Legal & Compliance

Understanding the legal framework for Pilier validators: jurisdiction, liability, GDPR compliance, and insurance.

Reading time: 10 minutes

---

Jurisdiction

Governing Law

French law applies to all validator relationships with Pilier.

Why French law?

• Pilier SAS is a French-incorporated entity
• Headquarters in Lyon, France
• French legal framework provides clarity on:
  • Data protection (GDPR implementation)
  • Contract law (validator Charter = binding agreement)
  • Digital services regulation

---

Dispute Resolution

Three-tier approach:

Tier 1: Amicable Settlement (preferred)

Process:
├─ Direct communication between validator and Pilier
├─ Mediation via neutral third party (if needed)
├─ Timeline: 30 days to resolve
└─ Cost: Free (no legal fees)

Tier 2: Governance Arbitration

Process:
├─ Submit dispute to governance (public proposal)
├─ Community votes on resolution (tPIL holders)
├─ Timeline: 14-day voting period
└─ Binding decision (both parties must accept)

Tier 3: French Commercial Courts (last resort)

Jurisdiction: Paris Commercial Court (Tribunal de Commerce de Paris)
Applicable law: French commercial law
Language: French (translations may be required)
Timeline: Months to years (typical court delays)
Cost: Legal fees (€5,000-50,000+)

Recommendation: Resolve disputes at Tier 1 or 2 whenever possible.

---

Contracts & Agreements

Validator Charter = legally binding agreement

Signing process:

During onboarding:
├─ Validator entity reviews Charter (this documentation)
├─ Legal representative signs agreement (DocuSign or wet signature)
├─ Pilier counter-signs
├─ Both parties retain signed copy
└─ On-chain event emitted (governance.validatorAdded)

Charter status:

• Legally enforceable in French courts
• Can be amended via governance (80% approval required)
• Validators bound by latest version (notified of changes)

---

Liability

What Validators Are NOT Liable For

Network downtime (with due diligence):

Scenario: Validator offline for 6 hours due to datacenter power outage

Liability: None ✅
Reasoning:
├─ Due diligence maintained (proper hosting, monitoring)
├─ Unforeseeable event (force majeure)
├─ Validator responded appropriately (communicated, restored quickly)
└─ No gross negligence

User losses (operational risks):

Scenario: User's DPP timestamp delayed due to network congestion

Liability: None ✅
Reasoning:
├─ Validators provide infrastructure "as-is"
├─ No SLA for individual user transactions
├─ Blockchain inherent risks (user accepts when using network)
└─ Validator not responsible for user business decisions

Governance decisions (good faith voting):

Scenario: Validator votes for fee increase, some users unhappy

Liability: None ✅
Reasoning:
├─ Governance voting is protected activity
├─ Validator acted in good faith (believed it was best for network)
├─ Democratic process (majority decides)
└─ Voters not liable for policy outcomes

---

What Validators ARE Liable For

Gross negligence:

Examples:
├─ Leaving admin password as "password123"
├─ Ignoring critical security alerts for weeks
├─ Running outdated node software with known vulnerabilities
└─ Never checking monitoring, never responding to incidents

Consequence:
├─ Validator may be held liable for damages
├─ Removal via governance (Charter violation)
└─ Potential financial claims (if provable damages)

Willful misconduct:

Examples:
├─ Intentional double-signing (trying to attack network)
├─ Deliberately censoring specific users' transactions
├─ Sharing session keys with unauthorized third parties
└─ Accepting bribes to vote certain way on governance

Consequence:
├─ Immediate removal (emergency governance vote)
├─ Legal action possible (fraud, breach of contract)
└─ Reputational damage (entity name publicized)

Breach of confidentiality:

Examples:
├─ Leaking private user data (if validator has access to off-chain data)
├─ Disclosing other validators' security practices without permission
└─ Sharing sensitive governance discussions (if marked confidential)

Consequence:
├─ GDPR violation (see below)
├─ Charter breach (removal process)
└─ Potential fines (GDPR penalties up to €20M or 4% revenue)

---

Limitation of Liability

Validator Charter includes standard limitation clauses:

"Validators' total liability to Pilier or third parties
shall not exceed the total compensation received in
the 12 months prior to the incident."

