Compatibility of 5G cyber security measures with free trade

Dragne & Asociatii SCA | View firm profile

At the beginning of year 2020, the NIS[i] Cooperation Group has published a set of cyber security measures as means to implement the 5G system (titled 5G Network EU Toolbox Risk Mitigating Measures) containing a set of technical and strategic measures recommended to be taken by the member states of the European Union[ii].

[i] The NIS Cooperation Group has been established by the 2016 Directive on security of network and information systems (the NIS Directive) to ensure strategic cooperation and the exchange of information among EU Member States in cybersecurity- https://ec.europa.eu/digital-single-market/en/nis-cooperation-group

[ii] Available at https://ec.europa.eu/digital-single-market/en/news/cybersecurity-5g-networks-eu-toolbox-risk-mitigating-measures (visited 04.05.2020).

Some of the recommended measures include an evaluation of the risk profile of suppliers and the enforcement of restrictions for those considered a high risk for assets considered essential[i], restrictions that may ultimately lead to the supplier being excluded from certain projects. In this context, one may ask if the measures sought to be applied by states and/or the E.U. are compliant with the provisions of GATTand GATS.

The GATT[ii]  and GATS[iii] agreements require that member states grant other members the most favored nation treatment[iv][v], including with regards to access on the market of the member states[vi], to abstain from taking measures to protect internal production[vii] or from establishing contingencies or quantity limitations for certain products, in a discriminatory manner[viii].

A measure to partially or completely prohibit products and services can be considered, as a violation of the GATT and GATS provisions, depending on the actual manner of enforcement and the reasons for which the measure was enforced.

The state concerned may derogate from the obligations enclosed in the before mentioned agreements, invoking the security exception (art. XXI GATT) – by prooving[ix] that the restrictions are necessary to defend national security[x].

Following the WTO panel’s decision in the Russia — Traffic in Transit dispute, the prerequsite the security exception are: (i) the measure has to be necessary in order to protect an essential security interest (ii) the essential security interests need to be objectively based on one of the 3 situations mentioned in art. XXI (b) [xi].Also, contrary to certian WTO state practice and scholar writings[xii], the panel has also found that the security exception is not „self-judging” and that the existence of one of the situations mentioned in the subsections of art. XXI (b) is to be determined by the panel that settles the dispute[xiii].

Therefore, it’s not enough for the states to consider, by applying subjective criteria, that the essential security interest in protecting cyber security exists, but it is necessary for the interest to be generated by on one of the 3 situations mentioned in art. XXI (b).

Russia — Traffic in Transit dispute[xiv] panel decission observed that the existence of an emergency in international relations „appear to refer generally to a situation of armed conflict, or of latent armed conflict, or of heightened tension or crisis, or of general instability engulfing or surrounding a state”. Moreover, the panel found[xv] that political or economic disputes between states do not by themselves cause emergency in international relations, in the sense of article art. XXI (b) (iii), except when the dispute will create certain defense, military or internal public order interests.

Considering that the Member States of the European Union do not face a state of emergency in international relations with any of the countries where 5G equipment manufacturers and suppliers reside, it is difficult to argue, in our opinion, a possible security exception. It could be reasonably argued, based on WTO jurisprudence and relevand scholar witings, that states cannot extend the concept of essential security interest to also satisfy certain economic interests or interests justified by the observance of other international conventions and that the finding of an essential security interest should be accompanied by minimum evidence, within the boundaries set by art. XXI (a) of GATT.

It is also important that states assess the appropriateness of a non-discriminatory measure that is necessary in order to achieve the desired goal.The restriction of access to a given market for certain products and services must therefore respect a proportionality ratio with the value intended to be protected. Even in the context of a highly important value, states should examine whether, even in the presence of alternative, less restrictive measures, such as the obligation to obtain certain licenses or the partial limitation of access to that market, they could still justify that the measure is proportional and necessary.

As such, it must be concluded that each state will responsibly evaluate, in the context of implementing 5G Toolbox, the possibility to ground the implemented measures on the security exception in reference to its relations with the country whose products and or services are about to be prohibited for cyber security reasons. Only if the situation falls under the provisions of art. XXI (b) (iii) GATT, respectively, if a state of war or emergency in international relations is proven, as previously explained in Russia — Traffic in Transit, a state may enforce restriction or exclusion measures on commercial entities/suppliers/traders.

Ion Dragne, Attorney at law

 

Alexandru Dragne, Attorney at law

 

Dragne & Asociatii

 

 

[i] Strategic measure (SM) 03: Assesing the risk profile of suppliers and applying restrictions for suppliers considered to be high risk – including necessary exclusions to effectively mitigate risks – for key assets;

[ii] The General Agreement on Tariffs and Trade

[iii] The General Agreement on Trade in Services

[iv] Art. I paragraph 1 and art. IX of the GATT Agreement.

[v] Art. II paragraph 2 of the GATS Agreement.

[vi]  Art. XVI of the GATS Agreement.

[vii] Art. III of the GATT Agreement and art. XVII of the GATS Agreement.

[viii] Art. XI, art. XIII of the GATT Agreement and art. XVI of the GATS Agreement.

[ix] Panel’s report in dispute G.3.6.2 Korea — Various Measures on Beef, para. 162, as well as the presentation of Prof. Dr. Ion Gâlea in the debate „Urgency in law” – part II – available at https://www.youtube.com/watch?v=GQ8TS0lHlEA&feature=youtu.be with refferences to WTO cases Thailand – Cigarettes and EU – Asbestos.

[x] Shin-yi Peng, „Cybersecurity Threats and the WTO National Security Exceptions” – Journal of International Economic Law, 2015, Oxford University Press, pg. 469-470 and pg. 478.

[xi] „(i) relating to fissionable and fusionable materials or the materials from which they are derived, (ii)relating to traffic in arms, ammunition and implements of war and to such traffic in other goods and materials as is carried on directly or indirectly for the purpose of supplying a military establishment, (iii) taken in time of  war or international emergency in international relations.

[xii] Stephan Schill & Robyn Brise – „If the State Considers”: Self-Judging clauses in International Dispute Settlement – Max Planck Yearbook of United Nations Law, Volume 13, 2009, pg.97-110 and pg. 140  – the authors present various opinions and state practice on the security exception, but conclude that although the states have a certain autonomy in invoking self-judging clauses, an judicial review must exist in order to prevented abuse.

[xiii] Id., paragraph 7.102.

[xiv] Paragraphs 7.72 – 7.77 of the panel’s report in dispute WT/DS512/R.

[xv] Id.

More from Dragne & Asociatii SCA