EUROPEAN UNION
Since December 2017
Pillar Online sales and transactions |
Sub-pillar Threshold for ‘De Minimis’ rule
Low de minimis threshold
According to the Council Directive (EU) 2017/2455 of 5 December 2017 amending Directive 2006/112/EC and Directive 2009/132/EC as regards certain value added tax obligations for supplies of services and distance sales of goods, the de minimis threshold, that is the minimum value of goods below which customs do not charge duties, is USD 174, below the 200 USD threshold recommended by the International Chamber of Commerce (ICC).
Coverage Horizontal
EUROPEAN UNION
Since 2008
Pillar Technical standards applied to ICT goods, products and online services |
Sub-pillar Open and transparent standard-setting process
2008 New Legislative Framework
There are complaints in 2021 concerning EU product requirements regulated under the so-called “New Legislative Framework” (NLF), which replaces the Multi-Stakeholder Platform on ICT Standardisation that provides industry guidance on standardisation to the Commission. Legislation adopted under the NLF privileges European standards (EN), imposing additional costs and uncertainty on producers relying on alternative standards. The technical committees, which draft harmonized ENs, generally exclude non-EU nationals from participating in their standard-drafting process, or at least deny them a vote.
Coverage Horizontal
EUROPEAN UNION
Since February 2014
Since March 2019
Since July 2008
Since March 2019
Since July 2008
Pillar Technical standards applied to ICT goods, products and online services |
Sub-pillar Self-certification for product safety
Electromagnetic Compatibility Directive 2014/30/EU
Regulation (EU) 2019/515 of the European Parliament
Decision No. 768/2008/EC on a common framework for the marketing of products, and repealing Council Decision 93/465/EEC
Regulation (EU) 2019/515 of the European Parliament
Decision No. 768/2008/EC on a common framework for the marketing of products, and repealing Council Decision 93/465/EEC
Self-certification is allowed under equal terms for foreign and domestic companies under article 14 and Annex II of the Electromagnetic Compatibility Directive 2014/30/EU.
EU legislation requires that the manufacturer of a CE marked product issues an EU Declaration of Conformity for the product and draws up technical documentation. A Declaration of Conformity (DoC) is a document signed by a manufacturer or authorised representative confirming that the product placed in the market complies with applicable EU requirements, and is required for all CE Marked products sold in the EU with few exceptions. The contents of the Declaration of Conformity shall follow the model declarations set out in Annex III to Decision 768/2008/EC or in annexes to applicable legislation. (CE-marked products signify that products sold in the EEA have been assessed to meet high safety, health, and environmental protection requirements.)
The EU has concluded a number of Mutual Recognition Agreements (MRAs) with third countries that allow national conformity assessment bodies to certify product conformity for the respective markets. The EU has signed 7 MRAs, 6 of which cover electromagnetic compatibility and interference as and/or radio and telecommunications equipment
EU legislation requires that the manufacturer of a CE marked product issues an EU Declaration of Conformity for the product and draws up technical documentation. A Declaration of Conformity (DoC) is a document signed by a manufacturer or authorised representative confirming that the product placed in the market complies with applicable EU requirements, and is required for all CE Marked products sold in the EU with few exceptions. The contents of the Declaration of Conformity shall follow the model declarations set out in Annex III to Decision 768/2008/EC or in annexes to applicable legislation. (CE-marked products signify that products sold in the EEA have been assessed to meet high safety, health, and environmental protection requirements.)
The EU has concluded a number of Mutual Recognition Agreements (MRAs) with third countries that allow national conformity assessment bodies to certify product conformity for the respective markets. The EU has signed 7 MRAs, 6 of which cover electromagnetic compatibility and interference as and/or radio and telecommunications equipment
Coverage Horizontal
Sources
- https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:32014L0030
- https://eur-lex.europa.eu/legal-content/en/TXT/?uri=CELEX:32019R0515
- https://ec.europa.eu/growth/single-market/goods/international-aspects-single-market/mutual-recognition-agreements_en
- https://ec.europa.eu/growth/single-market/goods/building-blocks/conformity-assessment_en
- https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=celex:32008D0768
- Show more...
EUROPEAN UNION
Since 2011, last amended in September 2021
Pillar Quantitative trade restrictions for ICT goods, products and online services |
Sub-pillar Export restrictions on ICT goods, products and online services
Regulation (EU) 2021/821 of the European Parliament and the European Union
Regulation 2021/821 establishes that the export of dual use items used for both civilian and military applications is subject to control and these goods may not leave the EU customs territory without an export authorisation. The Annex I identifies a range of dual-use items that face either authorization requirements or outright bans for exportation outside of the EU, which include electronics, computers, telecommunications and information security. The Regulation 2021/821 replaces the previous regulation on the matter (Regulation(EC) No. 428/2009), as subsequently amended and implemented by Regulation (EU) No. 1232/2011 and Delegated Regulation (EU) 2018/1922 respectively.
