BEREC Guidelines on Net Neutrality – Part II (Final Version)

On August 30, the Body of European Regulators for Electronic Communications (BEREC) published their final Guidelines on net neutrality, as mandated by the Connected Continent Regulation (Reg. 2015/2120). The Guidelines do not crate new rules but interpret the ones contained in the Regulation. Their importance lies in the fact that national regulatory authorities (NRAs) have been left in charge of the implementation and monitoring and this is intended to help them apply the Regulation and ensure a degree of uniformity.

A draft version had been made available on April 6 (I commented on it in a previous post) and the final text is a result of an extensive public consultation. I emphasised earlier that, although the Draft supports net neutrality in principle, it also allows zero rating, traffic management and specialised services under controlled conditions, which is a good starting point. The final version remains on the same position.

Public debate so far has been roughly divided into two camps: Internet Service Providers (ISPs) have argued for weak regulation while general public has been leaning towards a strong one. Although the final version does reinforce the open nature of the Internet, it does leave a lot of manoeuvring space for ISPs, essentially crating a relatively weak and rather bureaucratised set of rules that depends on NRA scrutiny.

Although, some comments seem to be claiming that “loopholes” left in the Regulation have been tightened, this is, in fact, not the case. The Guidelines allow for flexibility: zero rating, traffic management and specialised services, all remain allowed. The ISPs rely on all three as zero rating and specialised services are increasingly seen as lifelines in an industry where investing in new technology is prohibitively expensive but very risky and subject to competition from unregulated over-the-top (OTT) providers.

In respect of zero rating, which is not specifically mentioned in the Regulation, BEREC recognises that end users’ choice may be materially restricted. Commenting on Article 3(2) of the Regulation, however, the Guidelines do not call for their outright prohibition. Recitals 44 and 45 simply say that providers’ respective market positions are to be taken into account as well as the extent to which the users’ choice is actually been restricted. This is a regime which leaves balancing to the NRAs. The only situation in which zero rating is prohibited (Recital 55) is where, having reached the data cap, all applications but the zero rated ones are throttled.

The BEREC position on traffic management is dependent on the rather specific and relatively clearly worded limitations already imposed in the Regulation. The basic position here is that traffic management is allowed under controlled conditions. The main impression gained is that the Guidelines are descriptive, giving examples of what might constitute typical attacks or allowed measures.

Finally, specialised services are also allowed in Regulation Article 3(5) under NRA-controlled conditions and the Guidelines do not change the position in that article dramatically. Paragraph 111 comments that it is necessary for a specialised service to actually require a “level of quality that cannot be assured over a IAS”, that is to say, specialised service must be the only option for delivering the electronic product adequately. Paragraph 112 emphasises that defining a fixed list of specialised services is not necessary considering the fast pace at which technology develops.

In summary, the present Guidelines offer a basic net neutrality protection, preventing the ISPs from discriminating between apps and services flowing through the basic pipe. At the same time, they allow reasonable traffic management and specialised services, which is a positive development. More worrying is the fact that both are subject to far too many administrative hurdles and the uncertainty of regional NRA scrutiny. In my own view, net neutrality regulation was not necessary as potential problems could easily be addressed through the existing laws and adequate application of competition rules. At best, the present rules provide only a basic shield against (at present still largely hypothetical) violations. In the worst case, their overzealous application by NRAs would act as a burden to developement of new services.

An Overview of EU Cyberlaw Literature

I often get asked, by students and colleagues alike, what books to get and how to use them. Since Cyberlaw is, in the memorable words of Frank Easterbrook, “the law of the horse” – in other words, a collection of disparate legal disciplines, working with EU Internet Law does, unfortunately, mean working with many different disciplines. The situation is not so dire, however, as decent works exist in all of them and there are also some truly excellent ones. In this post, I will aim to give an overview of the books that I find particularly useful and work with relatively often. It is probably worth saying that, although Internet law changes relatively rapidly, books do not get out of date so easily. This is for a simple reason that EU Directives have a relatively long shelf life (E-Commerce and InfoSoc directives, for example, date to 2001) and the European Court produces a ´small number of judgments in each of the areas listed below.

