REGULATION OF OFFSHORE E-COMMERCE
This section is designed to present a basic outline of regulation and legislation affecting e-commerce, and specifically offshore e-commerce, for those involved in it. The term 'e-commerce' is understood here to mean, commercial transactions taking place on the Internet.
In most respects, E-commerce transactions as such are not that different from contractual bargains in the physical world, and the existing body of national and international law and regulation continues to apply. The key issues which require new legislation are connected with signatures, security and certification on the one hand, and questions of the location of contracting parties on the other, caused by the portability of servers.
The US and the EU each in their own way are federal structures, and the balance of powers between the component states or countries on the one hand, and the central legislative body on the other, complicates the process of regulating the Internet. In particular, it slows it down, although it has to be said that the growth of e-commerce doesn't seem much trammelled by lack of new legislation.
As a generalisation, it is fair to say that most countries either have or soon will have legislated for electronic signatures and the admissibility of electronic contracts. Certification (the process by which a user can rely on the validity of an electronic document as surely as on that of a paper one) is not yet universally available in any standardised way, and it's not clear that there will be a top-down (legislated) solution rather than a range of competing bottom-up (technically viable) solutions. The security of transactions, likewise, is being achieved through operation of the market rather than through the actions of legislators.
The problems consequent on the portability of servers are not easily solved, since they frequently involve cross-border transactions. Some countries have legislated on this subject, but the initiative most likely to bear practical fruit is the OECD's working party.
From a legislative perspective, offshore e-commerce is not different from e-commerce, although the location for tax purposes of a server in an offshore jurisdiction highlights the need for clear rules about the location of the parties to an electronic contract.
More problematic is the prospect that the rich (high-tax) countries may compromise the freedom of low-tax jurisdictions through sanctions overtly designed to limit money-laundering and 'unfair' tax competition, but with a substantial hidden agenda aimed at limiting the scope of offshore e-commerce to damage on-shore tax collection. This process is in its early stages and it is not yet possible to foresee all its consequences from a legal perspective.
INTRODUCTION: THE SCOPE OF E-COMMERCE LEGISLATION AND REGULATION
Not all countries agree about the extent to which e-commerce (or offshore e-commerce) needs to be regulated. Broadly, the US legislates less, and the EU legislates more, with most other countries somewhere in between. The list given below of the legislative headings under which specific e-commerce laws or rules are being developed will therefore look much more like the EU's approach than that of the US. For a review of the legislative situation in particular countries, see National Regulation of E-commerce.
In most respects, E-commerce transactions as such are not that different from contractual bargains in the physical world, and the existing body of national and international law and regulation continues to apply. In the US and the EU in particular, there is also the question of federal (or Union) law versus state (or national) law. Whereas in the US, the states have tended to move more quickly than the federal government, in the EU it is the other way around, with a considerable body of Union law already awaiting transposition into national law.
The interplay between federal and state law in the US, representing a balance arrived at over a long period of time, is substantially upset by the arrival of e-commerce, so that federal legislation is resisted by the states and there will be many conflicts between the two before a new 'settlement' is reached. In the EU, Union law is more clearly dominant, and there is less chance for individual countries to maintain their own laws, once political agreement has been reached on a given directive (law). There still can be differences to be smoothed out: one current example of this is the spat between the French state and Yahoo over access by French citizens to 'adult' and other banned sites. The intent of EU law seems clear enough (not to blame the host for access to content which he cannot easily control) but the French don't see it that way.
Here is a list of headings under which one or more countries or regions have developed legislation applying explicitly to the Internet.
