Renuka Kukanesen will shortly be joining the Communications Department of Bird & Bird as an assistant solicitor. The author gratefully acknowledges the contributions to this article made by Jack Evans of FTyourmoney.com (The Financial Times) and Mauro Miranda of the College of Europe in Brugge. Jack Evans is a project development manager at www.FTyourmoney.com, the online Personal Finance arm of The Financial Times. Mauro Miranda is on scholarship to the College of Europe in Brugge where he is completing his Masters in European Competition Law. Queries to any of the above can be sent by e-mail to: now_law@yahoo.co.uk
As Europe moves into the cyberage, equipping legislation to accommodate the scale of progress has become a governmental priority. In the UK, e-commerce minister Patricia Hewitt has been clear about the government’s ambition to facilitate rather than restrict the growth of Internet trade. ‘Only light-touch regulation can keep up with what’s happening in the market,’ Ms. Hewitt told Lancashire farmers in May in a speech about how a business that predated the industrial revolution could cope with technology this century. The reflection of this step-lightly approach in UK legislation, on the other hand, is not entirely apparent. While the Electronic Communications Act 2000 looks set to facilitate the growth of Internet transactions, the looming Regulation of Investigatory Powers Bill seems likely to have the opposite effect. Still more trouble lies ahead in the form of the pending European Directive on ‘certain legal aspects of information society services, in particular electronic commerce, in the internal market’ (the proposed Directive on electronic commerce). Overall, the situation is not as rosy as the authorities would like to suggest.
UK Legislation
The Electronic Communications Act 2000 which received Royal Assent on 25 May, is certainly a model example of the ‘light-touch regulation’ which the government is seeking to introduce. In line with the tread-gently approach, the scope of the new Act is relatively modest. Chiefly, it allows for wider use of electronic communications and transactions. The government’s new powers allow it to amend existing legislation to allow e-communications where writing was formerly either requisite or the norm.1 The courts are now enabled to accept electronic signatures as evidence. Although the Act also makes provision for a registry for cryptography service providers, registration is entirely by choice. There had been concerns at one stage that the new Act would allow the government to adopt a Big Brother role through its ‘key escrow’ scheme (encryption keys held on trust by a third party could have been demanded under warrant by law enforcement agencies). Key escrow is now expressly forbidden in the Act. On the other hand, the new Regulation of Investigatory Powers Bill, seemingly being rushed through Parliament at present, has resurrected fears of governmental interference. The new Bill could require Internet service providers to intercept electronic communications on behalf of state security and law enforcement agencies. Although encryption keys will not be held by third parties, businesses or individuals could be forced, under warrant, to release these keys or unscramble coded messages, or risk up to two years in jail. Those found guilty of ‘tipping-off’ suspect businesses could face similar penalties. The British Chambers of Commerce warns that the measures could expose City firms, leaving them vulnerable to civil suits for breach of trust.
The Pending Directive
Still more troubling for electronic commerce could be the fact that some basic issues of contract law and aspects of tortious liability (not discussed in detail here) have yet to be settled at European level. By the time this article goes to print, the proposed Directive on Electronic Commerce should have been signed by the European Parliament and Council (early June) and should accordingly be due to be implemented in Member States within the next 18 months. Notes accompanying the Electronic Communications Act 2000, when it was still at Bill stage before the Lords, attributed to the proposed Directive the function of ‘simplifying and clarifying rules of establishment … to ensure consistency in approaches to commercial communications’. Certainly, the Directive attempts to take an umbrella approach to Web-commerce. It sets its sights on five broad areas:
• regulation of e-business
• requirements imposed on commercial communications made on the Web
• recognition of e-contracts
• limitation of liability for ISPs
• enforcement mechanisms.
These provisions are problematic in a variety of respects. Of these, it seems likely that e-contract recognition issues and the regulation of e-business in particular will create difficulties for electronic commerce.
Take the recognition of e-contracts. The proposed Directive declares electronic contracts valid – but fails to define what constitutes a definitive contract on the Web. Earlier versions of the Directive proposed a four-stage procedure: offer, acceptance, acknowledgement and confirmation of acknowledgement, but these provisions have since been dropped. Instead, Article 9 now enjoins Member States to:
‘ensure that their legal system allows contracts to be concluded by electronic means. Member States shall in particular ensure that the legal requirements applicable to the contractual process neither create obstacles for the use of electronic contracts nor result in such contracts being deprived of legal effectiveness and validity on account of their having been made by electronic means.’
Article 10 imposes on Member States the duty to ensure that parties who are not consumers make clear the different technical steps to follow to conclude the contract. Overall, the Directive will not make clear when exactly a contract is made, leaving this open to the Member States to decide. Yet, the Electronic Communications Act 2000, which provides for electronic signatures to be recognised in courts of law, has received Royal Assent – before the government has taken the preliminary step of providing guidance as to exactly how and when contracts become binding. The potential result is that a flurry of new e-contracts will be created online at a time when it is not yet clear what in fact constitutes a done deal.
