Академический Документы
Профессиональный Документы
Культура Документы
Peter Rott Editor
Certification –
Trust,
Accountability,
Liability
Studies in European Economic Law
and Regulation
Volume 16
Series editors
Kai Purnhagen
Law and Governance Group, Wageningen University
Wageningen, The Netherlands
Josephine van Zeben
Worcester College, University of Oxford
Oxford, United Kingdom
Editorial Board
Alberto Alemanno, HEC Paris, Paris, France
Mads Andenaes, University of Oslo, Oslo, Norway
Stefania Baroncelli, University of Bozen, Bozen, Italy
Franziska Boehm, Karlsruhe Institute of Technology, Karlsruhe, Germany
Anu Bradford, Columbia Law School, New York, USA
Jan Dalhuisen, King’s College London, London, UK
Michael Faure, Maastricht University, Maastricht, The Netherlands
Jens-Uwe Franck, Mannheim University, Mannheim, Germany
Geneviève Helleringer, University of Oxford, Oxford, UK
Christopher Hodges, University of Oxford, Oxford, UK
Lars Hornuf, University of Bremen, Bremen, Germany
Moritz Jesse, Leiden University, Leiden, The Netherlands
Marco Loos, University of Amsterdam, Amsterdam, The Netherlands
Petros Mavroidis, Columbia Law School, New York, USA
Hans Micklitz, European University Institute, Florence, Italy
Giorgio Monti, European University Institute, Florence, Italy
Florian Möslein, Philipps-University of Marburg, Marburg, Germany
Dennis Patterson, Rutgers University, Camden, USA
Wolf-Georg Ringe, University of Hamburg, Hamburg, Germany
Jules Stuyck, Katholieke Universiteit Leuven, Leuven, Belgium
Bart van Vooren, University of Copenhagen, Copenhagen, Denmark
This series is devoted to the analysis of European Economic Law. The series’ scope
covers a broad range of topics within economics law including, but not limited to,
the relationship between EU law and WTO law; free movement under EU law and
its impact on fundamental rights; antitrust law; trade law; unfair competition law;
financial market law; consumer law; food law; and health law. These subjects are
approached both from doctrinal and interdisciplinary perspectives.
The series accepts monographs focusing on a specific topic, as well as edited
collections of articles covering a specific theme or collections of articles. All
contributions are subject to rigorous double-blind peer-review.
Certification – Trust,
Accountability, Liability
Editor
Peter Rott
University of Kassel
Kassel, Germany
This Springer imprint is published by the registered company Springer Nature Switzerland AG
The registered company address is: Gewerbestrasse 11, 6330 Cham, Switzerland
Contents
Introduction ������������������������������������������������������������������������������������������������������ 1
Peter Rott
Part I Foundations
Certification as Solution to the Asymmetric Information Problem? ���������� 11
Georg von Wangenheim
Challenges for Responsible Certification in Institutional Context:
The Case of Competition Law Enforcement in Markets
with Certification ���������������������������������������������������������������������������������������������� 23
Victoria I. Daskalova and Michiel A. Heldeweg
The Use of Conformity Assessment of Construction Products by the
European Union and National Governments: Legitimacy, Effectiveness
and the Functioning of the Union Market ������������������������������������������������������ 73
Richard Neerhof
v
vi Contents
Peter Rott
1
For detailed account, see chapter 3 by VI Daskalova and MA Heldeweg. See also Schepel (2005),
p. 3 ff.
2
CJEU, 12/7/2012, Case C-171/11, Fra.bo SpA v Deutsche Vereinigung des Gas- und Wasserfaches
eV (DVGW) — Technisch-Wissenschaftlicher Verein, ECLI:EU:C:2012:453.
P. Rott (*)
Institute of Economic Law, Faculty of Economics and Management, University of Kassel,
Kassel, Germany
e-mail: rott@uni-kassel.de
by that body. The decision in the case of James Elliott3 complemented this line of
thinking. In this case, the CJEU found that it has jurisdiction to provide a prelimi-
nary ruling concerning the interpretation of a harmonised standard that was devel-
oped by a private body under the so-called ‘New Approach’ of EU product safety
law, thus treated that private standard as part of EU law. The two decisions have
triggered intense discussion relating to the constitutionalisation of standardisation
and certification by private actors, in particular in the context of the ‘New Approach’.4
In a parallel development, the relevance of certification and similar phenomena,
such as credit ratings, for the protection of the economic interests or the health and
safety of third parties has come to the fore. The breast implants scandal around the
French producer Poly Implants Prothèse (PIP) forms a prime example. PIP had
filled the breast implants with industrial silicone rather than medical silicone. Within
the system of EU medical devices law, TÜV Rheinland acted as notified body to
monitor the activities of PIP. TÜV Rheinland had certified compliance of the prod-
uct design of the PIP breast implants and of PIP’s quality management system with
the underlying standard. Since TÜV Rheinland had not noticed the fraudulent
change of production by PIP (and since PIP itself went bankrupt following the dis-
covery of the fraud), victims initiated litigation against TÜV Rheinland in German
and French courts. Out of the many cases, the case of Elisabeth Schmitt was referred
to the CJEU.5 Rating agencies, in turn, attracted the attention of policy-makers and
of investors likewise in the context of the financial crises, and in particular of the
collapse of Lehman Brothers whose financial products had been rated “AAA” by
Standard & Poor’s. Litigation has already been initiated in different countries
including Australia and Germany.6
The above-mentioned areas of medical devices, or product safety generally, and
of credit rating are only two examples for areas in which certification plays an
important role. Other areas are the certification of food standards, of social and/or
environmentally sound production or sourcing or of compliance with standards of
consumer law or data protection law.
The cases of PIP and Lehman Brothers trigger several questions. Who benefits
from certification? Standardisation benefits primarily the relevant industry whose
transactions costs are reduced through standardisation and through certification of
compliance with certain standards.7 At the same time, certification systems may
serve further purposes, such as the protection of users or other third parties, and the
certificates that are issued may be addressed to a diversity of actors. Thus, the main
addressee of certificates can be the customer of the producer or trader who or whose
3
CJEU. 27/10/2016, Case C-613/14 James Elliott Construction Limited v Irish Asphalt Limited,
ECLI:EU:C:2016:821.
4
See, for example, Schepel (2013), p. 530; van Leeuwen (2013), p. 406; Purnhagen (2017), p. 586;
Volpato (2017), p. 597; Colombo and Eliantonio (2017), p. 332.
5
CJEU, 16/2/2017, Case C-219/15 Elisabeth Schmitt v TÜV Rheinland LGA Products GmbH,
ECLI:EU:C:2017:128. See chapter 9 by P Rott and the references therein.
6
See chapter 11 by A Halfmeier and the references therein.
7
See, for example, DIN (2000) and Blind et al. (2011).
Introduction 3
The book is structured in three parts. Part 1, consisting of three chapters by Georg
von Wangenheim, Michiel Heldeweg and Victoria Daskalova, and Richard Neerhof,
focuses on the fundamentals of certification: its economic background, the manifold
shapes and forms certification can take, and its relevance for competition and free
trade.
The chapters of Part 2 deal with the conditions for the success of certification in
creating trust as well as incentives for compliance with private standards, and in
monitoring compliance with standards, using examples from various sectors. Gerrit
Hornung and Stefan Bauer introduce and discuss the new data protection seal as
envisaged by the General Data Protection Regulation. Miranda Meuwissen presents
empirical studies that show how certification gains relevance for insurance by facili-
tating risk classification and management. In a more skeptical approach, Hanna
Schebesta looks at problematic (voluntary) certification practices in the food sector
and presents the new certification marks of the EU Trademark Regulation of 2015
4 P. Rott
Part 2 starts with Gerrit Hornung’s and Stefan Bauer’s chapter on ‘The new
European Data Protection Seal – data protection through market’ that discusses the
increasing prominence of certification in the sector of data protection. Under the
new General Data Protection Regulation (GDPR), audit and certification mecha-
nisms are means of co-regulation and aimed at creating market incentives. This
optional enforcement layer is meant to enhance the standard of privacy protection.
At the same time, the authors show that the new rules offer the opportunity to create
transparency through a system of harmonised standards with regard to privacy seals
and marks; instruments that have been used in the market before but with limited
informative value, due to the lack of common standards.
That certification is indeed suitable to build trust is shown by Miranda Meuwissen
in her chapter ‘Can certification enhance the feasibility of insurance?’. The feasibil-
ity of insurance heavily depends on the behaviour of the insured. Certification can
be a tool to facilitate risk classification and monitoring. The author presents findings
from empirical studies on liability insurance in the animal feed industry, epidemic
disease insurance for farmers, and liability insurance in the horse business, that
illustrate that certification schemes have the potential to enhance feasibility of insur-
ance schemes, among others as a tool to cope with adverse selection.
In contrast, Hanna Schebesta rather deals with ‘bad’ certification practices, using
the food sector as an example. In her contribution ‘Control in the label - self-
declared, certified, accredited? - On-pack consumer communication about compli-
ance control in voluntary food schemes from a legal perspective’, she identifies
problematic certification practices in the domain and explores the potential of the
current regulatory framework of unfair commercial practices law to effectively
combat these practices. Moreover, she discusses a new legal development that might
provide for more stringent solutions than food information law in the narrow sense:
6 P. Rott
EU certification marks that were introduced with the new EU Trademark Regulation
of 2015 and that are meant to inform end-consumers of product qualities related to
the largely opaque steps of the process leading to the product to which they are
affixed.
The last chapter of Part 2, by Carola Glinski on ‘Certification of the sustainabil-
ity of biofuels in global supply chains’, deals with an area where public law control
of the production chain is not possible, due to public international law limitations,
but where simple exclusion of foreign actors or products is not feasible either, due
to the requirements of international trade law. The promotion of biofuels in the EU
aims at the substitution of fossil fuels and the reduction of carbon emissions. In
order to make sure that the production of biomass does not result in negative impacts
on greenhouse gas stocks or on biodiversity, the promotion of biofuels is accompa-
nied by sustainability requirements. As the majority of biomass for biofuels is pro-
duced in the ‘Global South’ with often low regulatory and enforcement capacities,
compliance with the sustainability requirements is safeguarded through a highly
complex certification set-up based on private certification systems and private certi-
fication bodies which thereby replace, to a certain extent, the regulatory and admin-
istrative role of the State. The author analyses that system of control and its potential
weaknesses to ensure sustainable production of biofuels.
Peter Rott picks up the topic of the effectiveness of private certification in product
safety law and the role of tort law liability for the compensation of victims of negli-
gent certification and as a regulatory instrument to incentivise certification bodies to
live up to their duties. In his contribution ‘Certification of medical devices: Lessons
from the PIP scandal’, he describes the development of certification and accredita-
tion in medical devices law. Having started with a fairly general framework, proven
failures in the system, and in particular the breast implant scandal around the French
producer Poly Implant Prothèse (PIP) and the German certification organisation
TÜV Rheinland, medical devices law has seen ever more intense regulation of the
control chain, culminating in the new Medical Devices Regulation of 2017. The
narrative of the legislative history and the reasons for the various legislative changes
illustrate the risks that come with the privatisation of health and safety regulation
and control and trigger the question as to whether private law liability of certifica-
tion organisations towards victims of unsafe medical devices is a necessary ingredi-
ent to make the system work.
Liability for insufficient control by certification organisations is also at the heart
of the contribution by Vibe Ulfbeck and Anders Møllmann on ‘Public function lia-
bility of classification societies’, dealing with the certification of vessels. Among
others, flag states commonly delegate it to classification societies to perform sur-
veys and inspections pursuant to various international conventions and to issue cer-
tificates under these conventions on behalf of the flag state (statutory certification).
Introduction 7
4 A Word of Thanks
References
Blind, K., Jungmittag, A., & Mangelsdorf, A. (2011). Der gesamtwirtschaftliche Nutzen der
Normung. DIN.
Colombo, C., & Eliantonio, M. (2017). Harmonized technical standards as part of EU law:
Juridification with a number of unresolved legitimacy concerns? Case C-613/14 James
Elliot Construction Limited v. Irish Asphalt Limited, EU:C:2016:821. Maastricht Journal of
European and Comparative Law, 24, 332.
DIN. (2000). Gesamtwirtschaftlicher Nutzen der Normung - Unternehmerischer Nutzen. DIN.
Purnhagen, K. (2017). Voluntary “New Approach” technical standards are subject to judicial scru-
tiny by the CJEU! – The remarkable CJEU judgment “Elliott” on private standards. European
Journal of Risk Regulation, 8, 586.
8 P. Rott
Schepel, H. (2005). The constitution of private governance – Product standards in the regulation
of integrating markets. Oxford, England: Hart.
Schepel, H. (2013). The new approach to the new approach: The juridification of harmonized stan-
dards in EU law. Maastricht Journal of European and Comparative Law, 20, 530.
van Leeuwen, B. (2013). From status to impact, and the role of national legislation: The applica-
tion of article 34 TFEU to a private certification organisation in Fra.bo. European Journal of
Risk Regulation, 4, 406.
Volpato, A. (2017). The harmonized standards before the ECJ: James Elliott Construction.
Common Market Law Review, 57, 597.
Part I
Foundations
Certification as Solution to the Asymmetric
Information Problem?
Georg von Wangenheim
1 Introduction
2 M
arkets for Search Goods, Experience Goods
and Credence Goods
Since the seminal papers of Nelson2 and Darby and Karni,3 it is common to distin-
guish the three types of goods mentioned in the title of this section. Search goods
are what economists have in mind when they present the simple model of a competi-
tive market or even a monopoly market. All parties to a contract can easily observe
all properties of search goods which the contract covers before it is concluded.
Hence, there are no information asymmetries. Any care the seller of such a good
takes increases the quality of the good as the buyer observes it. Consequently, addi-
tional care increases the buyer’s valuation of the good and thus his willingness to
pay too. The seller of the product has thus incentives to increase care and thus the
quality of the product as long as the additional costs of care and quality are lower
than the additional valuation of the buyer for the good measured in his willingness
to pay. There is thus no need for any further incentives for the seller to take care and
provide high quality. No regulation is needed, not even liability is required as an
incentive to achieve economic efficiency.
Rarely the argument convinces for all properties of a specific good. It is therefore
more precise to speak of search properties of a good—and experience properties
and credence properties accordingly. However, most of the arguments are more eas-
ily presented if one assumes that all goods can easily be allocated to one of the three
groups without differentiation with respect to their specific properties. We therefore
follow this simplification, which is standard in the literature.
If the buyer cannot observe the qualities of a good before the contract, it is called
an experience good or a credence good, depending on whether the buyer can observe
properties after having entered into the contract or not even then. In both cases, the
argument in favour of economic efficiency of the market is flawed: while additional
care does still increase quality (and costs of production), the buyer’s valuation of the
product and his willingness to pay are not affected any more. Therefore, taking care
and increasing quality cease to be worthwhile to the seller. As Akerlof has shown,
Darby and Karni (1973), p. 67; an often-cited formalization and extension of the argument is
3
also in 1970,4 any variance of quality in the market tends to break down and so
possibly does the entire market due to the problem of adverse selection. Of course,
there are ways to overcome these problems, ranging from guarantees given by the
seller in order to signal his high quality, reputation, regulation and, not the least, the
topic of this chapter: certification as a means to reduce asymmetries of information.
All these remedies may substitute each other to some degree, but certification may
be the most efficient remedy under certain circumstances. It is therefore helpful to
better understand how certification works in detail.
Nearly 40 years ago, Kip Viscusi introduced a first model of purely market-based
certification as a means to signal high quality of a producer.5 The argument is based
on standard signalling theory: High-quality producers of goods approach a (private)
certification agency.6 This certifier investigates the quality of the product at some
costs, which he charges to the producer demanding certification.7 His investigation
technology is rather simple: if he incurs the costs (of a given amount), he receives
perfect and complete information on the quality of the product. He then correctly
certifies this quality in a way that consumers of the good can fully understand. As a
consequence, consumers can and do decide according to their preferences which of
the certified products they buy and at which price. Obviously, it is not worthwhile
for low quality producers to purchase certification because such certification would
not provide any information to consumers that is valuable to the producer. In equi-
librium, only and all producers whose products are of a sufficiently high quality will
purchase certification, where ‘sufficiently high’ means that the quality induces con-
sumers to be willing to pay more than their average valuation of non-certified prod-
ucts plus the certification costs. From the consumers’ perspective, such certification
elucidates the individual quality of all high quality products and the average quality
of uncertified low-quality products.
4
Akerlof (1970), p. 488.
5
Viscusi (1978).
6
Stahl and Strausz (2017), p. 1842, discuss the assumption that it is the producers who pay the
certifier and not the consumer—an assumption prevailing in nearly all publications on certifica-
tion. They show that in general, certification purchased by producers is (1) more informative due
to the information contained in the decision to certify, which is partly observable and (2) superior
from a welfare point of view. The result is reinforced by the argument that certification purchased
by consumers may be obstructed by low-quality producers. The only exception to this result is
subsidized certification: Stahl and Strausz show their central results hinge on the price for certifica-
tion being at or above marginal costs of certification.
7
Faulhaber and Yao (1989), p. 65, consider a different type of information producing agents:
‘reviewers’ who are paid by consumers rather than by producers, which turns the model from a
signaling to a screening approach. As ‘reviewing’ is empirically much less relevant than certifica-
tion, this paper concentrates on the latter.
14 G. von Wangenheim
8
Biglaiser (1993), p. 212, was the first to mention these possibilities.
9
Biglaiser (1993) circumvents this problem by assuming that certification only refers to a single
unit of the good and each and every unit is certified individually.
10
Strausz (2005), p. 45.
Certification as Solution to the Asymmetric Information Problem? 15
gains and long run losses from reneging on one’s quality promise. In a dynamic
setting, reputation therefore exhibits substantial economies of scale and economies
of scope: the larger a firm and the more products benefit from the same reputation,
the more there is to lose from defecting on reputation and thus the more credible a
promise to provide high quality becomes. As certifiers specialise in reputation for
credibility, their business is most susceptible to the consequences of economies of
scale and scope: monopolization of the market, or at least oligopolisation. As
Strausz shows, this may raise prices in the certification market even beyond the
static monopoly price.
However, the economic literature is far from completely understanding reputa-
tion in certification markets as the solution to the asymmetric-information problem.
The existing models11 suffer from multiple equilibria, only some of which stabilise
reputation and honest certification. Most publications in the field concentrate on
these desirable equilibria but fail to give good reasons for this abstraction, nor do
they explain how reputation for honest certification grows in the first place.12 Again,
the aforementioned economies of scale and scope exacerbate the problem—reputa-
tion only becomes stable when it promises future gains for many and frequent cases.
To propose government regulation of certification agencies as an alternative
solution to asymmetric information raises questions of the same kind as in other
markets. If government wanted to regulate the output of certifiers, it would be hard
to imagine why the regulator does not use the information required for such regula-
tion of the certifiers to regulate the certified industry directly. Regulation by liability
would suffer from the same problems as discussed before for guarantees. Given the
limited information available to evaluate the care that certification agencies take,
both a negligence and a strict liability regime would expose the certification agen-
cies to a risk of high-stake liabilities that would very quickly destroy any supply on
the market for certification.
Only input regulation, i.e. qualification requirements for the certifiers and
requirements of observable signals of high effort that agencies exert to prepare their
certification decision, can be administered without essentially suppressing any sup-
ply of certification services. Obliging certifiers to employ qualified personnel or
proving their competence in some way or other reduces their opportunity costs of
handing down high-quality certification decisions.13 Obviously, such input regulation
11
Apart from Strausz (2005) see, e.g. Peyrache and Quesada (2011), p. 1099.