Ensuring the privacy of communications on the Internet
Ensuring the opposite, ie Governments making sure they can access or intercept Internet traffic and data when they need to
Ensuring the security of Internet communications and transactions via encryption, certification and other measures
Ensuring free or cheap access to the Internet, as in the EU (bridging the digital divide)
Ensuring the opposite, ie restricting access to the Internet, as in China
Controlling the use on the Internet of personal data collected or held by users
Controlling the pricing or provision of Internet services, for protectionist or anti-trust reasons
Establishing the level of liability of Internet intermediaries for content they carry or forward
Defining the place of establishment for companies providing services over the Internet
Establishing rules for the validity of electronic contracts and electronic signatures
Establishing rules for transparency of advertising and for advertising standards
Establishing standards and rules governing distance selling on the Internet
Establishing protection for intellectual property rights; defining rules for copyright and subsidiary rights on the Internet
Establishing procedures for dispute resolution
SUPRANATIONAL REGULATION: THE EU, THE OECD AND OTHER BODIES
The 'E-Europe' Package
Proposal for a directive on a common regulatory framework for electronic communications networks and services
The E-Europe Action Plan
There are three main EU legislative initiatives affecting e-commerce as such, plus its involvement in measures directed against 'offshore' which can impact on offshore e-commerce, and are discussed in the final paragraph of this section below.
THE 'E-EUROPE' PACKAGE
This Directive, aimed at creating a coherent legal framework for e-commerce development within the Single Market, was finally approved on 4th May 2000, and member states have 18 months to transpose its provisions into national law. Its key components are as follows:
The directive implements the principles of free movement of services and freedom of establishment.
The most contentious issue regards the liability of on-line service providers. The Directive establishes an exemption from liability for intermediaries where they play a passive role as a "mere conduit" of information from third parties and limits service providers' liability for other "intermediary" activities such as the storage of information.
The Directive also clarifies that the Internal Market principle of mutual recognition of national laws and the principle of the country of origin must be applied to Information Society services.
Place of establishment. The Directive defines the place of establishment as the place where an operator actually pursues an economic activity through a fixed establishment, irrespective of where web-sites or servers are situated or where the operator may have a mailbox.
Transparency. The Directive requires Member States to oblige Information Society service providers to make available to customers and competent authorities in an easily accessible and permanent form basic information concerning their activities (name, address, e-mail address, etc).
On-line contracts. The Directive requires Member States to remove any prohibitions or restrictions on the use of electronic contracts. In addition, it ensures legal security by imposing certain information requirements for the conclusion of electronic contracts in particular in order to help consumers to avoid technical errors.
Commercial communications. The Directive defines commercial communications (such as advertising and direct marketing) and subjects them to transparency requirements.
Implementation. The Directive strengthens mechanisms ensuring that existing EU and national legislation is enforced. This includes encouraging the development of codes of conduct at EU level, stimulating administrative co-operation between Member States and facilitating the setting up of effective, alternative cross-border on-line dispute settlement systems.
Proposal for a directive on a common regulatory framework for electronic communications networks and services
This package of measures was adopted by the Commission in July, 2000, and now needs to proceed through the fairly labyrinthine EU legislative process in order to become law. Although some of its components are technical and probably not controversial, some other aspects could be contentious.
The main elements of the package are as follows:
· Proposal for a directive on universal service and users' rights relating to electronic communications networks and services;
· Proposal for a directive on access to, and interconnection of, electronic communications networks and associated facilities;
· Proposal for a directive concerning the processing of personal data and the protection of privacy in the electronic communications sector;
· Proposal for a directive on the authorisation of electronic communications networks and services;
· Proposal for a regulation on unbundled access to the local loop;
· Proposal for a decision on a regulatory framework for radio spectrum policy in the European Community.
THE E-EUROPE ACTION PLAN
The European Council held in Lisbon on 23/24 March 2000 set the ambitious objective for Europe to become the most competitive and dynamic economy in the world. It recognised an urgent need for Europe to quickly exploit the opportunities of the new economy and in particular the Internet.
To achieve this, the Heads of State and Government invited the Council and the Commission to draw up "…a comprehensive eEurope Action Plan …. using an open method of co-ordination based on the benchmarking of national initiatives, combined with the Commission's recent eEurope initiative as well as its Communication ‘Strategies for jobs in the Information Society'. "
In response to this endorsement the Commission adopted a draft Action Plan on 24th May 2000. This draft has been discussed with Member States, and was agreed by the Feira European Council on 19/20th June.
