The risk of circumvention of EU sanctions through the immediate family of leading businesspersons and the CJEU’s case law

 

 

Antje Kunst*

*Antje Kunst is an international lawyer and barrister of Pavocat Chambers, admitted to the bar of England and Wales and the Bar of Berlin advising and representing individuals in a wide range of matters related to the CFSP ranging from EU employment cases to EU and international sanctions against individuals.

***Comments of academic researcher of the University of Luxembourg, Ms. Francesca Finelli were gratefully received. All views contained in this article, however, remain those of the author alone.

Photo credit: W Bulach, via Wikimedia Commons

 

The inclusion of family members in the categories of persons covered by EU targeted sanctions against Russia has been justified, in the Council’s view, for maximising the effectiveness of those sanctions. The inclusion of family members of leading businesspersons aims to prevent the circumvention of EU targeted sanctions (in the forms of asset freeze) by the transfer of assets between targeted leading businesspersons and their immediate family.

Updating the EU sanctions regime against Russian businesspersons

 

The EU's targeted sanctions against Russia's economic elites introduced on 5 June 2023 a short but significant amendment to its current sanctions regime. It extended the scope of the sanctions regime through Council Decision (CFSP) 2023/1094 (‘Council decision of 5 June 2023’) to permit the designation of immediate family members of leading Russian businesspersons operating in Russia. There are in other words now EU legal acts in place which allow for the adoption of EU sanctions against the sons and daughters, spouses and parents of Russian oligarchs based on the autonomous designation criterion of immediate family members of leading Russian businesspersons operating in Russia. (In 2015 the Council introduced the ‘leading businessperson operating in Syria’ as an autonomous general listing criterion. See Council Decision (CFSP) 2022/329 and Council Regulation (EU) 2022/330 of 25 February 2022 on the criterion of ‘leading businesspersons’.) Family members of Russian leading businesspersons have been put on the lists since early 2022 but under different grounds.

The Council’s reason for the recent amendment, undoubtedly owing to the initial rulings on Russian sanctions from the General Court in recent months (Case T-743/22 R, Nikita Dmitrievich Mazepin v Council, Order of 1 March 2023 and Case T-212/22, Violetta Prigozhina v Council, ECLI:EU:T:2023:104), is that ‘leading Russian businesspersons have engaged in a systematic practice of distributing their funds and assets amongst their immediate family members and other persons, often in order to hide their assets, to circumvent the restrictive measures and to maintain control over the resources available to them’ (Recital 5 of Council Decision 2023/1094  of 5 June 2023).

The amendment was prompted, in particular by the successful annulment of the listing in Case T-212/22, Prigozhina, which was initiated by the mother of the head of the Wagner Group. In that case, the General Court emphasized that in a legal framework such as the Syrian sanctions regime (after 2015: see Council Decision (CFSP) 2015/1836 of 12 October 2015 and Council Regulation (EU) 2015/1828 of 12 October 2015), the family link with ‘certain families’ may be sufficient to include the name of the persons on the lists at issue. In Prigozhina however, so the General Court, the EU legal acts setting out the framework for EU sanctions as a result of the invasion of Ukraine by Russia, did not refer to the members of ‘certain families’. That is why the Council had not established the risk of circumvention (para. 105 of the judgment). Another main reason was that the Council could not prove a sufficient ‘association’ with the primary target beyond mere family ties.

The curious nature of words

With this most recent amendment of the framework in June 2023, the chosen wording is of particular note. It refers to the possibility of the inclusion of immediate family members of leading businesspersons operating in Russia, even if the question is what exactly immediate family members are. Also, the Council does not refer to members of ‘certain families’ as it previously did as regard sanctions taken against Syria. Rather, the Council’s wording vis-à-vis Russia it appears to imply a presumption of circumvention through immediate family members of leading businesspersons operating in Russia.

In the Syrian sanctions framework since 2015, the EU legal acts have explicitly provided for the freezing of funds of ‘leading businesspersons operating in Syria’ and ‘members of the Assad families or Makhlouf’, as well as persons ‘associated with them’ (Council Decision (CFSP) 2015/1836 and Regulation (EU) 2015/1828). In this context, presumptions are used (by the Council) and accepted by the CJEU (see for example C‑458/17 P, Rami Makhlouf v Council, ECLI:EU:C:2018:441, para. 91, Case T‑186/19, Zubedi v Council, ECLI:EU:T:2020:317 para. 72; Case T‑256/19, Bashar Assi v Council, ECLI:EU:T:2021:818 para. 166) that individuals falling under these categories benefit from the sanctioned regime in order inter alia ‘to avoid the risk of circumvention of restrictive measures through family members’ (Recital 7 of Council Decision (CFSP) 2015/1836). 

Testing the presumption of circumvention

The question, therefore, is whether the Court of Justice – on appeal from a raft of judgments that the General Court will continue to deliver in the immediate future, in the context of the Russian sanction regime – would accept a (new) rebuttable presumption of circumvention (see Case T-5/17 Sharif v Council, EU:T:2019:216, para. 86), i.e., that the Council can legitimately presume leading businesspersons operating in Russia will transfer assets within their immediate family to circumvent EU sanctions (see paras. 103–110 of that judgment).

There is no reference to ‘certain families’ in the EU sanctions legal framework as was the case in the Syrian sanctions regime. Thus, the Court of Justice might not so easily accept a presumption of circumvention based on a sole family link (taken in consideration the Court of Justice’s Tay Za reasoning, and the Advocate General’s Opinion). It is only if the Council could provide solid evidence that there is indeed a ‘systematic practice of distributing their and assets amongst their immediate family members’ (see Recital 5 of Council Decision of 5 June 2023), that the Court of Justice might accept the Council’s rationale, accounting for fundamental rights too.

This information of a ‘systematic practice’ of circumvention might be in the Council’s possession, but it might not be possible to disclose the evidence based on its classified nature. The alternative is disclosing classified evidence, which the Council may be reluctant to do. The Court of Justice’s closed evidence procedure (under Article 105 of the General Court’s Rules of Procedure), introduced as a possibility for use in restrictive measures cases, to date, remains inactive, and has never been utilised.

