Introduction
Blockchain technology has revolutionized industries by enabling decentralized and transparent transactions. However, the diverse features[i] of different blockchains[ii] can restrict seamless interactions across the ecosystem. As the number of blockchains continues to grow, the need for interoperability between different blockchain networks (i.e. the ability of different blockchain systems to communicate, share data and conduct transactions[iii]) has become increasingly apparent. Many argue that the technology’s full potential will remain untapped as long as blockchains operate in siloes, without the ability to effectively communicate with one another.
To address this issue, significant efforts have been undertaken to create blockchain interoperability solutions that could facilitate efficient and secure interactions. However, interoperability solutions have faced some challenges. These include security and functionality[iv] challenges. Attacks on cross-chain bridges resulted in losses of nearly $4.3 billion since 2021[v]. Among other things, poorly written or unaudited smart contract code and technical bugs have been exploited by malicious hackers.
Much has been written about blockchain interoperability and its related technical challenges. However, the legal and regulatory aspects of blockchain interoperability are also significant and ought not to be overlooked[vi]. This article explores some of the legal and regulatory implications associated with blockchain interoperability[vii], focusing on jurisdictional applicability and liability, AML related regulatory compliance and data privacy obligations.
What is Blockchain Interoperability?
Blockchain interoperability refers to the capability of different blockchain networks to seamlessly transfer assets or value and/or share data[viii]. Users can access resources from various networks, promoting collaboration and the development of interoperable applications[ix] while improving efficiency, scalability, and versatility in the blockchain ecosystem[x]. This interaction can occur through various mechanisms, including cross-chain communication protocols and bridging technologies.
While not an exhaustive or definitive list, blockchain interoperability solutions[xi] typically fall into the following categories: (1) sidechains[xii] and relays[xiii], (2) notary schemes[xiv], (3) hashed timed locks[xv], (4) bridges, (5) blockchain agnostic protocols[xvi] (including blockchain of blockchains projects).
Jurisdiction and Liability: Legal Ambiguities in Blockchain Interoperability
The decentralized nature of blockchain and the applicability of jurisdiction, as it applies to a single blockchain network, can pose various challenges [xvii]. This is further exacerbated in an interoperability scenario where two or more blockchains are involved. In a multichain ecosystem, transactions or smart contracts may span several networks. Each network may operate under different governance models and/or legal environments.
Moreover, identifying the relevant parties, jurisdiction and applicable law becomes complex where parties are pseudonymous[xviii] and their location is unknown[xix]”. On the one hand, attributing a physical location, for the purpose of jurisdictional applicability, to such a distributed act may appear to be inherently implausible[xx]. As such, new legal fictions may be required to address these issues[xxi] including a reconsideration of how laws and regulations are designed, implemented, and enforced[xxii]. On the other hand, one may consider that attribution is not so implausible since, for example, transaction tracing and address analysis (i.e. blockchain analytics) can reveal identities (and therefore possibly physical locations).
Even so, there remains a further issue of the potential for conflict of laws where more than one physical location is identified in relation to a distributed act. Pinpointing parties or locations tied to transactions may only be half the battle, as the decentralized nature of blockchain systems means that a single action (such as a smart contract execution or a token transfer) could implicate laws in several jurisdictions simultaneously. Navigating the legal landscapes of multiple jurisdictions can become incredibly complex and pose issues for enforcement and liability. Ambiguity could invite forum shopping, overlapping penalties, or exploitable loopholes[xxiii] and/or conflicting obligations. Such fragmentation underscores the need for harmonized frameworks[xxiv] adapted for decentralized systems[xxv] to address cross-chain digital interactions effectively.
It has been argued that blockchain is fundamentally a regulatable technology[xxvi] and international standard setters have emphasized accountability as it relates to products, activities or services offered. However, critical questions persist regarding liability attribution - particularly whether accountability should fall on protocol developers, node operators, token holders, or other network participants[xxvii].
As blockchain transactions become increasingly complex and intertwined across various networks, establishing a clear framework to ascertain liability and enforce legal obligations becomes paramount. Without international coordination and clear legal principles tailored to blockchain’s unique architecture, legal certainty will remain elusive and, among other things, potentially expose participants to unforeseen liabilities. To resolve these jurisdictional and liability conflicts, collaboration [among regulators, legal experts and industry stakeholders] is required to develop coherent policies and mechanisms that address the intricacies of blockchain interoperability. Only through such cooperation can a secure, predictable, and compliant ecosystem emerge[xxviii].
