THE DATA ACT SMART CONTRACTS
IMPLICATIONS FOR THE FUTURE OF INNOVATION IN EUROPE
With a broader focus on fairness in the digital environment, an aim to stimulate a competitive data market, open opportunities for data-driven innovation and data accessibility, as well as a significant emphasis on connected devices, the Data Act was not initially broadly thought of as possessing issues for the blockchain industry. Nonetheless, Article 30 of the Data Act outlines legal requirements for smart contracts in the context of data sharing. This phrasing naturally captures the interest of the Web3 and blockchain community, as it incorporates one of the most fundamental components of Distributed Ledger Technology (DLT). This being said, it is very likely that DLT and crypto become affected by the Data Act’s application, even though they might present but a minuscule part of the overall (data) economy. To gain a deeper comprehension of the implications of Article 30 of the Data Act, one should examine the draft text as proposed by the co-legislators. Please note that given the ongoing negotiations, this draft represents merely one of the three potential versions, and the finalised text may ultimately deviate from the current iteration. The following text presents the current proposal as advanced by the European Parliament (taken from here):
Essential requirements regarding smart contracts for data sharing
The party offering smart contracts in the context of an agreement to make data available shall comply with the following essential requirements:
(a) robustness and access control: ensure that the smart contract has been designed to offer rigorous access control mechanisms and a very high degree of robustness to avoid functional errors and to withstand manipulation by third parties;
(b) safe termination and interruption: ensure that a mechanism exists to terminate the continued execution of transactions: the smart contract shall include internal functions which can reset or instruct the contract to stop or interrupt the operation to avoid future (accidental) executions; in this regard, the conditions under which a smart contract could be reset or instructed to stop or interrupted, should be clearly and transparently defined. Especially, it should be assessed under which conditions non-consensual termination or interruption should be permissible;
(ba) equivalence: a smart contract shall afford the same level of protection and legal certainty as any other contracts generated through different means.
(bb) protection of confidentiality of trade secrets: ensure that a smart contract has been designed to ensure the confidentiality of trade secrets, in accordance with this Regulation.”
The European Crypto Initiative, has gathered the crypto industry’s support around a position to address this specific smart contract regulation in the Data Act, proposing changes in the EU regulators’ approach towards them.
○ What is the timeline for the Data Act finalisation?
The Data Act recently entered the EU negotiation process in March 2023, called the trialogues, where the European Commission, the European Parliament and the Council defend their proposals for the regulation and eventually reach a final compromise version that incorporates parts from each of the initial three versions.
Although the three proposals for the Data Act text, made by the EU co-legislators, differ significantly in some parts, all three versions can be seen as a cause of concern. For example, both the European Commission’s and the Council’s versions have a definition of a “smart contract”, which, if adopted, might influence the interpretation and application of other EU regulations. Furthermore, all three EU legislators proposed Article 30, which suggests specific design requirements (as you can see above) of smart contracts for data sharing, such as immutability, safe termination, interoperability and protection of trade secrets.
○ What was suggested in the EUCI Data Act Position Paper?
While ‘smart contracts’ generate attention for their potential uses, no explicit consensus exists around the term. Some refer to it as digitally composed and executable agreements, and others, specifically the blockchain industry, use the term as a niche that refers to a specific set of code that utilises DLT to execute orders. To this day, the DLT is widely regarded as the most optimal technology to drive the next-generation Web3. We are concerned that the current scope and wording of the Data Act may inadvertently encompass smart contracts based on DLT, which by their inherent nature and design, may prove difficult or even impossible to comply with certain requirements proposed in the Data Act and may hinder the development of this novel technology, which the Union seeks to support. This is particularly relevant for smart contracts based on decentralised DLT infrastructures, which constitute the overwhelming majority of smart contracts deployed and used now.
