Impact of the EU-UK Trade and Cooperation Agreement on digital services

• Global

• Brexit
• Commercial and IT
• Other
• Technology
• Technology, Media and Telecoms

23-02-2021

There are 1267 pages of the EU UK Trade and Cooperation Agreement (the TCA) but only a few of these deal specifically with digital trade. That said, arguably, it is a positive development that the TCA does address digital trade in a standalone chapter, rather than simply applying its general provisions on goods and services to this increasingly vital sector of the UK and EU economies.

Key points from the Technology group

The UK and the EU have agreed to an overall objective to facilitate digital trade, avoid unjustified barriers to trade by electronic means and ensure an open and trustworthy online environment for businesses. There are a number of attempts to support technology businesses, such as by preventing forced transfers of source code and supporting electronic contracting.

It is important to consider how the TCA seeks to achieve this objective.  The TCA is a conceptual move away from Single Market benefits because the automatic freedoms to establish and to supply services cross border are gone. Instead, technology companies can only supply services if those services are supplied in accordance with the rules prevailing in the individual EU Member State of supply and this is the case notwithstanding the TCA’s stated aim to facilitate digital trade.  At first glance, the TCA sets out wide ranging principles of liberalisation of market access and non-discrimination for services generally, but these are subject to detailed exceptions described in various annexes to the TCA which apply in some circumstances to all sectors and in others to particular sectors within particular EU member states only. This may lead to interesting questions in respect of emerging technologies and whether they are within or outside the scope of a permitted exception to market access. However, this can be balanced against the fact that the TCA’s digital trade provisions include a positive obligation on the UK and the EU to cooperate in the exchange of information about the development of emerging technologies. We hope that these obligations and the TCA’s own review provisions mean that the digital trade sections can evolve in order to adjust to new developments and business models in the future.

A  further key point to consider is how does the TCA deal with regulatory divergence in the technology sphere. Outside the limited obligations in terms of e-commerce as set out in our detailed briefing [provide link below], the TCA specifically permits individual digital trade regulation for “legitimate policy objectives”, which in reality amounts to freedom for each of the UK and the EU to create their own new regulatory regimes, for example to regulate online harms or mediate platform content.

One of the most critical areas is data flows. Clearly, for most technology businesses, data is often at the heart of the solution and does need to be processed across borders. If the negotiators of the TCA truly wished to facilitate cross border digital trade, this would require the TCA to allow free flow of all types of data. The section on digital trade does include a specific prohibition on data localisation or local computing requirements, but it does allow both the UK and the EU to have their own data protection regimes for personal data and allows the prohibition on data localisation to be overridden for public policy objectives.  Crucially, we are in a “wait and see” mode. We also need to see this in the context of whether an adequacy decision will be granted by the European Commission in respect of personal data transferring from the EEA to the UK: if this decision is granted, it is an assessment by the European Commission that the UK has an adequate level of protection for personal data so that this data can be sent from an EEA state to the UK without any further safeguards being necessary. As part of the TCA, the EU has agreed to delay restricting these data transfers between the EEA and the UK for at least four months and possibly six months (known as the temporary bridge) and during this time the EU will complete its assessment of the UK’s data protection rules. There have been positive signs this month by the European Commission who have started the process of adopting the necessary adequacy decision but we need to wait and see whether this adequacy decision will be formally adopted by the EU, and if this does not occur, assess on what basis data flows from the EEA to the UK can continue, a crucial concern for the technology sector to monitor going forward, particularly for cloud service providers with infrastructure in service locations outside of the UK.

Our final point relates to staffing issues. The end of free movement of people between the EU and the UK may have a significant impact on how services are offered and performed and not simply because the technology sector is skill intensive and has historically used workers from both the UK and the EU. As an additional factor, business visits and temporary placements to the EU are now regulated. The TCA deals with the temporary stay of business visitors by using different categorisations depending on the purpose of the visit, with differing permitted lengths of stay. There may then be additional requirements in individual EU member states, as set out in the TCA’s annexes. Again, the reservations differ between individual member states and will need to be met for every jurisdiction in which the business visitor hopes to perform the service. These controls on business visits are not overridden by anything purporting to facilitate digital trade in the digital trade section.

Commentary

We are pleased to see the TCA’s statement that its overall objective is to facilitate digital trade, although the digital trade section operates more as a statement of the status quo in limited areas, with both the UK and the EU maintaining freedom to regulate or deregulate. Any deregulatory approach by the UK may become the subject of future arguments as to whether public policy exceptions trump other provisions of the TCA in terms of either good faith operation of the arrangement or in respect of any rebalancing mechanisms.

