A. Introduction
When Lily Leong stepped outside that morning on July 1, 2025, the voice in her ear guided her to the nearest Lime ebike, only two blocks away. Her work was fifteen kilometers away in Jakarta’s business district and her Samsung Universe One had woken her that morning, timing its gentle intrusion based on her sleep cycle. Her phone had reported that it was a good day to bike to work and had run through the day’s appointments. As she walked, her Bose headset would gently interrupt her latest K-Pop favorite, Girls Next Generation, to tell her which way to turn (‘Right after the Starbucks’). She was hoping to be able to save enough money by the end of the year to buy the Bose AR Glasses that would show her route without interrupting GNG’s ‘In a Funk’. On her ebike, the voice guided her around the construction site building a new skyscraper. She saw the Komatsu robot erecting the steel girders that framed the building. The construction site was marked as a Human Exclusion Zone, an ‘HEZ,’ with prominent signs depicting a diagonal line crossing out a human being. Humans supervised from a protected shelter across the street, staring at screens that connected them to cameras and robots. She stopped the ebike to frame a photo with an idle human in the foreground and the robot construction worker lifting a heavy steel beam in the background and uploaded it to Instagram.
As she arrived at the skyscraper where she worked, the glass turnstile whisked open, a screen displaying the photo from her first day at work two years earlier when she had long hair. In the elevator she put her hand to her mouth to muffle her laugh at the latest fad on TikTok – the #PetTwin challenge, where people showed their pets wearing hairstyles and clothes matching themselves using images generated by an app. Coming to her standing desk somewhere among the hundreds of desks on the fortieth floor, she sent a text to Xiaoice in Chinese about some issue she was having with her loud neighbor at work, and the Microsoft AI responded with suggestions on how to politely indicate her concern. Her Lenovo computer identified her through an iris scan, and a program automatically queued up her first task for the day – an appeal of the bank’s automated denial of a housing loan in Germany.
Invisible strings pulled by invisible computers across the world shaped Leong’s morning. Her Samsung phone relied on computers in Seoul to awaken her with useful information about the day. The voice telling her which turn to make for a safer biking route was Google’s Singapore computer. A Bose computer in Massachusetts played songs that it thought she would like. The Komatsu heavy machinery installing the steel girders and pouring the concrete was guided by Nvidia AI based out of Santa Clara, California, coordinating with Komatsu computers in Tokyo. Instagram’s California computers promoted her photo to followers, after scanning it for illegality. The facial recognition system was the work of Hikvision operating through computers in Shenzhen, China. The TikTok videos on her phone were selected for her by the Shanghai-based enterprise using leased Amazon servers in the United States. Microsoft ran its Xiaoice chatbot out of Beijing. The AI making the initial credit decision lived on Ping An Technologies’ servers in Shenzhen. Even less visible were the various smart city sensors and actuators operated by various unnamed companies in China, the United States, and Singapore – these systems operated the traffic signals, routed the garbage trucks, and deployed city resources.
Even if this scenario imagines the near future, the technologies mentioned largely exist today. Artificial intelligence (AI) is already crossing borders, learning, making decisions, and operating cyber-physical systems.Footnote 1 It underlies many of the services that are offered today – from customer service chatbots to customer relations software to business processes. AI is already powering trade today.
This chapter considers AI regulation from the perspective of international trade law. Because of the near-universal reach of trade rules, the focus here will be on the World Trade Organization (WTO) agreements. My argument unfolds as follows. Section B argues that foreign AI should be regulated by governments – indeed that AI must be what I will call ‘locally responsible’. Section C then refutes arguments that trade law should not apply to AI at all and shows how the WTO agreements might apply to AI, using two hypothetical cases – a medical diagnostic AI-based system and an insurance coverage decision-making AI. The analysis will reveal how the WTO agreements leave room for governments to insist on locally responsible AI, while at the same time promoting international trade powered by AI.
B AI’s Kangaroo Problem, or Why Regulate AI?
In 2018, President Emmanuel Macron announced that France will send regulators to sit inside Facebook to evaluate how the company combats hate speech on its services.Footnote 2 The regulators will meet with Facebook decision-makers not only in its offices in France, but in Facebook’s offices in Dublin, Ireland, and Menlo Park, California.Footnote 3 President Macron called this ‘smart regulation’ and hoped to extend the model to the rest of ‘GAFA’ members – Google, Apple, and Amazon.Footnote 4
But what about decisions made by AI? Indeed, while it has hired legions of human content moderators, Facebook is also depending on AI to make content moderation decisions. When Mark Zuckerberg testified before Congress in 2017, he cited ‘artificial intelligence’ more than thirty times in his deposition.Footnote 5 ‘Over the long term,’ Zuckerberg offered, ‘building AI tools is going to be the scalable way to identify and root out most of this harmful content.’Footnote 6 So, just as it may be appropriate for France to demand that Facebook’s human decision-makers in Ireland or California comply with its laws – at least with respect to information destined for France – it is appropriate for France to demand that Facebook’s AI decision-makers follow its laws on hate speech.
Governments have good reasons to regulate trade powered by AI. Imagine a dystopian turn to the sci-fi scenario in the introduction: your phone is listening in without permission and pushing advertising based on what it hears, your music app is selling your movements, the robot builder builds an insecure structure, the social network’s algorithms promote hate speech because they engender more engagement, the chatbot starts giving dangerous medical advice, the credit decisions are racially discriminatory, or the smart city is a massive surveillance system in the service of a repressive government.
With respect to the broad array of services now increasingly powered by AI, there are many legitimate (by which I mean non-protectionist) reasons why a government might seek to regulate the underlying AI. AI operates quite differently from human beings, raising both new issues and also old issues in a new way. AI operates at a different scale, using a different evaluation process, without emotion and judgment. Some may see being subject to decisions taken by AI as an attack on their dignity, while others may worry about who will be held accountable for AI decisions.Footnote 7 Regulations built for a world of human reasoning, emotion, and judgment may not equal a world where decisions are made by AI.
How is automated decision-making different? First, and obviously, it is done by computers rather than humans, and thus lacks traditional qualities of human judgment, empathy, and emotion, though it might offer facsimiles of any of these qualities. Second, the ability to transmit real-time data has enabled far more personalized cross-border decision-making than ever before – whether by humans or AI. Third, because it is computerized, it may be done at enormous scale. Fourth, while AI might not be programmed with invidious bias, it might learn that bias from the real-world data it receives – without even knowing perhaps to be mindful of the possibility of such bias.Footnote 8
Decision-making from abroad, of course, predates the rise of AI. Banks, credit card companies, insurance companies, and the like have long relied on decisions made abroad. While there is nothing per se novel about decision-making or information processing across borders, the fact that the Internet now touches almost all of our daily activities increases the opportunities for AI-based decision-making, including decision-making across borders. AI changes the nature, scope, and scale of foreign decision-making. We are entering into a world in which your credit, your job prospects, your insurance claim, the news you read, and even the dates you go on are determined by faceless computers in a distant land.
There is a reason to believe that AI systems will make more mistakes as they cross borders. First, AI might be designed for different environments, nurtured on data from polities that might behave differently. This is a form of the well-known problem that AI trained on, say, a largely white (and male) population, might perform poorly with respect to other populations. Imagine, for example, an AI trained to recognize threats in the United States, but which fails to understand the context of threats in Myanmar – to possibly tragic consequences. Second, because of immense commercial pressures to claim the first mover advantage – attracting both media and venture capital, AI is being rolled out before it is ready. Because machine learning systems benefit from larger datasets, the opportunity to engage more people across the globe will tempt companies to apply their systems ever more broadly. Third, the quality of AI’s judgments will be hard to assess because firms have incentives to proclaim the effectiveness of their AI while individual users cannot amass the overall data necessary to evaluate it. Like the problem of legal transplants – which can prove unsuited in new social, cultural and legal contexts – AI transplants might prove problematic.Footnote 9
Thus, there may be special reasons to distrust foreign AI, which may not have been trained on local conditions. I call this ‘AI’s Kangaroo Problem’ in reference to the Volvo case, where Volvo realized that its ‘Large Animal Detection’ system initially failed to recognize kangaroos because of their jumping, and then began training its system with films of ‘kangaroos’ roadside behaviour.’Footnote 10 When a Tesla, apparently on autopilot, slammed into a stopped tow truck on a Russian road, one news account offered a conjecture: ‘Tesla cars [may not be] trained on Russian roads and vehicles.’Footnote 11 More generally, AI will often need to be culturally or environmentally sensitive and an AI ‘trained’ on the behavior of the US population may well produce erroneous results when applied in China, or vice versa.
AI’s Kangaroo Problem makes it especially urgent for governments to monitor foreign AI. Of course, higher transparency and accountability obligations on foreign firms than those imposed on domestic firms will invite scrutiny as a discriminatory measure – and so governments should be careful that any special scrutiny is properly justified. One question in this regard will be about a specific set of rules that are only triggered by size. If local companies are all likely to remain smaller than the threshold, there is the possibility of exploiting size triggers to disfavor foreign competitors. Furthermore, focusing only on the world’s biggest Internet companies may or may not be justified because of their impact – but it is also important to remember that some of the most pernicious applications of AI might escape scrutiny if we limit our regulatory attention to a handful of enterprises.
Overall, today, decisions about people and machines are being made by machines. AI helps people file tax returns, it helps offer or deny loans, it matches individuals for dating, it makes investment decisions, sorts through job applications, and delivers search results. Given that AI is making decisions that affect people’s lives, governments should insist on what we might call ‘locally responsible AI.’
C AI and Trade Law
Does trade law apply at all to AI? A skeptic might offer two arguments – the first textual and the second conceptual. First, the WTO agreements and the scheduled commitments of the WTO members that form an integral part of the treaties nowhere mention AI, and thus should not be interpreted to cover this new technology.Footnote 12 Applying trade law to this new sphere would violate the sound expectations of the parties. Second, AI is simply a method of doing something, the skeptic might assert, and the trade agreements focus on what is actually provided rather than the process used to provide it – a version of the process/product distinction elaborated for goods.Footnote 13 After all, if trade law does not scrutinize whether a particular decision made by a company is made by an individual or a committee, then why should it pay attention to the decision-making process at all?
Can the WTO agreements apply to AI decision-making? Even if AI techniques were not widely used when the WTO agreements were negotiated, the General Agreement on Trade in Services (GATS)Footnote 14 does not limit itself to the technologies in use in 1994. GATS proves relevant through three characteristics: First and most importantly, GATS focuses on measures regulating services without regard to the technologies by which those services are provided.Footnote 15 Its first substantive sentence declares, ‘[t]his Agreement applies to measures by Members affecting trade in services.’Footnote 16 Second, the GATS applies to technologies that may have not been on the minds of the negotiators.Footnote 17 When China sought to deny that it had included electronic distribution of audiovisual material in its WTO commitments in the China – Audiovisual Products case, the WTO Appellate Body ruled decisively that it was indeed covered.Footnote 18 As I have noted elsewhere, ‘By subsuming an electronic version of the service within a services commitment and by interpreting treaty commitments in a dynamic form, the treaty can take account of changing technologies.’Footnote 19 If a term is listed in a sufficiently generic fashion, it should be interpreted to cover activities that were not commercialized at the time of the listing.Footnote 20 Indeed, when it determined that electronic distribution of audiovisual recordings was covered by China’s commitments, the Appellate Body observed that it was not necessary that such electronic distribution was feasible at the time when China acceded to the WTO.Footnote 21 Thus, a generic commitment for market access for insurance decision-making under mode 1 (cross-border supply) should be read to cover AI-based decision-making as well. Third, as China – Audiovisual Products decision makes clear, the GATS applies to electronically mediated services – a fact essential to enable it to cover AI-powered services. Fourth, the GATS schedules explicitly include a variety of computer and related services in their ambit, with at least seventy-seven countries committing to liberalize trade in ‘data processing services.’Footnote 22 The end result is that when a government measure affects the ability of a foreign company to supply AI-based services into that country, GATS is applicable.
The second objection challenges the idea that AI can be reached by trade law on the ground that how a decision is made with respect to any service is not a proper subject of trade law. This is a version of the controversial process and production methods (PPMs) distinction from the realm of goods,Footnote 23 where an importing government may not be able to inquire into the process by which a product is produced, only evaluating its quality as it arrives at the border.Footnote 24 Steve Charnovitz divides PPMs into three types: (i) the how-produced standard; (ii) the government policy standard; and (iii) the producer characteristics standard.Footnote 25 Translating this into the domain of services, it would mean that the importing government treats the foreign service provider differently because of (i) how it produced the service; (ii) the law governing that service in the exporting country; or (iii) the characteristics of the foreign service provider, respectively.
With respect to services, however, regulation often focuses on both, the provider and the process used, as it may be difficult to regulate the service directly. Licensing requirements, for example, often seek to assure that the individual performing the task has the relevant education, ethics, and experience to perform the service. In general, how a service is produced may be important to evaluate its quality – such as knowing whether an accountant or an engineer or a cybersecurity expert has followed the standard protocols.Footnote 26 Of course, much of the process used to provide the service could be inscribed in the service itself but it is often difficult to see the mark of that process directly. Thus, we often use other measures to evaluate the service – such as the prominence of the firm or the education of its employees or their use of a widely accepted method.Footnote 27 This is no less true with AI. Demands for explainability, for example, which have become common nowadays,Footnote 28 are often ultimately about a form of due process, including the ability to challenge a decision that one feels is unjust.
The following two sections explore two specific scenarios of the interaction between AI and international trade rules.
I Scenario One: Dr. AI
Imagine if a country bars unlicensed medical diagnosis, and interprets this requirement to bar all AI-based medical diagnosis, as there is no process for licensing an AI. What if a foreign company wishes to offer AI-based medical diagnosis into that country? Could it rely on the GATS commitments to liberalize trade in data-processing services to argue that the ban on AI medical diagnosis violated that country’s WTO obligations?Footnote 29
The first step in making such a claim is to establish that the country had in fact committed to liberalize trade in such AI-based medical diagnosis services in the first instance. The market access and national treatment obligations, as we have said, rest on a nation’s GATS schedule. This, in turn, raises difficult questions of classification. Suppose an AI performs the task of assessing whether a skin lesion is cancerous and does so via a smartphone app. Many but not all WTO members used the United Nations’ Central Product Classification (CPC) in its provisional 1991 versionFootnote 30 to schedule their liberalization commitments. The CPC has been revised numerous times since but these updates have not been reflected in the law of the WTO.Footnote 31 Under the CPC scheme, human health services are classified as ‘CPC 931,’ with subdivisions for ‘general’ (93121) and ‘specialized’ (93122) health services, as well as other subdivisions. But perhaps the AI could be seen as a ‘data processing service’ (CPC 843) or a ‘database service’ (CPC 844) at the same time – after all the AI is an immense data processor and may rely on significant database functions? The GATS classification is designed to be exclusionary – that is, any given service should fall only under one categoryFootnote 32 but it can be difficult to place many technologically powered services within the classification framework existing at the time of the WTO’s founding.
The CPC itself provides interpretative rules, including two rules relevant here:
1. The category that provides the most specific description shall be preferred to categories providing a more general description; and
2. Composite services consisting of a combination of different services which cannot be classified by reference to (a) shall be classified as if they consisted of the service which gives them their essential character, in so far as this criterion is applicable.Footnote 33
If we assume that ‘medical diagnostic service’ is more specific than ‘data processing service,’ then an AI-based medical diagnostic service should properly be classified as a ‘medical diagnostic service.’ Thus, a commitment under CPC 843 for a data processing service is likely insufficient to grant a foreign AI medical diagnostic service provider market access and national treatment in that country without a relevant CPC 931 human health service commitment.
