The first part to the present article titled 'Blockchain Technology – The Science behind the Revolution' discussed the detailed working of the pioneering technology that constitutes the working force behind the transfer of crypto assets. In this second part, we will briefly delve into the interplay of blockchain technology with the existing laws of India.
B) Existing legal framework vis-à-vis blockchain technology
In India, there is no specific law that governs and regulates blockchain technology and its various applications. However, depending on the different sectoral applications the existing sector-specific regulators may possess the necessary authority to regulate the usage of blockchain related applications. For instance, cryptocurrency may fall within the regulatory ambit of the Reserve Bank of India ("RBI"), insurance related applications may be regulated by the Insurance Regulatory and Development Authority of India ("IRDAI") and use of blockchain technology in capital markets may be regulated by the Securities Exchange Board of India ("SEBI").
1) Legal status of cryptocurrency
On 6 April 2018, RBI published a notification prohibiting all regulated entities (such as banks) from dealing in or providing services towards the facilitation of virtual currencies.
This notification was challenged before the Hon'ble Supreme Court. The apex court in Internet and Mobile Association of India v. Reserve Bank of India1 struck down the notification as it failed to satisfy the test of proportionality. The Court also noted that RBI did have the necessary powers to regulate virtual currencies, owing to its role of safeguarding the banking economy of India. Resultantly, banks and other financial institutions which are regulated by RBI are no longer prohibited from provisioning banking services in relation to or as part of sale/purchase of virtual currencies.
Meanwhile, the Department of Economic Affairs, Ministry of Finance has drafted the 'Banning of Cryptocurrency & Regulation of Official Digital Currency Bill, 2019' ("Draft Bill"). The Draft Bill proposes to prohibit a wide range of activities in relation to cryptocurrency in India. It is worth noting that under Chapter 3 of the Draft Bill, the prohibition mentioned is only with respect to dealing in cryptocurrencies; and it exempts the use of distributed ledger technology and use of cryptocurrencies for research purposes. Chapter 8 of the Draft Bill makes mining, holding, selling, issuing, transferring or use of cryptocurrencies punishable with a fine or imprisonment of up to 10 years, or both. It is worth noting that the Draft Bill moots the approval of digital rupee as a legal tender, by the central government in consultation with the RBI.
2) Legal validity of smart contracts
Smart contracts as defined by the RBI, point to contracts that are basically lines of code or logic on distributed ledger technology that execute themselves once the predetermined conditions are met.2 These are digitally encrypted agreements where once the terms of the agreement have been met, the smart contract verifies the same and transfers the tokens as per the terms.3 The ability to function on the execution of predetermined commands along with regulatory compliance is in turn what makes them 'smart'.4 All the steps and procedures involved are recorded, processed, and carried on by all systems at once, thereby leaving no space for human error. Consequently, every party can check the stage at which the agreement is operating and whether it has been honored properly or not.
Smart contracts are a lucrative option for businesses dealing in and sharing sensitive information,5 for instance franchise agreements. The data encrypted in the smart contracts through cryptography and functionality of the distributed ledger system ensures data protection. However, as against traditional contracts, smart contracts are not capable of being revised / modified and every time a fresh contract will need to be entered into to record fresh contractual understanding between the parties. Therefore, traditional contracts may still be preferable in businesses that require flexible arrangements to operate.
Note that in order for smart contracts to be valid and enforceable, these must comply with the provisions of the Indian Contract Act, 1872 ("ICA"). Section 10 of the ICA6 provides features of a valid contract and such features must be fulfilled by a smart contract to form a valid and binding contract in India. This requirement is over and above any sector specific guidelines (such as those that may be applicable to insurance contracts) that the government may issue to encourage smart contracting.
While the ICA envisages only tangible contracting, validity of electronic contracting and execution can be drawn from Section 10-A (Validity of Contracts formed through electronic means) of the Information Technology Act, 2000 ("IT Act").
3) Electronic contracting, data privacy and cybersecurity
The IT Act permits authentication of documents through digital signatures. The IT Act contains provisions regarding powers of certifying authorities, procedure to grant licenses and duties of such certifying authorities.
Smart contracts use digital signatures for authentication and secured limited access. Notwithstanding the abovementioned route for using self-generating digital signatures, the IT Act does not expressly prohibit self-generated digital signatures through blockchain technology. However, the absence of provision for the explicit recognition of the same, effectively invalidates any form of contract made using blockchain technology, that requires a signature to authenticate it.7
While there is no law to ensure data privacy and security in blockchains, nevertheless blockchain network may still need to comply with the general rules and laws on cyber security and privacy as prevalent in India. Challenges with respect to enforceability will arise on account of the inherently decentralised nature of blockchains.
