As with any emerging, disruptive technology, blockchain and its uses pose new challenges in terms of regulation. Ensuring our regulatory systems are fit for purpose for the future is a key challenge for government.
A regulatory environment that is conducive to innovation and growth is essential for Australia to take advantage of the blockchain opportunities available—including international investment opportunities. This can be achieved by ensuring our regulatory systems are principles-based and technology-neutral, and that regulators consider the importance of enabling innovation and investment when interpreting and enforcing regulations.
For example, Australia currently has a strong and effective national measurement system which provides confidence that the measurements made in Australia can be trusted both domestically and internationally. This system helps build confidence in measurement-based data which can be added to different blockchain applications. The current review of Australia’s measurement laws is considering ways to ensure the laws remain fit for purpose, and supportive of innovation and changes in technology—such as blockchain applications.
Additionally, common blockchain standards will help address some of the risk identified with the technology, including security risks.
Blockchain technology engages with a range of regulatory issues that are common across a large number of use cases, including privacy, while other issues relate to specific uses, such as the use of smart contracts.
Companies using blockchain technologies have reported regulatory barriers when developing their products. For example, some companies proposing initial coin offerings have found it challenging to navigate financial services laws, and some relevant sections of the Corporations Act 2001 are not technology-neutral (for example Part 7.11, which relates to title and transfer of securities  ).
Blockchain systems revolve around facilitating interactions between parties. In many blockchain systems, these parties remain pseudonymous, and don’t need a verified identity to support them. In some blockchain systems, there needs to be confidence about the identity of the parties to a transaction—but the parties may remain anonymous to other users. This can help to ensure that fraud and cybercrime are reduced and increase the range of activities for which blockchain can be used.
Where a blockchain system needs verified identities, it can either create its own method of verifying an identity or access verified identities from trusted identity providers. These systems conduct the verification of someone’s identity, and then can assert that the person has verified their identity, to the blockchain system. This can enable the blockchain system to assert the validity of someone’s identity and, if necessary, pass on verified personal information to other parties to a transaction. Regulation or standards could describe the requirements for an identity to be verified, and for a provider of identity to be trusted when asserting the validity of an identity.
The Trusted Digital Identity Framework  is the Australian Government’s standard for the verification of digital identity. It sets out the requirements that participants in the digital identity ecosystem must meet, and the various levels of confidence that service providers can have in this identity. Currently, it is being used to accredit the various participants in the Digital Transformation Agency’s federated digital identity platform. This is not designed specifically for reuse by blockchain systems but is an example of the kinds of standards which would be needed to enable trust in digital identities used to transact within a blockchain-based system.
Using de-identification and pseudonyms is not necessarily enough to protect blockchain user privacy, because if those identifiers on the blockchain become linked to the real people behind them, all of their transactions and data could be publicly viewed on the blockchain ledger. This is an issue being considered as part of standardisation work in the International Organization for Standardization (ISO).
A key regulatory challenge for privacy and blockchain systems in Australia is the need to comply with the Privacy Act 1988  . Due to the decentralised nature of blockchain, there is often no responsible party to seek remedy from if privacy is breached, nor ways to remove personal information from the ledger once entered.
Security, data provenance, integrity and governance
Blockchain systems provide security through cryptography, and consensus from participants, without the need for a central authority.
The data on blockchain ledgers is immutable, meaning it cannot be changed or deleted, even when incorrect or fraudulent. It is therefore critical to put systems in place to maximise the accuracy of data and to prevent fraud. Blockchain users need confidence about where data in the blockchain comes from (its provenance); that the data is accurate, without any accidental or deliberate errors (its integrity); and that there are appropriate systems in place to manage how the data is entered. One way of addressing this is classifying how trustworthy data is based on the source of the data, with data from highly reliable sources classed as having a high level of trust, and data with from less reliable sources classed as having a low level of trust.
Government regulatory activities
Several Australian Government agencies have sought to clarify the regulatory issues that affect the implementation and use of blockchain in the financial sector, including:
- Treasury, which has:
- been conducting a review into issues related to Initial Coin Offerings (ICOs) during 2019  . The review is seeking to assess:
- what opportunities and risks arise from ICOs in Australia
- whether our regulatory framework is well placed to allow these opportunities to be harnessed—while appropriately managing the associated risks
- whether there are other actions that could be taken to better position Australia to capitalise on new opportunities
- the tax treatment of ICOs
- led reforms to GST law for digital currency. Consumers who use digital currencies were previously paying GST twice: once on the purchase of a digital currency, and once again when using it to acquire goods and services subject to the GST. Since 1 July 2017, the double taxation of GST on digital currency has been removed: purchases of digital currency are no longer subject to the GST.
- been conducting a review into issues related to Initial Coin Offerings (ICOs) during 2019  . The review is seeking to assess:
- The Australian Securities and Investments Commission (ASIC), which has:
- developed an information sheet on evaluating distributed ledger technology 
- developed an information sheet to assist issuers of initial coin offerings and crypto-assets to understand their obligations under the Corporations Act 2001 and the Australian Securities and Investments Commissions Act 2001. 
