Regulation Special: The Hierarchy of Liability

Reading time:


The functioning of the blockchain technology is beyond the logic of the state. States, central banks and supervisory authorities are overburdened because they do not know how to regulate a system that is not central. Although there are always position papers on the subject of digital currencies, they are often without concrete instructions on how to regulate them. Our regulation special dares to take a step into possible options. Today: Who is liable?

“We want to regulate Bitcoin better in the future.” That or something similar is the sound of efforts by politicians and regulators in all countries. But how is that supposed to work?

If you recall the characteristics of Bitcoin formula, you can see the problems of regulation

By definition, Bitcoin formula is known to be pseudonymous, cryptographic and decentralised: In the latter attribute lies the crux of the matter, if you ask yourself how to regulate the crypto currency. Is it possible to regulate a crypto currency that comes from all corners of the world just like that? If so, who is responsible?

Only recently the Bafin published a letter in which it pointed out that when classifying crypto currencies and ICOs one must always decide on a case-by-case basis. Accordingly, crypto currencies are mainly classified as financial instruments, securities or investments. The Bafin initially shifts responsibility to the initiators of ICOs, because

Market participants who provide services with regard to tokens, trade in tokens or offer tokens to the public are required to carefully check whether a regulated instrument, i.e. a financial instrument within the meaning of Section 2 (4) WpHG or a security within the meaning of Section 2 no. 1 WpPG, exists in order to fully comply with any legal requirements.

Liability according to Bitcoin trader

Bafin’s proposal is partly in line with a working paper on the subject by a Bitcoin trader research group like this: In a comparison of German and French law as well as common law, they finally came to the conclusion that it makes sense to establish a hierarchy of people involved in the respective networks. Depending on the involvement and responsibility within the various networks, liability also arises. According to German law, the blockchain must normally be treated like a GbR or OHG with the corresponding rules. They propose the following hierarchy:

Developers who are responsible for the code and create the technology; owners of servers; “qualified users” (such as Exchanges or Miners); “simple” users; third parties who do not actively participate in the system.

Furthermore, it is necessary to clarify who is responsible for the data and whether the use of the data is compatible with the respective national laws. The distribution of data over individual nodes (see our What about Ledgers series) could violate the data protection laws of some countries. For example, Bitcoin is theoretically able to obtain information about users from individual nodes and personalise the apparently unpersonalised data again – the network is pseudonymous, not anonymous. Entities using block-chain applications must address these issues and review their respective data security policies. Once the framework has been worked out, the technology itself can be used – and Smart Contracts can be used, for example, to ensure that the respective national laws are observed.

The problem that joins this question is the fact that the blockchain does not forget – all data is stored forever. This can cause massive problems for individuals or companies working with the blockchain. In the event that incorrect data is fed into a system, it can no longer be deleted. Everyone who works with blockchain solutions must always keep this in mind. A regulatory approach also has to deal with this.

What was that like again?
If one follows the proposal of the working paper of the European Banking Institute, a hierarchy of participants makes sense. The more you deal with the network, the more liable you are. From top to bottom: Developers – server operators – qualified users (exchanges/miners) – simple users – third parties.