Blockchain Comparative Guide

• Published date: 15 May 2020
• Subject Matter: Technology, Fin Tech
• Law Firm: ONTIER UK
• Author: Mr Derek Stinson

1 Legal and enforcement framework

1.1 What general regulatory regimes and issues should blockchain developers consider when building the governance framework for the operation of blockchain/distributed ledger technology protocols?

All developers must keep in mind the requirements of the EU General Data Protection Regulation (GDPR). The GDPR applies to any organisation processing personal data of customers and clients resident in the European Union. Developers must consider whether they are data controllers or data processors, and whether the blockchain can comply with the GDPR's principles, as follows:

• the right to erasure (sometimes known as the 'right to be forgotten');
• the data subject's right to correction/alteration of personal data;
• the data controller's obligation to ensure data accuracy;
• the data controller's obligation to retain information for a limited amount of necessary time; and
• the data controller's requirement to provide data subjects with the intended purposes for which personal data will be used.

Pseudonymisation and anonymisation techniques can assist in overcoming the GDPR's requirements.

If the developers are developing a blockchain to be used in a regulated industry, they should consider whether there any relevant regulations. For example, the Financial Conduct Authority (FCA) and the Prudential Regulatory Authority (PRA) do not provide exemptions for certain technologies. Developers should consult with lawyers to determine whether the use of the blockchain technology falls within the scope of the Financial Services and Markets Act 2000. The use of blockchain might be considered "carrying on a regulated activity". If so, developers will need to be authorised by the FCA.

Securities laws will be an important consideration for any initial coin offerings (ICOs) and similar transactional use cases. Regulators are concerned that tokens issued in an ICO are similar to regulated 'securities' offerings, but start-ups are using unregulated ICOs as a way of evading regulatory frameworks.

Intellectual property rights, such as licensing the blockchain user's right to use the technology, should be considered. This might also include the terms of use of, for example, a cryptocurrency exchange or a peer-to-peer marketplace, which also brings into scope consumer law and distance selling regulations.

Anti-money laundering and know your client (AML/KYC) regimes should further be considered. It may be the case that the AML/KYC regimes apply to the blockchain use case; and even if they do not directly apply now, the developer might consider whether changes in the technology or upcoming changes in law may bring it into scope soon. The Fifth Money Laundering Directive requirements entered into force in 2018. The relevant provisions of the directive now apply to wallet providers and virtual currencies exchange platforms from 10 January 2020.

The EU Electronic Identification of Signature Regulation (910/2014) is relevant with regard to opening bank accounts and accessing or tracing electronic transactions. It provides a legal structure for the mutual recognition of electronic identification schemes and seeks to eliminate any incompatibilities.

1.2 How do the foregoing considerations differ for public and private blockchains?

The essential difference between a public and private blockchain is participant access. Private blockchains, in most cases, are ledgers that allow authorised members to participate in a network that is not open to the public. Private blockchains are sometimes referred to as 'permissioned blockchains', because the 'owner' of the blockchain decides who has permission to read, access and write information to the ledger. This means that data is more likely to stay private. Therefore, it might be easier to control the GDPR implications. For example, it might be easier to comply with data subjects' requests for the erasure of their data from the blockchain. In a public blockchain, by contrast, no central authority can make an erasure decision alone.

If the blockchain is being used for a regulated activity, that should not affect how the FCA and PRA treat it and its administration; this also applies to UK securities laws.

If the public blockchain is open source, then users will have open source licensing rights that allow software to be freely used, modified and shared. For private blockchains, licensing will be different and bespoke to the organisation that owns the blockchain.

1.3 What general regulatory issues should users of a blockchain application consider when using a particular blockchain/distributed ledger protocol?

Users should first and foremost be concerned with the security of the blockchain. While it is true that, by nature, blockchains are resistant to attack, they are not immune. Many thefts of cryptocurrencies have been widely reported; and although such thefts are normally due to internal security failures of particular organisations - for example, Mt Gox - the law does not allow easy protection from loss.