The objectives set out in the Action Plan are
1. A cheaper, faster, secure Internet
a. Cheaper and faster Internet access
b. Faster Internet for researchers and students
c. Secure networks and smart cards
2. Investing in people and skills
a. European youth into the digital age
b. Working in the knowledge-based economy
c. Participation for all in the knowledge-based economy
3. Stimulate the use of the Internet
a. Accelerating e-commerce
b. Government online: electronic access to public services
c. Health online
d. European digital content for global networks
e. Intelligent transport systems
As can be seen, the Action Plan is largely euro-waffle, and it remains to be seen what specific measures will come out of it. The Plan concludes:
'The eEurope targets can only be achieved if Member States, the European Parliament and the European Commission are ready to commit themselves to this Action Plan and to the reassessment of priorities which it will imply. None can afford to relax, no matter how advanced they may be relative to others. A ‘two speed eEurope' must be avoided. Each Member State must be ready to set new priorities, to provide adequate funding and to remove obstacles to achieve the targets. Each will have to draw the attention of citizens to the emerging possibilities of digital technologies to help to ensure a truly inclusive information society. Only through positive action now can info-exclusion be avoided at European level.'
Although the OECD has no formal regulatory role, it is not infrequently used as a forum by its 29 members, and even by other countries, in which codes of conduct or sets of advisory principles are formulated, which come to have a de facto legal status. The Ottawa conference in October 1998, attended at ministerial level by 40 countries, gave the OECD an agenda in respect of e-commerce which has had two tangible outcomes so far, with others in prospect.
The Guidelines for Consumer Protection in the Context of Electronic Commerce, approved on 9 December 1999 by the OECD's Council, are designed to help ensure that consumers are no less protected when shopping online than they are when they buy from their local store or order from a catalogue. By setting out the core characteristics of effective consumer protection for online business-to-consumer transactions, the Guidelines are intended to help eliminate some of the uncertainties that both consumers and businesses encounter when buying and selling online.
The OECD supposes that the Guidelines, based on very wide consultation among business and consumer organisations, will play a major role in assisting the development of online consumer protection mechanisms without erecting barriers to trade. The Guidelines reflect existing legal protection available to consumers in more traditional forms of commerce, encourage private sector initiatives that include participation by consumer representatives, and emphasise the need for co-operation among governments, businesses and consumers. Their aim is to encourage:
· fair business, advertising and marketing practices;
· clear information about an online business's identity, the goods or services it offers and the terms and conditions of any transaction;
· a transparent process for the confirmation of transactions;
· secure payment mechanisms; fair, timely and affordable dispute resolution and redress;
· privacy protection; and consumer and business education.
The OECD Privacy Guidelines, which have existed since 1991, represent an international consensus on how best to balance effective privacy protection with the free flow of personal data. Openness is a key principle of the Guidelines, which are flexible and allow for various means of compliance.
Internet research has repeatedly shown that many consumers are reluctant to engage in electronic transactions because of concerns about the privacy of their personal data. Privacy policies and accurate public statements outlining such policies are a vital step towards encouraging openness and trust in electric commerce among visitors to web sites. They can help visitors to make informed choices about entrusting an organisation with personal data and doing business with it.
INTERNATIONAL ASSOCIATIONS AND ANTI-OFFSHORE INITIATIVES
International Organisations and Anti-Offshore Initiatives
The general attitude of international organisations, exemplified as above by the EU and OECD, is to be supportive and helpful towards the development of electronic commerce. However they are less impressed by the migration of e-commerce towards offshore jurisdictions, which is normally driven at least partly (and often entirely) by a desire to minimise taxation.
It can be argued that tax competition is healthy and will force countries to become more efficient (this is what the low-tax countries say) or it can be argued that low-tax countries engage in 'unfair' or 'harmful' tax competition which causes illegitimate losses of tax revenue and obliges high-tax countries to reduce services to their needy populations. This latter argument carries less weight at a time when the high-tax countries have bulging treasuries and are paying down their debts; but anyway, the international bodies representing high-tax countries are busily working to develop ways of restricting the development of offshore e-commerce.
It is not that offshore e-commerce has yet reached high levels - in fact it represents a very small fraction of the mere 2% of commercial transactions which so far take place over the Internet. There are no figures, but it can't amount to more than 0.1% of world trade, if that. It is just that the high-tax countries see a future threat to which they are responding now.
