Connected: 1st Cohort Best Practices Report - June 2024

SIGN-UP TO RECEIVE THIS MONTHLY NEWSLETTER BY CLICKING HERE

This issue has been edited by Marjolein Geus and Dr Natallia Karniyevich with contributions from the Regulatory & Public Affairs team.

In this Connected Edition, we focus on the 1st Cohort Best Practices Report which was launched during the Best Practices Report webinar on 20 June 2024. This is a very important milestone in the European Blockchain Sandbox for innovative use cases involving Distributed Ledger Technologies (DLT), an initiative of the European Commission.

The European Blockchain Sandbox provides a framework for regulators, supervising authorities and blockchain/DLT innovators to engage in a cross-border regulatory dialogue, identify challenges and solutions from a legal & regulatory perspective in a safe and confidential environment, and thus increase legal certainty for innovative decentralised technology solutions, including blockchain. Bird & Bird, its consultancy arm OXYGY and other consortium partners have been commissioned by the European Commission to set up and operate the European Blockchain Sandbox. The initiative annually supports 20 projects and has started in 2023. The sandbox is open to use cases based on any blockchain infrastructure.

The dialogues for the 1st cohort took place from the end of 2023 until May 2024 and have resulted in lessons learned, best practices and recommendations which are relevant for the wider community. The results are presented in this best practices report (Best practices report, 1st cohort, Part B) and summarised below (for a more detailed summary of the Best practices report, see here). The setting up of the European Blockchain Sandbox, the application & selection process and the matching with relevant regulators and supervising authorities for the first cohort of 20 uses cases is published as Best practices report, 1st cohort, Part A.

Please get in touch if you have any questions or would like further information on these topics.

Objectives and policies

The European Blockchain Sandbox is a regulatory sandbox which aims to establish a pan-European framework for regulatory dialogue. This initiative of the European Commission brings together national and EU regulators and authorities with providers of innovative blockchain/DLT applications in both the private and public sector to identify possible issues and solutions from a legal & regulatory perspective in a safe and confidential environment. The cross-border regulatory dialogues will allow innovators to better understand relevant laws and regulations. The exchanges will allow regulators and authorities to enhance their knowledge of cutting-edge technologies involving blockchain and distributed ledger technologies, and to exchange views and experiences with other regulators and authorities.

The pan-European Blockchain Sandbox is set up and operated by a consortium of legal experts from the law firm Bird & Bird and its consulting arm OXYGY supported by blockchain experts of Warren Brandeis and website designers Spindox, which has been procured through an open call for tenders in 2022. The selection and the award process is overseen by a panel of independent academics consisting of Professor Roman Beck (IT-University, Copenhagen), Professor Soulla Louca (University of Nicosia, Cyprus) and Professor Walter Blocher (University of Kassel).

The European Blockchain Sandbox initiative annually supports 20 projects and has started in 2023. The sandbox is open to use cases based on any blockchain infrastructure. Blockchain use cases are selected on the basis of published eligibility and award criteria and matched with relevant regulators and supervising authorities. The European Blockchain Sandbox does not imply legal endorsement or regulatory approval of the use cases, nor does it allow for derogations of applicable laws. Results are made available to the wider community through best practice reports.

Participants in the first round of dialogues

After the launch of the European Blockchain Sandbox on 14 February 2023, the project has gone through a successful first application round, which after a rigorous selection process resulted in an impressive 1st cohort of 20 innovative blockchain/DLT use cases, which between them represented all EU/EEA regions and a range of industry sectors (including one EBSI use case). The financial/crypto asset applications are well represented but not dominating, and a broad variety of other use cases is represented in the first cohort, covering areas such as verifiable credentials/authentication, CO2 emissions, digital product passports, cultural asset passports, customs, cyber security, data sharing and DAOs. 

The selected use cases in the 1st cohort have been successfully matched with well over 50 national and EU regulators/authorities from across the EU/EEA and covering a broad range of regulatory areas. An overview of the participating regulators/authorities is published on the project website.

