On 23 February 2022, the European Commission published its proposal to harmonise rules on fair access to and use of data, the Data Act. The intention is to mobilise the data generated by the use of a product or related service for the economic growth of the internal market of the European Union. In this context smart contracts are considered to be useful in facilitating smooth data sharing while offering effective technical protection of the data and the underlying database. 79% of respondents to the Commission's public consultation considered that smart contracts could be an effective tool to enable data sharing in the context of co-generated Internet of Things data.
What are smart contracts under the Data Act?
'Smart contracts’ are defined in the draft Data Act as computer programs on electronic ledgers that execute and settle transactions based on pre-determined conditions. They have the potential to provide data holders and data recipients with guarantees that conditions for sharing data are respected. As such, they facilitate the automated and interoperable use of data. The use of electronic ledgers implies they use advanced encryption techniques, and can be decentralised and distributed, resulting in immutability.
Why does the Data Act address smart contracts?
Smart contracts take different forms depending on their nature, their mode of activation, their use, and storage. The EU sees the current absence of clear rules and standards for smart contracts as leading to a potential issue with interoperability, which would present a barrier to take up. Chapter VIII of the draft Data Act addresses this.
Chapter VIII provides for essential requirements to be complied with regarding interoperability for operators of data spaces and data processing service providers as well as for essential requirements for smart contracts (covered in Article 30). It also allows for open interoperability specifications and European standards for the interoperability of data processing services to promote a seamless multi-vendor cloud environment.
Concerning smart contracts, the goal is to promote their interoperability by laying down essential requirements for professionals who create smart contracts for others or integrate them in applications that support the implementation of agreements for sharing data. There will be a presumption of conformity with the essential requirements for smart contracts that meet harmonised standards or relevant parts of the Standardisation Regulation (No 1025/2012). Where harmonised standards do not exist, the Commission may take steps to develop and adopt them.
What are the requirements for smart contracts under the Data Act?
The four essential requirements for smart contracts are set out in Article 30(1) of the draft Data Act:
- Smart contracts must offer a high degree of protection against functional errors and manipulation by third parties ("robustness”).
- Smart contracts must have internal functions which can reset the contract or stop its further execution, (“safe termination and interruption”) The Data Act does not, however, address, who should have the power to give the command for such actions and under which circumstances – in Germany, for example, nonconsensual termination or interruption would likely only be permissible after a (final) court ruling.
- It must be possible to archive transactional data, the smart contract logic and code to keep a record of the operations performed on the data in the past ("auditability") of a terminated smart contract (“data archiving and continuity”)
- A smart contract must be protected through access control mechanisms both at the governance and the smart contract levels ("access control").
What if the requirements for smart contracts under the Data Act are not met?
Conformity with the essential requirements will be assessed by the vendor or provider of the smart contract who will then have to issue an EU declaration of conformity and becomes responsible for compliance with the essential requirements. It is unclear what “responsible” means in this context and whether there is any potential civil liability for users of the smart contract.
If a supplier does not provide a compliant smart contract the consequences will be determined by applicable Member State law. For example, German law civil law smart contracts are not regulated but they are treated as valid contracts (assuming the appropriate formalities have been observed). This means the customers of the vendor would be able to claim breach of contract and damages for non-compliance with the essential requirements. However, German law also provides for the extension of contractual obligations to third parties when the contract is also supposed to benefit the third party. This legal doctrine is normally used with restraint in order to keep contractual obligations limited to a small group of people and refer third parties to tort law. But the language of the Data Act may arguably require an extension of contractual obligations to the vendor since the declaration of conformity may be treated as some kind of guarantee.
The benefits of harmonisation
Assuming the smart contract provisions pass in more or less their current form, the EC will be hoping that harmonised requirements and standards will facilitate their use. The EC's position varies from the UK's current one (discussed here, which rests on the position that there is no need to legislate to enable the effective adoption of smart contracts. It seems likely however, that businesses entering into smart contracts with EU counterparties, will want to align with Article 30 Data Act requirements, even if the contracts are governed by English law.
