The European Central Bank Crypto-Assets Task Force Occasional Paper on Crypto-Assets

By Jonathan Cardenas

In May 2019, the European Central Bank (“ECB”) Crypto-Assets Task Force (the “Task Force”) published an Occasional Paper on the potential risks posed by crypto-assets to financial stability, monetary policy and financial market infrastructures in the euro area.^[1]  The Occasional Paper analyzes the extent to which current regulatory and financial oversight frameworks provide an adequate mechanism for the containment of risk posed by crypto-assets.  This article provides a brief summary of the Task Force’s regulatory analysis and policy recommendations.

 

1. Role of the ECB Crypto-Assets Task Force

The Task Force was established in March 2018 to monitor the development of crypto-assets and to assess the potential risk posed by crypto-assets to the stability of the European financial system, including the potential impact on European payment systems.  The work of the Task Force is centered around three pillars: (1) the characterization of crypto-assets and related activities, (2) the monitoring of crypto-assets and related activities, including monitoring of channels that could potentially transmit crypto-asset risk to the euro area and European economy at large, and (3) the identification of potential control measures to mitigate risks posed by crypto-assets. The Task Force’s overall objective is to contain any adverse impact of crypto-assets on the use of the euro, European monetary policy and the stability of the European Union (“EU”) financial system as a whole.

The Task Force’s analysis serves as a basis for ECB contributions to regulatory policy discussions with the European System of Central Banks, the EU institutions, EU Member State financial regulatory authorities, and internationally.  It also complements work on crypto-assets already undertaken by other financial sector authorities around the world, including the G7, G20 and Financial Stability Board, all of which are focused on crypto-asset implications for global financial stability.

 

1. Occasional Paper Overview

The Occasional Paper provides a balanced look at the crypto-asset phenomenon, recognizing that crypto-assets pose risk with respect to money laundering, terrorism financing and consumer protection, while also acknowledging that the distributed ledger technology that underpins crypto-assets could potentially increase the efficiency of financial intermediation and of the financial system as a whole.  In the Occasional Paper, the Task Force offers a characterization of crypto-assets which forms the basis of its analysis; it describes trends linking crypto-assets to financial markets; it assesses the potential impact of crypto-assets on European monetary policy and financial stability; and, it identifies gaps in crypto-asset regulation.

 

III. Characterization of Crypto-Assets

The Task Force recognizes that there is currently no international consensus on how to define a crypto-asset.  With this in mind, the Task Force defines a crypto-asset for purposes of its analysis as “a new type of asset recorded in digital form and enabled by the use of cryptography that is not and does not represent a financial claim on, or a liability of, any identifiable entity.”^[2]  In characterizing crypto-assets, the Task Force creates a distinction between what it refers to as the “infrastructure layer” and “asset layer” of a crypto-asset.^[3]  The infrastructure layer is comprised of the software that underpins crypto-assets, namely distributed ledger technology.  With respect to the asset layer, the Task Force describes this layer as the “sole focus”^[4] of its analysis and acknowledges that although crypto-assets “derive their novelty and specific risk profile, particularly their inherent high volatility, from the absence of an underlying fundamental value,”^[5] crypto-assets can be considered valuable by crypto-asset users as an investment and/or means of exchange, and could therefore be considered an asset.

 

1. Trends Linking Crypto-Assets to Financial Markets

According to data gathered by the Task Force, an important share of bitcoin trading volume is settled in euro, implying that the euro area’s exposure to crypto-assets is “non-negligible.”^[6]  However, the Task Force states that there are no indications that banks have systemically-relevant holdings of crypto-assets at the present time.  The combined indirect exposure of banks to crypto-assets via exchange-traded notes and contracts for differences, for example, did not exceed 20,000 EUR at the end of Q3 2018.^[7]  Notwithstanding the fact that current links between crypto-assets and the traditional financial sector are limited, the Task Force recognizes that these links could increase in the future as a result of recent market trends including the growth of futures contracts linked to bitcoin prices, as well as strong hedge fund and asset manager interest in crypto-asset based products.  The Task Force states that euro area financial stability concerns could potentially arise in the future should the financial sector’s exposure to crypto-assets increase as a result of these developments.

 

1. Financial Risk Assessment
2. Monetary Policy

According to the Task Force, crypto-assets do not currently have a significant impact on monetary policy because they do not fulfill the traditional functions of money.^[8]  The Task Force predicts that it will be difficult for crypto-assets to fulfill the traditional functions of money in the near future due to (1) the high price volatility of crypto-assets, (2) the absence of central bank backing of crypto-assets, and (3) the reportedly low number of merchants that allow goods and services to be purchased with crypto-assets, which collectively prevent crypto-assets from being used as substitutes for cash and deposits.  Should crypto-assets become more widely adopted and serve as a credible substitute for cash and deposits in the future, monetary policy implications could potentially materialize.

1. Financial Stability

The Task Force also states that crypto-assets do not currently pose a material risk to the financial stability of the euro area because their combined value is small relative to the overall size of the financial system.  Nevertheless, the Task Force recognizes that there is currently no adequate means from a prudential regulation standpoint by which to address future crypto-asset risk.  As such, this gap in prudential regulation should be filled at the present time while crypto-assets do not pose systemic risk.  Clarifying how crypto-assets are treated under accounting rules would provide one step forward in this direction.

 

1. Regulatory Gap Analysis

The Task Force recognizes that there is no international consensus at present as to how crypto-assets should be regulated. Given the global reach of the crypto-asset phenomenon, however, inconsistent and uncoordinated regulatory approaches could lead to ineffective regulation and provide incentives for regulatory arbitrage.   The Task Force suggests that EU level regulation of crypto-asset gatekeeping businesses, such as crypto-asset custody and trading/exchange services, could allow crypto-asset risk to be addressed at the points at which crypto-assets enter the financial system and could thereby help to avoid “disjointed regulatory initiatives”^[9] at the EU Member State level.  The Task Force also makes clear, however, that regulation of crypto-asset gatekeepers could have unintended negative consequences for the financial system by unintentionally creating a perception that crypto-asset businesses are legitimate.

