Official Report 793KB pdf
Good morning, and welcome to the 34th meeting in 2025 of the Economy and Fair Work Committee. This morning we will continue our evidence-taking sessions on the Digital Assets (Scotland) Bill with two panels. The first panel comprises Professor William Buchanan, director, and Peter Ferry, chief executive officer, both of the Scottish Centre of Excellence in Digital Trust and DLT; and Jamie Gray, partner, financial services regulatory team, at the solicitors firm Burness Paull LLP. We have received apologies from Sarah Boyack, Murdo Fraser and Stephen Kerr.
We will go straight to questions, if that is acceptable to the witnesses. The Digital Assets (Scotland) Bill is a short bill that brings digital assets within the scope of objects of property in Scots law. Does the bill adequately capture the definition? Will that be useful and usable, given the scope of current uses—and of potential future uses—of digital assets? Who would like to answer that question? Professor Buchanan, you seem to be trying to catch my eye.
The focus of the bill is on supporting economic development in Scotland. Personally, I think that we need a more up-to-date usage of terminology. As a technologist, I do not recognise in the bill many of the key elements that we would have were we building what would be called a tokenised economy.
It is important that we understand what we are dealing with. Typically, we are dealing with a cryptographic token, which is digitally signed with the private key of an entity. That is then matched to either a digital or a physical asset. I appreciate that the bill says that it is matched to a digital asset, but, increasingly, we are matching those tokens to physical assets. In the future, we may own a token that defines the ownership of a car or a house.
The first section of the bill has a definition of “digital asset” that I do not recognise at all. It then defines that we are dealing with an “immutable” ledger. That is a very vague term: “immutable” means that you cannot change something, and it is a key operative word in the bill. However, there are many different types of immutable ledgers. There can be a distributed immutable ledger, which can be trusted. There can also be a centralised immutable ledger, in which there is little trust overall. That is because someone controls it and can define all the transactions on it. Although the bill has associated material, I do not think that it defines carefully the usage of an immutable ledger.
There are also permissionless and permissioned ledgers, which the bill does not outline in any way. A permissionless ledger is one in which consensus is reached on a transaction. That consensus is an agreement of many entities across a distributed system. However, a permissioned ledger is controlled by someone. If that person does not want a transaction to happen, they have the right to stop or change the transaction in some way.
We are not clear exactly on the language that would be used. In many blockchain acts across the world, such as in Liechtenstein and the USA, it is clear that those acts are dealing with blockchain. In this case, we are trying to match our legal system to something that looks like a blockchain act. As a nation, we have missed an opportunity to define clearly what we mean by a blockchain act.
When it comes to the term “rivalrous”, the bill says:
“the system maintains an immutable record of transactions in relation to the thing”.
However, “the thing” is never really defined properly. I see a digital asset as being something that is available in digital form. Obviously, there are other types of digital assets and, in this case, it means that there is a cryptographic linkage between an asset and the ownership of it. Nowhere in the bill does it say that the definitive proof that I own something is made through the cryptographic private key. My worry is in relation to the fact that I could give my private key to someone else—a custodian—and they will have full ownership of that key and can transact overall.
Some of the wording has been distilled down such that it is difficult for businesses to interpret it when they are doing business in relation to digital assets—[Interruption.]
Sorry, Professor Buchanan—I was signalling to the convener. Please carry on.
In relation to “rivalrous”, the bill then says that when
“a person transacts in relation to the thing in a certain way (for example by transferring or spending it), the person loses the ability to transact in relation to the thing in that way”.
I do not understand that definition at all. There are many ways to transact with a cryptographic token, such as by transferring a token between wallets. Doing that does not mean that I will lose the ability to transact with it at some time in the future.
Alongside that, as I have said, there are the concepts of permissioned and non-permissioned ledgers. The bill does not touch on or give any background on the differences between those types of ledger or on their trustworthiness. Overall, the bill is quite vague and it will not help businesses here to understand how Scotland would be a safe place in which to transact with those trusted digital assets. What we need in Scotland in order to trade is a clear definition of how to create what we would define as a tokenised economy.
You mentioned that there is a difference between permissioned and non-permissioned ledgers. Is that the same thing as your point about consensus?
Yes. A permissionless ledger is a cryptocurrency, such as bitcoin and ethereum. No one controls that ledger—I can create a wallet now and transact with it. With a permissioned ledger—
There is centralised control.
—if I were a bank, I could have control of that. I could define who can be a part of it and whether their transaction is valid. I could reject that transaction if I wanted to.
To play devil’s advocate, I assume that a point that might be made in contrast is that although the bill might not capture and describe in detail the precise nature of every type of digital asset, it is trying to capture some of the fundamentals. At the very least, it is trying to define them in law and give an account of ownership and legal consideration, even if some of the underlying mechanics are not captured.
For example—I am mindful that there is a lawyer on the panel, who should feel free to correct me—possession is not necessarily the same thing as ownership. Some of these concepts may be analogous to that. Even if the bill does not capture the precise details of all the mechanics, it says that there are digital things, that they are discrete and that they can be owned. Are there still flaws in that? If that argument was put to you, what would be the issues with it?
The way that ownership has been defined in the bill would worry me. I would define it as the ownership of a private key, but the problem with that is that I could give my private key to a custodian in order for them to transact on my behalf. Such a definition might read as ownership being based on whether I can transact or dispose of the asset, but a custodian could dispose of the asset on my behalf.
Mr Gray, I will bring you in, given that you work for a firm that specialises in commercial law. Do you agree with those points? Does the bill do what it needs to do in order to capture ownership, or is it missing elements, as we have just heard?
That specific point about ownership of the private key was addressed by Professor Fox last week, when he said that private keys are not capable of being property themselves. “Ownership” is not a term that I recognise in the context of private keys.
I should say that, although I am a partner and an expert in financial services law and regulation at Burness Paull LLP in Scotland, I am an English qualified lawyer, so, on matters of doctrinal Scots property law, it would probably be better for me to defer to the witnesses in the second panel session.
The definition seems to me to be deliberately functional rather than technological. From a legal perspective, I would say that that resonates with me, because I am not a technical expert, but I understand how the law should function. From a principles perspective, rather than a Scots law perspective per se, I think that it is right to have a functional definition of property law in this context for the sake of future proofing.
The approach in the definition is not to mention blockchain, distributed ledger or any specific technical implementation. In that respect, it is broader than other definitions elsewhere in legislation, such as in the Financial Services and Markets Act 2023, and in the Financial Services and Markets Act 2000 (Collective Investment Schemes) Order 2001, which specifically deals with the concept of staking in relation to blockchains and distributed ledger technology. The definition in the bill describes what “the thing” does, not how it is built. That means that new technologies should be able to emerge and that, provided that the assets they produce fall within the functional criteria in the definition and have those characteristics, the assets should meet the definition without any need to constantly update and amend the legislation.
Peter Ferry and Professor Buchanan might be better able to speak to how that approach works for developers and technology businesses, but it seems to me to be the right approach. The technology is moving fast, and a functional approach means that developers can innovate, knowing that, if they create something with property-like characteristics, the law will recognise it as property.
The trade-off in the bill’s approach, as is often the case, is in the abstraction of the terms that are used. Terms like “rivalrous” and “immutable” are not everyday words; they require interpretation, and there will be edge cases where it is not immediately obvious whether something meets the definition. However, that interpretative burden is, in my view, preferable to an overly prescriptive approach that could constrain innovation and require amendments to legislation sooner than is hoped.
I will ask another question before I bring in colleagues. I assume that, from your perspective, the purpose of the bill is to facilitate transactions—that is, it needs to capture that digital assets are things that can be owned and therefore can form part of interpersonal or commercial transactions, although I would guess that the transactions will be more in the latter domain. Is that the correct way to understand where the usefulness of the bill lies? To what extent is some of that already happening, both broadly and particularly within the Scots law jurisdiction?
The commercial domain is certainly an important facet. As I understand it, the technology is infrastructural; it sets up the rails for transactions to happen. That will benefit commerce, but it will also benefit individuals who deal with institutions. The big advantage—and where we are seeing a lot of interest in the bill among institutions, particularly financial institutions—is in the tokenisation of assets. That will affect large businesses as well as individuals.
My colleague Lorna Slater will come in. Lorna, do you want to ask your main questions, in addition to any supplementary questions that you may have?
09:45
I can certainly do that, convener.
Professor Buchanan, I want you to help me to understand something that we discussed with our witnesses in committee last week, which is the nature of the term “immutable”. In the case of this bill, it is probably a legal term rather than a technical one. If I understood what was being said, “immutable” in this context does not mean that it cannot ever be changed; it means that it can only be changed in a tracked way. It seems to me that that would apply to both the distributed ledger and the permissive ledger, as long as you knew who had permission to change it, as opposed to a mechanism in which anybody could change it and where there is no traceability of those changes. Is that your understanding of the term “immutable”?
In the case of a blockchain, “immutable” means that it cannot be changed. Blocks are created with transactions, and then we create a Merkle root, which will encapsulate all the transactions. The blocks are then chained together, so it becomes almost impossible to change any of the transactions. Immutable means that the transaction in, say, block 5 cannot be changed if we are on block 1,000.
That is the normal way we would do it, but we can also have an audit trail to say, “Now that that transaction led to this transaction, I own this cryptographic token that defines that I own my car.” If I then transfer my car to Peter Ferry, there is now an audit trail on another block that defines that further transaction, and I should not be able to change that immutable entry.
That is where the difference between a distributed ledger and a centralised ledger comes in. If I control the ledger, I can stop the transfer of my token to Peter but tell him that it has happened. A centralised ledger allows someone to change the transactions and update them as they require, but a proper distributed ledger requires consensus—we must all agree—that I can make the transfer.
When it comes to pure blockchain, “immutable” means immutable. If there was ever the opportunity for anybody to change a bitcoin entry, it would compromise the whole of the blockchain.
I understand that completely. My question is in relation to the bill, which does not, as far as I am aware, restrict itself strictly to blockchain technology and therefore also covers items that would be in a permissive ledger or some other record-keeping mechanism, provided that changes are tracked. I understand that blockchain technology is rigidly immutable in that way, but other technologies that would be covered by the bill are not. Is it an issue that the scope of the bill is broader than just the particular type of technology that includes blockchain and crypto?
You are correct. The technology that we are talking about here is typically a centralised database. If I record transactions on a centralised database, I could record a digital signature to say that a transaction had been made by me, but I could still modify the database after that in some way. With something like a centralised database, you cannot be sure about whether somebody has deleted a record from the database. I could easily remove a record. Where is the immutability there if I control the ledger and I delete that record?
Without a distributed ledger, you cannot have immutability. There is no way you can see immutability in a database for definite, unless you have an auditor who is looking at all the audit logs—for that, you would need a blockchain or some way to cryptographically prove those transactions. One thing that we can do is to take a hash of all the transactions in a day and say, “Here is the hash value.” If someone then changes something in the ledger, you can tell that the ledger is not correct. However, you cannot tell which record is not correct or how the ledger was modified. Immutability is different. Immutability should mean that you cannot change the original record.
I am hearing a description of how a particular digital asset technology operates. However, the bill seeks to incorporate other types of digital asset technology that use a different type of accounting mechanism. It is not a distributed or automated mechanism; it might be a permission system or something else. Are you suggesting that the bill should restrict itself to only those distributive systems and not cover other types of digital assets? The intention of the bill is to include a broader type of asset class, whether or not you consider those asset classes to be secure or to have secure audit trails and so on. The question is whether the law should recognise those as digital assets in the first place.
