Liability Issues in Blockchain Adoption

𝗖𝗮𝗻 𝗚𝗗𝗣𝗥 𝗮𝗻𝗱 𝗕𝗹𝗼𝗰𝗸𝗰𝗵𝗮𝗶𝗻 𝘄𝗼𝗿𝗸 𝘁𝗼𝗴𝗲𝘁𝗵𝗲𝗿? 7 𝗞𝗲𝘆 𝗹𝗲𝗴𝗮𝗹 𝗾𝘂𝗲𝘀𝘁𝗶𝗼𝗻𝘀 𝗮𝗻𝘀𝘄𝗲𝗿𝗲𝗱 (𝗘𝗗𝗣𝗕 02/2025 𝗚𝘂𝗶𝗱𝗲𝗹𝗶𝗻𝗲𝘀 𝗜𝗻𝘀𝗶𝗱𝗲) New expert report by Varteni Kasapian (Partner, Data Protection Expert) and Ioanna Patsalidou (Associate, PhD Candidate at King’s College London) Published by: Christos Patsalides LLC Blockchain brings transparency, decentralisation, and innovation. But it also clashes with Europe’s strict data protection law, the GDPR. This new legal report explores how these two forces can coexist, and what blockchain developers and businesses must do now to stay compliant. 𝗪𝗵𝗮𝘁 𝗿𝗲𝗮𝗱𝗲𝗿𝘀 𝘄𝗶𝗹𝗹 𝗹𝗲𝗮𝗿𝗻: ·      7 major legal tensions between GDPR and blockchain ·      Practical guidance from the EDPB 02/2025 Guidelines ·      Compliance checklists and steps for smart contract systems and DAOs 𝗞𝗲𝘆 𝗹𝗲𝘀𝘀𝗼𝗻𝘀 𝗹𝗲𝗮𝗿𝗻𝗲𝗱: 1.    𝗜𝗺𝗺𝘂𝘁𝗮𝗯𝗶𝗹𝗶𝘁𝘆 𝘃𝘀. 𝗥𝗶𝗴𝗵𝘁 𝘁𝗼 𝗯𝗲 𝗙𝗼𝗿𝗴𝗼𝘁𝘁𝗲𝗻: Blockchain can’t delete data, but GDPR requires it. 2.    𝗗𝗮𝘁𝗮 𝗖𝗼𝗻𝘁𝗿𝗼𝗹𝗹𝗲𝗿 𝗗𝗶𝗹𝗲𝗺𝗺𝗮: Identifying legal responsibility is challenging in decentralised systems. 3.    𝗟𝗮𝘄𝗳𝘂𝗹 𝗕𝗮𝘀𝗶𝘀 𝗜𝘀𝘀𝘂𝗲𝘀: Consent alone is not enough; other legal bases must be evaluated. 4.    𝗗𝗮𝘁𝗮 𝗠𝗶𝗻𝗶𝗺𝗶𝘀𝗮𝘁𝗶𝗼𝗻: Store less on-chain. Off-chain alternatives and pseudonymisation are crucial. 5.    𝗖𝗿𝗼𝘀𝘀-𝗕𝗼𝗿𝗱𝗲𝗿 𝗥𝗶𝘀𝗸𝘀: Decentralised storage triggers GDPR compliance gaps in international transfers. 6.    𝗔𝘂𝘁𝗼𝗺𝗮𝘁𝗲𝗱 𝗗𝗲𝗰𝗶𝘀𝗶𝗼𝗻𝘀 & 𝗦𝗺𝗮𝗿𝘁 𝗖𝗼𝗻𝘁𝗿𝗮𝗰𝘁𝘀: Human oversight must be integrated to meet Article 22. 7.    𝗡𝗲𝘄 𝗚𝘂𝗶𝗱𝗲𝗹𝗶𝗻𝗲𝘀 02/2025: The EDPB provides clear legal and technical steps for responsible innovation. 𝗔𝗰𝘁𝗶𝗼𝗻𝗮𝗯𝗹𝗲 𝘀𝘁𝗲𝗽𝘀 𝗳𝗼𝗿 𝗯𝗹𝗼𝗰𝗸𝗰𝗵𝗮𝗶𝗻 𝗯𝘂𝘀𝗶𝗻𝗲𝘀𝘀𝗲𝘀: ·      Conduct Compliance Readiness Assessments ·      Implement Privacy by Design and Default ·      Explore off-chain data storage wherever possible ·      Engage with regulators and public consultations ·      Perform Data Protection Impact Assessments (DPIAs) when personal data is involved 𝗖𝗼𝗻𝗰𝗹𝘂𝘀𝗶𝗼𝗻: GDPR and blockchain don’t have to be at odds. With thoughtful architecture and compliance planning, businesses can protect users and embrace innovation. 𝗡𝗼𝘄 𝗼𝘃𝗲𝗿 𝘁𝗼 𝘆𝗼𝘂: ·      Should decentralised systems adapt to GDPR, or should regulation evolve? ·      How can we assign accountability without central authorities? ·      Would you trust a blockchain system with your personal data? Let’s open the conversation. The future of trust in Web3 may depend on how we answer these questions. Maurizio Di Vito Bob Mastrolilli Renaud LE SQUEREN Vitaly Bondar Karolis Juskys Nemanja Škarin Simon Schmitz, ACCA Giulia Calloni Alexandre Gallez Lorenzo Montini-Maring Stefano Cafiero Massimiliano Gozzi Barbara Azoulay Bato Kikic Ruiqi Tan