Article 21 of the Constitution of India has been held to encompass the fundamental right to privacy.8 Though, prior to the recognition of right to privacy as a fundament right this statutory right to privacy was protected under the IT Act by way of an amendment in 2008. As per Section 43-A of the IT Act, a body corporate may be held liable for damages in the event of negligence in implementing and maintaining 'reasonable security practices and procedures' in relation to 'sensitive personal data or information' ("SPDI").9 Section 72-A of the IT Act provides that any disclosure of personal information in breach of contractual obligations will result in imprisonment for a term not exceeding 3 years, or fine not exceeding INR 500,000 or both.
On 13 April 2011, the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 ("SPDI Rules") that lay out a general framework for the protection of 'sensitive data'10 in India, were released. Note that SPDI Rules only apply to body corporates or any person situated within India. Accordingly, given the decentralized nature of blockchains (which could involve nodes from several jurisdictions) enforcing the SPDI Rules may be challenging and inefficient.
In 2009 the Central Government appointed the Indian Computer Emergency Response Team ("CERT-In") which was empowered to deal with cyber incidents11 including cyber security breaches.12 This national agency has been authorized to call for information and give directions to service providers, intermediaries, data centres, body corporates and any other person for the purposes of, amongst others, analysis of cyber incidents, alerts of cyber security incidents, emergency measures for handling cyber security incidents etc.13 Blockchains do not have a centralised body, and are self-governed, therefore agencies like CERT-In may find it challenging to enforce its jurisdiction on such networks.
Currently, the Personal Data Protection Bill, 2019 ("PDP Bill") is pending before a Joint Parliamentary Committee for review. The PDP Bill imposes certain obligations on a 'Data Fiduciary' including, but not limited to, processing personal data only for specific, clear and lawful purposes (Section 4), retaining data only till absolutely necessary for the purposes of processing (Section 9), collecting data only till the extent necessary for the processing thereof (Section 6). However, compliances of these obligations may not be straightforward over a public blockchain network with numerous nodes spread across the network with no central authority.
4) Intellectual property rights on blockchain
Blockchain technology can most effectively be used to implement contracts governing licenses relating to intellectual properties. Effectively, blockchain technology may provide for a ledger exhibiting actual ownership, the authorized licensee, and other entities in supply chain, including consumers and customs authorities. Usage of blockchain technology in the intellectual property domain may further assist in validating a genuine product and distinguishing it from a fake.
Blockchain based ledgers, holding IP rights information, allow for source authentication, since they can record objectively verifiable details about when and where products are made, and details about their manufacturing processes and source of raw materials.14 Enforceability of intellectual property rights of the participants remains an issue over a global blockchain network that defies territorial jurisdictions as we know it. Of course, one may still improvise enforceability in private or permissioned blockchain networks with restricted participation.
5) Blockchain as intellectual property
A blockchain based technology may be awarded protection under the Patents Act 1970 and/or Copyright Act, 1957. In order to be registered as a patent, the technology will need to conform to the tests15 laid down under the said legislation (i.e. its patentability, novelty, inventive step and industrial application). Prima facie however, registration of a blockchain as a patent may prove rather difficult owing to Section 3(k) of the Patents Act, 1970 which excludes 'a mathematical or business method or a computer programme per se or algorithms'.
Comparatively, it would be easier for a blockchain to avail protection by way of copyright as it purports to be a computer programme,16 thereby qualifying it for protection under Section 13 of the Copyright Act, 1957.
6) Regulatory Sandboxing
In India, several sectoral regulators have introduced regulatory sandboxing to enable and encourage innovation (including use of blockchain technology) in their respective fields. IRDAI introduced the Insurance Regulatory and Development Authority of India (Regulatory Sandbox) Regulations, 2019 which was implemented on 26 July 2019 and the said regulations shall remain in effect for 2 years. RBI also introduced its final guidelines towards 'Enabling Framework for Regulatory Sandboxing' dated 13 August 2019. SEBI has also introduced 'Framework for Regulatory Sandbox' dated 5 June 2020. Each of the aforesaid sandbox regulations provide for eligibility criteria, application procedure, extent of relaxations, testing duration etc.
7) Enforcement and jurisdictional issues
The integration of blockchain technology also raises the issue of jurisdiction where any transaction is under dispute, considering that the process of validation may be done by a node/miner in a different jurisdiction. Location of the nodes/miners or the subject matter of transactions may be crucial in determining the jurisdiction of the court to adjudicate over a blockchain dispute and the enforceability of the judgment so passed. In the alternative, decentralised dispute resolution forum such as Kleros and Codelegit may be resorted to.
