Regulatory uncertainty is among the top barriers to adoption of blockchain implementations across global industries. The regulatory uncertainty is multifaceted:
- Many jurisdictions lack any relevant law
- There is a patchwork of evolving state law in the U.S.
- There is a lack of precedent illustrating how existing laws will apply to blockchain applications
Despite these barriers, four in five executives around the world reported implementing or actively using blockchain applications in multiple endeavors. Companies see that the value of blockchain technology outweighs the potential risks, which can be mitigated with attention to regulatory developments and good counsel. This article discusses the state of blockchain regulation and strategies for dealing with regulatory uncertainty when exploring and adopting blockchain applications.
Where Blockchain Regulation is Heading
Regulators are unlikely to broadly restrict companies from using blockchain applications, as legislators and governments recognize the potential benefits of blockchain technologies. Several state governments, including California, require agencies to explore the potential uses, risks and benefits of the use of blockchain technology by state government. Other states have already deployed blockchain applications, such as West Virginia’s blockchain-based mobile voting application. Because regulators recognize the broad value of blockchain technology, they are unlikely to unduly restrict the use of blockchain applications by businesses.
Instead, regulators will focus on creating standards for various blockchain applications such as smart contracts or data storage, and will more rigorously regulate the use of blockchain in industries with a higher risk of personal or financial injury—financial services and health care, for example.
Lack of Regulation
Although many territories regulate cryptocurrency (one application of blockchain technology) in some way, few have regulated other blockchain applications. Many jurisdictions have begun to pass new regulations, though, so companies should stay up-to-date on the relevant laws in their jurisdiction. For example, the Cyberspace Administration of China recently published draft regulations for blockchain-based information service providers, which were open for public consultation until November 2, 2018.
A lack of regulation should not be misinterpreted as prohibiting companies from using blockchain technology. Blockchain applications are similar to other technologies a company may use, such as a records management system or a payroll application. Such technologies are generally lightly regulated and companies should be free to apply blockchain solutions to industry challenges. Instead, companies need only ensure the technology complies with any broader, relevant laws. Therefore, where there are no blockchain-specific laws, companies are relatively free to explore, develop and pilot blockchain implementations to determine what uses are most effective.
Moreover, it is unlikely that regulators will punish companies that use blockchain technology carefully and in good faith. Regulators will likely focus on the use of blockchain applications that have an intended or reckless harmful effect, such as predatory smart contracts or blockchains that do not properly ensure the security and privacy of sensitive information. Companies that plan to implement third party-developed blockchain applications should first research the reliability of each application. Where little reliability information is available, companies should consider a small-scale pilot of the application before adoption and seek to shift risk to the vendor.
The U.S. Law Patchwork
Individual states, rather than the U.S. government, have adopted the great majority of blockchain-related legislation. A handful of U.S. states already have adopted laws targeting specifically endorsing certain blockchain applications. For example, Vermont enacted a law creating a new business entity type, the Blockchain-Based Limited Liability Company, while Delaware passed an act allowing the use of blockchain technology for the administration of corporate stock records. Most states have not adopted blockchain-related regulations. As explained above, a lack of regulation is not a prohibition, so companies should judiciously implement blockchain applications subject to any existing laws.
As more states adopt specific blockchain laws, companies with multistate operations will need to be vigilant to the evolving legal patchwork. These companies should analyze which state laws may apply and the scope of contacts an application may have with people, companies or computers in other states. In addition to relying on counsel to stay up-to-date, the National Conference of State Legislatures’ Blockchain State Legislation tracker is a helpful tool for tracking state regulatory updates from proposed act through enacted law.
The Potential for Application of Existing Regulation
The lack of guidance or precedent for how regulators may apply existing laws to encompass blockchain implementations is a significant risk for companies exploring the technology. Some agencies are helping ease regulatory uncertainty by interpreting whether hypothetical blockchain implementations could comply with existing law. For example, the French Data Protection Authority published an initial assessment of whether the fundamental architecture of a blockchain can provide for the exercising of a data subject’s rights under the EU General Data Protection Regulation (GDPR).
Companies seeking to use blockchain technology should analyze how the application may implicate any existing laws, and if so, whether the technology can be molded to comply with the law or if it cannot be used in the current regulatory scheme. Assessing how current laws may apply to blockchain applications is the most burdensome regulatory analysis required for blockchain implementations as it requires an understanding of the technology and expertise on the text and application of the specific law. Companies should work with counsel and blockchain experts when assessing risk related to existing laws.
CJ Rundell is an attorney in Reinhart’s Healthcare Practice. Rundell represents his clients in all aspects of regulatory and transactional healthcare law. He is also a member of the firm’s Data Privacy and Cybersecurity group, a cross disciplinary team which assists clients with their data privacy and security needs.