© 2018 DS Avocats.

Contact Us

Tél : +33 1 53 67 50 00

verbiest@dsavocats.com

bellanca@dsavocats.com

  • Google+ Long Shadow
  • Facebook Long Shadow
  • LinkedIn Long Shadow
  • Twitter Long Shadow

Distributed ledger technologies (Blockchain): first regulation paths under French and EU laws

Last June, a group of seven major banks, including UBS, Santander and UniCredit, made its first payments across borders using blockchain-based technology.

 

And there it goes. The banking world has just moved from theory to practice, in a desire to appropriate the blockchain technology, rather than being overtaken, even uberized.

 

Practical blockchain applications in banking are many: fewer intermediaries in transactions, then less operating costs, but also faster and more secure exchanges.

 

Characterized by highly a disruptive exchange philosophy on a distributed and open network as the Internet is, the bitcoin and its associated protocol the blockchain consider than a central authority, supervised by human beings, in charge of monitoring financial transactions, represents a weakness because the human system is corruptible and, therefore, potentially defaulting[1].

 

The ledger in the heart of Blockchain protocol automates the registration process of all kinds of transactions, more tightly controlled and in full transparency.

 

The aim is to create a new decentralized, anonymous and safe infrastructure to replace those that rely on trusted third parties, deemed expensive and less reliable.

 

Among the traditional trusted third parties that would traditionally handle such transactions stand the State in its sovereign role, holding many public records, either directly or by delegation (currency, civil status, social security, tax, intellectual property, etc.), but also banks, on the first line on payment transactions, insurers, notaries, who manage simple as well as complex agreements (real estate transactions, inheritances…), not to forget numerous other trusted commercial third parties that spread through the Internet. Third parties of collaborative economy may also be covered by Blockchain applications (Uber, Airbnb, eBay…).

 

One of the key issues is regulation. On regulation will indeed depend the emergence, or not, of this exciting new technology.

 

Overview.

 

Regulators’ first reactions: controlling the exchange platforms and fighting against money laundering

 

Most countries today have adopted highly different approaches: while similar questions are raised, answers given reflect a dismaying lack of agreement. This is especially the case for legal classification of virtual currencies, tax systems, regulation…

 

No common definition, no certain definition and, therefore, no European or national Authority responsible for supervising and sanctioning.

 

One thing is sure: virtual currencies like bitcoin are not considered, in France or in Europe, as a currency in the legal sense, pursuant to this well-known tautology:

 

Art L. 111-1 (French Monetary and Financial Code): “The currency of France is the euro. A euro is divided into one hundred cents”.

 

Virtual currency such as bitcoin neither is, under French or European rules, electronic money as defined by directive n°2009/110/CE[2]:

“… Electronically, including magnetically, stored monetary value as represented by a claim on the issuer which is used on receipt of funds for the prupose of makign payment transactions […] and which is accepted by any natural or legal person other than the electronic money issuer”.

 

Eventually, virtual currency is not a complementary local currency within the meaning of Act n°2014-856 dated 31 July 2014 concerning social economy.

 

However, the French Prudential Supervisory Authority (ACPR) has issued the position, dated 29 janvier 2014[3], that intermediation in the sale or purchase of bitcoins requires the seller to be treated like any other payment service. Hence, the institution, the platform that turns virtual currency into real money, will have to be approved as a provider of payment services, and will have to comply with prudential requirements, anti money laundering and anti criminal activity rules.

 

Such a reaction was predictable, since States and financial regulators consider that the short-term priority is the fight against money laundering and terrorist financing[4].

 

On 4 July 2016, the European Commission reteirated its proposing to extend strict anti-money laundering regulation to virtual currencies exchange platforms, in order to make those marketplayers apply new vigilance measures on their customers during the exchange of virtual currencies against real money[5].

