Regulation must match the speed of telecommunications

Regulation must match the speed of telecommunications

Telecommunication sector providers have enjoyed massive windfalls over the last few years through significant revenues and margins from new business models such as the cloud, security, payments and insurance services. While revenue streams have grown, stringent regulations and the cost of licences and other fees, continue to be pain points for service providers.

With the introduction of the Indian Telecommunication Bill, 2022 (bill), regulations in this and allied sectors are taking a more consumer-centric approach. This is not only specific to India but is also happening in advanced jurisdictions, such as the EU and the US. Focus has been on moving away from increasing compliance by consumers and customers to regulating private parties in a graduated manner. The graduation depends on the underlying technology used or built to provide services to the last-mile customer. The EU distinguishes between phone numbers to determine whether a particular service relies upon a phone number or is independent of it, and therefore whether it is subject to licences, authorisations and regulatory frameworks. Telecommunication laws in the US have also moved away from strict regulation of customer premises equipment, which is managed by the end users and is already subject to qualitative checks before being supplied.

Unfortunately, the bill as presently drafted does not provide clarity regarding customer equipment. It seems end users will have to apply for registration, authorisation or licences from providers. This runs contrary to the global consumer-centric regulatory approach, and will over-regulate services that have been freed from licensing elsewhere. The bill also blurs the lines between commercial-scale services and those that merely connect two individuals through audio, video or data. A light touch, graduated framework, akin to that in Malaysia, could be suitable for India, imposing different compliance requirements on pure software providers and cloud computing resellers. This would allow an appropriate distinction by factoring in the kind of service, the underlying technology and the intended service providers and recipients.

The rapid spread of the internet of things, connected devices already proliferating in our homes, workplaces, and the wider society in smart cities, is reliant upon 5G connectivity. To manage these devices, service providers need to be able to take advantage of the scalability and flexibility offered by the cloud against the backdrop of a nuanced regulatory framework. The success of any policy intervention will depend heavily upon capex concerns. Infrastructure and network sharing will be needed to cap the initial investment and generate value and efficiency in the deployment of the next-generation communications infrastructure. To ensure that such sharing does not morph into cartels, regulations will be vital to preventing price fixing, supply reduction, and investment limitation.

There already exist several telco-multi-network operator alliances, and the global proliferation of 5G may encourage such networks to go beyond just video and audio streaming and add gaming. While the national antitrust regulator does not consider the current situation merits investigation, legislators may propose rules and guidelines to ensure that the telecom market in India does not further consolidate.

With privacy discussions ongoing, the focus of regulations is on ensuring that consumers are highly empowered and do not have to rely upon the discretion of service providers for their rights. The Digital India dream is approaching its realisation in the form of technology and innovation, as well as the regulatory framework. The intent of the legislature regarding regulation seems to be recognising technical convergence and a future-proof, technology-agnostic law and policy environment. Discussions have taken place over reorienting the telecom, innovation and associated segments through a comprehensive legislative framework under a single Digital India Act. The government is no longer obdurate and is accommodating the private sector. There is hope that this conversation between public and private parties, will result in a coherent, cohesive, forward-looking, consumer-friendly framework. The future of the law lies in simplicity, and not duplicating efforts beyond what is necessary.

Law gives telemedicine patients a shot in the arm

Law gives telemedicine patients a shot in the arm

Technology has assumed a big role in delivering healthcare services, particularly in the wake of the pandemic. The healthcare infrastructure of the country was brought to its knees due to the caseload during the Covid period.

Historically discouraged due to vast technological, financial, and legal barriers, the medical industry has undergone a massive overhaul now. Lowering data costs, penetration of the internet and improving user confidence have led to the steady adoption of telehealth services, a trend that is on the rise.

However, some long-standing concerns remain in the mind of patients such as the lack of transparency about the credentials of the doctor, improper patient diagnosis, concerns regarding misuse of a patient’s health information etc.

Though the practice of telemedicine has been legal in the country, these issues (including an inherent lack of trust on the part of patients, as well as practitioners) continued to persist. In 2020, the Union government came up with a framework for facilitating health-related services. It drafted legislation for public consultation in 2022 to bring further reforms to the existing law.

The Telemedicine Practice Guidelines, 2020 (TPG), were issued to offer assistance to healthcare professionals towards adopting telemedicine and provide protocols for physician-patient relationships. It focuses on patient evaluations and management, continuity of care, referrals for emergency services, privacy and security of the patient records, correspondence etc among other considerations.

As per the law, medical practitioners are required to adhere to the same professional and ethical norms applicable in traditional in-person care and exercise their professional judgment to determine the efficacy of teleconsultation, in the interests of the patient. Furthermore, the practitioners must be aware of any shortcomings of a particular mode of communication and they should inform patients of the same.

If the treatment cannot be done digitally, it must be “paused” or be “validated” with any required diagnostic reports, laboratory investigations, or a local referral to a physical facility, for examination.

