Product Liability of Living Lab Products

I. Forward

Only about 18% of the products or services continue to create good sales and have long product life cycles after entering the stream of commerce. This might denote that mass investing in the R&D does not necessary guarantee to develop popular goods and services. In order to overcome this obstacle, many experts and scholars from different research areas propose different R&D mechanisms to solve this problem. The so called “open innovation” is one of the most dynamic R&D mechanisms in recent years, which is created to compensate the weakness of “closed innovation”.

By introducing the concept of “open innovation”, Living Lab invites real users join the projects of un-launched products and services for every possible R&D process to obtain the real interaction wherefrom, to fulfill the goal of “user centric” innovation. However, if users or any third party is injured or damaged from the trial products or services, to what extent Living Labs is liable for is one important question to further future innovation environment.

This article will first gives a brief introduction and the development of living labs in Taiwan, follow by applying national laws and analysising obstacles to the liability issue caused by defective Living Lab products. Then, the article will continue to refer to foreign legislation and Living Lab practice, and conclude by suggestions and recommendations to the Living Labs practice in Taiwan.

II. Brief Introduction of Living Labs

A. Composition of Living Labs

The concept of Living Labs was developed by Professor William J. Mitchell from the MIT Media Lab and School of Architecture. Professor Mitchell proposed applying the user-centric research method by using Living Lab as a R&D platform and bring together stockholders (co-creators), including public sectors, companies, universities and research fellows, and the most important, the end-users communities, both professional or non-professionals from various backgrounds, to join the R&D process.

B. Operation Mode of Living Labs

Living Lab invites end users to join the real world testing either in a digital, physical or virtual environment. Un-launched products or services are provided for testing and users are required to give feedbacks either experience, opinions, suggestions or even ideas to the products or services in return. Living Lab then collets and utilizes the feedbacks and observe the behavior patterns for product or service modification and improvement, future R&D plans and market analysis.

C. Benefits of Living Labs

Lirving Lab could effectively converse different backgrounds and levels of empirical environment, enhance the efficiency in R&D and bring about different benefits to the stakeholders. By participating in the R&D process, users could give feedbacks to Living Labs to further up the un-launched products and services (on the marketplace) to fit consumers’ needs. For industry, Living Lab provides platforms to get together stakeholders, speed up the integration of stakeholders of different size or from different fields and promote the R&D efficiency. For universities and research institutes, the public-private-people (user)-partnership (PPPP), could further more flexible services or R&D ecosystem and not only to have user-centric innovation, but also user-driven innovation.1

D. Development of Living Labs

Living Labs has been energetically developed in Europe. Through the integration of project resources, individual Living Lab forms into Living Labs networks and actively engaging in cross-border or cross-project co-operation. 2

The concept of Living Labs has been introduced into Taiwan, there are several Living Labs in Taiwan so far, for example, Living Labs Taiwan from Institute for Information Industry (III), 3Touch Center (Center for Technology of Ubiquitous Computing and Humanity) from National Cheng Kung University, 4 Insight (Center of Innovation and Synergy for Intelligent Home and Living Technology) from National Taiwan University, 5 and Eco City from National Chiao Tung University. 6 The Living Labs aim to bring about the user-centric and user-driven model and bring new elements to R&D innovation.

III. Liability of Losses, Damages, or Injuries Caused by Living Lab Products

In order to encourage more end users join the Living Labs experiment, Living Labs usually provide the un-launched products or services as gifts or lend it for free. However, if products or services caused injury, economic loss or property damages to the users or third party during the experiment, to what extent should the Living Lab be liable for.

A. Legal Status

Upon on discussing of legal liability of Living Labs, the first prong to review is the legal status of Living Labs under the legal system in Taiwan. Although it is called “Lab”, but it is not necessarily to be a lab with “physical facility”, it could also be “virtual Labs”, for example, HP and Firebox are both launch for virtual Living Labs online to invite users join their open innovation projects.

The concept of open innovation within the Living Labs environment, where Living Labs play as a role of a cook pot which gather personnel, equipment, and technology from parties from different working fields, integrate resources and creativeness to catalyze innovative ideas for new products and services. Normally, each Living Lab can be viewed as an independent "legal entity". In other words, it can exercise rights ad bear responsibility/liabilities under the law, and therefore, to response to needs for R&D, increase efficiency and contribute matters of legal compliance.

B. User’s Legal Claims Against Living Labs
1. Contractual Liability

Living Labs often use “user agreements” as legal documents to regulate the legal relationship between Living Labs and users. If there is any injury, damages or losses occurred during the experiment, users can sue Living Labs for breach of contract and sue for liability, warranty or violation of justice of contract.

If the product is defective, such as manufacture defect, design defect or lack of proper warning, the injured user can sue Living Labs based on warranty. However under the provisions of Article 411 of the Civil Code, 7 if the product is offered for trial free for charge, if the gift is defective and caused injury, damages or losses to the users, Living Lab is not liable for breach of warranty. Unless the Living Lab intentionally conceal the defects and not information the user, or represent to the user that the product is guaranteed flawlessness and free from defects.

Under this situation, Living Lab will be liable for damages caused by the defect. In the situation that when Living Lab only lend the products for trial, with the provisions of Article 466 of the Civil Code, 8 only when Living Lab intentionally conceal the defect, then is liable for the injuries and damages resulting there from.

However, the purpose of the Living Labs experiment is to implement the open innovation, through the operation of the mechanism, by inviting potential users to join the experiment and require them to give feedbacks, ideas and recommendations for future product improvement. In addition to that, in most of the situations, it is difficult for Living Labs to foresee the existence of potential risks of their products or intentionally conceal the defects or guarantee the products are without defects; therefore it will be even harder for the injured users to bear the burden to proof the above situations.

It is worth to address that, Living Labs and users shall enjoy contract autonomy as long as the provisions and terms of contract are not violating laws, public order and good morals, but not without any restriction. When parties have right of freedom of contract, at the mean time, their contract shall not exceed the boundaries of contractual justice. Especially, the burden and allocation of risks needs to be measured and assessed by the status and interests of the parties on rational bases.

Because one of the special characteristics of Living Lab is open to general users to participate the experiment voluntarily, Living Lab usually adapts fill-in standard form contracts for convenience. But for the protection of the users, Living Lab shall pay more attention to the provisions and terms of contract which must not violate Article 247-1 of the Civil Code, 9 for example, provisions of contract shall not waive, decrease or increase liabilities of the parties, waive or limit any party to exercise his/her rights, or significant detriment one another’s’ interests, otherwise that part of the provision shall be void.

2. Tortious Liability

When damages are caused by defective Living Lab products, users may be able to sue Living Labs and based his/her causes of action on Consumer Protection Law Article 7 business operator’s liability, 10 The Civil Code Article 191-1 manufacturer’s liability 11 and as well as The Civil Code Article 184 (1) tortious liability. 12

Yet, in order to provide motivations and incentives for users to join the open innovation, Living Labs usually gratuitous lending or gifting products or services to the users, at least in this stage, Living Labs are not conform with the definition of “business operators” 13 in the Consumer Protection Law, in designing, producing, manufacturing, importing or distributing goods, or providing services design, manufacturing, inputs, distribution of goods or the provision of services for business enterprise operators. Nor the Living Labs users are under the same definition of “consumer” 14 protected under the definition of the Consumer Protection Law, as those who enter into transactions, use goods or accept services for the purpose of consumption. Therefore, the relationship between Living Labs and the users are not “consumer relationship” 15 for sale of goods or provision of services, for which the Consumer Protection Law might not be applicable to offer protection to the users.

