On 20 September 2023 the Electronic Trade Documents Act (ETDA) came into force. Formerly, in English law, document possession usually required physical possession. Now, the ETDA allows for “electronic trade documents” to be treated as equivalent to traditional “paper trade documents”, if they meet certain “gateway” criteria underpinned by a “reliable system”. In this article, we consider how the English courts are likely to approach interpretating this reliability requirement. Would any flaw in the system, no matter how short-lived and abnormal, render it unreliable? Or would a more detailed systemic analysis be needed? If so, what would that look like?
Key Points
- Electronic trade documents (ETD) gateway: (i) identifiability; (ii) protection from alteration; (iii) exclusivity of control; (iv) demonstrability of control; (v) divestibility; (vi) reliability of system.
- Guidance on reliability: (i) system rules; (ii) measures securing integrity of information; (iii) measures preventing unauthorised access and use; (iv) security of hardware and software; (v) regularity and extent of audits; (vi) supervisory body assessment; (vii) industry standards.
- Does any failure to meet the gateway criteria, no matter how brief or aberrant, render the system unreliable? This will ultimately be a matter for the courts, but this is unlikely as an over-zealous approach to disqualifying ETD could undermine the purpose of the Electronic Trade Documents Act.
THE ELECTRONIC TRADE DOCUMENTS ACT 2023: MAKING POSSESSION OF AN “ELECTRONIC TRADE DOCUMENT” EASIER?
Before the Electronic Trade Documents Act (ETDA) came into force on 20 September 2023, document possession as a matter of English law generally depended upon whether the document in question was capable of being physically possessed.[1] Although several systems already existed that enabled “electronic trade documents” (ETDs) to be “possessed”, this was simulated via contractual means rather than by operation of common law or statute.[2] Now the ETDA has been introduced, will it meet its aim of revolutionising the way ETDs are recognised for use in trade and trade finance?
Documents which were only recognised if they were in paper/physical form, so-called “paper trade documents” (PTDs), are listed in s 1 of the ETDA. These comprise documents used “in connection with” either “trade in or transport of goods” (s 1(1)(b)(i)) – eg bills of lading, or “financing such trade or transport” (s 1(1)(b)(ii)) – eg bills of exchange, where possession is “required as a matter of law or commercial custom, usage or practice for a person to claim performance of an obligation” (s 1(1)(c)). ETDs containing the same information as PTDs will now be recognised as being capable of possession in law (s 3(1)), provided they fulfil certain “gateway” criteria, which are designed “to ensure that the document in electronic form has certain features or functionality to replicate the features of a paper trade document” (Explanatory note, Commentary on Provisions of the Act, [34]). These criteria are set out in s 2(2). This states that information, together with any other information with which it is logically associated that is also in electronic form, can only constitute an ETD for the purposes of the Act if:
“a reliable system is used to –
(a) identify the document so that it can be distinguished from any copies,
(b) protect the document against unauthorised alteration,
(c) secure that it is not possible for more than one person to exercise control of the document at any one time,
(d) allow any person who is able to exercise control of the document to demonstrate that the person is able to do so, and
(e) secure that a transfer of the document has effect to deprive any person who is able to exercise control of the document immediately before the transfer of the ability to do so (unless the person is able to exercise control by virtue of being transferee).”
This raises the question of what “reliable” means and how this is to be assessed. Is this a legal or a factual question, or a mixed question of fact and law? Does any failure to ensure that one of the gateway criteria is met mean that a system is unreliable? If not, what is the threshold?
RELIABILITY UNDER THE ETDA
Under s 2(5), the following factors “may be taken into account” in assessing reliability of the system:
a) any rules of the system that apply to its operation;
(b) any measures taken to secure the integrity of information held on the system;
(c) any measures taken to prevent unauthorised access to and use of the system;
(d) the security of the hardware and software used by the system;
(e) the regularity of and extent of any audit of the system by an independent body;
(f) any assessment of the reliability of the system made by a body with supervisory or regulatory functions;
(g) the provisions of any voluntary scheme or industry standard that apply in relation to the system.
