Legal & Compliance
Understanding the legal framework for Pilier validators: jurisdiction, liability, GDPR compliance, and insurance.
Reading time: 10 minutes
Jurisdiction
Governing Law
French law applies to all validator relationships with Pilier.
Why French law?
- Pilier Foundation is a French-incorporated entity
- Headquarters in Lyon, France
- French legal framework provides clarity on:
- Data protection (GDPR implementation)
- Contract law (validator Charter = binding agreement)
- Digital services regulation
Dispute Resolution
Three-tier approach:
Tier 1: Amicable Settlement (preferred)
Process:
├─ Direct communication between validator and Pilier
├─ Mediation via neutral third party (if needed)
├─ Timeline: 30 days to resolve
└─ Cost: Free (no legal fees)
Tier 2: Governance Arbitration
Process:
├─ Submit dispute to governance (public proposal)
├─ Community votes on resolution (tPIL holders)
├─ Timeline: 14-day voting period
└─ Binding decision (both parties must accept)
Tier 3: French Commercial Courts (last resort)
Jurisdiction: Paris Commercial Court (Tribunal de Commerce de Paris)
Applicable law: French commercial law
Language: French (translations may be required)
Timeline: Months to years (typical court delays)
Cost: Legal fees (€5,000-50,000+)
Recommendation: Resolve disputes at Tier 1 or 2 whenever possible.
Contracts & Agreements
Validator Charter = legally binding agreement
Signing process:
During onboarding:
├─ Validator entity reviews Charter (this documentation)
├─ Legal representative signs agreement (DocuSign or wet signature)
├─ Pilier counter-signs
├─ Both parties retain signed copy
└─ On-chain event emitted (governance.validatorAdded)
Charter status:
- Legally enforceable in French courts
- Can be amended via governance (80% approval required)
- Validators bound by latest version (notified of changes)
Liability
What Validators Are NOT Liable For
Network downtime (with due diligence):
Scenario: Validator offline for 6 hours due to datacenter power outage
Liability: None ✅
Reasoning:
├─ Due diligence maintained (proper hosting, monitoring)
├─ Unforeseeable event (force majeure)
├─ Validator responded appropriately (communicated, restored quickly)
└─ No gross negligence
User losses (operational risks):
Scenario: User's DPP timestamp delayed due to network congestion
Liability: None ✅
Reasoning:
├─ Validators provide infrastructure "as-is"
├─ No SLA for individual user transactions
├─ Blockchain inherent risks (user accepts when using network)
└─ Validator not responsible for user business decisions
Governance decisions (good faith voting):
Scenario: Validator votes for fee increase, some users unhappy
Liability: None ✅
Reasoning:
├─ Governance voting is protected activity
├─ Validator acted in good faith (believed it was best for network)
├─ Democratic process (majority decides)
└─ Voters not liable for policy outcomes
What Validators ARE Liable For
Gross negligence:
Examples:
├─ Leaving admin password as "password123"
├─ Ignoring critical security alerts for weeks
├─ Running outdated node software with known vulnerabilities
└─ Never checking monitoring, never responding to incidents
Consequence:
├─ Validator may be held liable for damages
├─ Removal via governance (Charter violation)
└─ Potential financial claims (if provable damages)
Willful misconduct:
Examples:
├─ Intentional double-signing (trying to attack network)
├─ Deliberately censoring specific users' transactions
├─ Sharing session keys with unauthorized third parties
└─ Accepting bribes to vote certain way on governance
Consequence:
├─ Immediate removal (emergency governance vote)
├─ Legal action possible (fraud, breach of contract)
└─ Reputational damage (entity name publicized)
Breach of confidentiality:
Examples:
├─ Leaking private user data (if validator has access to off-chain data)
├─ Disclosing other validators' security practices without permission
└─ Sharing sensitive governance discussions (if marked confidential)
Consequence:
├─ GDPR violation (see below)
├─ Charter breach (removal process)
└─ Potential fines (GDPR penalties up to €20M or 4% revenue)
Limitation of Liability
Validator Charter includes standard limitation clauses:
"Validators' total liability to Pilier or third parties
shall not exceed the total compensation received in
the 12 months prior to the incident."