I think that we would struggle to define a centralised database as immutable. The thing about a database is that you can write transactions on to what is called a WORM—write once read many—drive or optical disks. That would be the equivalent of a blockchain where you have an immutable storage of data. The data would be stored and written optically on the disk and could not be changed. On the other hand, we could have a ledger and I could have an eraser or a rubber to rub out a transaction. In that case, although we have a paper copy, it is possible for me as the owner to delete or change any of the transactions, or to insert transactions.
The bill probably needs to be improved in terms of what immutability actually means digitally, so that we understand that. I appreciate that blockchain and optical storage are the ultimate in immutability, because you cannot change that, but there are many other applications where a centralised system is controlled by an entity and can be changed by that entity. That is not immutable at all, unless we could define a cryptographic way of creating that proof, which I think would make it a blockchain.
Thank you. I understand that.
While I have the floor, I will ask some other questions on the same themes. We have narrowed in on particular definitions of digital assets. Professor Buchanan advocates that only crypto-style tokens and that technology should be the basis for the definition on the basis of immutability. How do Mr Ferry and Mr Gray feel about restricting the definition or using the more broad definition that the bill uses?
One of the challenges of definitions in such a bill in the technology area is that it becomes very difficult to describe issues of technical implementation and capture those technologies in language as they are moving forward. I am quite sure that the Scottish Parliament will face the same issues in legislation that relates to artificial intelligence, which is another fast-moving area.
I point out that this technology area is not in its early stages. In the centre that Professor Buchanan and I run, we are already working with organisations such as the Bank of England, which is bringing actual instances of these technologies into daily use. The size of the economy that is built around types of digital assets that we already know about and are very well defined is very large, and it will grow over the next two years.
One of the suggestions that we make in our submission is that, although we understand the idea of bringing these assets into Scottish law by relating them to property, it would also be useful to have a more definite taxonomy that gives real clarity to the businesses and institutions that will deal with those assets from day to day over the coming years.
In answer to the convener’s initial question about whether the bill is clear enough, I note that, if its mission is to bring these assets into law by relating to existing legislation, it will achieve that objective. However, if the mission is to make our jurisdiction prepared, ready, and a great place for innovation on those assets, which could have a huge impact on the Scottish economy, the bill falls short of that. At least, it would be required to move forward very quickly to bring more clarity to the investments of time, effort and capital that will be required to bring the tokenised economy to a reality.
I agree that more needs to be done, but I do not necessarily agree that it needs to be done in the bill. I think that terms such as “immutable” are sufficiently broad and directly capture the essence of what matters for property law purposes, which is permanence within systems that prevent the double-spending mechanism from being defeated. However, I think that more needs to be done, because those are quite legalistic terms.
One way of addressing that, which we see elsewhere in law making, is the use of industry guidance or official guidance. Guidance could help businesses and lawyers who may not have property law expertise to understand how the definitions are to be interpreted in practical contexts, illustrated by some scenarios. The guidance could be adapted as technology evolves, so that the industry can get a sense of how the law is to be interpreted.
That is really helpful. In my next question, I will go back to the issue of tokenisation, but with a slightly different approach. Tokenisation is a key growth area in the sector, but not all digital assets are represented by tokens. They are a particular manifestation of a way to show ownership of an asset. There are at least two questions there. Is it a problem that tokenisation is not mentioned in the bill? Is the bill sufficiently broad to allow the expansion of tokenisation—Professor Buchanan said that tokens could come to represent physical assets and that they could be implemented differently—as well as other innovations that come up? Is the bill sufficiently future proofed?
That is one of my significant worries. Many asset managers are setting up in Scotland, which is a big growth area just now. Commercial banks are doing well, but, in Edinburgh and Glasgow especially, there are many asset managers. Traditionally, Scotland has been a great place to do financial business and is well trusted. We lost the reputation a little some decades ago, but it has come back and we are considered a safe place to do business.
It should be remembered that there are three different types of token. Earlier, we spoke about the payment token, or cryptocurrency. The bill tries to address cryptocurrency, especially bitcoin and ethereum, as well as stablecoins, which is a big growth area in the market. The Bank of England is looking at stablecoins for the United Kingdom pound, and I think that there is a very good chance that that might come along. Certainly, China has a stablecoin, although not for day-to-day transactions. It is unlikely that citizens will ever see those digital currencies, but transactions in wholesale retail banking and transfers between banks will now be done through tokenised infrastructure. That is where Scotland can bring the advantage, in that we can be a safe haven to transfer tokens between banks and on to ledgers, typically through the use of stablecoins. The UK pound could be used as a currency for those transfers.
We also have utility tokens. We are all used to having a token in our wallet that means that we can get an easyJet flight. We show a QR code and it is digitally signed. The green certificate was probably one of the greatest digital advances in our society, because it allowed us to show our vaccination records across Europe. You could have a QR code that was signed by your general practitioner or someone in the national health service, and other countries accepted that digital signing of the Covid passport. That was an amazing step forward, but we have gone virtually nowhere since then.
We are not just dealing with finance. We have the opportunity to tokenise our economy properly so that we can have digital tokens to show that we have the right to do something. If we buy something, we can have a proper receipt to show ownership, and not just a piece of paper.
10:00The third type of token—the security token—is probably the most significant for economic development. If I have a cryptographic token that is linked to a ledger in some way and that ledger is trusted, I now own that asset. How do I own a car? It is because someone at the Driver and Vehicle Licensing Authority has added my name to a database—which is an immutable ledger, by the way. Who owns the car when I hand it over to Peter and the piece of paper that I have signed is in the post? That is an old-fashioned paper-based system. We need to move towards having security tokens that will cryptographically prove that we have ownership of something. That will be a good thing, because I will then have the right to transfer that thing without a third party having to act on my behalf. If I transfer a car, I need the DVLA to do that.
If Scotland wants to expand opportunities in a tokenised world, we will need to look towards the security token market, which is where the big growth is in the market at the moment. However, we should not avoid the opportunities with stablecoins and cryptocurrency to be able to tokenise our financial infrastructure.
It is not clear to me that legislation is required in order to be able to do that. The bill is one step down. We all get that a plane ticket or the register of cars can be tokenised, in theory, but we want to be able to recognise digital assets as assets for the purpose of the law. Some of those assets might be represented as tokens and some might not, but that is where the bill sits. Is that your understanding?
My definition of a digital asset differs from that. It is something that has been converted into a digital form, such as a digital document, for example. I do not think that the definition of digital assets necessarily links to my ownership of a car. I see it as the ownership of a token that can then map cryptographically to the ownership of the car. As long as others agree that the token is valid and trusted, as the Covid passport was, they will say that I own it.
The definition of a digital asset in the bill’s associated material talks about Word and other general documents that are in a digital form, but not about the opportunity to match them to a physical asset. It talks about “a thing”. I appreciate that that is rather vague, but it mainly talks about a digital artefact. It is not a painting; it is the digital equivalent of the painting. We would typically define that as a non-fungible token, which means that it is created and minted specially and it cannot be recreated. It is unique. A cryptocurrency is different, because we can keep mining and creating new tokens, but a non-fungible token cannot be recreated and is unique. My worry is that we are not defining enough the opportunity to match to a physical world because we are using the term “digital asset”.
I am interested in hearing from Mr Ferry and Mr Gray, but my understanding is slightly different. The original question was about the bill not dealing with tokenisation directly and whether you think that that is an issue. My understanding is that the bill seeks to give legal reality to something that currently does not have it—a digital asset. Given that tokens can represent digital assets or physical assets, tokenisation is kind of by the by, and I am not clear why legislation would be required on that. It sounds as if the current system works fine but people need to sign up to it. As I understand it, the bill is about establishing digital assets in law, but I might have misunderstood. Perhaps you can clarify.
At the root of that question is whether the definition is general enough to encompass tokens and tokenisation. The answer is probably yes, in my opinion. However, the issue quickly becomes that there are specifics in the interaction with all such tokens.
I mentioned taxonomy, and Professor Buchanan talked about a number of different tokens that are well known, well understood and already parts of our economy. A jurisdiction such as Scotland needs clarity about how each of those assets will function in society, finance and our interactions, but the bill does very little to support that. For example, it has been mooted that the Bank of England will introduce a wholesale or retail digital pound through primary legislation as early as next year. If it does, we will very quickly need to have great clarity about how stablecoins, tokenised deposits and the bank’s digital pound or currency will function in law, taxation and regulation.
I end my answer with an apology. Bill Buchanan and I are not lawyers—we are technologists—so it is difficult for us to point out things in the bill that might break, but we can quickly identify the areas that we are concerned will not be encapsulated by this foundational bill.
Professor Buchanan and Peter Ferry identified the area that attracts greater scrutiny—composite assets.
In general, the law of property is the law of things. We use the word “thing” so that society can define assets that we believe merit having property rights. Stablecoins, tokenised assets, tokenised deposits and non-fungible tokens could comprise a thing, provided that they meet the criteria in the definition. I agree that it is particularly important that tokenisation is covered, but property law is only one narrow aspect of covering that in situations where there are tokenised securities or there is fund tokenisation. The Financial Conduct Authority is currently consulting on rules on how fund tokenisation should be developed in practice.
I will use a car as an example. There are specific rules on how you register the transfer of ownership of a car. In this analogy, the bill represents having the keys to drive the car, but it does not extend to how you register it centrally. The bill applies to the token that encapsulates the property, but in some cases there might be underlying laws that apply to the property that need to be developed.
The Bank of England and the FCA are creating rules and authorisation regimes on stablecoin. It has opened a new sandbox for GBP-denominated stablecoin issuers to participate in. There is a push to innovate and support innovation in the regulated sector. Although I do not think that the bill goes to that directly, it is equally important, because it sets the ground rules for institutions such as custodians or banks to understand how property law interacts with the way in which they hold the assets. Different aspects—it could be trust law or bailment—flow from the core criterion, which is the question of whether a particular thing is capable of attracting property rights.
That is how I have understood it. Thank you.
Good morning. I am really enjoying the conversation. Before I get on to my main questions, I ask you to indulge me. I have listened to the conversation carefully, and I understand why this particular route has been chosen—lawyers understand the law, the roots of which go back to Roman law and so on, and we are now trying to bolt on technology.
Could I have some brief reflections on the risks around generative AI? You made me think of that, Professor Buchanan, when immutability was discussed. I think that we are clear about what happens when someone changes something in the ledger, but what about when a thing changes something in the ledger? Although the bill has a purpose and is probably a good starting place, we all understand that we cannot possibly begin to bolt on something in legislation without butting against such situations quite quickly, given the exponential speed of growth in AI.
I would appreciate your indulging me in some reflections on that, Professor Buchanan, because what we are exploring here is whether we have the level right—that is really what I am asking.
The future is going towards what is called agentic AI. Agentic AI is very much about there being a whole bunch of agents that will have my password, my private key for my bitcoin and so on, and will be able to create actions that will allow them to book a flight for me, arrange meetings, define agendas and write up minutes for me, and submit all my tax returns to His Majesty’s Revenue and Customs. That is quite scary, when you think about it, because the opportunities for things to go wrong are massive.
The main point to come back to is the custodian. The custodian is either someone whom you trust to hold your private key or it is an AI agent. If something goes wrong and the AI agent transacts and perhaps disposes of a digital asset, who is actually liable? I appreciate that the bill would struggle to cover that situation, but a whole lot of cybersecurity issues really need to be looked at with regard to where your private key is held.
