Smart Contracts, DeFi and AI: Innovative Business Ideas and their Legal Challenges in IT Law

In a recently published LinkedIn post, it was announced that the interface between smart contracts, decentralized financial systems (DeFi) and artificial intelligence (AI) will be explored in greater depth. This complex of topics is not only technologically exciting, but also legally challenging – especially with regard to business models that operate in the regulatory gray area or question existing legal norms.

The merging of these technologies opens up new markets and application scenarios, but also brings with it considerable uncertainties in terms of contract law, data protection, liability and regulation. This article presents five innovative business approaches that exemplify the potential, but also the legal risks, of these developments.

Automated financial advisors based on DeFi

Technical concept:
The combination of DeFi protocols and AI-based analysis systems creates autonomous financial advisors that manage portfolios, perform market analyses and make investment decisions – all automated and without human intervention.

Legal issues:

• Legal nature of the smart contract: The classic elements of a contract (Section 145 ff. BGB) – in particular offer, acceptance and intention to be legally bound – are not always present in purely technical execution commands. As a rule, a smart contract cannot be equated with a legally binding contract in the civil law sense, but should rather be regarded as program logic.
• Financial supervisory permissibility: Depending on the design, the use of such systems may fall under the licensing requirements of the German Banking Act (KWG) or the German Securities Institutions Act (WpIG), in particular if investment advice or asset management within the meaning of Section 1 (1a) KWG is involved.
• Data protection and IT security: Access to personal financial data requires compliance with the GDPR, in particular the principles of Art. 5 and Art. 6 GDPR. The focus is on questions of consent, purpose limitation and data security.
• Liability for wrong decisions: Who is liable in the event of an investment loss due to an incorrect AI recommendation? Providers of such systems should have appropriate contractual liability clauses and technical audits.

DeFi lending platforms with AI risk assessment

Technical concept:
Loans are granted via smart contracts, while AI systems carry out real-time creditworthiness analyses based on behavioral data, social scoring or transaction histories.

Legal issues:

• Discrimination risks: The use of AI for lending is subject to the General Equal Treatment Act (AGG). If algorithmic systems lead to structurally disadvantageous results, for example through indirect discrimination in accordance with Section 3 (2) AGG, this can have legal consequences.
• Regulatory requirements: Lending is subject to the requirements of the German Banking Act, the Consumer Credit Directive and the PSD2 Directive. An AI-supported credit check must map these requirements technically and organizationally.
• Responsibility and liability: In the case of algorithmic errors, the question of tortious or contractual liability arises. It is conceivable that developers, platform operators or data suppliers are jointly responsible.

Smart contracts for automated insurance

Technical concept:
Insurance benefits are processed automatically. AI recognizes events (e.g. flight delay, accident) and triggers a payment via smart contracts.

Legal issues:

• Permissibility of automated decisions: According to Art. 22 GDPR, there is a ban on automated individual decisions with legal effect, unless there is explicit consent or a legal basis.
• Insurance supervision: The Insurance Supervision Act (VAG) stipulates extensive organizational requirements for insurance companies. The use of automated systems must not undermine these.
• Risk of manipulation and fraud: Smart contracts are rigid in their execution. Manipulation of the data feed (so-called “oracles”) can lead to the payment of unauthorized claims. Security architectures and “failsafes” are absolutely essential.

Decentralized trading platforms with AI price determination

Technical concept:
AI is used to analyze supply and demand in real time. Prices are set dynamically, taking into account macroeconomic data, social media trends and trading volumes.

Legal issues:

• Market manipulation: Incorrect or intentionally manipulated price calculation could violate the provisions of market abuse law (e.g. MAR Regulation). Automated systems must be programmed in such a way that no market distortions occur.
• Transparency and traceability: Algorithms must be able to explain their pricing decisions. Black box models are problematic from a regulatory perspective, as they could violate transparency obligations.
• Liability for incorrect prices: Here, too, the question arises: Who is liable in the event of grossly incorrect pricing? Non-liability clauses in the general terms and conditions regularly come up against the limits of §§ 307 ff. BGB.

AI-supported identity verification in DeFi environments

Technical concept:
Identity checks are carried out using AI – for example through biometric procedures, behavioral analysis or document scans. These procedures replace traditional KYC processes in decentralized environments.

Legal issues:

• GDPR compliance: The use of biometric data falls under Art. 9 GDPR and requires explicit consent. In addition, high data security requirements (Art. 32 GDPR) and accountability obligations apply.
• Error rate and discrimination: Facial recognition software is often criticized for having above-average error rates for certain ethnic groups. The use of such procedures may conflict with Art. 5 para. 1 lit. a GDPR (lawfulness, processing in good faith).
• KYC/AML obligations: DeFi providers will also have to adapt to stricter regulatory requirements in the future. The Travel Rule (FATF recommendations) and national AML regimes are increasingly demanding the collection and verification of user data – even in pseudonymized environments.

Conclusion: Between innovation and regulation

The combination of smart contracts, AI and DeFi has the potential to restructure entire industries. At the same time, in many cases the legal framework is unclear, contradictory or has not even been created yet. Anyone developing or implementing business models in this environment should not only keep an eye on the technical implications, but also the legal challenges.

It is highly recommended:

• contracts and technical processes at an early stage,
• actively monitor regulatory developments (MiCA, DORA, AMLD6 etc.),
• and establish mechanisms for the allocation of responsibilities and IT compliance.

Legal certainty is not an obstacle to innovation – on the contrary, it is a prerequisite.

Author: Marian Härtel

Marian Härtel ist Rechtsanwalt und Fachanwalt für IT-Recht mit einer über 25-jährigen Erfahrung als Unternehmer und Berater in den Bereichen Games, E-Sport, Blockchain, SaaS und Künstliche Intelligenz. Seine Beratungsschwerpunkte umfassen neben dem IT-Recht insbesondere das Urheberrecht, Medienrecht sowie Wettbewerbsrecht. Er betreut schwerpunktmäßig Start-ups, Agenturen und Influencer, die er in strategischen Fragen, komplexen Vertragsangelegenheiten sowie bei Investitionsprojekten begleitet. Dabei zeichnet sich seine Beratung durch einen interdisziplinären Ansatz aus, der juristische Expertise und langjährige unternehmerische Erfahrung miteinander verbindet. Ziel seiner Tätigkeit ist stets, Mandanten praxisorientierte Lösungen anzubieten und rechtlich fundierte Unterstützung bei der Umsetzung innovativer Geschäftsmodelle zu gewährleisten.