 

1. Conclusion

The Task Force concludes that the current the level of risk associated with crypto-assets is “limited and/or manageable”^[10] and that crypto-assets do not “currently pose an immediate threat”^[11] to the financial stability of the euro area.  Since crypto-assets could become more deeply integrated in the European financial system in the future, however, the crypto-asset sector requires careful monitoring of potential future risks that crypto-assets could transmit to the European financial system.  In this regard, it is important that the ECB continue to monitor the crypto-asset phenomenon and develop preparedness for future adverse scenarios in cooperation with other financial sector authorities in Europe and around the world.

[1] European Central Bank Crypto-Assets Task Force, “Crypto-Assets: Implications for financial stability, monetary policy, and payments and market infrastructures,” Occasional Paper Series No. 223, May 2019. Available at: https://www.ecb.europa.eu/pub/pdf/scpops/ecb.op223~3ce14e986c.en.pdf

[2] Id. at p. 3.

[3] Id. at p. 6.

[4] Id. at p. 6.

[5] Id. at p. 3.

[6] Id. at p. 15.

[7] Id. at p. 18.

[8] See Yves Mersch, “Virtual or virtueless? The evolution of money in the digital age,” Official Monetary and Financial Institutions Forum, 8 February 2018.  Available at: https://www.ecb.europa.eu/press/key/date/2018/html/ecb.sp180208.en.html.

[9] ECB Crypto-Assets Task Force Occasional Paper No. 223 (May 2019) at p. 4.

[10] Id. at p. 31.

[11] Id. at p. 3.

The European Commission Issues Draft Legislation on E-evidence

By Nikolaos Theodorakis

Electronic evidence refers to various types of data in an electronic form that are relevant in investigating and prosecuting criminal offences. This includes content data that are often stored on the servers of online service providers, and other categories of data, such as subscriber data or traffic information regarding an online account. Such data is often essential in criminal investigations to identify a person or to obtain information about their activities.

More than half of all criminal investigations currently include a cross-border request to access electronic evidence (“E-evidence”) such as texts, e-mails or messaging apps. Electronic evidence is needed in around 85% of criminal investigations, and in two-thirds of these investigations there is a need to request evidence from online service providers based in another jurisdiction.

 

The Proposal

The European Commission (“Commission”) is therefore proposing new rules which will make it easier and faster for police and judicial authorities to access the electronic evidence they need in order to prosecute criminals.

For this purpose, the Commission recently proposed new rules, both a Regulation and a Directive, which include the following components:

• European Production Order: this will allow a judicial authority in a Member State to obtain electronic evidence directly from a service provider in another Member State. The provider needs to respond to requests for e-evidence within 10 days, or within 6 hours in cases of emergency. This timeline is significantly lower compared to the 120 days’ timeline for the existing European Investigation Order, or the average of 10 months for a Mutual Legal Assistance Procedure;
• European Preservation Order: this allows a judicial authority to request that a service provider or its legal representative preserve specific data for the purposes of a consequent request to provide data via mutual legal assistance, a European Investigation Order or a European Production Order;
• Stronger safeguards: the new rules guarantee strong protection of fundamental rights, including safeguards for personal data protection. The service providers and persons whose data is being sought will benefit from various safeguards and be entitled to legal remedies;
• Legal representatives in the EU: to ensure that all providers that offer services in the EU are subject to the same obligations, even if their headquarters are in a third country, they are required to designate a legal representative in the EU for the receipt of, compliance with and enforcement of decisions and orders;
• Provide legal certainty for businesses and service providers: law enforcement currently often depends on the good will of service providers to hand them the evidence they need. Moving on, the proposal envisions that this framework is legally binding so that it improves legal certainty and clarity as compared to the existing voluntary cooperation.

The overall aim of these new rules is to make it easier and faster for the police and judicial authorities to obtain the electronic evidence they need to efficiently investigate offences. This legislative proposal wishes to modernize the way in which crimes are investigated, in response to the state of the art methods that criminals use. In fact, almost two thirds of crimes where electronic evidence is held in another country cannot be properly investigated due to the time it takes to gather the required evidence or due to the fragmented legal framework.

At the moment, law enforcement and judicial authorities cooperate to obtain electronic evidence by using mutual legal assistance procedures outside the European Union, or the European Investigation Order inside the European Union. However, said procedures are too slow for obtaining electronic evidence, and time is of the essence. Data can be exchanged in a matter of seconds, which simply puts enforcement authorities at a disadvantage if they need to wait for too long before they can access it.

The proposal includes obligations for service providers that are used for communication purposes (e.g. providers of telecommunication services and other electronic communication services, including interpersonal services). It will also apply to providers of information security services that facilitate interactions between users (e.g. online marketplaces and cloud computing services) and for providers of internet infrastructure services (e.g. registries that assign domain names and IP addresses).

The categories of data that can be obtained with a European Production Order include:

• Subscriber data, which is data that serve to identify a subscriber or customer (e.g. name, email address, billing data);
• Access data, which can analyzed in combination with other data elements in order to identify a user (e.g. log-in details, IP address etc.);
• Transactional data, which is data that relates to the provision of the service (e.g. source and destination of message, data on location of a device, date, time and protocol used etc.).

The three categories are also known as ‘non-content data’, to be distinguished from content data, which includes any stored data in a digital format (e.g. text, voice, videos, images, sound etc.).

