MONTPELIER — Vermont has laid the foundation for a new type of business enterprise based on the emerging financial technology known as blockchain. The law S.269, which Gov. Scott signed into law in May, is designed to encourage the emerging technology by creating two types of limited-liability companies based on blockchain technology. The first company to take advantage of this new law has registered in Vermont. Trace LLC, a Burlington company, became a blockchain-based limited-liability company (BBLLC) on July 1, amending its business registration with the Secretary of State’s Office to use the technology for a material part of its business activities, including development, sale, use or promotion of software, applications, internet sites or digital assets that use or incorporate blockchain technology, or any other legal purposes. The amended registration lists one of the principals as Paul Lintilhac of Brooklyn, New York. “That company with our help has been monitoring these regulatory developments in Vermont for a while,” said David Thelander, a lawyer with the Burlington firm of Gravel & Shea. “And frankly we just think it really demonstrates, frankly, the hard work the Vermont Legislature and the governor’s administration in, indeed, succeeding in attracting blockchain innovative industries to Vermont.” Described as a distributed ledger or database, blockchain is viewed as a more transparent and far more secure way of transacting business online than if that database was stored in one location. The law establishes a legal framework for a BBLLC, a company that employs blockchain technology in its business, as well as establishing a personal information protection company (PIPC) that specifically collects and stores personal information. The law protects owners and managers of blockchain companies as well as participants from unwarranted liability. It also provides a legal framework to craft specific blockchain governance structures suitable for the business. In addition, the law creates a legal framework for personal information that helps protect consumers and third parties engaged with a personal information protection company. As of July 1 when the law took effect, companies can register as a BBLLC. However, it will be at least two years before companies can set up shop as a personal information protection company. Michael Pieciak, commissioner of the Department of Financial Regulation, said before the state begins the rule-making process, he wants to be sure there is a market for the PIPCs before his department takes the time to craft a series of new regulations. Pieciak said Financial Regulation is required to report back to the Legislature by January 2020, “to evaluate the potential” for a new kind of limited liability corporation based on blockchain technology. He said a PIPC could be a new company or an existing company that establishes a subsidiary to handle data securely. “Certainly with Equifax and Home Depot and Target and every other cybersecurity breach you can talk about, there’s certainly an interest from a consumer perspective to have their data better protected,” Pieciak said. But whether the history of data breaches will translate into a rush to establish PIPCs in the state remains a question, he said. Pieciak said banks and credit card companies are two of the most obvious businesses that could take advantage of the new law and establish their own PIPCs. Because of its distributed, as opposed to centralized, database (both private and public), blockchain is touted as a far more secure system. Investopedia describes blockchain as a digitized, decentralized, public ledger or database of transactions, whether cryptocurrency or some other commercial record-keeping application. It allows participants to keep track of all the encrypted transactions without a central database. Each “node” or computer in the network automatically receives a copy of the blockchain. The technology creates a permanent record that cannot be altered and is verifiable by the entire community of blockchain participants. But Jeremy Hansen, associate professor of computer science at Norwich University, said blockchain shouldn’t be regarded as a cybersecurity panacea. Hansen said blockchain is most valuable ensuring the transparency of certain transactions, like real estate or other contracts. The other advantage of blockchain is what Hansen calls “non-repudiation.” Because blockchain is a distributed ledger, he said someone could not change or repudiate the contract. He said securing a network is a far more complicated and a much larger problem than simply trying to incorporate blockchain. “Security is not something that blockchain provides,” Hansen said. He said in a certain specific corner of security there are security properties it provides but those are limited. Hansen said the new law has several important features. It sets up a legal framework and offers the possibility of carving out a new business niche for the state. It also establishes a privacy fiduciary, which Hansen calls “a really good step forward.” “It allows for an organization to take responsibility for managing people’s personal information and not just take responsibility for it, but have a fiduciary responsibility in similar sense as a realtor or a personal banker or other organizations that are legally on the hook for making decisions about your best well-being,” he said. Thelander, Gravel & Shea’s FinTech group leader, said the new law is tailored to blockchain companies, providing an additional level of liability enhancements for businesses that employ the technology that go beyond the current limited liability framework. He said the law also establishes a framework for blockchain LLCs to safeguard personal information. By establishing a specific business model, Thelander said the hope is blockchain has the potential to become the next niche industry similar to captive insurance, which has been a nice addition to the state’s economy.