On 23 February 2022, the European Commission published its proposal to harmonise rules on fair access to and use of data, the Data Act. The intention is to mobilise the data generated by the use of a product or related service for the economic growth of the internal market of the European Union. In this context smart contracts are considered to be useful in facilitating smooth data sharing while offering effective technical protection of the data and the underlying database. 79% of respondents to the Commission's public consultation considered that smart contracts could be an effective tool to enable data sharing in the context of co-generated Internet of Things data.
'Smart contracts’ are defined in the draft Data Act as computer programs on electronic ledgers that execute and settle transactions based on pre-determined conditions. They have the potential to provide data holders and data recipients with guarantees that conditions for sharing data are respected. As such, they facilitate the automated and interoperable use of data. The use of electronic ledgers implies they use advanced encryption techniques, and can be decentralised and distributed, resulting in immutability.
Smart contracts take different forms depending on their nature, their mode of activation, their use, and storage. The EU sees the current absence of clear rules and standards for smart contracts as leading to a potential issue with interoperability, which would present a barrier to take up. Chapter VIII of the draft Data Act addresses this.
Chapter VIII provides for essential requirements to be complied with regarding interoperability for operators of data spaces and data processing service providers as well as for essential requirements for smart contracts (covered in Article 30). It also allows for open interoperability specifications and European standards for the interoperability of data processing services to promote a seamless multi-vendor cloud environment.
Concerning smart contracts, the goal is to promote their interoperability by laying down essential requirements for professionals who create smart contracts for others or integrate them in applications that support the implementation of agreements for sharing data. There will be a presumption of conformity with the essential requirements for smart contracts that meet harmonised standards or relevant parts of the Standardisation Regulation (No 1025/2012). Where harmonised standards do not exist, the Commission may take steps to develop and adopt them.
The four essential requirements for smart contracts are set out in Article 30(1) of the draft Data Act:
Conformity with the essential requirements will be assessed by the vendor or provider of the smart contract who will then have to issue an EU declaration of conformity and becomes responsible for compliance with the essential requirements. It is unclear what “responsible” means in this context and whether there is any potential civil liability for users of the smart contract.
If a supplier does not provide a compliant smart contract the consequences will be determined by applicable Member State law. For example, German law civil law smart contracts are not regulated but they are treated as valid contracts (assuming the appropriate formalities have been observed). This means the customers of the vendor would be able to claim breach of contract and damages for non-compliance with the essential requirements. However, German law also provides for the extension of contractual obligations to third parties when the contract is also supposed to benefit the third party. This legal doctrine is normally used with restraint in order to keep contractual obligations limited to a small group of people and refer third parties to tort law. But the language of the Data Act may arguably require an extension of contractual obligations to the vendor since the declaration of conformity may be treated as some kind of guarantee.
Assuming the smart contract provisions pass in more or less their current form, the EC will be hoping that harmonised requirements and standards will facilitate their use. The EC's position varies from the UK's current one (discussed here, which rests on the position that there is no need to legislate to enable the effective adoption of smart contracts. It seems likely however, that businesses entering into smart contracts with EU counterparties, will want to align with Article 30 Data Act requirements, even if the contracts are governed by English law.