Subject to Legal Review in English, Spanish and French for Accuracy, Clarity and Consistency Subject to Authentication of English, Spanish and French Versions CHAPTER 14 ELECTRONIC COMMERCE Article 14.1: Definitions For the purposes of this Chapter: computing facilities means computer servers and storage devices for processing or storing information for commercial use; covered person1 means: (a) a covered investment as defined in Article 9.1 (Definitions); (b) an investor of a Party as defined in Article 9.1 (Definitions),but does not include an investor in a financial institution; or (c) a service supplier of a Party as defined in Article 10.1 (Definitions), but does not include a “financial institution” or a “cross-border financial service supplier of a Party” as defined in Article 11.1 (Definitions); digital product means a computer programme, text, video, image, sound recording or other product that is digitally encoded, produced for commercial sale or distribution, and that can be transmitted electronically;2, 3 electronic authentication means the process or act of verifying the identity of a party to an electronic communication or transaction and ensuring the integrity of an electronic communication; electronic transmission or transmitted electronically means a transmission made using any electromagnetic means, including by photonic means; personal information means any information, including data, about an identified or identifiable natural person; 1 For Australia, a covered person does not include a credit reporting body. 2 For greater certainty, digital product does not include a digitised representation of a financial instrument, including money. 3 The definition of digital product should not be understood to reflect a Party's view on whether trade in digital products through electronic transmission should be categorised as trade in services or trade in goods. 14-1 Subject to Legal Review in English, Spanish and French for Accuracy, Clarity and Consistency Subject to Authentication of English, Spanish and French Versions trade administration documents means forms issued or controlled by a Party that must be completed by or for an importer or exporter in connection with the import or export of goods; and unsolicited commercial electronic message means an electronic message which is sent for commercial or marketing purposes to an electronic address, without the consent of the recipient or despite the explicit rejection of the recipient, through an Internet access service supplier or, to the extent provided for under the laws and regulations of each Party, other telecommunications service. Article 14.2: Scope and General Provisions 1. The Parties recognise the economic growth and opportunities provided by electronic commerce and the importance of frameworks that promote consumer confidence in electronic commerce and of avoiding unnecessary barriers to its use and development. 2. This Chapter shall apply to measures adopted or maintained by a Party that affect trade by electronic means. 3. This Chapter shall not apply to: (a) government procurement; or (b) information held or processed by or on behalf of a Party, or measures related to such information, including measures related to its collection. 4. For greater certainty, measures affecting the supply of a service delivered or performed electronically are subject to the obligations contained in the relevant provisions of Chapter 9 (Investment), Chapter 10 (Cross-Border Trade in Services) and Chapter 11 (Financial Services), including any exceptions or non-conforming measures set out in this Agreement that are applicable to those obligations. 5. For greater certainty, the obligations contained in Article 14.4 (Non-Discriminatory Treatment of Digital Products), Article 14.11 (Cross-Border Transfer of Information by Electronic Means), Article 14.13 (Location of Computing Facilities) and Article 14.17 (Source Code) are: (a) subject to the relevant provisions, exceptions and non-conforming measures of Chapter 9 (Investment), Chapter 10 (Cross-Border Trade in Services) and Chapter 11 (Financial Services); and (b) to be read in conjunction with any other relevant provisions in this Agreement. 14-2 Subject to Legal Review in English, Spanish and French for Accuracy, Clarity and Consistency Subject to Authentication of English, Spanish and French Versions 5. The obligations contained in Article 14.4 (Non-Discriminatory Treatment of Digital Products), Article 14.11 (Cross-Border Transfer of Information by Electronic Means) and Article 14.13 (Location of Computing Facilities) shall not apply to the non-conforming aspects of measures adopted or maintained in accordance with Article 9.11 (Non-Conforming Measures), Article 10.7 (Non-Conforming Measures) or Article 11.10 (Non-Conforming Measures). Article 14.3: Customs Duties 1. No Party shall impose customs duties on electronic transmissions, including content transmitted electronically, between a person of one Party and a person of another Party. 