Policy. No general books exist that cover EU Internet policy (although some references to policy and governance in individual areas are to be found in the works below). The following two books are not specifically EU oriented but they give a good overview of the main issues  involved. Ian Brown (ed.)’s Research Handbook on Governance of the Internet (Elgar 2013) is a good introduction to governance in cyberspace while Reed’s Making Laws for Cyberspace (OUP 2012) throws light on the law making process.

General literature. Few general works exist, although the situation is better now than it used to be. My own EU Internet Law (Edward Elgar 2013) is coming out in the 2nd edition later in 2016. It is complemented by the Research Handbook of EU Internet Law (Savin/Trzaskowski, Edward Elgar 2014). Neither is meant as a textbook and those looking for one should probably look at the Introduction to EU Internet Law (Trzaskowski/Savin/Lundqvist/Lindskug ExTuto 2015). A compendium of texts, cases and materials has been published in 2015 (Koščík et al. eds., available online) and is a useful collection of primary sources.

Those interested in the historical development of the main EU directives have a couple of volumes to consider. Lodder and Kaspersen’s eDirectives: Guide to European Union Law on E-Commerce (Kluwer 2002) remains the only article-by-article comment on the major EU Internet directives including the E-commerce, the Copyright and the Data Protection directives. Similar effect is achieved in Lilian Edwards’ (ed.) The New Legal Framework for E-Commerce in Europe (Hart 2005), which is an indispensable work for understanding policy decisions behind E-Commerce Directive.

Surprisingly, no up-to-date books covering electronic commerce only exist today and by far the best ones are the two volumes quoted above. Elgar’s Research Handbook on Electronic Commerce Law is due in September 2016 and will cover this gap to some extent.

Copyright is one of the areas where there is abundance of excellent books. A general work covering all EU IP Rights is Trevor Cook’s EU Intellectual Property Law (OUP 2010). Although no longer up to date in terms of case law, it gives a good overview of the basic directives. The Stamatoudi/Torremans detailed commentary on EU Copyright Law (Elgar 2014) is the most comprehensive article-by-article reference on all EU copyright-related directives including a section on EU policies. An earlier version with a similar scope (OUP 2010) is the Walter/von Lewinski’s European Copyright Law: A Commentary. An overview of the Member States’ implementation of the Copyright Directive is the Lindner/Shapiro Copyright in the Information Society: A Guide to National Implementation of the European Directive (Elgar 2011). Kur/Dreier European Intellectual Property Law: Texts, Cases & Materials (Elgar 2013) is excellent as a textbook in this area as is Pila/Torremans book with the same title (OUP 2016).

Trademark. Botis/Maniatis/Mühlendahl/Wiseman’s Trademark Law in Europe (3rd edition, OUP 2016) is a comprehensive overview of the area. Kur/Senftleben’s European Trademark Law is out in February 2017.

A review of the new EU patent system can be found in Pila/Wadlos (eds) The Unitary EU Patent System (Bloombsury 2015).

The most recent summary of cybercrime issues is Gillespie’s Cybercrime: Key Issues and Debates (Routledge 2015). A view of the EU cybersecurity policy issues is to be found in Christou’s Cybersecurity in the European Union: Resilience and Adaptability in Governance Policy (AIAA 2016)

Consumer issues are covered relatively comprehensively. Up-to-date general works exist, including Weatherill’s EU Consumer Law and Policy (2nd edition, Elgar 2014) and Micklitz/Reich EU Consumer Law (2nd edition, Intersentia 2014). Policy issues are covered in Leczykiewicz/Weatherill The Images of the Consumer in EU Law: Legislation, Free Movement and Competition Law (Bloomsbury 2016). Djurovic’s European Law on Unfair Commercial Practices and Contract Law (Bloomsbury 2016) covers the UCP directive. Twigg-Flesner’s (ed.) Research Handbook on EU Consumer and Contract Law is due in September 2016.

Private International law, while being subject to a multitude of general titles, has only a few specific ones that apply to the Internet only. An example is Svantesson’s Private International Law and the Internet (3rd edition, Kluwer 2013). Specifically consumer-oriented is Tang’s Electronic Consumer Contracts in the Conflict of Laws (2nd edition, Bloomsbury 2015).