The law enables the practitioner to discontinue and disengage from an ongoing consultation if they feel teleconsultation does not serve the purpose.

During digital consultation, the law prevents practitioners from receiving any information from the users without their explicit consent. The professional is not allowed to assume anything, instead, explicit consent is mandated under data privacy legislation for the usage and processing of health information.

The TPG imposes inherent restrictions on the ability of a healthcare practitioner to prescribe medications drugs should be prescribed when physicians are confident that they have relevant and adequate information. While there is a lot of dissatisfaction among practitioners about the list of drugs that can be prescribed over teleconsultation.

In addition to this, the patient continues to be the focal point, and nothing should be done without documentation. A practitioner I have been working with says “digital consultations premise themselves on ‘documentation” it is to keep both the patient, as well as the practitioner safe and aware at all times.

CSAM: Is It Time to Age Gate the Internet?

CSAM: Is It Time to Age Gate the Internet?

As digital platforms cater to an ever-increasing user base, service providers and regulators are increasingly cognizant of the addictive nature of the services online, and their delivery to the end users. Children are now the focal point of discussions attending practices, which has catapulted regulatory scrutiny and policy-making initiatives.

The precipitation of digital support structure, owing to the social distancing measures and onset of Covid-19 related lockdowns, was felt across social media channels, digital gaming, online chatrooms, wearable and connected devices. The mere ease and convenience afforded by these “alternatives” induced reliance, dependance and consequential addiction to these new trends. For children, these changes are more pronounced, and seemingly renders them susceptible to irreversible physical, psychological, social, and economic harms.

The Humans Rights Watch issued a dedicated report[1] on the data collection practices of EdTech platforms which indicated excessive data collection and data sharing practices employed by EdTech platforms, without any sight of user or guardian consent. These findings are ever-present across territories and demonstrate the use of conscious or passive use of invasive technologies to profile children and facilitate them as targets for personalized marketing schemes. All the information that is being generated to this end, creates a vulnerability for the user [in this case a child] to become searchable and reachable.

Child Sexual Abuse Material

                At this juncture, it is highly improper to no longer consider the absolute and real threat of availability of child sexual abuse material (CSAM) over the internet. At a time when the internet is evolving into a system which replicates a physical experience onto the virtual world, good and bad experiences will co-exist, and the susceptibility to be caused harm, in the form of sexual humiliation, is real. These concerns are exacerbated in cases of interactions for children, where the end objective is to ensure that their psychological and physical well-being is preserved.

Recent studies state that there is a spike of about 25% in demands for child sexual abuse material (CSAM); which could be attributed to a rise in the number of digital products and services directed at and availed by children. With increased ease of access provided to sex offenders online, to engage with such children; these findings point towards the urgent need for coaction between guardians, online service providers and regulators alike to sanitize the digital space and create an age-appropriate environment for all users.

As regulators prepare for discussions on pending statutory proposals to ensure online safety, there is an urgent need to assess the technologies available at hand to address such concerns, against the risks it will carry to the fundamental right to data privacy of children online.

Regulatory Landscape

In the United States of America, the US providers are obliged to report to the National Center for Missing and Exploited Children (NCMEC) under US law when they become aware of child sexual abuse on their services. The EU law as it stands today [also as an interim measure till August 03,

[1]; last accessed on September 08, 2022 at 1003 hrs.

2024][2], necessitates voluntary reporting, and hence, member states took into onto themselves to create and prepare for national rules to fight against online child sexual abuse. Unlearning from these experiences, the Indian legislators implemented the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021 (IT Rules) which mandate social media intermediaries with a significant user base, to deploy automated tools to identify CSAM and [similar] profane images, while having regard to the interests of free speech and expression, privacy of users. To acknowledge the need for accelerated redressal and removal of CSAM, the IT Rules have shortened the timeline for removal of such content and proposes use of technologies to enable the identification of the originator of such content.

The European Commission has proposed a new legislation[3] (EU Proposal) to combat child sexual abuse online and imposes obligation on service providers to assess the risk of their services’ misuse for the dissemination of child sexual abuse materials or for the solicitation of children (grooming) and propose risk mitigation measures. The presence of chat rooms, voice calls, and livestreams is a service-agnostic feature of a website today and allow predators to initiate contact with young children and direct them to indulge in inappropriate acts in real time with minimal digital tracing. Further, designate national authorities in EU, upon review of the risk assessment reports, may issue a detection order, which will require the service provider to use EU recognized technologies to screen their platform for CSAM.  Detection orders are limited in time and intended to target a specific type of content on a specific service. The rules further require application stores to assess the risk of onboarded applications for the purpose of CSAM dissemination and grooming and take reasonable measures to identify child users and prevent them from accessing it. The Regulation imposes the obligation upon service providers, to determine the methods for such detection exercises, and use technologies which are the least privacy-intrusive and are in accordance with the state of the art in the industry.