2. For greater certainty, paragraph 1 shall not preclude a Party from imposing internal taxes, fees or other charges on content transmitted electronically, provided that such taxes, fees or charges are imposed in a manner consistent with this Agreement. Article 14.4: Non-Discriminatory Treatment of Digital Products 1. No Party shall accord less favourable treatment to digital products created, produced, published, contracted for, commissioned or first made available on commercial terms in the territory of another Party, or to digital products of which the author, performer, producer, developer or owner is a person of another Party, than it accords to other like digital products.4 2. Paragraph 1 shall not apply to the extent of any inconsistency with the rights and obligations in Chapter 18 (Intellectual Property). 3. The Parties understand that this Article does not apply to subsidies or grants provided by a Party including government-supported loans, guarantees and insurance. 4. This Article shall not apply to broadcasting. Article 14.5: Domestic Electronic Transactions Framework 1. Each Party shall maintain a legal framework governing electronic transactions consistent with the principles of the UNCITRAL Model Law on Electronic Commerce 1996 or the United Nations Convention on the Use of Electronic Communications in International Contracts, done at New York November 23, 2005. 2. Each Party shall endeavour to: 4 For greater certainty, to the extent that a digital product of a non-Party is a “like digital product”, it will qualify as an “other like digital product” for the purposes of Article 14.4.1. 14-3 Subject to Legal Review in English, Spanish and French for Accuracy, Clarity and Consistency Subject to Authentication of English, Spanish and French Versions (a) avoid any unnecessary regulatory burden on electronic transactions; and (b) facilitate input by interested persons in the development of its legal framework for electronic transactions. Article14.6: ElectronicAuthenticationandElectronicSignatures 1. Except in circumstances otherwise provided for under its law, a Party shall not deny the legal validity of a signature solely on the basis that the signature is in electronic form. 2. No Party shall adopt or maintain measures for electronic authentication that would: (a) prohibit parties to an electronic transaction from mutually determining the appropriate authentication methods for that transaction; or (b) prevent parties to an electronic transaction from having the opportunity to establish before judicial or administrative authorities that their transaction complies with any legal requirements with respect to authentication. 3. Notwithstanding paragraph 2, a Party may require that, for a particular category of transactions, the method of authentication meets certain performance standards or is certified by an authority accredited in accordance with its law. 4. The Parties shall encourage the use of interoperable electronic authentication. Article 14.7: Online Consumer Protection 1. The Parties recognise the importance of adopting and maintaining transparent and effective measures to protect consumers from fraudulent and deceptive commercial activities as referred to in Article 16.7.2 (Consumer Protection) when they engage in electronic commerce. 2. Each Party shall adopt or maintain consumer protection laws to proscribe fraudulent and deceptive commercial activities that cause harm or potential harm to consumers engaged in online commercial activities. 3. The Parties recognise the importance of cooperation between their respective national consumer protection agencies or other relevant bodies on activities related to cross-border electronic commerce in order to enhance consumer welfare. To this end, the Parties affirm that the cooperation sought under Article 16.7.5 and Article 16.7.6 (Consumer Protection) includes cooperation with respect to online commercial activities. 14-4 Subject to Legal Review in English, Spanish and French for Accuracy, Clarity and Consistency Subject to Authentication of English, Spanish and French Versions Article 14.8: Personal Information Protection5 1. The Parties recognise the economic and social benefits of protecting the personal information of users of electronic commerce and the contribution that this makes to enhancing consumer confidence in electronic commerce. 2. To this end, each Party shall adopt or maintain a legal framework that provides for the protection of the personal information of the users of electronic commerce. In the development of its legal framework for the protection of personal information, each Party should take into account principles and guidelines of relevant international bodies.6 3. Each Party shall endeavour to adopt non-discriminatory practices in protecting users of electronic commerce from personal information protection violations occurring within its jurisdiction. 4. Each Party should publish information on the personal information protections it provides to users of electronic commerce, including how:
(a) individuals can pursue remedies; and (b) business can comply with any legal requirements. 5. Recognising that the Parties may take different legal approaches to protecting personal information, each Party should encourage the development of mechanisms to promote compatibility between these different regimes. These mechanisms may include the recognition of regulatory outcomes, whether accorded autonomously or by mutual arrangement, or broader international frameworks. To this end, the Parties shall endeavour to exchange information on any such mechanisms applied in their jurisdictions and explore ways to extend these or other suitable arrangements to promote compatibility between them. Article 14.9: Paperless Trading Each Party shall endeavour to: (a) make trade administration documents available to the public in electronic form; and 5 Brunei Darussalam and Viet Nam are not required to apply this Article before the date on which that Party implements its legal framework that provides for the protection of personal data of the users of electronic commerce. 6 For greater certainty, a Party may comply with the obligation in this paragraph by adopting or maintaining measures such as a comprehensive privacy, personal information or personal data protection laws, sector-specific laws covering privacy, or laws that provide for the enforcement of voluntary undertakings by enterprises relating to privacy. 14-5 Subject to Legal Review in English, Spanish and French for Accuracy, Clarity and Consistency Subject to Authentication of English, Spanish and French Versions (b) accept trade administration documents submitted electronically as the legal equivalent of the paper version of those documents. Article 14.10: Principles on Access to and Use of the Internet for Electronic Commerce Subject to applicable policies, laws and regulations, the Parties recognise the benefits of consumers in their territories having the ability to: (a) access and use services and applications of a consumer's choice available on the Internet, subject to reasonable network management7; (b) connect the end-user devices of a consumer's choice to the Internet, provided that such devices do not harm the network; and (c) access information on the network management practices of a consumer's Internet access service supplier. Article 14.11: Cross-Border Transfer of Information by Electronic Means 1. The Parties recognise that each Party may have its own regulatory requirements concerning the transfer of information by electronic means. 2. Each Party shall allow the cross-border transfer of information by electronic means, including personal information, when this activity is for the conduct of the business of a covered person. 3. Nothing in this Article shall prevent a Party from adopting or maintaining measures inconsistent with paragraph 2 to achieve a legitimate public policy objective, provided that the measure: (a) is not applied in a manner which would constitute a means of arbitrary or unjustifiable discrimination or a disguised restriction on trade; and (b) does not impose restrictions on transfers of information greater than are required to achieve the objective. Article 14.12: Internet Interconnection Charge Sharing The Parties recognise that a supplier seeking international Internet connection should be 7 The Parties recognise that an Internet access service supplier that offers its subscribers certain content on an exclusive basis would not be acting contrary to this principle. 14-6 Subject to Legal Review in English, Spanish and French for Accuracy, Clarity and Consistency Subject to Authentication of English, Spanish and French Versions able to negotiate with suppliers of another Party on a commercial basis. These negotiations may include negotiations regarding compensation for the establishment, operation and maintenance of facilities of the respective suppliers. Article 14.13: Location of Computing Facilities 1. The Parties recognise that each Party may have its own regulatory requirements regarding the use of computing facilities, including requirements that seek to ensure the security and confidentiality of communications. 2. No Party shall require a covered person to use or locate computing facilities in that Party's territory as a condition for conducting business in that territory. 