You are here

Bird & Bird

"No-Deal" Brexit Checklist for Technology and Communications Businesses

The prospect of the United Kingdom making a no deal Brexit departure from the EU is now very real. The UK Prime Minister has been very clear that he intends to ensure that the UK leaves the EU by 31 October 2019.

The pre-conditions imposed on both sides for re-commencing negotiations and the very short time available increase the likelihood of a no-deal Brexit. By no deal Brexit, we mean the UK leaving the EU on 31st October without a transitional agreement and with no agreement on a future trading relationship between UK and EU.

Technology and Communications businesses need to prepare for a no deal Brexit and should bear in mind the following areas outlined in this note:

• People
• Trade, tax and tariffs
• Data protection
• Contracts
• Software export controls
• Trade marks and other IP
• Conformity Assessments (CE marks)
• Geo-blocking; and 
• Competition.

This Checklist is an update to the Checklist originally issued by Bird & Bird in November 2018.


Under a no-deal scenario, the UK will lose access to the single-market, including the free movement of people. However, the Government has committed to protect the rights of EU nationals and their family members who wish to stay in the UK after Brexit. The EU Settlement Scheme ("Scheme") requires EU nationals to register in order to preserve their rights under UK law (including rights to work, pensions, healthcare and other benefits). The Scheme went live on 29 March 2019 and is mandatory for all EU nationals who wish to continue living in the UK after 31 December 2020. Home Office guidance on the Scheme is available here.

Organisations should assess how the Scheme will affect their workforce, and consider the development of a communication plan to inform and support employees with registration. We encourage businesses to take proactive steps at this stage to ensure all employees retain the right to work in the UK and avoid business interruption. In particular, EU citizens lawfully resident in the UK on the Brexit day will continue to receive access to NHS-funded healthcare in England but will need to be able to provide evidence that they are lawfully resident in the UK and that they were residing in the UK on the Brexit day. 
Businesses with British Citizen employees residing and working in EU 27 Member States should also ensure that affected individuals have complied with national requirements to protect their continued right to reside and work in thatMember State after Brexit.

Cross-border workers based in the UK (who are British Citizens) but work in multiple EU Member States would need to carefully plan their future activities as freedom of movement will cease to apply after Brexit, which may mean they will need to obtain multiple work permits, visas and/or residence permits in order to work at client sites in EU 27 Member States.

Looking beyond Brexit, the Migration Advisory Committee ("MAC") published a report in September 2018 which serves as an indication of the future migration landscape for EU workers. In December 2018, the Government published the White Paper on UK's future immigration system having accepted most of MAC's recommendations to facilitate the employment of migrant workers regardless of their nationality. The broad policy direction recommended by the MAC (and accepted by the Government) is for the current work visa scheme, applicable to non-EU workers, to be extended to all migrants including EU nationals, with radical adaptations to attract higher-skilled workers.

For more information click here.

Trade, Tax and Tariffs

Multinational tech companies should review their international strategies to determine whether, and to what extent, they continue to use UK group companies as a gateway to the EU, particularly as companies within the EU will no longer be able to rely on EU directives to eliminate withholding tax on dividend, interest or royalty payments to the UK. 

In addition, businesses which currently rely on the Mini One-Stop Shop (MOSS) enabling businesses to register and account for VAT on all relevant supplies throughout the EU via a single registration for sales to EU customers will need to register in an EU jurisdiction as the UK will no longer be part of the MOSS scheme.

Tech companies need to consider their trading position under WTO rules. Businesses trading goods with the EU27 should review their supply chains and consider how they will handle the logistics of import and export declarations and procedures, and should check or obtain their EORI registration and prepare for participation in any applicable “trusted trader” system that may be introduced, including the Transitional Simplified Procedure (TSP).
The TSP will be introduced by HMRC in the event of a no deal Brexit to reduce customs congestion by allowing businesses to defer full import declarations and payments until a later date. If tariffs apply to imported goods, businesses must apply to HMRC defer any payable duties (and to provide a financial guarantee) by 30 September 2019.

