Data Act and new rules on smart contracts



Over the past few years, smart contracts have become increasingly popular as a tool for automating agreements and transactions, being widely used by blockchain-based platforms and having enabled the emergence of decentralized business models and the growing field of DeFi.

Despite the fact that there is no uniform regulation of smart contracts in the European Union to date, the European Commission has addressed smart contracts used for data sharing as part of its legislative proposal for the Data Act.

The Data Act

The Data Act is a European regulation that is part of the more general “Data Strategy,” which accompanies the digitization process of the European Union.

The regulation is intended to regulate who can access and use data generated in the territory of Union Europe in all economic sectors. The Data Act aims to establish a harmonized framework specifying who has the right to use accessible data collected, obtained or otherwise generated from related products or services, under what conditions and on what basis.

Thus, these are not rules related to the cryptocurrency sector, but rather directed specifically at the management of data generated by users through the use of devices or services made available to them (such as the Internet of Things framework).

Rules related to smart contracts

The text of the regulation voted by the European Parliament devotes one article in particular to the topic of smart contracts used for data sharing.

There are essential requirements that the smart contract must meet in order to comply with the regulations. The obligation to ensure these requirements is placed on the party offering the smart contract as part of a data sharing contract.

The requirements include data storage systems, strict access control mechanisms, and ensuring that the smart contract has been designed to avoid functional errors and resist third-party manipulation.

A requirement for the cease and desist mechanism is of particular importance. Essentially, it is required that the smart contract include internal functions that can reset it or otherwise convey the instruction to stop or interrupt its operation to prevent (accidental) executions of operations.

Although there are specific, and at times quite stringent, requirements, it is not clear what the consequences are of using a non-compliant smart contract. These will presumably be determined on the basis of the applicable law in individual EU member states.

What are the next steps

The text approved by the European Parliament will now be subject to further negotiation (as part of the so-called “trialogue”) among the European institutions, which should lead to a final version.

The Parliament had introduced multiple changes to the original text presented by the Commission, excluding, among other things, liability on the part of software houses for compliance with smart contract requirements.

However, there was no shortage of reactions from industry practitioners and academics. In particular, the mechanism of termination and interruption of operations has been strongly criticized.

On the one hand, it was pointed out that this mechanism is at odds with the immutable nature of smart contracts, which is one of their most significant features.

However, on the other hand, it was pointed out that it is not clear from the current text of the regulation who should be the entity entitled to terminate and/or reset the smart contract.

The issues raised assume important weight given the trend toward using smart contracts in decentralized business models. It remains to be seen whether the final version of the European regulation will answer the questions formulated by the industry.