Technological growth has benefited the world immensely. Cyber technology has now evolved into a new concept called “Metaverse.” Metaverse is understood as the next level of cyber technology that is built upon virtual reality (VR) and augmented reality (AR) or extended reality (ER). Metaverse is a service like any other internet service. Metaverse brings a stock of legal issues that can throw exciting questions and answers for techno-legal minds. The idea of this article is multifold – (i) to identify and critically examine the risks and crimes that can emerge from the Metaverse and (ii) to ascertain the jurisdictional status of the Metaverse, and also (iii) to analyze the pitfalls in the existing international conventions and mechanisms and (iv) advocate the need for a separate international treaty law to regulate Metaverse.
The greatest gift of the twenty-first century is the ‘internet.’ It has not just amused the world but has redefined how the world moves ahead. It has also changed interactions and communications in personal and business spaces. The internet tremendously impacts trade, education, geopolitics, and public and private services. The future is cyber and its advanced technologies.
Over time, humans have evolved to be civilized and accepted to adhere to societal or sovereign laws. Along similar lines, technology evolution also must conform to the law.
The internet builders have purposely kept privacy as the internet’s key component. This is why the internet is still unable to be regulated entirely by any country. Internet technology has now merged with virtual reality resulting in a new technological service called “Metaverse.” The jurisdiction of these technologies and their adherence to an international treaty is the topic of this journal.
It is complex to define or classify the “Metaverse.” Though the name “Metaverse” sounds like some mathematical theorem or wavelength concept, it is the next level of cyber technology that is built upon virtual reality (VR) and augmented reality (AR) or extended reality (ER). Metaverse is a ‘service’ like any other internet service such as Facebook or WhatsApp. But the gamut of technological involvement and virtual reality Metaverse is expected to generate spinning stories in and around the globe.
As per the existing models, the Metaverse offers people two kinds of choices. First, it helps people travel to places through virtual reality, see and purchase products from any store, and it can also help people negotiate, conclude, and sign the business. All of these can happen virtually without the individual needing to step out of his home. The individual need not travel to the shop or any office. He can simply make his decisions from his home.
Secondly, the products bought become the individual’s virtual assets (Decentraland). For example, an individual or organization can create a virtual world and sell any particular house or portion of land or a mall for sale. The buyer can purchase the same virtually through virtual currency, and the virtual piece of land sold or bought becomes a digital asset. This virtual land must get similar protection like physical land gets protection from any third parties and trespassers in the virtual space. Thus Metaverse brings a host of virtual rights to the online space.
It is crucial that Metaverse has already come into operation and is used by people worldwide.
2. Multiverse threats Globally Affect Individuals, Organizations, and States
Cyber technology is misused by many – states, non-state actors, and criminals. As a result, cybercrimes have surpassingly exceeded physical crimes at the state and global levels. Unlike conventional crime, which can be traced due to its physical aspect, cybercrime is difficult to be traced. Sometimes it can even have transborder involvement.
As Metaverse is a service like any other ‘internet service,’ all cybercrimes will also find their place in Metaverse. Such crimes include cyberbullying, cyber defamation, cyber impersonation, deep fake content, account hacking, etc. Criminal impersonation will be the most prevalent crime. The misuse of avatars to assist criminals in creating fraud accounts and illegally transferring money is already taking place. States also will face crimes such as publishing unlawful content against the state or disturbing the public order and tranquility. But at present, no special laws apply to Metaverse at the state and international levels.
Metaverse is embedded with various technological aspects within itself. Many techno-legal aspects, such as cryptocurrencies, non-fungible tokens (NFTs), digital assets, blockchain technology, Web 3.0, etc., are part of the Metaverse. These aspects seriously impact the rights of business entities as well as individuals. Existing international laws do not deal with these aspects. Without international law for Metaverse, business and human rights protection will suffer a severe setback.
Content management in Metaverse can be more difficult similar to the internet. With a high level of 3D creations and beyond, virtual reality videos or images are bound to cause more issues. Artificial Intelligence (AI) may not be able to identify unlawful content that can affect national security, public order, or the individual. The AI may be tweaked to interpret or manipulate human responses for political reasons or to disrupt democracy. The AI may also push “deep fake” images that affect women.
The recent “deep fake” incident is a glaring example that shocked the entire world. The deep fake applications created nude images of women (by removing or changing the dresses in the pictures), which were disseminated online. As a result, more than 10,000 women were affected globally.
The AI is not perfected by any platform that perfectly regulates the platform. The AI used by many global platforms has proved adequate only to a certain extent, and in many cases, human intervention is required to judge and regulate the content.
Some Metaverse platforms allow children into virtual strip clubs to facilitate child pornography. In addition, some Metaverse platforms are alleged to issue rape threats, also causing dangers to women and children. In a shocking incident, a woman alleged rape on a Metaverse platform. Upon notification of the rape incident, Facebook (Meta) has brought a technological protection feature called “personal boundary” for the users on its platform to prevent such untoward incidents.
Online bullying can harm children and women. In addition, misuse of images of real human faces in online porn and virtual reality videos can put people’s personal lives and relationships at risk besides cause severe mental agony.
Common cyber crimes such as online defamation will flourish in Metaverse. While political tweets on Twitter can storm up elections and influence the voters’ views and preferences at a colossal level, one could imagine the proportion of impact in the Metaverse. It can be even high and cause political catastrophe too. It can significantly affect the voting or decision patterns in elections. Metaverse will undoubtedly become an excellent political tool to upstage a legitimate government.
A large part of the Metaverse is games. A higher level of immersion and gaming addiction can psychologically impact young minds. Addiction not only affects mental and physical health but leads to crimes also. The avatars, virtual reality games, and videos can potentially create undesirable habits and urge in children and adolescents, leading to violent attitudes and the commission of sex-related crimes. The World Health Organization (WHO) released the 11th revision of the International Classification of Diseases (ICD-11) in mid-2018, categorizing the ‘gaming disorder’ as a disease.
Research has indicated that these extended reality forms can harm humans and result in “biometric psychography,” which tends to collect and make inferences about human desires and inclinations.
Metaverse brings a host of IP issues at the global level, including trademark and copyright infringement, piracy, licensing, patent issues, joint ownership concerns, breach of safe harbors, licensing problems that result in antitrust matters, and advertising issues. IP protection will require a new framework, and Metaverse has the potential to open new brand licensing opportunities. The scope of content and technology licenses will have to be delicately negotiated with forethought to the potential breadth of the Metaverse.
Estate laws will undergo new amendments since the testator can bequeath his rights on Metaverse assets, online virtual accounts, etc. Scammers will make illicit profits. Attractive assets such as cryptocurrencies and NFTs will lead to cyber thefts in the Metaverse.
Two barrel gun risk: The internet and Metaverse can be a two-barrel gun risk in the online space targeting the users for data. While the present cyberspace is dangerous that it steals voluminous data from the users, the recent Metaverse can be extremely dangerous to steal enormous data. Therefore, we are inviting the Metaverse to our home at our own risk.
The virtual reality of Metaverse can track people’s movements in a virtual environment and can be used to identify the user in the physical world. While Metaverse collects enormous data, other third-party VR products can also collect high data from users. The same can be used for surveillance against the user or against any particular community itself.
Social media companies are not paragons of virtue. They are known to use the user data for their business purposes, and millions of money is made from user data. In the 3D version of the Metaverse, the volume of data that will be collected will be exponentially more significant than the present data collected on the internet. Yet, while aware of the same, users are not worried about it as they harp around entertainment on social media without understanding the risks.
3. Jurisdictional Challenges and the Need for a Separate Jurisdiction
A global policy or regulation is essential to deal with such advanced technology/ service (Metaverse). Such law must cover all related aspects (NFTs, cryptocurrencies, blockchain, etc.). Cyberspace is one area in which international regulation is facing stiff challenges. While some states have enacted laws regulating their internet and its services in their jurisdiction, global regulation suffers setbacks because the existing international conventions’ legal mechanisms are weak and ineffective.
The lack of central authority to regulate Metaverse will increase crimes, and law enforcement agencies cannot identify the criminals. This renders crime detection even more complex.
The states and their LEAs will face steep crime detection and prosecution challenges. Regardless of the nature of the crime (conventional or cyber, or Meta crime), the LEAs directly face the challenge of responding to the situation. But it is a stark reality that the LEAs are hardly supported by their counterparts in other jurisdictions due to legal and jurisdictional issues and, more often, the lack of sophisticated technology.
The virtual world of Metaverse is larger than the earth and unimaginable. Playing games, buying virtual lands, digital assets, NFTs, and currency transactions have already commenced in the Metaverse. Users have blindly jumped into these things without knowing the legal implications. But at present, no jurisdiction or law regulates Metaverse.
The rise of a parallel economy is a great danger in Metaverse. The Metaverse world comprises people adopting avatars of their own (virtual identities different from the real identities and names), land, house, and businesses in the virtual world. This virtual world is purchased through digital currency or NFTs. This creates a parallel economy that can affect both state and international business. Taxation issues are bound to occur.
It is to be noted that no state or single company or platform owns or operates the Metaverse. On the contrary, the Metaverse, like the ‘internet,’ is developed and managed by multiple entities. Hence, the lack of a central authority or controlling body renders the virtual space of Metaverse a risky venture for the users.
Existing cyber laws do not wholly apply to Metaverse. Metaverse has challenged policymakers to make dynamic changes to the legislation across various jurisdictions. But states have not made any progress till now. This is because states are not clear on what is Metaverse itself. The states cannot be blamed. Metaverse is a largely expanding concept.
How will cybersecurity be managed in the Metaverse? Will there be regulation by the government only or co-regulation (government and private)? What are the legal and regulatory requirements required for data security? How will the law prevent issues such as defamation, deep fakes, avatar impersonation, bullying, extortion trolling, stolen biometric data, digital wallet hacks, and other online threats that can occur in the Metaverse? How will the various players (private and international non-government organizations) collaborate in addressing this issue?
Blockchain technology is known for its pseudonymity. Blockchain technology does not permit the deletion or mutation of records by anyone. The person’s real identity in the blockchain link is protected and is not openly known. Only virtual identities in the form of avatars or pseudonyms are visible to others in the blockchain. Furthermore, no central administrator assures the payment transactions and delivery of goods or services. Therefore, it is difficult to trace the individual’s real identity in the blockchain. It is like encryption that protects a person’s identity in the blockchain. As a result, law enforcement agencies and regulatory authorities find it extremely difficult to trace the offender in the Metaverse. If any person infringes the intellectual property, it is difficult to trace the person in the Metaverse due to its anonymity.
