1 Legal and enforcement framework

1.1 What general regulatory regimes and issues should blockchain developers consider when building the governance framework for the operation of blockchain/distributed ledger technology protocols?

There are no dedicated regulations applicable to blockchain in Switzerland. However, the Swiss Financial Market Supervisory Authority (FINMA) has issued two specific guidelines on initial coin offerings (ICOs), dated 16 February 2018 and supplemented on 11 September 2019. The FINMA guidelines clearly define the regime applicable to blockchain and, more specifically, to payment tokens, utility tokens, asset tokens (including security tokens), stablecoins and coins relating to commodities and real estate.

In most cases, the token represents a specific right (or claim), which is covered by the Swiss Code of Obligations and/or another set of Swiss rules. Therefore, the first step is to qualify the token from a Swiss law perspective. The applicable legal regime will then be applied to the blockchain accordingly. That said, in many cases (eg, utility tokens), the blockchain developer is free to apply a tailor-made governance framework, as long as this does not contradict Swiss mandatory law (or foreign applicable law). In practice, one legal technical aspect relates to data protection.

1.2 How do the foregoing considerations differ for public and private blockchains?

As a general rule, the same regulatory requirements apply to public and private blockchain. That said, the issuance of tokens on a private blockchain (ie, by hypothesis with a limited number of selected users) may assist in arguing that the issuance is a private issuance (ie, aimed at a limited number of selected investors) and therefore benefits from an exemption from the requirement to publish a prospectus (eg, for shares, participation rights or bonds).

1.3 What general regulatory issues should users of a blockchain application consider when using a particular blockchain/distributed ledger protocol?

As a general rule, an issuer of tokens for its own account is not subject to prior authorisation by FINMA, unless the tokens represent deposits (under the Swiss Banking Act), investment funds or derivatives products. If the token qualifies as a payment token, the issuance on the primary market must be made with the participation of a Swiss financial intermediary (several companies specialise in this activity in Switzerland).

As regards blockchain and tokens linked to real estate, blockchain developers should ensure that the token is not considered an investment fund and does not fall within the scope of application of the Swiss Collective Investment Schemes Act. As regards tokens linked to fungible assets such as currencies or commodities, blockchain developers should ensure that the tokens are not considered as derivative investments within the meaning of Article 2 of the Swiss Financial Market Infrastructure Act.

More generally, the general standard when issuing a token (notwithstanding the category) is to ‘plug' a Swiss financial intermediary at the time of the initial issuance (ie, the primary market).

1.4 Which administrative bodies are responsible for enforcing the applicable laws and regulations? What powers do they have?

Tokens have primarily been used to raise funds (and create a community) in the context of crowdfunding campaigns. According to the Swiss Federal Act on the Swiss Financial Market Supervisory Authority, FINMA is the administrative body responsible for enforcing the Swiss financial regulations. Over the last two years, FINMA has taken several enforcement decisions against token issuers where it considered that the Swiss Banking Act or another regulation was breached.

FINMA has the following enforcement rights:

  • the right to commence proceedings against a blockchain developer;
  • the right to publish the names of blockchain developers on a blacklist (ie, a list of entities that have performed a regulated activity without its prior authorisation);
  • the right to prohibit individuals from practising a profession (eg, from acting in a management capacity in any company subject to supervision by FINMA); and
  • the right to confiscate any profits that a supervised person or entity or a responsible person in a management position has made through a serious violation of the supervisory provisions.

FINMA may appoint an independent and suitably qualified person (an investigating agent) to investigate circumstances relevant for supervisory purposes at a supervised person or entity, or to implement supervisory measures that it has ordered.

This list of sanctions is not exhaustive. FINMA has the right to publish such decisions and to take measures against the individuals in charge of the issuing company.

In addition to these sanctions, specific regulations (eg, the Swiss Banking Act, the Collective Investment Schemes Act and the Anti-Money Laundering Act) provide for specific criminal sanctions.

1.5 What is the regulators' general approach to blockchain?

Both FINMA and the Swiss Federal Council (the executive body at the federal level) are very open to new technologies such as blockchain and crowdfunding. In 2017 Switzerland began to adapt its regulations to facilitate the activities of Swiss companies in the FinTech space and more generally in relation to new technologies.