                In addition to such targeted legislations, online service providers are required to comply with their compliances under the General Data Protection Regulation (GDPR), similar data protection statutes, to use privacy-centric tools to ensure legitimate and proportional collection of children information. Drawing from the requirements of the GDPR, the EC member states and entities would resort to conducting impact assessments[4] and related exercises to make these determinations, perform a balancing act.

The detection and removal of CSAM is an issue of public interest, and lawmakers have sought to address concerns and impose obligations, in a targeted manner, having regard to the nature of services, and their intended audience. However, are there technological tools available to address such concerns, or is privacy centric detection a painful oxymoron?

Technology at Hand

[2] Child Sexual Abuse Directive, and Regulation (EU) 2021/1232 on combating online child sexual abuse. Regulation 2021/1232/EU of the European Parliament and of the Council of 14 July 2021 on a temporary derogation from certain provisions of Directive 2002/58/EC as regards the use of technologies by providers of number-independent interpersonal communications services for the processing of personal and other data for the purpose of combating online child sexual abuse (Text with EEA relevance).

[3] Proposal For A Regulation Of The European Parliament And Of The Council Laying Down Rules To Prevent And Combat Child Sexual Abuse; also accessible at:


Anonymization, encryption, cloud storage allows offenders to circulate CSAM, evade detection by law enforcement agencies; the connectivity presented by Internet of Things (IoT) offer opportunities for interaction between sex offenders and young children, and grant them access to information on the personality traits, behavior, and location of the children.

Platforms implement artificial intelligence and machine learning systems to ensure efficiency and accuracy, in detection, monitoring and removal of CSAM[5]. On the enforcement side, cryptographical hash algorithms are used for file identification and evidence authentication in digital forensics, by assigning a hash or numeric value to the content. By creating databases of hashed CSAM, new material can quickly be matched against already known files.

Search engines and similar service providers use automated web crawlers, to search and index for CSAM content, and implement risk mitigation steps. Anti-grooming technologies evaluate, review conversations between users to detect toxic user behavior, or any potential grooming action, and are being widely used by service providers with child – targeted offerings (re: gaming industry)[6].


                CSAM detection requirements are service agnostic and call for wide-spread and excessive screening of content by service providers, as per the applicable laws. This requires online platforms to sidestep end-to-end encryption, which will invariably have a negative impact on users’ privacy. Access to communication content on a general basis, to detect CSAM and grooming, is excessive, disproportionate, and liable for mismanagement. Much recently, report[7] of a father being flagged by a CSAM tool deployed by Google, led to an unforeseen circumstance, which unfurled a long winding investigation, and where the father’s activities in connection with his Android/ Google linked accounts (contacts, images, e-mails) were accessed. This was pursuant to the family making an attempt to share an image of their own child’s groin area with the healthcare practitioner for want of medical care; and ended up being ensnared in an algorithmic system which was designed to flag peoples exchanging CSAM. It is important here to note that while the images were explicit in nature, they were surely not exploitative, it was the lost context which led to an innocent man being reported to law enforcement.

It is also important that alongside the deployment of tools, there is human intervention for making effective determination before recommending criminal investigations, law enforcement measures being initiated against an individual for possession of CSAM.

When Apple made suggestions to commence and implement its own new suite of tools for scanning of images on a user’s phone before the same is uploaded onto the cloud, for detection of CSAM, to ensure that the entire device is not always subject to scan and unwarranted intrusions into the user’s device, or their cloud storage accounts[8]; it faced a lot of backlashes. Apple’s proposal to enable a function to scan for CSAM on a user’s handheld device, to match against a database of

[5] WWW ’19: The World Wide Web Conference; Rethinking the Detection of Child Sexual Abuse Imagery on the Internet; p/ 2601–2607; also accessible at:; last accessed on September 10, 2022 at 1445 hrs.

[6]; last accessed on September 12, 2022 at 1430 hrs.

[7]; last accessed on September 09, 2022 at 1345 hrs.

[8]; last accessed on September 10, 2022 at 1445 hrs.

hashed CSAM images had to be withdrawn amidst surveillance concerns presented by regulators and privacy activists alike[9].

The use of age verification, age assessment measures to identify child users, introduced by the EU proposal, may be a proportionate scheme to address CSAM, grooming concerns; however, identification and enforcement will represent a challenge to authorities, with children, young adults inclined towards misrepresenting their age online, to avail services/ offerings which restrict access. Technologies which facilitate facial, audio recognition to estimate user age, are historically error-prone, whereas age verification against government issued identification, credit information is not a foolproof methodology for age verification. All these methods have varying success, but none have mastered a combination of privacy, efficiency, and affordability yet.

Way Forward

Given the converging manner of services, roles of service providers online, the law must be technology agnostic, future proof in order to create a uniform standard of responsibility upon service providers. To that end, the EU Proposal proposes the establishment of an EU Centre, which will collaborate with industry stakeholders, lawmakers to develop standards, make available technologies for content detection; this will alleviate the burden on the small providers.  Furthermore, the EU Centre will give feedback on the accuracy of reporting and help service providers improve their internal processes.

