How to conduct a due diligence review of NFTs?

Providing any sort of legal advice requires first identifying and understanding all the facts. In technology related matters, the level of understanding needs to go technically deeper into the technology itself.

This article discusses how to understand the technological construction of NFTs and how to start your own analysis of an NFT – either already minted or planned.

What is a token, tokenisation and smart contracts?

An NFT is a token based on blockchain architecture (distributed register technology - DLT), created using a smart contract.

Most NFTs are based on Ethereum blockchain, but there are also other blockchains (e.g. Solana, Cardano) that support smart contracts enabling the creation of NFTs.

Tokenisation is the creation of a digital representation of an asset by generating a unique data record using distributed register technology.

So, a token is a record on a blockchain that is a secure digital representation of a value or contractual rights (including rights to a digital or physical asset) that can be transferred, stored or exchanged electronically.

There is an ongoing discussion in the literature on the legal classification of tokens, especially in the context of the type of assets they represent. Considering the type of such assets and the type of rights or functions to which they entitle the holder, we can classify tokens as follows:

(1) investment tokens (with the sub-category of security-tokens): digital representation of

(a) economic value and rights to a real or financial or tradable digital asset;

(b) rights to receive dividends or financial interest from a specific entity; and

(c) sometimes voting rights in relation to the assets of the token's issuer;

(2) utility token: rights to access and use services developed by the issuer (the acquirer does not receive a refund of the amount paid);

(3) currency-type tokens: can serve as a means of exchange or payment to pay for goods or services that are external to the ecosystem in which they are built;

(4) native tokens: they are typically used as a means of payment to access services (such as data storage; computation and validation services) within some open blockchain platforms; and

(5) hybrid tokens, a mixture of mixed economic rights and access to services.

However, we must first understand what a token is from a technical point of view.

A smart contract is needed to create a token. This is a self-executing program hosted on a blockchain network, written in a language which applied to a particular blockchain, such as Solidity on Ethereum. A smart contract for creating NFTs allows the token to be stored in the blockchain.

Tokens on the Ethereum network are created using smart contracts that run within the Ethereum Virtual Machine. A smart contract is stored in the blockchain and has a unique address.

NFT token standards

Each smart contract creates a token in a specific standard - which allows for the token to be recognised in the blockchain network.

ERC-20 is the standard for 'fungible' assets - i.e. NFTs representing interchangeable goods and rights.

For "non-fungible" assets - i.e. marked as to identity, unique - the following token standards, i.a., are available:

ERC-721 - basic, most popular standard

ERC-1155 - supports mass token creation, both fungible and non-fungible

How to get a smart contract for an NFT?

There are three options:

  • Independent writing of a smart contract code in Solidity language (for Ethereum blockchain)
  • Using one of the available smart contract templates (many are available on GitHub under open source license, an example of such a smart contract template)
  • Using an already existing smart contract on the blockchain through a specialised platform (e.g. OpenSea, Mintable, etc.).

The first two options allow for many customisations. However, they are more expensive, apart from costs of preparing the code of the smart contract, there is also the cost of adding the new smart contract to the blockchain. In an Ethereum environment this is called gas and it has a form of payment to the network and transaction validators for the computational work of verifying a transaction. The transaction fee is paid in gwei (gwei is a denomination of the cryptocurrency ETH, where one billion gwei is equal 1 ETH).


The platform enabling the use of a smart contract plays the role of an intermediary - it acts similarly to hosting providers, under the same legal model. The platform enables "minting" (i.e. generation) of NFTs and transactions relating to NFTs.

It is worth remembering that in the case of platforms, each platform user, including the person who creates (mints) the NFTs, must accept the contractual terms and conditions for the provision of services by the platform.

There are many platforms enabling the minting of NFTs. The well-known platforms include: OpenSea, Mintable, Rarible, Foundation, Nifty. It is worth noting that the principles of their operation and model for services differs; some platforms are open to everyone, some only for invited persons, others enable minting and NFT transactions within the so-called sidechain, outside the main network of a given blockchain, or within a single wallet maintained by the platform operator (e.g. Nifty).

Minting NFT

Minting is the term for generating (creation) NFTs (from "mint" – meaning the production of coins).

Minting NFTs on the platform is very simple. One must create an account on the platform, connect a wallet with cryptocurrency such as MetaMask (you will need this to pay for minting), choose a name for the NFT, and add a file with graphics, animation or video.

