Digital Assets: What is the Law Commission considering?

February 1, 2023

The Law Commission has been consulting on its proposal that the law of England & Wales recognise and protect property rights in ‘digital objects’ (with crypto-tokens as the only eligible item at this stage). Aside from the Commission impressively producing a veritable textbook on the English law of personal property, this process has involved three ’roundtable’ discussions relating to custody of digital assets, using them as security for finance; and whether they should be the subject of a new class of personal property. I participated in the roundtables and submitted my thoughts in answer to questions in the consultation paper, the substance of which I’ve summarised here. My numbered references are to the paper itself.

A new category of personal property

It would seem helpful for English law to recognise ‘data objects’ as a new category of personal property, since its clear that the courts see ‘crypto-tokens’ (for example) as a form of property that does not fit neatly into existing categories.

The Commission proposes that data objects would need to meet the following criteria:

(a) be composed of data represented in an electronic medium, including in the form of computer code, electronic, digital or analogue signals;

(b) exist independently of persons and the legal system; and

(c) be rivalrous (the use by one person/group inhibits the use by another).

The Commission believes that only ‘crypto-tokens’ would meet these criteria at present, noting that this concept is more restricted than ‘cryptoasset’ (as commonly used in financial regulation). A crypto-token comprises the limited ‘internal’ set of data that is “instantiated” within a crypto-token system or ‘distributed ledger’. In terms of the Bitcoin protocol, the token is the data that says how much is available to ‘spend’ (unspent transaction output or UXTO); while in terms of Ethereum, it would be the amount of value available in an ‘account’ (Appendix 3).

Where a token is linked to something else, like a right or an asset (14.5), the crypto-token will not include that “linked thing” (14.6), but together they would form a ‘cryptoasset’.

Criteria for a data object

To the first of these criteria, I would add that the data should also be “capable of being retrieved and capable of being subject to control” (in the sense of actual/electronic control rather than ‘legal control’). It would also be likely to be ‘divestible’ (see 5.54, 5.142).

I struggle with the idea that a data object must ‘exist independently of persons and the legal system’. While deserving of protection as a form of property, I think it is arguable that crypto-tokens, for example, are not independent of persons and/or the legal system on the following grounds:

  1. All protocols start with a centralised project team that publishes the protocol and related ‘white paper’ encouraging others to adopt it, often with the stated intention to promote “personal freedom” or establish ‘personal sovereignty’ and a ‘network of users’ (see 10.14, 10.45, 10.46, 10.47, 10.71, 10.103, 13.128-9). Legislation is also evolving to establish and strengthen claims against those involved (e.g. MiCA).
  2. That originating team and/or its financiers may retain certain controls over protocol governance; the protocols themselves may impose thresholds or limits (even in practical terms, such as computing power required to be a miner) which deliver control to certain token-holders.
  3. Even where the protocol and process of issuing/trading tokens is increasingly decentralised, the process is traceable either to the original team, white paper, governance group or financiers;
  4. Participants must effectively ‘consent’ to the use of a protocol/ledger system; and the legislative trend is to require ‘explicit consent’ (e.g. for payment services and personal data processing) or ‘informed consent’ for custody or other fiduciary services (16.90, 19.55). Fraud is triggered by the absence of any “legally effective consent of the victim” (19.127);
  5. Significant risks arise from the possibility that a protocol might be dysfunctional, so the law should not set up any presumption to that effect (the evidentiary presumption that computer systems work as they should is under question in the wake of the devastating Post Office Horizon scandal);
  6. It would also seem appropriate that the tokenisation of a person’s identity should qualify as property, yet that would not be the case if the crypto-token were required to be independent of the person (4.25).
  7. While DLT may be designed to remove ‘legally accountable intermediaries’ (10.64) or ‘minimise the reliance on trust’ or ‘remove a trusted third party’ (10.65), this can also be seen as a flaw or externality which must be addressed by third party service providers relied upon by participants to verify the provenance of crpyo-tokens transactions (Footnote 2040, 10.50, 10.68). The OECD recommends audits of the code underlying the smart contracts by neutral external parties; and the Financial Stability Board recommends that global stablecoin issuance be governed and operated by one or more identifiable and responsible legal entities or individuals with a sound legal basis and in compliance with rules and regulation for effective governance.
  8. What happens in the event that ledgers become interoperable particularly as a result of, say, regulatory remedies to resolve competition anti-competitive conduct?
  9. Finally, the observations as to the potential fragility of rivalrousness also highlight the dependence on persons and the legal system (10.101-10.109 and 10.112).

