Al-Mirsal

Climate Change Further Threatens MENA Water Security

Posted in Power, Project Development and Finance, Renewables, Saudi Arabia, United Arab Emirates, Water Scarcity

Sand dunes

The Middle East and North Africa (MENA) is home to 14 of the 33 most water scarce countries globally, with six times less water availability than the worldwide average and less than 2 percent of the world’s renewable water supply. The Gulf Cooperation Council (GCC) states – Bahrain, Kuwait, Qatar, United Arab Emirates, Saudi Arabia and Oman – all rank in the top 10 most water scarce countries. The water crisis in the region is exacerbated by exploding demographics, particularly in the GCC states, which have some of the highest per capita water consumption rates in the world. Moreover, the World Bank projects that water availability per capita will be halved by 2050, indicating that most MENA countries cannot sustainably meet current water demand.

85 percent of water is consumed by the agricultural sector in the GCC, supported by extensive irrigation. Despite the shortage and depletion of water resources, typically irrigation water is priced below cost. In addition, energy subsidiaries in many MENA countries result in no groundwater use charges for surface water transfer and pumping of groundwater.

In addition to the above, rapidly changing demographics and continued industrialisation is straining the GCC’s already scarce water supply and fuelling climate change, which in turn is further depleting the region’s freshwater resources. The unprecedented development of the GCC countries has led to dynamic changes in emissions, land surface and resource consumption. Consequently, the region is experiencing rising temperatures and higher rates of evaporation, coupled with a 20 percent decline in precipitation and higher atmospheric concentrations of greenhouse gases. Such climate changes are further threatening MENA water security.

Meeting demand

With water security at risk, the GCC has turned to desalination to meet escalating demand. While innovative means to tackle declining rainfall through cloud seeding operations has been underway in the United Arab Emirates for the past few years, the GCC remains heavily reliant on desalinated water. 75 percent of worldwide desalinated water is in the MENA region, concentrated in the GCC countries that make up 70 percent of that total.

Innovating water supply solutions

Faced with ever-rising consumption, the GCC will need to encourage alternative forms of water and energy supply, whilst conserving scarce resources, to sustainably meet future demand. Moreover, water security is prompting more effective monitoring and management of water resources.

Alternatives include large-scale and short distance onshore transfer of water to meet a supply deficit. While being able to leverage existing infrastructure, this process is often regarded as expensive and faces permitting, licensing and geographic barriers. In addition, the transfer of water can be damaging to ecology, water quality and flow regimes.

The long distance underwater transportation of freshwater, or treated grey water, to areas of scarcity has also emerged as a viable alternative. Low energy consumption and no discharge of brines, combined with potential recharge of reservoirs, the “submarine river” solution provides an environmental advantage. Moreover, it is able to meet urban and agricultural needs equivalent to several desalination plants without compromising execution duration and with limited operating and maintenance expenses.

Securing future supply

Depletion of MENA water resources will continue as climate change, population pressure and agricultural production put increasing strain on supply. While desalination has bridged the gap between supply and demand, alternatives will need to be explored to ensure future demand is met sustainably. The “submarine river” is one potential option.

Read more on GCC water projects:

Kuwait Power and Water Projects to Take-Off Following Publication of PPP Regulations

Kuwait Projects to Press Ahead Following PPP Law Publication

Rise in Middle East IWPs as Demand for Water Increases

 

 

 

Telemedicine in the UAE

Posted in Healthcare, Technology, United Arab Emirates

medical surgical

Telemedicine is a product of 20th century information and communication technologies. It is generally defined as the provision of healthcare services from a healthcare professional to a patient from a remote location using a telephone or the internet. International and local health providers are increasingly looking to provide telemedicine services in the region, specifically in Abu Dhabi, Dubai and Dubai Healthcare City (DHCC). The regulation of telemedicine in the UAE, to date, has been inconsistent and needs to be further developed in order to catch up with developments in medical technology.