The avatars can be a challenge to artists, music and video owners, art collectors and right holders, etc., in verifying and securing their digital assets and possessions in the avatar world of Metaverse. Avatars can also be changed easily to escape criminal liability.
Smart contracts done through Metaverse are alleged to create antitrust activities. These smart contracts are not regulated under the law. They are directly entered between the parties without the involvement of any central government regulator. This gives room for collusion between two companies leading to cartelization. In such cartelization, the companies enter into collusive contracts and agree on fewer penalty terms. Once the purpose for collusion is over, one company will withdraw from the agreement leading to another company imposing a minor penalty as punishment. This leads to the promotion of unfair trade practices, collusion, and cartelization.
4. Drawing the jurisdiction for Metaverse
Platforms have created their own space and virtual worlds. They also let people buy lands or create worlds. While jurisdiction is based on physical boundaries for many general laws, what should Metaverse’s jurisdiction be? Should the jurisdiction be defined based on the virtual world and its extensions, or should it be the physical boundary of a particular state?
Jurisdiction, in general, would mean the enforcement of laws on a particular defined territory. The territorial limit of Metaverse is, however, not clear or even measurable. In such an immeasurable space at the international level:
What would constitute jurisdiction, and how will the rules apply?
Who is the rightful authority to draw the jurisdiction?
What laws protect privacy, consumer safety, labor rights, and standards in the Metaverse?
How to regulate illegal activities such as publishing unlawful content, online defamation, gambling, and actions against national security and public order?
What is the judicial remedy for disputes or crimes arising from commercial transactions or criminal cases in Metaverse?
All the above questions lead to identifying a ‘sovereign’ in the Metaverse platforms.
The concept of the sovereign is interesting in law. Only a sovereign power can bring regulation to a state. A sovereign state is an internationally recognized unit of political authority. An independent state refers to politically organized people in a sovereign state with a definite territory. The Hon’ble Supreme Court of India in Krishnamoorthy v. Sivakumar and others has held that “the law is the mightiest sovereign in a civilized society.” As stated above, jurisdiction is determined based on territorial limits. But in the case of the internet, which is global, jurisdiction cannot be limited by any physical boundaries. However, per the existing state legislation, territorial jurisdiction is fixed to cover the jurisdictional areas to which internet interoperability is made available. Furthermore, the internet and the Metaverse platforms are developed and operated by multiple ICT companies and developers. There is no single person or entity that can claim ownership. Thus no single or clear sovereign can be called “sovereign” and who can exercise the powers to regulate Metaverse or the internet at the international level.
Thus the sovereign concept fails to provide a concrete solution.
5. Meta Jurisdiction
Cybercriminals are now shifting their focus on this new virtual world of Metaverse. As a result, the Metaverse can create more crimes (‘Meta Crimes’). These ‘Meta Crimes’ are advanced virtual cybercrimes and bring new avenues of challenges to lawyers, policymakers, and the judiciary.
Meta crimes need Meta Jurisdiction. In the absence of any state or international organization that can regulate the Metaverse, similar to the internet that is still unregulated globally, Metaverse can be left to the stakeholders / ICT platforms that created the same. The stakeholders must ensure that the Metaverse imbibes the principles of international law and respects human rights and values.
The other side of the argument is that stakeholders (companies) should not be left to determine the jurisdiction. Effective regulation requires effective laws and jurisdiction. Platforms and other stakeholders such as NGOs and civil societies will try to push their agenda in the jurisdictional framework instead of regulating Metaverse. Regulation and jurisdiction determination by multiple stakeholders will bring severe complications that will be difficult to set right later. In a way, Metaverse will be a feral horse like the existing internet, unregulated at the international level. By this argument, it is, however, not proposed to avoid stakeholders altogether. All these stakeholders must be kept in the second or third regulation circle. The state should be in the core or center to regulate Metaverse. Stakeholders must support the state.
Civil societies may argue that Metaverse must primarily be empowered by globally accepted regulatory and international norms on free speech and human rights, which form the core regulation standards. However, as Metaverse is a service like any other internet service, it must be dealt with on the same standards as the internet.
Any proposed international regulation must be enforceable. Any unenforceable provision may diminish the jurisdictional scope as having practically no value or effect. For example, the punishment for wrongdoers should not be fixed as ten years imprisonment or a fine of 10 million. Some states cannot enforce the same for the following reasons:
(i) the national law covers the same crime with adequate punishment or
(ii) the national law does not recognize such a crime as per its constitution or
(iii) the same act is legally permitted in the state.
For instance, pornography is illegal in most jurisdictions. But in certain jurisdictions, it is legal. Suppose the offender of a Metaverse belongs to a country where pornography is permitted; the international treaty will not apply. The offender goes unpunished as the state law prevails over the international treaty. The same thing happens with cyber crimes in the present scenario.
Hence adequate care must be taken to draw the scope of jurisdiction in the Metaverse because even international jurisdictional aspects can be derailed by state jurisdiction and vice versa. Sometimes, state courts will not allow international law to be imposed on it. So it all depends on how strong the state law is and the state judiciary is.
Suppose if the jurisdictional scope of Metaverse has to be made strong, then all the stakeholders must work towards a robust legal framework for Metaverse, keeping aside their state political and business doctrines. But this is never practically possible in international politics and law.
Thus Meta jurisdiction – a separate jurisdiction is required for Metaverse. This should be built upon agreed international norms and standards that uphold equality, human rights, environmental protection, consumer and labor standards, etc., to ensure that the virtual world does not face human rights violations.
To answer the question of “how to regulate Metaverse,” it is essential first to understand how countries are viewing Metaverse and the laws that presently exist in various jurisdictions that relate to Metaverse and why these laws are inadequate to regulate Metaverse, and the need for an international treaty to regulate Metaverse. There is no state or international legislation that expressly governs Metaverse. Even developed nations are pondering understanding the different facets of the Metaverse. Let us examine how the existing laws of a few countries apply to Metaverse.
6. Inadequacy of State Laws and International Conventions /Mechanisms
6.1 The United States
In the United States, no separate federal legislation governs Metaverse, thus leaving it open for the states to enact their bills to protect privacy and regulation of advanced technologies.
Regarding content moderation (taking down unlawful content), section 230 of the Communications Decency Act (CDA) 1996 provides some assistance. This primary US law governs content regulation on social media platforms. This law treats that “interactive computer service” is not a publisher of third-party content and offers protection against legal actions for third-party content. However, the security under this section is not absolute. It has some key exceptions, such as copyright violations, sex-trafficking law, and violations covered under federal criminal law. Platforms are obligated to take down the content that falls under the exceptions to this section.
The freedom of speech requirements of the First Amendment to the US Constitution is more extensive than any other state’s constitutional laws. It gives more freedom to platforms and users to upload content. Social media platforms are free to permit or deny access to anyone as long as that decision does not violate laws applicable to such platforms.
Regarding copyright protection in Metaverse, the existing provisions of the Digital Millennium Copyright Act (“DMCA”) 1996 can be interpreted to afford protection against copyright infringement. In addition, the Trademarks Act 1946 permits trademark owners to sue if others infringe their registered marks through any “tarnishing” or “blurring” of the mark. Section 43 of the Trademarks Act allows the owner to seek injunction relief against any other person who tarnishes or blurs the registered trademark.
It can be seen that the US has always been slow in enacting legislation. Despite being technologically developed, the US has not specifically brought any federal or state bill to regulate Metaverse. This may be because broad democracy is permitted in the country, and privacy and surveillance issues are not accorded legal priority.
But few senators have understood the seriousness and the risk of children being targeted in the Metaverse. Senator Edward J. Markey and Representatives Kathy Castor and Lori Trahan wrote to the Federal Trade Commission (FTC) on 16 February 2022, urging the FTC to use its full authority under the Children’s Online Privacy and Protection Act, 1998 (COPPA) and Section 5 of the Federal Trade Commission Act, 1914 (FTC Act) to ensure that children are protected from emerging threats of manipulation and privacy invasions in the new online universe. It is pertinent that a letter was earlier sent on 8 October 2021 by Senator ED Markey to the FTC on the same issue. But as can be seen from the context of the letters, the senators’ steps remain only to protect children online but not a specific regulation that significantly regulates Metaverse.
As stated above, states have the liberty to enact legislation to regulate technologies. In February 2021, the Safeguarding against Fraud, Exploitation, Threats, Extremism, and Consumer Harms (SAFE TECH) Act was introduced into the US Senate. It aims to limit the protection offered by section 230 and enable social media businesses to be held accountable for allowing cyber-stalking, targeted harassment, and discrimination on their platforms. However, its status is not clear. As of date, it is understood that this proposal is pending with Congress.
Further, regarding cryptocurrency regulation, on 15 February 2022, a draft bill, ‘Stablecoin Innovation and Protection Act of 2022,’ was published that focuses on regulating stablecoins and bringing protection mechanisms for consumers and investors. The bill intends to protect against systemic risk, fraud, and illicit financing. As of date, the status of the bill is pending.
Regarding the regulation of NFTs, the position in the US remains in the grey area. However, in the USA, NFTs may be treated as a commodity under section 1(a)(9) of the Commodities Exchange Act 1946 (CEA):
“… and all services, rights, and interests (except motion picture box office receipts, or any index, measure, value or data related to such receipts) in which contracts for future delivery are presently or in the future dealt in.”
An NFT can be interpreted as a property conferring rights on the owner; thus, it can be brought under the definition of ‘commodity’ under the Act. It is pertinent that the Commodity Futures Trading Commission (CFTC) is the federal authority that regulates cryptocurrencies. The CFTC treats cryptocurrencies as commodities. In so far as the NFTs and the cryptocurrencies are different but share a common principle of being used under blockchain technology. Therefore, NFT can also be considered a commodity.
Can an NFT qualify as a ‘security’ under US law? The answer is dicey. The US Supreme Court, in the old case of Securities and Exchange Commission v. W.J. Howey Co. 1946, held that “The test is whether the scheme involves an investment of money in a common enterprise with profits to come solely from the efforts of others.” Since NFTs are sold due to market forces and not due to efforts of others, NFTs may disqualify to be a security as per the Howey judgment. A later decision ‘Gary Plastic Packaging Corpn. v. Merrill Lynch, Pierce, Fenner, and Smith Inc’ holds that a non-security asset may be treated as a security if the marketing of such non-security asset derives profit.