 

What about legal safeguards?

The proposal contains strong safeguards to guarantee privacy, data protection and the right to judicial redress. For instance, the issuing of European Production or Preservation Orders will only be possible in the context of criminal proceedings. At the same time, all criminal law procedural rights will apply, including in legislation at EU level, such as the right of access to a lawyer and the right of access to the case file. At all times, the fundamental legal principles of legality, necessity and proportionality need to be honored.

Further, production orders regarding transactional or content data may only be issued for criminal offences that the issuing state punishes with a penalty of at least three years, or for specific cybercrimes and terrorism-related crimes.

Finally, the suggested framework departs from the data storage principle and does not examine where data is stored for jurisdiction purposes. Rather, if the data is needed for the criminal proceedings and relate to services of a provider that offers services in the EU, said provider needs to produce the data irrespective of where it is located. This means that a service provider that stores data of European users outside the EU, e.g. in the US, will need to provide the data to European authorities if addressed with a European Production Order. In the case of a conflicting legal obligation, the EU suggests a review mechanism that will ultimately resort to the competent national court resolving any such conflict. In any event, personal data covered by this proposal must be processed in accordance with the General Data Protection Regulation and the Police Directive.

The UK House of Commons Treasury Committee Report on Crypto Assets

By Jonathan Cardenas^[1]

On September 19, 2018, the UK House of Commons Treasury Committee (the “Committee”) published a Report on Crypto-assets (the “Report”), which provides regulatory policy recommendations for the UK Government, the UK Financial Conduct Authority (the “FCA”) and the Bank of England.^[2]   The Report forms part of the Committee’s Digital Currencies Inquiry, which was launched in February 2018 to examine the potential impact of distributed ledger-based digital currencies on the UK financial system and to prepare a balanced regulatory response from the UK Government.^[3]  This article briefly summarizes the Committee’s UK regulatory policy recommendations.

 

1. Crypto Asset Risk

The Committee’s regulatory policy recommendations are structured around a variety of risks that crypto assets pose to crypto asset investors.  These risks include: high price volatility; loss of investment due to fraud and/or third-party hacking of crypto asset exchanges; loss of access to crypto asset exchange accounts and/or digital wallets due to unrecoverable lost passwords; price manipulation due to poor market liquidity and relatively low trading volumes; potential facilitation of money laundering and terrorist financing; and, macro risk to UK financial stability.  Mindful of these risks, the Committee notes that crypto assets presently fall outside the scope of FCA regulation merely because the “transferring, buying and selling of crypto assets, including the commercial operation of crypto asset exchanges”^[4] do not meet legal definitional criteria to be considered as either a “specified investment” under the Financial Services and Markets Act 2000 (Regulated Activities) Order (the “Regulated Activities Order”), or as “funds” or “electronic money” under applicable payment services and electronic money regulation, as referenced in expert witness reports provided to the Committee.^[5]

 

1. Initial Coin Offerings

Consumer fraud in the context of initial coin offerings (“ICOs”) is a topic of special concern to the Committee.  The Committee recognizes that there is currently “little the FCA can do to protect individuals”^[6] from fraudulent ICOs as a result of a regulatory loophole that permits ICOs to escape FCA jurisdiction.  Since most ICOs do not directly promise financial returns, but rather, offer future access to a service or utility, they do not fall squarely within UK law definitions of “financial instrument,”^[7] as referenced in expert witness reports provided to the Committee, and therefore are not FCA regulated.

The Committee concurs with the view of U.S. Securities and Exchange Commission Chairman Jay Clayton that ICOs should not escape the ambit of securities regulation merely because they change the form, and not the actual substance, of a securities offering.^[8]  The Committee also concurs with the view expressed in an FCA warning that consumers should be prepared to lose their entire investment in early stage ICO projects due to the FCA’s lack of jurisdiction and consequent inability to protect consumers.^[9]  As a result, the Committee recommends that the Regulated Activities Order be updated, as a matter of urgency, in order to bring ICOs within the scope of FCA jurisdiction.

 

2. Crypto Asset Exchanges

The facilitation of money laundering and terrorist financing through crypto asset exchanges is another area of major concern addressed by the Committee.  Crypto asset exchanges are not currently required to comply with anti-money laundering (“AML”) rules under UK law because their activities are not specifically captured by the language of UK AML regulation, including, most notably, the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017.^[10]  Although current UK AML regulation does not target crypto asset exchange activity, crypto asset exchanges do fall within the scope of the European Union’s 5^th Anti-Money Laundering Directive (the “5^th AML Directive”).^[11]  As a consequence, the Committee recommends that the UK Government either (1) transpose the 5^th AML Directive into UK law prior to the UK’s planned exit from the EU, or (2) replicate relevant provisions of the 5^th AML Directive in UK law as quickly as possible.

 

1. Regulatory Implementation

The Committee proposes two ways of introducing crypto asset regulation in the UK: (1) by amendment of existing financial services regulation or, (2) by adoption of new regulation tailored specifically to crypto assets.

Amending the existing financial services regulatory framework would involve classifying crypto asset activity as a regulated activity within the Regulated Activities Order.  Doing so would enable the FCA to regulate crypto asset activities by, for example, mandating that licenses be obtained in order to carry out specified crypto activities in the UK.  This approach has previously been used in the context of peer-to-peer lending,^[12] and is regarded as the fastest way of providing the FCA with the powers needed to regulate crypto asset activities and protect UK consumers.

Adopting a new regulatory framework separate from pre-existing financial services rules would allow for a more flexible and tailored approach to crypto asset regulation, but would also require substantially more time to formulate and finalize.