Challenges with AML Compliance in Blockchain Interoperability
While blockchain interoperability can enhance efficiencies in digital transactions, it poses challenges in ensuring compliance with Anti-Money Laundering (AML) and Know Your Customer (KYC) regulations. These issues arise particularly due to varying requirements across jurisdictions and the presence of divergent AML frameworks/varying standards among different blockchains. When assets move between chains, disparities could create compliance gaps, allowing illicit actors to exploit cross-chain transactions.
Interoperability solutions, like cross-chain bridges, can create complex transaction pathways[xxix] with multiple smart contracts and intermediary steps[xxx] . This complexity can obscure the identities of transaction parties, making it harder to detect illicit or suspicious activities[xxxi]. Privacy-focused chains and mixing techniques may also create challenges in tracing transactions, particularly when funds are transferred between transparent and opaque ledgers.
Such opacity has arguably led to a surge in illicit cross-chain transactions. According to Chainalysis’ 2024 report, bridge protocols received $743.8 million in crypto from illicit addresses in 2023, a sharp increase from $312.2 million in 2022[xxxii]. Elliptic’s 2023 report indicated that by July 2023, $7 billion worth of illicit funds were laundered through cross-chain and cross-asset services[xxxiii]. These figures highlight the growing misuse of interoperability solutions for money laundering.
The Financial Action Task Force (FATF) has sought to encourage the harmonization of compliance standards through the issuance of guidelines relevant to virtual assets and virtual asset service providers[xxxiv]. Among other things, these guidelines emphasize the need for interoperable systems that can maintain transaction transparency and traceability. However, the implementation of these guidelines is not without its difficulties[xxxv].
Many blockchain networks and interoperability protocols lack native mechanisms to transmit originator and beneficiary information securely[xxxvi] or may use incompatible protocols for transmitting this data[xxxvii]. Without standardized communication, transaction trails can break, making it difficult to trace funds across chains. Interaction with privacy-focused blockchains and the use of privacy-enhancing technologies, while beneficial for security and privacy, also introduce additional complexities in complying with certain AML requirements. Additionally, regulatory adoption of FATF guidance remains uneven across jurisdictions[xxxviii] creating avenues for exploitation through weakly regulated corridors.
Compliance approaches[xxxix] have been proposed to address some of the above noted challenges. These include the adoption of interoperable compliance tools[xl] and the integration of AML checks directly into smart contracts. Regulatory Sandboxes could facilitate exploration of such solutions under controlled conditions to refine compliance mechanisms. Enhanced cross-chain analytics tools are also being explored to help compliance teams monitor and investigate transactions that span multiple networks. Other proposed solutions include exploring decentralized identity verification systems consisting of a multi-chain identity protocol with interoperable identity verification[xli].
Of course, challenges remain in achieving widespread adoption of any such solutions. Technical fragmentation, differing regulatory expectations, and varying views of participant communities may slow progress. Collaboration between regulators, blockchain developers, and compliance experts may aid in closing these gaps.
Ultimately, striking a balance between regulatory compliance, user privacy, and technological innovation will be key to the mitigation of financial crime risks while enabling the sustainable growth of the industry.
Data Privacy/Protection Compliance and Security
Blockchain interoperability may introduce significant complexities in ensuring compliance with data protection principles and maintaining robust security across interconnected networks. These challenges stem from the decentralized and immutable nature of blockchain systems, which often conflict with traditional notions of accountability, data minimization, securing personal information handling, and the right to erasure- found in most data protection laws. Ensuring compliance when data moves across chains can be difficult. Additionally, interoperability introduces unique security risks, such as attack surfaces across multiple chains and inconsistent security postures.
Accountability and Controllership in a Decentralized Environment
A core principle of data protection is the clear assignment of responsibility for personal data processing. However, in interoperable blockchain ecosystems, multiple parties[xlii] may process data with no identifiable centralized authority[xliii]. This lack of a defined data controller complicates compliance, as different jurisdictions impose varying obligations on entities handling personal data.
Data Minimization and Purpose Limitation
Modern data protection frameworks are built on core principles such as purpose limitation and data minimization—requiring that only necessary data be collected and used strictly for its intended purpose. However, blockchain interoperability challenges these principles. When data is duplicated across different blockchains, it may no longer align with the original purpose for which it was collected[xliv]. This wider distribution could risk violating minimization requirements, as data may be stored in more locations than initially intended. Of course, this may not always be the case but is matter that ought to be considered.
From a security perspective, each additional chain storage of data may introduce vulnerabilities, increasing the risk of unauthorized access or data breaches.