Most of us would not know where our private keys were. I know that mine is on my iPhone in a secure enclave, but if I were to lose my iPhone, what protection would there be? Luckily, Apple has very good protections, such as biometrics and access control. However, in many other cases, someone would not know where their bitcoin private key was held. If you want to hold it on a public website, you are exposed to someone hacking that website; if you store it on a USB stick and forget the password to get access to it, you will not be able to get that private key back. As a nation, there are a whole lot of cybersecurity risks that we need to understand.
We need to build the regulations for businesses—the service providers. This economy brings many service providers with it that are handling the tokens in many different ways. Those are well defined in countries such as Switzerland and Liechtenstein, but the industries are also well regulated overall. As a nation, through the FCA and so on, we really need to try to understand all the risks that exist for citizens. The history of bitcoin and cryptocurrency has shown that a lot of bad practices have happened in the past—you could lose all your money instantly with the slip of a private key.
With gen AI, it is an open wild west just now. The companies that are developing agentic AI are throwing the technology out and saying, “Use Copilot—use whatever. It works. It’s great.” However, you are throwing all your private data at some centralised server in the US, and there are many examples of where that can go wrong. We need to look at how we can build some trusted legal infrastructure for these agents to work in, especially when they are dealing with a tokenised economy.
10:15I agree with you. The worry is massive. I do not know how you would codify that in law, but citizens need to understand what they are letting themselves in for if they allow their financial transactions to be made through agentic AI.
Thank you for that. I do not want to indulge myself too much and go too far off topic, but I would like to get Jamie Gray’s perspective. The trick will be to have the best legal brains—we had Lord Hodge before the committee last week; you do not get better than that—aligned with the best technological brains.
I used the example of immutability because that is utterly fundamental to the framework that we are trying to develop; it goes back to first principles of law. From your perspective, Jamie, are we doing enough to get the framing right, and gelling together the best legal and tech brains?
That is a good question. Digital assets are forcing us to confront our traditional understandings of the law. To go back to your previous question on generative AI, we are being forced to imagine something that is different from what we currently have. We are talking about digital things, but your question also addresses digital actors and personalities.
We obviously have human persons recognised in law, and we have legal fictions such as corporations. I can imagine a time when we will have recognition of machines or agentic AI that may be operating autonomously, and potentially a time when such personalities could themselves be things that can be owned and transferred.
The bill goes some way towards that, but there is a much larger piece of the puzzle, which impacts not only property law but other areas of regulation, that definitely needs to be addressed.
Professor Buchanan, you mentioned trust. I agree that trust—in Scotland as a place to do business, in Scots as people to do business with, and in our fintech sector—is definitely a door opener; it brings in economic trade and benefit.
Considering where we are at present, there is a need for legal certainty, although we accept that that will not, and cannot, be perfect. Do you think that the bill will bring further, if not complete, legal certainty that will—critically—bring economic advantage? Will it enable businesses elsewhere to think, “Well, there is at least a framing”, even if there is no legal precedent, which we cannot have yet? Is it a door opener for economic opportunity, in other words?
The door opener has happened in Liechtenstein, Jersey and the US: they all have blockchain acts that crystallise exactly what this technology is, and the different tokens.
If Scotland wants to be a place where businesses choose to base themselves, and to grow a tokenised economy, something needs to happen fairly quickly after we get the bill through—if we are able to do that. If our existing commercial banks are to move towards tokenisation—they are not quite there yet; they are still dealing with fiat currency, as they have grown up on that—they need to be trained in a lot of the risks, the skills base and so on, and cybersecurity needs to be put in place.
I appreciate the FCA’s position, and other regulations are coming through the United Kingdom Parliament and the Scottish Parliament. However, as a nation, we will need to define things quite clearly. That should be from both sides—there should not be only a pro-business focus. We do not want to attract just any business to Scotland and create an opportunity for a wild west ecosystem, as has happened in some places around the world. We want to bring trusted, good businesses to Scotland that can grow and create the jobs of the future.
If we can, in some way, create or influence the creation of a blockchain act, that will make it easier for technologists to be able to interpret the law. You would almost need to take the bill and crystallise it more, using the type of terms that we would understand—if you see the word “immutability” as one thing and I see it as another, that is a worry.
There is an opportunity in Scotland to bring together the Law Society of Scotland, say, with the great research and academic work that we have here and the great industrialists. It has always been a problem that we work in silos and, if the bill were to do only one thing, that should be to bring a lot of different domains together.
Ultimately, it should be for business leaders to be able to interpret the law. All that we can do is represent some of the views that we hear from businesses, which say that we are not there yet. In general, the UK is getting better at being a good place to come to. That may be one of the advantages of Brexit; I hate to say it—
It could be the first that some of us have heard.
You said it, not me, but I echo that. [Laughter.]
Brexit could be one of the opportunities for us to break the mould and move towards more of a Singapore-type model that moves a bit faster and acts as an enabler.
Without having a centralised approach that is agreed to by many nations, the UK and Scotland might have an opportunity to be more dynamic, and faster. The digital economy is fast moving—within the next year or so, the Bank of England could release the opportunity for stablecoins, and I would love to see Scottish businesses start to prototype within the test bed and really look at that opportunity.
There are many who are agin stablecoins—this is a binary, Marmite area, and the truth is somewhere in the middle. Some people think that central bank digital currencies are evil, as nation states are controlling their citizens’ transactions and can see everybody’s transactions, such as what they buy from Tesco. A central bank, such as the one in China, can see those transactions. I would hope that the UK would be somewhere in the middle, because we have anti-money laundering measures and the know-your-customer requirement.
Banks are sitting on two sides. On one side, they want privacy for their citizens’ transactions; on the other side, they need to make sure that their citizens are not laundering money and doing bad things with it. Finding a constructive environment that allows Scotland to thrive would be one thing that the bill could do, but we need momentum behind it to grow our economy in that way.
Peter Ferry may want to come in, but I will bring in Jamie Gray first, to reflect on this area from a legal perspective. Part of your role involves being cognisant of risk and speaking to your clients about that.
On balance, therefore, all things considered—we have considered a lot of things thus far—do you think that the bill, simple though it is, and we understand why that is the case, will enhance economic opportunity? In other words, when you walk your clients through a risk assessment, will you have increased confidence that the law is protecting them?
Yes.
That is good.
It is good to be able to take one issue out automatically. The bill would remove a blocker that does not necessarily need to be there and which, if it was tested by the courts, may not be there. That gives certainty in advance for businesses to invest and not have to wait for an outcome that may not ever arise.
I agree that the bill is only one part and that, in order for the purpose that it seeks to achieve to come to pass, it requires all facets of professional society—technologists and lawyers, and the judiciary, if it came to case law—to come together to ensure that it is implemented in a way that supports the growth that it is designed to achieve. A better understanding, and collaboration, will help in that regard.
Peter Ferry, I have not given you a chance to come in. Do you have any final reflections before I hand back to the convener?
I will try to be quick. The bill is a small but necessary step to realise economic benefit. There has been a lot of talk about the wild west—a few people have mentioned that—which was tamed by the laying of rail tracks and other infrastructure to bring economic benefit to that part of the world. The same applies to digital infrastructure. A wave is taking place. We know more about the AI wave, the benefits from which will probably be delivered to very large American corporations. That battle has already been won in some ways. However, we have a chance to make the wave relating to digital assets deliver economic benefits in a fair and balanced way, with the benefits not going only to large financial institutions, some of which are represented in Scotland.
Please indulge me for a minute, because this issue is beyond the bill’s scope, but the opportunity for the Scottish Government to lay that digital infrastructure is absolutely within its grasp. We have discussed private key material and how private keys are managed. Many years ago, other countries and jurisdictions took steps to enable such infrastructure to work for businesses and people.
Some committee members will know that I am an honorary consul of Estonia and will know the story quite well. In the European Union, there is an active project that will deliver digital wallets to more than half a billion European citizens, and that will allow private key material to be managed for both individuals and businesses. That is an example of the rail tracks that will enable understanding and adoption of such technologies for the economic benefit of individuals.
Following the bill’s passage, I urge members to consider how such infrastructure can be developed so that we have a well-understood and beneficial way to adopt tokenisation in relation to digital assets throughout the economy.
My line of questioning has changed as I have listened to the conversations this morning, because many of the things that I was going to ask about have already been covered.
We want to have perfect legislation in every regard, but there are issues with and arguments around definitions. There have probably been such issues with every piece of legislation that we have dealt with in the Parliament. Mr Gray, last week, Professor Fox and the deputy president of the Supreme Court went through some of the definitions in the bill in great depth. Are you satisfied that the definitions are right? Do you know what definitions have been used in other jurisdictions? Liechtenstein, Switzerland and Jersey have been mentioned. Are the definitions in those jurisdictions different from the ones in the bill?
That is a very good question, but I am not qualified to opine on any of the jurisdictions that have been mentioned.
The evidence from Lord Hodge and Professor Fox was compelling listening. I was curious about the word “immutable”, which, to me, sounded absolute, so I was encouraged by what Professor Fox said about it being a relative term. Feel free to disagree with this, but I believe that, even for something such as bitcoin, which is defined as something that is immutable, some systems might allow some transactions to be changed in exceptional circumstances. I am encouraged that the word “immutable” does not displace such systems.
10:30It might be possible to define a set of rules for today that would capture all known technologies in a very prescriptive way, but that system would be inflexible—
It could change tomorrow.
—and it could change tomorrow, and we would then be going through the process again.
I agree with the broad functional approach that is being taken. It is not just that I am not qualified, but I do not know about the definitions that are used in other jurisdictions. I know that in other areas of UK law definitions are used that refer to specific aspects of technology such as cryptography, but they tend to be specific to the purpose that they are trying to capture. The Financial Services and Markets Act 2023 specifically addresses qualifying crypto assets—that was perceived as a risk by the lawmakers and the FCA at the time.
Earlier, I mentioned the concept of staking. There was a risk that it could be regarded as a kind of collective investment scheme, which in financial services law is the catch-all term for types of regulated activity. There was a determined approach to address that and ensure that such schemes would not be regulated in the same manner as would be applied if traditional law regulated them. Staking will be addressed in the forthcoming regulatory regime, for which we expect final rules next year, but it serves as an example that definitions vary depending on the purpose and, to go back to your original question, Lord Hodge and Professor Fox addressed in their evidence that today’s purpose is to define digital assets for the purpose of property law.
The pace of change and innovation in this space means that there should be some body involving legal and technical professionals that can recognise types of digital assets, how they are qualified and in what capacity in the eyes of the law. That is just my opinion as a non-lawyer, but the level of innovation means that there surely has to be some way to clarify on an on-going basis how different types of digital asset should be treated.
The laws that have been created in Liechtenstein and the US are very much written to include the technology in some way. I appreciate that there are differences around the term “immutability” but, in those jurisdictions, the transaction that is involved is very clearly defined. Fundamentally, the private key is the core of the right to be able to transact. People talk about a dispositional transfer, which is the ability to dispose of an asset, and that differs in this case in the way in which that ownership is defined.
I appreciate that we are integrating with existing Scots law, but a technologist reading the bill would struggle to see something that matches the blockchain legislation that has been passed in Liechtenstein. It was one of the first countries to define things in an act, because it wanted to attract companies to come and be based there.
All of that makes sense. It is fair to say that we have all struggled a little bit with the bill at points. Some of the evidence that we took last week was enlightening.
The other aspect of this—forgive me, convener, but I am going to mention it—is that members of the bill team have sat through the evidence sessions throughout, which is interesting and unusual, and shows how important this is. Hats off to them for doing that.