“Associated”

Immediate family members have been included in EU sanctions lists since early 2022 as ‘associated’ with leading Russian businesspersons in their individual statements of reasons. In Prigozhina, the Council was not able to establish ‘(economic) association’ of the mother of the chief of the Wagner Group at the time the measures were adopted, and sufficiently link her to her son, the primary target, and the Russian government. Thus, the General Court relied on its established case law of Tay Za regarding an ‘association’ which considers a mere family tie to the primary target, a business leader, associated with the government not sufficient. That said, the General Court in Prigozhina ruled that there is a ‘non-negligible risk’ that individuals providing support to the government, e.g., leading businesspersons, might exert pressure on individuals associated with them, e.g., their family members, in order to circumvent the effect of the measures to which they are subject (para. 105 of the Prigozhina judgment. See also Amer Foz v Council, Case T-296/20 ECLI:EU:T:2022:298, paras. 174 and 176, Sharif v Council, T-540/19, not published, EU:T:2021:220, paragraph 159, and, by analogy, judgment of 4 September 2015, NIOC and Others v Council, T-577/12, not published, EU:T:2015:596, para. 139).  

Businesspersons vs rulers

Generally speaking, the case law of the Court on the legality of family members’ designations is characterized by two main approaches. Regarding family members of leading businesspersons, their designation would be annulled if based on the sole ground that the family member also benefits from the economic policies of the government (Tay Za approach). Regarding the family members of rulers of a third country, their designation would be lawful by a presumed connection between the individual and the (targeted) regime (Al Assad approach). The case law has been though at times inconsistent. For a broader analysis on circumvention of EU restrictive measures, see Francesa Finelli, ‘Countering Circumvention of Restrictive Measures: The EU Response’.

In Al-Assad, another Syrian ‘immediate family member’ case (concerning the President’s sister), the Court of Justice found that the presumed risk of circumvention was ‘quite obvious’ between leaders of a state and their immediate family members. It also observed that, if the EU sanctions in question targeted only the leaders of the Syrian regime, the objectives pursued by the Council could have been frustrated as the leaders can ‘easily circumvent’ those measures by means of their relatives and associates.

The Al-Assad approach has generally not been followed by the CJEU in the case of immediate family members of leading business persons (see Tay Za) but only in cases of ‘immediate family members’ of rulers of a third country (see Butler, G 2023, 'Of Rulers, Relatives, and Businesspersons: The Imposition of EU Restrictive Measures through Sanctions on Family Members', Legal Issues of Economic Integration, vol. 50, no. 4). The rationale is explained by Advocate General Mengozzi in his Opinion in Tay Za with three circles of targeted individuals, which has been accepted by the CJEU. In the Syrian sanctions case of Foz, the CJEU  accepted the presumption of a real risk of circumvention, in a case of an immediate family member of a leading business person operating in Syria case.  The Court of Justice ruled in that case that it is reasonable to presume a ‘real risk of circumvention’ if a family member has close business and family ties with a designated individual, even when the designated person is a leading businessperson and not a political leader in Syria. Moreover, it found that family ties may pose a real risk of circumvention of EU restrictive measures, irrespective of the role of the designated individual in the targeted regime (see Finelli, ‘Countering Circumvention of Restrictive Measures: The EU Response’).

The relevance of presumptions

Generally, the CJEU has accepted indirect evidence such as rebuttable presumptions in view of the difficulties encountered by the Council to find direct evidence (see para 46 Anbouba v Council, C-605/13 P, ECLI:EU:C:2015:248) for the fact than an individual like an immediate family member of a primary target supports a regime or benefits from it. In Syrian sanctions cases, since 2015, the Council consistently relied on and the Court of Justice accepted rebuttable presumptions rather than evidence that they have engaged in prohibited conduct. Their designation presupposes the personal link between them and the already designated individuals, and ultimately the third country’s regime targeted.

Consistent case law of the Court of Justice provides that the use of presumptions is only permitted on the condition that (i) those presumptions have been provided for by the measures at issue, (ii) are consistent with the objective of the legislation at issue, (iii) proportionate to the aim pursued by the EU, (iv) rebuttable and (vi) safeguard rights of defence are safeguarded (see Case T‑714/20, Ovsyannikov v Council, ECLI:EU:T:2022:674).

The Council will need to establish that the inclusion of immediate family members of Russian business leaders is proportionate to the pursued aim of inter alia preventing circumvention of the sanctions imposed.

At the moment it is unclear whether the Court implied in the case of Prigozhina that the ‘real risk of circumvention’ through family members can only be invoked in the context of EU sanctions against Syria (see Finelli, ‘Countering Circumvention of Restrictive Measures: The EU Response’). The established case law of Tay-Za provides there can be no presumption that leading businesspersons with links and association to a governing regime are using their family members for circumventing EU sanctions (see Butler, 'Of Rulers, Relatives, and Businesspersons’).

The Court of Justice has accepted presumptions if they are rebuttable, but rebuttals for targeted individuals are immensely difficult and have not been successful in most Syrian sanctions cases before the Court of Justice since the presumptions were introduced (see the Zubedi and Bashar Assi judgments).

The family member would have to demonstrate to the Council that s/he has dissociated himself from a parent, child – the primary target – and that s/he does not pose a real risk of circumvention of the restrictive measures. Rebuttals may be possible based on evidence that immediate family members do not assist the primary target to have access or continue controlling the assets.  A difficult task.

The risk of circumventing EU sanctions

The risk of circumvention is considerable in the case of leading businesspersons operating in Russia and their immediate family and the Court of Justice might well opt in developing its case law further for the Russian sanctions context instead of simply continue applying its Tay-Za case law. Similarly, as in the RT France case, it might opt for an exceptional reasoning due to exceptional circumstances. It might even apply its case law on the immediate family of rulers, rather than on the immediate family of leading businesspersons, finding that in certain exceptional cases leading businesspersons are comparable to rulers in the Russian context.

A balance will have to be struck by the Court of Justice between the fundamental rights of the targeted immediate family members, who might pose no risk of circumvention whatsoever and the difficult task to rebut presumptions, on the one hand, and the importance of the effectiveness of targeted sanctions against Russia, accounting for the Council’s ability in certain cases to rely on presumptions on the other hand (for the reasons it set out in its case law (e.g., in Anbouba v Council, para. 46). A general blunt presumption of circumvention of sanctions in cases of immediate family members of leading businesspersons operating in Russia is unlikely to be accepted by the Court of Justice.

Is the UK data protection authority giving free pass to big tech giants?

 

Asress Adimi Gikay (PhD), Senior Lecture in AI, Disruptive Innovation and Law (Brunel University London)

Photo credit: howtostartablogonline.net 

In the online space, it is perhaps difficult to find a more empty promise than “we value your privacy.“ Businesses promise to preserve our data privacy rights, but in reality, they have neither the carrot, nor enough sticks, to make them respect data protection rules. This holds true even in the European Union (EU), where the most comprehensive data protection legislation—the General Data Protection Regulation (GDPR)— failed to satisfactorily deliver on its promise to protect the fundamental rights of citizens.  As businesses openly flout data privacy laws, regulators either struggle to adequately enforce the law or wilfully ignore infractions.

