| Frequently Asked Questions on The Electronic Commerce
(EC Directive) Regulations 2002 Q1. When did the Electronic
Commerce Regulations come into effect? Q2. What is the purpose of
the E-Commerce Directive? Q3. What do the Regulations cover?
Q4. What areas do the Regulations
not cover? Q5. How is an established
service provider defined in the Regulations? Q6. How are Information Society
Services defined in the Regulations? Q7. Which countries does the
Electronic Commerce Directive cover? Q8. What areas are excluded from
the scope of these Regulations? Q9. What is the “Country of
Origin” Rule? Q10.
Do the Regulations allow for any exceptions to the “Country of Origin”
rule? Q11. What
information must a person providing an information society service make
available? Q12.
What information does a service provider need to provide with regard
to sending commercial communication (e-mail)? Q13. Do the Regulations allow contracts
to be concluded by electronic means? Q14. What
information does a service provider need to give where contracts are
concluded by electronic means? Q15.
What information does the service provider need to give to service users
when they place an electronic order? Q16. What will happen to service providers
who breach these rules? Q17. How do Stop Now Orders relate to
the Regulations? Q18. What liability do Intermediary Service
Providers have? Q19.
How is “actual knowledge” specified in relation to the Regulations?
Q20. Is there a general obligation for
ISP’s to monitor information?
Back
to the E-Commerce Directive Pages
This FAQ is intended as a general guide to the Electronic Commerce (EC
Directive) Regulations 2002, it is not a substitute for detailed and
specific legal advice. Question
1.
When did the Electronic Commerce Regulations (“The Regulations”) come
into effect?
The Electronic Commerce (EC) Regulations 2002 (SI
2002 No.2013) came into force on the 21 August 2002, except for Regulation
16 on the amendment of “Stop Now Orders” which came into force on the
23 October 2002. These Regulations transpose the Electronic Commerce
Directive 2000/31/EC.
(Top)
Question 2.
What is the purpose of the E-Commerce Directive?
The purpose of the E-Commerce Directive is to ensure
the free movement of “information society services” across the European
Community (i.e. enhancing the internal market). It deals with the establishment
of service providers, commercial communications, electronic contracts,
the liability of intermediaries, codes of conduct, out-of-court dispute
settlements, court actions and cooperation between Member States.
(Top)
Question 3.
What do the Regulations cover?
The Regulations cover online services provided for
remuneration, and extend to services, which are not remunerated by those
who receive them, such as those offering on-line information or commercial
communications, or those providing search, access and retrieval of data.
(Top)
Question 4.
What areas do the Regulations not cover?
The Regulations do not apply to non-commercial interactions,
or the offline elements of online transactions e.g. the goods
or services themselves where these are not provided online or the delivery
of goods or services not provided online; the offline elements (e.g.
the conclusion of a hardcopy contract) of any transaction that commences
online (e.g. in response to an advertisement on a website) are therefore
not within their scope.
(Top)
Questions 5.
How is an established service provider defined in the Regulations?
An established service provider is defined in Regulation
2 as a “service provider who is a national of a member state or a company
or firm as mentioned in Article 48 of the Treaty and who effectively
pursues an economic activity by virtue of which he is a service provider
using a fixed establishment in a member state for an indefinite period,
but the presence and use of the technical means and technologies required
to provide the information society service do not, in themselves, constitute
an establishment of the provider; in cases where it cannot be determined
from which of a number of places of establishment a given service is
provided , that service is to be regarded as provided from the place
of establishment where the provider has the centre of his activities
relating to that service; references to a service provider being established
or to the establishment of a service provider shall be construed accordingly”.
An example of this is where a multinational company who provides services
online and whose main base is in the UK, but has some subsidiary offices
in another country, would count as being established in the UK.
(Top)
Question 6.
How are Information Society Services defined in the Regulations?
For the purposes of these Regulations “Information
Society Services” are “any service normally provided for remuneration,
at a distance, by means of electronic equipment for the processing (including
digital compression) and storage of data, and at the individual request
of a recipient of a service.