These provisions, based loosely on Art 12 of the UNCITRAL Model Law on Electronic Transferable Records, do not “prescribe or endorse any particular type of technology” but are merely “a non-exhaustive list” of guidance.[3] This imports considerable flexibility when assessing system reliability in any particular case. Assessing the likely approach that will be adopted by a court or tribunal is inherently speculative as at the date of this article, as the section remains untested and there is no direct antecedent in legislation.
The Law Commission has framed the definition of “reliable” as equivalent to that applicable to the admissibility and evaluation of electronic records in disputes.[4] This only provides limited guidance. First, in the absence of contrary evidence, there is a common law presumption that “machines” are in good working order,[5] meaning there is rarely a need to prove reliability. Indeed, the approach of the courts to this issue has been described as “lax”, with the courts erring towards treating systems as reliable even where the issue is raised.[6] Conversely, where the courts do engage in a detailed investigation of a system’s reliability,[7] the analysis is often intricate and fact-sensitive, meaning it can be difficult to extrapolate widely applicable points of principle.
Nonetheless, the provisions of the Act coupled with consideration of the above matters, do provide some pointers. Each of the s 2(2) criteria and the s 2(5) factors concern matters of fact, and it is likely that the assessment of reliability will primarily be a factual one with each case decided on its own merits, with the courts being unlikely to formulate overly prescriptive precedents extending beyond the facts of the case before them. The factual analysis will evidently be highly technical, meaning expert evidence will typically be required. Further, the s 2(5) factors are guidance only, and their relative importance will likely vary between cases depending on the nature of the system and the nature of any alleged flaw, as well as the nature and strength of the evidence available in respect of the relevant factors. We also consider it unlikely that the Act reverses the burden of proof, meaning it will still be for a party alleging unreliability to prove its case.
We note that efforts to reform or scrap the presumption of machine/computer reliability have been provoked by the fall-out of the Post Office/Horizon scandal, and it is yet to be seen whether any eventual reform would apply to civil as well as criminal cases.[8] Existing systems and industry standards also provide guidance on the type of measures that are used to ensure reliability and how s 2(5)(g) may be applied in practice. Of particular note are the systems that have been approved by the International Group of P&I Clubs.[9] Many of these systems are based on blockchain or “distributed ledger technology”, enabling real-time, encrypted transfers of electronic bills of lading (e-bills), and other trade documents on a decentralised database. As they are encrypted and blockchain has in-built anti-tampering features, meaning that it is (currently) effectively impossible to hack, these systems provide a level of security for ensuring that e-bills and other ETDs can be exclusively controlled and divested securely. IG approval potentially qualifies as an “industry standard” under s 2(5)(g). Such systems may therefore, in principle, fulfil the requirements of s 2(2) and s 2(5).
TEMPORARY ISSUES WITH OTHERWISE RELIABLE SYSTEMS
Assume that your system is prima facie reliable. It meets industry standards, has in-built anti-tampering features, and is well-supervised by its administrators and an independent body. It reliably ensures that putative ETDs meet the s 2(2) requirements. However, a temporary issue arises meaning that in a particular case the system fails to meet one or more of the gateway criteria. Is it still “reliable”? Was it always prone to latent unreliability? Can the system become reliable again and if so, how?
It is important to be precise about the type of scenario we are envisaging. Issues could arise that have nothing to do with the system at all. For comparison, consider common blockchain-based crypto-currency issues. You can only transfer the contents of a wallet if you have the “private key” (unique data allowing you to create digital signatures to approve a transaction). However, common frauds involve deceiving wallet holders into providing their private key to fraudsters. This does not mean that blockchain or the crypto currency are “unreliable”. The same risk, and the same kind of fraud, exists in any system that relies on verifying credentials. No matter how strong the security of the system is, people are fallible. This is true of the most analogue of “systems”: no matter how strong and effective a lock you have, there is always a risk of your key falling into the wrong hands.
