On September 15, 2022, the European Commission published a draft regulation that sets out cybersecurity requirements for “products with digital elements” (PDEs) placed on the EU market—the Cyber Resilience Act (CRA). The Commission has identified that cyberattacks are increasing in the EU, with an estimated global annual cost of €5.5 trillion. The CRA aims to strengthen the security of PDEs and imposes obligations that cover:

  1. the planning, design, development, production, delivery and maintenance of PDEs;
  2. the prevention and handling of cyber vulnerabilities; and
  3. the provision of cybersecurity information to users of PDEs.

The CRA also imposes obligations to report any actively exploited vulnerability as well as any incident that impacts the security of a PDE to ENISA within 24 hours of becoming aware of it.

The obligations apply primarily to manufacturers of PDEs, which include entities that develop or manufacture PDEs as well as entities that outsource the design, development and manufacturing to a third party. Importers and distributors of PDEs also need to ensure that the products comply with CRA’s requirements.

Continue Reading EU Publishes Draft Cyber Resilience Act

There have been several recent developments in international efforts to combat trade in goods made with forced labor, with important implications for responsible sourcing and global trade compliance programs.

On September 14, 2022, the European Commission (“Commission”) published a proposal to ban products made with forced labor from the EU market. The proposal notably goes beyond banning the importation of such products and would also create a ban on the export of products produced with forced labor and require their withdrawal from the EU market.

Meanwhile, enforcement by U.S. Customs and Border Protection (“CBP”) of the U.S. forced labor import prohibition has continued to intensify, including under the Uyghur Forced Labor Prevention Act (“UFLPA”). In early August 2022, CBP clarified the process for updating the UFLPA Entity List. In addition, CBP recently announced that it intends to integrate forced labor compliance requirements into the Customs Trade Partnership Against Terrorism (“CTPAT”) “trusted trader” program.

We discuss these developments and their implications below.

EU Forced Labor Product Ban

The European Commission has proposed a Regulation prohibiting products made with forced labor from being imported to, exported from, or sold in the EU, following an announcement by Commission President Ursula von der Leyen during her State of the Union address in September 2021.

The Commission’s proposal is the first step in the EU’s formal legislative process. The Regulation will now have to be agreed by the European Parliament and Council to become law, following which there will be an agreed delay—the Commission has proposed two years—before it applies in EU Member States. As it usually takes at least 12 months, and often closer to 18 months, for the European Parliament and Council to agree on a legislative text after a proposal by the Commission is published, it is unlikely that the Regulation will be adopted before the end of 2023, and it is therefore unlikely to become applicable earlier than late 2025.

Continue Reading Breaking Developments in Forced Labor Trade Enforcement—the EU’s Proposed Forced Labor Product Ban and Recent Developments in U.S. Customs Enforcement

On 22 June 2022, the EU’s General Court (“GC”) fully dismissed thyssenkrupp’s appeal against the European Commission’s (“Commission”) decision to block its proposed joint venture (“JV”) with Tata Steel in 2019.

This is the first time that the GC has considered the prohibition of a “gap” case under the EU Merger Regulation (“EUMR”) since it annulled the Commission’s prohibition of CK Hutchison’s proposed acquisition of Telefónica UK (O2) in 2020 (“CK Hutchison”) (see our previous blog post here). A “gap” case is a merger in an oligopolistic market that does not result in the creation or strengthening of an individual or collective dominant position. Rather, it risks causing a “significant impediment to effective competition”.

This result may indicate a return to a more traditional approach by the GC as regards “gap” cases than that demonstrated in the CK Hutchison judgment. The judgment also provides helpful guidance on the interpretation of the EUMR and other legal instruments (such as the Market Definition Notice and the Notice on Remedies). The key findings are:

Continue Reading EU General Court Upholds Tata Steel/thyssenkrupp JV Prohibition

Gazprom reduces supplies again

Gazprom’s 27 July decision to reduce the gas it supplies through Nord Stream 1 to 33 mcm means it is now delivering just one-fifth of the pipeline’s capacity. This reduction ensures Europe will continue paying (ever higher prices) for (just enough) Russian gas in order to service its day-to-day needs, whilst leaving insufficient extra to fill storage units before the winter (in late June, the Commission mandated that EU gas storage facilities should be 80% full by 1 November).  The Gazprom reductions come against the backdrop of a historically hot summer, where consumer demand, including for air conditioning, is significantly higher than normal[i].

