3 October 2022
- The European Commission’s Proposal for a Regulation establishing a Single Market Emergency Instrument: The EU’s new toolbox to avoid a supply crisis
- The Government of Indonesia enacts Indonesia’s long-awaited Personal Data Protection Law: Important changes ahead?
- The EU simplifies the process for the authorisation of biological plant protection products containing microorganisms
- Recently adopted EU legislation
The European Commission’s Proposal for a Regulation establishing a Single Market Emergency Instrument: The EU’s new toolbox to avoid a supply crisis
On 19 September 2022, the European Commission (hereinafter, Commission) presented its Proposal for a Regulation of the European Parliament and of the Council establishing a Single Market emergency instrument and repealing Council Regulation No (EC) 2679/98 (hereinafter, Single Market Emergency Instrument, SMEI). The proposed SMEI is intended to establish a crisis governance framework that aims at preserving the free movement of goods, services and persons, and the availability of essential goods and services, within the EU in the event of future emergencies. While the Commission has stated that the new SMEI would allow the EU to be better prepared in the event of a new crisis, EU trade associations and EU Member States have raised concerns that the new instrument could amount to an overreach by the Commission.
Lessons from the Covid-19 pandemic
In March 2020, during the early days of the Covid-19 pandemic, various EU Member States imposed intra-EU trade restrictions, including on exports of protective personal equipment, which caused considerable disruption within the internal market and irritation among EU Member States. Businesses and citizens were faced with supply disruptions, travel restrictions, and a lack of predictability of rules, which fragmented the EU internal market and disrupted the free movement of goods, services and people. Such situation caused economic costs, delays and hampered the overall EU crisis response.
In October 2020, the Council of the EU (hereinafter, Council) underlined that the EU should draw lessons from the Covid-19 pandemic and address remaining barriers and weaknesses of the Single Market during emergency situations. In response, in May 2021, the Commission published its Communication Updating the 2020 New Industrial Strategy: Building a stronger Single Market for Europe’s recovery, in which it announced a dedicated instrument to ensure the free movement of goods, services and persons, along with greater transparency and coordination amid crises. On 19 September 2022, the Commission presented its Proposal for the SMEI and European Commissioner for the Internal Market Thierry Breton stated that the SMEI would “ensure better coordination with Member States, help pre-empt and limit the impact of a potential crisis on our industry and economy and equip Europe with tools that our global partners have and that we lack”.
The proposed Single Market Emergency Instrument (SMEI)
The SMEI is intended to establish a crisis governance framework with the objective of guaranteeing the free movement of goods, services and people in times of crises, to ensure the availability of essential goods and services, and to prevent related problems. The Commission’s Proposal consists, firstly, of a Proposal for a Regulation on the SMEI and, secondly, of a set of amendments to existing sectoral product legislation. These amendments are proposed in the form of a Regulation and a Directive “as regards emergency procedures for the conformity assessment, adoption of common specifications and market surveillance due to a single market emergency”. The proposals aim at amending the harmonised rules laid down by a number of existing EU sectoral frameworks, such as for machinery equipment, fertilisers, and construction materials, which currently do not contain derogatory provisions in cases of an emergency.
In particular, the SMEI aims at establishing a comprehensive “preparedness and crisis-response architecture” composed of the following main components: 1) An advisory group; 2) A framework for contingency planning; 3) A framework for Single Market vigilance (‘vigilance mode’); and 4) A framework for Single Market emergencies (‘emergency mode’). The framework for contingency planning intends to ensure that EU Member States do not enact export restrictions amongst themselves, as they did during the first months of the Covid-19 pandemic. In particular, the SMEI aims at establishing a crisis management framework to identify different threats to the Single Market. The SMEI would not apply to medicinal products, medical devices, semiconductors, energy products and financial services, since the legislation for these sectors already contains dedicated crisis frameworks.
The SMEI would establish an Advisory Group to advise the Commission on the appropriate measures for preventing or addressing the impact of the crisis on the Single Market. The Group would be composed of one representative of each EU Member State and be chaired by the Commission. The Advisory Group can invite Members of the European Parliament, Representatives of the Economic Free Trade Area (EFTA), economic operators, stakeholder organisations, and experts as observers to its meetings. The Advisory Group could also be involved “in the activation and in determining the scope of the Single Market vigilance and emergency modes and analyse the relevant information gathered by voluntary or mandatory means, including from the economic operators”.