The UK’s data protection authority— the Information Commissioner's Office (ICO)— has succumbed the most to its ambition of promoting innovation and economic growth while simultaneously protecting data protection rights. Unfortunately, the drive to appeal to businesses has reduced data privacy rights to mere buzzwords, not just in the business world but also within the ICO itself.

As a result, the authority's enforcement record defies the primary objective of protecting the public's data privacy rights, displaying an unexplainable leniency towards corporations. I argue that this indefensible record of the ICO’s underscores the authority’s insistence on operating with failed enforcement policy.

The ICO’s enforcement track record—the numbers don’t lie

During the 2021-2022 fiscal year, the ICO reported receiving 35,558  data privacy violation complaints. The complaints were diverse including companies refusing to delete individuals’ personal data or processing their data without consent. Sometimes, organizations infringed the individual’s right to access their own personal data, contrary to what the data protection legislation requires.

Similarly, in the 2022-2023 financial year, a total of 27,130  complaints were filed with the ICO, excluding data from the most recent financial quarter, yet to be reported by the authority. Out of the 62,688 complaints filed over a span of two years, the authority levied only 59 monetary penalties. This means that only approximately 0.094% of the complaints led to real consequences— organizations being sanctioned for breaching data protection rules.

The ICO closed most of the complaints alleging insufficient information to proceed with the complaints or lack of evidence of infraction. It resolved numerous cases through discussions with infringing companies. In such cases, the authority recognises the presence of  infringement by the organization but does nothing concrete other than what it describes as “informal action taken.”

Due to the ICO’s practice of not disclosing comprehensive details about these cases, except for summaries that serve more statistical purposes, the public tends to perceive the authority as prioritizing business interests over safeguarding data privacy rights. Interestingly, this public perception aligns with the available evidence.

The broader context

The enforcement of the GDPR has been unsatisfactory across the EU, since the implementation of what has been described as a breakthrough law, that promised to empower people in the digital world, through giving them more control on their personal data. Even when applying a more forgiving standard, the ICO's enforcement record remains unsatisfactory. Between 2018 and 2022, it levied around 50 monetary penalties, while German and the Italian authorities imposed 606 and 228 penalties between 2018 and 2021.

The ICO is generally passive compared to its European counterparts. In a notable case, the French authority, Commission Nationale de l’Informatique et des Liberté  (CNIL) fined Meta and Google €60 million and €150 million respectively in 2021 for their illegal use of cookies. Despite engaging in similar unlawful data collection practices in the UK, the companies made changes to their cookie-based data collection practices in the UK only while complying with the French ruling. They faced no threat of sanction in the UK.

The ICO's consistently poor enforcement record clearly undermines public confidence in the authority. In its 2022 annual report, the authority itself acknowledged getting the lowest score in complaint resolution in a 2021 customer survey it backed. An independent review—Trustpilot— rates the authority at 1.1 out of 5. This is based on self-initiated reviews conducted by members of the public, some claiming that the ICO prioritizes business interests rather than protecting privacy rights.

Unfit enforcement policy— corporate free pass

The lack of adequate data protection law enforcement in the EU has been explained by resource constraints.  For example, a report by the Dutch ombudsman highlighted that the relevant authority in the country had 9,800 unresolved privacy complaints at the end of 2020. And according to the Irish Council for Civil Liberties, “almost all (98%) major GDPR cases referred to Ireland remain unresolved”— in part due to lack of budget and sufficient specialist staff.

However, the ICO is considered to be a relatively resourced authority. It also has the ability to impose substantial fines that could finance its operations. So, it is unlikely that resource constraints explain its inadequate enforcement record. The ICO’s enforcement policy is largely culpable. 

The authority’s risk-based approach prioritizes a softer approach to ensuring compliance, reserving enforcement actions to violations that are likely to possess the highest risk and harm to the public. Enforcement action includes requiring an offending organization to end violations and comply with relevant rules through enforcement notice and issuing penalty. The ICO considers several factors in determining whether imposing a penalty is appropriate, including the intentional or repeated nature of the breach, the degree of harm to the public, and the number of people impacted.

In practice however, the authority exercises discretion even in cases of intentional and repeat violations impacting millions of people. For example, numerous companies illegally collect consumers’ personal data using cookies.

By tracking a user's browsing behavior, third-party cookies, known as tracking cookies, usually gather information that is enough to identify the person behind a device. Besides visits to particular web pages, they can record a person’s search queries, goods or services purchased, IP address and location.

From this, it is possible to infer a person's name, nationality, language, religion, sexual orientation, health condition, and other intimate details – most of which are considered special categories of personal data. These types of data cannot be processed without the individual's explicit consent, unless limited exceptions apply. Whilst these data could be used, for example for marketing health products, insurance companies could also use them to assess premiums, in a manner unknown and detrimental to the interest of the individual.

To its credit, the ICO has fined Easylife Ltd £1.35m which has later been reduced to £250,000 for using personal data to profile medical conditions without consent, to target individuals with health-related products. But the authority does not seem to recognise that it takes a simple switch to transition from inferring personal data from browsing behavior using cookies to profiling health conditions.

Cookies-based unconsented data collection is illegal and potentially poses a serious harm to the public, as companies could process special categories of data in a detrimental manner. Unfortunately, companies openly violate cookies-related legislations in the UK with impunity.

The ICO also shows unwarranted leniency towards tech companies repeatedly violating data protection rules. In one fiscal year (2022/2023), the ICO found evidence of Google UK’s potential infringement or infringement of the law more than 25 times,  in separate complaints. But the authority claims to have taken informal actions, essentially advising the company to do better work to comply.

Google UK's infractions include refusal or delaying to delete personal data upon request by individuals exercising their right to be forgotten. Meta Platform(formerly Facebook Inc.) received 20 compliance suggestions, after evidence of its infringement or potential infringement has been found, while Microsoft and Twitter each received the same soft compliance advices 8 times, in the same year.

In all these cases, taxpayers go through the stressful process of demonstrating that their data protection rights were violated, providing evidence of infringement by big tech companies. Yet the ICO consistently chose to be lenient to companies that obviously do not mind being told repeatedly that their data protection practices are non-compliant. The authority has essentially transformed itself into a legal advisory office for tech companies, neglecting its role as an overseer.