The usage of age tokens, single use QR code created by verifying the age of an individual against government records is being trialed in Australia to grant users access to gambling, alcoholic beverage, and pornographic websites[10]. Solutions which allow for these codes to be created and implemented across sectors, by interoperable platforms, will enable smaller players to be able to onboard these tools without requiring a comparable market presence, technical wherewithal, or financial capabilities, as that of the tech giants.

Organizations must take proactive steps towards the implementation of a privacy by design technical infrastructure within their networks, to ensure proportionality of data collection of minor and major users alike. Taking a leaf out of the existing policy structure around data privacy which requires that new tools, measures are implemented after a thorough impact assessment is created, it is important that private and public entities carry out similar exercises in making determination about: (i) efficacy of the tool in monitoring and detecting CSAM; (ii) any surveillance, intrusion that is percolating to the users’ lives; (iii) if there is an effective mitigation measure, to overcome any erroneous determinations; and, (iv) if human involvement in making a final determination is necessary.

The requirement for having human involvement is necessary, for the fact that the tech giants are acting as sentinels for the purposes of disclaiming any liability, and in turn allowing their suites of tools make the determination for either flagging an individual, denying them access, or making reports to the enforcement agencies. To perform an appropriate balancing act, is the order of nature, and that too must be replicated into the online realm.

[9]; last accessed on September 10, 2022 at 1240 hrs.

[10]; last accessed on September 12, 2022, at 1958 hrs.

Fan Tokens – An Addition, or a Solution, to the Monetary Misery?

Fan Tokens – An Addition, or a Solution, to the Monetary Misery?

Lionel Messi’s transfer to Paris Saint-Germain (PSG) was in itself a massive commercial attraction, however, what added more to it was the initiation of financial structure, previously unheard of for a transaction of this nature, i.e., a one-off payment (as a part of his salary), understood to be worth around 1 million euros ($1.15 million), made in PSG “fan tokens”. The conversation around the manner in which the sporting world is evolving in the virtual space of ‘blockchain’ and ‘metaverse’ is like having a discussion about what “the internet” meant in the 1970s. The building blocks of a new form of communication were in the process of being built, but no one really knew what the reality would look like. While it was true, at the time, that an unknown idea called “the internet” was emerging, not every concept of what it would look like turned into reality. Similarly, there is also a lot of marketing hype wrapped up around the idea of the fan tokens, which is a rather broad shift in how sports fans interact with clubs using technology. Remarkably, as of January, 27th 2022, the market cap of these fan tokens was US$ 298,957,896/- with a 24-hour trading volume of US$40,722,163.[1]

Tersely put, fan tokens are a form of Utility Tokens[2] that entitle the token holders with a variety of fan-related connexion prerequisites. These tokens are generally used by sports clubs and music fan clubs to organize unique experiences for their fans, establish club leadership, goodwill and more. For instance, in the event a sporting entity issues fan tokens, the perks attached to such tokens would allow the holders to participate in non-managerial decisions of the sporting entity, such as voting on merchandise design, team bus design, official team anthem, etc. These tokens also come with a bag of rewards and other unique experiences such as tickets to the team’s home games, complementary jerseys, etc. [For the purpose of this article, the author shall stick to sporting entities only].

Sporting entities and fan token issuing entities collaborate and issue the fan tokens deploying a smart contract, on the market feature in which the issuing entity has its presence, based on their internal arrangement. While it’s a collaboration between two entities, it is the sporting entity that decides what rights and entitlements must be given to the token holders, and the issuing entity assists the sporting entity in suggesting the nature of rights to be granted, with their knowledge and expertise in the said demography. Both parties’ issue surveys and polls respectively, for the fans to understand the nature of engagement preferred by the fans and thereby vote on their choice of question raised and engage with the sporting entity accordingly. The terms and conditions of such polls and surveys (binding or non-binding on the sporting entity) are also laid out jointly by these two collaborators, ensuring best measures for the fan engagement.

These tokens are issued via a fixed base price process, referred to as the ‘Fan Token Offering’, which are then traded on exchanges, where their value keeps fluctuating. They can be bought for fiat currency or cryptocurrency, and are never ‘spent’, so the holders’ balance only decreases if they decide to sell or if they exchange them for another and are locked once they are used for voting for the duration of the aforementioned poll.

[1] Information accessed and borrowed from <>.

[2] A Utility Token provides access to the goods and services that an entity has launched or will launch in the future, which can be used as a type of discount or premium access to the services offered. Such tokens are intended generally as a funding mechanism camouflaged as a marketing strategy to attract and increase user engagement.