To address threats to the Single Market, the SMEI foresees new actions that would vary depending on the risk. In the ‘vigilance mode’, EU Member States, in cooperation with the Commission, would focus on monitoring the identified supply chains. The Commission, taking into consideration the opinion of the Advisory Group, can activate the ‘vigilance mode’ if it considers that there is a treat “of significant disruption of the supply of goods and services of strategic importance and which has the potential to escalate into a Single Market emergency within the next six months”. The Commission can activate the ‘vigilance mode’ for a maximum duration of six months by means of an Implementing Act, which must contain: 1) An assessment of the potential impact of the crisis; 2) A list of the goods and services of strategic importance concerned; and 3) The vigilance measures to be taken.
During the vigilance phase, EU Member States must monitor supply chains of strategic importance and list the ‘most relevant economic operators’ in those supply chains. Additionally, the Commission may impose certain strategic reserves on EU Member States to be established. In this regard, the SMEI provides that the Commission may identify those goods “for which it may be necessary to build a reserve in order to prepare for a Single Market emergency”. By means of an Implementing Act, the Commission may require EU Member States to provide the following information on the goods listed in the Implementing Act: “(a) the current stock in their territory; (b) any potential for further purchase; (c) any options for alternative supply; (d) further information that could ensure the availability of such goods”.
Before activating the ‘emergency mode’, the Commission would be required to assess “whether the impact of a crisis on the Single Market qualifies as a Single Market emergency”. For this, the Commission would take into account a series of factors, including “the size and importance of the disrupted sector, the geographic area affected, and the availability of substitute goods or services”. Regardless of whether or not the ‘vigilance mode’ had been previously activated, the Commission can propose to activate the ‘emergency mode’. When the Commission considers that there is a Single Market emergency, taking into consideration the opinion of the Advisory Group, it must propose to the Council to activate the ‘emergency mode’. The Council may then activate the ‘emergency mode’ by means of a Council Implementing Act, which must define the duration of the activation, not to exceed six months. If the ‘vigilance mode’ had already been activated, the ‘emergency mode’ may replace it partially or entirely. When the ‘emergency mode’ has been activated, the free movement in the Single Market would be upheld “through a blacklist of prohibited restrictions and, more generally, through reinforced and rapid scrutiny of unilateral restrictions”.
During the ‘emergency mode’, companies and business organisations may be called upon to share information about production capacities, inventories, timetables for expected production in the following three months, including regarding production facilities located in third countries, and may be required to do so if they do not cooperate voluntarily or do not provide a valid reason why they cannot cooperate. In addition, the Commission would be enabled to oblige the “most relevant economic operators” to produce “crisis-relevant goods and services” as a priority, and to recommend EU Member States to take specific measures to reorganise supply chains and production lines.
The proposed SMEI still raises important questions, such as what constitutes “goods and services of strategic importance” and “crisis-relevant goods and services”. These concepts are broadly defined in Article 3 of the SMEI, but without providing a clear idea of which goods and services might be considered to fall under these concepts. These definitions should be clarified by the Commission before the Regulation enters into force. Arguably, measures, such as sharing company-sensitive information, reorganising supply chains and production lines, and prioritising the production of certain goods, would have to be well justified in order to be considered legally and economically proportionate.
Hesitation and concerns among business associations and EU Member States
The proposed SMEI has already led to concerns among certain EU Member States and EU business associations. A group of nine EU Member States, namely Belgium, Denmark, Finland, Ireland, Malta, the Netherlands, Portugal, Slovenia, and Sweden, has requested the Commission “to stick close to its original plan of adopting an instrument that ensures the free movement of goods, services and people, with greater transparency, coordination, and fast-track decisions, based on clear definition of crises related to free movement within the European Union”. In a letter sent to the Commission prior to the publication of the Proposal, these EU Member States noted that, in the ‘call for evidence’ launched by the Commission on the initiative to obtain stakeholders’ input, the Commission was leaning towards a proposal “that is less about facilitating a well-functioning Single Market and more about steering industries in a non-crisis environment, to prepare for future unknown crises”. Certain EU Member States are reportedly indeed disappointed with the text proposed by the Commission, as it does not appear to take their previously raised concerns into consideration.
