Abstract
This article reviews recent regulatory initiatives in the area of EU product safety legislation and market surveillance from the angle of e-commerce through online marketplaces. With the arrival of the internet, the sale of non-compliant and illegal consumer products has proliferated. E-commerce and globalized supply chains are challenging a regulatory system that is fragmented, highly technical and slow to respond to the dynamic changes introduced to the marketplace. The EU Commission’s 2017 notice on the surveillance of products sold online and its latest proposal for a new regulation on enforcing product compliance rules testify to the unsatisfactory state of progress in this area. A reason for this may be seen in the history and nature of New Approach style product law, which outsources technical product regulation to the industry and entrusts enforcement tightly in the hands of specialized national regulators. New actors in the supply chain, such as fulfilment service providers or e-commerce platforms, have fallen between the cracks. This article argues that extending the principles of the New Approach to e-commerce marketplaces, by seeing their activities as affecting essential requirements, could be of interest to both the problems at hand and the wider debate on online platforms regulation.
1. Introduction
The debate over the responsibilities of online platforms in the fight against illegal content on the internet has intensified over recent years. The European Union (EU) Commission confirmed in its 2017 Communication on tackling illegal content online (the Communication) that it is stepping up its efforts with legislative and non-legislative measures across various sectors and types of content. 1 New regulatory initiatives on hate speech, terrorist content, copyright and IP rights in general 2 have been seen at the EU and Member State level. These have been discussed widely and controversially across academia, industry and civil society. Largely, they try to assign more preventive ex-ante and more prescriptive ex-post content policing obligations on information society service providers (ISPs). In contrast, recent initiatives by the EU legislator 3 to step up enforcement of product regulation for goods sold over the internet have received much less attention. The fight to combat the sale of unsafe food and non-food products is part of the Commission’s broad initiative to impose enhanced responsibilities on online platforms. 4 E-commerce continues to grow 5 and the sale of non-compliant and/or unsafe products online has been identified as a growing problem 6 affecting consumers. 7 It may negatively impact public health and safety and has frequently been linked to the sales of counterfeits. 8
In the following section, the initiatives to step up the enforcement of illegal and non-compliant products sold online will be reviewed in the wider context of the EU’s horizontal strategy to tackle illegal content. This brief comparison shall highlight an imbalance and inconsistency in the attention the EU dedicates to the different sectors subject to unlawful content. E-commerce in physical goods poses specific legal challenges emanating from global supply chain transformations and the nature of product regulation in the EU. It is therefore appropriate to give a brief overview of the EU New Approach applied to product regulation in Section 3. This will be followed by an analysis of the EU Commission’s proposal for a regulation on compliance and enforcement of product legislation (Goods Package proposal) 9 in Section 4. The analysis will focus on the measures proposed to counter the problems of enforcing against illegal and non-compliant products in e-commerce and global supply chains. At first hand, the problems with the established concepts of placing products on the EU market 10 and the new phenomenon of fulfilment service providers 11 (FSPs) may be specific to the supply chain and not relevant for the responsibilities of online platforms. However, this article argues it is difficult to separate these problems. In a world where offline and online business models not only converge but evolve constantly, it is therefore appropriate to design common enforcement tools addressing these challenges. At the end of the section, a proposal will be offered to integrate elements of the New Approach into a responsibility model for e-commerce platforms and online intermediaries in general. Section 5 will then review the efforts of the Commission to fight the sale of unsafe and non-compliant food products, with similar conclusions as those reached in the previous section.
The conclusion will summarize the assessment of the Commission’s initiatives to fight the sale of illegal and non-compliant products on the internet. The largely self-regulatory proposals in the areas of copyright, hate speech and fake news have tackled the issues of platform responsibility for infringing content in a more proactive way than in the area of product regulation. This may be due to the different set up and history of product regulation and its enforcement regime, which bear the marks of co-regulation. However, this article submits that the characteristics of product regulation lend themselves well to the design of more tangible and enforceable responsibilities of online platforms when it comes to preventing and acting on illegal content.
2. Illegal content online and product safety
The objective of this article is to analyse legal efforts in combatting the sale of unsafe and non-compliant consumer products on the internet. This section puts these issues in the wider perspective of the EU Commission’s strategy to fight illegal content online, as announced in the 2017 Communication on tackling illegal content online. 12 Apart from commonly discussed regulatory initiatives in the areas of copyright and hate speech, this document also refers to actions in the areas of product safety (non-food and food products), consumer protection and violent and sexually exploitative content harmful for children. 13 This sector-specific approach recognizes the different legal frameworks that apply to different types of content hosted by various ISPs. At the same time, the Communication also acknowledges the common horizontal legal conditions laid down for all ISPs under the E-Commerce Directive (ECD). 14 No matter the type of content hosted or made accessible by ISPs, they are not liable for it if they have no actual knowledge of its illegality and, when obtaining such knowledge, remove it expeditiously. 15 Moreover, information hosts cannot be obliged to monitor proactively and in a general way their servers for infringing activity or content. 16
As the spread of illegal content continues unabated across all sectors and internet platforms enjoy growing socioeconomic importance, the EU has come up with legislative proposals that encourage or mandate more proactive infringement prevention measures by these platforms. The EU Commission considers online platforms to carry a significant societal responsibility because of their role in mediating access to online content. 17
The recent EU regulatory advances in the areas of hate speech and copyright have been critically discussed across academia, politics and industry stakeholders. It is not the purpose of this article to add to this debate. Suffice it to state that some of these sectoral initiatives have been seen as contradicting the generous liability exemptions and the prohibition of general monitoring obligations under the ECD 18 by imposing quasi-mandatory proactive filtering mechanisms on ISPs. The Commission, however, has so far denied any intention to modify the ECD provisions directly. On the contrary, it sees the ECD liability framework as a key support for digital innovation in Europe. 19
The Commission therefore underlines its view that voluntary proactive measures taken by online platforms to detect illegal content would not necessarily lead to a loss of the current liability privileges. 20 Conscious of the limitations set by the ECD, it stops short of calling for mandating these proactive detection measures for ISPs. It merely concedes that ‘sector-specific rules for online platforms…to help ensure the detection and removal of illegal content’ could be made mandatory. 21 The sector-specific examples cited in that Communication refer to copyright, hate speech and terrorist content. 22 The recommendation on measures to tackle illegal content online 23 (the Recommendation), issued 5 months later, confirms the dedication to sector-specific legislation and industry agreements to fight illegal content. Although copyright, hate speech, counterfeit and consumer protection are mentioned in passing as examples where preventive approaches are worth pursuing, it gives significantly more attention to the fight against terrorist content online. 24 The Commission has written an entire chapter on the prevention of terrorist content online. The tenor of the Chapter is that ISPs ‘should stake proportionate and specific proactive measures, including by using automated means, in order to detect, identify and expeditiously remove or disable access to terrorist content. 25 It can only be speculated that the Recommendation may have been politically motivated by pressing public security concerns over the use of social media in facilitating acts of terrorism. 26 In fact, it was followed by a regulation proposal that seeks to impose relatively far-reaching removal and proactive identification duties of terrorist content on ISPs. 27 By contrast, any detailed references to the fight against non-compliant products sold online or unfair commercial business-to-consumer practices have not been carried over from the September 2017 Communication.
