Spain is no exception: smart contracts are very frequently used in certain industries: finance, insurance, intellectual property rights, electricity supplies, healthcare (appointments with medical doctors), etc. They are characterized by being inflexible, i.e. they are encoded in a blockchain, which means they cannot be easily modified. On the other hand, traditional contracts are flexible and can be amended as required. Smart contracts are typically used in massive business with consumers.
In Spain, smart contracts are not regulated except for restrictions imposed by Spanish consumer protection legislation and the legislation on the legal effects of digital signatures. Despite this, Spanish law recognizes their legal validity and applies to them the basic rules of the law on contracts of the Civil Code. Terms and conditions must be clear and not one-sided, and the agreement of the parties must be incorporated without any doubt. Hence the importance of a digital signature as evidence of consent.
The European Union has recently approved Regulation (EU) 2023/2854 on the harmonized rules for fair access to the use and transfer of data (the EU Data Act) which has been criticized by cryptocurrency and fintech operators as a potential source of restrictions to smart contracts. In this respect, it is important to note that the EU Data Act is a cross-sectoral piece of legislation (it lays out legal guidelines that apply to all sectors, and not only to crypto or fintech). The purpose of this regulation is to “facilitate the seamless transfer of valuable data between data holders and data users while upholding its confidentiality”, these are the words used in the press releases of the European Commission. The intent is to develop model contract clauses or templates to help market participants to draft and negotiate fair data-sharing contracts.
A principal criticism of the EU Data Act is the requirement to include a “kill switch” clause. This means that smart contracts must have the capability to be terminated or “deactivated” by including internal functions that can reset or interrupt the contract to stop or interrupt the operation, in particular, to avoid “future accidental executions”, (article 36 paragraph b) and c) of Regulation (EU) 2023/2854). This clause has been seen as a threat to the deployment of smart contracts as it seems incompatible with blockchain technology which cannot be interrupted. In addition to this, it is being said that the definition of smart contracts in the EU Data Act is overbroad because it could encompass computer programs that would not be currently considered a smart contract. But in reality, this risk seems somewhat exaggerated as the legal definition is in line with the generally accepted definition of smart contracts as “autonomous computer programs that are automatically executed when predefined conditions in a digital agreement are met”. Be it as it may, these crypto and fintech industry concerns are beside the point because the requirements of Article 36 will only apply to a small number of smart contracts, which deal with executing data-sharing agreements governed by the EU Data Act. In these agreements, there are considerations of personal data protection and intimacy which only can be dealt with the consent of the affected parties, and therefore a kill switch clause is justified. Moreover, whereas (94) of the EU Data Act expressly refers to the termination of contracts for reasons of personal data protection introduced by Regulation (EU) 2016/679 and Directive (EU) 2019/770.
The use and circulation of model clauses and templates are likely to minimize potential negative effects since the terms and conditions of smart contracts will become soon standardized and compliant with EU law, which takes precedence over the laws of the member states. In this respect, the European Union has taken the lead over the U.S. and other major countries, which will be an advantage for the development and growth of the single European market on data trade.