Regulatory Relations

The UK has now officially left the EU. But Brexit's impact on UK regulation is just beginning to emerge as the UK ventures forth into its new-found ‘third country’: non-EU member status. This means firms operating in both jurisdictions are likely to face diverging rules. By Dean Nasser, vice-president of contracts at Integreon

The UK’s regulatory framework has already begun to deviate from that of the EU due to Brexit, with further divergence likely to follow as its framework continues to evolve. This means major regulatory changes for UK-based organisations both now and in the future. While it is not yet entirely clear what these changes will look like, they can broadly be separated and described in the following way. 

Onshored EU Law

As part of the withdrawal agreement between the UK and EU, some forms of EU legislation have been ‘onshored’ or retained and converted into a UK-friendly form, amended to fit the UK’s legislative framework. For example, the General Data Protection Regulation (GDPR) has already split into two versions: EU GDPR and UK GDPR, the latter adjusted for the UK. So far, the UK version of GDPR contains amended data transfer rules, but more alterations are expected as it continues to evolve. 

Since the EU had not made an adequacy decision on UK GDPR prior to the end of the Brexit transition, the UK has been given a reprieve, referred to as the ‘temporary bridging mechanism’ against being treated as a third country. This temporary bridge was introduced through the Trade and Co-operation Agreement which came into effect on January 1, 2021 so the EU could determine the "adequacy" of UK GDPR’s rules for its purposes. Set to expire on April 30, this reprieve is extendable by another two months if necessary. A favourable preliminary adequacy determination was announced by the European Commission in February of this year, paving the way for a positive outcome in respect of UK GDPR’s adequate protection of personal data. However, even if a favourable adequacy decision is forthcoming, it will likely remain effective only for an initial four years, then becoming subject to periodic review by the EU.  

Organisations should be mindful of the impact onshoring of EU law will have on their relationships and activities. Regardless of the outcome of an adequacy decision, any documentation and corporate policy related to GDPR will need to be addressed by UK organisations and perhaps organisations which do business with them, too. In a statement made on its official website, dated December 28, 2020, the Information Commissioner’s Office (ICO), the UK GDPR regulator, has recommended that “organisations repaper their cross-border contracts facing EU and European Economic Area (EEA) counterparties which transfer personal data to them, by introducing alternative transfer mechanisms such as standard contractual clauses (SCCs)”. SCCs are designed to import ‘essentially equivalent’ EU protections directly into a contract, which would effectively remove EU adequacy decision risk both now and in the future.

GDPR is just one example of onshored EU law with which organisations will need to grapple. They also must consider ‘Brexit-proofing’ their ongoing business relationships and referential changes.

Ongoing relationships

Contracts drafted in relation to in-scope relationships (concerning a UK entity facing an EU/EEA entity) were based on the assumption that the UK would remain within the EU and its framework. For example, passporting rights under the Markets in Financial Instruments Directive which provides EEA member firms with favourable, ‘free trading’ terms when facing other cross-border EEA member firms, were expected to continue, uninterrupted between UK and remaining EEA member firms. Brexit impact in this area and the consequential loss of EEA status may now mean the onset of economic hardship risk for UK organisations. They will be expected to continue to perform their contractual obligations when facing EU/EEA organisations without the favourable terms passporting rights had previously bestowed on them. This Brexit-related economic hardship risk will only increase as UK/EU divergence grows and UK onshored regulations continue to evolve away from their EU counterparts. 

English law concepts, which UK-based organisations may wish to rely upon to escape unexpected and financially onerous obligations (for example, the aptly-named “doctrine of frustration”), have been narrowly construed by the courts, which do not generally consider more expensive contract performance as qualifying grounds. Economic hardship and force majeure are not recognised as concepts in English law unless they are contractually incorporated. 

Organisations should therefore consider introducing Brexit-specific contractual terms into their in-scope contracts in the event that post-Brexit performance leads to less than desirable economic outcomes for them. These Brexit-specific terms should preferably include a material adverse change clause providing for renegotiation based on Brexit, resulting in no-fault termination if the parties cannot agree on how to resolve relevant changes. One thing is certain: doing nothing is not an option. Changes must be made. 

Referential changes

Brexit-related referential changes may need to be addressed for the duration of a contract to reflect any change in references from EU legislation, arrangements and institutions to their UK replacements. Again, using GDPR as an example, references may need to be changed from GDPR to UK GDPR and EU GDPR, with regulator references also altered to include or be replaced by the ICO, for example. Consequential changes may also be required in addition to new, accompanying definitions. Brexit-proof referential changes should not be viewed as merely cosmetic since they may obviate substantial legal risk such as legal uncertainty.

To be certain, organisations will feel these regulatory changes hit them on the contracts front, since contracts are the lifeblood of most businesses. As the regulatory landscape continues to evolve both in the UK and EU, through the continuing stream of new and/or revised regulatory instruments, these streams will diverge further. Each stream will create its own ‘regulatory waterfall’ of cascading, significant repapering requirements. Combine these projects-to-come with those already in progress for Libor reform and Initial Margin Phase 5, to name but two, which are large-scale projects. Clearly, organisations will need to dedicate significant internal resources as well as externally hired consultants to design, implement and manage necessary reform solutions. 

What can UK organisations do now to prepare for the massive contract repapering projects that await them? The answer is that they can be proactive and begin implementing those changes now.