Each of the twenty, 1st cohort use cases were matched with relevant regulators/authorities and the dialogues for nineteen of these use cases were completed and resulted in best practices/lessons learned. The combined results are presented in this report.

Format of the 1st round of regulatory dialogues

The dialogues for the 1st cohort were organised in accordance with the project’s Protocol for Sandbox Participation. The regulatory focus areas and regulatory topics for the dialogues were determined based on the selected use cases and in consultation with the selected use case owners while taking into account an appropriate balance of relevant regulatory areas for the 1st round of dialogues.

The approach during the dialogues depended on the use case and the area(s) of regulation:

• Several dialogues focused on regulatory compliance by DLT/Blockchain use cases. Examples are the dialogues with a focus on the GDPR, cyber security, AML and Financial Sector regulation. During these dialogues, valuable guidance was provided by the participating regulators/authorities to the use cases which resulted in best practices and lessons learned which are presented in the best practices report.
  
• Other dialogues focused on how the use DLT/Blockchain applications can support efficient and effective compliance and oversight. Examples of the use of Blockchain/DLT as an extra tool, making compliance and oversight more efficient, were discussed in the customs area, Battery Passports/DPPs, Cultural Asset Passports and CO2 reporting (EU ETS/MRV). The use of Blockchain/DLT for mandatory monitoring, reporting and oversight will likely become a relevant area for the dialogues in the next cohorts.
  
• Finally, the dialogues for some use cases focussed on regulation as a facilitator such as (i) the use of the EUDI Wallet and new categories of qualified trust services in scope of the eIDAS Regulation, (ii) the possibility to qualify as a recognised Data Altruism Organisation in the sense of the Data Governance Act, as a possibility to enhance credibility of a Blockchain/DLT use case and (iii) the harmonised regulatory framework of MiCAR.

Relevant legal & regulatory areas for the 1st round of dialogue

The report describes the relevant laws and regulations for blockchain/DLT applications. The 1st round of dialogues focussed on 13 of these relevant regulatory areas and have resulted in a wide range of lessons learned, best practices and recommendations. The results are presented in the best practices report, 1st cohort, Part B in different chapters for each of the 13 regulatory areas. The best practices and lessons learned are presented on a generic level and are not specifically linked to individual use cases or dialogues. READ MORE

The main focus points for each regulatory area are set out below.

1. Data Protection (GDPR) – Regulatory compliance (Best practices report Section 3)

From a GDPR perspective one the first questions that needs to be addressed is if the data that is recorded on the ledger qualifies as personal data. In other words, does the data represent information that relates to an identifiable natural person or is it anonymous data?

If the data that are recorded on the ledger qualifies as personal data, certain measures will have to be taken to ensure GDPR compliance. Measures that can be taken were discussed during the dialogues and are presented in the report.

For more information, please contact Wilfred Steenbruggen, Joaquin Munoz.
 
2. Cyber security (NIS2) – Regulatory compliance (Best practices report Section 4)

The dialogues in relation to cyber security legislation concentrated on the NIS2 directive. Unlike the GDPR, the focus of NIS2 is not on personal data but on the infrastructure and information systems used by the entities within the scope of the NIS2 Directive and the national implementation thereof.

The NIS2 legislation will be relevant for many Blockchain/DLT use cases either directly or indirectly because they qualify as suppliers for essential or important entities. This is analysed in more detail in the report.

For more information, please contact Natallia Karniyevich.

3. DAOs – Commercial Registers (Best practices report Section 5)

The term "Decentralised Autonomous Organisation" ("DAO") is not defined and is currently not used in EU legislation. There are different types of “DAOs”: with/without a legal wrapper and for profit/non-profit.

DAOs lacking legal entity status and lacking a central authority figure (depending on their activities) may face compliance issues under certain existing legal frameworks, which are designed to govern legal or natural persons and pose a complex challenge for regulators due to their inherent conflict with traditional legal frameworks. The report discusses these issues and explores possible solutions.