Secure Handling of Personal Information
In an interoperable environment, sensitive personal data (e.g., decentralized identity, financial transactions) may traverse multiple chains with varying security standards. Security challenges such as smart contract vulnerabilities and weak cryptographic implementations in one chain can potentially compromise data integrity across the entire ecosystem. Ensuring consistent protection, including access controls and lawful processing, across heterogeneous networks is inherently difficult.
The Right to Erasure
Blockchain's immutable nature poses significant challenges to the principle of the right to erasure (or the "right to be forgotten") as enshrined in various data protection laws[xlv]. Once data is recorded on the blockchain, it cannot be easily altered or deleted. In a cross-chain context, ensuring compliance with erasure requests becomes even more complex, as data may be replicated across multiple ledgers with different governance models and technical constraints.
Possible Solutions
Addressing the above noted challenges requires innovative solutions and collaborative efforts among stakeholders. Discussed approaches have included:
The use of privacy-preserving technologies: Implementing zero-knowledge proofs, homomorphic encryption, and other privacy-enhancing technologies to protect personal data while enabling interoperability.
Data Anonymization: Anonymizing personal data before it is recorded on the blockchain to mitigate privacy risks.
Interoperable Privacy Frameworks: Developing standardized privacy and security frameworks that can be adopted across different blockchain networks to ensure consistent compliance.
Achieving compliance with data protection principles in blockchain interoperability requires innovative solutions that reconcile decentralization with regulatory expectations. The challenge lies in ensuring adherence to key data principles while allowing for seamless transactions[xlvi]. Balancing these two aspects can be a daunting task. However, to do so, would mean unlocking the full potential of interoperability and creating a more inclusive, efficient, and secure digital ecosystem. Legal and governance frameworks may require adjustments to provide feasible mechanisms for the exercise of data privacy rights without compromising the benefits of interoperability. As cross-chain ecosystems grow, addressing these challenges will be critical for mainstream adoption.
Opportunities for Improved Legal/Regulatory Frameworks
The continued evolution of the blockchain ecosystem offers a chance to refine legal and regulatory frameworks that balance appropriate oversight with innovation having regard to the “interconnected, boundary less digital realm”[xlvii] of the decentralized ecosystem and the dynamic realities of blockchain interoperability.
Feasible solutions need careful consideration in order to build a legal and regulatory infrastructure that supports interoperability without compromising accountability, privacy, or innovation. Already, organizations such as the International Organization for Standardization[xlviii] and the Enterprise Ethereum Alliance[xlix] are developing standards to support interoperability[l]. Collaboration to ensure harmonised frameworks, would facilitate consistency across blockchains and aid in resolving some of the above noted issues.
Conclusion
Blockchain interoperability holds immense potential for creating a seamless and interconnected digital economy. However, its legal implications are multifaceted and require careful consideration. Challenges remain in applying current legal/regulatory frameworks to “a borderless digital landscape,” including determining legal jurisdiction, meeting AML regulatory requirements and adequately addressing certain data privacy protection obligations. This, among other things, leads to ambiguity in accountability and oversight.
A multifaceted approach is essential to facilitate compliance with regulatory measures. Among other things, developing clear, standardized frameworks to address conflicts of law and promoting international collaboration to harmonize practices are crucial steps. Consideration should also be given to the development of adaptive regulatory mechanisms, learning from existing case studies, and incorporating community-driven approaches into regulatory frameworks[li].
Regulatory harmonisation can help to create a more consistent regulatory environment, enabling blockchain networks to operate with greater clarity and certainty. As the technology evolves, collaboration across borders involving regulators, legal experts and industry participants will be essential to navigate these complexities while fostering innovation so as to unlock the full potential of blockchain technology.
References
[i] such as structures, consensus mechanisms, or privacy and security functionalities
[ii] based on specific industry application needs
[iii] Blockchain interoperability schemes fall commonly under the following four categories: (1) notary schemes, (2) Hash-Locking, (3) side chains, and (4) relay chains. However, some have used the categorization of (1) notary schemes, (2) side chain based solutions, (3) blockchain routers, (4) hashed time locks and (5) industrial solutions: see for example Mohanty, D.; Anand, D.; Aljahdali, H.M.; Villar, S.G. ‘Blockchain Interoperability: Towards a Sustainable Payment System’. Sustainability 2022, 14, 913. https://doi.org/10.3390/su14020913
[iv] “The transfer of crypto tokens across blockchains poses challenges such as issuing and disabling tokens, managing token liquidity, identifying necessary blockchain features, and selecting suitable blockchains for transfers”: per C. G. Harris, "Cross-Chain Technologies: Challenges and Opportunities for Blockchain Interoperability,". Functionality challenges could also include funds being locked or held back, transfer delays, or stoppages.