This is somewhat at odds with the press release accompanying the Recommendation, which lists unsafe products as one of the five initiatives in the fight against illegal content, alongside terrorist content, hate speech, child sexual abuse and breaches of IP rights. 28 It begs the question of how the fight against unsafe or non-compliant products fits within the entire strategy of combating illegal content online.
On 1 July 2017, the Commission published a notice on the market surveillance of products sold online 29 (Commission Notice). The document acknowledges the increasing challenges of protecting consumer health and safety posed by the rise in e-commerce. It notes several trends that have made the enforcement of product regulations more difficult over recent years. Amongst them are: difficulties of tracing products sold online throughout the supply chain and identifying responsible economic actors; an increase in sales into the EU from online businesses based outside the EU territory; problems for market surveillance authorities (MSAs) with conducting product risk assessments, tests or getting access to product samples; challenges in coordinating online market surveillance across the EU and a lack of consumer awareness regarding online purchases. 30 These developments have at their root a profound change in the supply chain and consumer habits caused by digitization and globalization, which challenge market surveillance authorities in three areas: jurisdictional scope, speed of business and traceability.
To better understand the specific enforcement challenges in this area, it is appropriate to give a short overview of product legislation and its historic development in the EU.
3. The New Approach and the history of product regulation
A. The New Approach
Today EU (non-food) product regulation is based on two main pieces of legislation: the General Product Safety Directive (GPSD) 31 and Regulation 765/2008 on market surveillance. 32 The GPSD specifies the general safety requirements of products and respective obligations of economic operators and Member States, including the actions to be taken with dangerous products, such as product recalls. Regulation 765/2008 provides detailed definitions of economic operators, such as manufacturers, importers, distributors or authorized representatives. 33 It also defines the responsibilities, tasks and powers of national market surveillance authorities in enforcing product regulations. It is important to state that both pieces are complemented by sector-specific product legislation, which sets additional technical safety requirements for manufacturers deemed necessary by the legislator. This lex specialis does not significantly affect the responsibilities of economic actors and MSAs but is important on an operational level, when MSAs perform market surveillance and enforce product safety laws. 34
EU product regulation in the area of non-food is dominated by the so-called New Approach directives. 35 The New Approach goes back to 1985 and was developed in response to the Court of Justice of the EU’s (CJEU’s) Cassis de Dijon judgement. 36 This seminal judgement had two important implications for product legislation in Europe.
First, it laid down that only product requirements imposed by Member States that answer a legitimate purpose (namely, the public interest) and are applied proportionally could justify a breach of the free movement provisions imposed by the EU Treaties. 37 In response to this judgement, the EU legislator started to spell out public interest (essential) requirements for a variety of product areas. These essential requirements respond mainly to specific health and safety risks posed by products across certain sectors. To be marketed freely across the EU, products need to meet these essential requirements. 38 For example, the EU passed legislation laying down such essential technical (safety) requirements for electronic products within certain voltage limits, 39 electromagnetic compatibility, 40 wireless communication 41 or toys. 42
Secondly, Cassis de Dijon paved the way for the principle of mutual recognition, by which goods legally marketed in one EU Member State must have access to the entire Community market. 43 Therefore, products that meet the essential requirements set by EU legislation can be marketed freely across the EU, no matter in which Member States they were first placed on the market.
Meeting the essential requirements involves more complex technical design questions. Legislation as a regulatory tool was deemed unpractical and too inflexible in the light of market and technological developments. The Commission therefore asked private, industry-run standardization bodies to draw up technical specifications and technical (harmonized) standards, which meet the essential requirements. These technical standards then provided a presumption of compliance for manufacturers. 44 However, the standards are voluntary and manufacturers are still free to design their own technical product specifications that respond to the essential requirements. The New Approach directives require that manufacturers (i) create a declaration of conformity, which lists the safety directives, or regulations with which the product complies; and (ii) affix a CE Mark to the product as a public demonstration that it meets the essential requirements and can be marketed throughout the EU. 45
B. Reforming the New Approach
The New Approach has been considered an important contributor to EU integration. 46 The EU Commission meanwhile has continuously formalized, reformed and extended its standardization approach, for example through Regulations 765/2008, Decision 768/2008 and Regulation 1025/2012 on European standardization. 47 Initially, the New Approach directives focused on free trade in goods and the act of placing goods on the market. The revisions of the system through Regulation 765/2008 have put more weight on enforcement, market surveillance and the responsibilities of economic operators. 48 This reform resulted in the New Legislative Framework (NLF) of which the above-mentioned instruments are the core components.
Enforcement of product regulations remains in Member States’ hands. However, through Regulation 765/2008 the legislator recognized that a certain degree of horizontal coordination was needed to create a level playing field for the enforcement of product legislation and effectively fight non-compliant products across the EU. Articles 16 to 26 of Regulation 765/2008 thus establish general requirements, obligations on the organization and procedures of market surveillance programmes, as well as specific measures that MSAs must adopt when checking products and acting vis-à-vis economic operators. They prescribe the conduct of risk assessments on products, exchange of information between MSAs, general principles of cooperation and sharing of resources amongst member states and the European Commission. The regulation recognizes and tries to contain the complex and technical structure of market surveillance, which developed mainly along national public safety concerns and vertical lines determined by the product directives. This vertical character had been reinforced by more complex technology and a subsequent elaboration of safety risk assessments and certification requirements.