Translation:

• Maximum liability: 12 months × €500 = €6,000
• Protects validators from catastrophic claims
• Standard practice in infrastructure contracts

Exception: Limitation does NOT apply to:

• Willful misconduct
• Gross negligence
• Criminal activity

---

GDPR Compliance

What Data Do Validators Process?

On-chain data (public ledger):

Public information (no GDPR protection):
├─ Transaction hashes
├─ Account addresses (pseudonymous)
├─ Block timestamps
├─ DPP metadata (product information)
└─ Governance votes (public by design)

Off-chain data (P2P networking):

Personal data (GDPR-protected):
├─ IP addresses (validators see peers' IPs)
├─ Connection metadata (timestamps, ports)
└─ Telemetry data (node performance metrics)

Note: This is minimal, temporary, and necessary for network operation.

Validator entity data (internal):

Personal data (GDPR-protected):
├─ Staff email addresses (validator operators)
├─ Emergency contact phone numbers
└─ On-call schedules (names, availability)

---

GDPR Compliance Requirements

Lawful basis for processing:

Article 6(1)(f): Legitimate interest
├─ Purpose: Operating blockchain infrastructure
├─ Necessity: Cannot operate validator without processing IP addresses
├─ Balancing test: Network security outweighs privacy impact (minimal data)
└─ Documented in DPIA (Data Protection Impact Assessment)

Data minimization:

Validators should:
├─ NOT log more data than necessary (e.g., full packet captures)
├─ NOT store IP addresses longer than needed (rotate logs weekly/monthly)
├─ NOT share peer data with third parties
└─ Configure telemetry to be pseudonymous (no personally identifiable info)

Security measures:

Required:
├─ Encrypted storage (disk encryption for logs)
├─ Access controls (only authorized staff can access node)
├─ Secure key management (session keys in HSM or encrypted vault)
└─ Incident response plan (see Security Procedures)

---

Right to Erasure ("Right to be Forgotten")

The GDPR conflict:

User request: "Delete my transaction from blockchain"
Blockchain reality: Immutable ledger (cannot delete)

Solution:
├─ Personal data stored OFF-chain (IPFS, Arweave)
├─ Only hash stored on-chain (not personal data)
├─ User can request deletion of off-chain data
└─ Hash remains on-chain (but now points to deleted data)

Validator's role:

If user requests erasure:
├─ Validator does NOT need to delete on-chain data (it's a hash)
├─ Validator MUST delete any off-chain logs containing user's IP (if requested)
├─ Timeline: 30 days to comply
└─ Document request (ROPA - Record of Processing Activities)

---

Data Protection Officer (DPO)

When do you need a DPO?

Required for:

• Public authorities (universities, municipalities)
• Large-scale systematic monitoring
• Processing sensitive data (health, biometrics, etc.)

Not required for:

• Small NGOs with limited data processing
• Validators only processing blockchain data (minimal personal data)

Pilier offers DPO-as-a-Service:

For small validators without in-house DPO:
├─ Pilier provides external DPO (French-licensed)
├─ Cost: Included in validator support (no extra charge)
├─ Scope: Review validator's data processing, GDPR compliance checks
└─ Contact: dpo@pilier.org

---

Data Protection Impact Assessment (DPIA)

What is a DPIA?