[v] Quoted from ‘Safeguarding Blockchain Ecosystem: Understanding and Detecting Attack Transactions on Cross-chain Bridges’.
[vi] It has been noted that “fully understanding blockchain interoperability requires extending our focus beyond the technical and semantic interoperability to include other levels of interoperability such as organizational and legal interoperability”: European Commission, European Interoperability Framework (EIF). 2017, European Commission quoted in article ‘Requirements for Interoperable Blockchain Systems: A Systematic Literature Review’: https://doi.org/10.1007/978-3-031-42317-8_4 . As of the date of drafting this article, it is not apparent that there are many published discussions on the legal and regulatory aspects of blockchain interoperability (compared to the technical aspects of blockchain interoperability) but some informative pieces include: J. Galea’s ‘The implications of Cross-Chain Bridges under MiCA’, PS Ramamoorthy ‘Addressing the Legal Concerns Surrounding the Interoperability and Standardization Challenges on the Application of Smart Contracts in Blockchain Technology’, K Majcher, M Botta- ‘Blockchain Interoperability: Implications For Eu Competition Law And Data Protection Law’ and Charles Ho Wang Mak: ‘Navigating the Multi-Jurisdiction Landscape of Blockchain and Competition Law’.
[vii] This article focuses on interactions involving public, permissionless blockchains and not specifically private permissioned blockchains as the issues noted herein may not necessarily be applicable to private blockchains.
[viii] Kunpeng Ren et al in their paper “Interoperability in Blockchain: A Survey” defined interoperability as the ability of blockchains to flexibly transfer assets, share data, and invoke smart contracts across a mix of public, private, and consortium blockchains without any changes to the underlying blockchain systems. Vitalik Buterin, the founder of Ethereum, listed three primary operations in blockchain interoperability, namely, (i) “moving assets from one platform to another”, (ii) “payment-versus-payment and payment-versus delivery schemes”, and (iii) “accessing information from one blockchain inside another”.
[ix] Interoperability solutions were introduced to bridge the siloed nature of blockchains caused by among other things- the blockchain trilemma. The blockchain trilemma which asserts that that only two out of the three core attributes can be achieved simultaneously: decentralisation, security, and scalability and this trilemma has therefore led to differences in the characteristics of certain blockchains (i.e. different priorities lead to different design tradeoffs).
[x] See C. G. Harris, "Cross-Chain Technologies: Challenges and Opportunties for Blockchain Interoperability," 2023 IEEE International Conference on Omni-layer Intelligent Systems (COINS), Berlin, Germany, 2023, pp. 1-6, doi: for description on blockchain interoperability.
[xi] “These methods establish common languages, data formats, or protocols to facilitate secure and seamless communication between blockchains, promoting collaboration, innovation, and the smooth flow of assets and data”: Ibid.
[xii] A sidechain is an independent blockchain connected to a source blockchain (or mainchain). A sidechain can access and verify data from the mainchain, which is important for moving assets from the mainchain to the sidechain (and vice versa if applicable). Source: Ibid Kupeng Ren et al.
[xiii] A relay is a type of a bridge that reads data from one blockchain and relays/transmits it to another. Relays are systems inside of one blockchain that can validate and read events and/or states in other blockchains. This gives chain A the ability to understand event changes on blockchain platform B without leveraging a trusted party.
[xiv] In the notary mechanism, a trusted third party or a group of parties is responsible for witnessing events in one chain (e.g., Chain A) and claiming that the event is valid to another chain (e.g., Chain B). Source: Ibid Kupeng Ren et al. Notary schemes are, in practice, instantiated as centralized or decentralized exchanges.
[xv] Hashed time locks involve ‘exchanging value across blockchains by locking cryptocurrency assets on a blockchain X and releasing the asset after the recipient on blockchain Y confirms readiness to receive the asset. Source: Blockchain Interoperability: Implications For Eu Competition Law and Data Protection Law’ by Klaudia Majcher and Marco Botta
[xvi] Blockchain-agnostic protocols provide a blockchain abstraction layer which enables cross-chain communication between arbitrarily distributed ledgers. A blockchain-agnostic platform enables end users to issue transactions on various blockchains and provide the capabilities for assets and data migrations among these blockchains. Source: Ibid Kupeng Ren et al.
[xvii] since blockchain networks operate across borders by design and without clear geographic anchors.
[xviii] Save for certain notary schemes where it may be possible to identify the trusted third party.
[xix] Particularly if referring to smart contracts since it is often difficult to pinpoint the residence jurisdiction for software due to a network/s lack of a physical location.