12
Peyrache and Quesada (2011) construct a model, in which the certifiers do not switch immedi-
ately from honesty to complete corruption when their time preference becomes too strong, but
gradually increase the range of true qualities for which they accept bribes for exaggerating the
quality in their report, when the relative value they attach to future profits declines.
13
See Shapiro (1986), p. 843, for a first model studying the effects of input regulation in markets
with reputation for output quality. Shapiro considers input regulation in two forms: licensing, i.e.
abolition of supply by producers without a minimum education, and certification, i.e. truthful
information of consumers about whether a producer has passed the minimum education or not.
Note that Shapiro uses the term ‘certification’ for information on input qualification while in this
paper I use it for information on output quality, in line with most of the economic certification
literature.
16 G. von Wangenheim
is far from guaranteeing high quality certification, not the least because it also
reduces competition between certifiers.14
In addition to the simple model of shirking and collusion with only two or three
alternative actions of the certification agency discussed so far in this section, one
could explicitly model the probability of the certifier to determine the quality cor-
rectly as a function of his effort to avoid such errors. On first sight, this endogeneity
of error probabilities does not change much of the argument presented so far.
Producers with high quality will still be the ones who request certification and the
problems of collusion between producer and certifier remain vivid. However, strate-
gies to overcome incentive problems of certification agencies cannot be as simple as
before. As error probabilities cannot be zero with finite effort, optimal strategies of
both producers and consumers must be forgiving and somewhat tolerant with
respect to misreported quality.15 In such a world, market incentives for producers to
produce high quality and for certifiers to exert effort and not to collude with produc-
ers necessarily are incomplete. Although to the best of my knowledge no such
model of certification exists in the literature, I conjecture that no Nash equilibrium
with a socially optimal level of the certifier’s effort or absence of collusion exists,
because that would require observation of effort or full internalization of the conse-
quences of errors. Certification therefore will not be a perfect solution to the quality
problem. Any lawyer-economist might again be tempted to rely on liability to close
the gap between market equilibrium and the social optimum. However, the same
obstacles as discussed before will prevent this approach from being successful.
Strict liability would entail complete insurance of consumers by certifiers for which
hardly any consumer would be willing to pay. Perhaps to a lesser degree but still so,
the same would be true for negligence liability due to unobservability of the certi-
fier’s effort and a thus necessarily uncertain standard of care.
14
Kleiner (2000), p. 189, stresses this problem for occupational licensing in general.
15
See Green and Porter (1984), p. 87, for an early model of enforcement of cooperation with uncer-
tainty in a completely different field (cooperation in a cartel). Ganuza et al. (2016), p. 213, apply
the model to quality reputation but not to certification.
Certification as Solution to the Asymmetric Information Problem? 17
is demand for low quality products or not. Buehler and Schuett16 study the effects of
such certification in a duopoly market with some but not all consumers uninformed
about quality. They show that minimum quality certification is superior to minimum
quality regulation when the number of uninformed consumers is large because the
latter tends to deter firms from entering into the market. Van der Schaar and Zhang17
show that the existing results do not depend on the crude simplifications of the pre-
vious literature but extend to a situation where information of some consumers is
not exogenously given, but evolves from reputation over time by Bayesian updating
based on stochastically distorted quality observations.
Lizzeri18 endogenises the disclosure strategy of the intermediary in his model. In
particular, he assumes that the certifier perfectly observes the quality of a good, but
truthfully discloses information on this quality only according to a previously
announced rule, which may, for example, be disclosure of the exact quality or only
information on whether a certain threshold has been passed. One should note that
this assumption also excludes collusion between the producer and the certifier. It
turns out that certifiers with market power will restrict the information they
disclose.
In the extreme case of a monopolist certifier and quality being a merely stochas-
tic outcome of production costs equal across all producers, information will be
restricted to whether quality meets or passes one certain threshold, where this
threshold guarantees that socially valuable qualities, i.e. those which consumers
value higher than the costs of production, are certified while the others are not. The
central argument for this being an equilibrium is that it allows the certifier to maxi-
mise his profits. In less extreme cases, disclosed information will be more detailed
for high qualities, but there will be no differentiation between the low quality
products.
The insights of Lizzeri indicate that certifiers’ policies to only inform about
whether quality meets a threshold is not only a tribute to restrictions of consumers’
limited abilities to process detailed information but also originates from certifiers’
profit maximisation.19 Farhi et al.20 and Lerner and Tirole21 have extended the argu-
ment to incorporate multiple certifiers with only one threshold for each certifier but
different thresholds across them. None of them is interested in revealing the identi-
ties of producers who applied for their certificate but failed to meet the standard.
Such tiered certification systems also add more costs, and delay, to the provision of
information, as producers tend to start high and apply with lower tier certifiers only
after having failed to get high-level certification.
16
Buehler and Schuett (2014), p. 493.
17
van der Schaar and Zhang (2015), p. 509.
18
Lizzeri (1999), p. 214.
19
For an overview of further results supporting this claim, see Pollrich and Wagner (2016), pp. 345
and 346.
20
Farhi et al. (2013), p. 610.
21
Lerner and Tirole (2006), p. 109.
18 G. von Wangenheim
6 Open Questions
Despite many steps forward in economic research on certification during the last
two decades, understanding of the full complexity of certification in real world mar-
kets is still incomplete. Three major open questions are the effects (1) of heteroge-
neous consumer preferences, (2) of bounded rationality, and (3) of producers’
choice between quality improvement and active concealment of low quality.
Heterogeneity of consumers’ preferences is likely to be covered with minor
changes of the existing models when only one quality dimension exists and con-
sumers vary in their willingness to pay for such quality. However, adding more
dimensions adds more strategic choices for certifiers as well as for producers.
Imagine, for example, a market for a good produced from resources harvested in
less developed countries and consumed in industrialized countries. Consumers may,
and casual experience shows that they do, care for ecological aspects of resource
growing in LDC and of production in the industrialized country, for social circum-
stances of resource growing and production (e.g. child labour), and for the effects of
the final product on consumers’ health. And consumers will care for these aspects to
different degrees. Das23 provides a first attempt to analyse certification in a market
in which consumers care for more than one quality dimension. Although he models
certification only for one dimension, the addition of a second preference dimension
seems to alter results dramatically and provide additional insights: non-profit certi-
fication becomes superior to for-profit certification if the second dimension of pref-
erences has weak effects on consumers’ choices.24
Such heterogeneity is likely to bring about separate certification agencies, each
being responsible for one or very few quality dimensions. Even within one general
22
Albano and Lizzeri (2001), p. 267; Hvide (2009), Article 5.
23
Das (2016), p. 251.
24
The intuition for this surprising result is that non-certification and thus production of low quality
may be a means to separate markets and thus collect monopoly rents on both markets. If differen-
tiation by the second quality dimension is large enough, certification is not needed to differentiate
products.
Certification as Solution to the Asymmetric Information Problem? 19
quality aspect with asymmetric information, several certifiers may emerge despite
the aforementioned concentration tendencies. Closely competing certification agen-
cies will of course compete on prices they charge to producers but also on the appro-
priateness of their standards of certification for consumers’ preferences. Given
bounded rationality of consumers, even certificates for completely useless or other-
wise irrelevant properties, like e.g. ‘produced without labour of white elephants’,
may emerge and remain in the market for some time. Economic analysis of such
distracting certificates is as much open to further research as the selection of rele-
vant quality dimensions by certifiers.
Surprisingly, nearly all existent economic models of certification completely rely
on asymmetric information in a world where consumers are perfectly rational.25 It is
well known that bounded rationality is not as easily described in a general model as
perfect rationality. Nevertheless, as certification has developed as one major way to
reduce information asymmetries it seems to be straight-forward to also include it in
models with boundedly rational consumers as an instrument to reduce complexity
of information and thus improve decisions of these boundedly rational consumers.
Pu and Zhang26 are the only authors so far, who explicitly include bounded rational-
ity in a model of voluntary certification. However, they reduce bounded rationality
to the inability of consumers to recognise fraudulent certification in a model of one
quality dimension and a given proportion of consumers who are rational and thus
identify the quality of the good directly. Problems of bounded rationality related to
the multiplicity of quality dimensions remain uncovered in the theory-based litera-
ture. Our economic understanding of these problems is still scant.
Finally, a third open field in microeconomic theory in general and the economic
discussion of voluntary certification in particular deserves mention here: the aggra-
vation of information asymmetries by producers, and certifiers, of goods. Suppliers
in any market may be tempted to spend resources on misleading consumers of their
products, be they goods or information, in their perception of quality. The weakest
form, still close to the standard approach in asymmetric-information theory, is
spending resources on hiding information, which may be described theoretically as
the mirror image of not spending resources on disclosing information in a reliable
way.27
There are stronger forms of costly misinformation, though. For example, suppli-
ers may, and some do, actively spread information on exaggerated qualities of their
products or on qualities they do not have at all. Doing so is of course costly. Bischoff
25
Combining the search words “certification” and “bounded rationality” returns zero entries in
EconLit and one for a law journal contribution in SSRN (Becher 2009, p. 747). scholar.google
returns more entries, but none on the first pages really combines the two approaches. ISI Web of
Science returns one case study (Pelaez et al. 2010, p. 27) and the only theory-based paper by Pu
and Zhang (2016), Article No 953.
26
Pu and Zhang (2016).
27
Stahl and Strausz (2017) refer to this problem when comparing producer-purchased and con-
sumer-purchased certification, but their model excludes nearly all other problems discussed in the
current paper.
20 G. von Wangenheim
and Blaeschke28 published one of the few papers in which this social waste of
resources is studied explicitly. However, they do not apply their model to general
markets for experience or credence goods nor to certification, but refer to costly
‘window dressing’ of local politicians striving for funds from a central government.
Applying their approach of using resources either to improve quality itself or to
improve merely its presentation and describing the ensuing perception of quality by
a function of the two uses of resources to the case of producers would be straight
forward and provide a useful starting point for investigating certification in an envi-
ronment where such information-blurring activities exist. Nevertheless, existing
approaches to certification markets until now lack active deception of consumers as
a constitutive element. Understanding certification without accepting the existence
of this problem seems to neglect a major part of the problem.
7 Conclusions
This chapter has reviewed the literature on voluntary certification provided by pri-
vate agencies. Starting from the seminal model presented by Viscusi, the focus was
first on opportunistic behaviour of certifiers. Both collusion with the producer to be
certified and moral hazard of certifiers with respect to their error-reducing effort
have been discussed. It turns out that reputation of certifying agencies and govern-
ment regulation of inputs of certifiers are the only viable approaches to overcome
these problems—despite their imperfections due to economies of scale and scope in
reputation and the risk of abuse of regulation for restricting entry to the certification
market. From the theoretical perspective, reputation of certifiers is disappointing as
a solution to the problems insofar as high quality certification is but one equilibrium
among several others in most modelling approaches.
Besides problems of opportunism, much of the literature on certification explains
the causes and effects of minimum quality certification, which conceals much of the
information certifiers acquire when investigating the products to be certified. It turns
out that this form of certification is a result of profit maximization of certifiers being
contracted by producers. However, this need not be to the disadvantage of consum-
ers as the latter also derive information from the very fact that the producers decide
to apply for a certification, or that they do not. In addition, (boundedly rational)
consumers tend to understand information contained in minimum quality certifica-
tion more easily than full quality information.
Economic literature on certification provides many useful results, but it is far
from giving all answers one would desire for designing a good legal framework for
the certification market. Open questions that the last section of this chapter has
stressed are the discussion of preference heterogeneity of consumers with respect
to more than one quality dimension, the problems of bounded rationality and the
28
Bischoff and Blaeschke (2016), p. 344.
Certification as Solution to the Asymmetric Information Problem? 21
References
Akerlof, G. A. (1970). The market for “Lemons”: Quality uncertainty and the market mechanism.
The Quarterly Journal of Economics, 84, 488.
Albano, G. L., & Lizzeri, A. (2001). Strategic certification and provision of quality. International
Economic Review, 42, 267.
Becher, S. I. (2009). A ‘Fair Contracts’ approval mechanism: Reconciling consumer contracts and
conventional contract law. University of Michigan Journal of Law Reform, 42, 747.
Biglaiser, G. (1993). Middlemen as experts. The RAND Journal of Economics, 24, 212.
Bischoff, I., & Blaeschke, F. (2016). Performance budgeting: Incentives and social waste from
window dressing. Journal of Public Administration Research and Theory, 26, 344.
Buehler, B., & Schuett, F. (2014). Certification and minimum quality standards when some con-
sumers are uninformed. European Economic Review, 70, 493.
Darby, M. R., & Karni, E. (1973). Free competition and the optimal amount of fraud. The Journal
of Law & Economics, 16, 67.
Das, S. (2016). Certification under oligopolistic competition. Environmental Resource Economics,
65, 251.
Emons, W. (1997). Credence goods and fraudulent experts. The RAND Journal of Economics, 28,
107.
Farhi, E., Lerner, J., & Tirole, J. (2013). Fear of rejection? Tiered certification and transparency.
The RAND Journal of Economics, 44, 610.
Faulhaber, G. R., & Yao, D. A. (1989). “Fly-by-Night” firms and the market for product reviews.
The Journal of Industrial Economics, 38, 65.
Ganuza, J. J., Gomez, F., & Robles, M. (2016). Product liability versus reputation. The Journal of
Law, Economics, and Organization, 32, 213.
Green, E. J., & Porter, R. H. (1984). Noncooperative collusion under imperfect price information.
Econometrica, 52, 87.
Hvide, H. K. (2009). Oligopolistic certification. The B.E. Journal of Theoretical Economics, 9(1),
Article id 5.
Kleiner, M. M. (2000). Occupational licensing. Journal of Economic Perspectives, 14, 189.
Lerner, J., & Tirole, J. (2006). A model of forum shopping. The American Economic Review, 96,
1091.
Lizzeri, A. (1999). Information revelation and certification intermediaries. The RAND Journal of
Economics, 30, 214.
Nelson, P. (1970). Information and consumer behavior. Journal of Political Economy, 78, 311.
Pelaez, V., Aquino, D., Hofmann, R., & Melo, M. (2010). Implementation of a traceability and
certification system for non-genetically modified soybeans: The experience of Imcopa Co. in
Brazil. International Food and Agribusiness Management Review, 13(1), 27.
Peyrache, E., & Quesada, L. (2011). Intermediaries, credibility and incentives to collude. Journal
of Economics & Management Strategy, 20, 1099.
Pollrich, N., & Wagner, L. (2016). Imprecise information disclosure and truthful certification.
European Economic Review, 89, 345.
Pu, X., & Zhang, H. (2016). Voluntary certification of agricultural products in competitive mar-
kets: The consideration of boundedly rational consumers. Sustainability, 8(9), Article id 953.
Shapiro, C. (1986). Investment, moral hazard, and occupational licensing. Review of Economic
Studies, 53, 843.
22 G. von Wangenheim
Stahl, K., & Strausz, R. (2017). Certification and market transparency. Review of Economic
Studies, 84, 1842.
Strausz, R. (2005). Honest certification and the threat of capture. International Journal of Industrial
Organization, 23, 45.
Van Der Schaar, M., & Zhang, S. (2015). A dynamic model of certification and reputation.
Economic Theory, 58, 509.
Viscusi, K. W. (1978). A note on “Lemons” markets with quality certification. The Bell Journal of
Economics, 9, 277.
Challenges for Responsible Certification
in Institutional Context: The Case
of Competition Law Enforcement
in Markets with Certification
Victoria I. Daskalova and Michiel A. Heldeweg
1 Certification as Regulation
1
Black (2002). According to Black, regulation is ‘a focused and sustained attempt to alter the
behaviour of others according to defined standards or purposes with the intention of producing a
broadly identified outcome or outcomes, which may involve, as control, mechanisms of standard-
setting, information-gathering and behaviour-modification’.
Our starting point, that certification is (about) a statement that a certain state of
affairs (or ‘object’) meets a predefined norm, needs refining. The findings are sum-
marized in Table 1.
The statement nature of certification is that of a speech act, the content of which is
documented in a certificate (as a document or record). The certificate expresses the
certificating body’s purpose by issuing the certificate: to state conformity of an
object of certification with a predefined norm. As such a statement, the act of certi-
fication holds a hybrid purpose, combining an assertive speech act (to describe a
brute fact) with a declarative speech act (of stating a new institutional fact): qualify-
ing and thus presenting a brute fact in terms of an institutional fact.2,3 The truth-
value of certification follows from a conformity assessment undertaken according to
a predefined procedure, whereby it is determined whether a given factual state of
affairs meets a pre-established norm or set of norms.4
2
Austin (1962).
3
Ruiter (2002). See particularly the Supplement to this volume, which presents major distinctions
between types of legal acts. Other types of speech acts are: commissive acts (e.g. a promise), direc-
tive acts (e.g. an order) and expressive acts (e.g. an emotional outcry).
4
Only if the act of certification would be completely informal, without any procedure for the quali-
fication of facts in terms of some norm (such as in saying: it is raining), would it be merely asser-
tive (but even to say ‘it is raining’ seems to involve some measure of humidity or wetness against
which to measure following some procedure).
5
Compare a driver’s license certificate that merely asserts a person’s fitness (as competence) to
drive (safely), but without inclusion of a score at the driver test, to a school or university diploma,
as a certificate that may not only come accompanied by a report card but may also hold a judicium
(e.g. cum laude).
26 V. I. Daskalova and M. A. Heldeweg
with norms. In these cases, the presence of a certification mark implies that that the
compliance with norms will extend into the future and is subject to regular assess-
ments, such as by monitoring and inspection. Thus, a customer purchasing bananas
which bear the ‘Rainforest alliance’ seal expects that the certificate reflects not only
the state of affairs at the time of testing but a continuous process of quality monitor-
ing and assessment.
6
For example a statement of conformity by an assessor that has an interest in the certificate being
issued does not add to intrinsic credibility.
7
For instance by a rule about ipso jure permission or permission by a subsequent act, such as a
building license that can only be granted upon having obtained a construction safety certificate.
Challenges for Responsible Certification in Institutional Context 27
terminating legal positions. This will require that there exists a legal rule of
power, whether by private or public law, that expresses a norm subject (i.e. the
authority to grant a certificate; the power holder/certificating body), possible con-
ditions to the applicability of the power (i.e. an assessment having been made that
may be considered proof of conformity to a norm), a performance (i.e. the legal
act; e.g. a document of certification) and the legal effect of that performance (i.e.
the change in the law it brings about). Being a legal act emphasizes the declara-
tive-assertive nature of certification, as it brings a change in the institutional legal
setting following institutionally validated legal rules of power. Certification as
legal act is a legally valid statement that signifies a change in the landscape of
existing legal relations and rights and obligations involved in them.
However, certification is not necessarily a legal act. When performed in an infor-
mal way, e.g. with the intent of making consumers believe that a product has a
specific quality, even though its procedural underpinning would make it a declarative-
assertive act, legally it might amount to being no more than a mere fact, the instance
of which would be without legal consequence. Only if and when the fact of certifi-
cation has relevance to a rule of conduct or a rule of power does it become a legal
fact and when the act of certification itself brings an intended change in legal
positions.8
The foregoing analysis applies regardless of whether the relevant rules are of a
public or of a private law nature. It is possible that the activity of certification
(including assessment) follows from a private law (say contractual) arrangement, to
then have public law legal effects, and vice versa.9 It is also regardless of whether
certification is voluntarily sought, such as by a manufacturer, supplier, retailer or
service provider to gain competitive advantage, or follows from a legal obligation,
such as to get a license, or as a contractual requirement.10
Above, the statement was made that certification is regulation. This is not a claim to
an inherent property, but certainly a claim to this often being the characteristic aim
behind certification. At this we apply Black’s definition of regulation as being ‘a
focused and sustained attempt to alter the behaviour of others according to defined
standards or purposes with the intention of producing a broadly identified outcome
8
Such as when a university grants a PhD diploma grants the holder of the diploma the right to
supervise PhD researchers, then this act counts as legal act.