Coverage Electronics, computers, telecommunications and information security
EUROPEAN UNION
Since 2004, last amended February 2014
Pillar Quantitative trade restrictions for ICT goods, products and online services |
Sub-pillar Local content requirements (LCRs) on ICT goods for the commercial market
Utilities Directive (2014/25/EU)
There are only two specific cases where the EU public procurement market can be closed to foreign bidders from third countries: the Defence Directive (not relevant for digital trade) and the Utilities Directive.
Art. 85 of the Utilities Directive (2014/25/EU) contains provisions allowing contracting public entities to reject from its tender procedures foreign goods not covered by any EU international commitments. In those cases, a tender submitted for the award of a supply contract may be rejected where the proportion of the products originating in third countries exceeds 50% of the total value of the products constituting the tender (Art. 85.2). Additionally, in cases of equivalent offers, the provisions provide for a preference for European tenders and tenders covered by EU's international obligations. In practice, this possibility has rarely been used.
Art. 85 of the Utilities Directive (2014/25/EU) contains provisions allowing contracting public entities to reject from its tender procedures foreign goods not covered by any EU international commitments. In those cases, a tender submitted for the award of a supply contract may be rejected where the proportion of the products originating in third countries exceeds 50% of the total value of the products constituting the tender (Art. 85.2). Additionally, in cases of equivalent offers, the provisions provide for a preference for European tenders and tenders covered by EU's international obligations. In practice, this possibility has rarely been used.
Coverage Any product sold to a utility provider including software used in telecommunication network equipment
EUROPEAN UNION
Since June 2019
Pillar Intermediary liability |
Sub-pillar Monitoring requirement
Directive 2019/790 on Copyright in the Digital Single Market
Art. 17 of Directive 2019/790 on Copyright in the Digital Single Market (DSM Directive) mandates that providers of content-sharing services seek authorisation from rights holders and implement technical solutions to remove and prevent unauthorised uploads by their users (so-called upload filters), under penalty of losing their liability safe harbour. Further arrangements are envisaged for complaints and dispute resolution mechanisms. Such upload filters are reported to be a significant cost for online platforms.
Graduated exemptions are expected to be put in place for new providers, active in the EU for less than three years and with a turnover under EUR 10 million, and with fewer than five million users. The provision is subject to a challenge in the Court of Justice by Poland (C-401/19).
Graduated exemptions are expected to be put in place for new providers, active in the EU for less than three years and with a turnover under EUR 10 million, and with fewer than five million users. The provision is subject to a challenge in the Court of Justice by Poland (C-401/19).
Coverage Content-sharing services
EUROPEAN UNION
Since March 2022
Pillar Content access |
Sub-pillar Blocking or filtering of commercial web content
Council Regulation (EU) 2022/350 of 1 March 2022 amending Regulation (EU) No 833/2014 concerning restrictive measures in view of Russia's actions destabilising the situation in Ukraine
Council Decision (CFSP) 2022/351 of 1 March 2022 amending Decision 2014/512/CFSP concerning restrictive measures in view of Russia’s actions destabilising the situation in Ukraine
Council Decision (CFSP) 2022/351 of 1 March 2022 amending Decision 2014/512/CFSP concerning restrictive measures in view of Russia’s actions destabilising the situation in Ukraine
Through Council Regulation (EU) 2022/350 and Council Decision (CFSP) 2022/351, the EU has sanctioned a number of Russian TV channels, as a result of "Russia's actions destabilising the situation in Ukraine". The sanctions entail the suspension of broadcast licenses and distribution agreements (e.g. over cable) A wide range of operators are supposed not to enable or facilitate the broadcast of any content by these channels including through "IP-TV, internet service providers, internet video-sharing platforms or application". As a result, these channels have been delisted from online search results and their social media accounts are no longer accessible in the EU. (Some of these accounts had already been voluntarily suspended by major digital platforms). Their websites are nevertheless still accessible.
