cannabis marijuana IOT
Cannabis things included.

Two years ago, we published a series of posts about the cannabis industry’s embrace of the Internet of Things (“IoT”)—the network of physical objects connected through the Internet—for use in everything from garden sensors to dispensers. In that same series, we also discussed some of the potential legal risks and ramifications of using the IoT in the cannabis business—particularly some of the privacy and security risks inherent in the IoT.

Just last week, California Governor Jerry Brown approved of SB-327, the first information security law in the U.S. specifically targeting the IoT. SB-327 takes effect on January 1, 2020, and will require manufacturers of connected devices—essentially, devices in the IoT—to equip them with “reasonable” security measures. These security measures must be appropriate to the nature of the devices and information they collect and contain, and must be designed to protect the devices from unauthorized access, destruction, use, modification, or disclosure. SB-327 also requires devices that can be accessed outside of a local area network either to be equipped with a unique password or to allow a user to generate its own password.

It’s important to emphasize that SB-327 does not impose any requirements on users of IoT devices, but rather to manufacturers. So, for many businesses in the cannabis space that rely on the IoT, no real changes in operations may be necessary. Both plant-touching and ancillary marijuana companies that manufacture qualifying devices, on the other hand, may need to re-do or even re-invent their products.

It’s also important to note that the law applies to more than just California manufacturers. It applies so long as a business manufactures—either itself or through a contracting third party—qualifying devices that will be sold or offered for sale in California. Crucially, there is no threshold for product sales in California. Consequently, any manufacturer, anywhere, could be subject to SB-327.

Complying with SB-327 may be as simple as assigning randomly generated passwords to each device or re-tooling software or firmware to provide more robust security protection. But for some manufacturers—especially of devices that gather or contain sensitive information—compliance may be more involved and may require a ground-up reinvention. Consultation with counsel is always the best step towards compliance.

cannabis cryptocurrency bitcoin
Not just yet.

Two of the biggest buzzwords of 2018 have been cyrptocurrency and cannabis. Both industries have seen an tremendous influx of investment from people trying to capitalize on these new business ideas. Almost every week, I see a new event pop up for people who are interested in finding the synergies between these different industries. Everyone knows that banking is a huge problem for the cannabis industry (as we’ve discussed here, here, and here), and many see the obvious connection for how cryptocurrency could help resolve that. However, that connection will not likely occur anytime soon (at least not before the cannabis banking issue is resolved).

The cannabis industry is a highly-regulated industry at the state level, and marijuana remains a strictly controlled substance under federal law. In order to prevent theft, product diversion, and other criminal activity, states have required businesses to use state-run track-and-trace systems. This system also tracks the amount of money businesses are making and where that money is coming from.

Cryptocurrencies are peer-to-peer networks of decentralized currencies that are traded on a public ledger by using blockchain technology. A cryptocurrency platform could allow cannabis businesses to transact with digital currency instead of cash, making the business safer for all players, and bypassing the need for banks in many cases. It sounds like a natural fit. So, why won’t it work for now?

Combining cryptocurrency and the cannabis industry would join two extraordinary and rapidly changing industries. Although the federal government decided it would proscribe marijuana long ago, it has not decided how to manage cryptocurrencies. The underlying blockchain technology is also largely unregulated, and is overseen only by other users on the blockchain (see our articles on blockchain and cannabis here, here, and here). Both cryptocurrency and blockchain have been used by people for money laundering and evading taxes.

A growing number of recreational marijuana states have implemented stringent licensing and control programs to demonstrate the legitimacy of their respective industries to federal government. Bringing in a technology and a payment protocol that has been used for money laundering and tax evasion could delegitimize the progress that the cannabis industry has made. At the very least, if cannabis businesses start running transactions on cryptocurrency platforms, their businesses will see more government oversight from other federal bodies, like the SEC and IRS.

It will be interesting to see if a real crypto/cannabis relationship can emerge to help resolve the banking issue, but for now we have more faith in the underlying technology, blockchain. We will continue to monitor the possible synergies between cryptocurrency and cannabis and update on any developments.

blockchain cannabis california

We have previously discussed blockchain technology and the effect it can have on the cannabis industry here and here. This post serves as a more detailed analysis of how blockchain can and may disrupt the tracking of cannabis from seed to sale, specifically within the new California adult use market.