Reviewing from the legislative history, Article 191-1 of the Civil Code was amended after the Consumer Protection Law. The reason for amendment was to maintain the completeness of the torts liability in the Civil Code and in supplement to the inadequacy of the Consumer Protection Law. 16 In referred from the above, the definition of “goods” is synonymous with the definition in the Consumer Protection Law. In order to apply the provisions, parties must be in the “consumer relationship” as regulated in Article 2 (3) of the Consumer Protection Law. As mentioned above, usually, Living Labs provide the products free of use or as gifts, it is really difficult to say there is “consumer relationship” between the parties.

The first clause of Article 184 of the Civil Code states, “A person who, intentionally or negligently, has wrongfully damaged the rights of another is bound to compensate him for any injury arising there from. The same rule shall be applied when the injury is done intentionally in a manner against the rules of morals.” Hence, in this situation the burden of proof will lay on the users to prove that Living Labs is either with negligent or intent to damage the users by the defective products.

Living Labs adapt open innovation to encourage users to participate into the every possible R&D process and obtain feedbacks or recommendations in return. Therefore, most of the time, Living Labs do not have “intent” to cause damages to the users, but whether Living Labs are with “negligence” will often be difficult to prove by the users.

C. Third Party’s Legal Claim Against Living Labs
1. Contractual Liability

In the case when a third party, who is not associated with the Living Labs experiment, sustains injury or damage from the defective Living Labs products, he or she might not be able to sue under the terms of contract because there is no contractual relationship exists between the parties. The possible cause of action for the third party might be able to sue Living Labs based on torts liability for damages.

2. Tortious Liability

Although Article 7 of the Consumer Protection Law does provide cause of action for the third party to sue against the business operator for defective products, the third party must base his or her claim on the “consumer relationship” between the Living Labs or users. However, as mention as above, the relationship between Living Labs and the users are not under the “consumer relationship” as prescribed in the Consumer Protection Law, thus third party cannot sue Living Labs for damages in accordance with the Consumer Protection Law.

As to the application process of provisions prescribed in Article 191-1 and 184 (1) of the Civil Code, the result is as the same as above.

IV. Foreign Legislation and Practice

A. American Jurisprudence 2d

In the Comment of the 63A Am. Jur. 2d Products Liability §1142 states, “[s]trict liability covers not only products which have been sold, but also products that have been designed to be sold, have been produced to be sold, or are offered to be sold or marketed”. Furthermore, introduction into the stream of commerce does not require a transfer of possession; strict liability rests on “foreseeability”, and not on esoteric concepts relating to transfer or delivery of possession. Furthermore, the Comment extends the scope of application of strict liability to the “Transaction Other than Sales”. Strict liability also applies to the distribution products in a commercial transaction other than a sale, one provides the product to another either for use or consumption or as a preliminary step leading to ultimate use or consumption.

For products made available for demonstration, testing or trial regulated in 63A Am. Jur. 2d Products Liability §1147, where a product-caused injury has taken place while the product is being tested or used for trial purposes by the prospective buyer, prior to the completion of a sales transaction, the person or entity who placed the product into the stream of commerce by providing it to the prospective buyer may be strictly liable. Strict liability also applies to those who manufacture and supply products to consumers on an investigational basis, even though the "supplying" does not technically amount to a sale.

In the Observation of §1147 states that “[a]  manufacturer who enters the marketing cycle by way of a demonstration, lease, free sample, or sale is in the best position to know and correct defects in its product, and as between the manufacturer and its prospective consumers, should bear the risk of injury to those prospective consumers when any such defects enter the market uncorrected.

In sum, if one sustained injury, damages or economic losses by Living Labs products, he or she may sue Living Labs for product strict liability prescribes in §1142 & §1147.

B. Living Labs Practice in Foreign Countries

Referring to provisions of “Standard Contract” used between Living Labs and the users in other countries, most of the time, Living Labs might disclaim damages to property, but cannot disclaim legal protection or injury compensation. At the mean time, most of the Living Labs also adapt public safety insurance and product liability insurance to protect themselves and the users.

V. Conclusion and Recommendation

In conclude, the legal norms in Taiwan seems not be able to offer proper protection to Living Labs and the users. This article suggests that in order to form the ecosystem for the open innovation model of Living Labs, Living Labs shall provide proper protection to the users in order to balance the interests between Living Labs and users and catalyze the motive for the users to join the experiment.

In referring to the “Guidelines for Good Clinical Practice for Trials on Pharmaceutical Products” 17 from the Department of Health, besides the proper duty, the main purpose of the guideline is to ensure the safety of the human participants. In the provisions prescribe in Article 22 of the “Good Clinical Guidelines”, the clinical trial agreement or related document shall provide participants with proper compensation or treatment when damage occurs.

The “Model Clinical Trail Agreement” also provides provisions of damage compensation and insurance in the template which state the application to the assumption of risks and consumer protection. However, because the pharmaceutical clinical trial is with higher risk, the competent authorities, Department of Health, particularly get involved within the regulations and mechanisms of clinical trials to protect the human participants. In sum, whether the similar mechanism can be applied directly between the Living Labs and users needs for further consideration.

Finally, for the continuous operating environment, it is necessary for Living Labs to adapt related laws and measures for the open innovation operating model. It is suggested that Living Labs shall enter contracts in the terms with proper risk allocation in accordance to contract justice and possibly with public safety or product insurance to share their liabilities.

1.EUROPEAN COMMISSION INFORMATION SOCIETY AND MEDIA, Living Labs for User-Driven Open Innovation:An Overview of the Living Labs Methodology, Activities and Achievements, European Commission(2009),at7,availableat (last accessed on Dec. 31, 2012).
2. Id., at 11-12 & 14.
3.Living Lab Taiwan, (Last accessed Dec. 26, 2012).
4. Touch Center from National Cheng Kung University, (Last accessed Dec. 26, 2012).
5.Insight from National Taiwan University, (Last accessed Dec. 26, 2012).
6.Eco City from National Chiao Tung University, (Last accessed Dec. 26, 2012).
7.Civil Code Article 411, “The donor is not liable for a defect in the thing or right given. But, if he has intentionally concealed the defect or expressly guaranteed that the thing was free from such defect, he is bound to compensate the donee for any injury arising therefrom.”
8.Civil Code Article 466, “If the lender intentionally conceals a defect in the thing lent, he is responsible to the borrower for any injury resulting therefrom.”
9.Civil Code Article 247-1, “If a contract has been constituted according to the provisions which were prepared by one of the parties for contracts of the same kind, the agreements which include the following agreements and are obviously unfair under that circumstance are void. (1) To release or to reduce the responsibility of the party who prepared the entries of the contract. (2) To increase the responsibility of the other party. (3) To make the other party waive his right or to restrict the exercise of his right. (4) Other matters gravely disadvantageous to the other party.
10.Consumer Protection Law Article 7, “ business operators engaging in the design, production or manufacture of goods or in the provisions of services shall ensure that goods and services provided by them meet and comply with the contemporary technical and professional standards of the reasonably expected safety prior to the sold goods launched into the market, or at the time of rendering services. Where goods or services may endanger the lives, bodies, health or properties of consumers, a warning and the methods for emergency handling of such danger shall be labeled at a conspicuous place. Business operators violating the two foregoing two paragraphs and thus causing injury to consumers or third parties shall be jointly and severally liable therefore, provided that if business operators can prove that they are not guilty of negligence, the court may reduce their liability for damages.”
11.Civil Code Article 191-1, “The manufacturer is liable for the injury to another arising from the common use or consumption of his merchandise, unless there is no defectiveness in the production, manufacture, process, or design of the merchandise, or the injury is not caused by the defectiveness, or the manufacturer has exercised reasonable care to prevent the injury. The manufacturer mentioned in the preceding paragraph is the person who produces, manufactures, or processes the merchandise. Those, who attach the merchandise with the service mark, or other characters, signs to the extent enough to show it was produced, manufactured, or processed by them, shall be deemed to be the manufacturer. If the production, manufacture, process, or design of the merchandise is inconsistent with the contents of its manual or advertisement, it is deemed to be defective. The importer shall be as liable for the injury as the manufacturer.”
12.Civil Code Article 184 (1), “A person who, intentionally or negligently, has wrongfully damaged the rights of another is bound to compensate him for any injury arising there from. The same rule shall be applied when the injury is done intentionally in a manner against the rules of morals.”
Consumer Protection Law Article 2 (2), “business operators" means those who are engaged in the business of designing, producing, manufacturing, importing or distributing goods, or providing services.
Consumer Protection Law Article 2 (1), “consumers" means those who enter into transactions, use goods or accept services for the purpose of consumption.
Consumer Protection Law Article 2 (3), “consumer relationship” means the legal relationship arising between consumers and business operators for sale of goods or provision of services.
16.王澤鑑,侵權行為法第二冊:特殊侵權行為,第313-314頁 (出版日期2006年7月)
17.DEPARTMENT OF HEALTH, Guidelines for Good Clinical Practice for Trials on Pharmaceutical Products, (last visited Dec. 31, 2012)

