The new public procurement Directives
In March, we reported on the new public procurement Directives adopted by the Council of the European Union in February in the most significant reform of European public procurement law since 2004. Member States have two years to implement them although the UK has indicated it intends to do so as soon as possible.
It has been argued by many, particularly small and medium-sized enterprises (SMEs) that the current European public procurement legal framework places unduly onerous requirements on bidders for public contracts. Contracting Authorities also argue that the rules are too prescriptive in terms of formal procedures and award criteria, and afford limited opportunities to produce creative solutions. In addition, a growing body of case law has further muddied the waters.
The new Directives seek to reduce bureaucracy and help SMEs. Although they do not revolutionise the current regime, they do introduce some important changes to address the criticisms and uncertainties which have become associated with public procurement in the EU. SMEs will be particularly encouraged by measures introduced to address the complexity of the regime and reduce the burden on companies applying for public contracts. Smaller businesses will be able to bid for elements of a contract where they do not have the resource or expertise to bid for the entire contract.
Data Retention and Investigatory Powers Act
The government passed emergency legislation to ensure that telecoms and internet service providers continue to collect and store communications data following the CJEU's finding that the Data Retention Directive is invalid.
The Data Retention and Investigatory Powers Act (DRIPA) allows the government to issue retention notices requiring public telecommunications operators to retain relevant communications data for up to twelve months if the Secretary of State considers the requirement is necessary and proportionate for one or more of the purposes falling within paragraphs (a) to (h) of s22(2) RIPA. The Bill is also intended to provide a clear legal framework around interception of communications following complaints that RIPA fails to do so.
It is possible that further changes may be made under the government's proposals in the Counter Terrorism and Security Bill which would, among other things, amend DRIPA to expand the types of communications data which public telecoms operators would be required to retain if subject to a notice from the Secretary of State. The new draft legislation seeks to require operators to retain "relevant internet data" as well as communications data. "Relevant internet data" is defined in the Bill as "communications data which relates to an internet access service or an internet communications service…(which) may be used to identify, or assist in identifying, which internet protocol address or other identifier, belongs to the sender or recipient of a communication (whether or not a person)". The government says this would help IP addresses to be attributed to individuals at a particular time and would include port numbers and MAC addresses of devices.
As reported in our September issue, after several years of negotiation, the EC adopted the Regulation on electronic identification and trust services for electronic transactions in the internal market (eIDAS). The eIDAS Regulation:
- lays down conditions for mutual recognition of electronic identification;
- sets out rules for trust services, in particular for electronic transactions; and
- creates a legal framework for electronic signatures, seals and time stamps, electronic documents, electronic registered delivery services and certificate services for website authentication.
The eIDAS Regulation will (mostly) apply from 1 July 2016. From that date, the e-Signature Directive (1999/93/EC) is repealed. It is worth mentioning that the Department for Business, Industry and Skills has recently published guidance on electronic signatures as the law currently stands under the e-Signature Directive.
Member States may choose to join the mutual recognition schemes of e-identification as soon as the necessary implementing acts are in place which is expected to be in the second half of 2016. The mandatory mutual recognition is expected to apply in the latter half of 2018.
EU VAT rules are changing from 1 January 2015 for businesses with EU establishments supplying "digital services" to consumers. Businesses established in the EU that supply "digital services" to consumers in other EU jurisdictions will need to charge, and account for, VAT in the jurisdiction in which their customer belongs. This represents a fundamental change from the current position. Currently, the supplier charges VAT in its own jurisdiction and applies a single rate of VAT on those supplies. The new rules are designed to ensure that digital services are taxed where they are consumed and will greatly increase the burden of VAT compliance on digital businesses operating cross-border within the EU.
"Digital services" encompasses supplies of:
- broadcasting – scheduled broadcasting of TV and radio, live streaming and webcasts but NOT on-demand downloads;
- telecommunications – landline and mobile services, internet connections supplied by ISPs; and
- e-services – services which are supplied electronically and whose provision involves little or no human intervention but is highly automated e.g. digital downloads of content (such as music, videos and e-books); services provided by online marketplaces; and automated online examination and testing (such as multiple choice testing).
The key message for affected businesses is that this change is fast approaching and businesses should take steps now to ensure compliance with the new rules. This is likely to be centred on ensuring that:
- sales platforms are equipped to collect the necessary information to enable them to accurately identify where customers belong and whether customers are business customers (for instance by requiring EU VAT registration details);
- sales platforms are able to charge the correct rate of VAT and issue appropriate invoices to customers;
- sufficient records are maintained to support VAT charging decisions;
- the terms and conditions of sale and data protection policies allow all of the above to take place;
- they comply with applicable consumer protection and data protection legislation; and
- they register for the MOSS if it would be beneficial (see below).
Businesses based outside the EU which have an EU establishment (such as a European HQ) also need to consider whether the changes apply to them. Non-EU established suppliers of "digital services" to consumers who are considering setting up a trading presence or HQ in the EU to sell "digital services" to EU consumers should note that the differing VAT rates of the various EU jurisdictions may no longer influence the decision as to where to establish their business as they will be required to account for the different VAT rates across Europe depending on where their customers are located.
The Connected Continent proposals were originally intended to harmonise various areas of communications law in the European Union, particularly in relation to regulators, spectrum allocation, roaming charges and net neutrality. The European Parliament approved a consolidated draft in April, shortly before the elections and the proposals are now being discussed in the Council. The new European Commission has highlighted the Connected Continent proposals as a priority but the Council debates indicate that the general feeling is that a lot more background work needs to be put into them.
The EC adopted the Broadband Directive to facilitate the roll-out of high speed electronic communications networks by promoting the joint use of physical infrastructure and by enabling a more efficient deployment of new infrastructure in order to reduce costs. The Directive must be implemented by Member States by 1 January 2016.