In India, for the purposes of enforcement and jurisdiction in relation to transactions over a blockchain network, Section 65B (Admissibility of electronic records) of the Indian Evidence Act, 1872 may be of vital importance. Since the records exist over a network, their admissibility as electronic evidence before courts of law will be governed by Section 65B. This provides that any record produced by a computer shall be admissible as evidence without further proof or production of the original, subject to the conditions laid down in sub-sections of section 65B. Complying with the conditions, however, may be in certain cases challenging unless the courts are willing apply the necessary flexibility by waiving few such conditions.
8) Consumer Protection Act, 2019 ("CPA 2019")
CPA 2019 in contrast to its predecessor17 accommodates e-commerce transactions.18 This is of relevance in a scenario wherein goods/services are being transacted on a blockchain platform. CPA 2019, in the context of a permissioned blockchain network, imposes liability on the regulating participant, being equivalent to an electronic service provider in case of any non-compliance. 19 However, identifying roles and obligations in a public / permission-less blockchain will be challenging which also makes enforceability of laws a concern over such a vast network..
The blockchain network may consider formulating an in-house grievance redressal forum within the blockchain network. Considering the pure consensual setup of a blockchain, an aggrieved party (either a node or a miner) may seek remedy for any action by any other participant of the blockchain affecting its rights. Such grievance redressal may be built in by design at the time of establishing and operationalising the network.
Alternatively, platforms like Kleros, Mattereum, CodeLegit and Oath Protocol are some of the available blockchain based dispute resolution mechanisms, facilitating various functions viz. auditing and compliance of smart contracts, due diligence, and community-based decision making to name a few.20
9) Cryptocurrency and tax
Cryptocurrency qualifies to be treated as a capital asset. Therefore, any profit or gain in the transfer of the same shall be eligible to be taxed as a capital gain.
As regards the Goods and Services Tax, there is no specific category for cryptocurrency, thereby rendering the legislation inapplicable on the same in its current form.
10) Land transfer and reforms
Transfer of any immoveable property in India should be undertaken in compliance with the Transfer of Property Act, 1882, Registration Act, 1908 and Indian Stamp Act, 1899. Every identified transfer of property should be mandatorily registered and adequately stamped in accordance with the prevailing State-specific duty in order to attain legitimacy and enforceability. Accordingly, implementing a transfer of property over a blockchain will require the following: (a) a complete digitisation of land records with updated ownership details; (b) set of legally valid governance principles which permit such digital transfer of property; (c) a form of transaction duty which may be imposed on such transaction which could effectively replace/substitute registration fees and stamp duty payable at the time of physical registration of transfer. Accordingly, enabling legislation will need to be enacted and implemented in order to provide legal sanctity to such blockchain based transfers.21
The process of registration legitimises the agreement between the parties in relation to transfer of property.22 Further, employing blockchain for transfer of property would make the entire process time efficient as against the lengthy period of 3 to 4 months. The same may also negate any chances of corrupt practices as the buyer can easily verify the property title, disabling the seller from engaging in any unethical practices like selling the said property for a second time.
Over the years, several States have begun testing viability of incorporation of blockchain technology in the process of land registration and record maintenance. The technology brings an opportunity for the State governments to exhaustively reform the land registration process allowing the States to process and maintain information such as chain of title, and land use, which was previously a difficult process to implement. We have listed such initiatives along with the relevant States in the third paper.
One such State is Rajasthan which aims to digitize land titles. Implementation of blockchain for digitising land records has been rendered ideal on account of the Rajasthan Urban Land (Certification of Titles) Act, 2016 ("Rajasthan Act"). The Rajasthan Act provides that the State government will act as a guarantor for land titles in the State and would compensate the affected in cases of issuance of defective titles. The said guarantee germinates out of a certificate issued by the Urban Land Title Certification Authority, upon verification of the ownership of the said property.
11) Competition law and blockchain
The existing framework of competition law and emergence of blockchain gives rise to numerous dimensions, wherein the working of the latter shall be in conflict with the rules of the former. For instance, consortiums on blockchain may facilitate price-fixing23 with much more ease amongst the competitors in a relevant industry, owing to the privacy enjoyed by blockchain. Further, the concept of 'gating' whereby, the entry to a blockchain network (permissioned or private blockchain) can be closed for a new entrant, might result in foreclosure of the market24 for a new entrant. The aforementioned are just few of the many potential concerns that may arise in the context of competition law and blockchain technology.25
While blockchain technology holds a promising future in the world of tech based development, however, some of the unique characteristics inherent in the technology might make it a grey area for legal enforcement purposes. The challenges that entail a decentralised digital system with no territorial limits may be infinite. While this may be the case in terms of legal enforcement, it cannot be ignored that blockchain technology has brought in a simple, yet potent system that primarily operates on trust between anonymous users and cryptography. This makes it particularly suitable for being applied to distinct sectors across borders.