Currently, cannabis businesses are spending significant amounts of money to implement track and trace systems compatible with Franwell’s Metrc. Metrc is a government-designed software that many states have elected to use, including California, that allows regulators to ensure that cannabis products are not being diverted to illegal markets. Cannabis products are given a radio frequency identification (“RFID”) tag, which licensees along the supply chain must input into their systems. This allows regulators to track the chain of custody of marijuana products. Under this system, however, licensees and regulators spend significant time ensuring compliant transfers.

Enter blockchain. In its simplest form, blockchain is a dispersed ledger. Transactions, or “blocks,” are added in a linear fashion, or “chain”, after they have been verified by other members of the blockchain as valid. All transactions on the chain are trackable to the initial entry. A blockchain platform can have various levels of supply chain information gathering, such as record keeping, tracking, assigning verifications, linking products together and sharing information.

Using blockchain technology, cultivators can input details about each crop: e.g., the date the flower was harvested, pesticide levels throughout the growth cycle, and information about cross-pollinated plants. The data can be stored and verified via blockchain, and instantaneously shared with all parties on the blockchain platform. These parties can be other members of the cultivation team, cultivators in different facilities, potential retailers or producers, and even end-use consumers. This data will travel with the flower from seed to sale.

When the product is ready for pick-up from a grow site, the blockchain platform can verify that a distributor is licensed. Implementing blockchain can therefore prevent unlicensed distributors with fabricated paperwork from stealing goods. The platform will also maintain all records of a transaction or series of transactions: e.g. shipping manifests, receipts, purchase orders, lab results, etc. Blockchain can also help ensure that products are being properly labeled. When a label is created, a photograph or file of the label can be uploaded to the blockchain. Members of the blockchain can verify that the label is correct before it reaches the product.

Because all information recorded in blockchain is verifiable by other members on the platform, blockchain will remove the need for tedious paperwork at each step in the supply chain. Cannabis will be able to move freely from licensee to licensee without any added hassle. Regulators will gain a streamlined audit tool, and customers will be able to ensure that they are only getting the best and safest products. Ultimately, blockchain can improve the overall integrity of the track and trace system, and minimize the time it takes for the product to get from seed to sale.

The million dollar question with all of this is whether and when blockchain will burst through and finally become mainstream enough for adoption by a state regulatory body, like California in the case of cannabis. There are a range of opinions on the inevitability and timing of blockchain (for just a few of the many examples, see here, here and here). In our view, blockchain and cannabis are a perfect marriage of emerging trends. We will continue to partner with individuals and businesses interested in this technology, and we foresee a bright future for blockchain and cannabis once the implementation and educational hurdles are cleared– hopefully, in a few years at most. In the meantime, California businesses and regulators will have to muddle along with Franwell’s Metrc product.

Consolidation, Connection and Automation Differentiate Blockchain from Current Technologies

Following my last post about blockchain technology and the cannabis industry, a Canna Law Blog reader commented, “[m]aybe I’m missing something. How is this better than just scanning a barcode when the item changes hands like they do with FedEx?”

Great question. I asked similar questions early on in my work with blockchain technology. What differentiates blockchain from applications like DocuSign, DropBox and Google Drive which already provide a shared, instantaneous and relatively secure system.

Among other things, blockchain connects these isolated applications and consolidates them into one place — enabling faster, more secure, automated transactions. A barcode scan by FedEx is a single event trapped in the FedEx system. When shipping an item, FedEx, the shipper and the recipient can track the package by entering the tracking number on FedEx’s website. Blockchain, on the other hand, reveals all of the steps to all of the parties with permission to view the chain, such as the manufacturer, its suppliers, the seller, the various warehouses and intermediate sales channels (e.g., Amazon’s distributed sales network), the carrier (FedEx), the recipient, any inspectors at stages along the way, the paying bank, the receiving bank, the government taxing and other authorities. All are all linked. In a non-blockchain system, all of the various participants work on their own independent systems, which are arguably insecure and not linked into one, single, immutable ledger.

The FedEx scanning is, as you can see, only one small step in a larger chain of events and participants.

FedEx Scanning and Tracking Does Not Create Self-Executing Smart Contracts

In addition to the linking of participant networks as described above, blockchain technology can also be used to create self-executing “smart contracts,” where automatic and instantaneous responses are triggered by certain pre-defined events. Participants in a smart contract, for example, should get paid at the right time without the need for anyone to issue an invoice, receive an invoice, write a check, make a wire transfer, or execute a credit card transaction. Payment triggers would be written as code into the blockchain. According to Accenture, investment banks alone could save up to $12 billion per year by adopting blockchain and smart contracts. Gartner has estimated that by 2022, defined impact smart contracts will be in use by more than 25% of global organizations.

