Why Blockchain Firms Shouldn’t Ignore New EU Cybersecurity Laws

Last Updated on February 17, 2017 by CryptoCreed




We know that ‘Virtual currencies'(the term to be hardwired into EU law) will be covered by new anti-money laundering and terrrorist financing regulation.

But,while the details on this industry-specific regulation will follow shortly,there are also other pieces of the EU legislation that deserve attention in the meantime.

Going forward,it is quite clear blockchain as a technology will primarily attract thge attention of regulators interested in particular applications.

Namely,that other use cases of blockchain will require legal analysis based on specific areas they impact.

Am I regulated?

This has one imp. consequence;the regulation that may apply to any specific blockchain use case aren’t clear.

In other words,depending on particular application of blockchain different laws may apply.For example,token crowdsales will be scruitinized under securities regulation,since they very often serve the same aim as IPOs,or atleast have very similar economic meaning.

Naturally,this should not come as a surprise.The internet might provide a useful example.

The practical result is that blockchain projects will often require legal analysis to determine what kind of regulation will apply to a particular application.This should be also taken into account by lawmaker and regulators.New legislation,even if not drafted with blochain in mind,may cause side effects that can stifle innovation.

Changing Data Laws

With this in mind,we have recently seen number of other regulations that,while not specifically aimed at the technology, could nonetheless impact its growth.

Example:the EU’s directive  on security of network and information systems,adopted in 2016.Some of its provisions,which are going to become binding law in 2018,pose questions with regard to blockchain projects.

The new directive is important for the private sector,becasue it impose cybersecurity obligations on some entitles,including certain rules of handling cybersecurity incidents or obligation to take specific measure to manage risks in such system.The NIS Directive sets forth three types of digital services:online marketplace,online search engine and cloud computing.

Cloud Computing

The cloud computing service is particularly interesting here.

The cybersecurity directive defines it as a “digital service that enables access to a scalable and elastic pool of shareable computing resource”.While the definationof cloud computing isn’t controversial,it is worth noting that it can be interpreted broadly.

The directive itself confirms that a wide interepretion should be applied when it says that:cloud computing services span a wide range of activites that can be delivered accordingally to different models.

We will know the scale of issue folowing from potential application of the cyber security directive to blockcahin-related matters when the law is implemented by the Europian Union members states.However,it already gives us an idea how various regulation may,sometimes surprisingly apply to applications of blockchain technology.

0 0 vote
Article Rating
Notify of
Inline Feedbacks
View all comments
Would love your thoughts, please comment.x