Every five years, FINMA publishes its strategic goals for the next five years. On 16 November 2016 FINMA published its strategic goals for 2017 to 2020. One of these five goals states as follows: "FINMA will push for the removal of unnecessary regulatory obstacles for innovative business models." In this document, FINMA further states the following: "Innovation is key to the future success of the Swiss financial centre. The appropriateness of the regulatory framework is crucial in this context. FINMA is committed to ensuring that Switzerland's regime presents unnecessary obstacles to innovative business models. Current regulations should be reviewed to ensure that they do not hinder innovation, and new authorisation categories should be introduced for innovative providers of financial services."

Since January 2019, a new FinTech authorisation (a ‘light' banking licence) has been available which allows companies to accept and keep deposits of up to CHF 100 million (whether in fiat currencies or cryptocurrencies), provided that no interest is paid on such deposits.

In addition, FINMA has issued many so-called ‘no-action letters' confirming that the issuance of tokens did not require a licence, on a case-by-case basis. FINMA has established a FinTech desk with a dedicated team (including specialised lawyers).

The Swiss authorities have been very proactive in this field.

1.6 Are any industry or trade associations influential in the blockchain space?

Many associations have been established since 2014 in Switzerland in order to bring together blockchain specialists and enhance communication in this field, both in Switzerland and abroad.

These associations include the Geneva FinTech Association, the Swiss Crowdfunding Association (SCA), the Capital Markets and Technology Association (CMTA) and the Swiss Legal Tech Association (SLTA). These associations work closely with the Swiss and cantonal authorities in order to update the current laws regarding digital assets (tokens).

In addition, several accelerators and incubators – such as FinTech Fusion – are very active in Switzerland.

Finally, Swiss banks and insurance companies are also very keen to integrate blockchain into their business models. In 2018 the Swiss Banking Association issued specific guidelines (updated in 2019) in relation to bank accounts linked to companies that are active in the blockchain space.

2 Blockchain market

2.1 Which blockchain applications and protocols have become most embedded in your jurisdiction?

One of the most common blockchain applications and protocols which has been implemented in Switzerland is the Ethereum blockchain. Ethereum is an open source, public, blockchain-based distributed computing platform and operating system featuring smart contract functionality. It supports a modified version of the Nakamoto consensus via transaction-based state transitions.

In December 2018 the Crypto Valley Association (CVA) issued a map of all 750-plus Swiss-based companies using distributed ledger technology (DLT).

As at the end of 2018, there were four unicorns – start-ups with a valuation of over $1 billion – in Switzerland: Ethereum, Bimtain, Cardano and Dfinity.

The CVA has also issued a ranking of the top 50 DLT companies, which include Sygnum and SEBA – the first ‘crypto banks' to obtain banking and securities dealer licences in Switzerland.

2.2 What potential new applications/protocols are most actively being explored?

The Swiss Stock Exchange (SIX) is working on building fully integrated issuance, trading, settlement and custody infrastructure for digital assets. The SIX Digital Exchange will enjoy the same standard of oversight and regulation by the Financial Market Supervisory Authority (FINMA) as the SIX. Token issuers for initial coin offerings (ICOs) and security token offerings (STOs) will be able to list their tokens on this platform.

Other banks are also working on building a Swiss exchange for security tokens.

One of the most important projects which is being explored in Switzerland in this regard is Facebook's Libra stablecoin, using its own blockchain and protocol. The Libra Association has been incorporated in Geneva and will eventually comprise 100 members that will be validators (nodes) operating the Libra blockchain and governing the association. So far, it comprises organisations from various industries, including payments, technology/marketplaces, telecommunications, blockchain, venture capital, non-profit and academia. Libra will be pegged to a reserve of stable and liquid assets, including bank deposits and government securities (government debt) in currencies from central banks. The Libra Association has sent a request to FINMA in order to obtain a licence as a payment system under Swiss law, as FINMA considers that the Libra project will have a significant impact on the proper functioning of the financial market and the protection of financial market participants in accordance with Article 4 of the Federal Act on Financial Market Infrastructures and Market Conduct in Securities and Derivatives Trading.

