Information requirements for SaaS providers: Blockchain and AI in a legal context

Competition law

Competition law, a fundamental pillar of economic law, was created to ensure balanced and fair competition between market participants. It serves as a shield for businesses and consumers alike, preventing unfair business practices and promoting a fair market. The Unfair Competition Act (UWG) plays a key role here. It serves as a guide and set of rules to ensure that companies conduct their business practices in a way that is neither misleading nor unfair to their customers.

However, in the ever-evolving technological landscape, where innovations such as blockchain and artificial intelligence (AI) are becoming more prevalent, the UWG does not provide specific guidance. There is no explicit regulation that requires companies to inform their customers about the use of these advanced technologies, especially when they are working in the background of their services or products. This could be seen as a loophole in the law for some, as the use of such technologies can often have profound effects on business models and consumer experiences.

Nevertheless, the lack of direct guidance in the UWG does not mean that companies have carte blanche to use technology as they see fit without regard to the impact on their customers. The core principle of the UWG remains in place: Companies may not mislead their customers. Thus, if the use of a technology, be it blockchain, AI, or any other, results in customers being deceived – whether intentionally or unintentionally – and this deception influences their purchasing decisions or contract commitments, this may very well be considered a violation of the UWG. It is the responsibility of each company to ensure that it acts in the best interest of its customers and maintains the integrity of the marketplace.

Data protection Law

In an era when digitization permeates nearly every aspect of our lives, data protection law has taken on a crucial role in protecting the rights and freedoms of individuals. The General Data Protection Regulation (GDPR) represents a milestone in this context. As a comprehensive set of European rules, it aims to harmonize and strengthen the protection of personal data throughout the European Union. It specifies not only which data may be collected, but also how this data may be stored, processed and passed on. The principle of transparency is at the forefront here.

In the rapid pace of technological development, where advanced technologies such as blockchain and artificial intelligence (AI) are becoming increasingly common, the question arises as to their compatibility with data protection regulations. These technologies have the potential to revolutionize data processing operations, but also offer new challenges in terms of data protection. Companies that use such technologies have an obligation to clearly and understandably explain in their privacy policy how and why they use these technologies. This serves not only to comply with legal requirements, but also to build consumer confidence.

However, it is crucial to understand that the GDPR primarily focuses on the protection of personal data. This means that technologies that do not process or store such data are not necessarily subject to the same stringent requirements. Nevertheless, companies should always strive to respect the privacy and security of their users and ensure that any technologies deployed are in line with applicable data protection standards.

Copyright

Copyright protects the rights of creators and artists to their works. There are clear rules about how works may be reproduced, distributed, and made publicly available.

With respect to technologies such as blockchain and AI, there are no specific rules in copyright law. Companies are not required to inform their customers about the use of such technologies unless they use copyrighted works of third parties. In such cases, companies could be required to acquire licenses or inform the rights holders.

Requirements of the AI Act

The AI Act introduced in 2021 is a significant step toward regulating AI technologies. It sets out clear guidelines under which circumstances companies must inform their customers about the use of AI.

The law focuses mainly on AI systems with high risk potential. This means that not all AI systems are covered by the law. Only those that require certification because they are considered potentially hazardous must comply with the requirements of the law.

Conclusion

The legal landscape around technologies such as blockchain and AI is complex and constantly changing. While there is currently no direct legal obligation to disclose such technologies, it is advisable to do so for reasons of transparency and consumer protection. Companies should always consider the purpose and risk potential of the technologies they use and ensure they are acting in the best interest of their customers.