In the EUCI Data Act Position Paper, EUCI requested the co-legislators to consider the potential negative consequences of regulating smart contracts without making a proper distinction between various types of smart contracts. The Paper observes that the regulators refer to the smart contract as digitally composed and executable agreements without taking into account that the term already earned a strong adoption in the blockchain and Web3 industry. The Position further proposes recommendations which primarily focus on (1) adaptation of terminology and replacement of the term ‘smart contract’ with ‘digital contract’, thus preventing the erroneous application of the Data Act to all DLT-based smart contracts, (2) a clear distinction between various types of smart contracts along with the exclusion of DLT-based smart contracts, or (3) clarification as per to which DLT smart contracts the Data Act applies.
EUCI’s reasoning is based on the concern that the consequences of the Data Act might not be aligned with its aim to help establish a secure data-sharing-based economy in the EU but might, on the contrary, lead to less innovation caused by the outflow of people desiring to be involved with DLT projects due to the complexity of the smart contract requirements. Furthermore, the effect of adopting an overly restrictive regulation that covers smart contracts at such an early stage of their development might cause significant economic consequences for the future of the EU industry due to the reduced risk-taking of entrepreneurs and their reluctance to work on innovative projects, such as the building of virtual worlds and the web3 infrastructure. Any ambiguity about smart contracts on DLT being included in the Data Act may disproportionately hinder the use and development of smart contracts or even de facto prohibit them. Compliance would be practically impossible for those smart contracts vendors that rely on public blockchain technology, as such smart contracts typically transmit data openly through records that are accessible on the blockchain. Our current assessment suggests that the vast majority of smart contracts in use are developed on public blockchain technology. Thus, a definitive understanding of the compliant use cases for smart contracts, particularly those based on public blockchain technology, must be established to avoid any potential adverse outcomes.
This blog post is the first of a series of articles that we will be sharing, focusing on the multifaceted aspects of the Data Act. In subsequent posts, we will delve into the diverse components and implications of the Data Act, illuminating an array of subjects for in-depth examination and discourse as follows:
○ ‘Smart Contract for Data Sharing’ according to Data Act
As described in a previous post, Article 30 of the Data Act refers to the ‘smart contracts for data sharing’. The article prescribes four essential requirements for smart contracts. In this chapter, we’ll be providing a high-level overview of smart contract requirements. We will also elaborate on who should comply with such requirements and under what circumstances. Lastly, we will critically assess whether such requirements are possible to comply with and whether they can apply to any type of ‘smart contracts’. Adopting a pragmatic perspective, we will suggest a few recommendations to enhance the clarity and precision of the language pertaining to the term ‘smart contract’ as it appears in Article 30 of the Data Act.
○ ‘Safe Termination’ of Smart Contract – What Could Go Wrong?
In this blog post, we will look into one of the essential requirements set out by Article 30 of the Data Act, the ‘safe termination and interruption’. We will elaborate on whether the inclusion of such an internal function really prevents or helps avoid future (accidental) executions and mitigates the risks. We will further discuss the cybersecurity and governance issues such functions may cause to exist and offer a more comprehensive overview of various different DLT-based smart contract termination options. In this chapter, we aim to provide a comprehensive understanding of the application of the ‘safe termination’ requirement, as well as suggest potential adaptations of the text to avoid any undesirable outcomes.
○ Special thanks: EUCI thanks everyone that contributed as an individual or as an organisation with constructive feedback we incorporated in the final Position Paper. A special thanks goes to all the co-signers ADAN, Blockchain for Europe, Blockchain Hungary Association, Blockchain Think-Tank Slovenia, Bundesblock, Blockchain Lawyers Group, Canadian Web3 Council, Consensys, DeFi Education Fund, Digital Currencies Governance Group, European Blockchain Association, Instituto New Economy, IOTA, Ledger, MAMA, Nordic Blockchain Association, Spanish Crypto Asset Association, Swarm and UBIK.
The European Crypto Initiative supports innovative & innovation-friendly regulation, adapted to decentralised applications that leverage blockchain technologies.