In December 2015, we reported about a German court that classified Google's Gmail as a regulated telecommunications service. This court decision added to the discussion of whether and to what extent communications services that are provided "over the top" (OTT) (i.e., via the open Internet) shall be regulated under European telecommunications laws. The Gmail decision also provided momentum for the traditional telcos' call for a regulatory "level playing field" among traditional telecoms services (e.g., voice telephony over fixed or mobile networks, or SMS services) and OTT services. Google's appeal against the Gmail decision is still pending so, under current German law, these particular questions will not be finally resolved for quite some time. In a very similar case, the National Regulatory Authority (NRA) of Belgium fined Skype this summer with more than EUR 220,000 for failure to notify itself as a provider of SkypeOut as an – allegedly – regulated telecoms service. And most recently, a Belgian court issued a further fine against Skype for failure to comply with statutory obligations addressed to providers of regulated telecoms services. It can be expected that Skype will appeal this decision.

In September 2016, however, the European Commission presented a new draft directive, the European Communications Code (ECC). The ECC shall enact a specific regulatory framework for OTT communications services. While under this framework many OTT services would only become subject to a limited set of new requirements, others—specifically those that allow a breakout to the public switched telephone network (PSTN)—would then be regulated on the same level as traditional telecoms services.

For a quick overview of the ECC, please also refer to our infographic which can be downloaded here.

1. NEED TO REFORM THE CURRENT (2009) TELECOMS REGULATORY FRAMEWORK

The ECC shall replace the current EU telecoms framework which was last revised in 2009, and which consists of four different directives (Access Directive, Authorisation Directive, Framework Directive and Universal Service Directive).

The discussion on the regulatory treatment of OTT communications services demonstrates one of the major shortcomings of the current regulatory framework because its statutory definition of an electronic communications service (ECS) is rather blurry. It leaves Member States with a lot of room for interpretation whether a specific service consists "mainly in the conveyance of signals" as demanded by the current definition of ECS under European law and thus qualifies as a regulated service. This is especially questionable where the provider of the respective service does not control the underlying transmission infrastructure and does not at least send all traffic through a central infrastructure. The statutory definition therefore allows for strictly technical interpretations (rather favoring the non-regulation of OTT services) as well as more functional interpretations (rather favoring regulation of OTT services).

These uncertainties result in a patchwork of deviating regulatory views on OTT services across the European Union. On the one hand, in an early statement in 2004, the Commission itself suggested that VoIP services shall not be considered to be regulated telecoms services. On the other hand, Member States (like the German NRA and court with respect to Gmail or the Belgian NRA with respect to SkypeOut) took a stricter approach toward regulating OTT services. Most recently, as mentioned above, a Belgian court imposed a EUR 30,000 fine on Skype for failing to comply with an order to cooperate with Belgian law enforcement authorities. Similar to the German order demanding Google to register its Gmail service as a regulated ECS, both Belgian orders were also based on the assumption that Skype and SkypeOut qualify as a regulated ECS under Belgian telecoms law, which is also based on the current European regulatory framework. While the court's full decision is not yet available, Skype apparently argued that it does not provide an ECS, but merely offers software allowing its users to communicate without Skype's further involvement.

2. NEW SERVICE CATEGORY: "INTERPERSONAL COMMUNICATIONS SERVICE"

With the draft ECC, the Commission now suggests an amended ECS definition. In the future, ECS shall be subdivided into three different service categories, whereas multiple categories may apply to the same service:

  • Internet Access Services as defined in the Net Neutrality Regulation (EU/2015/2120). The definition includes all services that provide access to the Internet, and thereby connectivity to virtually all end points of the Internet, irrespective of the network technology and terminal equipment used.
  • Interpersonal Communications Services is a subcategory that includes all services that allow direct interpersonal communication and therefore also most OTT services. See below for further details of the specific criteria.
  • Other services are also included but only if they mainly consist of the conveyance of signals. According to the Commission, this shall include transmission services for M2M communications or for broadcasting, both of which do not include Internet access or interpersonal communications.

Services in either of these subcategories shall only be subject to regulation if they are normally provided for remuneration. This requirement was also at stake in the German Gmail case, where the relevant questions (e.g., Is a service provided for remuneration if it is provided free of charge to the users but features paid advertisements?) are still unresolved.

If the ECC is adopted as currently drafted, most traditional as well as OTT communications services targeted at end users will qualify as Interpersonal Communications Services (ICS)—and therefore also as regulated ECS.

The ECC defines all services as ICS to which all of the following criteria apply:

1. Services that enable direct interpersonal and interactive exchange of information via an electronic communications network This includes all services that allow the user to engage in live voice and/or video conversation or to exchange text, voice, video or email messages. In contrast, transmission services for M2M communications, for example, will not qualify as an ICS because these services do not entail an interpersonal exchange of information, but merely facilitate the exchange of information between individual IoT devices or an IoT device and its human operator;

and

2. Services that allow such exchange of information only between a finite number of persons as defined by initiator and/or the participants This includes all services that allow the exchange of information among certain individuals or a limited number of persons. In contrast, it excludes broadcast transmission services from the scope of ICS. These services allow the exchange of interpersonal information, but broadcasting always entails one-to-many communications; and

3. Services that are not ancillary features of another service This includes interpersonal exchanges of information that must not merely be a minor feature of another service to which they are intrinsically linked. This excludes, e.g., a chat feature that is part of a video game from the scope of ICS.

