SBA

Brex-IT, So What?

Last December I attended a meeting of the European CIO Association (EuroCIO) in Berlin, to negotiate the entry of BCS ELITE, the Computing Leadership Forum which represents around 3,000 of the UK’s IT leaders, as the UK’s national body into EuroCIO. Earlier this year we concluded those negotiations and I had the privilege of leading UK corporate IT interests into Europe.

In Berlin we discussed the potential for Brexit. On a personal level my European counterparts were concerned, the UK was seen by some as a very important counterbalance to Germany and France, but on a professional level they felt it makes little difference. The challenges, problems and aspirations of UK IT leaders are the same as their European counterparts - IT is global and oblivious to national boundaries except when the law requires, so what does Brexit mean for corporate IT and the IT sector?

Skills Shortage: Brexit doesn’t really change anything. The UK used to recruit some European IT professionals who may cease to have freedom of movement to the UK, but will likely be welcomed anyway under some form of points system as are existing non-EU IT experts. Equally Europe recruited many UK IT professionals who will similarly probably be ‘passported’ to allow them to continue working in Europe because Europe needs them, the IT skills shortage is not a UK phenomenon. The net effect is likely to be negligible, it will not diminish the availability of skills and is unlikely to reduce the mobility of these in-demand IT professionals because every country wants them.

Data Protection: it is claimed that only five percent of UK companies actively trade with the EU, but let’s be realistic, many of these are the big players in the UK economy. In order for them to continue to receive data about EU citizens the UK will need to implement some form of regulatory equivalence with the upcoming EU General Data Protection Regulation (GDPR), and get the EU’s approval. The UK was going to have to implement GDPR anyway if it stayed in the EU, so apart from the governmental bureaucracy of attaining EU recognition of the new UK data protection regime, it is likely that UK businesses will see little change due to Brexit. There may however be an opportunity for the Crown Dependencies, including us, to hang off the UK’s coat tails instead of negotiating our own data protection equivalence as we did for the previous EU Data Protection Directive.

Data Residency: closely allied to Data Protection, Data Residency is probably the aspect of IT most potentially impacted by Brexit. Whilst UK GDPR equivalence would ameliorate most of the issues, it is likely that EU companies will prefer to keep their data in the EU, and UK companies will likewise prefer the UK. If there is any hiatus between Brexit and the establishment of UK GDPR equivalence then we could see EU companies moving their data and IT out of the UK, and vice versa. Multinationals with distributed IT teams and facilities will be most affected.

Access To Technology: the UK has always led Europe in being first to receive the latest hardware and software, the language of IT is English. Many of the major global technology suppliers set up their European HQs in the UK before the existence of the EU, and in being able to supply the UK without first establishing EU regulatory compliance for their products it is possible that some will choose to introduce products to the UK before they are certified for EU sale.

IP Protection: the UK law will continue to apply and any protections registered with the UK Intellectual Property Office (UKIPO) will be unaffected. The European Patent Convention and European Patent  Office (EPO) are not EU institutions so European Patent process and validity will be unaffected. EU Registered Trade Marks and Registered Designs may cease to apply within the UK. Software is not patentable within the EU, it is excluded from Patent Law and instead is protected by Copyright, so it seems likely that UK software will cease to have EU copyright protection unless re-established under some form of trade agreement. Similarly databases are protected by EU copyright and this protection will fall away. UK businesses which depend upon EU copyright protection will need to revisit their arrangements, although world-wide treaties will continue to apply. One of the opportunities for the UK post EU will be to introduce Patent protection for software, which currently exists in the USA giving US technology greater protection than EU technology.

E-Business: the EU has established common requirements for websites and e-Business, including requirements for information about terms and conditions, data privacy, contacts and the ownership of websites to be published. These lightweight requirements will likely fall away with Brexit, however any reputable business will include this information on its website anyway, so practically the absence of EU law will make no difference.

Cyber Crime: the UK will be no more or less vulnerable to Cyber Crime than before Brexit, and cooperative mechanisms between national law enforcement agencies, such as Interpol, largely pre-date the EU. Arguably the UK may be able to introduce stronger national anti-Cyber Crime measures once outside the EU, but only if the UK public accepts greater surveillance and monitoring which seems unlikely. The UK may be denied access to intelligence gathered by the Europol Cyber Crime Centre, but as this already includes non-EU representatives from North & South America it seems likely that the UK would continue to participate.

Overall then the net effect of Brexit on corporate IT and the IT sector is likely to be quite neutral - win a bit here, lose a bit there. Some multinational corporate IT will be re-organised, and some technology vendors may choose to establish new offices in the “other” jurisdiction. For the UK and IoM public sector some large procurements will become cheaper because they will be able to buy their IT without having to comply with EU procurement rules.

The commercial effects on e-Business will be harder to predict. Obviously the supply of goods into the other jurisdiction may attract new tariffs, and similarly the supply of services. Consumption taxes are likely to be based at the point of supply, which is increasingly being taken as the location of the consumer, but as is already evident digital consumption is very difficult to identify and tax outside of regulated industries such as e-Gaming. There is the potential for tariffs and tax to become more complex post Brexit, but the majority of UK exports are to countries outside the EU anyway and in general the burden of collecting tariffs and taxes on international supplies falls on the importing nation and customer.

It will be interesting to see the approach taken by the UK Government to negotiating Brexit - what trade agreements they may enter into, how they will approach GDPR equivalence etc., but the upshot is that for most corporate IT and most technology suppliers it will be business as usual. We will have the same skills shortages, potentially a bit less of some bureaucracy and more of other, and data protection will stay broadly in line with current plans. IT is already globalised, so a jurisdictional divide between the UK and EU is not very material.

As for EuroCIO - through it UK corporate IT interests will continue to be represented to the EU as part of the common problems faced by all European businesses whether in or outside the EU.