Federal Regulatory Landscape

In order to market healthcare services in the UAE, a healthcare provider must establish a legal presence and hold a commercial licence to do business in the UAE (or in a free zone in the UAE) and also hold the relevant healthcare provider licence. The authorities that regulate the licensing of healthcare in Abu Dhabi, Dubai and Dubai Healthcare City are: Abu Dhabi Health Authority (HAAD), Dubai Health Authority (DHA) and Dubai Healthcare City Authority (DHCCA), respectively.

Abu Dhabi

Abu Dhabi has a sophisticated regulatory regime for telemedicine and has issued a telemedicine licence to the Abu Dhabi Telemedicine Centre. However, telemedicine licensing has been suspended in Abu Dhabi for the time being and it is not known if or when such suspension will be lifted.

If the suspension were lifted, a healthcare facility wishing to provide tele-consultation services and be based in Abu Dhabi would need to be a HAAD licensed healthcare facility specifically licenced to provide tele-consultation, or an existing HAAD licenced facility that is authorised by HAAD to provide tele-consultation.

Dubai

The DHA regulations do not address the practice of telemedicine in Dubai, with the exception of providing for teleradiology services, and the DHA is not issuing licences to practise telemedicine at this time.

Dubai Healthcare City

The DHCC appears to be taking the lead in the region for the development of telemedicine and one telemedicine establishment licensed by DHCCA has been operating in DHCC for four years.

The DHCCA licences telemedicine to entities operating as outpatient clinics. An entity in the DHCC can take the form of a free zone limited liability company, a branch of a foreign company, or a branch of a UAE company. An advantage of practising telemedicine in DHCC is that because it is a free zone there are no national restrictions on foreign companies wishing to establish a legal presence in DHCC.

One of the key drawbacks in practising tele-medicine in the UAE at this time is that it is unlikely that any regulator will allow a healthcare provider to prescribe medication for patients without an in-person consultation. The HAAD Standards in Abu Dhabi strictly preclude licensed telemedicine practices in Abu Dhabi from prescribing medication. Although there is no regulation precluding prescribing medication in Dubai, we understand that the telemedicine practice operating in DHCC does not prescribe medication without an in-person consultation.

New Saudi Companies Law – Accumulated Losses and Risk of Statutory Dissolution

Posted in New Companies Law, Saudi Arabia

Riyadh - Saudi Arabia_dreamstime_12711865

For the past few decades, the obligations of companies with losses reaching 50% or more of their share capital has been a topic of high debate in the Kingdom of Saudi Arabia. That is due to the uncertainty surrounding the application of Articles 148 and 180 of the current Companies Law (Current Companies Law), which regulate this matter in connection with joint stock companies (JSCs) and limited liability companies (LLCs), respectively. On 9 November 2015, however, a new Companies Law (New Companies Law) was enacted, which addressed some of the ambiguities relating to this matter under the Current Companies Law. The New Companies Law will repeal and replace the Current Companies Law with effect from 2 May 2016 (Effective Date).

Below is an overview of the required steps to be taken by the management of an LLC or a JSC with accumulated losses reaching 50% or more of its share capital under the New Companies Law.

LLCs

Within 90 days of becoming “aware” of the losses reaching 50% of the LLC’s share capital, pursuant to Article 181 of the New Companies Law, which applies to LLCs, the managers of the LLC must record the event in the Companies Registry with the Ministry of Commerce and Industry (MoCI) and convene a shareholders meeting to resolve to either continue or dissolve the LLC.

The resolution to continue or dissolve the LLC requires the approval of shareholders representing 75% of the LLC’s share capital, unless its articles of association specify otherwise. In both cases, the resolution must be published on the MoCI website. It is important to note that, unlike the Current Companies Law, under the New Companies Law, the LLC’s corporate veil may no longer be pierced if the managers fail to call for a meeting or the shareholders are unable to resolve to either continue or dissolve the LLC. Instead, the LLC will be deemed dissolved by operation of the law.

It is difficult to ascertain from the New Companies Law what constitutes “awareness” by the managers of the losses reaching 50% of the LLC’s share capital thus triggering an Article 181 event and the start of the 90 day period set out in Article 181. We are hopeful that the expected rules for implementing the New Companies Law will address this issue.