To allow for a graduated level of regulation, the ECC divides ICS into two further subcategories:

  • Number-based ICS are capable of PSTN communications either via E.164 numbers assigned by the service provider, or by enabling communication with third-party E.164 numbers (without assigning such numbers to its own users). Accordingly, only services which allow for a "breakout" to the PSTN will be subject to the regulatory requirements addressed for Number-based ICS.
  • All other ICS are defined as Number-independent ICS. This subcategory also includes services that use E.164 numbers for purposes other than the actual communications process (e.g., to identify user accounts as is the case with WhatsApp or iMessage).

Compared to the current framework, the Commission has decided to set aside the approach of defining regulated ECS merely based on technical features (i.e., the conveyance of signals). Instead, the ECC suggests adopting more of a functional understanding of the relevant communications services.

3. NEW RULES FOR OTT SERVICES

Since most OTT services would qualify as an ICS based on the suggested ECC definition, these services will generally also qualify as regulated ECS. This does not, however, mean that all OTT services will be subject to a level of regulation similar to the one currently imposed on traditional telecoms services. Rather, the Commission wanted to involve a degree of deregulation for all regulated services. At the same time, where necessary, a more limited set of communications-specific rules should be applied to all relevant traditional telecoms services and OTT services—but only if the latter are comparable to traditional telecoms services.

Therefore, under the draft ECC, only Number-based ICS will be regulated on the same level as traditional telecoms services. However, some level of regulation will also apply to Number-independent ICS, i.e., OTT services that do not allow a PSTN breakout. As a general approach, the Commission chose to only make providers of Number-independent ICS subject to regulatory obligations where this is required by public policy interests:

  • The provision of Number-independent ICS will not require any individual or even general authorisation by any of the Member States' NRA. However, providers of Number-independent ICS may still be required to notify NRAsabout their service commencement. But it shall be sufficient to submit such notification to BEREC instead of having to file it with the competent NRA in each Member State where the service shall be offered.
  • Providers of Number-independent ICS shall not have to participate in the dispute resolution scheme prescribed for all other ICS.
  • Users of Number-independent ICS will generally not have to be provided with the ability to reach emergency services via the respective service.
  • Most of the sector-specific consumer protection rules set forth in the ECC will only apply to Number-based ICS and Internet Access Services. In particular, this concerns the following provisions which will not apply to Number-independent ICS: o Transparency obligations demanding the publication of general or quality-of-service-related information;
    • Additional information requirements that the ECC sets forth with respect to end-user contracts;
    • Sector-specific restrictions on the maximum duration of end-user contracts and end-users' additional statutory rights to terminate such contracts; and
    • Providers of Number-independent ICS shall have no obligation to facilitate change of provider.
  • Finally—and in contrast to some demands by traditional telcos—Number-independent ICS will not have to be interoperable with each other. Respective obligations may, however, be imposed by the respective NRA if the general access to emergency services or the general end-to-end connectivity between end users becomes endangered due to an overall lack of interoperability among ICS. From today's perspective, such a situation seems unlikely. It may, however, occur if end users start using or providers start offering services with end-to-end (i.e., PSTN) connectivity on a larger scale.

While all of the aforementioned rules and obligations do not apply to Number-independent ICS, OTT services with a PSTN breakout that can be qualified as Number-based ICS will be subject to all of these respective provisions and traditional telecoms services will be as well.

4. CARVE-OUTS FOR PUBLIC SECURITY REGULATION

The current draft ECC generally allows only for little Member State deviation or additional regulations on the topics within its scope. Nevertheless, its implementation into Member State law will likely still not provide for a consistent regulatory framework for OTT (and other ECS) services across the EU. In particular, Member States will remain relatively free to impose further obligations on all ECS providers' ECS (including Number-independent ICS) where deemed necessary to ensure the protection of national security interests, to safeguard public policy, public morality and public security, or to permit criminal prosecution.

This is already the case under the current telecoms regulatory framework and shall not change under the ECC. As a consequence, OTT providers may still be facing different regulatory regimes in different EU Member States, in particular with respect to the following regulations:

  • Depending on the respective Member State law, such public security obligations may require providers to disclose information about their users (e.g., names, records or addresses).
  • Providers may be required to maintain records on communications activity under applicable data retention regimes and to provide access to such information for law enforcement authorities.
  • Providers may be obligated to allow legal interception of ongoing communications amongst their end users.

These changes could raise tricky questions regarding how to comply with legal developments in this area from a technical standpoint, and in a way which will be consistent with privacy and confidentiality requirements in other EU legal instruments such as the ePrivacy Directive and the General Data Protection Regulation.

Therefore, OTT providers should be prepared to increasingly become targets of requests from local law enforcement authorities, as was the case for Skype in Belgium. Like the requirements set forth by the ECC itself, such obligations imposed under national security legislation may also apply to non-EU based operators because Member States could make compliance with such obligations a prerequisite of allowing a provider to offer its services in their territory.

5. NEXT STEPS

The Commission's proposed directive will now be forwarded for deliberations to the European Parliament and the European Council. It can be expected that these discussions will lead to further amendments of the current draft:

  • On the one side, the traditional telcos cannot be fully satisfied with the current draft. Many OTT services they were complaining about (e.g., instant messaging services which are eating up their text message revenues) are still only regulated to a minimal extent, as opposed to their own SMS service offerings.
  • On the other side, OTT providers may fear loopholes that Member States can use to introduce further regulation under the public security umbrella. With many national governments seeing a problem in not being able to extend their surveillance of telecoms to OTT services, this fear may in fact be justified.

If the ECC is adopted by the EU, it will still not have any immediate effect because—like any EU directive—it will first need to be implemented into national law in each Member State.

With this timeline in mind, the full scope of future OTT regulations will only become clear after implementation into Member State law. Realistically, this will not happen before mid-2019.

Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Morrison & Foerster LLP. All rights reserved