Sean Ryan, a Partner in Eversheds Sutherland Corporate and Commercial Department and Chair of its designated Brexit Unit, outlines key legal issues for companies to consider
The uncertainty surrounding Brexit means that companies will need to consider the impact of Brexit (good or bad) on their business including any specific potential impact on their current business model and strategy.
While the future shape of the UK’s trading relationship with the EU is unclear, contingency planning involving contract reviews should start immediately, with a view to identifying and managing risk. Key issues to consider, within a general trading context, include reviewing strategic contracts in place where there is a dependence on UK trade, where pricing mechanisms are in place that assume no tariffs, quotas or other barriers and reviewing contractual terms that should perhaps be varied because of Brexit circumstances.
The changed commercial landscape may also cause some contracting entities to look for ways to exit from contracts that are no longer profitable. Any right of termination depends on the wording of the contract and general provisions, such as force majeure clauses, are unlikely to be triggered by any stages of the Brexit process. The above points should also be considered for any future tender or evaluation process for new arrangements.
The British Government has made it clear that it intends to control immigration and impose UK controls over EU citizens wishing to come and work in the UK. Companies should prepare for new barriers to the free movement of people. EU citizens currently residing in the UK must apply for the EU Settlement Scheme to retain their right to live and work in the UK. EU citizens will no longer enjoy an automatic right to travel to and work in the UK and are likely to face greater bureaucracy and visa applications in recruitment. The Withdrawal Agreement guarantees the rights of UK citizens living and working in EU member states up until the end of the transition period, after this time UK citizens will need to apply for permenant residence in their respective host country.
Employers should bear Brexit in mind when agreeing terms for recruitment or cross-border secondments of employees and should also audit the extent and immigration status of their migrant workforces when formulating a contingency plan post Brexit.
After the transition period ends, EU competition laws (which incorporate three main areas: merger control, anti-competitive agreements and State aid) will cease to be applicable in the UK. The UK will have its own competition laws which Irish companies carrying on business in the UK will need to comply with (independent of EU competition law). This could add a burden and cost for businesses and necessitate longer time frames for UK merger control clearance.
Probably of most significance, the law on State aid will no longer be applicable in the UK, which would increase the ability of the UK Government to support UK businesses financially to the detriment of competing Irish / EU businesses. Equally, however, the UK would have limited ability to challenge State aid granted to Irish / EU companies that affect the UK market. The UK-EU negotiations could result in some kind of ‘sui generis’ regime that could be in-between the full application of EU laws and the World Trade Organisation state aid regime, which is much narrower in scope.
The European General Data Protection Regulation (GDPR) was implemented in May 2018. As an EU Regulation, the GDPR will be directly effective on all EU Member States (including the UK), however, the GDPR will no longer apply to the UK after the transition period ends.
After this time, personal data transfers to the UK, even intra-group transfers, will be subject to the same restrictions as any other non-EEA countries (e.g. US) and will need to meet the ‘adequate safeguard’ standard required for those data transfers to be lawful. Companies should identify: which systems and servers are located in the UK; which entities and operations transfer personal data to the UK; and where UK operations access personal data held elsewhere in the EEA. Many transfers outside the EEA currently rely on alternative mechanisms to implement the ‘adequate safeguard’ standard such as model contracts and binding corporate rules. However, these mechanisms may not be suitable in the long-term given the level of trade and data transfers that take place between the UK and Ireland. In this regard, the UK may seek to agree with the EU other alternatives (e.g. for the EU to recognise the UK’s data protection regime as providing an adequate level of data protection). In addition, the UK will be free to implement its own data protection legal framework going forward and may not be bound by the same rules imposed on EU Member States. Current UK Government announcements indicate a preference to retain a similar regime to the GDPR, however that remains to be seen. Given the importance of data in the global economy, the potential impact of Brexit cannot be underestimated.
In summary, Irish companies that have a dependence on UK trade should now begin a review of their operations with a view to identifying areas of their business most likely to be affected by the UK leaving the EU and managing risk accordingly.