Laid before Parliament
31st July 2002
23rd October 2002
21st August 2002
The Secretary of State, being a Minister designated() for the purposes of section 2(2) of the European Communities Act 1972() in relation to information society services, in exercise of the powers conferred on her by that section, hereby makes the following Regulations:—
Citation and commencement
1.—(1) These Regulations may be cited as the Electronic Commerce (EC Directive) Regulations 2002 and except for regulation 16 shall come into force on 21st August 2002.
(2) Regulation 16 shall come into force on 23rd October 2002.
2.—(1) In these Regulations and in the Schedule—
“commercial communication” means a communication, in any form, designed to promote, directly or indirectly, the goods, services or image of any person pursuing a commercial, industrial or craft activity or exercising a regulated profession, other than a communication—
consisting only of information allowing direct access to the activity of that person including a geographic address, a domain name or an electronic mail address; or
relating to the goods, services or image of that person provided that the communication has been prepared independently of the person making it (and for this purpose, a communication prepared without financial consideration is to be taken to have been prepared independently unless the contrary is shown);
“the Commission” means the Commission of the European Communities;
“consumer” means any natural person who is acting for purposes other than those of his trade, business or profession;
“coordinated field” means requirements applicable to information society service providers or information society services, regardless of whether they are of a general nature or specifically designed for them, and covers requirements with which the service provider has to comply in respect of—
the taking up of the activity of an information society service, such as requirements concerning qualifications, authorisation or notification, and
the pursuit of the activity of an information society service, such as requirements concerning the behaviour of the service provider, requirements regarding the quality or content of the service including those applicable to advertising and contracts, or requirements concerning the liability of the service provider,
but does not cover requirements such as those applicable to goods as such, to the delivery of goods or to services not provided by electronic means;
“the Directive” means Directive 2000/31/EC of the European Parliament and of the Council of 8 June 2000 on certain legal aspects of information society services, in particular electronic commerce, in the Internal Market (Directive on electronic commerce)();
“EEA Agreement” means the Agreement on the European Economic Area signed at Oporto on 2 May 1992 as adjusted by the Protocol signed at Brussels on 17 March 1993();
“enactment” includes an enactment comprised in Northern Ireland legislation and comprised in, or an instrument made under, an Act of the Scottish Parliament;
“enforcement action” means any form of enforcement action including, in particular—
in relation to any legal requirement imposed by or under any enactment, any action taken with a view to or in connection with imposing any sanction (whether criminal or otherwise) for failure to observe or comply with it; and
in relation to a permission or authorisation, anything done with a view to removing or restricting that permission or authorisation;
“enforcement authority” does not include courts but, subject to that, means any person who is authorised, whether by or under an enactment or otherwise, to take enforcement action;
“established service provider” means a service provider who is a national of a member State or a company or firm as mentioned in Article 48 of the Treaty and who effectively pursues an economic activity by virtue of which he is a service provider using a fixed establishment in a member State for an indefinite period, but the presence and use of the technical means and technologies required to provide the information society service do not, in themselves, constitute an establishment of the provider; in cases where it cannot be determined from which of a number of places of establishment a given service is provided, that service is to be regarded as provided from the place of establishment where the provider has the centre of his activities relating to that service; references to a service provider being established or to the establishment of a service provider shall be construed accordingly;
“information society services” (which is summarised in recital 17 of the Directive as covering “any service normally provided for remuneration, at a distance, by means of electronic equipment for the processing (including digital compression) and storage of data, and at the individual request of a recipient of a service”) has the meaning set out in Article 2(a) of the Directive, (which refers to Article 1(2) of Directive 98/34/EC of the European Parliament and of the Council of 22 June 1998 laying down a procedure for the provision of information in the field of technical standards and regulations(), as amended by Directive 98/48/EC of 20 July 1998());
“member State” includes a State which is a contracting party to the EEA Agreement;
“recipient of the service” means any person who, for professional ends or otherwise, uses an information society service, in particular for the purposes of seeking information or making it accessible;
“regulated profession” means any profession within the meaning of either Article 1(d) of Council Directive 89/48/EEC of 21 December 1988 on a general system for the recognition of higher-education diplomas awarded on completion of professional education and training of at least three years’ duration() or of Article 1(f) of Council Directive 92/51/EEC of 18 June 1992 on a second general system for the recognition of professional education and training to supplement Directive 89/48/EEC();
“service provider” means any person providing an information society service;
“the Treaty” means the treaty establishing the European Community.
(2) In regulation 4 and 5, “requirement” means any legal requirement under the law of the United Kingdom, or any part of it, imposed by or under any enactment or otherwise.
(3) Terms used in the Directive other than those in paragraph (1) above shall have the same meaning as in the Directive.
