This document is an excerpt from the EUR-Lex website
Document 31994H0820
94/820/EC: Commission Recommendation of 19 October 1994 relating to the legal aspects of electronic data interchange (Text with EEA relevance)
94/820/EC: Commission Recommendation of 19 October 1994 relating to the legal aspects of electronic data interchange (Text with EEA relevance)
94/820/EC: Commission Recommendation of 19 October 1994 relating to the legal aspects of electronic data interchange (Text with EEA relevance)
OJ L 338, 28/12/1994, p. 98–117
(ES, DA, DE, EL, EN, FR, IT, NL, PT)
In force
94/820/EC: Commission Recommendation of 19 October 1994 relating to the legal aspects of electronic data interchange (Text with EEA relevance)
Official Journal L 338 , 28/12/1994 P. 0098 - 0117
COMMISSION RECOMMENDATION of 19 October 1994 relating to the legal aspects of electronic data interchange (Text with EEA relevance) (94/820/EC) THE COMMISSION OF THE EUROPEAN COMMUNITIES, Having regard to the Treaty establishing the European Community, Whereas Council Decision 91/385/EEC (1) established the second phase of the Tedis programme (trade electronic data interchange systems), Article 3 thereof relating to the legal aspects of electronic data interchange (EDI); whereas Annex 1 to that Decision provides for the finalization of the draft European Model EDI Agreement; Whereas agreements for the participation of the EFTA countries, namely Austria, Finland, Iceland, Norway, Sweden and Switzerland, were approved by the Council in 1989 (2); Whereas EDI, by facilitating the exchanges of data between users, can contribute increasingly to the competitiveness of European undertakings in the manufacturing and services sectors; Whereas the promotion and swift development of EDI in Europe and between Europe and third countries requires a better understanding on the part of economic operators of the legal implications of conducting transactions by the use of EDI; Whereas the work already initiated in the field of electronic data interchange during the first phase of the Tedis programme (1988 to 1989), established by Council Decision 87/499/EEC (3), resulted in the preparation of a draft of a 'European Model EDI Agreement'; Whereas a 'European Model EDI Agreement' would contribute to the promotion of EDI by providing a flexible and concrete approach to the legal issues raised by the use of EDI, encouraging cooperation between users for the exchange of EDI messages; Whereas the use of a 'European Model EDI Agreement' would improve the legal framework by providing a uniform approach to the legal issues; whereas it would increase the legal certainty for trading partners and reduce the uncertainty arising from the use of EDI; whereas it would avoid the need for every undertaking, especially small and medium-size companies, to draft their own 'Interchange Agreement' and consequently avoid duplication of work; Whereas the 'European Model EDI Agreement' consists of legal provisions which need to be supplemented by technical specifications provided in a technical Annex according to the user's specific needs; Whereas the 'European Model EDI Agreement' aims at ensuring an appropriate protection of confidential and personal data, in particular in the light of the proposal for a Council Directive on the protection of individuals with regard to the processing of personal data and on the free movement of such data (4); Whereas the 'European Model EDI Agreement' supports international and European standards; Whereas the need for standardized 'Interchange Agreements' is recognized by other international organizations involved in the promotion of EDI such as the United Nations Economic Commission for Europe (UN/ECE) - Working Party on Facilitation of International Trade Procedures through its Programme of work on Legal Issues, and the United Nations Commission on International Trade Law (Uncitral); Whereas the existence of a uniform European approach to issues relating to the use of EDI will improve the position of undertakings within the Member States in their negotiating power when trading via EDI with third countries; Whereas the Commission will continue to monitor the developments in this area and, should the need occur, take the appropriate measures to up-date, revise and supplement this European Model EDI Agreement, HEREBY RECOMMENDS: 1. That economic operators and organizations conducting their trading activities by EDI use the European Model EDI Agreement and its commentary, as set out in the Annexes hereto; 2. That Member States facilitate the use of this 'European Model EDI Agreement' and provide the most appropriate measures to that end. Done at Brussels, 19 October 1994. For the Commission Martin BANGEMANN Member of the Commission (1) OJ No L 208, 30. 7. 1991, p. 66. (2) Council Decisions 89/689/EEC, 89/690/EEC, 89/691/EEC, 89/692/EEC, 89/693/EEC and 89/694/EEC, OJ No L 400, 30. 12. 1989, pp. 1, 6, 11, 16, 21 and 26. (3) OJ No L 285, 8. 10. 1987, p. 35. (4) COM (92) 422 final - SYN 287. ANNEX 1 EUROPEAN MODEL EDI AGREEMENT LEGAL PROVISIONS Table of contents Page Article 1 Object and scope 100 Article 2 Definitions 100 Article 3 Validity and formation of contract 101 Article 4 Admissibility in evidence of EDI messages 101 Article 5 Processing and acknowledgement of receipt of EDI messages 101 Article 6 Security of EDI messages 102 Article 7 Confidentiality and protection of personal data 102 Article 8 Recording and storage of EDI messages 102 Article 9 Operational requirements for EDI 103 Article 10 Technical specifications and requirements 103 Article 11 Liability 103 Article 12 Dispute resolution 104 Article 13 Applicable law 104 Article 14 Effect, modification, term and severability 104 EUROPEAN MODEL EDI AGREEMENT LEGAL PROVISIONS This European Model Electronic Data Interchange (EDI) Agreement is concluded by and between: and hereinafter referred to as 'the parties', Article 1 Object and scope 1.1. The 'European Model EDI Agreement', hereinafter referred to as 'the Agreement', specifies the legal terms and conditions under which the parties, conducting transactions by the use of electronic data interchange (EDI), operate. 1.2. The Agreement consists of the legal provisions set out in the following and shall be completed by a Technical Annex 1.3. Unless otherwise agreed by the parties, the provisions of the Agreement are not intended to govern the contractual obligations arising from the underlying transactions effected by the use of EDI. Article 2 Definitions 2.1. For the purpose of the Agreement, the following terms are defined as follows; 2.2. EDI: Electronic data interchange is the electronic transfer, from computer to computer, of commercial and administrative data using an agreed standard to structure an EDI message. 2.3. EDI message: An EDI message consists of a set of segments, structured using an agreed standard, prepared in a computer readable format and capable of being automatically and unambiguously processed. 2.4. UN/Edifact: As defined by the UN/ECE (1), the United Nations rules for electronic data interchange for administration, commerce and transport, comprise a set of internationally agreed standards, directories and guidelines for the electronic interchange of structured data, and in particular, interchange related to trade in goods and services, between independent computerized information systems. 