 

It is indeed quite easy to control the gateways between the anonymous cryptomoney world and the traditional financial system. It is however way more complicated to regulate bitcoin ecosystem itself, since it could do without the former (which is not the case today).

 

Enshrine a legal value to blockchain transactions

 

Blockchain basically offers two key capabilities: a function of authenticating register, and a decentralized automatisation function (the so-called “smart contracts”).

 

Smart contracts are computer codes “related” to blockchain that execute automatically all or part of an existing contract (tacit or written, registered on a blockchain as an evidence, as the case may be).

 

The question of their legal recognition is governed by the French Civil Code and the rules of evidence[6]. To make long things (very) short, nothing precludes the recognition of a “smart contract”, provided that the parties can be identified and except for authentic contracts (see below).

 

The core question is thus that of identification, on a network that normally guarantees the anonymity of the parties, only “represented” by a public key.

 

The aforesaid key is not related to a natural or legal person to ensure the authentification of the perpetrator as in the legal regime that applies to electronic signature. Indeed, for an electronic signature to be probative, it must benefit from a presumption of reliability, which results from the use of an established identification method through a secured electronic signature crreation process and enabling the verification of such signature by usig a digital certificate issued by a qualified provider[7].

 

In other words, the validity of agreement concluded via blockchain would require the identification of the parties, provided either, by a compliant electronic signature (which requires the intervention of a third party trust), or by another process at the discretion of the judge.

 

It must be underlined that nowadays, the identification actually exists on most exchange platforms, in accordance with KYC online procedures validated by competent control Authorities (see above).

The secong legal pitfall to blockchain technology recognition relates to is primary function of authenticating register.

Already, cadaster projects are advertised in countries where land is subject to corruption and manipulation (Honduras, Georgia, Ghana).

 

The technology often is presented as a solution to the registration and sale of unlisted securities, and deeds might also be administered through a distributed registry technology.

 

Here, to be legally enforceable, a legislative intervention is necessary each time.

 

This is the reason why the French government adopted an Ordinance relating to coupons (28 April 2016).

Pursuant to this Ordinance, those coupons (minibons) can be entered in a register kept by the issuer, but “the issue and sale of coupons can also be entered in a shared electronic storage device for authentication of these operations, under conditions, including safety conditions, defined be decree by French Conseil d’Etat”.

 

The scheme will therefore not be operational until after adoption of a decree, but, in the meantime, we finally have the first legal definition of blockchain.

 

Even more daring, as part of the review of the law project Sapin 2, the Government has proposed to extend the approach of the coupons to other securities that do no circulate through a central depositary, i.e. the unlisted shares or bonds, and the parts or shares of money market funds.

 

The European regulatory framework does not regulate the recording and circulation procedures for those financial instruments, contrary to listed financial instruments; waving to national law the opportunity to develop an ad hoc regulatory framework.

 

The National Assembly has therefore adopted an amendment authorizing the Government to adapt the applicable law in order to allow the representation and transmission through a shared electronic recording device for unlisted securities.

To that extent, it is remarkable that the blockchain could already theoretically be used by market operators as a computer tool to modernize the existing systems in the securities transaction chain (trading platforms, clearing houses and securities central depositories). But significant regulatory barriers will have to be removed to reach such a goal (see in this respect the ESMA consultation[8]).

 

The next step: regulating the blockchain technology?

 

In June, doubts about the vulnerabilities of blockchain technology resurfaced after a venture capital fund operating through a decentralized blockchain called the DAO was robbed of more than 50 million worth of Ether digitial currency, a competitor of bitcoin crypto-currency. The platform, which owned 9,2 million Ether digital currency (representing approximately 134 million dollars), was the target of an attack that exploited a vulnerability in the code of “smart contracts”, thus siphoning tens of millions of ether.

 

Remarkably, a person (anonymously) claimed to be the attacker , threatening to trial all those who would try to recover stolen Ethers!