9
We will not elaborate on the legal act of certification as regards its scope, of relevance only inter
partes, as is generally the case in private law, or erga omnes, which is more likely in public law,
also as this requires further analysis of specific contextual rules.
10
One may argue that the latter is basically voluntary, although contracts may not be as consensual
as typically assumed—such as when in the supermarket retail market there is buyer power that
requires suppliers of food stuffs to have their products certified.
28 V. I. Daskalova and M. A. Heldeweg
This tells us that the relation between the regulatory instrument of certification
according to certain standards, and the desired outcomes, may operate via the alter-
ation of different types of behaviour involving different categories of certification
regulatees: subjects of certification and third parties. Desired outcomes may vary
considerably as the declarative-assertive statement that certification brings can
either be regarded as an ‘intrinsic end in itself’ or as ‘an extrinsic means to an end’.
The ‘intrinsic end in itself’ outcome relates to certification upon the primary regula-
tory objective to provide authoritative/trustworthy information about the object of
certification where this is lacking in respect of its compliance to a particular norm,
without prejudice to that norm.
Thus, certification can serve a general interest as it broadly adds to existing infor-
mation, knowledge and perhaps to (perceived) trust and (legal) certainty in the role
and functioning of the objects concerned. This in itself, aside from whether there is
broad and positive appreciation of the underlying norm or standard, may serve the
objective of lowering transaction costs or of eradicating misunderstandings that
would otherwise be an impediment to certain processes, mechanisms and relations
and institutional patterns of behaviour, such as of sales, internet services, markets
and governments. Thus certification is an ‘intrinsic end in itself’ as it is neutral or
colourless when it comes to the desirability of compliance to the underlying
standard(s). As an ‘extrinsic means to an end’, certification is ‘taking sides’ as it
seeks to support compliance with a particular standard because the standard itself
represents the desired outcomes. Those outcomes as ends may, as said, be of a very
different nature, ranging from securing or improving on effective and efficient
(supply-chain) management, logistics, and other business operations, to safeguard-
ing and enhancing social values such as safety, security, health, environment, trans-
parency, gender equality and labour conditions. In all of these cases certification
encompasses the element of providing an authoritative statement, but will be posi-
tioned in a way that provides an incentive to (potential) subjects of certification to
adjust their behaviour so they can get a certificate, and/or an incentive to third par-
ties to prefer certified objects above others.
Challenges for Responsible Certification in Institutional Context 29
Given that these incentives may leave discretion to certification subjects and to third
parties to voluntarily decide on the use of and responsiveness to certificates, or alter-
natively, may involve obligations of use and response, strategies towards outcome
achievement need not necessarily be driven by law or legal nature and form. Broadly
speaking, certification may follow three different regulatory strategies11: hierarchy-
based (when certification is obligatory), competition-based (when certification is
seen to provide competitive advantage), and community-based (when certification
is seen to express adherence to shared/social values).12 Certification may follow dif-
ferent strategies at the same time, such as when certification is hierarchically pre-
scribed, but allowing different, perhaps competing, certification schemes, allowing
different standards (for assessment), with the requirement of NGO involvement in
their setting.13 In any case, while hierarchy-based certification is likely to come with
an obligating legal form, a legal form may be totally absent in competition-based
certification when certification is merely a retailer’s or manufacturer’s ploy to attract
consumer interest or to silence NGO objections. When certification is linked to
subsidies or taxes, a legal form will be at play, but rather in terms of the claims and
duties that apply to the scheme, defining the pros and cons of (not) certifying.
Similarly, community-based certification may be non-legal and merely informa-
tional, but may also come with or follow upon (quasi-)legal covenants, contracts or
private standards.
11
Murray and Scott (2002), pp. 491–516, esp. at 502.
12
We do not rule out that certification could also fit an architecture-based (or code) regulatory
strategy, but could not conceive of an example.
13
Heldeweg (2013), pp. 107–139.
14
Levi-Faur (2011), pp. 7–9.
30 V. I. Daskalova and M. A. Heldeweg
(type of) agent. The regulatees will primarily interact with this regulatory agent and
can fit all kinds of regulatory strategies, even community-based as the designated
type of certification (body) may be specified as leaning toward specific social values
and (social) stakeholder involvement.
Given the possibility of such diverse regulatory patterns, which mix regulatory
strategies and relations of certification, we find that regulators, regulatory agents
and regulatees, as well as certification bodies may differ considerably with respect to
their ‘interest nature’. One ideal type distinction in ‘interest nature’ of organisations
is the trichotomy of governments (guided by public interest), firms (guided by pri-
vate interest/for profit) and NGOs (guided by community interest/not-for-profit). In
certification, all types of regulators, regulatory agents and regulatees may be of each
of these ‘persuasions’,15 leading to a possibility of certification being at play in
thirty-nine types of first, second and third party regulatory relations.16
When we take the three possible first party forms of self-regulation, in which a
government, a firm or an NGO voluntarily commits to certification, this is not to say
that they are self-certifying to the extent that they also take the role of a certifying
body. As said, this role, which is not specified in our earlier definition of certifica-
tion, may also be played by organisations of the three aforementioned types.
Certification by a public office may be up to one office in a given jurisdiction, or
several, with or without public authority to give their legal act of certification an
erga omnes legal effect. On the other hand, in the context of a competitive market,
firms may find certification an interesting commercial undertaking; as a result, con-
tracts to certify may ensue. Finally, in a civil society context, NGOs might find that
certification is an attractive way of providing a service to the public at large about
the quality of certain products, services etc.
One could consider it likely that public certification bodies would focus on cer-
tifying compliance with standards of public interest, such as avoidance of pollution,
that firms would focus on standards with commercial relevance, such as product
safety, and that NGOs would focus on standards of social value, such as on gender
equality. However, hybridity is also possible. Firms may compete with NGOs for
certification on social values (e.g. safety in the workplace) or with public authorities
on values related to public interests (e.g. public safety of cars)17; on the other hand,
NGOs might provide certification related to public or commercial interests (e.g. on
human rights performance of states and on fair trade respectively).
15
Ibid., 6–8.
16
We cannot elaborate: three 1st party relations, nine 2nd party relations, and twenty-seven 3rd
party relations. Levi-Faur (2011) and Heldeweg (2013).
17
As by periodical safety certification of cars.
Challenges for Responsible Certification in Institutional Context 31
While the foregoing tells us that in each of the thirty-nine possible regulatory con-
figurations concerning certification, the involved certification body may (also) be of
three different persuasions (yielding a variety of one hundred and seventeen
configurations),18 it ignores a possible variation in the relationship between the cer-
tification subject, as regulatee, and the certification body, as regulator. Similar to the
regulatory relations terminology there are three types of how certification may be
undertaken19: ‘first party’ certification (i.e. certification where the conformity
assessment is performed by a certification subject, ‘providing the object of certifica-
tion’; in short, self-assessment), ‘second party’ certification (i.e. certification based
upon assessment by an associated party, with an interest in the object, such as by an
employer, or a branch organisation) and ‘third party’ certification (i.e. certification
based upon an assessment by an independent party, such as an accredited private
company or public authority). When we combine party-categorisations of regula-
tion and of certification we yield the overview in Table 2.
Under this scheme it is indeed possible that self-regulation comes with self-
certification—as demonstrated in the top left box in the overview of nine party-type
combinations of regulation and certification. In this chapter, however, we choose to
focus on independent third party certification. Consequently our attention goes out
only to the variety at the bottom row of this overview; each of these types, varied
along the kind of underlying regulatory relationship, is of interest to our analysis.
Effectively we are joining the ISO (International Organization for Standardization)
in saying that certification is: ‘[t]he provision by an independent body of written
assurance (a certificate) that the product, service or system in question meets spe-
cific requirements.’20
18
Less if we assume that it is not legally proper to have a public certification body concern itself
with certification of standards that are not about upholding public interests—unless to uphold such
commercial or social values is a public interest concern following the public interest in the proper
functioning of (patterns of) legal relations that depend on compliance in these standards.
19
In defining we build, inter alia, on the ISO/IEC 17000 Conformity Assessment terminology. See:
https://www.iso.org/standard/29316.html—this is not an open source.
20
See: https://www.iso.org/certification.html.
32 V. I. Daskalova and M. A. Heldeweg
Defined by ISO as: the formal recognition by an independent body, generally known as an
21
accreditation body, that a certification body operates according to international standards.’ See:
https://www.iso.org/certification.html.
Challenges for Responsible Certification in Institutional Context 33
With some sophistication, to secure proper working and desired outcomes, regula-
tion of certification can amount to establishing legal institutions. Such an institution
purports a valid pattern of behaviour, prescribed as a ‘distinct legal system govern-
ing specific forms of social conduct within the overall legal system’, instantiations
of which ‘can be dealt with as independent social phenomena’,23 such as property,
contracts, and legal personhood. Certification could be seen as a sub-category of
legal institutions that ascribe a legal quality to a (legal) person, such as upon having
received a personal skills related certificate, or one for an organisation’s overall
management performance, but also of a legal status to a (legal) object, such as the
certification of a financial asset.24
Each type of institution builds upon a conjunction of four types of rules: consti-
tutive rules (about what certification is/means), institutive rules (about how to per-
form the act of certification), consequential rules (about what rules apply to a
certificate, once issued), and terminative rules (about how to end an instance of
certification). What this set of rules brings is the possibility of repeated instantiation
of certificates of a similar kind but with variations tailored to each case of instantia-
tion, depending on the specifics of the given object—as in each university diploma
presenting specifics on the subject, the program that was completed successfully,
etc. In the case of institutive rules, certification will concern application, possibly
standard selection, tailoring or formulation, assessment procedure, decision upon
22
Levi-Faur (2011) and Heldeweg (2013).
23
Ruiter (2002), Chapter 4.
24
Ruiter (1993), p. 357.
34 V. I. Daskalova and M. A. Heldeweg
assessment and form and procedure concerning the act of certification, and possibly
review. Consequential rules will concern rights and obligations, such as the right to
publicly show that the certificate was awarded, and the obligation of continued com-
pliance and allowing inspection. If certification is related to further changes in the
law, such as particular permissions, consequential rules will include rules on privi-
leges and claims that follow from them. Terminative rules may specify an expiry
date or acts and events that may give cause to withdrawal of the certificate.
As said, the functional relevance of a certificate may differ upon the regulatory con-
text. This context will in turn build upon basic rules and principles of different
modes of (legal) governance, which may in one way or another relate to regulation
by certification and the regulation of certification.
25
Regulated markets, between public hierarchy and competitive market (e.g. ‘semi-public ser-
vices’); Networked markets, between competitive markets and civil society (e.g. ‘socio-industrial
networks’); Regulated networks, between civil society and public hierarchy (e.g. ‘social enter-
prises’); Tripartite platforms, between all three ideal type modes (e.g. ‘societal platforms’).
Challenges for Responsible Certification in Institutional Context 35
Our key concern is that modes of governance appear as empirically observable pat-
terns of behaviour, but are likely to also have characteristic normative dimension
due to the basic prescriptive rules that determine their coordinating modes and
incentives towards interaction: modes of order (command and control), modes
of exchange (supply and demand), and modes of cooperation (community and shar-
ing); orientations of public interest, private interest, and social interest. Typically,
these normative dimensions come with their own basic legal rules. In liberal public
hierarchy these are: constitutional government, separation of powers, rule of law,
democracy, human rights and the legality principle. In competitive markets these
are: competition and consumer law, against the backdrop of company, property and
contract law. In civil society, the area that in general is the least formalized, these
are: human rights on private autonomy and the freedom of association and expres-
sion, against the backdrop of contract law and the law on legal personality. Together
these basic rules—or rule sets or legal regimes—form the jurisdictionally embed-
ded, positive-normative fabric of the modes of legal governance landscapes. Such as
there are of public hierarchy by states and municipalities, of competitive markets for
food stuffs and recreational commodities, or regulated markets for energy and
health care, and of civil networks of NGO’s in welfare, culture, and sustainability
awareness, or regulated networks, such as of public housing—while some of these
legal governance landscapes may indeed be instantiated as legal institutions.26
Basically, a public hierarchy certification can serve to provide information about
conformity with prescribed public interest norms, such as on car safety and energy
efficiency. The related legal effect of being certified could be a government permis-
sion to operate, the grant of a subsidy or a tax reduction, or a lowered intensity of
public inspection. In competitive markets certification can serve to mitigate infor-
mation asymmetries, leading to market failure. The related legal effect of certifica-
tion might be gaining access to the market. Certification in the context of civil
society is in service of settling and securing shared community values, and inform-
ing the community about compliance with them. A related legal effect could be
access to membership and co-operative initiatives. In practice certification may
also, and will often, bridge relations across different modes of governance. An
example of such hybrid certification are the fair trade certification schemes that may
originate in civil society but address commercial practice in competitive markets,
and may become schemes with a broader foundation, involving, next to NGOs,
commercial parties in the standard-setting, assessment and certification phases—
much along the hybridity of roles as discussed in the above.27
26
Assuming there is a general, conceptualizing legal arrangement as a format that holds rules on
their instantiation etc.
27
See Mohan (2010), pp. 24–33. The author provides a summary of the history of fair trade certi-
fication—from its roots in ‘alternative trading movement’ based on ‘solidarity economy’ propelled
by NGOs and charities (Oxfam, Traidcraft as well as faith-based groups such as Christian Aid), to
a more mainstream marketing initiative in which multinational companies cooperate. See also
36 V. I. Daskalova and M. A. Heldeweg
As pointed out above, certification is not a neutral instrument to the extent that it
merely adds to existing rules and regulations, as potentially it could infringe on
these rules and regulations; even and with particularly disruptive sensitivity when it
comes to clashes with basic rules of different modes of legal governance. What to
think, particularly of the legality principle, if a state legislator decides to outsource
permitting to a private certification scheme?28 Or how about a certification scheme
that builds upon standards that effectively shut out new entrants to the market and
thus supports anticompetitive practices? And what to think of certification schemes
that do not allow participation of potential certification subjects when they operate
as not-for-profit civil networks? These questions make clear that there is an issue of
normative alignment: of alignment between regulation by certification and the basic
rules of the legal governance mode in which such regulation is applied. Regulation
of certification is crucial should it be that certification does not align, as suggested
in the aforementioned examples. Normative alignment can be achieved by regulat-
ing certification to the extent that it functions as ‘responsible certification’: certifica-
tion that, upon its truth-value, is informative and capable of enhancing the
functioning of these modes of governance.
Wilson and Mutersbaugh (2015), p. 281. A prominent example is the Max Havelaar fair trade label
which started out as a civil society initiative. Drawing the line between pure civil society and ‘mar-
ket’ initiatives may be difficult since, especially with respect to eco-labels, producers may sponsor
NGO certification or establish their own eco-label certification scheme. Kim (2014–2015), pp. 181,
185 f.
28
The legality principle may almost be regarded a container principle, in that many meanings and
functions have been attributed to it. We refer here to the principle that the competent authority is
intrinsically involved in the decisions it takes and may hence be held responsible for them.
Challenges for Responsible Certification in Institutional Context 37
in market transactions), its legitimacy (i.e. the certificating body being accepted not
only for its capacity to produce effectiveness and efficiency, but also for its suitabil-
ity to regulate with possible impact on behaviour of others and on the right of these
others to have a ‘voice’ in such regulation),29 and its justice (i.e. in fairness of the
process of certification and in the consequence of certification, following applicable
standards of distributive or commutative justice).
The set of basic (legal) rules characteristic of each mode of governance has a
different take on and strikes a distinctive general balance between these public gov-
ernance maxims of effectiveness, efficiency, legitimacy and justice. Consumer and
competition law, for example, together promote effective and efficient transactions
in the market, but also ensure legitimacy and justice in them, from the perspective
of private interest exchanges. This is distinct from the perspective of public interest
obligations that would determine how all four of these maxims are understood and
balanced in public hierarchy following unilateral decision-making.30 Basic rules of
modes of governance aim to, in general, attribute a particular meaning to these max-
ims and a particular balance in their functioning, characteristic of that particular
mode. We name such basic rules ‘institutional (legal) rules’, or will refer to them as
the ‘institutional (legal) regime’, expressing the normative dimension of the gover-
nance mode as institutional setting.
Our position is that regulation by certification should not be in conflict with institu-
tional rules of modes of governance. Regulation of certification may be needed to
secure the necessary normative alignment with such basic rules. The institutional
rules are the enabling and constraining rules upon and within which further rules,
‘collective choice rules’, are introduced (and changed and terminated), such as the
setting up of legal persons, in contracting and permitting, and in establishing and
transferring property; rules that are either made by more than one (legal) person or
have consequences for more than one (legal) person.31 Rules and regimes on safety
of consumer products in competitive markets, or on restrictions and permits regard-
ing pollution in public hierarchy, or on the creation of societal enterprises of civil
society, are examples of such collective choice rules. Together with the underlying
institutional rules, the collective choice rules and regimes make the legal space
available to the operations that individual (legal) persons are able and allowed to
29
Aside representation, eligibility may be underpinned by notions of fairness, independency and/
or impartiality, wisdom, charisma etc.
30
The term ‘exit’ is often used in respect of legitimacy, to emphasize the consensual aspect of
exchange and the opportunity of the buyer to contract with a competitive offeror. In public hierar-
chy, the term ‘voice’ is often used to express the legitimacy of government in to command &
control, as long as this is democratically underpinned. Hirschman (1970).
31
Contracting takes at least two to achieve success; permitting may take only one, but has effect
inter partes (mostly in private law) or possibly even erga omnes (mostly in public law), property
is about a right in rem, and legal personality is about a legal form of collective action.
38 V. I. Daskalova and M. A. Heldeweg
engage in.32 Rules regarding regulation by certification are also of the type of col-
lective choice rules, and as such need to align with institutional rules.
32
We freely take these labels (‘collective choice’; ‘operational’) from Ostrom without suggesting
that we import her IAD-framework. See Ostrom (2005). Note that ‘operational’ is about the use/
relevance of Hohfeldian subjective rights, such as claims, duties, privileges, powers, liabilities and
immunities. Hohfeld (1964).
33
van Maanen (1986).
34
A, probably soft law, regulatory response from civil society actors, such as through standards,
certificates and boycotts, is surely a relevant alternative.
35
It could be argued that regulation of a certification (and accreditation) scheme with a general
purpose, non-specific of any type of service or good, would in fact be an addition to institutional
rules (endogenously or exogenously), as it would be in service of (any private interest in; and in
that sense ‘neutral’ or ‘colourless’) the proper working of the market, similar to, exogenously, how
the introduction of a public consumer protection authority, would have such a broader, more insti-
tutional meaning. Collective choice rules are generally more ‘regulatory’ and more related to func-
tional areas of law.
Challenges for Responsible Certification in Institutional Context 39
The so-called ‘new approach directives’ are a point in case. See: European Commission,
37
38
Braithwaite (2008).
39
Consider that in the EU there actually exists a regulatory regime for accreditation with public
authority: Regulation (EC) No 765/2008 of the European Parliament of 9 July 2008, setting out the
requirements for accreditation and market surveillance relating to the marketing of products, OJ L
218/30.
40
Also financial security—think of the role of credit rating agencies.
41
See Sect. 2.2.1 to sense the fit between the distinction between ‘intrinsic end in itself’ and
‘extrinsic means to an end’ regulatory objectives, and the distinction we make here between meta-
regulation addressing institutional rules or collective choice rules.