3.—(1) Nothing in these Regulations shall apply in respect of—
(a)the field of taxation;
(b)questions relating to information society services covered by the Data Protection Directive() and the Telecommunications Data Protection Directive() and Directive 2002/58/EC of the European Parliament and of the Council of 12th July 2002 concerning the processing of personal data and the protection of privacy in the electronic communications sector (Directive on privacy and electronic communications)();
(c)questions relating to agreements or practices governed by cartel law; and
(d)the following activities of information society services—
(i)the activities of a public notary or equivalent professions to the extent that they involve a direct and specific connection with the exercise of public authority,
(ii)the representation of a client and defence of his interests before the courts, and
(iii)betting, gaming or lotteries which involve wagering a stake with monetary value.
(2) These Regulations shall not apply in relation to any Act passed on or after the date these Regulations are made or in exercise of a power to legislate after that date.
(3) In this regulation—
“cartel law” means so much of the law relating to agreements between undertakings, decisions by associations of undertakings or concerted practices as relates to agreements to divide the market or fix prices;
“Data Protection Directive” means Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data; and
“Telecommunications Data Protection Directive” means Directive 97/66/EC of the European Parliament and of the Council of 15 December 1997 concerning the processing of personal data and the protection of privacy in the telecommunications sector.
4.—(1) Subject to paragraph (4) below, any requirement which falls within the coordinated field shall apply to the provision of an information society service by a service provider established in the United Kingdom irrespective of whether that information society service is provided in the United Kingdom or another member State.
(2) Subject to paragraph (4) below, an enforcement authority with responsibility in relation to any requirement in paragraph (1) shall ensure that the provision of an information society service by a service provider established in the United Kingdom complies with that requirement irrespective of whether that service is provided in the United Kingdom or another member State and any power, remedy or procedure for taking enforcement action shall be available to secure compliance.
(3) Subject to paragraphs (4), (5) and (6) below, any requirement shall not be applied to the provision of an information society service by a service provider established in a member State other than the United Kingdom for reasons which fall within the coordinated field where its application would restrict the freedom to provide information society services to a person in the United Kingdom from that member State.
(4) Paragraphs (1), (2) and (3) shall not apply to those fields in the annex to the Directive set out in the Schedule.
(5) The reference to any requirements the application of which would restrict the freedom to provide information society services from another member State in paragraph (3) above does not include any requirement maintaining the level of protection for public health and consumer interests established by Community acts.
(6) To the extent that anything in these Regulations creates any new criminal offence, it shall not be punishable with imprisonment for more than two years or punishable on summary conviction with imprisonment for more than three months or with a fine of more than level 5 on the standard scale (if not calculated on a daily basis) or with a fine of more than £100 a day().
Derogations from Regulation 4
5.—(1) Notwithstanding regulation 4(3), an enforcement authority may take measures, including applying any requirement which would otherwise not apply by virtue of regulation 4(3) in respect of a given information society service, where those measures are necessary for reasons of—
(a)public policy, in particular the prevention, investigation, detection and prosecution of criminal offences, including the protection of minors and the fight against any incitement to hatred on grounds of race, sex, religion or nationality, and violations of human dignity concerning individual persons;
(b)the protection of public health;
(c)public security, including the safeguarding of national security and defence, or
(d)the protection of consumers, including investors,
and proportionate to those objectives.
(2) Notwithstanding regulation 4(3), in any case where an enforcement authority with responsibility in relation to the requirement in question is not party to the proceedings, a court may, on the application of any person or of its own motion, apply any requirement which would otherwise not apply by virtue of regulation 4(3) in respect of a given information society service, if the application of that enactment or requirement is necessary for and proportionate to any of the objectives set out in paragraph (1) above.
(3) Paragraphs (1) and (2) shall only apply where the information society service prejudices or presents a serious and grave risk of prejudice to an objective in paragraph (1)(a) to (d).
(4) Subject to paragraphs (5) and (6), an enforcement authority shall not take the measures in paragraph (1) above, unless it—
(a)asks the member State in which the service provider is established to take measures and the member State does not take such measures or they are inadequate; and
(b)notifies the Commission and the member State in which the service provider is established of its intention to take such measures.
(5) Paragraph (4) shall not apply to court proceedings, including preliminary proceedings and acts carried out in the course of a criminal investigation.
(6) If it appears to the enforcement authority that the matter is one of urgency, it may take the measures under paragraph (1) without first asking the member State in which the service provider is established to take measures and notifying the Commission and the member State in derogation from paragraph (4).
(7) In a case where a measure is taken pursuant to paragraph (6) above, the enforcement authority shall notify the measures taken to the Commission and to the member State concerned in the shortest possible time thereafter and indicate the reasons for urgency.