Businesses and EU trade associations have raised concerns regarding the additional obligations that would be imposed on EU businesses. For instance, Martynas Barysas, Director for Internal Market at BusinessEurope, the confederation of European Businesses, stated that the EU would risk “damaging the real capacity of businesses to respond to crises”, if companies were forced to disclose commercially sensitive information on stocks and capacity or be told what production to prioritise. Sophia Zakari, Policy Adviser of SMEunited, the association of crafts and SMEs in Europe, stated that there was not enough clarity on what exactly a crisis or exceptional circumstances would be and, therefore, called on the Commission to provide a clear definition.
Taking action
The proposals will now be discussed by the European Parliament and the Council. As the European Parliament and the Council work towards a commonly agreeable text with the Commission, businesses should engage, raising their concerns and making their voices heard.
The Government of Indonesia enacts Indonesia’s long-awaited Personal Data Protection Law: Important changes ahead?
On 20 September 2022, Indonesia’s House of Representatives officially passed Indonesia’s long-awaited Personal Data Protection Law. Indonesia is now the fifth ASEAN Member State to have specific legislation on data protection, following Singapore, Thailand, Malaysia, and the Philippines. Indonesia’s Minister of Communications and Informatics Johnny Plate noted that the adoption of the Personal Data Protection Law constitutes a milestone and is key to driving advancements in the country’s digital sector. The Law is intended to safeguard personal data and boost the management of security breaches. This is crucial and rather timely, given a number of data leaks and alleged data breaches in Indonesia in recent times. Following the entry into force of the Personal Data Protection Law, a two-year transition period will allow businesses to bring their procedures in line with the new rules.
The rationale behind Indonesia’s Personal Data Protection Law
Digital economy development is becoming extremely important for Indonesia’s economic transformation. Data from the Indonesian Internet Providers Association shows that there are now 220 million Internet users in Indonesia, compared to 175 million users prior to the Covid-19 pandemic back in 2019. The significant amount of Internet users in Indonesia led to an increase of digital payments and electronic commerce, and to the establishment of several digital banks and electronic commerce start-ups in the country. According to studies, Indonesia’s digital economy now has the highest value within ASEAN, with an estimated economic value of USD 70 billion that is forecast to grow further to USD 146 billion by 2025. Meanwhile, the value of digital payments in Indonesia is expected to amount to USD 1.2 trillion by 2025.
Despite the growing importance of the digital sector, rules governing personal data protection in Indonesia were scattered under various laws and regulations, notably those governing electronic systems, inter alia Government Regulation No. 71 Year 2019 concerning Administration of Electronic Transactions and System and Minister of Communication and Informatics Regulation No. 5 Year 2020 concerning Private Electronic System Providers. This piecemeal approach of scattered rules had exacerbated the risks for Indonesia’s public and private sectors active in the e-commerce space, as evidenced by the massive data leaks in recent years, particularly involving the websites and data systems of Government institutions. According to cybersecurity company Kaspersky, Indonesia faced over 11.8 million cyberattacks during the first quarter of 2022, including data breaches of 17 million customers of Indonesia’s State Electricity Company. The security breaches emphasised the critical need for the Personal Data Protection Law in order to regain public trust.
The key new rules
The Personal Data Protection Law is intended to be the centrepiece of Indonesia’s personal data protection regulatory framework, codifying all rules concerning personal data processing activities horizontally across all sectors, while still allowing the flexibility for each sector to tailor specific regulations according to sectoral needs. As underlined by Minister Johnny Plate, the enactment of the Personal Data Protection Law aims at ensuring “citizens’ rights in accordance with the mandate of the Republic of Indonesia’s 1945 Constitution”.
Consisting of 76 articles and 16 chapters, the Personal Data Protection Law is broad in scope, applying to individuals, businesses, and organisations that are based in Indonesia or abroad, and that manage and handle data related to products, services, and consumer behaviour. The Personal Data Protection Law concerns, inter alia, data ownership rights and data usage limitations, obligations of data processors, and the acquisition, storage, processing, and transfer of personal data. Within this context, ‘personal data’ refers to “data of individuals which can be identified separately or in combination with other information, either directly or indirectly through electronic or non-electronic systems”.
