Whilst there is ongoing debate over cryptocurrency (the risks and rewards), blockchain has generally been heralded as the golden nugget when it comes to new ways of doing business. Blockchain in its simplest form is a decentralised digital ledger that cannot be altered. Many governments in the Asia Pacific region have publicly encouraged the development of blockchain. Blockchain development was identified as one of the core aims in the PRC government's 13th Five Year Plan in 2016, the Singapore Infocomm Media Development Authority recently announced that it will be offering seed funding to blockchain companies in the media and ICT sector, and the Hong Kong Monetary Authority commissioned the Hong Kong Applied Science and Technology Research Institute ("ASTRI") to investigate the potential deployment of blockchain.
The application of blockchain is on the rise in all sectors, with the potential adoption and use of such technology by all sectors of activity being limitless. But with increased growth comes great responsibility. Government authorities across the region have started considering the need to regulate blockchain, without stifling innovation. So far, most new regulations or legislation in the area have been focused on cryptocurrency and initial coin offerings.
Now the attention is shifting towards whether or not blockchain (outside the context of digital currencies) requires a regulatory framework.
One of the countries leading the charge is China. On 10 January 2019, the Cyberspace Administration of China ("CAC") announced the release of the new Regulations on the Management of Blockchain Information Services ("Blockchain Regulations"), which came into effect on 15 February 2019. The CAC is the top-level governing body for the internet in China. In addition to being the main government authority responsible for ensuring compliance with and enforcement of the Cybersecurity Law, it has also issued a series of measures and regulations that are intent on monitoring internet users and controlling user content. It is not surprising, given all this, that the Blockchain Regulations should fall under the remit of the same regulatory authority.
The Blockchain Regulations apply to blockchain information service providers in China (i.e. information services provided to the public via the internet or application programs, through the use of blockchain technology or systems) ("Providers"). This includes foreign companies that have a presence in China, or third party service providers that operate the blockchain business in China on behalf of a foreign entity. The main requirements include the following:
- Providers must record their blockchain services with the CAC, within 10 working days from the launch of their blockchain services. For Providers that are already in operation from the date that the Blockchain Regulations came into effect, they will have 20 working days to file with the CAC. Such recordals must include information regarding the Provider's name, service categories, forms of service, fields of application, server addresses, and so on. The CAC will inform the Provider within 20 working days if its application for recordal has been approved, and will provide a filing number that must be displayed by the Provider on its website or app. Further filings must be made to update the recordal if the blockchain services are amended or terminated.
- Any new products, applications or functions that Providers wish to develop or launch must be notified to the CAC and must undergo a security assessment.
- Providers must verify the real identity of their users through their national identity numbers or mobile numbers.
- Providers must keep content and login records of all users for at least 6 months, which should be made available the relevant authorities upon request.
- Certain operational and technical measures must be implemented by the Providers to ensure compliance with the local laws, including prohibiting and taking down any content that is prohibited under PRC law.
- Providers are required to notify the relevant authorities if a user infringes any local laws, e.g. disseminates illegal content, and must issue warnings or restrictions to the user or shut down their account.
- Providers must establish mechanisms for users or the public to submit any complaints, which must be dealt with in a timely manner.
- Providers must implement technical measures relevant for their services.
- Providers must cooperate with the relevant authorities in relation to any supervision or inspection conducted in accordance with the law (e.g. the Cybersecurity Law), including providing any necessary information and technical support.
Many of the requirements under the Blockchain Regulations are not necessarily new, as similar ones are imposed under existing laws that may already apply to the Providers. For example, the Regulation on the Administration of Internet Information Service already imposes an obligation to retain user logs and content.
The Blockchain Regulations provide a general framework for Providers. Further implementation measures, interpretations and guidance are needed in order to provide clarification on how the Blockchain Regulations will be implemented and/or enforced. In particular, the circumstances in which the CAC will reject an application for recordal and the security assessment criteria will benefit from further clarification.
As with the Cybersecurity Law, further clarity is also required regarding the level of access that Providers must grant to government authorities. The Blockchain Regulations may potentially allow government authorities to obtain back door access to confidential and sensitive information of Providers, including any data stored in China concerning their foreign operations. Such risk already arises in the context of the Cybersecurity Law and the Regulation on Internet Security Supervision and Inspection by Public Security Bureaus.1 To date, the question regarding the level of access that needs to be provided remains unanswered.
As with any new laws that are introduced in relation to technological developments, the inevitable question arises as to whether or not they will stifle innovation. Will these new regulations help or hinder the adoption of blockchain solutions in China? Will they strike a balance between protecting users and encouraging development?
While cryptocurrency and initial coin offerings have pretty much been banned in China, it is unlikely that the Chinese government will use the Blockchain Regulations to prohibit or stifle blockchain businesses – the Chinese government has been pushing for the development and adoption of blockchain solutions across all sectors. Instead, the Blockchain Regulations will likely be used to maintain oversight over Providers to ensure compliance with existing requirements (e.g. prohibition on dissemination of illegal content) and prevent any businesses that are seen as contrary to public policy.
1 See our article entitled Close Encounters of the Government-kind: China's New Regulation on Internet Supervision and Inspection: https://www.mayerbrown.com/Asia-IP--TMT-Quarterly-Review-12-12-2018/
Visit us at www.mayerbrown.com
Mayer Brown is a global legal services organization comprising legal practices that are separate entities (the Mayer Brown Practices). The Mayer Brown Practices are: Mayer Brown LLP, a limited liability partnership established in the United States; Mayer Brown International LLP, a limited liability partnership incorporated in England and Wales; Mayer Brown JSM, a Hong Kong partnership, and its associated entities in Asia; and Tauil & Chequer Advogados, a Brazilian law partnership with which Mayer Brown is associated. "Mayer Brown" and the Mayer Brown logo are the trademarks of the Mayer Brown Practices in their respective jurisdictions.
© Copyright 2019. The Mayer Brown Practices. All rights reserved.
This article provides information and comments on legal issues and developments of interest. The foregoing is not a comprehensive treatment of the subject matter covered and is not intended to provide legal advice. Readers should seek specific legal advice before taking any action with respect to the matters discussed herein. Please also read the JSM legal publications Disclaimer.