Regulatory Law
The other potential problem that will affect the new Act arises from the proposed Directive’s provisions with respect to the applicable regulatory law. It is not exactly clear which country is to regulate which e-businesses. Article 3.1 of the proposed Directive provides:
‘Each Member State shall ensure that the Information Society services provided by a service provider established on its territory comply with the national provisions applicable in the Member State in question which fall within this Directive’s co-ordinated field.’
The problem with this provision is the definitions provided in Article 2. These make it difficult to relate Article 3.1 to the way the Web actually works in practice. Article 2 defines a ‘service provider’ as ‘any natural or legal person providing an information society service’; but an ‘established service provider’ is a service provider who ‘effectively pursues an economic activity using a fixed establishment for an indefinite period’. ‘Established’ effectively means ‘fixed’ or physically established. This fixed place is not supposed to include the physical location from which the site is posted or the area where the data is stored.2 These definitions seem to insist on there being a physical establishment at which economic activity is carried out before the business is allowed to set up a Web site. Yet physical location can become an entirely meaningless concept in Web transactions in two situations. The first is where the economic activity in question can be said to take place at a multitude of points. A seller of goods or services can have his team spread across Europe (or even the world) and in no one State can the dominant field of economic activity be said to occur. Second, if one argues that ‘shopping’ is in fact the primary economic activity, then the economic activity occurs where the buyer has physically downloaded his site, wherever in the world that may be.
Anticipating criticism, the Proposal acknowledges in the recitals that it would be naive to expect that, with Web-commerce, there is only one place within one territorial boundary where economic activity occurs. Yet it eschews the obvious way to eliminate uncertainty – accepting that the applicable regulatory law would be that of the State in which the Web site is registered. In every case, the relevant State of registration would clearly be reflected in the company’s two-letter Top Level Domain (TLD), e.g. – .uk or .de. Nor would one encounter problems of co-operation on an international level as over 200 countries now have domain name registries. The difficulty with what in fact seems a simple solution is chiefly political. At present, the most sought-after domain names are visually ‘stateless’ (.org .net and .com) but are in reality TLDs registered in the United States. This would make US regulatory law applicable to the Web site in question. A great swathe of Web sites would accordingly be free from any European regulation even where the originating company or organisation possessed an obviously European base.
It is clear that, in the attempt to ward off the threat of US regulatory supremacy, the proposed Directive has eschewed the TLD route. It prefers instead the concept of ‘centring’ or giving precedence to the dominant place where the economic activity is centred. In the recitals, it is stated that:
‘ … In cases where it is difficult to determine from which of several places of establishment a given service is provided, this is the place where the provider has the centre of his activities relating to this particular service.’
The proposed Directive leaves the concept of ‘establishment’ to be determined by recourse to the case law of the Court of Justice. It could well be that a determining governmental authority and interstate consultancy procedures will be come into being at a later stage; in the intervening period, companies will undoubtedly be confused as to with whom their allegiances are meant to lie.
Strategy
In this climate of rapid progress, concerned legal practitioners can alert clients to future problems by drawing attention to the troublesome provisions in the pending Directive. It might be worth discussing the issue of where to consider a client’s business ‘centred’. Assistance in interpreting the concept of ‘centring’ might be had by looking at ECJ case-law on establishment. Businesses dealing with consumer contracts should be warned to make it clear to their customers how exactly to complete an Internet deal.
Practitioners should also try to anticipate the concerns of industry and, in particular, the proposals of the Alliance for Electronic Business (AEB), a grouping which includes such influential business confederations as the FEI, the CBI, CSSA, DMA and the ECA. The Electronic Communications Act 2000 has been welcomed by the AEB (which is developing a scheme for an industry-led registry of cryptography service procedures – the T-scheme). On the other hand, the Regulation of Investigatory Powers Bill is being strongly resisted. The concern there is that the financial services sector in particular will be affected as they may legally be compelled to breach a client’s trust. Legal advice may be sought as to how best to deal with this potential minefield.
As legislation continues to arrive on a local and European level, various uncertainties and difficulties will plague e-commerce practitioners and their clients in the months to come. Vigilance and a sensible hands-on approach are strongly recommended.
Endnotes:
1. Details of proposed changes to legislation can be found at the DTI’s Web site at: www.publications.parliament.uk/pa/cm199900/cmhansrd/cm000524/text/00524w13.htm#00524w13.htmlspnew0).
2. Article 2(c) states that: ‘The presence and use of the technical means and technologies required to provide the service do not constituted an establishment of the provider’.