2.3 Which industries within your jurisdiction are making material investments within the blockchain space?

The following industries are now investing in DLT:

  • Banks: One of the most important blockchain protocols is the R3 Corda blockchain platform to improve trade finance processes. Swiss banks are very keen to integrate blockchain solutions into their business models, to enter into partnerships with blockchain developers and/or to acquire such companies (including crowdfunding platforms). Most banks, including private banks, have established their own internal innovation departments as they follow new technological developments, and some have appointed a Chief FinTech Officer. In 2018 the Swiss Bankers Association issued specific guidelines (updated in 2019) relating to bank accounts linked to companies active in blockchain.
  • Commodities trading companies: One of the most important projects is the Komgo blockchain for commodity trade finance. This platform facilitates standby letters of credit and receivables discounting, as well as a know-your-customer module.
  • Insurance companies: For example, B31 – which involves 40 insurance companies – aims to improve the insurance industry by developing standards, protocols and network infrastructure to reduce friction in risk transfer. Swiss insurance companies are primarily investing in the context of implementing digital solutions (with or without blockchain), and a few have also acquired specific companies that have developed the technology.
  • Supply chain companies: Examples include Modum.
  • Government: For example, Geneva state is launching a platform for electronic signatures embedded in blockchain.
  • FinTech companies in real estate: Examples include Tokenestate. Real estate is an asset class which has been disrupted in Switzerland since 2015. Several crowdfunding platforms are now very active, particularly in Zurich and Geneva. Until recently, these platforms used ‘traditional' digital onboarding; but today many platforms have integrated blockchain into their solutions in order to be more efficient.

2.4 Are any initiatives or governmental programmes in place to incentivise blockchain development in your jurisdiction?

On 16 February 21018 FINMA issued guidelines which set out how it intends to apply the financial markets legislation to initial coin offering (ICO) organisers. This was also the first time that FINMA categorised three different types of tokens: payment tokens, utility tokens and asset tokens. The guidelines were updated on 11 September 2019 in relation to stablecoins.

On 17 October 2018 Geneva state issued its own guidelines on ICOs which summarise the information relating to the regulatory and tax measures in Geneva, with the aim of assisting ICO project issuers. These guidelines have been updated on December 5, 2019 and are now entitled "Guide to Digital Token Generations in the Canton of Geneva". Geneva state has also created an dedicated Committee comprising DLT experts from the public and private sectors, to focus on the legal, banking, academic and technical aspects of STO/TGE/ICOs. Entrepreneurs can have their STO/TGE/ICO projects evaluated by the Committee and can also contact other actors within the Geneva financial ecosystem. A map of this ecosystem is available on the Geneva state website.

On 7 December 2018 the Swiss Federal Council adopted a report on the legal framework for blockchain and DLT in the financial sector, and made proposals for selective revisions to Swiss law in order to facilitate the implementation of DLT in Switzerland.

Private actors are also promoting the blockchain ecosystem in Switzerland, including:

  • the Geneva FinTech Association, which aims to promote the development of FinTech; and
  • the Capital Market Technology Association, which seeks to adopt standards in order to facilitate the treatment of digital assets. In this regard, the association has issued a blueprint for the tokenisation of shares of Swiss corporations.

3 Cryptocurrencies

3.1 How are cryptocurrencies and/or virtual currencies defined and regulated in your jurisdiction?

There are no dedicated regulations applicable to cryptocurrencies in Switzerland. However, the Swiss Financial Market Supervisory Authority (FINMA) has issued two specific guidelines on initial coin offerings (ICOs), dated 16 February 2018 and supplemented on 11 September 2019. The guidelines clearly define the regime applicable to cryptocurrencies.

According to the FINMA guidelines:

the issuing of payment tokens (i.e. cryptocurrency / virtual currency / digital currency) constitutes the issuing of a mean of payment subject to the Swiss Anti-Money Laundering (AML) regulation. This can be the case at the time of the ICO … . In the case of utility tokens, AML regulation is not applicable as long as the main reason for issuing the tokens is to provide access rights to a non-financial application of blockchain technology.