We all recognise that this is one part of the jigsaw in relation to legal definitions in Scots property law. We recognise that other changes are required to create an effective regime for digital assets. I am sure that the Scottish Parliament will come on to those in the areas for which it is responsible. There will also have to be changes elsewhere, not only at UK level but internationally.
The bill does not have many regulation-making powers, and it probably should not have many such powers. However, when we come to create other legislation in this area, given the level of change that there is, that legislation will have to be pretty flexible. Rather than relying on changes to primary legislation, which often takes a very long time, do other jurisdictions have regulation-making capacity in order to keep up with the pace of some of that change?
Liechtenstein was very clear about what the regulations should be for businesses that base themselves there. There needs to be an organisational structure, so it is important that businesses define the management and controls—
I recognise that the Liechtenstein legislation will impose regulations on businesses there, but that is not the point that I am making. My point is that primary legislation may be too inflexible, so we may have to create a framework such that we can adapt the legislation regularly through regulation-making powers—through secondary legislation. Has that happened elsewhere?
I cannot speak to any specific examples, but often the approach that is taken in other jurisdictions is to build in a monitoring and review process. After a set period of time—three or five years, say—a report would be presented on key areas that are being monitored and then a decision would be taken as to whether to go through a lawmaking process again. I appreciate that that is different from whether regulation-making powers should be built in so that statutory instruments could be used to amend the primary legislation.
For what it is worth, I agree with Mr Stewart’s instincts that it is better to be cautious on that, particularly in cases involving property. Regulation has an important role to play in other areas of law, such as financial services regulation, where it is important to be fleet of foot. However, a core characteristic of property is its permanence, and it is important not to undermine that.
I will make a brief point. Regulation means clarity, and clarity is attractive to a business that is looking for a place to house and develop its ideas and its business.
I cannot comment on other particular jurisdictions and how they have implemented and brought that regulation to bear. However, in the UK, we have been working with organisations such as the Financial Conduct Authority and the Bank of England. The FCA, in particular, is actively developing regulations in its digital assets sandbox, which is relatively new. It has also gone out to tender for a blockchain-based sovereign debt instrument—the digital gilt instrument, or DIGIT.
Meanwhile, in the United States, there has been a very big change this year under the Guiding and Establishing National Innovation for US Stablecoins Act—the GENIUS act—which effectively put everything that was required in place to allow American companies to innovate with stablecoins. The idea is that that would encourage innovation and economic development in the US by making US dollar-denominated stablecoins the dominant unit in future payment rails.
In answer to the question, however regulation is brought to bear, that should be done rapidly at a UK and/or Scottish level, to allow the full economic development to be realised.
This goes back to an earlier point. We want to make the UK and Scotland a great place to do business in this area. We are enabled through the FCA and UK Government enactments, but any opportunity that we can take to define Scotland as different in some way would be an advantage to our economic development. Anything that we can do to influence the UK Government in its policies is a good thing for Scottish businesses, but so is anything that we can do on our own.
We hear this all the time when we speak to the businesses that we are involved with. They are reading all the FCA regulations that are coming out and are looking for positive signs. The one positive sign is that the UK is now seen as a positive place. Obviously, we are not on the same level as London, but if we can ensure that our cities can compete with London in these new economic areas, that will be to our advantage.
I would like us to do it all on our own—but that is for another day.
Good morning. As a former software engineer and computer scientist, I am still struggling to get through some of this—I do not mind admitting that. I love the earlier quote about this possibly being the first benefit of Brexit. I do not remember it being in the manifesto at the time; I do not remember anybody rushing to put it into print that we are moving towards—
By the way, it was someone else who said that. [Laughter.]
I can just see the Brexiteers coming forward any time now and saying that the move to a blockchain-tokenised economy was always part of their intention.
I was hoping to ask you a wee bit more about the jurisdiction issues that Kevin Stewart introduced. If the bill becomes law, where will Scotland be placed, in comparison with other jurisdictions, on issues that might arise from its implementation? I am thinking about remedy, redress, fraud and so on.
The language for describing this stuff is quite difficult, but where do we stand if a person has an asset, whether that is a token or something else, and that person feels that they have been robbed—that their asset has been stolen, transferred without their will and so on? How will the bill help with that? Is Scotland in a position to do anything about it?
I think that we are well behind. The blockchain acts that have been drawn up define what the penalties will be if someone is defrauded. It is a matter of ensuring that companies have enough funds to pay back, just like a bank has to pay back all of its payees. I know that it does not happen quite so much these days, but the banks are regulated to ensure that they have enough funds in their account so that everybody who wants their money back will get it.
In many jurisdictions that has become subject to concrete definitions. For example, a company might need to have at least £65,000 in escrow to be able to pay someone back if there is fraud. Places such as Liechtenstein or Jersey have their reputation to look after. Liechtenstein has made sure that everything is fine. It is a small country and it would not take much to bring it down, so it has set up things that are concrete in law to regulate companies. A company cannot just come along and set itself up; it has to show the controls that it has in place.
10:45It is a complex area. A company now has to manage the cryptographic keys of thousands, if not millions, of clients, and it has thousands of different types of cryptographic tokens. We might think that bitcoin and ethereum are king, but there are millions of cryptographic tokens and they are being transferred through exchanges and so on.
We know of businesses that are based in Scotland that do that, and their biggest cybersecurity threat is not from hackers in China, but from their own employees—it is insider threat. We can imagine that, if a company is dealing with trillions of dollars of assets in a tokenised way, funds could be hacked in an instant. Someone could take a cryptographic wallet and just transfer. Who is overseeing that?
From the point of view of jobs, this is a great area for us to develop into, because it involves not just finance people but cybersecurity people, development people and AI people. These are not necessarily financial institutions now; they are digital companies.
As I say, it is a complex area and I would love to see Scotland start to define some regulations to make sure that citizens are protected so that, if something goes wrong, there is a way of tracing it. I cannot remember how much I will get if my bank goes bust or I am defrauded from my bank account, but let us say that I will get £70,000—and my wife will get that too, if we have a joint account. We know that that works, and Scotland needs to be on the same level when it comes to cryptographic tokens. If those tokens are hacked, there must be some remedy to prevent companies from coming along and using poor practices.
It is an expensive business, because a whole organisation cannot be run without the complex infrastructure that is required. We are talking about a 24/7 international market. These companies do not work 9 to 5, Monday to Friday, like the stock exchange, and you can be hacked at any time of the day. The skills base and the opportunities for jobs are there, but we need to make sure that we do not attract the wrong type of company to Scotland.
That is fascinating. You talked earlier about how, if you were to give Peter your token, he would have acquired it—he would own it. However, possession is not ownership. What if he stole it? How would the system know whether he acquired it illegally or otherwise?
If there is an immutable ledger, only the private key can be used to transfer something from me to him. If he manages to get my private key in some way, I will have to prove to a law enforcement officer that I lost my key, I did it by mistake, I gave away my password or something like that.
It is a new area.
It is a whole new area.
Does it follow that, with a bill such as this, we should put in place remedies and protection processes?
The FCA would push through such things, but if Scotland can do something to create an advantage by making it a safe place to do business, that will help our economic development.
Thank you for that.
Peter, do you have any comments on jurisdiction and how we could introduce more protections or think ahead to scenarios of the kind that we have just discussed?
I am not sure that I have much to add to what Professor Buchanan has said, although I might try to rephrase it slightly. As well as there being threats or new opportunities for crime, there are other, very large opportunities.
For example, Professor Buchanan and I are looking at the issue of small businesses suffering from cash-flow issues, which many of us know about. The technologies that we are talking about adopting have powerful new mechanisms for the enablement of greater liquidity for small and medium-sized enterprises, in terms of trade financing of invoices and so on. It is important to identify the opportunities as well as the threats in relation to the legislation.
Public trust has to be a key incentive there. Did Liechtenstein basically achieve that? What model did it use to get that trust in the system, and could Scotland follow that?
It was the first to publish a blockchain act, closely followed by Jersey. The US has just published its blockchain act, which crystallises exactly how businesses will trade in the country and how citizens will be protected. A bank probably would not have employed a cybersecurity team 24/7 but, through audit compliance, the payment card industry data security standard and so on, they are now forced to do that. It is the carrot and the stick—the carrot is that you do good business, but the stick is that you must invest in good cybersecurity.
We need to strike a balance when we come to regulations to make sure that we regulate but do not overdo it. As a small country, we probably have the opportunity to do that properly, but it is a difficult balance to strike, because citizens could lose a lot of money.
In a peer-to-peer transfer between me and you, no one else is involved. There is no bank acting as an intermediary that has a record that I transferred to you. It is almost the ultimate in personal responsibility—if I muck up, it is my problem. I cannot go crying to law enforcement, saying that I sent you lots of bitcoins by mistake and asking for them back. That is just not going to happen. It turns our legal system upside down to a certain extent, in that there is much more personal responsibility.
I come back to custodians. Most of the transactions that citizens will make will go through a custodian. They will go through JP Morgan, Morgan Stanley, BlackRock, NatWest and so on, so at least there is a custodian who has some responsibility to make sure that things are correct. In Scotland, if we create an environment where custodians do their work well and are audited in some way, that will attract businesses; it will also attract people to tokenise their assets much more.
You should always be aware that cryptocurrency is not something that you should necessarily put your wealth into. Your wealth could disappear in an instant—it could be gone tomorrow. We need to understand the infrastructure of this new world, and we need to advise people better overall on how they should balance their investments.
Your original point was on remedies. Last week, Lord Hodge spoke to what the legal outcome would be of protecting the good-faith purchaser. I would encourage you to ask the next panel what the Scots law specifics are on that, but in the UK, we have an existing legal infrastructure to deal with financial crime—economic crime and money laundering. By conferring property status on these types of assets, they will automatically fit within those moulds. Guidance around that might be lacking and specific alterations may need to be made in time, but I do not think that it is fair to say that we are lacking in a system that deals with financial crime. The challenge may be in how that system applies specifically in this context.
My final query is on stablecoins, which I think you have all mentioned. It is another type of cryptocurrency, which is pegged to a stable currency. I read this morning that 10 European banks are planning to launch a stablecoin next year. Where are we in Scotland or in the UK compared with that initiative in Europe?
The position is advancing. That question is to do with central bank digital currencies. You will know that the mighty dollar is printed and can be inflationary—that is the way in which, generally, economies have been balanced: The central bank can put more money into the economy and inflate it, or it can take money away and there will be an overall recession. Rather than having a fiat currency that we print, stablecoins will allow us to balance the supply and the demand. When the supply is high, we can burn cryptographic tokens to balance the supply. However, when the demand is high, we can create new tokens. Overall, there is an algorithm that says, “I will always balance the supply with the demand and keep that stable.” That is unlike our fiat currency, which we can print, so that we get inflation and so on.
Will there be a stablecoin launch in the UK any time soon?
In the next year or so, the Bank of England will announce whether the UK will go for a digital pound stablecoin. China and the US are the most advanced, and a European stablecoin is also being developed. Virtually every central bank in the world is developing a stablecoin, because they worry that, if transactions are now being done not by fiat currency but by stablecoins, they will lose control of their economic power. The UK faces a great risk that organisations could start to trade with other currencies and not consider the UK pound as a good option in a tokenised world.
In addition to central bank digital currencies, there are privately issued stablecoins. I know of one aspiring stablecoin issuer who is based in Edinburgh. It is a fascinating and evolving area. As I mentioned, the Bank of England is developing a new regime for systemic stablecoin issuers, and the FCA is developing a regulatory regime around the issuance of stablecoins. The pieces are there and they are being set in motion, and the bill is an important part of enabling that to continue to flourish.
