**4. Artificial intelligence and blockchain: the need for a joint study**

Recent developments in AI are the result of increased processing power, improvements in algorithms, and exponential growth in the volume and variety of digital data. Many AI applications have begun to enter our daily lives, from machine translations to image recognition to music generation, and are increasingly being implemented in industry, government, and commerce. Connected and autonomous vehicles and AIsupported medical diagnostics are soon-to-be-common application areas.

Now, for the other to happen, there must be a communication between the machines that must be validation and with a high level of certainty and control. For this reason, we consider that joint action, if it is not obvious that it must take place, will be important. In fact, it is an issue that is being debated more and more globally.

In this context, a question of trust, transparency, reliability, speed, and effectiveness in automatic electronic transactions arises.

The emergence of new traceability and authentication systems, such as blockchain, can make it possible to record assets, transactions, and participants, which can provide valuable information about origin and history.

In this way, solutions based on blockchain can enable the rapid detection of possible illicit or defective actions within the system itself, products to illicit markets. In this way, it is evident that the deployment of digital technologies, such as blockchain, is key to the development of AI.

In this context, Regulation (EU) 2018/1807 of the European Parliament and of the Council, of November 14, 2018, regarding a framework for the free circulation of nonpersonal data in the European Union, arises from the need to establish administrative

cooperation, based on the review of the European Interoperability Framework; however, with this standard we only intend to make you see that development is a reality.

Now, it should be borne in mind that the current regulations have not yet recognized the specific characteristics of the contracts that may arise, and neither blockchain technology nor artificial intelligence, it is true that in the cloud environment (computing), things have been developed in UNCITRAL.

For example, in the absence of direct legal regulation of AI, article 12 of the United Nations Convention on the Use of Electronic Communications in International Contracts, which establishes that a person (either a natural or legal person) on whose behalf a programmed computer was used should be responsible for any messages generated by the machine. However, in the explanatory note, UNCITRAL makes it clear that this article is an enabling provision and should not be misunderstood as transforming an automated message system or a computer into a subject of rights and duties. Electronic communications that are generated automatically by a computer or messaging system without human intervention should be interpreted as "coming from" the legal entity on behalf of which the computer or messaging system operates. The issues relating to the subject of the action that could arise in this context must be settled in accordance with rules outside the Convention, which returns us to the previous point. In any case, in our opinion, it is of vital importance to establish a legal framework, especially in an international context, in which its real applicability is included [11].

To give security to the transaction to be carried out, blockchain arises, as a decentralized technology, which entails some legal uncertainties, such as the legal nature of blockchains and shared digital records, which includes problems of judicial jurisdiction and applicable law; thus, each network node may be located in a different place as there is no "central party" responsible for the digital registry, whose nationality could serve for regulation.

As we say, as the Internet becomes part of everyday life, the need arises to study the adaptation of private international law systems to the new demands [12]. For this reason, our intention is to analyze, deepen the debate, and respond to the problems, succinctly raised, in order to contribute, as far as possible, to give certainty to the responsibility, due diligence, contracts on intelligence systems artificial, as well as the condition of artificial intelligence and the attribution of its acts of legal significance and the use of blockchain technology in the formation of smart contracts, to mention some pertinent issues, as we say, from a private international law perspective.

#### **4.1 The existing international law**

The agreements attributing jurisdiction included in the underlying contract are relevant to the extent that they are effective in accordance with the rules of our private international law system (in principle, in accordance with the provisions of Regulation 1215/2012 – Brussels Reg. I bis), which significantly restricts its operability in transactions with consumers.

Aside from these transactions, it will be necessary to observe the eventual incidence of special rules such as that of article 25.2 Brussels I bis Regulation with respect to the written form in electronic contracting, presupposition of the effectiveness of the agreements attributing jurisdiction. Likewise, the situations in which the special jurisdiction of article 7.1 Regulation 1215/2012 becomes applicable must be observed, and it may be controversial to what extent the automation of certain benefits

conditions the determination of the place of fulfillment of the obligation for the purposes of that rule.

