Data Act – Is it a de facto ban on smart contracts in the EU?

In any case, crypto supporters are concerned about the decentralization of DeFi applications. But there is hope: Several blockchain associations and the Internet of Things project IOTA have joined forces and are now addressing the European legislators.

Data Act is intended to guarantee technological progress

The law that has already been passed aims to regulate the handling of shared data and create more legal certainty at EU level in this regard. Users should have transparent access to the data they generate. Information generated, for example, by using language assistants, chatbots or IoT devices should be visible to users.

In addition to user security, an optimized legal framework for the data infrastructure should pave the way for future industries and tech applications. The new rules could become binding for service providers in Europe from 2024. Currently, the Data Act is still in the trilogue – a process to reach an agreement between the three main EU institutions. Accordingly, adjustments could still be made. At least that’s what many prominent representatives of the crypto industry hope for, including Binance, Kraken, Ripple or Coinbase, all of which Letter to the Legislature have signed.

Decentralization in Smart Contracts: Data Act with Misinterpretation

As described in the letter, the legal distinction between smart contracts and traditional legal contracts in the Data Act is imprecise. This could lead to unnecessary complexity and confusion in interpreting and applying the regulation. The problem: A misinterpretation of the differences between private and public networks. The Data Act was written with private networks in mind, as the facts of the bill show. Dominik Schiener, co-founder and chairman of IOTA, summarizes:

Due to its breadth, the current wording of the Data Act leads to uncertainty about the legality of numerous existing smart contracts. This puts start-ups and SMEs that depend on this technology in a precarious position. Business processes are disrupted and business models endangered, which has negative economic consequences. If smart contracts using public blockchains are deemed illegal due to an overly broad interpretation of the Data Act, there will be significant negative consequences for these companies.

Again, as in the meantime with the MiCA regulation, the crypto sector is facing a major challenge. The problems raised by the EU data protection law could change the use of smart contracts in the European Economic Zone forever – and not for the better.

More harm than good?

According to the letter, the largest smart contract protocols in the crypto market are affected: Ethereum, Cardano, Polkadot, the Binance Chain and numerous others. For example, compliance requirements would have to be increased by the law and code functionality would have to be adapted accordingly, according to Schiener. This in turn means additional testing, auditing and verification to ensure compliance with potential new regulations.

In addition, the Data Act affects the immutability of smart contracts and unrestricted access to them, as Schiener explains. The law therefore requires the inclusion of a “kill switch” in the smart contract code, which can be activated if necessary. Such emergency mechanisms are controversially discussed in the crypto scene.

The inaccuracy of the law in defining smart contracts for data exchange also leads to uncertainties regarding the application. This is what the IOTA co-founder argues and explains on request:

The law positions smart contracts in the context of a data delivery agreement. This means that not all smart contracts are considered legal contracts under this law. This ambiguity extends to the debate over controlling the kill switch.

Because: The supervision of this emergency mechanism could lie with the creator of the smart contract, but also with public authorities or even a court. A severe blow to the decentralization of all affected protocols.

This is how Ethereum and Co. would change under the Data Act

The introduction of EU data protection law could require significant adjustments to public protocols. A possible change would be the legally binding introduction of compliance measures. This means that public platforms would have to introduce mechanisms to ensure the new legal requirements, including the introduction of the kill switches and control mechanisms mentioned.

Furthermore, protocols like Ethereum or Cardano could be forced to “develop or support more advanced verification and audit systems for smart contracts to demonstrate that smart contracts comply with the requirements of the law,” told Schiener. The IOTA co-founder states:

The Privacy Act was not designed to negatively affect public blockchains. The consequences of the law would now be significant. If lawmakers insist on access control measures, it could fundamentally challenge the permissionless nature of many public blockchains.

In other words: the affected platforms would have to introduce such control mechanisms that central authorities have access to. A contradiction in terms: decentralization is the core of most crypto protocols. Dominik Schiener sees it similarly:

The introduction of a kill switch by law challenges the blockchain principle of immutability. That would challenge protocols to implement such a feature without undermining the security and trustworthiness of the blockchain. […] In extreme cases, some protocols might need to rethink their consensus mechanisms or other core functionality to meet the new requirements.

One of the central questions for the planned changes has not yet been clarified: Who will be in charge of the kill switches? The uncertainty about the control of smart contracts harbors dangers for the protocols themselves, as well as for service providers who rely on them.

Crypto Exodus from Europe?

“The result would be a talent and investment drain from European industry towards jurisdictions with more tailored regulations,” explains the IOTA co-founder. Even more: digital progress could be dampened and governments would have to accept financial losses due to the decline in industry.

In addition, the unclear wording of the Data Act could stifle innovation. This would have long-term effects – including on consumers. Schiener emphasizes:

The broad interpretation of “smart contracts” could also affect those smart contracts that enable the exchange of digital assets. This would create compliance challenges that may conflict with other regulations.

One of these regulations: MiCA. The uniform rules, which were only decided a few weeks ago, are intended to protect consumers and attract crypto companies to Europe. With the imprecise definition of smart contracts in the Data Act, the European legislators are tripping themselves up. What is needed now? A compromise.

Lawmakers ready for compromise?

In the letter, IOTA and the responsible blockchain associations present three proposed solutions that are intended to eliminate the questionable passage in the EU data protection law. The goal: improve legal clarity, maintain the principle of technological neutrality and promote growth and innovation of the digital market in the EU.

When asked, Dominik Schiener explains what the chances are. There have been continuous attempts by the blockchain industry to adapt the Data Act. Nevertheless, the change has not yet been included in the draft laws of the regulatory authorities. It goes on to say:

Now, in the face of this ongoing problem and the swift conclusion of negotiations, the industry has combined their efforts and is once again calling for this change together and with a stronger voice. This joint initiative symbolizes the industry’s commitment and desire to achieve legal clarity in this legislative proposal.

However, there is still time, as Schiener explains. The ball is now in the court of the legislature. The blockchain associations are confident that policymakers will consider the proposed recommendations.