In its latest newsletter the Council of Bars and Law Societies of Europe (CCBE) announces it has published its position (pdf) on the European Commission proposals on evidence in civil and commercial matters.
CCBE supports the use of electronic means in civil procedures but warns that adequate safeguards have to be taken.
Publication of the CEPEJ report evaluating the European judicial systems modernising and digitilising EU civil judicial cooperation
On 19 October, the CCBE published its position on the Commission proposals for amendment of the regulations on service of documents and the taking of evidence in civil and commercial matters. The Commission proposal aims to make access to civil justice cheaper, more efficient and more accessible to citizens and businesses by making it obligatory for courts to exchange documents electronically and promoting the use of videoconferencing to hear witnesses based in another country.
Whilst the CCBE supports that the use of electronic means becomes the default standard in communication between the competent authorities involved in cross-border judicial cooperation in civil and commercial matters, it stresses that such a move must be coupled with safeguards and due process procedures, including the protection of professional secrecy and legal professional privilege. To this end, various proposals for amendments are suggested in the position paper.
CCBE is very worried about the Commission’s proposals on electronic communication:
8. Facilitation of electronic direct service – the need for explicit consent and common minimum requirements (Articles 15 and 15a)
Through the newly proposed Articles 15 and 15a, transmitting agencies and courts seised with the proceedings will be allowed to service judicial documents electronically and directly to persons domiciled in another Member State. Under this scenario, the document to be served is submitted by a Member State authority through electronic channels to the electronic account (mailbox) of an addressee residing in another Member State, provided that the documents are sent and received using the qualified electronic registered delivery service (ERDS) within the meaning of the eIDAS Regulation or in case express consent was given in the course of a legal proceeding to use that particular account. In practice this means that relevant authorities will only service documents to a user account where there is some support information that it is owned by the addressee (either by their consent or by the use of some so-far unknown functions of electronic registered delivery service). This means for example that theoretically citizens or lawyers disposing of a government-provided electronic mailbox could be served cross-border judicial documents directly to their government-provided electronic mailbox and are therefore required to be vigilant to keep track of such messages received in that account. The CCBE understands that theoretically electronic registered delivery services could be treated as equivalent to service by registered post, but they are being used only in very few countries, with large differences in function and in legal effect of delivery. Also, government-provided mail boxes are usually only used for communications with public administrative authorities for specific purposes, for example, in the context of tax obligations, social security management, or communal services etc. The CCBE is therefore concerned about the lack of clarity on how such service of documents would be carried out in practice, the considerable differences in national implementations and the lack of public awareness that such delivery services could also be received from judicial authorities of other Member States in the context of civil or commercial cases.
The CCBE therefore believes that qualified electronic registered delivery services should only be used to serve documents if in the course of legal proceedings, the addressee has given express consent to the court or authority seised to use his/her user account which fulfils the requirement of ERDS within the meaning of the eIDAS Regulation. The condition of explicit consent should be strictly complied with and verified in order to especially prevent a violation of the defendant’s rights.
In addition, the CCBE also wishes to stress the importance of establishing minimum level of service and service guarantees for Member States in relation to electronic service of documents undertaken under Article 15a. The current regulation of electronic registered delivery services are not based on these being public services, but only on aspects of electronic authentication. As soon as these mechanisms are used for the delivery of critical, possibly life changing documents, there needs to be a very different set of minimum requirements to rely on the delivery. Currently, it is up to each Member States to decide on whether it wishes to use a particular national electronic delivery service for such important purpose or not. With this regulation, the relevant authorities of other Member States will be able to decide whether it will use the electronic delivery service of another Member State for the purpose of servicing judicial and extrajudicial documents in civil or commercial matters. At this moment, there is no common set of minimum requirements in this regard, other than what is specified in the eIDAS Regulation, which only comprises very narrow standards mostly for non-repudiation purposes only.
The CCBE therefore believes that the Commission should be required and empowered to adopt delegated acts to set a number of minimum requirements for the following aspects:
a) common standards for publicly available reports on the availability (including outages) of electronic registered delivery services that may be used for such purposes, and common methodology for defining key performance indicators, performance and for measuring such availability;
b) common standards for scope and time of mandatory testing of such services before their use in production environments, including mandatory prior notice with sufficient minimum notice period before any changes are introduced;
c) obligation to provide an application programming interface level access to such delivery services for use by regulated professions and enterprises having multiple employees (i.e. prohibition to provide only a single interface for citizens), and obligations to provide access to the API and the documentation of such API for free;
d) mandatory contingency measures and disaster recovery plans to be provided by the operator; e) definition of security requirements above the level of standards for eIDAS qualified ERDS, because of the high risk of fraud and abuse in the delivery of such documents (failure to access documents delivered to such electronic addresses can result in imprisonment, loss of very high value assets etc., and mitigation of such fraud risks are not aimed by ETSI standards in development on ERDS).
In this regard, reference is made to the requirements of API as defined in PSD2 RTS Article 32-33 (Commission Delegated Regulation (EU) 2018/389 of 27 November 2017 supplementing Directive (EU) 2015/2366 of the European Parliament and of the Council with regard to regulatory technical standards for strong customer authentication and common and secure open standards of communication).
The CCBE therefore proposes to amend Article 15a as follows:
Hopefully the Dutch ministry of governmental IT and cybersecurity (the Ministry of the Interior) and the Dutch governmental IT-provider Logius will read these recommendations.
More documents published by CCBE: are to be found here on theme.