“Is Code Law?”

By Tian Ma

In “Code and Other Laws of Cyberspace”, Lawrence Lessig famously coined the term “code is law” (Lawrence Lessig, Code and Other Laws of Cyberspace [1998]). While the term has been interpreted and appropriated in countless ways, a deeper reading reveals Lessig’s actual argument. By “code is law”, Lessig did not in fact propose that code and law were epistemologically identical. Rather, by dismissing assumptions behind the idea that the cyberspace was inherently a creature of freedom and liberty, Lessig sought to expose the capacity for regulation which code shared with law. Lessig argued that code regulates the cyberspace just as how law regulates meat-space societies, and can serve as an additional medium for the law to indirectly influence behaviour in the cyberspace.

Fast forward two decades, and Lessig’s then stark warnings of code’s regulatory potential would barely raise an eyebrow today. The Internet protocol, despite being designed to protect anonymity by allowing users to hide their identities behind electronic devices, has been regularly co-opted by governments and regulators as a means of censorship and control. For instance, through identifying users using digital footprint including Internet Protocol addresses and cookies, the Great Firewall of China weaponises firewalls and proxy servers to block access to state banned websites.

At the same time, technological developments have allowed cyberspace to constantly build additional layers of functionality on top of the basic internet stack, creating increasingly complex and multifaceted functionalities within cyberspace. For instance, on the interplay between code and law, the blockchain protocol and smart contract technology are not just capable of regulating conduct, but also transposing legalese provisions into code in order to provide services traditionally offered by legal systems.

Such technological developments have fuelled the idea that code does not just regulate, but is also able to draft, elaborate, and enforce law (De Filippi, Primavera & Hassan, Samer “Blockchain Technology as a Regulatory Technology: From Code is Law to Law is Code.” [2016] First Monday. 21. 10.5210/fm.v21i12.7113). In light of this, this essay will seek to take Lessig’s claim that “code is law” one step further. Instead of limiting the discussion to the regulatory potential of code, this essay will instead attempt to answer the question of whether today’s technologically advanced code can truly replicate, and replace, the role of law.

Through comparing the fundamental nature of both code and law, this essay argues that code does not, and cannot, truly embody the concept of law.

Firstly, it argues that there are inherent structural differences between code and legal rules which prevent code from exercising the full functionalities of law. Specifically, code exists as a form of metaphysical architecture; binary digits powered by Boolean and syllogistic logic. Legal rules, on the other hand, exist as conceptual matter which takes shape through their application by their officials, institutions, and subjects. This fundamental difference in architecture inhibit code’s ability to perform the role of legal rules when legal rules go beyond “closed logical systems” (Hart H.L.A. “Positivism and the Separation of Law and Morals” [1958] 71(4) Harvard Law Review 608); where legal decisions cannot be directly determined through logical deduction from predetermined rules, but instead include reference to principles and standards which require complex semantic interpretation.

Furthermore, while legal rules only manifest by being applied by metaphysical agents and therefore operate ex-post, code is its own creature and therefore automatically enforces its rules ex-ante through “a kind of physics” (Grimmelmann James, “Regulation by Software” [2005] 114 Yale Law Journal 1719 https://digitalcommons.law.yale.edu/ylsspps_papers/46)  executed by code. The need to ex-ante define the parameters of code limits code’s ability to accommodate discretion and freedom of will valued in the application of legal rules, and is incompatible with the open-textured, case-by- case development of legal rules.

Secondly, the essay argues that even if code can one day reproduce the qualities of legal rules, it cannot truly replace law itself because law is more than just a compilation of legal rules. Law as a system is greater than the sum of its parts (individual rules). It espouses virtues and objectives independent of the actual substantive content of legal rules, as well as institutions and principles which apply these rules through the legal method. Code, whose totality is embodied by computing values interacting through a system of formal logic, embodies a different set of instrumental values. It is therefore incapable of integrating the virtues and principles underlying the concept of law into its own architecture.

1. Unpacking the Capacity of Code to Become Law

In order to comprehensively assess whether code can “become” law, it is first necessary to understand the nature of code, and why it is potentially capable of “doing the work of law”(Ibid).