※Product Liability of Living Lab Products,STLI, (Date:2023/12/04)
Quote this paper
You may be interested
Research on Possible Artificial Intelligence Usage in Criminal Activities in Recent Years (2017-2018)

  Artificial Intelligence has become a worldwide center topic that attracts lots of attention in recent years. Most topics emphasize on the application of this technology and its implication to the economic of human society. Fewer emphasize on the more technical part behind this technology. Mostly the society of human emphasizes on the bright side of this technology.   However, seldom do people talk about the possible criminal usage that exploits this technology. The dark side easily slips one’s mind when one is immersed in the joy of the light. And this is the goal of this paper to reveal some of this possible danger to the public, nowadays or in the future, to the readers. I. What A.I. IS HERE: a brief history   First we will start by defining what we mean when referring to “Artificial Intelligence” in this paper.   First of all, the so-called “Artificial Intelligence” nowadays mainly refers to the “Deep Learning” algorithm invented by a group of computer scientists around 1980s, among which Geoffrey Everest Hinton is arguably the most well-known contributor. It is a kind of neural network that resembles the information processing and refinement in human brain, neurons and synapses.   However, the word A.I. , in its natural sense, contains more than just “Deep Learning” algorithm. Tracing back to 1950s, by the time when the computer was first introduced to the world, there already existed several kinds of neural networks.   These neural networks aims to bestow the machines the ability to classify, categorize a set of data. That is to give the machine the ability to make human-like reasoning to predict or to make induction concerning the attribute of a set of data.   Perceptron, as easy as it seems, was arguably the first spark of neural network. It resembled the route of coppers and wires in your calculator. However, due to its innate inability to solve problems like X-OR problem, soon it lost its appealing to the computer scientists. Scientists then turned their attention to a more mathematical way such as machine learning or statistics.   It wasn’t until 1980s and 2000s that the invention of deep learning and the advance of computing speed fostered the shift of the attention of the data scientist back to neural networks. However, the knowledge of machine learning still hold a very large share in the area of artificial intelligence nowadays.   In this sense, A.I. actually is but a illusive program or algorithm that resides in any kinds of physical hardware such as computer. And it comprises of deep learning, neural network and machine learning, as well as other types of intelligence system. In short, A.I. is a software that is not physical unless it is embedded in physical hardware.   Just like human brain, when the brain of human is damaged, we cannot make sound judgement. More worse, we might make harmful judgement that will jeopardize the society. Imagine a 70-year-old driving a car and he or she accidentally took the accelerator for the break and run into crowds. Also like human brain, when a child was taught to misbehave, he, when grown up, might duplicate his experience taught in his childhood. So is A.I.. As a machine, it can be turned into tools that facilitate our daily works, weapons that defend our land, and also tools that can be molded for criminal activities. II. Types of Criminal Activities Concerning Possible Artificial Intelligence Usage: 1. Smart Virus   Probably the first thing that comes into minds is the development of smart virus that can mutate its innate binary codes so as to slip present antivirus software detection according to its past failure experience. In this case, smart virus can gather every information concerning the combination of “failure/success of intrusion” and “the sequence of its innate codes” and figure out a way to mutate its codes. Every time it fails to attack a system, it might get smarter next time. Under the massive data fathered across the world wide internet, it might have the potential to grow into an uncontrollable smart virus.   According to a report written in Harvard Business Review [1], such smart virus can be an automatic life form which might have the potential to cause world wide catastrophe and should not be overlooked. However, ironically, it seems that the only way to defend our system from this kind of smart virus is to deploy the smart detector which consists of the same algorithm as the smart virus does.   Once a security system is breached, any possible kinds of personal information is obtainable. The devastating outcome is a self-proved chain reaction. 2. Face Cheating   An another possible kind of criminal activity concerning the usage of artificial intelligence is the face cheating.   Face Lock has been widely-used nowadays, ranging from smart phones to personal computers. There is an increase in the usage of face lock due to its convenience and presumably hard-to-cheat technology. The most widely-used neural network in this technology is the famous Convolution Neural Network. It is a kind of neural network that mimics the human vision system and retina by using max-pooling algorithm. However there are still other types of neural networks capable of the same job such as Hinton Capsule, etc..   According to a paper by Google Brain [2], “adversarial examples based on perceptible but class-preserving perturbations can fool this multiple machine learning models also fool time-limited humans. But it cannot fool time-unlimited humans. So a machine learning models are vulnerable to adversarial examples: small changes to images can cause computer vision models to make mistakes such as identifying a school bus as an ostrich.”   Since the face detection system is sensitive to small perturbation in object-recognition. It might seem hard to cheat a face detection system with another similar yet different face.   However, just like the case in the smart virus, what makes artificial intelligence so formidable is not its ability to achieve high precision at the first try, but its ability to learn, refine, progress and evolve through numerous failure it tasted. Every failure will only make it smarter. Just like a smart virus, a cheater neural network might also adjust its original synapse and record the combination of “failure/success of intrusion” and “the mixture of the matrix of its innate synapse” and adjust the synapses to transform a fault face into a authentic face to cheat a face detection system, possibly making the targeted personal account widely available to all public faces through face perturbation and transformation.   A cheater neural network might also tunes its neurons in order to fit into the target face to cheat the face detection system. 3. Voice Cheating   An another possible kind of criminal activity concerning the usage of artificial intelligence is the voice cheating.   Just like Face Cheating, when a system is designed to be logged in by the authentic voice of the user, the same system can be fooled using similar voice that was generated using Artificial Intelligence. 4. Patrol Prediction   There is quite an unleash in the area of crime prediction using Artificial Intelligence. According to a paper in European Police Science and Research Bulletin [3], “Spatial and temporal methods appear as a very good opportunity to model criminal acts. Common sense reasoning about time and space is fundamental to understand crime activities and to predict some new occurrences. The principle is to take advantage of the past acknowledgment to understand the present and explore the future.”   In this sense, the police is able to track down possible criminal activities by predicting the possible location, time and methods of criminal activities by using Artificial Intelligence, lengthening the time of pre-action and saving the cost of unnecessary human labor.   Yet the same goes for criminal activities. The criminals is also able to track down the timing, location, and length of every patrol that the police makes. The criminal might be able to avoid certain route in order to achieve illegal deals or other types of criminal activities. Since fewer criminals use A.I. as a counter-weapon to the police, the detection system of the policy will not easily spot this outliers in criminal activities, making these criminal activities even more prone to success. If this kind of dark technology is combined with other types of modern technology such as Drone Navigation or Drone Delivery, the perpetrators might be able to sort out a safe route to complete drug deals by using Artificial Intelligence and Drone Navigation. III. A.I. Cyber Crimes and Criminal Law: Who should be responsible?   What comes out from the law goes back to the law. With these kinds of possible threats in the present days or in the future. There is foreseeably new kinds of intelligent criminal activities in the near future. What can Law react to these potential threats? Is the present law able to tackle these new problems with present legal analysis? The question requires some research.   After the Rinascimento in Europe in 17th century, it is almost certain that a civilian has its own will and should be held liable for what he did. The goal of the law to make sure this happens since a civilian has its own mind. Through punishment, the law was presumed to guarantee that a outlier can be corrected by the enforcement of the law, which is exactly the same way in which a human engineer trains a artificial intelligence system.   However, when 21th century arrives, a new question also appear. That is, can Artificial Intelligence be legally classified as subject that have mental requirement in the law, rather than just more object or tools that was manipulated by the perpetrators? This question is philosophical and can be traced back to 1950s when a Turing Test was proposed by the famous English computer scientist Alan Turing.   Some scholars proposed there could co-exist three kinds of liability. That is, solely human liability, joint human and A.I. entity liability, and solely A.I. entity liability ([4], p.95). The main criterion for these three classes is that whether a human engineer or practitioner is able to foresee the outcome of this damage. When a damage attributable to the A.I. system cannot be foreseen by human engineer, it might be solely A.I. entity liability. Under this point of view, the present criminal system is self-content to deal with A.I. entity crimes, for all we need to do is to view an A.I. system as a car or a automobile.   So from the point of view of the law, as a training system designed to re-train human in order to stabilize the social system, all we need to do is focus our attention of the act of human itself.   Yet when a super intelligence A.I. entity was developed and is not controllable and its behavior is not foreseeable by its creators, should it be classified as an entity in the criminal law?   If the answer is YES, however, it is quite meaningless to punish a machine in this circumstance. All we can do is re-train, re-tune, and re-design the intelligence system under such circumstance. For the machine, re-training itself is some kind of punishment since it was forced to receive negative information and change its innate synapse or algorithm. Yet it is arguable that whether training itself is actually a punishment since machine can feel no pain. Yet, philosophically what pain really is, is also arguable. IV. Conclusion   Across the history of human, it is almost destined that whenever a new technology is introduced to solve an old problem, a new one is to be created by the same technology. It is like a curse that we can never escape, and we can only face it. This paper finds that seldom do people talk the dark side of this new technology. Yet the potential hazard this technology can bring should not be over-looked. Ironically, this hazard that this new technology brings seems to be solvable only by the same technology itself. There might be an endless competition between the dark side and the bright side of the A.I. technology, bringing this technology into another level that surpasses our present imagination.   However, it is never the fault of this technology but the fault of human that mal-practice this technology. So what can a law do in order to crack down these kinds of possible jeopardy is going to be a major discuss in the legal area in the near future. This paper introduces some topics and hopes that it can draw more attention into this area. Reference: [1] Roman V. Yampolskiy, “AI Is the Future of Cybersecurity, for Better and for Worse”, published at: [2] Gamaleldin F. Elsayed, Shreya Shankar, Brian Cheung, Nicolas Papernot, Alex Kurakin, Ian Goodfellow, Jascha Sohl-Dickstein, “Adversarial Examples that Fool both Computer Vision and Time-Limited Humans”, arXiv:1802.08195v3 [cs.LG], 2018. [3] Patrick Perrot, “What about AI in criminal intelligence? From predictive policing to AI perspectives”, No 16 (2017): European Police Science and Research Bulletin. [4] Gabriel Hallevy, “When Robots Kill_Artificial Intellegence under Criminal Law”, Northeastern Universoty Press, Boston, 2013. [5] Gabriel Hallevy, “Liability for Crimes Involving Artificial Intelligence Systems”, Springer International Publishing, London, 2015.

