by Sunil Gadhia, Ferdisha Snagg, and Andreas Wildner
On 3 February 2023, the Court of Appeal of England and Wales, Civil Division (the “Court”) handed down judgment in the litigation between Tulip Trading Limited (“TTL”) and a number of core developers of software in respect of four bitcoin networks.[1]
The Court found that it was properly arguable that software developers may owe fiduciary duties to owners of cryptoassets on their networks, and that these duties may in certain circumstances require developers to introduce a software patch with the effect that an owner’s assets are transferred into safety, e.g., where the owner’s private key had been lost or stolen.
This alert memorandum sets out the key points of the judgment and explores its wider implications.
Context
The Court of Appeal’s decision follows a number of legal and regulatory developments that have sought to ensure that the law keeps in step with the cryptoasset industry.
One of the earliest of these developments was the UK Jurisdiction Taskforce’s “Legal Statement on Cryptoassets and Smart Contracts” (the “UKJT Statement”). Amongst other things, the UKJT Statement considered that cryptoassets could be treated as property under common law, albeit that they do not fit neatly within the existing conventional categories of property under English law.
The same position was gradually reached by English courts. Initially, courts recognised cryptoassets as property only implicitly, for example, by ordering cryptoassets to be seized under provisions of the Proceeds of Crime Act 2002[2] or granting a freezing order in respect of cryptoassets.[3] Finally, in 2020, an English court explicitly recognised that “crypto assets such as Bitcoin are property” for the purposes of English law.[4]
In July 2022, the Law Commission, an independent statutory body created to keep the law of England and Wales under review and to recommend reform where needed, published an extensive consultation paper on digital assets (the “Law Commission Consultation”).[5] The Law Commission Consultation, which covers a wide range of topics, recommends recognising a new category of property (data objects) to properly accommodate cryptoassets in English law. It also puts forward analyses of the legal characterisation of cryptoasset transactions and of various services that are provided in respect of cryptoassets.
Against this background, the claim brought by TTL raises the question of whether software developers in charge of servicing a cryptoasset network may owe fiduciary duties to owners of cryptoassets on that network.
Facts
The Court of Appeal’s judgment arises in the context of a challenge to the English courts’ jurisdiction. This challenge required the Court to rule, amongst other things, on whether there is a serious issue to be tried on the merits of the claim, i.e., whether the Claimants can show a real, as opposed to a fanciful, prospect of success.
The claim had been brought by TTL. TTL argued that it was the owner of a substantial amount of bitcoin, but that, as a consequence of a hack, the private keys necessary to access or move these assets were lost (presumably stolen).
TTL commenced legal proceedings against a number of developers. On the assumed facts,[6] each of the relevant bitcoin networks is supported by certain software (“client software”), which embodies the rules applicable to the respective network, and which participants need to run in order to participate in that network. Changes to the source code for that client software can only be implemented by the developers, because only they have the password to access the relevant code database. On that basis, TTL claimed that:
- the developers controlled and ran the relevant bitcoin networks;
- the role the developers assumed and the power they had meant that they should be considered to owe certain fiduciary duties to bitcoin owners; and
- such duties required them to implement a software patch that would resolve TTL’s problem, either by transferring the relevant bitcoin to a new address TTL would have access to, or by ensuring that TTL regained control of the assets in their existing locations.[7]
The defendant developers challenged this position, relying on the decentralisation model of cryptoasset networks. The specific points they put forward were that:
- the developers were part of a large and shifting group of contributors without an organisation or structure;
- the remedy TTL sought would go against the core values of bitcoin; and
- the remedy TTL sought would be ineffective because miners would refuse to run the necessary software update, and such disagreement would more likely lead to a fork in the networks rather than resolving the issue.
At first instance, the court held that TTL had no realistic prospect of establishing that the defendants owed fiduciaries duties of the kind alleged (with the consequence that service of the claim forms outside the jurisdiction would be set aside).[8] In particular, the judge had held that:
- developers are a fluctuating body of individuals and, as such, could not be deemed to owe continuing obligations (e.g., to remain as developers and make future updates);[9]
- TTL’s case that the developers owed fiduciary duties was based on a combination of the allegation of an imbalance of power and the entrustment of property to the developers—–but imbalance of power was not sufficient to justify imposing fiduciary duties, and the property could not realistically be described as entrusted to software developers;[10]
- the defining feature of fiduciary relationships was the fiduciary’s obligation of undivided loyalty to their principal. TTL’s demands (which would be for its benefit alone, and not for the benefit of other token holders) would be inconsistent with a single-minded loyalty that developers, if found to be fiduciaries, would owe to other token holders;[11]
- if TTL’s claim were allowed, the developers might be exposed to liability, possibly in other jurisdictions, in relation to rival claims to the bitcoin in question—and token holders could not reasonably expect developers to have assumed such a risk;[12] and
- it was well established that fiduciary obligations generally imposed certain restrictions on fiduciaries rather than requiring positive steps to be taken, and, whilst courts have in the past required fiduciaries to perform certain positive actions, the duties contended by TTL would go well beyond precedent.
