Hanover, 16. January 2024 | The metaverse opens up a multitude of opportunities for activity and social interaction and harbours enormous economic potential. According to an analysis by McKinsey & Company, the metaverse could be worth up to USD 5 trillion by 2030. For comparison: Germany’s gross domestic product in 2022 was around 3.88 trillion euros (around 4.1 trillion dollars).
Industrial applications are also of interest to companies, for example in mechanical and plant engineering and as a digital twin for development, maintenance and training.
This article provides an overview of the concept and functioning of the metaverse and presents the general legal framework. The legal problems currently under discussion will be discussed in detail in the next Compact “Metaverse and legal problem areas”. Both Compacts are based on EU and German law.
The Metaverse in the Legal Framework (1)
Sara Nesler, Mag. iur. (Torino), LL.M. (Münster)
Antonia Herfurth, LL.M. (Göttingen), attorney at law in Munich and Hanover
What is the metaverse?
The term metaverse was first used in 1992 in the dystopia “Snow Crash” by Neal Stephenson. A concrete definition does not exist. However, it mainly refers to a virtual environment in which users pursue social, economic and cultural activities through their customised avatars and interact with content and objects that are created by a large number of contributors and are interoperable. Interoperable means that they are able to work together with other systems as seamlessly as possible. This creates a kind of virtual reality. In the words of Mark Zuckerberg: “The metaverse is an embodied internet that you are in, rather than just looking at”. Thanks to virtual reality and augmented reality technology, users in the metaverse can, for example, shop in virtual shopping centres, attend virtual concerts and meet colleagues and potential customers in a virtual office.
One metaverse or many metaverses?
The metaverse cannot be seen as a replacement for the internet. Rather, a metaverse is an internet application, comparable to a website. For this reason, there are several metaverse platforms with different functions and special features.
Decentraland and Sandbox are among the most established platforms in the narrower sense that replicate the real world and are based on the Ethereum blockchain. Users can help shape the platform using real-time 3D technology and their own mini-games, as well as programme and sell other content. Goods such as virtual land, equipment and clothing for avatars can be purchased using the platform’s own currencies MANA and Sand, which can be exchanged for euros.
Other platforms focus on social interactions, such as Horizon Worlds from Meta, or on the working environment, such as Microsoft Mesh from Microsoft, an immersive mixed-reality platform that serves as an extension of Microsoft Teams and is designed to allow meetings with holograms in a virtual space. Game-based platforms such as Fortnite and Roblox are also successful. 75% of children between the ages of 9 and 12 in the USA already have a Roblox account.
However, the different virtual worlds could be connected by interfaces so that a standardised “metaverse” could exist in the future. In any case, the term metaverse is already used today to describe the phenomenon in general, beyond the characteristics of the individual platforms.
Which law applies in the metaverse?
Nobody controls the metaverse
“Nobody controls the metaverse” is one of the (unofficial) rules of the metaverse. This is because it was conceived as an open, decentralised area. But this does not mean that the metaverse is a legal vacuum. Which law is applicable in individual cases, however, is a complex question.
As in Web 2.0, depending on the combination, connecting factors such as the law of the platform operator and the law of the country of origin of the person concerned apply. International regulations such as the UN Convention on Contracts for the International Sale of Goods and regulations of international private and criminal law may also apply. The transfer of general regulations to the digital world is sometimes problematic. In order to avoid the resulting legal uncertainty, the existing metaverse platforms determine the applicable law in their general terms and conditions.
General terms and conditions of the platforms
General terms and conditions are provided by one party to the contract, in this case the platform operator. The other party, be it a private or commercial user, must accept these terms and conditions in order to be able to use the platform. While Horizon Worlds declares Irish law, and thus EU consumer law, and Roblox California law to be applicable, other platforms, such as Sandbox, enforce the application of legal systems that are exotic from a European perspective, such as that of Hong Kong. Decentraland’s general terms and conditions are even more unusual. There, a decentralised autonomous organisation (DAO) is supposed to govern the platform. This should allow users to co-decide on relevant issues. In the event of a legal dispute, an arbitration tribunal in Panama is responsible. For users, this means that although mandatory law, such as consumer law, takes precedence over the provider’s general terms and conditions, the enforcement of claims is made considerably more difficult in many areas.