Chapter IV of the Personal Data Protection Law guarantees various rights to ‘personal data subjects’, which refers to the individuals to whom personal data is attached, including the right to obtain information on the purpose of the request and on the use of personal data, as well as to demand accountability of the party requesting the personal data, to withdraw their consent on the use of their personal data, and to receive compensation for data breaches. Indonesian data protection experts expect that the Personal Data Protection Law would “push government institutions and companies to improve their cybersecurity”.
Important novelties
The Personal Data Protection Law largely mirrors the EU’s General Data Protection Regulation (hereinafter, GDPR). For instance, similarly to the EU’s GDPR, Indonesia’s Personal Data Protection Law differentiates between the concepts of ‘data controller’ and ‘data processor’ within a data processing ecosystem. Pursuant to Article 1(4) of the Personal Data Protection Law, ‘personal data controller’ refers to “any person, public body and international organisation that acts individually or jointly in determining objectives and exercising control over personal data processing”. Article 1(5) defines ‘personal data processor’ as “any person, public body, and international organisation acting individually or jointly in processing personal data on behalf of the personal data controller”. The obligations of personal data controller and personal data processor include, most notably:
Personal data controller |
Personal data processor |
|
|
One of the most significant changes brought by the Personal Data Protection Law is the acknowledgement of legal requirements for data processing activities, in addition to the ‘consent’ of the data subject. Pursuant to Article 20 of the Personal Data Protection Law, data controllers must also: 1) Fulfil their contractual obligations with the personal data subject; and 2) Fulfil their legal duties based on the prevailing legislation. The expansion of these legal requirements is intended to reduce the possibility of irresponsible processing of personal data.
The establishment of a supervisory institution and introduction of strict sanctions
In addition to the supervisory obligations of personal data controllers and processors, Articles 58 to 61 of the Personal Data Protection Law mandate the establishment of an institution, under the authority of the President of Indonesia, to supervise the implementation of the Personal Data Protection Law, and to enforce administrative sections for violations of the Law. Detailed rules regarding this new institution will be provided by a forthcoming Government Regulation.
The Personal Data Protection Law foresees administrative and criminal sanctions for data breaches or violations of the Law. Pursuant to Article 57 thereof, administrative sanctions will take the form of a written warning, the order of a temporary cessation of personal data processing activities, the order to delete or destroy personal data, and/or administrative fines of up to 2% of the company’s annual revenues. Criminal punishments can amount to up to six years of imprisonment and/or fines up to IDR 6 billion.
New rules on cross-border data transfers
Cross-border data flows allow businesses and consumers to, inter alia, gain access to technology and services irrespective of their location. With regard to cross-border data transfers, Article 56 of the Personal Data Protection Law provides that data transfers between countries may only occur if the destination country maintains rules that are equivalent to Indonesia’s Personal Data Protection Law. Article 56 also states that the details that will cover cross-border data transfer shall be issued under a forthcoming Government Regulation.
In addition to the article on cross-border data transfers, Article 62 of the Personal Data Protection Law calls for international cooperation related to the protection of personal data with third countries or international organisations.
Implications for businesses
The adoption of the Personal Data Protection Law brings considerable changes in how domestic and foreign businesses must process personal data belonging to consumers in Indonesia, such as by requiring businesses to establish appropriate security measures to prevent data breaches. In light of these new obligations, businesses and organisations must have adequate technology at their disposal to comply with the requirements under the Personal Data Protection Law, notably by investing in new information technology (hereinafter, IT) systems and hiring qualified IT and legal professionals to ensure and monitor their compliance with the Personal Data Protection Law, which could be a particular challenge for local small and medium enterprises (SMEs).
All e-commerce and internet businesses operating in Indonesia must take the appropriate measures and ensure that they are well prepared for the implementation Personal Data Protection Law during the two years of the transitional period, so as to avoid any future sanction for non-compliance.
