Distributed ledger technology (DLT) is a new approach, first implemented by Bitcoin, the basic features of which are the elimination of any intermediaries in peer-to-peer (financial) transactions and the replacement of ‘trust’ by a game theoretical approach of consensus among all participants who agree “to play a repeated game”. The promises of DLT are more efficiency (by removal of redundant intermediaries), more resilience against attacks or manipulation (through multiple replicas and chaining of transactions with mutual references), and more security for asset owners (by making an original transaction technically unalterable/immutable). Nevertheless, the so-called “The DAO hack” in June 2016 made clear that a complex DLT-based software system is vulnerable against manipulation if one has in-depth understanding of the code and its errors. In this paper, a first risk assessment of the new technology of “smart contracts” is made and the question about “code is law” is discussed. While the basic concept of Bitcoin does not raise new types of operational risk, the current technology of “smart contracts” has a fundamental flaw due to the combination of complex software (with inherent probability of errors and software aging) on one side and the static/non-changeable, approach of blockchain on the other. Static/ non-changeable contracts can be used for short-term “one-time” interactions, but any long-term relationship has to be governed by common standards, legislative frameworks, and operational risk management – together providing the possibility for adoption to real world changes. These findings are in line with the recent development of DLT to distributed “private” ledgers and to central share services utilities for, for example, post-trading processing for a closed group of participants with pre-identified roles and responsibilities.