The rule “Nobody controls the metaverse” hides a pitfall: The controller is first and foremost the metaverse platform itself. It cannot be taken for granted that it will behave correctly towards users. Art. 15 of Decentraland’s general terms and conditions, for example, is striking. The platform grants itself the right to block an account at the DAO’s discretion without prior notice and without giving reasons. According to the general terms and conditions, Decentraland is also not obliged to grant access to information related to the account. Such a sudden and incomprehensible block would have a devastating effect on commercial users and is likely to be illegal, at least in the EU. The statement that all decisions regarding blocking are made by the DAO is probably not sufficient to fulfil the transparency requirements of Art. 14 of the Digital Services Act (DSA). It is also doubtful whether the requirements of Art. 20 DSA regarding the internal complaints management system are complied with.
Who controls the controller?
Under normal circumstances, the competent authorities have powers to issue injunctions, impose fines or periodic penalty payments or take interim measures in the event of a breach of the law, but this can be complicated depending on the structure of the metaverse platform. While Meta, Microsoft and the Roblox Corporation are companies in the traditional sense, with a registered office and management, Decentraland calls itself a “foundation”. Its registered office is not disclosed and the identity of the people on bodies such as the DAO Committee is only known by their user name (Kyllian, Tobik, RizkGh). In addition, the use of the Ethereum blockchain means that shares in the “foundation” cannot easily be legally assigned to a person. This lack of transparency, hidden behind the pretence of independence, would make it extremely difficult for a competent authority to enforce measures.
In recent years, the development of e-commerce, combined with the sometimes difficult relationship between platforms and their commercial users (see
Alliuris Compact “Trading platforms and competition”, April 2021), has shown how important the intervention of the competent authorities can be to limit the abuse of power on the part of platforms. In 2019, for example, the German Federal Cartel Office was able to persuade Amazon to change its terms and conditions regarding the cancellation and blocking of merchant accounts, the place of jurisdiction in the event of disputes, the handling of product information and many other regulations.
Unlike a few years ago, the Digital Markets Act, the Digital Services Act and, in Germany, Art. 19a of the German Competition Act are important instruments available to the authorities today. However, it is essential that the implementation of the new laws is not circumvented by anchoring metaverse platforms in the blockchain. If a metaverse platform refuses to cooperate with the competent authorities in the name of “independence”, a state has the right to completely block the platform as a last resort; similar to the blocking of Facebook in the People’s Republic of China.
Who is my business partner?
Another aspect that repeatedly causes legal problems in the metaverse due to the use of blockchain technology and cryptocurrencies is the difficulty in identifying the parties involved. This is because they often use pseudonyms. The traceability of traders when concluding distance contracts with consumers is essential for effective consumer protection and must be guaranteed within the EU by online platforms (Art. 30 DSA). Metaverse platforms that do not comply with these rules are acting unlawfully. However, it can also be important for companies to know their business partners beyond everyday transactions, such as buying a T-shirt, or in this case, a digital T-shirt for their own metaverse avatar. In addition, companies that fall under the German Money Laundering Act must also carry out an identity check in the metaverse in accordance with Section 11 (1) of the Money Laundering Act, regardless of the technical design.
In conventional e-commerce, the contractual partner is usually identified at the latest during the payment process, even for digital goods that are not delivered to the consumer. However, if cryptocurrencies are used, this no longer applies, depending on the design of the platform. Unlike a bank account, crypto assets are not legally assigned to a person. Only the holder of the private key has power of disposal, comparable to a password that grants access to a so-called crypto wallet.
If a consumer appears in the metaverse as “Kitty23”, neither his identity nor his location are known. This means that a retailer does not know whether their general terms and conditions are valid and which warranty rights the contractual partner is entitled to. A general obligation to use a clear name, i.e. the obligation to use a service with one’s own first name and surname, does not exist in the metaverse or on the internet in general. In Germany, a clear name obligation in relation to other users is even legally excluded by Art. 19 of the German Telecommunications-Telemedia Data Protection Act.
Whether this also applies in relation to the platform itself has not yet been conclusively decided. Clarification in this regard and an obligation on the platform to forward the necessary consumer data to authorised contractual partners and the authorities is desirable as part of the development and dissemination of metaverse platforms and cryptocurrencies. Alternatively, the development of decentralised identity management with the possibility of identity confirmation would also be conceivable. Although anonymity allows users a great deal of freedom, it is difficult to reconcile with the principles of the legal system, especially if it prevents the tax registration and identification of offenders.
Outlook
The law of the metaverse is still in its early stages of development and it is currently impossible to predict which principles will prevail. Individuals wishing to invest in a metaverse platform or companies wishing to operate in the metaverse should obtain comprehensive information about the platforms they are interested in and their terms of use in order to avoid legal mistakes. The next Compact “Metaverse and legal problem areas (2)” presents some legal areas that should be considered.
+ + +