- established an Innovation Hub that fintech start-ups can approach for help to navigate the regulatory system, and has run series of meetups to engage directly with stakeholders.
- Australian Transaction Reports and Analysis Centre (AUSTRAC), which has implemented laws to regulate service providers of cryptocurrencies.
- The Australian Taxation Office, which has issued guidance on the tax treatment of cryptocurrencies in Australia  .
Case Study: AUSTRAC digital currency exchange provider regulation
In April 2018, AUSTRAC implemented new regulations for digital currency exchange (DCE) providers operating in Australia. The anti-money laundering and counter-terrorism financing (AML/CTF) laws regulate service providers who exchange cryptocurrencies, including bitcoin, for fiat currency (that is, legal tender) and vice versa  .
All DCE providers with a business operation located in Australia must register with AUSTRAC and meet AML/CTF compliance and reporting obligations. The regulations help DCE providers implement systems and controls that can minimise the risk of criminals using them for money laundering, terrorism financing and serious financial crime, including cybercrime.
Australia was among the first countries in the world to introduce AML/CTF regulation for DCEs. The regulations have been welcomed by DCE providers, and are helping to improve trust in cryptocurrencies. Similar legislation is now being introduced around the world. AUSTRAC is focusing on the compliance of DCE providers and will continue to monitor the risks associated with cryptocurrencies.
Case Study: IP Australia Smart Trademark 
IP Australia is investing in the development of ‘Smart IP rights’ starting with the ‘Smart Trade Mark’. Smart IP rights are a digital representation of intellectual property—a global first for IP offices. They can be used online to help in the prevention of misuse and malicious behaviour such as passing-off and counterfeiting. This is done by creating a connection between intellectual property (IP) right holders on the official IP register and digital or online services or products that use the rights. Smart IP rights can create a thread of information referring to owners’ IP, including where it has been used digitally, validating who the official owner is and providing bibliographic data such as images on their right.
The initial concept was developed as a multi-technology platform using Application Programming Interfaces (APIs), blockchain and mobile apps to create an authoritative link between a trademark and supply events. The agency has completed two pilots with Canberra-based producers and has successfully scanned and tracked products across borders from supplier to consumer. User feedback from the pilots highlighted the need for IP right holders to prove their authority as the true owner of an IP right, but in a way that is interoperable in a continually evolving ecosystem.
Smart Trade Mark is now being developed into a beta product which will leverage blockchain to securely record and notarise the generation of Smart Trade Marks. This is not done via a blockchain token asset but uses a blockchain’s immutable recording and cryptography to prove the link between an IP right and a product, using an identifier (a barcode or global ID) or a digital address (that is, a domain). This can then be integrated into a product via an Internet of Things (IoT) device or used in a digital space (using a trust badge embedded into a domain and then verified by the API bridge connecting to the Smart Trade Mark). The use of blockchain allows the creation of an undisputed audit trail which will enable users to view the historical state of each Smart Trade Mark and its network.
Common standards for blockchain are crucial as the technology matures. Currently there is a lack of interoperability between blockchain platforms, and many will require replacement in the near future to remain competitive and to avoid security problems and obsolescence.  Standards for blockchain will improve market confidence and support broader rollout of blockchain systems.
To address the issue, the Australian Government provided $350,000 to Standards Australia to lead the development of international blockchain standards through ISO.  On behalf of Australia, Standards Australia submitted a proposal to the ISO in 2016 to establish a new ISO technical committee for blockchain standards topics, including interoperability, terminology, privacy, security and auditing. ISO Technical Committee 307, Blockchain and Distributed Ledger Technologies was created as a result of Australia’s leadership, and Standards Australia manages the committee’s secretariat. ISO Technical Committee 307 is now developing blockchain standards on the key topics  .
ISO Technical Committee 307 published its first technical report in September 2019: ISO/TR 23455:2019 Overview of and interactions between smart contracts in blockchain and distributed ledger technology systems.
Case Study: Standards Australia and smart contracts; reducing friction in trade and transactions
Moving commodities, from wool to grains to wine, across borders is critical to an export-driven nation like Australia. Smart contracts are not new, but they open new opportunities to do this with greater speed and certainty. Smart contracts are self-executing contracts which can automate and authenticate processes where it is important for the participants in a process to be able to rely on and trust steps or conditions in a supply chain or exchange.
Smart contracts are the focus of a recent technical report published by the International Organization for Standardization, through ISO Technical Committee 307, Blockchain and Distributed Ledger Technologies. The report describes the functions of smart contracts and how they interact with each other on blockchains and distributed ledger environments. It will be the basis for a future Technical Specification, which will provide guidance on building these systems, based on comprehensive global mapping work underway through ISO/TC 307.
Standards Australia, with the active support of the Australian Government, played an instrumental leadership role in developing the report, initially proposing the broad area of work internationally and managing the secretariat of the ISO Technical Committee responsible for it. The Department of Industry, Science, Energy and Resources supported Standards Australia’s push for blockchain standards in late 2016, resulting in the Roadmap for Blockchain Standards.
 Australian Computer Society Technical Whitepaper, Blockchain Challenges for Australia May 2019, p. 35. ↵