Blockchain at a glance
- It is a decentralised database ("ledger") that is made up by all its participants ("nodes") as in comparison to "Client Server Models" where a central server holds all the data.
- To complete a transaction, the network must validate the transaction through a democratic consensus mechanism which ensures secure data management and transmission.
- As every member holds separate copies of the database which are cross-checked the database is not manipulable.
- It is an open source network which has no secret language or hidden content, which ensures maximum transparency of the database.
- Blockchain enables the possibility of smart contracts which are self-executing when certain pre-defined requirements are met, without the need of human interference.
The technology behind blockchain
Blockchain is a decentralised database technology, where no central server or participant holds control over the database and the decision-making process, but instead each participant ("node") holds a separate copy of the database. The blockchain technology enables the possibility of a decentralised and unchangeable documentation of transactions within a peer-to-peer network.
Every participant in this network holds its own copy of the database. The locally stored databases are constantly checked against each other to determine the consistency with the prevailing versions. Therefore, it is theoretically impossible to manipulate the database as each copy would have to be manipulated.
Transactions (e.g. transfer of a Bitcoin) are executed in many small steps: (i) the transaction is communicated to the blockchain network; (ii) nodes are validating the transaction according to the transaction rules that are included in the blockchain's source code (the so-called "consensus mechanism" – see below); (iii) miners (nodes that are collecting and encrypting transactions)) are collecting new transactions in transaction-blocks to avoid double-spending; (iv) miners are encrypting each transaction and the entire block into hashes; (v) after encrypting the blocks, nodes are validating the hashes; and (vi) after the validation, the nodes are adding the new block to their local version of the blockchain whereas the longest blockchain will prevail.
The hashes of each block contain the entire blockchain history.
Every transaction is fed into a hash function and encrypted asymmetrically. Then, the hash value for the transaction undergoes a network-wide cross-check to determine (i) whether the sender is authorised and (ii) whether the transaction is possible. This validation is carried out by the miners, who in return also receive a service in return, often in the form of crypto currencies. If these two conditions (i.e. (i) authorisation of the participant and (ii) possibility of the transaction) are met, the transaction is executed and will be attached to the chain.
Thus, if an old database entry is manipulated, the hash of the new block will change and the whole network will notice the manipulation. Therefore, blockchain technology is deemed to be tamper-proof.
Each blockchain determines the mechanism for determining the distributed consensus within the network. There are different types of consensus mechanisms. Common mechanism are: Proof of Work (used by the Bitcoin and Ethereum Blockchains) and Proof of Stake.
"Proof of Work" means the miners need to solve a complex mathematical problem, which is called the "proof of work", ensuring that new blocks are added to the blockchain in a continuous interval. The first miner who solves the mathematical problem may hash the block and communicate it to the network. As a remuneration for his effort, the "miner" gets a transaction fee as well as the right to dispose over a certain amount of newly created bitcoins.
"Proof of Stake" means that the network chooses the validator, e.g. on a random basis or depending on certain factors (called "weights" – Proof of Weights).
Public and Private Key
Persons participating in the network need to have a cryptographic public and a private key (also known as secret key). The public key is used to identify the participant within the network and is usually recognisable for each participant (e.g. Bitcoin address). The private key authorises the participant to sign transactions on the blockchain. Transactions can only be traced on the blockchain with the combination of both keys.
Private keys are held in so-called "wallets", which can be digital wallets (apps), hardware wallets (USB sticks) or paper wallets.
Bitcoins and crypto-currencies
Cryptocurrencies based on the blockchain technology, such as Bitcoins, have in the last two years gained enormous public attention and are currently the most popular blockchain application.
Contrary to popular belief, Bitcoins don't exist physically - you can merely own the right to transfer it within the bitcoin blockchain. Therefore, it is comparable (from a legal perspective) to a receivable.
Cryptocurrencies caused quite a headache for Financial Market Regulators, in particular as no statutory definition of cryptocurrencies exists. According to the Austrian regulator – the Austrian Financial Markets Authority (Finanzmarktaufsicht; FMA) – for instance, cryptocurrencies are typically characterised as follows:
- They are not issued by any central bank or governmental authority;
- New units of value are typically created using a predefined procedure within a computer network (i.e. consensus mechanism);
- There is no central authority which verifies or manages transactions;
- Transactions are recorded on a decentralised, publicly held blockchain and, once executed, cannot be revoked; and
- Electronic wallets may be used to store and manage virtual currencies.
According to the above, the FMA currently does not treat cryptocurrencies as "money" or otherwise given equal status with domestic or foreign currencies in Austria. In the view of the FMA, cryptocurrencies are rather commodities. However, derivative instruments referencing cryptocurrencies or tokens will be qualified as financial instruments under MiFID II and hence will be covered by financial services regulation under MiFID II/MiFIR.
Although commodities as such are not subject to supervision by the FMA, this does not lead to the effect that business activities relating to cryptocurrencies are entirely outside the Austrian regulatory regime. Such business activities may trigger:
- Licensing agreements under the Austrian Banking Act (BWG; Bankwesengesetz);
- The Austrian Alternative Investment Fund Manager Act (AIFMG; Alternative Investmentfonds Manager-Gesetz);
- The Austrian Payment Services Act (ZaDiG; Zahlungsdienstegesetz); and
- Prospect requirements under the Austrian Capital Markets Act (KMG; Kapitalmarktgesetz).
Given the diversity, complexity and rapid evolution of business models involving cryptocurrencies or tokens will need to be assessed on a case-by-case basis, in particular as regulators tend to apply a technology-neural approach to their supervisory obligations.
