The EU has struck a political agreement on the Data Act, which includes a “kill switch” for smart contracts, creating outrage in the crypto community. On June 28, the European Council and Parliament reached a political agreement on the Data Act, bringing non-personal data legislation closer to completion.
In an X post, European Union Commissioner for the Internal Market Thierry Breton called the deal a “milestone in the reshaping of the digital space.” The Data Act supplements the Data Governance Act of November 2020 by defining who and under what conditions data can create value.
It is based on the European Strategy for Data, which was announced in February 2020 and intends to position the EU as a regulatory trailblazer in the data-driven society era. The Data Act is part of the European Commission’s broader data strategy, which aims to position Europe as a global leader in the data-agile economy. In a nutshell, the Data Act proposes new rules for who can access and utilize EU-generated data across all economic sectors.
The Data Act must be adopted by a vote of the European Parliament and the Council, which represent the bloc’s 27 member states, in order to become law. And, as with the Markets in Crypto-Assets (MiCA) regulation, the crypto sector is again facing significant challenges.
Smart contract “kill switch”
The blockchain community is mostly concerned about one section of the Data Act, which states that automatic data-sharing agreements have a “kill switch” that allows them to be cancelled or suspended in the event of a security breach.
Many blockchain specialists believe the present definition of smart contracts under the Data Act is too wide, and they are concerned that it would have unforeseen effects for existing smart contracts on public blockchains. The wording of the proposed bill, for example, makes no distinction between digital contracts and smart contracts that use distributed ledger technology.
The Data Act also does not define what a “data sharing agreement” is, nor does it explain whether the smart contracts that are already common in Web3 apps adhere to these types of agreements.
“By design, most smart contracts don’t offer a termination or interruption feature, and are often un-upgradable to ensure higher levels of protection from abusive behaviours,” Marina Markei, executive director and co-founder of the European Crypto Initiative, told Cointelegraph.
“The lack of such features in smart contracts jeopardizes their use and development.” They may be viewed as incompatible with regulatory requirements.” “The issue arises if the scope of Article 30 is broadened beyond the use of smart contracts in this narrowly defined context and on public permissionless networks.”
Compliance with such protocols becomes not only difficult, but nearly impossible,” he stated. Another concern, according to Voloder, is whether these restrictions may spill over into decentralized finance (DeFi). “Because we lack a DeFi regulation, this is a question that will need to be answered over the next 18 months as the EC prepares its DeFi position.”
Furthermore, kill switches can contain flaws due to human error and, in general, “as they are rigid, bounded information environments.” According to Voloder, this rigidity, along with an automatic function that triggers a specific outcome based on stringent criteria, could result in concerns such as locking up assets, shutting down protocols, or even losing funds and crucial data.
A lot of uncertainty
The Data Act includes requirements for app vendors who use smart contracts, as well as persons whose business involves deploying smart contracts.
According to Markei, the Data Act may encourage such suppliers and deployers to be more cautious and assess if their smart contracts incorporate a data-sharing agreement in any form. If smart contracts share data, apps may need to adjust how they operate to comply with these regulations.
But first, Markei explained, it’s critical to understand who exactly needs to obey these rules: According to Erwin Voloder, head of policy at the European Blockchain Association, Article 30 of the Data Act applies when parties agree to transfer data via a smart contract that respects the regulations.
Crypto community across the globe reacts
To offer more legal clarity to smart contracts, the crypto community has already proposed numerous alternative alternatives.
Polygon had already wrote an open letter in April 2023 recommending how to modify Article 30, stating that lawmakers may apply these regulations solely to corporations, eliminating software and developers, and make it plain that smart contracts aren’t “agreements” in and of themselves.
Recently, the European Crypto Initiative and a number of organisations, including Stellar, Iota, Polygon, Near, Coinbase, Cardano, and ConsenSys, issued an open letter expressing their concerns about the Data Act and urging lawmakers to review and clarify some elements.
They contended that the Data Act could conflict with the newly agreed-upon MiCA rule. The Commission will need to revisit decentralized financial regulation in the coming years, an issue European lawmakers deliberately sidestepped.
More harm than good?
The trialogue on the Data Act has concluded, which means that the language has reached its final shape and will most likely be enacted in its current form. According to Markei, the new regulation might have an impact on the European crypto industry and enterprises looking to operate in the EU, adding that the Data Act does not provide clear specifics about which use cases the new restrictions apply to, leaving the entire industry in the dark about what to expect. And, she added, this is only the first step towards regulating smart contracts, establishing a precedent for future measures.
The community’s next critical step is to collaborate closely with European standardization groups. These groups are in charge of developing the rules that vendors and developers of smart contracts should adhere to when entering into data-sharing agreements, especially given that these vendors will need to ensure that their smart contracts broadly conform with the scope of Article 30. According to Voloder, extending the Data Act to public networks could result in companies leaving the EU at worst and “otherwise being pigeonholed into a narrow development trajectory of smart contracts in the best case.”