Database

Browse Database

FRANCE

Since March 2022

Pillar Public procurement of ICT goods and online services  |  Sub-pillar Surrrender of patents, source code or trade secrets to win public tenders /Restrictions on technology standards for public tenders
Certification framework for cloud service providers (SecNumCloud) - Version 3.2
It is reported that SecNumCloud’s “sovereignty requirements” disadvantage—and effectively preclude—foreign cloud firms from providing services to government agencies. The latest SecNumCloud guidance retains foreign ownership and board limits, which would effectively force foreign firms to set up a local joint venture to be certified under SecNumCloud as “trusted” and thus able to manage European data and digital services. These new provisions are in addition to its current use as a de facto discriminatory barrier as France has not certified firms from other EU member states and from outside the EU. Since 2016, only four companies, all French, have been certified (3DS Outscale (a subsidiary of Dassault Systems), OVHcloud, Oodrive, and Worldline Cloud services). It is mandatory for public agencies to use SecNumCloud certified services. Art. 19.6 of the SecNumCloud’s requires that cloud service providers be “immune to non-EU laws,” established via corporate ownership structure limitations. Specifically, the law specifies that individual shareholders outside the EU cannot possess more than 25% of the company, and collectively 39% of the value and voting rights of the company. They also cannot have veto rights, nor can they nominate a majority of members of boards. Together, all of these requirements essentially preclude majority foreign owned and run cloud firms from SecNumCloud certification.
Coverage Cloud services

FINLAND

N/A

Pillar Online sales and transactions  |  Sub-pillar Adoption of UNCITRAL Model Law on Electronic Signature
Lack of adoption of UNCITRAL Model Law on Electronic Signatures
Finland has not adopted national legislation based on or influenced by the United Nations Commission on International Trade Law (UNCITRAL) Model Law on Electronic Signatures.
Coverage Horizontal

FINLAND

N/A

Pillar Online sales and transactions  |  Sub-pillar Adoption of UNCITRAL Model Law on Electronic Commerce
Lack of adoption of UNCITRAL Model Law on Electronic Commerce
Finland has not adopted national legislation based on or influenced by the United Nations Commission on International Trade Law (UNCITRAL) Model Law on Electronic Commerce.
Coverage Horizontal

FINLAND

Since June 2014
Since January 2005

Pillar Online sales and transactions  |  Sub-pillar Framework for consumer protection applicable to online commerce
Consumer Rights Directive 2011/83/EU

Finnish Consumer Protection Act 2005
The Consumer Rights Directive 2011/83/EU provides an updated framework aimed at encouraging online sales. The Directive has been implemented by the Finnish Consumer Protection Act 2005.
Coverage Horizontal

FINLAND

N/A

Pillar Online sales and transactions  |  Sub-pillar Ratification of the UN Convention of Electronic Communications
Lack of signature of the UN Convention on the Use of Electronic Communications in International Contracts
Finland has not signed the United Nations (UN) Convention on the Use of Electronic Communications in International Contracts.
Coverage Horizontal

FINLAND

Since January 2021

Pillar Technical standards applied to ICT goods, products and online services  |  Sub-pillar Product screening and additional testing requirements
Act on Electronic Communications Services
The Act on Electronic Communications Services implements the EU toolbox on securing the security and protection of critical parts of the communications network. The Act gives the Finnish government powers to deem certain telecommunications components and equipment a threat to national security and exclude them from the Finnish network. While the Act does not explicitly name Huawei or ZTE, as other EU member states have, it is likely that components from these telecommunications providers will face heightened scrutiny or possible bans.
Coverage Telecommunications sector

FINLAND

Since March 2010, entry into force in May 2010, last amended in 2018
Since January 2021

Pillar Quantitative trade restrictions for ICT goods, products and online services  |  Sub-pillar Local content requirements (LCRs) on ICT goods for the commercial market
EU Directive on Audiovisual Media Services (AVMS)
The EU Directive on Audiovisual Media Services (AVMS) covers traditional broadcasting services as well as audiovisual media services provided on-demand, including via the Internet. Article 13(1) provides for Member States to secure a minimum 30% share of European works in the catalogues as well as "ensuring prominence" of those works. "Prominence" involves promoting European works through facilitating access to such works using any appropriate means to ensure prominence of European works. The Directive has been implemented by Member States in different ways, ranging from very extensive and detailed measures to a mere reference to the general obligation to promote European works.
In 2020, the Finnish parliament transposed the Directive by amending the 2014 Act on Electronic Communications Services. Section 209 of the amended Act states the 30% quota on European works. Finland has not imposed further local preference requirements on streaming services, unlike other EU member states that have set laws on streaming service investment requirements in local markets as well.
Coverage On-demand audiovisual service

FINLAND

Since July 2020
Since 2002

Pillar Intermediary liability  |  Sub-pillar Safe harbor for intermediaries for any activity other than copyright infringement
Directive 2000/31/EC (E-Commerce Directive)

