Designing a Governance Framework for Blockchain Applications

Over the past few years, decentralized technologies like blockchain have taken center stage both in India and globally. It is estimated that by 2030, blockchain will be used as a foundational technology for 30% of the global customer base, and blockchain will add over $176 million in business value by 2025 and over $3 trillion by 2030.

Globally and in India, policy makers are taking proactive steps to explore the innovation potential of blockchain across various sectors. In India, the Ministry of Electronics and Information Technology (“MeitY”) launched the “National Strategy on Blockchain” in 2021. Regulators such as the Securities and Exchange Board of India and the Telecom Regulatory Authority of India have tested blockchain to record securities transactions and filter spam messages, respectively. The Reserve Bank of India is also now exploring the use of distributed ledger technology (“DLT”) in the design of Digital Rupee. Various state governments such as Telangana, Andhra Pradesh and Maharashtra have also explored blockchain use cases across various sectors.

The adoption and use of blockchain applications by public authorities and the private sector raises important policy and legal issues. Legal certainty is necessary to motivate participants to join the network and provide them with legal protection. This working paper – ‘Designing a Governance Framework for Blockchain Applications’ (“Working paper”) examines the main legal issues arising from the use of blockchain. It identifies basic fundamental principles for building an enabling framework for blockchain use and, on this basis, proposes a governance framework that can guide the use of blockchain in a legally sustainable manner.

Conceptual framework

Key definitions

• DLT: Refers to processes and related technologies that enable participants (nodes) in a network to securely propose, validate, and record changes to a ledger that is distributed across the network’s participants. It does not depend on a centralized controller. [See definition provided by  Bank for International Settlements] There are different ways to structure data on DLT.

• Blockchain: Blockchain is a type of DLT and refers to the specific way of structuring data on a DLT platform, i.e. using blocks. Blocks represent groups of transaction data that are linked sequentially to each other. [See definition provided by  Bank for International Settlements].

• Smart contracts: Smart contracts are computer programs used to express contractual obligations, which are automatically executed using computer code on the blockchain network with minimal human intervention.

How does blockchain work?

Blockchain operates on a peer-to-peer basis where nodes (computers in a network) can validate and add blocks of data to the ledger without the need to trust a centralized authority. The block addition is replicated across the network and the copy of the same is reflected in the ledger of all participants. The change in the ledger is effected according to agreed upon rules for the blockchain network referred to as the consensus mechanism. It is difficult to change or edit the contents of the blockchain ledger unilaterally. In some types of blockchains, only the account details of the participants are visible on the network and not their real identities.

Such technology enables information sharing and transaction recording without having to rely on a centralized entity. Therefore, blockchain can be used to offer new services and renew the existing older systems for recording information and transactions

Types of blockchain

Blockchain can be categorized as public or private depending on whether the ledgers can be accessed by anyone or only by the participating nodes in the network. Furthermore, based on whether the network needs permission to make changes to the ledger, blockchains can be classified as permissioned or permissionless. Blockchain applications can take different forms based on the above, which include public permissionless, private permissionless, public permissioned and private permissioned blockchains.

Important legal issues

• Since existing data protection laws are designed for centralized databases/systems where identifiable entities are held responsible for processing personal data, decentralized systems based on blockchain may raise questions about the applicability of such laws. There may be challenges in identifying the “data processor” and “data processor” and applying recognized privacy principles such as the right to be forgotten, data accuracy and storage limitation to blockchain applications.

• Smart contracts used in blockchain applications may not be the ideal choice if the parties want some commercial flexibility. Force majeure, the impossibility of performance, the doctrine of substantial performance and the incorporation of well-known contractual standards that make obligations subject to “good faith”, “reasonable satisfaction” and “best efforts” are at times inconsistent with certain characteristics of blockchain.

• The legal recognition of blockchain records and smart contracts under the Information Technology Act, 2000 is also not clear, raising questions about the admissibility of such documents for evidentiary purposes.

• The transnational reach of blockchain networks and public permissionless blockchains raises two important questions regarding the applicable law governing the network, and the identification of appropriate forums to resolve disputes arising out of such arrangements.

• In the absence of a specific law governing blockchain networks, questions arise regarding the legal structure of the network, rights and responsibilities of participants, assignment of liability in case of default, mechanism for resolving disputes and determination of intellectual property rights.

The basic principles and contours of a blockchain governance framework

Based on these principles, the working paper presents the basic governance standards to govern the use and operation of blockchain applications. Most of these standards will be easily implementable and enforceable for permissioned and private blockchains rather than for permissionless and public blockchains.