In the context of ETDs, human failings on the part of system administrators could undermine reliability. However, where human failings are merely caused by users, then they are unlikely to render the system unreliable. Consider the following situation. A shipper transfers an e-bill to a receiver on a prima facie reliable blockchain-based system which requires the use of a private key to approve transactions. The e-bills on this system meet the requirements of s 2(2). However, the receiver is deceived by fraudsters into revealing the private key. The fraudsters then transfer the bill to themselves and intercept the goods. Does this mean the system itself is unreliable? Or is there just a potential dispute over misdelivery? In our view, it is likely to be the latter.
But what about where there is indeed an issue, however temporary or unusual, with an otherwise reliable system? Assume, for the sake of argument, that all the s 2(5) factors point to the system being reliable, and the issue is an aberrant one-off that does not reflect any underlying systemic problem. Nonetheless, it results in at least one s 2(2) requirement being compromised. A human failing could occur on the administrative side, despite the administrator properly training, vetting, and overseeing its employees and agents. A sophisticated virus could surmount state-of-the-art security provisions and, on a one-off basis, produce indistinguishable copies of information on an otherwise reliable system. The information was and would otherwise be an ETD. Does it stop being so the moment that copies are created? Can it become an ETD again?
On the one hand, the language of the Act suggests that information that fails to meet the s 2 criteria will not constitute an ETD, suggesting that whenever and for however long a system fails to ensure that every element of s 2(2) applies, information would cease to be an ETD. However, this interpretation could have severe and commercially unfriendly implications. Even where parties were using the most reliable systems available, they could face an ever-present risk that the ETDs they were dealing with could suddenly, without warning, stop being ETDs (and could become ETDs again at a difficult-to-pinpoint future time). This is a recipe for uncertainty and chaos.
The reform effort leading to the ETDA aimed “to remove the legal blocker to the possession of electronic documents”.[10] Accordingly, the main purpose of the ETDA is expressed by s 3 as follows: to allow ETDs to have the same effect as equivalent PTDs. The provisions of s 2 are means to this end. Indeed, the primary reason for the inclusion of a reliability requirement was to promote trust in ETDs to encourage their use. [11] The same considerations should also weigh against application of an overly strict and uncommercial interpretation. Parties will not be encouraged to adopt ETDs if there is a constant risk that even the most trivial and short-lived flaw with even the most reliable systems could suddenly strip them of rights that they reasonably assumed they would have by possessing an ETD.
Further, perhaps tritely, “reliable” does not mean “infallible”. This is reflected by the provisions of s 2(5), which concerns qualities of the system and best practice. It does not concern outcomes, and there is nothing to support the application of an absolutist approach akin to strict liability. A comparison with the data protection regime under the UK GDPR may be instructive. Article 5(1)(f) thereof requires that personal data be processed in a way that “ensures appropriate security”. Nonetheless, the mere fact that a data breach occurs is insufficient to give rise to liability. Article 5 is to be interpreted having regard to Art 32, which requires the adoption of “appropriate technical and organisational measures to ensure a level of security appropriate to the risk” and provides guidance as to the kind of measures required (some of which are similar to the provisions of s 2(5)). This means that despite a data breach, liability can be avoided by demonstrating that security was appropriate. It is also implicitly recognised by Art 32(1) that breaches can occur even if state of the art security measures are employed. Although the exact language of s 2(2) differs from that of the GDPR (and the consequences of non-compliance would differ), it would be surprising and unfortunate if the 2023 Act is interpreted to mean that higher standards of “reliability” are to be imposed on ETD system administrators and users than the security standards imposed under the data protection regime.
BEYOND THE ETDA
The ETDA cannot, and is not intended to, determine every single dispute between parties who use ETDs, much as the Carriage of Goods by Sea Act 1992 does not provide the answer to every dispute involving PTDs. Where issues arise such as misdelivery and fraud, there is a well-developed framework of statute and case law concerning PTDs that can be applied to ETDs.