This covers a wide range of economic activities that
take place online, including selling goods online, as well as video
on demand and services consisting of the transmission of information
via a communication network, providing access to a communication network,
hosting information provided by a recipient of the service or providing
commercial communications by e-mail. However, the use of e-mail or equivalent
electronic communications (e.g. by persons acting outside their trade,
business or profession, including their use for the conclusion of contracts
between such persons) is not an information society service e.g. personal
e-mail exchanges or a website with no commercial content would not be
covered by these Regulations.
(Top)
Question 7.
Which countries does the Electronic Commerce Directive cover?
All countries in the European Economic Area (i.e.
Iceland. Liechtenstein and Norway, as well as the European Community
members comprising of Austria, Belgium, Denmark, Finland, France, Germany,
Greece, Ireland, Italy, Luxembourg, the Netherlands, Portugal, Spain,
Sweden and the United Kingdom (Gibraltar is for the purposes of the
Directive part of the Community via their own implementation, but the
Isle of Man and the Channel Islands are not).
(Top)
Question 8.
What areas are excluded from the scope of these Regulations?
The following areas are excluded from the scope of
this Regulation:
- taxation;
- any areas covered by the Data Protection Directive
and the Privacy and Electronic Communications Directive (2002/58/EC),
which concerns the processing of personal data and the protection
of privacy in the electronic communications sector.
- questions relating to agreements or practices
governed by cartel law; and
- the following activities when they are carried
out online:
o
the activities of a public notary or equivalent professions
to the extent that they involve a direct and specific connection with
the exercise of public authority;
o
the representation of a client and defence of his interests
before the courts; and
o
betting, gaming or lotteries which involves wagering a
stake with monetary value.
(Top)
Question 9.
What is the “Country of Origin” Rule?
The Directive broadly follows a “country of origin”
approach to regulation where services are provided across borders within
the EEA – the principle, subject to some exclusions and qualifications,
is that an online service provider is subject to the law that applies
in the country where they are based, rather than where their customers
are.
The effect of regulation 4(1) is that information
society services provided to a person in the UK or in another Member
State by a service provider from an establishment in the UK must comply
with any UK legal requirement that falls within the coordinated field.
The coordinated field means requirements applicable to information society
services or the providers of those services, whether those requirements
are general in nature or specifically designed for services or providers.
It covers requirements with which services providers have to comply
in respect of the taking up of the activity of an information society
service (e.g. requirements concerning qualifications of service providers)
and the pursuit of the activity of an information society service (e.g.
requirements concerning the behaviour of service providers).
Regulation 4(2) provides that the enforcement authorities
are responsible for ensuring compliance with requirements of UK law.
The effect of this is to shift the responsibility for enforcement. UK
enforcement authorities will regulate information society services provided
from the UK, wherever in the EEA they are delivered. Similarly, information
society services provided from elsewhere in the EEA shall be regulated
by the enforcement authorities in those Member States. This is the effect
of regulation 4(3), which provides that, subject to certain exceptions
(discussed in relation to Question 10 below), any requirements shall
not be applied to the provision of an information society service from
an EEA state other than the UK for reasons falling within the coordinated
field where the application of that requirement would restrict the freedom
to provide information society services to a person in the UK.
(Top)
Question 10. Do
the Regulations allow for any exceptions to the “Country of Origin”
rule?
Enforcement authorities may take measures, and courts
may apply UK law, that restrict the provision of a given information
society service into the UK from elsewhere in the EEA on a case-by-case
basis and under certain circumstances.
First, the restriction must be proportionate (i.e.
it must go no further than is necessary to achieve the desired result).
Second, the restriction must be necessary for one
of the following reasons:
- public policy, in particular the prevention,
investigation, detection and prosecution of criminal offences, including
the protection of minors and the fight against any incitement to hatred
on grounds of race, sex, religion or nationality, and violations of
human dignity concerning individual persons;
- the protection of public health;
- public security, including the safeguarding of
national security and defence; or
- the protection of consumers, including investors.