It’s difficult to parse what this exactly means because when you hear descriptions like those above, an understandable response is, “Wait, doesn’t that exist already?”. Sporting entities, have in the past, involved fans vide polls for stadium experiences, merchandise offerings, player rankings, etc., but is that what fan tokens really mean? Yes and No. Identifying former sporting entity polls as “fan tokens” would be comparable to identifying Google as the “internet.” Even if a fan, theoretically, received significantly similar belongingness with the sporting entity i.e., socializing, buying things, engaging and playing games/polls, it wouldn’t necessarily mean that the prevailing fan polls encompass the entire scope of fan tokens. Categorically put, fan tokens are digital assets that must be purchased for ownership and participation, which fluctuate in value, and have more merit in it, as the token owners receive perks and can occasionally vote on minor decisions (binding surveys and polls) to be taken by the sporting entity.

But it is worth the investment and hype?

Recently, European football’s governing body, UEFA, announced a sponsorship deal with, a cryptocurrency company which sells fan tokens, which can only be bought through its own blockchain called Chiliz. Not only UEFA, seventeen of England’s 20 Premier League clubs have at least one commercial deal with a company engaged in the cryptocurrency sector, with six, including Arsenal and Manchester City, having signed up with Not just football, other sports such as cricket, motorsport, ice-hockey, basketball, tennis and fighting (MMA, etc.), are investing heavily in fan tokens. The reason for this being – it is a new and innovative monetisation measure, which is helping in curbing the loss of revenue incurred on account of the loss of gate receipts, sponsorship revenue, broadcasting returns and other promotional activities, as a result of which it is assisting in dealing with spike in expenses for the reasons of additional costs being incurred, such as player fee without any event, bio-bubble arrangements, frequent testing obligations, etc. The Covid-19 pandemic has had a huge financial impact on businesses across the world, with most stakeholders suffering, and the sporting world was not spared either. Since the events were either suspended or the turnstiles were closed, the unprecedented loss of matchday revenue has had huge financial implications to be borne sporting entities.

Like other cryptos, fan tokens, too, are volatile, as the prices can shoot up and dive according to the supply and demand in the market. Interestingly, it has been observed that sporting fanatics who buy these fan tokens have suggested that the prices of such fan tokens are relatively influenced by the movements, performance and activities of the concerned sporting entity. Since the fluctuating prices of these tokens depend on the supporters’ emotions and engagements, it is quite evident that some sports’ enthusiasts see fan tokens as a status symbol, a bond with the sporting entity they support and a loyalty indicator instead of as a long-term investment, thereby deeming to add another feather to the popularity and demand of fan tokens, resulting in notable monetary returns for the sporting entities.

As a general, but most important principle in investment, a sporting entity must always consider and analyse the risk-reward ratio, which is notably uncharted and foreign, for fan tokens is an area, still new and unexplored. Below are certain points highlighted for the sporting entities to consider before stepping foot onto this unmapped territory.

  1. Regulatory Measures

Fan tokens are marketed and sold globally, and it becomes pertinent to understand the regulatory and governing regime of each jurisdiction. The digital assets’ market is unregulated in some jurisdictions and regulated in others. In unregulated jurisdictions, the volatility of the market combined with the lack of legal protection appears alarming for both – the sporting entity and the fans. The extent of protection to the sporting entity in this case would largely be limited to contractual protections. But the wider range of questions relating to the legality and validity of the transaction and undertaking remain. It is unclear how this would impact the credibility, validity, future and existence of the fan token that the token holder already owns in an unregulated jurisdiction. Also, the aspect of advertising and the regulations around it (if any) must be carefully analysed before marketing and promoting the fan tokens.

Thus, prior to investing, a sporting entity must necessarily consider the regulatory and governing risks, i.e., compliances, licenses and permissions, if regulated, and the scalable diversion of the authorities in regard with regularising (or prohibition) of the digital assets’ market and the impact thereon, if currently unregulated.

  1. Financial Reliability of the Entity

It is quintessential that the token issuing entity has a sound financial background to ensure effectiveness, both from a business perspective as well as for the economic stability, of the fan token. Safeguards pertaining to the management of a fan token must be built around the possibility of a financial disbalance such as bankruptcy, administration or any other related financial claims and actions. This is because of the area being a novel endeavour and thus, every step towards facing a hurdle would be innovative and unexplored. Question such as would the sporting entity be able to secure all rights to the fan token; would the fan token be transferable to some other platform; would the fan token no longer be tradable; etc. cannot be answered at present as neither are there any specific regulations nor are there any live examples, judgments or precedents in this respect.

Notably, a recent incident on liquidation of a fan token issuing entity surfaced with the Monaco-headquartered entity – IQONIQ going into liquidation, leaving multiple sporting entities potentially out of pocket. IQONIQ entered into various commercial deals, pursuant to which, now they owe (Club) Real Sociedad €820,000, while (Club) Crystal Palace have already started looking for legal actions they could take against IQONIQ over the missed payments of their sleeve sponsorship deals. In such situation, especially when the market is unregulated at large, it becomes difficult for the sporting entities to execute appropriate actions, as well the fans being left stranded. Thus, a prior due diligence and safety measures are recommended. It is anticipated that post such a huge loss, greater scrutiny and regulation will be demanded from governing bodies to regulate the way sporting entities engage with cryptocurrencies and related assets. This could slow down the crypto’s investment in sport sponsorship and other commercial arrangements.