Translation:
- Maximum liability: 12 months × current operational cost target (initially €500/month) = up to €6,000
- Protects validators from catastrophic claims
- Standard practice in infrastructure contracts
Exception: Limitation does NOT apply to:
- Willful misconduct
- Gross negligence
- Criminal activity
GDPR Compliance
What Data Do Validators Process?
On-chain data (public ledger):
Public information (no GDPR protection):
├─ Transaction hashes
├─ Account addresses (pseudonymous)
├─ Block timestamps
├─ DPP metadata (product information)
└─ Governance votes (public by design)
Off-chain data (P2P networking):
Personal data (GDPR-protected):
├─ IP addresses (validators see peers' IPs)
├─ Connection metadata (timestamps, ports)
└─ Telemetry data (node performance metrics)
Note: This is minimal, temporary, and necessary for network operation.
Validator entity data (internal):
Personal data (GDPR-protected):
├─ Staff email addresses (validator operators)
├─ Emergency contact phone numbers
└─ On-call schedules (names, availability)
GDPR Compliance Requirements
Lawful basis for processing:
Article 6(1)(f): Legitimate interest
├─ Purpose: Operating blockchain infrastructure
├─ Necessity: Cannot operate validator without processing IP addresses
├─ Balancing test: Network security outweighs privacy impact (minimal data)
└─ Documented in DPIA (Data Protection Impact Assessment)
Data minimization:
Validators should:
├─ NOT log more data than necessary (e.g., full packet captures)
├─ NOT store IP addresses longer than needed (rotate logs weekly/monthly)
├─ NOT share peer data with third parties
└─ Configure telemetry to be pseudonymous (no personally identifiable info)
Security measures:
Required:
├─ Encrypted storage (disk encryption for logs)
├─ Access controls (only authorized staff can access node)
├─ Secure key management (session keys in HSM or encrypted vault)
└─ Incident response plan (see Security Procedures)
Right to Erasure ("Right to be Forgotten")
The GDPR conflict:
User request: "Delete my transaction from blockchain"
Blockchain reality: Immutable ledger (cannot delete)
Solution:
├─ Personal data stored OFF-chain (IPFS, Arweave)
├─ Only hash stored on-chain (not personal data)
├─ User can request deletion of off-chain data
└─ Hash remains on-chain (but now points to deleted data)
Validator's role:
If user requests erasure:
├─ Validator does NOT need to delete on-chain data (it's a hash)
├─ Validator MUST delete any off-chain logs containing user's IP (if requested)
├─ Timeline: 30 days to comply
└─ Document request (ROPA - Record of Processing Activities)
Data Protection Officer (DPO)
When do you need a DPO?
Required for:
- Public authorities (universities, municipalities)
- Large-scale systematic monitoring
- Processing sensitive data (health, biometrics, etc.)
Not required for:
- Small NGOs with limited data processing
- Validators only processing blockchain data (minimal personal data)
Pilier offers DPO-as-a-Service:
For small validators without in-house DPO:
├─ Pilier provides external DPO (French-licensed)
├─ Cost: Included in validator support (no extra charge)
├─ Scope: Review validator's data processing, GDPR compliance checks
└─ Contact: dpo@pilier.org
Data Protection Impact Assessment (DPIA)
What is a DPIA?
