The European Parliament's passage of the EU Data Act may mandate a "kill switch" that would let smart contracts be canceled, endangering everything from DeFi to NFTs.
Listen to the CoinMarketRecap podcast on Apple Podcasts, Spotify and Google Podcasts
The point of smart contracts is that they are immutable and trustless, meaning they cannot be changed, enabling the parties to the contract to do business without having to trust each other.
Pretty much every use of cryptocurrencies other than bitcoin and a few other purely payments tokens — from decentralized finance (DeFi) to NFTs — relies on smart contracts like those pioneered by Ethereum.
Yet the terms of the Data Act passed on March 14 by the European Parliament (EP) requires what opponents are calling a "kill switch" that would allow them to be canceled. It says:
"The smart contract shall include internal functions which can reset or instruct the contract to stop or interrupt the operation… [and] it should be assessed under which conditions non-consensual termination or interruption should be permissible."
The vote was overwhelming, with 500 voting to pass the bill against 23 opposed.
The problem is it's a far larger bill focused not on the crypto industry but on regulation of the use of data collected by Internet of Things (IoT) smart devices.
'Impossible to Comply'
The ability to reset smart contracts, including allowing one party to unilaterally terminate a smart contract is effectively "impossible to comply" with, according to a tweet by decentralized exchange Curve Finance.
The relevant portion of the Data Act, Article 30, "endangers smart contracts that no one can predict" according to Thibault Schrepel, a blockchain law expert and co-director of the Amsterdam Law & Technology Institute at VU Amsterdam. In a March 14 tweet, he said that the immutability of smart contracts is key, adding:
"I am concerned about its impact on the survival of smart contracts."
That said, he noted that better defining the terms of the act would be an improvement, as its focus is on data sharing specifically.
Making that a narrow focus would be vital, as would clarifying who would be empowered to terminate a smart contract. He said:
"Is it the creator of the smart contract? Public authorities? Courts? If the EP wishes to proceed with Article 30, future versions should at least make it clear that only the creator of a smart contract can terminate it."
Gabriel Shapiro, a well-known crypto lawyer and general counsel at Delphi Labs, noted that he's seen a newer, unpublished version of the Data Act "that looks to more clearly limit this to the context of data-sharing agreements ... smart EU lawyers don't seem concerned this will affect what we crypto people consider 'smart contracts.'"
That was in reply to Adam Cochran, founder of Cinneamhain Ventures, who said he was worried that without clear limitations "some regulator will rely on it for overreach."