EU Parliament passes smart contract regulation under Data Act

Smart contracts are one step closer to falling under European Union-wide regulation within a broader strategy on data markets, an issue that continues to raise concerns within the crypto industry.

The European Parliament adopted legislation under the Data Act on Tuesday, with 500 votes in favor and 23 against.

The legislation, and its provisions on smart contracts, is not explicitly aimed at the crypto industry, but focuses on data from connected devices, or the Internet of Things. Yet some in the industry worry the Data Act may have far-reaching effects on crypto if the scope isn’t clearly defined, especially as smart contracts — automated executions written into software — underpin the infrastructure of DeFi.

The greatest potential of the legislation, according to Pilar del Castillo Vera, a centrist-right MEP and rapporteur on the Data Act, is to “contribute to optimizing existing business models and processes, boost the development of new ones, and by doing so creating new values and jobs,” she said, opening Tuesday’s plenary in the European Parliament in Strasbourg.

‘Rigorous access control mechanisms’

Smart contracts fall under Article 30 of the Data Act, on “essential requirements regarding smart contracts for data sharing.”

Provisions include “rigorous access control mechanisms” and protection of trade secrets integrated into the design of smart contracts. There would need to be a possibility to terminate or interrupt transaction mechanisms, and lawmakers will need to decide which conditions would make that permissible.

On top of that, smart contracts will be expected to face the same “level of protection and legal certainty as any other contracts generated through different means.” according to drafts previously seen by The Block.

For smart contract developers, these provisions would require additional processes to ensure compliance to the regulation, like issuing an EU declaration of conformity. While these more stringent compliance assessments were removed in previous drafts seen by The Block, they have been reintroduced into the final Parliament text.

Potential spillover to DLT from IOT

For Natalie Linart, legal counsel at blockchain software firm ConsenSys, the smart contract provisions don’t seem to be too overbearing for the industry. “We see Article 30 as a marginal provision applicable to smart contracts facilitating data transfers involving IoT products — not those deployed in DeFi applications.”

But the coast is not yet clear. Linhart hopes to ensure “standards aren’t extended to other smart contracts in future legislative proposals touching crypto,” she told The Block in an email. “Setting substantive requirements for blockchain development would restrict innovation and make the EU an unwelcome place for software developers.”

For the European Crypto Initiative advocacy group, the Data Act has been a focus of their attention over the past months.

“It would be really hard, almost impossible, for most smart contracts that we have today to be compliant with this article,” Marina Markezic, head of EUCI, told The Block on a call.

The rules proposed don’t align to the smart contracts that we know today, Markezic said, and may spur the development of a different technology to fit the mold. “It’s saying you will need to use a fruit that is called ‘strawberry’ and it needs to be blue. And basically you need to come up with a strawberry that is blue because all the ones we have are red.”