A worry is that central banks will now see all the transactions that everybody makes. We have intermediary banks that look at all the transactions, and that is fine. However, if a state wants to control the whole financial infrastructure to see how you are spending, a central bank can now do that. I hope that the Bank of England will make sure that the centralised ledger is privacy aware in some way, so that it does not record all the transactions, although they are still there with the central bank.
The tension relates to anti-money laundering responsibilities. Central banks have responsibilities to make sure that they understand when someone is using their funds illicitly. We have been pushing the importance of the privacy-aware aspect from the citizen’s perspective.
It is a bit like the debate just now in the UK about digital identity. The arguments can be quite toxic. We tried to create a digital identity scheme in 2001, but that was killed by one anonymous blog post, because the public engagement had been so poor. One of the reasons that a digital identity scheme is now being pushed is because we want to prevent people in boats from coming over to the UK. That is a very negative point of view, overall. Scotland needs to promote the opportunities of a tokenised economy to its citizens, engage with its citizens and let them understand the risks and opportunities for economic development.
Thank you for your answers to my questions.
Good morning. I am just looking for a couple of points of clarification, because we have had a good discussion on the subject. I think that it was Peter Ferry who said that we need a team of experts to assist with the whole process. Last week, I asked Professor David Fox some questions, and he suggested that any guidance that comes from the expert group that was created south of the border in England and Wales would be neutral to any particular legal system. Is that enough to guarantee and take into consideration the separate needs of Scots law, or should we have a separate Scottish expert group?
11:00
I am not sure. I was not aware of that group, although I heard the reference to it that was made last week regarding its remit and scope. If the question is how we move forward from this stepping stone to fully exploit the opportunity in Scotland in the right way, we would surely need to do that within our own scope and context. I would say that there should be a group that advises on progress through legislation and regulation in Scotland.
My other point relates to what you have just said. The bill is short and is limited in its scope, quite rightly. It is very much a foundation bill. If we want to ensure that Scotland is a safe place to do business, and noting that we have to get the balance right, what should the next step be, given that there will be a new Government after the election in May next year? What should be the focus of the legislative process in order to maintain momentum in this area, given that legislation could get out of date? This is a fast-moving issue.
Bill Buchanan might want to come in on this, too, but I will respond briefly.
Over the next 12 months there will be developments at a UK level that we need to be cognisant of. By that I mean the specific plans of the Bank of England and the output of the regulatory sandbox and labs—of which there are at least three—that have been put in place by the bank and the FCA, which we should understand. We should then use that work to ascertain how we move forward in exploiting those developments, while getting additional clarification on how they could be implemented in Scotland.
I would like to see digital signatures being treated in the same legal sense as a wet signature. We are still taking a GIF image of our signature, pasting it into a Word document, creating a PDF and saying that that is legal. We need to move towards—and I know that this is happening—ensuring that digital signatures and digital signing have legal certainty in certain cases.
The European Union is putting forward the European digital identity regulation, or eIDAS 2.0, on electronic identification, authentication and trust services to make that happen. We can ensure that every single letter in a document is cryptographically signed for, whereas, with a legal paper document or PDF, we cannot be sure that someone has not changed it. If we were to do something fundamental, it would be to ground digital signatures and the mechanisms for them into our law, ensuring that businesses understand that we can now do digital signing properly, rather than using third parties.
We also need to understand, as a country, what digital identity means. We have one point of view in Scotland and another in the UK. We perhaps all need to all get together and understand what digital identity actually is, because it is fundamental in building a tokenised economy overall.
As was mentioned earlier, there are some points that the bill does not cover, such as private international law and insolvency. I would encourage the Government to take steps in those areas and to send signals about addressing them next.
The deputy convener brought up a question relating to AI and separate legal personalities. That is an area where I would like to see movement—it is a vast area that will need to be tackled. However, I also recognise that it is probably not something that is capable of being addressed in the next phase.
Thank you very much for a very interesting set of comments and points of view. There is a lot for us to go away and think about. Thank you very much for your contributions.
11:05 Meeting suspended.
Welcome to our second panel, with whom we will continue our scrutiny of the Digital Assets (Scotland) Bill.
I am pleased to welcome Dr Alisdair MacPherson, senior lecturer in commercial law, Law Society of Scotland; Dr Hamish Patrick, partner and head of financial sector, Shepherd and Wedderburn; Usman Tariq KC, advocate, Faculty of Advocates; and Professor Burcu Yüksel Ripley, personal chair, school of law, University of Aberdeen. I note that Dr Patrick and Professor Yüksel Ripley are also part of the Scottish Parliament’s academic fellowship scheme.
I will open up the questions. I do not know how much of the session with the previous panel you listened to. In essence, we alighted upon the question of whether the bill covers the full scope of what is required in order to capture digital assets and their transactions. Although the bill captures the scope of the law in relation to digital assets, the principal question is whether it fully captures all forms of digital assets. Critically, when we consider the law in Liechtenstein, we see that it much more explicitly defines trusted technology systems and tokens. It seems to be more explicitly oriented towards capturing blockchain, as opposed to the more catch-all approach that this bill seems to take.
Do witnesses have reflections on whether this bill captures the issues accurately? Are there unintended consequences from the bill being tightly drawn, and are there any gaps?
Who wants to offer a view to open up the evidence session?
I am happy to start.
The first thing that I should say is that, despite the sign in front of me, I am merely “Dr” MacPherson, rather than “Professor”. [Laughter.] I was wondering whether the Scottish Parliament had the ability to inform my employers about that. It would be much appreciated.
Thank you, convener, for the invitation to give evidence today on behalf of the Law Society of Scotland. The Law Society is supportive of the legislation, which will provide certainty and clarity in relation to property aspects of digital assets, and I want to pay tribute to the work of the expert reference group—Lord Hodge, Professor Fox and the Scottish Government officials—for introducing the legislation.
11:15The points that we identified in our response to the call for views are matters of detail and are about trying to achieve the best reform possible. Obviously, an attempt has been made to identify criteria that will determine what a digital asset is under the legislation. Although some things might be left out, it would then be up to the wider law to determine whether they could have property status, because the bill does not close off that possibility.
There is obviously also an attempt to try to be technology neutral and future proof to some extent. As you will have seen, there are no references in the bill to specific technology—the first panel referred to that point as well. However, certain terms in the definition point to certain types of technology. The term “immutability” is one of them, which obviously has a particular type of technology in mind, namely standard blockchain technology. The question in policy terms is whether the definition captures enough digital assets or whether it could be broader.
On one hand, it would be a bad idea to simply have an exhaustive list all the types of assets that could be digital assets, because that would close the door to future developments and so on. On the other hand, there might be value in allowing for regulations to specify, on an asset-by-asset basis, that some types of assets meet the test of being digital assets, with reference to some of the forms of technology that were mentioned earlier this morning.
We have already heard about the uncertainty regarding the term “immutability”. To my mind, the term means that something cannot be changed and is not reversible—I probably take more of an absolutist view about what it means in comparison to those who take a relativist view. If there is doubt about certain types of digital assets—or records thereof—that can be changed or reversed, there might be value in allowing for regulations to specify that, nevertheless, they meet the test for being a digital asset.
Likewise, there might be questions about whether things such as central bank digital currencies, which we have also heard about, are truly independent of the legal system if they require legislation to bring them into force in the first place. In that case, you could prevent them from falling foul of the “independent of the legal system” test by specifying them in regulations as meeting the test of being a digital asset.
I do not intend to necessarily bring absolutely everybody in, but would anybody else like to come in?
I have something to add, although it is Dr MacPherson, not me, who is associated with the Scottish Parliament on the matter.
On the definition of asset in the bill, there is a bit too much and too little there—that relates to other aspects of the bill, too. I am certainly not into the Liechtenstein approach of narrowing the definition down, because you would then be a hostage to fortune and technological change; there is advantage in breadth because you then catch what might be there. However, you must also be careful that you do not catch things by mistake—I think that Professor Yüksel Ripley made some comments in the Aberdeen law school blog about that. In addition, we probably would not want to inadvertently get claims on assets as defined in the Moveable Transactions (Scotland) Act 2023, for example. We need to watch out for that.
Potential basic problems exist. Several academics—I do not know whether they are here, but I know that Professor Jill Robbie is one of them—do not agree that there is such a thing as property that is independent of the legal system. Therefore, there is an argument that, if you say in the bill that digital assets are independent of the legal system, you do not catch anything at all. It is an academically disputed subject—although I am not the academic, I am aware that various basic points of property law have been debated for hundreds of years—and I am a bit anxious that we do not go too far.
Before I hand over to colleagues, I will come back to immutability, which seems to be one of the critical points. There is an absolute view of immutability as meaning that something is completely unchangeable, but I do not know whether that is possible in any circumstances, whether we are talking about physical objects or otherwise. Notionally, it strikes me that a digital asset that clearly exists as ones and zeros in an electronic system can be alterable, but the system is designed not to be. Is the immutability test sufficiently robust and clear in law, in terms of meaning that the design function of the system cannot be changed, as opposed to the physical nature of the thing?
The immutability criteria are a bit uncertain. Immutability means that, once a transaction has been recorded in a ledger, it cannot be altered, changed or reversed. That is the standard model for blockchain technology and it is used by bitcoin, for example. Bitcoin has no identified issuer and there is no system owner or system operator, so the system is very decentralised. Anyone can participate in the system from anywhere in the world, and the identities of participants are unknown. Because of that, bitcoin needs the immutability feature in order for it to work. Of course, there is a trade-off: if there is a hacking error in the system, nothing can be done, because code is law. That is the idea behind it.
If we think of it as a relative concept, there are uncertainties about the threshold. There have been some recent developments. For example, Circle, one of the largest stablecoin issuers, is reportedly exploring whether transactions involving stablecoin can be made reversible in cases of fraud and dispute.
There are some other examples where it might be difficult to use that criteria. For example, in the decentralised autonomous organisation hack on the ethereum network in 2016, around 50 million US dollars-worth of ether crypto was stolen by a hacker. The ethereum community considered it and proposed implementing a hard fork to reverse the hack. The blockchain was rolled back and the funds were recovered. The majority agreed with that solution, but a minority did not, because they thought that the ledger was immutable and could not be reversed. The blockchain was split, which created two blockchains: the ethereum, which is the altered currency that we know the most about, and the ethereum classic, which has been unaltered. Both of those now exist. When we think about those kinds of examples, it can be difficult to see where the threshold is for immutability.
Another issue is how somebody, such as a consumer who wished to invest in digital assets, would know whether the system was immutable.
If no other members want to ask about immutability, I will hand over to Michelle Thomson, the deputy convener.
I will ask about a couple of areas. We have had quite a prolonged discussion about getting the balance right. The genesis, if you like, of the bill is in good legal principles, yet it is attempting to bolt something on that is highly complex and moving at pace with developments in technology.
One of the scenarios that I posed picked up the convener’s point about immutability and where autogenerated AI comes to the fore where, instead of someone changing something in the ledger, you have a thing changing a thing in the ledger. I do not want to go into detail to the nth degree on AI, but what I was trying to explore with the previous panel of witnesses was whether we have the framing of the bill right in terms of immutability, because that is a fundamental principle that is understood in law, but it is crashing into technology. I am using that as an example. Have we got the balance right? Do we need to go deeper, in guidance or understanding, or are we happy to let things evolve? I know that that is quite an open question—do not all rush at once. Dr Patrick, you smiled at me, so you can go first.
