The 21 December 2020 deadline for national implementation of the European Electronic Communications Code (EECC) has now passed. We checked in with our telecom regulatory teams on implementation status across the EU, and have drawn out some key takeaways:
- Deadline missed: Perhaps unsurprisingly given other priorities last year, the deadline for full implementation has been missed in most countries. Only Denmark, Finland, Greece, Hungary, the Netherlands and the UK have so far implemented the EECC and in some cases only partially.
- Expected implementation timing: Although the deadline was missed in many countries, work on implementation is well underway. From our review, we expect most countries will have the appropriate legislation in place by mid-2021. The status in some key jurisdictions is as follows:
- France: The French Parliament has given the government authorization to implement the EECC by way of executive orders. The government has until 3 June 2021 to adopt the appropriate executive orders so full implementation is expected around this date.
- Germany: A draft of the new telecommunications law was made available in December 2020. The draft includes amendments covering the EECC as well as other significant changes, including on law enforcement. Our current understanding is that the new law will pass into legislation by summer 2021.
- Ireland: A consultation process on legislation is due to be launched in January 2021, and will likely give 4 – 6 weeks for submissions from stakeholders. Overall timing is difficult to predict, but we expect the legislation to enter into force toward the end of Q1 or early Q2 2021.
- Netherlands: Implementation in the Netherlands was split and priority was given to: (i) access regulations, (ii) lowering barriers for subscribers to switch providers, and (iii) introducing new powers for the government to obtain data about the geographical coverage of networks. Provisions dealing with these aspects entered into force on 21 December 2020, whilst the remainder of the EECC will follow in 2021.
- UK approach: As the EECC implementation deadline was 10 days prior to the end of the Brexit transition period, strictly speaking, the UK should have fully implemented the EECC into national law. The UK has however opted for partial implementation. In particular, ‘number-independent interpersonal communications services’ are not regulated under the new regime in the UK, and a staggered approach will apply, with the majority of changes delayed until late 2021 or even into 2022 in some cases.
- Key areas to look out for in implementation: As the EECC is an EU Directive, some discretion on implementation is given to EU countries. A ‘country-of-receipt’ rule continues to apply under the EECC, meaning that a regulated service will be subject to national regulations of each country where the service is received and consumed. Providers may therefore have to contend with different rules across the EU. Here are some key points to look out for:
- Approach to notification requirements: Under existing EU telecom rules there are diverging approaches to the notifications that providers have to make with national regulatory authorities. In some countries there are onerous regimes requiring the submission of considerable information, while in others a straightforward notification form has to be submitted. In the UK, there is no notification requirement at all. The EECC aims to introduce a more streamlined and harmonised notification approach, setting out a limited list of information that authorities can ask companies to provide.
- Scope of regulated services: The EECC has introduced a broader definition of regulated telecom services, capturing services which are ‘functionally equivalent’ to traditional telecom services through the new concept of ‘interpersonal communication services’, both number-dependent and number-independent. Whilst a common set of definitions will apply under the EECC, each member state may have a different interpretation of what is within scope, and what falls within available exceptions, such as a “minor and purely ancillary features” (recital 17). There will likely be a period of adjustment as regulatory authorities develop their understanding of these new definitions and apply them in practice.
- Security breach notification: Providers will be obliged to notify the competent authority of any ‘security incident’ that has a ‘significant impact’. This obligation differs but overlaps with similar obligations under the GDPR and the ePrivacy Directive, which may result in burdensome multiple and divergent notification obligations.
- B2B obligations: Certain consumer protection style obligations (including contract and pre-contract requirements) will apply when services are offered to “small or microenterprise customers” (generally businesses with fewer than 10 staff). B2B providers will therefore need to be careful to ensure compliance when they offer their services to these types of customers.
- Bundling of services: The EECC grapples with bundled service offerings, where a number of services are provided under a single (or linked) contract. Where one of those services is a regulated telecom service, the EECC may impose some regulatory requirements (including contract information and termination obligations) on all elements of the bundle, potentially even those elements which are not themselves telecom services.
We will continue to monitor the status of EECC implementation and will publish a further update in the near future.
Please do get in touch if you require any further input on the matters described above.