The Securities Exchange Commission (SEC) is taking steps to regulate digital assets by filing various suits before the court on the regulation of NFTs. However, the final judgments have not yet been pronounced in the cases. The SEC Commissioners issued a public statement (a letter written to the court) seeking clarity on the securities and digital assets.
Recently a lawsuit is filed before the Supreme Court for the State of New York, Jeeun Friel v. Dapper Labs Inc, which seeks clarification on the regulation and legal validity of NFTs. The decision is awaited, and any decision may offer the requisite clarity on the legal validity of NFTs and their classification as security assets in the US.
On the regulatory side, in October 2021, the Office of Foreign Assets Control (OFAC) published “Sanctions Compliance Guidance for the Virtual Currency Industry.” This guidance applies to technology companies, exchanges, administrators, miners, wallet providers, virtual asset service providers (VASPs), and virtual assets holders. The guidance advises the virtual asset industry to adopt due diligence practices and internal controls to prevent illegal activities. Further, a National Cryptocurrency Enforcement Team (NCET) is created to tackle complex investigations and prosecutions of criminal misuses of cryptocurrency, particularly crimes committed by virtual currency exchanges, mixing and tumbling services, and money laundering infrastructure actors.
Regarding the money-laundering issue, the existing laws in the US (Anti-Money Laundering Act, 2020) that apply to cyberspace can apply to Metaverse also. In addition, regulators monitor the online space for suspicious transactions in cyber and the Metaverse world.
The US Department of the Treasury’s Financial Crimes Enforcement Network (FinCEN) also has a crucial role in regulating digital financial assets such as NFTs. However, FinCEN is yet to issue specific guidance in this regard.
Further, the IRS (Internal Revenue Service) views cryptocurrency transactions as property transactions, not currency transactions. Thus general tax applies to such transactions. Accordingly, taxpayers’ tax returns must answer if they have received, sold, sent, exchanged, or acquired any financial interest in any virtual currency.
Thus though the law is not entirely yet evolved, the US has some influential regulatory bodies such as OFAC, FinCEN, and IRS to impose tough sanctions to check online financial space and anti-money laundering activities.
6.2 The United Kingdom
The UK also has no specific law in place for Metaverse. However, regarding content regulation, the UK government plans to introduce an Online Safety Bill in 2021, which governs content regulation in the online space. This bill is expected to bring drastic changes to the role and responsibilities of the online service providers and their duty towards the users and ensure a safe online space without any illegal and harmful content. Presently the draft bill is changing, and proposals are mooted out to expand its scope to cover various online crimes and impose stiff punishments.
The UK regulates all crypto assets in two forms (unregulated tokens and regulated tokens). ‘Regulated tokens’ covers ‘security tokens’ and ‘e-money,’ and the rest fall under ‘unregulated tokens.’ The security tokens are specified investment amounts regulated under the Financial Services and Markets Act, 2000 (Regulated Activities) Order, 2001 (RAO) and are regulated by the UK Financial Conduct Authority (FCA). This RAO Act excludes e-money. These tokens grant the rights of ownership, repayment, and entitlement for a share in future profits. They are transferable like other instruments. E-money tokens fall under the scope of e-money under the Electronic Money Regulations (EMRs). NFTs being non-fungible, do not fall under e-money.
The FCA defines crypto assets in the following words:
“Cryptoassets are cryptographically secured digital representations of value or contractual rights that use distributed ledger technology (DLT) and can be transferred, stored or traded electronically.”
NFTs may be covered under the category of ‘security tokens.’ But there is no direction or guidance from the UK government. NFTs are not presently actively regulated by the UK Government. The reason is that NFTs require less scrutiny since they are non-fungible they are likely to cause fewer issues than crypto assets which may cause high risk for consumers. But as the NFT segment increases, the government may seriously consider regulation. As a result, the UK constituted a Taskforce in March 2018 to investigate digital currencies.” The said Taskforce published its first report on 26 October 2018.
The Money Laundering and Terrorist Financing (Amendment) Regulations, 2019 amended the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations, 2017. All service providers of crypto assets are bound to register with FCA. It is pertinent that NFTs do not fall under the definition of art in UK Law. However, the money laundering regulations mandate the participants to undergo scrutiny to prevent NFTs from being misused for money laundering and illegal activities.
Like other countries, India also does have a Metaverse law in place. Cryptocurrency is also recently emerging in India. The term “securities” as defined under section 2(h) of the Securities Contracts (Regulation) Act, 1956. It includes “shares, scrips, stocks, bonds, debentures, debenture stock, or other marketable securities of a like nature in an incorporated company or body corporate.” The phrase “other marketable securities” in the above definition is wide enough to include cryptocurrencies. In Sahara India Real Estate Corpn. Ltd. v. SEBI, the Hon’ble Supreme Court of India has held that “marketable securities of a like nature” means securities capable of being freely transferable. On a plain interpretation, ‘tokens’ issued by Metaverse platforms that are freely transferable may therefore come under the regulatory ambit of SEBI.
In Paramount Bio-Tech Industries Ltd. v. Union of India, the Division Bench of Allahabad High Court referring to the Howey test (test laid by the US Supreme Court) has held that to gauge whether an instrument is a “collective investment scheme” or not, the court shall use the Howey test. The Howey test lists three critical features for an investment contract: (i) involve an investment of money; (ii) the investor expects profit; and (iii) the profit is generated by the issuer. Section 11-AA (2) of SEBI Act, 1992 is based on the Howey test.
On the positive side, it can be seen that Indian law has adopted the judicial tests laid by foreign judgments.
The term “commodity” is not defined in Indian laws. However, in Tata Consultancy Services v. State of AP, the Supreme Court of India observed that a ‘commodity’ is generally understood to mean goods of any kind, something of use, or an article of commerce.
Further, as per the definition of “goods” under section 2(7) of the Sale of Goods Act, 1930, cryptocurrency can be treated as ‘goods.’
The regulation of cryptocurrency in India is gaining prominence. Initially, a draft bill, “Crypto Token and Crypto Asset (Banning, Control, and Regulation) Bill, 2018,” was introduced. The fate of the bill is not known. The Supreme Court of India, in the landmark case of Internet and Mobile Association of India vs. Reserve Bank of India, while dealing with the powers of the Reserve Bank of India to regulate cryptocurrencies, has remarked the following:
“The fate of the 2018 Bill is not known, but a fresh bill called ‘Banning of Cryptocurrency and Regulation of Official Digital Currency Bill, 2019’ has been submitted.”
A new bill, “Banning of Cryptocurrency & Regulation of Official Digital Currency Bill, 2019,” seeks to prohibit mining, holding, selling, trade, issuance, disposal, or use of cryptocurrency in the country. The legislative space is slowly changing. Recently cryptocurrencies have been accepted and are made taxable.
As regards NFTs, can NFTs be treated as a ‘derivative’ under Indian law? The position in India remains the same as that of the US Law that NFT is a non-financial asset and does not fall under the definition of ‘derivative.’ Section 2(ac) of the Securities Contracts (Regulation) Act, 1956 defines ‘derivative’ as follows:
“1. a security derived from a debt instrument, share, loan, whether secured or unsecured, risk instrument or contract for differences or any other form of security;
- a contract that derives its value from the prices, or index of prices, of underlying securities;
- commodity derivatives; and
- such other instruments as may be declared by the Central Government to be derivatives.”
Digital art does not fit in the above categories. Further, India’s Securities and Exchange Board (SEBI) regards trading commodities as fungible and tangible. NFT is non-fungible in nature and intangible. Also, no two NFTs will be the same; hence, it loses the claim to be traded on exchanges. Thus the position of NFT is not clear in India. However, an NFT online market, ‘WazirX,’ has recently begun in India, and the government seems to have no objection to it. However, the government is in wait-and-watch mode. It may react at the appropriate time.
The Indian Copyright Act, 1957 does not expressly regulate NFTs or the sale of digital art in Metaverse. However, the Act permits the owner to transfer all his rights in work to the buyer. For Instance, WazirX, in India, allows the complete transfer of ownership rights in the NFT to the buyer.
There is no specific Metaverse law yet, but the existing cyber law will apply to the Metaverse issues. We will see below how the current cyber law can regulate the crimes in Metaverse.
The Information Technology Act, 2000 (IT Act, 2000), the cyber law in India, has adequate provisions to address unlawful content in the online space. The Indian Penal Code, 1908 (IPC), and other special laws such as The Protection of Children from Sexual Offences Act, 2012 (POCSO Act) and The Indecent Representation of Women (Prohibition) Act, 1986 (IRWA Act) also have provisions to prosecute crimes both in the offline and online space as well.
Are Metaverse platforms intermediaries? In general, the answer is no. Metaverse platforms can be termed “intermediaries” only if they satisfy the ingredients of receiving, storing, and transmitting third-party data/information of users. But most of the Metaverse platforms are purely publishers and do not fall under the category of intermediaries. Therefore, the platforms, must be verified on whether they function as an intermediary or a publisher on a case-to-case basis for applying the law of intermediaries.
Section 79(3)(b) of the IT Act, 2000 expedites unlawful content removal from intermediary platforms. Suppose if the platform is a Metaverse platform and satisfies the ingredients of an intermediary, then the affected individual or organization may invoke Section 79 of the IT Act, 2000 and seek to remove unlawful content from the intermediary platform. The above remedy can be sought if the Metaverse platform is an intermediary.
In its landmark judgment passed in Shreya Singhal Vs. Union of India – 2015(5) SCC 1 the Hon’ble Supreme Court laid down the law of intermediaries in handling third party content and has placed the onus on the intermediaries to expeditiously remove or disable any such material under the order of the court and/or on the notice by the appropriate government or its agency which must strictly conform to the subject matters laid down in Article 19(2) of the Constitution of India failing which the platform becomes liable to be punished. Thus under Indian Law, the intermediaries are liable to be punished if they do not act upon a court order or notice of the appropriate government or its agency (Para 117).
Further at the central level, the government has created an ‘Online Cyber-Crime Reporting Portal’ www.cybercrime.gov.in. Any citizen can complain or upload a video clip as evidence of cybercrime. The portal helps to report in anonymity also. Thus the individual reporting the crime is protected. It also provides for tracking the complaint and its status. The term ‘Report Other Cyber Crime” mentioned in the portal may include Metaverse crimes. Hence Metaverse crimes can be reported here also. But in the absence of specific law for Metaverse, the prosecution may face a challenge.
