The Tulip Trading litigation addresses whether software developers who maintain Bitcoin networks may owe fiduciary or tortious duties to cryptocurrency owners. This question sits at the intersection of law and technology, thus raising issues about decentralisation, the scope of fiduciary obligations, the possibility of tortious duties, and the adaptability of common law to new forms of property and control. The Court of Appeal’s judgment in Tulip Trading Ltd v Van der Laan & Ors [2023] EWCA Civ 83 reversed the High Court’s decision and found that Tulip’s claims raise a serious issue to be tried. The decision did not establish that such duties existed but recognised that the case was arguable and should have proceeded to trial so that a determination could be made. This case analysis examines the four main themes emerging from the judgment which are decentralisation, fiduciary duties, tortious duties, and legal innovation, drawing directly from the Court of Appeal’s reasoning and the parties’ submissions.
A central theme in the appeal was whether Bitcoin networks are genuinely decentralised or if, in practice, a small group of developers exercises real control over the networks. Tulip Trading argues that developers have practical power over the networks because they control the source code on platforms such as GitHub. This power includes the ability to implement or refuse changes to the software, which can affect the network's operation and the security of assets held on it. The Court of Appeal accepted that it is arguable that developers are not a large, amorphous group but rather a defined set of individuals who make discretionary decisions about the software.
While the defendants argued that the networks are decentralised and that any change would require consensus among a shifting and diverse group of contributors, the Court held that this factual dispute could not be resolved without a trial. The judgment refers to academic work, such as the critique by Angela Walch, which questions the reality of decentralised governance in blockchain systems.[1] According to Walch, decentralisation in public blockchains like Bitcoin may be overstated, with a small group of developers potentially exercising significant control. This perspective supports Tulip's argument that control in Bitcoin networks might not be as widespread as assumed, and therefore, legal responsibilities may still apply. The Court acknowledged that there is academic literature taking the opposite view, but found Walch’s analysis particularly relevant in demonstrating that the decentralisation issue was genuinely arguable and central to the legal questions in the case.
The Court of Appeal held that developers’ decisions on the code, including introducing, refusing, or fixing software changes, constitute a form of authority. This authority goes beyond technical aspects and involves discretionary decision making that impacts all network participants, including miners and asset owners. Consequently, the Court found that the question of whether the developers’ role is sufficiently centralised to give rise to legal duties would be a matter for trial and not summary determination.
The Court of Appeal treated decentralisation as a question of fact to be examined rather than assuming it as a given. If it had been established at trial that developers hold real power over the network’s operation, the law might have recognised this power as carrying certain legal responsibilities or duties, potentially altering the understanding of control and accountability within decentralised networks. However, the trial never took place because Craig Wright discontinued the Tulip Trading claim after the COPA[2] case in which the court found against him and discredited his claims regarding Bitcoin and being Satoshi Nakamoto the unknown founder of Bitcoin.
The Court noted that the fact that developers can introduce or refuse to fix bugs, and that miners and users are likely to follow the software changes they implement, supports Tulip’s argument that developers have a decision-making role. The analogy drawn is to trustees or company directors, who exercise discretionary power over property or interests belonging to others. The Court also observed that the existence of forks or the possibility of rival protocols does not necessarily negate the existence of a core group with significant influence. The factual complexity of how software governance operates means that the issue of decentralisation cannot be resolved on the pleadings alone.
The second theme is whether the developers’ role gave rise to fiduciary duties owed to Bitcoin owners. Tulip Trading argued that the developers’ control over the software meant they had assumed responsibility for the assets held on the networks. The claim was that developers formed a new, ad hoc class of fiduciaries, who owed duties of loyalty and care to cryptocurrency owners. The Court of Appeal considered the established test for fiduciary relationships, as set out in Bristol and West Building Society v Mothew[3] and FHR European Ventures LLP v Cedar Capital Partners LLC.[4] The key features are that the fiduciary acts for or on behalf of another in circumstances giving rise to trust and confidence and owes single-minded loyalty to the beneficiary.
The Court found it arguable that developers, by controlling the software, had undertaken a role that related to the interests of Bitcoin owners. Developers’ ability to make discretionary decisions about the code, and thus about the security and accessibility of assets, meant that objectively they may be seen as acting for the benefit of others. The Court considered that developers’ roles involved both authority and responsibility. The fact that developers can decide whether or not to fix bugs and that no one else can implement changes without their agreement supports the view that owners have effectively placed their property in the care of developers. The Court noted that the existence of a fiduciary duty is not determined by the subjective intentions of the parties but by the objective circumstances. The developers’ argument that they are a fluctuating and unidentified group was found to be a contested factual issue and not a reason to strike out the claim at this stage.