Coverage RT – Russia Today
Sources
EUROPEAN UNION
Since April 2016, entry into force in May 2018
Pillar Domestic Data policies |
Sub-pillar Requirement to perform an impact assessment (DPIA) or have a data protection officer (DPO)
General Data Protection Regulation (Regulation 2016/679)
Since May 2018, the General Data Protection Regulation (GDPR) requires that organizations conducting "regular and systematic monitoring of data subjects on a large scale" or whose activities include the processing of sensitive personal data on a large scale, must appoint a Data Protection Officer (DPO). Previously, only European institutions and bodies were required to appoint at least one person as a DPO, with some Member States imposing such requirements also on private companies. In addition, under the GDPR, Data Protection Impact Assessments (DPIAs) are mandatory for data processing activities likely to result in a high risk to the rights and freedoms of natural persons.
Coverage Horizontal
EUROPEAN UNION
Since April 2016, entry into force in May 2018
Pillar Domestic Data policies |
Sub-pillar Framework for data protection
General Data Protection Regulation (Regulation 2016/679)
The European Union General Data Protection Regulation (GDPR), entered into force in 2018, considerably expands the scope of EU privacy rules. In addition to companies established in the EU, the Regulation applies extraterritorially to companies offering goods or services to data subjects in the EU and companies that monitor the behavior of EU citizens (Art. 3). In addition, there is complementary legislation such as Directive (EU) 2016/680, on the protection of natural persons regarding processing of personal data connected with criminal offences or the execution of criminal penalties, and on the free movement of such data.
Coverage Horizontal
EUROPEAN UNION
Since April 2016, entry into force in May 2018
Pillar Cross-border data policies |
Sub-pillar Conditional flow regime
General Data Protection Regulation (Regulation 2016/679)
The EU's General Data Protection Regulation (GDPR) considerably expands the scope of EU privacy rules. In addition to companies established in the EU, the Regulation applies extraterritorially to companies offering goods or services to data subjects in the EU and companies that monitor the behavior of EU citizens (Art. 3).
The Regulation mandates that data is allowed to flow freely outside the European Economic Area (EEA) only in certain circumstances listed in Chapter 5 of the Regulation. The main conditions for such a transfer are the following: the recipient jurisdiction has an adequate level of data protection; the controller ensures adequate safeguards (for instance, by using model contract clauses, binding corporate rules or other contractual arrangements); the data subject has given his/her consent explicitly; or, the transfer is necessary for the performance of a contract between the data subject and the controller.
The GDPR allows for data transfers to countries whose legal regime is deemed by the European Commission to provide for an “adequate” level of personal data protection. The European Commission has so far recognised Andorra, Argentina, Canada (commercial organisations), Faroe Islands, Guernsey, Israel, Isle of Man, Japan, Jersey, New Zealand, Republic of Korea, Switzerland, the United Kingdom, and Uruguay as providing adequate protection. In addition, the EU-US Data Privacy Framework acts as a self-certification system open to certain US companies for data protection compliance since July 2023.
The Regulation mandates that data is allowed to flow freely outside the European Economic Area (EEA) only in certain circumstances listed in Chapter 5 of the Regulation. The main conditions for such a transfer are the following: the recipient jurisdiction has an adequate level of data protection; the controller ensures adequate safeguards (for instance, by using model contract clauses, binding corporate rules or other contractual arrangements); the data subject has given his/her consent explicitly; or, the transfer is necessary for the performance of a contract between the data subject and the controller.
The GDPR allows for data transfers to countries whose legal regime is deemed by the European Commission to provide for an “adequate” level of personal data protection. The European Commission has so far recognised Andorra, Argentina, Canada (commercial organisations), Faroe Islands, Guernsey, Israel, Isle of Man, Japan, Jersey, New Zealand, Republic of Korea, Switzerland, the United Kingdom, and Uruguay as providing adequate protection. In addition, the EU-US Data Privacy Framework acts as a self-certification system open to certain US companies for data protection compliance since July 2023.
Coverage Horizontal
EUROPEAN UNION
In force since 2021
Pillar Cross-border data policies |
Sub-pillar Participation in trade agreements committing to open cross-border data flows
Trade and Cooperation Agreement between the European Union and the European Atomic Energy Community, of the One Part, and the United Kingdom of Great Britain and Northern Ireland, of the Other Part
The European Union has joined ond agreement with binding commitments to open transfers of data across borders: the Trade and Cooperation Agreement between the European Union and the European Atomic Energy Community, of the One Part, and the United Kingdom of Great Britain and Northern Ireland, of the Other Part (Art. 201).
Coverage Horizontal
EUROPEAN UNION
Since 1997
Pillar Telecom infrastructure and competition |
Sub-pillar Signature of the WTO Telecom Reference Paper
WTO Telecom Reference Paper
The EU has attached the WTO Telecom Reference Paper to its schedule of commitments.