Given the rapid growth of crypto asset markets and the expanding set of risks faced by UK consumers, the Committee recommends that the UK Government regulate crypto asset activities by expanding the scope of the Regulated Activities Order, rather than by adopting a separate body of rules.  The Committee also recommends that the UK Government examine the exact type of crypto asset “activity” that would be included in an amended Regulated Activities Order, as well as the ramifications of doing so.

The Committee notes that although the global regulatory response to crypto assets is in early stages, the UK is in a position to learn from the experience of other jurisdictions given the fact that the UK has not yet introduced any specific type of crypto asset regulation.  As a result, the Committee encourages UK regulators to engage with their international counterparts in order to ensure that best practices are applied in the UK.

[1] Disclaimer: The views and opinions expressed in this article are those of the author alone.  The material in this article has been prepared for informational purposes only and is not intended to serve as legal advice.

[2] UK House of Commons Treasury Committee, Crypto-assets, Twenty-Second Report of Session 2017-19, 19 September 2018. Available at: https://publications.parliament.uk/pa/cm201719/cmselect/cmtreasy/910/910.pdf.

[3] UK House of Commons Treasury Committee, Digital Currencies inquiry: Scope of the inquiry, 2017.  Available at: https://www.parliament.uk/business/committees/committees-a-z/commons-select/treasury-committee/inquiries1/parliament-2017/digital-currencies-17-19/.

[4] UK House of Commons Treasury Committee, Evidence – Financial Conduct Authority (DGC0028): Financial Conduct Authority’s written submission on digital currencies, April 2018.  Available at: http://data.parliament.uk/writtenevidence/committeeevidence.svc/evidencedocument/treasury-committee/digital-currencies/written/81677.pdf.

[5] UK House of Commons Treasury Committee, Evidence – Financial Conduct Authority (DGC0028): Financial Conduct Authority’s written submission on digital currencies, April 2018.

[6] UK House of Commons Treasury Committee, Crypto-assets, 19 September 2018, at para 87.

[7] UK House of Commons Treasury Committee, Oral evidence: Digital Currencies, Statement of David Geale, Q 193, HC 910, 4 July 2018. Available at: http://data.parliament.uk/writtenevidence/committeeevidence.svc/evidencedocument/treasury-committee/digital-currencies/oral/86572.html.

[8] U.S. Securities and Exchange Commission, Statement on Cryptocurrencies and Initial Coin Offerings, December 11, 2017. Available at: https://www.sec.gov/news/public-statement/statement-clayton-2017-12-11.

[9] Financial Conduct Authority, Consumer warning about the risks of Initial Coin Offerings (‘ICOs’), 9 December 2017. Available at: https://www.fca.org.uk/news/statements/initial-coin-offerings.

[10] The Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (S.I. 2017/692), 26 June 2017. Available at: http://www.legislation.gov.uk/uksi/2017/692/made.

[11] Directive (EU) 2018/843 of the European Parliament and of the Council of 30 May 2018 amending Directive (EU) 2015/849 on the prevention of the use of the financial system for the purposes of money laundering or terrorist financing, and amending Directives 2009/138/EC and 2013/36/EU, OJ L 156, 19.6.2018, p. 43–74. Available at: https://eur-lex.europa.eu/legal-content/en/TXT/?uri=CELEX%3A32018L0843.

[12] See Financial Conduct Authority, The FCA’s regulatory approach to crowdfunding (and similar activities), Consultation Paper 13/13, October 2013. Available at: https://www.fca.org.uk/publication/consultation/cp13-13.pdf.

The European Data Protection Board starts its operations

By Nikolaos Theodorakis

The European Data Protection Board (EDPB) started its operations the same date the General Data Protection Regulation (GDPR) entered into force, 25 May 2018. The GDPR creates a harmonized set of rules applicable to all personal data processing taking place in the EU. The GDPR established the EDPB so that it contributes to the consistent application of data protection rules throughout the European Union, and promote cooperation between the EU’s data protection authorities.

The EDPB is the transformation of the Article 29 Working Party, under the previous legal regime. The EDPB is composed of representatives of the national data protection authorities and the European Data Protection Supervisor (EDPS). The EDPB also comprises a secretariat provided by the EDPS and working under the instructions of the EDPB. The secretariat will have an important role in administering the One-Stop-Shop and the consistency mechanism, as explained below. The European Commission has the right to participate in the activities and meetings of the Board, without however having a voting right.

 

Objectives

The EDPB aims to ensure the consistent application of the GDPR and of the European Law Enforcement Directive. In doing so, the EDPB is expected to adopt general guidance to clarify the terms of European data protection laws and provide a consistent interpretation regarding their options and obligations. It can also make binding decisions towards national supervisory authorities to ensure a consistent application of the GDPR.

In brief, the EDPB:

• Provides general guidance (e.g. guidelines and recommendations) to clarify the law;
• Advises the European Commission on personal data issues and proposed legislation;
• Adopts consistency findings for cross-border data protection issues; and
• Promotes cooperation and the effective exchange of information and best practice between national supervisory authorities.

The EDPB’s principles are independence and impartiality, good governance, collegiality, cooperation, transparency, efficiency, and proactivity.

 

Program and future actions

The EDPB acknowledged the continuity of its predecessor, the Article 29 Working Party, and endorsed a series of important guidelines on the first day of operations:

• the guidelines on consent;
• the guidelines on transparency;
• the automated individual decision-making and profiling Guidelines on Automated individual decision-making and Profiling for the purposes of the GDPR;
• the personal data breach notification guidelines on personal data breach notification under the GDPR;
• the right to data portability guidelines;
• the data protection impact assessment guidelines determining whether processing is “likely to result in a high risk”;
• the Data Protection Officers guidelines;
• the Lead Supervisory Authority guidelines;
• the paper on the derogations from the obligation to maintain records of processing activities;
• the working document for the approval of “Binding Corporate Rules” for controllers and processors;
• the recommendation on the standard application for approval of Controller and Processor Binding Corporate Rules, and the elements and principles to be found in said Rules; and
• the guidelines on the application and setting of administrative fines for the purposes of the GDPR.