The Court additionally examined the scope of any potential fiduciary obligation. Tulip’s case was that developers’ duties would include not only refraining from acting in their own interest but also taking positive steps, such as implementing a patch to recover assets lost through theft or hacking. The Court accepted that it was arguable that fiduciary duties may include positive obligations, especially where developers alone have the power to act. The fact that a duty may require active intervention does not, in itself, prevent it from being a fiduciary duty. The Court noted that trustees and other fiduciaries are sometimes required to take positive steps to protect beneficiaries' interests. The question of whether such duties are workable or appropriate in the context of open-source software will depend on the facts established at trial. The Court recognised that if developers’ roles are found to be sufficiently analogous to that of a trustee or director, the law may develop to impose new forms of fiduciary responsibility in response to technological change.
The third theme concerns the possibility of tortious duties arising from developers’ relationships with bitcoin owners. Tulip Trading’s claim in tort was closely tied to its fiduciary claim. The Court of Appeal noted that in Tulip's case the tortious duty would only arise if developers also owed a fiduciary duty. Given the close relationship between the two claims, the Court determined that if the fiduciary duty claim was arguable, the tortious duty claim would be arguable as well.
Tulip’s tortious claim was based on the argument that, by relying on the developers to maintain and control the software, bitcoin owners had effectively entrusted their property to the developers, and that this entrustment could give rise to a duty of care in tort if the developers assumed responsibility for safeguarding those assets. The developers’ control over the software meant they had the ability to act to protect or endanger the assets. The Court found it arguable that this relationship could give rise to a duty of care in tort, particularly if it is established that developers have assumed responsibility for the property of others. The Court referred to the principle that tortious duties can arise where one party has assumed responsibility for another's interests and where there is reliance or vulnerability. The factual question of whether bitcoin owners have entrusted their property to developers and whether developers have assumed responsibility cannot be resolved without a trial.
The Court also addressed the argument that developers’ duties would be too onerous or unworkable. The defendants contended that imposing a duty to act for the benefit of one owner could conflict with duties owed to others or the network as a whole. The Court accepted that these were important issues but found that they did not prevent the claim from being arguable. The Court noted that trustees and other fiduciaries often have to balance competing interests and that the existence of conflicting duties does not necessarily preclude the imposition of a duty of care. The Court also observed that whether developers’ duties would be unworkable in practice would be a matter for trial and not summary determination.
The adaptability of common law to new forms of property, control, and responsibility is a significant aspect of this litigation. The Court of Appeal recognised that Tulip’s case, if successful, would involve a significant development of the law of fiduciary duties. The Court acknowledged that the categories of fiduciary relationships are not closed and that the law can develop incrementally in response to new circumstances. The Court referred to the Law Commission’s work on digital assets and noted the public importance of the issues raised.[5] The Court emphasised that common law has historically responded to changes in technology and commerce by developing new principles and remedies.
The Court was careful to stress that its decision does not establish that developers owe fiduciary or tortious duties to Bitcoin owners. Rather, the Court found that the case raises serious issues that should be determined at trial, once the facts have been established. The Court’s approach reflects a reluctance to decide complex and developing questions of law on assumed or hypothetical facts. The judgment notes that the internet is not a place where the law does not apply and that courts have jurisdiction to determine claims relating to property situated in England. The Court also recognised the practical and policy challenges that may arise if new duties are imposed on software developers, including the risk of conflicting claims, the need for workable remedies, and the potential impact on innovation and the operation of open-source networks.
The Court’s reasoning suggests that the law may be willing to recognise new forms of responsibility where individuals or groups exercise real power over valuable assets, even in the context of decentralised or open-source systems. The judgment indicates that the existence of technological complexity or the novelty of the issues does not, in itself, prevent the law from developing to address new forms of risk and control. The Court’s decision to allow the claim to proceed to trial reflects a commitment to ensuring that legal principles keep pace with technological change while also recognising the need for careful factual and legal analysis before new duties are imposed.
The Court of Appeal’s judgment raises important questions about the adaptability of common law to blockchain governance. If English courts ultimately affirm fiduciary duties for developers, this could create tensions with jurisdictions that exempt developers from liability, such as Switzerland, or exclude them from regulatory frameworks like the EU's Markets in Crypto-Assets (MiCA). The case highlights the need for consistency in how legal systems address developer authority over decentralised networks. Jurisdictions with sandbox approaches might also face conflicts with English judgments. Conversely, the judgment aligns with emerging US regulatory trends where control is a key determinant of liability and proposed legislation envisages fiduciary standards for digital asset custodians. In this context, the Tulip Trading case might influence international approaches to developer obligations.
The case also intersects with broader common law traditions. For instance, Australian courts acknowledge that mere inequality of bargaining power cannot alone create fiduciary relationships, thus aligning with the Court of Appeal's approach.[6] Canadian jurisprudence emphasises that fiduciary duties require explicit undertakings of loyalty,[7] thus contrasting with the English court's focus on functional control. This divergence highlights the novelty of the Tulip Trading approach, which potentially expands fiduciary recognition beyond consensual undertakings to functional power dynamics. The Singapore Court of Appeal requires ‘ascendancy and influence’ for the imposition of fiduciary duties.[8] This means that in Singapore, one person must have a clear position of power or significant influence over another before the law will impose these special duties of loyalty and care. For example, a company director has ascendancy over the company's affairs and can influence decisions that impact others.