There is perhaps an even broader question as to whether immutability is relevant—what a digital asset is altogether. There is an argument that you just do not have any of this at all and that you say, “This applies to digital assets and doesn’t apply to these things.” In fact, I think that I proposed a replacement section 1 that ran—well, I will not read it out, but, in essence, it said, “A digital asset is something that exists, and it exists in an electronic system.” You might need to carve various things out, and then you will have something to work with afterwards.
Actually, there is one basic problem, which is how you transfer a digital asset. To my mind, we probably do not need the bill, because this is about incorporeal property. To my mind, all the various laws will just apply to it accordingly. However, there is one thing that you cannot do. The mechanisms for transfer do not work, because, in transferring incorporeal property, there are certain rules that you just cannot apply. Therefore, the courts would have to say, “Actually, no, we cannot give notice to anyone, but taking control of it is probably the same thing,” so the courts would probably eventually get there. To my mind, that is all that needs to be fixed and, otherwise, you could just go on without the bill. However, there are clearly other issues around that.
On immutability, a car, for example, can be property, but is a car immutable? We could change the engine in a car or paint a house red. It would still be property, but with a different characteristic.
I am not a lawyer and I am not claiming any expertise, but my simple view is that, if the framing of some legislation, even though it is simple, ticks the box that either protects people when something happens or engenders confidence for further activity—although it is quite light touch and I know that the situation is more complex than that—that is not necessarily a bad thing. I have expressed that simplistically, but I am trying to explore this. I used immutability and AI simply as an example—there may be other considerations—but what I am trying to explore from a legal perspective is whether the bill has the right touch.
Also, this is a slightly different thread, but the Faculty of Advocates consultation response referred to value and the fact that the provision on that should not be worded in the negative in the bill. I wanted to pick that up with you, but perhaps we can stay on the other question for now.
Generally, the Faculty of Advocates supports the recognition of digital assets as property in Scots law, because it improves legal certainty, which is important for businesses, individuals and the Scottish economy. Our difficulty is that the categorisation of digital assets, as generally thought of in the sense of cryptocurrency or non-fungible tokens, does not sit easily in the existing categories of Scots property law. That point was made by the expert reference group. It seems to be incorporeal movable property but, as Dr Patrick identified, the difficulty with that is that the rules around transfer of ownership require an assignation and an intimation, which does not fit well with digital assets. Therefore, the bill seeks to give legal certainty to the status of digital assets in Scots law, and that must be welcomed, for the reasons that I have discussed.
11:30You will have seen that the Law Commission of England and Wales produced a report that was in effect the starting point for some of the analysis north of the border. However, the problem is that it had pinned a lot of the law’s development on the courts by saying, “Well, all the nuances can be picked up and developed incrementally in common law.” The common law means what is developed by the judges who hear the right case that raises the appropriate issues. Our difficulty in Scotland is that we are a smaller legal jurisdiction, so the chances are that the right cases will come along less frequently. We have less of a profile when it comes to international commerce. Businesses often use English law for contracts that govern, for instance, the sale of digital assets, which means that two businesses might have a dispute outside the UK, but it is governed by English law and can be heard by the English courts. That gives the English courts an opportunity to develop the case law and some of the nuances around the meaning of digital assets and its treatment under the law.
We just do not have the same opportunities, which is why the faculty’s view is that the bill is important. It has been described as a foundation bill, which is correct, because it gives legal foundation to the status of digital assets in Scots law. So much more can be done, some of which you will have seen in some of the responses, which, for example, raised being able to give digital assets as security for loans. If you are giving digital assets legal status and want to encourage financial technology—fintech—businesses to come to trade out of Scotland, you want those businesses to have the full ability to use digital assets as security for loans.
Another example is debt enforcement. Under the law as it stands, there is some dispute around whether we have effective tools. Let us say that I am owed money and I obtain a court decree against somebody, but they hold assets not as bricks and mortar but as digital assets: how can I know that their assets are sitting as digital assets? Do I have access to that information? Even if I did and had a judgment for X amount of pounds, and the person had assets sitting as bitcoin, would the courts be able to enforce against those digital assets?
There is a whole landscape around that but, because this is a foundation bill, the faculty’s view is that it gives legal certainty and should be welcomed. The next step is to think about how we take a more holistic approach so that digital assets are properly protected within the legal framework and so that businesses and individuals who trade with people who own digital assets are protected as well.
You have given a very clear and comprehensive explanation, so thank you very much.
To bring in Professor Yüksel Ripley and Dr MacPherson, I want to get a sense of whether the bill’s framing as it is currently documented is in the right place.
I agree that the bill is important and see it as the first phase of law reform in Scotland, because further reform is needed in some of the areas that have been mentioned and, to add to the list, in private international law. The bill is important and has a foundational function, but some elements of it, particularly regarding definitions and scope, could be further considered if it is to achieve its full potential.
To pick up a couple of my earlier points, there are questions around “immutability” and whether that term will remain in the bill. If it does, it will strengthen the notion that there should be regulations that allow particular types of assets to be mentioned as falling under the definition.
There are alternative approaches to defining a digital asset, and I am perhaps more aligned with what Hamish Patrick suggested. In the Law Society’s response, we identified one possibility, which would be to refer to a digital asset as a thing that exists solely in electronic form or in an electronic system, that can be controlled in the way in which the bill envisions and that cannot be replicated. That could be an appropriate approach, in which case you would avoid making references to immutability and the independent legal system.
Lots of other areas that could be reformed have been raised. The Law Society’s position is pretty similar to the perspective of the Faculty of Advocates, which Mr Tariq laid out. The law on debt enforcement does not seem fit for purpose when it comes to digital assets. As indicated, if I want to know whether someone I have a court order against has digital assets, Scots law does not provide a mechanism for me to find that out. Even if I have that information, the mechanisms for enforcement diligences are not effective enough to enable me to be repaid the money that is owed to me. That means that, if someone wants to hide assets from creditors, they can do so by putting the money into digital assets and storing their value there. Insolvency processes give some remedies—I ordinarily do not want to push people into insolvency procedures unnecessarily—but, outside that, the law as it stands does not provide suitable remedies when it comes to debt enforcement.
The bill should be viewed as foundational. Property law provides an infrastructure and a framework that the rest of the law can build on. Other areas, such as insolvency law, should be looked at. Private international law has been mentioned. We might come back and talk in more detail about tokenisation, which was discussed earlier, but the bill is certainly a very useful starting point.
Do you want me to pick up on the AI point?
I am always open minded enough to hear more about AI.
Various things are on-going with AI that raise much larger questions. Generally, in law, including property law, we have subjects—people, whether they be natural persons, meaning human beings, or juristic persons, such as companies and partnerships—that can hold rights and own things. Then, you have legal objects, such as those that are to be defined in the bill, in which rights are held. At the moment, AI can be viewed in certain respects as a property object, whether in intellectual property terms or in other property terms. A point might come at which it is recognised as having legal personality in some form, but we are not there yet. When it comes to how AI would integrate with digital assets law, you must work your way through the relevant criteria to determine whether it is applicable.
Thank you.
Mr Tariq, the faculty’s commentary is that the bill’s good-faith provision is expressed in the negative and you would rather see it expressed in the positive, but I want to flesh that out a bit more.
Yes, I can explain that. A general rule in Scots law is the Latin maxim “nemo dat quod non habet”, which means that no one can give what they do not have. For example, if you have a pen, I cannot transfer ownership of that pen to the convener because it is your pen, I do not have the right to do so and my title is defective. That is the default position in Scots law.
There are already recognised exceptions to the default position, which are for policy considerations. In the bill, we are attempting to protect good-faith purchasers of digital assets, which is a policy decision that has been made. However, if that is the policy aim, the faculty has at least a concern, because the provision is expressed in the negative in section 4(2). It says:
“But a defect in a transferor’s title to a digital asset does not prevent the transferee from becoming its owner provided that the transferee acquired it in good faith and for value.”
That means that, if I am a good-faith buyer of a digital asset, I am not prevented from becoming the owner, provided I am in good faith and have paid value for it. However, “I am not prevented from becoming the owner,” is not the same as expressly saying, “I become the owner.”
That might be semantics, but I am a lawyer, so my concern is that the wording will potentially create difficulties down the line. If we are derogating from the default position in Scots law, we should explicitly say, “This is now the position, and because of this provision, a good-faith purchaser who has paid value becomes the owner,” as opposed to saying that they are not prevented from becoming the owner. You can see that, if it is framed in the negative, we might in a few years have to deal with the issue in litigation, because somebody might say, “Well, that’s maybe what the policy intent is, but the provision does not meet that intent.”
I envisage a more positive statement along the lines of this: “A transferee acquires title to a digital asset, provided that it is acquired in good faith and for value, irrespective of any defect in the transferor’s title.” That would make it a positive as opposed to a negative. It would achieve the same end, but it would simply provide more clarity.
That is very useful. Thank you very much.
We have touched on this already, so I will not go over the same ground, but I want to get your general thoughts on the record about how future proofed the bill is. If I understand the bill’s intention properly, it is a starting point. It establishes the existence of digital assets in Scottish law, and from that point onwards, we have the opportunity to bring in regulations, definitions, guidance and that kind of thing if we want. Given that it is just a starting point and the technology is emerging very quickly, what are your thoughts on the definition of digital assets and how future proofed it is? Have we largely got it right?
I think that the bill’s approach is to focus on the system—by specifying the system’s characteristics—to define digital assets. Given that that is the approach, there will always be questions about whether the system has those features and how that could be determined in advance.
Perhaps an alternative approach could be to define digital assets based on the characteristics of the assets themselves. Although digital assets are diverse in nature, the starting point could perhaps be to consider what the special characteristics of the digital assets that the bill intends to capture have in common. That could be a starting point to formulate a definition. For example, the concept of control has a central role in the bill, so that could perhaps be considered part of the definition. There are examples of that in other countries and in international instruments: article 12 of the uniform commercial code in the US; the Unidroit principles, which were inspired by the US model; and the Corporations Amendment (Digital Assets Framework) Bill, which was recently introduced in the Australian Parliament.
If the digital assets that the bill intends to capture are, in essence, electronic values that could be attributed to a particular person or a group of persons by systems, that could perhaps be a feature as well. Therefore, an alternative approach to the definition could be to start with the digital assets’ characteristics rather than the features of the system.
Given that the bill is what we have in front of us, is your recommendation that, although there are other approaches, its approach is adequate, or is your suggestion that we need to go back and change the definition?
It might be worth making an effort to reconsider the definition—particularly the parts on “rivalrousness” and the requirement for “immutability”—and ask whether it is the right one and whether it brings the full clarity that is needed in the area. Another point to make is that the definition should probably be followed by explicit carve-outs, as is the case with the US approach.
One particular point that I want to mention is electronic trade documents. The United Nations Commission on International Trade Law published a guide on legal issues relating to use of distributed ledger technology in trade. That guidance provided that, when an asset falls within the definition of a digital asset as well as under other legal definitions, such as that of an electronic trade document, it is important to determine which legal regime will prevail.
11:45That is also relevant to the bill and to Scotland, because if an electronic trade document meets the definition that is set out in the bill, it will be captured by the provisions in the bill. That might create some uncertainty, because there has already been some recent UK-wide law reform in the area through the Electronic Trade Documents Act 2023, so there will be uncertainty about which regime will need to be applied. The 2023 act already provides an adequate solution for electronic trade documents by ensuring functional equivalence between the paper, digital or electronic form of trade documents. There is also the possibility of a change of form.