2.5. Acknowledgement of receipt: The acknowledgement of receipt of an EDI message is the procedure by which, on receipt of the EDI message, the syntax and semantics are checked, and a corresponding acknowledgement is sent by the receiver. Article 3 Validity and formation of contract 3.1. The parties, intending to be legally bound by the Agreement, expressly waive any rights to contest the validity of a contract effected by the use of EDI in accordance with the terms and conditions of the Agreement on the sole ground that it was effected by EDI. 3.2. Each party shall ensure that the content of an EDI message sent or received is not inconsistent with the law of its own respective country, the application of which could restrict the content of an EDI message, and shall take all necessary measures to inform without delay the other party of such an inconsistency. 3.3. A contract effected by the use of EDI shall be concluded at the time and place where the EDI message constituting acceptance of an offer reaches the computer system of the offeror. Article 4 Admissibility in evidence of EDI messages To the extent permitted by any national law which may apply, the parties hereby agree that in the event of dispute, the records of EDI messages, which they have maintained in accordance with the terms and conditions of this Agreement, shall be admissible before the Courts and shall constitute evidence of the facts contained therein unless evidence to the contrary is adduced. Article 5 Processing and acknowledgement of receipt of EDI messages 5.1. EDI messages shall be processed as soon as possible after receipt, but in any event, within the time limits specified in the Technical Annex. 5.2. An acknowledgement of receipt is not required unless requested. An acknowledgement of receipt can be requested by specific provision included in the Technical Annex or by express request of the sender in an EDI message. 5.3. Where an acknowledgement is required, the receiver of the EDI message to be acknowledged shall ensure that the acknowledgement is sent within one business day of the time of receipt of the EDI message to be acknowledged, unless an alternative time limit has been specified in the Technical Annex. A business day means any day except a Saturday, Sunday or any declared public holiday in the intended place of receipt of an EDI message. The receiver of an EDI message requiring an acknowledgment shall not act upon the content of the EDI message until such adknowledgement is sent. 5.4. If the sender does not receive the acknowledgement of receipt within the time limit, he may, upong giving notification to the receiver to that effect, treat the EDI message as null and void as from the expiration of that time limit or initiate an alternative recovery procedure as specified in the Technical Annex, to ensure effective receipt of the adknowledgement. In case of failure of the recovery procedure, within the time limit, the EDI message will definitely be treated as null and void, as from the expiration of that time limit, upon notification to the receiver. Article 6 Security of EDI messages 6.1. The parties undertake to implement and maintain security procedures and measures in order to ensure the protection of EDI messages against the risks of unauthorized access, alteration, delay, destruction or loss. 6.2. Security procedures and measures include the verification of origin, the verification of integrity, the non-repudiation of origin and receipt and the confidentiality of EDI messages. Security procedures and measures for the verification of origin and the verification of integrity, in order, to identify the sender of any EDI message and to ascertain that any EDI message received is complete and has not been corrupted, are mandatory for any EDI message. Where required, additional security procedures and measures may be expressly specified in the Technical Annex. 6.3. If the use of security procedures and measures results in the rejection of, or in the detection of an error in an EDI message, the receiver shall inform the sender thereof, within the specified time limit. The receiver of an EDI message which has been rejected, or which contains an error shall not act upon the EDI message before receiving instructions from the sender. Where a rejected or erroneous EDI message is retransmitted by the sender, the EDI message should clearly state that it is a corrected EDI message. Article 7 Confidentiality and protection of personal data 7.1. The parties shall ensure that EDI messages containing information specified to be confidential by the sender or agreed mutually to be confidential between the parties, are maintained in confidence and are not disclosed or transmitted to any unauthorized persons nor used for any purposes other that those intended by the parties. When authorized, further transmission of such confidential information shall be subject to the same degree of confidentiality. 7.2. EDI messages shall no be regarded as containing confidential information to the extent that such information is in the public domain. 7.3. The parties may agree to use a specific form of protection for certain messages such as a method of encryption to the extent permitted by law in either of their respective countries. 7.4. Where EDI messages which include personal data are sent or received in countries where no data protection law is in force, and until a relevant Community legislation is implemented, each party agrees as a minimum standard, to respect the provisions of the automatic processing of personal data (5). Article 8 Recording and storage of EDI messages 8.1. A complete and chronological record of all EDI messages exchanged by the parties in the course of a trade transaction shall be stored by each party, unaltered and securely, in accordance with the time limits and specifications prescribed by the legislative requirements of its own national law, and, in any event, for a minimum of three years following the completion of the transaction. 8.2. Unless otherwise provided by national laws, EDI messages shall be stored by the sender in the transmitted format and by the receiver in the format in which they are received. 8.3. Parties shall ensure that electronic or computer records of the EDI messages shall be readily accessible, are capable of being reproduced in a human readable form and of being printed, if required. Any operational equipment required in this connection shall be retained. Article 9 Operational requirements for EDI 9.1. The parties undertake to implement and maintain the operational environment to operate EDI according to the terms and conditions of this Agreement, which includes but is not limited to the following: 9.2. Operational equipment The parties shall provide and maintain, the equipment, software and services necessary to transmit, receive, translate, record and store EDI messages. 9.3. Means of communication The parties shall determine the means of communication to be used, including the telecommunication protocols and if required, the choice of third party service providers. 9.4. EDI message standards All EDI messages shall be transmitted in accordance with the UN/Edifact standards, recommendations and procedures (1) as approved by the United Nations Economic Commission for Europe (UN/ECE-NP 4) and with European standards. 