 

This person certainly is not suffering from mental illness, he only invoked a rule that is all the rage in the blockchain community (to the point of convincing some jurists): “The Code is the law”, according to which the code (computer) would act.

In the purely cryptographic blockchain universe, human and social relations would only be governed by algorithms, completely replacing trusted third parties, Governments, lawyers, judges and national rights.

 

As a consequence, our so-called crypto Arsene Lupin would only have used a loophole, an oversight in the DAO programming (which is a form of smart contract, see below) of the Blockchain, which would be totally “legal” according to the aforementioned rule.

 

Let’s put the records straight. In our current civilization, all legal relationships are based on national or supranational rights (which eventually is the same, states remaining the masters of the game). There is no place, whether on earth, sea, or in space, that is not governed by a rule of law emanating from a state or supra-state. The Supreme Court explicitely reminded that rule about contracts, that must be attached to a State legal system[9]. The solution is constant, even in common law[10].

 

The only question to answer is that of applicable law (and competent judge). A body of rules applicable worldwide, called private international law- was drafted for that purpose.

 

Again, the only issue is that of identification of the parties involved (in a contract, an accident, an illegal activity, etc.). Such difficulty is nothing but new, and is omnipresent since the emergence of cyberspace. However, as already mentioned, blockchain users can remain anonymous, although identification is not only possible but even spreading, with the emergence of exchange platforms (at some point, trusted third parties of a new kind…).

 

Eventually, there is few doubt that identification will become the standard for legally recognized blockchains. This question is especially accurate for public blockchain, as the bitcoin. This point will be further developped later on.

The“Code is law” debate fundamentally raises the question of the regulation of blockchain, which requires at least two sub questions.

 

First, should we (and can we)monitor the integrity of the computer code at the heart of the system? Then, should we (and can we) establish binding rules likely to ensure a sound governance of the (public) blockchain?

 

Facts are simple: cryptographic protocols and rules of the game are created ab initio by individuals (sometimes anonymous), without any control of the integrity of the system created so far. The latter therefore is subject to the vagaries of a unilateral modification, non transparent, or even fraudulent. In some cases, as with the bitcoin, the system relies on a community of anonymous agents (the so-called “minors”) that ensure the system integrity and that could be “compromised”[11].

 

Programming the code of a blockchain equals to setting the rules of the game; maybe of an entire eco-system. This is somehow a political act.

 

And these rules must be likely to evolve, even challenged, according to transparent criteria, guaranteeing people’s rights.

Here basically stand the principles that our societies have developed over the last centuries to live together, gather, associate, disunite, protect against abusive behaviors etc.

 

It has another very fashionable name called governance.

 

What is, for instance, the governance of bitcoin blockchain? There is no doubt that it actually exists, however is it perfectly unreadble to the uninitiated, between minors, programmers, the Bitcoin Foudation, rumors of Chinese pools, etc.

Let us be crystal clear. The idea is not to regulate at all costs to reassure Sates. It is to be realistic. There will always be clandestine networks, for good and/or bad, in the form of blockchain or otherwise.

 

But, if we want to give this technology a chance to talke its rightful place in our society and to bring all the benefits that we sense (more transparency, less power concentration, more private initiatives in a protected framework, etc.), it will be necessary to create a regulatory environment for the blockchain that will be granted legal recognition (because they allow the identifiction of users in some cases and with respect to their privacy, because they allow to respect consumers’rights, because they make possible compliance with regulated status in certain situations, etc.).

To that extent, regulators are at the very beginning of the path, which is quite normal. It is necessary to allow time for the technology to be embodied in practice.

 

This is basically the message the European Parliament recently launched[12].

 

In a report published in June 2014[13], the European Banking Authority (EBA)proposed potential regulatory regime for virtual currencies approved by the financial regulator, which is not incompatible with the decentralized nature of some systems.

 

Customer knowledge rules (“Know your customer” or KYC), registration in a Member State of the European Union, control of information system, segregated client accounts and a minimum capital are also part of the fifteen forecast measures.

