Designing a Governance Framework for Blockchain Applications

In recent years, decentralised technologies like blockchain have taken the center stage both within India and globally. It is estimated that by 2030 blockchain will be used as a foundational technology for 30% of the global customer base and blockchain will add a business value of over $176 million by 2025 and over $3 trillion by 2030. 

Globally and in India, policymakers are taking proactive steps to explore the innovation potential of blockchain across various sectors. In India, the Ministry of Electronics and Information Technology (“MeitY”) released the “National Strategy on Blockchain” in 2021. Regulators such as the Securities and Exchange Board of India and Telecom Regulatory Authority of India have tested blockchain to record securities transactions and filter spam messages, respectively. The Reserve Bank of India is also now exploring the use of distributed ledger technology (“DLT”) in designing the Digital Rupee. Various State Governments such as Telangana, Andhra Pradesh, and Maharashtra have also examined blockchain use cases across various sectors. 

The adoption and use of blockchain applications by public authorities and the private sector bring forth important policy and legal questions. Legal certainty is necessary to incentivise participants to join the network and provide legal protection to them. This Working Paper- ‘Designing a Governance Framework for Blockchain Applications’ (“Working Paper”) examines the key legal issues that emanate from blockchain use. It identifies core foundational principles to build an enabling framework for blockchain use and on this basis proposes a governance framework that can guide the use of blockchain in a legally sustainable manner. 

Conceptual Framework 

Key Definitions

• DLT: Refers to processes and related technologies that enable participants (nodes) in a network to securely propose, validate and record changes to a ledger that is distributed across the network’s participants. It does not rely on a centralised controller. [See definition provided by  Bank for International Settlements] There are various ways of structuring data on the DLT. 

• Blockchain: Blockchain is a type of DLT and refers to the specific way of structuring data on a DLT platform i.e., by way of blocks. Blocks represent groups of transaction data which are chained sequentially to each other. [See definition provided by  Bank for International Settlements]. 

• Smart Contracts: Smart contracts are computer programs used to express contractual obligations, which are automatically performed using computer code on the blockchain network with minimal human intervention. 

How does blockchain work? 

Blockchain operates on a peer-to-peer basis wherein nodes (computers in a network) can validate and add blocks of data onto the ledger without the need of relying on a centralized authority. The block addition is replicated across the network and the copy of the same is reflected in the ledger of all the participants. The change in the ledger is affected as per agreed rules of the blockchain network referred to as consensus mechanism. It is difficult to modify or edit the contents of the blockchain ledger unilaterally. In some types of blockchains, only the account details of the participants are visible on the network and not their real-life identities. 

Such technology enables information sharing and transaction recording without the need to rely on a centralised entity. Therefore, blockchain can be used to offer new services and revamp the existing legacy systems for recording information and transactions

Types of Blockchain

Blockchain may be categorized as public or private depending on whether the ledgers can be accessed by anyone or only by the participating nodes in the network.  Further, based on whether the network needs permission to make changes to the ledger, blockchains may be classified as permissioned or permissionless. Blockchain applications can take different forms basis the above which include public permissionless, private permissionless, public permissioned and private permissioned blockchains. 

Key Legal Issues 

• Since existing data protection laws are designed for centralised databases/systems where identifiable entities are held responsible for processing personal data, decentralised systems based on blockchain may raise questions about the applicability of such laws. There may be challenges in identifying the “data controller” and “data processor” and applying recognised privacy principles such as the right to forget, data accuracy, and storage limitation to blockchain applications. 

• Smart contracts used in blockchain applications may not be the ideal choice if parties desire some commercial flexibility. Force majeure, the impossibility of performance, the doctrine of substantial performance and the incorporation of well-known contractual standards which makes obligations subject to “good faith”, “reasonable satisfaction” and “best efforts” are at times at odds with certain characteristics of blockchain. 

• The legal recognition of blockchain records and smart contracts under the Information Technology Act, 2000 is also not clear, raising questions about the admissibility of such documents for evidence purposes.  

• The transnational reach of blockchain networks and public permissionless blockchains raises two important questions regarding the applicable law governing the network, and the identification of the appropriate forum to adjudicate disputes arising out of such arrangements. 

• In the absence of a specific law governing blockchain networks, questions arise regarding the legal structure of the network, rights and liabilities of participants, attribution of liabilities in case of any default, mechanism for resolving disputes and the determination of intellectual property rights. 

The Foundational Principles and Contours of a Blockchain Governance Framework 

Based on these principles, the Working Paper presents the baseline governance standards to govern the adoption and operation of blockchain applications. Most of these standards will be easily implementable and feasible for permissioned and private blockchains rather than for permissionless and public blockchains.