In China–Electronic Payments, the panel, however, questioned this approach, arguing that ‘the matter is not so obvious that we could confidently determine, without undertaking a detailed examination, [which service] is ‘more specific’ in relation to the services at issue.’Footnote 34 Yet, the panel’s preferred approach largely reached the same conclusion. The panel recognized ‘electronic payment services for payment card transactions’ as an ‘integrated service’ that included other services that could be provided independently.Footnote 35 The relevant classification in such cases would be the one describing the integrated service.Footnote 36
What if a country has left medical services unbound, but has bound data processing services for both market access and national treatment? Would a foreign AI medical diagnostic provider be able to benefit from that data processing commitment? It seems likely that it would only be able to claim them for providing data processing but not for the medical diagnostic service itself, which would have required a CPC 931 commitment.
The scheduling guidelines adopted by the WTO’s Council for Trade in Services in 2001 distinguish between a committed service and input services to that committed service.Footnote 37 The scheduling of a committed service does not imply that the input services are also equally committed when used for purposes other than the committed, composite service. It seems sensible, however, to assume that the input services are automatically committed when provided as an input into the committed service – that is, it should not be possible for a WTO member to specify that a foreign medical diagnostic provider (presuming that medical diagnostic services are committed) must use domestic AI. Otherwise, the commitment of the integrated service would be less meaningful because one could establish a variety of requirements for the inputs into that service that would greatly erode the commitment. Then if members specify medical diagnosis, they need not specify all the input services needed to supply a medical diagnosis. In our hypothetical case of ‘Dr. AI,’ if the data processing or database service is an input service to the AI-based medical diagnostic service, then a commitment under CPC 931 for such a service would include the data processing or database service.
II Scenario Two: Claims Adjuster AI
Imagine a country that bans automated decision-making for insurance coverage decisions. This would go beyond the right to object to a decision made by an automated algorithm under the European Union’s General Data Protection Regulation (GDPR).Footnote 38 Such a scenario would be reminiscent of the genetic engineering debate in trade law – where Europe rejected genetically modified food outright, while the United States insists on their safety.Footnote 39
Imagine also that domestic insurance providers are not technologically minded, while foreign competitors are more likely to use AI. So the burden of the rule largely falls on foreign providers. Assume that the country banning AI has made market access and national treatment commitments for the relevant insurance products under the Annex on Financial Services, but has limited those to mode 3 (commercial presence), as countries often are reluctant to allow for cross-border trade in financial services because of prudential regulation of financial institutions to ensure, among other things, their safety and soundness.
Might the foreign country of that foreign insurance provider with a domestic establishment have a claim? The foreign home might challenge the absolute bar as a violation of that importing state’s market access commitments. A ban might be seen as a zero quota, and thus a numerical limitation on the number of providers – which will be a violation of the GATS market access obligation contained in Article XVI:2.Footnote 40
The foreign country might also argue that the ban violates the national treatment requirement by effectively preferring domestic insurance providers, which do not use AI for decisions. A central question in answering this question is whether the AI-based insurance service was ‘like’ the non-AI based insurance service. While guidance on the interpretation of ‘likeness’ when it comes to services is limited,Footnote 41 the Appellate Body has indicated that the ‘fundamental purpose’ of the likeness comparison is ‘to assess whether and to what extent the services and service suppliers at issue are in a competitive relationship.’Footnote 42
If a tribunal concludes that the AI ban violates either market access or national treatment commitments, the importing nation will argue that the ban is justified by considerations of privacy, public order, or even public morals (with respect to the latter, the argument would be that having such important decisions made as insurance denial about someone by an AI would be an affront to human dignity). Article XIV of the GATS permits a derogation that is ‘necessary to protect public morals or to maintain public order’Footnote 43 but the ‘public order exception may be invoked only where a genuine and sufficiently serious threat is posed to one of the fundamental interests of society.’Footnote 44 One focal point of the analysis will be whether the ban is necessary to protect public order. The exporting nation might argue that an alternative WTO-consistent that achieves the same ends is reasonably available, and thus an outright ban is not necessary.Footnote 45 It might for instance point to the German approach as such an alternative: Germany explicitly recognizes automated decision-making for insurance decisions but requires the insurance company to offer human review for any negative decisions.Footnote 46
In summing up, even if existing trade law does have mechanisms to reduce protectionist barriers to trade in AI, there remains substantial room for disagreement over whether any particular rule that burdens trade in AI can be justified. The examples above point to some of the debates and critical questions, such as: Is AI medical diagnosis ‘like’ human medical diagnosis? Can an AI-based insurer be banned on the grounds that it is likely to be biased or opaque? The rules as they stand do not give clear answers to such questions. Internationally agreed frameworks for responsible AI might offer a process to protect national regulatory goals while enabling trade in AI.
D Conclusion
Governments across the world are struggling to keep up with technology. The rise of AI decision-making, in everything from cars to media to business processes, challenges regulatory capacity. Governments must regulate AI in order to further traditional regulatory goals, such as consumer protection, privacy, and law enforcement. Governments can, however, craft or enforce AI rules that disfavor foreign enterprises. The regulation of AI should not be used to create yet another behind-the-border trade barrier.
A Introduction
Technology is not only transforming international trade, it is also pushing the boundaries of regulation. The cross-border nature of the Internet challenged existing regulatory approaches, raised new regulatory issues and gave rise to new forms of governance. Digital technologies that leverage the Internet are challenging existing approaches even further. Among those, one technology, blockchain, keeps making the headlines. A game changer for some, the most overhyped technology for others. Few technologies have sparked so much debate.
Often associated with Bitcoin because it was first implemented as the technology underpinning the famous cryptocurrency, blockchain is much more than Bitcoin.Footnote 1 In fact, by making it possible for actors along the supply chain to interact on a peer-to-peer basis in quasi real time and in a highly secure and trusted environment, this technology could have a major impact on many facets of international trade and deeply transform it. Blockchain could facilitate international trade transactions and help implement World Trade Organization (WTO) agreements, and it could foster the digitalization of trade.
Yet, technology is only a tool. A number of regulatory issues deserve the attention of policymakers for this potential to be realized. It is therefore critical that government officials educate themselves to understand the technology, its potential, but also its limitations, and keep an eye on developments. This chapter discusses the measures that should be taken to promote the development of a regulatory framework conducive to the development of the technology and the role that the WTO could play in this respect.
The chapter’s first section describes blockchain’s key features and discusses how this technology can be used to facilitate transactions in various areas of global trade and help implement WTO agreements. It examines the potential impact of this technology on international trade. The second section looks at discrete regulatory issues that deserve the attention of regulators for blockchain to truly transform international trade. The last section discusses measures that should be taken to promote the development of a regulatory framework conducive to the development of the technology and the role that the WTO could play in this respect. The chapter argues that the WTO is uniquely positioned to play a pivotal role in ensuring that a conducive governance framework is put in place to allow blockchain to be used to its full potential in the area of international trade.
B Understanding Blockchain’s Practical Implications for International Trade
In spite of the many headlines on blockchain, the technology, its functioning and potential to transform business beyond the world of cryptocurrencies and of finance more generally remains difficult for many to apprehend. This section seeks to provide a basic understanding of how the technology works and discusses its practical implications for international trade and the implementation of WTO agreements.
I Blockchain: A Complex World
The catchy word of blockchain conceals a complex reality. The term blockchain is now often used in a generic way to refer to distributed ledger technology (DLT) and this chapter follows this practice. Strictly speaking, however, blockchain is only one type of DLT – one that combines transactions in blocks and links them in a linear way. While there are many different types of DLTs, all possess a number of key characteristics that render them particularly useful as a facilitator of a wide range of international trade processes.
A blockchain, or distributed ledger, is a shared and synchronized digital database that is maintained by an algorithm and stored on multiple ‘nodes’, i.e. computers connected to the network that store a local version of the ledger. Unlike traditional databases, distributed ledgers have no central data store or entity controlling the network. They function on a peer-to-peer basis without the need for the intermediaries who traditionally authenticate transactions. Data added to the ledger are shared with all participants in quasi real time, verified and validated (‘mined’ in the context of blockchain technology) by anyone with the appropriate permissions on the basis of the consensus protocol of the ledger, and timestamped. Therefore, participants in a distributed ledger have all access to the same information at any time. In other words, a distributed ledger is a shared, trusted record of transactions that all participants can access and check at any time, but that no single party can control (unless it is fully private – see Table 6.1), which allows people with no particular trust in each other to collaborate without relying on trusted intermediaries. Distributed ledgers ensure immediate, across the board transparency.
Table 6.1. Types of blockchain platforms
| Blockchain types | Level of centralization | Read | Write | Example |
|---|---|---|---|---|
| Public permissionless | Highly decentralized | Anyone | Anyone | Bitcoin |
| Public permissioned | Highly decentralized | Anyone | Authorized participants | Sovrin |
| Consortium permissioned | Partially-decentralized | Authorized participants | Authorized participants | Tradelens |
| Private permissioned | Centralized | Authorized participants | Authorized participants | Company blockchain |
A distributed ledger is secured using a blend of proven cryptographic techniques. Data entered onto the blockchain are ‘hashed’, i.e., converted into a new digital string of a fixed length using a mathematical function, and encrypted to ensure data integrity, prevent forgery, and guarantee that the message was created and sent by the claimed sender and was not altered in transit. Records are also linked to one another; attempting to alter the ledger is a difficult endeavour as previous blocks or records of transactions would also have to be altered for the changes to remain undetected. Because of the distributed nature of blockchain, falsifying data or compromising the whole network would require compromising a large number of nodes, which would be practically very hard.
These different characteristics make distributed ledger technology highly secure and difficult to hack – which led The Economist to call blockchain a ‘trust machine’.Footnote 2 They also render DLT a particularly helpful technology to remove frictions from global trade by making it possible for the many stakeholders involved in international trade transactions to interact in a more efficient way.
Distributed ledgers are, to date, the most secure type of databases,Footnote 3 but this is not to say that they are completely immune from tampering or cyberattacks. A distributed ledger can be compromised if a validator or a pool of validators control more than 50 per cent of the network’s computing power, which is called the ‘51 per cent attack’. With computing power capacity of some blockchains being increasingly aggregated, the risks are certainly growing. In fact, in July 2019, two mining pools of the Bitcoin network, one reputed the most difficult to hack, carried out a 51 per cent attack on the network in an apparent effort to stop an unknown miner from taking coins that they were not supposed to have access to in the wake of a code change.Footnote 4 While the attack was arguably conducted with a view of doing something good for the community, not to reward the attacker or steal funds, it has led to heated debates in the information technology (IT) community as to the severity of the potential consequences of such attacks. Advances in quantum computing could in the long term also represent a threat to blockchain as blockchain’s resilience relies on encryption and algorithms, whose strength is based on computing power. ‘Post-quantum’ algorithms that would be resistant to quantum computing are being actively researched.
1 A Multitude of Distributed Ledger Technologies
In spite of these common characteristics and as noted earlier, DLTs are very diverse and there is a multitude of consensus protocols. Consensus protocols govern the way transactions are validated and records are added to the network and differ in terms of energy consumption and rapidity at which blocks or transactions can be validated. Some of the most well-known consensus protocols include proof-of-work (PoW), which is used by Bitcoin; proof-of-stake (PoS), which is being considered by Ethereum, another well-known public blockchain, and Proof of Elapsed Time (PoET) used by Hyperledger Sawtooth. Proof-of-work requires that the participants who validate blocks, the ‘miners’, show that they have invested significant computing power to solve a hard cryptographic puzzle. Miners compete with each other to validate a block and add it to the blockchain. The miner who validates the new block is rewarded with Bitcoins. The level of difficulty of the mathematical problem increases as blocks are mined to ensure that only one block can be mined every ten minutes. The big disadvantage of proof-of-work is its high level of energy consumption – which researchers estimated to be as high as that of a country like Ireland.Footnote 5 Proof-of-stake algorithms were developed to overcome the disadvantage of PoW in terms of energy consumption. PoS replaces the mining operation with rewards in proportion to the amount of the validators’ ‘stake’ in the network (i.e. ownership or assets of cryptocurrency in the network). As for Proof of Elapsed Time, it uses a random leader election model, or a lottery-based election, with the protocol randomly selecting the next leader to finalize the block. These are merely a few examples of the many different consensus protocols that exist in practice.
In addition, while the most well-known DLT, blockchain, combines transactions in blocks and chains them in a linear way – hence the term ‘blockchain’ – an increasing number of models of transaction flows are being developed, which move away from the concept of ‘blocks’ – or even from both concepts of ‘blocks’ and ‘chain’. The so-called ‘New kids not on the blocks’ include IOTA,Footnote 6 RippleFootnote 7 and Hedera Hashgraph.Footnote 8 In IOTA, for example, transactions are not grouped into blocks and each transaction is linked to two previous transactions as part of the validation process to form a ‘tangle’.
Despite these important technical issues, the technology itself is only one part of the story and the term ‘blockchain’ is often used to refer to the platforms that are being developed for specific applications, the nature of which varies greatly. While blockchain was originally envisioned as a decentralized network open to everyone, a number of platforms have emerged that are controlled by a company or a group of companies forming a consortium and whose access is limited to authorized participants.
2 Various Types of Blockchain Platforms
Distributed ledgers are often classified as public versus private or ‘permissioned’ versus ‘permissionless’. Under the category of private blockchain or ledger, there is a subtype called ‘consortium’ that is sometimes considered as a type of blockchain in its own right.Footnote 9 These two classifications are at times conflated and it is not uncommon for people to associate public with permissionless and private/consortium platforms with permissioned platforms. The reality is, however, slightly more complicated, as some public platforms can be permissioned (see Table 6.1).Footnote 10
In essence, a permissionless blockchain is a platform that is open to anyone, with no restrictions imposed on who can access the platform and validate transactions, while a permissioned blockchain is a platform in which access is restricted. The distinction between public, consortium and private blockchains is linked to the degree of decentralization. A public platform is a platform that is highly decentralized, with no specific entity/entities managing the platform. Transactions are public and individual users can maintain anonymity and no user is given special privileges over any decision. In contrast, in a private blockchain, the permissions to validate and add data to the ledger are controlled by one entity that is highly trusted by the other users, and participants are identified. The term ‘blockchain’ in the context of private ledgers is controversial and disputed, as such highly centralized ledgers have little in common with the original idea behind blockchain. A consortium blockchain is a ‘partially decentralized’ platformFootnote 11 that operates under the leadership of a group rather than a single entity and in which participants are identified. One of the distributed ledger technologies often used for private or consortium platforms is Hyperledger Fabric,Footnote 12 which was developed by IBM, and donated to the Hyperledger Project of the Linux Foundation, and has been designed to cater to the needs of participating companies.
Private and consortium platforms provide for greater scalability but at the expense of decentralization. Public platforms, on their side, are highly decentralized and provide for a high level of security, but this comes at the cost of efficiency and scalability. This is what Vitalik Buterin, founder of Ethereum, called the ‘blockchain trilemma’ – i.e., the impossibility to achieve scalability, decentralization and security simultaneously in a blockchain. At most, two of these properties can be achieved. Other researchers articulate the trilemma around a slightly different set of concepts: decentralization, correctness and cost efficiency,Footnote 13 but the conclusion remains the same: you cannot have it all.
3 Automation via Smart Contracts
A particularly interesting feature of the blockchain universe is the possibility to use smart contracts, i.e. computer programmes that automatically enforce themselves (self-execute) without the intervention of a third party when specific conditions are met (based on the ‘if … then…’ logic; e.g., if the goods are unloaded at port of X, then funds are transferred). Smart contracts state the obligations of each party to the ‘contract’, as well as the benefits and penalties that may be due to either party under different circumstances. However, unlike the name suggests, smart contracts are neither smart, as there is no cognitive or artificial intelligence component to them, nor are they contracts in a legal sense.
Smart contracts go back many years. Cryptographer Nick Szabo introduced them first in various publications during 1994–1997,Footnote 14 but their use outside of blockchain makes them subject to the same problems as centralized databases – that is, a single point of failure and the possibility to change the data easily. When used in the context of blockchain they inherit blockchain’s key properties, such as immutability.