Five years after Regulation 2008/765 came into force, the Commission proposed a new combined instrument replacing the GPSD and the Regulation (2013 Goods Package). 49 This proposal was meant to give further clarification and additional horizontal guidance on what was considered a heterogenic, highly technical regulatory framework, which started to feel the impact of e-commerce. Regarding online sales, the Commission and Member States had started to realize that further research was needed to understand the impact of this new activity on the enforcement framework and to develop a common enforcement approach. 50 However, the package became stuck in the legislative process over Member States’ disparities regarding the proposed consumer product safety regulation. 51
As part of a new reform attempt, the Commission published an ex-post evaluation of Regulation 765/2008 in 2016. It found that the 2008 framework had only been partially successful in stemming the flood of non-compliant products and creating a level playing field of enforcement across Europe. 52
Most importantly, the Regulation’s broad provisions did not rein in the complex and fragmented landscape of market surveillance and enforcement, with varying degrees of resourcing, powers and responsibilities across Member States. Many Member States have a decentralized system of market surveillance across the 20 or so product sectors covered by the NLF. 53 A similarly fragmented picture emerges when looking at funding and staff resources of MSAs, access to product testing facilities, sanction powers and the level of penalties that can be imposed on non-compliant operators. 54 As a result, cross-border cooperation between market surveillance is seen as unsatisfactory. 55 Cooperation between economic operators and MSAs has also been found to be insufficient. The relevance of the legal provisions in the GPSD and the Regulation are increasingly undermined by e-commerce and budget constraints on MSAs. 56
Following the ex-post evaluation, the EU Commission started an initiative to amend the current regulatory framework on 19 December 2017. It launched a proposal for a regulation on procedures for compliance with and enforcement of legislation on products 57 (Goods Package proposal). If put in place, it would replace the current market surveillance framework (Articles 15–29 of Regulation 765/2008) and change sector lex specialis accordingly, but also amend certain definitions to ‘reflect the architecture of modern supply chains’. 58
In the following, the challenges posed by e-commerce as exposed in the ex-post evaluation, the Commission Notice and the Commission Blue Guide will be discussed. The analysis will then be complemented by critically evaluating the solutions proposed in the Goods Package.
4. E-commerce and the fight against unsafe products
In the ex-post evaluation, online sales appear to be the trend that has exposed most strikingly the weaknesses of product safety enforcement to act against unsafe and non-conforming products in the EU.
59
In line with the Commission Notice,
60
three legal aspects are identified that have been challenged by e-commerce and the evolution of global supply chains: – the responsibilities of MSAs; – the concept of placing on the market; and – the responsibilities of economic operators.
For the purpose of this article, only the two latter aspects will be dealt with in more detail. It should be sufficient to note regarding the responsibilities of MSAs that the sheer number of potentially infringing products and the elusiveness of many online offers and operators has only further exposed the fragmented nature of market surveillance in the EU. The measures proposed in the Goods Package aim at providing a stronger, binding framework for coordination of surveillance, better funding and enhanced enforcement tools. The expansion of regulatory networks through a new Union Product Compliance Network is at the heart of the proposal to address this challenge. 61 Eventually, a centralized regulatory structure as seen in the areas of pharmaceuticals or food safety may be what the Commission is hoping for. It remains to be seen whether the changes proposed will help MSAs to at least keep pace with the dynamic growth in e-commerce and help stem the sales of non-compliant products. Given that the enforcement landscape is highly fragmented, involving different administrational levels across Member States, varying degrees of sectorial compartmentalization, 62 institutional differences and the requirement of a high level of technical expertise, the EU has a huge task ahead.
A. The concepts of placing on the market and entering the market
The report finds that the concept of placing a product on the market is out of touch with the increasing complexity of supply chains in the wake of e-commerce. 63 Regulation 765/2008 defines placing on the market as the first instance of making a product available for consumption, distribution or use for commercial purposes on the Community market. 64 The GPSD and Regulation 765/2008 allocate the primary responsibility for the safety of a product to the producer or its EU representative who places it on the market. 65 However, they do not define any further the terms ‘placing on the market’, or ‘making available on the market’. They also tie certain responsibilities relating to the safety of a product to other economic operators involved in the supply chain, such as distributors. 66
The emergence of e-commerce means consumers increasingly buy products directly from internet sellers based outside the EU. The GPSD and Regulation 765/2008 do not cover this scenario. Both presume that for a given product there is either a manufacturer or its representative, or an importer in EU territory who would make that product available on the EU market for the first time and therefore assume responsibility for its safety and regulatory compliance.
The Commission Notice now tries to provide guidance for when a non-EU entity could be considered as placing a product on the EU market. It clarifies that non-EU entities shipping products directly to EU consumers can be considered responsible for placing the product on the EU market and therefore would need to comply with EU product legislation. 67 The methodology employed recalls relevant case law on determining when online traders can be considered as targeting consumers in third countries. 68 For example, the choice of language, accepted currencies or support of delivery to a consumer’s EU address are criteria that would indicate whether EU residents are targeted. 69
The Commission Notice empowers MSAs to take all necessary enforcement action prior to shipping the goods if there is a risk the products are dangerous. These measures could consist of at least temporarily banning the supply of the product or its display. 70 This could therefore open the way for MSAs to request blocking orders against internet access providers of IP addresses of non-EU traders or platforms found targeting EU consumers with infringing or non-compliant products. In the area of copyright, the CJEU recently granted such a blocking order against an internet access provider of a peer-to-peer site enabling access to unlicensed content. 71 A distinction would need to be made between products for which non-compliance is proven and products that are only potentially non-compliant. Where a product only potentially infringes product law, MSAs would only be able to request temporary bans until compliance was proven. The practicalities of such actions are unclear. It could be indeed cumbersome to request proof of compliance from sellers or marketplace operators that are established beyond the EU’s jurisdictional scope. Meanwhile, the pitfalls and inefficacies of IP blocking are an open secret.