While a ‘data object’ should need to be rivalrous, I do worry that this may be ‘fragile’ and liable to be broken in certain circumstances, absent specific exception or clarification that might open the door to other items. A crypto-token, for instance:

  1. could act as a record of ownership, for instance, while being accessed/used by multiple parties to check ownership;
  2. may be both owned by one person and lent or ‘staked’ for trading by another;
  3. might be subject to use/transactions of different types sales/transfers, secured lending, derivatives, securitisation; all of which might legitimately operate simultaneously or in parallel, in the same way that real property can be sold subject to a lease, sub-lease and so on.

Examples of electronic things that would not qualify as data objects

The Commission helpfully analyses why it believes certain electronic things would not qualify as ‘data objects’:

  • Media files
  • Program files
  • Digital records
  • Email accounts
  • In-game digital assets
  • Domain names
  • Carbon emission allowances (statutory emissions credits)
  • Voluntary carbon credits

I have some concerns about ruling out ‘digital records’ generally, even if one includes among the criteria the requirement that they be ‘independent of persons and the legal system’:

  1. A great deal of data does not have a human intellect as its source (3.22), such as data emanating from sensors, meters and other gadgets participating in the internet of things; trading systems, DNA etc.’ and may be beyond any person’s memory capacity (3.27).
  2. Perhaps very large datasets could be transferred with permanent deletion from their original location (3.23), or could be in the future, so that they could be ‘rivalrous’; and access to information can already be limited in pursuit of private (or public) interests (3.36). There are highly sensitive personal data that cannot be shared; and public bodies/governments frequently resist ‘Freedom of Information’ requests, for example.

It also seems possible to me that accounts in encrypted messaging systems might satisfy the requirements for digital objects (referred to in the EU’s Digital Markets Act as “number-independent interpersonal communication services (or NIICS)”).

In-game assets generally do not seem likely to be divestible from the game in which they are issued/hosted, but what if they were to become interoperable with other games, whether voluntarily by the games developers or as mandated by competition or consumer protection authorities?

Emissions allowances and voluntary carbon credits could be tokenised as cryptoassets, such that they benefit from the tokens being property.

Crypto-tokens as digital objects

While I agree that crypto-tokens should be viewed as a form of property, I can see there may be cases where that would not be appropriate, such as where:

  • a crypto-token system is being used without the intent to create tokens as ‘property’ and/or customers have no need or expectation of ownership;
  • a service provider merely happens to be using distributed ledger technology, and tokens are issued/created in the course of providing a service, but they are not central to the service or customer experience; and the service provider might equally decide to deliver that service and the relevant tokenised aspect using either a different DLT system or a non-DLT system.

Process and validity of crypto-token transfers

The transfer of a crypto-token usually involves a transfer operation that effects a state change within the relevant crypto-token system. This typically involves replacing, modifying, destroying, cancelling, or eliminating the pre-transfer crypto-token and a resulting, corresponding, causal creation of a new, modified or causally-related crypto-token. The corresponding causal creation is evidenced within the dataset that constitutes pre-transfer and post-transfer tokens, i.e. in the metadata that persists between the two tokens or the associated smart contract under which the transfer occurs.

Accordingly, it should not matter that transfers of crypto-tokens are not “characterised as the transfer of an unchanging thing” (12.16); and that “the law should leave room… for characterising particular transaction arrangements as transfers of an identifiable and persistent thing, even though the crypto-token itself is modified or extinguished on transfer” (12.54).