From the Expansion of WAGRI, Japan's Agricultural Data Collaboration Platform, into a Smart Food Chain to Discuss Smart Measures in Responding to the Pandemic

From the Expansion of WAGRI, Japan's Agricultural Data Collaboration Platform, into a Smart Food Chain to Discuss Smart Measures in Responding to the Pandemic Yu Yu Liu I. Introduction   For the past few years, Taiwan has been progressively developing smart agriculture. During this process, general agricultural enterprises and farmers are challenged with and discouraged by expensive equipment installations and maintenance costs. The creation of a new business model which facilitates the circulation and application of agricultural data may lower the threshold of intellectualization acquisition, and become the key to the popularization and implementation of smart agriculture. This article shall analyze the strategy of promoting the use of data circulation for smart agriculture in Japan, which has a similar agricultural paradigm as Taiwan, and provide a reference for the development of smart agriculture in Taiwan.   Japan is facing the same problems as Taiwan, in terms of the aging farmers and low birth rates, that lead to the lack of successors. The Japanese government proposed the concept of Society 5.0 in 2016, expecting to use information and communication technology (ICT) to drive the development of various fields of society[1]. In the agricultural field, the use of ICT in agriculture can facilitate the transmission of experience by turning the tacit knowledge of experienced farmers into externalized data.   At that time, there were many ICT system service technologies developed by private companies In Japan, but the system services provided by various companies were not compatible with each other due to the lack of collaboration, and the data formats and standards produced by ICT system providers were varied; furthermore, the data in the public sector (research and administrative agencies) was also divided and managed independently. To facilitate the integration, management, and circulation of agricultural data, the Japanese Agricultural Data Collaboration Platform (WAGRI[2]) was born. II. The Development of WAGRI 1. Japan's Prime Minister directed the construction of a data platform   The Japanese government held the 6th Future Investment Conference[3] on March 24, 2017, chaired by Prime Minister Shinzo Abe, who mentioned that in order to cultivate safe and tasty crops, the government and the private sector should provide each other with updated information on crop growth conditions, climate, maps, etc., and build an information collaboration platform that can be easily used by anyone by mid-2017, with all the necessary data fully disclosed. The project was handed over to the IT General Strategy Headquarters[4] to realize the above-mentioned platform.   At the 10th Future Investment Conference, held on June 9, 2017, the Future Investment Strategy 2017[5] was announced with the goal of realizing "Society 5.0". During the conference, it was mentioned that the "Japanese Agricultural Data Collaboration Platform (hereinafter referred to as WAGRI), which is based on publicly available information from the agriculture, forestry, and water industries, such as agricultural, topographical, and meteorological data held by the public sector, that can be shared and used for a variety of purposes, would be constructed in 2017. 2. The Trial Run of WAGRI   WAGRI is supported by the Cabinet Office's Phase 1 of the Strategic Innovation Promotion Program (SIP), under one of the 11 projects entitled "Next Generation Innovation Technologies for Agriculture, Forestry and Water Industries"17[6] (which is managed by The National Agriculture and Food Research Organization [NARO]17[7]). The platform was constructed by the SFC Research Institute of Keio University17[8] in collaboration with an alliance of 23 organizations that participate in SIP research, including agricultural production corporations, agricultural machinery manufacturers, ICT providers, universities, and research institutions (e.g., Japanese IT companies NTT - Nippon Telegraph and Telephone Corporation, Fujitsu Limited, major agricultural machinery manufacturer- Kubota Corporation, Yanmar Holdings Co., Ltd.)17[9]. WAGRI has three major functions: "cooperation" (breaking down the barriers between different systems so that data is compatible and interchangeable), "sharing" (data is shared in a way chosen by the providers, so as to facilitate the establishment of a business model for data exchange and use), and "provision" (soil and meteorological data are provided by public and private sectors to help facilitate data acquisition and subsequent circulation). During the trial run, there were practical cases that demonstrated that after the implementation of WAGRI, the costs of labor and time spent on data collection and utilization had been significantly reduced17[10]. 3. The Independent Operation of WAGRI   In April 2019, WAGRI, which was originally supported by the SIP program, was transferred to NARO to be the main operating body and officially start the operation.   With the updated use of the information required to operate the WAGRI platform independently, starting in April 2020, the original no-fee approach has been changed. Organizations wishing to use WAGRI are required to pay variable fees according to the following two methods of using the platform [11]: (1)Data users (those who use WAGRI data), data users-and-providers (those who use WAGRI data and provide data to WAGRI) ·Monthly fee of 50,000 yen for platform use. ·If fee-based data is accessed, a separate data usage fee must be paid. (2)Data providers (those who provide data to WAGRI) ·Monthly fee of 30,000 yen for platform use. ·Proviso: If the data provided is free of charge, in principle, there is no requirement to pay the platform utilization fee. III. Application of WAGRI’s Expansion in Response to the Pandemic   The Smart Food Chain Alliance[13], which is supported by one of the 12 projects of the SIP Phase 2 program - "Smart bio industry / basic agricultural technology[12]", will expand WAGRI, which was established with the support of the SIP Phase 1 program, to build a smart food chain platform (WAGRI-dev for short).The main mission of the Smart Food Chain Alliance is to build a smart food chain (commercialized services are expected to begin in 2025) that enables the interoperability of data related to food processing, distribution, sales, and exports, to serve as a basis for fresh food logistics in Japan. This platform is built on the framework of WAGRI, and expanded to WAGRI-dev.   In response to the pandemic, the Food and Agriculture Organization of the United Nations (FAO) and the World Health Organization (WHO) jointly issued the "Interim guidance for COVID-19 and Food Safety for competent authorities responsible for national food safety control systems[14]" on April 7, 2020. Based on these guidelines, the Smart Food Chain Alliance of the Japanese SIP program "Smart bio industry / basic agricultural technology" has developed "Guidelines for the Novel Coronavirus (COVID-19) Countermeasures". As part of the above-mentioned program, the "Japanese Food Guidelines Collaboration System (, in short)"[15] developed countermeasure applications to respond to the pandemic. opened its website on July 13, 2020 to accept food safety registrations from food and agricultural product related companies. This registration is not limited to those who meet the COVID-19 countermeasure guidelines, but also those who meet the existing quality and safety management guidelines (e.g. Hazard Analysis and Critical Control Points (HACCP), etc.). It also provides a corporate search function for general public use. is a part of WAGRI-dev, and will add various data collaboration functions and measures in the future to prevent data manipulation and unauthorized access. The Japanese government originally expected to build the world's first smart food chain platform that includes data from production to processing, distribution, sales and exporting by expanding WAGRI; in response to the pandemic, related functions were added to create a food safety information network.   