JSCs

Pursuant to Article 150 of the New Companies Law, which applies to both closed JSCs and listed JSCs, the following steps must be followed if the losses of a JSC reach 50% or more of its share capital at any time during its financial year. First, the JSC’s auditor or any of its officers must notify the chairman of the board of directors immediately upon becoming aware of such losses. Second, the chairman of the board must in turn immediately notify the board of directors of such development. Next, the board of directors must convene the extraordinary general assembly within 45 days of becoming aware of the losses. And finally, the extraordinary general assembly of the JSC must resolve to either increase or decrease the JSC’s share capital or, alternatively, dissolve the JSC.

It is important to note that the JSC will be deemed dissolved by the force of law if the extraordinary general assembly does not convene within the specified 45-day period, convenes but is unable to adopt a resolution on the matter, or approves increasing the JSC’s share capital but the shares issued are not fully subscribed for by its shareholders within 90 days from the date of the resolution to increase the share capital.

While closed JSCs may face less difficulties in complying with the 90-day period within which the share capital must be increased, it will be exceedingly difficult for listed JSCs to comply with such requirement. This is because a capital increase of a listed JSC requires the approval of the Capital Market Authority (CMA) and, in some cases, requires also the filing of a prospectus with the CMA (i.e., when the share capital increase represents 10% or more of the JSC’s share capital). This 90-day period indeed poses a regulatory challenge to listed JSCs with losses reaching 50% or more of their share capital and jeopardizes their existence altogether.

In addition to the provisions set forth in Article 150 of the New Companies Law, listed JSCs with losses reaching 50% or more of their share capital are subject to the “Procedures for Companies with Accumulated Losses Reaching 50% or More of their Capital” issued by the CMA, which impose further obligations on listed JSCs. It should be noted that failure to comply with these Procedures may have negative effects on the listed JSC and could potentially lead to the suspension of trade in its shares or its delisting.

Criminal Liability

It is of imperative importance that the management of a company (whether LLC or JSC) follow the abovementioned steps as the New Companies Law has introduced criminal sanctions on management that neglect to take the necessary actions prescribed under the law and made them subject to imprisonment for no more than five years and/or a fine of no more than SAR 5 million.

Compliance

Companies are granted a one-year grace period before they are required to fully comply with the New Companies Law. It is unclear, however, whether this grace period applies to the provisions of Articles 150 and 181 of the New Companies Law. We hope that the expected rules for implementing the New Companies Law will clarify this issue.

Implementing Rules

Finally, it expected that MoCI and CMA will publish the rules for implementing the New Companies Law prior to the Effective Date. Stay tuned for an update on this article once these rules have been published.

6 Unique Challenges for Protecting and Exploiting Intellectual Property in the United Arab Emirates

Posted in Intellectual Property, United Arab Emirates

Lock background v2.0

The United Arab Emirates (UAE) is an attractive global business centre and gateway to the wider Middle East region for international companies seeking to commercialise and exploit their brands, products and technologies.

However, the UAE is often considered to present risks from an intellectual property (IP) infringement perspective – a perception that potentially can undermine a business’s strategy and desire to build strong brand awareness and regional demand.

Protection of IP
International companies seeking to capitalise on the growth opportunities presented in the Middle East region (e.g. the hosting of Expo 2020 in Dubai) should take comfort in the fact that brands, products and technologies can be protected in the UAE and the UAE has an IP framework that is broadly aligned with international standards.