Code is the architecture of cyberspace – at the highest level, code consists of binary digits arranged into algorithms, which constitute the building blocks of anything and everything in the cyberspace. Code is therefore plastic, in that whatever a programmer can express in programming language, they can code. As a consequence, technological advancements in software engineering and programming have enabled code to perform complex functionalities seemingly limited only by the creativity of the human mind.

Law has been no exception to this phenomenon. Through adopting features of legal rules, code has evolved to not just serve the role of regulator of behaviour akin to law as Lessig predicted, but also to take on the shape of law in certain scenarios, where it has sometimes proven to be a more effective legal instrument than “meat-space” legal rules.

A key frontier of this development involves blockchain technology and smart contracts. Smart contracts are self-executing contracts created on a decentralised, distributed secure database built on distributed leger technology. By using code to detail and execute transactions and rules on the blockchain network, and via oracles which receive input from relevant variables, smart contract automatically construct, enforce, and execute legal transactions without the need for a central authority. They effectively exercise the role of the lex mercatoria in the cyberspace context, and transpose previously legal provisions into smart contract code.

In the context of economic and social activity taking place on the blockchain, smart contracts have the potential to entirely displace meat-space law, whose requirements (such as GDPR rules) are often incompatible with blockchain implementation (Anastasios A antoniou, “Bridging the divide between code and law in distributed ledger ecosystems” [Oxford Business Law Blog, 3rd Oct 2018] <https://www.law.ox.ac.uk/business-law-blog/blog/2018/10/bridging-divide- between-code-and-law-distributed-ledger-ecosystems>). In fact, smart contracts appear to play the role of law better than traditional legal systems here.

While traditional legal enforcement involves complex bureaucracies which require time, labour, and trust, smart contracts are enforced automatically in a trust-less environment, while eliminating the textual ambiguity of traditional legal rules through the use of formal machine logic.

This was seen explicitly in the DAO – a decentralised autonomous organisation operating on the Ethereum blockchain, whose corporate governance and decision-making was dependent solely on a series of smart contracts implemented on the blockchain. The DAO’s co-founders envisioned an ecosystem governed entirely by code, instead of meat space law; Satoshi Nakamoto, founder of bitcoin, similarly suggested that blockchain technology could lead to a society where self-enforcing code would supplant traditional laws. It appears that in such scenarios, code can indeed emulate the logic and properties of legal rules, to perform the role of law even better than meat-space law.

2. Exploring Structural Differences between Code and Legal Rules

We are therefore confronted with a state of technology where code can, and has, been designed to replace legal rules within specific spheres. In the context of commercial transactions, such as those of the DAO, legal provisions are designed for clarity and straightforward decision-making, and are thus largely presented in syntactically processable data such as logical “if, then” modus ponens clauses. Such legal provisions are therefore highly replicable by code which runs on formalistic logic.

However, the same cannot be said for legal rules outside of the context of the DAO, and this essay thus contends that code cannot replace legal rules more generally. Fundamental distinctions between the nature of code and legal rules prevent code from performing the role of law outside of such context-dependent scenarios.

Code consists of series of computing information whose effect can only be felt through their physical manifestation – when they are stored and transmitted in binary digits across physical systems such as digital devices. Therefore, the rules of code are metaphysical rules which architect, and directly act on, the cyberspace around them.

On the other hand, legal rules are intangible conceptual matter – ideas, principles, and standards which are implemented through the actions of their agents and institutions, and regulate via other modalities– for instance through influencing markets, norms, and architecture.

The tangible nature of code affixes it to metaphysical characteristics which constrain the ability of code to truly replicate legal rules.

2.1 Syntactic Limitation of Code Prevents it from Processing Legal Semantics

The building block of code consists of binary digits, which are then parsed, measured, and proven though syllogistic arguments within formalistic logical systems. Due to this architectural design of code, its recognition of symbols and arguments is limited to their syntax. However, legal rules on the other hand involves not just the use of syntax, but also semantics – the interpretation and understanding of the meaning behind such rules.

