McKinsey & Company, January 2019
There is a clear sense that blockchain is a potential game-changer…Venture-capital funding for blockchain start-ups reached $1 billion in 2017. IBM has invested more than $200 million in a blockchain-powered data-sharing solution for the Internet of Things, and Google has reportedly been working with blockchains since 2016. The financial industry spends around $1.7 billion annually on experimentation.
Blockchain and related technologies continue to generate excitement across the TMT spectrum, with some of the most promising opportunities including Internet of Things applications, digital identity management, fraud prevention and data management services. There are many obstacles in the journey from blockchain prototype to scalable application and in this note we discuss some of the key legal issues to consider at the outset.
1. What are blockchain and distributed ledger technologies (DLT)? For many lawyers, the first challenge can be to understand the technologies and terminology. We agree with academics at the University of Cambridge and Queen Mary University of London who think of a blockchain as a type of database: a structured collection of information that uses cryptography to create a persistent, tamper-evident record of transactions and to authenticate parties to a transaction. By contrast, we think of DLT as a ledger that is stored in a distributed manner across a peer-to peer network of computers.
2. Technical governance: Every blockchain solution involves a series of design choices requiring trade-offs between performance, resilience and privacy. Identifying potential legal risks requires an understanding of the platform’s design. Who are the users, nodes and miners and what roles do they perform? Who controls the platform? How can past transactions be reversed? How are service providers involved? Who can see transactions on the blockchain and how can users be identified? How can the environmental and financial cost of blockchain’s energy consumption be minimised?
3. Corporate governance: With many of blockchain’s benefits flowing from shared information and network effects, joint ventures have proven a popular way to develop applications. There is no particular magic to blockchain joint ventures and many of the usual considerations apply, such as the venture’s financial, operational, technical, accounting, tax, legal and regulatory requirements. Does it make sense for the parties to enter into a consortium agreement or is it better to form a new company? Particular attention should also be paid to competition law requirements and the added complexity where a venture is cross-border, which is often the case.
4. Risk allocation: The risk allocation aspects of any joint venture are typically heavily negotiated, and this is true for blockchain ventures. Frequently, the success of a blockchain platform depends on cooperation between natural competitors (the so called ‘coopetition paradox’), many different participants (such as consortium members, service providers and customers) and managing heightened technology risk (for example, what happens if the blockchain platform doesn’t perform as expected?). New challenges arise from the insurance policies linked to blockchain and negative event coverage.
5. Smart contracts: Many blockchain applications incorporate smart contracts, which we think of as a set of promises, specified in digital form, including protocols within which the parties perform on these promises. It is important to understand whether a smart contract is intended to operate as a legal contract or whether it is part of a conventional legal relationship. It is also important to ensure there is a legal foundation for the parties’ engagement.
6. Data protection: Sometimes it may not feel like it, but the EU’s General Data Protection Regulation (GDPR) is not yet a year old and areas of ambiguity remain, especially regarding its application to new technologies such as blockchain, which do not fit easily into the paradigm of data controllers and data processors. We remain hopeful that a combination of pragmatic regulatory guidance and technical innovations will help close the gap between blockchain compliance with GDPR in spirit and compliance in fact, especially with regards to data retention and the right to be forgotten.
7. Intellectual property rights: In addition to the usual IP considerations for any new joint venture, particular care should be taken to create, protect and enforce IP rights in blockchain solutions. We have seen many successful applications for blockchain, smart contract and related technology patents and others are pending. For example, a telecoms company has recently applied for a US patent for a blockchain enabled ‘social media history map’ and a technology company has been granted a patent for an approach to encrypting data stored on a blockchain using an encryption key. Other unregistered IP rights such as copyright, database rights and trade secrets will also be important to protecting blockchain solutions.
8. Conflict of laws: Given their frequent cross-border scope, understanding the potential impact of different laws and jurisdictions on a blockchain solution can be a challenge. For example, in a decentralised environment it is possible for every agreement to be governed by the laws and jurisdiction of the location of every node in the network, which ideally are located in blockchain friendly countries. Of course, the position for many permissioned applications is likely to be easier to understand and manage.
9. Disputes: A key challenge for parties resolving disputes is to appreciate how blockchain technology can shift risk in unexpected ways. For example, where a smart contract automates payments it may not be possible to withhold those payments. In addition, how the law applies to smart contracts remains largely untested and courts are faced with real, if not entirely new, difficulties in understanding blockchain technology and evidence. We believe arbitrators can perform a valuable role in mitigating these risks and overcoming limitations in smart contracts (for example, where judgement is required, such as determining what is "reasonable" in the circumstances).
10. Compliance and regulation: The cross-border and multi-party aspects to many blockchain ventures can make compliance with the various financial crime and other regulatory requirements challenging. Meanwhile, the policy landscape for the regulation of blockchain and DLT continues to evolve. While most attention is focussed on risks associated with cryptoassets, jurisdictions such as the US and Italy have introduced blockchain specific legislation and others such as the UK and the EU are actively developing their policy response. Before embarking on a new blockchain venture, clients will want to understand the direction of travel for blockchain policy in relevant countries.
This document (and any information accessed through links in this document) is provided for information purposes only and does not constitute legal advice. Professional legal advice should be obtained before taking or refraining from any action as a result of the contents of this document.