  • Trade marks, designs and logos can all be registered.
  • Enforcement proceedings can be brought against suppliers of counterfeit goods and unauthorised sellers. Various sanctions and remedies are available, including provisional prevention measures, seizures and confiscations, criminal sanctions, and damages covering lost profits .
  • In relation to patents, wide protection can be obtained under the UAE’s local patent regime or under the Gulf Cooperation Council (GCC) patent protection regime, which gives patent holders GCC-wide rights that are enforceable in all GCC member states (including the UAE and other markets such as Saudi Arabia).
  • Copyright can be registered, although not mandatory. The benefit of doing so ensures that there is a verifiable record of the content of work as it existed at that point in time. This can be valuable evidence if a dispute arises and an author needs to prove a copyright claim (e.g. in a case concerning breach of copyright materials in a  technology transfer project).
  • Third parties can rely on the doctrine of “fair use” in certain circumstances to use copyright work without a licensor’s permission.

In addition, the UAE is a party to various internal multilateral treaties regarding the protection and exploitation of IP, including the Patent Cooperation Treaty, the Berne Convention for the Protection of Literary and Artistic Works and the WIPO Copyright Treaty.

6 Challenges in Protecting and Exploiting IP
Notwithstanding this, when seeking to protect or exploit IP, it is important to be mindful of a number of unique challenges under UAE laws, which may not be familiar to IP lawyers in other jurisdictions. We have listed 6 common challenges below, but please note that this is a non-exhaustive list.

  1. Marks and logos that convey messages and images that conflict with local laws and culture and public order will not be registrable. For example, class 33 under the Nice Classification (10th edition), which is for alcoholic beverages, is not available in the UAE, although it may be possible for a brand-owner to register its brand under other classes of goods and services.
  2. Any disposal by an author of the total body of his or her future intellectual work or more than 5 future copyright works is void.
  3. Licence agreements must be registered to be effective against third parties (although non-registration does not affect the contractual obligations between the original licensor and licensee).
  4. A trademark licensee has no right to initiate legal proceedings in its own name against infringing entities.
  5. Employers are not automatically deemed to be owners of works created by their employees during the course of employment.
  6. Moral rights cannot be waived or assigned (including a right to withdraw a work from circulation), even where an author has assigned a work’s financial rights.

Addressing these Challenges
Companies looking to develop, protect or exploit IP in the UAE need to give thought to including mechanisms in their contracts to address these challenges.

  • If the company is licensing its IP, impose responsibilities on the licensee to register any licences in the UAE and notify the company of claims relating to IP infringements, and including a procedure for dealing with such claims.
  • If a company is paying for the development of IP, establish contractual (as well organisational arrangements) whereby employees or contractors are required to assign financial rights in works and execute retrospective assignments when required.
  • When dealing with moral rights, impose clear compensation obligations in the event that an author seeks to withdraw a work from circulation.

In addition, companies should consider taking steps to register IP ownership rights or licences independently of any underlying agreement relating to such IP.

In conclusion, it pays to take time before developing and exploiting IP in the UAE to consider ways to protect your organisation’s IP in a manner that complements your organisation’s business objectives and growth plans. At Latham & Watkins, we are able to assist organisations looking to do business in the UAE in understanding the local IP regime and how they can best protect their IP. If you require further guidance on this topic, please do not hesitate to contact Brian Meenagh or Madonna Kobayssi.

Image Source: istock

 

Middle East Privatisation – Saudi Arabia Par Excellence?

Posted in Capital Markets, Power, Project Development and Finance, Regulatory, Saudi Arabia

Riyadh Building_dreamstime_12712018Saudi Arabia’s recently announced plans to privatise several key industries in the Kingdom has once again brought the Kingdom’s privatisation agenda back into the spotlight. The announcements form part of the countries transformational initiatives as part of The 2016-2020 National Transformation Plan (NTP) to improve public sector efficiency and boost non-oil revenues in the region, and will reportedly include airports, municipalities, hospitals and education.

Privatisation covers many types of transactions but typically includes the divestiture, whether by sale or lease, of state-owned assets to private investors. The Kingdom already has an established history of such privatisation through the partial sales of Saudi Telecom Company (2003), Saudi Arabian Mining Company (Ma’aden) (2008) and, most recently, the National Commercial Bank’s privatisation through its US$6 billion IPO (2014).