Data protection law inherently creates hurdles for individuals seeking compensation for privacy rights violations. In 2021, the UK's highest court ruled that without evidence of material damage or distress, mere loss of control over personal data is not compensable under the GDPR. This effectively forces individuals to wait for a recognized harm to occur due to violation of their data privacy rather than preventing it. The ICO, which should deter privacy violation, is unfortunately impotent as well.

The need for policy change

The ICO's enforcement policy heavily relies on collaboration with regulated entities rather than utilizing effective sanctions to deter repeat violations. This approach aims to support the digital economy by avoiding excessive enforcement of data protection rights and fostering data innovation. In theory, it should attract businesses to the UK, create jobs, and stimulate economic growth. However, the policy is currently being misapplied to serve the interest of big tech companies.

The companies repeatedly violating data protection laws do not necessarily contribute to digital innovation exclusively in the UK, while most of them are not strategically positioned to provide job opportunities in the country. But the UK remains their crucial consumer market. As such, sanctioning them is unlikely to change their business decisions and behaviour.  In the event of firm and measured enforcement actions, these companies will be left with no choice but to adhere to the rule of law, considering the market they operate in is one they cannot afford to lose.

The ICO’s failure to effectively enforce data privacy laws risks eroding public trust. It could also discourage data innovation, as the public might refuse to provide data for research and innovation, which could in turn negatively affect the digital economy. 

EU cooperation on migration with third countries: Time to address the genealogy of informal agreements in EU migration law

 

Dr Céline Hocquet, Teaching Fellow, Birmingham Law School, University of Birmingham

Photo credit: Issam Barhoumi, via Wikimedia Commons 

As the EU makes yet another proposal to cooperate with a third country on containing migrants outside its territory, it is urgent to engage with a critical analysis of the EU externalisation policy and the use of informal cooperation informed by the historical, legal and political context underpinning the EU external migration and asylum policy.

From the EU-Turkey to the EU-Tunisia deal?

On 11th June, the EU and Tunisia issued a joint statement agreeing to work together on a comprehensive partnership package. This partnership would cover several cooperation areas, including economy, energy, and migration. More specifically, the EU and Tunisia declared ‘the fight against irregular migration’ and ‘the prevention of loss of life at sea’ as their ‘common priority’. As such, it addresses migrant smuggling and human trafficking and bolster border controls and migrants’ registration and return. In exchange for Tunisia’s cooperation, the EU offers 100 million euros for border management, search and rescue, anti-smuggling and return operations in addition to a 1 billion euros investment plan for Tunisian economic development, including projects in the digital and energy sectors.

To those familiar with EU migration law and policy, this news will, no doubt, sound familiar.

Back in March 2016, the European Council published a press release following a meeting with representatives from the Turkish government. The EU-Turkey Statement – widely known as the EU-Turkey deal – traded the containment and return to Turkey of all irregular migrants arriving in Greece in exchange for 6 billion euros of EU funding.

At the time, arrivals of migrants to Europe crossing the Mediterranean Sea were characterised by the EU as a ‘crisis’. Emphasis was put on the exceptional nature of migration flows, the extraordinary numbers of migrants reaching European shores and the severe loss of lives during sea crossings. In this way, the situation faced by the EU and its member states was presented as critical and unprecedented. Its characterisation as a ‘crisis’, highly questioned by researchers, highlighted potential threats to the stability and security of the EU and/or its asylum system. Swift and exceptional measures were, therefore, necessary to put an end to the ‘crisis’ situation and its disruption. Such measures focused on further controlling irregular migration and EU external borders notably by externalising controls to third countries and third actors.

The EU-Turkey Statement was rapidly considered a blueprint for future EU migration and asylum policy developments by swiftly reducing migrant arrivals from Turkey to Greece. Despite criticisms raised against the precedent set by its informal nature and the threats caused to migrants and asylum seekers’ rights (see for instance on this blog here and here), similar non-binding and opaque partnerships, such as the 2017 Italy-Libya memorandum of understanding or the 2016 Afghanistan-EU Joint Way Forward, were signed between the EU or its member states and third countries to facilitate the return and/or containment of unwanted migrants.

Investigating the lineage of EU informal cooperation on migration

In my PhD thesis, I focus on this development. Namely, the EU’s increasing use of informal cooperation arrangements with third countries to control migration. More specifically, my research focused on investigating the implications of characterising the arrivals of migrants to Europe as a 'crisis' for the EU migration and asylum law system. Rather than focusing on informal cooperation developed as a result of the so-called ‘crisis’, I argue for the need to contextualise these developments within the EU migration and asylum law system as a whole. Only by doing so are we able to step away from crisis-driven considerations of emergency and security and understand the genealogy of the EU’s use of informal cooperation to externalise migration and border controls.

Using an iterative approach, I looked at the emergence and early development of the EU migration and asylum law system, especially some of its key measures. My analysis shows that informal cooperation such as the EU-Turkey Statement, the Afghanistan-EU Joint Way Forward, or the Italy-Libya Memorandum of Understanding, is far from being the result of unprecedented circumstances specific to 2015-2016 requiring swift and exceptional measures. Instead, they fit within the genealogy of the EU external migration and asylum policy. In my analysis, I identified a number of long-lasting tendencies that underpin the EU migration and asylum law system throughout its evolution. One of these tendencies is the use of informal and diversified cooperation frameworks and measures circumventing regular procedures and fundamental rights guarantees.

The legacy of the intergovernmental era

The emergence of a common approach to asylum and migration law at the then-EEC level shows the significant role of informal cooperation between member states. Indeed, well before the 2015 crisis member states developed cooperation informally among themselves using intergovernmental cooperation. A particular example is the cooperation developed within the Trevi Group. An ad hoc group of interior ministers initiated by the 1975 European Council in Rome, the Trevi group initially focused on member states’ cooperation regarding counter-terrorism before its scope expanded to asylum and immigration in the 1980s. This informal cooperation led to the adoption of several soft law measures in the field of immigration and asylum with long-lasting impacts on the common migration and asylum law system. The Dublin Convention and acts related to its implementations were, for instance, originally agreed upon as part of this ad hoc group before being incorporated into the acquis communautaire and formalised by Maastricht. Still, this shows how fundamental informal and opaque cooperation has been in shaping the common migration and asylum policy. The use of informal cooperation circumventing existing frameworks is not uncommon in the field of EU migration and asylum law. Informal cooperation agreements with third countries are therefore not the result of exceptional circumstances in 2015-2016. Rather, they fit within the legacy of the common migration and asylum policy and of how cooperation in these fields emerged in the first place.

