Passed to manage national security problems caused by the use of Chinese technology, a Prime Minister Decree dictates new and problematic rules for contracts negotiation in the Italian telco market by Andrea Monti – published initially in Italian by Infosec.News
This article analyses the issues related to the practical application of the Conte-Huawei Decree issued last August 7, 2020, which sets out the conditions under which TIM S.p.a. can use Huawei’s 5G technology, reducing to an acceptable level the national security risk also feared by the Italian Parliamentary Committee on Secret Services (COPASIR), after the alarms launched by the USA. The article highlights the critical issues arising from a legally incorrect approach and concludes that the solution adopted by the Italian Government is worse than the problem it tried to fix.
Before going ahead, however, it would be preferable to read another article that analyses the strategic problems affecting the Decree.
Foreword
With a paradoxical and twisted logic that recalls masterpieces of the Italian political communication such as the “parallel convergences” of Christian Democrat memory or the more recent “flexible obligations”, the Conte-Huawei Decree “forbids by allowing”.
The Government’s position would be that the measure in question does not “authorise” the use of Chinese technology but in fact, bans it. In reality, this is not true, as such a statement reflects the difficulty that the Government is experiencing, between the US anvil and the Chinese hammer (or, better, sickle).
The core of the problem becomes clear once this paradoxical approach to regulation translates into practice.
The importance of good faith and the risk of pre-contractual liability for TIM
First, it is essential to remember that the Civil Code (law of the State) requires the contractual parties to negotiate in good faith.
In a classic example of a Zen paradox (if you move, I hit you, if you do not move, I still hit you), TIM will find itself in a double bond from which it cannot free itself.
If it follows the government directions, then TIM will have to negotiate with Huawei with the aim of not concluding the contract, exposing himself to a pre-contractual liability action and therefore to damages’ compensation.
If, on the other hand, the company negotiates in good faith, it is likely to fail to comply with government guidance. The Conte-Huawei Decree does not contain a sanction (and could not, moreover) but the political consequences of TIM’s disobedience could be much more afflictive than a pecuniary penalty.
The application of mandatory clauses
The Conte-Huawei Decree defines some elements of the negotiation between TIM and Huawei that affect, once again, the contractual good-faith.
In order to purchase technology, the Conte-Huawei Decree obliges TIM to select its suppliers also on the evaluation of their security levels. This evaluation, writes the Decree, can also be carried out on the documents offered by the manufacturer or based on international certifications.
Although this – like the other clauses – applies expressly to Huawei and not necessarily to other suppliers, it could create a situation of blatant alteration of the regularity of the negotiation. TIM could carry out long, detailed and invasive checks on Huawei technology, but could instead take at face-value what other suppliers from other geopolitical backgrounds declare. Also, in this case, such behaviour would have probable consequences in terms of litigation, which TIM would have to face on its own, since it could not shield itself behind the Conte-Huawei Decree.
Mandatory clauses
The Decree requires the adoption of a series of clauses whose violation must be subject to immediate termination according to article 1456 of the Italian Civil Code.
TIM S.p.a. must make sure that it can carry out checks on the hardware projects (or “drawings” as the DPCM calls them) and on the source code of the software that makes the equipment work and ensure that it complies with its obligation to communicate the results to a public control structure, which in turn must have access to the results of the analyses. Always under the constraint of the immediate termination, it must be forbidden to communicate to foreign government authorities information on the purchase of the equipment. Finally, the contract must provide for a “communication chain” whereby suppliers must inform TIM S.p.a. of non-compliance with the confidentiality obligations mentioned above and prohibitions of communication to third parties.
The writing of these clauses, however, is incredibly complex since the Prime Minister’s Decree only sets out the objectives but not a template of any kind (as, by contrast, did the European Commission with the standard clauses on the protection of personal data in the international data transfers).
Although the contractual framework is defined, therefore, each negotiation will make history in itself, and the substantive content of the relationship between the parties may differ significantly from operator to operator.
However, this difference will have to be well justified and above all transparent, because otherwise, it would result in yet another alteration of contractual freedom on which the EU could also wants to have a say.
The rights of Huawei (and other technology providers)
A critical issue that the DPCM leaves to free negotiation, however, is the protection of the intellectual and industrial property of the technology supplier in the face of the possibility for TIM to carry out very invasive controls. It is therefore conceivable that non-disclosure agreements, sureties or other forms of asset security in favour of Huawei will become a central element of the negotiations, with little possibility for TIM to reject such clauses.
Statutory Arbitration or ordinary litigation?
The handling of litigation arising from failure to comply with mandatory clauses is also an issue that the Conte-Huawei Decree leaves to the free negotiation of the parties.
The delicacy and complexity of the issues under discussion and the need for rapid decisions to safeguard the continuity of service suggest a full recourse to statutory arbitration at the expense of an ordinary legal action. It is also true, however, that the confidentiality of arbitration does not befit national security issues that should be a matter for the court, including for possible criminal charges. Nevertheless, the Conte-Huawei Decree does not deal with this aspect.
The structural impact of the Conte-Huawei Decree on the provision of national security technologies
Although issued to regulate a specific situation, the Conte-Huawei Decree indirectly provides general indications to draft the contracts for the supply of foreign technology to telecommunications operators authorised by the Ministry of economic development.
It represents the first point of contact between the network protection obligations established by Art. Sixteen bis of Legislative Decree 259/03 and the protection of national security.
As a matter of fact and out of common sense, the Conte-Huawei Decree should apply not only to Chinese Big Tech but also to all other suppliers of technologies used in the areas of national security, from operating systems, applications and so on to network equipment and infrastructures. In strictly (and limping) legal terms, however, it is not so, and therefore the executive has created a sort of special contractual law to regulate relations with a single interlocutor.
As a consequence, the ICT security industry suffers from high uncertainty and doubt on the ways and terms of negotiating with TIM. Also, there is the risk of large differences between the individual negotiations, which are difficult to justify in terms of contractual good-faith. At the same time, the Conte-Huawei Decree creates difficulties for other operators who, although not among the addressees of the Decree, will not be able to escape its effects in the technological and commercial planning of their investments.
Conclusions
The protection of Italian national security is undoubtedly a primary objective of the Government’s strategy, but it suffers the negative consequences of improper use of the regulatory instrument. It has been widespread for some time, and the Conte-Huawei Decree is just the latest example, the belief that “a law is enough” to solve problems.
This conclusion is only partly true because laws and regulations are like the tools of a mechanic: they must be well built, and above all, used for the purpose for which they have been built, as did not happen in the case of this Decree.