1. Objective of the Blockchain Network: The governance framework must stipulate the objective of the blockchain network including the associated activities that will be undertaken to achieve the objective to provide guidance to the participants on the permissible scope of activities. 

2. Legal Recognition: Network operators must assess the applicability of laws (including sectoral laws) of a particular jurisdiction within which the blockchain network is operating to examine if it recognises blockchain-based records and smart contracts and also determine regulatory compliances. 

3. Legal Structure: The legal structure of blockchain arrangements must be examined and set out at two levels –the structure of the entity or a group of entities collaborating to develop and promote blockchain, and the structure to govern the relationship between such promoters and participants and between participants inter se. 

4. Eligibility Criteria for Participants: Objective eligibility criteria must be specified to determine who can join the network. For specific sectors, networks may impose requirements for participants to undergo a verification process prior to joining the network.  

5. Identifying the Role of each Participant: The different types of participants such as developers, administrators and users must be identified, and their roles should be clearly set out to avoid any overlap. 

6. Rights of Participants: The rights of each participant must be specified which may include rights vis-à-vis accessing, editing, and updating information on the ledger. The rights can vary between participants. 

7. Duties and Liabilities of Participants: The duties of each participant may be specified, failing which the governance framework must set out the nature of liabilities that will be attracted in cases of default including the specific sanctions that may be imposed. 

8. Ownership of Intellectual Property (“IP”): The governance framework must identify the IP in the technology forming the basis of the blockchain application and in the application itself and the owner of such IP and how it may be shared. 

9. Data Governance Standards: Since blockchain operation hinges on the use of data, there must be robust mechanisms to manage personal and confidential data as per applicable laws and well-recognised standards. The governance framework must state the nature of data that the network will collect and process and the measures and standards that will govern the collection, storage, and use of such data. 

10. Risk Management: There should be a mechanism to identify, assess, monitor, and mitigate operational risks. Once risks are identified, business continuity and disaster recovery plans must be established. 

11. Removal of Participants: The governance framework must specify objective grounds for the removal of participants and the procedures to be followed for such removal. The impact of the removal on the network and its functioning must also be stipulated. 

12. Jurisdictional Stipulations: The governance framework must stipulate which jurisdictions’ applicable law will govern the network and specify the forum where the dispute can be adjudicated. 

13. Dispute Resolution: The governance framework should specify a dispute resolution process for settling disputes between the participants. In case of adopting an internal dispute resolution mechanism, the nature of disputes covered by it, types of orders, the composition of the adjudicatory body and the process of adjudication must be specified. 

14. Termination of Blockchain Network: In case of a permissioned private blockchain set up for a stated objective, participants may desire to have an option to terminate the network under certain conditions. The governance framework must specify who, when and how can a blockchain be terminated. There must be a clear exit plan setting out how the data will be managed, deleted, transferred and if there are any continuing obligations. The technical feasibility of such termination and its impact on the data / information stored in the network will also have to be thoroughly examined.

About the Authors

Swarna Sengupta

Swarna was a Research Fellow at Vidhi working in the area of Fintech. She graduated from West Bengal National University of Juridical Sciences, Kolkata with a B.A. LL.B (Hons.) in 2021. Her areas of interests include financial regulations, data protection laws, commercial laws and the emerging frameworks of new financial technologies. She previously worked with the law firm L&L Partners wherein she was involved in advising on various issues under the Companies Act, foreign exchange laws and employment laws. She has also worked with the Vidhi Kautilya Society, NUJS and has contributed to the NUJS Law Review.

Shehnaz Ahmed

Shehnaz is Senior Resident Fellow and Lead, Fintech and ALTR. She works on emerging areas of policy and law on the intersection of finance, technology, and inclusion. At Vidhi, she has worked with several Ministries of the Government of India on matters relating to digital payments, financial regulation, commercial laws and business and human rights. Her independent research at Vidhi focuses on leveraging technological solutions to build a robust and inclusive financial system for all in India. Prior to joining Vidhi, she worked as an associate at the Financial Regulatory Practice at Cyril Amarchand Mangaldas, Mumbai where her work focused on advising leading financial institutions (both Indian and multinational), including payment systems on legal and regulatory issues in India. She has also involved in several mergers and acquisitions in the financial space. She has also worked as an associate at the Dispute Resolution team at JSA, New Delhi. She writes frequently for the Oxford Business Law Blog and media outlets such as Hindu BusinessLine,Financial Express, MoneyControl, FirstPost, etc. She graduated from RML National Law University in 2011.