A metaverse unleashed by blockchain technology raises big questions for digital, financial and data regulators the world over

Blockchain is seen as a critical technology to the expansion of a decentralised infrastructure that includes an independent digital economy within the metaverse. There are many applications of blockchain, although its main use, for now, is in cryptocurrencies and tokens. Crypto tokens or coins can carry financial value but blockchain also enables the creation of a digital token that represents something unique and specific.

Tokens, or non-fungible tokens (NFTs), also create the potential to empower a player through the possibility of owning in-game assets. We're starting to see video-games companies looking to use NFTs in a number of ways, including as a way of selling official digital merchandise or for the creation of user-generated content. For example, globally popular video games such as Axie Inifinity and Ghost Recon Breakpoint already incorporate NFTs and cryptocurrency.

The potential of blockchain is undeniable in the context of the metaverse but it comes with its own challenges. These include: the environmental impact of some blockchain systems and, regulatory concerns around metaverse marketplaces that allow players to earn money in the real world – as with the recent "loot box" debate where video games mechanics mirror those in the gambling industry.

Cryptocurrency and NFTs

Cryptocurrency and NFTs will likely become significant in the metaverse owing to their ability to certify digital content as being unique. Accordingly, this will create scarcity and value throughout the metaverse with content that would otherwise be infinitely available.

Moreover, real-world value can be attributed to NFTs, giving them an additional level of authenticity. Although there are already well-known marketplaces for NFTs, it is conceivable that the growth of in-game NFTs could give rise to new monetisation models and peer-to-peer marketplaces in the metaverse. Official peer-to-peer marketplaces could even assist in reducing the need for "black marketplaces" (for example, e-commerce platforms facilitating the illegal sale of in-game items or currency) and additional royalties could be charged on subsequent sales of items.

NFTs also enable value that is created in the metaverse to be exported into the real-world economy, which has not previously been possible. Given the increasing interest and values for some NFTs in recent real-world auctions, this could be a big boost for the growth of the metaverse.

Another exciting prospect is portable NFTs, whereby in-game NFTs can be ported across or used in other games or worlds within the metaverse. While this is generally not possible today, demand is expected to grow from players who want to be able to use their digital assets across the metaverse, and not just in a specific game.

Despite these opportunities for cryptocurrency in the metaverse, several important challenges remain. One of the most notable of these is crypto's environmental impact. While business are increasingly conscious of the green credentials, the Ethereum blockchain, on which most NFTs are stored, has a high energy demand and carbon footprint due to its proof-of-work system. Although there are alternatives to Ethereum with proof-of-stake systems, this transition largely hasn't happened yet and there is little change in practice in crypto and NFT context.

Another issue which must be addressed is what NFTs actually represent, and what is being bought and sold. This needs to be absolutely clear in the metaverse. Moreover, from a legal perspective, there must be a solid understanding of what intellectual property rights are actually in NFT sales.

Token regulation: Germany and the EU

NFTs are already regulated in the metaverse in the same way as other tokens. There has been a sharp increase in the use of NFTs, the metaverse and tokens generally throughout 2021 and 2022. It is important to distinguish between the various types of token, as different regulatory regimes may apply. For example, currency, utility and security tokens all carry different rights and are used for different purposes. Accordingly, they are not regulated uniformly.

Another key differentiation is that between standard and fractional NFTs. While neither type has a specific token category, standard NFTs are characterised by the fact that they are unique, non-divisible, and non-interchangeable. They can incorporate a variety of rights, such as: representing a specific right regarding an asset; providing holders with a right of access to goods and services; or representing ownership of asset, granting token holders similar rights to securities. Fractional NFTs, on the other hand, are not unique, are divisible and are interchangeable. They can also incorporate a variety of rights, such as representing a specific right regarding a fraction of an asset; providing holders with a right of access to goods and services; or representing ownership of a fraction of an asset, granting token holders similar rights to securities.

While there are currently no specific laws regulating initial coin offerings, security token offerings and NFTs in Germany, this should not be considered a legal carte blanche as tokens and NFTs can still be regulated. Regulators will take the approach of "substance over form" when deciding what regulations apply to individual tokens. Depending on their structure, regulators will examine tokens to see what category it falls into and how it may be regulated.

General financial regulations

In Germany, general financial regulations may to initial offerings and coin trading; in particular, this could take the form of licensing and prospectus requirements.

Tokens and NFTs are transferable securities within the meaning of EU Prospectus Regulation and the German Securities Prospectus Act. Therefore, prospectus and further requirements of the token issuer apply to security tokens, standard NFTs and fractional NFTs. Moreover, as tokens and NFTs are investment products within the meaning of German Investment Products Act, prospectus and further requirements will apply as a rule to an issuer of tokens and NFTs since there is no representation of economic advantage.

In addition to these regulatory requirements, trading platforms may also be required to have licences in certain circumstances. For example, if tokens are considered financial instruments or securities. Again, case-by-case analysis is required here; if tokens are pure utility tokens with no investment component, they may not be crypto assets. However, if tokens have a payment component and are technically tradeable, then they may be considered crypto assets.

The 2020 Markets in Crypto-Assets Regulation (MiCAR) may also have an impact in this area. While MiCAR will probably not enter into force before 2023, it will serve as a catch-all regulation, which will replace some national regulations and form an independent regulatory regime for issuance and trading. It will have a far-reaching definition of crypto assets. It is comparable with Markets in Financial Instruments II for financial instruments.

Ownership and NFTs

Buyers of digital artwork may receive a record of ownership in the form of an NFT. Key clauses should be present in contracts for the purchase of NFTs to ensure the buyer's rights are protected. Purchasers would normally hope to receive to right to access the NFT for display on specific channels or technology, publicly display for personal use, lend the NFT for inclusion in exhibitions or projects, and resell.

Owners need to remember that, while they may own the NFT, they may not own the intellectual property rights behind the NFT unless these are assigned to them. In Singapore, the Heart Media Case is a recent example of a dispute that emphasised the importance of clear contractual terms in agreements for the distribution of NFTs. This was the first NFT litigation in Singapore but more is likely as the market develops; in particular, as negligence and breach of duty of care are applicable causes of action.

The GDPR's scope

It is important to consider the territoriality scope of the General Data Protection Regulation (GDPR). With regards to article 3.2 of the GDPR, one question that arises is how an activity can be directed at EU residents through the metaverse. This is due to the fact that a data subject will have a location in the metaverse but will also have a separate, physical situation. This is likely to give rise to a new interpretation of the GDPR that may not have been anticipated at the time of its drafting.

Data collection in the metaverse will also be a big issue, as it is likely to occur on a vast scale. New uses of data will be thrown up by the metaverse and extensive processing will occur, which will be at odds with the principles of data minimisation in article 5(c) of the GDPR. The metaverse implies the processing of numerous types of personal data, including biometric data, which raises the question whether the processing of so much data is necessary for the proper functioning of the metaverse. This may lead to considerable modification of the terms and conditions of those who interact with the metaverse.

The value of data will also need to be considered. Under article 20 of the GDPR, data subjects have the right to receive personal data relating to them. Accordingly, metaverse operators are required to allow portability and interoperability of data gathered in the metaverse. This should enable users to switch between platforms, which will likely lead to a loss of value between operators as interoperability erodes the value of processed data. Portability is a major risk in this context since a huge amount of data will be transferred in the metaverse.

A final concern is that of the security of data in the metaverse, in particular under article 32 of the GDPR. The regulations are strict about imposing measures appropriate to the security risk. Accordingly, users may well see an increase of cyber risks correlated to the increase of exposure in the metaverse.