The answer for this question is still debated within the related work groups of the Hong Kong government agencies. There are two white papers released by the Hong Kong Monetary Authority on November 11th, 2016 and October 25th 2017 in which they explain the progress in regulations related to Distributed Ledgers. I will refer to these papers when answering this question.

A considerable degree of liability would be imposed on the issuer of the token, the degree of exposure of the issuer liability will depend on the structure of the scheme and the private agreements between the issuer and the token holders. The more centralized the control of the issue of the token, the greater the potential liability of the issuer. In the DigixDAO scheme, the issue of tokens is made by smart contracts and such operations are done autonomously beyond the control of the DigixDAO entity. In this type of scheme, liability will depend on the technical integrity of the smart contract code, many DAO style projects implement a policy of transparency by clearly documenting their technology and open sourcing their code for public audit and inspection.

The liability on the token holder arises out of the level of security that the Token Holder operates to protect his private key. The private key is essential to produce transactions on the blockchain and the token holder has full responsibility for the security of the private key, which can be accomplished by using further encryption, password access or an external device for enhanced protection. In some circumstances losing the private key can result in the complete loss of access to the tokens stored, although recovery systems such as a mnemonic or physical recovery device may be used to regain access. Legal protection only offers some retroactive measures such as criminal prosecution of hackers under computer crimes legislation in Hong Kong, but this is conditioned on the law enforcement’s ability to sufficiently track down the aforesaid hacker.

Reactive measures can include the collection of KYC documentation such as national identity card/driver’s license/passport information, proof of address etc. Such measures may also be necessary in order to comply with relevant anti-money laundering and counter terrorist financing legislation.

A contractual agreement requires an offer and acceptance (to establish mutual assent), consideration (anything of value exchanged) and an intention to create legal relations. As to offer, acceptance and mutual assent: In Annex G of the Whitepaper 2.0 on DLT published by Hong Kong Monetary Authority, it is suggested that hierarchy groups 1 and 2 – the core group and validation nodes – are parties to the ‘distributed ledger contract’ given that without them the system would not work. Even if some members of DLT hierarchy groups 1 and 2 do not wish to enter into legally binding relations, the fact they participate in the system knowing that third parties will rely upon it, may turn their participation in the distributed ledger into legally consequential conduct. In particular, in the Bitcoin blockchain individuals who wish to participate in the ledger join the network – and declare their consent to the disclosed modus operandi – by downloading the freely available Bitcoin software and thus volunteering their computer to run the Bitcoin ledger software.

Sources

• Whitepaper 2.0 on Distributed Ledger Technology, Hong Kong Monetary Authority