The EU-UK Trade and Cooperation Agreement: what next for the technology sector?

A post-Brexit trade deal – the Trade and Cooperation Agreement (the TCA), was finally pinned down on 24 December. We consider some of the key implications for those in the technology sector.

For an overview of the deal, see Brexit: what did we get for Christmas?

The status of the TCA remains provisional pending approval by the European Parliament. Approval on the UK side was nailed down in double-quick time, through the accelerated passage of the European Union (Future Relationship) Act 2020.

We look at what the TCA will mean for the technology sector.

Much of the commentary around the deal so far has related to the import and export of goods. Tariff and quota free trade, subject to abiding by rules of origin and regulatory requirements, is an important and welcome achievement. However, other elements of this lengthy document will be of equal interest to those in innovative sectors.

A closer look at the digital trade section

Special provision is made for digital trade. The express objectives of the digital trade section are:

  • to facilitate digital trade
  • to address unjustified barriers to trade enabled by electronic means
  • to ensure an open, secure and trustworthy online environment for businesses and consumers.

Audio-visual services (such as media broadcasts and streaming) are excluded from these provisions.

The digital trade section addresses a series of issues, discussed below. Notably, however, the EU and UK are left to form their own laws and regulations to meet a set of general principles. Several areas are mentioned but left for future discussion, or expressed in terms of ‘endeavours’ to achieve particular aims.

Regulatory freedom

Both the EU and the UK will be free to regulate separately in these areas to achieve legitimate policy objectives, such as the protection of public morals, social or consumer protection, privacy and data protection, or the promotion and protection of cultural diversity.

Cross-border data flows

Each side commits to ensuring cross-border data flows to facilitate trade in the digital economy. The TCA rules out data localisation measures like requiring the use of computing or network facilities that are located or certified in the home territory. These rules are to be kept under review to address any perceived problems.

Data protection

Both the UK and the EU are free to apply their own laws on the protection of personal data and privacy. Each must keep the other informed about these. Where data protection laws affect cross-border data transfers, generally applicable methods are to be made available so that all importers and exporters of data can use them.

The TCA does not address the question of an adequacy assessment of the UK by the EU. This is a question for the EU alone. However, a transitional arrangement was put in place to allow data transfers for up to six months, during which (it is hoped) an adequacy assessment can be introduced in the UK’s favour. More on that here.

Customs duties on electronic transmissions

A short section on “electronic transmissions” states that these are considered to be a service, and are not to be subject to customs duties. The services provisions of the TCA will apply, discussed further below.

The categorisation of electronic transmissions as either goods or services is currently subject to some uncertainty at WTO level. 

No prior authorisation

Prior authorisation requirements for the provision of online service provision are ruled out. Note, however, that there is a list of exclusions from this rule (telecoms, broadcasting, gambling etc).

Electronic execution of contracts

Electronic execution of contracts receives specific protection. Again, a list of exceptions to the rule is included. This carves out broadcasting and gambling services. It also sees contracts for land transactions and contracts requiring in-person witnessing excluded from the rule.

Likewise, electronic authentication is also protected, although the EU and UK are free to set objective certification standards for these.

Source code

The EU and UK cannot require transfers of or access to source code owned by an individual or company in the other Territory, except in defined circumstances. These include regulation to protect the public safety of users online, or the enforcement of competition law.

Online consumer trust

Each of the EU and the UK must have in place a set of required measures to protect consumers in online transactions. These cover:

  • fraudulent/deceptive practices
  • good faith and fairness from suppliers
  • information requirements, such as contact details and pricing
  • rights and remedies for default.

Unsolicited direct marketing

Each of the EU and UK must ensure protection of users against unsolicited direct marketing. Communications sent to individuals must be based on consent (although consent requirements are for each to determine). Communications are allowed in the context of an existing customer relationship. Unsubscribe options must be provided and users must have access to redress mechanisms.

You may recognise the bare bones of the EU e-privacy rules here. Note that this EU regime is in the process of being reformed and updated - there’s no indication here that the UK will follow the same course.

Open government data

While recognising the value of government data in stimulating innovation, these provisions do not offer any strong commitments to making data available. Where public sector data is made available, the EU and UK agree to aim for easily usable formats and non-discriminatory access. There is also a weak agreement to seek cooperative ways of promoting access to publicly available data. 

Regulatory issues

The TCA sets out plans for information exchange and cooperation on the following areas:

  • interoperable electronic trust and authentication
  • direct marketing communications
  • consumer protection.

It also envisages cooperation in other areas relevant for digital trade, although data protection and privacy are excluded.

Computer services

A list of areas to be treated as ‘computer and related services’ for the purposes of the services section in the TCA is given. This includes:

  • systems services like consulting, installation and support
  • computer programmes themselves and software-related services;
  • data services (hosting, processing etc)
  • repair and maintenance of hardware
  • training relating to programmes, systems etc.

As has been widely flagged, cross-border services are less liberally treated by the TCA than goods. There are general commitments on important areas like market access, national treatment and not imposing local presence requirements. However, there will be a greater degree of complexity and red tape than businesses are used to. Service providers will need to comply with local rules and requirements, and specific restrictions in individual countries will apply to business travellers in the sector. A general review provision hints at possible improvements in the longer term.

Other aspects of the TCA likely to be of interest to those in innovative industries include sections on intellectual property and participation in research programmes.

Intellectual property

The TCA includes extensive provisions on intellectual property. These require the EU and the UK to maintain strong levels of protection across most of the recognised categories of rights. The bulk of this, however, focuses on the standards required by existing international treaties. Some of the provisions track more closely to EU standards, for example in relation to trade marks and trade secrets, but there is still ample room for divergence in approach.

Research programmes

Important to many working on innovation is ongoing access to research programmes and facilities.

The UK will retain access to Horizon Europe, Euratom Research and Training, the fusion test facility ITER, Copernicus, and the EU’s Satellite Surveillance & Tracking (SST) services. This will require funding from UK Government to be calculated according to detailed rules.

The UK loses participation in the Galileo programme.

Points to note

This is a high level survey of some of the areas that will be most relevant to many innovative businesses. Individual organisations will, of course, have differing priorities and will need to assess carefully how they are affected. Points that particularly strike us as we review the TCA include the following:

  • Much is expressed in terms of aims and objectives, using ‘endeavours’ or similar language.
  • There is little detailed harmonisation of regulatory approach, for example in relation to data protection.
  • Future cooperation to flesh out a greater degree of coordination is foreseen in many areas.
  • UK organisations will have to understand and comply with rules applicable in individual EU countries when, for example, travelling to provide services.

Learn more about our information technology and technology sector services.

Our content explained

Every piece of content we create is correct on the date it’s published but please don’t rely on it as legal advice. If you’d like to speak to us about your own legal requirements, please contact one of our expert lawyers.

Mills & Reeve Sites navigation
A tabbed collection of Mills & Reeve sites.
My Mills & Reeve navigation
Subscribe to, or manage your My Mills & Reeve account.
My M&R


Register for My M&R to stay up-to-date with legal news and events, create brochures and bookmark pages.

Existing clients

Log in to your client extranet for free matter information, know-how and documents.


Mills & Reeve system for employees.