  1. Ownership & Intellectual Property Rights of Fan Tokens

An important matter for consideration in respect of collaborations between the sporting entity and fan token issuing entity is that these collaborations are usually in the nature of partnerships, and as such, the fan token undertaking and all its assets, liabilities, properties, etc. are jointly owned by both the sporting entity and the token issuing entity. Therefore, several questions relating to rights and ownership of the undertaking arise especially when the contract between the two entities expires. What would be the extent of liability and accountability of each entity under such circumstances or if any claims are bought against the undertaking. What would be the status and validity of the tokens issued? Ultimately, the future of the fan token and the fan token undertaking will, to a great extent, depend on the contract and the terms and conditions agreed upon between the sporting entity and the token issuing entity at the time of collaboration unless governments, or authorities such as regulatory bodies of sports, international forums, etc., make provisions in respect of the same. Hence, the same must comprehensively be considered prior to finalising the terms in this regard.

  1. Commercial Risks

The sporting entity will have a number of pre-existing contracts with different entities relating to its various rights and intellectual properties. These could be in respect of marketing, advertising, promotion, reporting, broadcasting, etc. or could be in respect of management, operation, partnership, collaborations and other commercial rights. Some of these might even be the grant exclusive rights to the other entity and the breach of the same could affect the brand and reputation of the sporting entity and even expose it to expensive lawsuits. For instance, the sporting entity might have outsourced the process of sale of tickets of its matches to a third party on an exclusive basis, however, as we observed, part of the rewards conferred on the token holder are free tickets to the sporting entities game, etc. This might result into a conflict. Therefore, it is paramount, that necessary and satisfactory due diligence is conducted to ensure avoidance of such breaches.

The crypto market is extremely volatile and issuing such assets will always be deemed a high-risk investment strategy. Nevertheless, one cannot ignore that these digital assets are slowly becoming a major part of the contemporary dynamics and has caught the eye of the regulators as well. Given the current scenario, the sporting entity must always realise that fan tokens provide the fans with an opportunity to interact more with their choice of the sporting entity, offering them a sense of exclusivity. Such belongingness not only helps in enhancing the goodwill of the sporting entity, but also helps impacts, in some way, the performance of the players and of course the revenue returns of such sporting entity.

As desirable as this commercial arrangement may sound, a sporting entity must always ensure balanced and efficient issuance, nature, performance and monetary rewards of fan tokens. There are a number of circumstances under which the sporting entity might be compelled to discontinue the issue and circulation of the fan token. This could be owing to the operation of law, policies, rules and regulations amongst others. However, it is also possible that the sporting entity chooses and decides to discontinue the circulation of the fan token for various reasons such as non-feasibility of the venture, termination of the agreement with the fan token issuing entity, financial losses, misuse, exploitation or overuse of the fan token, redundance of the objective or purposes for which the fan token was issued, so on and so forth, thereby attracting a number of risks and potential lawsuits. Henceforth, it is paramount that the sporting entity considers all possible contingencies and provides and discloses comprehensive terms and conditions on the issue, purchase, sale, transaction and discontinuance or termination of the fan token, ensuring that the losses are mitigated.

Rashi is an Associate at TMT Law Practice. She graduated in the year 2017 from Institute of Law, Nirma University, Ahmedabad, with specialization in Corporate Laws. Rashi completed her Masters in Business and Finance Law, from the University of Glasgow, in 2018.

NFTs: Understanding the Non-Familiar Terminology of Non-Fungible Tokens

NFTs: Understanding the Non-Familiar Terminology of Non-Fungible Tokens

Collins Dictionary, named an acronym, NFT[1], a. non-fungible token, as the word of the year (2021) and defines it as “a unique digital certificate, registered in a blockchain, that is used to record ownership of an asset such as an artwork or a collectible”[2].. NFTs gained prominence only in 2021 with increased buying of cryptocurrency, and ‘minting’ NFTs. NFTs started out simply and priced obscenely, , in the form of images of tweets, artwork, pictures, and GIFs of crypto kitties, meant for resale through blockchain; now, they are evolving into different forms, and are being used to authenticate physical items in the real world, as well as virtual ‘assets’ in the metaverse.

What exactly is an NFT?

One of the forerunners of blockchain technology and cryptocurrencies (Ether, ETH), Ethereum, led to the genesis of NFTs[3].

