On July 26, 2024, participants in the Joint Statement Initiative (JSI) on E-commerce released the “stabilised text” of the Agreement on Electronic Commerce (“the agreement”) after a marathon negotiation spanning more than five years. The process leading up to what is the first global agreement on e-commerce has been rife with surprises from beginning to end. The biggest initial surprise was China’s last-minute decision to join when the negotiation was launched in January 2019: China wanted to shape the rules from the inside and avoid the cold shoulder it faced when trying to join the Trade in Services Agreement negotiations in 2013. The biggest surprise toward the off end of negotiations was the October 2023 announcement by the United States that it would withdraw its long-standing support of pro-business provisions on data flows, data localization and source code, ostensibly in an effort at “balancing the right to regulate in the public interest and the need to address anticompetitive behavior in the digital economy.”
But despite the many hiccups along the way, the final package is quite impressive. With 38 provisions and an annex and spanning 24 pages, the agreement covers a wide range of issues from digital trade facilitation and regulatory framework to consumer protection and dispute settlement, making it the most comprehensive global agreement on e-commerce ever.
The agreement begins with a preamble composed of eight statements. While it does not create legally binding obligations, the preamble does provide interesting hints on how the signatories will approach various issues. First, the preamble notes that the agreement is “building on their respective rights and obligations under the WTO [World Trade Organization] Agreement.” That means it must be read together with relevant provisions in existing WTO agreements. This is further confirmed by article 3, which notes that “the Parties affirm their rights and obligations under the WTO Agreement,” adding that “nothing in this agreement shall be construed as diminishing a party’s rights and obligations under the WTO agreement, including any market access commitments inscribed in a Party’s schedule of commitments to the GATT [General Agreement on Tariffs and Trade] 1994 or the GATS [General Agreement on Trade in Services], respectively.” Together, these two recitals make clear that the agreement is not intended to “reinvent the wheel” on issues already covered by the WTO agreements but is supposed to complement the existing WTO obligations. At the same time, they also assure WTO members that the agreement would not be the Trojan horse that undermines their existing rights and obligations.
Among existing WTO agreements, the most relevant is the GATS, including its annexes, especially those on telecommunications and the schedules of members’ specific commitments, and the 1998 Declaration on Global Electronic Commerce, which established the moratorium on customs duties that prevent WTO members from applying tariffs on electronic transmissions. To understand the full implications of the Agreement on Electronic Commerce, one needs to read it alongside these agreements.
Second, the preamble further recognizes “the right of each Party to adopt regulatory measures to achieve legitimate policy objectives.” This may sound like boilerplate language commonly found on free trade agreements (FTAs). The key difference here is that the prerogative to adopt regulations is recognized as a right, rather than as an exception to certain obligations. This is important, as it shifts the burden of proof from the member adopting such policy measures, as is normally the case for exceptions, to those challenging such measures. Not having to worry about being second-guessed by other countries will make it much easier for the countries adopting such measures. Moreover, the statement here does not include the word “necessary,” which seems to imply the removal of the necessity test that requires the country adopting such policies to justify such measures, as further corroborated by the language of the personal data protection exception discussed below.
The main text of the agreement starts with section A, which sets out the scope and general provisions, including the definitions of various key terms. According to article 1.1, the agreement applies to “measures adopted or maintained by a Party affecting trade by electronic means.” This copies the language in the Comprehensive and Progressive Agreement for Trans-Pacific Partnership (CPTPP) e-commerce chapter verbatim and has been the standard language in most FTAs. Interestingly, the agreement does not provide a definition of “electronic commerce,” which was present in the fifth revision of the consolidated negotiating text in November 2023. By adopting a broad scope to cover “measures…affecting trade by electronic means,” the agreement also avoids the perennial question of whether e-commerce should be classified as goods or services among WTO members, which would raise a myriad of legal issues due to the bifurcation of obligations on goods and services in the WTO agreements.
Section B includes seven provisions designed to enable e-commerce, either by putting in place the necessary regulatory framework recognizing the legal validity of electronic transactions, electronic authentication, electronic signature, electronic contract and electronic invoicing, as well as the necessary technological framework that facilitates paperless trading, single windows data exchange and electronic payments.
These provisions largely confirm the existing obligations of many WTO members under various international agreements, such as the United Nations Commission on International Trade Law (UNCITRAL) Model Law on Electronic Commerce (1996) and the WTO’s 2014 Trade Facilitation Agreement. Thus, they will face little resistance from members as they echo rules already in place. The only one new to many members is the UNCITRAL Model Law on Electronic Transferable Records (MLETR) of 2017, which, so far, has been adopted by only 10 countries. Its inclusion in the agreement would greatly facilitate the MLETR’s uptake by more countries.