Tampere and the comprehensive approach to migration

Although the EU cooperation on migration with third countries initially focused on entering into formal EU readmission agreements, the use of informal and diversified tools is not recent. Back in 1999, the Tampere European Council called for a comprehensive approach to external migration policy. This meant diversifying external measures related to migration by using other tools of EU external action and by addressing ‘political, human rights and development issues’ in third countries as means to reduce immigration to the EU. Signed on 23 June 2000, the Cotonou Agreement is considered the first example of the diversification of EU externalised migration and border controls. This agreement was primarily focused on EU development cooperation with African, Caribbean and Pacific states. Yet it also included readmission clauses to facilitate the return of migrants irregularly staying in the EU. It corresponds to the widening of EU migration-related cooperation to other aspects of external action. The allocation of 6 billion euros funding in exchange for Turkey’s cooperation on migration containment is therefore not a practice unique to the crisis context at the time of the EU-Turkey deal.

The EU’s Global Approach to Migration and Mobility and political agreements

Following the adoption of the Global Approach to Migration and Mobility (GAMM) in 2011, the EU introduced a new tool to develop its cooperation with third countries on migration: mobility partnerships. These political agreements are non-binding and aim at providing ‘tailor-made’ partnerships addressing shared concerns between the EU and its partner. They provide significant flexibility in terms of how to conduct the cooperation and the areas covered and contain little guarantees for fundamental rights. Therefore, although informal and opaque cooperation with third countries circumventing human rights and ordinary procedures was presented as a shift in the EU external migration policy justified by the 2015 crisis, my findings suggest otherwise. The EU’s use of non-binding and flexible tools to develop cooperation on migration and border controls with third countries pre-dated the crisis. The adoption of such informal agreements from 2015 onwards, therefore, constitutes a continuation of pre-existing practices.

Conclusion

This brief overview shows the significance of genealogy when analysing developments in the field of EU migration and asylum law. Crisis-focused analyses of these developments only provide a limited understanding as they ignore the underpinnings and historical, political, and social contexts in which these arrangements operate. Contrastingly, contextualising informal cooperation with third countries (such as the EU-Turkey deal or the emerging negotiations between the EU and Tunisia) within the broader evolution of the EU migration and asylum policy enables us to distance ourselves from the crisis or exceptional circumstances used to justify such measures. In doing so, it reveals that far from being policy innovation driven by emergency and security considerations, informal arrangements and diversified tools to externalise EU migration and border controls are a long-lasting legacy of earlier developments in the EU migration and asylum policy.

 

The Concept of a Virtual Registered Office for EU Law

 

Virginijus Bitė, Professor of Law at the Law School of Mykolas Romeris University

Ivan Romashchenko, Senior Researcher of the Legal Technology Centre at the Law School of Mykolas Romeris University

Photo credit: EmDee, via Wikimedia Commons

On 29th of March 2023 the European Commission published a Proposal for a Directive within the initiative devoted to upgrading digital company law. It mostly focuses on the increased transparency and access to information as well as cross-border use of company data. These goals were earlier mentioned in the inception impact assessment report published on 20th of July 2021. However, the inception impact assessment included one more policy option that was omitted in the Proposal: making the EU company law rules and procedures fit for digital age. Virtual registered office (VRO), surprisingly, has not been given green light due to mixed feedback from stakeholders.

Before the European Commission mentioned VRO in the documents, there was an attempt in Lithuania to stipulate this concept at the national level. The draft law on the introduction of a VRO was submitted to the Lithuanian parliament, the Seimas, in 2018. Although the Seimas in general supported the idea, the provisions on VRO have not yet been adopted.

Despite the lack of regulation at the EU and national levels and the apparent lack of academic consideration of VROs, researchers and practitioners have displayed enthusiasm concerning the opportunities that the introduction of VRO might provide. According to the 2017 report by Adelė Jaškūnaitė and Raminta Olbutaitė, prepared within the ‘Create Lithuania’ programme, even in the absence of a legal framework on VROs, Lithuania possessed the technical resources necessary to ensure communication with public institutions as a basis for the establishment of VRO. They concluded that there was a need to replace the physical address with a virtual one since a physical address, as an official registered office, had not fulfilled its purposes effectively. Legal entities had often been registered at so-called ‘mass addresses’, with some addresses serving as the registered offices of hundreds of companies. If VRO were to be introduced properly, this idea would reduce the financial burden on both public authorities and companies. The introduction of VRO would neither impact the corporate governance negatively as most communication among stakeholders in a company has been happening digitally. Inspired by the editorial of Lina Mikalonienė, in our recent research we have delved into the concept of a VRO and tried to evaluate the proper way it might be introduced.

For a VRO to replace registered office, it should be able to achieve the same functions as the registered office does: to ensure that the applicable law and jurisdiction are determined with respect to the legal person, and to ensure proper communication between a legal entity and its counterparties.

As far as the first function is concerned, there are reasons to conclude that applicable law and jurisdiction can be determined without knowing the exact physical location of a legal entity: information about the country where the entity is located should suffice. The VRO would be perfectly able to cope with the function of ensuring a connection between a legal entity and applicable law, even if we only knew the country that the legal entity came from. In that case, national law would be assigned the task of connecting the entity with the proper local laws and regulations, as well as the relevant local authorities. For instance, as far as Lithuania is concerned, a legal entity might have a VRO with a link to Vilnius and its city authorities.

Regarding the second function, it should primarily be noted that the existing regulation needs change. Such change needs to move in the direction of wider digitalisation, so that legal entities can act through a VRO instead of a physical address. While moving in this direction care should be taken not to forget about weaker parties, including consumers, some of which might be forced to communicate by regular mail due to poor digital skills or the absence of access to electronic tools. In addition, it is possible that some foreign state authorities might be prohibited to use such electronic system and be allowed to use only regular mail or services of clerks. Therefore, a link to a physical address to establish communication between a legal entity and its counterparties seems temporarily practical for the transition period till all players and society adapt to the system of e-communication and accept it more easily.

For these reasons, it is recommended that the EU interferes in this sphere by removing any misunderstandings and defining a registered office as including both a physical address and a VRO. EU intervention should also stipulate requirements for organisations that provide VRO in Member States, as well as setting out a legal basis for selecting a virtual address instead of a physical one and for the communication of domestic and foreign actors through VRO. These new rules need to contain safeguards against fraudulent practices, for this all legal entities using VRO should temporarily maintain a link to a physical address – for instance, the address of the director or another contact person. The suggested connection to a physical address should be viewed as a transitional compromise on a path to full VRO and the gradual development of improved virtual cross-border communication being the future replacement of the traditional registered office with its virtual counterpart.