Act 458/2002, on Information Society Services and Electronic Commerce
The Directive 2000/31/EC (E-Commerce Directive) is the legal basis governing the liability of Internet Services Providers (ISPs) in the EU Member States and includes a conditional safe harbor. Not all Member States have transposed the relevant articles consistently, leading to divergent national case law that could cause legal insecurity on an EU level.
In Finland, the Act 458/2002 on Information Society Services and Electronic Commerce implements the E-Commerce Directive almost verbatim, but at the same time it has some important distinctions such as not implementing Art. 15 on prohibition of monitoring obligations.
Coverage Internet Services Providers

FINLAND

Since July 2020
Since 2002

Pillar Intermediary liability  |  Sub-pillar Safe harbor for intermediaries for copyright infringement
Directive 2000/31/EC (E-Commerce Directive)

Act 458/2002, on Information Society Services and Electronic Commerce
The Directive 2000/31/EC (E-Commerce Directive) is the legal basis governing the liability of Internet Services Providers (ISPs) in the EU Member States and includes a conditional safe harbor. Not all Member States have transposed the relevant articles consistently, leading to divergent national case law that could cause legal insecurity on an EU level.
In Finland, the Act 458/2002 on Information Society Services and Electronic Commerce implements the E-Commerce Directive almost verbatim, but at the same time it has some important distinctions such as not implementing Art. 15 on prohibition of monitoring obligations.
Coverage Internet Services Providers

FINLAND

Since 2015

Pillar Domestic Data policies  |  Sub-pillar Requirement to allow the government to access personal data collected
Information Society Code (917/2014)
Chapter 19 of the Information Society Code allows the Ministry of the Interior to request retention obligations of telecommunications providers without a judicial warrant. These retention obligations require telecommunications providers to retain traffic and location data for certain individuals or between 6-12 months, depending on the type of data, for use by the authorities in solving certain criminal acts. While the contents of communications cannot be accessed by authorities, Chapter 19 gives the Finnish government the ability to amend certain retention obligations by Government Decree. Thus, Chapter 19 essentially allows Finnish authorities to access personal traffic and location data for individuals suspected of committing certain crimes without a warrant.
Coverage Telecommunications sector

FINLAND

Since March 2006, invalidated in April 2014
In April 2014
Since January 2015

Pillar Domestic Data policies  |  Sub-pillar Minimum period for data retention
Data Retention Directive 2006/24/EC

Judgment European Court of Justice in Joined Cases C-293/12 and C-594/12 Digital Rights Ireland and Seitlinger and Others

Finnish Information Society Code (917/2014)
Under the Directive on Data Retention, operators were required to retain certain categories of traffic and location data (excluding the content of those communications) for a period between six months and two years and to make them available, on request, to law enforcement authorities for the purposes of investigating, detecting and prosecuting serious crime and terrorism. On 8 April 2014, the Court of Justice of the European Union (ECJ) declared the Directive invalid. However, not all national laws which implemented the Directive have been overturned.
In Finland, data retention laws are still in force but as of 2021 are under review. Chapter 19 of the Information Society Code authorizes the Finnish Ministry of the Interior to request data retention obligations of telecommunications providers. The retention obligations require telecommunications providers to retain traffic and location data for individuals under investigation for certain crimes for a period of 6-12 months, depending on the type of data. It is also true that following the ECJ ruling invaliding the Data Retention Directive, the scope and the application of the Finnish Information Society Code is limited. For instance, it does not include website browsing. Moreover, small operators are not required to retain their data. The data retention period goes from six months to 12 months, according to the category of the data.
Coverage Telecommunication sector

FINLAND

Since December 1997, last amended in December 2016

Pillar Cross-border data policies  |  Sub-pillar Local storage requirement
Accounting Act 1336/1997
The Accounting Act (Chapter 2, Sections 7 and 9) requires that a copy of the accounting records be kept within Finland. Alternatively, the records can be stored in another EU country if a real-time connection to the data is guaranteed.
Coverage Horizontal

FINLAND

N/A

Pillar Telecom infrastructure and competition  |  Sub-pillar Presence of independent telecom authority
Lack of independent telecom authority
Finland has a telecommunications authority: the Finnish Transport and Communications Agency (FICORA). However, it is reported that the decision-making process of this entity is not fully independent from the government.
Coverage Telecommunications sector

FINLAND

N/A

Pillar Telecom infrastructure and competition  |  Sub-pillar Functional/accounting separation for operators with significant market power
Lack of mandatory functional separation for dominant network operators
It is reported that there is no requirement for functional separation for operators with significant market power in the telecom market. However, accounting separation is required in certain cases.
Coverage Telecommunications sector

FINLAND

N/A

Pillar Telecom infrastructure and competition  |  Sub-pillar Presence of shares owned by the government in telecom companies
Presence of shares owned by the government in the telecom market
It is reported that the State of Finland owns 17.59% of the shares of Elisa Corporation. Elisa Corporation is one of the leading telecommunications service providers in the country and offers a wide range of services, including mobile telephony, broadband services, cable television, data services and business solutions.
Coverage Telecommunications sector