Ironically, given the IPPC report and COP27 at the end of the year, the major beneficiary of the Russian gas supply crunch appears to be coal: the IEA forecasts a 7% rise in global coal consumption to reach the all-time record set in 2013, with electricity demand for coal likely to increase by as much as 16%.

Continue Reading Europe’s Gas Crisis

 On 30 June 2022, the Council of the EU (the “Council”) and the European Parliament (the “Parliament”) reached a much awaited agreement on the proposal of the European Commission (the “Commission”) for the Regulation on foreign subsidies distorting the internal market (the “FSR”) (see our alert on the proposal). This political agreement swiftly concludes the trilogue discussions initiated in the beginning of May this year, after the Council (see our blog post) and the Parliament (see our blog post) each adopted their own positions. The agreement has been approved by the Permanent Representatives Committee (“COREPER”) of the Council on 13 July and the Committee on International Trade of the European Parliament on 14 July.

The FSR grants substantial new powers to the Commission and “will help close the regulatory gap whereby subsidies granted by non-EU governments currently go largely unchecked”, according to remarks from Executive Vice-President of the Commission, Margrethe Vestager. It will be deeply transformative for M&A and public procurement in the EU.

The agreement on the FSR did not lead to any major changes in the proposal made by the Commission. The most notable points of discussion between the Parliament and Council and the outcome of this agreement are:

  • The thresholds above which companies are obliged to inform the Commission about their foreign subsidies remain unchanged compared to the Commission’s proposal;
  • The time period in which the Commission has to investigate foreign subsidies in large public procurement has been reduced. In the same way, the retroactive application of the FSR has been limited to foreign subsidies granted in the five years prior to the application of the regulation;
  • The Commission will issue guidelines on the existence of a distortion, the balancing test and its power to request notification of non-notifiable transactions, at the latest three years after the entry into force of the FSR; and
  • A commitment to a multilateral approach to foreign subsidies above the FSR and the possibility for the Commission to engage in a dialogue with third countries has been included.


Continue Reading The Council of the EU and the European Parliament agree on the Foreign Subsidies Regulation

In late June, the European Council (leaders from the 27 EU Member States) granted Ukraine and Moldova the status of “candidate countries” for EU membership, and promised Georgia the same once it meets certain conditions. What are the practical consequences of this seminal decision?

In short, the process of preparing for membership in the European Union is fundamentally political and tailored to each specific country and historical moment. For instance, no country in the EU’s history had to simultaneously wage war to defend its homeland and independence while on the accession path. Although there are various precedents, accession criteria, pre-existing funding streams, and established processes, the scale, type, and duration of benefits available to Ukraine from the EU accession path will be unique. As important as the psychological boost to Ukraine from the EU’s political signal, the tangible benefits from Ukraine’s candidacy status will be invaluable.

Historical Precedents

Notwithstanding four earlier rounds of enlargement in the 1970s-1990s (Denmark, Ireland, UK, Greece, Portugal, Spain, Austria, Finland, and Sweden), significant EU pre-accession funding started with the enlargement process across Central and Eastern Europe (CEE) after the end of the Cold War. The first major program, PHARE (Poland and Hungary Assistance for Restructuring their Economies), launched in 1989 to cover these two countries and soon expanded to eight other candidate countries to prepare them for EU membership. It distributed about €16 billion between 1990 and 2006.  There were also two targeted funding programs for the environment and transport (ISPA) as well as agriculture (SAPARD), which distributed an additional €5 billion.

Continue Reading Ukraine’s EU Accession Process

On June 23, 2022 the Italian data protection authority (“Garante”) released a general statement (here) flagging the unlawfulness of data transfers to the U.S. resulting from the use of Google Analytics.  The Garante invites all Italian website operators, both public and private, to verify that the use of cookies and other tracking tools on their websites is compliant with data protection law, in particular with regards to the use of Google Analytics and similar services. 

The Garante’s statement follows an order (here) issued against an Italian website operator to stop data transfers to Google LLC in the U.S., and joins other European data protection authorities in their actions relating to the use of Google Analytics (see our previous blogs here and here).

Below we summarize the Garante’s key considerations.

  • Google Analytics’ “IP Anonymization” feature

The Garante analyzes Google Analytics’ so-called “IP-Anonymization” feature, which allows the transfer of user IP addresses to Google Analytics after masking the IP address’ last octet.  The Garante finds that such feature constitutes a pseudonymization of the IP address, and not anonymization.  According to the Garante, the feature does not prevent Google LLC from re-identifying the user, given Google’s capabilities to enrich such data through additional information it holds, especially in circumstances where those users maintain and use a Google account.