 

Moving forward, it is expected that the EDPB will issue guidance for a number of important privacy related issues, like the data portability right, Data Protection Impact Assessments, certifications, the extraterritorial applicability of the GDPR and the role of Data Protection Officers. In doing so, the EDPB plans to regularly consult business representatives and civil society representatives regarding their views on how to implement the GDPR.

 

One-Stop-Shop and Consistency Mechanism

Apart from the guidelines and binding decisions, the EDPB will be instrumental in assisting with the One-Stop-Shop mechanism and the consistency mechanism. The One-Stop-Shop relates to designating a lead Data Protection Authority to resolve data protection issues involving more than one EU Member State. This innovative GDPR framework will allow for better cooperation for processing activities that span across different states.

The EDPB consistency mechanism is a reference to Article 63 of the GDPR, a mechanism through which DPAs cooperate to contribute to the consistent application of the GDPR. The GDPR makes several references to this mechanism and it is expected that it will be an important issue for the EDPB to regulate and interpret. In essence, the EDPB should ensure that where a national data protection authority decision affects a large number of individuals in several EU member states, there is prior collaboration and consistency in the interpretation and application of said decision. This is in line with the EU’s digital single market agenda that tries to bring consistent application of EU laws throughout the single market.

 

A true transformation?

It is too early to tell whether the EDPB will prove to be a transformed body, or whether it is a rebranded version of the Article 29 Working Party. Even though it seems that the WP29 subgroups will continue their work as usual, the action plan indicates that the EDPB will undergo significant changes and that it aspires to be in the epicenter of data protection developments in the European Union. The first indications demonstrate that the EDPB wants to become a prominent body through administrative restructuring and a more clear communication strategy. The GDPR enforcement brought data protection in the spotlight, and the EDPB will certainly have a chance, if it so desires, to prove that it is larger, more influential, and more important body than its predecessor.

Regulation of Taxi Apps: Two Judgements and Bad News for Uber

By Martin Miernicki

On 20 December 2017, the Court of Justice of the European Union (CJEU) handed down its decision in Asociación Profesional Élite Taxi v. Uber Systems Spain SL (C-434/15), holding that Uber’s services, in principle, constitute transportation services and thus remain regulated by national legislation. On 10 April 2018, the court essentially confirmed this ruling in Uber France SAS v. Nabil Bensalem (C-320/16).

 

Background of the cases

Both cases centered on the legal classification of the services provided by Uber under EU law. In the first case, the Asociación Profesional Elite Taxi – a professional taxi drivers‘ association – brought action against Uber before the national (Spanish) court, stating that the company infringed the local rules on the provision of taxi services as well as the laws on unfair competition. The national court observed that neither Uber nor the non-professional drivers had the licenses and authorizations required by national law; however, it was unsure whether the services provided by Uber qualified as “information society services” within the meaning of article 2(a) of Directive 2000/31/EC (E-Commerce Directive) or rather as a “service in the field of transport”, thereby being excluded from said directive as well as the scope of article 56 TFEU and article 2(2)(d) of Directive 2006/123/EC (Services Directive). The second case revolved around a similar question against the background of a private prosecution and civil action brought by an individual against Uber under French law.

 

Decisions of the court

The CJEU considered Uber’s service overall and not merely its single components, characterizing Uber’s business model as providing, “by means of a smartphone application, […] the paid service consisting of connecting non-professional drivers using their own vehicle with persons who wish to make urban journeys, without holding any administrative licence or authorisation.” (C-434/15, para 2). The CJEU held that Uber offered not a mere intermediation service which – as inherently linked to smartphones and the internet – could, seen in isolation, constitute an information society service. Rather, Uber provides an integral part of an overall service “whose main component is a transport service”. Thus, Uber’s services qualified as “services in the field of transport”, thereby rendering the E-Commerce Directive, the Services Directive and Art 56 TFEU inapplicable. Relying heavily on these findings, the court reached a similar conclusion in the subsequent case and essentially confirmed its prior ruling.

 

Meaning of the decisions and implications

The judgements are a setback for Uber and services alike, because – both being qualified as transportation services – they cannot rely on the safeguards and guarantees provided for by EU law (especially the freedom to provide services). On the contrary, the CJEU confirmed that transport services remain a field which is still largely in the member states’ domain. This is especially challenging for companies which, like Uber, specialize in a field where the regulatory requirements differ widely, also within the borders of one single member state. It should, however, be noted that the court gave its opinion on the service as described above; one might reach a different conclusion should Uber adapt or restructure its business model.

The dispute in the Uber cases can be seen in the larger context of “sharing economy” business models. Another example for a company active in this field would be Airbnb, for instance. European policy makers are aware of this emerging sector and have launched several initiatives to tackle the issue at the EU level. Among these are the Communication from the Commission on a European agenda for the collaborative economy (COM(2016) 356 final) and the European Parliament resolution of 15 June 2017 on a European Agenda for the  collaborative economy (2017/2003(INI)).

The European Commission’s FinTech Action Plan and Proposed Regulation on Crowdfunding

By Jonathan Cardenas

On 8 March 2018, the European Commission (“Commission”) introduced its FinTech Action Plan, a policy proposal designed to augment the international competitiveness of the European Single Market in the financial services sector.^[1]  Together with the FinTech Action Plan, the Commission introduced a proposal for a regulation on European crowdfunding services providers (“Proposed Regulation on Crowdfunding”).^[2]  Both of these proposals form part of a broader package of measures designed to deepen and complete the European Capital Markets Union by 2019.^[3]  This article briefly summarizes both the FinTech Action Plan and the Proposed Regulation on Crowdfunding.