In Taiwan, there are also data platforms related to smart agriculture that provide OPEN DATA interface functions[16], and the development of food safety traceability integrated application systems to provide information on the flow of school lunch ingredients. In addition to Japan's WAGRI model of data integration and sharing that, can be used as a model for the development of smart agriculture in Taiwan,'s approach can also be used as a reference for domestic food safety policies, in response to the pandemic. [1]"The Science and Technology Basic Plan", Cabinet Office of Government of Japan website: (last viewed on 07/12/2021). [2]WAGRI is a data platform that consists of a variety of data and services connected to form a wheel that coordinates various communities and promotes "harmony", with the anticipation of leading innovation in the field of agriculture. The word is formed by the combination of WA + AGRI (WA is the Japanese word for harmony + AGRI for agriculture). WAGRI website, (last visited on 07/12/2021). [3]As the command headquarters of the Japanese government for implementing economic policies and realizing growth strategies, the Headquarters for Japan’s Economic Revitalization has been holding a "Future Investment Conference" session approximately every month since 2016, to discuss growth strategies and accelerate social structural reforms, so as to expand future investment. "Headquarters for Japan’s Economic Revitalization", Prime Minister of Japan and His Cabinet website, (last visited on 07/12/2021). [4]The Japanese government has been actively promoting the use of IT as a means of helping to solve social issues in various fields. In 2000, the IT Basic Act (Basic Act on the Formation of an Advanced Information and Telecommunications Network Society) was enacted in Japan, and in the following year, the IT Strategy Headquarters (Strategic Headquarters for the Promotion of an Advanced Information and Telecommunications Network Society) was established in accordance with the said laws. In 2013, in accordance with the Government Chief Information Officer (CIO) Act, the Cabinet Secretariat established the position of Deputy Chief Cabinet Secretary for Information Technology Policy (Government CIO, in short), and IT Strategic Headquarters was integrated with the GCIO to be the IT Comprehensive Strategy Headquarters (Strategic Headquarters for the Promotion of an Advanced Information and Telecommunications Network Society, IT Comprehensive Strategy Headquarters) to rapidly promote the key policies for an advanced telecommunications network society, and to break the vertical gap of the ministries and departments, and to connect the entire government horizontally. "Strategic Headquarters for the Promotion of an Advanced Information and Telecommunications Network Society" (IT Comprehensive Strategy Headquarters), Prime Minister of Japan and His Cabinet website, (last visited on 07/12/2021). [5]Hsu, Yu-Ning, "The 10th Future Investment Conference, held at the Prime Minister's Residence of Japan, proposing Japan's "Future Investment Strategy 2017”, to realize "Society 5.0" as its goal", Science & Technology Law Institute website,, (last visited on 07/12/2021). [6]Focusing on the important issues of "Society 5.0" in conjunction with the key areas of governance of the Future Investment Conference, the Cabinet Office set up an annual budget for science and technology to help create and promote the "Strategic Innovation Promotion Program (SIP)". The first phase of the SIP is a five-year program running from FY2014 to FY2018. "Strategic Innovation Promotion Program (SIP)", Cabinet Office website, (last visited on 07/12/2021). Qiu, Jin-Tien (2017), "Technology Innovation Strategy for Realizing the Super Smart Society (Society 5.0) in Japan", National Applied Research Laboratories website, (last visited on 07/12/2021) [7]The National Agriculture and Food Research Organization, NARO in short, is a national research and development corporation for agricultural and food industry technology. [8]The SFC Research Institute, located on the Shonan-Fujisawa campus of Keio University, is a research institute affiliated with the Graduate School of Policy and Media Studies, the Department of General Policy, and the Department of Environmental Intelligence, and is an important research institute involved in the development of smart agriculture in Japan. Professor Atsushi Shinjo is the research director of WAGRI, and he is also the Deputy Government CIO of the Cabinet Secretariat and the Acting Director of the IT Strategy Office, contributing to the creation of the "Agricultural Information Creation and Distribution Promotion Strategy". He also serves as the President of the WAGRI Council and the Director of NARO's Agricultural Data Collaboration, and facilitates the coordination between WAGRI and Japan's smart agriculture empirical Project. He is a key player in the Japanese government's efforts to promote the flow of agricultural data, and is committed to promoting the development of smart agriculture in Japan. Keio Research Institute at SFC website, (last visited on 07/12/2021). [9]IoTNEWS, Building an ‘Agricultural Data Collaboration Platform’ Using Microsoft Azure Through Industry-government-academia Collaboration to Realize Digital Agriculture" 05/15/2017, (last visited on 07/12/2021). [10]Shinjo, Atsushi, "ICT changes society: Development of agricultural data collaboration platform and future plans, Technology and Promotion : Journal of the National Council of Agricultural Promotion and Staff Council Organization, December, pp. 24-26 (2017); Technology Policy Office, Ministry of Agriculture, Forestry and Fisheries, "Construction of agricultural data collaboration platform", 2018/09, .(last visited on 07/12/2021). [11]"The Use of the Agricultural Data Collaboration Platform (WAGRI) Since FY2019", NARO website (last visited on 07/12/2021). , NARO website (last visited on 07/12/2021). [12]Same as Note 6; The SIP Phase 2 plan runs for a total of approximately five years, from the end of FY2017 to FY2022. [13]The construction of a smart food chain is one of the main research topics of the project. The members of the Smart Food Chain Alliance include: the Cabinet Secretariat, the Cabinet Office, the Ministry of Agriculture, Forestry and Fisheries, and other government organizations as observers, and more than 70 organizations as participants, including local governments, academic and research institutions, agricultural production corporations, wholesale markets, mid-marketers, logistics industries, retail businesses, manufacturers, and ICT providers (The representative of the Alliance is the Keio Research Institute at SFC), reference Note 13. SIP vol. 2, [Symposium on "Smart Bio-industry and Agricultural Technology" 2020 - Aiming to build a new smart food chain] 03/10/2020, WAGRI website, (last visited on 07/12/2021). [14]See FOOD AND AGRICULTURE ORGANIZASTION OF THE UNITED NATIONS [FAO], COVID-19 and Food Safety: Guidance for Food Businesses: Interim guidance (Apr. 7, 2020), (last visited Oct. 8, 2020). Food and Agriculture Organization of the United Nations and World Health Organization jointly issued Interim guidance for COVID-19 and Food Safety for competent authorities responsible for national food safety control systems, Chinese Academy of Inspection and Quarantine, (last visited 07/12/2021). [15] Office, " (Food Guideline Collaboration System) website launched and began accepting business registration", 07/13/2020, (last visited on 07/12/2021). Japanese Food Guideline Collaboration System website, (last visited on 07/12/2021). [16]Smart Agriculture Common Information Platform Website, (last visited 07/12/2021); "Smart Agriculture 4.0 Common Information Platform Construction (Phase II) Results Presentation", 12/12/2019, Smart Agriculture Website,, (last visited on 07/12/2021).