9.5. Codes Data element code lists referred to in EDI messages shall include UN/Edifact maintained code lists, international code lists issued as ISO international standards and UN/ECE or other officially published code lists. Where such code lists are not available, preference shall be given to the use of code lists published, maintained and ensuring correspondences with other coding systems. Article 10 Technical specifications and requirements The Technical Annex shall include the technical, organizational and procedural specifications and requirements to operate EDI according to the terms of this Agreement, which includes but is not limited to the following: - operational requirements for EDI, as referred to in Article 9, including, operational equipment, means of communication, EDI message standards and codes, - processing and acknowledgement of EDI messages, - security of EDI messages, - recording and storage of EDI messages, - time limits, - procedures for tests and trials to establish and monitor the adequacy of the technical specifications and requirements. Article 11 Liability 11.1. No party to this Agreement shall be liable for any special, indirect or consequential damages caused by a failure to perform its obligations of this Agreement. 11.2. No party to this Agreement shall be liable for any loss or damage suffered by the other party caused by any delay or failure to perform in accordance with the provisions of this Agreement, where such delay or failure is caused by an impediment beyond that party's control and which could not reasonably be expected to be taken into account at the time of conclusion of the Agreement or the consequences of which could not be avoided or overcome. 11.3. If a party engages any intermediary to perform such services as the transmission, logging or processing of an EDI message, that party shall be liable for damage arising directly from that intermediary's acts, failures or omissions in the provision of said services. 11.4. If a party requires another party to use the services of an intermediary to perform the transmission, logging or processing of an EDI message, the party who required such use shall be liable to the other party for damage arising directly from that intermediary's acts, failures or omissions in the provision of said services. Article 12 Dispute resolution Alternative 1 (1) Arbitration clause Any dispute arising out of or in connection with this Agreement, including any question regarding its existence, validity or termination, shall be referred to and finally resolved by the arbitration of a (or three) person(s) to be agreed by the parties, or failing agreement, to be nominated by ................................... (5), in accordance with and subject to the rules of procedure of ................................... (6). Alternative 2 (1) Jurisdiction clause Any dispute arising out of or in connection with this contract shall be referred to the courts of ................................... (7), which shall have sole jurisdiction. Article 13 Applicable law Without prejudice to any mandatory national law which may apply to the parties regarding recording and storage of EDI messages or confidentiality and protection of personal data, the Agreement is governed by the law of ................................... (7). Article 14 Effect, modifications, term and severability 14.1. Effect The Agreement shall be effective from the date on which it is signed by the parties. 14.2. Modifications Where required, additional or alternative provisions to the Agreement, agreed in writing by the parties, will be considered as part of the Agreement as from their signature. 14.3. Term Any party may terminate the Agreement by giving not less than one month's notice either by registered post or by any other means agreed between the parties. Termination of the Agreement shall only affect transactions after that date. Notwithstanding termination for any reason, the rights and obligations of the parties referred to in Articles 4, 6, 7 and 8 shall survive termination. 14.4. Severability Should any Article or part of an Article of the Agreement be deemed invalid, all other Articles shall remain in full force and effect. (1) United Nations Economic Commission for Europe. (2) Convention No 108 of the Council of Europe of 28 January 1981. (3) UN/Edifact Syntax Rules ISO 9735 - EN 29735, UN/Edifact TDED ISO 7372 - EN 27372. The Untdid (United Nations trade data interchange directory) includes also the UN/Edifact message design guidelines, Syntax implementation guidelines, Data elements directory, Code list, Composite data elements directory, Standard segments directory, UNSMs directory and Uncid. (4) A choice is to be made by the parties between Alternative 1 'Arbitration clause' or Alternative 2 'Jurisdiction clause'. (5) An 'appointing authority' has to be completed by the parties. (6) A 'choice of procedure of commercial arbitration' has to be completed by the parties. (7) A 'country' has to be completed by the parties. ANNEX 2 EUROPEAN MODEL EDI AGREEMENT LEGAL PROVISIONS COMMENTARY Introduction The 'European Model EDI Agreement' provides EDI users with a set of provisions which constitute a model for an 'interchange agreement'. To avoid confusion with technical interchange agreements it has been called an 'EDI Agreement', a name which also reflects its object as described in Article 1. It is mainly the result of a consensus process reached at European level and intends to cover the needs of European undertakings and organizations. However it has been drafted by taking into account the international developments in this field. To provide the appropriate legal framework, the European Model EDI Agreement consists of a full agreement to regulate relationships between economic operators or other users of EDI which needs to be formally executed. As a model it offers the possibility for adaptation where required (1). I. Objectives of the European Model EDI Agreement Different legal issues have been identified with the use of EDI for the purposes of commercial transactions or other purposes involving legal consequences. Although these issues do not prevent the use of EDI they are creating legal uncertainty. One of the most pragmatic ways to address these issues is to resolve them, to the extent possible, in a contractual framework. The objective of the 'European Model EDI Agreement' is to provide the EDI users with a tool which answers the need for a contractual basis, thus avoiding the necessity to start the drafting of their own agreement and the consequent duplication of work. The availability of such a model at European level is also an opportunity to improve the consistency of these agreements outside national boundaries, with the consequent increase of security that can be expected from such an approach. II. Content of the European Model EDI Agreement The Agreement can be adopted, as it is provided, by the parties. As a bilateral document it allows the parties to fill in their references and adopt it as such. It can also be used as a multilateral agreement and be adopted by a group of companies, by one or more organizations, by a community of users or by any users group. Article 1 Object and scope 1.1. EDI The object of the European Model EDI Agreement, 'the Agreement', as of most interchange agreements, is to govern the EDI relationships between the parties and the terms and conditions under which the parties using EDI for their transactions operate. 