The Commission believes this should be recognised in English law on the basis of ‘freedom of contract’. However, in my view it may be helpful if basic enabling legislation were also to provide that, say:

No transfer of a crypto-token shall be deprived of its effect solely on the ground that the crypto-token itself is modified or extinguished on transfer and the transfer results in the corresponding causal creation of a new, modified or causally-created crypto-token, provided that the corresponding causally created crypto-token is evidenced either in meta-data that persists between the original crypto-token and the corresponding crypto-token or otherwise in the transfer mechanism (see 12.38, 12.54-12.60).

Legislation could also recognise participants’ ability to use any other methods to attribute specific importance to specific crypto-tokens or not, so there would seem to be no substantive difference between attribution as an “NFT” (linked to certain data/images the subject of intellectual property rights/licences) or a fungible token (whether or not linked to some other external legal right).

It also seems appropriate that:

  • a crypto-token should not be capable of being transferred “without a corresponding factual transfer operation that effects a state change” in the ledger (13.132); and
  • participants should be free to agree whether or not the state of the ledger will be the definitive record of legal rights or title (13.11), unless the law, regulation or rules specify otherwise (in recognition of the concerns of financial or other regulators that there should be no separation between the ledger and specific instruments and/or their means of legal transfer (13.132, e.g. the Liechtenstein Token Act (14.47-14.53)).

It may be necessary, however, for any statutory reform to expressly allow for equitable transfers of crypto-tokens where no state change has occurred (or needs to occur), subject to becoming legal transfers on the occurrence of a state change (similar to the need for notice to perfect a legal assignment under section 136 of the Law of Property Act 1925, for example).

Control of a data object is more appropriate than Possession

The concept of ‘control’ does seem more appropriate for data objects than the concept of possession. A person could be said to control a data object where that person can:

(1) exclude others from the data object;

(2) put the data object to the uses of which it is capable (including, if applicable, to effect a passing out of, or transfer of, that control to another person, or a divestiture of control); and

(3) identify themselves as the person with the abilities specified in (1) to (2) above.

These concepts can be left to develop through contract, custom, usage and guidance from industry bodies and expert panels, as well as case law, rather than being codified in statute.

A transfer operation that effects a state change (in the ledger) should be a necessary but not sufficient condition for transfer of (superior) legal title to a crypto-token, allowing for contracts and other means of ‘derivative title transfer’ in tandem (13.18). That would mean a deed or bill of sale would not be enough on its own to effect the transfer of a crypto-token without a state change in the ledger (see 13.19, 13.22 and 13.45-47).

This raises the problem where a purchaser is only aware of the state change in the ledger and is unaware of an associated deed etc.. The state change should set up a defence of good faith purchaser for value without notice (an ‘innocent acquisition rule’) without automatically applying to anything linked to the token which may require such a document or ‘derivative title transfer’ (or to effect the transfer of the wilder ‘cryptoasset’) (13.52, 13.91). This is likely to require legislation, either because there’s a perception that such a rule or presumption already applies but courts may not have ruled on it or the need to clarify the position in legislation dealing with the transfer of linked assets/rights.

Conversely, it should also be legally possible to separate (superior) legal title to a crypto-token from the recorded state of the ledger and/or factual control over a crypto-token.

Crypto-tokens are not goods

While crypto-tokens should not qualify as ‘goods’, it seems important to clarify whether a crypto-token:

  • would amount to ‘digital content’ under Consumer Rights Act 2015.
  • Could be the subject of a ‘pawn’ arrangement under the Consumer Credit Act 1974 (CCA) and whether other CCA reform may be required to support the use of data objects in decentralised consumer finance (DeFi) scenarios.
  • Could qualify as an electronic signature, considering that:

  1. Section 7 of the Electronic Communications Act 2000 recognises the validity of such an electronic signature by providing that an electronic signature is admissible as evidence of authenticity (set out below for convenience).
  2. Section 61 of the Consumer Credit Act 1974 and Regulation 4(5) of The Consumer Credit (Agreements) Regulation 2010 (SI 2010 No 1014) effectively provide that a regulated credit agreement is capable of being electronically signed: Bassano v Toft [2014] EWHC 377 (QB).