II Blockchain: A Potentially Transformative Impact on International Trade
The transparent, highly secure and quasi-immutable nature of blockchain makes it an interesting tool to facilitate a number of processes related to international trade. A myriad of proofs of concepts and pilot projects leveraging the technology have been developed in virtually all areas of international trade, from trade finance to border procedures and the management and enforcement of intellectual property rights, to cut costs, streamline procedures, and help move away from heavy paper-based processes, with an increasing number of projects now entering the production phase. The potential of this technology to transform international trade is indeed significant.Footnote 15
1 Blockchain’s Potential Impact on International Trade Transactions
International trade has seen little innovation since the invention of the container by Malcolm McLean in 1955. Goods are still transported across oceans in the same old way, requiring paper and labour-intensive processes. In a now well-known experiment, shipping company Maersk followed a container of roses and avocadoes from Mombasa in Kenya to Rotterdam in the Netherlands in 2014 to document the maze of physical processes and paperwork that impact every shipment. Around 30 actors and more than 100 people were involved throughout the journey, leading to more than 200 interactions.Footnote 16 The shipment generated a pile of paper 25 cm high and the cost of handling it was higher than the cost of moving the container.Footnote 17 One of the critical documents went missing, only to be found later amid a pile of paper.Footnote 18 The system is overall slow, costly and inefficient. The use of blockchain opens incredible opportunities to cut costs and improve processes, and to truly digitize procedures that are still analogue.
a Blockchain Can Make Trade Processes More Efficient and Less Costly
Because it allows all actors to interact in real time in a highly secure environment, blockchain can make processes more efficient and less costly. Once added to the ledger, information is available to all participants simultaneously, and the nature of the technology gives participants the guarantee that the information cannot be tampered with, thereby generating trust.
In one of the first economic studies on blockchain, Catalini and Gans consider that the use of blockchain affects two key costs in particular: (i) verification costs, i.e. the ability to verify the attributes of a transaction cheaply and (ii) networking costs, i.e., the ability to bootstrap and operate a marketplace without the need for a traditional intermediary.Footnote 19 Other costs, such as coordination and processing costs, financial intermediation and costs related to foreign exchange could be affected as well.Footnote 20 While the potential impact on trade costs has not been thoroughly researched yet, various studies by actors in the field estimate that the potential savings from full digitalization using blockchain could represent between 15 and 30 per cent of the costs of the processes concerned.Footnote 21 The reduction in trade costs can be particularly interesting for small- and medium-sized enterprises (SMEs) who face higher fixed costs than large companies.
The potential efficiency gains of blockchain have led many actors involved in international trade to build consortia to leverage the opportunities that the technology opens. IBM and Maersk were the first ones to open the race with their platform TradelensFootnote 22 that aims to connect the various parties involved in international trade – from freight forwarders to government authorities and banks – and to digitize the supply chain from end to end, with a view to streamlining and facilitating procedures. The platform is now fully operational and claims to process ten million events a week. Others are following suit.
Numerous initiatives have also been launched in the area of trade finance: Contour, Komgo, We.trade, eTradeConnect are some of the bank-led projects that aim to address deficiencies of trade finance processes using distributed ledger technology. Traditional trade finance, in particular letter of credit transactions, is labour and paper intensive and involves multiple players, generating much inefficiency. Research by the Boston Consulting Group found that more than twenty players are usually party to a single trade finance transaction throughout the process, with data captured in ten to twenty documents, creating approximately five thousand data field interactions, but that only 1 per cent of these interactions creates value. The remaining 85–90 per cent of the transactions simply consist of ‘ignore/transmit to the next party’ actions.Footnote 23 Not surprisingly, banks see blockchain as a potential tool to reduce coordination costs between the multiple actors involved in a letter of credit transaction. The first results of initiatives using DLT to process letters of credit seem encouraging, arguably reducing the time needed to process letter of credit transactions from on average of five to ten days to a matter of hours.Footnote 24
Yet, all these projects are still in their early stages, being at best a two or three of years. It remains to be seen whether these various platforms will effectively generate the expected outcomes and manage to scale up to become viable business projects.
b Towards Paperless Trade?
Efforts to digitize trade have so far been impeded by what is usually referred to in the blockchain world as the ‘double-spend problem’, i.e. the possibility to spend a digital asset twice, which translates in the non-currency world as the possibility to make multiple copies of digital files. This is particularly important in the case of international trade, as a document like the bill of lading represents ownership of the goods. It is critical to ensure that an electronic bill of lading can be transferred from one holder to another in a manner that guarantees that there is only one holder at any moment in time and that multiple copies cannot be put in circulation. Simple digitization through PDFs, for example, does not provide these assurances. However, blockchain does. Not only does it provide the guarantee that there exists only one copy of the document, but it also allows tracing the transfer of the file along the journey. In 2018, Accenture completed a proof of concept to digitize bills of lading in cooperation with APL Ltd. (owned by the world’s third largest container line), the logistics company Kuehne + Nagel, and Danish customs.Footnote 25 The proof of concept arguably led to an 80 per cent reduction in efforts associated with managing data related to the bill of lading.Footnote 26 While these numbers are difficult to check, the key characteristics of blockchain make it a potentially interesting tool to solve some of the problems associated with electronic bills of lading.
Before the advent of blockchain, digitization efforts of companies like essDocs and Bolero mainly focused on digitizing payments and information, essentially via scanned PDF documents. They did little, however, to digitize the transactions themselves.Footnote 27 By allowing participants in the network to interact in real time in a highly secure environment, blockchain opens the door to the true digitization of transactions. While the rise of the Internet had a profound impact on the way we communicate, blockchain has the potential to impact transactions. Sometimes called the ‘Internet of value’, blockchain and distributed ledger technologies are best described in my view as the ‘Internet of transactions’. By breaking the various silos that currently exist between the many parties involved in cross-border trade transactions, blockchain could give rise to a ‘global asset web’ and bring trade globalization to another level.
Beyond these generic considerations on the potential impact of blockchain on international trade, this technology can prove particularly useful for the implementation of the various WTO agreements, as will be explained in the following section.
2 Blockchain Can Help Implement WTO AgreementsFootnote 28
Blockchain could help implement various provisions of the recently adopted Trade Facilitation Agreement (TFA). In particular, it could prove useful to enhance inter-agency cooperation, as it allows all participants to interact directly and in quasi real time (Article 8 TFA).Footnote 29 It could improve the efficiency of customs clearance processes and reduce the need for manual verification. Requests for advance rulings (Article 3 TFA), if submitted through a blockchain platform, would be securely stored on the blockchain, in a permissioned ledger, and remain accessible at all times by authorized stakeholders, including all customs offices located in the territory, throughout the validity period of the ruling, thereby facilitating the release and clearance process. The sharing of required data on the ledger in real time could facilitate pre-arrival processing and expedited release of goods (Article 7.1 and 7.8 TFA). The use of smart contract could help optimize risk management (Article 7.4 TFA) – customs documents submitted via the system would be immediately and automatically analyzed and assessed on the basis of pre-determined selectivity criteria encoded in a smart contract – and post clearance audit (Article 7.5 TFA), the tamper-proof nature of the technology making it possible to easily track and audit transactions. Blockchain could also help handle temporary admission of goods processes (Article 10.9 TFA). It has also been argued that blockchain could help administer single windows in a more efficient way (Article 10.4 TFA).Footnote 30 Finally, blockchain could facilitate revenue collection through the use of smart contracts and the management of authorized operators status (Article 7 TFA).
In fact, the potential of the technology to facilitate these processes is already being tested. The European Commission carried out a successful proof-of-concept in cooperation with the International Chamber of Commerce (ICC) related to ATA-carnets used for the temporary admission of goods.Footnote 31 The Republic of Korea’s customs authority is working with e-commerce companies to leverage the technology to accelerate customs clearance of e-commerce goods from these companies, share information in real time, generate automated import customs clearance report to authorities, and prevent fraud and smuggling.Footnote 32 A project called Cadena is also underway between Mexico, Peru and Costa Rica with the support of the Inter-American Development Bank to create a common platform for the management of authorized operators (or authorized economic operators, AEOs). Cadena aims to automate the process of sharing AEO data among the parties and remedy some of the problems faced in the implementation of AEO mutual recognition agreements. The problematic areas include manual processes of sharing sensitive and/or confidential data with low standards of security and integrity; the difficulty to establish the provenance and traceability of the data and to guarantee secure access; the inability to grant AEO benefits in real time; and the inability to react in real time when a suspension occurs, with all the consequences that this may have on the security of the supply chain.Footnote 33
Blockchain could also help implement the Import Licensing Agreement in a more efficient way, in particular the provisions on application for import licenses (Article 1.6) and automatic import licensing (Article 2). This information, once added to the ledger, would be directly accessible to all relevant stakeholders – thereby limiting the number of agencies to approach – and the use of smart contracts could automate the granting of licenses. It could also help administer import and export licenses. Such licenses are normally delivered for a set period of time. Storing an import or export licence on a blockchain platform would save the importer or exporter the trouble of having to keep the licence in a safe place to avoid losing it and would allow customs authorities to easily check the authenticity and validity of the permit.Footnote 34 Using fake permits would no longer be possible.Footnote 35 The use of a smart contract could even allow the parties to go one step further by automatically rendering an import/export licence invalid upon expiration of its validity period. This could help fight fraud and avoid situations, as the one with the Philippines in 2016, when the Department of Agriculture cancelled and recalled all import permits on meat products to tackle meat import fraud, having found that old permits were being recycled to smuggle imports.Footnote 36
In the context of the Technical Barriers to Trade (TBT) and Sanitary and Phytosanitary Measures (SPS) agreements, the traceability and transparency features of blockchain can prove interesting to help assess sanitary risks (Article 5 SPS Agreement), prove conformity assessment and manage conformity assessment procedures (Article 5 TBT Agreement), and demonstrate compliance with standards. While traditional labelling systems can be easily manipulated, blockchain provides a highly secure system to prove key characteristics of the products concerned. Numerous start-ups and well-established companies, such as Provenance,Footnote 37 Verified OrganicFootnote 38 or Bext360Footnote 39 are turning to blockchain to assert ethical, organic or quality claims. The use of blockchain is also being explored for the granting of e-phyto-certificates to help streamline the approval workflow of such certificates.Footnote 40
Blockchain could facilitate assessment of origin, be it for the purposes of the WTO Agreement on Rules of Origin that applies to non-preferential rules of origin or for the purposes of a preferential trade agreement between two or more parties. Various companies, such as EssDocsFootnote 41 and VCargoCloud in Singapore,Footnote 42 as well as chambers of commerce in Singapore and Dubai, are testing the technology in relation to certificates of origin.Footnote 43 If blockchain traceability from farm or factory to shelf becomes more widely used, the determination of origin could become much easier. One could even imagine a day when certification of origin would rely on blockchain data to be determined directly at the border, without the need for a certificate or origin – provided the systems put into place are accessible by customs authorities and not confined to the internal supply chain of companies.
Another area where blockchain could have a significant impact is intellectual property (IP). Beyond blockchain’s potential to provide proof of existence and ownership and to ease registration of IP rights,Footnote 44 which are issues of great importance to right holders but not directly relevant in the context of the WTO, as it is the World Intellectual Property Organization (WIPO) that administers the relevant treaties, blockchain can facilitate the implementation of various provisions of the Agreement on Trade-Related Aspects of Intellectual Property Rights (TRIPS). In particular with regard to Articles 51 and 52 TRIPS, blockchain can be of help. Article 51 requests members to put in place procedures to enable right holders to request the suspension by the customs authorities of the release into free circulation of goods that they suspect infringe IP rights. Right holders initiating such procedures must, under Article 52, provide adequate evidence that there is prima facie infringement of the right holder’s right. In the same spirit, Article 58 gives WTO members the possibility to authorize customs officials to act upon their own initiative, ex officio, to suspend the release of goods for which there is evidence that IP rights are being infringed.
The difficulty is proving prima facie evidence of infringement. Most customs officials lack expertise in detecting counterfeit goods. Blockchain, when used in combination with QR codes or chips embedded in products to trace provenance, can offer an interesting tool to demonstrate prima facie evidence of infringement. If a brand uses blockchain to record the history of its products, the absence of a tag or an incorrect tag on the product would make it easier for the right holder to provide adequate evidence of infringement and for enforcement officers to detect counterfeits.Footnote 45 Various start-ups, such as Provenance, Blockpharma, Blockverify, VeChain and Seal, to name just a few, already offer blockchain-based solutions to help companies producing luxury or fashion products, as well as pharmaceuticals and electronics, fight counterfeit.
Management of IP rights has also been a subject of discussions at the WTO General Council. In December 2016, Brazil submitted a communication calling for ‘a decision on the management of copyright towards fair payment for authors and performers’ in which WTO members would ‘stress the importance of transparency in the remuneration of copyright and related rights in the digital environment’.Footnote 46 In a follow-up submission circulated in September 2018, Brazil and Argentina noted that ‘information technology could and should facilitate access to real-time data on the use and remuneration of right holders’.Footnote 47 Fair remuneration is a particularly acute problem for authors and performers, who often struggle to be paid for their creation, or when they do, often see a large part of their revenue captured by intermediaries, such as record companies, performance rights organizations and streaming digital service providers like Spotify, in the case of music. Blockchain-enabled contracts attached to a creation could allow ‘smart management’ of IP rights, enabling authors and performers to be paid upon use of their work. UK pop singer Imogen Heap showed the way in 2017 by attaching a smart contract to two of her songs to automatize payments of royalties. She is now working on the creation of a Creative Passport to ‘help musicians make money again’.Footnote 48
As this quick overview of blockchain’s potential to digitize trade transactions and make trade processes more efficient shows, blockchain’s impact on international trade is likely to be wide-ranging and significant. However and as mentioned at the outset of this chapter, technology is only a tool. Without a regulatory environment conducive to its large-scale deployment, the opportunities that blockchain opens to make international trade more efficient could remain unrealized. The next section looks at various regulatory issues that deserve policymakers’ particular attention if blockchain is to realize its full potential.
C Regulatory Considerations around Blockchain
Code needs law for recognition, and ultimately, for large-scale adoption. Legal recognition and compliance with existing legal systems is required if blockchain and blockchain-based applications are to be accepted by users as a way to transact with one another and are to have a real value and real-world impact.
Since blockchain belongs to a large category of digital technologies, some of the regulatory issues that it raises are common to other digital technologies – such as for instance the importance of ensuring free data flows.Footnote 49 The key characteristics of blockchain, especially its quasi immutability, the ability to use smart contracts, and the possibility for users to have control over their data, opens new opportunities. But they also give rise to specific regulatory issues that deserve particular attention. This section focuses on such issues in the context of legal recognition of e-signatures, e-documents and blockchain transactions; applicable law, liability and enforcement; as well as data localization and data privacy.
I Legal Recognition of E-Signatures, E-Documents and Blockchain Transactions
The large-scale deployment of blockchain requires more than the technology. It requires frameworks that, among other things, recognize e-signatures and e-documents, and clarify the legal status of blockchain transactions.Footnote 50 As earlier noted, blockchain has the potential to accelerate the digitalization of trade and to help move towards truly paperless trade. However, full digitization can only become reality if legislation provides for e-authentication methods and for the recognition of e-signatures, e-documents and e-transactions. The adoption of the Model Law on Electronic Signatures in 2001 and the Convention on the Use of Electronic Communications in International Contracts in 2005 – both developed by the United Nations Commission on International Trade Law (UNCITRAL) – was a first step. However, only a limited number of countries have legal provisions for such recognitions: the former treaty has been enacted by thirty-two states, while the latter by eleven states only. Even in countries that provide for such recognitions, commercial buyers, importers or authorities often continue to request paper copies. In many other countries, national legislation has to be adjusted to authorize the access and sharing of information with another administration, even at the national level.Footnote 51 The issue of recognition of e-signatures and e-documents is being discussed at the WTO in the context of the WTO Joint Statement on Electronic Commerce that was launched at the Buenos Aires Ministerial Conference in December 2017 and the importance of the issue has been reaffirmed by a series of initiatives in 2019 and 2020.