 

According to the Authority, the cornerstone of a global regulation would be the compulsory creation of a non-governmental entity that would establish and ensure the control of the operating rules of virtual currency (governance authority scheme). This entity would be the necessary prerequisite for the grant of approval by competent authorities, to interact with the “official” financial system.

 

Such “dome” would not be incompatible with the genuinely decentralized nature of the system, since it does not involve the virtual currency units to to be issued centrally. It would only belong to the founders and network participants to agree on a transparent governance model, implemented by a legal entity which shall the be authorized and regulated by a state supervisory authority.

 

No doubt this sketch will startle many supporters of the first hour of cryptocurrencies, specifically designed to evade centralized control system that has shown its weaknesses.

 

However, in terms of regulation, the central issue doubtlessly stands here…

 

France will soon endorse a legislation on the issue of unlisted securities trough blockchain and will have to set the first rules of the game to that regard, detemining what technology deserves law recognition. The exercise will be important because it will set an example…

 

Compliance with regulation on personal data

 

In such broad debate of recognition of public blockchains, one problem cannot be ignored: respect of privacy.

Blockchain technology is quite paradoxical to that extent.

 

On the right hand, it is a headache for those that would like to grant it a legal status. Indeed, since blockchain technology is a shared global registry, personal data would be duplicated all around the world, including in some states that do not provide adequate level of protection from the European point of view. The famous question of the legality of the data transfer abroad would inevitably arise.

 

On the other hand, the technology allows to implement, quite easily, the principles of European regulation (in particular the principle of privacy by design) by generalizing the use of pseudonyms[14] and offering individuals a direct control over the use of their personal data without any possibility for third parties to have any access (eg by storing fragments of personal data on different nodes of the network making it impossible their reconstitution by third parties).

 

Private Blockchains and responsibility

 

Foregoing considerations primarily relate to public blockchains (Bitcoin, Ethereum, etc.).

 

As far as private blockchains are concerned (for instance those experimented by some banks), legal issues are less critical, for one simple reason: in principle all parties are identified and linked by a prior agreement defining blockchain regulation (who can participate, with what rights, etc.).

 

However, the future market of those blockchains could be full of surprises. And yet, what would happen if some private blockchains became kind of “app stores”, leased to developers and third party contractors?

 

Blockchain would thus doubtlessly turn into a marketplace, such as Amazon, and the question of responsibility of its promoters in case of illegal activities related to certain applications would inevitably arise.

 

We would then be facing a well-known problem, that of intermediaries liability under the regime of the European Directive on Electronic Commerce (transposed in France by LCEN law). It would also be enlightened by the ongoing work of the European Commission on loyalty rules for platforms in the Digital Single Market.

 

DAO

 

A DAO (Decentralized Autonomous Organization) is an organization working with a computer program that provides governance rules to a community of users. This is a more complex version of a smart contract, with the same advantages: the rules are transparent and unchanging as enshrined in the blockchain.

 

Those decentralized autonomous organizations, genuinely horizontal, have the potential for a major break from traditional organizations schemes inherited from the industrial revolution, based on a vertical logic, with shareholders seeking for profit at the top.

 

Will those DAO keep their promise of a freer economic world, more transparent and democratic at the proper sense of the word?

 

To achieve such a goal, they will have to pass the governance test, like any human organization. And, in the short term will also raise the question of their place in the traditional state order. How can they interact with other legal subjects (debtors, creditors, regulators, etc.)?

 

The DAO on Ethereum

 

The first experience in this field is “The DAO” on blockchain Ethereum, which recently hit the headlines.

 

The DAO is a kind of decentralized investment fund whose purpose is threefold: evaluate the projects that are submitted to it, decide collectively with the DAO chips holders whether or not to fund these projects, distribute the risks and rewards relating thereto[15].

