Technology Disputes and Arbitration – Global Arbitration Review


In summary

Technology is fundamentally shifting the way in which individuals, businesses and governments interact with one another – bringing both opportunities and risks, including the increased risk of disputes. Looking back at the events of 2023, we see the most notable developments being the explosive growth of AI and the EU’s ambitious efforts to serve as the vanguard of tech regulation. Projecting to 2024 and beyond, we see these developments as potentially giving rise to new disputes – both in the investor–state and commercial sphere. We also see that tech companies face increased risks from mass consumer arbitrations. Finally, we observe that the arbitration community is not merely a passive bystander to the technological revolution, but is seeking to actively manage the risks of using AI and introduce new model clauses for technology-related disputes.

Discussion points

  • Digital regulations in Europe
  • Implications of digital regulations on investor–state disputes
  • New technology and implications on commercial disputes
  • Mass consumer arbitrations – a transatlantic view
  • Draft guidelines on the use of artificial intelligence in arbitration

Referenced in this article

  • New and upcoming EU digital regulations
  • SVAMC Guidelines on the Use of Artificial Intelligence in Arbitration
  • UNCITRAL Working Group II Model Clauses
  • Einarsson v Canada (ICSID Case No. UNCT/20/6)

Introduction

In the 2023 European Arbitration Review, we outlined the rise of tech arbitrations in three main areas: M&A tech deals, commercial collaborations, and investor–state dispute settlement (ISDS). We observed that the growing number of tech M&A deals and collaborations, together with an increasingly complex regulatory environment, had begun to lead to commercial and investor–state disputes, and that such disputes would likely become even more common in the years to come. While much has changed in the world – and the world of technology – over the past year, we believe the fundamental dynamics and trends set out in our previous chapter remain applicable.

So what is new this year? Globally, the dominant development of the past year has been the explosive growth and adoption of artificial intelligence (AI) in the marketplace, posing new opportunities and challenges for businesses of all kinds. In Europe, in particular, we have seen a strong ambition to regulate AI and other technologies, especially in relation to online platforms, data and the metaverses. These developments will no doubt have far-reaching implications for all companies based or operating in Europe and across all areas of law.

This article focuses on exploring the potential impact of these changes, highlighting five issues that we believe may be of particular interest to tech companies and dispute resolution practitioners operating in this space:

  • In Part I, we outline the EU’s role as a tech regulatory vanguard and its ambition to set global standards for regulating the digital space.
  • In Part II, building on our analysis of last year, we outline how the EU’s digital regulations could lead to future ISDS claims by tech investors and explore specific challenges for investors looking to bring such claims.
  • In Part III, we discuss the impact of compliance with some of these new digital regulations on M&A deal structures and, in turn, post-M&A disputes.
  • In Part IV, we turn to look at the phenomenon of mass consumer arbitration in the US, and consider whether tech companies may face similar risks of having such mass arbitrations brought against them in Europe.
  • In Part V, we look at the arbitration community’s efforts to adapt to the emergence of new technologies and to court tech disputes.

Part I: Europe as the vanguard of digital regulations

Since February 2020, the European Commission has been working on a European Digital and Data Strategy, with the aim of expanding the EU’s digital sovereignty and setting global standards in the digital economy. Since then, the EU has rolled out an unprecedented number of new flagship digital regulations (with more to come), and is expected to update the existing General Data Protection Regulation (GDPR) framework in respect of personal data. These changes introduce novel and complex compliance challenges, create legal uncertainty particularly in areas where they overlap, and are thus likely to give rise to disputes.

Below, we outline some of the essential building blocks of the EU digital regulations, including key regulations and directives, and further laws under consideration:

  • the EU Data and Cyber Strategy: this includes the Data Governance Act (DGA) (in force), the Data Act (DA) (in draft), the Cyber Resilience Act (CSA) (in draft), the NIS2 Directive (in force) and European Data Spaces (in draft);
  • the Digital Platform and Services Package: this includes the Digital Services Act (DSA) (in force) and the Digital Markets Act (DMA) (in force);
  • the legal framework for AI: this includes the highly anticipated AI Act (in draft and expected to be adopted in late 2023) and the AI Liability Directive (in draft); and
  • content-related and other regulations: this includes the Digital Single Market (DSM) Directive (in force), the European Media Freedom Act (EMFA) (in draft) and eIDAS 2.0 (in draft).