Challenges for Responsible Certification in Institutional Context 41
2.5 C
ertification as Regulation of Public Interests,
Endogenous or Exogenous to Public Hierarchy?
42
As alluded to earlier, actors in competitive markets and civil society can do the same, as by their
standard setting or certification, but rather through competition- and community-based regulatory
strategies.
43
Hierarchy-based private regulation is an option on the basis of access to/use of private property
rights. There may be scope (even) for code-based regulation in that firms in competitive markets
may take decisions, following demand, that lead to exclusion of certain technologies that govern-
ment in public hierarchy favours—such as in changes in ICT-services.
44
Freedom being defined as the absence, in principle, of (legal) obligations.
45
Also see our references above (in Sects. 2.3.2–2.3.3) to the legality principle and more in the
below. The liberal state doctrine and legality principle basically hold that government/public law
(unilateral) regulation is only allowed by exception (not as a general power such as in contracting),
when necessary (because of specific private law failure on a point of public interest) and if propor-
tionate (not publicizing more than necessary). With government regulation, one should always
(keep) ask(ing) which private ailment it aims to remedy, and whether that facility is indeed still
remedial.
42 V. I. Daskalova and M. A. Heldeweg
As said, it is well possible that government legislators and regulators, mostly due to
a desire to deregulate or to outsource public regulation, opt for government collec-
tive choice regulation, such as regulation of telecommunication, (private and public)
education, energy provision and construction safety,47 to by meta-regulation intro-
duce or in second party regulation make use of existing private certification schemes
in competitive markets or civil society networks. This implies that the declarative-
assertive certification act of a private certifier may count as a legal act or even a legal
fact in the public law context, which may raise questions as regards compliance
with/normative alignment of such private certification authority with the institu-
tional rules of public hierarchy that underpin the public law collective choice
arrangement to outsource certification. Consider, for example, a regime in which
construction safety as a public interest is regulated by government through rules that
require a private certificate for construction safety.
46
Most countries allow for judicial review of legislation for compatibility with the constitution. A
notable exception in this respect is the Netherlands, where constitutional review of legislation is
precluded by Art 120 of the Dutch constitution.
47
And many others, such as those named in fine of Sect. 2.4.4.
Challenges for Responsible Certification in Institutional Context 43
As Eijlander et al have explained, from the public law perspective there are basi-
cally four types of private certification schemes)48:
1. certificates as full permission/benefits—if with private certificate then ipso iure
public permission or other benefits are granted;
2. certificates as conditional to permissions/benefits—only if with private certifi-
cate, possibly public permission/benefits will be granted. Generally public
assessment is more marginal (private certificate as presumptive evidence);
3. certificates as indicative of compliance—if with private certificate then related
private auditing can substitute public oversight or lead to minimizing oversight
or even applying meta-oversight only (i.e. to check if there is proper private
auditing and compliance control)
4. certificates as market-making devices—if with private certificate, this expresses
a distinct quality that makes for a market niche, without specific public law
relevance.49
From types 1 to 3, certification comes with decreasing public law relevance with
respect to the possibility that the private quality of certification may not adequately
‘cover’ a legally prescribed public quality, as regards the relevant collective choice
public hierarchy/law regime that refers to private certification, which may build
upon application of the precautionary principle in matters of public and private risk,
or even as regards underlying public hierarchy/law institutional rules. As regards the
latter, compliance is at stake with requirements of procedural justice/input legiti-
macy (e.g. democratic accountability, public/stakeholder participation; complaints
procedures/judicial review), and of substantive or distributive justice/output legiti-
macy (e.g. proper protection of and respect for human rights, especially as regards
positive obligations following Articles 2 and 8 of the ECHR,50 and, more generally,
public safety, security, heath, and environmental protection, and legal principles
such as legal certainty and equal treatment.51
To safeguard compliance with relevant public collective choice rules and underpin-
ning interests, as well as general institutional rules of public hierarchy, public hier-
archy legislators or regulators may, in applying private certification for public
interest, use different regulatory approaches.52
48
Eijlander et al. (2003), pp. 50–57.
49
Eijlander et al. (2003) only look at the public/state v. private/market dichotomy. One could add
to 4. civil society certificates that are only relevant to community-building.
50
Art 2 ECHR—right to life; Art 8 ECHR—respect for private and family life.
51
We could add that there is a public interest in maintaining basic autonomy through equal freedom
in markets and in civil society, but will assume that this will be safeguarded by institutional rules
of those governance modes as they apply to the private certification schemes in question—should
these rules (and practices) fail, then this becomes another matter.
52
Which we name only briefly—also considering other contributions to this volume.
44 V. I. Daskalova and M. A. Heldeweg
53
Decision (EC) No 768/2008 of the European Parliament and of the Council of 9 July 2008 on a
common framework for the marketing of products, and repealing Council Decision 93/465/EEC
[2008] OJ/L 218.
54
Act of 12 November 2009, Stb 2009, 503 (Dienstenwet), implementing EU directive 2006/123/
EC of the European Parliament and of the Council of 12 December 2006 on services in the internal
market [2006] OJ L 376/36.
55
See the contribution by R Neerhof in this volume.
Challenges for Responsible Certification in Institutional Context 45
2.6 P
ublic Hierarchy and Responsible Certification:
Intermediate Conclusions
56
A Quango (quasi-autonomous non-governmental organisation) is a hybrid organisation in that it
is not a public body (and so does not fall within the normal scope of government hierarchy under
democratic control) but it does exercise public authority. It often concerns expert agencies such as
fair competition regulators.
46 V. I. Daskalova and M. A. Heldeweg
following a process of certification, being not only an instrument but also an object
of regulation, possibly regulated as a legal institution. Thirdly, we discussed the
relevance of modes of governance as relevant contexts of certification, and the need
for normative alignment. This lead us to consider the meaning of ‘responsible certi-
fication’, the art of balancing four maxims, and relating certification to institutional
and collective choice rules and how they are used as instruments of exogenous and
endogenous regulation of certification (within and across modes of governance),
such as by meta- and co-regulation. Upon those latter distinctions we finally took a
brief look at certification of public interests, from the public hierarchy perspective,
demonstrating especially how institutional public law rules constrain the use of pri-
vate certification.
The latter analysis sets the scene for a more in-depth analysis of the institutional
context of competitive markets. The following sections will explore the challenges
of preserving the value of competition on markets in which certification plays an
important role. The focus is on the role of competition law as an instrument of regu-
lating certification activities for the purpose of safeguarding competition on the
market. To what extent competition law can achieve this goal and what unique chal-
lenges are faced by enforcers will be discussed in the sections below.
3 C
ertification in the Institutional Context of Competitive
Markets
Certification can take part in a private context and be shaped by the rules of the
market but it is not always easy to distinguish a ‘private’ context from a ‘public’
one. A public body may appoint or authorize a certain private body to carry out
certification activities required by law. For example, customs agents carrying out
inspections may in fact be self-employed professionals or businesses performing
car inspections can be privately owned. The service provided may be for-profit and
subject to private law (e.g. contract law). On the other hand, there is a public hierar-
chy aspect to such a scenario. The government might be involved in the selection of
certifiers—e.g. by directly appointing specific certifiers, by issuing licenses itself or
by setting regulatory requirements about certification bodies. In this case, although
the actors may be private, the certification context is to a large extent determined by
public authorities.
For this reason, it might be helpful to draw the distinction according to the nature
of relations in the context in which certification takes place (hierarchy, competition,
collaboration), while realizing there may still be hybrid situations. The focus for this
section is on certification taking place in the context of a ‘competitive market’. In
this context, certification services are not only provided for compensation, but pro-
viders of certification service are in competition with each other for customers.57 In
There may not be much competition on this market but the distinctive feature is that the actors
57
this context, certification obeys the rules of the market—of supply and demand—as
opposed to being required by hierarchy, or by being agreed upon in the context of
cooperation, sharing, and consensus-based networks.
In a competitive context, certification is a service provided against compensa-
tion. The service in question is an assurance—for the customers or business partners
of a given organisation—that a given product58 complies with pre-established nor-
mative requirements. Thus, a certifier supplies certification services to companies
looking for certification; in doing so it produces information which others—retail-
ers, consumers or lenders—use in making business decisions. A certification body
thus brokers information between two different groups of actors.
Certification in a competitive market context does not imply that only for-profit
activities are covered. Certifiers might differ with respect to their economic motiva-
tions—a certifier of online shops is motivated by the desire to turn a profit, whereas
an organisation such as the Rainforest Alliance is motivated by the desire to achieve
sustainability goals. What is key is that from the point of view of the customers
there is a choice between different certification schemes. This market is character-
ized by competition even if some actors on this market (e.g. the Rainforest Alliances)
might see competition as contrary to their objectives. The key distinguishing ele-
ment of this institutional context is thus not so much the formal legal form or the
(non-)economic aspirations of the entity carrying out certification but the fact that
certifiers are in competition with each other and that the number of certifiers form
‘a market’ on which companies ‘shop around’ for a certificate. In this context, the
choice of certifier is neither determined by public hierarchy nor established in a col-
laborative way in the context of civil society.
3.1 C
ompetition Law: Meta-regulation for (Certification)
Markets
Markets are institutions which enable exchanges of goods and services. There is
much debate regarding the extent to which markets should be regulated. From a
public interest perspective, regulation related to consumer protection, environmen-
tal protection and labour protection seem necessary. However, the point of departure
for this contribution is that markets need rules not only because of the public interest
in achieving specific outcomes related to workers, consumers, or the environment;
markets need rules that enable their functioning to the self-interest of market partici-
pants. Such rules correct for market failures and enable markets to efficiently per-
form their function as institutions facilitating trade in the long-run.
Competition law is the area of law which, apart from any public interest goals
that it may strive to achieve, provides rules needed to ensure the long-run viability
of markets as institutions facilitating trade. The basic goal of competition law is thus
58
The object of certification may be a product, service, business process or the business itself.
48 V. I. Daskalova and M. A. Heldeweg
59
The idea of ‘competition on the merits’ is linked to the understanding that competition law
ensures that the best companies have a chance on the market. However, the actual interpretation of
the term and the best type of analysis needed to achieve a merit-based competition regime are
contested. On the one hand, promoting competition on the merits requires protecting opportunities
for market access. On the other hand, it implies that the best (cheapest, most efficient) companies
should be allowed to succeed. See OECD Roundtable, Competition on the Merits (2005) DAF/
COMP(2005)27. There is much debate on whether the emphasis of competition law and policy
should be on preserving ‘opportunities’ or ‘outcomes’. For an illuminating comparison of the dif-
ferent approaches to competition law and policy, see Fox (2003), p. 149.
60
This formulation appears in a number of hard and soft law instruments but also in statements by
commission officials. In a 2015 speech, Commissioner for Competition Margrethe Vestager
explained that the Commission’s ‘first goal is preserving good competitive conditions in the mar-
kets, which translates into lower prices, better quality and wider choice for consumers.’ See
Vestager, ‘The values of competition policy’ (Keynote speech at CEPS Corporate breakfast ‘one
year in office’, Brussels 13.10.2015). For an extensive discussion of the interpretation of the ‘con-
sumer welfare’ concept, see Daskalova (2015), p. 133.
Challenges for Responsible Certification in Institutional Context 49
3.2 C
ertification Markets: Markets for Information,
Assurances and Trust
Certification markets are essentially markets for information. Certifiers produce the
information about the products or services being certified. The users of this informa-
tion include the customers, lenders, shareholders or other types of business partners
of the certified company who rely on this information when making decisions—e.g.
decisions to buy the certified company’s products, to lend money to the company or
to engage in other business transactions with the company in question (e.g. investing
in the company and more generally contracting with the company). Information plays
a key role in markets. Lack of trusted information about products or suppliers might
lead to a situation in which market transactions never take place—as in Akerlof’s
famous example of the ‘market for lemons’ in which the market fails to clear.61
Certification may play a facilitative role but in some cases its role is even consti-
tutive—as when certain types of market transactions (i.e. by high-quality sellers in
Akerlof’s example) are unlikely to take place in the absence of certification. Thus,
in the absence of a webshop certification, a consumer may forego online shopping
altogether. A different role that certification can play is to help products achieve dif-
ferentiation and thus attract new customers or command a higher market price.62 In
Akerlof’s example of a market for lemons, possession of a certificate can serve as a
signalling device for quality which attracts customers. Today, a consumer faced
with a choice between unlabelled bananas and ‘Rainforest Alliance’ certified
61
Akerlof (1970), pp. 488–500.
62
Viscusi (1978), p. 278.
50 V. I. Daskalova and M. A. Heldeweg
bananas may be willing to pay a premium price for the certified bananas. Thus,
certifiers can play an important role in the commercial performance of a company’s
product or service. Quality information from a trustworthy source can also improve
market performance by allowing for better matching between sellers and buyers.63
Seeing certification as a signalling device, however, fails to convey the regulatory
characteristics of certification. Seeing certification as a mere signalling device
implies that it is a voluntary activity undertaken by high quality sellers in order to
achieve differentiation. In some cases, however, certification is so important that it
becomes a de facto, even if not de jure, prerequisite for market access.64 Certification
is unlike other signalling devices which companies can employ in order to provide
information. Surely, trademarks, warranties, and private guarantees included in
a contract are all tools within the reach of individual companies; they can send pow-
erful signals about the characteristics and quality of a product. However, unlike these
other devices, certification is special in that it is not linked to a specific company or
product. Rather, it is open to a number of companies within an industry, it is usually
performed by an independent third party and may be related to characteristics which
apply to a variety of goods or services within a product or service category.65
Regarding the normative nature of certification activities, the link with standardi-
sation should be clarified. Certification often goes hand-in-hand with standardisa-
tion activities and may be carried out by the same body. However, this need not be
the case. Certification may be a separate activity from standard-setting. Standard
setting bodies lay down the norms that a given standard requires; however, to what
extent compliance with the norms is achieved is ascertained by a special body in
charge of the process which leads to awarding a ‘label’ or a certificate. This process
includes the setting of evidence requirements, scheduling of inspection appoint-
ments and monitoring of activities. The European Commission acknowledges that
certification can constitute a separate market distinct from the market for standardi-
sation, and markets for testing products.66
Finally, from a competition perspective, a distinction between the market for
certification and the market for the goods or services affected by certification should
63
Ibid, 277–279. Unlike Akerlof’s example, the good-quality providers in this market do not exit
the marketplace; rather, they seek to differentiate themselves in order to be able to price
discriminate.
64
The OECD Competition Assessment Tool views certification as a market barrier. See OECD
(2016), p. 24.
65
A fair-trade label or an eco-label may apply to products that do not necessarily compete on the
same markets—e.g. dishwashers and washing machines are on separate relevant markets but use
the same label; fair trade bananas and fair trade cocoa compete on separate relevant markets but
use the same label.
66
Communication from the Commission, Guidelines on the applicability of Article 101 of the
Treaty on the Functioning of the European Union to horizontal co-operation agreements [2011] OJ
C 11/1 (hereinafter: Horizontal Cooperation Guidelines 2011), para 310. According to the
Commission, ‘Dissemination of a standard can be enhanced by marks or logos certifying compli-
ance thereby providing certainty to customers. Agreements for testing and certification go beyond
the primary objective of defining the standard and would normally constitute a distinct agreement
and market.’
Challenges for Responsible Certification in Institutional Context 51
be made. Certification can surely have an impact on these related markets. In prac-
tice, however, little is known about market definition in cases related to certification.
The 2011 Guidelines on Horizontal Cooperation Agreements by the European
Commission mention certification markets but few competition law decisions and
cases related to certification as such exist. The dearth of examples is problematic for
an additional reason. For most certification schemes there will be network effects
between the two distinct groups of users—the more valued a certificate is by con-
sumers, the more valuable the certificate will be for the companies seeking certifica-
tion. Some certification markets may exhibit characteristics of two-sided markets,
as is argued with respect to credit rating agencies.67 The presence of a two-sided
market would imply different techniques for market definition than the usually
accepted ones.68
4 C
ompetition Concerns: Exclusion and Exploitation
in the Context of Collaboration
Both exclusionary and exploitative practices can lead to market failures, in par-
ticular market power and its abuse. Market failures undermine the effective func-
tioning of markets and result in sub-optimal performance, e.g. insufficient quantities
of goods provided, presence of externalities. Although some types of market fail-
ures such as the presence of market power may further the private interests of some
market participants by enabling privately profitable practices such as monopolistic
pricing, these failures are against the shared interest of all producers and users, who
67
Fasten and Hofmann (2010). In the case of credit rating agencies, there may be a two-sided mar-
ket when agencies sell ratings both to sellers and to buyers of securities.
68
Filistrucchi et al. (2014), p. 293.
69
Horizontal cooperation guidelines (2011), para 264.
52 V. I. Daskalova and M. A. Heldeweg
4.1 A
Theoretical Framework for Anticompetitive Private
Regulation
In an article seeking to explain the different types of what may broadly be called
‘collusive schemes’, Professors Lande and Marvel distinguish three types of collu-
sion, namely: ‘fixing prices’, ‘fixing rivals’, and ‘fixing rules’.70 The advantage of
the framework is that it moves beyond mere ‘price fixing’ to explain why collabora-
tive initiatives in the private sector, even those involving companies which are not
direct or even potential competitors,71 can be harmful to competition. The frame-
work may also give an insight into single firm conduct with respect to regulatory
activities which is not explained by short-term profit goals.
The framework unpacks the popular term ‘collusion’ into three types. The first
and most obvious type is price collusion. The example that most often comes to
mind is the classic cartel—a group of companies producing competing goods. These
companies fix price or output or divide the market with the goal of increasing their
profits. With a joint increase in prices, consumers have no choice but to pay the price
the cartelists ask for; with an orchestrated decrease in output, a similar outcome is
achieved—companies economize on production costs while enjoying the higher
price that scarcity provokes. Finally, when companies decide to divide the market—
agreeing not to sell to each other’s customers, or assigning specific territories to
members of the cartel, consumers are prevented from shopping around and lower
prices are established. Cooperation of this type helps companies jointly achieve the
outcome that monopoly power makes possible—lower output and higher profits.
In order to be considered direct competitors, companies need to compete on the same product
71
Firstly, certification bodies can serve as active facilitators between cartelists. In this
sense, a certification body is no different from a common trading partner who acts
as a ‘hub’ for exchange of commercially sensitive information. In this case the cer-
tification body acts as a conduit of information—e.g. by organising or facilitating
exchanges of information between competing companies, or by serving as a ‘cover’
for anticompetitive agreements.
54 V. I. Daskalova and M. A. Heldeweg
72
Case C-246/86 SC Belasco and others v Commission of the European Communities (Belasco and
Others v Commission), ECLI:EU:C:1989:301 at ECR 2120.
73
The mark was not officially registered as a trademark.
74
Case C-246/86 SC Belasco and others v Commission of the European Communities (Belasco and
Others v Commission), ECLI:EU:C:1989:301.
75
Ibid., para 30.
76
Ibid., para 4. According to the background information, “[t]he agreement also provided for the
adoption of defensive measures against competition from foreign undertakings or competition
resulting from the establishment of new undertakings or the discovery of products to replace roof-
ing felt. The members of Belasco also undertook to contribute to the purchase of any plant for the
manufacture of the products concerned in the event of a company’s insolvency or the sale of an
undertaking consequent on the exercise of rights by a third party and not to sell or hire out any
plant for the manufacture of such products.”
77
See e.g. ECJ, Joined Cases 40-48, 50, 54-56, 111 and 113-114/73 Suiker Unie,
ECLI:EU:C:1975:174.
