The EU’s new smart contract “kill switch” has angered many across the blockchain ecosystem. How much of a threat does it pose to the industry and the immutability of smart contracts?
Last week, the crypto community was up in arms about a provision in a new EU law that would mandate the inclusion of a “kill switch” to terminate smart contracts.
Article 30 of the Data Act, which was passed on Tuesday, March 14, ensures that any smart contract must have a clearly defined mechanism to terminate or interrupt its operation. The passage in Article 30 states:
“Safe termination and interruption: ensure that a mechanism exists to terminate the continued execution of transactions: the smart contract shall include internal functions which can reset or instruct the contract to stop or interrupt the operation to avoid future (accidental) executions; in this regard, the conditions under which a smart contract could be reset or instructed to stop or interrupted, should be clearly and transparently defined. Especially, it should be assessed under which conditions non-consensual termination or interruption should be permissible.”
The other provisions in Article 30 are less controversial. Including a section that ensures smart contracts have strong security features to prevent mistakes or tampering by third parties.
The rules have caused consternation among those in the crypto, DeFi, and smart contract communities. But why?
Immutability Is Key
First, smart contracts do something important. They allow developers to write web apps that consumers can use without having to trust the people who wrote them. A huge factor here is immutability, a fundamental concept in blockchain technology, including smart contracts. A smart contract’s immutability refers to its inability to be changed once it has been deployed to the blockchain.
You can technically “upgrade” a smart contract. Whether to improve functionality, fix bugs, or adapt to better technology or user need. But such steps are the exception and not the rule. (Because a smart contract is immutable, upgrades are not done in the same way you would upgrade a non-blockchain-based app. In short, you deploy a new smart contract.)
In essence, once a dApp or smart contract is deployed on the blockchain, those using it can read its code and be certain it won’t change.
The EU “kill switch” presents a challenge to this fundamental immutability, which many experts have found concerning. Thibault Schrepel, Associate Professor of Law and Technology at VU Amsterdam University, believes this has the potential to undermine the technology itself. “Article 30, as currently drafted, goes a step too far in addressing the issues raised by immutability,” he said in a March 14 tweet.
“Instead of enacting ‘practical immutability’ (where immutability remains the principle and alterability the exception), it makes alterability the principle. In doing so, it endangers smart contracts to an extent that no one can predict,” Schrepel continued. He also shared concerns that the definition (“smart contracts for data sharing”) used in the Article was not specific enough.
Rapolas Lakavicius, a Policy Offer at the European Commission, the EU’s largest law-making body, is less worried. In a March 17 tweet, Lakavicius claimed, “This is a common industry practice already available on most smart contract implementations to prevent a situation of smart contract with some errors running on an immutable blockchain and no-one can do anything about it.”
Lakavicious raises a valid point. Smart contract immutability is not without its downsides. As noted above, there are reasons why a user or developer might want a contract changed.
From the perspective some EU officials, adding a “kill switch” seems an obvious step. What if a smart contract is found to be illegal or becomes illegal because of a new law? What if the contract in question doesn’t do what it says on the tin? A non-blockchain expert would see these concerns as logical. A kill switch also benefits the developer, who now has a way of terminating the contract if there is a fatal flaw in the code. A post by Thomas Jay Rush outlines this very scenario.
A Systemic Risk to DeFi?
In an interview with BeInCrypto, Luke Lombe, a Spool Core Builder, expressed his view that the “kill switch” poses risks to the safety and security of the DeFi industry. “By making human intervention obligatory and essentially creating a backdoor into smart contracts, this mandate could potentially lead to unforeseen consequences with far-reaching and detrimental implications,” he said.
“The ‘kill switch’ can be used for nefarious purposes, such as shutting down a smart contract to manipulate the market or unfairly gain an advantage over other market participants. This could ultimately harm consumers and undermine the integrity of the DeFi ecosystem,” Lombe continued.
“Moreover, this situation may suggest a limited understanding of blockchain technology and its benefits among the regulators responsible for its governance. We recommend increased collaboration between regulators and industry professionals to enhance comprehension of the potential repercussions associated with such measures before their implementation,” he added.
Chao Cheng-Shorland, co-founder and CEO at ShelterZoom, also believes the “kill switch” to be counterproductive. “Smart contracts provide massive benefits for efficiency, self-governance, and anti-fraud,” he told BeInCrypto. “Moreover, under EU laws, personally identifiable information is already well protected from being on the public blockchain. Therefore, while the EU’s Data Act may have good intentions aimed at ensuring the security of smart contracts and the digital assets and data therein, the introduction of a mandated ‘kill switch’ for contracts could reverse the trust and governance that smart contracts will provide as we move into the web3 era.”