This language has never been used before and could be seen as an indirect response to the efforts of India and South Africa to kill the moratorium.
Section C includes three provisions designed to ensure openness in e-commerce: customs duties, open government data, and access to and use of the internet. The first addresses the highly contentious issue of a moratorium on customs duties. Introduced in the 1998 Declaration on Global Electronic Commerce, the moratorium requires WTO members to “continue their current practice of not imposing customs duties on electronic transmission.” This short sentence is essentially what has kept global e-commerce tariff-free for the past 26 years. Nonetheless, the moratorium was not permanent but must be renewed on a periodic basis, most recently done at the thirteenth Ministerial Conference (MC13) in March 2024. Members then agreed to “maintain the current practice of not imposing customs duties on electronic transmissions until the 14th Session of the Ministerial Conference (MC14) or 31 March 2026, whichever is earlier.”
What is interesting, though, is that the MC13 decision was immediately followed by another sentence: “The moratorium and the Work Programme will expire on that date.” This language has never been used before and could be seen as an indirect response to the efforts of India and South Africa to kill the moratorium and sabotage the JSI negotiations by attacking its lack of mandate as they did with the 1998 Work Programme on Electronic Commerce. Tying together the fate of the moratorium with that of the Work Programme makes it impossible for India and South Africa to continue their blackmailing of the moratorium. Now that the moratorium has been incorporated into the agreement, it matters even less whether the moratorium in the Work Programme expires by March 2026.
At the same time, there are interesting twists to the formulation of the moratorium in the agreement: First, while the original moratorium applies universally to electronic transmission from all WTO members and non-members, the agreement now makes it reciprocal by limiting the beneficiary to only the parties to the agreement.
This essentially prevents free-riding by non-parties, and can provide a strong incentive for the WTO members that have yet to join the agreement. Second, the agreement also expands the scope of the moratorium by explicitly stating that “electronic transmission” includes the content of the transmission. The original moratorium does not exactly define “electronic transmission,” leading to heated debates among WTO members on whether it is meant to cover only the medium of transmission (the network) or the content of transmission (the product being transmitted) as well.
In view of this, some FTAs such as the CPTPP and the Digital Economy Partnership Agreement explicitly state that the moratorium also covers the content of the transmission, but other FTAs such as the Regional Comprehensive Economic Partnership have not followed suit. The debate also continued during the negotiation of the agreement, with some such as Türkiye proposing to follow the approach of the original moratorium, while others such as Indonesia went one step further by explicitly excluding content from the scope of the moratorium, as they want to maintain the ability to apply tariffs on the product being transmitted. The disagreement on this issue is one of the reasons why Türkiye and Indonesia did not endorse the stabilized text, where “electronic transmission” was explicitly defined as including the content of the transmission. Probably in view of the controversy, the agreement also includes a review clause on the moratorium, which shall be conducted five years after the entry into force of the agreement. Such review could potentially lead to the termination of the moratorium or amendment on its scope to exclude content.
Section D deals with various trust issues such as online consumer protection, unsolicited commercial electronic messages (spam), personal data protection and cybersecurity. Until November 2023, this section in the consolidated negotiating text also included issues such as source code and cryptography. However, due to the US change of position mentioned earlier, these two provisions have been dropped. For the same reason, section E also removed provisions on free flow of data and data localization, and only includes clauses on transparency, cooperation and development.
Among these provisions, the most important is the one on the protection of personal data. There are currently two main approaches: The first is through a comprehensive legislation governing personal data protection, with the European Union’s General Data Protection Regulation (GDPR) being the leading example. The second approach is sector-specific, where the protection is only guaranteed for sectors with specific laws on personal data protection. The first approach is championed by the European Union, while the second is the preferred approach for the United States, which also adopted it for the CPTPP. The agreement adopted the US approach, and in section D only requires the parties to “adopt or maintain a legal framework that provides for the protection of the personal data of users of electronic commerce” rather than to adopt a comprehensive personal data protection law. To avoid any doubt to the contrary, the agreement also includes a footnote, again copied from the CPTPP, which explicitly states that “a Party may comply with this paragraph by adopting or maintaining measures, or a combination of measures, such as a comprehensive privacy law, personal data protection laws, sector-specific laws covering privacy or other laws that address privacy violations.” This gives the parties wide discretion in developing domestic legal frameworks for personal data protection and does not limit them to specific models.
At the request of New Zealand, an exception for the protection of Indigenous peoples was also included, presumably to fulfill its obligations under the Treaty of Waitangi to protect the Māori people.
In recognition of the key role of telecommunications as the underlying infrastructure of e-commerce, section F includes a broad set of disciplines in the telecommunications sector. These obligations mainly apply to the telecommunications regulators and dominant suppliers, with the main rules drawing from and expanding upon the WTO’s Annex on Telecommunications and the Telecom Reference Paper (in the annex to the agreement).