 

1. FinTech Action Plan

With the goal of turning the European Union (“EU”) into a “global hub for FinTech,”^[4] the FinTech Action Plan introduces measures that build upon several of the Commission’s prior initiatives, including the regulatory modernization objectives set forth by the Commission’s internal Task Force on Financial Technology,^[5] the capital market integration objectives identified in the Commission’s Capital Markets Union Action Plan,^[6] and the digital market integration objectives identified in the Commission’s Digital Single Market Strategy.^[7]  Responding to calls from the European Parliament^[8] and European Council^[9] for a proportional, future-oriented regulatory framework that balances competition and innovation while preserving financial stability and investor protection, and also drawing upon the conclusions of the March–June 2017 Public Consultation on FinTech,^[10] the FinTech Action Plan consists of a “targeted,”^[11] three-pronged strategy, that sets out 19 steps^[12] to enable the EU economy to cautiously embrace the digital transformation of the financial services sector.

• “Enabling Innovative Business Models to Reach EU Scale”

The first prong of the FinTech Action Plan is focused on measures that will enable EU-based FinTech companies to access and scale across the entire Single Market.

Recognizing the need for regulatory harmonization, the Commission calls for uniformity in financial service provider licensing requirements across the EU to avoid conflicting national rules that hamper the development of a single European market in emerging financial services, such as crowdfunding (Step 1).  With crowdfunding specifically in mind, the Commission has proposed a regulation on European crowdfunding service providers (“ECSPs”), which, as discussed in further detail below, would create a pan-European passport regime for ECSPs that want to operate and scale across EU Member State borders.  In addition, the Commission invites the European Supervisory Authorities (“ESAs”) to outline differences in FinTech licensing requirements across the EU, particularly with regard to how Member State regulatory authorities apply EU proportionality and flexibility principles in the context of national financial services legislation (Step 2).  The Commission encourages the ESAs to present Member State financial regulators with recommendations as to how national rules can converge.  The Commission also encourages the ESAs to present the Commission with recommendations as to whether there is a need for EU-level financial services legislation in this context.  Moreover, the Commission will continue to monitor developments in the cryptocurrency asset and initial coin offering (“ICO”) space in conjunction with the ESAs, the European Central Bank, the Financial Stability Board and other international standard setters in order to determine whether EU-level regulatory measures are needed (Step 3).

Recognizing the importance of common standards for the development of an EU-wide FinTech market, the Commission is focused on developing standards that will enhance interoperability between FinTech market player systems.  The Commission plans to work with the European Committee for Standardization and the International Organization for Standardization to develop coordinated approaches on FinTech standards by Q4 2018, particularly in relation to blockchain technology (Step 4).  In addition, the Commission will support industry-led efforts to develop global standards for application programming interfaces by mid-2019 that are compliant with the EU Payment Services Directive and EU General Data Protection Regulation (Step 5).

In order to facilitate the emergence of FinTech companies across the EU, the Commission encourages the development of innovation hubs (institutional arrangements in which market players engage with regulators to share information on market developments and regulatory requirements)^[13] and regulatory sandboxes (controlled spaces in which financial institutions and non-financial firms can test new FinTech concepts with the support of a government authority for a limited period of time),^[14] collectively referred to by the Commission as “FinTech facilitators.”^[15]  The Commission specifically encourages the ESAs to identify best practices for innovation hubs and regulatory sandboxes by Q4 2018 (Step 6).  The Commission invites the ESAs and Member States to take initiatives to facilitate innovation based on these best practices, and in particular, to promote the establishment of innovation hubs in all Member States (Step 7).  Based upon the work of the ESAs, the Commission will present a report with best practices for regulatory sandboxes by Q1 2019 (Step 8).

• “Supporting the Uptake of Technological Innovation in the Financial Sector”

The second prong of the FinTech Action Plan is focused on measures that will facilitate the adoption of FinTech across the EU financial services industry.

The Commission begins the second prong by indicating that its policy approach to FinTech is guided by the principle of “technology neutrality,” an EU regulatory principle that requires national regulators to ensure that national regulation “neither imposes nor discriminates in favour of the use of a particular type of technology.”^[16]  In this regard, the Commission plans to setup an expert group to assess, by Q2 2019, the extent to which the current EU regulatory framework for financial services is neutral toward artificial intelligence and distributed ledger technology, particularly in relation to jurisdictional questions surrounding blockchain-based applications, the validity and enforceability of smart contracts, and the legal status of ICOs (Step 9).

In addition to ensuring that EU financial regulation is fit for artificial intelligence and blockchain, the Commission also intends to remove obstacles that limit the use of cloud computing services across the EU financial services industry.  In this regard, the Commission invites the ESAs to produce, by Q1 2019, formal guidelines that clarify the expectations of financial supervisory authorities with respect to the outsourcing of data by financial institutions to cloud service providers (Step 10).  The Commission also invites cloud service providers, cloud services users and regulatory authorities to collaboratively develop self-regulatory codes of conduct that will eliminate data localization restrictions, and in turn, enable financial institutions to port their data and applications when switching between cloud services providers (Step 11).  In addition, the Commission will facilitate the development of standard contractual clauses for cloud outsourcing by financial institutions, particularly with regard to audit and reporting requirements (Step 12).