DocuSign is similarly just one small piece in a larger chain of events and participants. In a blockchain setting, a law firm would not be required to issue an invoice or to continually bug a client about paying a retainer as it would happen automatically. Submitting the engagement document to the blockchain with a digital signature would trigger a series of events. One event would be payment to the firm. The digital signature would be an authorization to the client’s bank to pay the bill automatically, with no additional approval needed from the client. If the payment is subject to conditions, then the “smart contract” would set out those conditions and the method for proving fulfillment. When fulfilled, the payment would be made. Consider the amount of time and friction that would save for a small entity. Then consider the amount of time and friction it would save for a large company and the economy as a whole.

Same with a DropBox type program. Once a document is accepted into a blockchain ledger, it does not just sit there inert as it does in DropBox. The entry into the ledger would trigger other actions: payment of a bill, issuance of a deed or registration of a deed of trust. Isolated transactions would be linked into the chain. If there is no need for this chain, e.g. if no network of participants exists, then blockchain is not required and the dead letter box of DropBox would be adequate.


The Downsides – Implementation Costs, Loss of Privacy and Intrusive Government Surveillance

Blockchain reduces time and friction, but what about the time and friction required to create a blockchain program, adapt old records into the system, program smart contracts with highly specific code language, and maintain the program over time? When blockchain’s benefits outweigh these downsides, we will see mass adoption of the technology.

As discussed in my previous article, blockchain technology has obvious benefits in the cannabis industry as a supply chain tracking mechanism. Regulators and technology companies have already shown interest in implementing a blockchain-based track and trace system. What has not been discussed, however, is how intrusive government participation could be if regulators are included as an authorized party in a blockchain system. Most would feel uncomfortable knowing the government could comb through all of their cannabis transaction histories with just one click. In fact, the Fourth Amendment protects United States citizens against such unreasonable searches. Further, the European Union’s incoming General Data Protection Regulation regarding consumer data privacy and ownership rights and the US Fair Credit Reporting Act, the Gramm-Leach-Bliley Act and the SEC’s “Regulation SP” all require personal financial data be redactable—something not possible on an immutable platform.

It remains to be seen how blockchain systems will strike a balance between privacy rights and the needs of government regulators. We will likely see mechanisms to allow government review of transaction history only upon demonstration of probable cause or upon consent of the participants. We should also expect to see opposition from the cannabis business community to the ability of government to participate in the blockchain ledger at all. I will monitor developments in this space as the technology and regulations evolve and continue to post about them here.

Cannabis, bitcoin and blockchain
Blockchain is coming to cannabis

IBM is getting into the cannabis business. On November 1, the US computer manufacturer submitted a proposal to the Government of British Columbia touting the benefits of its blockchain technology for supply chain management in Canada’s nascent cannabis industry. According to IBM, blockchain will allow B.C. to “transparently capture the history of cannabis through the entire supply chain, ultimately ensuring consumer safety while exerting regulatory control from seed to sale.”

What is blockchain, you ask?

Blockchain mania is taking over Silicon Valley — it’s the latest tech buzzword, described as world-changing technology. Essentially, blockchain is a shared, tamper-free public ledger that can be used for pretty much any kind of data organization that everyone can inspect, but which no single user controls. The participants in a blockchain system collectively update the ledger, and it can be amended only according to strict rules and by general agreement between the parties to the ledger.

The most famous applications of blockchain are bitcoin and Ethereum, cryptocurrencies built on blockchain technology. But blockchain is not limited to cryptocurrency — there are innumerable potential applications of this technology that industry leaders believe will revolutionize the way we do business. Namely, blockchain technology can help assure data integrity, maintain auditable records, render contracts into programmable software, and create self-executing agreements like “smart contracts.” Smart contracts and supply chain management are among the revolutionary applications of blockchain technology. For example, in the context of a supply chain, the secure records in a blockchain system help prevent fraud and provide a simple interface that enables businesses and regulators to inspect data regarding the flow of goods within a matter of seconds.

Blockchain technology can also minimize the sometimes nightmarish logistics of inventory management and tracking. IBM has been testing blockchain technology with various major corporations, including Walmart. Utilizing blockchain technology to manage the supply chain of mangoes, Walmart was able to reduce the time required to trace a mango’s journey from tree to consumer from six days to two seconds.