For the uninitiated, one must assume blockchain to be a large shared ‘network’ that many computers are connected to. In addition to being the platform where these transactions take place, the network also keeps a record, in the form of a digital database or ledger, of every single transaction that takes place on it. The entries on this ledger is visible to  everyone who is connected to the network, but they cannot be altered or deleted by anyone. The data that is recoded is then stored in ‘blocks’. Blocks have certain storage capacities which, when filled, are closed and linked to the previously filled block, forming a chain of data, known as the blockchain. New data is compiled into a newly formed block, which will also be added to the chain, once filled.[4] This data structure makes an irreversible timeline of data. Each block in the chain is given an exact time stamp when it is added to the chain.[5] The fundamental characteristics of blockchain are that it is ‘decentralized’[6] (no single person has the ability to control it) distributed (data is stored in multiple places on a computer network rather than with one singular person) and immutable (the data recorded is irreversible). All of this makes it an extremely secure platform for the exchange of cryptocurrency.

Moving onto, cryptocurrencies, they are a form of digital or virtual currency, which is encrypted and protected by cryptography, fueled by the technology of blockchain.  Cryptocurrency can be used to effectuate transactions and make payments across borders without the requirement of conversion fees or conversion into different fiat currencies, making its a universal currency that can be used all over the world.

To understand a transaction better, assume if you were to make a digital payment through your bank, then your instruction to your bank would be to pay the specific amount of ₹, without making any reference to the denomination or making any differentiation, since every single ₹ has the same value. Similarly, for any particular type of cryptocurrency, for example Ether, all Ether is the same, and one Ether can be substituted for another Ether of the same value, thus making it fungible. This is in direct contrast to an NFT which is non-fungible. A non-replaceable token would  render it incapable of substitution with any other token, and therefore, unique and valuable.

A popular example to explain this concept, is to consider a famous original piece of art such as ‘Starry Night’ or the ‘Mona Lisa’. The original paintings by Van Gogh and Leonardo da Vinci respectively, are unique pieces of art that cannot be substituted with anything else. While there are many replicas, in the form of physical and digital images of these paintings, these copies do not hold the same value as the original paintings. Only the original would be worthy of sale and fetch the big bucks.

Let’s say that an emerging artist today creates a painting; he will be able to ‘tokenize’ a ‘digital’ representation of his painting, by minting an NFT to record his ownership. This will work as his proof of ownership. The NFT helps you distinguish the original version from the copies. This record of ownership is registered on blockchain.

According to Ethereum’s website, NFTs ‘live’ on Ethereum and can be bought and sold on any Ethereum-based NFT market. Ethereum describes NFTs as ‘tokens’ used to represent and claim ownership of unique items, which give us the ability to tokenise things like art, collectibles, even real estate, which are trackable by using Ethereum’s blockchain as a public ledger; now other platforms also have the capability to mint NFTs. An NFT is minted from digital objects, i.e., a representation of digital or non-digital assets, and can only have one owner at a time. Ownership is managed through the unique identifier and metadata[7] that is directly linked to one Ethereum address and no other token can replicate. When a person mints an NFT, they execute smart contracts, stored in code, that assign ownership and manage the transferability of the NFTs[8]. This information is added to the blockchain where the NFT is being managed. The data from the minting process is recorded in blocks and “immortalised” on the blockchain.[9]

What does ‘ownership’ of an NFT mean?

You could own an NFT as the ‘creator’ of the NFT or as the ‘purchaser’ of the NFT. From an intellectual property (IP) law perspective, a creator should mint an NFT only in respect of an asset or an item that he owns the rights to[10] or if he has been permitted to, by the owner of rights in that asset or item. For example, the author of a book, provided that he has not sold his rights[11], will be able to create NFTs of the characters from his book. Say he creates a moving JPEG image of the main character in the book and mints an NFT of this image. As the creator of the NFT, the author is presumed to be the owner of IP[12] as well as the owner of the NFT, i.e., the ‘digital certificate of authenticity’ or the ‘token’. When a purchaser buys the NFT of that image from the creator, what becomes critical to understand here is that the purchase of the NFT is usually limited to the purchase of only the ‘token’ or ‘digital certificate of authenticity’ and not of the rights or copyright in the image or the character. The transfer of rights during the sale of an NFT is determined by the terms of the ‘smart contract’ that accompanies the transaction.

Jack Dorsey, Twitter’s co-founder, sold the image of his first tweet as an NFT, by auctioning it on a platform called Valuables. The terms of the sale specify the sale is in respect of “an autographed certificate of the tweet”, making it evident that the copyright in the tweet does not transfer to the NFT purchaser. If the NFT owner is willing to transfer or license the rights in the asset along with the NFT, the applicable terms of the sale and for use of the asset will need to be captured in the smart contract. In the case of  Cryptokitties, NFT purchasers have been allowed to commercialize the ‘kitties’ and make up to a maximum of US$100,000 in gross revenues from them, on a yearly basis. In most cases, NFT creators have specifically restricted all commercial use of the work..

NBA’s Top Shot platform has created NFTs of NBA video clips and has very stringent terms regarding the use of their NFTs. The platform’s terms of use state that NFT purchasers may not modify them, use them commercially, or use them alongside certain types of objectionable content.