For sales of software and services between the UK and EU and vice versa, WTO rules treat sales of packaged software, in general, as "products" that are covered by the 1996 WTO Information Technology Agreement. This Agreement eliminates tariffs on a broad range of high technology products including packaged software and computer hardware. Whether cloud-based or sold on physical media, international software sales between the UK and the EU should remain tariff-free. 

SaaS and other IT services (e.g. consultancy) are classified as services rather than a product. These fall under the General Agreement on Trade in Services (GATS). Similarly to the WTO rules for goods, the GATS imposes an unconditional most favoured nation obligation, and also requirements concerning national treatment and market access, subject to the member country having made relevant concessions in its schedule of commitments. GATS specifies generally that the international sale of services between WTO members are tariff-free.

For more information on future trading arrangements click here.

Data Protection

EU to UK data transfers: The GDPR has been implemented into UK law via the Data Protection Act 2018. Even so, the EU Commission's current position is that, in the event of a "no deal" Brexit, it will consider a transfer of personal data from the EU to the UK to be a transfer of personal data to a "third country" therefore requiring an adequacy mechanism to have been put in place to legitimise the transfer.

In the absence of the UK's laws being deemed (by the EU Commission) to offer adequate protection, the normal adequacy mechanism "toolbox" for such transfers would need to have been used - the EU Standard Contractual Clauses (SCCs), Binding Corporate Rules, together with the various derogations for specific situations allowing data transfers (e.g. explicit consent, contract performance, the exercise of legal claims or for important reasons of public interest). Note that the effectiveness of the SCCs are the subject of an ongoing legal challenge from Max Schrems, but their use is still commonplace.

The EU Commission has made clear that it will not make an emergency or "fast track" adequacy decision as part of the Commission's contingency planning.

Data transfers from the UK: The UK Government's position to date has been that the UK will treat EU countries' laws as adequate for the purpose of the Data Protection Act 2018's data transfer provisions. Assuming this remains the case, and the position could conceivably be changed as part of a more aggressive negotiation tactic on the part of the UK Government, transfer adequacy mechanisms will not therefore need to be deployed for UK to EU data transfers.

Personal data transfers to other jurisdictions will need to be made compliant with the Data Protection Act 2018 obligations. Essentially these are as per the pre-Brexit position and so options from the adequacy mechanism "toolbox" referred to above can be used. The UK and the US have agreed measures to enable the EU-US Privacy Shield to be used to legitimise UK to US transfers post a no-deal Brexit.

Lead supervisory authority and representative issues: The UK's regulator, the ICO, will not form part of any post Brexit GDPR regulatory regime, including the lead supervisory authority mechanism. UK businesses with operations or customers in the EU will need to consider their place of EU main establishment for continued EU operations after the date that the UK leaves the EU. GDPR project deliverables such as data incident response plans should be reviewed with this aspect in mind – i.e. an organisation needs to be clear which authorities it needs to notify in the event of a data breach or an "incident" under the Network Information Systems (NIS) laws.

UK businesses without an EU presence but which process the data of EU based individuals (e.g. their online customers) will need to consider the GDPR's requirements to appoint an EU representative, including so that the representative can deal with regulators on their behalf.

Click here for more information on how Brexit can impact Data Protection and Cyber Security.


Existing commercial contracts should be reviewed, particularly those involving entities within the EU, in order to assess the effect that a "no-deal" Brexit may have on the enforceability of English law contracts where there is a non-UK element to the contract.

Following an influx of hastily drafted "Brexit clauses", disputes are likely to arise as to their enforceability or otherwise, post- Brexit whatever the deal eventually struck with the EU. For those who attempt to rely upon more general "force majeure" clauses to argue that Brexit is caught by such a provision, there is an equal chance of disputes arising concerning their interpretation. A third problematic area is where contracts include territorial definitions which, until Brexit, have been based upon the EU territory.