In practice, FINMA often considers that utility tokens are hybrid tokens (ie, utility and payment tokens). This is not problematic. Indeed, according to FINMA's written practice, the AML requirements "can be fulfilled by having the funds accepted via a financial intermediary who is already subject to AML in Switzerland and who exercises on behalf of the organiser the corresponding due diligence requirements. In these circumstances an ICO organiser does not themselves have to be affiliated to an SRO or to be licenced directly by FINMA".

In other words, when issuing a payment token, one must ‘plug' a Swiss financial intermediary (which will have a private key) at the time of the primary issuance of the token. This is the Swiss standard. This arrangement is also required by Swiss banks before opening corporate bank accounts for blockchain developers.

3.2 What anti-money laundering provisions apply to cryptocurrencies?

The Swiss AML Act applies. A Swiss financial intermediary must undertake the following activities:

  • Identify the purchaser of the token;
  • Identify the beneficial owner of the token (if different from the purchaser); and
  • Ensure that the funds used to acquire the token are not the proceeds of a crime.

On 18 October 2018 the Capital Market Technology Association issued guidance for businesses and financial intermediaries on handling digital assets in compliance with the Swiss AML Act.

3.3 What consumer protection provisions apply to cryptocurrencies?

None. However, FINMA pays close attention to ICOs, token generation events (TGEs), security token offerings (STOs) and other blockchain-related projects.

3.4 How are cryptocurrencies treated from a tax perspective?

As cryptocurrencies are not treated as legal currency under Swiss law, no specific tax rules are provided in relation thereto. Cryptocurrencies will eventually be converted into fiat currency and will be treated under the applicable tax regime of the local jurisdiction.

3.5 What regulatory requirements apply to a cryptocurrency trader/exchange?

The platform must be affiliated with a self-regulatory body as a Swiss financial intermediary and will be subject to the Swiss AML Act. The platform must undertake the following activities:

  • Identify the purchaser of the token;
  • Identify the beneficial owner of the token (if different from the purchaser);
  • Ensure that the funds used to acquire the token are not the proceeds of a crime; and
  • Conduct market abuse verifications.

3.6 How are initial coin offerings and securities token offerings defined and regulated in your jurisdiction?

The FINMA guidelines on ICOs clearly define the regime applicable to ICOs and STOs, and more specifically to payment tokens, utility tokens, asset tokens (including security tokens), stablecoins and coins relating to commodities and real estate.

As a general rule, an issuer of tokens for its own account is not subject to prior authorisation by FINMA, unless the tokens represent deposits (under the Swiss Banking Act), investment funds or derivatives products. If the token qualifies as a payment token, the issuance on the primary market must be made with the participation of a Swiss financial intermediary (several companies specialise in this activity in Switzerland).

As regards blockchain and tokens linked to real estate, blockchain developers should ensure that the token is not considered an investment fund and does not fall within the scope of application of the Swiss Collective Investment Schemes Act. As regards tokens linked to fungible assets such as currencies or commodities, blockchain developers should ensure that the tokens are not considered as derivative investments within the meaning of Article 2 of the Swiss Financial Market Infrastructure Act.

More generally, the general standard when issuing a token (notwithstanding the category) is to ‘plug' a Swiss financial intermediary at the time of the initial issuance (ie, the primary market).

Usually, ICO/TGE/STO issuers should seek a non-action letter from FINMA before issuing their tokens, in order to avoid potential enforcement proceedings.

4 Smart contracts

4.1 Can a smart contract satisfy the legal requirements of a legal contract under the laws of your jurisdiction? What will be considered when making this determination?

First, it is important to determine whether smart contracts may be concluded based on the parties' declaration of intent, which is a prerequisite for the conclusion of a contract according to Article 1, paragraph 1 of the Swiss Code of Obligations. In the blockchain world, a smart contract is a program written by a user in order to carry out a transaction with other users on the blockchain that accept the terms of that transaction. A smart contract can thus be legally assimilated to an accepted offer and therefore to a contract.

However, the essential elements of the proposed contract must be clearly spelled out in the program, and must be sufficiently precise, clear and understandable to be validly accepted by all parties in accordance with Article 1 of the Swiss Code of Obligations.

According to Swiss case law, if the real intent of the parties cannot be determined, the judge must interpret the declarations that the parties have made and their behaviour according to the principle of trust. Under the principle of trust, the objective meaning of its declaration or behaviour is attributed to a party, as the objective pursued by the parties or other circumstances might demonstrate their intent. The judge will determine how a declaration or an attitude should be understood according to the rules of good faith, taking into account all circumstances.