Electronic trade documents are also very different from other types of digital assets. They are basically commercial documents in electronic form. Because of that, the bill will need to have an explicit carve-out for electronic trade documents, or there will be a dual regime for the paper and electronic forms of the same documents, and that would create uncertainty and potential barriers to trade. Scotland might therefore lose some of the benefits that it expects to gain from the recent UK-wide law reform on electronic trade documents.
That is a helpful contribution. Are there any other thoughts on the definition and future proofing?
I have expressed my views already that it should be simplified—I would love to deal with the word “rivalrous”. It will probably be the first time that the word “rivalrous” makes it into legislation anywhere in the world—and I do not agree with that, incidentally.
As far as carve-outs are concerned, I have already mentioned claims under the Moveable Transactions (Scotland) Act 2023, and we might also need to think about financial instruments and financial collateral under that act. Ironically, those can be transferred by transfer of possession and control—fancy that! That is what the financial collateral regulations say and we pasted it in so that it would fit in with the UK-wide and Europe-wide mechanism.
It might be that the bill will do the same thing because control for one purpose will be control for another, if it happens to be a digital financial instrument. There has been discussion of a number of those things. You might find that if you manage to transfer it by control under the new Scottish act, it will also work for the financial collateral regulations as imported into the Moveable Transactions (Scotland) Act 2023. However, I suspect that a distinction will need to be drawn so that we know which act we are doing those transfers under. In practice, we will do them under both, but we do not want to have to do that.
The Faculty of Advocates’ view is that the definition is appropriate to the purpose of the bill. It is at a necessary high level so that it is broad enough to capture technological advances. In its broadest sense, the term “digital asset” covers a wide range of different types of asset. It could be an electronic document, a digital image or a social media account, for example, and clearly the bill is not intended to apply to those. That is why we have a criterion that starts to narrow down the definition of “digital asset” to particular types of digital assets about which there is uncertainty in law, which is what the bill seeks to fix.
The bill does that by applying the criteria of the asset being rivalrous and having independent existence—that is, independent from the legal system. That narrows it down to the sort of crypto assets and non-fungible tokens that the bill is broadly directed at. We think that those are appropriate criteria. The criterion of a digital asset needing to be rivalrous excludes the wider categories of digital assets that I mentioned. For example, data can be used over and over again. Let us say that I have a digital image. That is a digital asset, but I can send you that digital image, Ms Slater, and I can send it to everybody else on the committee for example. The “rivalrous” criterion effectively carves that out.
If I have a £1 coin and I spend it, I cannot spend it again. If I have an apple and I eat it, I cannot eat that apple again. The criterion of rivalrousness is designed to carve out digital assets in that wider sense and to reflect the sort of technology that the bill is designed to protect.
The second criterion—existing independently from the legal system—separates these sorts of digital assets from other forms of incorporeal moveable property. Normally, those are legal rights. Let us say that I have a legal right or claim to be paid under a contract. That is incorporeal moveable property, but it does not exist independently from the legal system. If Scots law did not exist, I would have no claim. I have that claim because of the legal system, whereas the digital assets that the bill is designed to protect exist independently from the legal system. If there were no Scots law, there would still be the cryptocurrency, there would still be the apple and there would still be the book. The digital asset does not require the law to give it legal status in the sense that a legal claim would.
The faculty’s view is that those criteria are appropriate and are at the relatively high level that is necessary at this stage.
Just to clarify, do the electronic trading documents that Professor Yüksel Ripley mentioned exist separately from the law, or would that point need to be clarified in guidance or elsewhere?
Professor Yüksel Ripley, would you have views on that? I am not sure.
My view is that there should be an explicit carve-out, because of the reasons that I mentioned, for certain criteria.
So, it is not clear that those electronic documents do or do not exist separately from the law. That is interesting, thank you.
Do you have any thoughts, Dr MacPherson?
Yes. There are obviously different ways of achieving the policy objective. The way that it has been done so far seems to achieve it, broadly speaking, albeit that there may be questions on the basis of immutability in terms of technological neutrality, for instance.
It is definitely worth considering whether there should be carve-outs for certain specific types of thing. It would be sensible, I would suggest, to avoid having a dual regime in place for electronic trade documents. The bill is intended to focus on assets for which there is uncertainty at the moment and for which we need clarity in the absence of legal authority in Scots law.
We had legislation just a couple of years ago—the Electronic Trade Documents Act 2023—which is applicable across the UK and provides a regime for electronic trade documents. Those could be designed in such a way that they would fall under the definition in the bill. To my mind—this is also the view of the Law Society of Scotland—that would create an issue: it would create uncertainty about the relevant rules that would apply where there is some sort of conflict between the legal outcomes under one regime or the other.
I have already mentioned that the Law Society identified an alternative formulation if terminology such as “rivalrousness” or indeed “independently from the legal system” were to be avoided. I think that, generally speaking, “independently from the legal system” works. As has been mentioned, even if you were to remove Scots law and the Scottish legal system entirely—I hope that that never happens, but if it did—you would still be able to point to something and say, “That is a cryptocurrency,” or to identify another type of crypto asset.
There may be borderline cases, such as central bank digital currencies, where the technology may be available but the status of such a currency in actually being representative of a central bank currency may depend on the legal system, in which case it might not meet the test. On that basis, there may be another argument for regulations allowing that to be included if the policy intention is for it to be included.
That is useful.
I will move to my second question, which touches on tokenisation. Tokenisation is a key growth area in the sector, but it is not mentioned directly in the bill. We have heard a lot of evidence on how tokenisation is used in conjunction with digital assets, and on how it can be used in conjunction with normal assets—physical things that we are all used to dealing with.
What are the legal barriers to the development in Scotland of tokenisation that could be addressed in the bill? Is there something that is being missed that we should be looking at?
There are a few things to consider. First, the bill would provide a solution with regard to tokens and their transfer. The larger question, which is something that Professor Yüksel Ripley and I have written about recently, is whether the transfer of a token can transfer a linked asset—something that it represents, whether that is a painting, a piece of antique furniture, shares, a debt instrument or whatever else. That is the big point of uncertainty in Scots law.
This is just an example; I do not want to commit myself to liability, because I realise that this is being filmed and there are lots of witnesses. At the moment, if I wanted to write a note that said, “I owe you, Ms Slater, £1,000”, that would be representative of a debt that I had to you—it would be a kind of IOU. However, if you wanted to transfer that right against me, you would have to follow the rules of Scots law. You might have a representation—a physical token—of the debt. In Scots law, there are certain things that, over decades or centuries of usage, custom and legal authority, we have allowed to represent an underlying right or thing. For example, bills of exchange—
Are housing deeds an example, or is that a totally different thing? I am sorry; I am opening up a whole thing—do not go there. [Laughter.]
Those things would be part of the process of transfer of a right of ownership. You need registration in the land register for those. You also have things such as bills of lading in relation to shipping. Those documents can represent goods that are being shipped. We do not know what the position is in Scots law regarding whether the transfer of an electronic token—including under the bill, if it were to be passed—would mean that the linked asset would also be transferred.
That is not made clear by the bill. Something else would be needed.
No, the bill does not make that clear. However I do not think that it would be sensible to do that in the bill, because you would have to look at the entirety of Scots law. There are certain types of asset for which it would be sensible, in the relatively near future, to provide certainty, especially—if I may enter Dr Patrick’s territory—financial instruments, shares, debt instruments and so on. To some extent, the law on corporeal movables—goods such as paintings, antique furniture and so on—potentially enables the use of tokens because the relevant legislation, which is the Sale of Goods Act 1979, provides that ownership will transfer between us whenever we intend for it to transfer. If ownership is represented by a token and I transfer a token to you, that would seem to suggest that ownership transfers at that point in time. There are potential complications around that. It does not have authority, such as case law or legislation, to back it up, beyond what is in the 1979 act in the broad sense. Therefore, at some point, we would need more authority, given how much of a potential growth industry tokenisation is and the value that can come from tokenisation of assets, as far as things such as fractional ownership are concerned and allowing a wider range of people to have a stake in the financial system.
At the moment, it is a point of uncertainty. Although the bill would enable us to have more certainty about when the tokens transfer in the same way that we might have a representation of an asset in some physical form that allows for the asset to be transferred, we do not know whether it transfers an underlying right.
That is really helpful. If I have understood you correctly, the bill is not the place to include that aspect, but we need to come back to it—and fairly urgently, because it sounds as though that is needed.
May I disagree with Dr MacPherson? I think that it is certain that tokenisation does not work, except for bills of lading and bills of exchange. Another very important factor is that bills of lading work because they work internationally—because of the development of bills of lading in the 18th and 19th centuries as part of an internationally recognised mechanism. It is not going to do you much good to tokenise something that then moves around. There are broader issues around that. You must have the isolation of the asset recognised. At the moment, and for many years, various types of investment have been traded by way of what are called American depository receipts. You trade an American depository receipt rather as you would a token. You have taken an investment that is owned by a custodian, who holds the asset. You get someone who is pretty solvent—sometimes, you ring fence the investment with other types of protections—and you trade the ADR. That is great and it works fine. Various other tokens are exactly like that, but unless you have the underlying asset tied down in some way, it ain’t gonna work internationally.
It could work for something that is purely in Scotland. You could probably tokenise Scottish land, for example, but we would probably not want the French to do that, because, if you think about it, why could you not tokenise all the sheep in Switzerland, or something like that, and then start trading in that way? You cannot, and it is going too far to say that you can.
12:00
With regard to the legislation in front of us, are you suggesting that we should add something?
For trading the token, I agree—I do not think that you need to add something to say, “By the way, a token is the digital asset”, because it would normally fall within the criteria.
I would dispute another thing, which is the point about the wording, “independently from the legal system”. I am probably in the other academic camp here, but I do not think that anything is property unless the legal system recognises it as property. There is a reason why the US constitution was changed, on the abolition of slavery, to say that people could not be property. As an example, you get exam questions such as “Do I own my body?”; “Why don’t I own my body?” is one of the favourite questions in property law exams. It exists, but the law says whether or not it is property. It might be a thing, but it is not property.
If I may respond quickly, there is a difference between legal recognition of something—something being recognised in property terms—and its existing in a factual sense beyond the law, which is, in essence, what I think is trying to be captured here.
I disagree with Hamish Patrick in the sense that I think we actually agree about tokenisation and transfer, because, in my view—I think that it is also the broader view of the Law Society—you basically have to look at the underlying law for the linked asset. If a token represents something, although it may represent it, in relation to doing the transfer, which is obviously the key thing—acquiring ownership from someone else—you have to look at the relevant underlying law. It cannot be done in relation to the transfer of land, because you need registration in the land register, and tokenisation or the transfer of a token does not do that. It might be feasible on the basis of the sale of goods, if you comply with the legislation with regard to the sale of goods, so you would have a token that represents a corporeal movable. With regard to financial instruments, claims and so on, you basically have to follow the relevant law in relation to the transfer. We do not have legal authority that suggests that tokens would represent those things in the same way that a bill of exchange could represent a debt or a bill of lading represents goods. It is possible that a court could determine that on the basis of custom and usage, but it is definitely uncertain at the moment. Because we do not have clarity about that, you would have to fall back on the existing law for transfer of the relevant linked assets.
I have a supplementary question. Dr Patrick, a little while ago, you made what I think was a throwaway comment, but I just need to ask about it. You said that this would be the first time in any jurisdiction that “rivalrousness” would have been defined. Could we have some clarity on that? Is it used elsewhere in law, and, critically, is “immutability”—
I am not the academic here—I did my PhD about 35 years ago—and, as a non-academic, I am not aware of the word “rivalrous” being used elsewhere. To my mind, “rivalrous” is a term that has been developed over a number of years, academically, as a way of describing how you would own things—what ownership is. It is a collection of characteristics that determine what ownership might be. To my mind, that is what the courts do anyway. If you said that it was a thing, that is what the courts would do—determine the characteristics of ownership. There is case law, which I think is largely English, in which the point is gone into, so I do not want to push it too far.