 

For more information see: Bitė, V. and Romashchenko, I., 2023. The Concept of a Virtual Registered Office in EU Law: Challenges and Opportunities.  Utrecht Journal of International and European Law,  38(1), p.25–38.DOI: https://doi.org/10.5334/ujiel.605

The UK's pro-innovation AI regulatory framework is a step in the right direction

 

Asress Adimi Gikay (PhD), Senior Lecturer in AI, Disruptive Innovation, and Law (Brunel University London) Twitter @DrAsressGikay

Photo credit: via Wikicommons media

The Essence of the UK's pro-innovation regulatory approach  

After several years of evaluating the available options to regulate AI technologies, and the publication of the  National AI Strategy in 2021 setting out a regulatory plan, the UK government finally set out its pro-innovation regulatory framework in a white paper published in March of this year. The government is currently collecting responses to consultation questions. 

The white paper specifies that the country is not ready to enact a statutory law in the foreseeable future governing AI. Instead, regulators will issue guidelines implementing five principles outlined in the white paper. According to the white paper, following the initial period of implementation, and when parliamentary time allows, 'introducing a statutory duty on regulators requiring them to have due regard to the principles' is anticipated. So, an obligation to enforce the identified principles will imposed on regulators, if it is deemed necessary based on the lessons learned from the non-statutory compliance experience. But this will most likely not take place in the coming 2 to 3 years, if not more.

The UK's pro-innovation regime starkly contrasts with the upcoming European Union(EU) AI Act's risk-based regulation, applying different legal standards to AI systems based on the risk they pose.  The EU's proposed regulation bans specific AI uses, such as facial recognition technology (FRT), in publicly accessible spaces while imposing strict standards for developing and deploying the so-called high risk AI systems, including detailed safety and security, fairness, transparency and accountability. The EU's regulatory effort aims to tackle AI risks through a single legislative instrument overseen by a single national authority of member states. 

Undoubtedly, AI poses many risks ranging from discrimination in healthcare to reinforcing structural inequalities or perpetuating systemic racism in policing tools that could utilize (il)literacy, race, and social background to predict a person's likelihood to commit crimes. Certain AI uses also pose risks to privacy and other fundamental rights, as well as democratic values. However, the technology also holds tremendous potential for improving human welfare through enhancing the  efficient delivery of public services such as education, healthcare, transportation, and welfare. 

But is the UK's self-proclaimed pro-innovation framework, which uses a non-statutory regulatory approach to tackle the potential risks of AI technologies, appropriate?  

I contend that with additional fine-tuning, the approach taken by the UK better balances the risks and benefits of the technology, while also promoting socio-economically beneficial innovation.

Key components of the envisioned framework

The UK approach to AI regulation has three crucial components.  First, it relies on existing legal frameworks relevant to each sector such as privacy, data protection, consumer protection, and product liability laws, rather than implementing comprehensive AI-specific legislation. It assumes that many of the existing legislations being technology neutral would apply to AI technologies. 

Second, the white paper establishes five principles to be applied by each regulator in conjunction with the existing regulatory framework relevant to the sector. These principles are safety, security and robustness, appropriate transparency and explainability, fairness, accountability and governance, and contestability and redress.

Third, rather than a single regulatory authority, each regulator would implement the regulatory framework supported by a central coordinating body that among others, facilitates consistent cross-sectoral implementation. As such, it is up to individual regulators to determine how they apply the fundamental principles in their sectors. This could be called a semi-sectoral approach as the principles apply to all sectors, but their implementation may differ across sectors.

Although the white paper does not envision prohibition of certain AI technologies, some of the principles could be used to effectively prohibit certain use cases, for example unexplainable AI with potentially harmful societal impact.  Regulators are given a leeway, as a natural consequence of the flexibility offered by the approach adopted.

There will not be a single regulatory authority comparable to, for example, the Information Commissioner's Office that enforces data protection law in all areas. Initially, a statute will not require regulators to implement the principles. Actors in the AI supply chain will also have no legal obligation to comply with the principles unless the relevant principle is part of an existing legal framework. 

For instance, the principle of fairness requires developing and deploying AI systems that do not discriminate against persons based on any protected characteristics. This means that a public authority must fulfil its  Public Sector Equality Duty (PSED) under the Equality Act by assessing how the technology could impact different demographics. On the other hand, a private entity has no PSED as this obligation applies only to public authorities. Thus, private actors may avoid the obligation to comply with this particular aspect of the fairness principle unless they voluntarily choose to comply.

Why is the UK's overall approach appropriate? 

The UK’s flexible framework is generally a suitable approach to the governance of an evolving technology. Three key reasons can be provided for this.

   It allows evidence-based regulation.

Sweeping regulation gives the sense of preventing and addressing risks comprehensively. However, as the technology and its potential risks are yet to be understood reasonably, most AI risks today are a product of guesswork. 

This is a significant issue in AI regulation, as insufficient and non-contextualised evidence is increasingly used to advocate for specific regulatory solutions. For instance, risks of inaccuracy and bias identified in gender classification AI systems are frequently cited to support a total ban on law enforcement use of FRT in the UK. 

Although FRT has been used by law enforcement authorities in the UK several times, no considerable risk of inaccuracy has been reported because the context of law enforcement of FRT, especially in the UK, is different from online gender classification AI systems. Law enforcement use of FRT is highly regulated, so the technology deployed is also more stringently tested for accuracy, unlike an online commercial gender classification algorithm that operates in less regulated environments. Ensuring that relevant and context-sensitive evidence is used in proposing regulatory solutions is crucial.

By augmenting existing legal frameworks with flexible principles, the UK's approach enables regulators to develop tailored frameworks in response to context-sensitive evidence of harm emerging from the real-world implementation of AI, rather than relying on mere speculation. 

Better enforcement of sectoral regulation 

Scholars have debated for a while on whether sector-specific regulations enforced by a sectoral regulator are suitable in algorithmic governance. In a seminal piece, 'An FDA for Algorithm,’ Andrew Tutt advocated for creating a central regulatory authority for algorithms in the US comparable to the Federal Drug Administration. The EU has adopted this approach by proposing a cross-sectoral AI Act, enforceable by a single national supervisory authority. The UK chose a different path, which is likely the more sensible way forward.

Entrusting AI oversight to a single regulator across multiple sectors could result in an inefficient enforcement system, lacking public trust. Different regulatory agencies possessing expertise in specific fields, such as transportation, aviation, drug administration, and financial oversight, are better placed to regulate AI systems used in their sectors. Centralising regulation may lead to corruption, regulatory capture, or misaligned enforcement objectives, impacting multiple sectors. In contrast, a decentralised approach allows specific regulators to set enforcement policies, goals, and strategies, preventing major enforcement failures and promoting accountability.