These new laws set a common legal framework for the European digital and data market, with significant implications for digital service providers, platforms and all companies offering connected products in the EU. They reflect the European legislator’s ambition to set a global standard for regulating the digital world. Some of these notable laws and developments include:

  • the DA, which is intended to foster data-sharing in the Internet of Things (IoT), implement broad data access rights in relation to IoT data, and impose new requirements for cloud providers to make it easier for customers to switch between providers;
  • the DSA, which introduces (1) new horizontal and technology-neutral frameworks for intermediaries, based on the principle that ‘what is illegal offline must also be illegal online’, and (2) various transparency and due diligence obligations tailored to the complexities of the different providers’ business models, with more onerous obligations for larger companies;
  • the DMA, which introduces restrictions relating to interoperability, data portability, data collection and the use of and access to data for ‘gatekeepers’ (ie, large and established platforms, of which the EU is also expected to ramp up enforcement); and
  • the AI Act, which is likely to introduce uniform minimum requirements and obligations across the EU for the development, offering and use of AI systems, including obligations around impact assessments, transparency and conformity certifications. This is further accompanied by the AI Liability Directive, which is set to introduce new rights and procedural facilitation for users of AI systems so that they can more easily assert claims for damages against AI system providers.

The multilayered regulations mark the start of a new era of data and digital regulations, similar to the time when the adoption of the GDPR was just around the corner. Most of the new rules apply not only to tech companies, but also to companies across any sector to the extent that they utilise, for example, data, connected products, AI applications or intermediary services respectively. Their impact will reach beyond the EU, as the new rules affect any global businesses operating in the EU or targeting European customers and might influence legislative efforts in other key markets outside the EU.

The current wave of digital regulations has an imminent and practical business impact on many companies. They are required to deal with new legal requirements at an early stage in order to bring products and processes in line with new and upcoming digital regulations. In particular, taking into account the high complexity of the various existing and upcoming legislative instruments, their overlaps in scope, and the risk of significant fines for non-compliance (up to 20 per cent of the total annual worldwide revenue), companies need to approach compliance as comprehensive strategic projects and anchor the new principles in product development processes at an early stage (also known as ‘compliance by design’). But this is easier said than done. Against this background, we expect disputes centred around new digital regulatory rules to increase in the years to come.

Part II: tech ISDS claims on the horizon

While past ISDS claims have most often arisen out of the energy and mining sectors in relation to the use of natural resources, new tech ISDS claims may be on the horizon given the primacy of the digital economy. As demonstrated above, the existing and upcoming regulatory legal framework will have a significant impact on the tech companies and require substantial changes to certain business models. In this section, we outline potential ISDS claims and remedies of legal tech companies with respect to the aforementioned new regulatory developments, and where the legal difficulties may lie.

Potential bases for tech ISDS claims

As outlined last year, common bases for ISDS claims include unlawful expropriation, a breach of fair and equitable treatment (FET) and a failure to accord full protection and security. The changing EU digital regulatory landscape may lend itself to a potential FET claim. Any FET claim would have to be extremely fact-specific, with the extent, speed and impact of such regulatory changes being key.

The EU’s ambition to become a regulatory trendsetter, coupled with its new digital regulations such as the DA, DSA and DMA and the AI Act, may bolster investors’ claims that the regulatory environment in the EU has not only changed significantly over time, but also unfairly undermined the value of their investments. For example, in relation to the DSA, in April 2023, the European Commission designated 19 tech companies as very large online platforms (VLOPs) or very large online service engines (VLOSEs). Given that these designations are made based on online platforms or engines that operate with at least 45 million monthly active users, they disproportionately affect Big Tech. Big Tech companies that have been designated would also have to comply with more onerous obligations, including by moderating content on their platforms, providing enhanced transparency also in respect of advertising, as well as granting free access to data for researchers. Given that the implementation of the DSA as well as other new digital regulations is still in their early stages, the impact on affected companies’ business models and bottom lines are to be determined and may also contribute to complexities with potential future claims.

