Skip to content

New EU Data Legislation Asks The Impossible Of Smart Contracts

New EU legislation aiming to regulate data sharing by IoT devices and services sets impossible compliance standards for smart contracts, making Web3 developers uneasy.

Maths move mountains. After a study conducted by the European Commission found out that 80% of industrial data was not used, the EU Parliament approved new legislation opening the data market to small and medium enterprises (SMEs) and increasing consumers’ power over the data collected by connected devices and related services (IoT).

The monopoly on data processing by big tech companies is taking a hit. The Data Act, approved on March 14 by the European Parliament with 500 votes in favor, 23 against, and 110 abstentions, lays down a framework that expands “ who is entitled to use accessible data collected, obtained or otherwise generated by connected products or related services”.

The bill intends to give small and medium enterprises (SMEs) a fair chance in the data economy by eliminating barriers to data sharing imposed by data holders, optimizing the 80% of industrial data currently left unused. Consumers will also benefit from the Data Act as it will allow them to access data from connected devices and related services, revoke consent for data processing and data sharing, as well as request that data be deleted.

But the new legal framework has a dark side for decentralized ledger technology. Article 30 poses an existential threat to smart contracts by establishing provisions that undermine its main value proposition - immutability by requiring smart contracts to have a kill switch that allows non-consensual termination of the contract:

<...> ensure that a mechanism exists to terminate the continued execution of transactions: the smart contract shall include internal functions which can reset or instruct the contract to stop or interrupt the operation to avoid future (accidental) executions;

Besides the kill switch, the provisions on smart contracts mean that they must offer rigorous access control mechanisms, protect trade secrets and guarantee interoperability, which is also not always possible with certain ledger designs.

And this is not about the 'shortcomings' of the technology. Blockchain, on which smart contracts are enacted, gained popularity because of its decentralized nature and immutability, meaning no central authority or third-party can in any way corrupt, delete, or withhold information. A kill switch implies that someone somewhere has more control than others, which goes contrary to the principles the technology was built upon.

Smart contracts are programs deployed on decentralized ledgers such as blockchain. Those smart contracts that have "non-upgradable" code by design, are considered immutable, since the 'server' on which they operate is one for all and cannot be terminated. 

The law has immediately received negative responses from the observers and prominent members of Web3 community.

The associate professor at VU Amsterdam University Thibault Schrepel twitted shortly after the vote that “the Data Act endangers smart contracts to an extent that no one can predict.

In an interview with the Block the head of the European Crypto Initiative advocacy group (EUCI), Marina Markezic, said:

“It’s saying you will need to use a fruit that is called ‘strawberry’ and it needs to be blue. And basically you need to come up with a strawberry that is blue because all the ones we have are red.”

In a statement Michael Lewellen, head of solutions architecture at OpenZeppelin said

“Including a kill switch undermines immutability guarantees and introduces a point of failure since someone needs to govern the use of such a kill switch. […] Many smart contracts such as Uniswap do not have this kill switch ability.”

Per our observation, Web3 largely falls outside of the scope of the Data Act, except for the controversial paragraph. It is possible that lawmakers had something different in mind when writing it. Nevertheless, to ease the restlessness of DeFi developers about the bill, there must be a clarification of when and where these rules shall apply. This will be discussed in the trialogue discussions that follow the parliamentary vote –  something, we are eager to observe.