Although the Kingdom reduced its use of PPPs in recent years (instead procuring the development of such infrastructure projects directly through an engineering-procurement-construction (EPC) arrangements), recent market announcements suggest a comeback with the GACA currently tendering Taif Airport as a PPP – the GACA’s first since 2012.

However, with a larger number of diverse public services to potentially be privatised, each with its own unique capex requirements and strategic importance, we are likely to see a wider range of PPP options coming to the market.

These may include:

  • Service Contracts A private sector entity is hired to perform a short term service. The government remains the primary provider of the service and outsources specific elements to the private sector. The private sector entity must perform the service at the agreed cost and typically satisfy key-performance-indicators (KPIs) in return for a fixed fee and incentive payments payable against the KPIs.
  • Management Contracts An expansion of a services contract which may include some or all of the management and operation of a public service. Again the government entity remains the primary provider of the service but day-to-day management and authority are assigned to the private sector entity.
  • Lease Contracts A private sector entity takes full responsibility (and risk) for the provision of a service. The underlying asset is typically established and financed by the public sector and then transferred to the private sector entity for full management and operation at its expense and risk (including losses and unpaid user fees). The private sector entity typically does not own the underlying asset but directly collects the user fees.
  • Concessions A private sector entity takes full responsibility (and risk) for the construction or rehabilitation, financing, management and operation of an asset and the provision of related services. The private sector entity may or may not (depending on the terms of the concession) own the asset but directly collects the user fees (which are established in the concession).
  • BOT A private sector entity takes fully responsibility (and risk) for the development, construction, financing, operation and maintenance of a new infrastructure project. There are many variations of a BOT structure (including design-build-finance-operate (DBFO) and build-own-operate (BOO)) but the common and important features of all such variations are that the private sector entity provides the finance for the project and owns the project assets for a set period of time. The distinction from concessions is that BOT arrangements are typically used for large greenfield projects requiring substantial capex.

Fig. 1: Overview of key features of PPP options

Picture2

3 Key Considerations Before You Begin Outsourcing in Qatar, Saudi Arabia or the UAE

Posted in Outsourcing, Qatar, Saudi Arabia, Technology, United Arab Emirates

Virtual Currency B - SingleOutsourcing has historically not been a major pillar in Middle East public and private sector organisation’s strategic architecture. While the benefits of outsourcing are understood and recognised, organisations have sought to engage with major outsourced service providers through managed service agreements and joint ventures. This approach has generally worked well. It has enabled local organisations to maintain control of their infrastructure, environments, people and third-party contracts and, in the case of joint ventures, provided organisations with the potential opportunity to benefit from any upside growth in the value of the joint venture entity.

Notwithstanding that, the current financial climate in the Middle East and pressure on organisations to reduce capital and operating expenditure while maintaining, or improving services, may mean that 2016 is the year that outsourcing comes of age in the Middle East and starts to deliver on its promise of enabling organisations to deliver better services while reducing their costs.

If your organisation is considering outsourcing in 2016, then we have distilled 3 key considerations that should be assessed and worked through before you proceed to execute an outsourcing agreement with your preferred service provider.

  1. Why are you outsourcing?

It is critical to articulate your organisation’s objectives for the transaction and obtain a broad management consensus in support of them. Are you outsourcing to cut costs? To facilitate organisational change? To free up resources? If there are multiple reasons, consider which are the real drivers and what the relationships are among them? The answers to these questions will help you identify the key issues you will need to address and develop appropriate responses to them.

  1. What is the scope of the services you are outsourcing?

Does your organisation have a clear understanding of the:

  • Scope – The scope of the services it is considering outsourcing.
  • Service levels – The alternatives for measuring the performance of those services by a third party vendor.
  • Costs – The costs it incurs today and is likely to incur during the term of the contemplated agreement if it were to continue those services.

All too often companies that outsource start the process without first having gathered this critical information and inevitably they are disadvantaged as a result. In our experience, organisations that can describe their objectives, outline the scope, identify the service level metrics and accumulating service level data, and determine their own base costs are in a much stronger place to structure a transaction that will deliver the organisation’s anticipated benefits and savings.