Challenges for Responsible Certification in Institutional Context 55
Secondly, the certification process itself may be collusion in disguise. Where certi-
fication schemes enable competitors to agree on prices or to agree not to decrease
prices, or when it enables them to limit the number and type of promotions per year,
the anticompetitive harm is clear. However, more subtle changes with respect to the
product specifications relevant for certification can achieve the same effect. The
ground is fertile for collusion when the certification scheme is controlled by mem-
bers of the industry, for example when set up in the context of an industry associa-
tion. In this case, parties can use the pretext of collaboration to make normative
choices which result in higher prices for consumers, or limit competition on quality
or innovation.
An instance of how certification can lead to collusion on ‘prices’ is when a cer-
tification body provides a norm-setting opportunity for competitors. Setting norms
related to product characteristics (including inputs), production processes or terms
of contract is often at the core of what certification is about. At the same time, the
norm-setting process may be rigged with the consequence that the norms set harm
other market participants. In this regard, certification and standardisation activities
raise similar competition issues since the norms set in the context of such coopera-
tion between competitors can amount to a conspiracy to transfer welfare from busi-
ness partners (customers or suppliers) to the parties setting the standard or
establishing the certification criteria.
78
Equally important is other information which would allow companies to derive insights about the
pricing, volumes, discounts, promotion, market expansion or secret innovation plans of rivals.
79
Case C-194/14 P AC-Treuhand v Commission, ECLI:EU:C:2015:717.
56 V. I. Daskalova and M. A. Heldeweg
When companies make agreements with respect to the level of quality or nature
of product characteristics, they deny consumers the opportunity for more choice and
higher quality products. Thus, companies may jointly decide not to further improve
the quality of an item, or they may choose an inefficiently high (supra-optimal)
quality level, thus forcing consumers to pay for features or levels of service they do
not require. Companies may also jointly decide to limit the choice available to con-
sumers by limiting product lines, discontinuing products or restricting product vari-
ety with the goal of diverting traffic to products which are more profitable. Finally,
with respect to innovation, companies may decide to limit research and develop-
ment in certain respects or they may commit not to implement desirable innovations
in order to prevent disruption or cannibalisation of sales of existing products. The
European Commission acknowledges these issues in the Horizontal Cooperation
Guidelines.80
Such concerns have been raised with respect to ‘green’ initiatives which turn out
to be ‘green-washing’ cartels.81 However, examples can be found also with respect
to simple ‘standard-setting’ such as the industry-accepted recipe for ‘pasta’.
Examples of anticompetitive norm-setting can be drawn from both sides of the
Atlantic.
In the US, anticompetitive quality specifications set by purchasers were the sub-
ject of dispute in the National Macaroni case.82 Notably, in this example, it was one
side of the industry—the input purchasers—which set the specifications for the pro-
ducers. The body in question was the US national association of macaroni produc-
ers. The members were faced with increasing prices for durum wheat due to a
combination of high demand from abroad and crop failures. To protect themselves
from the rising input prices, the manufacturers jointly agreed to alter the recipe for
macaroni: instead of using 100% durum wheat in the pasta products, they decided
to use 50% durum and 50% farina. This orchestrated decrease in quality left con-
sumers without the choice of a high quality pasta product (which, admittedly, would
have been more expensive). In this case, collaboration in norm-setting aimed to
mimic the outcome of monopsonistic purchasing.83 Norm-setting by one side of the
industry (e.g. the demand side) is a continued concern in the food industry. The fear
is that standardisation and certification requirements imposed by large buyers can
80
European Commission, Horizontal Guidelines (2011), paras 264–268.
81
In a case of 2011, the European Commission fined major detergent producers for using an envi-
ronmental initiative launched in the context of their trade associations in order to coordinate pric-
ing strategy. The environmental initiative in question aimed to improve the performance of
detergents. See Press Release IP/11/473, ‘Antitrust: Commission fines producers of washing pow-
der € 315.2 million in cartel settlement case’ (Brussels, 13.04.2011) and Case COMP/39579
Consumer Detergents, decision of 13 April 2011, [2011] OJ C 193/14.
82
National Macaroni Manufacturers Association v Federal Trade Commission 345 F.2d 421 (7th
Cir. 1965).
83
For a US perspective, see Blair and Harrison (2010), p. 117; for a EU perspective on buyer stan-
dardisation and non-economic goals, see Daskalova (2016), Chapter 5. On the exercise of buyer
power in the context of standard-setting see: Lundqvist (2014), pp. 208–211.
Challenges for Responsible Certification in Institutional Context 57
lead to exclusion of small suppliers from the market due to the high costs of the
certification required by buyers.84
In the EU, an important case on the joint setting of norms related to an energy
label was the European Commission’s decision in CECED.85 In CECED, the lead-
ing suppliers of washing machines in the EU set a minimum energy efficiency stan-
dard. The standard essentially required parties to discontinue the production or
importation of the lowest grades of the energy label for washing machines, thus
preventing them from competing across the complete range of energy categories.
The Commission examined the competitive impact of the decision and found that
although it was expected to lead to increased prices, consumers would be compen-
sated by the energy savings generated and that society as a whole would benefit
from the significant environmental benefits brought about by the agreement.
Subsequently, two more agreements by CECED—on dishwashers and water
heaters—were also exempt by the Commission.86
84
On the impact of retailer-driven standards on small-scale farmers, see Purnhagen et al. (2013).
85
Commission decision in Case IV.F.1/36.718 – CECED [2000] OJ L 187/47.
86
Commission decision in Case COMP.F.1/37.894 CECED Dishwashers [2001] OJ C 250/2 and
Commission decision in Case COMP.F.1/37.893 CECED Water Heaters [2001] OJ C 250/4.
87
Lande and Marvel (2000), p. 947.
88
Ibid., 947 f. In the case of raising rival’s costs, there may be two goals: (1) to foreclose the com-
petitors from the market or (2) to establish a price umbrella, enabling incumbents to charge higher
prices while retaining a more ‘competitive’ position vis-à-vis the rivals in question. See also
Krattenmaker and Salop (1986), p. 209.
89
Often this type of collusion will be accompanied by ‘type I’ collusion because, without some
way to limit competition among themselves, collaborators will not be able to retain the gains from
excluding competitors. See Lande and Marvel (2000), p. 985.
58 V. I. Daskalova and M. A. Heldeweg
Several cases from the EU and the US exemplify how certification procedures can
be used for the purpose of excluding competitors. Especially relevant in this respect
is the process of adopting norms, the membership criteria, and transparency of the
organisation. The process of articulating and adopting norms in the context of stan-
dardisation or certification bodies could be misused for the purpose of excluding a
novel or technologically superior product. An example from the US is the Allied
Tube & Conduit Corp v. Indian Head Inc.90 case.91 In this case, a manufacturer of
electric conduit made from plastic sought to have its product approved by the
National Fire Protection Association. This association was in charge of adopting
standards related to fire protection; it was responsible for publishing the National
Electrical Code in which it sets requirements, inter alia, for electrical wiring sys-
tems. The Code itself is included into the laws of state and local governments and
also used by private bodies such as certification laboratories, insurers, inspectors,
contractors and distributors. For a product to succeed on the market it had to be
certified by means of a listing in the code. Given that until then electric conduit was
primarily made from steel, incumbent producers with stakes in conduits manufac-
tured from steel felt under threat. They conspired to ‘pack’ the annual meeting of
the association with new members solely so that these members could vote against
extending code approval to plastic conduits.92 The procedures allowed for a simple
majority to prevail and thus enabled the incumbent producers to foreclose an inno-
vative product from the market.
A similar matter was analysed by the European Commission in the context of the
EMC complaint.93 In EMC an innovative cement producer complained that the stan-
dard setting procedure for the CEN standard of Portland cement was biased in
favour of the industry incumbents. The complainant had developed a new type of
cement known as ‘Energetically Modified Cement’ which promised improved per-
formance, lower costs, and greater environmental benefits (less pollution and less
waste). EMC argued that the association of existing cement producers had con-
spired with the standard-setting body so as to exclude alternative products from the
standard for cement. It argued that the standard precluded competitors by being
prescriptive rather than performance-based. The Commission found that the appli-
cant had not provided enough evidence to support its claims. In particular, it noted
that there were alternative methods to obtain an EC mark in addition to complying
with the CEN standard and that the standard-setting procedures which led to the
90
486 U.S. 492 (1988).
91
The case is discussed in Lande and Marvel (2000), p. 987. Lande and Marvel identify it as a
‘Type II’ collusion.
92
486 U.S. 492 (1988) Syllabus.
93
European Commission Case COMP/F-2/38.401—EN 197-1 Standard—EMC/European Cement
Producers [2005].
Challenges for Responsible Certification in Institutional Context 59
It is possible that type 1 and type 2 collusions go together. Type 2 measures help
fence out the market from competitors, whereas type 1 measures ensure that exploi-
tation can take place. A type 2 measure eliminates one of the main threats to cartel
stability—namely, entry by competitors on a market with supra-competitive prices.
An example of the reinforcing effect of type 1 and type 2 measures is the Dutch
Cranes case, which, according to the Commission, resulted in a ‘watertight system’.
In this case a Dutch trade organisation for companies hiring out mobile cranes
(FNK) set up a certification body (SCK) with its own certification scheme. We
should note that this private certification system existed in parallel to the existing
94
Similar concerns are expressed in Lundqvist (2014), pp. 201–205.
95
It is remarkable that the Commission dismissed EMC’s complaint about close links between the
standard-setting body CEN and the trade organisation of cement-producers, Cembureau, as ‘nor-
mal lobbying activity’. Certainly, in the context of public regulation, lobbying activity itself is also
regulated. See European Commission Case COMP/F-2/38.401—EN 197-1 Standard—EMC/
European Cement Producers [2005], para 102.
96
See OECD (2016), p. 17, where it is noted that “[…] self-regulatory mechanisms, which allow
firms to collaborate in certain areas, may also lead to firms coordinating their activities and engag-
ing in cartel-like behaviour (e.g., price-fixing) and creating barriers to entry for new firms. This
concern calls for greater alertness on the part of the regulatory officials and governments and even
the need for some carefully crafted checks and balances to minimize the potential adverse effects.”
60 V. I. Daskalova and M. A. Heldeweg
statutory (public law) certification system for inspection and testing of crane equip-
ment.97 Even though the scheme was recognized by the Certification Council of the
Netherlands as independent and received some subsidies from the Dutch state, it
remained closely linked to the trade association. The Commission discovered that
the trade association (FNK) had certain problematic rules in their general conditions
which were meant to soften competition on prices and other terms of trade among
competitors. However, the SCK played a complementary role in enforcing these
competition-softening clauses by linking them to the conditions for certification.
For instance, the SCK required that certified firms would have to apply the general
conditions of FNK; it also made the process of obtaining certification more difficult
for foreign applicants.98 Certified firms were not allowed to sub-contract cranes
from non-affiliated companies. Non-compliance with these terms could lead to
withdrawal of the certificate. Essentially, SCK was meant to be a certification sys-
tem open only for the members of FNK. Even though it opened up to other compa-
nies over time, it remained de facto more difficult for non-FNK members to obtain
certification.
The Dutch Cranes case is an example of how a seemingly independent, third-
party certification scheme may be a puppet in the hands of incumbent industry inter-
ests and play a role in enforcing collusive agreements. It warns against the damaging
effect that unrestrained freedom in private regulatory activities, in this case—indus-
try certification—can lead to. A critical mass of companies can set up a scheme
which simultaneously ensures higher income for the participants and prevents chal-
lenges by competitors. Importantly, such scheme may be a ‘sham’. In the Dutch
Cranes case, the Commission noted that the SCK certification system did not add
any benefit to the existing statutory measures—it merely replicated the statutory
requirements.99 Such a ‘fake’ certification system, when discovered, can erode con-
fidence in the consumers and in the private regulatory process.
The concerns raised by ‘type 2 collusion’ were recognized by the Commission.
In its decision, the Commission identified the conditions for assessing decisions or
agreements in the context of certification. The Commission found four relevant cri-
teria in assessing a certification scheme:
Whether a ban can be regarded as preventing, restricting or distorting competition within
the meaning of Article 85(1) must be judged in the legal and economic context. If such a
ban is associated with a certification system which is completely open, independent and
transparent and provides for the acceptance of equivalent guarantees from other systems, it
97
The various requirements related to the necessary characteristics of cranes were set out in several
decrees. A governmentally-appointed foundation was in charge of carrying out inspections and
approving cranes.
98
For instance, it required that applicants show their registration with the Dutch Chamber of
Commerce—something which would not have been applicable for Belgian or German applicants.
99
Commission Decision in Cases IV/34.179, 34.202, 216—Stichting Certificatie
Kraanverhuurbederijf and the Federatie van Nederlandse Kraanverhuurbedrijven (Dutch Cranes)
[1995] OJ L 312/79, para 37.
Challenges for Responsible Certification in Institutional Context 61
may be argued that it has no restrictive effects on competition but is simply aimed at fully
guaranteeing the quality of the certified goods or services.100
Given the nature of the contested measure, the Commission focused its assessment
only on two of the criteria—openness and acceptance of equivalent measures; these
were accepted by the Court.101 Thus, it is not clear that the four criteria are cumula-
tive. Importantly, the Court held that the measures taken by the certification body in
question need not be the focus of assessment. The certification system as a whole
could be found incompatible with Art. 101 (1) TFEU if it did not meet the relevant
criteria:
The prohibition on hiring which reinforced the non-open nature of the certification system
and had the effect of raising a substantial obstacle to access by third parties to the
Netherlands market, and in particular firms established in another Member State, in fact
constitutes a restriction of competition within the meaning of Article 85(1) of the Treaty.
That conclusion would be no different if the applicants could show that the clause is neces-
sary in order to preserve the coherence of SCK’s certification system. The fact that the
system is not open and equivalent guarantees offered by other systems are not accepted
means that the system itself is incompatible with Article 85(1) even if it were proved, as the
applicants claim, that it gave added value compared with the Netherlands legislation. A
specific clause in such a system, such as the clause prohibiting hiring from uncertified firms,
does not become compatible with Article 85(1) because it is needed to preserve the coher-
ence of that system, since the latter is by definition incompatible with Article 85(1).102
The implications are far-reaching: the nature of the measure does not depend on
the type of certification system since a certification system failing to meet the
requirements is itself considered in breach of the antitrust provisions. Thus, it is not
only the decisions of private certification organisations that could be contested
under Art. 101 (1) TFEU, the certification scheme itself could be declared incompat-
ible with that article if it is set up in a closed way and sets rigid requirements which
cannot be satisfied by applicants by other means.
These organisational criteria and governance requirements are a way for the
competition authorities to limit the anticompetitive exercise of private power under
the pretext of self-regulation. Similar criteria hold for the exemption assessment of
standard-setting agreements from the antitrust prohibitions on the presence and
compliance of certain governance criteria which include: openness, transparency,
reasonable pricing, and non-discrimination.103 In its decision in CECED, the
100
Dutch Cranes decision para 23.
101
See Art 3 of the Dutch Cranes decision. In its assessment, the Court did not deny that the other
criteria could be useful but given that only two criteria were used, it ruled on whether these two
criteria are pertinent. Joined Cases T-213/95 and T-18/96 Stichting Certificatie Kraanverhuurbedrijf
(SCK), Federatie van Nederlandse Kraanverhuurbedrijven (FNK) v Commission of the European
Communities (hereinafter: SCK and FNK v Commission) [1997] ECLI:EU:T:1997:157, paras
133–135.
102
Ibid., para 149.
103
See Horizontal Cooperation guidelines [2011], paras 280–286. The requirements are summed
up in para 280: ‘Where participation in standard-setting is unrestricted and the procedure for
adopting the standard in question is transparent, standardisation agreements which contain no
obligation to comply (3) with the standard and provide access to the standard on fair, reasonable
62 V. I. Daskalova and M. A. Heldeweg
Commission emphasized the fact that the agreement was technologically neutral.104
The use of such ‘governance criteria’ for the assessment of the compatibility of a
scheme is an interesting approach of assessing private regulatory schemes. It is
quite different from the ‘more economic approach’ which would require showing of
anticompetitive effect in terms of raised prices or limited output. Although the
approach has yet to be fine-tuned to take into account the distinct types of organisa-
tions and types of conduct that can be problematic, it is an important safe-
guard against type 2 collusion.
The third category of collusion refers to activities which may not involve actual
competitors and which take place in markets where classic cartel-type collusion
would not be possible or would easily be discovered.105 According to Professors
Lande and Marvel, it is an ‘imperfect substitute for type 1 collusion, a way of mak-
ing an industry better for cartel members, but not imitating a monopoly as perfectly
as classic collusion.’106 While it falls short of a direct agreement on price or quality,
this type of collusion aims to enforce rules which improve the position of the indus-
try as a whole vis-à-vis consumers. It can be effective in markets where type 1 col-
lusion is difficult to achieve due to, for example, discretionary pricing or tailor-made
products or services.107 Hence the emphasis on rules, not outcomes.
This type of anticompetitive collaboration refers to manipulating the rules under
which competition takes place. Lande and Marvel give examples in which competi-
tors ‘jointly manipulated the rules of competition to ensure that the equilibriums in
these markets, despite not being determined cooperatively, yielded supra-competitive
prices and profits.’108 The goal of such collective action by industry is to extract wel-
fare by e.g. increasing consumer’s search costs, or tipping the market in favour of the
producers rather than the consumers. Examples include: industry association rules
on prohibition of certain types of advertising (e.g. price advertising),109 industry
and non-discriminatory terms will normally not restrict competition within the meaning of Article
101(1).’
104
Commission Decision Case IV.F.1/36.718. - CECED [2000] OJ L187/47, para 65.
105
Lande and Marvel (2000), p. 985.
106
Ibid., 985.
107
According to Lande and Marvel (2000), p. 985 additional circumstances include difficulties in
monitoring transactions and difficulties in punishing cartel cheaters.
108
Ibid., 949.
109
An example is the California Dental Association discussed in Lande and Marvel (2000), p. 960
f. An example of a more nuanced attempt is in the National Society for Professional Engineers
case; the society’s rules prohibited comparison price advertising with no distinction about the type
of project (simple or complex). The result was that customers would have to incur search costs
with an engineer before finding out what the price is and choosing to move on to a competing
supplier.
Challenges for Responsible Certification in Institutional Context 63
110
Lande and Marvel (2000), p. 961, use as example the case of Fastline Publications 1998 FTC
LEXIS 55 (FTC May 11, 1998). In this case farm equipment dealers boycotted the publisher of a
circular containing price information on the equipment in question. By agreeing to withdraw
advertising monies from the publisher, the dealers put pressure to change the type of information
presented to the customer. Similarly, in Santa Clara Car Dealers, a local dealers association with-
drew advertising from a newspaper in order to punish the paper for running an article aimed to
teach customers how to better search for and negotiate for cars. In Dillon Co. (102 FTC 1299
(1983) grocery stores conspired to prevent the data collection for a program broadcasting price
differences among grocers.
111
Detroit Auto Dealers Association, 111 FTC 417 (1989), discussed in Lande and Marvel (2000),
pp. 964–966.
112
See e.g. ES Development Inc. v. RWM Enterprises Inc, 939 F2d 547 (8th Cir. 1991). In this case
car dealers agreed to exercise objection rights they had under franchise agreements in order to
prevent the opening of a one-stop shop car mall. The case is discussed in Lande and Marvel (2000),
pp. 968–970. Another example is the Toys R Us case in which, a vertical cartel agreement organ-
ised by leading toy retailer in order to prevent the successful entry of the ‘warehouse or club’
model in the discount toy retail market. See Toys “R” Us Inc. v Federal Trade Commission,
Decision of 1 August 2000 by the Seventh Circuit Court of Appeals, Docket No. 98-4107.