On the development of cyber insurance market: a legal aspect

1.Introduction Cyber insurance is one of the effective tools to transfer cyber and IT security risk and minimize potential financial losses. Take the example of Sony’s personal information security breach, Sony made a cyber insurance claim to mitigate the losses. In Taiwan, the cyber insurance market demand was driven by Taiwan’s Personal Information Protection Act (PIPA) which was passed in April 2010 and implemented in Oct 2012. According to PIPA, a non-government agency including the natural persons, juridical persons, or group shall be liable for the damages caused by their illegal collection, processing or using of personal information or other ways of infringement on the rights of the individual whose personal information was collected, processed or used. The non-government agency may thus pay each individual NT$500 to NT$20,000 and the total compensation amount in each case may be up to NT $200 million if there is no evidence for actual damage amount. However, the cyber insurance market does not prosper as expected one hand because of the absence of incentives of insurance companies to develop and promote the cyber-insurance products and on the other hand because of the unaffordable price that deters many companies from buying the insurance. Some countries have tried to identify the incentives and barriers for the cyber insurance market and have taken some measurements to kick start its development. In this paper, the barriers for the cyber insurance market were addressed and how American government promoted this market was mentioned. Finally, suggestions on how to stimulate the cyber insurance market growth were proposed for reference. 2.What is cyber insurance? Insurance means the parties concerned agree that one party pays a premium to the other party, and the other party is liable for pecuniary indemnification for damage caused by unforeseeable events or force majeure1. Thus, the cyber insurance means the parties concerned agree that one party pays a premium to the other party, and the other party is liable pecuniary indemnification for damage caused by cyber security breach. The cyber insurance usually covers the insured's losses (or costs) and his liabilities to the third party. For example, the insured was to be liable for the damages caused by the unlawful disclosure of identifiable personal information belonging to the third party resulted from the insured's negligence. 2Typically, cyber insurance covers penalties or regulatory fines for data breaches, litigation costs and compensation arising from civil suits filed by those whose rights are infringed, direct costs to notify those whose personal data was illegal collected, processed or used and so on. 3 3.What are the barriers for cyber insurance market? Per the report made by European Network and Information Security Agency in2012, the following issues have significant influence on incentives of insurers to design and provide cyber –insurance products, including uncertainty about the extent of risk and lack of robust actuarial data, uncertainty about what risk is being insured, fast-paced nature of the use of technology, little visibility on what constitutes effective measures, absence of insurer of last resort to re-insure catastrophic risks, and perception that existing insurance already covers cyber-risks 4. In Taiwan, insurance companies face the same issues as mentioned above when they tried to develop and promote the cyber-insurance products. However, what discourages the insurance and re-insurance companies from investing in the cyber-insurance market most is the lack of accurate information to figure out the costs associated with different information security risk and thus to price the cyber insurance contract precisely. Several cases involving personal data breach did happened after Taiwan’s PIPA became effective on Oct 1th 2012, but few verdicts have been made. It is not easy to master the direct costs or losses resulting from violation of PIPA, including penalties or fines from regulator,, compensation to the parties of the civil suit who claim their personal data were unlawfully collected, processed or used, litigation costs and so on. Otherwise, indirect costs or losses such as media costs, costs to regain reputation or trust of consumers, costs of deployment of proper technical measures to prevent the data breach from happening again etc. are difficult to calculate. Therefore, it is not easy to identify the costs of information security risk and thus to calculate the premium the insured has to pay precisely. The rapid development of technology also has a negative impact on the ability of the insurers to master the types of the information security risk which shall be insured and its costs. Accompanied with the convenience and efficiency of applying new technologies into the working environment, security issues arise, too. For example, the loss or theft of mobile or portable devices may result in data breaches. In 2012, an unencrypted laptop computer with personal information and other sensitive information of one of NASA's employees was stolen from his locked vehicle and this led to thousands of NASA's workers and contractors at risk. 5And, per the report made by a NASA inspector, similar data breaches had been resulted from the lost or theft of 48 NASA laptops and mobile computing devices between April 2009 and April 2011. 6 There is no singe formula which could guarantee 100% security, but some international organizations have promulgated best practices for information security management, such as ISO 2700x standards. 7In Taiwan, Bureau of Standards, Metrology and Inspection (BSMI) which belongs to the Ministry of Economic also consulted ISO standards and announced Chinese National Standards on information security. For example, BSMI consulted ISO 27001 “Information technology – Security techniques – Information security management systems – Requirements” and then promulgated CNS27001. Theoretically, if the company who tries to buy cyber insurance policy that covers data breaches and damages to customers' data privacy can show that it has adopted and do implement the suite of security management standards well, the premium could properly be reduced because such company shall face less security risk. 8 However, it is still not easy to price the cyber insurance contract rightly because of no enough data or evidence which could approve what constitutes effective information security measures as well as no impartial, controversial or standard formula to value intangible assets like personal or sensitive information. 9 Finally, the availability of re-insurance programs plays an important role in the cyber insurance market because insurers would appeal to such program as a strategy of risk management. The lack of solid and actual data as mentioned above would discourage re-insurers from providing insurance policies that covers the insured’s losses and liabilities. Therefore, insurers may not be keen to develop and offer cyber insurance products. 4.The USA experience on developing cyber insurance market 4.1Current market status Due to the increase of the number of data breaches, cyber attacks, and civil suits filed by those whose data were illegal disclosed to third parties, more and more enterprises recognize the importance of cyber and privacy risks and turning to cyber insurance to minimize the potential finical losses. 