However, there is a bit of me that thinks that the use of “rivalrous” is putting a term out there that is not actually a term of legal art, from the practitioner’s perspective. I would be telling my clients, “You see this word ‘rivalrous’? We’re not utterly sure what it means, but there’s an explanation in this section that says what we think it means.” I would probably find it easier to explain to clients whether something was a thing than to explain whether it was rivalrous. That is why, in my response, I commented that I am not sure that you can define “rivalrous” sufficiently.
I understand that point. Mr Tariq, as a KC, you might well have to use the legislation in your day-to-day work. The two critical terms are “rivalrous” and “immutability”. Are they well-established terms in Scots law or broader law? Are they sufficiently clear? I am interested in that narrow point.
Those terms are not well established in Scots law, because we are dealing with new concepts, which is why there is a need for the bill. My view is that the terms would be understood because of the way in which they are used in the bill and in the explanatory notes. The words have not been dreamt up just for the purpose of the bill; there has been a bit of a history with the Scottish Law Commission and the expert reference group considering the matter. My view is that, for the purpose of certainty or clarity, the terms are sufficiently clear.
That is helpful.
Good afternoon. The bill refers to “control” and uses “exclusive control” as a proxy for possession. We have touched on this already, but, in this context, would we benefit from “control” having a specific legislative definition?
Who wants to answer first? I will pick on the Aberdonians. Professor Yüksel Ripley, could you answer first, please?
In our response to the Scottish Government’s earlier consultation, we raised the point about “exclusive control” for consideration. The concepts of “control” and “exclusive control” are emerging in legislation in this area in other countries and in international legal instruments.
Professor MacPherson, could you answer next?
Yes, although it is “Dr MacPherson”. Is that my promotion confirmed? [Laughter.]
Well, the sign in front of you says, “Professor MacPherson”, so I would take that as a given.
Excellent—that is much appreciated.
It is certainly necessary to have some reference to “control” when it comes to digital assets. In jurisdictions around the world that are wrestling with the applicable and relevant law in relation to digital assets, “control” is referred to, because, in practice, that is how people exercise abilities in relation to such assets.
The term “exclusive control” is helpful because, if we focus on non-exclusive control, it can get quite problematic as far as the acquisition of ownership is concerned. For example, if I have a private key and share it with Hamish, Usman and Burcu, it can be said that multiple parties have control. If I intend to transfer ownership to each of them in turn, we get into real difficulties because multiple parties have control over the asset. In that context, the term “exclusive control” makes sense because, although there are issues with equating digital assets with corporeal moveables, as far as acquisition of ownership goes, there is some comparability with the notion that, if there is direct natural possession, only one person can have that possession, albeit that they might share it with someone else if they are co-owners and so on. The concept of “exclusive control” is similar. Non-exclusive control in a broader sense does not match up in the same way, because lots of different people can have control.
Dr Patrick?
I do not disagree with anything that has been said. I am keen to come in later when we discuss possession.
Grand. Mr Tariq?
I agree with what has been said. I think that “exclusive control” is the right phrase. We do not need to define “control” beyond that. If we try to do so and to be prescriptive, that will become a hostage to fortune. The courts can properly deal with such issues if the need arises.
Is the use of rebuttable presumptions a suitable mechanism to deal with real-world situations in which the owner does not have control or the person with control is not the owner?
Who wants to come in? I dinna see anybody jumping in to answer these questions.
I will jump in if you want.
Please do, Dr Patrick. Thank you.
The use of rebuttable presumptions is a good practical mechanism, because it is a basis for starting the argument and also for reversing things. By that I mean we could say, “You have control, but you should not really have control, so let us reverse that.” Actually, “reverse” is the wrong word in this context. We could say, “Let us try to transfer it on or recreate it to provide some sort of remedy.”
From a practical perspective, I do not have a particular issue with rebuttable presumptions in general or the way in which they are expressed in this part of the legislation.
Using them seems to be a sensible approach to adopt. It recognises what happens in reality. It also means that, as with other property, we can have a separation between ownership and someone being in possession or, indeed, in control of something. Maybe they are in control because they have been given the asset voluntarily, or because they are an agent or custodian in some capacity. In that context, having control ordinarily means that they have the ability to transfer the asset on to another party. Even though they are not the owner, they might be representing the owner. In that case, the approach seems to work.
Would you change any aspect of this part of the bill?
Again, I am seeing no one who wants to come in.
Is this where I get to make my possession argument? [Laughter.]
You can wait for that, Dr Patrick.
As nobody wanted to come in on that question, I will move on. Is there a need for Scotland-specific technical guidance for the courts on dealing with issues such as control?
My view is that there is no need for Scottish-specific technical guidance. The courts are well used to dealing with the concept of control in other contexts. Therefore, there is not a need for such guidance on the technical aspects of what control means.
Does anyone have a different view, or are you all agreed on that point?
It is difficult. Going back to my point about financial collateral regulation, the Treasury is considering possession and control at the moment, and it is having difficulty with those concepts in that context. I suspect that it will end up with a relatively generic approach to control, which the courts will work out.
Good afternoon. I want to hear your views on the issue of developing a potential remedy. At the moment, no one is breaking the law on that, because it does not exist. However, as soon as the bill becomes an act, people could potentially start breaking the law regardless of whether they intended to do so. Should a specific remedy be developed that looks different to what we have at the moment, to establish whether a crime has been committed in that sphere?
There are a few different things that need to be separated out. I suspect that the assets that would be covered by the bill would already be recognised as assets within Scots law—they would be property objects. The issue is that we do not have confirmation of that, or certainty about the rules on acquisition.
We also need to separate out the criminal issues. We already have legislation on the proceeds of crime, which deals with cryptoassets to an extent. We also have regulatory regimes, but we need to think about private law remedies, which is where the bill comes in.
I do not know whether we will come on to talk about good-faith acquisition. The Law Society of Scotland favours having a rule based on acquisition in good faith and for value, but in such a situation there might be multiple innocent parties. There might be someone whose assets have been hacked—for example, through a private key being stolen or by some other method—and if we were to have a good-faith acquisition rule they would lose out, because another party who had acquired the assets from the hacker in good faith and having given value would become the owner.
In such a situation, we need to remember that there are potentially two innocent parties: the one who has been hacked and the one who has paid money to receive something. There is a danger then of someone—or, indeed, someone whom they have passed or sought to pass ownership on to later down the line—turning up and saying, “Actually, I’m the owner.” That can really damage people’s faith in the operation of those systems. It is perhaps not realistic because of pseudonymity and the quick nature of those transactions, and it might have a freezing effect on the ability or the willingness of parties to use those systems, especially in accordance with Scots law.
12:15On the question about the remedies that the party who has been hacked might have, at the moment they would have to rely on the remedies that exist in the wider law. That could be on the basis of delict, which is the area of law relating to wrongful acts—the person has perhaps been defrauded or there might have been some sort of wrongful interference with their property—or the person might rely on so-called unjustified enrichment, where someone else has been enriched in a non-legally valid way.
There might be an argument in favour of having bespoke provision on digital assets, where relevant remedies would be specified in relation to an interference or the defrauding of someone—for example, the party who is the wrongdoer would perhaps have to transfer back the asset itself or the equivalent value of that asset. In general, recognising digital assets as property would give more certainty that someone could get their property back. If the law were to say that those are property, they would get various vindicatory remedies to allow them to get that property back if someone had taken it illegally.
So, we do not have to develop new, custom or bespoke remedies to deal with that stuff.
You might need some on the civil side, as Dr MacPherson said. There is all this talk of hacking but, in actual fact, it could happen by accident—for example, if an agent who is trading assets for you for one reason or another has your private key, you might give them an instruction but they transfer the wrong asset. You might have some sort of negligence claim against them, and there might be an argument about why they did that.
If you own another sort of asset and your agent has transferred it to someone else, we are back to the nemo dat rule that we mentioned earlier—we speak of little else—which means that the asset can be recovered directly by the person. We are back to asking who is losing and for what reason.
Through the good-faith acquisition rule, we would introduce a specific situation in which someone would be sort of expropriated; it is about whether there is a gap. I cannot recall which of the submissions contained some stuff on the issue, but similar situations arise under the Sale of Goods Act 1979 where the allocation of risk is thought about. Potential gaps might need to be thought about so that there is no unfairness and someone is not left too high and dry, as it were, because they cannot establish fraud, negligence or enrichment to get their stuff back.
Mr Tariq and Professor Ripley, is it likely to be more difficult to establish a crime in that area than in what we might call more traditional crime areas?
I will first touch on the civil side, then come to the criminal side. On the civil side, the law is flexible enough to provide remedies so we do not need anything on remedies in the legislation. As I said earlier, where gaps might exist is at the other side. Let us say that you obtain a remedy from the court, which is a judgment in your favour; it is then a question of how you go about enforcing it when someone’s assets lie in digital assets. Although that is a problem slightly further down the line, it is still, in the broad sense, a remedy problem—you are trying to get an effective remedy in Scots law. As I said, that might require wider consultation and perhaps follow-up legislation.
In relation to criminal law, I suspect that the difficulty will always be that it is difficult to trace digital assets—they do not respect boundaries or borders, so it is very easy to move some asset out of this jurisdiction and, potentially, out of the reach of Scots criminal law. However, that problem exists with various types of technology.
Professor Yüksel Ripley, have you any comments on that?
Yes. The fact that particular types of digital assets, such as cryptoassets, have specific features, such as pseudonymity—you do not know the true identity of the parties or their location, which has already been mentioned—and the fact that those systems are global mean that the effectiveness of remedies could be a bit limited in practice. It is very likely that, if there is a hack, the hacker is in another country and cannot be identified. Some digital assets have that feature. Cryptoasset tracing is complex as well.
In future innovations in that area, other types of digital assets that we could see—particularly the ones that banks or traditional financial institutions will issue—might have mechanisms built into their ecosystems to deal with hacking errors or fraud cases, perhaps mimicking some of the elements that the current financial system has for dealing with such issues.
Arguably, the bigger issue is not about the substantive remedies but about the civil procedure rules that exist in Scotland, which affect the ability to effectively raise an action against an alleged wrongdoer. At the moment, Scots law is very restrictive about raising actions against persons unknown. If all you know of the wrongdoer are the details of their relevant account, that is very difficult to do—indeed, as things stand, Scots law might not actually allow the raising of an action against that person. Problems also come with the service of relevant documentation on them, because you do not have their address or other details about them. Mr Tariq is the litigator among us, so he might have views on that point.
There are certainly complexities—[Laughter.] Potential solutions exist. For instance, it might not be a matter for legislation but simply for reform of court procedure so that, if you want to raise an action against a party and you see that digital assets are held in that jurisdiction, you are able to raise it against persons unknown. However, that would present procedural difficulties for the court. Moreover, if you were to obtain a judgment against persons unknown, how would you actually enforce it, beyond the mere fact that the digital asset possibly has some link to the jurisdiction? Those issues are very complex and probably require significant consultation, including with the courts, to see how we could tackle them.
With that, we have come to the conclusion of our questions. I thank our witnesses for their very insightful contributions. You have given us yet more to think about—I am not sure that we are entirely thankful for that. We will go away and contemplate your evidence during our deliberations.
12:23 Meeting continued in private until 12:42.Previous
Attendance