Accordingly, the behaviour of a party will be sufficient to determine its intent based on the execution of the transaction. Thus, in any case, a smart contract should be considered valid in accordance with Article 1, paragraph 1 of the Swiss Code of Obligations.

4.2 Are there any regulatory or governmental guidelines or policies within your jurisdiction which provide guidance on regulating/defining smart contracts?

The Swiss Financial Market Supervisory Authority (FINMA) is Switzerland's independent financial markets regulator. Its mandate is to supervise banks, insurance companies, exchanges, securities dealers, collective investment schemes and their asset managers and fund management companies. It also regulates distributors and insurance intermediaries. It is charged with protecting creditors, investors and policyholders. FINMA is responsible for ensuring that Switzerland's financial markets function effectively.

As indicated above, FINMA has issued guidelines in relation to initial coin offerings and security token offerings, but not specifically on smart contracts. The Federal Council Report on the Legal Framework for Distributed Ledger Technology (DLT) and Blockchain in Switzerland explains on a high-level basis what smart contracts are and how they can be implemented within the issuance of tokens.

In addition, Switzerland benefits from a strong innovation community, in which private actors participate to promote the implementation of DLT within the country. On 27 April 2018 the Swiss Legal Tech Association issued a white paper on smart contracts; and in October 2018 the Capital Market Technology Association issued a blueprint explaining the main features of a smart contract for the tokenisation of shares.

4.3 What parts of traditional contract might smart contracts be able to replace?

Commercial agreements are full of clauses that protect the parties from various liabilities. Not all clauses are suitable for automation and self-execution through code. Even where a clause might technically be capable of automation, this might not always be desirable.

For instance, imagine that a supplier of goods initiates a smart legal contract with a retailer. The payment terms could be defined in codes and executed automatically upon delivery. However, the retailer would likely insist that the contract include an indemnity clause. There would be no point representing this clause in code, since it is not something that can self-execute.

It is thus important to distinguish between operational clauses within legal contracts that can be automated and non-operational clauses that are less susceptible to self-execution.

Operational clauses generally refer to obligations that require a deterministic action on the occurrence of a specified event or at a specified time – for example, a payment against performance or a transfer of assets.

4.4 What parts of traditional contracts might smart contracts be unable to replace?

As indicated above, non-operational clauses are less susceptible to self-execution by a smart contract.

‘Non-operational clauses' are clauses that have no conditional logic, such as governing law and jurisdiction clauses, entire agreement clauses, severability clauses and even confidentiality clauses.

There are also legal formulations that are subject to interpretation and involve a human judgement – for example, ‘best efforts', ‘good faith', ‘to the knowledge', ‘reasonable step' and ‘material adverse change'. These formulations clearly have a legal meaning, but they are not susceptible to be encoded within a smart contract.

Different legal regimes will involve different interpretations of what these terms might mean, which are often heavily contextual and driven by the facts and circumstances.

Even if smart legal contracts are functionally comprised of code, they will need to fall under the umbrella of an overall relationship that creates legally enforceable rights.

Indeed, for a smart legal contract to be legally enforceable, there would need to be a legal contract that satisfies the requirements of the relevant governing law, but with some element of that legal contract being electronically automated. With smart contract code only, by contrast, no legal contract might exist at all.

This is why smart legal contracts will involve a mix of digital coding and traditional legal language.

4.5 What issues might present themselves in your jurisdiction with regard to judicial enforcement of smart contracts?

Smart contracts operate independently of the surrounding legal framework, but those that wish to use them will have to deal with legal issues regardless, which could include the following:

  • What if one party did not have the legal capacity to enter into the smart contract? Article 13 of the Swiss Civil Code states that a person must be over 18 years old and must have the capacity to consent in order to have the capacity to act (Articles 14 and Articles 16).
  • What if the code does not perform as the parties expected? If the programming code does not reflect the real intent of the parties, one could argue that there is a defect of consent.
  • How can parties change self-executed obligations of the smart contract if they mutually agree to amend the contract? As smart contracts are self-executed transactions and immutable, it is not possible to amend the transaction.
  • What if the content of the smart contract is unlawful? A contract cannot have terms that are impossible, unlawful or immoral (Article 20, paragraph 1 of the Swiss Code of Obligations). In such cases, the contract will be deemed null and void.
  • A contract following an unfair advantage due to a discrepancy between performance and counter-performance may also be considered unilaterally not binding.

