If DAOs Are Really Autonomous, They Could Be Regulated As AI Systems Under the EU's AI Act...

Two recent publications - that of the EU's Artificial Intelligence Act and the UK Law Commission's 'scoping paper' on whether and to what extent Decentralised Autonomous Organisations should be granted legal status - got me thinking about this, because both AI systems and DAOs will tend to be global or 'borderless' in nature. It seems to me that the EU may have granted certain DAOs a form of legal status already - as AI systems - while focusing responsibility and liability on only some of the roles involved... If so, we can add this to other examples of sector-specific regulation in areas where DAOs might be established to operate, which could also have significant implications for the DAO and its participants. Please let me know if you require legal advice in these areas.

Defining AI systems and DAOs

‘AI system’ means [with limited exceptions] a machine-based system that is designed to operate with varying levels of autonomy and that may exhibit adaptiveness after deployment, and that, for explicit or implicit objectives, infers, from the input it receives, how to generate outputs such as predictions, content, recommendations, or decisions that can influence physical or virtual environments;

The Law Commission uses the terms "DAO" very broadly to describe:

a new type of online organisation using rules set out in computer code. A DAO will generally bring together a community of (human) participants with a shared goal – whether profit-making, social or charitable. The term DAO does not necessarily connote any particular type of organisational structure and therefore cannot on its own imply any particular legal treatment.

As to what is meant by "autonomous" the Law Commission found that:

In the context of a DAO, “autonomous” has no single authoritative meaning. Some suggest that “autonomous” refers to the fact that the DAO has (a degree) of automaticity; that is, it relies in part on software code which is capable of running automatically according to pre-specified functions. Others suggest that “autonomous” is a broader, descriptive term used to encapsulate the idea that DAOs are capable of operating in a censorship-resistant manner without undue external interference or internal (or centralised) control. In this paper we allow for both meanings.

To merge the two concepts: a DAO's governance or decision-making could be automated 'with varying levels of autonomy' using codified 'smart contracts' that operate automatically in certain circumstances, to infer from the inputs received how to generate recommendations or decisions that influence the DAO or some other virtual or physical environment. 

Whom would this affect?

The AI Act applies to any person who supplies an AI system (or GPAI model) on the EU (read EEA) market (wherever they may be located) and anyone located outside the EU who provides or deploys an AI system outside the EU, if the output of the AI system is to be used in the EU. 

The AI Act encompasses a range of roles or actors who might - or should - have responsibility/liability in connection with the risks posed by an AI system, each of whom qualifies as an "operator":

‘provider’ means a natural or legal person, public authority, agency or other body that develops an AI system or a general-purpose AI model or that has an AI system or a general-purpose AI model developed and places it on the market or puts the AI system into service under its own name or trademark, whether for payment or free of charge;

‘deployer’ means a natural or legal person, public authority, agency or other body using an AI system under its authority except where the AI system is used in the course of a personal non-professional activity; 

‘authorised representative’ means a natural or legal person located or established in the [EEA] who has received and accepted a written mandate from a provider of an AI system or a general-purpose AI model to, respectively, perform and carry out on its behalf the obligations and procedures established by this Regulation; 

'importer’ means a natural or legal person located or established in the [EEA] that places on the market an AI system that bears the name or trademark of a natural or legal person established in a third country; 

‘distributor’ means a natural or legal person in the supply chain, other than the provider or the importer, that makes an AI system available on the [EEA] market; 

When we think about who might be involved or 'participate' in a DAOs, the Law Commission has grouped them as follows (though the roles may not be mutually exclusive):

1. Software developers 
2. Token holders of the tokens that enable governance or other types of participation 
3. Investors/shareholders (where DAOs use recognised legal entities such as limited companies). 
4. Operators/contributors in connection with the DAO's tokens (miners/validators), software, management etc. 
5. Customers/clients, where the DAO offers an external service.

However, it is clear that these roles don't readily 'map' to the AI Act's concepts of responsibility for managing risks associated with the establishment, deployment and ongoing operation of DAOs.

This is not unusual when it comes to sector-specific regulation, which tends to focus on certain activities that some legal person or other must be conducting in the course of developing/establishing, deploying, operating and winding-down/up (although perhaps a lot of this type of regulation tends to be more limited in its territorial application).

Conclusion

Of course it's important to think of DAOs in terms of being an 'organisation' of some kind with legal implications for the participants depending on the actual type (Chapters 3 to 5 of the Law Commission's paper). 