• Risk assessment for data processing activities
• Required when processing poses "high risk" to individuals
• Documents: what data, why, how long, security measures

Pilier provides DPIA template for validators:

Template includes:
├─ Validator data processing activities (IP addresses, telemetry)
├─ Lawful basis (legitimate interest)
├─ Risk assessment (low risk - minimal data, necessary for operation)
├─ Mitigation measures (encryption, access controls, log rotation)
└─ DPO approval (if applicable)

Download: validators@pilier.org (request DPIA template)

---

Cross-Border Data Transfers

Validators in EU/EEA:

• No special requirements (GDPR applies uniformly)

Validators outside EU/EEA (rare):

Example: Swiss validator (Switzerland = adequate country)
├─ No extra requirements (GDPR equivalence recognized)
└─ Standard GDPR compliance sufficient

Example: UK validator (post-Brexit)
├─ UK GDPR applies (near-identical to EU GDPR)
├─ Standard Contractual Clauses (SCCs) may be required
└─ Pilier provides SCC template if needed

---

Insurance

Why Insurance?

Validators face operational risks:

• Cyber attacks (DDoS, ransomware)
• Data breaches (accidental exposure of logs)
• Hardware failures (fire, flood, theft)
• Professional errors (misconfiguration causing downtime)

Insurance protects:

• Validator entity from financial losses
• Covers legal defense costs (if sued)
• Provides peace of mind (focus on operations, not liability)

---

Recommended Coverage

1. Cyber Liability Insurance

Coverage:
├─ Data breach response costs (legal, notification, PR)
├─ Ransomware payments (if attacked)
├─ Business interruption (lost income due to cyber incident)
└─ Third-party claims (if validator breach affects others)

Typical limits:
├─ €50,000 - €100,000 coverage
├─ Annual premium: €500-1,500
└─ Deductible: €1,000-5,000

Recommended insurers (France):

• Hiscox (specialist in cyber insurance)
• AXA (cyber risk coverage)
• Allianz (technology E&O policies)

---

2. Professional Indemnity Insurance

Coverage:
├─ Professional errors (misconfiguration, wrong advice)
├─ Negligence claims (failed to respond to incident)
├─ Legal defense costs (if sued by Pilier or users)
└─ Contractual liability (Charter breach claims)

Typical limits:
├─ €100,000 coverage
├─ Annual premium: €800-2,000
└─ Deductible: €2,000-5,000

Why you need this:

• Validators provide professional service (infrastructure operation)
• If error causes harm (e.g., persistent downtime → user losses), you may be sued
• Insurance covers legal defense even if claim is unfounded

---

3. Hardware/Equipment Insurance

Coverage:
├─ Server hardware (theft, fire, flood)
├─ Replacement costs (new equipment)
├─ Data recovery (if disks fail)
└─ Temporary equipment rental (during repairs)

Typical limits:
├─ Replacement value (€2,000-10,000 depending on setup)
├─ Annual premium: €200-500
└─ Deductible: €500-1,000

Note: Often included in office/property insurance if validator hosted on-premises.

---

4. Business Interruption Insurance

Coverage:
├─ Lost "income" during downtime (in validator's case, coverage of operational costs)
├─ Extra expenses (emergency hosting, consultant fees)
└─ Covers 3-6 months of costs

Typical limits:
├─ €5,000-15,000 (3 months of validator costs)
├─ Annual premium: €300-800
└─ Deductible: 48-hour waiting period

Why useful:

• If validator suffers major incident (hardware failure, fire), may take weeks to restore
• Insurance covers costs during restoration period

---

Total Annual Insurance Cost

Recommended package for validators:

Coverage	Annual Premium	Notes
Cyber Liability (€50k)	€500-1,500	Essential
Professional Indemnity (€100k)	€800-2,000	Highly recommended
Hardware/Equipment	€200-500	Recommended (if self-hosted)
Business Interruption	€300-800	Optional (depends on budget)
Total	€1,800-4,800	~€150-400/month

Note: Many insurers offer bundle discounts (10-20% off if purchasing multiple policies).

---

Is Insurance Mandatory?

Not required by Charter, but strongly recommended.

Why?