In the United Kingdom, if the blockchain is not operating in a regulated space, then the protection normally afforded to those using regulated banking services may not be available. This means that the deposit protection scheme may not be available and recourse to the Financial Services Ombudsman may not be available.

However, a person who has suffered loss should investigate other legal avenues. Fraud is fraud, and if an individual suffers losses due to fraud, the courts may be available to find justice.

1.4 Which administrative bodies are responsible for enforcing the applicable laws and regulations? What powers do they have?

The courts have jurisdiction in the case of any unlawful activities. Anyone that suffers loss due to unlawful activities having to do with blockchain, cryptocurrencies or similar technologies should seek legal advice. Although the space is largely described as 'unregulated', access to the courts is still available; and if money or other assets are unlawfully appropriated, legal advice should be sought.

The Information Commissioner's Office can assist in the event of breach of the GDPR, but the administrators of the blockchain should be contacted in the first instance.

If a crime has been committed, then the police or the Serious Fraud Office will be available.

Other administrative bodies that might be relevant include:

• the Office of Fair Trading;
• the Financial Conduct Authority;
• the Competition and Markets Authority; and
• Her Majesty's Revenue and Customs.

1.5 What is the regulators' general approach to blockchain?

UK regulators recognise the power of blockchain technologies and are welcoming of the innovative efforts of those seeking to provide blockchain solutions across the United Kingdom. The European Union is taking an equally open stance. The European Union aims to develop a competitive and innovative financial services sector, and published its Fintech Action Plan on 8 March 2018.

The Fintech Action Plan identifies 19 initiatives. The European Union does not think there is a strong case for a major overhaul of financial services regulation. However, it does want to ensure that there are no regulatory barriers to innovation that might stymie competitive efforts by EU entities. Ensuring adequate consumer protection is part of the plan to stay competitive.

Since Q1 2018, the European Commission has been monitoring cryptoasset developments, including ICOs, to determine whether EU regulatory action is required.

In Q2 2018, the commission was to consider implementing the European Financial Transparency Gateway based on distributed ledger technology (DLT). It also hosted an EU FinTech Lab, where EU and national authorities could engage with technology innovators in a neutral, non-commercial space.

By Q4 2018 the Fintech Action Plan called on European supervisory authorities to identify best practices for fintech companies and, where appropriate, issue guidelines; and for fintech standards to be set in a coordinated way. Major standard-setting bodies such as the European Committee for Standardisation and the Intentional Organisation for Standardisation were to be involved.

By Q1 2019, the European Commission was to present a report on best practices for regulatory sandboxes and set up an expert group to assess any unjustified regulatory obstacles to financial services innovations.

Those in the DLT business were encouraged by the European Union to develop by mid-2019 standardised APIs that are compliant with the Payment Services Directive and the GDPR.

The EU Blockchain Observatory and Forum (EUBOF), together with the European standardisation organisations, will appraise issues relating to scalability, legality and governance. They will do this in the context of standardisation efforts.

A specialist commission has been set up to establish the European Union's approach to blockchain. It has identified some uses of blockchain, especially in the financial services arena; for example, it recognised the following use cases that should not be ignored:

• automatic execution of insurance contracts;
• money transfer;
• peer-to-peer lending; and
• transfer of securities.

The commission recognises that blockchain has a wider scope than financial services, and that close collaboration between innovators, users and regulatory bodies is beneficial. The EUBOF was established in February 2018 for a two-year period, during which - among other things - it will conduct a feasibility study of an EU public blockchain infrastructure. The EUBOF will propose initiatives, funding measures and even a framework to enable scalability, develop governance and standards, and support interoperability. Twenty-two member states signed a declaration establishing a blockchain partnership as a cooperation vehicle for sharing technical and regulation experience and expertise among member states.

There is also a pilot project for applying blockchain technology to the Prospectus...