Third, the information society service in question
must prejudice or present a serious and grave risk of prejudice to at
least one of the objectives given above.
Fourth, where an enforcement authority is acting,
it must have:
- asked the Member State in which the service provider
is established to take measures within the stated deadline, and if
the Member State did not do so, or the measures taken were inadequate,
then;
- notify the European Commission (via UKREP) and
the Member State in which the service provider is established of its
intentions to take appropriate enforcement action.
Finally, in cases of urgent threats to the interests
of public policy, public security, public health or the protection of
consumers, an enforcement authority may take measures in respect of
an information society service without first asking the Member State
of establishment to act and notifying the Commission; but where such
urgent action is taken, the Member State and the Commission must be
notified of the measures taken as soon as possible, and the reasons
for urgent action must be fully explained.
(Top)
Question 11.
What information must a person providing an information society service
make available?
A person who provides an information society service
must provide the following information to the recipient of that service,
and to any relevant enforcement authority, in a form and manner that
is easily, directly and permanently accessible, the following information:
Ø
the name of the service provider;
Ø
the geographic address at which the
service provided is established. (This not necessarily his principal
or registered office, nor the usual address that he cites for the purpose
of sending communications. Rather, it is the address that derives from
the definition of “established service provider” and so indicates the
Member State whose laws will, in general, apply to the provision of
the service in question);
Ø
the details of the service provider,
including his e-mail address;
Ø
where the service provider is registered
in a trade or similar register available to the public, details of the
register in which the service provider is entered and his registration
number, or equivalent means of identification in that register
Ø
where the provision of the service is subject to an authorisation
scheme, the particulars of the relevant supervisory authority. The schemes
in question are those relevant to the information society service in
question, not to any subsequent offline transaction;
Ø
where the service provider exercises a regulated profession
–
i). the details of any professional body or similar
institution with which he or she is registered;
ii). his or her professional title and the Member
State where that title has been granted; and
iii). a reference to the professional rules applicable
and a way that the service user can access them (for example, a link
to the professional body’s website); and
Ø
where the service provider undertakes an activity that
is subject to VAT, the identification number referred to in Article
22(1) of the sixth VAT Directive 77/388/EEC of 17 May 1977 needs to
be shown on the website.
(Top)
Question 12.
What information does a service provider need to provide with regard
to sending commercial communication (e-mail)?
A service provider must ensure that
a commercial communication provided by him and which constitutes or
forms part of an information society service (e.g. an advertising e-mail)
must:
a)
be clearly identifiable as a commercial communication;
b)
clearly identify the person on whose behalf the commercial communication
is made;
c)
clearly identify as such any promotional offer (including any
discount, premium or gift) and ensure that any conditions that must
be met to qualify for it must be easily accessible, and presented clearly,
and unambiguously; and
d)
clearly identify as such any promotional competition or
game and ensure that any conditions for participation are easily accessible
and presented clearly and unambiguously.
(Top)
Question 13.
Do the Regulations allow contracts to be concluded by electronic means?
The Government believes that the great majority of
relevant statutory references (e.g. to requirements for writing or signature)
are already capable of being fulfilled by electronic communications
where the context in which they appear does not indicate to the contrary.
Where existing legal requirements applicable to the
contractual process do create obstacles for the use of the electronic
contracts or result un such contracts being deprived of legal effectiveness
and validity on account of their having been made by electronic means,
the Government will propose necessary amendments on case-by-case basis.
(Top)
Question 14.
What information does a service provider need to give where contracts
are concluded by electronic means?
Regulation 9(1) provides that, where a contract is
to be concluded by electronic means and unless parties who are not consumers
have agreed otherwise, a service provider must, prior to an order being
placed by the recipient of a service, provide to that recipient in a
clear, comprehensible and unambiguous manner the following information:
a)
the different technical steps to follow to conclude the contract,
so that recipients are made aware of what the process will involve and
the point at which they will commit themselves;
b)
whether or not the concluded contract will be filed by the service
provider and whether it will be accessible. “Filing” is a legal concept
in other Member States that would apply in the UK only where contracts
are made with service providers established in those Member States;
c)
the technical means for identifying and correcting input
errors prior to the placing of the order; and
d)
the languages offered for the conclusion of the contract.