The rich countries' moves to hinder offshore e-commerce are inseparable from the major campaign they began to wage against offshore during 1999 and 2000. At first these anti-offshore moves were simply directed against 'offshore' as such, but increasingly the rhetoric begins to focus on offshore e-commerce, as businesses and tax collectors wake up to the potential for offshore e-commerce.
The rich countries' campaign took tangible form in 2000 with the publication of three 'lists' of offshore jurisdictions which offend in various ways against global orthodoxy:
· the G7's Financial Stability Forum (FSF), set up after the Asian 'melt-down' in 1997/98, listed fifteen countries it considered to represent a threat to financial stability;
· the OECD's Financial Action Task Force (FATF), set up at the behest of the G7, listed six countries as having inadequate controls against money-laundering;
· the OECD itself issued a list of 35 countries as offering 'unfair' tax competition; in addition,
· the EU's 'Code of Conduct' committee issued a list of 65 'harmful' tax practices in member states and their offshore dependencies.
Led by the US, the member countries of the G7 have backed up the lists by issuing 'advisories' against the 15 countries on the FSF list which call upon financial institutions to exercise great care in undertaking transactions with the listed countries. Beyond these advisories lies the possibility of sanctions and other measures designed to harm the financial service sectors of the offending jurisdictions.
The offshore jurisdictions themselves characterise the behaviour of the rich countries as 'bullying', 'unfair' and hypocritical, since there are plenty of tax breaks available onshore as well as offshore.
The lists prompted howls of protest from the named jurisdictions, but faced with the threat of sanctions, and possibly worse, the bad publicity they are receiving, many of them are rushing to mend fences with the rich countries by adjusting tax practices and introducing new legislation.
The bad publicity cuts two ways: while it may put off the more respectable users of offshore, it may serve to encourage business from those seeking privacy - at least as long as a jurisdiction does not give in to the pressure!
This battle between onshore and offshore will no doubt continue for a long time to come, and its outcome is not at all predictable. Until there is a solution to the problem of how to tax cross-border e-commerce transactions, and the time-scale for that may be 10 years or more, it seems likely that the rich countries will press head with the development of regulation designed to protect themselves against loss of tax revenue.
THE LAWS PASSED IN 'HIGH-TAX' COUNTRIES AND OFFSHORE JURISDICTIONS
UK – IRELAND – GERMANY – ITALY
CANADA - USA - HONG KONG – BERMUDA
See Supranational Regulation: the EU, the OECD and other bodies for a description of a package of seven measures which have been adopted by the EU and will come into force by the end of 2001 at the latest in all member states, and for details of other pending legislation at a more technical level.
Some individual member states have passed or plan legislation dealing with aspects of e-commerce outside the scope of the EU legislation, or which strengthen individual parts of it.
In the UK, an e-commerce act in 1999 dealt with contractual and signature aspects, while the notorious Regulation of Investigatory Powers Act 2000 (RIP) deals with the powers of Government and ISPs to intercept and/or decipher Internet communications. Although the RIP Act has been much watered down since it was drafted, it still places a duty on ISPs to install monitoring equipment at the request of the Government, and gives the Government power to demand the key to any encrypted communication, subject to penal sanctions. Such demands can be contested in Court, but only after the event. With the RIP Act in place, the UK has by far the most intrusive investigatory legislation of any OECD country, and it remains to be seen what effect this will have on the growth of e-commerce in the UK.
Ireland has passed an Electronic Commerce Act, signed into law by the President on 10th July 2000, which provides for the legal recognition of electronic contracts, electronic writing, electronic signatures and original information in electronic form in relation to commercial and non-commercial transactions and dealings and other matters, the admissibility of evidence in relation to such matters, the accreditation, supervision and liability of certification service providers and the registration of domain names, and to provide for related matters.
Germany passed an Information and Communication Services Act on 13th June 1997, which includes provision for digital signatures. In mid-April, 2000, the German government released a summary of draft amendments to the Act. The amendments, which are intended to implement the EU Directive on Electronic Signatures, make several important changes to the German Digital Signature Law, but retain the basic security standard under the current Act. Some German companies that offer electronic signature products and services want to retain the stricter standards in the existing Act, but the Government will probably stick with its proposals for a more liberal legal framework.