1.2. Legal provisions and Technical Annex The 'European Model EDI Agreement' provides for the legal provisions which need to be addressed when using EDI. Some of the legal provisions include general references to technical matters. These technical matters require further specifications. They are often found in so-called 'users manuals'. The legal provisions of the 'European Model EDI Agreement' need to be completed by a Technical Annex which will include the necessary technical specifications as determined by the parties. The Technical Annex is left to the EDI users to develop, draft and/or agree according to their needs, although the basic requirements referred to in the legal provisions have to be taken into account. In the current legal environment, the legal provisions should be signed by the parties to show that they intend to enter into an agreement. Subsequent rights and obligations and the legal consequences of the use of EDI between the parties will derive from this Agreement. As a model agreement, it can be amended to suit the specific needs of the parties. Article 14 contains the provisions relating to modifications of the legal provisions. 1.3. Underlying transactions It should be emphasized that the Agreement only governs the EDI relations between the parties and is not, unless otherwise agreed by the parties, intended to govern the substance of transactions which will effectively be carried out using EDI. Article 2 Definitions 2.1. The definitions which have been inserted in this Article are the general definitions of EDI, EDI message, UN/Edifact and acknowledgement of receipt, as these are basic definitions used throughout the Agreement. They aim at ensuring an unambiguous understanding of these terms used in the Agreement. Some specific definitions, which have been referred to only once, have been inserted in the corresponding Articles. 2.2. EDI Many EDI definitions exist and the choice of the definition here is essentially based on a definition which has been widely used and has been referred to, notably by the UN/Edifact rapporteurs (1). It emphasises the essential features of EDI. The use of the term 'agreed standard' includes, but is not limited to, the use of UN/Edifact standards and may be applied to such other standards as the parties may agree. 2.3. EDI message EDI is based on the use of structured and coded messages, the main characteristic of which is their ability to be processed by computers and transmitted automatically and without ambiguity. This definition emphasizes these essential characteristics, which make EDI specific in comparison with other data exchange such as electronic mail. 2.4. UN/Edifact The definition is the official definition adopted by the United Nations Economic Commission for Europe - Working Party on Facilitation of International Trade Procedures. In the Agreement it is intended that EDI relates to the exchange of messages structured on the basis of UN/Edifact standards and recommendations. UN/Edifact standards are European and international and are those approved by standardization bodies such as CEN and ISO. As such, they should be recommended taking account of the support to these standards provided for by the Tedis programme, acting as the Secretariat of the Edifact Board for western Europe, and according to the European Commission standardization approach. 2.5. Acknowledgement of receipt As they are different kind of acknowledgement of receipt of an EDI message, it is essential to indicate clearly which level of acknowledgement is referred to, in order to avoid confusion. This definition reflects the level chosen within the Agreement in particular as it is referred to in Article 5. Article 3 Validity and formation of contract 3.1 and 3.2. Validity of contract Paragraph 3.1 attempts to emphasise the intention of the parties to form valid and binding contracts by EDI and to provide proof of this intention to third parties. As such the provision provides that parties will not challenge the validity of transactions effected by use of EDI, on the sole ground of that means. The law applicable to the data transferred might be different from one country to the other and the parties may not necessarily be aware of national law's restrictions on the content of an EDI message. It is reasonable to ensure that parties will take care to respect the national legislation applicable to the content of the EDI message. A provision in relation with this is included in paragraph 3.2. Whenever the data included in an EDI message received is inconsistent with the national law of the receiver, the obligation on him will be to inform the other party of this inconsistency and he may then be able to take measures to avoid breach of its own law. An example of such legal requirement, which might impose limitation on the content of a message. Is the case where messages are sent from a country with no personal data protection legislation to a country where restrictions exist. 3.3. Formation of contract Paragraph 3.3 is relating to the time and place where a contract is concluded or formed. The determination of the moment and time of formation of a contract is important with regard to the legal consequences it involves. Rules have been defined as regards contracts concluded by mail or telephone but uncertainty still exists on the kind of rule which might be applicable to contracts concluded by EDI. A clear provision regarding the applicable rule would, as a consequence, ensure more security. A majority of Member States approve, for contracts concluded where parties are not in the presence of each other, the application of the 'reception rule' which ensures that acceptance takes place at the place and at the time of receipt of such acceptance by the offeror. The Vienna Convention on the international sale of goods provides for this rule to be applicable to contracts concluded 'at distance'. The conclusion of a study carried out in the first phase of the Tedis programme supports the view that this rule is the best to apply to EDI contracts (1), in particular as it avoids, to a large extent, the risks of conflicts of laws in connection with the use of EDI. These elements justify the endorsement of that rule in the EDI Agreement. The reception rule, in the case of the European Model EDI Agreement, is to be understood as the rule whereby an EDI message is received at the time and the place where the message reaches the computer of information system of the offeror. Article 4 Admissibility in evidence of EDI messages The area of admissibility and evidential value is one where uncertainty is still predominant. As in most countries legal provisions regarding evidence are not mandatory, specifically in the commercial area, agreement between parties can be reached on the questions of evidence. By reaching an agreement between parties, this uncertainty can be partly reduced. Effecting transactions by EDI as an alternative to paper, implies that the EDI messages will replace effectively the documents that were exchanged previously on paper. It implies that the parties can rely on these exchanges of messages to provide the evidence of the facts which have happened, in the case of a dispute for example. Within the boundaries of any law which may apply and provided that the parties have respected the provisions of the Agreement, these EDI messages should be admissible before the Courts as evidence and should also be recognized as a means to provide evidence of the facts that are recorded unless evidence to the contrary is provided. This Article intends to reflect these views. National legal requirements may however limit the application of such a clause. Article 5 Processing and acknowledgement of receipt of EDI messages 5.1. Processing of EDI messages In this Article 'processing' means that the EDI message is dealt with by the receiver. As EDI means increased automatic processing, time limits are of the utmost importance. The parties should commit themselves to deal with the EDI messages they receive in a fixed time which should be included in the Technical Annex. In the case where no time limit has been decided by the parties they should process messages as soon as possible after receipt. A list of the provisions of the Agreement where time limits have been included and which are subject to specification in the Technical Annex or modification is annexed to this document. This provision is included, not only to ensure commercial efficiency and good business practices, but also in order to define the contractual rights and obligations of the parties in the event where a message is not received, is late or contains errors and the contract is thereby frustrated. 