Maybe the complexity of this issue, both in terms of jurisdiction and practical enforcement, explains why the Commission, despite identifying it as a major problem, did not provide any further clarification on placing on the market in its new Goods Package proposal. The Commission wants to put more emphasis on surveillance, product traceability and enforcement vis-à-vis economic operators, once the products have entered the supply chain. In the Blue Guide, it already admitted that, realistically, enforcement would only be possible once the product has reached EU customs. Given the number of small parcels entering the EU each year due the growth in e-commerce, this seems to be an uphill struggle under the current enforcement regime. 72 Moreover, under the present fragmented and insufficiently coordinated surveillance framework, it is unlikely to expedite enforcement actions against these non-EU consignors, such as requesting proof of compliance or conducting product testing. 73
Therefore, the Commission proposes a new status for ‘products entering the Union market’. It concerns all products from third countries intended for placement on the EU market. These goods are put under the release for free circulation procedure under the Union Customs Code, 74 which means they are subject to all customs procedures before official release. 75
In conjunction with this, the new proposal creates a dedicated legislative framework for product checks at the EU’s customs borders. 76 The focus here is on better and faster information sharing to avoid the different treatment of products at different EU entry points and duplication of work. The nomination of designated authorities in charge of the control of products entering the Union 77 is supposed to facilitate horizontal exchange of information on high-risk and non-compliant products and operators. The provisions on products entering the market also attempts to close the gap with more recent EU risk-management measures in the area of supply chain security. Article 29 of the Goods Package proposal thus afforded preferential treatment to authorized economic operators (AEOs) as designated by the Union Customs Code. 78 AEOs have demonstrated enhanced security, due diligence, operational and financial standards and a clean sheet concerning compliance with customs and tax rules. It would have seemed logical that they are afforded expedited treatment regarding product compliance checks. However, this passage was not retained in the adopted Goods Package of 20 June 2019. Instead the adopted Goods Package now merely encourages Member states to extend the use of the information and communication system for market surveillance (ICSMS) to customs authorities. 79 It can only be speculated that the proposed Article 29 may have either encroached too far onto some Member States’ enforcement competencies or would have hit technical and political obstacles.
MSAs are encouraged to focus on products entering the EU market where there is no economic operator within the EU, namely, the rising number of small consignments ordered from non-EU sellers. Although an increase in these checks is not expressly stated, the Goods Package proposal 80 aims at targeting non-compliant shipments in a better way through improved risk assessments gained from enhanced information sharing and cooperation with supply chain intermediaries and advanced analytics. 81
Overall it seems more realistic to focus on better enforcement and risk management within the Union rather than attempting to tie responsibilities and chase actions from economic actors far beyond reach of authorities. However, much also depends on whether MSAs can indeed generate the efficiency savings outlined in a foreseeable timeframe. The proposal is up against a dynamically increasing e-commerce sector and a constantly evolving supply-chain business. In the context of these developments, the absence of quantitative data and models, it seems, will make the establishment of risk-based compliance checks a challenge.
B. The responsibilities of (new) economic operators
The Commission Notice on products sold online provides a more detailed analysis of economic operators in the supply chain of consumer products. It identifies two new actors that have become more prominent due to e-commerce: fulfilment service providers and e-commerce marketplaces (platforms). 82 The Commission Notice attempts to interpret these new business models in the light of Regulation 765/2008 and the GPSD. It attempts to give guidance following previous observations on these new actors in the Blue Guide. 83 Meanwhile the ex-post evaluation report also elaborates on the specific problems these new operators pose to the current scope of regulation 765/2008. 84
1. FSPs
FSPs, also referred to as third-party logistics providers or fulfilment houses, have proliferated with the rise of e-commerce. Although the concept of outsourced logistics is not new, it was previously used mainly in a B2B context. 85 However, as new internet sellers emerge and traditional bricks-and-mortar retailers move online, FSPs have turned to answer the demand of tailored B2C shipment, storage and stock management solutions for products ordered online. A small online seller that faces increasing demand for its products or offers products requiring special handling may decide to have part or all of their logistics managed by an FSP. This could entail goods storage, order preparation, packaging, shipment, customer returns and additional services, such as inventory management and supply chain analytics. 86 Some of the advantages for the seller are that they do not need to deal with up-front investments for storing goods, may incur lower fulfilment costs and efficiency savings by benefitting from economies of scale and the logistics expertise of FSPs.
The ex-post evaluation report states that MSAs have found it difficult to apply the current definitions of economic operators offered by Regulation 765/2008 to FSPs. This is especially the case where online traders based outside the EU use FSPs within the Community territory to ship goods to EU customers. Some MSAs have suggested introducing a standalone economic operator definition for FSPs or amending the current definition of importer. 87
Meanwhile, the Blue Guide notes the large variety of FSP business models and concludes they could be classed as distributors, importers or authorized representatives, with the connected responsibilities as per Regulation 765/2008 and the GPSD. 88 The Commission Notice attempts to provide clarification by examining different FSP business models and determine criteria for classification as economic operators. 89
To be classified as a manufacturer or authorized representative, a FSP would either need to apply their own trademark or brand name to the products or be in possession of a mandate from the manufacturer to perform certain tasks relating to the products. It is not clear, however, whether this scenario is common in the current market.
Classifying FSPs as importers proves even more ambiguous, as both the terms of the importer and placing on the market are not explained by Regulation 765/2008. The Commission Notice therefore simply states it is more likely an FSP qualifies as an importer if there is no manufacturer or authorized representative for the product and if the FSP places the product on the market. 90 This appears to be consistent with the interpretation that in the lack of such an FSP or any EU presence, the seller itself would be considered as placing the product on the market (see Section 4.A.). An FSP would most likely need to mitigate this risk by asking the seller to employ a customs broker and register for tax purposes in the EU 91 before it receives and ships the products.
Additionally, FSPs may be considered manufacturers where their activities affect the safety of the product. This may be the case where the product is repackaged, or its structure and composition are otherwise affected in the course of storage and transportation. The latter aspects could become important for products that require specific handling and storage, such as cosmetics, medical devices or even batteries. 92
FSPs that do not fall under any of the above activities, but whose services go beyond those of pure parcel services, would be considered distributors. Distributors would be subject to certain due-care requirements relating to the products they handle. This includes knowledge and verification of the applicable product compliance requirements (CE marking, labelling, language requirements), ensuring proper handling conditions, ensuring traceability of the product and acting on suspected incidences of non-compliance. 93 Given the structure of the current FSP market, most FSPs would be classed at least as distributors.