These requirements do not apply where, for example,
initial contact is made via a website but, for reasons relating to the
complexity of the contract, it is actually concluded offline e.g. by
phone or by an individual exchange of e-mails rather than a standard
online purchasing mechanism.
A consumer is defined in regulation 2 as “any natural
person who is acting for purposes other than those of his trade, business
or profession”.
(Top)
Question 15.
What information does the service provider need to give to service users
when they place an electronic order?
Unless parties who are not consumers have agreed
otherwise, where the recipient of the service places his order through
technological means, service provider must:
a)
acknowledge receipt of the order to the recipient of the service
without undue delay and by electronic means; and
b)
make available to the recipient of the service appropriate, effective
and accessible technical means allowing him to identify and correct
input errors prior to the placing of the order.
(Top)
Question 16.
What will happen to service providers who breach these rules?
Depending on the nature of the breach, service providers
may face a claim for damages, or their online contract may be invalidated.
Where the breach affects the collective interest of consumers, a service
provider may also be subject to a “stop now” order by a trading standards
office or other regulator (see question 17 below).
(Top)
Question 17.
How do Stop Now Orders relate to the Regulations?
Where failure to comply with the Regulations harms
the collective interests of consumers, the service provider responsible
may face a “stop now” order under Part 8 of the Enterprise Act 2002.
This will permit the Office of Fair Trading and other named consumer-protection
bodies to apply to the courts for an enforcement order where infringement
of these Regulations by a service provider harms the collective
interests of consumers. The courts will also be able to order service
providers to publish corrective statements with a view to eliminating
the continuing effects of past infringements. Failure to comply with
an enforcement order is treated as contempt of court, punishable by
fines and/or imprisonment.
(Top)
Question 18.
What liability do Intermediary Service Providers have?
The Regulations limit the liability of service providers
who unwittingly transmit or store unlawful content provided by others
in certain circumstances. There are 3 categories of service providers
whose liability is thus limited by the Regulations; those who transmit
information (i.e. mere conduits), those who engage in “caching” information,
and those engaged in “hosting” information. You should refer to Regulations
17- 22 for a full explanation of the requirements you will have to meet
in order to fall within these limitations of liability and in case of
doubt you should seek legal advice on such issues.
(Top)
Question 19.
How is “actual knowledge” specified in relation to the Regulations?
Regulation 22 provides that in determining whether
a service provider has actual knowledge for the purposes of Regulations
18(b)(v) and 19(a)(i), a court shall take into account all matters which
appear to it in the particular circumstances to be relevant and, among
other things, shall have regard to:
a)
whether a service provider has received a notice through a means
of contact made available in accordance with Regulation 6(1)(c);
and
b)
the extent to which any notice includes:
i)
the full name and address of the sender of the notice;
ii)
details of the location of the information in question; and
iii)
details of the unlawful nature of the activity or information in question.
It is expected that the onus will be on the party
alleging that liability has arisen to demonstrate that a service provider
had actual knowledge or awareness but did not act upon it appropriately.
(Top)
Question 20.
Is there a general obligation for ISP’s to monitor information?
The Regulations do not address the imposition of
a general obligation on service providers, when providing the services
referred to in Regulations 17-19, to monitor the information that they
transmit or store or to actively seek facts or circumstances indicating
illegal activity. No such obligations exist in UK law, and their introduction
would be incompatible with the requirements of the E-Commerce Directive.
However, this does not affect the imposition of monitoring
obligations in specific cases (e.g. in compliance with a warrant issued
under Section 5(1)(a) of the Regulation of the Investigatory Powers
Act 2000 to secure the interception of a communication in the course
of its transmission by means of a telecommunication system). Existing
statutory obligations continue to apply equally online as well as offline.
(Top)
Back
to the E-Commerce Directive Pages |