7. International Conventions / Mechanisms
An international convention or treaty is an international agreement between two or more states that binds them to an agreed set of legal obligations. International conventions have evolved for various issues such as crimes, protection of human rights, trade and commerce, environment, and disarmament. For example, the present internet is regulated by two international conventions. The impact of two international conventions in combating cyber crimes is discussed hereunder.
7.1 The Budapest Convention
The Convention on Cyber Crime, 2001, also known as the Budapest Convention, is the first global convention to address cybercrime issues. It came into force on 1 July 2004 and has been ratified by 64 states (as of September 2019). This is the first international treaty to address internet and computer crime (cybercrime) by harmonizing national laws, improving investigative techniques, and increasing cooperation among nations. It covers various cybercrimes, including “illegal access, illegal interception, data interference, misuse of devices, computer-related forgery, fraud,” etc. These issues may occur in the Metaverse also. Thus Metaverse can be indirectly covered under this convention though Metaverse is of a later origin to the convention.
As per Article 13(1), each party has to adopt measures to ensure that criminal offenses involving individuals are punishable by effective, proportionate, and dissuasive sanctions, including deprivation of liberty. In addition, article 13(2) also mandates each party to ensure that legal persons (involving corporations) are subject to effective, proportionate, and dissuasive criminal or non-criminal sanctions or measures, including monetary sanctions.
Article 24 of the Convention relates to the ‘Extradition’ of cybercriminals.’ Article 24(6) permits the Signatory state to punish the cybercriminal under its domestic law. ‘Mutual assistance,’ ‘collection and storage of data, and ‘trans-border assistance’ are some of the essential obligations prescribed for the signatory states.
Article 25 deals with “General Principles relating to Mutual Assistance.” Under Article 25(3), each party in urgent circumstances may send a request by expedited means of communications, including fax or email, with security features including encryption and formal confirmation if required.
Article 27 proposes a central authority or authorizes responsible for sending and answering requests for mutual assistance, executing such requests, and transmitting them to the competent authorities for execution. The central authorities can directly communicate with each other. Usually, a request can be delayed due to various channels or authorities. This provision fastens the consideration of the request. It also enables requests to be routed via Interpol.
Article 35 relates to each party designating a ‘point of contact’ available on a twenty-four-hour, seven-day-a-week basis for rendering assistance for investigations or proceedings concerning criminal offenses related to computer systems and data or for collecting evidence in the electronic form of a criminal offense.
As per Article 45(2), parties shall seek a settlement of the dispute through negotiation or any other peaceful means of their choice, including submission of the dispute to the “European Committee on Crime Problems (CDPC)” to an arbitral tribunal whose decisions shall be binding upon the Parties, or to the International Court of Justice (ICJ), as agreed upon by the Parties concerned. Thus ICJ is expressly covered by this convention. But it is unclear if any state has submitted any dispute. Therefore, states have not used the available mechanisms in the convention.
It has two protocols. The first protocol, “Additional Protocol to the Convention on Cybercrime,” relates to criminalizing acts that are racist and xenophobic committed through computer systems. The “Second Additional Protocol to the Convention on Cybercrime on enhanced cooperation and disclosure of electronic evidence” ensures cooperation and information sharing among LEAs. The second additional protocol obligates the states to share information on cyber crimes with member states.
7.2 The African Union’s Cyber Convention
Cyber security and cyber crimes are a growing concern in the African Union (AU) region. The African Union Convention on Cyber Security and Personal Data Protection, 2014, popularly called the ‘Malabo Convention,’ calls upon the African states to adopt data protection legislation to give effect to the right to privacy. It was drafted in 2011 to establish a ‘credible framework for cyber security in Africa through the organization of electronic transactions, protection of personal data, and promotion of cyber security, e-governance, and combating cybercrime.’ The AU postponed the convention’s adoption several times before finally adopting it in June 2014. The convention relates to three specific areas:
(1) Electronic transactions,
(2) Personal data protection,
(3) Cyber security and cybercrime.
These conventions have failed to address the cyber crimes issues and do not cover Metaverse, which is of recent origin.
European lawmakers drafted the Budapest Convention. Views of other countries were not taken in the convention drafting process. As a result, many countries such as the US, Russia, China, India, and others have not joined the convention yet.
The Budapest Convention calls upon the signatories to change their domestic laws to suit the convention. But in practice, this is challenging. For example, Russia and China have abstained from joining the convention and are working towards a new treaty based on their political ideologies. In addition, Russia has recently circulated a new draft treaty primarily based on ‘stifling free speech and ‘blocking websites.’ Civil societies and democratic thinkers have expressed their reservations against this draft treaty of Russia.
While the Budapest convention suffers from the above severe defects, the ‘Malabo Convention’ has failed to secure the minimum number of signatories required to get legitimacy in the international arena. These things clearly show that the international conventions need a complete overhaul or a new treaty to bring nations together.
These two conventions are well intended to regulate cyber crimes. But these conventions are not supported by all nations. Thus there is a definite need for a straightforward international convention for cyber crimes and Metaverse.
Surprisingly, the UN has also acted upon Russia’s request and adopted a resolution in its general assembly on 17 December 2018 on the subject of “Countering the use of information and communications technologies for criminal purpose.” Furthermore, another resolution in a short time was proposed by Russia on the subject “Developments in the field of information and telecommunications in the context of international security.” It was passed in the General Assembly Resolution on 5 December 2018. This resolution proposed by Russia is to establish an open-ended working group to discuss norms in cyberspace.
Other International Mechanisms: Though Metaverse has already reached many countries. Unfortunately, there is no international mechanism that directly deals with Metaverse. However, the existing mechanisms, such as FATF and UNICEF, have some impact on Metaverse. These are dealt with below:
Financial Action Task Force (FATF): Founded in 1989 on the initiative of the G-7 to develop policies to combat money laundering. The Financial Action Task Force, popularly known as ‘FATF’ (also known by its French name, Groupe d’action financière), is an intergovernmental body and acts as global money laundering and terrorist financing watchdog. This body sets international standards to prevent money laundering and terrorist financing. In addition, as a policy-making body, the FATF works to generate the necessary political will to bring about national legislative and regulatory reforms in these areas.
The steps taken by FATF at various points of time in preventing misuse of digital money towards terrorism and money laundering activities are mentioned below:
In June 2013, FATF introduced the “Guidance for a Risk-Based Approach Prepaid Cards, Mobile Payments, and Internet-Based Payment Services.” This guidance dealt with pre-paid cards, mobile payments, and Internet-based Payment Services risks. This guidance focused on real money payments such as (Paypal, Alipay, etc.) but did not cover virtual currencies such as ‘digital money/currency,’ ‘virtual currency,’ or ‘electronic money, etc. Slowly FATF felt the risk of money laundering or terrorist financing through virtual currencies.
In June 2015, FATF issued the “Guidance for a Risk-Based Approach to Virtual Currencies,” which recommended countries identify, assess, and understand risks and take action aimed at mitigating such risks. As a result, the state authorities have to undertake a coordinated risk assessment of virtual currency products and services and how it impacts the ‘Anti Money Laundering’ (AML) and ‘Combating the Financing of Terrorism (CFT) mechanisms.
In its October 2015 report on “Emerging Terrorist Financing Risks,” FATF highlighted the different types of fund-raising for terrorist activities – self-funding, crowdfunding, social network fund-raising with pre-paid cards, etc. On virtual currencies, the report stated that: “Virtual currencies have emerged and attracted investment in payment infrastructure built on their software protocols.” But these methods have money laundering and terrorist financing risks.
Criminals and terrorists use virtual currencies such as bitcoins and many other variants. These virtual currencies offer the anonymity to transfer funds internationally. The original purchase may be available, but the subsequent transactions may be difficult to trace. Movements of these virtual currencies are not easily traceable.
The recently updated guidance – “Building a legal architecture for the Metaverse,” released in November 2021, relates to the global anti-money laundering and counter-terrorist financing framework for virtual assets and virtual asset service providers (VASPs) and their related activities in Metaverse platforms. This report specifies the following key aspects:
“Travel rule” data-sharing implementation is a challenging technical and regulatory topic for national regulators and industry alike.
Inter-agency information sharing and cooperation support transnational alignment and enforcement efforts.”
The FATF has also issued the “Updated Guidance for a Risk-Based Approach to Virtual Assets and Virtual Asset Service Providers” in October 2021. These guidelines widely deal with various issues in virtual realities, such as “anti-money laundering, customer due diligence, countering the financing of terrorism, non-fungible tokens, and many more. These guidelines also state, “Some NFTs that on their face do not appear to constitute virtual assets (Vas) may fall under the VA definition if they are to be used for payment or investment purposes in practice.” Thus every VA is covered under the monitoring space to prevent money channeling for terrorist or money laundering purposes.
United Nations Children’s Fund (UNICEF): Most Metaverse platforms are virtual gaming entertainment platforms. UNICEF has been taking various steps to protect children online and offline. UNICEF understanding the risks for children in the online world, especially in the online games that can result in gaming addiction and health-related issues, has published discussion papers advocating safety measures in virtual reality platforms. The UNICEF discussion paper is a welcome step in protecting children in Metaverse.
8. Challenges Faced by Regulatory Authorities and Law Enforcement Agencies (LEAS) at the State and International Level
LEAs are the actual law enforcers. Their role is not just maintenance of law and order in the state but also crime detection and prosecution of offenders. Effective law enforcement is a critical sovereign strength of a state. For transborder crimes, the LEAs, through their appointed personnel, reach out to their counterparts in foreign countries to share information and identify criminals.
But LEAs face various problems in crime handling issues. Reporting cybercrime is similar to reporting conventional crime. It requires accurate information. Most victims do not have a good grasp of information about the cyber incident. Only clear information can give the lead to the LEAs to trace the attacker’s origin and diffuse the attack or prosecute the offender.
Due to anonymity and sophisticated tools by criminals in the online space, prosecuting cybercrimes is often tricky. As a result, the government or Law enforcement agencies (LEAs) generally take a long time to resolve and investigate the matter. Further, LEAs are technologically inept in handling Metaverse or cyber-related issues. It is well-known truth in the cyber field – cybercriminals are ten times ahead of LEAs in technology. Thus many crimes go undetected.
Cybercriminals sitting in one jurisdiction can commit crimes in another or multiple jurisdictions. Hence it is challenging to trace the offender. Crime scenes are erased in minutes, and cyber criminals leave no traces of crime or evidence.
Jurisdictional issues generally play a crucial role in judging the LEA’s effectiveness. But in the Metaverse, jurisdiction is unrealistic. As a result, LEAs have no other option than to approach the platform seeking details of the crime perpetrator. In most cases, the platforms will refuse to oblige the LEAs because the particular law based on which the request is sought does not apply to the platform or for reasons of lack of jurisdiction.