However, it's also critical to consider the potential impact of sector-specific regulation that governs the activities of developing/establishing, deploying, operating and winding-down/up certain types of services or products. This type of regulation tends to be more limited in its territorial application, so requires a country-by-country (or even state-by-state analysis in countries like the US or India or regional trade arrangements, like the EU). Significant examples of this type of regulation that may have very grave implications for the liability and responsibilities of DAO participants include anti-money laundering requirements, financial regulation and tax (Chapter 6 of the Law Commission's paper), and we can add the AI Act as a more recent example. 

Please let me know if you require legal advice in these areas.

Potential Support for Decentralised Autonomous Organisations (DAOs) Under English Law?

Source: Yield App

Following an earlier consultation that I covered for the SCL, the Law Commission has identified issues and potential reform/innovation to aid the new UK Government in considering whether to support Decentralised Autonomous Organisations (DAOs), under English law.  

The Commission does not think we need a DAO-specific legal entity, but suggests that "a limited liability not-for-profit association with flexible governance options" could be useful, subject to certain issues relating to anti-money laundering, financial services regulation and taxation.

The Commission's paper explains:

• the philosophy and technology behind DAOs;
• their possible legal characterisation, including how liability might be attributed to a DAO or its participants;
• legal entities that might be used as part of a "hybrid" DAO’s structure
• whether England and Wales is an attractive jurisdiction for DAOs, bearing in mind areas of local regulation that may affect them;
• further work that might be useful, if DAOs are considered worthwhile, to ensure that they can be regulated;
• whether current law can accommodate the use of blockchain/DLT for governance purposes.

Personally, under current law it seems likely to me that anyone attempting to set up a DAO in or from the UK is potentially running the risk of incurring unlimited personal liability under UK regulation and English law. In other words, they would be taking on the significant burden of resisting claims by third parties to the effect that they could be personally liable for the relevant activities and obligations, whether from a general liability standpoint or in relation to certain regulatory breaches that might occur, in the process of establishing and operating the DAO.

If you require legal advice on DAOs under UK/English law, please let me know.

Help The UK Govt Understand Decentralised Autonomous Organisations (DAOs)

Source: Yield App

The Law Commission is calling for evidence to help shape its current understanding of the issues raised by Decentralised Autonomous Organisations ("DAOs").  The UK government has asked the Commission to accurately capture the composition of DAOs, their role in the cryptoasset ecosystem, participants and relationships. The Commission will identify options for law reform that might be required to make DAOs viable, possibly including “classes” of DAOs, but not to make recommendations yet. Responses may be submitted online between 16 November 2022 and 25 January 2023. It's worth contributing to help ensure all the challenges are identified and one day addressed. I have previously been asked to look into various aspects of DAOs. If you would like help in making any submission (including on your behalf), please let me know.

Broadly, a DAO is an organisation that relies on distributed ledger or blockchain technology, as well as smart contracts or other software/systems. It basically operates in a similar fashion to a partnership, club, co-operative or unincorporated association but online, so members could be anywhere. This can be helpful where the local community is too sparse or lacks resources to achieve a certain goal, but unincorporated associations and partnerships don't have independent legal status and carry unlimited liability for their members. Some DAOs include a recognised legal entity to interact with the 'real world' but others may operate solely via 'code' and/or smart contracts to automate some or all of their activity. This has created problems where the code did not operate the way users understood.

The Commission is looking for information from those with general knowledge of DAOs, as well as first-hand experience of specific DAOs, and to understand where opinions vary on any aspect or issue (with "sanitised or anonymised submissions where it is inappropriate to provide details about a particular DAO").

Personally, I've been approached several times to advise on certain challenges associated with DAOs, particularly governance, appropriate jurisdictions, potential authorisation and means of enforcement.

It's worth contributing to help ensure all the challenges are identified and one day addressed - at least in the law of England & Wales, but other common law jurisdictions may also benefit from the Commission's work.

If you would like help in making any submission (including on your behalf), please let me know.

 

Humans At The Heart of FinTech

My article on this theme has been published by the Society of Computers and Law in connection with the IFCLA conference, where I participated on a panel discussing disruptive technology in financial services. 

It is interesting to see how people's belief in the 'efficient market' and appeals to the authorities for help when things get out of hand is playing out in the context of the Ethereum project and the DAO!