Novel Legal Issues of IoT and DLT in Smart Contracts, Constitutional Limits, Civil Liability and the Quest for a European Governance

Digital interconnection of “smart” devices (IoT) and the rise of distributed-ledger technology (DLT) have enabled self-executing agreements, smart contracts, capable of acting without human oversight. Celebrated for their potential to enhance efficiency, these technologies also press against foundational legal principles. This thesis investigates the tension between code-driven contracting and European constitutional guarantees, including legal certainty, individual autonomy, and effective judicial protection, while also unsettling classical doctrines of civil liability. Building on a comparative doctrinal analysis across Italy, Germany, the UK, the US, and Singapore, and an empirical mapping of key EU legislative initiatives (GDPR, Data Act, MiCA, AI Act, Cyber Resilience Act), this thesis interrogates three core questions: 1. Constitutional compatibility: Do immutable DLT records and autonomous IoT-driven performance threaten the right to privacy, due-process values or separation of powers? 2. Attribution & liability: How should deterministic vs. non-deterministic AI agents embedded in smart contracts be allocated fault within existing tort and product-liability regimes? 3. Regulatory design: What model of EU governance, hard law, regulatory sandboxes or transnational technical standards, best balances innovation and rights-protection? A mixed-method framework combines (i) legal-theory reconstruction, (ii) case-law analytics on EU and Member-State judgments, and (iii) scenario testing with prototype automated-contract code. Findings reveal a growing “accountability gap” where constitutional principles are formally preserved yet practically eroded by code-based automation. To bridge this gap, a two-tier liability matrix is proposed, distinguishing code authorship risk (strict) from oracle-data risk (fault-based). This offers clear guidelines for distinguishing between code authorship risk and oracle-data input risk. These recommendations offer legislators a path towards a harmonised, innovation-friendly, and constitutionally sound digital-contract ecosystem. Specifically, this thesis recommends the adoption of a model EU Regulation on Critical Autonomous Contracting Systems, coupling mandatory human-override clauses with a default distributed-liability fund. Additionally, it proposes a two-tier liability matrix, offering clear guidelines for allocating responsibility in AI-driven smart contract ecosystems.