113
Lande and Marvel (2000), p. 976.
114
Ibid., 977–984.
115
This could be the case when costly certification is required by powerful retailers. If the retailers
can extract the benefit from certification (e.g. by owning the certification bodies), the certification
requirement implies a transfer of wealth.
116
Commission Decision in Case IV/29.995—NAVEWA-ANSEAU [1981] OJ L 167/39, affirmed in
Joined Cases 96 to 102, 104, 105, 108 and 110/82 NV IAZ International Belgium and Others v
Commission of the European Communities (IAZ v Commission), ECLI:EU:C:1983:310.
117
Equipment such as dishwashers and washing machines could lead to contamination of the water
supply if certain criteria are not met.
64 V. I. Daskalova and M. A. Heldeweg
display a conformity label. The industry association was responsible for distribut-
ing the conformity labels against a charge. The water supply companies associa-
tion, NAVEWA, would carry out random checks to ensure that the machines bearing
a conformity label satisfy the technical requirements. The consequences of not
obtaining a certificate were significant. Only certified machines could have access
to the water-supply system. Machines not bearing the certificate mark would have
to use an alternative, much more costly and intrusive way of showing compliance
with the norms.
To make the certification scheme workable, the industry association decided that
it would only issue certificates to manufacturers or officially appointed importers.
This meant that ‘parallel importers’118 would be denied certification. Although the
scheme did not limit competition among the different brands, it limited competition
among the distributors of those brands. The system was meant to and had the effect
of restricting ‘unauthorized imports’ thereby preserving the possibility for manu-
facturers to partition the common market and to sustain price discrimination. While
there was no direct fixing of prices or rivals, the market players essentially pre-
served a market set-up in which they limited the welfare of consumers.119
We should note that the governance criteria of openness, transparency, indepen-
dence and acceptance of equivalent guarantees which are helpful in a type 2 collu-
sion are not necessarily sufficient in a type 3 collusion case. Type 3 collusion tends
to draw on the support of the whole industry so ensuring openness to rivals does not
solve the problem and indeed, it might aggravate it since the goal of these agree-
ments is to leverage the position of the industry vis-a-vis consumers, suppliers or
third parties (e.g. lenders, insurers). In this case, what might be helpful is broader
stakeholder involvement—e.g. of consumer organisations, unions or government
officials, not just competitors, in order to keep the industry ‘honest’ and prevent it
from ‘fooling’ third parties such as consumers, workers, donors or the broader pub-
lic. Inspiration can be taken from the various procedural and substantive safeguards
embedded in the EU Regulation on Standardisation.120
118
Parallel importation refers to the practice of independent dealers purchasing machines directly
abroad and importing them. Such traders are to be distinguished from the ‘official dealers’
appointed by manufacturers for each country.
119
Interestingly, in Fra.bo, another case concerning certification by private body of products used
in the drinking water supply sector, a national trade association cancelled the certificate of a pro-
ducer for failure to provide evidence that it meets the requirements set by DVGW. The affected
producer, Fra.bo, challenged the decision by DVGW by relying on EU free movement of goods
law (Art. 34 TFEU) and on EU competition law (Art. 101 TFEU). The Court, however, did not
discuss the applicability of the competition provisions. However, there is no indication that the
certifying process was misused with the purpose of limiting competition or harming consumers.
Case C-171/11 Fra.bo SpA v Deutsche Vereinigung des Gas- und Wasserfaches eV (DVGW),
ECLI:EU:C:2012:453.
120
Reg (EU) No 1025/2012 on European standardisation [2012] OJ L 316/12. The regulation pro-
vides for stakeholder representation (SMEs, labour representatives, consumer protection organisa-
tions, environmental and ‘social interest’ groups).
Challenges for Responsible Certification in Institutional Context 65
There is ongoing debate on both sides of the Atlantic as to what role competition
law enforcement should play with respect to private regulatory initiatives. The chal-
lenge is how to balance the pros and cons of private cooperation in the name of
public interest goals (be they interoperability goals in the case of standard-setting
agreements or environmental protection goals in the case of eco-labels) carried out
by competitors.121 On the one hand, cooperation between competitors can solve a
deadlock problem and bring companies further in achieving socially desirable goals
such as interoperability or higher level of environmental protection. At the same
time, cooperation among rivals can lead to companies ‘ganging up’ to exploit their
business partners and consumers by choosing sub-optimal or supra-optimal tech-
nologies, inflating prices, limiting quality, choosing an inefficiently high quality
standard, or limiting choice and innovation.
The issue is not unique to antitrust: concerns about misusing the norm-setting
aspect of certification also arise in the context of environmental certification, as in
cases of ‘green lemons’—when eco-label initiatives are set up for goals other than
the professed environmental benefits.122 Such certification is not only fraudulent and
deceptive, but it can also be anticompetitive. It is easy to see that where certification
is used to increase the search costs of consumers, consumers cannot make the best
choices. Arguably, this is precisely the goal of industry-led eco certification schemes
which mimic established eco-labels (in terms of name, organisation form and logos)
but which adopt lower environmental standards thus adding ‘noise’ and confusing
consumers.123 The proliferation of a variety of certificates can confuse consumers.
As a result, consumers may give up comparing products on the basis of the presence
of a certificate and make their decisions on the basis of other characteristics
instead—an outcome which jeopardizes the desirable function of information sup-
ply played by certification in ecological issues.124 This issue, however, is not easily
addressed with the tools of competition law. While the outcome of poor quality of
information might be softened competition, this does not mean that the competition
rules apply. An interesting question to reflect upon is whether deliberative action to
distort the information provided to consumers for the purpose of softening competi-
tion would be considered an anticompetitive infringement. The answer to this ques-
tion would in part depend on whether enforcers have opted for ‘a more economic
approach’ which would require proof of actual harm suffered by consumers in
terms of higher prices. This is one important aspect in which jurisdictions will
differ.
121
Scott (2016), p. 97; Kim (2014–2015); For a EU perspective: Vedder (2009), p. 51; Maher
(2011), p. 119. For an economic perspective, see e.g. Schinkel and Toth (2016).
122
See Kim (2014–2015), p. 193 f; see also Kuhn (1999), p. 1.
123
Kim (2014–2015), pp. 199–208 and 214.
124
Ibid., 183.
66 V. I. Daskalova and M. A. Heldeweg
Given that competition law cannot solve all the potential misuses of certification
schemes occurring in a competitive market context, complementary regulation
might be necessary. In these cases, some minimum standards set by regulators—
such as the ones about what constitutes an ‘organic’, ‘biological’ or ‘ecological’
product might help to level the playing field so that competition can take place ‘on
the merit’ of the quality of the information provided or the match between the nor-
mative content of certification schemes and the preferences of the users of
certification.
5 C
ertification as Unilateral Activity: Anticompetitive
Concerns
Case 26/75 General Motors Continental NV v Commission of the European Communities [1975]
125
ECLI:EU:C:1975:150, para 12. The Court rejected the Commission decision on ground that the
company had changed its policy upon complaints by customers and had agreed to reimburse the
difference in fees.
Challenges for Responsible Certification in Institutional Context 67
Similar to the General Motors case is the British Leyland case which also con-
cerned unreasonable charges for a certificate of conformity for imported vehicles of
the same brand. The difference was that British Leyland was pressured by its dealers
in the UK to charge such prices that would dissuade parallel imports. The
Commission adopted a decision prohibiting the excessive pricing.126 The decision
was upheld on appeal by the Court.127 The Court, referring to its judgment in General
Motors, explained:
[…] an undertaking abuses its dominant position where it has an administrative monopoly
and charges for its services fees which are disproportionate to the economic value of the
service provided.128
126
Commission Decision IV/30.615—British Leyland [1984] OJ L 207/11.
127
Case 226/84 British Leyland Public Limited Company v Commission of the European
Communities, ECLI:EU:C:1986:421.
128
Ibid., para 27.
129
FRAND stands for ‘fair, reasonable and non-discriminatory’. The so-called ‘FRAND’ disputes
relate to disputes related to the licensing terms for patents embedded in standards, in particular
those patents essential for compliance with the standard (standard essential patents).
130
For an overview of the issues related to the application of competition law to FRAND disputes,
see Pentheroudakis and Baron (2017) and Petit (2017).
131
In the Rambus case, the Commission examined claims that Rambus deliberately did not inform
the standard-setting organisation about the fact that it owned patents essential for compliance with
the standard (standard essential patents). The Commission adopted a commitment decision with
Rambus agreeing on a worldwide price cap for its royalties on the patents in question. See Press
Release ’Antitrust: Commission accepts commitments from Rambus lowering memory chip roy-
alty rates’, IP/09/1897 (Brussels, 9.12.2009).
132
It should be noted there is no doctrine of excessive pricing under US antitrust law. On the diffi-
culties of applying the excessive pricing doctrine, see: Konkurrensverket (Swedish Competition
Authority), The Pros and Cons of High Prices (Conference Proceedings 2007) and the contribu-
tions therein.
68 V. I. Daskalova and M. A. Heldeweg
6 C
ompetition Issues in Certification Markets: Private
Regulation Needs Public Interest Safeguards?
We have no nuanced answer to this question for the case of certification schemes,
but we can draw some inspiration from the literature on standardisation. For
instance, Björn Lundqvist argues that the approach of competition enforcers should
differ depending on the function of the regulatory (standard-setting) process in
question.133 Lundqvist distinguishes four types of standards:
(a) standards for basic or infrastructure technologies—i.e. standards which set the
basic rules governing an infrastructure necessary to ‘create markets’, an exam-
ple being the standards enabling the world-wide web;
(b) interface and interoperability or network technology standards; an example
being standards enabling interoperability with computer operating systems;
(c) standards related to patent-thicket plagued products or technologies aimed to
enable efficient licensing and jointly address a patent thicket problem;
(d) design standards which fix the characteristics of a certain product.
He argues that competition is not desirable in certain types of standards and that
the competition rules and enforcement approaches should reflect that. For instance,
he argues that competition is not desirable in type ‘a’ and many type ‘b’ standards
because setting the underlying architecture of a given essential infrastructure (e.g.
the world wide web or telecommunications or energy networks) is of interest to
many parties in the sector. Thus, the authorities should make sure that the standard-
setting bodies are inclusive, the process of adoption—fair and transparent, and the
outcome of the process—accessible on FRAND (fair, reasonable and non-
discriminatory) terms. On the other hand, Lundqvist argues, antitrust authorities
should be more suspicious with respect to type ‘c’ or type ‘d’ standards which are
closely linked to specific products and aim to fix those for the whole industry.
Especially design standards such as those in question in the cases Allied Tube, EMC,
NAVEWA-ANSEA and Fra.bo134 should be subject to stricter requirements than the
meeting of procedural requirements. Lundqvist’s analysis is limited to standardisa-
tion, but it offers interesting insights for the construction of a certification typology
which would enable us to judge the desirability of competition depending on the
type of scheme and the market conditions.
In an amusing speech for the American Bar Association, former Federal Trade
Commission chairman Jon Leibowitz noted that industry self-regulation can be like
‘the good, the bad, and the ugly’ in the Clint Eastwood movie by the same title:
delivering one clearly good thing (the desirable regulatory outcome), one clearly
bad thing (collusion), and one thing we are undecided about (e.g. decisions to adopt
certain rules instead of others).135 The challenge is to create a legal regime for com-
petition in certification markets which creates the right incentives for quality infor-
mation to be produced, while minimizing detrimental side effects such as exploitation
and exclusion, and, more generally, erosion of trust in the market mechanism. Such
133
This paragraph and the following one are based on Lundqvist (2014), pp. 224–228.
134
Case C-171/11 Fra.bo SpA v Deutsche Vereinigung des Gas- und Wasserfaches eV (DVGW),
[2012] ECLI:EU:C:2012:453.
135
Leibowitz (2005).
70 V. I. Daskalova and M. A. Heldeweg
a regime will include rules which facilitate the ‘good thing’, rules that guard against
the ‘bad’, and rules which steer the ‘ugly’ towards the ‘beautiful’.
References
Akerlof, G. A. (1970). The market for “Lemons”: Quality uncertainty and the market mechanism.
The Quarterly Journal of Economics, 84(3), 488.
Austin, J. L. (1962). How to do things with words. The William James lectures delivered at Harvard
University in 1955. Oxford, England: The Clarendon Press.
Black, J. (2002). Critical reflections on regulation. London: Centre for the Analysis of Risk and
Regulation, London School of Economics and Political Science.
Blair, R., & Harrison, J. (2010). Monopsony in law and economics. Cambridge, England:
Cambridge University Press.
Braithwaite, J. (2008). Regulatory capitalism. How it works, ideas for making it work better.
Cheltenham, England: Edward Elgar.
Daskalova, V. (2015). Consumer welfare in EU competition law: What is it (not) about?
Competition Law Review, 11(1), 133.
Daskalova, V. (2016). The monopsony paradox: Buyer power and the EU antitrust provisions. PhD
thesis, University of Tilburg, Tilburg, The Netherlands.
Eijlander, P., Evers, G., & van Gestel, R. (2003). De inkadering van certificering en accreditatie
in beleid en wetgeving. Een onderzoek in opdracht van het Ministerie van Economische Zaken.
Tilburg, The Netherlands: Universiteit van Tilburg.
Fasten, E. R., & Hofmann, D. (2010). Two-sided certification: The market for rating agencies
(SFB 649 Discussion Paper 2010-007).
Filistrucchi, L., Geradin, D., van Damme, E., & Affeldt, P. (2014). Market definition in two-sided
markets: Theory and practice. Journal of Competition Law & Economics, 10(2), 293.
Fox, E. M. (2003). We protect competition, you protect competitors. World Competition, 26(2),
149.
Heldeweg, M. A. (2013). Hybrid regulation as a legal design challenge. In A. L. B. Colombi
Ciacchi, M. A. Heldeweg, B. M. J. van der Meulen, & A. R. Neerhof (Eds.), Law & gover-
nance – Beyond the public-private law divide?: Vol. 9 (9). Governance & Recht (p. 107). The
Hague, The Netherlands: Eleven International Publishing.
Hirschman, A. O. (1970). Exit, voice, and loyalty: Responses to decline in firms, organisations,
and states. Cambridge, MA: Harvard University Press.
Hohfeld, W. N. (1964). Fundamental legal conceptions as applied to juridical reasoning. Westport,
CT: Yale University Press.
ISO, The facts about certification (n.d.). Retrieved August 25, 2017, from https://www.iso.org/
certification.html
ISO/IEC 17000:2004, Conformity assessment – Vocabulary and general principles. Retrieved
August 21, 2017, from https://www.iso.org/standard/29316.html
Kim, H. (2014–2015). Eco-labels and competition: Eco-certification effects on the market for envi-
ronmental quality provision. New York University Environmental Law Journal, 22, 181.
Konkurrensverket (Swedish Competition Authority). (2007). The pros and cons of high prices.
Conference Proceedings.
Krattenmaker, T. G., & Salop, S. C. (1986). Anticompetitive exclusion: Raising rivals’ costs to
achieve power over price. Yale Law Journal, 96, 209.
Kuhn, M. (1999). Green lemons – Environmental labels and entry into an environmentally dif-
ferentiated market under asymmetric information. Thünen-Series of Applied Economic Theory,
20, 1.
Challenges for Responsible Certification in Institutional Context 71
Lande, R. H., & Marvel, H. P. (2000). The three types of collusion: Fixing prices, rivals and rules.
Wisconsin Law Review, 941.
Leibowitz, J. (2005, 30 March). The good, the bad and the ugly: Trade associations and antitrust.
Speech delivered for the American Bar Association, Antitrust Spring Meeting, Washington,
DC.
Levi-Faur, D. (2011). Handbook on the politics of regulation. Cheltenham, England: Edward Elgar.
Lundqvist, B. (2014). Standardization under EU competition rules and US antitrust laws: The rise
and limits of self-regulation. Cheltenham, England: Edward Elgar.
Maher, I. (2011). Competition law and transnational private regulatory regimes: Marking the cartel
boundary. Journal of Law and Society, 38(1), 119.
Mohan, S. (2010). Fair trade without the froth: A dispassionate economic analysis of ‘fair trade’.
London: Institute of Economic Affairs.
Murray, A., & Scott, C. (2002). Controlling the new media: Hybrid responses to new forms of
power. The Mod Law Review, 65(4), 491.
OECD. (2016). Competition assessment toolkit: Guidance: volume II (version 3.0).
OECD Roundtable. (2005). Competition on the merits. DAF/COMP(2005)27.
Ostrom, E. (2005). Understanding institutional diversity. Princeton, NJ: Princeton University
Press.
Parker, C. (2007). Meta-regulation: Legal accountability for corporate social responsibility. In
D. McBarnet et al. (Eds.), The new corporate accountability: Corporate social responsibility
and the law. Cambridge, England: Cambridge University Press.
Pentheroudakis, C., & Baron, J. A. (2017). Licensing terms of standard essential patents: A com-
prehensive analysis of cases (Joint Research Centre Science for Policy Report).
Petit, N. (2017). EU competition law analysis of FRAND disputes. In J. L. Contreras (Ed.), The
Cambridge handbook of technical standardization law. Cambridge, England: Cambridge
University Press.
Purnhagen, K., Bramley, C., van der Meulen, B., & Bremmers, H. (2013). Preventing exclusion
of small-scale-farmers through private standards in the global food supply chain – A research
agenda (Wageningen Working Papers in Law and Governance 2013/02).
Ruiter, D. W. P. (1993). A basic classification of legal institutions. Ratio Juris, 10(4), 357.
Ruiter, D. W. P. (2002). Legal institutions. Deventer, The Netherlands: Kluwer.
Schinkel, M. P., & Toth, L. (2016). Balancing the public interest-defense in cartel offenses
(Amsterdam Center for Law & Economics Working Paper No. 2016-01).
Scott, I. (2016). Antitrust and socially responsible collaboration: A chilling combination? American
Business Law Review, 53(1), 97.
van Maanen, G. E. (1986). Onrechtmatige daad. Aspekten van de ontwikkeling en struktuur van
een omstreden leerstuk. PhD thesis, University of Groningen, Groningen, The Netherlands.
Vedder, H. (2009). Of jurisdiction and justification: Why competition is good for non-economic
goals, but may need to be restricted. Competition Law Review, 6(1), 51.
Vestager, M. (2015, 13 October). The values of competition policy (Keynote speech at CEPS
Corporate breakfast ‘one year in office’, Brussels 13.10.2015).
Viscusi, W. K. (1978). A note on “Lemons” markets with quality certification. The Bell Journal of
Economics, 9(1), 278.
Wilson, B. W., & Mutersbaugh, T. (2015). Fair trade certification, performance and practice. In
L. T. Raynolds & E. A. Bennett (Eds.), Handbook of research on fair trade. Cheltenham,
England: Edward Elgar.
The Use of Conformity Assessment
of Construction Products by the European
Union and National Governments:
Legitimacy, Effectiveness and
the Functioning of the Union Market
Richard Neerhof
1 Introduction
For over two decades, there has been a clear interest in standardisation and confor-
mity assessment as instruments for regulation and supervision in addition to exclu-
sive government action in the European Union and in many of its Member States. In
Western European countries, these instruments have proven to be valuable for some
time already. While markets are dynamic, legislation is often static and difficult to
maintain. Member States have investigated whether forms of self-regulation, such
as standardisation and certification, could be a viable alternative.1 Although certifi-
cation and standardisation were originally private initiatives, Member States began
to use these for market regulation and even for decision-making and law enforce-
ment by administrative authorities. In the European Union, these instruments have
been actively used by the Council and Commission since the mid-1980s to elimi-
nate barriers and to realise the free movement of goods in the internal market.