The foreign counterparts do not adequately support LEAs. Information is obtained only after many follow-ups, and the information is either insufficient or non-consequential. By then, the attacker would have erased the crime evidence and data.
Mutual Legal Assistance Treaties (MLATs) are entered between countries for sharing data on crimes/cybercrimes. Not every country enters into such MLAT with another country. This makes it difficult for a country without MLAT to approach another country (which may deny providing data without any arrangement). MLATs involve cumbersome legal and approval processes; the request moves from one authority to another. Many times it takes around six to twenty-four months to process the request. On many occasions, the vexed LEAs drop the requests. This is the plight of LEAs, and many crimes are unresolved.
The anonymity offered by the Metaverse platforms is a crucial blockage in identifying and prosecuting the criminal. There is no centralized authority or agency to support the LEAs in processing their requests. In the absence of law, the rules self-made by the Metaverse platforms do not support the LEAs in criminal prosecution.
Blockchain technology is encrypted. It is difficult to trace the originator of the crime. If technologies to detect crime are invented by LEAs, counter technologies are developed by criminals at a fast pace. If truth be told, the cybercriminals are more technologically sophisticated than the governments and LEAs; this is the hard truth. Lack of knowledge in cyberlaw or the advanced use of cyber tools puts LEAs in difficulty.
The following incidents reveal the depth of use of advanced technologies by cybercriminals:
- Two teenage Chinese hackers hacked into the NASA network and attempted to change the travel course of 2 NASA satellites. However, the hack was detected and remedied by NASA.
- Recently, a malware called ‘Pegasus,’ developed by NSO, an Israeli company has gained access to the mobile phones of thousands of high-profile people worldwide. This malware is not visible or detectable in the affected mobiles. The specific feature of this malware is that it has the ‘zero clicks’ feature, where it self-installs itself in the user’s phone without any click and takes control of the entire mobile. It is developed to surveillance and steal all communications, texts, chats, photos, videos, and recorded voices.
- The Cosmos Bank cyber theft in 2018 in Pune, India, revealed that hackers stole 94 Crores of Indian currency in two days through several ATM swipes in 28 countries worldwide. These thefts are examples of bank robberies that occur in cyberspace without needing any gun or bombs.
In Batman movies, dacoits such as the ‘Joker’ would steal a lot of money with weapons and cause deaths in such pursuit. But the cybercriminals steal money without any weapon or lose any life or blood to anyone. This clearly shows the high vulnerability in the online space. Metaverse can be more dangerous when millions of digital wallets, NFTs, and assets spread across the broad spectrum of Metaverse, unregulated at the state and global levels. The use of VPNs will also increase the risks in Metaverse. Cybercriminals will be now upgrading themselves to use Metaverse for committing more crimes.
Money laundering issues will be on a high in Metaverse. The money transferred to unidentified virtual accounts cannot be easily traced. Such illicit money can also be used for various illegal and anti-state activities. Criminals can use stolen cards to transact in virtual currency. NFTs can be exchanged or transferred to buy unlawful products also. Criminals can create fake accounts and transfer money from one jurisdiction to another, thereby escaping the monitoring route of the regulatory bodies. Thus Metaverse can become a nucleus of money laundering activities.
Since the Metaverse also offers anonymity similar to Darknet, with the use of avatars, contract killers can be engaged, and prohibited substances can be sold (on Darknet).
The US Secret Service has found that criminals are adept at using virtual currencies due to anonymity. With virtual currencies, criminals can move illicit proceeds from one jurisdiction to another with less risk. Law enforcement has raised concerns about the terrorists’ use of virtual currencies. For example, US law enforcement agencies have found that terrorist-affiliated websites collect bitcoin donations. Further, LEAs have found internet discussions among unlawful groups on virtual currencies for purchasing weapons. For example, a blog post linked to ISIL proposed using bitcoin to fund global extremist efforts.”
Interpol does an excellent role in assisting the local polices in sharing information on crimes and criminals. But its role is limited by jurisdictional issues. As a result, Interpol’s role is only meager but supportive, rendering coordination to the local LEAs. Interpol also faces cooperation issues with other police in many jurisdictions.
In cross-border cybercrimes, the lack of state cooperation renders enforcement actions futile. What is a cybercrime in one country need not be a cybercrime in another country. The definition of ‘cybercrime’ varies in national legislation. If the offender is in another country, the state must decide whether it can extradite the offender based on national legislation. This impedes LEAs from deporting the offender or obtaining data and evidence from a foreign country.
Political conflict states also play a crucial role. States are neither willing to understand the seriousness of cybercrimes nor willing to help the requesting nation due to political differences. For instance, a crime is committed in Russia by a US citizen. Therefore, the Russian request for data to the US will either be delayed or denied for reasons of political factors.
If the state enables any advanced technology to the LEAs, the civil societies fear violation of privacy and over-regulation of cyberspace. Furthermore, civil societies’ views empowering law enforcement agencies access to more data will have potential implications for privacy violations.
Regulatory authorities are bound to follow their Standard Operating Procedures (SOPs) in handling such attacks. Typically such governmental processes involve approvals at various levels, which consume time. As a result, the cybercriminal has ample time to escape from the crime scene and erase the evidence. As a result, criminals are at large despite high bounty placed as rewards for identifying them.
9. Need for a Separate International Treaty Law to Regulate Metaverse
The content in the online space is highly dynamic in that it can be changed, modified, uploaded, or downloaded in minutes or even seconds. Therefore, it is difficult to monitor every piece of content for its legality. Applying the principle of Lex Non Cogit ad Impossibila it can be argued that it is practically challenging to monitor the internet with millions of applications on computers and the internet, which are growing daily.
The ubiquitous nature of the internet makes it impossible for any government agency or private body to monitor unlawful content in world-wide-web regularly. There is no straight-jacket formula for regulating online content as such. Removal of illegal content has to be carried out case-to-case basis either through court orders or by the platforms (either by themselves or based on any complaint or grievance lodged by the users or general public).
Any undue or overarching content removal methods employed in regulating content would curb/breach the right of freedom of expression and could result in internet censorship or over-regulation, or violation of human rights. Furthermore, if the platforms carry out such over-regulation practices, then it will result in (i) censorship, (ii) breach of privacy, and (ii) surveillance allegations.
It is paramount that investigators maintain effective, efficient, and lawful access to electronic data in the digital age. LEAs or Interpol need states to support in investigation and prosecution of crimes. But the data is spread across multiple jurisdictions. As a result, it becomes difficult for LEAs to obtain crucial data about cybercrime. MLATs, as stated above, have their deficiencies. Thus, an international convention becomes essential to assist LEAs and states in prosecuting and detecting Metaverse crimes.
The need for an international legal framework for Metaverse stems from the psychological risk for humans, data theft, privacy violations, content regulation, and various other factors. Therefore, law enforcement agencies must jointly fight cybercrime in a sincere and concerted manner, with international cooperation, upgraded resources, tools, and a skilled workforce.
Understanding the global threat posed in the Metaverse, the LEAs must evolve with a new system of Interpol specifically for the Metaverse. The Interpol may constitute a separate virtual Interpol to support the LEAs in Metaverse jurisdictional issues. Only a specific body with international crime handling experience and connectivity with various states can help the LEAs effectively regulate Metaverse crimes. Any other untested mechanism may only create more void and complications.
While this paper focuses on the rights of both states and private players, it is critical to note that the society or judiciary will not blame the private players for the lack of regulation. The governments or states are primarily responsible for addressing the jurisdictional issues and any regulatory needs of the society. Private players will eventually avoid responsibility by saying it is the government’s job. Hence states must be wary that the responsibility always lies in their head. The state’s prime duty is to remove the barriers in forming international treaty law to regulate Metaverse. The investigation is closed with little or no progress on the LEA’s part.
Thus there are limited means to address these crimes only through political and diplomatic means. But most developing states are at the mercy of global powers for their political and economic sustenance. In the international scenario, many states are not acting in a sovereign manner but are submissive to the global powers. But the issues in Metaverse are beyond the abilities of global powers and their management.
Thus, Metaverse can refine the cybercrime landscape and expand the scope and nature of crimes. However, with a trillion-dollar business and a high crime risk, Metaverse requires regulation at the national and international levels.
10. Suggestions to Remedy the Difficulties and Creation of a New International Legal Order to Regulate Metaverse
The present world is divided into power blocs. Over decades, the US and the Russian blocs have fought for global supremacy in economy and warfare. The alignments of nations in these blocs and the recent ambition of China and other countries have fuelled the technology race. As a result, global parallel economies are on the rise.
It can also be the case that the countries follow the idea of ‘wait and watch’ in Metaverse. They would like to respond later after understanding the action of other countries. As the race and fight for supremacy have reached outer space and planets, Metaverse is also likely to bring nations into different blocs. All these signify that geopolitical changes are likely to occur, leading to more chaos in the world.
Considering whether Metaverse can be regulated under the existing conventions, we may notice that Metaverse is a service or an extension of the internet. As such, by appropriate amendments, Metaverse can be brought to the ambit of the existing conventions. The current cyber convention still needs time to develop, and support is being garnered from all countries. However, with the development of two protocols to address the growing issues, the existing convention is moving towards achieving its intended objectives. Hence more time is required for Budapest Convention to prove its creditworthiness in the international regulation of cyber crimes.
The counter view may not agree that the existing cyber convention is moving to prove its credit worthiness. Since its inception (more than two decades), the Budapest Convention has been ineffective. Many top internet-using countries such as China, India, and Brazil have refrained from joining the convention. It is globally felt that a replacement convention is required. The idea of considering regulating Metaverse under the existing Convention need not be thought of since the existing convention is already found to be ineffective.
The counter view holds that Metaverse is expected to be larger than the existing technologies, and the existing conventions cannot regulate it. The existing convention (Budapest Convention) that is not even ratified by half the world nations should not be relied on for regulating Metaverse at the global level.
There can be a particular reason for not adding Metaverse to the existing convention. Metaverse is vast and has a high potential to bring more risks and complexities than the current online services. It can expand to new online horizons and unimaginable dimensions. As such, it would not be apt to compare the Metaverse service with the existing online services such as Facebook or WhatsApp, which have limitations. Furthermore, letting Metaverse governance in the hands of a few private players who have legally no enforcement powers or are wholly under state control is not desirable. Private players or anyone should not hold any monopoly on Metaverse.
