Following the overwhelming rejection of Theresa May’s Brexit deal on 15 January 2019, a quick scan of the Lexology Hub page reveals that the increasing possibility of a no-deal Brexit is a real cause for concern across most sectors. In addition to the various no-deal notices that have been issued by the UK government, at the end of December 2018 the European Commission announced that it would implement its own no-deal Contingency Action Plan in relation to citizens’ rights, financial services, data protection and trade.
Osborne Clarke provides a helpful overview of these measures and a brief summary of what ‘no deal’ would mean from a legal perspective. If the United Kingdom leaves the European Union on 29 March 2019 with no withdrawal agreement or political declaration in place, it will be treated as a third country for legal, regulatory, political and economic purposes from the moment of exit. This update considers the implications of this for various aspects of business.
Legal contracts will inevitably be affected by any type of Brexit. One precautionary step taken by the UK government has been to submit its instrument of accession to the Hague Convention on Choice of Court Agreements 2005, thereby ensuring that the United Kingdom can continue to rely on the convention in its own right after Brexit. However, Beale & Co warns that insurers should pay close attention to the instrument of accession, as it states that certain types of insurance contract will be excluded from the scope of the convention.
Continuing on the choice of governing law in contracts, Bird & Bird LLP reports that the UK government has indicated that the UK courts will continue to apply the principles set out in EU Regulations Rome I and Rome II in the event of no deal. Therefore, this position is also unlikely to change. Nevertheless, parties engaged in commercial contracts – especially those with a non-UK element – should conduct an audit to assess the effect that a no-deal Brexit may have on the enforceability of their contracts and consider whether to renegotiate or amend them in order to address the implications of Brexit specifically.
Keystone Law recommends that parties entering into new commercial contracts should consider including a Brexit clause, which sets out the actions to be taken or changes to be made in the event of a specific Brexit-related event. However, given the uncertainty surrounding any practical implications of a no-deal Brexit, this is unlikely to provide a catch-all solution. Indeed, BEAUCHAMPS warns that the most that a Brexit clause can offer is a binding requirement that the parties will attempt to renegotiate certain aspects of the contract. While it may be possible to predict certain scenarios, there is a wider danger that events will occur for which the parties have not made provision. Instead, the Contract Centre GmbH suggests that parties should consider a more generic “change in law clause”, which clearly states that any delays or costs incurred as a result of legislative change entitle the relevant party to compensation or the appropriate extension of resources.
Focusing on contracts that are already in place, Charles Russell Speechlys LLP places top priority on those that run beyond the date of departure and that cross the UK/EU border in some way. The firm warns that although some contracts appear not to do this, there may be underlying crossover elsewhere.
Transfer of goods and services
In the event of a no-deal Brexit, both the duties and formalities of Customs will come into force and the free movement of goods, services and people will be halted. As such, Peeters Advocaten recommends that parties check the following details in all of their existing contracts:
Moreover, White & Case LLP warns that there may also be implications for UK businesses trading with non-EU countries. This is because some trading relationships between the United Kingdom and third countries are governed by trade agreements entered into by the European Union. Although the UK government is seeking to establish identical or substantially similar bilateral agreements with these countries, such agreements are unlikely to be in force by the date of the United Kingdom’s withdrawal and, in practice, “there are likely to be changes in how access to preferences is obtained”.
The Financial Conduct Authority (FCA) is also working hard to ensure that the future financial system continues to work effectively, while maintaining as much of the current framework as possible. According to Hogan Lovells, the FCA is proposing only essential changes – namely, to give itself and the Prudential Regulation Authority powers that were previously reserved for EU institutions (eg, the European Banking Authority) and to narrow the geographic scope of the various regimes to the United Kingdom only. As such, the FCA Handbook is due to be amended with regard to ecommerce and distance marketing, after which the requirements will be limited to situations in which the customer is based in the United Kingdom and will no longer extend to situations in which the customer is based in another European Economic Area (EEA) state.
The FCA has also published a set of recommendations for companies preparing for Brexit. As Macfarlanes LLP reports, the FCA suggests that firms doing business in the EEA under passport consider:
In addition, Womble Bond Dickinson (UK) LLP reminds readers that once the United Kingdom has left the European Union, the UK financial services and insurance sectors will do business with the European Union as a third country. Therefore, it suggests following the lead of many UK firms and transferring EU operations to business-friendly countries such as Luxembourg, Germany and Ireland. By opening a branch or subsidiary in an EU member state, companies can use passports from that country to access the rest of the European Union:
“This is the way in which many if not most of the non-European firms have done most of their business with Europe to date: ironically, often by opening a branch or subsidiary in the UK and using that as their ‘gateway’ to Europe.”
Given the endurance of agreements that will likely continue to support the financial services and insurance sectors, the firm argues that the key concern instead should be for data protection recognition, the rights of EU workers already in the United Kingdom and visa-free travel – all of which could become high hurdles for businesses to overcome.
On 4 January 2019 Burges Salmon LLP reported that, following warnings from the UK Department for Digital, Culture, Media and Sport and the Information Commissioner’s Office (ICO), the draft Data Protection, Privacy and Electronic Communications (Amendments etc) (EU exit) Regulations 2019 had been put to Parliament, outlining the key amendments to be made to UK data protection law. Although the United Kingdom plans to bring its own, barely edited, version of the EU General Data Protection Regulation (GDPR) into national law, this will not be sufficient to maintain the free flow of personal data between the two jurisdictions in the event of a no-deal Brexit. How EEA parties should transfer personal data to the United Kingdom will become purely a matter of EU law, over which the UK government will have no influence. Moreover, the European Commission has stated that it will not start an adequacy decision procedure before the proposed exit date. As such, DLA Piper warns that while the data protection standards in the UK and EU versions of the GDPR will remain essentially the same, they are nonetheless distinct laws and therefore subject to potentially dual or overlapping regulation. Indeed, companies carrying out cross-border data processing may soon find themselves under the supervision of more than one regulatory authority, with the potential for fines from both EEA authorities and the ICO. Moreover, Bryan Cave Leighton Paisner LLP confirms that, under the No Deal Guidance, controllers that are based outside the European Union but that target UK customers (and are therefore subject to the UK GDPR) will be required to appoint a UK representative; conversely, under Article 3(2) of the EU GDPR, UK-established controllers with no presence in the European Union but which target EU customers will be required to appoint an EU representative.
Considering these complications, Gowling WLG advises companies to review their data flows, using the data maps produced as part of GDPR compliance programmes, in order to identify any exchange between the United Kingdom and the European Union and put the appropriate measures in place. Dillon Eustace reminds business owners that this may take some time and that negotiating revised contractual agreements with third parties will require significant resources. Therefore, companies should account for these delays when formulating their Brexit contingency plans. (For an in-depth breakdown of the potential effects of a no-deal Brexit on other elements of data protection, see Baker McKenzie’s “How will a no-deal Brexit impact Data Protection?”.)
Weathering the storm
With the UK Parliament due to vote on the prime minister’s ‘Plan B’ Brexit deal next week, companies should already be in the throes of reviewing their processes – particularly in relation to data protection – in order to identify and address any possible crossover with EU parties. With the clock ticking, it is essential that businesses find the time to renegotiate vulnerable contracts and put in place as many safeguards as possible; in these uncertain times, the best strategy will be to hope for the best but prepare for the worst.