Comparative law: Knowing what is happening in the United States is an important part of understanding where the EU laws come from and why they are written in the way they. A good general overview (including cases and materials) of American Cyberlaw up to 2010 is Bellia/Berman/Frischmann/Post’s Cyberlaw (4th edition, West 2011). Grimmelmann’s Internet Law: Cases & Problems (Semaphore Press, 2015) provides a more up-to-date look.

Books on privacy have traditionally concentrated on national implementation of EU laws. The current situation is made more complicated by the recent adoption of the General Data Protection Regulation, which fundamentally changes the current EU law and has yet to be subject to a comprehensive coverage in a book format. The best overview of the current law is to be found in EU’s own Handbook on European Data Protection Law (EU 2013). An up-to-date discussion of policy and constitutional issues are discussed in Hijmans’ The European Union as Guardian of Internet Privacy: The Story of Art 16 TFEU (Springer 2016). Further to this, there is Lynskey’s The Foundations of EU Data Protection Law (OUP 2015) which does cover some aspects of the initial GDPR proposal.

In addition to the above, the following three are also of interest.

Telecommunications law (or, as the EU itself puts it – electronic communications) is, strictly speaking, a separate branch of law that applies to carrier only (the wires) and not content on the Internet. Nevertheless, since convergence between content and carrier has been blurring this boundary for a considerable time now, some knowledge of the area is needed. Three comprehensive books exists on the subject. Scherer’s (ed.) Telecommunication Laws in Europe (Bloomsbury 2016) is an overview of national laws but it does begin with an introductory section on EU telecoms laws. The most comment-like treatment of the 2009 telecoms package is Nihoul/Rodford’s EU Electronic Communications Law (OUP 2011). A comprehensive analysis of the ex ante approach to telecommunications is Hou’s Competition law and Regulation of the EU Electronic Communications Sector (Kluwer 2012). Finally, my own EU Telecommunications law is due with Elgar later in 2017.

BEREC Guidelines on Net Neutrality – Part I

On June 6, the Body of European Regulators for Electronic Communication (BEREC) published a draft set of guidelines concerning Net Neutrality. The authority to draft them came from Regulation (EU) 2015/2120  –  the “Connected Continent Regulation” – whose Article 5(3) obliges BEREC to issue guidelines for the implementation of the Regulation by August 30, 2016, in cooperation with the Commission and after consulting the stakeholders. Since it is the national regulatory authorities (NRAs) in each Member State who are in charge of implementation, the guidelines direct NRAs on how to implement the Regualtion.This makes them rather significant in practice.

On its website, BEREC claimed that it received “almost half a million contributions” in response to its call. Considering the fact that net neutrality has been in the public eye for a while now, it is not surprising that BEREC Guidelines should attract attention, but it is curious that the number of responses (most of which were from ordinary citizens) should be demonstrated in this manner. The drafting process itself is not particularly transparent, with concerns that BEREC drafting process happens behind closed doors and under potential influence of lobbying.

The Connected Continent Regulation has as its main purpose the removal of roaming and the introduction of minimum rules on net neutrality and it is not a full revision of the 2009 EU Telecoms regime (which is promissed for December 2016). The Regulation introduces a couple of basic safeguards. First, the Regulation does not define net neutrality. The introduction of a proper definition was a hotly debated point in previous drafts with proponents of net neutrality arguing for a clear definition and the opponents against. The resulting regulation simply says, in Article 3(1) that

End-users shall have the right to access and distribute information and content, use and provide applications and services, and use terminal equipment of their choice, irrespective of the end-user’s or provider’s location or the location, origin or destination of the information, content, application or service, via their internet access service.

This statement, which roughly corresponds to usual definitions of net neutrality, simply means that internet traffic must be provided without discrimination based on origin or content of that traffic. At the same time, this does not affect agreements between providers and users on “price, data volumes or speed”. The main net neutrality point is then repeated in Article 3(3):

Providers of internet access services shall treat all traffic equally, when providing internet access services, without discrimination, restriction or interference, and irrespective of the sender and receiver, the content accessed or distributed, the applications or services used or provided, or the terminal equipment used.

The same paragraph allows “reasonable traffic management”. Reasonable are only those measures which are “transparent, non-discriminatory and proportionate” and which are not based on commercial considerations. Such measures cannot result in monitoring and must be temporary. Providers are in particular not allowed to:

block, slow down, alter, restrict, interfere with, degrade or discriminate between specific content, applications or services, or specific categories thereof

In principle, traffic management is allowed only when EU laws demand it, to preserve the integrity and security of the network or to prevent congestion.