All these potential risks signal that any addition of Metaverse to the weak Budapest convention will result in a later realization that Metaverse should not have been included and that a separate convention could have been brought for it.
Metaverse being an expanding service and considering its different nature and the impact it can make upon various other services such as health, education, games, etc., it would be wise and prudent to treat it separately under a new convention rather than mixing it in the existing convention. Metaverse requires the enactment of a new international convention. Mixing Metaverse in the current convention can only add chaos.
While states will regulate Metaverse and the internet in their hemispheres based on their municipal laws, either by including Metaverse in their internet laws or bringing new legislation in the state, as regards international convention, the author is of the view that it is safe to enact a separate treaty for regulating Metaverse.
On the question of who shall be the appropriate body at the international level to bring out regulation, the author views that instead of a particular country or region like the EU that enacted the Budapest Convention, it is highly recommendable that a reputed and neutral international institution can initiate the process for a new international legal order for Metaverse. Therefore, in the author’s view, the UN is the only unbiased and dependable body in the present world to evolve a new international legal order/treaty for Metaverse.
While the UN, which is the largest international institution working to improve the existing cyber convention, must ensure that all countries are formally and actively involved in the process of development of a new convention for Metaverse and not allow any few developed countries to dominate the drafting process or keep aside smaller countries from voicing and voting rights.
The UN must bring a new global order with an elaborate discussion with the stakeholders (states, private players, platform developers, academic institutions, civil societies, advocacy groups, and individuals). The UN must ensure adequate and fair participation of all stakeholders in the convention drafting process. The FATF and UNICEF have to play a proactive role in bringing nations together to enact a treaty acceptable for all countries.
It is pertinent to note that cyber crimes and Metaverse are two sides of the coin of international cyberspace and security. In the author’s view, if the Budapest Convention fails to regulate cyber crimes, and the new proposed convention for Metaverse succeeds in regulating Metaverse, it would still be a failure for international cyberspace. Hence the UN must take remedial measures to strengthen Budapest Convention and, at the same time, enact a new convention for Metaverse. These two actions must go on parallel tracks. In the next few years or less than a decade, both the conventions shall jointly protect international cyberspace.
The new international treaty for Metaverse must strike a proper balance between the freedom of individuals and law enforcement requirements. Finally, the new treaty must also align with international human rights norms and principles.
Only a new separate cyber legal order/convention at the international level accepted by most countries can effectively regulate Metaverse. Therefore, states must regulate Metaverse in their jurisdiction based on state laws specially framed for it or amend their cyber laws to cover it.
In the author’s view, “International Metaverse regulation” would not just mean Metaverse regulation at the international level by international convention but a conjoined and coordinated regulation by international convention and state regulation. If only crimes at the international level are regulated, and the crimes that affect the state are not, then it cannot be treated as effective global crime regulation.
As stated above, the UN has the prime responsibility to bring the nations together to enact a superior international convention to regulate Metaverse that shall stand as a Magna Carta for later conventions on advanced technologies.
While this article stresses the need for international treaty law, it is incumbent upon the states to enact relevant municipal laws to protect their subjects. Moreover, for an effective global order and broader state cooperation, the state laws are expected to be in accordance with the international treaty law.
Conflict of Interest
The author declare no conflict of interest.
I acknowledge all the support from Euclid University and my instructing supervisor Prof. Klemens Katterbauer and my supervising professor Prof. Laurent Cleenewerck in completing the dissertation from which this paper is derived.
11AA (2): Any scheme or arrangement made or offered by any [person] under which—
(i) the contributions, or payments made by the investors, by whatever name called, are pooled and utilized for the purposes of the scheme or arrangement;
(ii) the contributions or payments are made to such scheme or arrangement by the investors with a view to receive profits, income, produce, or property, whether movable or immovable, from such scheme or arrangement;
(iii) the property, contribution, or investment forming part of scheme or arrangement, whether identifiable or not, is managed on behalf of the investors;
(iv) the investors do not have day-to-day control over the management and operation of the scheme or arrangement. SEBI. Securities and Exchange Board of India Act, 1992 [Amended by the Securities Laws (Amendment) Act, 2014]. Accessed 13 March 2022. https://www.sebi.gov.in/sebi_data/attachdocs/1456380272563.pdf.
Brittan Heller. ‘Watching Androids Dream of Electric Sheep: Immersive Technology, Biometric Psychography, and the Law’, 23 Vanderbilt Law Review 1 (2021). Accessed 13 March 2022. https://scholarship.law.vanderbilt.edu/jetlaw/vol23/iss1/1.
cnbctv18.com Das Amrita. ‘Woman recalls ‘gang rape’ in Metaverse; concerns grow over making VR platforms safe from sexual predators.’ 8 February 2022. Accessed 11 March 2022. https://www.cnbctv18.com/technology/woman-recalls-gang-rape-in-metaverse-concerns-grow-over-making-vr-platforms-safe-from-sexual-predators-12396992.htm.
Coindesk. Higgins Stan. ISIS-Linked Blog: Bitcoin Can Fund Terrorist Movements Worldwide. 11 September 2021. https://www.coindesk.com/markets/2014/07/07/isis-linked-blog-bitcoin-can-fund-terrorist-movements-worldwide/.
Congress.gov. Safeguarding against Fraud, Exploitation, Threats, Extremism, and Consumer Harms (SAFE TECH) Act. 20 May 2021. 117th Congress, 1st Session. H. R. 3421. Accessed 23 January 2022. https://www.congress.gov/117/bills/hr3421/BILLS-117hr3421ih.pdf.
Copyright Office. Government of India. The Indian Copyright Act, 1957. Accessed 13 March 2022. https://copyright.gov.in/documents/copyrightrules1957.pdf.
Cornell Legal Information Institute. Section 1(a)(9) of the Commodities Exchange Act 1946. Accessed 8 March 2022. https://www.law.cornell.edu/uscode/text/7/1a.
Dammer, Fairchild, Albanese. ‘Comparative criminal justice systems’.2006. Wadsworth Cengage Learning, USA. P.13.
ED Markey. US Senator of Massachusetts. With Increasing Usage Of Virtual Reality Platforms And Devices, Senator Markey And Reps. Castor, Trahan Urge Ftc To Monitor Threats To Children In The Metaverse. 16 February 2022. Accessed 8 March 2022. https://www.markey.senate.gov/news/press-releases/with-increasing-usage-of-virtual-reality-platforms-and-devices-senator-markey-and-reps-castor-trahan-urge-ftc-to-monitor-threats-to-children-in-the-metaverse.
The letter dated 16 February 2022 can be downloaded from https://www.markey.senate.gov/imo/media/doc/letter_to_ftc_-_vr_and_children.pdf.
ED Markey. US Senator of Massachusetts. Senator Markey And Reps. Castor, Trahan Urge Ftc To Use Authority To Make Tech Companies Abide By New Platform Policies. 8 October 2021. Accessed 8 March 2022. https://www.markey.senate.gov/news/press-releases/senator-markey-and-reps-castor-trahan-urge-ftc-to-use-authority-to-make-tech-companies-abide-by-new-platform-policies.
The letter dated 8 October 2021 can be downloaded from https://www.markey.senate.gov/imo/media/doc/ftc_big_tech_childrens_privacy_policy_changes.pdf.
Financial Action Task Force (FATF). Guidance for a Risk-Based Approach Prepaid Cards, Mobile Payments, and Internet-Based Payment Services. June 2013. Accessed 13 March 2022. https://www.fatf-gafi.org/media/fatf/documents/recommendations/Guidance-RBA-NPPS.pdf.
Financial Action Task Force (FATF). Virtual Currencies – Key Definitions and Potential AML/CFT Risks. June 2014. Accessed 13 March 2022. https://www.fatf-gafi.org/documents/documents/virtual-currency-definitions-aml-cft-risk.html.
Financial Action Task Force (FATF). Guidance for a Risk-Based Approach to Virtual Currencies. June 2015. Accessed 13 March 2022. https://www.fatf-gafi.org/media/fatf/documents/reports/Guidance-RBA-Virtual-Currencies.pdf.
Financial Action Task Force (FATF). Emerging Terrorist Financing Risks. October 2015. Accessed 13 March 2022. https://www.fatf-gafi.org/media/fatf/documents/reports/Emerging-Terrorist-Financing-Risks.pdf.
Financial Action Task Force (FATF). Accessed 13 March 2022. https://www.fatf-gafi.org/.
Financial Action Task Force (FATF). Updated Guidance for a Risk-Based Approach to Virtual Assets and Virtual Asset Service Providers, FATF, Paris. Accessed 13 March 2022. www.fatf-gafi.org/publications/fatfrecommendations/documents/Updated-Guidance-RBA-VA-VASP.html.
Government of India. National Cyber Crime Reporting Portal. Accessed 13 March 2022. https://cybercrime.gov.in/.
“Goods” mean every kind of movable property other than actionable claims and money; and includes stock and shares, growing crops, grass, and things attached to or forming part of the land which are agreed to be severed before sale or under the contract of sale.” Legislative Department. Government of India. Section 2(7) of the Sale of Goods Act, 1930. Accessed 13 March 2022. https://legislative.gov.in/sites/default/files/A1930-3_0.pdf.
Indiakanoon. Tata Consultancy Services v. State of AP Appeal (civil) No. 2582 of 1998. Judgment dated 5 November 2004. Accessed 13 March 2022. https://indiankanoon.org/doc/153638/.
IndiaKanoon. Supreme Court of India. Krishnamoorthy v. Sivakumar and Ors. 21 January 2015. AIR 2015 SC 1921. Accessed 23 January 2022. https://indiankanoon.org/doc/169274383/.
Indiakanoon. Supreme Court of India. 24 March 2015. Shreya Singhal v Union of India. W.P. (Crl.) 167/2012; (2015) 5 SCC 1. Accessed 13 March 2022. https://indiankanoon.org/doc/110813550/.
King & Wood Mallesons. FATF. Building a legal architecture for the Metaverse. November 2021. Accessed 13 March 2022. https://www.kwm.com/hk/en/insights/latest-thinking/fatf-2021-virtual-assets-guidance.html.
Legal Information Institute.US Constitution. First Amendment. Cornell Law Institute. Accessed 23 January 2022. https://www.law.cornell.edu/constitution/first_amendment.
Lex Non Cogit ad Impossibila is a legal maxim that means that the law does not compel to do impossible things. Accessed 13 March 2022. https://www.lawcommunity.in/maxim/lex-non-cogit-ad-impossibilia.