The ICO can provide a good example.  Its track record in enforcing data protection legislation is exceptionally poor, despite having the opportunity to bring together all the required resources and expertise needed to perform its tasks. The ICO has failed miserably, and its failure impacts data protection in all sectors.

As the Centre for Data Innovation asserted, “If it would be ill-advised to have one government agency regulate all human decision-making, then it would be equally ill-advised to have one agency regulate all algorithmic decision-making."

The UK's proposed sectoral approach avoids the risk of having a single inefficient regulatory authority by distributing regulatory power across sectors.

Non-statutory approach and flexibility to address new risks

The non-statutory regulatory framework allows regulators to swiftly respond to unknown AI risks, avoiding lengthy parliamentary procedures. AI technology's rapid advancement makes it difficult to fully comprehend real-world harm without concrete evidence. 

Predicting emerging risks is also challenging, particularly regarding "AI systems that have a wide range of possible uses, both intended and unintended by the developers"(known as general purpose AI) and machine learning systems. Implementing a flexible regulatory framework allows the framework to be easily adapted to the evolving nature of the technology and the resulting new risks.

But two challenges need to be addressed   

The UK's iterative, flexible, and sectoral approach could successfully balance the risks and benefits of AI technologies only, if the government implements additional appropriate measures.

Serious enforcement  

The iterative regulatory approach would be effective only if the relevant principles are enforceable by regulators. There must be a legally binding obligation for relevant regulators to incorporate these principles in their regulatory remit and create a reasonable framework for enforcement. This means that regulators should have the power to take administrative actions while individuals should be empowered to seek redress for the violation of their rights or to compel compliance with existing guidelines.  If no such mechanism is implemented, the envisioned framework will not address the risks posed by AI technologies. 

Without effective enforcement tools, companies like Google, Facebook, or Clearview AI that develop and/or use AI will have no incentive to comply with non-enforceable guidelines. There is no evidence to support this, and there will never be.

Enforcing the principles does not require changing the flexible nature of the UK’s envisioned approach, as how the principles are implemented is still left to regulators.  The flexibility remains largely in the fact that the overall principles can be amended without a parliamentary process. So, regulators can tighten or loosen their standards depending on the context. However, a statute that says the essence of those principles should be implemented and enforced by the relevant regulators is necessary.

Defining the Role of the central coordinating body

The white paper emphasizes the need for a  central function to ensure consistent implementation and interpretation of the principles, identify opportunities and risks, and monitor developments. But regulators must consult this office when implementing the framework and issuing guidelines. 

Although the power to issue binding decisions may not need to be conferred, the central office should be mandated to issue non-binding opinions on essential issues, similar to the European Data Protection Board. Regulators should also be required to initiate a request for an opinion on certain matters formally. This would facilitate cross-sectoral consistency in implementing the envisioned framework and enable early intervention in tackling potential challenges.

Conclusion 

The UK has taken a step in the right direction in adopting a flexible AI regulation that fosters innovation and mitigates the risks of AI technologies. However, the regulatory framework needs to be enhanced to maintain the UK's leadership in AI. The lack of a credible enforcement system and solid coordination mechanism may undermine the objective of the envisioned framework, including deterring innovation and undermining public trust and international confidence in the UK regulatory regime.

Advocate General’s Opinion in Grupa Azoty again lays bare a serious gap in EU judicial protection, yet does nothing to plug the hole

 

Professor Geert van Calster, University of Leuven

Photo credit: Wojciech Antosz, via Wikimedia Commons

 

Executive summary: Early March Pikamäe AG opined in Joined Cases C 73/22P and C 77/22 P Grupa Azoty S.A. et al v European Commission, an Appeal procedure regarding the admissibility of an application for partial annulment of the Commission September 2020 ‘Guidelines on certain State aid measures in the context of the system for greenhouse gas emission allowance trading post-2021’. Pikamäe AG considers that the Applicants do not have standing to challenge the Guidelines at EU level. I challenge that position, in the light of the right to judicial review before the European Courts and of the Courts' case law on the matter. I conclude that the Opinion mistakenly identifies national judicial review of entirely speculative national measures as a guarantee to access to justice, and that in doing so it compounds the challenging limitation of access to the courts in a wider context (including the environmental context), too.

 

Introduction to the case at issue

In early March Pikamäe AG opined in Joined Cases C‑73/22P and C‑77/22P Grupa Azoty S.A. et al v European Commission. At first glimpse the case undoubtedly looks pretty dull to most observers, seeing as it engages an application for partial annulment of the Communication from the Commission of 25 September 2020 entitled ‘Guidelines on certain State aid measures in the context of the system for greenhouse gas emission allowance trading post-2021’. Hardly rock and roll. Such aid is generally granted to address potential ‘carbon leakage’, i.e. relocation of industry away from the EU and its stricter climate rules. The applicants manufacture fertilisers, nitrogen compounds, and man-made fibres, a sector not listed in Annex I to the guidelines at issue. This means they are no longer (for the sector was included in the previously applicable Annex II of the 2012 Guidelines) considered to be at risk from carbon leakage.

The General Court having declared the applications inadmissible due to lack of standing, the case has now come before the Court of Justice upon appeal.

A core element in the General Court’s reasoning was [40-42] that the undertakings’ right to challenge the removal from the Annex and their consequential loss of potential State Aid, continued to be guaranteed seeing as Member States may still grant them such aid outside of the Guidelines’ framework, subject to notification to the European Commission. The likely refusal by the Commission to declare the aid compatible with the Internal Market, may then, the General Court suggested, be challenged before the European Courts.

It is this speculative reasoning which raises general concerns with respect to access to justice before the European Courts.

 

General framework for access to judicial review before the European Courts

Access to judicial review proceedings at the Court of Justice of the European Union (CJEU) is a long contested issue. Article 263 TFEU grants EU Institutions ‘privileged access’ to the European Courts. These are included in paragraphs 2 and 3 of the Article and they are the Member States, the Council, the Commission, the European Parliament, the Court of Auditors, the European Central Bank and the Committee of the Regions. The latter 3 Institutions may only bring an action "for the purpose of protecting their prerogatives".

The fourth paragraph of Article 263 TFEU deals with the so-called "non-privileged" applicants. In the General Court’s Order in the case under discussion, standing requirements for the non-privileged applicants are summarised as follows [26]:

“The admissibility of an action brought by natural or legal persons against an act which is not addressed to them, in accordance with the fourth paragraph of Article 263 TFEU, is subject to the condition that they be accorded standing to bring proceedings, which arises in two situations. First, such proceedings may be instituted if the act is of direct and individual concern to those persons. Secondly, such persons may bring proceedings against a regulatory act not entailing implementing measures if that act is of direct concern to them..” (references to case-law omitted).