Finally, the Regulation allows the providers to offer specialized services, which are not defined but which are “optimised for specific content, applications or services, or a combination thereof” where such optimization is necessary. Such specialised services must not be offered as a replacement for regular Internet services and must not result in the degraded quality of the former.

The draft guidelines comment on each of the articles. Some of the comments are crucial. Particularly important are those on zero rating, traffic management and specizlied services.

In response to bundling of free applications and services with the Internet access (such as, for example, offering free Spotify or HBO subscriptions), the Guidelines paragraph 33 indicates that these ought to remain legal as long as they are not priced differently than the rest of the traffic. Paragraph 35 specifically emphasizes that ISPs are not allowed to contractually ban specific content (e.g. VoIP). In response to zero-rating practices (where the provider does not count traffic associated with a particular application towards data cap, thus making them essentially free), the Guidelines differentiate between several situations. If all other services are slowed down except the zero rated ones, once the cap is reached, such practices would infringe Article 3(1) (as per paragraph 38). In respect of all other practices, the Guidelines call for a complex assessment exercise (paragraphs 43  – 45) the purpose of which is to determine to what extent the end-users’ choice if actually restricted. At present, there is little evidence that zero-rating is harmful and some evidence that it is beneficial.

In response to traffic management, BEREC simply clarifies the conditions in Article 3(3) without adding anything particularly controversial. It acknowledges, at the same time, the legality of traffic management. The guidelines do not insists on application-neutral technical measures, possibly leaving space for controversy. On the other hand, “permanent or recurring” measures may not be legal (paragraph 70) showing, at least, that traffic management measures cannot be used as a backdoor for openly violating neutrality.

In response to specialized services, BEREC emphasizes the fact that such services need to be carried at a specific level of quality and cannot be assured by standard best effort (paragraph 95). The job of verifying whether optimized delivery is objectively necessary is left to NRAs . If the level of quality can be adequately assured through a regular connection, the specialized service would be illegal. BEREC is careful to emphasize that what constitutes a specialized service today may not be so in the future. Creating black and white lists, therefore, makes little sense. As a way of example, paragraph 109 quotes Voice-over-LTE (VoLTE), linear broadcasting IPTV services and real-time health services, as those which may required specizlized access today.

There are two important points to note from the Draft Guidelines. First, they follow the spirit of the Regulation by prohibiting opportunistic discrimination. This, in itself, is not necessarily a novelty since current laws can be interpreted to give the same effect. Additionally, this intervention may be irrelevant as there is little evidence of actual net neutrality violations in Europe. Second, they are permissive and flexible towards issues that matter to the industry – traffic management and specialized services. This is a positive development, as restrictive rules can and do have a negative impac on investment which, in telecommunications industry, is highly risky.

The comments this author has seen can roughly be divided into three groups. The first are individual citizens who invoke net neutrality as a fundamental right, often with little or no understanding of what it actually implies and how problems that arise from net neutrality issues differ from those happening on the backbone. The second are proponents of net neutrality on both sides of the Atlantic, who argue for stronger rules and criticize both the Regulation and what they perceive as BEREC’s permissive position. The third are industry representative who are against strong regulation. They are against overly prescriptive ex ante regulation, they fear future litigation over ambiguities left in the Regulation and worry about a potential slow-down in investment. A manifesto co-signed by BT Group, Deutsche Telekom, Ericsson, Hutchison Whampoa Europe, Inmarsat, Nokia, Orange, Proximus, Royal KPN, SES, Tele2 AB, TIM – Telecom Italia, Telefonica, Telekom Austria Group, Telenor Group, Telia Company and Vodafone, and claiming support from Ahlers, Airbus Defence & Space, Royal Philips, Siemens and Thales Alenia Space recently warned that no invetsment in 5G networks will be forthcoming unless uncertainties introduced in the Guidelines are removed.

In the view of this author, net neutrality legislation is unnecessary, counterproductive and technically difficult to implement. The final version of Guidelines may, if drafted carefully, eliminate some of the problems. I will comment on these when they are published later this month.