OFAC. Sanctions Compliance Guidance for the Virtual Currency Industry. 21 October 2021. Accessed 8 March 2022. https://home.treasury.gov/system/files/126/virtual_currency_guidance_brochure.pdf.
Open Jurist. United States Court of Appeals, Second Circuit. Gary Plastic Packaging Corporation v. Merrill Lynch Pierce Fenner & Smith Inc. Judgment dated 21 February 1985. Accessed 8 March 2022. https://openjurist.org/756/f2d/230/gary-plastic-packaging-corporation-v-merrill-lynch-pierce-fenner-and- smith-inc. 756 F. 2d 230
Press Council of India. Banning of Cryptocurrency & Regulation of Official Digital Currency Bill, 2019. Accessed 13 March 2022. https://prsindia.org/billtrack/draft-banning-of-cryptocurrency-regulation-of-official-digital-currency-bill-2019.
Sahara India Real Estate Corpn. Ltd. v. SEBI. Civil Appeal No. 9813 of 2011 and Civil Appeal No. 9833 of 2011. Judgment dated 31 August 2012. Accessed 13 March 2022. https://www.sebi.gov.in/sebi_data/attachdocs/1351500106870.pdf.
SEBI. Section 2(h) of the Securities Contracts (Regulation) Act, 1956. Accessed 13 March 2022. https://www.sebi.gov.in/acts/contractact.pdf.
SEC Commissioners’ letter dated 19 July 2021. SEC v. Ripple LabsInc. et al., No. 20-cv-10832. Accessed 8 March 2022. https://www.dropbox.com/s/83olmrd2cqmrei8/Letter%20from%20Counsel%20for%20Individual%20Defendants%20regarding%20Coinschedule.pdf?dl=0.
Section 230. Communication Decency Act, 1996. Accessed 23 January 2022. https://www.law.cornell.edu/uscode/text/47/230.
Section 43(c)(1) of the Trademarks Act, 1946. U. S. Patent & Trademark Office. 25 November 2013. Accessed 8 March 2022. https://www.uspto.gov/sites/default/files/trademarks/law/Trademark_Statutes.pdf.
Sections 66E, 67, 67A, 67A. The Information Technology Act, 2000. https://www.indiacode.nic.in/bitstream/123456789/13116/1/it_act_2000_updated.pdf.
“Smart contracts” are predefined contracts, usually drafted by the platform itself, which are accepted by both the parties for the sale and purchase of the NFT.
Supreme Court of India. Internet and Mobile Association of India vs. Reserve Bank of India. Writ Petition (Civil) No.528 of 2018 & Writ Petition (Civil) No.373 of 2018. Judgment dated 4 March 2020. Accessed 13 March 2022. https://main.sci.gov.in/supremecourt/2018/19230/19230_2018_4_1501_21151_Judgement_04-Mar-2020.pdf.p.20
The UK Copyright, Designs and Patents Act 1988. Accessed 13 March 2022. https://assets.publishing.service.gov.uk/government/uploads/system/uploads/attachment_data/file/957583/Copyright-designs-and-patents-act-1988.pdf.
The Verge. Vincent James. ‘AI deep fake app creates nude images of women in seconds’, 27 June 2019. Accessed 13 March 2022. https://www.theverge.com/2019/6/27/18760896/deepfake-nude-ai-app-women-deepnude-non-consensual-pornography.
UK Parliament. House of Commons Library. Online Safety Bill in 2021. 14 December 2021. Accessed 13 March 2022. https://committees.parliament.uk/publications/8206/documents/84092/default/
UK Financial Conduct Authority (FCA). Cryptoassets: our work. Accessed 13 March 2022. https://www.fca.org.uk/firms/cryptoassets.
UK Financial Conduct Authority (FCA). Cryptoassets Taskforce: final report. Accessed 13 March 2022. https://assets.publishing.service.gov.uk/government/uploads/system/uploads/attachment_data/file/752070/cryptoassets_taskforce_final_report_final_web.pdf.
United States District Court Southern District Of New York. Securities And Exchange Commission Vs. Telegram Group Inc. And Ton Issuer Inc., 19 Civ. 9439 (PKC). Judgment dated 11 October 2019. Accessed 8 March 2022. https://www.sec.gov/litigation/complaints/2019/comp-pr2019-212.pdf. An appeal has been filed against this decision.
United States District Court Southern District Of New York. Securities And Exchange Commission Vs. Ripple Labs, Inc. and Ors. 20 Civ. 10832. Judgment dated 22 December 2020. Accessed 8 March 2022. https://www.sec.gov/litigation/complaints/2020/comp-pr2020-338.pdf.
UNGA Resolution. A/RES/73/187. ‘Countering the use of information and communications technologies for criminal purposes’, Accessed 13 March 2022. 17 December 2018. https://digitallibrary.un.org/record/3831879.
The D&O Diary. Supreme Court of the State Of New York County Of New York. Jeeun Friel v. Dapper Labs In. Accessed 8 March 2022. https://www.dandodiary.com/wp-content/uploads/sites/893/2021/06/Dapper-Labs-lawsuit-complaint.pdf.
The New York Post. Wayt Theo. Meta adds ‘Personal Boundary’ to Metaverse after ‘virtual gang rape.’ Accessed 23 January 2022. https://nypost.com/2022/02/04/meta-adds-personal-boundary-to-metaverse-after-virtual-gang-rape/.
The US Department of Justice. Deputy Attorney General Lisa O. Monaco Announces National Cryptocurrency Enforcement Team. 6 October 2021. Accessed 8 March 2022. https://www.justice.gov/opa/pr/deputy-attorney-general-lisa-o-monaco-announces-national-cryptocurrency-enforcement-team.
UNICEF. Discussion Paper Series: ‘Children’s Rights and Business in a Digital World. Child Rights and Online Gaming: Opportunities & Challenges for Children and the Industry’, August 2019. Accessed 13 March 2022. https://www.unicef-irc.org/files/upload/documents/UNICEF_CRBDigitalWorldSeriesOnline_Gaming.pdf.
US Department of Justice. ‘Global Disruption of Three Terror Finance Cyber-Enabled Campaigns: Largest-Ever Seizure of Terrorist Organizations’ Cryptocurrency Accounts’, 13 August 2020. Accessed 14 March 2022. https://www.justice.gov/opa/pr/global-disruption-three-terror-finance-cyber-enabled-campaigns.
US Secret Service. US Secret Service Launches Cryptocurrency Awareness Hub. 18 February 2022. US Secret Service Media Relations. Accessed 14 March 2022. https://www.secretservice.gov/newsroom/releases/2022/02/us-secret-service-launches-cryptocurrency-awareness-hub.
WazirX. Accessed 13 March 2022. https://wazirx.com/.
 The Verge. Vincent James. AI deep fake app creates nude images of women in seconds. 27 June 2019. Accessed 13 March 2022. https://www.theverge.com/2019/6/27/18760896/deepfake-nude-ai-app-women-deepnude-non-consensual-pornography.
 cnbctv18.com Das Amrita. Woman recalls ‘gang rape’ in Metaverse; concerns grow over making VR platforms safe from sexual predators. 8 February 2022. Accessed 11 March 2022. https://www.cnbctv18.com/technology/woman-recalls-gang-rape-in-metaverse-concerns-grow-over-making-vr-platforms-safe-from-sexual-predators-12396992.htm.
 The New York Post. Wayt Theo. Meta adds ‘Personal Boundary’ to Metaverse after ‘virtual gang rape.’ Accessed 23 January 2022. https://nypost.com/2022/02/04/meta-adds-personal-boundary-to-metaverse-after-virtual-gang-rape/.
 World Health Organization. ICD-11 for Mortality and Morbidity Statistics (Version: 05/2021). Accessed 23 January 2022. https://icd.who.int/browse11/l-m/en#/http://id.who.int/icd/entity/1448597234.
 Brittan Heller. Watching Androids Dream of Electric Sheep: Immersive Technology, Biometric Psychography, and the Law, 23 Vanderbilt Law Review 1 (2021). Accessed 13 March 2022. https://scholarship.law.vanderbilt.edu/jetlaw/vol23/iss1/1.
 “Smart contracts” are predefined contracts, usually drafted by the platform itself, which are accepted by both the parties for the sale and purchase of the NFT.
 Dammer, Fairchild, Albanese. Comparative criminal justice systems.2006. Wadsworth Cengage Learning, USA. P.13.
 IndiaKanoon. Supreme Court of India. Krishnamoorthy v. Sivakumar and Ors. 21 January 2015. AIR 2015 SC 1921. Accessed 23 January 2022. https://indiankanoon.org/doc/169274383/.
 Section 230. Communication Decency Act, 1996. Accessed 23 January 2022. Accessed 23 January 2022. https://www.law.cornell.edu/uscode/text/47/230.
 Legal Information Institute.US Constitution. First Amendment. Cornell Law Institute. Accessed 23 January 2022. https://www.law.cornell.edu/constitution/first_amendment.
 Section 43(c)(1) of the Trademarks Act, 1946. U. S. Patent & Trademark Office. 25 November 2013. Accessed 8 March 2022. https://www.uspto.gov/sites/default/files/trademarks/law/Trademark_Statutes.pdf.
 ED Markey. US Senator of Massachusetts. With Increasing Usage Of Virtual Reality Platforms And Devices, Senator Markey And Reps. Castor, Trahan Urge Ftc To Monitor Threats To Children In The Metaverse. 16 February 2022. Accessed 8 March 2022. https://www.markey.senate.gov/news/press-releases/with-increasing-usage-of-virtual-reality-platforms-and-devices-senator-markey-and-reps-castor-trahan-urge-ftc-to-monitor-threats-to-children-in-the-metaverse. The letter dated 16 February 2022 can be downloaded from https://www.markey.senate.gov/imo/media/doc/letter_to_ftc_-_vr_and_children.pdf.
 ED Markey. US Senator of Massachusetts. Senator Markey And Reps. Castor, Trahan Urge Ftc To Use Authority To Make Tech Companies Abide By New Platform Policies. 8 October 2021. Accessed 8 March 2022. https://www.markey.senate.gov/news/press-releases/senator-markey-and-reps-castor-trahan-urge-ftc-to-use-authority-to-make-tech-companies-abide-by-new-platform-policies. The letter dated 8 October 2021 can be downloaded from https://www.markey.senate.gov/imo/media/doc/ftc_big_tech_childrens_privacy_policy_changes.pdf.