Conformity assessment and standardisation play an important role in the market-
ing of construction products in the EU, and these processes are often subjected to
European and governmental supervision. It is therefore important to analyse whether
the conformity assessment of construction products, which is used by the European
Union and by certain national governments, meets criteria relating to legitimacy;
whether it contributes in an effective way to the realisation of public interests such
as construction safety, fire safety, the protection of the environment and s ustainability;
R. Neerhof (*)
Centre for Public Contract Law & Governance, Faculty of Law, Vrije University Amsterdam,
Amsterdam, The Netherlands
e-mail: a.r.neerhof@rechten.vu.nl
and whether it avoids creating obstacles with regard to the proper functioning of the
internal market. In this contribution I discuss the use of conformity assessment of
construction products by the Dutch government as an example of national govern-
ments using this instrument. Experiences from the Netherlands may be relevant for
other countries in which systems of voluntary certification of construction products
are in place. In Sect. 2 of this contribution, I first describe what conformity assess-
ment is. Secondly, I discuss the functioning of conformity assessment in the con-
struction industry and the way in which the Council and the European Commission
of the European Union and the Dutch government use conformity assessment to
pursue public interests (Sects. 3 and 4). Thirdly, some important topics concerning
the use of conformity assessment in construction law by the European Union and
national governments are discussed. The legitimacy and effectiveness of the use of
this instrument in construction law is addressed in Sect. 5. After this, I review three
important legal topics that relate to the compatibility of Dutch certification of con-
struction products with the single market, in particular the compatibility with the
Construction Products Regulation (CPR), with the free movement of goods (Articles
30 and 34 TFEU) and with European competition law (Articles 101–106 TFEU)
(Sect. 6). Finally, I draw some conclusions on whether the use of conformity assess-
ment by the European Union and the Dutch government can be seen as models of
successfully leaving regulation to private parties, from the perspectives of legiti-
macy, effectiveness and the functioning of the single market.
2 Conformity Assessment
2
Certification is a type of conformity assessment: the declaration of conformity is valid for a cer-
tain period of time.
3
van Ommeren (2008), p. 82.
4
Evers (2002), p. 102.
The Use of Conformity Assessment of Construction Products 75
3 C
onformity Assessment Under Union Harmonisation
Legislation
Before the 1980s, the removal of barriers to trade resulting from (national) technical
standards belonged to the political agenda of harmonisation via European direc-
tives. The promulgation of directives was often seriously delayed because of
5
Reg (EC) No 765/2008 setting out the requirements for accreditation and market surveillance
relating to the marketing of products [2008] OJ L 218/30.
6
Dec No 768/2008/EC on a common framework for the marketing of products [2008] OJ L 218/82.
76 R. Neerhof
7
This historical description relies, to a large extent, on van Gestel and Micklitz (2013), p. 154.
8
European Commission, Commission Notice The ‘Blue Guide’ on the implementation of EU
products rules 2016 (‘Blue Guide’) [2016] OJ C 272/9.
9
Reg (EC) No 765/2008 established the legal basis for accreditation and market surveillance and
consolidated the meaning of the CE marking. Dec (EC) No 768/2008 updated, harmonised and
consolidated the various technical instruments already used in existing Union harmonisation leg-
islation (not only in New Approach directives): definitions, criteria for the designation and notifica-
tion of conformity assessment bodies, rules for the notification process, the conformity assessment
procedures (modules) and the rules for their use, the safeguard mechanisms, the responsibilities of
the economic operators and traceability requirements. See Blue Guide (n 8) at 10. The NLF also
includes Reg (EC) No 764/2008 laying down procedures relating to the application of certain
national technical rules to products lawfully marketed in another Member State [2008] OJ L
218/21, the so-called Mutual Recognition Regulation. It applies to administrative decisions
addressed to economic operators, on the basis of a technical rule, in respect of any non-harmonised
product lawfully marketed in another Member State (recital 3 and Art 2(1) and (2)). A non-har-
monised product is a product which is not subject to Union harmonisation legislation (recital 3).
The Use of Conformity Assessment of Construction Products 77
3.2 C
E Marking and Conformity Assessment
Under the Construction Products Regulation
The Construction Products Directive (CPD),10 in force until 1 July 2013, and its
successor, the Construction Products Regulation (CPR),11 in force from 1 July 2013,
require products to be fitted with CE marking if there are harmonised standards for
these products covering these characteristics. Harmonised standards for assessing
performances related to essential characteristics have been established by European
standardisation bodies on the basis of ‘mandates’ issued by the Commission (Article
17(1) CPR).12
Apparently, harmonised standards cover about 75% of all construction products
marketed in Europe.13 The CPR uses the term ‘mandates’ instead of ‘requests’ (of
the Commission); because the harmonised standards are mandatory. The CPR men-
tions harmonised standards as merely one way of expressing the performance of
construction products in relation to their essential characteristics (Article 6(1) CPR).
In this respect, the CPR differs from ‘classical’ New Approach directives whose
standards are ‘non-binding’ and compliance is no more than a presumption of con-
formity with the mandatory basic legal requirements spelt out in the New Approach
type directives.14 Another difference between harmonised standards under the CPR
and harmonised standards under other New Approach directives is that they pre-
scribe how to express performance of products in relation to essential characteristics
and not in relation to basic requirements. The CPR does not entail construction
product requirements but rather the way economic operators should properly assess
performance of construction products. Construction products are semi-finished
products processed in construction works. European standards referred to in the
CPR (and the CPD) include testing, calculation and other means for assessing per-
formance of construction products. These standards are binding, but the CPR ‘does
not affect the right of Member States to specify the requirements they deem neces-
sary to ensure the protection of health, the environment and workers when using
10
Dir 89/106/EEC on the approximation of laws, regulations and administrative provisions of the
Member States relating to construction products [1989] OJ L 40/12 (Construction Products
Directive, CPD).
11
Reg (EU) No 305/2011 laying down harmonised conditions for the marketing of construction
products [2011] OJ L 88/5 (Construction Products Regulation; CPR).
12
CEN (Comité Européen de la Normalisation) and CENELEC (Comité Européen de la
Normalisation Electronique) are European standardisation organisations listed in Annex I of Reg
(EU) No 1025/2012 on European standardization [2012] OJ L 316/12 (Standardisation Regulation).
13
The source of this figure cannot be traced back but in any case this percentage is not
contradicted.
14
Standards referred to in New Approach directives mostly determine how products should be
manufactured to be in conformity with the essential requirements spelt out in the New Approach
type directives. These standards are not legally binding. They may be implemented in the national
jurisdictions of the Member States, but the references have voluntary character.
78 R. Neerhof
construction products.’15 The rules of the Member States require ‘that construction
works be designed and executed so as not to endanger the safety of persons, domes-
tic animals or property nor damage the environment.’16 The CPR requires (legally
binding) standards for the purposes of assessing the performance of construction
products on request of the Commission, because this is the only way the removal of
technical barriers in the field of construction may be achieved.17
Manufacturers are obliged to draw up EC declarations of performance for prod-
ucts and affix CE marking to construction products when they are covered by har-
monised standards (Articles 4, 6 and 8 CPR). The declaration of performance must
express the performance of construction products to characteristics of these prod-
ucts, which relate to basic requirements for construction works in accordance with
the relevant harmonised standards (Article 6(1) CPR).
Harmonisation legislation of the EU frequently obliges conformity assessment
of products to be carried out by an independent third party with an accreditation
certificate (or equivalent documentary evidence) and designated by a (national)
notifying authority. Based on EU-legislation, the Commission establishes which
system or systems of conformity assessment are applicable to certain products.
According to Article 28 CPR, assessment and verification of constancy of perfor-
mance (AVCP) of construction products in relation to their essential characteristics
must be carried out in accordance with one of the systems set out in Annex V CPR.18
The Commission decides in a delegated act which system or systems are applicable
to a given construction product or family of construction products or a given essen-
tial characteristic. In doing so, the Commission is obliged to take into account in
particular the effect on the health and safety of people and the environment and the
documented experiences forwarded by national authorities with regard to market
surveillance (Article 28(2) and Article 60 CPR). The systems differ in the degree of
involvement of third parties in assessing conformity of the product according to the
relevant technical specification(s).
The tasks which the manufacturer or a third party have to fulfil are
• Factory production control (fpc) on the basis of documented, permanent and
internal control of production in a factory, in accordance with the relevant har-
monised technical specifications.
• Initial inspection of the manufacturing plant and of fpc.
• Continuous surveillance, assessment and evaluation of fpc.
15
Recital (3) of the CPR.
16
Recital (1) of the CPR.
17
Recital (10) of the CPR.
18
Annex V to Reg (EU) No 305/2011 was amended by Commission Delegated Reg (EU) No
568/2014 amending Annex V to Regulation (EU) No 305/2011 of the European Parliament and of
the Council as regards the assessment and verification of constancy of performance of construction
products [2014] OJ L157/78, in order to respond to technological progress, to make provision for
the specific case of products for which European Technical Assessments have been issued, as well
as to enhance the clarity, accuracy and consistency to the descriptions and terms used therein, see
its recital (2).
The Use of Conformity Assessment of Construction Products 79
19
Compare Guidance Note on the Construction Products Regulation, https://www.bsigroup.com/
LocalFiles/en-GB/industries-and-sectors/construction/BSI-Construction-Products-Regulation-
guidance-UK-EN.pdf.
20
See http://ec.europa.eu/growth/tools-databases/nando/index.cfm?fuseaction=cp.hs&cpr=Y#hs.
For each standard, the applicable system of Assessment Verification of Constancy Performance can
be found under ‘more info’.
80 R. Neerhof
Compare the notifying requirements in Art 43 CPR and the requirements for accreditation in Art
21
withdraw its certificate if necessary (Article 52(4) CPR). Where corrective mea-
sures are not taken or do not have the required effect, the notified body must
restrict, suspend, or withdraw any certificate, as appropriate (Article 52(5) CPR).
Article 53 CPR concerns obligations for notified bodies to inform the notifying
authority and other bodies notified under this CPR carrying out similar third party
tasks.
An important element is information from an economic operator about the per-
formance of essential characteristics of the construction product (in the declaration
of performance), relevant for the declared intended use or uses. This should enable
market authorities in member states to decide if certain requirements for construc-
tion works are met where a product is processed in a construction work. Whether
this is always the case, will be discussed infra (Sect. 5).
In case a notified body must fulfil tasks because the Commission has so decided
in a delegated act as meant in Article 28(2) CPR, the question can be asked what the
legal consequences are of a decision of a notified body to issue a certificate for a
certain product as meant in Article 28 and annex V CPR. If the Commission decides
the manufacturer is required to submit the product to a third party (usually a notified
body) to carry out conformity assessment according to one of the systems 1, 1+, 2+
or 3 as determined in annex V; it is then prohibited to place that product on the mar-
ket or make it available on the market without a certificate issued by the notified
body. In this regard, it would appear these certificates have legal consequences.
However, under the CPR the manufacturer has ultimate responsibility for the con-
formity of that product with its declared performance.22 In this way, third party
involvement has no influence whatsoever on the manufacturer’s responsibility but is
intended to reassure users and authorities that everything is in order.23 From a legal
perspective, it does not provide any additional proof of conformity of performance
of a product with its declared performances.
4 V
oluntary Certification of Construction Products
and Processes Under National Legislation: The Dutch
Building Decree as an Example
In the Netherlands, national building legislation gives legal effect under certain con-
ditions to voluntary certification of construction products and building processes.
Article 1.8 Dutch Building Decree deals with situations in which a construction
product has to comply with a certain level of performance not covered by a harmon-
ised standard (as intended in the CPR) or a construction process has to comply with
certain performances so the building to which it is applied complies with a
22
Recital (31) of the CPR. Not conformity with requirements, as is the case with declarations of
conformity under other harmonised legislation of the Union, see Blue Guide (n 8), at 29.
23
Evers (2002), p. 154.
82 R. Neerhof
requirement imposed by or under the Building Decree.24 The Decree provides that
such a requirement is met if the construction product or construction process has
been applied in accordance with a quality certificate tailored to that requirement.
According to Article 1.11 Building Decree, quality certificates must be issued on
the basis of a system of quality certificates recognised by the Minister (for Internal
Affairs). Article 1.8 Building Decree states that the issuing conditions as defined in
Article 1.11 of the Building Decree, surrounding quality certificates, must be laid
down in an agreement between the parties involved in the system meant in that pro-
vision. The Minister must announce this agreement in the Government Gazette.
This agreement has indeed been made and is the so-called tripartite agreement (tri-
partiete overeenkomst) between the Dutch Accreditation Council, the Foundation
Construction Quality (Stichting Bouwkwaliteit; hereinafter SBK) and the minister
concerned.25 According to this agreement, certification should be done by accred-
ited bodies. Article 1.9 Building Decree states that the Minister must appoint a body
that will coordinate the system meant in Article 1.11 of the Building Decree and
ensure the announcement of the quality certificates meant in that article. In the tri-
partite agreement, SBK is appointed as the body that coordinates the system of
quality certificates recognised by the minister. Schemes that are used by conformity
assessment bodies have to be approved by SBK (procedural and substantive test).
Only quality certificates based on schemes approved by the SBK can be used as
evidence that certain requirements in the Building Decree are met (as intended in
Article 1.8 Building Decree).
5 U
se of Conformity Assessment of Construction Products
by the European Union and National Governments:
Legitimacy and Effectiveness
Above, I have described how the European Union and Dutch government use third
party conformity assessment of construction products to pursue public interests.
Awarding a role to third party conformity assessment and underlying standardisa-
tion in the realisation of public interests, such as safety and health, in the field of
construction products is significant. It means that the European Union and the Dutch
government bear the burden of legitimacy.26 By ‘legitimacy’ I mean that decisions
that affect citizens are only justifiable when taken by authorities having a mandate
from their citizens; demonstrating that they take citizens’ concerns into account in
their decisions. Democratic legitimacy means that decisions affecting citizens are
made by politically elected or at least publicly accountable officials. Nevertheless,
24
I abundantly notice that many provisions in the Building Decree, which lay down requirements
for construction work, refer to standards.
25
Staatscourant 2006, 132. Reviewed in March 24, 2015, Staatscourant 2015 no. 8987.
26
Van Gestel and Micklitz (2013), p. 157.
The Use of Conformity Assessment of Construction Products 83
that is only a formal, external criterion. On a broader view of legitimacy used here,
the deliberative quality of decision-making processes and representation of interests
seem to be very important.27 In Sects. 5.1 and 5.2, I discuss the question of the legiti-
mation of the use of third party conformity assessment and underlying standardisa-
tion by the European Union and the Dutch government.
Another question concerns the effectiveness of the instrument of third party con-
formity assessment. Under the CPR and Dutch construction law, conformity assess-
ment bodies function in an open market. In principle, any conformity assessment
body can qualify for recognition or designation.28 An open market provides incen-
tives for the institution to work efficiently, which could lead to lower prices. In an
open market, however, there are also risks. In Sect. 5.1 and 5.3, I discuss such risks.
The use of conformity assessment by legislators and governments has many advan-
tages. Much of the expertise needed to regulate the risk society is located exactly
where the risks are ‘manufactured’.29 Besides, conformity assessment based on har-
monised standards as intended by EU harmonisation legislation contributes to the
removal of barriers to trade in the European Union.
Nevertheless, there are also threats and challenges. Conformity assessment as
meant in the CPR or the Building Decree is based on standards and/or schemes.
This results in a burden of legitimacy in the field of conformity assessment of con-
struction products.
Conformity assessment (and underlying standardisation) has at least one vulner-
ability in terms of legitimation and effectiveness: there are risks of excessive con-
centration of power in certain market actors. The solution to these risks is, according
to Scott, to organise certain ‘modes of control and accountability’.30 In electoral
politics, politicians are dependent on re-election by the people. Scott wonders
whether there is an equivalent pull in the competitive processes of markets. This
question is relevant in the context of conformity assessment by notified bodies
under EU harmonisation legislation. This is a commercial activity. In the context of
conformity assessment (by private bodies)—definitely when used by public authori-
ties—an important ‘constitutional’ issue may be whether reputation ‘exerts an
upwards pull counterbalancing the competitive pressures to reduce costs and
27
Compare Neerhof (2013a), pp. 144–149, including references.
28
The fact that conformity assessment bodies are required to be notified by a public authority under
EU law is of no consequence. The requirement under Dutch construction law that certification
schemes are to be approved by a foundation acting on behalf of the minister is of no consequence
either.
29
Schepel (2005), p. 24.
30
Scott (2010), pp. 7 f.
84 R. Neerhof
5.2 L
egitimacy of Conformity Assessment of Construction
Products
5.2.1 Conformity Assessment Under the CPR
31
Ibid., p. 11.
32
Ibid., pp. 11 f.; and Schepel (2005), p. 409.
33
Schiek (2007), pp. 446–449.
The Use of Conformity Assessment of Construction Products 85
34
European Commission, Communication ‘A strategic vision for European standards: Moving for-
ward to enhance and accelerate the sustainable growth of the European economy by 2020’,
COM(2011) 311 final; van Gestel and Micklitz (2013), p. 179; van Gestel (2012), p. 250.
35
Stuurman (1995), pp. 90–94, 168–171 and 175; Evers (2002), pp. 19 and 211. For critique of the
legitimacy of European standards see van Gestel and Micklitz (2013), p. 179. They clarified that
access to the documents prepared in the European standards bodies restricted to public interest
groups ‘does not comply with constitutional standards where the law making process should be
public.’
36
See n 12.
37
van Gestel and Micklitz (2013), p. 179.
38
ECJ, judgment of 27/10/2016, Case C-613/14 James Elliott Construction Limited v Irish Asphalt
Limited, ECLI:EU:C:2016:821, para 47; on which see Purnhagen (2017), p. 586.
86 R. Neerhof
39
Ibid., para 40. Schepel (2013), p. 530, pointed out that now Art 10(6) and 11 Standardisation Reg
make it clear that the Commission has to take a decision to publish references, based on a prior
assessment whether a harmonised standard satisfies the requirements which it aims to cover and
which are set out in the relevant Union harmonisation legislation.
40
Ibid., para 34. The Court refers to its judgments of 20/9/1990, Case C-192/89, S. Z. Sevince v
Staatssecretaris van Justitie, ECLI:EU:C:1990:322, para 10, and of 21/1/1993, Case C-188/91,
Deutsche Shell AG v Hauptzollamt Hamburg-Harburg, ECLI:EU:C:1993:24, para 17.
41
Ibid., para 38. The Court refers to its judgement in Sevince (n 40), para 11. Moreover, referring
to its judgment in Deutsche Shell (n 40), para 18, the Court held that the fact that a measure of EU
law has no binding effect does not preclude the Court from ruling on its interpretation in proceed-
ings for a preliminary ruling under Art 267 TFEU. See ECJ – Elliott (n 38), para 35. Although
evidence of compliance of a construction product with the essential requirements contained in the
CPD may be provided by means other than proof of compliance with harmonised standards, that
cannot call into question the existence of the legal effects of a harmonised standard, according to
the Court, see ibid, paras 36–42. It may be doubted that it is correct that these standards are not
mandatory. In any case, harmonised standards under the CPR have binding effect. Therefore, the
Court will consider a fortiori that it has jurisdiction concerning harmonised standards as referred
to in Art 17 CPR.
42
Para 43. This is further substantiated in paras 44 f. See AG Campos Sanchez-Bordona, 28/1/2016,
Case C-613/14 James Elliott Construction Limited v Irish Asphalt Limited, ECLI:EU:C:2016:63,
paras 35–62.
43
The Court notes that this is illustrated by its judgment of 16/10/2014, Case C-100/13 Commission
v Germany, ECLI:EU:C:2014:2293.
