Blockchain is “the most important invention since the Internet itself” according to Marc Andreeseen, but if illegal activities are perpetrated through the blockchain, who is liable?

According to the Bank of England, the blockchain is

a technology that allows people who don’t know each other to trust a shared record of events“.

The main peculiarity of the blockchain is the existance of a shared record, a ledger, distributed to all the participants allowing multiple parties to transfer and store information in a space that is secure, permanent and easily accessible. A report from Santander provides that such technology can

reduce banks’ infrastructure costs attributable to cross-border payments, securities trading and regulatory compliance by between $ 15-20 billion per annum by 2022.

But what are the legal issues of such technology? Putting aside the banking law issues, one of the major questions is:

Who is liable for the blockchain?

One of the main issues affecting public blockchain is the inability of controlling and stopping its functioning. The perfect example is given by a blockchain based decentralized autonomous organization (DAO). This is a new form of legal structure in which ownership, management and control

are automated and human involvement is limited or removed, based on a pre-agreed rule set

If everything is automated and out of control, does it mean that none is liable for illegal activities performed through a DAO? Or on the contrary, the mere participation to the DAO creates a dristributed liability of all its participants as a partnership made of all its participants?

Internet service providers’ liability rules are a valuable guide?

An interesting parallel can be made with the rules applicable to Internet service providers (ISP) as interpreted by courts. The rules regarding the liability of ISPs are set out in the European E-Commerce Directive which provides for

  • the liability exclusion for ISPs in relation to contents published by their users, unless they become aware of the illegal activity perpetrated and
  • the lack of obligation on ISPs to monitor the conduct of their users.

Despite the above principles, courts have been focusing on the distinction between

  • active” Internet service providers that categorize and organize contents published by their users, also providing features to them in relation to the usage and search of contents, to which the liability exclusions do not apply and
  • passive” ISPs which do not offer the above features and to which the ombrella of liability exclusions prescribed by the European eCommerce Directive do apply.

Are ISPs’ rules applicable to blockchain?

The difference between the regime applicable to blockchain and the one regulating ISPs’ liability is based on the fact that the EU eCommerce Directive introduced special rules to exclude such liability. Similar rules are not prescribd by regulations governing the blockchain (if any).

It might be argued that if a DAO cannot be controlled, there is no negligence or wilful misconduct. And therefore no liability arises. But it might be also argued that either the creation of the DAO trigger liabilities itself or, as mentioned above, all the participants to a DAO can be deemed jointly liable.

And what about a private blockchain?

In case of a privacy blockchain, the lack of control on the functioning of the platform does not apply. But is this suffient to trigger a liability of the company managing the platform? Given the number of transactions that can occur at the same time on a blockchain, principles similar to those applicable to ISPs might be applicable.

The peculiarity in such scenario is that platform managers might be obliged to “take down” illegal contents when they receive a court order or a mere notice from a rights holder. Also on this point, courts shall be tested.