As we noted last year, future claims that are based on data may also give rise to difficult questions about its legal status as there is no ISDS jurisprudence on whether data in and of itself can amount to a protected investment. In relation to the legal status of data, the ongoing case of Einarsson v Canada (Einarsson) may be tangentially relevant as it concerns the legal protection of data in seismic works and whether data-sharing obligations in Canada violate investor protections (including against illegal expropriation).

In Einarsson, the claimants are shareholders of the company known as GSI, which surveys, maps and collects raw data on the geology of the earth’s surface. This initial raw data was processed and converted into digital images that were licensed to companies in the hydrocarbons industry, which could then use them to explore and exploit natural resources. Notably in their ISDS claim, the claimants did not argue that data in and of itself amounted to a protected investment as prior decisions of the Canadian Alberta court had already decided that both GSI’s raw and processed data qualified for copyright protection. While the case remains pending, we do not expect Einarsson to pronounce on the legal protections available for data in and of itself.

The claimants in Einarsson argue that the Canadian regulatory regime and judicial decisions ‘confiscated’ GSI’s data in seismic work and thereby undermined the fair market value of the company, which had derived significant revenues from licensing such non-exclusive seismic data to third parties. Specifically, the claimants allege that (1) GSI has been subject to increasingly extensive disclosure and data-sharing obligations under Canadian law to obtain permits for their surveying works; (2) Canada has significantly altered previous confidentiality protections accorded to such data (including by allegedly allowing third parties to access GSI’s data); and (3) Canadian courts have upheld the regulatory regime that ‘confiscated’ GSI’s data without any compensation.

One can thus observe some parallels with the nascent data-sharing obligations in the EU. Taken together, the DA, DSA and DMA also impose obligations on tech companies to share data with both private and public bodies, for little to no compensation. Mandatory data-sharing and disclosure obligations, especially when made without fair market compensation, could lead an investor to claim that the host state has unlawfully expropriated its investment that is based in its data. However, as with any ISDS claim, potential claimants would need to carefully evaluate their specific factual circumstances and the relevant regulatory regime. While some parallels between the EU digital regulations and the Canadian regulations in Einarsson can be seen, some differences are also apparent with the implementation of the new EU digital regulations at a relatively early stage and subject to changes.

Any assessment of a breach of FET or unlawful expropriation may also depend on tribunals’ weighing of policy choices. For instance, new EU data-sharing regulations often include built-in caveats to take into account legitimate interests of data holders, such as the protection of trade secrets. Some disclosure obligations are only triggered when a public purpose is at stake (eg, ‘public emergency’ under the DA or for the ‘sole purpose of conducting research’ under the DSA). This shows that there is an inherent tension between the public interest to widespread access to data (which is, in principle, not protected by property-like rights), and the legitimate interests of companies in their data-driven business models. Against this background, while states are bound to raise various objections to oppose such ISDS claims, it is expected that they would advocate for more tribunal deference to their right to regulate in the public interest and the enhanced language in new EU data-sharing regulations may bolster states’ claims. Some ISDS tribunals have suggested that such scrutiny of regulatory powers may also be sector-specific; for example, investors in the banking and finance sector should expect and be prepared to comply with a myriad of regulations. As there has been no examination of regulations in the tech sector to date, it will be interesting to see how tribunals seek to balance investors’ rights against states’ right to regulate technology.

Jurisdictional challenges – avenues after Achmea

A tech company looking to bring an ISDS claim against a state must constitute a protected investor under a bilateral investment treaty (BIT) or an international investment agreement (IIA) between the host state for the investment and the home state of the investor.