An important development was the adoption of the UNCITRAL Model Law on Electronic Transferable Records on 13 July 2017,Footnote 52 which enables the use of electronic transferable records and sets out the conditions that must be met if an electronic record is to be treated as a transferable document, i.e., a document that entitles the holder to claim fulfilment of the obligation indicated in the document, such as in the case of bills of lading. The principle of neutrality embodied in the Model Law allows the use of all methods and technologies, including distributed ledger technology, to be accommodated.Footnote 53 If transposed into national legislation, this text could open the way to the legal use of blockchain for international trade transactions. To date, however, only three jurisdications have enacted it,Footnote 54 and there is still a long way to go towards making this blockchain-enabled environment for transactions real.
Besides general issues related to the legal recognition of e-signatures, e-documents and e-transactions, the legal status of blockchain transactions and smart contracts remains still uncertain, not the least because of a lack of a unanimous definition of the terms ‘blockchain’ and ‘smart contract’.Footnote 55 As noted earlier, the term blockchain is often used in its generic sense to refer to DLT but also employed interchangeably to refer to blockchain protocols, services, business applications and platforms, thus creating an unfortunate confusion, especially outside the world of blockchain experts. Initiatives have been launched in various international fora to develop common definitions; work is underway, for instance, at the International Telecommunication Union (ITU) and the International Organization for Standardization (ISO).Footnote 56
Blockchain transactions also raise classification questionsFootnote 57 – for instance: Does information stored on a blockchain platform representing ownership or the existence of an asset prove real ownership or the real existence of that asset? What is the legal status of blockchain registries?Footnote 58 Are existing legal and regulatory frameworks capable of comprehending the growing variety of blockchain applications, concept and use cases?Footnote 59 While smart contracts are not legal contracts per se, to what extent can they be legally binding?Footnote 60 Various governments are now working on or considering legislation to address blockchain and recognize the legal validity of blockchain and blockchain transactions, smart contracts and financial instruments issued on a blockchain platform. In the United States, since 2018, several states have been working on bills to give legal recognition to blockchain transactions, most of them in the form of legislative amendments. The State of Arizona, for example, passed a bill that qualifies blockchain-enabled signatures as valid electronic signatures.Footnote 61 In Europe, Malta adopted a law in July 2018 to regulate distributed ledger technologies and virtual financial assets, with the goal of promoting Malta as a ‘blockchain island’;Footnote 62 France introduced two bills recognizing blockchain technology in 2016 and 2017.Footnote 63 Private sector initiatives are also exploring ways to make smart contracts more flexible.Footnote 64 Indeed, one of the fundamental reasons often mentioned to argue that smart contracts cannot, as they currently exist, be considered a wholly viable alternative to existing forms of contracts, is their immutability that goes counter to traditional contract law.Footnote 65 Greater flexibility can remedy this.
Overall, despite these various initiatives, there is no coordinated position worldwide on the legal status of blockchain and blockchain-based applications, which gives rise to a risk of regulatory fragmentation that could undermine the deployment of a technology that is built on the premise of breaking silos.
II Applicable Law, Liability and Enforcement Issues
Both permissionless and permissioned blockchain applications raise specific issues in terms of applicable jurisdiction, liability and enforcement, although in slightly different terms. As nodes can be located anywhere in the world, establishing which laws and regulations apply to a given application can be challenging, particularly in the case of public permissionless blockchains. Although one could argue that every transaction falls under the jurisdiction of the location of each participant in the network, the anonymous nature of public permissionless blockchains makes it extremely difficult, if not almost impossible, to identify the processing entity and to pinpoint the place where the contentious transaction was made. The problem is less acute in the case of permissioned blockchains, as participants are known, and the governing law can be determined as part of the governance structure of the blockchain platform.Footnote 66
Blockchain applications also raise issues related to liability and the resolution mechanism in case of conflict, technical problems or unintentional action. While in a private/consortium blockchain, there is clear ownership and responsibility, this is not the case in a public blockchain. Furthermore, the ability to enforce smart contracts via traditional means is limited, not least because it requires the parties to the transaction to be known, which in the case of public permissionless blockchains is challenging. Assuming the parties to a given smart contract are known, the only way to reverse the undesirable outcomes of the coded and executed smart contract would be to create a new smart contract. In the case of permissioned blockchains, rules governing the functioning of the platform, the use of smart contracts and dispute resolution can be established as part of the governance structure of the platform, but the issue remains wide open in the case of public permissionless blockchains.
Specific liability frameworks may also have to be developed to address the needs of certain types of transactions. In the context of international trade, letters of credit, for example, are governed by a specific set of rules developed by the ICC – the Uniform Customs and Practice for Documentary Credits (UCP600). In a blockchain system using smart contracts, who would have liability at each stage of the process? Likewise, information required for customs clearance usually has to be submitted by a single declarant, who is liable. In a blockchain system, information can be added by various stakeholders making it impossible to pin down a single declarant, unless the regulatory framework is adjusted to clarify liability issues.Footnote 67
Beyond liability issues, another important point is the extent to which blockchain-based transactions can be considered admissible evidence by a court.Footnote 68 An interesting development in this respect is the ruling by China’s Supreme Court, in September 2018, that evidence authenticated with blockchain is binding in legal disputes.Footnote 69 While this ruling is an undeniable step forward, it will not solve all issues. Indeed, unless the true identity of the participant in the transaction is identified, which in the case of public blockchains is complicated, courts may have concerns about blockchain-based transactions being admissible evidence.
III Cross-Border Data Flows, Data Localization and Data Privacy Issues
The increased digitization of our economies, fuelled by the rise of the Internet and of digital technologies, such as artificial intelligence (AI), has brought the issue of cross-border data flows to the forefront of trade policy.Footnote 70 Despite the growing importance of data and data flows for economic activity, many countries have adopted measures that impose requirements or restrictions on data flows.Footnote 71 These requirements can either be explicitly required by law or can be the result of a series of restrictions that make it de facto impossible to transfer data, such as local storage requirements, local processing of the data or government approval to transfer data. Some countries prohibit all data transfers, while others target specific sectors or services. As for barriers to cross-border data flows, they typically involve restrictions on the transfer of personal data to jurisdictions deemed to provide a lower level of data protection, as well as limitations on information that governments consider ‘sensitive’. Governments’ motivations for putting in place such policies are diverse and include the wish to protect citizens’ privacy, ensure access to data for the purposes of law enforcement, and promote the local economy, as well as potential cybersecurity concerns. It is pertinent to ask to what extent blockchain transactions are likely to be affected by such policies.
1 Data Localization Restrictions Can Impact Blockchain, Although to a Limited Extent
Because of their distributed nature, blockchains de facto fulfil local storage and local data processing requirements: in a blockchain, all participants in the network have a local copy of the transactions and every fully participating node must process every transaction. Requirements that take the form of government approval to transfer data would however impede the participation of entities or individuals from the countries concerned in cross-border blockchain applications and thereby undermine the potential of this technology to create a global asset web. Hence, although certain types of requirements on data flows may not directly affect them, blockchain applications are not completely immune from restrictions in this area. The cross-border nature of blockchain does require free cross-border data flows. Lack of a common approach on these issues, and the regulatory fragmentation that would result from it, would ultimately impede the development of a technology that holds high promises to facilitate cross-border transactions at a global level. Discussions on this issue are taking place in the context of the WTO joint initiative on e-commerce.Footnote 72 However, at the time of writing, it remained uncertain how potential obligations would shape up, as the position of participants in the initiative differ substantially on the issue of data flows and data localization.
2 Data Privacy
With the rise of the digital economy, issues related to data privacy have become a key concern. Blockchain opens new opportunities in this respect and is an interesting innovation for personal data management, but it also gives rise to an intense debate regarding the potential non-compliance of blockchain with data protection regulations, in particular the EU’s General Data Protection Regulation (GDPR).Footnote 73 The relationship between blockchain and data privacy is, therefore, both promising and challenging.
a Blockchain as a New Tool for Data Sovereignty and Protection
Blockchain is often presented as an opportunity or catalyst for better personal data protection and new forms of identity management. While in today’s world, service providers like Instagram, Snapchat and Facebook control our online identity and use our data without us necessarily knowing it, sometimes even misusing it,Footnote 74 blockchain gives users control over their data, allowing them to manage and share it only with trusted parties. This is often referred to as ‘self-sovereign identity’, whereby the usage of one’s personal data is controlled by the owner of the identity.Footnote 75 Various companies, such as Sovrin, are now offering services leveraging blockchain to allow individuals to collect, hold and choose which identity credentials to use – such as a driver’s license or employment credential – without relying on individual siloed databases that manage the access to those credentials.Footnote 76
One must, however, distinguish here between public and consortium/private blockchains. While public blockchains enable the users themselves to implement the principle of ‘privacy by design’ at an individual level,Footnote 77 consortium/private blockchains provide for this principle at the platform level, as the privacy protection levels are determined by the management of the platform. On such platforms, participants are known and identified, but permissions to read and write some of the data added to the platform can be restricted to certain participants in order to protect confidentiality. Blockchain is thus an interesting innovation for personal data management but it also raises some challenges.
b Could Data Protection Regulations Block Blockchain?
Data protection legislations have flourished around the world with the objective of giving individuals greater control over the way their data is processed and ensuring that their data is safe and secure. Almost 60 per cent of countries have put in place legislation to secure the protection of data and privacy, and another 10 per cent have draft legislation.Footnote 78 Probably the most well-known of these laws is EU’s GDPR, whose entry into force on 25 May 2018 has unleashed heated discussions regarding the possible incompatibility of blockchain with GDPR provisions, leading some to claim that GDPR could ‘block’ or ‘kill’ blockchain.Footnote 79
The GDPR applies to the processing of all personal data of data subjects in the European Union, unless data has been anonymized, with personal data defined as ‘any information relating to an identified or identifiable natural person’.Footnote 80 The process of anonymization requires not only to make it impossible to identify the person, but it must also be irreversible.Footnote 81 Non-anonymous data, including ‘pseudonymous’ data, remains subject to the GDPR. The question therefore arises whether blockchain characteristics make it possible to anonymize data, which would exempt blockchain data from the scope of the GDPR. There is an intense debate within the community regarding the various techniques that could be used to anonymize data. The use of asymmetric encryption (private and public key encryption) does not ensure irreversibility. Research has shown that public keys can be traced back to the IP address to de-anonymize users – although the problem is not inherent to the technology and could be addressed by fixing the technical design of the blockchain.Footnote 82 Hashing, which is heavily used in blockchain, offers better prospects, but does not guarantee full anonymization. Although hashing is a non-reversible encryption technique, reversibility and linkability risks can exist under specific circumstances, making it still possible to identify users.Footnote 83 Such risks need to be assessed on a case-by-case basis.Footnote 84 More advanced cryptographic techniques are being developed that can be viable in the mid-term, such as Zero-Knowledge Proof (ZKP), which allows one party to produce a proof of statement without disclosing the data underlying that statement. This method makes it possible, for example, to prove that person X lives in Geneva without disclosing their exact address.
Two key provisions of the GDPR seem a priori incompatible with blockchain, namely the ‘right to rectification’ and the ‘right to be forgotten’ – i.e., the right to rectify or obtain the erasure of personal data.Footnote 85 Indeed, the quasi-immutable nature of blockchains makes it very difficult to update, erase, change or correct data. The GDPR, however, does not specify what constitutes erasure. Some in the community argue that a possible solution is to keep personal data off the chain, with only its evidence (cryptographic hash) exposed to the chain, thereby maintaining the integrity of the transaction while making it possible to erase the transaction itself. The deletion of the data stored externally would mean that the hash stored on the blockchain would point to a location that has been deleted. In addition, in a report published in September 2018, the French National Commission on Informatics and Liberty (CNIL) noted that some encryption techniques, coupled with key destruction, can potentially be considered erasure, ‘without resulting in strictly identical effects’.Footnote 86
Beyond these two most well-known and emblematic provisions of the GDPR, other GDPR provisions stand in tension with the way blockchains operate. Indeed, whereas the GDPR was designed for a world where data is centrally collected, stored and processed, blockchains decentralize these processes.Footnote 87 Under the GDPR ‘data controllers’ (the party that determines the purposes and means of processing particular personal data) and ‘processors’ (party responsible for processing personal data on behalf of the controller, such as an outsourced provider) have distinct obligations. Determining “who is what” is necessary to assess obligations but can be challenging in a blockchain context.
Data controllers have obligations to process personal data lawfully or face stiff consequences that can be fines as high as EUR 20 million or 4 per cent of a company’s worldwide annual turnover,Footnote 88 and they should do everything to ensure that the data is secure. They also have obligations in terms of where the data processing takes place. Under the GDPR, personal data can only be transferred to third countries if they are deemed to provide data protection that is ‘adequate’ or equivalent to that in the EU, for example, if the organization receiving the data is covered by an agreement The ECJ declared this agreement invalid in July 2020 or where bespoke contractual protections are put in place, such as the EU’s ‘model clauses’. Whereas identifying the controller and processor is relatively easy in traditional cloud computing systems – typically those uploading personal data to the cloud environment are the controllers and the operators of the cloud system are the processor – the collective processing of data in the context of blockchains makes it difficult to define whether the users are controllers or processors. This is particularly true for public permissionless blockchains.Footnote 89 While it is generally admitted that protocol developers should not be considered data controllers because they simply created the tool, there is a debate regarding validating or participating nodesFootnote 90 and smart contract users. As for network users, it is generally admitted that if they submit personal data as part of a business activity, they could be considered data controllers, but if they submit their own personal data for their own personal use, they are likely to fall under the household exemption of the GDPR.Footnote 91 The debate has not been settled yet, which has implications for other rights of data subjects under the GDPR, in particular the right of access – i.e., the right for users to enquire of a data controller if their personal data is being processed and if it is, to receive certain details about how this is being done.Footnote 92 If the controller is not identified, users cannot properly exercise their rights.
Blockchain GDPR compliance issues are critically important both because of the extraterritorial nature of the GDPR,Footnote 93 but also because of the cross-border nature of most blockchain platforms. Interestingly, while blockchains and the GDPR seem incompatible at a conceptual level, both pursue the same goal of giving individuals more control over their personal data, but through different mechanisms. Some have argued that consideration could be given to whether the GDPR’s underlying objectives could be achieved through means other than those originally envisaged to avoid asphyxiating the development of a technology that holds great promises.Footnote 94 CNIL, who was one of the first authorities to officially address the matter, announced that it would work cooperatively with other European data protection authorities ‘to suggest a strong and harmonized approach’.Footnote 95 It may also be worth noting that blockchain’s built-in tracking and auditability functions could help organizations comply more easily with other GDPR provisions on internal record-keeping requirements.Footnote 96
While the GDPR only has limited direct relevance to international trade in goods, as most information contained in trade documents relates to companies, not individuals, it could nevertheless impact trade in specific situations, when the contact details of a person at a firm need to be given (e.g., for exports of dangerous goods). Ultimately, the need to find a compromise between ensuring legal protection of personal data and encouraging innovation is one issue that regulators need to grapple with, as the current discussions in the European Union but also on trade negotiation tables show.Footnote 97
D Devising a Way Forward
Blockchain is a promising technology whose impact on international trade could be multifaceted and significant. While the years immediately following the release of the first distributed ledger technology have been years of exploration through proofs of concepts, many of which did not go beyond the concept stage, projects have now started to move into production. Gartner predicts that the phase of ‘irrational exuberance, few high profile successes’ that we have experienced, will be followed between 2022 and 2026 by a phase of ‘larger focused investments, many successful models’, and that after 2026 the technology will be a ‘global large-scale economic value-add’, which could deliver US$30 trillion of value worldwide by 2030.Footnote 98 Given the potentially significant impact that the technology could have on economic activity and international trade, it is important that regulators start thinking about the practical and legal implications of blockchain on international trade and ways to support the deployment of the technology while preserving their legitimate right to regulate.