  1. Run a competitive procurement

We understand that running a competitive procurement process requires an organisation to commit significant time, resource and effort to an outsourcing project and in the face of this upfront commitment “sole-sourcing”, i.e. selecting one service provider at the outset and negotiating directly with them, appears attractive and economical. The reality is that sole-sourcing delivers a false economy and in our experience sole-sourcing actually takes longer, costs more money and produces a less favourable result for the organisation that is looking to outsource, compared to a competitive process. We firmly believe that an organisation can use the procurement process to significantly reduce the time and cost required to execute a contract that better protects the organisation’s interests as illustrated in the diagram below.

Diagram 1: Mitigating risk through effective procurement

Picture1

To put it simply, an organisation has much greater leverage to negotiate legal and commercial terms before it down-selects to one service provider and doing so enables the organisation to get to contract signature on its terms in a faster period of time than seeking to negotiate legal and commercial terms when there is only one service provider left in the race. In making a decision to run a competitive procurement, it is important to recognise that in an outsourcing transaction, price, scope, service levels, and risk are all integrally related and for a competitive procurement to be successful it must address each of these aspects of the transaction by way of reasonably detailed contract terms (including clear agreement on scope and service levels) and not simply focus on price.

In conclusion, for outsourcing to deliver the benefits and savings your organisation requires, it pays to take time at the outset to consider your organisation’s objectives, scope, service levels and cost base and to effectively utilise the procurement process to maximise your leverage in negotiating the best deal for your organisation. At Latham & Watkins we have decades of experience in assisting organisations in the Middle East, Asia, Africa, Europe and the US in taking first steps into outsourcing and renegotiating existing outsourcing transactions. If you require further guidance and whitepapers on this topic, please do not hesitate to contact Andrew Moyle or Brian Meenagh.

 

Egypt Liberalises Electricity Market to Allow Private Sector Participation

Posted in Banking and Finance, Power, Project Development and Finance

Egypt Electricity In 2015, Egypt issued its unified Electricity Law no. (87), paving the way for market liberalisation of its power generation and distribution services. A few months on from its introduction, what are some of the key takeaways?

The Electricity Law has promised to reform the electricity market and allow for private sector participation (both locals and foreign entities) by introducing a simple licensing regime. With a transitional timeframe of 8 years granted, the Egyptian Electricity Transmission Company (EETC), which currently exercises market monopoly over power transmission and operation of the grid, is expected to restructure to adopt to a far more competitive environment. The government has obliged EETC to provide equal third-party access to the national grid yet will retain control of network charges.

As part of the reforms, two distinct power markets have been created; a competitive market consisting of wholesale and competitive retail and a regulated retail market. Whilst full market liberalisation is not anticipated at this stage, it is expected that the government will increasingly scale back the scope of the regulated market to eventually achieve full market liberalisation. The law has also unbundled the electricity business chain (i.e. generation, distribution, grid operator, market operator, authorised suppliers and qualified consumers) to provide the private sector with more opportunities to participate in Egypt’s electricity market.

Proactive on Pricing Regulation

The Egyptian Electric Utility & Consumer Protection Agency (ERA) will now be taking a more active role in pricing regulation under revised law. No longer solely a monitoring function, ERA is tasked with defining the appropriate rules and economic basis for the calculation of power tariffs to non-qualified consumers, calculating power exchange prices in the regulated market and determining consideration for the use of transmission and distribution networks.

Transitioning to a Liberalised Market

The Electricity Law has also granted more powers and autonomy to EETC, formalising its natural autonomy and consequently reducing Egyptian Electricity Holding Company’s (EEHC) control over the electricity utility. The law now stipulates that EETC exclusively undertakes grid operation and electricity transmission services and is responsible for defining commerce and settlement in collaboration with other utility participants. Notably, EETC has been tasked with ensuring no preferential arrangements occur between any of the producers or consumers and to promote efficiency and competition in power sale and purchase. EETC will be required to step-up its role in securing the power supply needed for the regulated market by purchasing it from generating companies.