Since the Court of Justice of the European Union (CJEU)’s decision in Slovak Republic v Achmea (Achmea) that BITs between two EU member states (also known as intra-EU BITs) are incompatible with EU law and the subsequent termination of these BITs, EU-based companies face an uphill battle when seeking to bring claims. Non-EU investors have more promising prospects, with several potential options. The US, for instance, continues to have older generation BITs with some EU member states, which expressly protect intellectual property rights (IPRs) as investments. Moreover, in recent years, the EU has also concluded new IIAs. However, tech investors seeking to rely on these new instruments would need to undertake a careful review, given that these agreements (1) may not always welcome arbitration as a means of dispute resolution; (2) may contain complex provisions and carve-outs involving IPRs, telecommunications and data; and (3) may also enhance the host state’s right and discretion to regulate out of its public interests.

Quantification complexities

Claims based on data may also give rise to new and difficult questions about the assessment of its value. In Einarsson, the claimants argued that the unlawful expropriation of their data and disclosure by the Canadian authorities undermined the fair market value of their investment in GSI due to loss revenues from licensing fees. In quantifying their losses, the claimants, with the help of experts, (1) used their previous licensing fees to companies as a basis; and (2) applied a multiplier depending on the number of times a licence would have been required for the particular group of third parties accessing the data.

The claimants’ approach may be workable where a business licenses its data directly and there is already a longstanding method of proving that its data has an assigned and accepted economic value on the market. However, it is not entirely clear if businesses that use data in other ways (eg, to train internal business models) can rely on the same methodology. Data-driven business models are being developed dynamically, and data markets and valuation models are still nascent. Given that the full value of data is often not known until put to a specific use, including in future business models and inventions that do not yet exist, these may be difficult to measure directly. Much will depend on the historical usage of data in each business, whether sufficient evidence of its commercial value can be proven.

Part III: new fronts in the tech commercial arbitration space

The tightening regulatory framework in Europe is also bound to impact the way in which M&A deals are structured and the types of post-M&A disputes that arise.

Take the DSA, for example, which as explained above is aimed at all providers of digital services that act as intermediaries. The DSA sets out a series of responsibilities, with stricter rules and compliance requirements applying to large companies (in particular those designated as VLOPs or VLOSEs). As a result of this and other new acts, digital business models will need to be reviewed and may need to be adapted and designed to the new set of rules. Considerable resources must be dedicated to achieving compliance with the new rules, which provide for strict enforcement regimes that establish interaction between the European Commission and national authorities with fines measured by a percentage of a business’s global annual turnover.

In the context of an M&A transaction, the risk of non-compliance with these new rules needs to be identified and allocated. In light of the complexity and significance of the DSA, as well as the high risk in case of non-compliance, this is no easy task. The sell-side in the context of M&A transactions will usually attach great importance to not providing broad warranty or guarantee catalogues for these laws (but limit warranties for example through ‘knowledge-qualifiers’); equally, the buy-side faces the risk that it can only assess compliance to a limited extent and thus has an interest in broad warranty protection.

It remains to be seen which ‘best practices’ will emerge to address these risks. We may see new or expanded digital and data ‘warranty catalogues’, which in turn could result in considerable potential for disputes because of the high risks resulting from non-compliance and thus a high appetite for post-M&A claims. It is also conceivable that buyers will start to conduct broader regulatory digital and data regulatory readiness exercises post-closing (not only focused on GDPR topics as has been often the case so far).

In sum, we see clear signs that regulatory digital and data compliance will be high on the agenda in M&A deals and disputes in the future, indicating that issues arising in this regard will shape the disputes landscape more prominently than in the past.

Part IV: a transatlantic view to consumer disputes – pollination of ‘mass consumer arbitration’ from the US to Europe?