- Risk assessment for data processing activities
- Required when processing poses "high risk" to individuals
- Documents: what data, why, how long, security measures
Pilier provides DPIA template for validators:
Template includes:
├─ Validator data processing activities (IP addresses, telemetry)
├─ Lawful basis (legitimate interest)
├─ Risk assessment (low risk - minimal data, necessary for operation)
├─ Mitigation measures (encryption, access controls, log rotation)
└─ DPO approval (if applicable)
Download: validators@pilier.org (request DPIA template)
Cross-Border Data Transfers
Validators in EU/EEA:
- No special requirements (GDPR applies uniformly)
Validators outside EU/EEA (rare):
Example: Swiss validator (Switzerland = adequate country)
├─ No extra requirements (GDPR equivalence recognized)
└─ Standard GDPR compliance sufficient
Example: UK validator (post-Brexit)
├─ UK GDPR applies (near-identical to EU GDPR)
├─ Standard Contractual Clauses (SCCs) may be required
└─ Pilier provides SCC template if needed
Insurance
Why Insurance?
Validators face operational risks:
- Cyber attacks (DDoS, ransomware)
- Data breaches (accidental exposure of logs)
- Hardware failures (fire, flood, theft)
- Professional errors (misconfiguration causing downtime)
Insurance protects:
- Validator entity from financial losses
- Covers legal defense costs (if sued)
- Provides peace of mind (focus on operations, not liability)
Recommended Coverage
1. Cyber Liability Insurance
Coverage:
├─ Data breach response costs (legal, notification, PR)
├─ Ransomware payments (if attacked)
├─ Business interruption (lost income due to cyber incident)
└─ Third-party claims (if validator breach affects others)
Typical limits:
├─ €50,000 - €100,000 coverage
├─ Annual premium: €500-1,500
└─ Deductible: €1,000-5,000
Recommended insurers (France):
- Hiscox (specialist in cyber insurance)
- AXA (cyber risk coverage)
- Allianz (technology E&O policies)
2. Professional Indemnity Insurance
Coverage:
├─ Professional errors (misconfiguration, wrong advice)
├─ Negligence claims (failed to respond to incident)
├─ Legal defense costs (if sued by Pilier or users)
└─ Contractual liability (Charter breach claims)
Typical limits:
├─ €100,000 coverage
├─ Annual premium: €800-2,000
└─ Deductible: €2,000-5,000
Why you need this:
- Validators provide professional service (infrastructure operation)
- If error causes harm (e.g., persistent downtime → user losses), you may be sued
- Insurance covers legal defense even if claim is unfounded
3. Hardware/Equipment Insurance
Coverage:
├─ Server hardware (theft, fire, flood)
├─ Replacement costs (new equipment)
├─ Data recovery (if disks fail)
└─ Temporary equipment rental (during repairs)
Typical limits:
├─ Replacement value (€2,000-10,000 depending on setup)
├─ Annual premium: €200-500
└─ Deductible: €500-1,000
Note: Often included in office/property insurance if validator hosted on-premises.
4. Business Interruption Insurance
Coverage:
├─ Lost "income" during downtime (in validator's case, coverage of operational costs)
├─ Extra expenses (emergency hosting, consultant fees)
└─ Covers 3-6 months of costs
Typical limits:
├─ €5,000-15,000 (3 months of validator costs)
├─ Annual premium: €300-800
└─ Deductible: 48-hour waiting period
Why useful:
- If validator suffers major incident (hardware failure, fire), may take weeks to restore
- Insurance covers costs during restoration period
Total Annual Insurance Cost
Recommended package for validators:
| Coverage | Annual Premium | Notes |
|---|---|---|
| Cyber Liability (€50k) | €500-1,500 | Essential |
| Professional Indemnity (€100k) | €800-2,000 | Highly recommended |
| Hardware/Equipment | €200-500 | Recommended (if self-hosted) |
| Business Interruption | €300-800 | Optional (depends on budget) |
| Total | €1,800-4,800 | ~€150-400/month |
Note: Many insurers offer bundle discounts (10-20% off if purchasing multiple policies).
Is Insurance Mandatory?
Not required by Charter, but strongly recommended.
Why?
