Trade in Digital Services

Key facts: 

• Since 1 January 2021, the UK is outside the European Single Market, including digital services.
• This has consequences for the validity of licences, tax treatment and data transfer for providers of digital services.
• In some cases digital service providers will need an EU presence, e.g. appoint a representative, open an office or have an EU-hosted website.
• A digital trade chapter (Part Two, Heading One, Title III: Digital Trade) of the Free Trade Agreement agreed between the UK and the EU sets the terms under which businesses can provide products and services to each other via digital channels, such as over the internet.

Digital services include broadcasting services, telecommunications services, cloud-computing and certain e-services (electronically supplied service). An e-service classifies as a digital service if the sale of digital content is essentially automatic. For example, downloads of stock pictures or a link to downloadable content sent by email. If an e-service is individually commissioned, it is classified as a service or as distance selling. Examples include drafting content, designing websites for a client, booking websites or e commerce.

Summary of the Digital Chapter of the EU-UK Free Trade Agreement

Data flows; the agreement creates a positive obligation in favour cross-border data flows to facilitate trade in the digital economy.

This includes a ban on data localisation meaning UK/EU based companies and public bodies cannot, (unless in very specific circumstances) require data used when providing a product or service to be stored in a specific jurisdiction. The agreement also prevents one party, as a prerequisite to doing business, requesting to see the source code of applications used to provide a good or service.

Electronic contracts, signatures and providing services digitally; for the vast majority of services the agreement gives equal treatment to electronic signatures and electronic documents versus paper-based documents. The agreement also contains clauses that mean services can be provided digitally by default without requiring prior authorisation.

Please note there are some specific exceptions, for example certain kinds of legal services, gambling services and broadcasting services. A full list of exemptions can be found in the digital trade chapter.

Consumer protection, data protection and online harms; the digital trade chapter places obligations on companies to ensure the protection of consumers engaging in e-commerce as well as ensuring consumer protection bodies can cooperate and enforce breaches of UK and EU consumer rights. There are also additional clauses to protect individuals against unsolicited direct marketing communications.

The digital trade chapter contains a commitment for both sides to ensure high standards of personal data protection and does not limit the ability of the UK or EU from taking policy action to protection privacy or to regulate online harms.

Emerging technology and cooperation; the digital trade chapter contains a positive obligation for the UK and EU to cooperate on the development of emerging technologies such as (but not limited to) AI and quantum computing.

The digital trade chapter also contains a number of other obligations for cooperation as well as review clauses so that the chapter as a whole (or parts of it) can be updated in future, for example to adjust to new technological developments or evolutions in the way UK and EU companies engage in digital trade.

Customs duties on electronic transmissions: as the electronic transmissions shall be considered to be the supply of services under the agreement, parties will not impose customs duties on electronic transmissions.

For guidance and information on providing digital, technology and computer services between the UK and EU after the transition period, please refer to the UK Government guidance on the digital, technology and computer services sectors from January 2021: https://www.gov.uk/government/collections/the-digital-technology-and-computer-services-sectors-from-january-2021.

Following the end of the transition period, businesses that provide digital services and e-services may face changes with regard to their licences, handling of VAT and data transfers. The audiovisual sector will lose its capability to stream in EU countries if they don’t have a presence there.

While we cannot recommend any specific service or provider for appointing a representative, a number of providers can be found online. Their fees are usually charged in proportion to the amount of business you carry out.

VAT rules in relation to digital services

With regard to VAT, the place of supply of digital services will be where the customer is located and the €10,000 (£8,818) sales threshold, above which you had to register for VAT in the EU, will no longer apply. Therefore, UK businesses supplying digital  services to customers in the EU have to either:

• Organise a VAT presence in one EU country and use the VAT Mini One Stop Shop (VATMOSS) to sell in the rest of the EU;
• Register in all the different countries of their customers;
• Use the Non-Union VATMOSS scheme.

The legal basis for holding personal data from EU clients may become a problem. The EU is currently considering whether the UK’s data protection rules are “adequate” to allow unrestricted data transfer.  The EU should make a decision on data adequacy within 4 to 6 months. In the meantime businesses need to continue to apply GDPR standards and also consider the ICO guidance on how to keep data flowing from the EU to the UK.

Telecoms, mobile roaming and net neutrality

The EU-UK Free Trade Agreement supports an open approach to the telecoms market, for example both UK and EU providers will have access to and use of each other’s telecom’s networks, including not having to wait for prior authorisation before they begin to deliver services.

Additional information for telecoms and information services providers can be found here.

Roam like at home ended on 1 January 2021. This means that individual mobile providers will need to determine whether roaming fees are charged to customers. The agreement contains a number of commitments to support consumers such as creating obligations for the transparent publishing of any roaming chargers as well as encouraging cooperation between providers.

The agreeement creates obligations on net neutrality this underpins commitments to an open internet, however it does not prevent either the UK or EU from taking action to protect the safety of internet users.

Cybersecurity

The UK-EU Free Trade Agreement also creates a framework for UK-EU cooperation in the field of cybersecurity as well as the UK’s participation in the activities of expert bodies such as the European Union Agency for Cybersecurity (ENISA) and the Network and Information Systems (NIS) Cooperation Group as well as voluntary cooperation with the EU’s Computer Emergency Response Team (CERT-EU).

In addition to above other issues that may be relevant for digital service providers are Geoblocking, Broadcasting, Information security, Intellectual Property and eu-Domain names.

To do

• Familiarise yourself with the UK Government guidance on the digital, technology and computer services sector from January 2021.
• Read the digital trade chapter (Part Two, Heading One,Title III: Digital Trade) of the EU-UK Free Trade Agreement) of the Free Trade Agreement.
• Check the ICO website on complying with GDPR.

What’s next?

If your UK business provides digital services in the EU, or has European customers or monitors online behaviour of individuals, you will need to comply with the EU data protection regime and in most cases you will also need to appoint a GDPR representative in the EU. You need to do this in writing, following the formal process set by the country you are working in.  You will need to state that you have designated a representative may act on your behalf.  You should tell the ICO that you have appointed a representative in another country.

As a sensible precaution, during the bridging mechanism (i.e. 4 to 6 months period whilst EU is deciding on the UK data adequacy), it is recommended that you work with EU organisations who transfer personal data to you to put in place alternative transfer mechanisms to safeguard against any interruption to the free flow of EU to UK personal data.  For most organisations, the most relevant of these will be Standard Contractual Clauses (SCCs). The ICO also provides more detailed guidance on what actions might be necessary and an interactive tool that allows you to build SCCs.

You should also check whether your company is a ‘relevant digital services provider’ in the UK under the NIS (The Network and Information System) UK Regulations.  A digital service provider is a relevant digital service provider (RDSP) if it meets the following 3 criteria:

• 50 or more staff, or a turnover of more than €10m per year, or a balance sheet total of more than €10m per year
• its main establishment is in the UK or it has nominated a representative in the UK or EU
• it offers services in the EU

If your UK company is the RDSP, Under the NIS Regulations, RDSPs must:

• register with the ICO
• have appropriate and proportionate security measures in place to manage risks to the network and information systems that support their service
• notify incidents to the ICO, where those incidents have a substantial impact on the provision of their service

If your UK business does not have presence in the EU and you are not an EU citizen and if you are providing digital services to the EU customers, you will not be able to continue using your .eu domain or to register a new one and your existing .eu domain will be withdrawn.  You should discuss with your local domain name registrar whether to transfer your internet domain to another top level domain.  For more information please refer to the UK Government guidance on registering and renewing .eu domain names in the UK.