In addition to the obligations, the agreement also includes exceptions, as do all trade agreements. Such provisions allow the parties to deviate from their obligations to pursue other policy objectives under specific scenarios, with the most famous ones being the general exception clauses under GATT article XX and GATS article XIV and the security exception clauses under GATT article XXI and GATS article XIV bis. These two exceptions have been directly incorporated into the agreement in the first two articles of section G. In addition, the agreement also incorporates the prudential regulation under the GATS Annex on Financial Services, which allows parties to impose restrictions to protect investors, depositors, policy holders or persons to whom a fiduciary duty is owed by a financial service supplier, or to ensure the integrity and stability of the financial system.
At the request of New Zealand, an exception for the protection of Indigenous peoples was also included (article 26), presumably to fulfill its obligations under the Treaty of Waitangi to protect the Māori people.
The most intriguing exception in this section is article 25 on personal data protection, which states that “nothing in this Agreement shall prevent a Party from adopting or maintaining measures on the protection of personal data and privacy, including with respect to cross-border data transfers, provided that the law of that Party provides for instruments enabling transfers under conditions of general application for the protection of the data transferred.”
It could be argued that such a specific exception is not really necessary, as the general exception clause under GATS article XIV(c)(ii) already covers laws for “the protection of the privacy of individuals in relation to the processing and dissemination of personal data and the protection of confidentiality of individual records and accounts.” Nonetheless, given the wording of the exception, it seems the focus is not really on personal data protection as the title of the article suggests, but rather on laws restricting cross-border data transfers, as is the case of the GDPR. Thus, this provision has most likely been added to alleviate the concerns of the European Union that the cross-border data transfer restrictions under the GDPR could be challenged.
The last section of the agreement deals with various institutional arrangements, such as the entry into force and implementation. The most interesting provisions are article 36, which states that the agreement shall be administered by the WTO Secretariat, and article 27, which states that the agreement shall apply the WTO’s Dispute Settlement Understanding (DSU). Since the launch of the JSI, India and South Africa have challenged the legitimacy of the negotiation, and even objected to mere mentioning of the issue within the WTO. It would be an uphill battle to involve the WTO Secretariat and apply the DSU as suggested in the agreement. But before that can happen, the parties will first need to decide how the agreement can be incorporated into the WTO framework created by the Marrakesh Agreement Establishing the WTO. The three co-convenors — Singapore, Australia and Japan — reportedly wanted the text to be added to annex 4 of the WTO Agreement to make it a former part of the WTO, but the problem is that pursuant to the decision-making rules under article X.9 of the WTO Agreement, this can only be done “exclusively by consensus.” This essentially gives all WTO members, including those who did not participate in the JSI negotiations, a veto over the agreement. Probably to weaken opposition from non-participant WTO members, the agreement also explicitly stated in article 3.1 that it does not create binding obligations for non-parties. Yet, with the strong opposition to JSIs by India and South Africa, it seems highly unlikely that such a deal could be achieved, as already demonstrated by the failure of the participants of another JSI — Investment Facilitation for Development — to add their agreement to annex 4. Further complicating the picture is the withdrawal of the United States from the agreement, which makes it even harder for the parties to muster the political power to make it happen.
If annex 4 fails, the other option left to the members is to include it as additional commitments in the parties’ GATS schedule. The problem, though, is that according to GATS article XVIII, additional commitments are only meant for those that do not raise market access or national treatment issues. Probably for this reason, the agreement also specifies that it shall not be construed as affecting a party’s market access commitments in the GATS, as mentioned earlier. But just adding this simple proviso might not be enough, as some obligations, such as the reciprocal moratorium on customs duties mentioned earlier, might have to be amended.
Overall, despite the lack of data-related provisions, the conclusion of the Agreement on Electronic Commerce is very encouraging. It demonstrates that, despite the increasing fragmentation of cyberspace and the rise of rival digital kingdoms, it is still possible to conclude global agreements on e-commerce.
The most disappointing feature is the withdrawal of the United States at the last minute, which shows once again how the country is giving up its leadership in trade negotiations. It’s a role that China, ironically, was eager to fill, even though the country only joined the negotiation at the last minute.
Nonetheless, I remain cautiously optimistic of the eventual return of the United States, as its withdrawal is more of a political gesture to garner support from voters who wish to see more aggressive enforcement of competition and labour laws against digital giants. Thus, once the 2024 presidential election is past, the United States may well return to the negotiation table. When that happens, though, the United States will probably demand the addition of aggressive data flow provisions, which might jeopardize the privacy protection exception under article 25. But in the grand scheme of things, this might be a small price to pay to make the glass fuller.
