The European Crypto Initiative considers certain aspects of the version of the Data Act, voted at the European Parliament’s ITRE Committee earlier today, to be potentially problematic for the development of the crypto industry.
The Data Act, intended to regulate Internet-of-Things (IoT) devices’ use of data, also regulates smart contracts for data sharing in Article 30. We consider the mention of smart contracts in the Data Act particularly important, as it is the first time they are regulated on an EU level. Therefore, the understanding of what a smart contract means, even if for the purposes of developing IoT devices, poses a risk of becoming the foundation of the institutions’ broader regulatory approach towards them.
To be more precise, the main issues we see with the Parliament’s version of Article 30 are the following:
The draft argues for the robustness of the smart contract, which is welcomed, but it also requires access control. However, any access control regarding the data stored on the blockchain would be impossible due to the transparent nature of the blockchain – there is no way to prevent specific parties from reading it. Nonetheless, there is a way to have robust access control for modifying smart contracts or adding data robustness. It is very important to be clear about the scope of this requirement.
Furthermore, the text calls for ensuring the safe termination and interruption of smart contract transactions – the issue here is that smart contracts are often modular, and having the ability to be interrupted can break other dependent applications. We believe that smart contract developers should have the freedom to design the smart contract in the way they deem appropriate and use the features made available by distributed ledger technology (DLT). We worry the regulation defining the design of a smart contract in such detail would make it impossible for a whole range of technology solutions to be used. We do encourage interoperability and standard creation coming from the industry and taking into account the current development of the technology.
What we find alarming is that the text calls for equivalence between smart contracts and what seems to be described as legal contracts. If that is really what the proposal implies, then it should be mentioned that there shouldn’t be an equivalence between a smart contract and a legal contract as they differ in their very nature. For this novel technology, it is important to focus on the substance and not the naming – “smart contracts” aren’t at all contracts but are lines of code. Smart contracts oftentimes facilitate and automate the execution part of a contract or agreement. There can not be equivalence, legal certainty or protection solely within the code that the smart contract represents because of its inability to write complex text in human-readable language.
Article 30 also calls for the protection of confidentiality of trade secrets – at the current state of the development of DLT, specifically public blockchain, the public address, the amount of the transaction made, and the time of the transaction, among potentially other information, are public and visible to anyone. The information mentioned will most likely be part of the “trade secrets” for which protection and confidentiality are impossible to guarantee. Therefore, this provision in the Data Act prohibits the use of public blockchains for smart contract development for the scope of this regulation in cases where trade secrets are revealed.