This section discusses the need for the creation of a regulatory environment conducive to the development of the technology through polycentric co-regulation. It then proposes various actions that could be taken at the level of the WTO.
I The Need for a Conducive Regulatory Environment
While regulating too early is not desirable as it could stifle the development of a technology that is still maturing – or worse, fail to adequately regulate its use – legislators cannot afford to do nothing in the face of the rapid changes that are under way. Regulation can be important, if not indispensable, for the large-scale deployment of the technology.
1 Regulation as an Enabler
Technology and regulation are often ‘posed as adversaries’.Footnote 99 Yet, technology and innovation need regulation to thrive. The history of the Internet shows that companies might eventually welcome regulation, as it allows them to operate in a more predictable environment and to build consumer confidence.Footnote 100 Code needs to be legally recognized to build value and trust.Footnote 101 This holds true for blockchain as well. Blockchain has the potential to truly digitize trade transactions, but it is only a tool. As seen in the previous sections, without a regulatory framework that provides, for example, for the legal recognition of e-signatures, e-documents and blockchain transactions, and that clarifies liability issues, digitization of trade will remain wishful thinking and technology adoption will not occur.
Legal certainty not only allows stakeholders to evolve within a more predictable environment and gives them tools to achieve what they are thriving for, it also stimulates innovation. The Porter hypothesis, formulated by the economist Michael Porter in 1995, suggests that strict environmental regulations induce efficiency and encourage innovations that help improve commercial competitiveness. Yet, over-regulating would be counterproductive and would asphyxiate innovation. Striking the right balance is critical.
2 The Challenge of Blockchain Regulation
The rise of the Internet challenged regulators to think out of the box and to devise new regulatory approaches. Regulating blockchain is likely to be equally, if not more, challenging, given the intrinsic characteristics of the technology.Footnote 102 First, blockchain is inherently transnational by nature, which means that unilateral action anchored in territorial jurisdiction makes little sense and could, in the absence of global coordination, lead to damaging regulatory fragmentation. Second, blockchains are decentralized networks that function on a peer-to-peer basis, rendering their evolution hard to predict. This is different from the Internet, which although with a distributed architecture has physical elements – in particular the regulatory access points are centralized, making its regulation possible.Footnote 103 Third, in a traditional environment the decentralized and distributed nature of blockchain, combined with its high level of security and immutability, allow actors who would not transact directly because of lack of trust, to interact on a peer-to-peer basis. This is particularly important in the case of international trade where transactions involve dozens of actors along the supply chain who usually hold their own registries and follow their own processes. Blockchain has the potential to break these sectoral silos but will only be able to do so if regulation is developed at a cross-sectoral level. As noted earlier, various consortia have emerged to facilitate trade finance, transportation and logistics. However, these platforms follow their own logic and, for the time being, do not talk to each other – be it at the technological level, or at the level of semantics, data models and processes.Footnote 104 Fourth, public blockchains are built on the premise of greater anonymity and last but not least, the world of blockchain is a multifaceted and fast evolving world. It is therefore critical that regulators proactively educate themselves, closely follow developments and work with the private sector to devise collective solutions to build a regulatory environment that promotes the technology rather than impedes it. Critically, regulating blockchain does not mean regulating the technology itself but rather its specific use cases.
Regulatory approaches followed so far vary widely across jurisdictions, not only between national jurisdictions, but sometimes even between federal and state jurisdictions, as in the case of the United States. Many jurisdictions have opted for a wait-and-see approach to allow time to observe developments, with some taking a proactive observatory approach. This is the case of the European Union, which launched the EU Blockchain Observatory Forum in February 2018 to actively monitor developments, collect use cases and consult with experts and practitioners in the field before developing specific policies.Footnote 105 Some have chosen to issue guidance, such as the guidelines on Initial Coin Offerings (ICO) published by Switzerland,Footnote 106 while others have developed new legislation, either in the form of amendments to existing laws or standalone legislation, such as the Liechtenstein 'Tokens and TT Service Providers Law', also referred to as Blockchain Act, which entered into force in January 2020.
Various jurisdictions have also launched regulatory ‘sandboxes’, i.e. government-backed initiatives that allow live time-bound testing of innovations under a regulator’s oversight. Regulatory sandboxes aim at testing and encouraging innovation by minimizing legal uncertainty while allowing regulators to stay abreast of new business ideas and products, and to learn where they might need to update or fill in gaps in existing regulatory frameworks. Typical features of regulatory sandboxes include customized rules for each firm/business proposal, rather than a one-size-fits-all approach; a limited number of customers/clients, testing for a limited time period, and safeguards for consumer protection (such as requirements to obtain informed consent); restricted authorization/licensing, individual guidance, waivers/modifications to rules for that project, and no enforcement action letters.Footnote 107 The UK Financial Conduct Authority (FCA) introduced the first regulatory sandbox specific to blockchain in 2016.Footnote 108 Other have followed the UK approach: among them are Australia, Canada, Denmark, Honk Kong, China, Malaysia, South Africa, Switzerland, Chinese Taipei, and more recently Brazil.Footnote 109 While regulatory sandboxes break new ground, one of their key drawbacks is their limited jurisdictional scope. Of greater interest would be the creation of a multi-jurisdictional regulatory sandbox. This is what the Global Financial Innovation Network (GFIN), which was formally launched in January 2019, aims to do.Footnote 110
Finally, some jurisdictions have chosen the path of regulatory cooperation.Footnote 111 Singapore regulators are working with the Hong Kong Monetary Authority to develop a transnational blockchain-based trade finance system.Footnote 112 Twenty-one EU member states and Norway have signed a declaration on the establishment of a European Blockchain Partnership in April 2018, in the context of which they agreed to cooperate closely to prevent fragmented approaches, and ensure interoperability and wider deployment of blockchain-based services.Footnote 113
While testing and flexibility are important, in particular in the early days of technological innovation, so is some degree of regulatory convergence as the technology matures and projects move into the production phase. The transnational nature of blockchain means that regulatory action cannot be confined to the national level. When it comes to international trade, its potential cross-sectoral impact means that it cannot be confined to certain sectors either. A transnational, trans-sectoral approach is necessary.
II The Need for Blockchain Polycentric Governance
Because of its decentralized and distributed nature, blockchain requires a matching decentralized and distributed governance system, which some experts call polycentric co-regulationFootnote 114 or polycentric governance.Footnote 115 This is a system whereby regulation is entrusted to parties which are recognized in the field and relies on the fragmentation of authority and power sharing.Footnote 116
The multi-stakeholder approach that governs the Internet provides an interesting model of polycentric governance that could serve as an inspiration for blockchain governance. Internet governance relies on a series of ‘global governance networks’ that bring together companies, civil society organizations, software developers, academics and governments and that operates on consensus.Footnote 117 These networks include Standards networks, which are non-state, non-profit organizations in charge of developing technical specifications and standards; knowledge networks that conduct research and propose new ideas to help solve global problems; delivery networks, such as the Internet Corporation for Assigned Names and Numbers (ICANN), which is a public–private partnership that delivers Internet domain names and is dedicated to preserving the operational stability of the Internet; policy networks that inform the policy debate and support policy development; advocacy networks that seek to influence the agenda or policies of governments, corporations and other institutions; watchdog networks; and networked institutions, such as the Internet Society, which defines itself as a ‘global cause-driven’ organization dedicated to ensuring that the Internet remains ‘open, globally connected and secure’.Footnote 118
Some networks have started to emerge in the blockchain space, such as the Blockchain Research Institute,Footnote 119 the Blockchain Interoperability Alliance,Footnote 120 and the International Association for Trusted Blockchain Applications (INATBA).Footnote 121 But much remains to be done to put in place a proper governance system that would bring together companies, civil society organizations, software developers, academics, think-tanks, governments and international organizations in various configurations in an effort to develop collective solutions to existing challenges and thereby support the large-scale deployment of the technology.
III What Role for the WTO?
Because it is the only global body that deals with all aspects of international trade, the WTO is uniquely positioned to promote and contribute to the development of a ‘trade-enabling’ regulatory framework for blockchain. Some issues of direct relevance to blockchain are already being discussed at the WTO in the context of the Joint Statement initiative on electronic commerce, in particular the recognition of e-signatures, e-documents, as well as the question of cross-border data flows. However, more could be done to specifically address the needs of the blockchain space in relation to international trade. In particular, the WTO could choose to actively monitor developments in that sphere, foster multi-stakeholder cooperation and governance, and promote regulatory advances.
1 Monitoring Blockchain Developments Related to International Trade
The world of blockchain is evolving extremely fast. One of the challenges for regulators is to keep abreast of developments, be they at the legislative level or at the level of applications for international trade. Fostering transparency of WTO members’ trade regime lies at the heart of the WTO work and over the years has become an increasingly important feature of the global trading system.Footnote 122 Monitoring of legislative developments related to blockchain could be performed as part of the WTO Trade Policy Review process to keep track of the evolution of the blockchain regulatory environment at the national level. In addition, standalone reports that would provide regular updates on latest developments at the level of applications (creation of blockchain consortia, developments in trade finance, etc.) would allow regulators to get a better understanding of the scope of the changes. Such reports could be prepared in the context of the WTO committees work or as part of the research function of the WTO. Closely monitoring developments at these two levels would help trade officials build expertise in an area that remains very complex for many to apprehend.
2 Fostering Multi-stakeholder Cooperation and Governance
Given the transformative impact that blockchain technology could have on international trade and its transnational and trans-sectoral nature, fostering a multi-stakeholders’ dialogue that brings together companies, governments and international organizations, as well as civil society organizations, academics and think-tanks to try and develop collective solutions to existing challenges is of paramount importance.Footnote 123 Being a global player on international trade, the WTO could be a catalyst for such a dialogue on trade issues. It could play the role of convener or facilitator on issues related to international trade with a view to promoting a coordinated approach for blockchain and global trade. The creation of a WTO Global Trade and Blockchain ForumFootnote 124 that brings together representatives from the private sector, governments, civil society organizations and international organizations working on trade and blockchain issues is a step in that direction.
Greater coordination among international organizations working on trade-related blockchain projects would also be welcome. Virtually all international organizations are conducting work on blockchain, often in a siloed manner. Discussions are taking place at the WCO and UN/CEFACT to look into the potential of the technology for border procedures and trade facilitation. Both the ISO and the ITU have put in place working groups to discuss issues related to definitions and standards, as noted earlier. The Organisation for Economic Co-operation and Development (OECD) created a Blockchain Knowledge Center, and the World Bank is involved in various blockchain projects with the support of their Blockchain Center. In April 2020, the International Chamber of Commerce launched Digital Standards Initiative (DSI) with the support of Enterprise Singapore and the Asian Development Bank to develop digital standards to establish a globally harmonized, digitized trade environment.Footnote 125 Different UN organizations are also working on various blockchain projects. To promote synergies and ensure a minimum level of coordination between the various initiatives taken at an international level, an informal expert group composed of high-level officials of the various international organizations working on blockchain projects could be established – along the lines of the WTO Expert Group on Trade Finance that meets once a year.
3 Promoting a Conducive Regulatory Environment
Finally, various actions could be taken at a regulatory level to foster the move to paperless trade. References to the UNCITRAL Model Laws on Electronic Transferable Records (2017), on Electronic Commerce (1996, revised in 1998), and on Electronic Signatures (2001), and to the Convention on the Use of Electronic Communications in International Contracts (2005) could be incorporated in WTO law to foster their transposition into national law. As noted earlier, various international organizations, such as ISO and the ITU, are working on developing blockchain standards, including standard definitions. Other organizations, like UN/CEFACT and the ICC DSI, are developing digital standards specifically related to trade. As is the case for TBT and SPS, WTO members could be invited to use such standards when designing national legislation relevant to blockchain and trade. Beyond monitoring through the Trade Policy review mechanism, a more proactive approach could also be followed, whereby WTO members would be encouraged to notify to the WTO any regulatory changes pertinent to blockchain.
The most natural fit for such provisions would, in the current context, be the ongoing Joint Statement Initiative on e-commerce/digital trade, with the obvious drawback that these discussions do not involve all WTO members.Footnote 126 If the political context permits, one could at some point envisage the incorporation of such provisions in a multilateral document, which could take the form of a Code of Good Practice, along the lines of the TBT Code of Good Practice annexed to the TBT Agreement.
E Conclusion
The future of trade depends as much on technological progress as on the way regulation will shape technological innovation. The transnational nature of blockchain is pushing existing boundaries and challenging traditional regulatory approaches. Its global nature requires global regulatory approaches. In a world where people can transact on a peer-to-peer basis across jurisdictions, regulatory action cannot be confined to the national level. Blockchain could have a major impact on international trade. By making it possible to break existing sectoral silos, it could bring trade globalization to another level – provided regulatory action takes place at a cross-sectoral level. A transnational, trans-sectoral approach that involves the various stakeholders involved in international trade, from traders, shippers, banks, government authorities, but also international organizations, academics and civil society organizations, is necessary for blockchain’s full potential to be realized.
The WTO is uniquely positioned to foster and contribute to this multi-stakeholders’ dialogue. It can help raise awareness and understanding of the technology by monitoring blockchain developments and can play a pivotal role in promoting the development of a conducive regulatory and governance framework to support the large-scale deployment of a technology that holds high promises to truly transform international trade. Where the blockchain adventure will ultimately take us is difficult to predict, but one thing is certain: regulation will play a key role in shaping the outcome.
‘Artificial intelligence is another emerging area focusing in IPR protection, used mostly in the tech industry, producing new products and services every year. Artificial intelligence (AI) will redefine how individuals think about daily life, and start-ups will need to start leveraging AI to get ahead.’Footnote 1
Even as the United States is playing ‘hard ball’ at the World Trade Organization (WTO) in the area of dispute settlement, the quote demonstrates its willingness to engage in discussions on the topic of artificial intelligence at the WTO. The United States is not alone. In this chapter, I review some of the work done at on AI and big data in the WTO and in particular under the Agreement on Trade-Related Intellectual Property Rights (TRIPS),Footnote 2 and reflect on how this work is likely to progress. I begin, however, by defining the topic.
A Defining Big Data and AIFootnote 3
The term ‘big data’ can be defined in a number of ways. A common way to define it is to enumerate its three essential features, a fourth that, though not essential, is increasingly typical, and a fifth that is derived from the other three (or four). Those features are volume, veracity, velocity, variety, and value.Footnote 4 ‘Volume’ or size is, as the term big data suggests, the first characteristic that distinguishes big data from other (‘small data’) datasets. Because big data corpora are often generated automatically, the question of the quality or trustworthiness of the data (‘veracity’) is crucial. ‘Velocity’ refers to ‘the speed at which corpora of data are being generated, collected and analyzed’.Footnote 5 The term ‘variety’ denotes the many types of data and data sources from which data can be collected, including Internet browsers, social media sites and apps, cameras, cars, and a host of other data-collection tools.Footnote 6 Finally, if all previous features are present, a big data corpus likely has significant ‘value’.
The way in which ‘big data’ is generated and used can be separated into two phases.Footnote 7 First, the creation of a big data corpus requires processes to collect data from sources such as those mentioned in the previous paragraph. Second, the corpus is analysed, a process that may involve Text and Data Mining (TDM).Footnote 8 TDM is a process that uses an AI algorithm. It allows the machine to learn from the corpus; hence the term ‘machine learning’ (ML) is sometimes used as a synonym of AI in the press.Footnote 9 As it analyses a big data corpus, the machine learns and gets better at what it does. This process often requires human input to assist the machine in correcting errors or faulty correlations derived from, or decisions based on, the data.Footnote 10 The processing of corpora of big data is done to find correlations and generate predictions or other valuable analytical outcomes. The found correlations and insight can be used for multiple purposes, including targeted advertising and surveillance, though an almost endless array of other applications is possible. To take just one different example of a lesser known application, a law firm might process hundreds or thousands of documents in a given field, couple ML with human expertise, and produce insights about how they and other firms operate, for instance, in negotiating a certain type of transaction or settling (or not) cases.