In relation to the applicable Law, we are going to bear in mind issues that have to do with the meaning of the automated fulfillment of certain commitments and its interaction with the underlying relationship between the parties. The basic criterion is that the provisions of the Rome I Regulation (including its specific consumer protection regime and the application of rules transposing the Directives on consumers) must be followed in principle in relation to the underlying transaction between the parties, without ignoring that the application of certain provisions may be a source of controversy—for example, its art. 14.2 and the specification in this framework of the place of compliance—as well as that other regulatory instruments may also be relevant.

For example, the origin criterion of the Directive on electronic commerce in relation to the contractual aspects included in the coordinated scope of the Directive when it is applicable. It will also be necessary to take into account the existence of issues subject to autonomous connection, among others, the ability to contract and, very especially, everything related to the applicable regime in terms of personal data protection, in which it will be necessary to comply with the provisions in article 3 RGPD regarding the need to comply with its provisions in the situations included within its scope of territorial application.

However, notwithstanding the foregoing, the evidentiary effectiveness to accredit transactions or other circumstances within the framework of judicial proceedings will in principle be determined, as a procedural matter, by the lex fori.

In the context of the EU, Regulation 910/2014, regarding electronic identification and trust services for electronic transactions in the internal market and which repeals Directive 1999/93/EC, is of particular relevance for these purposes.

#### **4.2 Problems associated with AI, blockchain**

All this in accordance with the principle of preexistence of existing law. Now, in the underlying contractual relationship we are going to find cases in which the technology can be given a non-nationality, as we have seen before, and we may encounter problems in the connection criteria, cross-border insolvencies that blockchain detects, etc., are problems that, if not now, they will be over time, when artificial intelligence advances and also companies evolve to the cloud.

Why?

The blockchain poses different risks because of the technology and the way of operations: One of the main problems that will affect the blockchain is the inability to control and stop its operation. In addition, the lack of control over the operation can lead to the lack of responsibility of the company that manages the platform. Let us think that, in its simplest form, blockchain is a decentralized technology or a distributed ledger in which transactions are recorded anonymously. This means that the transaction ledger is simultaneously maintained on a network of unrelated computers or servers.

Therefore, the allocation and attribution of risk and responsibility in relation to a blockchain service that is not working properly will have to be carefully analyzed, not only at the provider-customer level, but also around all the participants in the system.

It should be noted, regarding the process, that blockchain has the ability to crossjurisdictional boundaries since the nodes in a blockchain can be located anywhere in the world.

This can pose a series of complex problems that require careful consideration in relation to citizen-State, company-State, company-company, citizen-company, company-administration, citizen-Administration relations of the same State, and of different ones. In this regard, it should be noted that, in a decentralized environment, it may be difficult to identify the appropriate set of rules to apply. Estonia does.

And it does so by proposing electronic identity as a connection criterion, since it is related to residence, in this case electronic [13], insofar as the need to link information and its management, solely, with the person who issues it, becomes essential for numerous different interactions: an organizational infrastructure (identity management) and a technical infrastructure (identity management systems), to develop, define, designate, manage, and specify authorization levels, assigning roles and identity attributes related to specific groups of people, such as company directors, employees, or customers.

The evolution of technology is creating large electronic files, with it, large commercial and state databases. A national identifier, contained in an identity card, allows capturing information about a person, which is found in different databases, so that they can be easily linked and analyzed through certain data analysis techniques. At the same time, ID cards are also getting smarter. The generation of data also has the potential to be offered in a medium where they can be directly processed. In this way, files that can be crossed and structured, as well as transferred, are created. For this reason, you have to pay special attention to any identity management system and see who are where people are.

At its simplest level, each transaction could fall within the jurisdiction of the location of each node in the network. With this, it should be noted that in an online environment, authenticating the identity of the remote party is more important than ever. It plays a key role in the fight against identity fraud and is also essential to establish the necessary trust that facilitates any type of electronic transaction.

At this point, it should be taken into account that the relationship between Law and IT goes beyond what has been seen so far [14]. That is why one of the main issues that arise, with respect to cross-border services, is the security and confidentiality of information transmitted over the Internet, which should lead us to guarantee the protection of personal data that lead to the identification of its owner.