Custody of data objects

I do not think it is appropriate to draw a distinction between ‘direct’ and ‘indirect’ custody services. A custodian would hold crypto-tokens on behalf of or for the account of other persons with or without capacity to exercise, or coordinate or direct the exercise, of factual control (positive and/or negative), so it should be possible for custodians to agree different service features or levels, or types of control.

The nature of custody relationships and the status of property on insolvency or wind-down

Custody arrangements could be characterised and structured as trusts, even where the underlying entitlements are (i) held on a consolidated unallocated basis for the benefit of multiple users, and (ii) potentially even commingled with unallocated entitlements held for the benefit of the custodian itself.

But there could need to be legislative change, for example, where:

  • the tokens fall within the scope of the Electronic Money Regulations 2011 (as ‘e-money tokens’) or FCA client money/assets rules (as ‘security tokens’), since these may not be ‘trusts’ (as in the case of the e-money safeguarding regime) or might be a form of statutory trust;
  • necessary to clarify the scope and application of section 53(1)(c) LPA 1925 to facilitate the broader adoption of trust law in structuring custody facilities;
  • the interests of beneficiaries or rights of co-ownership in an equitable tenancy in common depend on the mechanics of statutory resolution schemes for financial institutions (under the Electronic Money Regulations 2011 or wider Special Resolution Regime); or the specific rights for customers under the Financial Services Compensation Scheme.

Other issues include:

  1. What happens to ownership of crypto-tokens in the event of the failure or withdrawal of the crypto-token system?
  2. What happens where tokens are issued on one ledger, but the issuer wishes to move to a new ledger or to a non-crypto system especially where the new/replacement tokens do not qualify as a data object?

It may be helpful for legislation to provide for a pro rata shortfall allocation rule in respect of commingled unallocated holdings of crypto-tokens or crypto-token entitlements in a custodian or other institutional insolvency, subject to specific treatment in line with existing regimes for linked assets.

Collateral or security arrangements for data objects

It should be possible for crypto-tokens, as data objects to be the subject of title-transfer collateral or security arrangements, but specific law reform may be required for some regulated collateral arrangements, such as pawn agreements, conditional sale agreements or secured credit agreements under the Consumer Credit Act 1974. That would need to cover entering into, administering and enforcing such arrangements, which are highly prescriptive. So it may be necessary to ensure that existing statutory frameworks facilitate such arrangements, rather than setting up a bespoke collateral regime just for data objects (especially given the likely link between tokens and other things to form ‘cryptoassets’).

Damages and other remedies relating to data objects

As crypto-tokens are generally not “money”, the enforcement of an obligation to “pay” or transfer crypto-tokens should generally be regarded as non-monetary (aside from e-money tokens), and hence claims for unliquidated damages (19.26). But there may be cases for a court to have discretion to award a remedy a remedy denominated in certain crypto-tokens, where traditionally the judgment would have been denominated in money.

The existing rules on tracing (at equity and common law) can be applied to crypto-tokens where there’s a state change in the ledger; but that the law on ‘tracing into a mixture’ may require further development or reform, whether generally or specifically with respect to crypto-tokens (19.52).

Existing legal frameworks do seem applicable to data objects, but statutory or common law reform may be needed in relation to:

(1) breach of contract;

(2) vitiating factors;

(3) following and tracing;

(4) equitable wrongs;

(5) proprietary restitutionary claims at law; and

(6) unjust enrichment.

(19.88)

It seems appropriate top extend the tort of conversion to data objects (or at least a conversion-type cause of action grounded in control rather than possession), subject to a special defence at law of (or analogous to) ‘good faith purchaser for value without notice’.

While generally applicable, it is not clear whether the existing principles/provisions relating to injunctive relief, enforcement of court process and judgments adequately apply to data objects without the need for law reform, since so few cases seem to be defended at this stage (19.148).

A key area of uncertainty appears to be what cause of action or remedy would lie or be effective where a distributed ledger, protocol or smart contract does not work as described (e.g. in the related white paper).

Simon Deane-Johns

Simon Deane-Johns, Consultant Solicitor Keystone Law and a Fellow of the SCL