1. Goals of the Blockchain Network: The governance framework must establish the purpose of the blockchain network, including the associated activities that will be performed to achieve the goal of providing guidance to participants on the permitted scope of activities.

2. Legal recognition: Network operators must assess the applicability of laws (including sectoral laws) in a particular jurisdiction within which the blockchain network operates to examine whether it recognizes blockchain-based records and smart contracts, and also determine regulatory compliance.

3. Legal structure: The legal structure of blockchain events needs to be examined and determined at two levels – the structure of the entity or group of entities cooperating to develop and promote blockchain, and the structure to govern the relationship between such promoters and participants and between participants between se.

4. Eligibility criteria for participants: Objective eligibility criteria must be specified to determine who can join the network. For specific sectors, networks may require participants to undergo a verification process before joining the network.

5. Identify the role of each participant: The different types of participants such as developers, administrators and users need to be identified and their roles should be clearly stated to avoid overlap.

6. Participants’ rights: The rights of each participant must be specified which may include rights to access, edit and update information on the ledger. Rights may vary between participants.

7. Duties and responsibilities of the participants: The duties of each participant may be specified, failing which the governance framework must state the nature of obligations that will be incurred in cases of non-compliance, including the specific sanctions that may be imposed.

8. Intellectual Property (“IP”) Ownership: The governance framework must identify the IP in the technology underlying the blockchain application and in the application itself and the owner of such IP and how it can be shared.

9. Data Governance Standards: Since blockchain operation depends on the use of data, there must be robust mechanisms to manage personal and confidential data according to applicable laws and well-recognized standards. The governance framework must specify the nature of data that the network will collect and process and the measures and standards that will govern the collection, storage and use of such data.

10. Risk management: There should be a mechanism to identify, assess, monitor and mitigate operational risks. Once risks are identified, business continuity and recovery plans must be established.

11. Removal of participants: The governance framework must specify objective reasons for removing participants and the procedures to be followed for such removal. The impact of the removal on the network and its function must also be determined.

12. Jurisdiction Provisions: The governance framework must determine which jurisdiction’s applicable law will govern the network and specify the forum in which the dispute can be resolved.

13. Dispute resolution: The governance framework should specify a dispute resolution process for resolving disputes between participants. In case of adoption of an internal dispute resolution mechanism, the nature of disputes covered by it, types of orders, the composition of the adjudicating body and the process of adjudication must be specified.

14. Termination of Blockchain Network: In the case of a permissioned private blockchain set up for a stated goal, participants may wish to have an option to terminate the network under certain conditions. The governance framework must specify who, when and how a blockchain can be terminated. There must be a clear exit plan that states how the data is to be managed, deleted, transferred and whether there are any ongoing obligations. The technical feasibility of such termination and its impact on data/information stored in the network will also need to be thoroughly investigated.

About the authors

Swarna Sengupta

Swarna is a research fellow at Vidhi who works in the area of ​​Fintech. She graduated from West Bengal National University of Juridical Sciences, Kolkata with a BA LL.B (Hons.) in 2021. Her areas of interest include financial regulations, data protection laws, commercial laws and the emerging frameworks for new financial technologies. She previously worked with the law firm L&L Partners where she was involved in advising on various issues under the Companies Act, currency laws and labor laws. She has also worked with the Vidhi Kautilya Society, NUJS and has contributed to the NUJS Law Review.

Shehnaz Ahmed

Shehnaz is Senior Resident Fellow and Lead, Fintech. She works with new areas within politics and law at the intersection of finance, technology and inclusion. At Vidhi, she has worked with several ministries of the Government of India on issues related to digital payments, financial regulation, commercial laws and business and human rights. Her independent research at Vidhi focuses on leveraging technological solutions to build a robust and inclusive financial system for all in India. Prior to joining Vidhi, she worked as an Associate in the Financial Regulatory Practice of Cyril Amarchand Mangaldas, Mumbai, where her work focused on advising leading financial institutions (both Indian and multinational), including payment systems on legal and regulatory issues in India. She has also been involved in several mergers and acquisitions in the financial area. She has also worked as an Associate in the Dispute Resolution Team at JSA, New Delhi. She frequently writes for Oxford Business Law Blog and media such as Hindu BusinessLine, Financial Express, MoneyControl, FirstPost, etc. She graduated from RML National Law University in 2011.