For more information, please contact René Rieter.

4. Customs – Blockchain/DLT solutions under the existing customs regulatory framework (Best practices report Section 6)

Existing and proposed EU legislation in the customs area is technology neutral and does not preclude the use of blockchain applications for declarations such as for import or export.
Although it can be challenging to meet the current mandatory regulatory customs requirements through blockchain solutions as a result of e.g. formal requirements regarding data submission in the national customs legislations, blockchain solutions can already be used in the customs area as an extra tool in particular in those areas where there could be trust issues and/or for efficiency reasons. Several examples were discussed during the dialogue meetings and are described in more detail in the report.

For more information, please contact Brian Mulier, Julia Baranska.

5. Blockchain/DLT solutions for Battery Passports and DPPs (Best practices report Section 7)

Existing and proposed EU legislation for Battery Passports and Digital Product Passports is technology neutral and does not preclude the use of Blockchain/DLT applications.
Several Blockchain/DLT solutions for Battery Passports/DPPs were presented/discussed during the 1st cohort dialogues and possible issues and solutions/recommendations were identified. Reference is made to the report for further details.

For more information, please contact Paolo Sasdelli.

6. Blockchain/DLT solutions to help prevent trafficking in cultural goods (Best practices report Section 8)

In accordance with the UNESCO Conventions State Parties have adopted national legislation and have established national registries to prevent trafficking in cultural goods. However, the measures that are taken on a national level are currently not harmonised.

The possibility to introduce blockchain/DLT based digital cultural asset passports as a supportive measure against trafficking in cultural goods also from a global perspective was discussed as part of the sandbox.

For more information, please contact Paolo Sasdelli.

7. Blockchain/DLT solutions for EU ETS / MRV reporting (in the maritime sector) (Best practices report Section 9)

Existing EU legislation in the area of the monitoring, reporting and verification of CO2 emissions from maritime transport is technology-neutral and does not preclude the use of blockchain applications for statutory reporting purposes.

The use of blockchain solutions as an extra tool for verifiers and competent authorities against fraud and to detect mistakes at an early stage were discussed during the dialogues and are described in more detail in the report.

For more information, please contact Raoul Grifoni Waterman.

8. Blockchain/DLT solutions – Data collection & sharing under the Data Governance Act (Best practices report Section 10)

The Data Governance Act (“DGA”) is in particular relevant for use cases that qualify as Data Altruism Organisation (voluntary regime) or as Data Intermediation Services (mandatory regulatory obligations) in the sense of the DGA.

The characteristics of Data Altruism Organisations and DISPs that were discussed during the dialogues in the context of the DGA and the relevant regulatory compliance requirements are set out in more detail in the full report.

For more information, please contact Willy Mikalef.

9. Relevance of the eIDAS 2 regulation for Blockchain/DLT solutions (Best practices report Section 11)

Pursuant to the amended eIDAS regulation (“eIDAS 2”) the list of “trust services” is extended and the EUDI Wallet is introduced. Under eIDAS 2 Blockchain/DLT solutions will normally qualify as trust services and/or will use trust services which are governed by the eIDAS regulation.

During the dialogues the new categories of trust services which can be particularly relevant for Blockchain/DLT applications were discussed, such as “electronic attestation of attributes”, “electronic archiving services” and “electronic ledgers”.

For more information, please contact Gian Marco Rinaldi, Cathie-Rosalie Joly, Delphine Frye.

10. Blockchain/DLT solutions for AML compliance (Best practices report Section 12)

DLT/Blockchain providers that are active in e.g. the financial/crypto-asset sectors and qualify as service providers under financial sector regulation or (in the future) CASPs under MiCAR will have to comply with AML requirements. These requirements are currently not harmonised across the EU/EEA.

Questions how blockchain solutions can help to ensure AML compliance in a more efficient/effective way were discussed during the dialogues.