- Validators are non-profit entities (often tight budgets)
- Single cyber incident or lawsuit could bankrupt small NGO/university department
- Insurance provides financial resilience
Alternative if insurance unaffordable:
- Apply for infrastructure grant (see Compensation)
- Self-insure (maintain emergency reserve fund)
- Partner with larger entity (university IT department may have institutional insurance)
How to Get Insurance
Step 1: Contact insurance broker
Find broker specializing in:
├─ Cyber risk (for validators)
├─ Technology E&O (professional indemnity)
└─ Non-profit entities (understands validator model)
Step 2: Provide validator details
Broker will ask:
├─ Entity type (university, NGO, public body)
├─ Annual revenue/budget (for premium calculation)
├─ Data processing activities (validator = minimal personal data)
├─ Security measures (firewalls, encryption, monitoring)
└─ Prior incidents (any past breaches or claims?)
Step 3: Review quotes
Compare:
├─ Coverage limits (is €50k cyber liability enough?)
├─ Deductibles (can you afford €5k out-of-pocket?)
├─ Exclusions (what's NOT covered?)
└─ Premium cost (fits within €500/month validator budget?)
Step 4: Purchase & maintain
After purchase:
├─ Provide proof of insurance to validators@pilier.org (optional, for records)
├─ Renew annually (set calendar reminder)
└─ Update policy if validator operations change (e.g., add more hardware)
Contract Terms
Validator Charter as Contract
The Validator Charter is a binding agreement between:
- Validator entity (you)
- Pilier Foundation (protocol operator)
Key clauses:
Term & termination:
Duration: Indefinite (until voluntary exit or removal)
Termination by validator: 90-day notice recommended (graceful exit)
Termination by Pilier: Only via governance vote (75% approval)
Compensation:
Target: up to €500/month per validator (operational cost coverage, adjustable via tPIL governance vote)
Source: Transaction fees + inflation subsidy
Exchange: 1 PIL = €1.00 via Treasury (within limits)
Performance obligations:
Validator must:
├─ Maintain 99% uptime (target)
├─ Respond to critical incidents within 2 hours
├─ Participate in governance (>80% of votes)
└─ Comply with Charter (all sections)
Indemnification:
Validator indemnifies Pilier from claims arising from:
├─ Gross negligence
├─ Willful misconduct
├─ Breach of confidentiality
Pilier indemnifies Validator from claims arising from:
├─ Protocol bugs (runtime vulnerabilities)
├─ Other validators' actions
├─ Third-party attacks (if validator followed security procedures)
Amendments to Charter
Charter can be amended via governance:
Process:
├─ Proposal submitted (80% approval + 25% quorum required)
├─ 14-day discussion period
├─ Voting period (21 days for Charter changes)
├─ If approved: Effective immediately
└─ All validators notified (email + Telegram)
Validator's options:
├─ Accept amendment (continue validating)
├─ Negotiate (propose counter-amendment)
└─ Voluntary exit (if amendment unacceptable)
Major amendments require validator re-signature:
- Changes to liability clauses
- Changes to compensation structure
- Changes to governance rights
Minor amendments auto-apply:
- Technical clarifications
- Performance metric adjustments
- Process improvements
Exit Liability
Voluntary Exit
No financial penalties for voluntary exit.