A subset of machine learning, known as deep learning (DL), uses neural networks, a computer system modelled on the human brain.Footnote 11 This implies that any human contribution to the output of deep learning systems is often ‘second degree’ and the proximate cause of the output is not the programmer. When considering the possible intellectual property (IP) protection of outputs of such systems, this separation between humans and the output challenges core notions of IP law, especially authorship in copyright law and inventorship in patent law.
ML and DL can produce high value outputs. Such outputs can take the form of analyses, insights, correlations, and may lead to automated (machine) decision-making. It can be expected that those who generate this value will try to capture and protect it, using IP law, technological measures and contracts. One can also expect competitors and the public to try to access those outputs for the same reason, namely their value. In many cases, big data corpora are protected by secrecy, a form of protection that relies on trade secret law combined with technological protection from hacking, and contracts. A publicly available corpus, in contrast, must rely on erga omnes IP protection – if it deserves protection to begin with. Copyright protects collections of data; the sui generis database right (in the European Union, EU) might apply; and data exclusivity rights in clinical trial data may be relevant.
The outputs of the processing of big data corpora may contain or consist of subject matter that facially could be protected by copyright or patent law. Big data technology can be – and in fact is – used to create and invent. For example, a big data corpus of all recent pop music can find correlations and identify what may be causing a song to be popular. It can use the correlations to write its own music.Footnote 12 The creation of (potentially massive amounts of) new literary and artistic material without direct human input will challenge human-created works in the marketplace. This is already happening with machine-written news reports.Footnote 13 Deciding whether machine-created material should be protected by copyright could thus have a profound impact on the market for creative works. If machine created material is copyright-free, machines will produce free goods that compete with paid ones – that is, those created by humans expecting a financial return. If the material produced by machines is protected by copyright and its use potentially subject to payment, this might level the commercial playing field between human and machine, but then who (which natural or legal person) should be paid for the computer’s work? Then there will be border definition issues. Some works will be created by human and machine working together. Can we apply the notion of joint authorship? Or should we consider the machine-produced portion (if separable) copyright-free, thus limiting the protection to identifiably human-authored portions?
If such major doctrinal challenges – each with embedded layers of normative inquiries – emerge in the field of copyright, big data poses existential threats in the case of patents. AI tools can be used to process thousands of published patents and patent applications and used to expand the scope of claims in patent applications. This poses normative challenges that parallel those enunciated earlier: Who is the inventor? Is there a justification to grant an exclusive right to a machine-made invention? To whom? There are doctrinal ones as well. For example, is the machine-generated ‘invention’ disclosed in such a way that would warrant the issuance of a patent?
It gets more complicated. If AI machines using patent-related big data can broaden claim scope or add claims in patent applications, then within a short horizon they could be able to predict the next incremental steps in a given field of activity by analysing innovation trajectories. For example, they might look at the path of development of a specific item (car brakes, toothbrushes) and ‘predict’ or define a broad array of what could come next. Doctrinally, this raises questions about inventive step: If a future development is obvious to a machine, is it obvious for purposes of patent law? Answering this question poses an epistemological as well as a doctrinal challenge for patent offices. The related normative inquiry is the one mentioned earlier, namely whether machine-made inventions (even for inventions the scope [claims] of which were merely ‘stretched’ using big data and AI) ‘deserve’ a patent despite their obviousness (to the machine).
This use of patent and technological big data could lead to a future where machines pre-disclose incremental innovations (and their use) in such a way that they constitute publicly available prior art and thus make obtaining patents impossible on a significant part of the current patentability universe. Perhaps even the best AI system using a big data corpus of all published patents and technical literature will not be able to predict the next pioneer invention, but very few patents are granted on ground-breaking advances. AI systems that soon will be able to predict most improvements to currently patented inventions, which tend to be only incrementally different from the prior art would wreak havoc with the patent-based incentive system.Footnote 14 Let us take an example: It is possible that deep-learning algorithms could parse thousands of new molecules based on those recently patented or disclosed in applications and even predict their medical efficacy. If such data (new molecules and predicted efficacy) were available and published, it would significantly hamper the patentability of those new molecules due to lack of novelty.
The unavailability of patents would dramatically increase the role of data exclusivity rights – the right to prevent reliance in clinical data submitted to obtain marketing approval – in the pharmaceutical field.Footnote 15 If this prediction of future inventions by AI became an established practice in fields where this separate protection by data exclusivity is unavailable, the very existence of the incentive system based on patents could be in jeopardy.
B Big Data in the WTO’s Work
Big data has slowly made its way past the imposing iron gates of rue de Lausanne and into the WTO. Big data has made appearances in various WTO committees and at the General Council. At the committee level, it showed up in the work that the WTO is doing on ‘electronic commerce’, based on a Work Programme on that topic adopted by the General Council on 25 September 1998.Footnote 16 The Work Programme required the Committees on Trade in Goods and Trade in Services, the Council for TRIPS and the Committee for Trade and Development to ‘examine and report’ on how electronic commerce might impact each of those trade sectors.Footnote 17
In the area of intellectual property, work began quickly after the adoption of the Work Programme. In 1998, the Secretariat published a note reflecting the thinking on IP, just a few years after the adoption of the TRIPS Agreement. The note stated that intellectual property plays an important role also in promoting the development of the infrastructure of [electronic communications networks], i.e. software, hardware and other technology that make up information highways. It provides protection to the results of investment in the development of new information and communications technology, thus giving the incentive and the means to finance research and development aimed at improving such technology. In addition, a functioning intellectual property regime facilitates transfer of information and communications technology in the form of foreign direct investment, joint ventures and licensing.Footnote 18
Along the same lines, but in a much more recent discussion of AI and big data in the Committee on Regional Trade Agreements, in response to a question from Canada as to whether there were ‘effective measures to curtail repetitive infringement of copyright and related rights on the Internet’ in the China–Korea Free Trade Agreement (FTA), China and Korea stated in their joint response that China would ‘[p]romote the cooperation of electric [sic]-commerce Big Data between the government and the industries to ensure the efficiency of information searching and evidence obtaining’.Footnote 19 Here big data and AI were seen as adjuncts for copyright enforcement. One might question whether what seems a high protectionist view is always warranted in the face of empirical data about open innovation models, for example.
Some WTO members have suggested a broader role. Japan, for example, mentioned the need to address issues of ‘digital protectionism’, noting that the digital economy has contributed to global economic growth. Furthermore, the Fourth Industrial Revolution, realised with the utilisation of the latest technology such as the Internet of Things and Big Data will permeate countless aspects of the world economy and people’s lives … . However, a number of challenges still remain to be addressed in order to maximize the benefits from this trend. … Among others, it is indispensable to address emerging “digital protectionism”’.Footnote 20
Though it is not clear exactly what Japan had in mind in this statement, digital protectionism is often shorthand for an attempt to restrain regulatory autonomy on the protection of personal data and data localization.Footnote 21
In a so-called ‘non paper’, Brazil also raised the question whether ‘usage of big data’ would require a debate on concepts like universal jurisdiction or choice of jurisdiction applicable to electronic commerce.Footnote 22 Developing countries have also had their say. India underscored the need for developing countries ‘to maintain policy space to formulate a policy on ownership, use and flow of data in sunrise sectors like cloud computing, data storage, hosting of servers as well as in big data analytics’.Footnote 23 They are, therefore, committed to reinvigorate work on the multilateral track, with its non-negotiating mandate, to understand these issues.Footnote 24 Rwanda’s more sombre observation was that ‘empirical evidence showed that the digital market was highly concentrated and that only a few companies worldwide were dominating the digital market, specializing in management and development of data centers and exploiting [B]ig [D]ata’.Footnote 25 It noted that only a few developing countries were able to catch up.Footnote 26 Finally, UNCTAD sought support to assist WTO members in adapting ‘domestic IP frameworks to recent technological developments in big data solutions and artificial intelligence’.Footnote 27 At this juncture, administratively the work on AI and big data at the WTO looks something as depicted below (Figure 7.1).
Figure 7.1. WTO work on AI and big data in thematic areas
The future work of the WTO may progress in a number of different directions. It could usefully review how IP rights are actually used in the area of AI and big data, thus at least providing empirical data for future discussions. If the adoption of ‘TRIPS 2.0’ remains on the distant horizon, it seems clear that AI and big data issues will be on the table if and when it happens. In the intersection between IP and development, providing this type of analysis could be helpful to policymakers and development-focused international organizations outside the WTO as they develop domestic policies to facilitate the growth of AI and big data–based industries. The e-commerce and IP intersection includes how trade secret and other forms of IP apply to big data corpora. Again, more detailed work on this issue, whether comparative in nature or more theoretical, could open a useful window on various policy decisions.
In the next (and last) part of the chapter, I review a few areas in which the WTO could make analytical progress to make future discussions more productive, paying specific regard to the TRIPS Agreement.
C Adapting Intellectual Property to Big Data and AI
I Intellectual Property Rights Protection of Big Data Software and Corpora
Human-written AI software code used to collect (including search and social media apps), store and analyse big data corpora is considered a literary work eligible for copyright protection, subject to possible exclusions and limitations. That much is already in TRIPS.Footnote 28 The TRIPS Agreement also protects ‘[c]ompilations of data or other material, whether in machine readable or other form’, which might seem like mandatory protection for big data corpora.Footnote 29 This is however not necessarily so. Indeed, Article 10.2 TRIPS imposes a condition for such protection, namely that the compilations ‘by reason of the selection or arrangement of their contents constitute intellectual creations shall be protected as such’.Footnote 30 This condition is a way of stating that the compilation must be ‘original’ as the term is defined in international copyright law.
TRIPS incorporates most of the substantive provisions of the Berne Convention, to which 179 countries were party as of April 2021.Footnote 31 The convention contains important hints as to what constitutes an ‘original’ work. In its Article 2, when discussing the protection of ‘collections’, it states that ‘[c]ollections of literary or artistic works such as encyclopaedias and anthologies which, by reason of the selection and arrangement of their contents, constitute intellectual creations shall be protected as such, without prejudice to the copyright in each of the works forming part of such collections’.Footnote 32 This is the language that was reused in Article 10.2 TRIPS.
Selection and arrangement are exemplars of what copyright scholars refer to as ‘creative choices’.Footnote 33 Creative choices need not be artistic or aesthetic in nature, but it seems they do have to be human.Footnote 34 Relevant choices are reflected in the particular way an author describes, explains, illustrates, or embodies their creative contribution. In contrast, choices that are merely routine (e.g., the choice to organize a directory in alphabetical order) or significantly constrained by external factors, such as the function a work is intended to serve (e.g., providing accurate driving directions), the tools used to produce it (e.g., a sculptor’s marble and chisel), and the practices or conventions standard to a particular type of work (e.g. the structure of a sonnet) are not creative for the purpose of determining the existence of a sufficient degree of originality.
When the Berne Convention text was last revised on substance in 1967,Footnote 35 neither publicly available ‘electronic’ databases nor any mass-market database software was available. The ‘collections’ referred to in the convention are thus of the type mentioned by the convention drafters: (paper-based) anthologies and encyclopaedias. When ‘electronic’ databases started to emerge in the 1990s, data generally had to be indexed and re-indexed regularly to be useable. The TRIPS Agreement, signed in 1994 but essentially drafted in the late 1980s up to December 1990, is a reflection of this development.Footnote 36 The data in typical (relational or ‘SQL’) databases in existence at the time generally was ‘structured’ in some way, for example via an index, and that structure might qualify the database for (thin) copyright protection in the database’s organizational layer. Older databases also contained more limited datasets (‘small data’).
Facebook, Google, and Amazon, to name just those three, found out early on that relational databases were not a good solution for the volumes and types of data that they were dealing with. This inadequacy explains the development of open source software (OSS) for big data: the Hadoop file system, the MapReduce programming language, and associated non-relational (‘noSQL’) databases, such as Apache’s Cassandra.Footnote 37 These tools and the data corpora they helped create and use may not qualify for protection as ‘databases’ under the SQL-derived criteria mentioned earlier. This does not mean that no work or knowhow is required to create the corpus, but that the type of structure of the dataset may not qualify. As the CJEU explained in Football Dataco, ‘significant labour and skill of its author … cannot as such justify the protection of it by copyright under Directive 96/9, if that labour and that skill do not express any originality in the selection or arrangement of that data’.Footnote 38 Indeed, big data is sometimes defined in direct contrast to the notion of SQL databases implicitly reflected in the TRIPS Agreement and the EU Database Directive discussed in the next section. Big data software is unlikely to ‘select or arrange’ the data in a way that would meet the originality criterion and trigger copyright protection.
Finally, it is worth noting that, in some jurisdictions, even absent copyright protection for big data, other IP-like remedies might be relevant, such as the tort of misappropriation applicable to ‘hot news’ in US law, or the protection against parasitic behaviour available in a number of European systems.Footnote 39 This might apply to information generated by AI-based TDM systems that have initially high but fast declining value, such as financial information relevant to stock market transactions, as data ‘has a limited lifespan – old data is not nearly as valuable as new data – and the value of data lessens considerably over time’.Footnote 40
In EU law, there is also a sui generis right in databases.Footnote 41 This right is not subject to the originality requirement,Footnote 42 but, according to Professor Bernt Hugenholtz, the way in which big data coprora are structured (or not) ‘squarely rules out protection – whether by copyright or by the sui generis right – of (collections of) raw machine-generated data’.Footnote 43 The directive also mentions, however, that if there is an investment in obtaining the data, that investment may be sufficient for the corpus to qualify as a database.Footnote 44 The Court of Justice of the European Union (CJEU) defined ‘investment’ in obtaining the data as ‘resources used to seek out existing materials and collect them in the database but does not cover the resources used for the creation of materials which make up the contents of a database’.Footnote 45 Professor Hugenholtz explains that ‘the main argument for this distinction, as is transparent from the decision, is that the Database Directive’s economic rationale is to promote and reward investment in database production, not in generating new data’.Footnote 46 This casts doubt on whether the notion of investment is sufficient to warrant sui generis protection of big data corpora, though Matthias Leistner suggested caution in opining that ‘the sweeping conclusion that all sensor- or other machine-generated data will typically not be covered by the sui generis right is not warranted’.Footnote 47
II Text and Data Mining
The WTO could usefully consider the need for TDM exceptions, and how they mesh with the three-step test contained in Article 13 TRIPS, as many WTO members have adopted or are considering adopting exceptions for this purpose. TDM software used to process corpora of big data might infringe rights in databases that are protected either by copyright or the EU sui generis right, thus creating a barrier to TDM.Footnote 48 The rule that copyright works reproduced in a big data corpus retain independent copyright protection has not been altered. This means that images, texts, musical works, and other copyright subject-matter contained in a big data corpus are still subject to copyright protection until the expiry of the term of protection. This is clearly reflected in Article 10.2 TRIPS, second sentence: ‘Such protection, which shall not extend to the data or material itself, shall be without prejudice to any copyright subsisting in the data or material itself’.
