology’s long-term viability. Coding flaws may compromise a DL’s safety and cost efficiency is open to question when the volume of computing power used by some DLs (such as Bitcoin) is taken into account. Scalability is also a major ‘ceiling’ for the technology’s current implementations: due to their complexity and their encrypted, distributed nature, transactions can take a while to process in highly-distributed DL networks.
The legal risks of DLT
In addition to technical obstacles, there are regulatory and legal concerns for corporations wishing to implement the technology. Furthermore, participants in DL networks also need to be aware of the potential legal consequences of the solution they are using.
Although very few governments have yet adopted any Blockchain or DLT-related laws and regulations, that does not mean, however, that no laws apply. The law provides an abundance of generally applicable principles which can be applied to new innovations in the absence of specific legislation. Below is a brief (non-exhaustive) overview of some of the laws and regulations that have to be taken into account:
According to some, no contractual relationships exist in permissionless highly distributed DL networks as the participants (such as the DL network’s nodes and users) are unknown and lack the intention to grant contractual rights to (co-)users. While it may indeed be true that anonymity of the parties makes enforcement potentially difficult, it does not mean that the actions of individuals who together ‘operate’ the DL network are not legally relevant. The core group of developers and the validation nodes that are active on the DL network can especially be considered as parties to the ‘DL contract’ since without them the system would not work.
The parties to the contract are not the computers on which the nodes run or software code is written, but instead are the persons that exercise control over these computers. Even if they do not wish to enter into legally-binding relations, the fact that they participate in the system knowing that third parties will rely upon it, may be sufficient to have legal consequences under contract law, such as (joint) contractual liability claims. For instance, if the DL is broken or inaccurate due to flaws in the software code and sensitive data, or tokens or other valuable information is lost, then questions regarding liability for these losses will arise under contract law or tort law (see below).
If no contractual relations can be established, tort claims may still be initiated against DL participants. They may be liable in tort if their act, negligence or omission causes loss or damage provided a causal link between the fault and damage can be demonstrated. Therefore, even in the absence of a contract, DL participants cannot act as they wish; rather they need to keep the reasonable expectations of all parties relying on the respective ledger in mind as well as the evolving case law in all jurisdictions in which the DL is active, or risk liability if they do not.
DLs and blockchains may facilitate a range of criminal offences including insider trading and market manipulation. For instance, the core group of developers, who manage the DL network, may exploit insider information for their own benefit, e.g. for insider trading or market manipulation. Furthermore, permissionless DLs and blockchains may also be used for other illegal purposes such as money laundering.
Defendants in a criminal lawsuit may raise the ‘code-as-law’ defence, i.e. if code defines what is ‘law’, anything possible under the coded design is ‘legal’ (this argument was raised by the hacker that captured the DAO’s Ether as the software code unintentionally ‘allowed’ him to steal funds of participants to the DAO). From a legal perspective, this argument is weak as the rules laid down in software code cannot legitimise theft. Software coders do not dictate laws and regulations: code is not law.
Financial law and the security token revolution
Initial Coin Offerings (“ICOs”) are increasingly popular amongst start-ups and other companies when raising capital. Investors participate in the fundraising by transferring fiat currencies or cryptocurrencies to the issuer in exchange for digital tokens. Contrary to shares offered in a traditional initial public offering (“IPO”), tokens typically do not represent ownership rights in a company or dividend rights. ICO investors often seek to directly benefit from the future utility value of the issued tokens (“utility tokens”) , while investors in IPOs tend to pursue a long-term interest in the IPO entity’s value-creation.
The Belgian financial regulator (“FSMA”) has published a communication on ICOs, which provides an overview of the regulations to which ICOs might be subject as currently no specific laws or regulations regarding ICOs have been issued by the Belgian legislator. According to the FSMA, the characteristics of a token may be similar to an investment instrument, a means of exchange or a utility token. Depending on its structure, an ICO could thus be subject to different financial regulations, possibly leading to prospectus and/or other disclosure requirements. In this respect, it should be taken into account that applicable regulations are not necessarily limited to those of the jurisdiction governing the ICO. When marketed to investors residing or domiciled in another jurisdiction, the laws and regulations of such jurisdiction may equally apply to the ICO.
In the future, DLs and blockchains could also be used for the registration and issuing of actual shares, bonds and other securities. Many analysts predict that eventually the majority of financial products will be traded on the blockchain as security tokens. Tokenised securities merge DLT’s technological advantages with the backing and safety that comes with traditional finance. Security tokens thus have the potential to change conventional IPOs. Needless to say that security tokens will in principle be subject to the same laws controlling traditional securities. According to some, the rise of security tokens will trigger the migration of all kinds of assets (such as property titles, etc.) to the blockchain in the form of tokens (the rise of the so-called “token economy”), which may have a far-reaching impact on the legal landscape.