From an enterprise risk-management perspective, the differences between being a distributor or importer/authorized representative are substantial. It certainly sounds logical to class FSPs at least as distributors, but additional clarification of the terms importer and economic operator would help in the light of e-commerce.
The Impact Assessment to the proposed Goods Package states the emergence of FSPs and e-commerce platforms have created legal uncertainties for both MSAs and businesses, leading to enforcement gaps. 94 Meanwhile, the Expert Group on the Internal Market for Products recommends including FSPs in a revised regulation on market surveillance. 95
The Goods Package proposal appears to take account of this by broadening the economic operator definition. For a start, it includes additional definitions of economic operators where they appear in sector and product lex specialis. 96 Secondly, a more general clause has been created that includes ‘any other natural or legal person established in the Union and other than a distributor, who warehouses, packages and ships products to or within the Union market’. 97 The finally adopted Goods package of June 2019 now goes even further. It offers a definition of FSPs and explicitly qualifies them as economic operators. 98 FSPs therefore now have defined obligations with regards to product compliance that correspond at least to the distributor due care requirements 99 described above in this section.
The adopted Goods Package provides a contrast to the area of trademark infringement, where the FSP Fulfilment by Amazon (FBA) was recently absolved of any responsibilities for the rights infringing nature of products stored and shipped on behalf of an online seller. 100 In this case, the Regional High Court (Oberlandesgericht) of Munich decided that a third-party service provider who stores a variety of goods for a variety of customers (online sellers in this case) could not be obliged to systematically verify whether each product infringed law. The court likened the protection of the FSP to that of internet hosts under the ECD. 101 This judgement would appear to conflict with the future responsibilities of an FSP as per the adopted Goods package. According to this an FSP would have verification obligations with regards to product compliance. At the same time, it would, at least in Germany, not be held to verify whether the product could be counterfeit. By contrast, the adopted Goods package now notes the link between counterfeits and health and safety risks. It encourages member states to take effective measures prevent counterfeits entering the EU market. 102 Meanwhile, the case was appealed to the German Federal Court of Justice, which referred it to the CJEU for clarification. 103 It requests confirmation of whether the activity of FBA affected the exclusive marketing and distribution rights of the applicant under the EU Trademark Regulation. 104
2. E-commerce platforms
2.1 A new supply chain actor? The disputed role of e-commerce marketplaces
Online marketplaces offer sellers and retailers the opportunity to reach a wider clientele. The third-party seller business is booming. 105 The network effects generated by the large e-commerce platforms, such as AliExpress, Amazon or eBay, offer smaller sellers a unique opportunity to reach an international and even global audience. Meanwhile, cross-border and global e-commerce is expanding rapidly mainly through e-commerce platforms 106 with millions of items ordered every day.
The ex-post evaluation highlights the problems MSAs have when enforcing product regulation vis-a-vis e-commerce platforms. For example, MSAs are unclear over the exact role that e-commerce platforms play within the increasingly complex supply chain of products sold online. 107 Although the traditional large marketplaces mentioned above dominate e-commerce in Europe, there is also a number of regional or sector-specific marketplaces. E-commerce is diversifying further as social networks and other players, such as Google, launch their own marketplaces. Additionally, in-app e-commerce through messaging services is gaining popularity. Some online sales do not even take place via a screen, but are entirely based on voice commands. 108
Meanwhile, non-compliant products remain a problem on e-commerce platforms. The Organisation for Economic Co-operation and Development (OECD) states that unsafe, previously recalled or banned products, and those with incorrect labelling information, are more likely to be found on e-commerce platforms than on retailer websites. 109
The Commission Notice states that e-commerce platforms are protected under the ECD’s generous liability provisions from monitoring their sites for infringing products on a general basis. 110 They will only need to remove infringing content once notified of it. MSAs therefore face an impossible task if they want to identify and enforce the law on all infringing products on e-commerce marketplaces. The largest marketplace platforms sell across a wide range of product groups, including consumer electronics, medical devices, cosmetics, toys, protective equipment and foodstuffs. Some MSAs in Europe are proactively working with large marketplace operators on a voluntary basis to achieve the expedited removal of non-compliant products. 111 However, proactive cooperation in preventing non-compliant products remains patchy.
In the face of the ECD, the EU legislator sees little scope to get these information hosts engaging in more proactive infringement-prevention duties. The Commission Notice rehearses the exemptions of the ECD and concedes there is no chance under the current framework to oblige e-commerce platforms, which qualify for the liability exemption of information hosts, to monitor proactively for unsafe and non-compliant products. Instead, it advises MSAs to focus on manufacturers and distributors, in this case the sellers on these platforms that offer infringing products. 112 However, even with enhanced and improved enforcement tools offered by the Goods Package, it is doubtful whether these purely reactive measures will be effective, especially when sellers are based outside of the EU.
Whether e-commerce platforms should be subject to more onerous monitoring duties is subject to intense discussion, as can be seen from recent legislative initiatives in the areas of copyright or hate speech mentioned above. However, the Goods Package proposal does not seek to consider demanding more proactive prevention measures from platforms. It just highlights the (limited) enforcement options available to MSAs under the ECD, namely notice-and-takedown vis-a-vis products, seller accounts, websites or domain names. 113 In addition, the more inclusive definition of economic operators is also unlikely to capture e-commerce platforms. E-commerce platforms appear therefore to be out of scope of the enhanced enforcement tools, which the Goods Package is supposed to create. The finally adopted Goods Package offers little change in this respect. All it does is define an obligation for ISPs to cooperate with MSAs in specific cases in order to mitigate the risks presented by products offered online. 114 Meanwhile Recital 41 of the adopted Goods package empowers MSAs to order an ISP to restrict access to online content where repeated notice and takedown requests have been unsuccessful. This is hardly more than what is already possible under the current ECD. One wonders whether an important opportunity has been missed to fight more effectively and efficiently the flood of unsafe and non-compliant products.