For more information, please contact Slawomir Szepietowski, Filip Windak, Johannes Wirtz.

11. MiCAR & Financial sector regulation – Scope and delineation (Best practices report Section 13)

The 1st round of dialogues focussed on different areas for delineation and additional clarification such as: i) the delineation between MiCAR and MiFID/Prospectus Regulation, ii) the delineation between crypto asset services and payment services and, iii) a compendium of topics where clarification/guidance would be helpful. The combined results of the dialogue meetings are discussed in more detail in the report.

For more information, please contact Johannes Wirtz.

12. Tokenisation of shares and dividend payments (Best practices report Section 14)

Irrespective of MiFID harmonising national legislations, there are still different interpretations whether a token may qualify as security in each member state. Different approaches to transferability of shares or interest under national corporate or partnership law can be a reason for the national differences in interpretation if a token qualifies as a security. In addition, corporate law amendments in national law to facilitate the EU DLT Pilot Regime were discussed.

For more information, please contact Michael Jünemann.

13. Application of Financial Sector regulation to Smart Contracts (Best practices report Section 15)

The wide range of potential functionalities of smart contracts in the financial sector requires a case-by-case analysis and lessons learned are discussed in the report.
The regulation of smart contracts will be a relevant area for the next rounds of dialogues.

For more information, please contact Michael Jünemann, Johannes Wirtz.

Conclusions and next steps

Feedback from the 1st cohort of selected use cases and participating regulators/authorities is very positive. The use cases appreciate the legal/regulatory guidance and the possibility to have an open dialogue with regulators/authorities. The regulators/authorities appreciate to learn more about DLT use cases and to have a cross-border dialogue with other national and EU regulators/authorities. Almost all regulators/authorities are interested to participate again in the next round of dialogues (depending on use cases and regulatory areas/topics) and many regulators/authorities have shared helpful feedback and recommendations for possible improvements for the next rounds of dialogues.

Although this is only the 1st round of dialogues, it appears safe to say that the European Blockchain Sandbox is delivering a clear and positive impact for the whole Blockchain ecosystem. With “impact” we refer to the pivotal role that the Sandbox is playing to reinforce the perceived maturity and potential of blockchain technology. This important outcome has been achieved thanks to the following results:

• increased legal certainty through enhancing a better understanding of relevant laws and regulations by innovators and greater confidence of compliance;
  
• enhancing confidence among stakeholders and regulators/authorities by showing the potential of Blockchain/DLT solutions to support effective and efficient compliance and supervision across different industry sectors;
  
• the possibility to improve the regulatory framework as a result of the identification of regulatory issues and solutions and of areas for clarification, leading to more effective regulations;
  
• cross border collaboration facilitated by the project among European and national regulators/authorities and innovators, promoting a more unified regulatory approach of Blockchain/DLT solutions which will enhance more harmonised regulatory practices and will help to create a more cohesive regulatory framework;
  
• facilitate the sharing of knowledge and experience between regulators/authorities and with innovators on the basis of concrete use cases resulting in a better understanding of compliance requirements among Blockchain/DLT innovators and regulators/authorities;
  
• acceleration of innovation by providing a safe environment for refining blockchain applications to support compliance by design.

It is obviously a journey that will continue for the next cohorts. The regulatory areas for the first cohort will continue to be relevant and the next round of dialogues, will allow for deeper dives into the various topics and to take account of new developments on the basis of secondary legislation, administrative decisions and case law. In addition, other (new) regulatory areas will become relevant for the next cohorts such as the Data Act, the Digital Services Act, DORA, the AI Act, ESG regulation (including CSRD compliance), standardisation and the regulation of smart contracts.

The expectation is that the impact of the sandbox with the lessons learned from the 1st cohort will be even more appreciated and will serve as a best practice for similar future initiatives.
Finally, the EBS project team would like to thank the project team at DG CONNECT for the seamless cooperation and the excellent input and guidance that is provided at all stages of the project.