One phenomenon that has already arisen – at least in the US – is that of ‘mass consumer arbitration’. In the US, arbitration clauses have often been adopted by tech companies in their standard terms and conditions as a means to prevent consumer class actions being brought in domestic courts. However, consumer arbitration clauses and institutional rules typically require businesses to cover the majority of fees in an arbitration, including institutional fees and arbitrator fees. Taking advantage of this structure, plaintiffs’ firms in the US have begun organising a large number of claimants covered by individual consumer or employment arbitration agreements and threatening to initiate numerous individual arbitrations against a company – which would cost it millions of dollars in filing fees, even if the underlying claims are trivial or largely meritless. In some cases, claimants have used this leverage to negotiate large in terrorem settlements. Given that US courts have been largely unsympathetic to businesses’ attempts to cope with these mass consumer arbitrations by seeking to enjoin these arbitrations or challenge their share of arbitration fees charged by arbitral institutions, such practices look set to continue in the US.

While mass consumer arbitrations have not been as prevalent in the UK and Europe due to the interactions with consumer protection legislation in these jurisdictions, tech companies may still bear some risks here as well in relation to potential consumer arbitrations. The nature and extent of these risks are often jurisdiction specific, as we explain further below:

In the UK, there is a significant risk that arbitration clauses requiring consumer-business disputes to be settled via US-seated arbitration may not be enforceable. The recent decisions of Soleymani v Nifty Gateway LLC and Payward v Chechetkin both involve US companies seeking to enforce US-seated arbitration agreements before UK courts. Each of these cases involve UK consumers who were participating in financial services via online platforms – in Soleymani, this concerned an auction of non-fungible tokens on Nifty Gateway and in Payward, this was for cryptocurrency trading on the Kraken platform. Notably, both tech companies had adopted standard terms of use requiring consumers to resolve their disputes via arbitration seated in the US. In Soleymani, while the English Court of Appeal reserved the issue of the validity of such arbitration clauses to be decided at trial, it opined that a New York-seated arbitration was ill-suited to decide on issues implicating UK consumer laws. Most recently, in Payward, the English High Court denied the enforcement of the arbitral award rendered in California on the basis that it violated UK public policy.

In the EU, the Directive on Unfair Terms in Consumer Contracts (the EU Directive) contains a similar presumption that contract terms affecting the rights of consumers to seek redress, including via arbitration, are unfair. However, the different implementation of the EU Directive across member states has meant that the risk profiles for tech companies vary significantly according to jurisdiction. Twenty-four out of 27 EU member states allow, in principle, consumers to bring arbitration claims against businesses. This is, however, subject to a number of additional jurisdiction-specific requirements, including that (1) the arbitration agreement has to be specifically negotiated between the company and consumer after the dispute has arisen, (2) the arbitration agreement is concluded separately from the main contract, and (3) additional formalities. It is therefore important for tech companies to be cognisant of specific local laws and requirements affecting the validity of an arbitration agreement.

The consequences of non-compliance also vary. In some jurisdictions, failure to satisfy the applicable requirements may invalidate the arbitration agreement, while in others – most notably including Ireland and Luxembourg, where a number of Big Tech companies have their EU offices – the consumer is granted the option of choosing whether to affirm the arbitration agreement. In these jurisdictions, while tech businesses may not be able to enforce agreements to arbitrate disputes against consumers, consumers may still bring mass claims via arbitration if they affirm the agreement.

In sum, while the trend in mass consumer arbitrations has not yet crossed the Atlantic into the UK and Europe, the risks still exist for tech companies, which should consider taking steps to mitigate their exposure.

Part V: arbitration adapts to tech developments and disputes

Over the past year, the arbitration community at large has been focused on tech in a number of respects, from addressing the risks of using technology in arbitration proceedings, to offering increased options for tech companies to tailor their dispute resolution mechanisms.