• Validators are non-profit entities (often tight budgets)
• Single cyber incident or lawsuit could bankrupt small NGO/university department
• Insurance provides financial resilience

Alternative if insurance unaffordable:

• Apply for infrastructure grant (see Compensation)
• Self-insure (maintain emergency reserve fund)
• Partner with larger entity (university IT department may have institutional insurance)

---

How to Get Insurance

Step 1: Contact insurance broker

Find broker specializing in:
├─ Cyber risk (for validators)
├─ Technology E&O (professional indemnity)
└─ Non-profit entities (understands validator model)

Step 2: Provide validator details

Broker will ask:
├─ Entity type (university, NGO, public body)
├─ Annual revenue/budget (for premium calculation)
├─ Data processing activities (validator = minimal personal data)
├─ Security measures (firewalls, encryption, monitoring)
└─ Prior incidents (any past breaches or claims?)

Step 3: Review quotes

Compare:
├─ Coverage limits (is €50k cyber liability enough?)
├─ Deductibles (can you afford €5k out-of-pocket?)
├─ Exclusions (what's NOT covered?)
└─ Premium cost (fits within €500/month validator budget?)

Step 4: Purchase & maintain

After purchase:
├─ Provide proof of insurance to validators@pilier.org (optional, for records)
├─ Renew annually (set calendar reminder)
└─ Update policy if validator operations change (e.g., add more hardware)

---

Contract Terms

Validator Charter as Contract

The Validator Charter is a binding agreement between:

• Validator entity (you)
• Pilier SAS (protocol operator)

Key clauses:

Term & termination:

Duration: Indefinite (until voluntary exit or removal)
Termination by validator: 90-day notice recommended (graceful exit)
Termination by Pilier: Only via governance vote (75% approval)

Compensation:

Target: €500/month per validator (best effort, not guaranteed)
Source: Transaction fees + inflation subsidy
Exchange: 1 PIL = €1.00 via Treasury (within limits)

Performance obligations:

Validator must:
├─ Maintain 99% uptime (target)
├─ Respond to critical incidents within 2 hours
├─ Participate in governance (>80% of votes)
└─ Comply with Charter (all sections)

Indemnification:

Validator indemnifies Pilier from claims arising from:
├─ Gross negligence
├─ Willful misconduct
├─ Breach of confidentiality

Pilier indemnifies Validator from claims arising from:
├─ Protocol bugs (runtime vulnerabilities)
├─ Other validators' actions
├─ Third-party attacks (if validator followed security procedures)

---

Amendments to Charter

Charter can be amended via governance:

Process:
├─ Proposal submitted (80% approval + 25% quorum required)
├─ 14-day discussion period
├─ Voting period (21 days for Charter changes)
├─ If approved: Effective immediately
└─ All validators notified (email + Telegram)

Validator's options:
├─ Accept amendment (continue validating)
├─ Negotiate (propose counter-amendment)
└─ Voluntary exit (if amendment unacceptable)

Major amendments require validator re-signature:

• Changes to liability clauses
• Changes to compensation structure
• Changes to governance rights

Minor amendments auto-apply:

• Technical clarifications
• Performance metric adjustments
• Process improvements

---

Exit Liability

Voluntary Exit

No financial penalties for voluntary exit.

Process:

1. Notify validators@pilier.org (90-day notice recommended)
2. Submit governance proposal: "Remove validator-{id} (voluntary exit)"
3. Handover period (30-90 days)
4. Final settlement:
   ├─ Claim unclaimed rewards (up to 84 eras)
   ├─ Exchange remaining PIL for EUR (within limits)
   └─ Return any infrastructure grants (if applicable)

Post-exit obligations:

Validator must:
├─ Delete sensitive data (other validators' contact info, if any)
├─ Return access credentials (if applicable)
└─ Provide exit report (lessons learned, documentation)

Validator is NOT required to:
├─ Pay exit fees ❌
├─ Return compensation already received ❌
└─ Continue operations beyond agreed handover period ❌