3. Nothing in this Article shall prevent a Party from adopting or maintaining measures inconsistent with paragraph 2 to achieve a legitimate public policy objective, provided that the measure: (a) is not applied in a manner which would constitute a means of arbitrary or unjustifiable discrimination or a disguised restriction on trade; and (b) does not impose restrictions on the use or location of computing facilities greater than are required to achieve the objective. Article 14.14: Unsolicited Commercial Electronic Messages8 1. Each Party shall adopt or maintain measures regarding unsolicited commercial electronic messages that: (a) require suppliers of unsolicited commercial electronic messages to facilitate the ability of recipients to prevent ongoing reception of those messages; (b) require the consent, as specified according to the laws and regulations of each Party, of recipients to receive commercial electronic messages; or (c) otherwise provide for the minimisation of unsolicited commercial electronic messages. 8 Brunei Darussalam is not required to apply this Article before the date on which it implements its legal framework regarding unsolicited commercial electronic messages. 14-7 Subject to Legal Review in English, Spanish and French for Accuracy, Clarity and Consistency Subject to Authentication of English, Spanish and French Versions 2. Each Party shall provide recourse against suppliers of unsolicited commercial electronic messages that do not comply with the measures adopted or maintained pursuant to paragraph 1. 3. The Parties shall endeavour to cooperate in appropriate cases of mutual concern regarding the regulation of unsolicited commercial electronic messages. Article 14.15: Cooperation Recognising the global nature of electronic commerce, the Parties shall endeavour to: (a) work together to a**ist SMEs to overcome obstacles to its use; (b) exchange information and share experiences on regulations, policies, enforcement and compliance regarding electronic commerce, including: (i) personal information protection; (ii) online consumer protection including means for consumer redress and building consumer confidence; (iii) unsolicited commercial electronic messages; (iv) security in electronic communications; (v) authentication; and (vi) e-government; (c) exchange information and share views on consumer access to products and services offered online among the Parties; (d) participate actively in regional and multilateral fora to promote the development of electronic commerce; and (e) encourage development by the private sector of methods of self-regulation that foster electronic commerce, including codes of conduct, model contracts, guidelines and enforcement mechanisms. Article 14.16: Cooperation on Cybersecurity Matters The Parties recognise the importance of: (a) building the capabilities of their national entities responsible for computer 14-8 (b) Subject to Legal Review in English, Spanish and French for Accuracy, Clarity and Consistency Subject to Authentication of English, Spanish and French Versions security incident response; and using existing collaboration mechanisms to cooperate to identify and mitigate malicious intrusions or dissemination of malicious code that affect the electronic networks of the Parties. Article 14.17: Source Code 1. No Party shall require the transfer of, or access to, source code of software owned by a person of another Party, as a condition for the import, distribution, sale or use of such software, or of products containing such software, in its territory. 2. For the purposes of this Article, software subject to paragraph 1 is limited to ma**-market software or products containing such software and does not include software used for critical infrastructure. 3. Nothing in this Article shall preclude: (a) the inclusion or implementation of terms and conditions related to the provision of source code in commercially negotiated contracts; or (b) a Party from requiring the modification of source code of software necessary for that software to comply with laws or regulations which are not inconsistent with this Agreement. 4. applications or granted patents, including any orders made by a judicial authority in relation to patent disputes, subject to safeguards against unauthorised disclosure under the law or practice of a Party. This Article shall not be construed to affect requirements that relate to patent Article 14.18: Dispute Settlement 1. With respect to existing measures, Malaysia shall not be subject to dispute settlement under Chapter 28 (Dispute Settlement) regarding its obligations under Article 14.4 (Non- Discriminatory Treatment of Digital Products) and Article 14.11 (Cross-Border Transfer of Information by Electronic Means) for a period of two years after the date of entry into force of this Agreement for Malaysia. 2. With respect to existing measures, Viet Nam shall not be subject to dispute settlement under Chapter 28 (Dispute Settlement) regarding its obligations under Article 14.4 (Non- Discriminatory Treatment of Digital Products), Article 14.11 (Cross-Border Transfer of Information by Electronic Means) and Article 14.13 (Location of Computing Facilities) for a period of two years after the date of entry into force of this Agreement for Viet Nam. 14-9 Subject to Legal Review in English, Spanish and French for Accuracy, Clarity and Consistency Subject to Authentication of English, Spanish and French Versions 14-10