Taking the copies/alterations issues as examples, these reflect risks that have always existed for PTDs. The rights and obligations of cargo interests and carriers in various scenarios involving fraudulent copying and alteration of PTDs have been established by an extensive body of law – see, by way of example, The Erin Schulte [2013] 2 Lloyd’s Rep. 338 and The MSC Amsterdam [2007] 2 Lloyd’s Rep. 622. Putting fraud to one side, the traditional practice of issuing bills of lading in sets has resulted in scenarios where multiple parties can claim to be a lawful holder of a PTD. Again, there is extensive authority concerning how to deal with the resulting problems – see Carver on Bills of Lading at 6-075-6-079.
To be clear, we are not suggesting that all potential integrity issues with ETD systems can easily be resolved by applying analogous case law dealing with PTDs. Rather, our present view, pending elucidation by the courts, is that courts are likely to seek to adapt principles established in PTD cases to ETD cases and are unlikely to display an over-zealous tendency to disqualify putative ETDs from their status as ETDs unless there is evidence which clearly establishes one or more serious systemic flaws undermining the reliability of the ETD system.
Equally, we do not dismiss the possibility of a “temporary” issue reflecting an underlying systemic problem and properly calling reliability into question. For instance, a leak of users’ private keys may be a one-off event but could have arisen because of a systemic or obvious software or auditing failure. A comparison with the concept of a “safe port” in the context of charterparties may be instructive. Whilst a port can be rendered unsafe by a temporary characteristic, it will not be by an “abnormal occurrence”, the distinction being determined by evaluation of “the evidence relating to the past frequency of such an event occurring and the likelihood of it occurring again”. [12] Here, an appropriate approach could be: having regard to the s 2(5) factors set out in and other relevant considerations, was there a material risk (the standard used by Fraser J in Bates No.6 at [978]) of the relevant issue arising at the time it did for a reason related to the system itself?
CONCLUSION
In this article, we have cautioned against an unduly restrictive approach to the application of the reliability requirement under the ETDA, having particular regard to commercial considerations and the underlying aim of the Act, which is to promote the adoption of ETDs. Accordingly, we consider that the most likely trend will be more evolutionary than revolutionary, with industry and the courts building upon what has gone before in terms of existing technology and case law and desisting from an overly zealous approach to disqualifying putative ETDs unless the evidence of systemic unreliability truly warrants it.
Where reliability is called into question, we consider that the courts are likely to assess the technical evidence regarding s 2(5) and other relevant factors and determine, on the balance of probabilities, whether the issue that has arisen is most likely to be: (a) attributable to the system itself (and not an extrinsic cause that reliability could not protect against); and (b) indicative of a genuinely systemic issue as opposed to being an aberrant glitch. Only then would the system be found to be “unreliable”.
Written by Emile Yusupoff and Dr Satya Talwar Mouland, edited by Vasanti Selvaratnam KC
This article first appeared in the March issue of Butterworths Journal of International Banking and Financial Law.
[1] See Electronic trade documents: Report and Act (2022), Law Com No 405, [5.1].
[2] See Electronic trade documents: Report and Act (2022), Law Com No 405, [2.9].
[3] Explanatory note, Commentary on Provisions of the Act, [37].
[4] Law Com No 405, [6.32].
[5] See Castle v Cross [1984] 1 WLR 1372.
[6] See Expert Evidence: Law and Practice 5th Ed. at 11-007.
[7] As, for example, in Bates v Post Office Ltd (No.6: Horizon Issues) [2019] EWHC 3408 (QB).
[8] https://www.theguardian.com/uk-news/2024/jan/12/update-law-on-computer-evidence-toavoid-horizon-repeat-ministers-urged
[9] IGP&I Clubs, Circular 16/22.
[10] Law Com No 405, [2.16].
[11] Law Com No 405, [6.43].
[12] See The Ocean Victory [2017] 1 W.L.R. 1793 at [44].
Further information
For more information from the stone team, contact clerks@36stone.co.uk