Recognizing that blockchain and distributed ledger technology will “likely lead to a major breakthrough that will transform the way information or assets are exchanged,”^[17] the Commission plans to hold additional public consultations in Q2 2018 on the possible implementation of the European Financial Transparency Gateway, a pilot project that uses distributed ledger technology to record information about companies listed on EU securities markets (Step 13).  In addition, the Commission plans to continue to develop a comprehensive, cross-sector strategy toward blockchain and distributed ledger technology that enables the introduction of FinTech and RegTech applications across the EU (Step 14).  In conjunction with both the EU Blockchain Observatory and Forum, and the European Standardization Organizations, the Commission will continue to support interoperability and standardization efforts, and will continue to evaluate blockchain applications in the context of the Commission’s Next Generation Internet Initiative (Step 15).

Recognizing that regulatory uncertainty and fragmentation prevents the European financial services industry from taking up new technology, the Commission will also establish an EU FinTech Lab in Q2 2018 to enable EU and national regulators to engage in regulatory discussions and training sessions with select technology providers in a neutral, non-commercial space (Step 16).

• “Enhancing Security and Integrity of the Financial Sector”

The third prong of the FinTech Action Plan is focused on financial services industry cybersecurity.

Recognizing the cross-border nature of cybersecurity threats and the need to make the EU financial services industry cyberattack resilient, the Commission will organize a public-private workshop in Q2 2018 to examine regulatory obstacles that limit cyber threat information sharing between financial market participants, and to identify potential solutions to these obstacles (Step 17).  The Commission also invites the ESAs to map, by Q1 2019, existing supervisory practices related to financial services sector cybersecurity, to consider issuing guidelines geared toward supervisory convergence in cybersecurity risk management, and if necessary, to provide the Commission with technical advice on the need for EU regulatory reform (Step 18).  The Commission also invites the ESAs to evaluate, by Q4 2018, the costs and benefits of developing an EU-coordinated cyber resilience testing framework for the entire EU financial sector (Step 19).

 

1. Proposed Regulation on Crowdfunding

In line with the Commission’s Capital Markets Union objective of broadening access to finance for start-up companies,^[18] the Proposed Regulation on Crowdfunding is aimed at facilitating crowdfunding activity across the Single Market.  The proposed regulation plans to enable investment-based and lending-based ECSPs to scale across Member State borders by creating a pan-European crowdfunding passport regime under which qualifying ECSPs can provide crowdfunding services across the EU without the need to obtain individual authorization from each Member State.  The proposed regulation also seeks to minimize investor risk exposure by setting forth organizational and operational requirements, which include, among others, prudent risk management and adequate information disclosure.

[1] COM (2018) 109/2 – FinTech Action plan: For a more competitive and innovative European financial sector. Available at: https://ec.europa.eu/info/sites/info/files/180308-action-plan-fintech_en.pdf.

[2] COM (2018) 113 – Proposal for a regulation on European Crowdfunding Service Providers (ECSP) for Business. Available at: https://ec.europa.eu/info/law/better-regulation/initiative/181605/attachment/090166e5b9160b13_en.

[3] COM (2018) 114 final – Completing the Capital Markets Union by 2019 – time to accelerate delivery. Available at: http://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:52018DC0114&from=EN.

[4] European Commission Press Release, “FinTech: Commission Takes Action For a More Competitive and Innovative Financial Market,” 8 March 2018. Available at: https://ec.europa.eu/info/sites/info/files/180308-action-plan-fintech_en.pdf.

[5] European Commission Banking and Finance Newsletter, Task Force on Financial Technology, 28 March 2017. Available at: http://ec.europa.eu/newsroom/fisma/item-detail.cfm?item_id=56443&utm_source=fisma_newsroom&utm_medium=Website&utm_campaign=fisma&utm_content=Task%20Force%20on%20Financial%20Technology&lang=en.  See also European Commission Announcement, Vice President’s speech at the conference #FINTECHEU “Is EU regulation fit for new financial technologies?,” 23 March 2017.  Available at: https://ec.europa.eu/commission/commissioners/2014-2019/dombrovskis/announcements/vice-presidents-speech-conference-fintecheu-eu-regulation-fit-new-financial-technologies_en.  See also European Commission Blog Post, “European Commission sets up an internal Task Force on Financial Technology,” 14 November 2016.  Available at: https://ec.europa.eu/digital-single-market/en/blog/european-commission-sets-internal-task-force-financial-technology.

[6] COM/2015/0468 final – Action Plan on Building a Capital Markets Union.  Available at : http://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:52015DC0468&from=EN.

[7] COM(2015) 192 final – A Digital Single Market Strategy for Europe, 6 May 2015.  Available at: http://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:52015DC0192&from=EN.  See also COM (2017) 228 final – Mid-Term review on the implementation of the Digital Single Market Strategy: A Connected Digital Single Market for All, 10 May 2017.  Available at: http://eur-lex.europa.eu/resource.html?uri=cellar:a4215207-362b-11e7-a08e-01aa75ed71a1.0001.02/DOC_1&format=PDF.

[8] European Parliament Committee on Economic and Monetary Affairs, Report on FinTech: the influence of technology on the future of the financial sector, Rapporteur: Cora van Nieuwenhuizen, 2016/2243(INI), 28 April 2017.  Available at: http://www.europarl.europa.eu/sides/getDoc.do?pubRef=-//EP//NONSGML+REPORT+A8-2017-0176+0+DOC+PDF+V0//EN.

[9] EUCO 14/17, CO EUR 17, CONCL 5, European Council Meeting Conclusions, 19 October 2017. Available at:  http://www.consilium.europa.eu/media/21620/19-euco-final-conclusions-en.pdf.

[10] European Commission Directorate-General for Financial Stability, Financial Services and Capital Markets Union, “Summary of contributions to the ‘Public Consultation on FinTech: a more competitive and innovative European financial sector,’” 2017.  Available at: https://ec.europa.eu/info/sites/info/files/2017-fintech-summary-of-responses_en.pdf.