The distinction between syntax and semantics creates a significant hurdle for code to perform the role of law. The law consists of not just statutes and black letter law passed by the legislative, but also the coloured application of such legislation through the judicial process. When judges interpret legal rules semantically, they do so with a view of underlying legal principles which inform their judgements. In certain cases, these principles can exist independently of legislation, such as principles of equity developed alongside the common law. In other cases, such principles can even be used to mitigate or redirect the function of legislation. For instance, by invoking the principle of rule of law in constitutional law, the court in Anisminic Ltd v Foreign Compensation Commission (Anisminic Ltd v Foreign Compensation Commission [1969] 2 AC 147) “interpreted away” statutory ouster clauses which attempted to limited judicial review of ultra vires administrative actions.

However, code that operates on syntactic logic encounters difficulties in processing such semantic information. The use of artificial intelligence has been employed to capture semantic information through computational techniques such as natural language processing, yet even advanced AI has failed to capture complex semantic information whose interpretation involves input from highly qualitative and unquantifiable variables.

The limitation of even highly advanced computer code in this regard can be seen in the DAO hack incident in 2016. Even though the DAO system of smart contracts was able to carry out complex investment decisions and transactions akin to a legal contract, it was not able to capture the underlying principles behind the operation of the DAO. While the DAO advocated a “do not harm” imperative as one of its key principles, it was unable to incorporate such a principle into the code (Lukas Abegg, “Code ist Law. Not quite yet.” [Medium, 20th Sep 2016] <https://medium.com/@lukasabegg/code-ist-law-not-quite-yet-5335e5c8929c>). Hackers were later able to exploit vulnerabilities in the DAO smart contract syntax to drain more than 3.6 million ether from the ecosystem. Had the DAO smart contract been capable of integrating semantic rules such as “do not harm” into the code, the DAO hack could potentially have been averted by identifying the bad faith behind the hacker’s transactions.

2.2 Boolean Logic Prevents Code from Processing Non-Binary Expressions

The binary nature of computing logic further impedes code’s ability to capture complex semantic concepts. Code runs on Boolean logic requiring all values to be either true or false. Conditions and variables which produce the results must be logically defined within the scope of the code to return valid Boolean values.

However, this dichotomy cannot capture the nuance of complex legal semantic information, such as concepts of good faith and intention, the expression of which may differ across an infinite spectrum of circumstances and subjective states of mind.

For instance, the English contract law case Rose v Pim (Frederick E Rose (London) Ltd v William H Pim Junior & Co Ltd [1953] 2 QB 450) concerned a mistake on the part of both contracting parties as to the meaning of “horsebeans”. Despite the delivery of horsebeans as contracted, the court recognised that the subjective intention of both parties was to transact “feveroles” instead of horsebeans, and thereby allowed for the rectification of the contract due to the subjective intentions of the parties being in complete agreement.

While the law was able to process such subjective semantics like “intention” in its decision making, such terms which cannot be neatly fitted into “true” or “false” categories would not be captured by code running on Boolean logic. If Rose v Pim were executed on code, the program would be satisfied with the delivery of the contractual terms even if they were not what the parties in fact intended, unless such contingencies were pre-emptively coded for within the algorithm. Boolean logic would require that a “true” value be assigned to the contract performance, and thereby automatically enforce the delivery of the horsebeans (Michael Jünemann, “Can Code Be Law?” (Lexology, 10th Aug 2021) <https://www.lexology.com/library/detail.aspx?g=518bdf8d-9052-416a-9f7d-820b8d4b90fc>).

2.3 Code Operates Differently from Law in Regulating Behaviour

We therefore see that, although both code and law have the capacity to regulate, the fundamental differences in their architecture place practical limitations on the ability of code to play the role legal rules. These limitations go beyond the inability of code to replicate the nuances of legal rules, but also create inextricable differences in how code and law operate in regulating behaviour.

Since legal rules exist as conceptual, instead of tangible, matter, they cannot enforce themselves. The regulatory consequence of law is not given effect by legal rules themselves, but rather through the actions of agents and subjects of law. It is for this reason that most, if not all, modern positivist theories of law necessitate some form of agency the operation of legal rules. Earlier theorists such as Hans Kelsen and John Austin advocated that legal rules must necessarily be backed by sanctions and threats. Hart, on the other hand, held a conviction that legal rules are fundamentally linked to how they impose obligations on their officials and subjects, who in turn adopt an internal point of view towards enforcing and obeying the law respectively (“Hart, Austin, and the Concept of a Legal System: The Primacy of Sanctions.” [1975]. The Yale Law Journal, 84(3), 584–607. https://doi.org/10.2307/795466).