The fact that data protection and data flows are not really addressed in the TCA means that the TCA’s provisions on digital trade do little to remove barriers to trade. Nor can you separate out cross border mode of supply issues from the issue of business travel and both need to be checked at a national rule level. The annexes to the TCA go some way here but do not necessarily contain the detail needed to come to a firm conclusion. There is no getting around the fact that UK and EU service suppliers will need to check the exceptions to access and movement at both an EU and a member state level.

Overall, the skeleton may be in place. However, there is a lot to think about and/or to keep a watching brief on, including the ease with which the UK and EU can allow staff to travel, recruit for skills shortages from the bloc or the UK and/or flow data in a way that is critical to their business model.

Detail of the digital trade provisions of the EU-UK trade and cooperation agreement

Introduction

The new basic principle for cross border services is that now the UK is outside the EU Single Market, UK service providers are no longer covered by the common EU regulatory framework and no longer benefit from the EU’s country of origin principle, mutual recognition, or passporting. As a result they will have to follow the domestic rules of each EU member state in which they sell a service or they establish a subsidiary in the EU as the performing entity.

The EU-UK Trade and Cooperation Agreement (the TCA) initially appears to liberalise access to services to prevent discrimination against UK suppliers wishing to sell into the EU (and vice versa) but its accompanying annexes list detailed exceptions to this access.  This  means that any UK technology supplier needs to be aware of two main sections in the TCA: the first is the title that deals generally with access for services/investment liberalisation (and its accompanying annexes permitting exceptions to access) and the second is the title that deals with digital trade. This briefing looks at this second title and comments on its impact on UK technology suppliers.

Detail of the digital trade provisions

This second title specific to digital trade starts brightly enough with the UK and the EU stating that their objective is facilitating digital trade, addressing unjustified barriers and ensuring an open online environment. However, this title is not a comprehensive attempt by any means to achieve these objectives. Instead, it is a limited list of the following specific commitments agreed by the EU and the UK:

• no customs duties on electronic transmissions as a barrier to ecommerce (although this does not mean that internal taxes cannot be charged): helpful for any technology supplier to know that it is extremely unlikely to face tariffs on sales to their EU customers
• no requirement for prior authorisation solely because a service is an online service (but there can be authorisation requirements for particular sectors under other provisions of the TCA)
• a specific prohibition on any requirement that the use of computing facilities or processing of data takes place in a particular territory, although the TCA allows each party to have their own data protection regimes for personal data (with no obligation on either party to treat the other’s regime as adequate) and allows each to override this prohibition for public policy objectives. The restrictions on measures against cross border flows is subject to a three year review mechanism: either party can request changes but those changes will need mutual consent by the overriding Partnership Council set up as the main governance structure of the TCA
• retained levels of consumer protection: there is a requirement to have laws to protect consumers engaging in e-commerce from unfair commercial practices and a requirement to provide consumers with clear information. Each of the UK and EU currently have unfair practices laws protecting consumers and we assume this provision in the TCA is an attempt to prevent the UK from watering down its consumer protection laws in this respect and making sure that future laws maintain the protection for digital transactions
• a requirement to keep laws on unsolicited direct marketing communications. Again, this obligation to ensure users get sufficient protection and proper redress may come into play in the future if either side chooses to change their current regimes
• continuing to ensure conclusion of contracts by electronic means and e-signatures, which are seen as a key enabling factor for digital trade, although each party can require non electronic conclusion or other types of signatures for particular types of contracts, such as legal representation services, witnessing and real estate
• protection of software source code via a prohibition on any forced transfer of source code as a prerequisite for doing business in any state
• an obligation to co-operate on regulatory issues concerning digital trade: at first sight this might act as a break on certain kinds of regulatory divergence, but it is not an obligation in respect of non-regression or harmonisation and is limited to exchanging information. Personal data protection is expressly carved out of this obligation.

Will the level playing field provisions impact on digital trade?

The TCA contains the much reported and argued over level playing field provisions which contain mechanisms to ensure fair competition between the UK and EU in particular regulatory areas where it is felt that one side could obtain an unfair advantage by watering down their laws. They are not there to harmonise standards.  Where there is considered to be regulatory divergence in the areas covered by the level playing field provisions, there is a specific redress mechanism which includes the unilateral ability of either party to put in place what are referred to as “rebalancing mechanisms”. These could include the introduction of tariffs or further restrictions on access. The rebalancing mechanism can only be activated if the regulatory divergence of one party has material impact on trade or investment between the UK and the EU and that impact has arisen as a result of “significant divergences” in respect of regulation relating to labour and social standards, environment or climate protection or with respect to subsidy control. It remains to be seen whether activation of this mechanism could affect market access for technology products or whether this is a theoretical risk only. However, it does provide another reason for ensuring that technology contracts are future proofed as far as practicable against future changes in law not just in terms of changes making supply unlawful or impossible but also in terms of making supply more onerous.