EETC has 8 years to restructure and become compliant with the law and 3 years to conduct necessary grid capacity and expansion studies. With EETC taking a more active and independent role in the future of Egypt’s electricity market, the EEHC will also need to adapt to a more liberalised market. It is unclear at this stage whether EEHC will opt to operate as a private sector corporation or whether existing state-owned generation assets will be privatised.

To read more about Egypt’s Electricity Law, download the full guide: The New Electricity Law Explained

DIFC Says Transfer to US Cannot Rely on Safe Harbor

Posted in Regulatory, Technology

By Brian Meenagh

On October 26, 2015, Raja Al Mazrouei, the Commissioner for Data Protection for the Dubai International Financial Centre (the DIFC), issued guidance on the adequacy of US Safe Harbor for the purpose of exporting personal data from the DIFC. The guidance is significant for organisations that transfer personal data from the DIFC to the US and such organisations should urgently review the basis upon which they transfer personal data from the DIFC to the US to ensure that they continue to comply with the DIFC Data Protection Law (No 1 of 2007).

The guidance follows the decision of the European Court of Justice (the ECJ) in Case C-362/14 – Maximillian Schrems v Data Protection Commissioner that Decision 2000/520 of the European Commission, which stated that Safe Harbor-certified US companies provide adequate protection for personal data transferred to them from the EU (the Safe Harbor Adequacy Decision), is invalid.

The key message from the guidance is that:

“the invalidation of the Adequacy Decision by the ECJ provides cause for the Commissioner to reconsider the adequacy status previously afforded under the Law to US Safe Harbor Recipients. However, the Commissioner also understands that there are ongoing negotiations between Europe and US authorities towards an improved Safe Harbor framework and that these negotiations are well advanced. Continue Reading

Abu Dhabi Global Market Publishes New Commercial Regulations and begins Financial Regulation Consultation

Posted in Employment, M&A/ Private Equity, Real Estate, Regulatory, United Arab Emirates

Markets_dreamstime_4989821

On 15 June 2015, the Abu Dhabi Global Market (Global Market), Abu Dhabi’s financial free zone, published the following six new regulations concerning the regulation of non-financial services in the Global Market:

– Application of English Law Regulations;

– Companies Regulations;

– Operating Regulations;

– Insolvency Regulations;

– Employment Regulations; and

– Real Property Regulations.

As expected from the draft regulations issued by the Global Market earlier this year, the Global Market’s final approach in the regulations follows very closely the English law model. In particular, the Global Market applies English common law, as amended by certain English statutes, as its over-arching legal regime and a slightly modified version of the UK Companies Act (2006) as its company law regime.

On 30 June 2015, the Global Market issued draft regulations and a consultation paper covering the regulation of financial services in the Global Market. The Global Market has stated that these draft regulations are broadly modelled on the UK financial services framework and is seeking feedback on these draft regulations by 11 August 2015.

Please click here to read more about this development.

Source: Dreamstime

The USA Freedom Act: What it Changes and (Mostly) Doesn’t for Cloud Services – And is it Really the Issue

Posted in Outsourcing, Technology

The recent showdown over renewal of certain provisions of the USA Patriot Act (often called simply the Patriot Act) and the subsequent enactment of the USA Freedom Act Abu Dhabi City_dreamstime_4315037have raised a number of questions about the ongoing impact of these laws on data traversing or being stored in the United States. While the new law takes the NSA out of the direct business of maintaining metadata (which includes phone number called, the time and duration of the call, and location information) on all phone calls originating or terminating in the US (with a declared intent of transitioning instead to a program that will allow court-moderated access to phone company data) and reinstates provisions that enable so-called “roving wiretaps” and monitoring of “lone wolves,” it essentially leaves unchanged the underlying laws that govern the US authorities access to data stored in the cloud.

A look back at the history of the Patriot Act and then the specifics of the USA Freedom Act are helpful in evaluating the impact of recent events. First, the Patriot Act.