Decision
The Court of Appeal unanimously allowed the appeal against the first instance judgment. Whilst this does not amount to a conclusive finding that the developers did owe fiduciary duties to owners of cryptoassets on their network, the Court held that there was a serious issue to be tried, and, therefore, that TTL’s claim should not be dismissed at a preliminary stage.[13]
The Court noted that the role of fiduciaries was defined by reference to certain key characteristics. These include “acting for or on behalf of another person in a particular matter” and “that there is a relationship of trust and confidence between the putative fiduciary and the other person”, factors which are to be assessed objectively.[14] The Court considered it at least arguable that, assessed objectively:
- developers were a sufficiently well-defined group to be capable of being subject to fiduciary duties;[15]
- developers exercised control, authority and discretionary decision making, on behalf of other people, including miners and bitcoin owners;[16]
- given that developers controlled access to the source code,[17] owners of bitcoin had, in a sense, “entrusted [their property] into the care of the developers”;[18] and
- therefore, developers were fiduciaries.
Some additional findings supported the conclusion that this position was arguable, including that developers arguably owed at least some kind of fiduciary duty, namely the duty “not to introduce a feature for their own advantage that compromised owners’ security”.[19]
Reiterating that the essence of fiduciary duties was “single minded loyalty” to software users,[20] the Court then considered the possible content of the relevant duties. Again, the Court considered it to be arguable that the developers’ duties may require them to take positive steps in certain circumstances, including, possibly, the duty TTL claimed—i.e., the duty to implement a software patch that would allow TTL to regain access to its bitcoin.[21] In connection with this conclusion, the Court noted TTL’s assertion that the developers’ role (e.g., introducing changes to the source code once a bug is identified) may involve the taking of positive steps.[22] This is relevant for two reasons: first, given that developers controlled the access to the source code and could therefore prevent anyone else from changing it, it was arguable that they would have positive obligations to do so, possibly as part of fiduciary obligations.[23] Secondly, and in any case, it would be wrong to consider the developers’ usual role as limited to negative obligations (i.e., merely subject to certain restrictions) but not requiring any positive steps. In truth, the novel aspect about TTL’s claim is merely the circumstances in which the requirement to take positive steps (i.e., to introduce a change to the system’s source code) would arise. That would not be enough to deny that TTL’s claim had any realistic prospect of succeeding.[24]
In terms of next steps, unless the developers obtain permission to appeal to the Supreme Court, and pursue such an appeal, TTL’s claim will now proceed to trial. At trial, with the benefit of full evidence in respect of all relevant facts, the court would then reach a definitive decision on whether the developers owed fiduciary duties to token holders and what exactly the scope of such fiduciary duties is.
Commentary
A relatively uncontroversial but important point coming out of the judgment (albeit obiter) is that it seems now beyond any doubt that cryptoassets are already recognised as property in English law.[25] Moreover, the Court highlighted a key characteristic of cryptoassets like bitcoin, which is that the “holding of it by one person necessarily prevents another from holding that very thing at the same time.”[26] This characteristic had been pointed out previously in the Law Commission Consultation, where cryptoassets were described as “rivalrous”. This express reference to, and endorsement of, the Law Commission Consultation by the Court may be seen as an indication that the Law Commission Consultation is likely to assume broader relevance in pointing the way for English law to develop in this area.
Another interesting observation in this regard is the comparison of bitcoin to physical money: a “physical coin has properties which exist outside the minds of people who use it and in that sense is tangible. Bitcoin is similar. It also has properties which exist outside the minds of individuals, but those properties only exist inside computers as a consequence of the bitcoin software. There is nothing else.”[27]
The Court’s allusion to the hybrid nature of cryptoassets like bitcoin—being between a pure intangible asset (chose in action) and physical property (chose in possession)—is also a key theme of the Law Commission Consultation. In recognition of that hybrid nature, the Law Commission Consultation proposes that cryptoassets be recognised as a third category of property (data objects).[28] The Law Commission Consultation considers how to characterise the relationship between a person who “holds” or “has” a data object, and proposes to describe this relationship as “control”.[29]To be considered to have control of a data object, a person would need to be able (1) to exclude others from the data object; (2) to put the data object to the uses of which it is capable; and (3) to identify themselves as the person with the abilities specified in (1) to (2) above.[30] The Law Commission Consultation also considered that “in systems that generate and maintain rivalrous data objects through public-private key cryptography, the person in control will be able to exclude others from the data object as a practical matter by controlling access to their private key.”[31] If TTL were to succeed in its claim, and the developers required to restore TTL’s access to the relevant bitcoin, that might raise questions in respect of this conception of “control”.
The Law Commission Consultation also proposes that the “good-faith-purchaser for value defence” to the “nemo dat quod non habet” (no one may give what they do not have) principle should extend to data objects.[32] This would mean that a purchaser who acquires a cryptoasset from a seller with a defective title (e.g., a thief) in good faith without awareness of that defect in title would acquire full ownership of that asset and be immune from future claims of the “rightful owner”. Again, if TTL were to succeed in its claim, that might also raise questions in this regard.