5.2. Acknowledgement of EDI messages The acknowledgement of receipt concept has often been misunderstood in particular with regard to the content of the EDI message itself. The definition introduced in this Agreement (Article 2) aims at clarifying the level of acknowledgement which is envisaged in this Model EDI Agreement. Different levels of acknowledgement are available. Acknowledgement can be automatically transmitted at the level of the telecommunication network when the message is made available to the receiver, it can be automatically sent upon the receipt of the EDI message at the information system of the receiver without any verification, it can be sent after some verification has been achieved, it can also at some stage mean acceptance of the content of the message or confirmation that the receiver will act on the content of the message. The level chosen in the European Model EDI Agreement does more than simply confirm the receipt. It corresponds to the level where verification of semantics and syntax is achieved and consists of a response to the EDI message sent stating that the message has been received and that the syntax and semantics of the message are correct. Parties may require other levels of acknowledgement, which in that case should be determined by them, according to their needs and the appropriate details should be included in the Technical Annex. The principle stated in Article 5 is that an acknowledgement of receipt of an EDI message is not required unless requested. Provision may be made, in the Technical Annex, for all EDI messages or for certain categories of messages (i.e. all 'ORDER' messages) to be automatically checked and acknowledged. Alternatively, if no specific provision has been made regarding acknowledgement, the appropriate segment for a request for acknowledgement may be included within a message sent. Not all messages will require an acknowledgement and the Technical Annex should clearly differentiate between those which do and those which do not. 5.3. Time limit and acknowledgement of receipt transmission EDI is characterized notably by an increased reliability due to a reduction in errors, faster and more accurate information flows and by an increased automation of the processing of data. Acknowledgements contribute to the reliability and accuracy of EDI and time limits are in this context critical. The importance of the time limit for sending the acknowledgement derives from the fact that the EDI message may not be acted upon, and hence contractual obligations may not be carried out, until the acknowledgement, when required, has been sent. One business day is deemed to be an appropriate time limit in the EDI environment. However, 'Just-in-Time' management or other priorities may require more strict adjustment of time, or it may seem inappropriate or unpractical and an extension might be required, in which case the parties should adjust the time limit and complete the EDI Agreement as they will agree. Although this provision provides definition of a business day, it may prove useful for the parties to specify more precisely the public or other holidays or the time of availability of the system. An obligation to send an acknowledgement of an EDI message is placed on the receiver, who should not act on a message, which requires an acknowledgement to be sent, if such acknowledgement has not been forwarded. 5.4. Failure of receipt of an acknowledgement In the case where an acknowledgement is not received by the sender of an EDI message who has requested such an acknowledgement, within the applicable time limit, it is reasonable that he is allowed to assume that there has been a problem with the message or that the receiver does not want to, or cannot, deal with it and consequently that he should be able to consider such message as null and void provided he so advises the receiver. This latter condition will be particularly useful in the situation where a problem has occurred with the transmission of the acknowledgement. Time limits again will be critical Alternatively, the parties may determine a recovery procedure for the cases where technical problems have occurred and the sender of an EDI message for which an acknowledgement is required may initiate such kind of recovery procedure if he does not receive the acknowledgement within the prescribed time limit. The details of such procedure should be determined in the Technical Annex. Article 6 Security of EDI messages 6.1. Obligations of parties A satisfactory level of security for messages must be ensured to avoid any risks that may be associated with the exchange of messages by EDI, and such a level will depend upon the importance of the transactions or messages exchanged. 6.2. Security procedures and measures Verifications of origin and integrity are stated to be mandatory for any EDI message as they constitute a basic level of security. Parties are, however, strongly recommended to agree, where required, on additional security measures, the degree of which will no doubt depend on the value and importance of the subject-matter of the messages and the possible liability in the event of an unsuccessful exchange of messages. Control measures are provided in the UN/Edifact directories and guidelines, such as specific checks, acknowledgement of receipt, control count, reference number, identification etc. More elaborated controls may be necessary, in particular when transactions are important and could mean the use of some specific messages to increase the security such as those recommended by security experts (1), or any other available security means or method, including, as an example, digital signatures. The means, methods and specifications of security and the messages to be used between the parties, to ensure the level of security required, should be set out in detail in the Technical Annex. 6.3. Failure of security procedures Information of the sender about the failure of an EDI message exchange or about an error in a message needs to be ensured in specified time limits in order to allow the sender to initiate any possible action, whenever this is possible. In case of a rejection of an EDI message or of detection of an error, instructions from the sender have to be required before any other action is undertaken about the message itself. Article 7 Confidentiality and protection of personal data 7.1. Confidentiality The level of confidentiality to be maintained for EDI messages is intended to reflect the level adhered to in the paper environment. The level of confidentiality of a message should be maintained whenever a message is subject to subsequent transmission. 