The metaverse and Web3 involve a variety of regulatory challenges. The EU’s Digital Services Act, Artificial Intelligence Act and the various cybersecurity standards are current examples of a dynamic regulatory environment that is being driven particularly at European Union level. At national level, the provisions of the Telemedia Act (“TMG”), the Network Enforcement Act (“NetzDG”) and the Interstate Treaty on the Protection of Minors in the Media (“JMStV”) also bear relevance to metaverse and Web3 application environments.
Like the technology that powers them, the regulatory framework that applies to the metaverse and Web3 is still in its infancy.
For example, the EU is currently legislating on a special form of product compliance for artificial intelligence systems by way of the Artificial Intelligence Act. The legal requirements it sets out for AI-based products are of central importance to the metaverse and Web3, and aim to create a legal framework for trustworthy AI that will safeguard EU fundamental rights while encouraging businesses to develop AI systems that will populate the metaverse and Web3. The question of who is responsible for possessing, controlling and processing the data generated in the metaverse and Web3 also triggers a host of regulatory challenges. The EU will at the same time lay down a new legal framework for non-contractual liability provisions concerning AI applications and amend the Product Liability Directive, all with the aim of simplifying the enforcement of liability claims by requiring the disclosure of evidence and by alleviating the burden of proof.
Finally, the EU’s proposed Cyber Resilience Act is to create the basis for binding and harmonised cybersecurity requirements for products with digital elements. These special requirements also extend to metaverse and Web3 application environments, and will increasingly create cybersecurity standards that are strictly regulated by law.
While these regulatory developments are in many respects still in the very early stages, the European Union is stepping up its efforts to drive them forward. More extensive sharing of information, cross-border cooperation and mutual assistance will increasingly guarantee the effective enforcement of regulatory requirements in virtual environments such as the metaverse and Web3 in the European Union. As digitalisation advances, so too will the tasks, powers and measures of the competent authorities – including the power to impose substantial fines.
At national level, the provisions of the Telemedia Act (Telemediengesetz, “TMG”), the Network Enforcement Act (Netzwerkdurchsetzungsgesetz, “NetzDG”) and the Interstate Treaty on the Protection of Minors in the Media (Jugendmedienschutzstaatsvertrag, “JMStV”) in particular bear relevance to metaverse and Web3 application environments. A key point is that national laws also apply to providers based in an EU Member State if these laws serve to protect specific goals, including the protection of minors. Messenger, group chat, and e-mail services offered by metaverse and Web3 application environments may be subject to the Telecommunications Act (Telekommunikationsgesetz, “TKG”) as interpersonal communication services following the fundamental revision of the Act in December 2021.