Code, on the other hand, is its own creature. As Lessig rightly pointed out, the rules applied by code do not find their force from the threat of consequences resulting from the rules – they are enforced through “a kind of physics” executed by code.

This creates tangible differences in the way law and code operate on their subjects. Law operates ex-post, via its agents and other modalities of regulation. On the other hand, the operation of code is ex-ante, and is applied at the moment the rule comes into effect. This intrinsic fixture of code prevents it from performing the role of law where ex-post, discretionary execution of the legal process is required.

For instance, civil law rules are generally enforced only when the party whose rights are breached bring a claim in court. The fact that laws are applied ex-post accords legal participants the discretion to choose whether to enforce their rights in court. Individuals have the freedom of choice to not pursue a case, such as in “efficient break” situations where it is more economically beneficial for a claimant to not have the contract performed.

However, as code is self-enforcing, it cannot accommodate such discretion after the rule is implemented. For instance, smart contracts deployed on a blockchain are immutable by nature of the code, and therefore their architecture prevents them from being directly modified. While it is possible for code to be programmed to increase discretionary elements in the execution of code, such elements need to be ex-ante written into the code. The need to pre-emptively define the parameters of code for it to be validly implemented is therefore fundamentally incompatible with the open-textured nature of circumstances and scenarios across which the legal process is applied.

3. Law as a System of Rules Greater than the Sum of its Parts

Thus far, this essay has argued that the fundamental difference between “code” rules and “legal” rules impairs the ability of code to serve the complete range of roles served by legal rules.

However, it must be conceded that this distinction between law and code, while structurally entrenched in their respective architectures today, may not be a perpetual truth. Artificial intelligence and machine learning have increasingly enabled code to process and adopt semantic reasoning, thereby bridging the gap between code and law. For instance, the use of deep neural machine learning networks in Natural Language Processing has allowed code to synthesise semantic meanings. By incrementally developing the machine’s understanding of the human lexicon through modelling how words are used in context, deep learning allows machines to capture semantic properties of words. This incremental processing of semantics appears starkly similar to the manner in which our legal systems interpret rules, where courts develop the legal application of rules through the doctrine of stare decisis. It is not entirely impossible that, with the development of deep learning technology, AI may one day allow code to capture similar semantic nuance as legal rules in society despite code’s limitations.

Therefore, this essay further defends its position that code is not law by making a further distinction between “law” as a system as opposed to “law” as in legal rules. This essay

argues that law consists of, but is not exhaustively constitutive of, legal rules. Rather, law as a system of rules is more than the sum of its parts, with inherent structural qualities that code cannot achieve irrespective of the extent to which code can imitate legal rules.

3.1 Code Cannot Replicate the Social Value of Legal Systems

The value of a system of law lies not just in the content of its legal rules, but also its social capital. Hart, for instance, attributes the subsistence of law to the rule of recognition – an meta-rule which allows subjects to recognise when a social rule is in fact a legal rule (Hart, H. L. A., The concept of law [1961]). However, the rule of recognition is not derived from syntax. Its existence is “not stated, but…shown in the way in which particular rules are identified”. It appears that an inherent quality of a legal system is that it is “outward-facing” – the culmination of complex social contingencies, formed from what Bentham calls “a complex network of social institutions, expectations, and regulations” (Denis Galligan, Law in Modern Society [2012]).

However, code differs in that it exists independently of the perception of those subject to it. While it can be programmed to respond to external contingencies, the ultimate source of legitimacy of code is its architect, and not whether the code is acknowledged by its users. In most interactions in cyberspace, users interact with the front end of the cyberspace with little to no knowledge or understanding of the back-end coding rules which govern their action. Often, the more complicated code is, the less transparent it is (BD Mittelstadt and others, “The Ethics of Algorithms: Mapping the Debate” (2016) Big Data & Society 1–21). In complex machine learning programmes such as Deep Blue, the AI programme which defeated the world’s top ranked chess player, the AI develops its own rules which even the programme’s authors cannot fully understand (Grimmelmann James (n 4)).