Coverage Telecommunications sector
Sources
- https://docs.wto.org/dol2fe/Pages/FE_Search/FE_S_S009-DP.aspx?language=E&CatalogueIdList=253942,31391,10335,2244,15832,33570,37471,26509&CurrentCatalogueIdIndex=3&FullTextHash=&HasEnglishRecord=True&H...
- https://docs.wto.org/dol2fe/Pages/FE_Search/FE_S_S009-DP.aspx?language=E&CatalogueIdList=253942,31391,10335,2244,15832,33570,37471,26509&CurrentCatalogueIdIndex=0&FullTextHash=&HasEnglishRecord=True&H...
EUROPEAN UNION
Since May 2014
Pillar Telecom infrastructure and competition |
Sub-pillar Passive infrastructure sharing obligation
Directive 2014/61/EU on measures to reduce the cost of deploying high-speed electronic communications networks
Art. 3[2] of the Directive 2014/61/EU establishes that Member States shall ensure that, upon written request of an undertaking providing or authorised to provide public communications networks, any network operator has the obligation to meet all reasonable requests for access to its physical infrastructure under fair and reasonable terms and conditions, including price, with a view to deploying elements of high-speed electronic communications networks. Such written request shall specify the elements of the project for which the access is requested, including a specific time frame.
Coverage Horizontal
EUROPEAN UNION
Since July 2022
Pillar Intellectual Property Rights (IPRs) |
Sub-pillar Mandatory disclosure of business trade secrets such as algorithms or source code
Regulation of the European Parliament and of the Council on a Single Market For Digital Services (Digital Services Act) and amending Directive 2000/31/EC
The Digital Services Act (DSA) envisages research access to data under confidentiality obligations, as well as access to algorithms and explanations by regulators. It is reported that certain requirements in the DSA create uncertainty in relation to trade secret protection as very large online platforms can be under an obligation to open access to their (confidential) data. Article 25 defines very large online platforms as those platforms which reach a number of average monthly active recipients of the service in the Union equal to or higher than 45 million.
Art. 31 of the DSA provides a framework for compelling access to data from very large online platforms to competent national authorities (“Digital Services Coordinators”) to monitor and assess compliance with the Regulation. The Digital Services Coordinator may also request large online platforms to provide access to data to vetted researchers for researching and identifying systemic risks as set out in Art. 26(1). Such a requirement may include, for example, data on the accuracy, functioning and testing of algorithmic systems for content moderation. All requirements for access to data under the framework should be proportionate and appropriately protect the rights and legitimate interests, including trade secrets and other confidential information.
Moreover, according to Art. 31(6) a platform may apply to amend the data request if it will lead to “significant vulnerabilities for the protection of confidential information.”
Art. 31 of the DSA provides a framework for compelling access to data from very large online platforms to competent national authorities (“Digital Services Coordinators”) to monitor and assess compliance with the Regulation. The Digital Services Coordinator may also request large online platforms to provide access to data to vetted researchers for researching and identifying systemic risks as set out in Art. 26(1). Such a requirement may include, for example, data on the accuracy, functioning and testing of algorithmic systems for content moderation. All requirements for access to data under the framework should be proportionate and appropriately protect the rights and legitimate interests, including trade secrets and other confidential information.
Moreover, according to Art. 31(6) a platform may apply to amend the data request if it will lead to “significant vulnerabilities for the protection of confidential information.”
Coverage "Very large online platforms"
Sources
EUROPEAN UNION
Since June 2016
Pillar Intellectual Property Rights (IPRs) |
Sub-pillar Effective protection covering trade secrets
Directive (EU) 2016/943 of the European Parliament and of the Council of 8 June 2016 on the protection of undisclosed know-how and business information (trade secrets)
The Directive on the protection of undisclosed know-how and business information (trade secrets) is key in harmonising national laws concerning trade secrets by:
- ensuring an equivalent level of protection of trade secrets throughout the Union
- introducing a uniform definition of the term "trade secret"
- providing common measures against the unlawful acquisition, use, and disclosure of trade secrets.
At the same time, the Directive contains several exceptions to the protection of trade secrets, e.g. to the advantage of those who reveal misconducts, wrongdoing, or illegal activity if a disclosure of a trade secret serves the public interest.
- ensuring an equivalent level of protection of trade secrets throughout the Union
- introducing a uniform definition of the term "trade secret"
- providing common measures against the unlawful acquisition, use, and disclosure of trade secrets.
At the same time, the Directive contains several exceptions to the protection of trade secrets, e.g. to the advantage of those who reveal misconducts, wrongdoing, or illegal activity if a disclosure of a trade secret serves the public interest.
Coverage Horizontal