By this, we mean that the electronic identity is an identity that is made up of information stored and transmitted to the different users of it. Let us think that the identity is a fundamental element, which links the information to its owner, located in some State, giving rise to its location, and therefore, to the effective and safe handling of the specific data that enter the cloud.

We must keep in mind that all electronic identity schemes depend on two processes: first, identity authentication and, later, identity verification. When authenticated, the identity is registered in the system and can then be used for transactions. Identity is verified at the time of each transaction, from within the cloud itself. From the information registered at that moment, the identification information arises or that will identify the person, as if it were the signature, which will be used, later, to link an individual in an inseparable way.

We observe that within the cloud, there will be two elements that will come together to facilitate the identity of the person who intends to access the cloud. These two fundamental elements are the identity fixed to the individual and another fixed to the transaction that is carried out [15]. The first will be the one that identifies the parties and, therefore, will have a direct effect on the formation and enforceability of the contract, thus determining its capacity to be contractually bound, by including

#### *Artificial Intelligence and Blockchain: Debate around Legal Challenges DOI: http://dx.doi.org/10.5772/intechopen.106998*

elements such as the name of the legal person, its form legal, its registration number in the registry (if applicable), its registered office or address of the business center, together with the mention of its founding documents. The second would be the largest body of transaction information, and it is continually updated, based on the transactions you make in the cloud.

If the above is not enough, it will be necessary to assess the specific contract and the specific links, of the said contract, with the different countries attending, as indicated by the CJEU, in its Judgment of October 23, 2014, case C-305/13 , to the "overall assessment of all the objective elements that characterize the contractual relationship and assess the element or elements that, in his opinion, are more significant" and "in the event that it is alleged that a contract has closer ties with a country" other than the country whose law is designated by virtue of the presumption established in said section, the national court must compare the ties between the contract and the country whose law is designated by virtue of the presumption, on the one hand, and between the contract and the other country in question, on the other. The national judge must consider all the circumstances that concur, including the existence of other contracts related to the contract in question [16].

In this way, issues related to identity management must be regulated by the different legal systems that discipline the multiple activities of the specialized operators that carry out the identification tasks and the functional operators. In this context, it must be considered that the eIDAS Regulation does not impose the creation of national electronic identification schemes as such, but rather aims to guarantee their interoperability by applying the principle of mutual recognition.

Let us think that the identity is a fundamental element, which links the information to its owner, located in some State, giving rise to its location and, therefore, to the effective and safe handling of the specific data that enter the cloud. We must keep in mind that all electronic identity schemes depend on two processes: first, identity authentication and, later, identity verification. When authenticated, the identity is registered in the system and can then be used for transactions. Identity is verified at the time of each transaction, from within the cloud itself. From the information registered at that moment, the identification information arises or that will identify the person, as if it were the signature, which will be used, later, to link an individual in an inseparable way.

On the other hand, we could find ourselves in situations in which the parties intervene in unequal conditions, the applicable laws on contracts usually establish that the contract in question is a contract of adhesion. Service providers are often familiar with a limited number of local laws, and especially local laws governing contracts and the right to privacy. For that reason, they will proceed to choose an applicable law that establishes the requirements related to the protection of information that the service provider in question can or is willing to comply with, which offers rules for the elaboration of contracts that are predictable and acceptable to their purposes.

These issues may force the client company to assume certain responsibilities toward its end users in relation to the determination of the applicable type Law, which may be abusive.

Given this, as indicated by the Judgment of the CJEU, dated July 28, 2018, case C-191/15, when appreciating the abusive nature of a certain contractual clause in the framework of an action for injunction, of article 6, section 2 , of the Rome I Regulation, it turns out that the choice of the applicable law is made without prejudice to the application of the mandatory provisions provided for by the law of the country in which the consumers whose interests are defended by means of that action reside.

Such provisions may include those transposing Directive 93/13, provided that they guarantee a higher level of protection for the consumer. At this point, the main legal risk that arises for the client company is not being able to fully assess the risks linked to the contract, for example, ignorance of the weak points inherent in the technology that is being used; missing or inadequate security features; economic risks linked to the loss of data or breaches of the agreement, etc.