The below is an example of a sample window on the Mintable platform from token creation (Mintable allows free NFT creation, but the wallet must be connected):

NFT Article 1


Each NFT in the ERC-721 standard contains a minimum of two pieces of information:

  • tokenID - the number generated when creating the token;
  • the contract address, i.e. the address on the blockchain where the specific smart contract used for minting is stored.

The ID token in conjunction with the contract address is a unique combination of data.

A low tokenID number indicates the use of a proprietary smart contract. NFTs minted using popular smart contracts, e.g. those available through platforms, have high tokenID numbers (reflecting the number of NFTs generated so far by users of a given platform).

The token may also contain other information. The most common is:

  • the address of the NFT creator's wallet (or, more precisely, of the person who minted it – the first owner)
  • a link to a place where you can find a file (usually with graphic, gif or video) that the NFT represents
  • a hash value calculated for a digital file of a work that represents an NFT (so-called digital fingerprint - a hash function applied to a digital file allows a specific value, called a hash, to be assigned to it. A hash is a fixed-length string of letters and numbers that is often called the "digital fingerprint" of a computer file).

This may include other information such as a description of the work to be represented by the NFT, or details of the scope of the licence granted.

All the data indicated above are included in the token metadata and are in the form of a text file.

The costs of minting NFT depends on the size of metadata therefore often the metadata are limited to a link to a place where the metadata can be found.

Some smart contracts allow to create so-called "unlockable content" – i.e. metadata that can be accessed only by the current owner of an NFT. In such a case it is not possible to audit such content prior to purchasing an NFT.

Here is an example of the NFT metadata created for a test purpose on Mintable. Please note the value "true" next to the description "copyright transfer" (resulting from checking the appropriate box in the platform interface).

How to conduct a due diligence review of NFTs

In order to analyse an NFT, we need to analyse its metadata. Their content can be compared to the description of the goods (in the case of things), or the content of the contract being concluded (in the case of rights).

However, not all metadata is available explicitly. On NFT platforms you will usually only find basic data, i.e. tokenID and smart contract address.

Let's examine NFT's 'The first 5,000 days' metadata

The NFT probably needs no special description. NFT by Beeple was sold at the famous NFT auction held by Christie’s auction house for a dizzying sum of USD 69,346,250.

The auction house website had the following description of this NFT:

How to conduct a due diligence review of NFTs

However, in the case of NFTs we do not have to rely on the information provided by the intermediary. We can verify this information ourselves - one of the features of blockchain is its total transparency - every transaction, every record in the distributed database, is visible to everyone. This means that we can inspect all data that is included in a given token (except unlockable content – see above).

For the Ethereum blockchain, all records can be viewed using the Etherscan service.

How to find the metadata of any NFT

Steps required

  1. Using the search engine on Etherscan, enter the address of the smart contract used for minting
  2. On the results page, go to the "Contract" tab
  3. Click on "Read Contract"
  4. Scroll down the list of available data until the "tokenURI" item
  5. Click on this item and enter the tokenID in the window marked "_tokenId"
  6. Click the "Query" button
  7. The result is a link, usually to the IPFS service.

How to conduct a due diligence review of NFTs

How to conduct a due diligence review of NFTs

How to conduct a due diligence review of NFTs

Opening this link can be a bit tricky, however, using the Brave browser can overcome this. In other browser links may require slight changes (there are tutorials available online).

The link that we received above provides the following data (below the raw data and data slightly sorted for better readability)

{ "title": "EVERYDAYS: THE FIRST 5000 DAYS", "name": "EVERYDAYS: THE FIRST 5000 DAYS", "type": "object", "imageUrl": "", "description": "I made a picture from start to finish every single day from May 1st, 2007 - January 7th, 2021. This is every motherfucking one of those pictures.", "attributes": [{ "trait_type": "Creator", "value": "beeple"}], "properties": { "name": { "type": "string", "description": "EVERYDAYS: THE FIRST 5000 DAYS"}, "description": { "type": "string", "description": "I made a picture from start to finish every single day from May 1st, 2007 - January 7th, 2021. This is every motherfucking one of those pictures."}, "preview_media_file": { "type": "string", "description": ""}, "preview_media_file_type": { "type": "string", "description": "jpg"}, "created_at": { "type": "datetime", "description": "2021-02-16T00:07:31.674688+00:00"}, "total_supply": { "type": "int", "description": 1}, "digital_media_signature_type": { "type": "string", "description": "SHA-256"}, "digital_media_signature": { "type": "string", "description": "6314b55cc6ff34f67a18e1ccc977234b803f7a5497b94f1f994ac9d1b896a017"}, "raw_media_file": { "type": "string", "description": ""}}}

How to conduct a due diligence review of NFTs

This metadata therefore includes:

  1. Information about the title of the image and its description
  2. A link to two versions (normal and raw) of the image file

What does the metadata of other NFTs contain?