Despite this rather conservative approach towards platform liability, there appears to be an underlying discussion over the enhanced duties of e-commerce platforms. According to the ex-post evaluation, MSAs have requested enforcement tools to punish online platforms that repeatedly sell non-compliant products. 115 The Impact Assessment of the Goods Package proposal reveals that some MSAs have demanded that online platforms be included in the list of economic operators accountable for product conformity 116 and asked for a revision of the ECD to create better enforcement tools against these actors. 117
Meanwhile, the Commission guidance on the Unfair Commercial Practices (UCP) Directive gives the clearest legal indication of the extent that e-commerce platforms could be made accountable for the integrity of products sold via their sites. The Guidance reminds that the ECD applies without prejudice to the level of protection for public health and consumer interests and therefore complements the EU consumer acquis. 118 An online platform that qualifies as a trader under the UCP Directive could therefore be subject to professional diligence requirements commensurate to their specific field of activity. 119 To qualify as a trader, a platform would need to engage in commercial practices ‘directly connected with the promotion, sale or supply of a product to consumers’. 120 It would be hard to argue that e-commerce platforms are not engaged in this way. This could mean they are held to ‘designing their web-structure in a way that enables third-party traders to present information to platform users in compliance with EU marketing and consumer law’. 121 Failure to do so could, according to the guidance, lead to the loss of the liability exemption under the ECD.
2.2 Current legislative proposals – a missed opportunity?
It is disappointing that this guidance has not been utilized to create better enforcement possibilities against e-commerce platforms in the proposed Goods Package. This hesitation is even more surprising as at least some of the lex specialis referred to in the economic operator definitions of the Goods Package 122 do provide for obligations relating to online sales. For example, the Energy-labelling 123 and Toy Safety 124 Directives require that specific product information (warnings, energy-efficiency classification) is made visible to consumers, which includes online sales. Although these are manufacturer requirements, distributors, according to the Toy Safety Directive, for example, must ‘act with due care in relation to applicable requirements’. 125 According to the UCP guidance, this would mean an online marketplace could be held accountable for providing sellers with the possibility of displaying mandatory energy-labelling information or toy safety warnings to customers as part of their professional due diligence requirements.
The economic operator definition could, for example, have been worded in a way that opens the opportunity of including e-commerce platforms (as was done for FSPs). In contrast, it might be still possible that MSAs or courts find that e-commerce marketplaces are involved in the ‘supply of a product for distribution, consumption or use’ and thus be seen as a distributor. 126 This would make sense as these platforms occupy a key position between the manufacturer/seller and consumer within the supply chain and are in a position to technically provide sellers with the opportunity to comply with online labelling requirements. 127 From this activity to auditing whether sellers comply with the requirement should be a trivial step for a platform operator. If platforms were found to be distributors, this could even become a legal requirement 128 as part of any proper due diligence and risk management framework.
There is a chance here to construct or at least open the possibility within the legislation towards specific and transparent due diligence requirements for e-commerce marketplaces, at least where lex specialis requires product labelling and consumer information. 129 Platforms could hold sellers to provide certain regulatory information on a mandatory basis. 130 Compliance with this could be audited through regular data queries and reporting. Moreover, e-commerce platforms have an intrinsic interest to gather product, sales and traffic data from sellers and customers. Requiring they use these data for the purposes of consumer protection by helping prevent the sale of unsafe and non-compliant products would make common sense. However, despite the CJEU judgement in L’Oréal, 131 the Goods Package does not appear to challenge the liability protections of the ECD in the context of big data or explore the concept of diligent economic operator. 132
It is worth noting the CJEU has also found grounds on which to extend the liabilities imposed on sellers under the Consumer Sales and Guarantees Directive 133 to commercial intermediaries. 134 In this case a commercial intermediary had left the consumer unclear over whether they were the owner of the goods sold and that the goods were offered by a private individual. The Court referred to the information asymmetry between a consumer and a professional intermediary and the need for enhanced consumer protection. 135 This expansive view of the concept of seller could provide further support to a more generous application of the concept of economic operator to online intermediaries, especially where consumer protection is at stake. Whether and how far economic operator responsibilities under product lex specialis confer seller liabilities specified under the Consumer Sales and Guarantees Directive 136 to intermediaries would be an interesting subject for further research.
Alternatively, platforms could be obliged to provide interfaces for regulators, enabling them to search for non-compliant information. 137 Compared to other areas subject to online infringements (for example, hate speech, copyright, trademarks), enforcement in the area of product regulation can build on a strong institutional framework and technical expertise. 138 There is a chance here to combine that technical experience in market surveillance with the innovative analytical tools of e-commerce marketplaces as they gather, analyse and monetize product and sales (big) data on their platforms. Such cooperation could serve as a model for the areas of copyright, hate speech or trademark infringements when defining transparent and accountable infringement-prevention procedures. The recent controversial debate over the Copyright Directive 139 shows that obliging online platforms on a purely self-regulatory basis, without public oversight, to oversee the legality of content is indeed controversial. Meanwhile, the current purely reactive notice-and-takedowns are too little to stem the flood of non-compliant products sold via these platforms. It is submitted here that a useful compromise could be the creation of co-regulatory technical standards of infringement prevention. 140 The area of product regulation could provide a useful blueprint for how such a system could be constructed. Under a co-regulatory approach, platforms and MSAs could be brought together to create procedures and due diligence standards for preventing and detecting non-compliant products and how to deal with unsafe products and sellers. Regulators would be able to give technical assistance with regards to the large variety of regulatory product requirements, risk assessments and procedural requirements. Platforms would implement risk management systems and processes taking into account their specific business model and making use of their closeness to sellers, customers and the huge amount of traffic, sales and product-related data they own. 141
Eventually, national and EU regulators could make use of their expertise in technical standardization. They could develop essential requirements for e-commerce platform due diligence (with regards to product compliance) and mandate the development of technical standards to achieve such requirements.
Similar approaches, making use of technical standards and risk regulation for defining and regulating responsibilities of online platforms, have already been explored elsewhere. 142 There is now a more widespread recognition that online platforms have emerged as powerful and essential actors when it comes to facilitating access to and use of the internet: they enjoy information-gatekeeping powers by determining what information people can access on the internet, they collect unprecedented amounts of (personal) user data, which allow for deep insights into and manipulation of user behaviour and they may leverage their platform power to the detriment of competitors in vertical markets that interface with the platform. 143 Meanwhile online platforms have traditionally been loosely regulated through self-imposed, private style governance arrangements, 144 which are increasingly criticized for their lack of transparency, accountability and conflict with public interest principles. 145 The above proposal responds to calls for stronger public involvement and innovative regulatory solutions 146 by introducing aspects of the New Approach in the regulation of e-commerce marketplaces, and online intermediaries in general.