The EU simplifies the process for the authorisation of biological plant protection products containing microorganisms
On 31 August 2022, the European Commission (hereinafter, Commission) adopted Commission Regulation (EU) 2022/1438 amending Annex II to Regulation (EC) No 1107/2009 of the European Parliament and of the Council as regards specific criteria for the approval of active substances that are micro-organisms. Commission Regulation (EU) 2022/1438 aims at increasing the availability of and the access to biological plant protection products containing microorganisms (also called “biological pesticides”), as part of efforts to reduce the reliance on chemical pesticides under the EU’s Farm to Fork Strategy. Biological pesticides are rapidly gaining attention as a sustainable and viable environmentally-friendly alternative to chemical pesticides. However, until now, biological pesticides generally follow the same regulatory approval procedure as chemical active substances.
Implementing the European Green Deal and the Farm-to-Fork Strategy
As part of the European Green Deal, the Commission’s Farm-to-Fork Strategy highlights the need for shifting to fair, healthy, and environmentally-friendly food systems, while also stressing the importance of improving the position of farmers, who are important in managing the transition, in the value chain. Further to fostering the sustainable use of pesticides (see Trade Perspectives, Issue No. 13 of 3 July 2020), the Farm-to-Fork Strategy aims at reducing dependency on and the use of chemical plant protection products, including through facilitating the placing on the market of biological active substances such as micro-organisms. In order to reach that objective, the Farm-to-Fork Strategy notes that it is necessary to specify the approval criteria related to micro-organisms, taking into account the most up-to-date scientific and technical knowledge, which has evolved significantly in recent years. The Farm-to-Fork Strategy aims at reducing of the overall use of chemical pesticides by 50% by 2030.
Biological plant protection products - biopesticides
Biological plant protection products are active substances that are micro-organisms. Article 2(2) of Regulation (EC) No 1107/2009 of the European Parliament and of the Council of 21 October 2009 concerning the placing of plant protection products on the market and repealing Council Directives 79/117/EEC and 91/414/EEC states that this Regulation “shall apply to substances, including micro-organisms having general or specific action against harmful organisms or on plants, parts of plants or plant products, referred to as ‘active substances’”. Article 3(15) of Regulation (EC) No 1107/2009 defines ‘micro-organisms’ as “any microbiological entity, including lower fungi and viruses, cellular or non-cellular, capable of replication or of transferring genetic material”.
In more simple terms, biopesticides are “pesticides derived from naturally occurring sources, including microorganisms, plants, animals and a few minerals, that control pests by nonchemical means. Biopesticides are derived from nature, they regroup four main categories: semiochemicals (e.g pheromones), natural substances (e.g. botanicals, biochemicals), macrobials (e.g. beneficial insects) and microbial such a bacteria or viruses”.
The Commission states that, currently, more than 60 micro-organisms are approved in the EU after a scientific risk assessment confirmed that their use in plant protection products is safe. The use of such biological alternatives also plays an important role in organic farming, where farmers can use microorganisms as biological control agents.
The approval procedure and specificities of biological plant protection products
EU Member States, the European Food Safety Authority (EFSA), and the Commission evaluate every active substance for safety in terms of human health, animal health, and its impact on the environment, before it may be placed on the market and used in plant protection products. In a second regulatory step, EU Member States may authorise each plant protection product containing approved active substances for the intended use. The existing procedures and criteria for the approval of plant protection products set out in Annex II to Regulation (EC) No 1107/2009, which are used to assess whether active substances may have harmful effects on human health, animal health, or unacceptable effects on the environment, are referring to the properties of micro-organisms.
However, the Commission argues in the recitals to Commission Regulation (EU) 2022/1438 that, “since micro-organisms are living organisms, a specific approach is needed compared to chemical substances, in order to also take into account the currently available scientific knowledge that has been gathered on the biology of micro-organisms, such as on their pathogenicity and infectivity, the possible production of metabolite(s) of concern and the capacity to transfer anti-microbial resistance genes to other micro-organisms which are pathogenic and occurring in European environments, potentially affecting the effectiveness of antimicrobials used in human or veterinary medicine”.
The Commission goes on to state that the current state of scientific knowledge on micro-organisms allows for a better and more specific approach for their assessment, which is based on the biological and ecological characteristics of the respective species and, where applicable, the respective strains of micro-organisms. As this would allow for a more targeted risk assessment, the Commission notes that “such scientific knowledge should be taken into account when assessing the risks posed by active substances that are micro-organisms and plant protection products containing these substances”.