7.2. Public domain Information in the public domain is intended to be understood in the general sense of the words, that is, any information which is commonly known and to which a member of the public might have easy access. 7.3. Specific form of protection The reference to encryption is included as a reminder that such a method can be used to protect the data but that restrictions on encryption exist under certain national laws. If parties wish to agree to use such a method of encryption, appropriate authorizations or declarations should be arranged for by them, where required. 7.4. Personal data protection Personal data shall be subject to the regulation in force for the transmission of such data in the countries to or from where it is transmitted. Most Member States have adopted legislation relating to the protection of personal data, however the kind of protection often differs. The European Commission has submitted to the Council of Ministers a proposal for a directive in this field. When this proposal is adopted, this agreement should be amended accordingly in order to introduced the respect of the provisions of the Directive. In the meantime it seems appropriate to refer to the Convention of the Council of Europe for the cases where national laws are not providing any guidance. It is reasonable to provide that trading partners and EDI users in Europe, operating in a Member State who did not adopt legislation in this field, should apply the principles set out in this Convention. The Council of Europe is preparing a model contract, which has already been circulated, which aims at ensuring equivalent data protection in the context of transborder data flows. This might constitute a basis for solving issues which might fall outside the scope of the existing national laws (5). Article 8 Recording and storage of EDI messages 8.1. Storage procedure and time limits The requirements for storage of EDI messages have in some countries been set up by legislation, in most cases fiscal legislation. In those countries where no provisions has been made for EDI storage, analogy should be applied by reference to the paper requirements. The time of storage requirements is different from country to country (6) and may also vary according to the area and circumstances. For this reason, the parties should ensure that the time they will observe complies with their own national legislation. Some of the Tedis studies have have analysed these issues and may provide guidance; harmonization might prove necessary in this field (7). The Uncid code of conduct suggests a period of storage of three years. The same duration of storage has been adopted by the fiscal legislation of some countries. Such a period of time should be considered as a minimum requirement to store information in an accurate and secure way. This time period of three years is suggested as the time limit to consider by parties in the EDI Agreement, should there be no other legal requirement. If the national law's requirements are different or longer, compliance with the law should be respected. It must be stressed that most Member States' laws require a longer period of storage, most of the time 7 or 10 years and sometimes more. It must also be emphasized that such storage may need to be ensured for various purposes, including but not limited to, audit, accountancy, tax, evidence and other administrative or legal requirements. It is reasonable, as EDI is still in a growing phase and that a relevant business practice is not necessarily well established, to ensure a careful storage of the information. The EDI messages sent or received should, for the security of the transaction, be stored completely and in a chronological order, in a secure way and without alteration. More legal requirements in connection with the storage of the data may exist at national level and should be carefully followed (5). 8.2. Format of storage The data transferred using EDI shall be stored in the format in which it has been sent or in the format in which it has been received (i.e. a UN/Edifact format). This format has been provided as it is the only format of the data which can be considered as originally received and will constitute, if necessary, evidence of the EDI message as it has been sent or received, before any translation of the message has happened. If a digital signature has been applied to an EDI message, it will only be possible to verify it against the format in which the message has been sent. Ideally the data should also be stored in the format in which it is translated in the information system of the receiver or from the information system of the sender. This will, however, be a matter for decision of the parties. The readability of, and the possibility to print out the messages are criteria most required by national legislation and should be complied with. To ensure that readability is maintained, any material, software or any other operational equipment which may be required to access the data and read it, should be retained by the parties, even in the case where updating of systems have occurred. The parties may wish or need, in such cases, to keep the availability of such equipment without retaining it themselves. Such possibility should only be relied on after verification of national legislation requirements. Note that, in view of the constant updating of the UN/Edifact standards, it is of particular importance that, for the purposes of proof, the relevant UN/Edifact directories and software used should also be accessible in order to ensure readability and reproduction of the message if necessary. Article 9 Operational requirements for EDI 9.1. Operational environment The objective of this provision is to include in the Agreement the basic operational requirements required to operate EDI. The list of operational and technical elements which are mentioned in Article 9 is not exhaustive. The details regarding these operational requirements, where required, will be developed in the Technical Annex, in accordance with Article 10. 9.2. Operational equipment Although EDI is independent from the hardware, the software and the telecommunication means, the ability to exchange EDI messages requires information systems to be able to effectively receive, send and process EDI messages. Basic requirements in that respect include the efficient working of the equipment used for the transfer of messages, including hardware, appropriate software and software translation. 9.3. Method of communication Parties need to determine the method of transmission that they will use including, in particular, the telecommunications protocols and, where necessary, the choice of third party service providers, which might be used to provide a range of services. 9.4. EDI message standards EDI message standards are essential to EDI. UN/Edifact standards are international and European standards (ISO 9735/CEN 29735 - ISO 7372) and strong support for the UN/Edifact standards and recommendations has been expressed within the activities of the Tedis programme, in particular, within those relating to the Secretariat of the western European Edifact Board which is also an associated body of CEN (6). The United Nations Economic Commission for Europe issues the recommendations for the approved UN/Edifact standards, guidelines and directories and these recommendations should be followed to ensure the same level of use of EDI message standards world-wide. As mentioned above all the appropriate specifications required to exchange EDI messages need to be determined by the parties. Other standards are available. In the case where parties wish to use any of these other standards they have to reach an agreement on these and have to determine also all appropriate details and specifications. 