1. Internet and Mobile Association of India v. Reserve Bank of India, 2020 SCC Online SC 275.
2. Distributed Ledger Technology, Blockchain and Central Banks, (Feb. 11, 2020), Reserve Bank of India, https://m.rbi.org.in/Scripts/BS_ViewBulletin.aspx?Id=18766.
3. Nalin P., Distributed Ledger Technology, (Feb., 2020), RBI BULLETIN, https://rbidocs.rbi.org.in/rdocs/Bulletin/PDFs/03AR_11022020510886F328EB418FB8013FBB684BB5BC.PDF.
4. THE TELECOM COMMERCIAL COMMUNICATIONS CUSTOMER PREFERENCE REGULATIONS, 2018 (6 of 2018), TELECOM REGULATORY AUTHORITY OF INDIA, (July 19, 2018), https://main.trai.gov.in/sites/default/files/RegulationUcc19072018.pdf.
5. Stuart D. Levi, An Introduction to Smart Contracts and Their Potential and Inherent Limitations, HARVARD LAW SCHOOL FORUM ON CORPORATE GOVERNANCE, (May 26, 2018), https://corpgov.law.harvard.edu/2018/05/26/an-introduction-to-smart-contracts-and-their-potential-and-inherent-limitations/.
6. "S. 10. What agreements are contracts.—All agreements are contracts if they are made by the free consent of parties, competent to contract, for a lawful consideration and with a lawful object, and are not hereby expressly declared to be void.
Nothing herein contained shall affect any law in force in India and not hereby expressly repealed, by which any contract is required to be made in writing or in the presence of witnesses, or any law relating to the registration of documents."
7. Information Technology Act, 2000, S. 5.
8. Justice K.S. Puttaswamy (Retd.) & Anr. v. Union of India & Ors., (2019) 1 SCC 1.
9. SPDI includes sensitive information in the form of passwords, physical characteristics, biometrics, financial information, sexual orientation, to name a few.
10. Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011, R.3.
11. As per CERT Rules "cyber security incident" is to mean "any real or suspected adverse event in relation to cyber security that violates an explicitly or implicitly applicable security policy resulting in unauthorized access, denial of service or disruption, unauthorized use of a computer resource for processing or storage of information or changes to data, information without authorisation".
12. As per CERT Rules "cyber security breaches" is to mean "unauthorised acquisition or unauthorised use by a person as well as an entity of data or information that compromises the confidentiality, integrity or availability of information maintained in a computer resource".
13. Rachit Bahl, India: Data Protection and Cyber Security, (May 13, 2019), LEGAL 500.
14. Birgit Clark, Blockchain and IP Law: A Match made in Crypto Heaven?, (FEB., 2018), WIPO MAGAZINE.
15. Patents Act, 1970, Ss. 2(ac), 2 (ja), 2 (l), 3 and 4.
16. Copyright Act, 1957, S. 2(ffc).
17. CPA 2019 replaces the previous Consumer Protection Act, 1986.
18. Consumer Protection Act, 2019, Explanation (a) of S. 2(7) and S. 2(16).
19. Consumer Protection Act, 2019, S. 2(17).
20. David Savage, Thoughts for the new decade: smart contracts, blockchain and construction dispute resolution, (15 January, 2020), LEXOLOGY, https://www.lexology.com/library/detail.aspx?g=1ad81f73-266f-4ea9-9b55-cdb9eff72330.
21. Blockchain: The India Strategy, NITI AAYOG, Pg. 31-32, (January, 2020), https://niti.gov.in/sites/default/files/2020-01/Blockchain_The_India_Strategy_Part_I.pdf.
22. Ananth Padmanabhan, Distributed Land Ledgers: Law, Policy, and Application, BLOCKCHAIN FOR PROPERTY – A ROLL OUT ROAD MAP FOR INDIA, Indian Inst. 17 (2017).
23. Competition Act, 2002, S. 3(3)(a).
24. Competition Act, 2002, S. 4(2)(c).
25. Thibault Schrepel, Is Blockchain the Death of Antitrust Law? The Blockchain Antitrust Paradox, 3 Geo. L. Tech. Rev. 281 (2019).
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.