Geiger et al. opined that ‘[o]nly TDM tools involving minimal copying of a few words or crawling through data and processing each item separately could be operated without running into a potential liability for copyright infringement’.Footnote 49 This might explain why several jurisdictions have introduced TDM limitations and exceptions. Four examples should suffice to illustrate the point. First, the German Copyright Act contains an exception for the ‘automatic analysis of large numbers of works (source material) for scientific research’ for non-commercial purposes.Footnote 50 A corpus may be made available to ‘a specifically limited circle of persons for their joint scientific research, as well as to individual third persons for the purpose of monitoring the quality of scientific research’.Footnote 51 The corpus must also be deleted once the research has been completed.Footnote 52 Second, France introduced an exception in 2016 allowing reproduction, storage, and communication of ‘files created in the course of TDM research activities’.Footnote 53 The reproduction must be from lawful sources.Footnote 54 Third, the UK statute provides for a right to make a copy of a work ‘for computational analysis of anything recorded in the work’, but prohibits dealing with the copy in other ways and makes contracts that would prevent or restrict the making of a copy for the purpose stated above unenforceable.Footnote 55 Fourth and finally, the Japanese statute contains an exception for the reproduction or adaptation of a work to the extent deemed necessary for ‘the purpose of information analysis (“information analysis” means to extract information, concerned with languages, sounds, images or other elements constituting such information, from many works or other much information, and to make a comparison, a classification or other statistical analysis of such information)’.Footnote 56
The examples in the previous paragraph demonstrate a similar normative underpinning, namely a policy designed to allow TDM of the data contained in copyright works. They disagree on the implementation of the policy, however. Based on those examples, the questions that policymakers considering enacting an explicit TDM exception or limitation should include
1. whether the exception applies to only one (reproduction) or all rights (including adaptation/derivation);
2. whether contractual overrides are possible;
3. whether the material used should be from a lawful source;
4. what dissemination of the data, if any, is possible; and
5. whether the purpose of TDM is non-commercial.
The answers to all five questions can be grounded in a normative approach, but they should be set against the backdrop of the three-step test, which, as explained later, is likely to apply to any copyright exception or limitation.
As to the first question, if allowing TDM is seen as a normatively desirable goal, then the right holder should not be able to use one right fragment in the bundle of copyright rights to prevent it. In an analysis of the rights involved, Irini Stamatoudi came to the conclusion that right fragments beyond reproduction and adaptation were much less relevant.Footnote 57 Still, it would seem safer to formulate the exception or limitation as a non-infringing use, as for example in section 107 (fair use) of the US Copyright Act.Footnote 58
Second, for the same reason, contractual overrides should not be allowed. One can hardly see how they can be effective unless perhaps there was only one provider of TDM for a certain type of work. Even if a provision against contractual overrides was absent from the text of the statute, the restriction could be found inapplicable based on principles of contract law.Footnote 59
Third, the lawful source element contained in French law is facially compelling. It seems difficult to oppose a requirement that the source of the data be legitimate. There are difficulties in its application, however. First, it is not always clear to a human user whether a source is legal or not; the situation may be even less clear for a machine. Second, and relatedly, if the source is foreign, a determination of its legality may require an analysis of the law of the country of origin, as copyright infringement is determined based on the lex loci delicti – and this presupposes a determination of its origin (and foreignness) to begin with. Perhaps a requirement targeting sources that the user knows or would have been grossly negligent in not knowing were illegal might be more appropriate.
The last two questions on the list are somewhat harder. Dissemination of the data, if such data includes copyright works, could be necessary among the people interested in the work. German law makes an exception for a ‘limited circle of persons for their joint scientific research’, and ‘third persons for the purpose of monitoring the quality of scientific research’.Footnote 60 This is a reflection of a scientific basis of the exception, which includes project-based work by a limited number of scientists and monitoring by peer reviewers. This would not allow the use of TDM to scan libraries of books and make snippets available to the general public, as Google Books does, for example. An interpretation of the scope of the exception might depend on whether the use is commercial, which in turn might vary according to the definitional approach taken: is it the commercial nature of the entity performing the TDM that matters, or the specific use of the TDM data concerned (i.e., is that specific use monetized)?
The EU was considering a new, mandatory TDM exception as part of its digital copyright reform efforts.Footnote 61 Article 3, which contains the proposed TDM exception, has been the focus of intense debates. The September 2018 (Parliament) version of the proposed TDM exception maintained the TDM exception for scientific research proposed by the commission but adds an optional exception applicable to the private sector, not just for the benefit of public institutions and research organizations.Footnote 62 Members of the academic community have criticized the narrow scope of the commission’s proposed exception, which the Parliament’s amendments ameliorated.Footnote 63 The European Copyright Society opined that ‘data mining should be permitted for non-commercial research purposes, for research conducted in a commercial context, for purposes of journalism and for any other purpose’.Footnote 64 The final text of Article 3 in the now adopted directive states that EU member states must provide for an exception in their domestic laws for ‘reproductions and extractions made by research organizations and cultural heritage institutions in order to carry out, for the purposes of scientific research, text and data mining of works or other subject matter to which they have lawful access’,Footnote 65 as well as for ‘reproductions and extractions of lawfully accessible works and other subject matter for the purposes of text and data mining’.Footnote 66
One should note, finally, that when a technological protection measure (TPM) or ‘lock’ such as those protected by Article 11 of the 1996 WIPO Copyright Treaty, is in place preventing the use of data contained in copyright works for TDM purposes, the question is whether a TDM exception provides a ‘right’ to perform TDM and thus potentially a right to circumvent the TPM or obtain redress against measures designed to restrict it.Footnote 67 This might apply to traffic management (e.g. throttling) measures used to slow the process down. Those questions are worth pondering, but they are difficult to answer, especially at the international level.Footnote 68
III The Three-Step Test
The three-step test sets boundaries for exceptions and limitations to copyright rights. The original three-step test is contained in Article 9(2) of the Berne Convention. Instead of enumerating acceptable exceptions and limitations, Berne negotiators decided to introduce this test which allows countries party to the convention to make exceptions to the right of reproduction (i) ‘in certain special cases’; (ii) ‘provided that such reproduction does not conflict with a normal exploitation of the work’; and (iii) ‘does not unreasonably prejudice the legitimate interests of the author’. The test was extended to all copyright rights by the TRIPS Agreement, with the difference that the term ‘author’ at the end was replaced with the term ‘right holder’.Footnote 69
The test was interpreted in two panel reports adopted by the WTO Dispute Settlement Body. The first step (‘certain special cases’) was interpreted to mean that ‘an exception or limitation must be limited in its field of application or exceptional in its scope’. In other words, ‘an exception or limitation should be narrow in quantitative as well as a qualitative sense’.Footnote 70 The normative grounding to justify a TDM exception is fairly clear. Indeed, exceptions and limitations have already been introduced in major jurisdictions. A well-justified exception or limitation with reasonable limits and a clear purpose is likely to pass the first step.
The second step (interference with normal exploitation) was defined as follows: First, exploitation was defined as any use of the work by which the copyright holder tries to extract/maximize the value of their right. ‘Normal’ is more troublesome. Does it refer to what is simply ‘common’, or does it refer to a normative standard? The question is particularly relevant for new forms and emerging business models that have not, thus far, been common or ‘normal’ in an empirical sense. If the exception is used to limit a commercially significant market or, a fortiori, to enter into competition with the copyright holder, the exception is prohibited.Footnote 71
Could a TDM exception be used to justify scanning and making available entire libraries of books still under active commercial exploitation? The answer as regards the full text of books is negative, as this would interfere with commercial exploitation. For books still protected by copyright but no longer easily available on a commercial basis, the absence of active commercial exploitation would likely limit the impact of the second step, however, subject to a caveat. Some forms of exploitation are typically done by a third party under licence and do not need any active exploitation by the right holder. For example, a film studio might want the right to make a film out of a novel no longer commercially exploited. That may in turn generate new demand for the book. This is still normal exploitation. One must be careful in extending this reasoning too far, for example, by assuming that every novel will be turned into a movie.
One way to pass the second step is for a TDM exception to allow limited uses that do not demonstrably interfere with commercial exploitation, such as those allowed under the German statute. Another example is the use of ‘snippets’ from books scanned by Google for its Google Books project, which was found to be a fair use by the US Court of Appeals for the Second Circuit. This is important not just as a matter of US (state) practice but because at least the fourth US fair use factor (‘the effect of the use upon the potential market for or value of the copyrighted work’) is a market-based assessment of the impact of the use resembling the three-step test’s second step.Footnote 72 The Second Circuit noted that this did not mean that the Google Books project would have no impact, but rather that the impact would not be meaningful or significant.Footnote 73 It also noted that the type of loss of sale created by TDM ‘will generally occur in relation to interests that are not protected by the copyright. A snippet’s capacity to satisfy a searcher’s need for access to a copyrighted book will at times be because the snippet conveys a historical fact that the searcher needs to ascertain’.Footnote 74 In the same vein, one could argue that the level of interference required to violate the second step of the test must be significant and should be a use that is relevant from the point of view of commercial exploitation.
The third step (no unreasonable prejudice to legitimate interests) is perhaps the most difficult to interpret. What is an ‘unreasonable prejudice’, and what are ‘legitimate interests’? Let us start with the latter. ‘Legitimate’ can mean sanctioned or authorized by law or principle. Alternatively, it can just as well be used to denote something that is ‘normal’ or ‘regular’. The WTO Panel Report concluded that the combination of the notion of ‘prejudice’ with that of ‘interests’ pointed clearly towards a legal-normative approach. In other words, ‘legitimate interests’ are those that are protected by law.Footnote 75 Then, what is an ‘unreasonable’ prejudice? The presence of the word ‘unreasonable’ indicates that some level or degree of prejudice is justifiable. Hence, while a country might exempt the making of a small number of private copies entirely, it may be required to impose a compensation scheme, such as a levy, when the prejudice level becomes unjustified.Footnote 76 The WTO panel concluded that ‘prejudice to the legitimate interests of right holders reaches an unreasonable level if an exception or limitation causes or has the potential to cause an unreasonable loss of income to the copyright holder’.Footnote 77 Whether a TDM exception is liable to cause an unreasonable loss of income to copyright holders is analytically similar to the second step of the test as interpreted by the WTO panels. It is not, however, identical: The owner of rights in a work no longer commercially exploited may have a harder case on the second step. It is not unreasonable, however, for a copyright holder, to expect some compensation for some uses of a protected work even if it is not commercially exploited. For example, the owner of rights in a novel may expect compensation for the republication by a third party or translation of the book. The major difference between the second and third step as interpreted by the two WTO dispute-settlement panels in this regard is that the third step condition may be met by compensating right holders. This could allow the imposition of a compulsory licence for specific TDM uses that overstep the boundary of free use – for example, to make available significant portions of, or even entire, protected works that are no longer commercially exploited subject to a series of conditions such as the existence of any plan or preparation by the right holder to exploit the work.
D Conclusion
Multilateral trade rules, such as the General Agreement on Tariffs and Trade (GATT) 1947 began as an effort to facilitate trade in goods by removing tariff and non-tariff barriers. In 1995, with the establishment of the WTO, this was extended to services and IP protection. IP is perhaps the odd man out, as GATT Article XX considers IP as not much more than an acceptable barrier to trade. Moreover, IP is often not traded per se but rather embedded in a good or service. Data is arguably a new area of trade, as data, especially big data corpora and the inferences that can be derived from their analysis by AI machines, have become a commodity in themselves, but with special features, including the fact that many corpora are based on personal data.Footnote 78 Given its trajectory as a multilateral organization that addresses all main areas of trade, it would be normal for the WTO to extend its normative reach in trade in data. As it does so, it will need to see whether the rules contained in the TRIPS Agreement are up to the task of supporting the data economy, which must begin by a massive data gathering and analysis phase, as the GATT did when preparing the TRIPS Agreement. In this chapter, I offered a few suggestions on areas in which it could shine its analytical spotlight to illuminate a path for future negotiations.
A Digitalization of Intellectual Property Enforcement
Customs surveillance of intellectual property (IP) is ‘an efficient way to quickly and effectively provide legal protection to the right-holder’,Footnote 1 since it makes it possible to ‘nip the infringements in the bud’.Footnote 2 The World Trade Organization’s (WTO) Agreement on Trade-Related Aspects of Intellectual Property Rights (TRIPS) introduced, back in 1995, the first comprehensive multilateral regulation on border measures applicable to goods protected by intellectual property rights (IPRs).Footnote 3 Since then, global trade flows have increased,Footnote 4 new trade agreements regulating IP have substantially modified international intellectual property lawFootnote 5 and, most importantly for this chapter’s discussion, technology has drastically changed the means and mechanisms of customs enforcement.
Technological developments increase the possibilities of identifying and detaining goods infringing IPRs, and make it more feasible to ‘assess in advance and control where required’, which is the ideal pattern of action from a customs’ risk management perspective.Footnote 6 However, assessing in advance and acting when appropriate does not always match well with fundamental intellectual property principles (territoriality), global trade norms (freedom of transit), global intellectual property rules (Articles 51 and 52 TRIPS), and due process requirements. This chapter, in light of these basic norms and principles, explores some of the challenges and opportunities brought by artificial intelligence (AI), big data and distributed ledger technologies to customs enforcement of IPRs.Footnote 7
B How Artificial Intelligence Transforms Intellectual Property Enforcement
Fuelled by a profusion of digitized data and rapidly advancing computational processing power,Footnote 8 AI techniques and functional applicationsFootnote 9 give rise to unprecedented opportunities of innovation and creativity, and also bring about important challenges to intellectual property protection.Footnote 10 Three major areas stand out.
First, the use of AI techniques to generate innovative and creative products has prompted discussion concerning the need, extent and legal grounds for the IP protection of products developed thanks to AI.Footnote 11 Second, regarding the means that enable creation and innovation, the intellectual property protection of AI techniques and functional applications per se has skyrocketed in recent years.Footnote 12 Third, the use of AI, big data and distributed ledger technologies also impacts IP enforcement. The increase of available information and the changes in the techniques used to make such information useful impact fundamental aspects of intellectual property enforcement. These changes revolve around three concepts: authority, automation and centralization.
A substantial change concerns the authority in charge of law enforcement and the process of privatization of law enforcement by means of delegation of public authority.Footnote 13 A telling example is that of online intermediaries,Footnote 14 which have acquired a central role in managing behaviour in the digital environment.Footnote 15 From free speech to access to information, many issues are mediated by search engines, websites and social networks. Their power also expands to intellectual property enforcement, since online intermediaries not only identify infringement, but also produce the information regarding the infringing activity, the infringers, the channels of commerce and its financial aspects.Footnote 16 Intermediaries furthermore use algorithms to remove allegedly infringing content upon notice of infringement, as well as to ex ante monitor, filter, block and disable access to content automatically flagged as infringing.Footnote 17
Privatization leads to the convergence of law enforcement and adjudication powers.Footnote 18 Private stakeholders that identify infringing products also apply the corresponding sanctions of destroying infringing goods and cutting access to the Internet. The conventional way of functioning has been drastically altered. Customs officials, police and judges have always been part of the enforcement process, which encompasses a variety of interrelated activities. However, the substitution of these actors by private operators gives rise to the concentration of functions in the hands of a single actor. While this may certainly enhance efficacy and may be the adequate response to the volume of current trade, it also raises concerns from the point of view of independence, accountabilityFootnote 19 and fair trial standards.
A second and related phenomenon concerns automation – that is, the fact that machines themselves implement the law. Computers use machine learning techniques to derive legal consequences, implement orders and reach conclusions from a database of primary sources.Footnote 20 In addition to automated processes that apply to all branches of the law, there are sui generis types of automation applicable to IP. For instance, machines may respond to copyright-based Internet takedown requests, and may also determine the existence of trademark infringement thanks to image recognition.Footnote 21 The changes brought about by AI do not merely impact the online environment but also the manner in which judges adjudicate IP cases, lawyers practice IP law and authorities, including customs authorities, identify infringement. While due process concerns arise,Footnote 22 many start-ups have developed applications that are transfiguring law practice,Footnote 23 in particular those that enable the automation of time-consuming processes, such as conducting research, writing memos, undertaking due diligence and collecting evidence.Footnote 24 Automation of the law is promoted invoking practical advances in terms of efficiency, savings, consistency in applying legal doctrines and legal harmonization.Footnote 25
A third change relates to centralization. Under this term, reference is made to the fact that a single action – writing a bit of software code – produces legal decisions for many individuals at once.Footnote 26 These are decisions that have previously required an individualized procedure.Footnote 27 Up until recent times, enforcement was human-driven, dynamic, public and individualized. Public authorities enforcing intellectual property – judges, customs officials and police – were ‘just’ humans. Similarly, intellectual property could not be understood as an automated process, but as a process of weighing and balancing competing rights and interests,Footnote 28 a process taking place in an individualized fashion in public settings and administered either by judicial or administrative authorities. These features contrast with a new situation where enforcement mechanisms are automated, centralized and privatized, and big (private) players occupy the place of public authorities.