From a rights perspective, the terms of the smart contract accompanying the transaction become crucial. NFT creators must define the exact scope of the license and terms for the use of the NFT and the work. Along with the right to retain IP, the NFT creator, assuming he is the owner of the work, can also specify the royalties that he will be entitled to for each sale and resale of the NFT in the smart contract and create a new revenue stream for himself. An NFT creator can determine these terms as per his preference and build them into the smart contracts. Royalty payments will be made automatically, since ownership is built into the content itself, every transaction of sale would ensure that the NFT creators get paid because the NFT creator’s address is part of the token’s metadata, which can’t be modified.

NFTs and Rights

It will become increasingly important for IP owners to take action and assert their rights against unauthorized tokenization.

Universal Music Group (UMG), recently announced an expansive global partnership with Genies, to develop avatars of their iconic artists and NFT digital wearables, to bring recording artists into the metaverse.[13] UMG would only be able to do this after obtaining permission from these artists to turn their persona into avatars for use in the metaverse. The artists, in such cases, may want to customize, limit and specify restrictions, may want approval rights over the final images, and may also want to retain the right to create their own avatars for the metaverse, in which case, they would have had to permit UMG and Genies to do this on a non-exclusive basis. Further, we aren’t aware of the commercial understanding with the artists. It is likely that UMG will pay them sufficiently from each avatar and NFT sale.

What happens to ‘characters’ played by artists in the film or a series? In most cases, and subject to the contractual terms of the agreements, the producer of the content is the owner of all rights in the audio-visual content as well as the characters that have been created. Artists also assign all rights in their recorded performances to the producer. As the owner of all rights, the producer can create NFTs of clips from the content featuring the artists or even NFTs based on the characters portrayed by the artists. However, if the artist intends to create NFTs of the character that he has portrayed, he will need the permission of the producer, and licensing fees may also need to be paid to the producer. However, it is important to understand that agreements will not specifically refer to NFTs and if this position is challenged, the outcome would depend on the courts. The courts may be of the view that artists should receive commercial benefits along with the producers from the sale of NFTs in which their personas and likeness are being used. Going forward, artists may start specifically negotiating and reserving these rights for themselves or instead, ask for a share in the revenues.

Our current laws, consumer protection and e-commerce rules may not be wide enough to be applicable to these technologies and marketplaces, but these things will become clearer with time and especially after they become the subject matter of lawsuits whose decisions will hopefully clarify these issues. It is natural and logical to assume that, as NFTs come into the mainstream more prominently, guidance and protocols will be developed and will become precedents to be adhered to.


Unsurprisingly, technology is moving at a much faster pace than most of us, leaving governments with very little time to catch up. Governments will be able to effectively frame laws, legalize and regulate these activities only after they are able to understand them and the technology behind them completely.

For now, and until real world steps on the accelerator and comes up to speed, and starts defining the rules that will apply to people and their property in the virtual world, the virtual world will have to adapt and borrow from the physical world. It’s going to be an interesting ‘virtual’ space to watch.






[6] Blockchain technology is also known as decentralized ledger technology (“DLT”). DLT refers to the use of a “decentralized” network for the purpose of carrying out peer-to-peer transactions, in contrast to the conventional “centralized” system of relying on a trusted third-party to manage the transactions (such as a bank).

[7] The ‘token’ portion of an NFT is a digital identifier designed to track the asset and its ownership

[8] Every subsequent transaction and change in ownership of the NFT is also recorded in the transaction history on the blockchain from the date of minting


[10] Creating an NFT is respect of an asset that is owned by another person will lead to claims of infringement and violation of rights from the actual owners of such assets.

[11] An author of a book is normally the owner of all rights, including IP, in the book, the story, the characters, etc. However, if the author has assigned or sold all his rights to another person, and has not retained any rights, then he is no longer the owner of rights in the book that he has authored. The assignee or subsequent owner will then have the right to create NFTs based on the book, story and characters, etc.

[12] Unless an owner of rights while retaining his rights, permits a third party to create and monetize NFTs as part of a commercial arrangement


Meghana Chandorkar, Partner, is an Alumnus of ILS Law College, Pune. Meghana has 12 years of experience as an Intellectual Property and Media & Entertainment lawyer. After graduating in 2009, she has worked with the intellectual property teams of leading law firms, with a strong focus on trademark and copyright law, as an in-house counsel for a music company, and for a broadcast, media, and entertainment company.
Bagmisikha Puhan, Associate Partner, is an Associate Partner at the Firm. She graduated in 2014, and specializes in Technology Law, advising clients in the ITeS, media, healthcare and pharmaceuticals, space sectors on regulatory, policy, compliance, and transactions. A member of the Telemedicine Society of India, Bagmisikha also conducts capacity-building and training programmes.

    Internship Opportunities

    Upload CV

      Work With Us