As to procedure for contractual disputes/enforcement of judgments, on the choice of governing law in contracts, the UK Government has indicated that in the event of a "no-deal" Brexit the UK Courts will continue to apply the principles set out in Rome I and Rome II, the EU Regulations which currently govern the choice of law of contractual and non-contractual obligations. The position is therefore unlikely to change.

The position on jurisdiction of courts to hear disputes and the enforceability of contract judgments is very complex. The UK Government's guidance on a "no-deal" Brexit confirms that the Recast Brussels Regulation would be repealed in the event of a "no-deal" Brexit and that the UK would seek to ratify in its own right the Hague Convention on Choice of Court Agreements. The Hague Convention currently applies to the UK by virtue of its EU membership, but it will cease to apply on exit day. The Convention provides a worldwide framework of rules in relation to exclusive jurisdiction clauses and the recognition and enforcement of judgments based on these clauses in civil and commercial matters. To secure the ongoing application of the Hague Convention to the UK post-Brexit in a no-deal scenario, the UK has notified its accession in respect of the Hague Convention, which was originally intended to enter into force on 1 April 2019. The UK has currently suspended its accession until 1 November 2019. (If a deal is done with the EU, then the UK government will not accede to the Hague Convention).

The effect of accession would be that courts in EU member states (and the other contracting states to the Hague Convention) would be obliged to honour exclusive choice of court agreements designating UK courts, entered into after the Brexit date, and to enforce the resulting judgments.In respect of contracts signed before that date, there is no certainty as to what regime will apply, nor to contracts which do not contain an exclusive jurisdiction clause. The UK may also opt to re-ratify the Lugano Convention in the same manner, although that is less certain. The Lugano Convention is similar in many respects to the Recast Brussels Regulation in the way in which it deals with issues of jurisdiction and the recognition and enforcement of judgments.

For further information see our note on the Cross-border dispute resolution implications of Brexit and our Commercial Drafting Checklist which highlights Brexit-related issues for businesses.

Software Exports

Export controls apply generally to items that are specially designed or modified for military use and to items designed for civilian use which have potential military uses (‘dual-use’ items). Some software is subject to EU export control as dual use items, including many commonly used encryption protocols, unless the products are specifically excluded (such as smart cards and smart card reader/writers and mobile telephones for civil usage) or are excluded as being generally available to the public at retail selling points.

On a ‘no deal’ Brexit, the EU Dual Use Regulation will be incorporated into UK law. However, the UK will be regarded by the EU as being a third country for the purposes of EU export control. The European Commission has made clear that it will amend the General Export Authorisation ("GEA") for the export of all dual use items (including encryption software) to include exports from the EU the UK. Exporters of dual use software from the EU to the UK (that is not exempted) must notify the relevant national competent authorities of the first use of the GEA and EU Member States may require registration prior to first use of the GEA.

For transfers from the UK to the EU, the UK has already issued an Open General Export Licence (OGEL) to cover the export of dual use items (including encryption software) from the UK to the EU following Brexit. The OGEL has conditions and does not apply if the exporter is aware that the dual use item is intended to be use in certain weapons systems. Companies need to pre-register with the Department of International Trade for each product for which the OGEL is relied on and must comply with the terms of the OGEL, including a requirement to include a note on official export documentation that the items are exported under the OGEL.

Trade Marks and other IP

Tech companies should identify which of their business’ rights are likely to be affected by a "no- deal" Brexit and may need further application/registration in order to achieve maximum protection over those rights.

In a "no–deal" Brexit, Community rights, such as EU trade marks (previously community trade marks) and registered and unregistered community designs, may no longer have effect in the UK. The UK Government has confirmed that its aim is to "ensure the continuity of protection" and to "avoid the loss" of existing rights. In a "no-deal" Brexit, or if the UK Government does not follow through on its promise to ensure continuity of protection, the rights in question will be automatically reduced in geographical scope and their value will diminish, especially given the economic significance of the UK, which could result in the right-holder losing out commercially.