2.3 The Product Safety Pledge – voluntary agreement with e-commerce platforms
On 25 June 2018, the Commission announced an initiative with four major e-commerce platforms regarding the safety of products sold by third-party sellers. 147 This initiative, called the Product Safety Pledge, follows similar initiatives made with online platforms in the areas of hate speech (Code of Conduct) and counterfeits (Memorandum of Understanding). The online marketplaces commit to more structured notice-and-takedown criteria, such as reacting within 2 days to notices of non-compliant products submitted by MSAs and react to customer notices within 5 days. Once offers have been removed, the platforms also agree to processes that will sanction repeat offenders and prevent the reappearance of removed product listings. Although these measures are in accordance with duties already imposed by EU case law, 148 the agreement tries to reach further. Marketplaces will nominate single contact points for notices provided by MSAs and undertake to work proactively with authorities to identify and prevent the sale of dangerous products. It is probably more remarkable that the platforms have committed to work with MSAs in proactively preventing banned products and informing and training third-party sellers on their product safety compliance obligations. Point 12 of the agreement states that the four platforms would ‘explore the potential use of new technologies and innovation to improve the detection of unsafe products’. 149 Although the latter action items remain vague, it may still testify to the overall mounting pressure on platforms to take more responsibility in tackling illegal content online.
Meanwhile, the key performance indicators (KPIs) agreed are thin. Two indicators will merely measure the processing times of notices submitted by MSAs and of removals identified by platforms through monitoring the EU Rapid Alert System for Dangerous Non-Food Products systems. 150 The data, provided every 6 months, will hardly provide proof of whether the agreed proactive measures have had any success. This reminds of the Memorandum of Understanding (MoU) on Counterfeit products, concluded in 2011, with a similar basic set of KPIs. The success of this MoU, which was concluded in 2011, and especially the transparency of the KPIs remain disputed. 151
However, the voluntary commitment can be seen as getting close to the due care obligations imposed on distributors in the supply chain of products as per Decision 768/2008. 152 The agreement could be a warning shot to online platforms to take more responsibility for dangerous and illegal third-party products. The strategy should be familiar by now. If the EU legislator finds that the voluntary commitments lack tangible results it may bring more decisive action through legislation such as the Copyright Directive, the Audiovisual Media Services Directive (AVMSD) or the recently proposed regulation on preventing terrorist content online. 153
5. Market surveillance of food products
A. Food safety law in the EU
The fight against unsafe food sold online is also part of the Commission’s broad initiative to enhance the responsibilities of online platforms. 154 However, the Communication does not provide any further reference to this topic. The Commission refers to a recommendation on a coordinated e-commerce control programme, launched in July 2017, just 2 months before its Communication. 155 This two-page document, which is accompanied by a three-page Technical Annex, recommends that Member States create a coordinated plan to conduct official controls on novel foods and novel food ingredients sold via the internet. 156 However, it is not immediately visible how these initiatives correspond to the Communication, and the Recommendation, which focuses on mainly on enhanced responsibilities for online platforms.
Food law is subject to a separate regulatory regime in the EU. 157 Although food products are covered by the GPSD, Regulation 765/2008 only applies to non-food products and clearly excludes food from its scope. 158 In fact, a comprehensive food law and food safety enforcement regime, based mainly on regulations, has already existed since 2006 in the EU (the Hygiene Package). 159 The hygiene package encompasses provisions regarding food safety and consumer protection, market surveillance and enforcement (food controls), labelling requirements and certain categories of food (such as novel foods, organic products) as well as animal feeds. A European scientific authority (European Food Safety Authority), which supports risk assessments, communication and enforcement decisions, was created.
The general objectives of EU food law are the protection of human life and health as well as consumer interests. 160 EU-harmonized risk management and the precautionary principle are the main regulatory tools employed to reach these objectives. 161 Food regulation is considered relatively complex and, arguably, is one of the most tightly regulated areas in the EU. Consequently, it is seen as stricter and more harmonized than regulation in the area of non-food products listed above in Section 5. 162 The reasons for this can be seen in the special social, cultural and political perceptions attached to food production and food consumption, as well as its high impact on human health. 163 In general, the responsibility for food safety is allocated to the economic operators involved along the entire supply chain, from production to retail. The EU legislators set the framework conditions by mandating the use of established quality management principles such as Hazard Analysis and Critical Control Points or Good Hygiene Practice. 164 These are bolstered by a variety of voluntary industry standards, the use of which is actively encouraged by the EU. 165 The regulator is mainly concerned with market surveillance and enforcement. A detailed and harmonized system of official controls 166 and registrations 167 has been set up. Economic operators at all stages of the supply chain are subject to official controls by Member State competent authorities ‘regularly, on a risk basis and with appropriate frequency’. 168 Unlike in the New Approach areas, EU and national authorities are not involved in mandating technical standards.
B. Enforcing food safety in e-commerce
Since 2007 the EU and Member States have been confronted with the challenges of e-commerce in respect of food law. 169 The online sale of food may pose a number of specific problems: new market entrants may need to be familiar with the risks and requirements of storing and shipping food to consumers (for example, complying with a cold chain, managing expiry dates). Web traders may not be aware of business registration requirements, restrictions on certain foodstuffs and ingredients from outside the EU or specific labelling requirements. 170 Food products are offered by EU-based traders or platforms from non-EU supplies or sellers, and from non-EU sellers and platforms.