9.5. Codes Code lists which are used for EDI are essential. In implementing UN/Edifact messages, the code lists maintained under UN/Edifact procedures are part of the technical specifications. However many other code lists may be referred to and used. Where possible the use of international standards or officially published code lists is recommended. These may not cover all the needs of the parties. In that case it is recommended, in order to promote efficiency, that preference should be given to the use of code lists which are published and maintained by known organizations, and which ensure the correspondence with other coding systems (for example statistical code lists). Article 10 Technical specifications and requirements The legal provisions are intended to deal mainly with matters relating to substantive legal issues. Basic principles and rules regarding the technical specifications are provided in the Agreement to ensure appropriate agreement and reference to them. The Technical Annex is the complement to the legal provisions in which the parties will have to determine all the technical requirements and specifications which are required in order to properly exchange EDI messages. Although is it not easy to provide a list of all the elements which need to be taken into account, as these will vary according to the needs of the parties, it can be emphasized that relevant specifications with regard to the following points need to be provided: - the specifications relating to the operational requirements (Article 9), including: - specifications required in relation to software and translation software for the purpose of EDI exchanges, - communication protocols and third party services, - UN/Edificat message standards and recommendations, including the list of messages and their references, - the conditional elements where needed, - the messages design guidelines, - the implementation guidelines, - the directories - the code lists, - the reference to the documentation, - the versions and updates. The parties should agree, in the Technical Annex, the method that they will use to implement updated versions of messages, rules, guide-lines and directories, - the specifications required for the processing and acknowledgement of EDI messages, - the specifications relating to security means for EDI messages, - the specifications relating to recording and storage, - the time limits. Time limits may be of critical importance in EDI, in particular when EDI is combined with other techniques such as JIT (Just-in-Time). Some time limits have been inserted in the Model EDI Agreement but may require adjustments according to the needs. Other time limits have to be determined by the parties, - the tests and trial procedures. Technical experts have made it clear that it may prove not only useful, but also sometimes necessary, to run tests to ensure the proper working of the systems and telecommunications. Practice shows that such tests are, in fact, usually conducted by parties commencing use of EDI and this generally happens in two steps. Firstly EDI messages are exchanged in parallel with the paper documents and secondly, when this test is satisfactory, EDI messages are exchanged without paper support. It may also be necessary to conduct further tests from time to time, for example after changes to the system have been implemented. Article 11 Liability 11.1. Exclusion of liability Special, indirect or consequential damages liability in connection with the Agreement have been excluded (5). 11.2. Force majeure An exception to liability is made in the case of what is commonly known as 'force majeure'. The concept of force majeure included in this Article is in line with the concept developed by the United Nations Convention on Contracts for the International Sale of Goods or Vienna Convention of 11 April 1980, and, in the absence of uniform national law on this point, provides a definition which the parties may expand, if they wish, by citing various situations in which liability may be exempted. 11.3. Intermediaries' liability Liability for the actions of a third party is included in many agreements and generally accepted since often the third party will effectively be acting as an agent of the user. Moreover, it is the party who will use the service of a third party provider and who has the contractual relationship with the service provider who will be in the best position to sue the service provider in the case where its liability could be engaged. 11.4. It should be noted that a difference exists between paragraphs 9.2 and 9.3. Where one party imposes the use of a particular intermediary on the other, it seems fair that the party who imposes such use should be responsible for damages which result from using that intermediary instead of the one who has to make use of it. Parties should be careful to ensure that adequate insurance covers any possible risk resulting from a message sent, bearing in mind the value of the transactions to be effected by EDI. Article 12 Dispute resolution Two alternative provisions have been provided in the Model EDI Agreement in order to allow parties for their best choice. The first alternative provides a clause on arbitration, if the parties decide to resolve their dispute by this way. The second alternative proposed provides a jurisdiction clause, where the choice of a jurisdiction is to be agreed in the case where the parties decide that dispute will be referred to Court. It should perhaps be emphasized that because of the relationships that EDI creates between users there is a great potential for dispute to be resolved by negotiation. It is only when such negotiation will fail that the provisions on dispute resolution will become effective and useful. Alternative 1: Arbitration clause Parties may wish to decide to resolve their dispute by way of arbitration. Arbitration may prove a practical procedure to resolve a dispute involving parties of different countries. It offers the advantage of the choice of arbitrator(s) or of the appointing authority and of a more speedy procedure although this is not always the rule. It can be attractive for the confidentiality of the procedure, which is sometimes favoured by parties. The arbitration award is in principle final although appeal is possible. Many countries still require a written and clear statement on arbitration when this is the choice of dispute resolution and parties are therefore advised to include such clause in this Agreement. The parties need to define how the arbitrator will be nominated. A choice can be made between one or three person(s) nominated by agreement or in case of failure of an agreement on the arbitrator(s), an appointing authority can proceed to the nomination. The parties should therefore indicate which will be the appointing authority. They are national authorities, such as chamber of commerce appointed arbitration chamber, and international ones such as the ICC, Uncitral or the London Court of International Arbitration, as examples. The rules of procedure relating to the arbitration should be determined as well. In an international context these may be the Uncitral Arbitration Rules, the ICC Court of Arbitration Rules, the London Court of International Arbitration Rules, the Economic