 

In this DAO stand on the right hand chips holders, who represents the “shareholders” of the DAO and on the second hand, other providers.

 

The first ones take part to the creation of the DAO, invest some money in exchange for chips, and form the basis of the DAO.

 

The second are those who submit projects to the DAO and request for funding.

 

The “The DAO” project also involves “curators” which filter the projects, ensuring that the source code supplied by a provider effectively corresponds to the actual offer. Their work may be audited by anyone, and they can be removed if they are “corrupted”.

 

Another example of DAO: a community auto insures against job losses, without going through an insurance company or broker. It creates a pool (in bitcoins or ethers for instance) and when a member loses his job (the information being transmitted through an API), a sum previously agreed is paid to him. Everything is thus performed by a smart contract.

 

Lack of legal personality

 

At first glance, the DAO cannot, per se, sign an agreement with another company, open a bank account, act or be sued before courts.

 

However, it is very likely that a judge will consider that a DAO can be considered a de facto company. Such a solution results from the behavior of persons who, without being fully aware, treat each other and act toward third parties as true partners.

 

The de facto company is subject to the same regime as that of the French société en participation (Art. 1873 of French Civil code).

 

Under article 1871 of the French Civil Code, the relationships between partners are then governed either by the provisions applicable to civil companies if the company has a civil purpose, or if it is commercial, by those applicable to partnerships.

In practice, DAO rather have a civil purpose (but uses evolve).

 

Whatever its civil or commercial purpose, if the DAO cannot meet its liabilities, its creditors will have a direct action against “partners” on their personal property (provided, of course, they can be identified).

A DAO could therefore legally exist as a société en participation, but without legal personality, which is not beneficial to anyone (except for those who would rather like to remain anonymous…).

 

Practice has already provided creative answers to this issue.

 

Thus, a Swiss company (DAO.LINK) was created to make the link between the DAO and the “traditional” legal system.

At the request of the DAO contractor, DAO.LINK provides him an address on the Ethereum blockchain. This address represents the contractor on the blockchain, and the smart contract is concluded with this address. In the meantime, the contractor signs a “real” contract”, which is the mirror of the smart contract, with the Swiss company.

 

The latter thus represents the DAO in its legal relationships with the contractor[16].

 

As a consequence, the risk is moved on the DAO.LINK company.

 

Another solution is presented by Otonomos.com, which creates mirror companies of DAO. Members of DAO are also shareholders of “offshore” companies (for tax reasons, but also for their flexibility in terms of ownership). Needless to say, this solution will have trouble to spread in our countries.

 

What about fiducia (Trust)?

 

DAO also (accidentally) look alike fiducia (French trust in civil law), as defined in Article 2011 of the French civil code:

“A fiducia is the operation by which one or more grantors transfer assets or security rights, or a set of assets, rights, or security rights, present or future, to one or more fiduciaries who, keeping them separate from their own patrimonies, act to achieve a specific goal for the benefit of one or more beneficiaries”.

 

In this legal institution, there is no creation of a legal entity, but the assets transferred nevertheless form a separate patrimony, distinct from the personal patrimony of the fiduciary.

 

Besides, the “grantors” can declare themselves “beneficiaries”.

 

At first sight, in its principle, such operation seems well-adapted to DAO: a community (the grantors) is created to transfer (to their own benefit) assets or rights (bitcoins, ether, tokens) in a specific goal, after having designated “curators” (the fiduciaries).

 

Is this achievable in practice?

 

Fiducia requires a written agreement (contain a certain number of mandatory mentions) and registered in the tax service.

 

Also, the contract must be reported to the National Register of fiducia.

 

The fiduciary must be a financial institution or a lawyer.

 

It would thus be possible to create a DAO with members that remain “anonymous” on the blockchain (identified only by their address or public key), but whose identity would be known by the state services entitled to consult the National fiducia file (judge, etc.).

 

The fiducia agreement would, wherever possible, be run by a smart contract.