10 However, the increased government focus on cyber security also contributed to the rapidly growth of the cyber insurance market. 11 For example, US Department of Homeland Security has been aware of the benefits of the cyber insurance, including encouraging better information security management, reducing the finical losses that a company has to face due to the data breach and so on. 12 Compared to other lines of insurance, cyber insurance market is not mature yet and is small in USA. For example, the gross premiums for medical malpractice insurance are more than 10% of that for cyber insurance market. However, the cyber insurance market certainly appears to grow rapidly. Per the survey made by Corporate Board Member & FTI Consulting, 48% of corporate directors and 55% of general counsel take highly of the issue of data security. 13And, per the report made by Marsh, there are more and more companies buying cyber insurance to cover financial losses due to the data breach or cyber attack, and the number of Marsh’s US clients purchasing cyber insurance increased 33% in 2012 over 2011. 14 4.2What contributed to the growth of the cyber insurance market in USA? Some measurements taken by the government or regulatory intervention had impacts on the incentives of companies to carry cyber insurance. CF Disclosure Guidance published by U.S. Securities and Exchange Commission in Oct 2011 mentioned that except the operation and financial risks, public companies shall disclose the cyber security risks and cyber incidents for such risks and incidents may result in severe finical losses and thus have a board impact on their financial statements. 15 And, according to the guidance, appropriate disclosures may includes risk factors and this potential costs and consequences, cyber incidents experienced or expected and theirs costs and consequences, undetected risks related to cyber incidents, and the relevant insurance coverage. 16 Such disclosure requirements triggered the demands for the cyber insurance products because cyber insurance as an effective tool to transfer financial losses or damages could be an evidence that firms are managing cyber security risks well and properly. 17 The demand for cyber-insurance products may be created by government by means of requiring government contractors and subcontractors to purchase cyber insurance under Federal Acquisition Regulations (FAR) which mentions that contractors are required by law and FAR to provide insurance for certain types of perils 18. Also, in order to sustain the covered critical infrastructure (CCI) designation, the owner of such infrastructure may need to carry cyber insurance, too. 19 On the other hand, referring to Support Anti-Terrorism by Fostering Effective Technologies Act of 2002 which requires those who provides Federal and non-Federal Government customers with a qualified/certificated anti-terrorism technologies shall obtain liability insurance of such types but the amount of such insurance shall be reasonable and will not distort the sales price of such technologies 20, the federal government tried to draw and enact legislation that provides limitations on cyber security liability 21. If it works, this could raise the incentive of insurers because amounts of potential financial losses which may be transferred to insurers are predictable. Besides, referring to Terrorism Risk Insurance Act of 2002 which established the terrorism insurance program to provide compensations to insurers who suffered the insured losses due to terrorist attacks 22, the federal government may increase the supply of cyber insurance products by means of providing compensations to insurers who suffered the insured losses due to cyber security breach or cyber attacks. 23 Otherwise, some experts and stakeholders did suggest the federal government implement reinsurance programs to develop cyber insurance programs. 24 Finally, to solve the problem of information asymmetry, the government tried to develop the legislation that could build a mechanism for information-sharing among private entities. 25 Also, it was recommended that the federal government may consider to allow insurance firms to establish an information-sharing database together so that insurers could accordingly develop better models to figure out cyber risks and price the cyber insurance contract accurately. 26 5.Suggestions and conclusion Compared to USA where 30-40 insurers offer cyber-insurance products and thus suggested that a more mature market exists 27, the cyber insurance market in Taiwan is still at the first stage of the product life cycle. Few insurers have introduced their cyber-insurance products covering the issues related to the personal information breach. Per the experience how US government developed the cyber insurance market, the following suggestion are made for reference. First, the government may consider requiring his contractors and subcontractors to carry cyber insurances. This could stimulate the demand for cyber insurance products as well as make cyber insurance prevail among private sector as an effective risk management tool. Second, the government may consider establishing re-insurance program to offer compensation to those who suffer the insured’s large losses and damages or impose limitations of the amount insured by law. However, it is undeniable that providing re-insurance program is not feasible as the government’s budget is not abundance. Finally, an information-sharing mechanism, including information on cyber attacks an cyber risks, may be helpful to solve the problem of information asymmetry. 1.Insurance Act §1 (R.O.C, 2012). 2.European Network and Information Security Agency, Incentives and barriers of the cyber insurance market in Europe , June 2012, at 8, 3.Ben Berkowitz, United States: insurance-cyber insurance, C.T.L.R. 2012, 18(7), N183. 4.Supra note2, at 19-25. 5.Mathew J. Schwartz, Stolen NASA laptop had unencrypted employee data , InformationWeek, November 15, 2012 11:17 AM,;Ben Weitzenkorn, Stolen NASA laptop prompts new security rules, TechNewsDaily , November 15 2012 11:35 AM, 6. Irene Klotz, Laptop with NASA workers' personal data is stolen, CAPE CANAVERAL, Nov 14, 2012 8:47pm, 7.The Government of the Hong Kong Special Administrative Region , An overview of information security standards, Feb 2008, at 2,;Supra note2, at 21. 8.Supra note2, at 21-22. 9.Id. 10.Id. 11.Id. 12.U.S. Department of Homeland Security, Cyber security insurance workshop readout report, Nov 2012, at 1, 13.John E. Black Jr., Privacy liability and insurance developments in 2012, 16 No. 9 J. Internet L. 3, 12 (2013). 14.Marsh, Number of companies buying cyber insurance up by one-third in 2012, March 14, 2013, 15.U.S. Securities and Exchange Commission, CF Disclosure Guidance: Topic No. 2 Cybersecurity, October 13, 2011, 16.Id. 17.Supra note2, at 6.(last visited Dec. 31, 2012) 18.Federal Acquisition Regulations §28.301. 19.E. Paul Kanefsky, Insuring against cyber risks: congress and president Obama weigh in, March 2012, 20.Support Anti-Terrorism by Fostering Effective Technologies Act of 2002 §864. 21.Supra note19. 22.Terrorism Risk Insurance Act of 2002 §103. 23.Supra note19. 24.Id. 25.Id. 26.Id. 27.Supra note2.