[xx] ‘Smart Contracts: Contractual and jurisdiction issues – a UK perspective’.
[xxi] Ibid.
[xxii] Aaron Wright & Primavera De Filippi, ‘Decentralized Blockchain Technology and The Rise of Lex Cryptographia’.
[xxiii] De Filippi & Wright, 2018: ‘Blockchain and the Law: The Rule of Code’; Werbach, 2018: ‘The Blockchain and the New Architecture of Trust’.
[xxiv] The EU’s MiCA regulation (2023) represents a nascent attempt to address aspects of this complex problem, but its extraterritorial effects risk jurisdictional clashes (Kaal, 2021).
[xxv] Finck, 2019: ‘Blockchain Regulation and Governance in Europe’. Cambridge University Press. https://doi.org/10.1017/9781108609708
[xxvi] Ibid.
[xxvii] There is an ongoing debate as to whether developers etc, should be held accountable.
[xxviii] ‘Rethinking Digital Borders to Address Jurisdiction and Governance in the Global Digital Economy’
[xxix] Multi-step cross-chain swaps can fragment audit trails, enabling money launderers to disguise fund flows.
[xxx] cross-chain bridges have emerged as a key facilitator of money laundering.
[xxxi] see Introduction to Cross-Chain Bridges, Chainalysis, 2024; and Money Laundering Activity Spread Across More Service Deposit Addresses in 2023, Plus New Tactics from Lazarus Group, Chainalysis, 2024
[xxxii] https://www.chainalysis.com/blog/2024-crypto-money-laundering/
[xxxiii] Elliptic report: ‘The State of Cross- Chain Crime 2023’
[xxxiv] https://www.fatf-gafi.org/en/publications.html
[xxxv] https://www.fatf-gafi.org/content/dam/fatf-gafi/guidance/Targeted-Update-Implementation-FATF%20Standards-Virtual%20Assets-VASPs.pdf. See reference to cross chain bridges.
[xxxvi] Cross-chain transactions often involve multiple intermediaries, wrapped assets, and decentralized exchanges, creating fragmented audit trails that defy traditional compliance monitoring.
[xxxvii] While solutions like the Inter-VASP Messaging Standard (IVMS) and decentralized identity frameworks (e.g., DID: decentralized identifiers) aim to address this, adoption remains fragmented
[xxxviii] See FATF’s updated report: https://www.fatf-gafi.org/content/dam/fatf-gafi/recommendations/2024-Targeted-Update-VA-VASP.pdf.coredownload.inline.pdf
[xxxix] A number of blockchain analytics tools are optimized for single-chain tracing (e.g., Ethereum or Bitcoin). Interoperability demands new forensic methods capable of tracking funds across heterogeneous networks.
[xl] Such as TRISA-TRP travel rule interoperability: https://www.openvasp.org/blog/trisa-and-trp-announce-travel-rule-interoperability and
[xli] allowing users to prove their identity across different blockchains and applications: https://library.fiveable.me/blockchain-tech-and-applications/unit-14/interoperability-challenges-solutions/study-guide/ghxpCYRMu73rd9FA
[xlii] including node operators, validators, cross-chain bridges, and dApp developers
[xliii] ‘Regulating Blockchain: Techno-Social and Legal Challenges – An Introduction’ -Philipp Hacker, Ioannis Lianos, Georgios Dimitropoulos & Stefan Eich, Oxford University Press, 2019: “one may establish a distinction between private blockchains in which the data controller may be more easily identified, as, for instance, the entities controlling the joint venture that operates the system, and public blockchains in which practically the blockchain data are simultaneously processed by every node of the system, thus not enabling the identification of the responsible data controller”.
[xliv] Majcher, Klaudia, Botta, Marco, Blockchain interoperability: implications for EU competition law and data protection law, EUI, RSC, Working Paper, 2025/10, Centre for a Digital Society - https://hdl.handle.net/1814/78172
[xlv] including the GDPR.
[xlvi] Grady Andersen & MoldStud Research Team: ‘Navigating the Landscape of Blockchain Interoperability and Compliance Challenges for a Seamless Connected Future’.
[xlvii] ‘Rethinking Digital Borders to Address Jurisdiction and Governance in the Global Digital Economy’
[xlviii] See here
[xlix] https://entethalliance.org/eea-releases-dlt-interoperability-specification/
[l] Regulatory bodies should proactively engage with the blockchain community to establish standards that facilitate seamless communication between different blockchain networks, fostering a connected and efficient legal landscape.
[li] ‘Beyond the blockchain hype: addressing legal and regulatory challenges’.