C Digitalization and Use of Big Data in Customs Control
I Digitalization and Customs Control
While international logistics value chains are still characterized by the abundance of manual and paper-based processes, digitalization and AI are already transforming customs control. For instance, in the area of migration control, international travellers face, more and more often, semi-automated border controls that combine biometric screening,Footnote 29 facial recognition, automated lie detection and predictive modelling.Footnote 30 Likewise, predictive analytics also transform and enhance customs risk management regarding both the control of people and the monitoring of goods.
AI functional applications, such as computer vision, natural language processing and predictive analytics, are powered by the vast amount of data available in digitalized forms. Given the importance of data, a previous step is the digitalization of customs operations, an area that is characterized by red tapeFootnote 31 and the existence of a vast amount of valuable information transmitted in each transaction.Footnote 32
In the European Union, digitalization of customs was initiated back in the late 1990sFootnote 33 and dynamically promoted in 2008 with the adoption of the decision on a paperless environment for customs and trade.Footnote 34 The ‘e-Customs Decision’ identified the objectives, means and framework for setting up an electronic environment for customs and trade,Footnote 35 and was followed by the electronic customs Multi-annual Strategic Plan.Footnote 36 Since 2016, the Union Customs Code sets the framework on the rules and procedures for customs in the European Union.Footnote 37 Crucially, it mandates that ‘all exchanges of information … as required under the customs legislation, shall be made using electronic data-processing techniques’ and identifies 2020 as the deadline for a paperless customs union.Footnote 38
The compromise to move towards digitalized customs management has been extended to European Union trade partners via free trade agreements. The border enforcement sections of the intellectual property chapters of those trade agreements include compromises and best efforts–type of provisions to adopt digital management systems to monitor customs procedures. For instance, in the border enforcement sections of the 2019 EU association agreements with Japan and Vietnam, the use of electronic systems for the management of customs by applications of IP holders is encouraged, and the use of risk analysis to identify goods suspected of infringing IPRs is mandated.Footnote 39
II Big Data, Customs Control and Risk Analysis
In the area of customs enforcement, big data provides new knowledge, drives value creation, fosters new processes and enhances well-informed decision making.Footnote 40 Reference is commonly made to three characteristics of big data:Footnote 41 high-volume, high-speed and high-variety of information assets.Footnote 42 The fact that big data is made up of ‘extremely large data sets’Footnote 43 echoes another, implicit, characteristic: most often, big data is made of ‘raw’ information of both publicFootnote 44 and private nature which is incomplete and imperfect.
Big data enhances the potential of descriptive, predictive and prescriptive data analytics, namely the obtention of raw data and the examination of that information with the purpose of identifying patterns, drawing conclusions, predicting the future and providing the best solution.Footnote 45 Regarding risk management in the area of customs enforcement, big data allows to predict threats, monitor trends and target high-risk transactions. Nowadays, both descriptive risk rating and prescriptive risk management have been incorporated into customs enforcement operations. This is where text analytics, data mining, statistics, natural language processing and machine learning offer valuable information and display patterns of infringing activities.
Automation and learning from past events enhance the efficiency of selecting risky cargos, in particular by identifying suspicious networks and transactions. Automation also facilitates the estimation of potential loses and damages. Additionally, image recognition is of relevance to trademark counterfeiting. In this regard, analysis and exploitation of images for automatic verification of consistency against available information is instrumental to perform customs risk management intended to fight counterfeiting.Footnote 46 Devices and software developed to spot fakes in ordinary places of commerce, such as shops,Footnote 47 can be adapted to conduct similar preliminary assessments by customs authorities.
The question that arises is how to take bigger advantage of currently existing technical capacities and amounts of data. Three aspects seem critical: First, it is necessary to ensure the quality of data regarding cargos, shipments and conveyances, and also relevant information concerning intellectual property rights. Incompleteness and heterogeneous data formatsFootnote 48 make it more difficult to efficiently use information for analytical purposes.Footnote 49 Second, it is also important to widen the scope of the data used for analytical purposes. In this last respect, a possibility is to go beyond data of purely customs nature and correlate such data with, for instance, tax, crime or IP-related information.Footnote 50 Third, it is also necessary to overcome country differences in terms of capacity to implement common risk criteria and standards,Footnote 51 and to efficiently address IP infringement having a border enforcement component.
III Distributed Ledger Technologies and Localization of Traded Goods
Distributed ledger technologies allow moving from a single administrator who controls the ledger where information is stored to a ledger shared by a network of stakeholders. None of the members of the network has autonomous control and all changes made by a member of the network are visible and transparent.Footnote 52 A well-known example of public distributed ledger technologyFootnote 53 is blockchain, which enables the recording of transactions between parties in a secure and permanent way while removing intermediaries that previously verified transactions – a function that is of relevance to many economic and technological fields.Footnote 54
Efficiency, velocity, transparency, traceability and automation are the main advantages brought by distributed ledger technologies to international logistics and commercial processes.Footnote 55 Distributed ledger technologies significantly reduce bureaucracy and paperwork,Footnote 56 and may also enable new business modelsFootnote 57 and enhance asset management.Footnote 58 They furthermore make it possible to obtain information in respect of manufacturing practices, quality attributes and place of origin. In the area of intellectual property, traceability is among the most visible advantages brought by distributed ledger technologies, in particular for goods protected by IPRs that identify the origin of goods (geographical indications) and for goods protected by IPRs that enable consumers to identify specific producers, characteristics and qualities (trademarks).
A particularly valuable application in the area of customs control is the possibility offered by the Internet of Things (IoT) to capture the location, condition and status of traded goods in real time.Footnote 59 This allows logistics service operators to detect irregularities affecting the cargos, improve supply chain control and detect the introduction of fake products. In order to take full advantage of distributed ledger technologies, track and trace methods should ideally allow interaction, which means that some physical devices may be embedded in the traded goods that are object of control.
Track and trace methods belong to the broader group of anti-counterfeiting technologies, which include overt and covert authentication technologies that determine whether a product is original, and allow for enhanced control within the supply chain. Regarding authentication technologies, overt technologies are accessible using human senses, such as vision and touch, thus they do not need any specific physical device,Footnote 60 while covert technologies are hidden and only accessible to technology providers, brand owners or authorized stakeholders.Footnote 61 In respect of track and trace technologies, optical methods and Radio Frequency Identification (RFID) tags stand out.Footnote 62 Both of them allow for the localization of the product along the production and distribution chain: optical technologies consist of a code that contains information on the product and is affixed on the product itself,Footnote 63 whereas RFID tags can be read by radio waves.Footnote 64 As it has been noted, ‘smart devices can be securely tied to or embedded in the physical product to autonomously record and transmit data about item condition including temperature variation, to ensure product integrity, as well as any evidence of product tampering’.Footnote 65 In the area of pharmaceutical products, for instance, this allows to asses at the same time several types of IP infringement and the compliance with regulatory standards.
D Legal Challenges and Opportunities
The control of intellectual property protected goods in transitFootnote 66 exemplifies well how existing legal challenges can be addressed resorting to AI applications and big data.
I Opportunities
TRIPS does not require the control of goods protected by IPRs in transit, nor the monitoring of exports. It just orders impeding the importation of counterfeit and pirated goods.Footnote 67 Building on this minimum standard, a significant number of countries has enacted legislation that goes beyond such protection,Footnote 68 thus it is nowadays usual to find countries that control exports and, to a lesser extent, the transit of IP protected goods. This is particularly the case with trademark and copyright protected goods, but some countries also monitor goods protected by other IP categories.Footnote 69
In the case of the control of goods in transit, the goal of the country of transit is to impede the arrival of products to foreign jurisdictions. This may generate tensions with two fundamental principles – the principle of territoriality of IP protection and the principle of freedom of transit of internationally traded goods. Such tension is severe in respect of the principle of territoriality, since some countries have put in place customs controls of goods in transit that disregard the status of IP protection in the country of origin and in the country of destination. In these cases, seizure and eventual destruction are decided according to the law of the country of transit, hence eroding the principle of territoriality. In the case of the principle of freedom of transit, the tension is also acute, and both legal reform and courts have qualified the cases where restriction of freedom of transit is acceptable to control goods protected by IPRs. The legal standards developed are intended to preserve the balance between adequate IP protection and the principles just referred to. As argued earlier, however, they could benefit from technological advances in the area of big data and AI.
Pursuant to EU Regulation No 608/2013, goods are suspected of infringing an intellectual property right if there are indications that where such goods are found in a member state, they are the subject of an act infringing an intellectual property right.Footnote 70 However, the mere transit of goods through a country where they are protected does not imply an infringement.Footnote 71 In response to the heated debates arising from the detention of medicines in transit,Footnote 72 EU Regulation No 608/2013 stated that ‘customs authorities should, when assessing a risk of infringement of intellectual property rights, take account of any substantial likelihood of diversion of such medicines onto the market of the Union’.Footnote 73 The Court of Justice of the European Union (CJEU) linked the detention and the suspension of release of protected goods in transit to the potential diversion of those goods onto the transited market, thus only by placing the goods in the internal market can the subject matter of a specific intellectual property right be infringed.Footnote 74 Likewise, if goods are the subject of a commercial act directed to European consumers, intellectual property rights may be infringed and goods placed under a suspensive procedure may be detained. The risk of fraudulent diversion to European consumers may also arise in other circumstances, even when goods have not yet been directed towards European consumers. Customs authorities can, in effect, detain the goods or suspend their release when there are indications that commercial activities may take place in the near future or are being disguised.Footnote 75 Suspicion, based on a number of facts of the case, will suffice for that purpose. The CJEU gave a number of examples, including the destination of the goods not being declared, the lack of precise or reliable information as to the identity or address of the manufacturer or consignor of the goods, a lack of cooperation with the customs authorities, or the discovery of documents suggesting that there is a likelihood of a diversion of those goods to EU consumers.Footnote 76
The control of the scenarios described in the paragraph above is difficult in the daily operation of customs control. Some of the examples given by the CJEU require that customs officials and/or right holders have access to information that, most often, is not publicly available. On other occasions, the volume of internationally traded goods makes it almost impossible to manage existing information. These are problems, however, that big data and AI can help to overcome. In the first case, if the use of distributed ledger technologies and track and trace technologies became general, the efficiency of control would increase exponentially. As explained by Okazaki, advanced sensor technology ‘allows logistics service providers to detect any irregularities occurring in or around the cargos in transit, thus helping to enhance supply chain security. As such, a containerized cargo being once regarded as “low-risk” or “risk-free” can maintain the same condition until it is delivered at the destination unless any suspicious intervention is detected during the time of transport’.Footnote 77
Management of data at the international level can also be instrumental in another, very practical, context. In order to protect IP, some countries have introduced legal regimes that, while allowing to take action regarding goods in transit, still differ from the EU model described earlier. An interesting, while controversial, alternative consists of anticipating the moment and location of the protection. This is the model followed by Switzerland, where the patent owner can impede the transit of patent-infringing goods if he can also prohibit the import into the country of destination.Footnote 78 Hence, Swiss law permits anticipating the moment of the protection that the same title holder could demand in the country of destination. Although it relates to patents, Swiss authorities justify such anticipation ‘in view of the increasing international dimension of counterfeiting and piracy’,Footnote 79 and in order to ‘prevent Switzerland from becoming a transit country for pirated goods’.Footnote 80 In the context of trademark law, the EU has also made relevant the law of the final country of destination. In the EU, the entitlement of the trademark proprietor to detain products in transit shall lapse if, in the context of customs procedures, ‘evidence is provided by the declarant or the holder of the goods that the proprietor of the registered trade mark is not entitled to prohibit the placing of the goods on the market in the country of final destination’.Footnote 81
Naturally, should border authorities have direct and speedy access to the database of intellectual property offices from all over the world, they could also rapidly verify whether the IP owner who claims to have the right to impede importation to the country of destination is entitled to do so. It is difficult to envisage such a system to function ex officio, but it would accelerate procedures if the process were initiated at the request of an interested party. The same applies in respect to the holding made by the proprietor or consignor of the goods in the example provided regarding the EU. Advanced analytics allows to correlate internal data with other categories of data. In particular, it allows to correlate the customs situation, national intellectual property and international intellectual property protection status in the country of destination. Thus, putting existing sources of information and technologies at work for the benefit of customs authorities would make it more feasible to meet standards that, right now, are rather difficult to attain because of technical and resource-related constraints.
II Challenges
While big data and AI bring about new opportunities in the context of IP enforcement, including customs enforcement, new challenges also emerge. On this occasion, concerns arising from automation of the law and due process restrictions become also of relevance in respect of border enforcement.
In contrast to the TRIPS standard of releasing the goods that have been detained while in transit, the EU has put in place a speedy process for the destruction of goods suspected – but not confirmed – of infringing IPRs. TRIPS mandates the release of goods in case proceedings leading to a decision on the merits of the case have not been initialed or provisional measures have not been adopted within a period of ten working days after the applicant has been served notice of the suspension.Footnote 82 However, the EU has inverted the logic behind this rule and has established that the destruction of the goods will follow, without any further procedure on the merits of the case, if the alleged infringer does not respond in due time to the seizure.Footnote 83
It is predictable that the automation of procedures will result in more cargos being detained and more notifications of such detentions being sent to the owners of the cargos. However, economic and operational difficulties to respond to this type of processes, taking place in different continents and eventually exceeding what small companies can afford, will persist. In many instances, the owner of the goods may not contest the detention because, for instance, doing so may be more expensive than the value of the parcel that has been detained, or just for lack of knowledge or lack of time to react. If other, compensatory, measures – also of a technological nature – are not introduced, due process standards, in particular the right to a fair hearing and the presumption of innocence, become clearly threatened, especially when the right holder does not even need to start procedures on the merits of the case.
Reflections made by Citron in respect of due process and algorithmic enforcement, and the need to ensure that analytical algorithms satisfy standards of review guaranteeing fairness and accuracy, are fully applicable to customs enforcement.Footnote 84 A number of actions would mitigate those concerns. First, it is necessary to improve transparency (or at least the understanding) of the algorithms that determine which cargos and goods will be detained and inspected.Footnote 85 Next, it is also necessary to allow challenging the decision and detention undertaken with the assistance of automated mechanisms. Finally, it must also be possible to enable public oversight of automated border enforcement.Footnote 86 In reality, these concerns are not really different from those expressed in other areas of IP enforcement where automation has become a common practice, as discussed earlier.
E Conclusions
Digitalization, big data and distributed ledger technologies drastically change law enforcement. When applied to customs control, as it happens in other domains, these technologies result in cost savings and promote more efficient and less-prone-to-error administrative, judicial and commercial processes. Interconnectedness, instant access to foreign databases and constant monitoring of the precise location of goods allow to implement, for instance, standards relating to the control of goods in transit that were difficult to meet until now. Similarly, AI functional applications, such as image recognition, combined with the possibility to constantly and exponentially learn from past events, strengthen systems to control internationally traded goods protected by intellectual property rights.
Together with opportunities, challenges of both technical and legal nature also arise. Technical challenges are still manifold and relate to aspects such as the low quality and heterogeneous formats of digitalized data feeding AI functional applications. Legal concerns expressed in respect of algorithmic law enforcement relate to transparency, accountability and contestability of decisions. These concerns, which are of a general nature, are also of relevance to customs enforcement, as seen in the case of the automation of decisions concerning goods in transit. Algorithmic law enforcement must respond to the mentioned challenges and acknowledge in particular that intellectual property enforcement is a process of weighing and balancing rights and interests of different nature, and not an automated process to implement a predefined decision. Discretion and proportionality are central in the enforcement process, but these are attributes of remedies that require human virtues and skills that the current level of technological development does not seem capable to replicate yet.
Open access