Given the current state of the legislation, a smart contract is suited more as an execution mechanism for a set of deterministic obligations rather than as a contract in itself.

4.6 What are some practical considerations that parties should consider when drafting a smart contract?

The challenges with smart contracts primarily arise during the pre-contractual phase. The parties must ensure that the code corresponds exactly to their declared intent, because once the code is written, interventions are no longer possible and the contract executes itself automatically.

Lawyers who are familiar with coding can convert a traditional contract into a smart contract by identifying which contract terms, as well as practical and legal details, will be implemented as a smart contract and which (if any) will not.

Key algorithms for performing the parties' intentions can be specified. Legal issues can be identified and addressed.

The important issues should not be left by the contracting parties to a software developer's sole discretion.

The parties can also integrate the advice of legal counsel into the instructions given to the software developer. It is possible to add comments that explain or annotate the source code of the program when programming the smart contract. These comments may be used to include some (legal) wording in the coding language in order to precisely define the intent of the parties. These comments may also be used as a basis for interpretation in case of disputes. If there is a conflict between the code and the comments, the latter may prevail over the code to ensure that the real intent of the parties is considered.

Even fully self-executing contracts will ultimately need to refer to legal terms that will define each party's rights in case of litigation.

4.7 How will the foregoing considerations differ when smart contracts are running on a private versus public blockchain?

A public blockchain is a permissionless blockchain. Anyone can join the blockchain network – meaning that anyone can read, write or participate in a public blockchain. Public blockchains are decentralised; no one has control over the network; and they are secure in the sense that the data cannot be changed once validated on the blockchain.

On the other hand, a private blockchain is a permissioned blockchain. Permissioned networks impose restrictions on who can participate in the network and on what transactions may be conducted through it.

The above considerations in relation to smart contracts do not differ significantly between private and public blockchain, as the implementation of smart contracts is technically the same. That said, the issue of which data can be inserted within smart contracts is highly sensitive. Data that is available on a public blockchain is available to anyone. It may be anonymised, but advances in technology such as quantum computing might render ineffective the cryptographic consensus mechanism that underpins the blockchain protocol.

One possibility is to write the hash of transactions on the blockchain while storing the transactions themselves off-chain. This will allow transactions and related data to be erased, while maintaining their integrity on the blockchain, leaving only a trace of the deleted information.

5 Data and privacy

5.1 What specific challenges or concerns does blockchain present from a data protection/privacy perspective?

Where the EU General Data Protection Regulation (GDPR) or similar data protection laws apply, there will be points of tension between compliance and blockchain technologies. This is mainly due to the fact that blockchain is a decentralised technology and an append-only database. Debate is ongoing as to how blockchains should be designed in order to comply with the GDPR.

For instance, the GDPR is based on the assumption of the existence of a data controller through whom data subjects can enforce their rights. Blockchains, on the contrary, are decentralised, meaning that many different players could be considered as data controllers or joint data controllers. The allocation of obligations and responsibilities is thus burdensome, and identifying joint data controllers may also be challenging. The question of which Blockchain actors should be considered as a sub processor also raises questions.

Furthermore, the GDPR provides that data should be modified or erased (the so-called ‘right to be forgotten') where necessary. Blockchains, on the other hand, are aimed at ensuring data integrity and trust in the network. The question of data deletion on blockchains raises many concerns – all the more so as the notion of ‘erasure' in the GDPR requires interpretation – and deletion methods on blockchains are debated and onerous. Another point of tension between blockchain and data protection concerns the principles of data minimisation and storage limitation or data location (crossborder).

Identifying which data qualifies as personal data may also be a challenge (eg, public keys). Also, data anonymisation methods which would avoid the application of data protection laws such as the GDPR are being debated in the big data era and in light of evolving technology.