In contrast, the English Court of Appeal in the Tulip Trading case did not require this type of personal dominance or influence. Instead, the English court focused on whether someone has practical control over important assets or systems, such as developers' ability to change Bitcoin's code. Consequently, English law may impose fiduciary duties on individuals with real, practical authority, even if they do not hold a traditional position of power over others.
Understanding the reasoning of the Court of Appeal necessitates examining Bitcoin's operational architecture. Each blockchain network operates through nodes running open-source client software with consensus mechanisms validating transactions.[9] Developers maintain reference implementations on platforms like GitHub and control code modification permissions through cryptographic keys. The Court accepted Tulip's argument that this control constitutes authority over network protocols as miners typically auto-update software to maintain compatibility. This technical reality supports the idea of the ‘myth of decentralisation’ because, although nodes can theoretically choose software versions, practical economic factors often force them to adopt updates approved by developers. The judgment implicitly recognised that protocol governance resembles a structure common in open-source projects where core maintainers exercise decisive influence. This led the Court to conclude that developers might have responsibilities for managing assets.
Had the trial occurred, the likelihood of a ruling in favor of Tulip could have compelled developers to act as custodians. This would have required them to maintain recovery mechanisms for lost keys, implement court-ordered code changes, and audit protocols for vulnerabilities. Such a shift would transform developers from passive maintainers into active guardians of user assets, which is a role contrary to blockchain's foundational principles. This change could potentially lead to jurisdictional arbitrage, resulting in developers relocating to jurisdictions offering legal protection against liability. The case highlights a policy paradox because imposing duties might improve asset security, whereas it also conflicts with blockchain's anti-custodial ethos. Although the case was discontinued in 2024 following Craig Wright's defeat in the COPA trial, its legal significance remains intact. The Court of Appeal's reasoning suggests that if courts determine decentralisation is an illusion, developers may bear fiduciary duties. This could potentially transform blockchain from a trustless system into one where developers have legal obligations to users.
The Court of Appeal’s decision in the Tulip Trading case marks an important development in addressing the legal challenges associated with blockchain technology and digital assets. It highlighted the need for thorough examination of issues such as decentralisation, fiduciary duties, tortious duties, and legal innovation. The Court treated questions of control and responsibility as factual matters requiring evidence rather than being resolved through pleadings alone. Although the decision did not establish that developers owe legal duties to Bitcoin owners, it deemed the case arguable and worthy of proceeding. However, the trial did not occur because the Tulip Trading claim was discontinued following the outcome of the COPA case. In that case, the court ruled against Craig Wright and discredited his assertions about Bitcoin and his identity as Satoshi Nakamoto, the unknown founder of Bitcoin. Despite this, the implications of the Court's decision remain significant for blockchain network governance and the responsibilities of software developers. It also influences the development of common law in adapting to new forms of property and risk.
The judgment demonstrates a careful application of legal principles to a complex area, showing the Court’s willingness to engage with technological realities while maintaining established legal doctrine. Moreover, the Court acknowledged that the question of Bitcoin’s true decentralisation is a factual issue requiring further exploration. It recognised the credibility of the argument that developers may exercise significant power and authority. If decentralisation is truly a myth, there could be a strong case for imposing fiduciary duties on developers. This insight challenges the traditional view of decentralisation in blockchain systems and suggests potential legal obligations for those who wield substantial control over these networks, even though the trial to explore these issues further did not proceed.
Brian Sanya Mondoh, Pupil Barrister (TBG) and Attorney at Law, Founder at Blockchain Lex Group and CryptoMondays Caribbean and Africa
Palesa Roza Gwele, Director of Communication and Head of Research at Blockchain Lex Group and CryptoMondays Caribbean and Africa
Disclaimer: This publication is for informational purposes only and does not constitute legal or financial advice. The content is not intended to be a substitute for professional advice or judgment. Please consult with a qualified legal or financial advisor before making any decisions based on the information provided in this publication. The authors and publishers are not responsible for any actions taken as a result of reading this publication.
[1] Angela Walch, ‘In Code(rs) We Trust: Software Developers as Fiduciaries in Public Blockchains’ in Philipp Hacker, Ioannis Lianos, Georgios Dimitropoulos and Stefan Eich (eds), Regulating Blockchain: Techno-Social and Legal Challenges (Oxford University Press 2019)
[2] [2024] EWHC 3315 (Ch).
[3] [1998] Ch 1
[4] [2014] UKSC 45
[5] Law Commission, Digital Assets: Final Report (Law Com No 256, 2023)
[6] Hospital Products Ltd v United States Surgical Corp [1985] LRC (Comm) 441, para 32
[7] Galambos v Perez [2009] 3 SCR 247
[8] Sim Poh Ping v Winsta Holding Pte Ltd and another and other appeals [2020] SGCA 35 (CA)
[9] Satoshi Nakamoto, 'Bitcoin: A Peer-to-Peer Electronic Cash System' (2008) https://bitcoin.org/bitcoin.pdf