With the banking epidemic and the need for transparency in the robustly regulated (but mostly volatile) cannabis industry, blockchain can serve a number of functions; from assisting with track and trace systems for inventory, to mechanizing quality assurance reviews and data, to assisting licensees with their day-to-day sales and money transactions and transmissions.

Indeed, in its pitch to the B.C. government on integrating commercial cannabis activity with blockchain technology, IBM contends that the use of blockchain technology will enhance visibility of activities and identification of where an asset or product is at any point in time, who owns it, and what condition or state it’s in. According to IBM, this will bring “a new level of visibility and control to regulators and provides assurance to the multitude of cautious stakeholders regarding the way the management of a cannabis supply chain is rolled out.”

Specifically, IBM claims blockchain can help governments take control of sourcing, selling and pricing of cannabis products, thereby reducing or eliminating illegal sales, assist cannabis producers with real-time inventory management, improve projections of supply and demand, and elicit trends of consumption through data analytics. And that, for retailers of cannabis, an interconnected blockchain network can assist them to identify supply and demand gaps and ways to mitigate those gaps, provide feedback mechanisms to cannabis producers, and use data to create predictive insights.

So far, proposals to implement blockchain in the US cannabis market all appear intertwined with cryptocurrency, which resides in a questionable legal space and has attracted the scrutiny of federal regulators (see here). As demonstrated by IBM, cryptocurrency is not necessary to harness the underlying blockchain technology; one does not need to transact in cryptocurrency or purchase tokens to utilize blockchain. See also The Hazy Future of BitCoin and Marijuana.

We predict that blockchain systems untethered to cryptocurrency will begin to emerge in regulated cannabis markets in the US, especially if the benefits described by IBM come to fruition. For now, we will wait and see whether B.C. takes IBM’s advice.

Cannabis trademark lawyerWe’ve written extensively on cannabis trademarks and the unique issues posed by the fact that cannabis remains a Schedule I controlled substance under federal law. Some of the highlights can be found here:

We also like to write about more forward-thinking issues that could affect the cannabis industry, like plain packaging regulations and counterfeit goods, in order to help our clients and business owners prepare for what may be coming down the pipeline. One such issue we’ve been considering is how the cannabis industry will be affected if the Drug Enforcement Administration (DEA) moves cannabis from Schedule I of the Controlled Substances Act, which is reserved for drugs that have a high potential for abuse, no currently accepted medical application, and a lack of acceptable safety standards for use under medical supervision, to Schedule II, allowing for more research and potentially making FDA-approved derivatives of cannabis available for prescription (with substantial restriction, natch).

Moving cannabis into the pharmaceutical realm would implicate a whole host of other federal laws and regulations, including rigorous Food and Drug Administration (FDA) review, and naming requirements that go beyond merely obtaining a federal trademark for your brand. Without venturing into the quagmire that is FDA review, the purpose of this post will be to give an overview of how the naming of cannabis “drugs” would change in the context of pharmaceuticals.

Marketed drugs have three different names: a chemical name, a generic name, and a brand name. The chemical name is the drug’s scientific name and, being generally unknown to the general population, is not used to identify the drug in clinical or marketing situations. The generic name is assigned by the United States Adopted Names (USAN) Council, and will be commonly used to identify a drug during its clinical lifespan. The brand name, which is always trademarked, is selected by the company that patents the drug and obtains 17 years to exclusively make, sell and use the drug pursuant to patent law.

A five-step process is undertaken in naming a marketable drug:

  1. New Chemical Entity (NCE) and patent application;
  2. Generic naming;
  3. Brand naming;
  4. FDA review; and
  5. Final approval.

Step one consists of submitting data on any newly discovered compound to the FDA for classification as an NCE to obtain authorization to begin animal testing to determine the effects of the compound. This step also includes beginning the patent application process, which can take multiple years to complete. After NCE classification, the USAN Council, which is composed of members of the United States Pharmacopeia, the American Medical Association, the American Pharmaceutical Association, and the FDA, creates and assigns a generic name to the chemical. The generic name is then sent to the World Health Organization for final approval. The USAN has certain criteria for naming, including that the name must be:

  1. Short;
  2. Easy to pronounce;
  3. Euphonic;
  4. Suitable for use in both the U.S. and internationally;
  5. Not misleading nor confusing;
  6. Not implying efficacy; and
  7. Not implying application to particular anatomical parts.