Italy passed a law on 15th March 1997 providing for the legal validity of electronic documents. It provides that "The instruments, data and documents constituted by the public service and by private individuals using computer or telematic methods, contracts stipulated in such form, and their archiving and transmission using computer instruments, shall be valid and effective for all legal purposes". It further states that "the criteria and methods of application of this paragraph shall be set out, for the public service and for private individuals, in specific regulations". On 10th November 1997, a presidential decree provided that a digital signature is equivalent to a handwritten signature. Different levels of equivalence are provided. The Decree provides that a digital signature must be certified by an accredited Certification Authority. According to the Decree the digital signature can be the equivalent of the hand-written signature but it can also replace, for any purpose set out in the legislation, the affixing of seals, embossing, stamps, signs and marks of any kind. Technical rules relating to digital signatures, electronic documents and certification authorities were set out in a Prime Ministerial Decree on 8th February 1999.
In Canada some provinces have enacted digital signature legislation as well as the national government, and there are a number of other bills under consideration at national level. The most important are:
The Personal Information Protection and Electronic Documents Act, enacted October 26, 1999. The Act supports and promotes electronic commerce by protecting personal information that is collected, used or disclosed in certain circumstances, by providing for the use of electronic means to communicate or record information or transactions and by amending the Canada Evidence Act, the Statutory Instruments Act and the Statute Revision Act
The Electronic Commerce Bill (Bill 88) had its second reading on 19th June 2000. The Bill removes barriers to the legally effective use of electronic communications by governments and by the private sector. It is not intended to require the use of particular technology or to have a large impact on the methods that people use to communicate. It does not require anyone to use, provide or accept information in electronic form. The Bill is based on the Uniform Electronic Commerce Act which the Uniform Law Conference of Canada adopted in 1999, and is consistent in principle with the United Nations Model Law on Electronic Commerce.
The 'E-commerce Bill' (Bill 70) was referred to Standing Committee on May 11, 2000. The Bill provides that the legal effect and enforceability of information or documents may not be denied just because the information is in an electronic form. Subject to specified limits, where a law requires that information or a document be in writing or that a document be signed, the information or document may be provided electronically and the document signed electronically. Subject to specified limits, if a law requires a person to present or retain information or a document in its original form, the person may provide or retain the information or document in an electronic form. In specified circumstances, an electronic form may be used to satisfy a statutory or prescribed requirement for the use of a form.
The Bill also provides that the legal effect and enforceability of a contract may not be denied just because information or a document in an electronic form was used in its formation. The Bill recognizes contracts formed as the result of specified electronic exchanges and allows for errors arising from transactions with electronic agents to be corrected.
Most US states had adopted e-commerce legislation by the time that the Congress passed the Electronic Signatures in Global and National Commerce Act 1999, finally signed into law by Bill Clinton in June 2000, and which is effective from 1st October 2000.
The motivation for a federal statute was the fact that over the previous five years the fifty states had passed an array of electronic signature and electronic commerce statutes that fall into three varying models and are authorized for varying reasons. Some states provide that any type of electronic signature is valid. Other states require that some minimal form of security is required (such as tying the electronic signature to the signer or being able to ascertain that the message has not been altered). Still other states validate only digital signatures, thought to be the most secure and requiring the use of PKI (Public Key Infrastructure).
In addition to providing three inconsistent models for approving of electronic signatures, the states provide different uses for the approved electronic signature. Certain states permit only transactions with government agencies to be accomplished through the use of electronic signatures, while others permit only certain kinds of commercial transactions to be validated.
The Federal Act 'preempts' state legislation unless the latter conforms to the Uniform Electronic Transactions Act (approved and recommended for enactment by the National Conference of Commissioners on Uniform State Laws in July 1999) or is technologically neutral.
Under the Federal Act, consumers must affirmatively consent to receive electronic records; the consumer may retain such records and withdraw consent.
The Act is technology-neutral so that the parties entering into electronic contracts can choose the system they want to use to validate an online agreement. Many browsers contain minimal authentication features and companies are developing pen-based and other types of technologies to facilitate online contracting. In addition, a number of companies already provide digital signature products using PKI.