As code develops, it is progressively less likely that subjects of code can truly understand identify the rules they are governed by. Therefore, even if technology increasingly enables code to simulate legal rules, code cannot replicate the complex social interactions between laws, institutions, and subjects that can only be achieved when individuals in society are capable of internalising the rules which govern them.

3.2 Code and Legal Systems Espouse Different Instrumental Virtues

A further feature of law as a system is that it contains an internal compass of virtues which function independently of the substance of the law.

These virtues rest in the principles underlying the rule of law. Lon fuller called this the inner morality of law. Hart, while disagreeing on their moral normativity, similarly affirmed that law had instrumental virtues which he labels as “principles of legality”. Just like how a good knife’s virtue is its sharpness (Joseph Raz, The authority of law: Essays on law and morality [1979])  that enables it to cut, law is a purposive undertaking where conformity to the rule of law is a virtue in and of itself.

However, code as a system of formal logic is incapable of embodying such virtues in a similar manner. The instrumental value of code lies in its ability to express and deliver its programmes – the logical efficacy of its computing arguments and reasoning.

It is possible to imagine a code programme which incorporates the rule of law, for instance by using AI to training machine parameters which adopt a decision-making preference for the rule of law. However, this is fundamentally different from the role that the rule of law plays in a legal system, as such a coded preference does not go to the underlying nature of code, but rather the content of code – how the programmer designs the code.

The practical implication of this is that, by incorporating virtues into its substance rather than structure, code can never protect the rule of law in the same way as law does. This was evident in the DAO’s response to the DAO hack. Even though the Ethereum blockchain code was designed to incorporate principles of immutability and exclusive self-governance by smart contract code, these principles were easily overwritten when the DAO’s programmers updated the code to implement a hard fork of the Ethereum blockchain so as to reverse the fraudulent transaction.

4. Conclusion

The development of technology and code has necessitated a revisit of Lessig’s arguments behind “code is law”, but in a different sense from Lessig’s initial proposal. Having witnessed the extent of cyberspace regulations in the 21st century, we take the regulatory potential of code as given.

This essay instead considers “code is law” from a epistemological perspective. By exploring the underlying architectures of code and law, it grapples with whether technological developments have enabled code to truly embody the concept of law, and substitute the role of law in a cyberspace which increasingly simulates society.

Ultimately, this essay argues that, despite the vastly expanding potential of code, code is not law for two reasons.

Firstly, code is an inherently different creature from legal rules, and by its nature is subject to limitations in its ability to perform the role of legal rules. Code refers to the metaphysical manifestation of information through binary digits interacting in formalistic Boolean and syllogistic logic, and is therefore capable of only evaluating syntactically valid data. Law, on the other hand, consists of conceptual rules whose mode of implementation depends entirely on how legal rules affect individuals and institutions in. Code is therefore incapable of replicating not just the semantic interpretation which forms a key aspect of legal rules, but also the ex-post application of the legal process that constitutes legal rules.

Secondly, moving beyond legal rules, code is even less capable of replacing the role that the legal system plays in society.

The legal system is more than just a compilation of rules. It is an outward-facing system whose role in society manifests through its social capital – being internalised and recognised

by members of society. However, in a cyberspace where the vast majority of digital denizens do not understand the back-end code which regulate their conduct, code cannot truly replicate the complex social dynamics between legal rules and their subjects which constitutes a core function of law in society.

Laws is also a purposive creature with a specific virtue – the rule of law, which guides the development of law, and serves as a yardstick for the effectiveness of law. However, code as a system of formal logic has its own instrumental virtues, and is incapable of embedding the virtues of the rule of law into its architecture. Incidents like the DAO fork only expose that virtues coded into the substantively content of code, can just as easily be abandoned on the whim of the programmers.

For that is exactly what code is, a metaphysical manifestation of the will of its coders through the use of binary digits. And try as it might, unless a metamorphosis can fundamentally change our understanding of what code is, code is incapable of truly taking over the role of law, in cyberspace or the wider society at large.


Tian Ma is a final year law student reading BA Jurisprudence at Harris Manchester College, Oxford University. He is currently a co-founder at Legalme, a legaltech startup backed by the UK government and Tech Nation under the UK Lawtech Sandbox incubator. He was previously the Vice-President and Head of Legaltech at the Oxford Fintech & Legaltech Society.

Tian’s interest lie around the areas of smart contracts and automation.