Continue Reading Italian Garante bans use of Google Analytics

On 30 May 2022, the European Union (“EU”) adopted the revised Regulation on guidelines for trans-European energy infrastructure (No. 2022/869) (the “TEN-E Regulation 2022”), which replaces the previous rules laid down in Regulation No. 347/2013 (the “TEN-E Regulation 2013”) that aimed to improve security of supply, market integration, competition and sustainability in the energy sector. The TEN-E Regulation 2022 seeks to better support the modernisation of Europe’s cross-border energy infrastructures and the EU Green Deal objectives.

The three most important things you need to know about the TEN-E Regulation 2022:

  • Projects may qualify as Projects of Common Interest (“PCI”) and be selected on an EU list if (i) they fall within the identified priority corridors and (ii) help achieve EU’s overall energy and climate policy objectives in terms of security of supply and decarbonisation. The TEN-E Regulation 2022 updates its priority corridors to address the EU Green Deal objectives, while extending their scope to include projects connecting the EU with third countries, namely Projects of Mutual Interest (“PMI”).
  • PCIs and PMIs on the EU list must be given priority status to ensure rapid administrative and judicial treatment.
  • PCIs and PMIs will be eligible for EU financial assistance. Member States will also be able to grant financial support subject to State aid rules.


Continue Reading The European Union adopted new rules for the Trans-European Networks for Energy

Last month, the U.S.-EU Trade and Technology Council (TTC) met in Paris-Saclay for the second time since its launch in June 2021. (The first ministerial took place in Pittsburgh in September. France hosted this session as holder of the rotating presidency of the Council of the EU.) The meeting was co-chaired by Secretary of State Blinken, Secretary of Commerce Raimondo, and U.S. Trade Representative Tai, and European Commission Executive Vice Presidents Vestager and Dombrovskis. European Commissioner Breton also joined the discussions and the French ministers for foreign affairs, economy, and trade (Le Drian, Le Maire, and Riester) hosted the opening dinner.

The TTC is a new model of economic integration through regulatory coordination. Although both sides reserve their “regulatory autonomy,” they have also invested significant political capital, time, and effort into this process. The TTC spans broad policy areas including tech standards, climate, supply chains, export controls, and investment screening. It operates through ten working groups, which meet at staff working levels and seek input from outside stakeholders. For instance, the European Commission sponsors a “Trade and Technology Dialogue” facility to conduct outreach to the private sector and civil society. Through this technical work, the TTC’s aim is to shape the “rules of the road” for the global economy to favor liberal democracies, leveraging the transatlantic community’s half of global GDP. The ministerials set the themes and political direction for the working groups.

Against the backdrop of Russia’s ongoing aggression against Ukraine, the U.S. and EU noted that the TTC has become a “central pillar” of the transatlantic partnership, “indispensable” in facilitating coordination on sanctions and export controls. It will serve as a forum to monitor and discuss the Russia sanctions and may coordinate their eventual removal. Indeed, the TTC has arguably become more of a geopolitical tool than originally intended. Its 48-page joint statement reflects the breadth and depth of the underlying discussions and signals various future policy directions.

Continue Reading U.S.-EU Trade and Tech Council: Paris Takeaways and Next Steps

On 22 March 2022, the European Court of Justice (“ECJ”) issued two separate preliminary rulings – Bpost and Nordzucker – which clarify how the protection against double jeopardy (“non bis in idem principle”) should be applied in instances where an identical competition law infringement is sanctioned in parallel investigations, either by different regulatory authorities of the same EU Member State or by multiple national competition authorities (“NCAs”) from different EU Member States.

The key takeaways from the two judgments are as follows:

  • the non bis in idem principle applies to competition law due to the criminal aspect embedded in the relevant administrative penalties;
  • the non bis in idem principle only applies if the facts are identical – a mere reference to a fact in a decision is not sufficient to demonstrate that an authority has ruled on that element;
  • different national authorities can impose fines for an identical infringement if the legislation on which they rely pursues complementary objectives;
  • the non bis in idem principle also applies to situations where an NCA has granted leniency to a company such that only a declaratory finding infringement (without fine) can be made.

Background

In Bpost, the ECJ  examined whether the Belgian NCA could impose a fine on Bpost for an abuse of a dominant position (through the application of a rebate system) even though Bpost had already been fined for the same rebate system by the Belgian postal regulator.

Continue Reading European Court of Justice clarifies scope of protection against double jeopardy in successive antitrust investigations