Using the above procedure, you can check the metadata of any NFT.

3Landers at OpenSea


{ "description": "3Landers is a collectible NFT project centered around community, adventure, and collaboration.", "image": "", "attributes":[{ "trait_type": "Vision", "value": "Concerned"},{ "trait_type": "Head", "value": "Olive 3Landers Bucket Hat"},{ "trait_type": "Mouth", "value": "Tongue Out"},{ "trait_type":"Body", "value": "Purple Monster Hoodie"},{"trait_type": "DNA", "value": "Ape"},{"trait_type": "DNA Type", "value": "Rose"},{"trait_type": "Background", "value": "Green"}

NFT from the famous Bored Ape Yacht Club collection at OpenSea


{ "image": "ipfs://QmdmGB9CCRVok2ThrocXQtBB4vVoSx4gwASZ3Gxh7wfcLa", "attributes":[{ "trait_type": "Eyes", "value": "Bloodshot"},{ "trait_type": "Hat", "value":"Laurel Wreath"},{"trait_type": "Mouth", "value": "Bored Unshaven"},{"trait_type": "Background", "value": "Orange"},{"trait_type": "Fur", "value": "Golden Brown"}]}

The vast majority of NFTs include in the metadata only a link to the image file and descriptive information about the image. Or, in the case of algorithmically generated graphics, information about the attributes used that have been added to the underlying graphic.

The NFT may of course also contain other data. Here is an example of an NFT where metadata includes a description of the licence granted to the token purchaser:



{"name": "CONCEPTUAL ARTIST PULLING AN IDEA OUT OF HIS HEAD", "description": "## Weitere Informationen zu diesem Kunstwerk finden Sie auf [](} Hinweis: \■Als alleiniger Inhaber des Urheberrechts an dem mit diesem NFT verbundenen Kunstwerk erteile ich hiermit dem jeweiligen Eigentümer des NFT eine nicht ausschließliche, weltweite Lizenz zur Nutzung, insbesondere Vervielfältigung, Verbreitung, öffentlichen Wiedergabe, Sendung und Zurverfügungstellung, dieses Kunstwerks in unbearbeiteter Form, wie im Museums- und Ausstellungsbetrieb eines international renommierten Kunstmuseums üblich. Guido Kucsko As the sole owner of the copyright in the work of art associated with this NFT, I hereby grant to the respective owner of the NFT a non-exclusive, worldwide licence to use, in particular to reproduce, distribute, publicly perform, broadcast and make available, this work of art in unaltered form, as is customary in the museum and exhibition activities of an internationally renowned art museum. Guido Kucsko", "image": "ipfs://ipfs/QmdLZcu98bpezNHGnjxLdcZfZj6HU5nMVE3mNhKNLRd9Fw/image.gif", "external_url": "", "attributes":[]}

The metadata can also include specific data that can serve many various functions (e.g. be treated as a ticket for an event, a right to receive a discount, use a service etc.).


When analysing NFTs, all data included in a token should be identified, in particular the metadata, and only on this basis one can perform a legal analysis.

Some basic conclusions relating to NFTs intended to represent copyrightable works:

  • The NFT does not transfer economic copyrights to works. The mention of the transfer of rights in the metadata does not meet the formal conditions for the transfer of rights (e.g. in Poland, written or electronic form with use of QESig is required).
  • Most NFTs do not include any express references to granting a licence or the scope of permitted use; in some cases an implied statutory licence may be considered.
  • From the copyright law perspective, the most important legal aspect related to NFTs, is that a link to the work is made available through the NFT - which has to be assessed taking into account the scope of rights to such work of the person using the NFT and the technical details of placing the link to the work, e.g. whether the link can be found in the metadata (it may be included in the unlockable metadata).
  • The minting of an NFT (authorised or not) would not infringe copyright laws, as an NFT is not a copy of a work or its adaptation.
  • The infringement of copyright (or any other IP rights) by the work that is represented by an NFT (e.g. plagiarism, use of third party trademarks) should usually be considered as well as any other forms of online infringement.
  • The NFT is not always minted by the author of the work, often the NFT is minted by individuals or groups of individuals acting collectively who do not disclose whether and how they acquired the rights to the works that are represented by the NFT, making it difficult to verify the NFT.
  • Sometimes the smart contracts used for minting are not verified on Etherscan – in such a case the analysis of the metadata (as shown above) is not possible (there are some methods, however they require additional software or services – for details see the video with tutorial Fetching NFT tokenURI from an unverified smart contract (Ethereum) - YouTube).