(8) In paragraph (2), “court” means any court or tribunal.
General information to be provided by a person providing an information society service
6.—(1) A person providing an information society service shall make available to the recipient of the service and any relevant enforcement authority, in a form and manner which is easily, directly and permanently accessible, the following information—
(a)the name of the service provider;
(b)the geographic address at which the service provider is established;
(c)the details of the service provider, including his electronic mail address, which make it possible to contact him rapidly and communicate with him in a direct and effective manner;
(d)where the service provider is registered in a trade or similar register available to the public, details of the register in which the service provider is entered and his registration number, or equivalent means of identification in that register;
(e)where the provision of the service is subject to an authorisation scheme, the particulars of the relevant supervisory authority;
(f)where the service provider exercises a regulated profession—
(i)the details of any professional body or similar institution with which the service provider is registered;
(ii)his professional title and the member State where that title has been granted;
(iii)a reference to the professional rules applicable to the service provider in the member State of establishment and the means to access them; and
(g)where the service provider undertakes an activity that is subject to value added tax, the identification number referred to in Article 22(1) of the sixth Council Directive 77/388/EEC of 17 May 1977 on the harmonisation of the laws of the member States relating to turnover taxes—Common system of value added tax: uniform basis of assessment().
(2) Where a person providing an information society service refers to prices, these shall be indicated clearly and unambiguously and, in particular, shall indicate whether they are inclusive of tax and delivery costs.
7. A service provider shall ensure that any commercial communication provided by him and which constitutes or forms part of an information society service shall—
(a)be clearly identifiable as a commercial communication;
(b)clearly identify the person on whose behalf the commercial communication is made;
(c)clearly identify as such any promotional offer (including any discount, premium or gift) and ensure that any conditions which must be met to qualify for it are easily accessible, and presented clearly and unambiguously; and
(d)clearly identify as such any promotional competition or game and ensure that any conditions for participation are easily accessible and presented clearly and unambiguously.
Unsolicited commercial communications
8. A service provider shall ensure that any unsolicited commercial communication sent by him by electronic mail is clearly and unambiguously identifiable as such as soon as it is received.
Information to be provided where contracts are concluded by electronic means
9.—(1) Unless parties who are not consumers have agreed otherwise, where a contract is to be concluded by electronic means a service provider shall, prior to an order being placed by the recipient of a service, provide to that recipient in a clear, comprehensible and unambiguous manner the information set out in (a) to (d) below—
(a)the different technical steps to follow to conclude the contract;
(b)whether or not the concluded contract will be filed by the service provider and whether it will be accessible;
(c)the technical means for identifying and correcting input errors prior to the placing of the order; and
(d)the languages offered for the conclusion of the contract.
(2) Unless parties who are not consumers have agreed otherwise, a service provider shall indicate which relevant codes of conduct he subscribes to and give information on how those codes can be consulted electronically.
(3) Where the service provider provides terms and conditions applicable to the contract to the recipient, the service provider shall make them available to him in a way that allows him to store and reproduce them.
(4) The requirements of paragraphs (1) and (2) above shall not apply to contracts concluded exclusively by exchange of electronic mail or by equivalent individual communications.
Other information requirements
10. Regulations 6, 7, 8 and 9(1) have effect in addition to any other information requirements in legislation giving effect to Community law.
Placing of the order
11.—(1) Unless parties who are not consumers have agreed otherwise, where the recipient of the service places his order through technological means, a service provider shall–
(a)acknowledge receipt of the order to the recipient of the service without undue delay and by electronic means; and
(b)make available to the recipient of the service appropriate, effective and accessible technical means allowing him to identify and correct input errors prior to the placing of the order.
(2) For the purposes of paragraph (1)(a) above—
(a)the order and the acknowledgement of receipt will be deemed to be received when the parties to whom they are addressed are able to access them; and
(b)the acknowledgement of receipt may take the form of the provision of the service paid for where that service is an information society service.
(3) The requirements of paragraph (1) above shall not apply to contracts concluded exclusively by exchange of electronic mail or by equivalent individual communications.
Meaning of the term “order”
12. Except in relation to regulation 9(1)(c) and regulation 11(1)(b) where “order” shall be the contractual offer, “order” may be but need not be the contractual offer for the purposes of regulations 9 and 11.
Liability of the service provider
13. The duties imposed by regulations 6, 7, 8, 9(1) and 11(1)(a) shall be enforceable, at the suit of any recipient of a service, by an action against the service provider for damages for breach of statutory duty.