In order to better reflect the latest scientific developments and the specificities of micro-organisms, while maintaining a high level of protection of human and animal health and of the environment, Commission Regulation (EU) 2022/1438 adapts the criteria in Annex II to Regulation (EC) No 1107/2009 accordingly.
To give an example of the adaptations, Point 3.1(b) of Annex II to Regulation (EC) No 1107/2009 provides for the information to be submitted by the applicant for a plant protection product in the dossier in order to reliably predict residues in food and feed. Commission Regulation (EU) 2022/1438 states that “it is now known that residues for which an assessment is required in the case of micro-organisms are different than those for which an assessment may be required in the case of chemical active substances: the presence of micro-organisms that are non-pathogenic to humans and animals on or in edible parts of treated crops does not constitute per-se a hazard and only residues of chemical substances which are relevant for human and animal health may constitute a hazard or risk (…). For the sake of clarity, it is therefore appropriate to provide for this differentiation, so that it is possible to reliably predict relevant residues in relation to micro-organisms”.
Regarding the risks that certain microorganisms and viruses may carry, Commission Regulation (EU) 2022/1438 amending Annex II to Regulation (EC) No 1107/2009 states that “an active substance that is a micro-organism other than a virus may be considered a low-risk active substance unless its susceptibility to at least two classes of antimicrobial agents has not been demonstrated” and “an active substance that is a virus may be considered a low-risk active substance unless it is: (a) a baculovirus with demonstrated adverse effects on non-target insects; or (b) a non-virulent variant of a plant pathogen with demonstrated adverse effects on non-target plants”.
Fostering market access for micro-organisms despite industry concerns
Micro-organisms, like all other active substances used in plant protection products, can only be approved for use if they fulfil the approval criteria laid down in Regulation (EC) No 1107/2009. So far, the requirements for micro-organisms were based on principles that were very similar to those for chemical active substances. Commission Regulation (EU) 2022/1438 now follows a different approach that is based on the biological and ecological characteristics of each micro-organism and takes into account the most recent scientific knowledge. This way, the regulatory requirements for micro-organisms are made simpler and more flexible. In addition, focusing only on relevant data also means less animal testing, because fewer experiments on animals will be required. In any event, a microorganism can only be approved for use if it is proven that it does not cause disease in humans or animals.
In the consultation procedure leading to the adoption of Commission Regulation (EU) 2022/1438, CropLifeEurope, representing Europe’s crop protection industry, expressed some concerns, noting that one of the industry’s main concerns “is that EFSA and Member States may implement several provisions differently”, specifying that the industry believes that “there is a lack of appropriate and tailored guidance documents needed to ensure a consistent assessment by all MS” and that “Guidance is also needed regarding under which circumstances studies shall be done, and on the test protocols/methods, and how weight of evidence should be conducted to address some of these data requirements notably when it cannot be addressed first via an evidence based approach (literature, mode of action/biology of the microorganism, read across from the other dossier sections)”.
After Commission Regulation (EU) 2022/1438 was adopted, a representative from CropLifeEurope reportedly said that the new Regulation was “definitely a step in the right direction” to have more innovative biopesticides on the market. The representative reportedly also added that the industry believes that “it is also essential that EU regulation fosters timely approvals for all solutions, be it biopesticides or pesticides, so that farmers have a full toolbox of effective products available” to reach the objectives of the Farm to Fork Strategy.
For businesses, the amendments by Commission Regulation (EU) 2022/1438 should lead to more streamlined application dossiers, more straight forward risk assessments, and shorter timelines to secure access to the EU market for plant protection products. Commission Regulation (EU) 2022/1438 will apply from 21 November 2022.
Recently adopted EU legislation
Trade Law
Customs Law
Food Law
Ignacio Carreño, Joanna Christy, Tobias Dolle, Alya Mahira, Lisa Wijayani, Lourdes Medina Perez and Paolo R. Vergano contributed to this issue.
Follow us on twitter @FratiniVergano
To subscribe to Trade Perspectives©, please click here. To unsubscribe, please click here.
Back Download