🚨NEW: “The “big three” banking regulators — Office of the Comptroller of the Currency, the Federal Reserve Board and the Federal Deposit Insurance Corporation (FDIC) just issued joint guidance on how banks should approach custodying crypto assets. 🏦 The guidance doesn’t create new rules, but reaffirms that banks must apply existing risk management, legal, and compliance frameworks when holding crypto on behalf of customers. TLDR: 1. Banks can hold crypto for customers in fiduciary or non-fiduciary roles, but must follow existing laws & risk-management principles. 2. Key risks for banks to consider: •Cybersecurity •Cryptographic key control •Volatile markets •AML/CFT/OFAC compliance •Third-party oversight 3. If a bank holds the keys, it holds the liability. Full control = full responsibility. An interesting nugget in this section: The guidance says that banks must ensure that only they — not even the customer — can access the keys, which they call the standard for true control. 4. Third-party custody vendors are allowed, but banks remain on the hook for their actions and must do due diligence on them. Bottom line: The banking regulators will allow institutions to custody crypto, but it will be a highly scrutinized, high-liability practice.” (Quoting from Eleanor Terrett) Linklaters Linklaters Americas Linklaters Tech Wall Street Blockchain Alliance The British Blockchain Association Canadian Blockchain Consortium Wharton BDAP The Wharton School Wharton Cypher Accelerator #banking #crypto #blockchain #custody

FDIC Discouraged Banks from Using Public Blockchains Like Ethereum, Documents Reveal Overview: Newly unredacted FDIC correspondences obtained via a Freedom of Information Act (FOIA) request reveal that U.S. banks exploring public blockchain services faced resistance from federal regulators. The documents, secured by cryptocurrency exchange Coinbase, expose the Federal Deposit Insurance Corporation’s (FDIC) skepticism toward public blockchain networks such as Ethereum and Solana, favoring private, permissioned alternatives instead. Key Takeaways from the FOIA Documents: 1. FDIC Concern Over Public Blockchains: • In a March 2022 letter, the FDIC expressed reservations about a bank’s plan to launch a “Bank Digital Deposit” program on a public blockchain network. • While the specific blockchain remains redacted, networks like Ethereum and Solana are often used for such purposes. 2. Preference for Permissioned Blockchains: • The FDIC indicated a preference for private, permissioned networks over decentralized public blockchains. • Regulators cited concerns over transparency, risk management, and compliance in public blockchain environments. 3. Core Regulatory Concerns: • Stability Risks: The FDIC appeared concerned about volatility and potential systemic risks associated with public blockchain transactions. • Security Vulnerabilities: Public blockchains were viewed as more susceptible to cyberattacks and fraud. • Control and Oversight: Permissioned networks offer greater regulatory visibility and control, aligning better with traditional banking compliance structures. 4. FDIC’s Position on Blockchain Innovation: • The agency’s feedback doesn’t outright ban public blockchain usage but implies a strong regulatory preference for closed systems where oversight is easier. • This stance contrasts with the industry trend favoring decentralized finance (DeFi) for its openness and accessibility. Why This Matters: 1. Regulatory Friction for Banks Exploring Blockchain: • Banks aiming to leverage public blockchain networks face regulatory hurdles, potentially stifling innovation in digital asset services. • Compliance concerns could slow adoption of blockchain-based financial services in traditional banking. The Takeaway: The FDIC’s reluctance to endorse public blockchain networks reflects broader regulatory skepticism about decentralized systems in traditional banking. While this stance may slow the integration of public blockchains like Ethereum into banking services, it also underscores the need for continued dialogue, clearer guidelines, and innovation-friendly policies. As financial institutions and regulators navigate these challenges, the balance between security, transparency, and innovation will define the future of blockchain adoption in the banking sector.

Two weeks ago, Monero, the privacy-focused blockchain, supposedly faced a 51% attack. A company called Qubic incentivized miners to join their pool, calling it a Monero "stress test." With over half of the hashrate allegedly under their control, Monero experienced several chain reorganizations, including a 6-block rollback, which basically means that confirmed transactions were invalidated and replaced, undermining the trust that the network’s finality is built on. A 51% attack is not a theoretical risk. It strikes at the core of blockchain security. It enables double-spending, censorship of transactions, and full reordering of blocks. For any blockchain aiming at institutional use cases, mining pool concentration is the ultimate red flag. This is why governance matters. Without clear rules of play and enforceable mechanisms, blockchain networks remain vulnerable to both hostile and "experimenting" actors. Serious adoption requires more than technology; it requires structured governance that binds ecosystem participants to rules and prevents existential threats and marketing stunts. Monero has a market capitalization of ~5B USD. Other popular networks like Polygon even less (~2,5B USD). This is important because market cap relates to resilience. I hope you can now see why Basel III stresses risk assessment of the underlying infrastructure. Blockchain is infrastructure too. Regulated financial institutions cannot ignore this homework if they want to scale beyond pilots. (Sources: CoinDesk, Cointelegraph)