Process:
1. Notify validators@pilier.org (90-day notice recommended)
2. Submit governance proposal: "Remove validator-{id} (voluntary exit)"
3. Handover period (30-90 days)
4. Final settlement:
├─ Claim unclaimed rewards (up to 84 eras)
├─ Exchange remaining PIL for EUR (within limits)
└─ Return any infrastructure grants (if applicable)
Post-exit obligations:
Validator must:
├─ Delete sensitive data (other validators' contact info, if any)
├─ Return access credentials (if applicable)
└─ Provide exit report (lessons learned, documentation)
Validator is NOT required to:
├─ Pay exit fees ❌
├─ Return compensation already received ❌
└─ Continue operations beyond agreed handover period ❌
Involuntary Removal
If removed via governance for Charter violations:
No retroactive clawbacks:
Validator keeps:
├─ All compensation received up to removal date ✅
├─ Unclaimed rewards (can still claim post-removal)
└─ No financial penalties
Exception: Fraud or embezzlement:
If validator:
├─ Falsified expense reports (infrastructure grants)
├─ Double-claimed rewards
└─ Engaged in criminal activity
Then:
├─ Pilier may pursue legal recovery (French courts)
├─ Standard fraud/embezzlement law applies
└─ Insurance may cover legal costs
Frequently Asked Questions
Q: Can validators be sued by users for network downtime?
Unlikely, but possible:
- Validators provide infrastructure "as-is" (no SLA to individual users)
- Users accept blockchain risks when using network
- Validators protected by limitation of liability clause
However: If gross negligence proven (e.g., validator ignored critical security alerts for months → major breach), user might have claim.
Insurance mitigates this risk (professional indemnity covers legal defense).
Q: What happens if validator violates GDPR?
Process:
├─ GDPR authority (CNIL in France) investigates
├─ If violation found: Warning or fine (up to €20M or 4% revenue)
├─ Validator must remediate (fix data processing practices)
└─ May trigger Charter review (governance decides if removal warranted)
Pilier's role:
├─ Provides GDPR compliance support (DPIA templates, DPO)
├─ NOT liable for validator's independent GDPR violations
└─ May assist in remediation (best practices, technical guidance)
Q: Do we need a lawyer to review the Charter?
Recommended for larger entities (universities, municipalities):
- Charter is legally binding
- Entity's legal department should review before signing
- Pilier can provide clarifications if needed
Not strictly necessary for small NGOs:
- Charter is written in plain language (not legalese)
- Standard terms (no hidden traps)
- Community-reviewed (transparent governance)
Q: What if French law conflicts with our local law?
Hierarchy:
1. Mandatory local law (e.g., GDPR, cannot be waived)
2. French law (Charter terms)
3. Amicable resolution (if conflict arises)
Example:
├─ German validator must comply with both German and French law
├─ If conflict: Discuss with validators@pilier.org
└─ Governance may amend Charter to resolve (if widespread issue)
Q: Can we get insurance after we're already a validator?
Yes:
- Insurance not required for onboarding
- Can purchase anytime
- Recommended: Get quotes during application process (factor into budget)
- May take 2-4 weeks to get policy issued (allow time)
Summary: Legal Framework
Jurisdiction:
- ✅ French law governs validator relationships
- ✅ Disputes resolved via mediation → governance → courts (last resort)
Liability:
- ✅ NOT liable: Network downtime (with due diligence), user losses, governance votes
- ❌ LIABLE: Gross negligence, willful misconduct, breach of confidentiality
- ✅ Limited to 12 months compensation (€6,000 cap)
GDPR:
- ✅ Minimal personal data processed (IP addresses in P2P networking)
- ✅ Lawful basis: Legitimate interest (blockchain operation)
- ✅ Pilier provides: DPIA template, DPO-as-a-Service
Insurance (recommended):
- ✅ Cyber liability: €500-1,500/year
- ✅ Professional indemnity: €800-2,000/year
- ✅ Total:
€1,800-4,800/year (€150-400/month)
Exit:
- ✅ No financial penalties for voluntary exit
- ✅ 90-day notice recommended (graceful handover)
Next Steps
Understand legal framework?
- ✅ Read Governance Participation (how validators vote)
- ✅ Review Security Procedures (incident response)
- ✅ Check Onboarding Guide (application process)
- 📧 Questions? Email: validators@pilier.org
Support
📧 Legal questions: validators@pilier.net
📧 GDPR/DPO: dpo@pilier.org
💬 Telegram: @pilier_org/validators
🌐 Forum: forum.pilier.net/validators