 

And lawyers would find an unexpected role, that of DAO “managers”…

 

Only practice will tell whether this approach is realistic.

 

 

[1] Bitcoins and blockchain. Towards a new paradigm in digital confidence ?, Didier Geiben, Olivier Jean-Marie, Jean-François Vilotte et Thibault Verbiest, RB Editions, 2016, http://www.revue-banque.fr/ouvrage/bitcoin-blockchain-vers-un-nouveau-paradigme-confi

[2] http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=OJ:L:2009:267:0007:0017:FR:PDF.

[3] http://acpr.banque-france.fr/fileadmin/user_upload/acp/Communication/Communques%20de%20presse/20140129-Communique-ACPR-position-bitcoin.pdf.

[4] GAFI, Virtual currencies : key definitions and potential risks in terms of AML/TF, June 2014, http://www.fatf-gafi.org/.

[5] http://bitcoin.fr/monnaies-virtuelles-communique-de-press-de-la-commission-europeenne/

[6] Articles 1365 and sub. of the French Civil code – article 1316 according to existing numbering until 1 October 2016

[7] Decree n°2012-272 dated 30 March 2001 taken for the application of Article 1316-4 of the French Civil code on electronic signature ; see also Regulation (EU) n°90/2014 of the European Parliament and Council dated 23 July 2014 on electronic identification and trust services for electronic transactions in the common market repealing Directive 1999/93/CE, that came into force on 1 July 2016.

 

[8] https://www.esma.europa.eu/press-news/esma-news/esma-assesses-usefulness-distributed-ledger-technologies. See the Overstock project, approved by the SEC in the US : http://www.wired.com/2015/12/sec-approves-plan-to-issue-company-stock-via-the-bitcoin-blockchain/

[9] Cass. (Ch. civ., sect. Civ.), 21 juin 1950, Rev. crit. 1950. 609, note Batiffol, D. 1951. 749, note Hamel, S. 1952. 1. 1, note Niboyet, J.C.P. 1950. II. 5812, note J.  Ph. Lévy

 

[10] « Contracts are incapable of existing in a legal vacuum », Amin Rasheed Corporation v. Kuwait Insurance, Co.113, 1983] 2 All E.R. 884, [1984] 1 A.C. 50 [Amin Rasheed].

[11].In June 2014, a mining pool called GHash would have held 51 % of the total calculation power of the Bitcoin network, enabling it to determine which transactions should integrate Blockchain and what minors should receive their reward. http://www.01net.com/actualites/bitcoin-sous-la-menace-d-une-prise-de-controle-monopolistique-621990. A mining pool which holds more than half the power of network computing may require the registration of a transaction in the Blockchain, even if it did not happen. Conversly, it may reject a registration that actually took place. Such a fraudulent transaction is called « attack by 51 % ».

 

 

[12] http://www.usine-digitale.fr/article/le-parlement-europeen-va-se-pencher-sur-la-blockchain.N394257

[13] https://www.eba.europa.eu/documents/10180/657547/EBA-Op-2014-08+Opinion+on+Virtual+Currencies.pdf

[14] For example through the use of electronic signature under pseudonyms, that the European regulation e-idas allows. The person signs with a pseudonym and his real identity is known only by the certification service provider.

[15] https://blockchainfrance.net/2016/05/12/qu-est-ce-qu-une-dao/

[16] https://www.ethereum-france.com/dao-link-permet-a-des-entreprises-de-contracter-avec-des-dao/

Share on Facebook
Share on Twitter
Please reload

À l'affiche

3èmes Assises des Technologies Financières - Jeudi 17 octobre 2019

26/07/2019

1/10
Please reload

Posts récents
Please reload

Par tags
Please reload

Nous suivre
  • Google+ Long Shadow
  • Facebook Long Shadow
  • LinkedIn Long Shadow
  • Twitter Long Shadow