It is easier to design private and permissioned blockchains in a manner that is data protection compliant than public and permissionless blockchains, as the former allow for the designation of a data controller and proper allocation of responsibility, and provide for greater control over the data (e.g. who accesses the data).

5.2 What potential advantages can blockchain offer in the data protection/privacy context?

Depending on their design, blockchains may offer advantages in relation to the level of management and sharing of personal data, and offer certain tools to meet data protection requirements. This is true, for instance, with regard to the duty of transparency, the control of data subjects over their data, the right of access and data portability, which are all enshrined in the GDPR.

For instance, blockchains ensure transparency as to the data stored on the blockchain and may provide information about who has accessed the data. Blockchains may be designed to allow for data sharing in a decentralised manner, and may even automate this process through smart contracts or allow data subjects to be informed of access to their data.

6 Cybersecurity

6.1 What specific challenges or concerns does blockchain present from a cybersecurity perspective?

Blockchain is not exempt from cybersecurity issues. For instance, if an attacker gains access to the blockchain network, this could afford access to the data stored on the blockchain. This is notably an issue for private blockchains, which are confidential, as they do not allow anyone to access and participate freely in the network. This will also be an issue for public blockchains if a hacker were able to reverse an encryption method for instance.

Other cybersecurity risks – including theft of private keys and attacks on decentralised organisations built on top of the blockchain, such as smart contracts – must also be considered. This is also true for oracles, which if corrupted will cause a domino effect across the blockchain network in terms of data quality.

Furthermore, tokens embedded in a blockchain may be subject to expropriation or theft. Hackers and other malicious groups or organisations may attempt to interfere with smart contracts or tokens in a variety of ways, including through malware attacks, denial of service attacks, consensus-based attacks, Sybil attacks, smurfing and spoofing.

6.2 What potential advantages can blockchain offer in the cybersecurity context?

The decentralisation of blockchain technology is an advantage in terms of cybersecurity. For instance, it is convenient for cybercriminals if data is stored in one place; when data is stored on blockchain-based solutions, hackers no longer have a single point of entry to data repositories.

Furthermore, blockchain requires a public and private key, which creates a secure digital identity reference. Cryptographic access keys on the blockchain may be revoked at any time.

Also, blockchains have no single point of failure, which reduces the risks of disruption of the network in the event of a cyberattack. For example, if a node is taken down, the data will still be accessible via other nodes within the blockchain.

Blockchain technology also provides advantages with regard to the integrity and traceability of the data. Users can trust the integrity and truthfulness of the data stored on the blockchain (although the blockchain does not guarantee the quality of the data). Every transaction added to a public or private blockchain is digitally signed and timestamped, and results in a change to the global state of the ledger.

6.3 What tools and measures could be implemented to mitigate cybersecurity risk?

Measures such as full encryption of blockchain data blocks, end-to-end encryption and security controls should be implemented to ensure that the data cannot be accessed by unauthorised third parties. Authentication and authorisation controls should be established, as well as secure communication protocols. Hash comparison, the use of digital signing and sequential hashing are also tools that reduce the risks to data integrity.

7 Intellectual property

7.1 What specific challenges or concerns does blockchain present from an IP perspective?

IP laws vary from country to country, which means that IP protection is not uniform around the world and certain blockchain actors could thus benefit from stronger protection than others.

One concern worth mentioning relates to the grant of patents on source code, which is a challenge to open source and the ideology of blockchain. Any developer that wishes to improve a patented blockchain protocol could be sued for patent violation.

7.2 What type of IP protection can blockchain developers obtain?

Blockchain technology may be protected by certain IP rights, but only under limited circumstances.

Under Swiss law, software (including source code, machine code and linked documentation) is protected by copyright. No registration is needed, as copyright exists automatically as soon as the conditions set out in the Swiss Copyrights Act are met. In order to be protected by copyright, the creation must be considered an intellectual creation with individual character. The individual character of software will be analysed according to the structure and coding of the software and linked documentation. Concepts and algorithms are not granted any copyright protection. Copyright usually belongs to the creator, unless copyright is assigned to a third party; and where the software is developed under an employment contract, the rights may belong to the employer.

Under limited circumstances, software and algorithms may be protected by a patent under the Swiss Patents Act. This is true if the software has a patentable technical effect (computer-implemented invention). Patent protection requires that the features of the computer-implemented invention be new and inventive, and have a technical character.

