The dawn of the digital age has prompted a shift towards smooth, automated data-sharing mechanisms, mainly through smart contracts. Smart contracts have emerged as a vital tool in our digitized economies by guaranteeing technical protection and facilitating efficient data exchanges. However, their lack of interoperability has raised concerns among EU policymakers, as it poses barriers to system integration, competitive diversity, and user choice.
In response to these concerns, the EU has proposed the Data Act - a piece of legislation intended to define clear rules and standards for using smart contracts in automating data-sharing within its jurisdiction.
Scope and Application
The Data Act presents a definition of smart contracts. They are described as "a computer program used for the automated execution of an agreement or part thereof, using a sequence of electronic data records and ensuring their integrity and the accuracy of their chronological ordering." This definition explicitly targets smart contracts facilitating the execution of contractual arrangements between different entities, excluding those automating internal business processes.
The Act stresses technological neutrality, meaning the definition can encompass a broad range of automation techniques, including blockchain or distributed ledger technology.
"Essential Requirements" for Smart Contracts
The Data Act emphasizes smart contracts must possess robust features to avoid functional errors and third-party manipulation. They must also have stringent access control mechanisms at governance and smart contract layers to ensure proper functioning and security.
Another crucial requirement is the incorporation of 'safe termination and interruption' functions. These can reset or instruct the contract to cease operation, preventing any unintended executions in the future. The Act also stipulates the need for smart contracts to archive transactional data, along with the logic and code used.
Finally, smart contracts must align with the terms of the data-sharing agreement they execute. Non-adherence to these requirements could result in non-compliance with the Data Act, attracting potential regulatory repercussions. Therefore, every smart contract vendor or commercial deployer must self-assess compliance and make an EU declaration of conformity.
Enforcement of the Data Act
The enforcement of the Data Act brings to light the crucial role played by smart contract vendors or persons deploying the contract commercially. They are responsible for self-assessing compliance with the essential requirements and making an EU declaration of conformity.
A standardization organization appointed by the European Commission is entrusted with defining the standards for the "essential requirements." They must ensure smart contracts abide by the necessary standards for interoperability, safety, and functionality.
Compliance with the Data Act's provisions is a matter of EU-level scrutiny and extends to the national level. The competent authorities within individual Member States are responsible for enforcing the Act's requirements, ensuring that the high standards outlined in the legislation are upheld.
The 'Kill Switch' Controversy
One of the Data Act's more contentious provisions, the requirement for a 'kill switch' function, has been met with resistance from the blockchain and smart contract community. This function would enable the termination or interruption of smart contract operations in cases of fraud, security breaches, or illegal activities. Critics argue that such a function would contradict the fundamental principle of decentralization.
Despite these concerns, the Data Act stipulates that if a smart contract is used to automate a data-sharing contract, there are, by definition, two parties involved, and one of them should be capable of operating the 'kill switch.'
Roadmap for the Data Act
The Data Act's text must undergo a series of technical drafting refinements, translations into all EU official languages, and final formal adoption by the European Parliament and Council.
To ease the transition, businesses will have a 20-month grace period to ensure compliance with the Data Act, likely beginning from December 2023 when the Act is expected to be finalized.
* * *
Navigating the new complexities of the EU's Data Act can seem daunting, especially with its implications for smart contracts. At Prokopiev Law Group, we speak the language of startups and are here to guide you through these changes. If you're a startup using smart contracts for data-sharing or are looking to ensure existing contracts comply with the new regulations, reach out to us. With our expertise, we can turn these regulatory challenges into opportunities. Write to us today, and let's navigate this journey together.
DISCLAIMER: The information provided is not legal, tax, or accounting advice and should not be used as such. It is for discussion purposes only. Seek guidance from your own legal counsel and advisors on any matters. The views presented are those of the author and not any other individual or organization. The information provided is for general educational purposes only and is not investment advice. The author of this material makes no guarantees or warranties about the accuracy or completeness of the information. A professional should review any action based on the information discussed. The author is not liable for any loss from acting on the information discussed.
コメント