The Act specifies that:
no one is obligated to agree to use or accept electronic records or signatures;
its provisions do not affect any disclosures required under regulation or law
if a notice must be provided to a consumer in writing, an electronic version will fulfil that requirement only if the consumer has consented to accepting an electronic version and has demonstrated that he can access the information in electronic form;
it does not apply to the creation and execution of wills, codicils and testamentary trusts; to adoptions, divorce or other matters of family law; to any notice of cancellation or termination of utility services or the default, acceleration, repossession, foreclosure or eviction under a credit agreement secured by, or a rental agreement for, the primary residence of an individual; the cancellation or termination of health or life insurance benefits; or the recall or notification of a material failure of a product;
it covers contracts, agreements, or records entered into or provided in, or affecting, interstate or foreign commerce, as well as those within the scope of the Securities Exchange Act of 1934;
it defines the term 'electronic signature' to mean information or data in electronic form, attached to or logically associated with an electronic record, and executed or adopted by a person or an electronic agent of a person, with the intent to sign a contract, agreement, or record.
In addition to the electronic signature provisions, the Act contains electronic record keeping provisions that are effective on March 1, 2001.
In Hong Kong, the Electronic Transactions Ordinance was enacted on 7th January 2000 and had effect from 7th April 2000. The Ordinance establishes guidelines for the validity and use of electronic signatures and electronic records. It provides for the admissibility of digital signatures and electronic records into legal proceedings. This Ordinance also establishes electronic contract requirements and regulations for certification authorities are established. If law requires the signature of a person or provides for certain consequence if a document is not signed by a person, a digital signature of that person satisfies the requirement but only if the digital signature is supported by a recognized certificate and is generated within the validity of that certificate. If a rule of law requires information to be or given in writing or provides for certain consequences if it is not, an electronic record satisfies the requirement if the information is contained in the electronic record is accessible so as to be usable for subsequent reference.
Bermuda has enacted The Electronic Transactions Act 1999. The Act reflects international standards, including the UNCITRAL Model Law on electronic commerce, working papers of the European Parliament and Council in respect of electronic signatures, the European Union's safe harbour principles for data protection, and “best practice” legislation found in other jurisdictions. The Act, drafted by international law firm Linklaters & Payne, lays a foundation for the conduct of electronic transactions on a technology-neutral basis that is sufficiently flexible to embrace new technological developments and that contemplates a high degree of self-regulation. It lays down a basis for electronic documents and signatures to replace their physical equivalents in all applicable legislation.
Bermuda also adopted a Code of Conduct in May 2000. The code is designed to encourage business to observe integrity, protect personal data, avoid abusive usage, advertise truthfully, deal fairly and openly with customers, and settle complaints and disputes quickly. In essence, the legislation does not regulate customers directly, but tasks ISPs and e-commerce service providers, (such as transaction gateways) to ensure that their customers adhere to the Code. The Ministry of Telecommunications and E-commerce is the final authority regarding enforcement of the Code. For example, the Code will outline remedial steps if a customer infringes on copyright law, and requires the local providers to report criminal or prohibited acts under Bermuda law. Furthermore, Bermuda-based companies are not allowed to engage in online gaming or adult-content services.
OFFSHORE INCORPORATION SERVICES
COMPANY FORMATION & MANAGEMENT SERVICES
TAX PLANNING AND ASSET PROTECTION SOLUTIONS
INTERNATIONAL BUSINESS COMPANIES
PRIVATE LIMITED COMPANIES
LIMITED LIABILITY COMPANIES
LIMITED LIABILITY PARTNERSHIPS
PRIVATE & FAMILY FOUNDATIONS
PANAMANIAN LICENSED FINANCIAL CORPORATIONS
NEW ZEALAND OFFSHORE FINANCIAL INSTITUTIONS
SECURE & CONFIDENTIAL NOMINEE STRUCTURES
INCORPORATION IN EUROPE AND
MAJOR INTERNATIONAL OFFSHORE CENTRES
WORLDWIDE FULL SERVICED VIRTUAL OFFICES