In summary:

  • An NFT does not transfer or license any rights "per se".
  • It is possible to add a text to an NFT that may have legal meaning (either directly in NFT or in metadata to which a link is included in NFT). This text may relate to copyright or to other rights acquired by the holder.
  • In general, minting of an NFT does not infringe copyright laws (even unauthorised), but a link to the copyrightable content or the content itself may infringe IP rights.

Other aspects

This article does not discuss other aspects of NFTs, for example, hosting files with works that are represented by NFTs. These are usually hosted using distributed hosting services (a hybrid of hosting services with a torrent concept) such as IPFS. IPFS secures safe hosting of the files for a long time and is generally seen as a factor increasing trustfulness of an NFT.

Other aspects of smart contracts, such as the possibility of programming royalties paid to the creator of an NFT every time the NFT is sold, are also not analysed here.

As already mentioned, NFTs may be used as a ticket or a discount coupon. In such a case the NFT plays the role of so-called utility token – simultaneously to being an NFT.

NFT in the context of a legal system

Many legal systems are already familiar with the concept of tokenisation, however usually without the use of distributed ledger technology.

Securities are a typical example of tokens. For example, a promissory note is a paper document containing simplified data about a certain right (obligation), which can be compared to a token stored in a blockchain. The difference lies in the fact that in the case of a promissory note, legal regulations assign a specific value and legal effects to a paper document prepared in a specific form - as a result, e.g. a promissory note may be traded, and the transfer of possession of the promissory note results in a change in the owner of the obligation. There is no legislation in place for NFTs which provides such an effect. In performing our legal analysis, it is important to consider first, the legal effects arising from the data that constitute the NFT token itself, and the context in which the NFT in question is created and traded.

NFTs therefore should also be analysed from the perspective of the rights and obligations that arise from the mere fact of storing a token in a particular distributed database - and therefore from the perspective of the rights and obligations towards the other blockchain participants. This task requires knowledge of the operating principles of a specific blockchain network.

It is also advisable to analyse the information that has been provided by the people or entities that make up the NFT in relation to its minting. This maybe a white paper document, a communication on social media or within a communicator. Such information can sometimes be regarded as a public promise.

In summary – legal analysis of NFTs must consider the following:

  • The data in the token itself (tokenID, smart contract address, the creators’ wallet, metadata, specific rules of the smart contract).
  • The link to the work and the work itself or other data available at the link (contained in the metadata).
  • The specifics of the blockchain where the NFT is minted and recorded.
  • The terms of using a platform for minting NFTs or any other service used.
  • The white paper, terms of use or any other statement published by the NFT's creator/creators.

Legal regulations

So far there has been no legal regulations for NFTs (though it is worth checking if there are any local regulations for tokens that may catch up with NFTs).

In European Union we have a draft regulation on crypto markets - the European Commission's Proposal for a Regulation on Crypto-asset Markets (MiCA) – published in September 2020. Utility tokens are only included in the scope of MiCA if they are fungible and transferable. NFTs are not likely to be subject to this regulation. Article 4.2.c clearly provides that issuers of “crypto-assets that are unique and non-fungible” do not need to publish or register a white paper for them and are not covered by other obligations.

If the NFT is to be used for any purpose other than just recording a token with a link to a work from a specific creator (e.g. if it used as a utility token), an additional analysis is required from a civil law perspective.

NFTs can also be used as investment tokens – as so-called fractional NFT's (this is a concept that several co-owners possess one tokenised object or a right). In the case of investments tokens, the potential of treating such tokens as securities or proof of investment should be analysed.

AML regulations are another legal aspect to consider with NFTs, however, these do not apply in all situations. A detailed analysis might be necessary taking into consideration the statutory thresholds of the value of transactions and the current understanding of the legal nature of NFTs as crypto assets for the purposes of AML procedures.

In any case the legal analysis must start from collecting facts: from the token itself, from its blockchain environment, and from the off-blockchain background.

Latest insights

More Insights