7.3 What are the best open-source platforms that could be used to protect developers' innovations?

To our knowledge, there is no such platform.

In terms of protection of developers' innovations, the first problem is to prove the kinship of the code and the status of prior art (in terms of innovation). Where authorship can be embedded in the code, with regard to the prior art issue, it is possible to use the "state of the art" method where the author sends a third party the code (or innovation) and its description by registered mail, allowing to bring proof of the date of the "creation". It is also possible to cryptographically sign the code (or its hash) and insert it in the Blockchain.

The second problem is to make it known to the public. In the case of open source code, the best protection is a community that uses it and recognises the kinship of the project. Other replicants will be regarded as theft, which will be frowned upon by the community and will be rejected –especially in the open source environment, where people share their code for free.

The last problem concerns the enforcement of rights over the code. To our knowledge, only lawyers can help developers in this regard.

7.4 What potential advantages can blockchain offer in the IP context?

Blockchain and distributed ledger technology can offer possibilities for IP protection, registration and evidence – for instance, as regards evidence of provenance or creatorship/ownership, prior art, detection of counterfeit or stolen goods, parallel imports, registration or clearance of IP rights, evidence of first use, digital rights management, licences and exclusive rights.

8 Trends and predictions

8.1 How do you think the regulatory landscape in your jurisdiction will evolve in the blockchain space over the next two years? Are any pending changes currently being considered?

As from 1 January 2020, the issuance of security tokens in the form of shares, participations rights or bonds will not require a prospectus if the amount raised does not exceed CHF 8 million (during a one-year period).

The new regulations (primarily the Financial Services Act) which will enter into force on 1 January 2020 have integrated the ‘maximum' private placement exemptions (compared to the EU Prospectus Directive).

From a regulatory perspective, and with regard to negotiation platforms (for securities), the current regulation is generally considered sufficiently up to date as regards the issuance of tokens. That said, a major consultation process is ongoing in order to adapt Swiss laws generally to blockchain.

8.2 What regulatory changes would you like your jurisdiction to implement to further advance the blockchain industry?

A major consultation process is ongoing in order to adapt Swiss laws to blockchain. The Swiss Crowdfunding Association and other associations have published an official standpoint on this consultation.

The Swiss Federal Council has also issued a report on digital ledger technology which outlines all legal modifications that need to be adapted in order to facilitate implementation of this new technology within the Swiss legal framework.

8.3 What is the largest impediment within your jurisdiction to the adoption of blockchain technology?

There is no major impediment in Switzerland to the adoption of blockchain technology. The Swiss authorities, cantonal authorities, tax authorities, the Swiss Financial Market Supervisory Authority, players in the banking and financial sector and most FinTech companies are already quite aligned and well advanced.

The main question is whether concrete instances of the mass adoption of blockchain technology will emerge; but given projects such as Libra, this seems to be only a matter of time.

9 Tips and traps

9.1 What are your top tips for effective use of blockchain technologies in your jurisdiction and what potential sticking points would you highlight?

The key components for a strong innovation ecosystem for blockchain and digital ledger technology (DLT) include the following.

Local private and government support: Without private initiatives and government support, DLT will not be easy to implement. The legal and tax framework should be adapted to the use of this technology in order to facilitate its implementation, and local private and government support will be needed to ensure this happens.

Investment (from individuals, family offices and corporates): DLT project promoters will eventually need funds in order to launch their projects. Thus, a strong community of investors that understands the potential of DLT will accelerate the emergence of DLT projects.

Synergies with international academic research: This new technology needs both legal and technological expertise. This is why academic research is important, in order to identify appropriate answers to the challenges of DLT.

Advocacy and education: In order to promote the development of DLT, the actors within this field will first need to understand the technology and its potential and limitations. This will be possible only by having regular events, conferences and training on DLT.

Acceleration/incubation programmes: Incubators of start-ups in the field of blockchain will facilitate the acceleration of DLT projects and the development of the blockchain ecosystem.

Physical location, workspace and co-living: Co-working spaces will promote the sharing of expertise, good practice and know-how for DLT projects.

Co-author: Deborah Lechtman

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.