When setting up a blockchain project or ICO, one should think about the governance and corporate structure of the entities involved. Many known blockchain projects and ICOs have been established through foundations, but also other forms of legal entities, such as certain types of companies, might be appropriate to structure such projects, depending on the project being an ICO or not and taking into account the restrictions laid down in Belgian corporate law.
Data protection laws
As personal data and other confidential information can be transacted and made publicly available on a DL, the question arises whether DLT is reconcilable with data protection laws. For instance, the immutability of DLs clashes with the right to be forgotten, which provides natural persons with the right to have personal data deleted or corrected. Therefore, a key challenge for those wishing to implement DLT or blockchain technology is to make their platforms compliant with data protection laws and regulations. Some studies advocate that DLT platforms may be substantially compliant with GDPR if adequately designed. Moreover, compliant DLs may even help achieve the goals that are set out by the data protection regulators .
Regulators have stated that DLT can potentially pose a risk to fair competition and orderly markets. According to ESMA, DL participants might refuse or impose conditions on new members that make it difficult or costly for them to join the DL network. In addition, it may also become increasingly difficult to develop competing systems over time for cost or technical reasons, e.g. patents that would protect certain components of the technology or the need to ensure interoperability with existing systems. This could drive some firms out of the market and lead to a monopoly-like situation with negative consequences for the cost and quality of services. If certain DLs would indeed function as a technological barrier that enables or facilitates monopolies, then additional liability may stem from competition/antitrust law when such monopolies are abused.
Smart contracts: not so smart after all?
A smart contract is, essentially, a digital computer protocol that runs on a DL or blockchain that is intended to facilitate, verify, execute and/or enforce the negotiation or performance of an agreement, such as the transfer of digital currencies or assets, when certain predefined conditions are met (i.e. if X does Y, then execute Z). The principal benefit of smart contracts comes from the increased speed, efficiency and trust that the contract will be executed exactly as agreed. In addition, such contracts can reduce certain transaction costs associated with contracting, since DLs cut out intermediaries.
Smart contracts can thus in theory help automate and enforce legal obligations set out in an agreement. There are, however, certain legal issues to consider when using smart contracts to create enforceable legal agreements. If these challenges are not taken into account in advance, the parties may find that they do not actually have a legally binding contract, or if conflicts arise that they do not have the agreed means of resolving them. Is the contract available in writing as well as code so that the parties know what they are agreeing to? Can the identity of the parties be established with sufficient certainty to make the contract valid? Furthermore, as is the case with “regular” agreements, the parties will need to agree on the applicable law, jurisdiction, the manner in which disputes will be resolved, etc.
Questions to ask and many caveats
DLT’s proponents often like to claim that the technology is somehow beyond the law, or at least, the law’s reach. But courts will never allow such a restriction upon their jurisdiction. Therefore, given the legal risks for entities involved with a DLT system, the creators as well as the participants are advised to take the necessary legal precautions when establishing a DL, such as determining the governance and corporate structure of the entities involved, clarifying the legal standards that apply to their DL processes and services, clarifying liability and responsibility for the failure of the IT systems and algorithms, etc.
 A blockchain is a particular type or subset of so-called distributed ledger technology. Another example of distributed ledger technology is “directed acyclic graph” (the IOTA protocol is an example of a directed acyclic graph).
 In technical terms referred to as permissionless and permissioned blockchains. In an open, permissionless blockchain, a person can join or leave the network at will, without having to be (pre-)approved by any (central) entity. On a permissioned blockchain, transaction validators (i.e. nodes) have to be pre-selected by a network administrator (who sets the rules for the ledger) to be able to join the network. This allows, amongst other things, to easily verify the identity of the network participants.
 Several jurisdictions (such as Delaware and France) have been enacting legislation to enable the registration and issuing of securities on a blockchain (“security tokens”) by companies that are governed by their respective laws.
 However, solutions are being developed that will most likely solve the current scalability issues, including sharing and second layer solutions (such as the lightning network).
 For a broader overview of the legal risks, see the following paper (upon which this blog post is inspired): The Distributed Liability of Distributed Ledgers: Legal Risks of Blockchain by Dirk A. Zetzsche, Ross P. Buckley and Douglas W. Arner.
 See footnote 2.
 A classic example of a utility token is Ethereum’s Ether. Ether tokens enable interaction with the Ethereum blockchain. For instance, they provide access to an application or service on the Ethereum network.
 See joint research from the University of Cambridge and the Queen Mary University of London and Michèle Finck, Blockchains and Data Protection in the European Union, EDPL, 2018/1, p. 17.