The European Parliament adopted legislation under the Data Act on March 14, which includes provisions on smart contracts and the internet of things (IoT).
The legislation was passed with 500 votes in favor and 23 against it, aiming to boost business model development to create new industries and jobs. Article 30 of the Data Act includes provisions on “essential requirements regarding smart contracts for data sharing.”
The new rules will come into force in 2024 and companies must adhere to them if they want to provide services or products to EU-based consumers.
Smart contract regulation
Provisions around smart contracts don’t specifically target the crypto industry and are mostly related to contracts that facilitate data transfers for IoT products, along with their manufacturers and service providers.
It primarily aims to build a framework for sharing data generated by connected devices and related services in the EU. However, some concerns regulating smart contracts could eventually affect the DeFi and cryptocurrency industries if their reach and scope are not clearly defined.
Provisions under Article 30 mandate that smart contracts must have the same level of “protection and legal certainty as any other contracts generated through different means.” The bill also includes requirements around protecting trade secrets, data archiving and ensuring that transactions can be interrupted and terminated as needed.
Additionally, it mandates that smart contracts must be protected through “rigorous access
control mechanisms at the governance and smart contract layers.” Under the new rules, smart contracts will be subject to “harmonized standards” defined in the Data Act.
The bill’s final version also reintroduces stringent compliance requirements for smart contract developers — such as a declaration of EU conformity — that were previously removed. According to the bill:
“The vendor of a smart contract or, in the absence thereof, the person whose trade, business or profession involves the deployment of smart contracts for others in the context of an agreement to make data available shall perform a conformity assessment with a view to fulfilling the essential requirements.”