The Commission sees the regulatory framework as fit for the digital single market. 171 First, the provisions in place before the emergence of online food retail have been confirmed as applying to the current environment. Online food traders are considered food business operators and therefore must comply with food safety requirements as per general food law. 172 This includes compliance verification and labelling requirements. In addition, like any other offline operator they need to be registered with Member States’ authorities and, depending on their activity, may require authorizations. 173 Secondly, the law has been adjusted to take account of e-commerce. New food labelling rules, passed in 2011, explicitly state that mandatory food labelling information (except expiry dates) will need to be made available by web shops before the consumer makes a purchase decision. 174 In 2017, the EU legislator adjusted its market surveillance and official controls framework to the e-commerce environment. The new Official Controls Regulation, passed in 2017, empowers competent authorities to order product samples anonymously and suspend the internet sites of non-compliant operators for an ‘appropriate period of time’. 175
This will equip authorities with the legal toolset to step up enforcement and official controls. It remains to be seen, however, whether it will help enforcement bodies catch up with the rapidly growing food online retail. 176 The sheer number of products available both from food operators within the EU as well as those targeting EU consumers from outside is staggering. Member States’ food law enforcement authorities have been coordinating their activities since 2010 and have conducted regular checks of products and online operators. In 2014, the EU initiated a training programme for control authorities to effectively conduct e-commerce controls of foodstuffs. An official e-commerce working group on food law enforcement under the auspices of the EU Commission (DG Sante) was put in place in 2016. 177 As a result, the EU launched a coordinated control programme on online offered food. Subsequently a Recommendation on an e-commerce control programme was issued in July 2017. 178 Using a risk-based approach, the recommendation identified the sale of food supplements with medicinal claims (for example, diet pills or sports nutrition) and the sale non-authorized novel foods as the most conspicuous problems. Its first series of coordinated internet food controls came up with high instances of non-compliant novel foods and nutritional supplements across Europe, noting the presence of US- and China-based traders targeting EU consumers. It noted that a large number of products were offered by brokers that were merely acting as platforms for the sale of these products. 179 The Commission concludes that it has established contacts with major e-commerce platforms, including social media. However, it admits that more needs to be done to ‘remind the main players of e-commerce such as platforms, payment services and the traders themselves of their responsibilities, to ask for their contributions to increase the safety of online offered foods and to reduce offers which mislead consumers’. 180 This is annotated with a reference to the Commission Communication on enhancing platform responsibilities. 181
There is no further assessment available for what extent e-commerce marketplaces hosting food offers from third-party sellers can be considered as needing to comply with food law. This is surprising seeing the obvious prevalence and importance of e-commerce platforms in online food retail. As in Section 4, it can be argued that marketplaces play a role as distributors because of their crucial role in making offers widely available to consumers. At the very least, they would have some contributory role within the supply chain of these products. As demonstrated above, food safety and labelling requirements are extensive, and distributors have compliance verification requirements concerning food law. Following the provisions of the UCP and the EU Commission Guidance 182 on e-commerce referred to in the previous section, it could be argued that platforms would at least need to follow some due diligence when it comes to enabling sellers to display mandatory food-labelling information to consumers. Along this logic, failing to do so could, arguably, result in them affecting the safety of products and thus entail liability. Platforms determine the design and layout of product pages, decide on the placement of complementary adverts to generate additional revenue and collect extensive traffic and sales data. They have an interest in sellers displaying product information in a consistent and clear way to consumers to optimize the shopping experience. This all infers a certain level of control over the content hosted and a subsequent level of applicable due care along the lines of settled EU case law. 183
6. Conclusion
This article has analysed EU regulatory initiatives in the areas of product regulation and food law aimed at tackling the ongoing problem of illegal and unsafe products sold online. These initiatives are part of a wider, horizontal strategy of the EU to fight illegal content on the internet by enhancing the responsibilities of online platforms. The Goods Package proposed by the Commission tries to address the challenges brought about by e-commerce in a much less hawkish way than in the area of copyright or hate speech. This may be due to the specific nature and history of product regulation in Europe, which has been characterized by the New Approach. Product requirements are defined through technical standards managed by industry with the state retaining a general oversight function along essential requirements. Regulatory activity focuses on market surveillance and enforcement, which is highly technical and fragmented along product sectors and national boundaries. E-commerce and the revolution of global supply chains have found this system unprepared to deal with the continuing influx of new, unsafe or illegal products. It lacks in flexibility and speed of communication, coordination and action. The measures proposed in the Goods Package, however, still bear the marks of the New Approach. The focus is on the improvement of traditional enforcement tools, cooperation amongst regulators, and a better legal grip on new supply chain actors, such as FSPs and e-commerce platforms.
The Blue Guide and the Commission Notice on the market surveillance of products sold online see FSPs at least as distributors, if not importers or manufacturers. The Goods Package proposal now directly targets FSPs by creating a new category of economic operators. Although MSAs may now have clear surveillance and enforcement means vis-a-vis FSPs, no proactive responsibilities, such as the due care requirements applicable to distributors under GPSD, are specified in the proposals. Meanwhile, the failure to deal more decisively with e-commerce platforms is puzzling. E-commerce platforms are in a unique position as product (information) aggregators and enablers of online sales. Their importance is set to rise even further. The UCP Directive guidance provides a justification for proactive due diligence requirements of e-commerce platforms when enabling the sale of consumer products, which is in line with the ECD. It is regrettable that the Goods Package proposal did not develop this further. It could have applied its New Approach expertise creatively by prescribing risk-management obligations for ISPs commensurate with the products sold on their platforms. E-commerce platforms would need to demonstrate that they are aware of the regulatory requirements and risks applying to these products. They would need to enable sellers to meet regulatory labelling and information requirements and audit this for high-risk products and activities. These activities could eventually develop into more formal standards, which define the contributions of platforms to meet essential requirements of product regulation and the GPSD. It is submitted here that a classification of both FSPs and e-commerce platforms as distributors could create the legal basis for these duties.
This indecisiveness is replicated in the area of online food sales. Again, there is an emphasis on traditional enforcement and surveillance in the form of coordinated internet controls and checks in the face of a vast influx of illegal or unsafe products through the internet. Meanwhile, the more proactive role that platforms could play in preventing the availability of these products is barely touched on. There could have been a chance here to apply to e-commerce platforms some of the risk management principles required of economic operators in the food supply chain. This is even more surprising as food law has been adapted to the online environment for manufacturers and distributors by imposing specific labelling and registration requirements.
Footnotes
Acknowledgements
The author is indebted to Julia Sinnig, University of Luxembourg, for her valuable feedback during the drafting of this article.
Funding
The author(s) disclosed receipt of the following financial support for the research, authorship, and/or publication of this article: the research for this publication is supported by the Luxembourg National Research Fund (FNR) (10965388).
