In this blog series we have been considering a variety of legal issues that are arising with the development of the metaverse. Given that the metaverse could “unlock a trillion-dollar opportunity in Asia”, in this post we highlight some of the key legal issues specific to three important Asian jurisdictions: Singapore, Hong Kong, and mainland China – each with different regimes and approaches for business to navigate.

Businesses across the region are eager to develop and tap into the future of the metaverse

According to Deloitte, the emergence of the metaverse has two key drivers – technological and demographic – which are particularly pronounced in Asia. South Korea and China are leading the world in 5G deployment. Over 60% of the world’s youth aged 15 to 24 live in Asia, along with 1.3 billion mobile gamers. Given the nexus between games and the metaverse, industries in Asia have been experimenting with metaverse technologies and Deloitte consider the region “an interesting one to watch” for metaverse development.

  • Singapore: As a tech forward nation, Singapore’s sovereign wealth fund Temasek is investing in the metaverse along with other frontier technologies. DBS bank has been exploring the metaverse as it pushes into digital (being one of the first to obtain a digital payment tokens licence) and Singapore even had its first metaverse wedding in 2022.

     
  • Hong Kong: Hong Kong continues to push back the frontiers of Metaverse-related use cases. The Hong Kong Philharmonic Orchestra has announced a first-ever metaverse symphony in May 2023, featuring Hollywood film composer Elliot Leung’s music and an immersive art experience created by Hong Kong-based new media artist Henry Chu. Hong Kong’s leading telecommunications providers PCCW and HKT have also recently announced the launch of “Futurera” metaverse in which job applicants complete virtual missions as part of their recruitment process.

     
  • Mainland China: Companies like Tencent, NetEase, TikTok owner ByteDance and Alibaba could be the front-runners in this space among China’s internet companies. However China looks set to focus on its own metaverse, given that stringent regulatory oversight of online content, scrutiny of algorithmic recommendations and restrictions on cross-border data transfers will limit interoperability with foreign metaverse platforms.

As Asia experiences more stable growth as the region recovers from the COVID-19 pandemic, we expect a spur in investment activities in the metaverse market within Asia. However, businesses looking to explore metaverse opportunities, should take note of some key legal issues and areas of uncertainty.

#1 Cyber security 

The metaverse is likely to create new cybersecurity challenges. Greater user interaction and immersion will exponentially increase user data’s collection which may be attractive to cybercriminals. Bad actors may hack virtual reality (VR) or augmented reality (AR) devices (which capture highly-granular eye movements, biometric features and behavioral data) to generate fake identities for malicious purposes. Whether existing legal frameworks will apply, and what obligations are imposed/protections given could vary:

  • Singapore: Hacking and related offences are prohibited under the Computer Misuse Act 1993, which criminalises the (a) unauthorized modification of computer material, (b) unauthorized use or interception of computer service, (c) unauthorized access to computer material. Payment services providers as well as players in the banking, financial services and insurance sectors are also subject to technology risk management guidelines and notices. The Cybersecurity Act 2018 and the Cybersecurity Code of Practice for designated critical information infrastructure impose obligations to conduct vulnerability assessment, penetration testing threat monitoring and detection, and incident reporting.  

     
  • Hong Kong: The government plans to introduce cybersecurity legislation to impose network security obligations on operators of critical information infrastructure, bringing Hong Kong in line with international standards. The Law Reform Committee has also advocated for the criminalization of (1) illegal access to program or data; (2) illegal interception of computer data; (3) illegal interference of computer data; (4) illegal interference of computer system; and (5) making available or possessing a device or data for committing a crime. In the meantime, sectoral regulators have imposed cybersecurity requirements or guidelines for the banking, financial services and insurance sectors.

     
  • Mainland China: China’s PRC Cybersecurity Law came into effect in 2017 and established a 5-layer grading system for information systems based on their importance. It creates obligations to report breaches and more onerous obligations on operators of critical information infrastructures, e.g. with respect to data localisation, restrictions on procurement etc.