Rather than create new means of access to data, the Patriot Act primarily streamlined and consolidated various processes that had long been in place—processes similar to those found, it is worth noting, in the laws of many other countries. The Patriot Act made many changes to existing laws, including the Foreign Intelligence Surveillance Act of 1978 (FISA) and the Electronic Communications Privacy Act of 1986 (ECPA), with the stated intent of allowing investigators to “connect the dots” to stop terrorists. From the perspective of a non-US person using a cloud service run by an entity subject to US jurisdiction, perhaps the most significant changes made concerned various thresholds of proof or nexus to gain access to data.  These changes broadened the scope of existing authority and lowered the burden on the government to show the need for access. Despite being passed in the wake of 9/11, the Patriot Act’s enactment was not without controversy and among the compromises made was the inclusion of automatic sun-set for some provisions (in the absence of Congressional reauthorization), including the changes to FISA authorizing enhanced data collection and access. These changes, in Section 215 of the Patriot Act, were largely the basis for the telephone metadata collection program disclosed by Edward Snowden, but are also relevant to access to other data.  So, with the expiration of the most recent extension to Section 215, the changes it made to FISA were swept away, leaving the prior provisions of the underlying statutes in place.

As noted above, the USA Freedom Act extended the effectiveness of the otherwise sun-setting provisions of the Patriot Act, but with notable changes to the collection of phone metadata. The USA Freedom Act, which passed the House of Representatives prior to the expiration of the Patriot Act provisions it replaces, was drafted with the intent of amending and extending the expiring programs. Instead, the relevant Patriot Act provision sun-set before the Senate passed USA Freedom and, not wanting to risk passage or delay implementation of the collection programs, the Senate passed an unamended version of USA Freedom. As a result, USA Freedom does not expressly reinstate the changes made by Section 215 of the Patriot Act, but instead purports to amend the law as it was in place prior to expiration. Therefore, there is some murkiness as to exactly what the new law is, but either way, the underlying basic laws that existed prior to the Patriot Act remain essentially in place and provide for access to information (including data in cloud services) subject to various procedures and levels of review.

The broad rule under the USA Freedom Act is the same as that under the Patriot Act; the government may make requests from the private sector for the production of  “tangible things” (including books, records, papers, documents, and other items) related to foreign intelligence, counterterrorism, and criminal investigations. The USA Freedom Act attempts to strengthen judicial oversight of these requests, making modest changes to the Foreign Intelligence Surveillance Court and significantly prevents the “bulk” collection of records by requiring enhanced specificity in requests. Despite a great deal of discussion in the press, the USA Freedom Act does not appear to create new duties on the private sector to comply with government requests (though the existing duties remain and are substantial). Congress did however grant new protections to the recipients of access requests, including a new right to consult with an attorney before responding to the confidential request.

In any case, with or without the changes in the USA Freedom Act—or with or without the original changes made by the Patriot Act—the US is not the only government with  laws granting law enforcement access to data (including records held by cloud service providers). Indeed, other countries have such laws (or take such actions)—sometimes with less or no process and limited review. France, the United Kingdom, and Canada are among the jurisdictions with such laws, many of which have implemented changes that expand their scope. To be clear, there is no suggestion here that these laws are all the same. The salient point is that the world is full of jurisdictions with laws that afford access to records in cloud storage (not to mention jurisdictions that effectively offer no practical protection against such access). Indeed, setting aside laws and lawful government action, private data—whether stored in a shared cloud or using local storage —is likely far more at risk of unauthorized access from criminal acts and covert state actors (acting both domestically and internationally) than from judicially monitored access grounded in the USA Freedom Act.

As a result, those investigating data protection issues arising from the use of cloud services might be well advised to consider how encryption with customer-held keys might address all of these issues. While governments with jurisdiction over the cloud customer may demand access to corporate records whether they are encrypted or not, the adoption of effective, well managed encryption technology essentially eliminates concerns about other access. And, as the US Office of Personnel Management has been made painfully aware in the past weeks—encryption is something that data subjects (or at least those out for their votes) have come to expect.

Photo: Dreamstime

LexBlog