Initial Coin Offering and Initial Token Sales
Initial coin offers ("ICOs") or initial token offers ("ITOs") typically are transactions that aim at financing companies or projects by employing Blockchain technology through Crypto Assets such as Bitcoin, Ether or similar/other coins and tokens provided in exchange for a coin or token of the issuer representing a participation in the issuer's capital, a dividend right or which is otherwise linked to the relevant company/project.
Since ICOs can be structured in very different manners, the regulatory aspects need to be assessed on a case-by-case basis. In Austria, e.g.
- ICOs may trigger licensing requirements under the Austrian Banking Act, e.g. taking deposits, issuing means of payment, underwriting or holding securities for third parties.
- Coins or tokens issued in an ICO may qualify as transferable securities within the meaning of European securities legislation such as MiFID2. In such a case, services rendered in relation to an ICO may require a respective investment firm licence.
- An offering of tokens that qualify as transferable securities or investments (Veranlagungen; a local Austrian securities law concept) may require a prospectus pursuant to the Austrian Capital Markets Act.
- Crypto assets that perform a payment function may fall under the scope of the Payment Services Act implementing PSD2.
- An ICO may also fall in the scope of the Alternative Investment Fund Managers Act, in particular if Crypto Assets raised are used for investment for the benefit of their holders in accordance with a predefined investment strategy (in that respect, the FMA has previously also mentioned that raising funds for Bitcoin mining also qualifies as funds raised for investment).
- Services provided in the course of an ICO may also trigger applicable Know-Your-Customer / Anti-Money Laundering requirements, for example, in connection with the provision of wallet services and token exchanges.
Without prejudice, regulators typically distinguish between the following token categories:
- Security tokens confer a right of payment against an issuer, either on a corporate basis (e.g. dividends) or a contractual basis (e.g. repayment of principal/interest under a loan). They are thus very similar to traditional debt or equities. It is irrelevant that the payment is made in fiat currency. Security tokens are subject, in particular, to the following regulations:
- Issuers need to assess whether a security token triggers prospectus requirements under the Austrian Capital Markets Act.
- Exchanges need to assess whether a licence is required to operate a trading platform.
- Service providers need to assess whether they are rendering licensed banking/investment services.
- Custodians of security tokens (e.g. trustees) need to assess whether a banking licence is required, as taking securities into custody on a commercial basis requires a banking liccnse.
- Payment tokens primarily perform a payment function for a larger group of persons. Issuance of payment tokens may require a banking licence (issuance of means of payment), a licecse under the E-Money Act or a licence under the Payment Services Act. The FMA will assess the regulatory implications on the basis of the following questions:
- Who is the issuer of / generates the payment token?
- Do third parties accept the payment token for payment of their goods or services?
- How large is the network within which the payment token is accepted?
- Are pay-outs in fiat currency possible?
- Utility tokens are primarily used in connection with certain products or services. If the token can only be used for a very limited range of products or services (e.g. on a single platform) and if it does not confer any other rights, it appears very similar to a voucher and shall not be subject to any regulatory regime. If it can (also) be used for payment, however, the regulatory implications set out for payment tokens must be considered. If the utility token has an investment function – in particular if it confers a right to payment of capital, interest or similar – the regulatory implications for security tokens may be relevant.
In addition, there are "No rights" tokens, i.e. tokens that do not serve the purpose of investment or conveying rights and therefore cannot be used for payments (e.g. tokens serving an identification function – KYC token).
Whether or not the offering or sale of tokens is subject to regulation needs to be assessed on a case-by-case and per country basis (in all countries, in which tokens will be offered!).
A smart contract is typically not a contract in the legal sense. It is a programme code that is communicated to, and stored on, a blockchain. Smart contracts specify simple logic patterns, such as: if condition A has been met, operation B will be executed. The combination of the decentralised, transparent and irreversible nature of the blockchain and the automated self-executing programme code is at the heart of the popularity of smart contracts and many related research activities across the globe.
Smart contracts can be used in different ways:
- simple smart contracts, which are used as pure performance instruments for separately concluded legal contracts (such as vending machines in the real world) and do not qualify as legal contracts; or
- legal smart contracts, meaning that the underlying programme code itself qualifies as a legal contract.
From a legal perspective, contracts could be concluded directly on the blockchain via legal smart contracts. However, smart contract users should consider possible legal pitfalls due to the international nature of the blockchain technology and non-transparent contractual structures and liability regimes.
Smart production and Industry 4.0
Closely related to blockchain is Industry 4.0, which is currently one of the main areas where we see more and more digitalisation happening. Industry 4.0 is about cross-systematical, transaction-based processes, for example automatic internal and external logistical processes or money transactions after the execution of pre-defined process steps.
Industrial applications can potentially profit from blockchain technology. However, as already mentioned above, new technologies have to be examined to determine whether they are compatible with the existing legal framework. But before blockchain technology can be rolled-out on a larger scale, certain issues regarding the key features of blockchain, for example its decentralised data management and its unchangeability of information, have to be ironed-out in order to fulfill the requirements of the industrial environment.
A potential legal framework for smart contracts would have to take many parameters into account, such as industrial mass transactions and also enable digital contract agreements and settlements, linking them with legal standards and technical requirements. As smart contracts are self-executing, it must be possible to interrupt them if disputes occur. In this case, data protection is of crucial importance. In order to achieve this objective, further legal development and structuring has to be done.
Authors: Thomas Kulnigg, Maximilian Nutz & Sascha Smets
Austria: FMA publishes guidance on ICOs and token classification
Ricardian contracts: A smarter way to do smart contracts?
Smart contracts: Too smart for Austrian civil law?
Digitisation, administration and transfer of registered shares of an unlisted AG on the blockchain
Global Legal Insights to: Blockchain & Cryptocurrency Regulation 2019 - Chapter Austria
Austria: News from the crypto-world
Are ICOs the future of fund raising?