 Congress.gov. Safeguarding against Fraud, Exploitation, Threats, Extremism, and Consumer Harms (SAFE TECH) Act. 20 May 2021. 117th Congress, 1st Session. H. R. 3421. Accessed 23 January 2022. https://www.congress.gov/117/bills/hr3421/BILLS-117hr3421ih.pdf.
 Cornell Legal Information Institute. Section 1(a)(9) of the Commodities Exchange Act 1946. Accessed 8 March 2022. https://www.law.cornell.edu/uscode/text/7/1a.
 Open Jurist. United States Court of Appeals, Second Circuit. Gary Plastic Packaging Corporation v. Merrill Lynch Pierce Fenner & Smith Inc. Judgment dated 21 February 1985. Accessed 8 March 2022. https://openjurist.org/756/f2d/230/gary-plastic-packaging-corporation-v-merrill-lynch-pierce-fenner-and-smith-inc. 756 F. 2d 230
 United States District Court Southern District Of New York. Securities And Exchange Commission Vs. Telegram Group Inc. And Ton Issuer Inc., 19 Civ. 9439 (PKC). Judgment dated 11 October 2019. Accessed 8 March 2022. https://www.sec.gov/litigation/complaints/2019/comp-pr2019-212.pdf. An appeal has been filed against this decision.
 United States District Court Southern District Of New York. Securities And Exchange Commission Vs. Ripple Labs, Inc. and Ors. 20 Civ. 10832. Judgment dated 22 December 2020. Accessed 8 March 2022. https://www.sec.gov/litigation/complaints/2020/comp-pr2020-338.pdf.
 SEC Commissioners’ letter dated 19 July 2021. SEC v. Ripple LabsInc. et al., No. 20-cv-10832. Accessed 8 March 2022. https://www.dropbox.com/s/83olmrd2cqmrei8/Letter%20from%20Counsel%20for%20Individual%20Defendants%20regarding%20Coinschedule.pdf?dl=0.
 The D&O Diary. Supreme Court of the State Of New York County Of New York. Jeeun Friel v. Dapper Labs In. Accessed 8 March 2022. https://www.dandodiary.com/wp-content/uploads/sites/893/2021/06/Dapper-Labs-lawsuit-complaint.pdf.
 OFAC. Sanctions Compliance Guidance for the Virtual Currency Industry. 21 October 2021. Accessed 8 March 2022. https://home.treasury.gov/system/files/126/virtual_currency_guidance_brochure.pdf.
 The US Department of Justice. Deputy Attorney General Lisa O. Monaco Announces National Cryptocurrency Enforcement Team. 6 October 2021. Accessed 8 March 2022. https://www.justice.gov/opa/pr/deputy-attorney-general-lisa-o-monaco-announces-national-cryptocurrency-enforcement-team.
 UK Parliament. House of Commons Library. Online Safety Bill in 2021. 14 December 2021. Accessed 13 March 2022. https://committees.parliament.uk/publications/8206/documents/84092/default/
 UK Financial Conduct Authority (FCA). Cryptoassets: our work. Accessed 13 March 2022. https://www.fca.org.uk/firms/cryptoassets.
 UK Financial Conduct Authority (FCA). Cryptoassets Taskforce: final report. Accessed 13 March 2022. https://assets.publishing.service.gov.uk/government/uploads/system/uploads/attachment_data/file/752070/cryptoassets_taskforce_final_report_final_web.pdf.
 The UK Copyright, Designs and Patents Act 1988. Accessed 13 March 2022. https://assets.publishing.service.gov.uk/government/uploads/system/uploads/attachment_data/file/957583/Copyright-designs-and-patents-act-1988.pdf.
 SEBI. Section 2(h) of the Securities Contracts (Regulation) Act, 1956. Accessed 13 March 2022. https://www.sebi.gov.in/acts/contractact.pdf.
 Sahara India Real Estate Corpn. Ltd. v. SEBI. Civil Appeal No. 9813 of 2011 and Civil Appeal No. 9833 of 2011. Judgment dated 31 August 2012. Accessed 13 March 2022. https://www.sebi.gov.in/sebi_data/attachdocs/1351500106870.pdf.
 IndiaKanoon. Allahabad High Court. Paramount Bio-Tech Industries Ltd. v. Union of India. 25 November, 2003. 2004 120 CompCas 18 All. Accessed 24 August 2023. https://indiankanoon.org/doc/158034218/.
 11AA (2): Any scheme or arrangement made or offered by any [person] under which—
(i) the contributions, or payments made by the investors, by whatever name called, are pooled and utilized for the purposes of the scheme or arrangement;
(ii) the contributions or payments are made to such scheme or arrangement by the investors with a view to receive profits, income, produce, or property, whether movable or immovable, from such scheme or arrangement;
(iii) the property, contribution, or investment forming part of scheme or arrangement, whether identifiable or not, is managed on behalf of the investors;
(iv) the investors do not have day-to-day control over the management and operation of the scheme or arrangement. SEBI. Securities and Exchange Board of India Act, 1992 [Amended by the Securities Laws (Amendment) Act, 2014]. Accessed 13 March 2022. https://www.sebi.gov.in/sebi_data/attachdocs/1456380272563.pdf.
 Indiakanoon. Tata Consultancy Services v. State of AP. Appeal (civil) No. 2582 of 1998. Judgment dated 5 November 2004. Accessed 13 March 2022. https://indiankanoon.org/doc/153638/.
 “Goods” mean every kind of movable property other than actionable claims and money; and includes stock and shares, growing crops, grass, and things attached to or forming part of the land which are agreed to be severed before sale or under the contract of sale.” Legislative Department. Government of India. Section 2(7) of the Sale of Goods Act, 1930. Accessed 13 March 2022. https://legislative.gov.in/sites/default/files/A1930-3_0.pdf.
 Supreme Court of India. Internet and Mobile Association of India vs. Reserve Bank of India. Writ Petition (Civil) No.528 of 2018 & Writ Petition (Civil) No.373 of 2018. Judgment dated 4 March 2020. Accessed 13 March 2022. https://main.sci.gov.in/supremecourt/2018/19230/19230_2018_4_1501_21151_Judgement_04-Mar-2020.pdf.p.20
 Press Council of India. Banning of Cryptocurrency & Regulation of Official Digital Currency Bill, 2019. Accessed 13 March 2022. https://prsindia.org/billtrack/draft-banning-of-cryptocurrency-regulation-of-official-digital-currency-bill-2019.
 Copyright Office. Government of India. The Indian Copyright Act, 1957. Accessed 13 March 2022. https://copyright.gov.in/documents/copyrightrules1957.pdf.
 WazirX. Accessed 13 March 2022. https://wazirx.com/.
 Sections 66E, 67, 67A, 67A. The Information Technology Act, 2000. https://www.indiacode.nic.in/bitstream/123456789/13116/1/it_act_2000_updated.pdf.
 Indiakanoon. Supreme Court of India. 24 March 2015. Shreya Singhal v Union of India. W.P. (Crl.) 167/2012; (2015) 5 SCC 1. Accessed 13 March 2022. https://indiankanoon.org/doc/110813550/.
 Government of India. National Cyber Crime Reporting Portal. Accessed 13 March 2022. https://cybercrime.gov.in/.
 Ibid, 16.
 UNGA Resolution. A/RES/73/187. Countering the use of information and communications technologies for criminal purposes. Accessed 13 March 2022. 17 December 2018. https://digitallibrary.un.org/record/3831879.
 Financial Action Task Force (FATF). Accessed 13 March 2022. https://www.fatf-gafi.org/.
 Financial Action Task Force (FATF). Guidance for a Risk-Based Approach Prepaid Cards, Mobile Payments, and Internet-Based Payment Services. June 2013. Accessed 13 March 2022. https://www.fatf-gafi.org/media/fatf/documents/recommendations/Guidance-RBA-NPPS.pdf.
 Financial Action Task Force (FATF). Virtual Currencies – Key Definitions and Potential AML/CFT Risks. June 2014. Accessed 13 March 2022. https://www.fatf-gafi.org/documents/documents/virtual-currency-definitions-aml-cft-risk.html.
 Financial Action Task Force (FATF). Guidance for a Risk-Based Approach to Virtual Currencies. June 2015. Accessed 13 March 2022. https://www.fatf-gafi.org/media/fatf/documents/reports/Guidance-RBA-Virtual-Currencies.pdf.
 Financial Action Task Force (FATF). Emerging Terrorist Financing Risks. October 2015. Accessed 13 March 2022. https://www.fatf-gafi.org/media/fatf/documents/reports/Emerging-Terrorist-Financing-Risks.pdf.
 King & Wood Mallesons. FATF. Building a legal architecture for the Metaverse. November 2021. Accessed 13 March 2022. https://www.kwm.com/hk/en/insights/latest-thinking/fatf-2021-virtual-assets-guidance.html.
 Financial Action Task Force (FATF). Updated Guidance for a Risk-Based Approach to Virtual Assets and Virtual Asset Service Providers, FATF, Paris. Accessed 13 March 2022. www.fatf-gafi.org/publications/fatfrecommendations/documents/Updated-Guidance-RBA-VA-VASP.html.
 UNICEF. Discussion Paper Series: Children’s Rights and Business in a Digital World. Child Rights and Online Gaming: Opportunities & Challenges for Children and the Industry. August 2019. Accessed 13 March 2022. https://www.unicef-irc.org/files/upload/documents/UNICEF_CRBDigitalWorldSeriesOnline_Gaming.pdf.
 US Secret Service. US Secret Service Launches Cryptocurrency Awareness Hub. 18 February 2022. US Secret Service Media Relations. Accessed 14 March 2022. https://www.secretservice.gov/newsroom/releases/2022/02/us-secret-service-launches-cryptocurrency-awareness-hub.
 US Department of Justice. Global Disruption of Three Terror Finance Cyber-Enabled Campaigns: Largest-Ever Seizure of Terrorist Organizations’ Cryptocurrency Accounts. 13 August 2020. Accessed 14 March 2022. https://www.justice.gov/opa/pr/global-disruption-three-terror-finance-cyber-enabled-campaigns.
 Coindesk. Higgins Stan. ISIS-Linked Blog: Bitcoin Can Fund Terrorist Movements Worldwide. 11 September 2021. https://www.coindesk.com/markets/2014/07/07/isis-linked-blog-bitcoin-can-fund-terrorist-movements-worldwide/.
 Lex Non Cogit ad Impossibila is a legal maxim that means that the law does not compel to do impossible things. Accessed 13 March 2022. https://www.lawcommunity.in/maxim/lex-non-cogit-ad-impossibilia.