#2 Personal data issues 

Given the potential for the metaverse to generate massive amounts of data, the issue of extensive and/or invasive data collection may arise. Greater online tracking in the metaverse may also lead to even more intrusive targeting of users using a wide pool of available data points. Personal data flowing across the metaverse and passing through domains/servers hosted at different countries also challenges compliance with cross-border data transfers rules: although it is not clear exactly how these will apply in the borderless metaverse.

  • Singapore: Personal data can only be transferred to a recipient outside of Singapore if the recipient is contractually bound by legally enforceable obligations to provide a standard of protection to that afforded under the Singapore data protection regime.

     
  • Hong Kong: Businesses should ensure that the cross-border transfers comply with the original purpose of use and users' reasonable expectations. Whilst the specific cross-border provision Personal Data (Privacy) Ordinance has not come into effect, businesses are encouraged to comply with certain obligations as a matter of best practice e.g. obtaining written consent from data subjects or ensuring contractual protection of personal data.  

     
  • Mainland China: Data transfers of personal information out of mainland China are permitted via three mechanisms: (1) concluding a standard contract with the overseas recipient, (equivalent to the GDPR Standard contractual clauses and considered the most business-friendly and popular method);(2) obtaining a personal information protection certification issued by a specialised institution pursuant to the data export certification mechanism aimed at cross-border data transfer within the same corporate group (which can takes up to 110 working days); and . (3) passing a government-led security assessment (required for “important data”; large volumes of personal data and other specific transfer to be confirmed).

Privacy officers receiving complaints need to treat existing privacy rules as applicable in the metaverse. However, identifying the person which determines the purposes and the means of the personal data use (e.g. whether it is the metaverse operator, the manufacturer of the VR headset or other persons) and who will shoulder the primary privacy law compliance will be a challenge, making the enforcement of data information rules by metaverse users an area of legal uncertainty.

#3 Payments

It should be possible to deploy crypto or other forms of digital assets (e.g. Central Bank Digital Currencies (CBDCs) under development) to facilitate payment transactions in the metaverse.

  • Singapore: The Singapore courts have indicated that they will protect crypto as per fiat payments for example by ordering freezing injunctions with respect to stolen cryptocurrencies and orders for cryptocurrency exchanges to provide information as to their ownership.

     
  • Hong Kong: The government has acknowledged of the importance of crypto for investors (professional and retail) and taken a risk-based approach to regulating crypto which bodes well for the use of cryptocurrencies for payment transactions in the metaverse. Hong Kong’s own retail CBDC “e-HKD” could also be a source of metaverse “currency”. Digital wallets may facilitate interoperable payments across metaverse platforms, although note that these may be regulated as stored value facilities (SVFs). Metaverse platforms involved in virtual asset trading platform business providing trading of non-security tokens will need to be licensed with effect from June 2023.

     
  • Mainland China: The creation and use of cryptocurrencies are generally not permitted in China under the cryptocurrency ban (except for NFTs and private crypto-based transactions). China is unlikely to change its position on this in the near term, but is accelerating the development of its own Digital Currency Electronic Payment system, which could provide an alternative form of payment in China’s metaverse.

#4 Intellectual property

Protecting rights to ownership of digital assets in the metaverse involves IP such as copyrights, patents, trademarks, designs and drawings. As discussed previously, the challenge is more around the practical or technical enforcement of IP across multiple metaverse platforms. Parties will need to rely on existing laws and concepts (e.g. copyright is protected worldwide, while trademarks need to be register in different jurisdictions) although once again, identifying the relevant parties subject to obligations may be difficult in a metaverse setting.

  • Singapore and Hong Kong: There are no specific court cases on IP in the metaverse in Singapore and Hong Kong yet, creating a lack of clarity around how IP within the metaverse would be enforced.

     
  • Mainland China: In terms of copyright, the Chinese practice seems to stick with the traditional principles that the owner of the original physical works should still be the owner of the derived NFTs unless otherwise agreed by the involved parties. Following the extension of design patent protection to metaverses in some other Asian countries, Chinese players have started filing design patents to protect NFTs and metaverses.

Looking ahead

For our full metaverse series visit: Contemplating the metaverse: Opportunities and risks (linklaters.com) and look out for our next series, focusing on legal issues in the video gaming industry, launching soon.