Commission for Europe's Arbitration Rules (5) or it can be a national legal system applicable to the arbitration. Alternative 2: Jurisdiction clause In the case where the parties intend to have their litigation solved by a court, the second alternative provision provides for the parties to choose the competent court and stipulate it in their agreement. In the case where the parties do not make such a choice, the competent court shall be determined by reference to the Convention on jursidiction and the enforcement of judgments in civil and commercial matters (6). Article 13 Applicable law The security of the EDI relationships will be enhanced by an unequivocal specification of the applicable law. As to the law applicable to the Agreement, which is essential, giving consideration to the fact that EDI users may deal with many countries, they are advised to indicate clearly their choice of law. In the absence of a stated choice, the Agreement will fall back on the provisions of the Convention on the law applicable to contractual obligations (7), but this may lead to uncertainty regarding the governing law of the contract as the law will be decided at the time of dispute by determining the law with which the contract is most closely connected. This will be determined by looking at the country where the party who is to effect the performance which is characteristic of the contract has, at the time of conclusion of the contract, his habitual residence or in the case of a company its central administration. If the contract is, however, entered into in the course of that party's trade or profession, that country will generally be the country where the place of business is situated. Certain exceptions exist to this rule and are listed in Article 4 of the Convention. Article 14 Effects, term and severability 14.1. Effect This Article states that the Agreement does not come into effect until it is signed by the parties. 14.2. Modifications As the Agreement, subject of this recommendation is a model agreement, it is a fundamental characteristic of it, that terms of the Agreement can be amended by consent of the parties involved. To ensure the necessary stability and coherence of the legal provisions, any modification, addition or alternative provisions to the legal provisions shall only be made in the same manner as the Agreement is adopted by the parties, namely by embodying them in a written and signed form. 14.3. Term The period of one month proposed in this Article regarding termination notice may be extended by the parties. It is not advised to reduce it as it is considered as a minimum. Paragraph 14.3 provides that some rights and obligations relating to the contract are of fundamental importance and shall be respected even following termination of the contract. 14.4. Severability The final paragraph has been inserted to avoid one party terminating the Agreement simply because one clause has become invalid and it is also intended to prevent parties from terminating an agreement to avoid certain obligations. (1) Modifications might prove necessary in cases where an inconsistency with a national law occurs, which cannot be completely excluded. (2) Introduction to UN/Edifact, UN/Edifact Rapporteurs' Team, April 1991. (3) Formation of EDI contract. Report prepared by the CRID for the European Commission, 1991. (4) The Security Group working under the auspices of Joint Rapporteurs Team - JRT or western European Edifact Board - WEEB is working on the preparation of recommendations in this area. (5) Council of Europe, Model contract to ensure equivalent data protection in the context of transborder data flows, 14 September 1992, T-PD (92) 7. (6) See Wilde Sapte, Report on authentication, storage and use of codes in EDI messages, Report for the European Commission, 1993. This report will be published in 1994. (7) Wilde Sapte, idem. Ciredit and IT Law Group, Report on the legal constraints and inadequacies relating to the use of EDI in the field of accounting in the Member States, November 1992 (available in English) and in the EFTA countries, December 1993 (available in English in 1994). (8) Ciredit and IT Law Group, idem. (9) CEN, Comité européen de normalisation. (10) For more details see 'The liability of EDI networks operators', Report prepared by CRID for the European Commission, 1991. (11) For more details see notably Schmitthoff, The Law and Practice of International Trade, Stevens, 1986, pp. 574 to 629. (12) Convention 72/454/EEC (OJ No L 299, 31. 12. 1972, p. 32). (13) Rome Convention 80/934/EEC, 19 June 1980 (OJ No L 266, 9. 10. 1980, p. 1). ANNEX 3 EUROPEAN MODEL EDI AGREEMENT LEGAL PROVISIONS 1. List of Articles of the legal provisions of the European Model EDI Agreement which provides for completion by the parties The following list includes the items reflected in the legal provisions that allows for completion of modification by the parties within the EDI Agreement, legal provisions. 1. Time limits Time limits are referred to in the following paragraphs 5.3, 6.3, 8 and 14.3. These time limits can be modified in the legal provisions if needed. 2. Arbitration and jurisdiction clause, applicable law Article 12 contains two alternatives on which a choice has to be made. Both alternatives require completion by the parties. Article 13 requires the completion of the choice of law. 2. List of Articles of the European Model EDI Agreement which provides for specifications to be developed in the Technical Annex. The following list includes the items reflected in the legal provisions that require specifications to be developed in the Technical Annex by the parties. This list is not exhaustive and can be completed by other specifications. 1. Time limits Time limits which need to be specified in the Technical Annex are referred to in the following paragraphs: 5.1 and 5.4. 2. Acknowledgement of receipt EDI messages to be acknowledged By reference to paragraph 5.2, the EDI messages which need to be always acknowledged without specific request will be specified. Specific conditions Any specific conditions regarding acknowledgement of receipt will be specified. Alternative recovery procedure The alternative recovery procedure referred to in paragraph 5.4 will be specified if it is decided to use any. 3. Security procedures and measures The security procedures and measures to fulfil the requirements set forth in Article 6 will be specified. These procedures and measures are relating to: - unauthorized access, alternation, delay, destruction, loss, - verification of origin, - verification of integrity, - non-repudiation of origin/receipt, - confidentiality. 4. Confidential information EDI messages which will contain confidential information can be listed where possible. Authorization for disclosure can be specified where required. Method of encryption, where available or in use, can be specified. 5. Recording and storage Any specifications necessary for the recording and storage of EDI messages will be included. 6. Operational requirements and technical specifications All necessary specifications regarding the following technical requirements will be developed: - equipment, - software, - services, - communication services, - communication protocols, - message standards, directories, versions, syntax, type of messages, segments, data elements, - codes, - procedure for tests and trials, - availability, 7. Modifications Any modifications made to the legal provisions need to be specified and agreed in the form provided by Article 14.