The nature of bitcoin also has a bearing on the core question in the case of whether the Court was right to hold that it was arguable that the developers might owe fiduciary duties to bitcoin owners.
As the Court emphasised, “the facts of this case…are new and quite a long way from factual circumstances which the courts have had to examine before in the context of fiduciary duties”. The Court duly identified that “the right response of the common law is [not] simply to stop and say that incremental development cannot reach that far.”[33] The common law develops through analogising novel cases to existing concepts. Here the Court has shown once more that the English judiciary is willing to deploy long-established and fundamental English legal principles to the decentralised cryptoasset sphere.
One can question, though, whether a finding that fiduciary duties do exist in the circumstances would be consistent with the purpose and nature of fiduciary duties.
Fiduciary duties are intended to prevent fiduciaries from acting other than with single-minded loyalty to their principal.[34] They do so by preventing fiduciaries from benefitting from their fiduciary position or maneuvering themselves into situations where they are under a conflict of interests. Of course, fiduciaries may owe a range of other, non-fiduciary obligations; for example, company directors owe a range of fiduciary obligations as well as non-fiduciary duties.
The ongoing integration of cryptoassets in English legal and regulatory frameworks will likely lead to the recognition of numerous new rights and obligations, to ensure that commercial actors play by rules and legal risks are appropriately allocated. Whether this particular litigation will result in the recognition of new duties remains to be seen, but it seems unlikely that the decentralisation of cryptoasset networks will always be available to actors in this space as a shield from legal responsibility.
Cryptoasset service providers and other players in this industry will therefore do well to take all possible legal risk management steps, for example, where applicable, clear and robust contractual arrangements that define the rights and obligations of the parties and seek to exclude non-contractual duties as far as possible.
Footnotes
[1] Tulip Trading Ltd v van der Laan and others [2023] EWCA Civ 83 (the “Court of Appeal Judgment”), accessible here. Paragraph references in this memorandum are references to parts of the Court of Appeal Judgment, unless otherwise indicated.
[2] R. v Teresko (Sergejs), 11 October 2017, unreported, noted in [2018] Crim. L.R. 2018, 81-84.
[3] Vorotyntseva v Money-4 Ltd (trading as nebeus.com) [2018] EWHC 2596 (Ch), official judgment available here.
[4] AA v Persons unknown [2020] 4 WLR 35, at [59].
[5] Law Commission, “Digital Assets: Consultation Paper” (CP 256), July 2022, accessible here.
[6] See paragraphs [28] to [31].
[7] See paragraph [38].
[8] Tulip Trading Ltd v van der Laan and others [2022] EWHC 667 (the “High Court Judgment”), accessible here.
[9] See High Court Judgment, paragraph [75].
[10] See High Court Judgment, paragraph [73].
[11] See High Court Judgment, paragraphs [76]-[79].
[12] See High Court Judgment, paragraphs [80]-[81].
[13] See paragraph [91].
[14] See paragraphs [70], and also [42] and [48].
[15] See paragraph [86].
[16] See paragraphs [72], [74], and [79]-[80].
[17] See paragraphs [28]-[32].
[18] See paragraphs [86] and [78].
[19] See paragraphs [75]-[76].
[20] See paragraphs [42], [76], and [84].
[21] See paragraph [86].
[22] See paragraph [73].
[23] See paragraph [78].
[24] See paragraph [85].
[25] See paragraph [24].
[26] See paragraph [24].
[27] See paragraph [72].
[28] Law Commission Consultation, chapter 4. The Law Commission Consultation proposes that data objects should comprise (i) data represented in an electronic medium, including in the form of computer code, electronic, digital or analogue signals, which (ii) exists independently of persons and exist independently of the legal system; and (iii) is rivalrous (chapter 5).
[29] Law Commission Consultation, chapter 11. The Law Commission discusses whether the concept of “possession”, largely restricted to tangible property (i.e., physical objects) could be extended to data objects, but considers that this would for several reasons be impractical (paragraphs 11.56 – 11.75).
[30] Law Commission Consultation, paragraph 11.91.
[31] Law Commission Consultation, paragraph 11.93.
[32] Law Commission Consultation, paragraph 13.84.
[33] See paragraph [71].
[34] See paragraph [42].
Sunil Gadhia is a partner, Ferdisha Snagg is counsel, and Andreas Wildner is a trainee solicitor at Cleary Gottlieb Steen & Hamilton LLP. This article first appeared on the firm’s website.
The views, opinions and positions expressed within all posts are those of the author(s) alone and do not represent those of the Program on Corporate Compliance and Enforcement (PCCE) or of the New York University School of Law. PCCE makes no representations as to the accuracy, completeness and validity or any statements made on this site and will not be liable any errors, omissions or representations. The copyright or this content belongs to the author(s) and any liability with regards to infringement of intellectual property rights remains with the author(s).