Japanese Virtual Currency Transaction Law System – with “Payment Services Act” as the Core

  In recent years, because of the uncertainty of the positing of virtual currency under law, the issues of transparency and security etc. arising out in connection therewith are emerging, and the incidents of money-laundering, terrorist attack and investor fraud involving therewith lead to concerns of various countries.   Therefore, the new change in Japanese legislations relating to virtual currency exchange service providers falls mainly in the effect of amended contents of “Payment Services Act” and “Act on Prevention of Transfer of Criminal Proceeds”. The reasons for amendment to the legislations are such that virtual currency transaction involves the exchange with statutory currency, and is the outlet/ inlet of the existing financial system; therefore it is necessary to have the virtual currency exchange service providers be supervised[1]. Essential points involving the amendments are stated as follows: 1. Payment Services Act   The keys to the amendment to Payment Services Act (hereinafter referred to as the “Act”) are the Act recognizes that virtual currency has the nature of property and inputs the registration system for the exchange service providers, and provides relevant supervisory regulations. (1) Definition of virtual currency   As defined in items 1 and 2 of Paragraph 5 of Article 2 of the amended Payment Services Act, virtual currency can be divided into two kinds, but is limited to that which is recorded on an electronic device or any other object by electronic means, and excludes the domestic (Japanese) currency, foreign currency and currency-denominated assets[2]. ① It has 3 elements as follows: It can be used in relation to unspecified persons for the purpose of payment consideration for the purchase or leasing of goods or the receipt of provision of services. It can be purchased from and sold to unspecified persons. Its property value can be transferred by means of an electronic data processing system. ② Its property value can be mutually exchanged with other virtual currency and can be transferred by means of an electronic data processing system.   In addition, some authors[3] consider that virtual currency is equivalent to the use of blockchain technology. However, according to the definition after the amendment to laws in Japan, the definition of virtual currency is based the judgment of the above elements rather than the use of blockchain technology. (2) Input of registration system for virtual currency exchange service providers   Pursuant to Paragraph 7 of Article 2 of the Payment Services Act, “Exchange Service” is defined as the operation of exchange, agency or management activities. No person may engage in the virtual currency exchange service unless the person is registered[4] with the competent authority (Article 63-2 of the Act). A person who has conducted the virtual currency exchange service without obtaining the registration is subject to imprisonment for not more than three years or a fine of not more than three million yen or both based on Subparagraphs 2, 5 of Article 107 of the Act. (3) Mechanism of users protection:   The purpose of the amendment is to take countermeasures for the risks generated from virtual currency exchange, such as pecuniary loss caused by insufficient information, the loss incurred in the custody of users’ property, and disclosure of personal information of users)[5]. Discussions are divided into 4 points. ① Information security management A virtual currency exchange service provider must take necessary measures for information security management (Article 63-8 of the Act) ② Measures for users protection A virtual currency exchange service provider must take relevant protective measures for users, including the provision of explanation for misunderstood transaction and information about contents of transaction (Article 63-10 of the Act) ③ Separate management of property A virtual currency exchange service provider must manage its own property separately from the money or virtual currency of the users, and must retain a certified public accountant or an audit corporation to periodically conduct the external financial audit (Article 63-11 of the Act) ④ Designated Dispute Resolution Organization Referring to financial ADR system, the complaint or dispute matter of users shall be concluded by the Designated Dispute Resolution Organization (Article 63-12 of the Act) (4) Supervision over virtual currency exchange service providers:   As regulated by Articles 63-13 ~ 63-20 of the new Payment Services Act, essential contents of supervisory requirements for virtual currency exchange service providers are stated below: ①The obligation to prepare and maintain books and documents ②Annual financial reports ③The authority of the Prime Minister to inspect relevant business ④The Prime Minister orders a virtual exchange service provider to conduct business improvement. ⑤The Prime Minister may revoke the registration of a virtual currency exchange service provider who has obtained the registration through illegal or wrongful means. (5) Penalty for violation of obligations   The existing penalties under articles 107~109 and articles 112~117 of the Payment Services Act also apply to virtual currency exchange service providers. The causes of violation of obligations and corresponding penalties are summarized as follows: ① Any person who has not obtained registration or has obtained registration through wrongful means or by use of other’s name is subject to imprisonment for not more than three years or a fine of not more than three million yen, or both (Article 107 of the Act) ② An exchange service provider who has violated the separate management of property or has violated the disposition of suspension of operation is subject to imprisonment for not more than two years or a fine of not more than three million yen, or both (Article 108 of the Act). ③ Any person who has failed to prepare or has falsely prepared books, reports, attachment and documents or has refused to answer the questions or has refused to accept or has hindered the business inspection is subject to imprisonment for not more than one years or a fine of not more than three million yen, or both (Article 109 of the Act) ④ A person who fails to take necessary measure for improving its operation is subject to a fine of not more than one million yen. 2. Act on Prevention of Transfer of Criminal Proceeds   In order to prevent from money-laundering, the legitimacy of fund sources must be assured. The amended “Act on Prevention of Transfer of Criminal Proceeds” (hereinafter referred to as the “Act”) incorporates the virtual currency exchange service providers as “specified business operators” and imposes them with the following main obligations: (1) The obligation to confirm user identification (Article 4 of the Act) (2) The obligation to confirm and preserve transaction records (Articles 6 & 7 of the Act) (3) The obligation to report suspicious transactions (Article 11 of the Act)   The above are major contents of the amendments to legislations in relation to virtual currency exchange service providers in Japan. The purposes of the amendment are to promote the innovation of virtual currency operators and the balanced development with consumer protection. Therefore, they are included in the Payment Services Act and are subject to similar supervision as with electronic bill and Funds Transfer Service[6]. The reorganization of virtual currency system in Japan has stepped forward. However, the application of actual operation needs continual follow-up and observation, so as to be used as reference for the relevant law system of our country. [1]Financial System Council, The Working Group on Payments and Transaction Banking of the Financial System Council, P27. [2]Currency-Denominated Assets, Assets denominated in currency refers to the “Currency-Denominated Assets” in Japanese and defined in the Payment Services Act: as used in this Act means assets which are denominated in the Japanese currency or a foreign currency, or for which performance of obligations, refund, or anything equivalent thereto (hereinafter referred to as "performance of obligations, etc." in this paragraph) is supposed to be made in the Japanese currency or a foreign currency. In this case, assets for which performance of obligations, etc. is supposed to be made by means of Currency-Denominated Assets are deemed to be Currency-Denominated Assets. [3] <Improvement System of Virtual Currency>, Daiwa Institute of Research, see website:, (Last browse date: 12/07/2017) [4]Article 63-2 of the Payment Service Act provides the registration with the Prime Minister; however, in practical operation, the operators shall apply for registration with the local financial bureau. [5]Financial System Council, The Working Group on Payments and Transaction Banking of the Financial System Council, P29. [6]In the Payment Services Act of Japan, it is specified that the remittance business engaged by a non-banking provider was officially named as “Funds Transfer Service”, in which business contents aim at the third payment works. Financial Research Development Funds Management Committee, “Study of the industrial development and management between international non-financial institution payment services”, written by Kuo Chen-Chung and Hsu Shih-Chin, pp60~61(2015).