The metaverse—a three-dimensional virtual world where avatars, each representing a user, participate in social activities (relating to games, work, culture, the economy, etc.)—is currently the subject of various legal reflections to determine whether its regulation should be bottom-up or top-down.
Whereas bottom-up regulation implies recognising its capacity for legal autonomy, top-down regulation implies the intervention of states—and possibly supranational organisations—in its legal structuring.
The metaverse has de facto a relative legal autonomy. Indeed, as the Roman saying goes, ‘ubi societas ibi jus’ (in every society there is law). Since the metaverse is a social space where avatars meet for various activities, norms necessarily emerge from below, in accordance with bottom-up regulation.
This is also the opinion of the jurist Santi Romano, who considers that any community established as a stable, objective, and singular social body must be considered as a legal order that produces its own norms (Santi Romano, The Legal Order). Now, since the metaverse persists despite the deletion or addition of active or inactive avatars (i.e. it is stable), encompasses the various social relations that take place between them (i.e. it is objective), and is distinct from other social orders in real life (i.e. it is singular), it can therefore be considered a genuine legal order capable of producing its own norms.
Moreover, bottom-up regulation would not dilute the originality of the metaverse, whose rules—emanating from a post-national virtual space—can only be different from those of real life, as Sang-Min Park of Korea University and Young-Gab Kim of Sejong University note. The two researchers, noting the necessary autonomy of the metaverse from the real world, thus write: “It is necessary to build a Metaverse with a worldview and ethical consciousness in which various avatars can live, rather than a Metaverse as a physical space.” (“A Metaverse: Taxonomy, Components, Applications, and Open Challenges” in IEEE Access, 2022, vol. 10).
Finally, one of the advantages of such a regulation could be to avoid conflicts of jurisdiction in the case of disputes between avatars whose users are domiciled in different countries.
On 8 February, according to Reuters, the Executive Vice-President of the European Commission for a Europe prepared for the digital age explained that she wanted to better understand the metaverse to decide on measures to regulate it: “The metaverse is here already. So of course we start analysing what will be the role for our legislature,” said Margethe Vestager.
If such a top-down regulation—which would come from both states and the European Union as far as part of Europe is concerned—is envisaged, then we can imagine two possibilities regarding the appropriate legal regime for avatar activities.
Firstly, the avatars could be assimilated to a sui generis legal status specific to the concept of “virtual person” theorised by the Conseil d’État in its 1998 study entitled “Internet et les réseaux numériques” (Internet and digital networks), which wondered whether it was necessary to “recognise the existence of a virtual person with rights distinct from those of a physical person.” Thus, they would have a real legal personality and would be legally responsible for their activities within the metaverse (just as companies are legally responsible for their acts even if they are not natural persons).
Secondly, it might be possible to consider the avatar as a mere virtual extension of its user. The latter would then be legally responsible for the activity of their avatar in the metaverse. But this solution poses problems. If an avatar “rapes” another avatar, should the user be found guilty of rape as if it were a real-life rape? If an avatar “steals” from another avatar, should the user of the stealing avatar be convicted on the basis of the legal regime adapted to real-life theft? Also, if a space in the metaverse is equipped with cars, should the user of the avatar committing traffic violations be convicted? And if so, on the basis of which country’s traffic regulations? And so on. This solution therefore has many limitations and seems complicated to consider.
The need for top-down regulation
Nevertheless, we believe that top-down regulation is necessary—in addition to bottom-up regulation—for at least three reasons relating to cybersecurity, cybercrime, and the obligation of states to ensure a minimum level of legal cohesion.
Firstly, the data collected from metaverse users is much more extensive and detailed than that relating to simple Internet activity, since it emanates from the user’s overall behaviour (including their voice and gestures). States and the European Union must therefore quickly adapt their rules on the protection of privacy so that hackers and platforms managing virtual worlds do not seize this data for illegal and malicious purposes.
Secondly, as the researcher Audrey Hérisson has analysed very well, any newly discovered virtual space necessarily becomes the subject of conflicts determining those that will take place in real life (“Le cyberspace, cet espace de confrontation à part entière” (Cyberspace, this fully-fledged area of confrontation) in Stratégique, Institut de Stratégie Comparée, 2017, n°117). It is quite conceivable, for example, that terrorists will take advantage of the metaverse to conduct recruitment operations for future crimes in real life. States must therefore start to structure processes for deploying some of their sovereign functions in the metaverse.
Finally, because we are in an era where legal plurality has taken precedence over a quest for legal unity and cohesion (see my article “Avant la loi ?” (Before the law?) in Grief, Dalloz, 2018, No. 5), it is preferable not to accentuate this phenomenon by granting too much legal autonomy to the metaverse. Indeed, if investment in this virtual space becomes significant in the future, each state will have to ensure that what it prohibits in real life is not permitted in the metaverse so that the social cohesion—of which it is the guarantor—is not fragmented by a kind of legal schizophrenia.
- Digital transition
- Cyber industrial safety
- Security and Stability in Cyberspace
- Cyber risks
- Operational security
- Antifraud action
- Digital identity & KYC
- Digital Sovereignty