 

Direct concern. The condition of "direct concern", while a hurdle, is not their main stumble block for standing. Indeed for a person to be directly concerned by a Union act, the measure must directly affect the legal situation of the individual and leave no discretion to the addressees of that measure who are entrusted with the task of implementing it, such implementation being pure, automatic and resulting from Union rules without the application of other intermediate rules. This is recurrent case law, going back in particular to the 1978 Simmenthal judgment.

Individual concern.  The condition of "individual concern", turned out to be much more of roadblock. The approach of the Court is known as the "Plaumann" test, after a 1963 case involving a German importer of clementines. The CJEU held in Plaumann that

"(p)ersons other than those to whom a decision is addressed, may only claim to be individually concerned if that decision affects them by reason of certain attributes which are peculiar to them, or by reason of circumstances in which they are differentiated from all other persons and by virtue of these factors distinguishes them individually just as in the case of the person addressed."

This test is difficult enough on paper itself. However in practice it has become even more stringent in that for economic operators, the Court typically holds that these are affected by reason of a commercial activity which may at any time be practised by any person and is not therefore such as to distinguish the applicant in relation to the contested measure as in the case of the addressee. The Plaumann test essentially amounts to a "closed shop" test: to be individually concerned by a decision addressed to another person (including Regulations and Directives addressed to Member States), an applicant needs to show that it is part of a "closed circle of persons who were known at the time of its adoption"  (a much repeated formula, e.g. in Federcoopesca).

 

The second alternative for standing in the case of non-privileged applicants (actions viz regulatory acts not entailing implementing measures if that act is of direct concern to them) obviously drops the strict ‘individual concern’ requirement and was introduced with the Treaty of Lisbon. In PGNiG Supply, the General Court held [54] that the condition

“is to be interpreted in the light of that provision’s objective, which, as is clear from its origin, consists in preventing an individual whose legal situation is nevertheless directly altered by an act from being denied effective judicial protection with regard to that act. In the light of that objective, it appears that the third limb of the fourth paragraph of Article 263 TFEU is designed to apply only when the disputed act, in itself, in other words irrespective of any implementing measures, alters the legal situation of the applicant.”

The core to this argument of the General Court’s order, is quite clearly and as it emphasises itself, the rule of law’s core contention of ensuring effective judicial protection.

It is on this point that I should like to take issue with Pikamäe’s Opinion in Grupa Azoty.

 

The challenge with the AG Opinion

—The AG’s suggestion (32) that the Court for the first time needs to hold on the potential to challenge Commission State Aid guidelines is, with respect, neither here nor there. The standing requirements for judicial review necessarily focus on the content of the measure, regardless of their nomenclature. The Guidelines at issue are developed in such detail and, importantly, with the specific instruction not to grant aid to non-Annex sectors, that one fails to see where the Member States’ discretion may at all lie. The AG’s reference (35) ff to the legal nature of guidelines, circumscribed only by general principles of EU law such as proportionality, are sophistic at best, and his continued use of the word ‘soft-law’ for Guidelines of this kind obfuscates their true impact.

—The AG’s justification of the General Court’s abstract reasoning as fitting perfectly within the Court’s existing case-law, may be arguable at a theoretical level in the light of the CJEU authorities. Yet it fails to consider the practical impact of the Guidelines. At this point, it is useful to remind ourselves of the consequences of the standing rules in the perhaps more rock and roll area of environmental law.

The impact of the restrictive approach to standing in the area of environmental law, paved the way for Advocate General Jacob’s Opinion in Union de Pequenos Agricultores (UPA) – not followed by the Court, and to what was then the Court of First Instance’s judgment in Jégo-Quéré. The Court of Justice however rejected the AG’s and CFI’s attempts to broaden access in Greenpeace.

Regardless of whether the CJEU was correct in Greenpeace (I would submit it was not), at least its optimistic presumption in that case that access to effective judicial protection is guaranteed via the preliminary reference procedure, somewhat cynically bears out in practice. The route via national courts presupposes that the Union measure at issue requires acts of implementation by the national authorities. This often then obliges the individual concerned to engineer a violation of the rules laid down by the measures, and subsequently use invalidity as a defence in any criminal or civil action directed against it. As Advocate General Jacobs argued, it would seem unacceptable that individuals be required to break the law, in order to gain access to justice. Yet, at least this engineered route is often available.

In the scenario at issue in Grupa Azoty, that prospect is fanciful. One cannot engineer a breach of State Aid rules in the entirely speculative case that a Member State does, despite the clear instructions in the guidelines, grant aid outside of it.

—Importantly, the AG in his final considerations puts the access to justice cart before the horse, where he argues

“whilst I am aware of the prevailing opinion regarding the need to expand the routes by which individuals access justice at EU level, I question whether it would be desirable, in general, for the Court to find that a soft law instrument like the guidelines at issue is a challengeable measure, and that any competitor that is able to show that it satisfies the requirement of direct concern, as identified in the judgment in Montessori, is thus entitled to bring a legal challenge where that measure constitutes a ‘regulatory act’ within the meaning of the last paragraph of Article 263(4) TFEU. I would note in this regard that, because they can be adopted quickly and adapted to contingent economic situations, these soft law instruments have been used, for example, to frame the Member States’ response to the recent crises caused by the collapse of the banking system, the COVID-19 pandemic and the outbreak of the war in Ukraine. In such situations, could the Commission be expected to adopt measures to make the exercise of its discretion more foreseeable and transparent knowing that the lawfulness of certain provisions can be directly challenged before the General Court? Could an increase in the number of those actions, which would then seem easily foreseeable, not paralyse the Commission’s clarificatory action? Is the revision of the problematic provisions of those measures by the Commission itself not sufficient for the economic operators concerned?”

 

With respect, first of all the practical implications of granting in the case at issue a circumscribed group of applicants standing, are exceedingly minimal. Under the current Guidelines only a very small group of operators have lost potential State Aid to which they had access under the previous ones. More fundamentally, practical management of access to courts necessarily must follow that very access being guaranteed — not the other way around: access must not be circumscribed by its practical management.

 

In conclusion, the Opinion mistakenly identifies national judicial review of entirely speculative national measures as a guarantee to access to justice. In doing so it compounds the challenging limitation of access to the courts in a wider context (including the environmental context), too.