The advent of AI in the marketplace has not only affected businesses, but also the way arbitration practitioners operate. Infamously, in the US, lawyers have been sanctioned for submitting fictitious case citations generated by ChatGPT to the court. Some jurisdictions have required lawyers to disclose their use of AI but no uniform standard for regulating such uses exists. In the EU, the draft EU AI Act may lead to AI systems (including research tools) that are used in arbitration to be classified as ‘high-risk’; which has to meet stringent requirements. It is not yet clear what the consequences of non-compliance with the EU AI Act would be for an arbitral award and an arbitration user. For now, popular research tools, such as Jus Mundi, have already begun to clarify why their AI-powered functionalities would not fall under the EU AI Act.

While these uncertainties remain, the arbitration community has begun to come up with some answers. The Silicon Valley Arbitration and Mediation Centre (SVAMC) AI Taskforce is currently drafting a set of guidelines which aim to provide uniform best practices on the use of AI by different participants in international and domestic arbitrations. In addition to more general guidelines, they will also contain specific provisions on the use of AI by counsel and arbitrators. After a consultation process, these will be the first set of guidelines on the use of AI in arbitration, and may become a minimum industry standard, akin to the current International Bar Association Guidelines on Conflicts of Interest or on the Taking of Evidence in International Arbitration.

Apart from minimising the risks of using technology in arbitration, the arbitration community is also looking to increase the options for tech companies to tailor their arbitration proceedings according to their disputes. There are various levels in which such efforts have taken place.

At the highest level, the United Nations Commission on International Trade Law (UNCITRAL) Working Group (WG II) has been deliberating the issuance of model arbitration agreements (model clauses) which tech companies can adopt and incorporate into their contracts. Given that most arbitral institutions offer some recommended language when adopting their procedures, the use of such tailored model clauses may be most relevant when tech companies are looking at ad hoc arbitration, where there is no involvement of an arbitral institution.

Model clause A, the most progressed thus far, provides for highly expedited arbitration, and may be particularly suitable for start-up tech companies, which often prefer for their disputes to be resolved expeditiously to minimise disruptions to their cash flow or business operations. Other model clauses – which at present include expert determination, the use of experts by tribunals for technical matters, and confidentiality provisions – may still be subject to heavy refinement by the UNCITRAL Secretariat and debate at UNCITRAL WG II. If and when issued, the model clauses may complement existing options for tech companies to tailor their arbitration agreements as they see fit.

In addition, some arbitral institutions such as the World Intellectual Property Organization (WIPO) Arbitration and Mediation Centre maintain their own panels of arbitrators, mediators and experts (known as the ‘List of Neutrals’) with specialised knowledge to assist in disputes with IPRs as the subject, and have a significant caseload with over 70 per cent focusing on patents, copyrights and trademarks disputes. Other institutions may not maintain their own tech-specific panels, but may then consult external recommendations, such as the SVAMC’s Tech List.

When devising their arbitration clauses, tech companies will therefore have a myriad of options. They should consider not only the type of tech dispute they have (eg, IPRs or purely contractual issues), but also whether there may be benefit in adopting model clauses or abiding by institutional arbitration rules. In choosing the latter, they should carefully select the framework (whether general arbitration, expedited arbitration or expert determination) that best suits their dispute, and consider any additional offering such as recommendations for possible arbitrator candidates.

Conclusion

In our analysis above, we have outlined the different changes affecting tech companies, ranging from the EU’s regulatory ambitions and digital regulations to its effect on ISDS claims, commercial M&A disputes, as well as a transatlantic view of mass consumer arbitrations. Moving into 2024, these changes pose both opportunities and risks for tech companies and mark potential hot spots for arbitration practitioners.

* The authors would like to thank their Freshfields colleagues, including Thomas Walsh, Sofia Klot and Christian Vandergeest, for their expertise in the preparation of this article, as well as interns Ionut Rus and Nataliia Kichuk for their assistance.

Footnotes



Source link

Previous articleJim Cramer's Bitcoin Prediction: Prepare for a Sharp Drop – Best … – Cryptonews
Next article“Mr Bitcoin Is About to Go Down Big” Claims CNBC’s Jim Cramer – Does That Mean the Bottom Is In?

RELATED ARTICLESMORE FROM AUTHOR