We recommend securing UK trade mark and design right protection sooner rather than later; failure to do this could mean businesses do not have registered rights in the UK following a "no-deal" Brexit. This is particularly important where a business has plans to introduce a new branded product which has not yet been sold in the UK – it is essential to secure trade mark protection in order to prevent a third party from obtaining a registration and thereby blocking access to the UK market for the new product.

Our German and UK teams have prepared a video on the effect Brexit is likely to have on trade mark portfolios as well as what trade mark owners need to think about right now click here to view.

For additional information on what to consider in regards to IP click here.

Conformity Assessment (CE Assessment Marks)

The EU Commission has made clear that following Brexit conformity assessments currently carried out by UK conformity assessment bodies will no longer be valid for EU purposes.

Instead, after Brexit in order to be valid for EU purposes conformity assessments will need to be carried out by EU-based bodies. Where companies hold certificates issued by a UK conformity assessor prior to Brexit and plan to continue selling the product in the EU post-Brexit, the EU Commission recommends that companies either apply for a new certificate from an EU-based conformity assessor or to arrange for a transfer – on the basis of a contractual arrangement between the manufacturer, and the UK and EU conformity assessors - with the EU Conformity Assessor then taking over the responsibility for that certificate.
In a no–deal Brexit, the Government has stated that manufacturers will be able, for a period of time (currently unspecified) to continue to use the CE marking when placing their products on the UK market (if their product meets the relevant EU requirements), including where products have had a third-party assessment carried out by an EU-recognised body.

The new UKCA mark will be available for products that require third party assessment of conformity within the UK. This will need to be carried out by a UK-based Approved Body.


The Geo-Blocking Regulation came into force in the UK in December 2018. Amongst other matters, it prohibits blocking access to, or forced redirection away from, a website on the basis of an internet user’s EU nationality or place of residence within the EU.

|A draft Statutory Instrument has been published under the EU Withdrawal Act which will revoke the EU Geo-blocking Regulation in the UK in the event of a no deal Brexit. If this Statutory Instrument comes into force, companies would not be prohibited from discriminating in the UK between EU customers and UK customers in their on-line businesses. However, within the EU27 the EU Regulation will continue to apply to UK businesses, meaning that UK companies will not be able to discriminate between customers in different EU member states, for example between French and German customers.


Companies operating in the UK and the EU should consider potential exposure to parallel investigations by the European Commission and UK Competition and Markets Authority (CMA) and the need to safeguard their position under both the UK and EU regimes.

They should re-assess territorial restrictions in agreements, as between the UK and the EU, under the anti-trust rules as from Brexit. More generally, companies should be aware that the Competition (Amendment etc.) (EU Exit) Regulations 2019 will adapt EU competition regulations to become a set of domestic regulations as from a no-deal Brexit.

If you are planning a large-scale merger or acquisition, consider whether it will be subject to merger control scrutiny by both the UK CMA and the European Commission, as the Commission will no longer be a “one stop shop” for large mergers affecting the UK, as from Brexit.

Read more on the competition law implications here.

How Bird & Bird can help

Bird & Bird has a range of tools to help businesses prepare for the commercial impact of Brexit, this includes:

• Our Brexit Briefings that offer further information about the ramifications of Brexit on a particular sector or area of law
• Our EU Legislation Tracker highlighting Regulations and Directives scheduled to take effect or to be implemented by Member States in the period prior to the UK's departure from the EU.
• Our Brexit Jargon Buster for simple explanations that help you get to the heart of the issues in the Brexit debate.
• Our Commercial Drafting Checklist which highlights Brexit-related issues for businesses to consider when contracting during this period

Further Alerts and Briefings will be issued by Bird & Bird as these issues become clearer.

For further information and advice on these topics please contact one of our specialists. 


The original version of this article can be found on the Bird & Bird website here.