The process and considerations for developing a brand name to trademark are nearly identical to that of any other industry, in that the name cannot be generic or descriptive, and cannot be the same as or confusingly similar to any existing marks. Just as with the generic drug name, brand names to be registered with the USPTO for federal trademark protection cannot be misleading or misdescriptive. Additionally, the Center for Drug Evaluation and Research (CDER) will evaluate, prior to the marketing of a drug, the “potential for a proposed proprietary name (i.e., ‘brand name’) to cause or contribute to medication errors as part of the Center’s focus on the safe use of drug and therapeutic biologic products.” The purpose of this review is to ensure accurate interpretation of the product’s name for product procurement, prescription, preparation, dispensing, and administration to patients. Healthcare practitioners rely on a drug’s name as a critical identifier of a product amongst thousands of other drugs. Confusing names can lead to administering the wrong product to patients or dispensing the product incorrectly.

While this is a very brief, high level overview of the pharmaceutical naming process, the takeaway is that if cannabis moves from Schedule I to Schedule II of the CSA, the complexities of branding and trademarking may change, but they certainly won’t disappear.

Big Companies and CannabisIt has been a busy week for Microsoft. Fresh off Monday’s announcement that it is acquiring LinkedIn for $26.2 billion, the company yesterday unveiled its first foray into the cannabis industry. Microsoft, through its newly-created Microsoft Human Services Pod for Managed Service Providers arm, will begin marketing software designed to help states administer recreational and medical cannabis programs through seed-to-sale tracking that ensures no cannabis is lost or stolen along the supply chain. The move comes in the form of a partnership with KIND Financial, a financial services company that serves the cannabis industry. Microsoft and KIND plan to integrate KIND’s Agrisoft Seed to Sale for Government software into Microsoft’s Azure cloud computing platform.

Continue Reading Big News: Microsoft Set to Develop Cannabis Compliance Software

Cannabis mobile appsCannaTech is a burgeoning industry and one in which many of our clients are participating and investing. And though these businesses run the gamut from purely ancillary service providers, like WeedMaps, to full-blown delivery companies, like SpeedWeed and Nestdrop, they all face trademark and copyright issues unique to mobile apps. Continue Reading Cannabis Apps: Protecting Your Brand on Mobile Platforms

Cannabis investingA couple weeks ago, I attended a Marijuana Investor Summit in San Francisco, during which cannabis companies pitched their businesses to a group of investors who were then asked two questions.  First, would you invest in this company?  And second, is this company ready to go public?  Only one company received a unanimous “yes” to the second question posed, but the same investors also cautioned the company that while it could go public, they recommended it did not.

Cannabis investing is an issue high on the minds of those in the cannabis industry, especially those looking to launch or invest in a marijuana business in the upcoming year. The potential for profits in the marijuana industry continues to grow at astounding rates, and that growth is only expected to increase as states like California consider legalization measures this year. The 2016 Marijuana Business Factbook predicts the cannabis industry will grow from a $14-$16 billion market in 2016 to a $44 billion market by 2020, which is an increase of about 300% in just four years.

So it’s not surprising that funding for cannabis-related startups is becoming more central than ever. A record high 30 deals were reported in the fourth quarter of 2015, up from the 2 deals reported for the same quarter in 2013. A total of 98 deals were completed in 2015, which is a significant increase from the 63 deals completed in 2014. Noteworthy deals in the cannabis space include a $75 million Series B financing by Privateer Holdings in 2015, partly funded by an investment from Founders Fund (more on the basics of investment rounds here). Privateer Holdings was the first U.S. private equity firm to focus solely on cannabis-related investments and its portfolio includes well known companies such as Leafly, which it acquired in 2012, and the Marley Natural brand, which it launched in 2014. Companies such as Leafline Labs and Palliatech have managed to secure funding of $10 million or more and several other cannabis-related companies have received funding totaling at least $1 million.

The increase in funding these past years may be attributed to a lessening of the stigma previously associated with cannabis companies. We are beginning to see investments from more mainstream sources, such as Founders Fund mentioned above, which is a venture capital firm better known for its investments in conventional startup companies such as Facebook, Airbnb, Lyft, and SpaceX. And we can expect to see even more growth as new opportunities open up through previously outlawed sources of funding. Effective in May of this year, non-accredited investors will for the first time be able to invest in cannabis startups through an “equity crowdfunding” exemption under Title III of the Jumpstart Our Business Startups Act (JOBS Act). Crowdfunding is already expected to surpass funding through venture capitalists this year.