[11] FinTech Action Plan.

[12] European Commission Press Release, “FinTech: Commission Takes Action For a More Competitive and Innovative Financial Market,” 8 March 2018. Available at: https://ec.europa.eu/info/sites/info/files/180308-action-plan-fintech_en.pdf.

[13] EBA/DP/2017/02 – Discussion Paper on the EBA’s approach to financial technology (FinTech), 4 August 2017. Available at: https://www.eba.europa.eu/documents/10180/1919160/EBA+Discussion+Paper+on+Fintech+%28EBA-DP-2017-02%29.pdf.

[14] Id.

[15] FinTech Action Plan, p. 8.

[16] Directive 2002/21 on a common regulatory framework for electronic communications networks and services (Framework Directive) [2002] OJ L108/33.  Available at: https://eur-lex.europa.eu/legal-content/en/ALL/?uri=CELEX%3A32002L0021.

[17] FinTech Action Plan, p. 12.

[18] Capital Markets Union Action Plan.

European Commission Working on Ethical Standards for Artificial Intelligence (AI)

By Paul Opitz

In the prominent areas of self-driving cars and Lethal Autonomous Weapons Systems, the development of autonomous systems has already led to important ethical debates.^[1] On 9 March 2018 the European Commission published a press release in which it announced to set up a group of experts for developing guidelines on AI ethics, building on a statement by the European Group on Ethics in Science and New Technologies.

 

Call for a wide and open discussion

The Commission emphasizes the possible major benefits from artificial intelligence, ranging from better healthcare to more sustainable farming and safer transport. However, since there are also many increasingly urgent moral questions related to the impact of AI on the future of work and legislation, the Commission calls for a “wide, open and inclusive discussion” on how to benefit from artificial intelligence, while also respecting ethical principles.^[2]

 

Tasks of the expert group

The expert group will be set up by May and tasked to:

• advise the Commission on building a diverse group of stakeholders for a “European AI Alliance”
• support the implementation of a European initiative on artificial intelligence
• draft guidelines for the ethical development and the use of artificial intelligence based on the EU´s fundamental rights, considering, inter alia, issues of fairness, safety, transparency, and the future of work.^[3]

 

Background

The goal of ensuring ethical standards in AI and robotics was recently set out in the Joint Declaration on the EU´s legislative priorities for 2018-2019. Furthermore, the guidelines on AI ethics will build on the Statement on Artificial Intelligence, Robotics and Autonomous Systems by the European Group on Ethics in Science and New Technologies (EGE) from 9 March 2018. This statement summarizes relevant developments in the area of technology, identifying a range of essential moral questions.

Moral issues

Safety, security, and the prevention of harm are of upmost importance.^[4] In addition, the EGE poses the question of human moral responsibility. How can moral responsibility be apportioned, and could it possibly be “shared” between humans and machines?^[5]

On a more general level, questions about governance, regulation, design, and certification occupy lawmakers in order to serve the welfare of individuals and society.^[6] Finally, there are questions regarding the transparency of autonomous systems and their effective value to society.

Key considerations

The statement explicitly emphasizes that the term “autonomy” stems from the field of philosophy and refers to the ability of human persons to legislate for themselves, the freedom to choose rules and laws for themselves to follow. Although the terminology is widely applied to machines, its original sense is an important aspect of human dignity and should therefore not be relativised. No smart machine ought to be accorded the moral standing of the human person or inherit human dignity.^[7]

In this sense, moral debates must be held in broad ways, so that narrow constructs of ethical problems do not oversimplify the underlying questions.^[8] In discussions concerning self-driving cars, the ethical problems should not only evolve around so-called “Trolley Problem” thought experiments, in which the only possible choice is associated with the loss of human lives. More important questions include past design decisions that have led up to the moral dilemmas, the role of values in design and how to weigh values in case of a conflict.^[9]

For autonomous weapons systems, a large part of the discussion should focus on the nature and meaning of “meaningful human control” over intelligent military systems and how to implement forms of control that are morally desirable.^[10]

Shared ethical framework as a goal

As initiatives concerning ethical principles are uneven at the national level, the European Parliament calls for a range of measures to prepare for the regulation of robotics and the development of a guiding ethical framework for the design, production and use of robots.^[11]

As a first step towards ethical guidelines, the EGE defines a set of basic principles and democratic prerequisites based on fundamental values of the EU Treaties. These include, inter alia, human dignity, autonomy, responsibility, democracy, accountability, security, data protection, and sustainability.^[12]

 

Outlook

It is now up to the expert group to discuss whether the existing legal instruments are effective enough to deal with the problems discussed or which new regulatory instruments might be required on the way towards a common, internationally recognized ethical framework for the use of artificial intelligence and autonomous systems.^[13]

[1] EGE, Statement on Artificial Intelligence, Robotics and Autonomous Systems,  http://ec.europa.eu/research/ege/pdf/ege_ai_statement_2018.pdf, p. 10.

[2] European Commission, Press release from 9 March 2018, http://europa.eu/rapid/press-release_IP-18-1381_en.htm.

[3] European Commission, Press release from 9 March 2018, http://europa.eu/rapid/press-release_IP-18-1381_en.htm.

[4] EGE, Statement on Artificial Intelligence, Robotics and Autonomous Systems,  http://ec.europa.eu/research/ege/pdf/ege_ai_statement_2018.pdf, p. 8.

[5] Id., at p. 8.

[6] Id., at p. 8.

[7] Id., at p. 9.

[8] Id., at p. 10.

[9] Id., at p. 10-11.

[10] Id., at p. 11.

[11] Id., at p. 14.

[12] Id., at p. 16-19.

[13] Id., at p. 20.