Compliance with Regulation 9(3)
14. Where on request a service provider has failed to comply with the requirement in regulation 9(3), the recipient may seek an order from any court having jurisdiction in relation to the contract requiring that service provider to comply with that requirement.
Right to rescind contract
15. Where a person—
(a)has entered into a contract to which these Regulations apply, and
(b)the service provider has not made available means of allowing him to identify and correct input errors in compliance with regulation 11(1)(b),
he shall be entitled to rescind the contract unless any court having jurisdiction in relation to the contract in question orders otherwise on the application of the service provider.
Amendments to the Stop Now Orders (E.C. Directive) Regulations 2001
16.—(1) The Stop Now Orders (E.C. Directive) Regulations 2001() are amended as follows.
(2) In regulation 2(3), at the end there shall be added—
“(k)regulations 6, 7, 8, 9, and 11 of the Electronic Commerce (E.C. Directive) Regulations 2002.”.
(3) In Schedule 1, at the end there shall be added—
“11. Directive 2000/31/EC of the European Parliament and of the Council of 8th June 2000 on certain legal aspects of information society services, in particular electronic commerce, in the Internal Market (Directive on Electronic Commerce).”().
17.—(1) Where an information society service is provided which consists of the transmission in a communication network of information provided by a recipient of the service or the provision of access to a communication network, the service provider (if he otherwise would) shall not be liable for damages or for any other pecuniary remedy or for any criminal sanction as a result of that transmission where the service provider—
(a)did not initiate the transmission;
(b)did not select the receiver of the transmission; and
(c)did not select or modify the information contained in the transmission.
(2) The acts of transmission and of provision of access referred to in paragraph (1) include the automatic, intermediate and transient storage of the information transmitted where:
(a)this takes place for the sole purpose of carrying out the transmission in the communication network, and
(b)the information is not stored for any period longer than is reasonably necessary for the transmission.
18. Where an information society service is provided which consists of the transmission in a communication network of information provided by a recipient of the service, the service provider (if he otherwise would) shall not be liable for damages or for any other pecuniary remedy or for any criminal sanction as a result of that transmission where—
(a)the information is the subject of automatic, intermediate and temporary storage where that storage is for the sole purpose of making more efficient onward transmission of the information to other recipients of the service upon their request, and
(b)the service provider—
(i)does not modify the information;
(ii)complies with conditions on access to the information;
(iii)complies with any rules regarding the updating of the information, specified in a manner widely recognised and used by industry;
(iv)does not interfere with the lawful use of technology, widely recognised and used by industry, to obtain data on the use of the information; and
(v)acts expeditiously to remove or to disable access to the information he has stored upon obtaining actual knowledge of the fact that the information at the initial source of the transmission has been removed from the network, or access to it has been disabled, or that a court or an administrative authority has ordered such removal or disablement.
19. Where an information society service is provided which consists of the storage of information provided by a recipient of the service, the service provider (if he otherwise would) shall not be liable for damages or for any other pecuniary remedy or for any criminal sanction as a result of that storage where—
(a)the service provider—
(i)does not have actual knowledge of unlawful activity or information and, where a claim for damages is made, is not aware of facts or circumstances from which it would have been apparent to the service provider that the activity or information was unlawful; or
(ii)upon obtaining such knowledge or awareness, acts expeditiously to remove or to disable access to the information, and
(b)the recipient of the service was not acting under the authority or the control of the service provider.
Protection of rights
20.—(1) Nothing in regulations 17, 18 and 19 shall—
(a)prevent a person agreeing different contractual terms; or
(b)affect the rights of any party to apply to a court for relief to prevent or stop infringement of any rights.
(2) Any power of an administrative authority to prevent or stop infringement of any rights shall continue to apply notwithstanding regulations 17, 18 and 19.
Defence in Criminal Proceedings: burden of proof
21.—(1) This regulation applies where a service provider charged with an offence in criminal proceedings arising out of any transmission, provision of access or storage falling within regulation 17, 18 or 19 relies on a defence under any of regulations 17, 18 and 19.
(2) Where evidence is adduced which is sufficient to raise an issue with respect to that defence, the court or jury shall assume that the defence is satisfied unless the prosecution proves beyond reasonable doubt that it is not.
Notice for the purposes of actual knowledge
22. In determining whether a service provider has actual knowledge for the purposes of regulations 18(b)(v) and 19(a)(i), a court shall take into account all matters which appear to it in the particular circumstances to be relevant and, among other things, shall have regard to—
(a)whether a service provider has received a notice through a means of contact made available in accordance with regulation 6(1)(c), and
(b)the extent to which any notice includes—
(i)the full name and address of the sender of the notice;
(ii)details of the location of the information in question; and
(iii)details of the unlawful nature of the activity or information in question