As the home of Silicon Valley, California is poised to be at the heart of future cannabis funding and deals. California is in the midst of overhauling  its medical marijuana market and there are several measures in the works likely to increase investment within the state. These measures include the potential for a legalized recreational market in California that will lead to increased revenues and thus profits for investors, an amendment to explicitly authorize for-profit entities in the state that will allow for more traditional equity structuring (more on the basics of equity financing here), and the possibility of a state-chartered bank that will give California cannabis companies the much needed ability to conduct more of their transactions through bank accounts instead of through cash.

Now considering the stats and information above, how you would you respond to the following question: “Would you invest in a cannabis company?”

Cannabis and the Internet of thingsPart 1 of this series was on the union of marijuana and the Internet of Things (IoT). This post is on the legal issues cannabis business lawyers face in representing companies involved in the Internet of Things.

What happens when you combine cannabis, whose laws are changing almost daily, with technologies that are constantly evolving as well? You get a lot of gray areas and issues of first impression. We typically analyze the following issues for our IoT clients:

  • Criminal liability. Just like other ancillary service and product providers to the cannabis industry, IoT providers could face criminal sanctions for aiding and abetting and/or conspiring to violate the federal Controlled Substances Act. Because of this, most of the IoT providers we represent seek only to work in those states with “robust regulations”  that comply with the Cole Memo. Though that narrows our IoT clients’ customer base, it correspondingly lessens their potential for criminal liability.
  • Product liability. Because IoT hinges on automated and connected devices that make various tasks tasks easier to do or to monitor, a product breakdown or malfunction can have a huge impact. As just one example, suppose a watering or nutrient device malfunctions and, for whatever reason, destroys part or all of a massive cannabis crop. Will the IoT device manufacturer be liable for all of the damage? Will the IoT device manufacturer’s liability disclaimers be sufficient to prevent liability? Let’s just say that one of the most important things we do for our IoT clients is to draft their liability disclaimers. See Nest Thermostat Glitch Leaves Users in the Cold and Marijuana Product Recalls: You Can’t Touch This. What happens if a vape pen manufacturing company partners with an IoT software company whose software tracks or recommends patient dosing for medical marijuana and the software malfunctions and the patient suffers because of that? Which company will bear the burden of the malfunction, the vapor pen company or the IoT software business? The answer will usually be based on the contract between these two companies. What happens if the Iot Software malfunctions and publishes on the internet the names and addresses of all those who are using the vape pens and exactly how much cannabis they are consuming? Taking this a step further, what happens if the local police mount an investigation of some of those on the list and arrests occur?
  • Intellectual Property Protection. Most of our IoT clients are on the bleeding edge of innovation, oftentimes with respect to their software and their hardware and with the processes used to combine the two and to make them work effectively together. The last thing they want is for someone else to be able to duplicate what they were able to achieve through years of research and development. We spend a lot of time figuring out how we can protect our client’s IP. And because virtually all IoT devices are made in China, the IP issues become international. See China and the Internet of Things, China NNN Agreements and China Product Development Agreements. See also Cannabis IP Licensing: It’s Complicated.
  • Insurance. IoT companies need insurance that will cover them against product liability and cybersecurity lawsuits and this is usually neither inexpensive nor uncomplicated. Many insurers will not provide insurance unless and until the IoT company has proper contracts in place.  Insurers have sought to avoid paying cannabis related insurance claims by arguing federal illegality of cannabis. See Marijuana Inventory is Insurable. We should expect an insurer to assert the same argument against a marijuana-friendly IoT company, especially if the damage incurred involves the plant itself.
  • Investors. If investors are salivating over IoT and cannabis (and they are), they are salivating even more over the combination of the two, especially since investing in ancillary cannabis businesses is legally less risky (and usually less tricky legally as well) than investing in a business that deals directly with the plant. Nonetheless, because marijuana is still federally illegal, marijuana related  should disclose this illegality and discuss what that means by way of investment and even criminal prosecution risk. See Marijuana Business Investments: Not Simple
  • Privacy issues. Part 1 of this series addressed some of the privacy issues inherent in many IoT businesses. What will the IoT business do with the data it collects? How might its data be hacked? What might its own employees do with the data? Our job as lawyers, is to draft privacy policy notices and disclaimers.

Any business doing cannabis IoT or even doing business with a cannabis IoT entity should be considering the above issues. The intersection of marijuana and the IoT is filled with new and different landmines and preparation is the best way to avoid them.