---

Involuntary Removal

If removed via governance for Charter violations:

No retroactive clawbacks:

Validator keeps:
├─ All compensation received up to removal date ✅
├─ Unclaimed rewards (can still claim post-removal)
└─ No financial penalties

Exception: Fraud or embezzlement:

If validator:
├─ Falsified expense reports (infrastructure grants)
├─ Double-claimed rewards
└─ Engaged in criminal activity

Then:
├─ Pilier may pursue legal recovery (French courts)
├─ Standard fraud/embezzlement law applies
└─ Insurance may cover legal costs

---

Frequently Asked Questions

Q: Can validators be sued by users for network downtime?

Unlikely, but possible:

• Validators provide infrastructure "as-is" (no SLA to individual users)
• Users accept blockchain risks when using network
• Validators protected by limitation of liability clause

However: If gross negligence proven (e.g., validator ignored critical security alerts for months → major breach), user might have claim.

Insurance mitigates this risk (professional indemnity covers legal defense).

---

Q: What happens if validator violates GDPR?

Process:
├─ GDPR authority (CNIL in France) investigates
├─ If violation found: Warning or fine (up to €20M or 4% revenue)
├─ Validator must remediate (fix data processing practices)
└─ May trigger Charter review (governance decides if removal warranted)

Pilier's role:
├─ Provides GDPR compliance support (DPIA templates, DPO)
├─ NOT liable for validator's independent GDPR violations
└─ May assist in remediation (best practices, technical guidance)

---

Q: Do we need a lawyer to review the Charter?

Recommended for larger entities (universities, municipalities):

• Charter is legally binding
• Entity's legal department should review before signing
• Pilier can provide clarifications if needed

Not strictly necessary for small NGOs:

• Charter is written in plain language (not legalese)
• Standard terms (no hidden traps)
• Community-reviewed (transparent governance)

---

Q: What if French law conflicts with our local law?

Hierarchy:
1. Mandatory local law (e.g., GDPR, cannot be waived)
2. French law (Charter terms)
3. Amicable resolution (if conflict arises)

Example:
├─ German validator must comply with both German and French law
├─ If conflict: Discuss with validators@pilier.org
└─ Governance may amend Charter to resolve (if widespread issue)

---

Q: Can we get insurance after we're already a validator?

Yes:

• Insurance not required for onboarding
• Can purchase anytime
• Recommended: Get quotes during application process (factor into budget)
• May take 2-4 weeks to get policy issued (allow time)

---

Summary: Legal Framework

Jurisdiction:

• ✅ French law governs validator relationships
• ✅ Disputes resolved via mediation → governance → courts (last resort)

Liability:

• ✅ NOT liable: Network downtime (with due diligence), user losses, governance votes
• ❌ LIABLE: Gross negligence, willful misconduct, breach of confidentiality
• ✅ Limited to 12 months compensation (€6,000 cap)

GDPR:

• ✅ Minimal personal data processed (IP addresses in P2P networking)
• ✅ Lawful basis: Legitimate interest (blockchain operation)
• ✅ Pilier provides: DPIA template, DPO-as-a-Service

Insurance (recommended):

• ✅ Cyber liability: €500-1,500/year
• ✅ Professional indemnity: €800-2,000/year
• ✅ Total: €1,800-4,800/year (€150-400/month)

Exit:

• ✅ No financial penalties for voluntary exit
• ✅ 90-day notice recommended (graceful handover)

---

Next Steps

Understand legal framework?

1. ✅ Read Governance Participation (how validators vote)
2. ✅ Review Security Procedures (incident response)
3. ✅ Check Onboarding Guide (application process)
4. 📧 Questions? Email: validators@pilier.org

---

Support

📧 Legal questions: validators@pilier.net
📧 GDPR/DPO: dpo@pilier.org
💬 Telegram: @pilier_org/validators
🌐 Forum: forum.pilier.net/validators