The Use of Conformity Assessment of Construction Products 87
of the actions of the EU institutions.44 It remains to be seen what will be the concrete
extent of the substantive review by the Court of these standards. Colombo and
Eliantonio point out that ‘the settled law establishing deference on substance and
strict assessment of procedural irregularities acts as judicial benchmark’ in this con-
text, because the elaboration of harmonised standards ‘required the evaluation of
complex scientific and technical facts’. This means ‘that the CJEU would not engage
with the technical merits of the standard in issue. Rather it would restrict itself to
parameters such as the adequacy of the information base, the assistance of experts
promoting a ‘deliberative’ style of decision-making, and the composition and
knowledge of the panel of experts.’45 It is indeed less likely that the Court will assess
the content of technical standards. However, it might be possible to carry out a test
compliance of standards with Article 5 of the Standardisation Regulation concern-
ing representation and effective participation of all relevant stakeholders.46
Finally, for legitimacy of third party conformity assessment under the CPR, an
important issue is the procedure of notification of a third party conformity assess-
ment body—a ‘notified body’—(as discussed supra, in Sect. 3.2). According to an
analysis of the implementation of the CPR of 2015, commissioned by the European
Commission 2015, the strict requirements for notified bodies in Article 43 CPR and
the notification procedure according to Articles 47 and 48 CPR have had a positive
effect: in terms of increasing the credibility of the CPR, increasing legal certainty
and transparency regarding the rules and ensuring that notified bodies have the nec-
essary competence for carrying out their task and are impartial. Issues relating to
conflicts of interests would be addressed.47
5.2.2 C
onformity Assessment Under National Legislation: The Dutch
Building Decree as an Example
44
See for another view of the possibility to contest the validity of a harmonized standard via a refer-
ence for a preliminary ruling: Colombo and Eliantonio (2017), p. 332. Not discussed here is the
possibility for judicial review within the context of Art 263 TFEU.
45
Colombo and Eliantonio (2017), p. 333, with further references; Verbruggen and van Leeuwen
(2018), pp. 405 f; Cuccuru (2018), pp. 23 f, with further references.
46
Compare Volpato (2017), pp. 597 f.
47
Nwaogu et al. (2015), pp. iv–v.
88 R. Neerhof
48
See also supra, Sect. 2.
49
Evers (2002), pp. 104, 105, and 211–213; Peeters et al. (2009), pp. 69 f and 73.
50
Neerhof (2013b), pp. 109 f and 210; Andersson Elffers Felix (2011), pp. 22 f.
51
Neerhof (2013b), p. 110; Andersson Elffers Felix (2011), pp. 24 f.
The Use of Conformity Assessment of Construction Products 89
5.3 Effectiveness
There are also some specific topics concerning the effectiveness of conformity
assessment under European law and Dutch law.
52
Neerhof (2013b), p. 110.
53
The testing is based on T33.
54
The composition of the committees of experts should not only be well-regulated, but it should
also be possible for everyone to know it. About support for and legitimacy of conformity certifica-
tion schemes in construction law in the Netherlands, see Neerhof (2013b), pp. 109 f.
90 R. Neerhof
5.3.1 A
ssessment and Verification of Constancy of Performance
Under CPR
55
Nwaogu et al. (2015), pp. iv–v.
56
Ibid., p. v.
57
Ibid., pp. iv–v.
58
Compare Neerhof (2013b), pp. 110 f.
The Use of Conformity Assessment of Construction Products 91
sustainable use of natural resources, etc.59 Construction products are not construc-
tion works, but semi-finished products that are processed in construction works.
Performance of construction products is not the same as performance of construc-
tion works.
To put this into perspective, it has to be recognised that according to Article 6(3)
(c) CPR, the declaration of performance of a manufacturer must contain the perfor-
mance of at least one of the essential characteristics of the construction product,
relevant for the declared intended use or uses. According to Article 17(3) CPR, a
harmonised standard has to refer to an intended use of products to be covered by it,
when provided for in the relevant mandate. This also has consequences for the con-
formity assessment by notified bodies under the CPR. The intended use in a con-
struction work should be included in this conformity assessment. Still, there seem
to be problems. The processing of construction products in a particular construction
work (end-use) is not guaranteed by the declaration of performance and CE mark-
ing. The intended use of construction products differs. Performances of construc-
tion works are often created in an interplay of performances of different construction
products used in the same building. The requirements imposed by Member States
on construction works differ considerably due to geographical differences and his-
torically developed conditions. Moreover, Article 6(3)(c) CPR only demands parties
to declare at least one of the essential characteristics of the construction product. In
this context, the manufacturer and the notified body may take into account the
requirements in a particular Member State. But the declaration of performance and
the conformity certificate of a notified bodies have their limitations. The extent to
which the outlined problem actually occurs can only be explained by empirical
research.
5.3.2 T
hird Party Conformity Assessment Under National Legislation:
The Dutch Building Decree as an Example
59
Andersson Elffers Felix (2011), p. 27; compare Neerhof (2013b), pp. 29 f.
92 R. Neerhof
6 V
oluntary Certification of Construction Products: Three
Legal Issues
In this section, I discuss three legal issues, which arise in relation to voluntary quality
certificates for construction products in the European Union: conflicts of current cer-
tificates with Article 8(3) CPR; potential conflicts with Articles 30 and 34 TFEU (free
movement of goods); and potential conflicts with Articles 101–106 TFEU (EU com-
petition law). I will focus on voluntary certification of construction products in the
Netherlands, but the questions mentioned may arise in other Member-States as well.
60
Neerhof (2013b), pp. 117–119; Andersson Elffers Felix (2011), pp. 18, 20, 22–25, and 30–31;
Vermande (2010), pp. 15, 17 f, 21 f, 25 f, and 28; VROM-Inspectie (2011), pp. 20 f.
61
Neerhof (2013b), p. 110.
62
Ibid., pp. 112 and 210–211; VROM-Inspectie (2011), pp. 18, 19, and 21. However, see for criti-
cal methodological remarks about this report from this inspectorate Neerhof (2013b), pp. 113 f.
63
Neerhof (2013b), pp. 210 f; Andersson Elffers Felix (2011), pp. 18 and 22.
The Use of Conformity Assessment of Construction Products 93
Some Member States seem to tolerate the voluntary use of quality marks that over-
lap with CE marking.64 This is the case, for example, in the Netherlands. The main
problem in the field of certification of construction products in the Netherlands has
to do with Articles 8(3) and 4(2) CPR. The text of Article 8(3) CPR provides that for
any construction product covered by a harmonised standard, CE marking is the only
marking which attests conformity of the construction product with the declared
quality standard. Moreover, Article 4(2) CPR states that information in any form
about the performance of a standardised construction product in relation to essential
characteristics, as defined in the applicable harmonised technical specification, may
only be provided if included and specified in the declaration of performance. Article
8(3) CPR also provides that Member States should not introduce any references and
must withdraw any references in national measures to a mark attesting conformity
with the declared performance in relation to the essential characteristics covered by
a harmonised standard other than the CE marking. What does this mean for the
certification of construction products in Member States which overlap with the
information required in the declaration and in the CE marking?
Where a matter has been the subject of exhaustive harmonisation at Union level
any national measure relating to that matter must be assessed in the light of the
provisions of the harmonising measure and not those of the Treaty, according to the
Court.65 Therefore, in line with the decision of the Court in the case of A.G.M.-COS.
MET, it must be determined whether the harmonisation effected by the CPR pre-
cludes the legal relevance of considering the compatibility of the conduct at issue—
certification of construction products in the Netherlands—with Article 34 TFEU.66
According to the Commission, the harmonised system created in or by means of the
CPR is considered exhaustive.67 Considering the preamble of the CPR, this seems to
be correct.68 This means that under the CPR national ex ante processes or verifica-
tions covering the harmonised area are not allowed. According to the Commission,
this is also the case for voluntary marks without any national connotation, as they
unduly prevent the free movement of CE-marked construction products, for exam-
ple when linked to a more demanding system of assessment and verification of
64
Nwaogu et al. (2015), p. 29.
65
See, inter alia, ECJ, judgment of 13.12.2001, Case C-324/99 DaimlerChrysler,
ECLI:EU:C:2001:682, para 32.
66
ECJ, judgment of 17-04-2007, Case C-470/03 A.G.M.-COS.MET, ECLI:EU:C:2007:213, par.
50–54. About this topic: Reich (2008), pp. 88 f.
67
Report from the Commission on the implementation of Reg (EU) No 305/2011 laying down
harmonised conditions for the marketing of construction products, COM(2016) 445 final, 3.
68
According to recital 10 of the CPR, the removal of technical barriers in the field of construction
may only be achieved by the establishment of harmonised technical specifications for the purposes
of assessing the performance of construction products. According to recital 24 the placing on the
market of a construction product which is covered by such specifications should be accompanied
by a declaration of performance in accordance with these specifications.
94 R. Neerhof
69
COM(2016) 445 final, 5.
70
ECJ, judgment of 6/10/2014, Case C-100/13 Commission v Germany (Ü-Mark),
ECLI:EU:C:2014:2293.
71
Nwaogu et al. (2015), pp. ii and 28–29.
72
COM(2016) 445 final, 5; cf. European Commission, Guidance document—The application of
the Mutual Recognition Regulation to non-CE-marked construction products, http://ec.europa.eu/
DocsRoom/documents/5881, para 4.1.
The Use of Conformity Assessment of Construction Products 95
73
Contrary to the belief of KOMO, the Council of State did not decide in the Desmepol case (Dutch
Administrative Jurisdiction Division of the Council of State, 8/6/2016, ECLI:NL:RVS:2016:1613)
that the CPR had not been violated. Moreover, contrary to the belief of the Dutch Environmental
and Transport Inspectorate, the Dutch Council of State did not decide that this inspectorate is
allowed to continue to monitor manufacturers, importers and distributors of construction products
for use of private marks in the zone of the mandatory European CE marking under the CPR. The
CPR was not yet in force at the time when the Dutch Minister for Housing took the decision which
was challenged in the Council of State. This decision entailed a refusal to take enforcement action
against KOMO and Kiwa, who manage voluntary marks that overlap with CE marking. Art 8(3)
CPR addresses governments and economic operators, not managers of quality marks such as
KOMO or Kiwa or conformity assessment bodies.
74
According to Art 17(1) of this Regulation, Member States shall inform the Commission of their
market surveillance authorities and their areas of competence.
75
According to Art 1.10 Building Decree 2012, actions in violation of the obligations arising from
the CPR are prohibited. Under Art 120 and Art 120b of the Dutch Housing Act, the Minister for
Interior Relations may impose on the offender an order subject to a penalty or an administrative
fine.
76
Blok: ‘KOMO moet zich aan de wet houden’, Cobouw 26 April 2016; Kamerstukken II 2015/16,
32,757, no. 132, 20; Kamerstukken II 2015/16, 32,757, no. 134, 2. Cf. Kamerstukken II 2015/16,
96 R. Neerhof
32,757, no. 117, 1–2; Aanhangsel Handelingen II 2014/15, 825; ‘Einde strijdige en discutabele
certificaten in het erkende stelsel’, www.bouwkwaliteit.nl; Kamerstukken II 2015/16, 32,757, no.
121, 1–2; Cobouw 26 April 2016; Kamerstukken II 2015/16, 32,757, no. 132, 20.
77
The principle of mutual recognition is one of the means of ensuring the free movement of goods
within the internal market. The Mutual Recognition Regulation (n 9) establishes procedures to
minimise the possibility of technical rules creating unlawful obstacles to the free movement of
goods between Member States (recital (4) of the regulation). Only those construction products to
which the CE marking has not been affixed are non-harmonised and fall within the scope of this
Regulation. CE-marked construction products are to be dealt with in accordance with the provi-
sions of the CPR. Guidance document Mutual Recognition Regulation to non-CE-marked con-
struction products (n 72), Sect. 3. I don’t discuss mutual recognition any further in this
contribution.
78
ECJ, 13/3/2008, Case C-227/06 Commission v Belgium, ECLI:EU:C:2008:160.
79
ECJ, 12/7/2012, Case C-171/11, Fra.bo SpA v Deutsche Vereinigung des Gas- und Wasserfaches
eV (DVGW) — Technisch-Wissenschaftlicher Verein, ECLI:EU:C:2012:453.
The Use of Conformity Assessment of Construction Products 97
80
The DVGW is a non-profit body governed by private law, the object of which is to promote the
gas and water sector. The DVGW is recognised in Germany as a ‘public benefit’ body, see ECJ,
Fra.bo (n 79), para 7.
81
Ibid., para 6.
82
The certificate was cancelled because Fra.bo had not submitted a positive test report on the 3000-
hour test. This test consists in exposing the copper fitting’s elastomeric waterproof joint to a tem-
perature of 110 °C in boiling water for 3000 hours. Ibid., paras 10–12.
83
As a result, the CPD did not preclude the compatibility of the conduct at issue—certification of
copper fittings—with Art 34 TFEU from being legally relevant. See n 65 and n 66.
84
Ibid., para 5. The copper fittings at issue in the main proceedings are ‘construction products’
within the meaning of the CPD which are not subject to a harmonised standard, European technical
approval or a national technical specification recognised at European Union level, as referred to the
CPD. See ibid., para 18.
98 R. Neerhof
justification and the DVGW would not be entitled to reject outright test reports from
laboratories, which are accredited by the competent authorities in Member States
other than the Federal Republic of Germany, but not by the DGVW. In Fra.bo’s
submission, the DVGW was bound by the provisions governing the free movement
of goods (Article 28 EC), and the cancellation and refusal to extend the certificate
both considerably restricted its access to the German market.85 Therefore, the case
was about a breach of the German private standardisation body of the rules on the
free movement of goods. Notably, the Federal Republic of Germany does not
finance and has no decisive influence over the activities of DVGW.86
The Landgericht Köln dismissed Fra.bo’s action. Fra.bo appealed against that
decision before the Oberlandesgericht (OLG) Düsseldorf in order to have, on the
same grounds, the DVGW ordered to extend the compliance certificate for the fit-
tings in question.87 The OLG Düsseldorf decided to stay the proceedings and to
refer questions to the Court for a preliminary ruling. One of the two questions the
Court had to answer was whether Article 28 EC must be interpreted as meaning that
it applies to standardisation and certification activities of a private-law body, where
the national legislature expressly regards the products in respect of which certifi-
cates have been issued as lawful, thus making it at least considerably more difficult
in practice to distribute products in respect of which certificates have not been
issued.88
It was not disputed by the parties to the main proceedings that the DVGW is the
only body able to certify the copper fittings at issue for the purposes of § 12 para. 4
ABVWasserV. The DVGW offers the only possibility for obtaining a compliance
certificate for such products.89 The DVGW and the German government referred to
a procedure other than certification by the DVGW, which consists in entrusting an
expert with the task of verifying a product’s compliance with the recognised rules
of technology within the meaning of § 12 para. 4 AVBWasserV. According to the
Court, it was however apparent, that this alternative procedure was of little or no
practical use. This was because of the administrative difficulties associated with the
absence of specific rules of procedure governing the work of the relevant experts,
combined with the additional costs incurred by having an individual expert report
drawn up.90
The referring court took the view that, in practice, the lack of certification by the
DVGW placed a considerable restriction on the marketing of the products con-
cerned in the German market. Although the AVBWasserV merely lays down the
general sales conditions as between water supply undertakings and their customers,
from which the parties are free to depart, it was apparent from the case-file that, in
practice, almost all German consumers purchase copper fittings certified by the
85
Ibid., para 13.
86
Ibid., para 24.
87
Ibid., para 15.
88
Ibid., paras 16, 17, 21. See also van Gestel and Micklitz (2013), p. 159.
89
Ibid., para 27–28.
90
Ibid., para 29.
The Use of Conformity Assessment of Construction Products 99
DVGW.91 The Court concluded that in such circumstances, it is clear that a body
such as the DVGW in reality holds the power to regulate the entry into the German
market of products such as the copper fittings at issue, by virtue of its authority to
certify the products.92
Accordingly, the answer to the question was that Article 28 EC must be inter-
preted as meaning that it applies to standardisation and certification activities of a
private-law body, where the national legislation considers the products certified by
that body to be compliant with national law and that has the effect of restricting the
marketing of products which are not certified by that body.93
At first sight, the judgment does not seem to have an impact on certificates that
are not mandatory, such as quality certificates under Article 1.8 Building Decree.94
It is possible though that in the future, the Court will adopt a wider approach in rela-
tion to the applicability of provisions on the free movement of goods by private
institutions, including voluntary conformity assessment.95 As far as the applicability
of these provisions to certificates such as quality certification under the Building
Decree is concerned, the Court may argue that, although not mandatory, they are in
principle sufficient proof that the requirements of the Building Decree have been
met. However, the added value will probably also have to be proven in other ways.
The third legal issue in relation to Dutch quality certificates for construction prod-
ucts has to do with Articles 101–106 TFEU. According to Article 101(1) TFEU, all
agreements between undertakings, decisions by associations of undertakings and
concerted practices, must be prohibited as incompatible with the internal market;
where they may affect trade between Member States and have as their object or
effect the prevention, restriction or distortion of competition within the internal
market,.
Third party conformity assessment is an economic activity, which in principle
may be engaged in by a private undertaking and with the view to a profit. According
to settled case law, any activity consisting of offering goods and services on a given
market is an economic activity.96 The concept of an undertaking encompasses every
91
Ibid., para 30.
92
Ibid., para 31.
93
ECJ – Fra.bo (n 79).
94
Compare ECJ, 6/6/2002, Case C-159/00 Sapod Audic v Eco-Emballages SA, ECLI:EU:C:2002:343.
95
Compare Steyger (2012), pp. 2115 f and 2121; van Leeuwen (2013), p. 406 f.
96
ECJ, 19/2/2002, Case C-309/99, ECLI:EU:C:2002:98 J. C. J. Wouters, J. W. Savelbergh and
Price Waterhouse Belastingadviseurs BV v Algemene Raad van de Nederlandse Orde van
Advocaten, para 47, with further references.
100 R. Neerhof
entity engaged in an economic activity, regardless of the legal status of the entity
and the way in which it is financed.97
A body governed by private law, which sets up a certification system for certain
products or companies to which affiliation is optional, establishes independently the
criteria which the certified products or companies must satisfy and issues a certifi-
cate only on payment of a subscription, is engaged in an economic activity and
therefore must be regarded as an undertaking within the meaning of Article 101
TFEU.98
Article 101 TFEU requires certification systems to be ‘open’. Agreements
between undertakings and concerted practices that prohibit the purchases of uncerti-
fied goods or services or goods and services of uncertified firms cannot be objec-
tively justified by an interest in maintaining the quality of the products and services
ensured by the certification system. On the contrary, the failure to accept equivalent
guarantees offered by other systems protects certified undertakings from competi-
tion from uncertified undertakings.99
According to Article 101(3) TFEU, the provisions of Article 101(1) TFEU, may
be declared inapplicable in the case of agreements, decisions and concerted prac-
tices, which contribute to improving the production or distribution of goods or to
promoting technical or economic progress, while allowing consumers a fair share of
the resulting benefit, and which do not:
(a) impose on the undertakings concerned, restrictions which are not indispensable
to the attainment of these objectives;
(b) afford such undertakings the possibility of eliminating competition in respect of
a substantial part of the products in question.
For third party conformity assessment systems, recourse to Article 101(3) TFEU
would be possible if there was added value in terms of improvement of production
or technical or economic progress. Restrictions on competition caught by Article
101(1) TFEU cannot be justified under this section just because the certification
scheme is (far) more effective than the public scheme of monitoring. An exception
to that rule may be allowed where public authorities have, of their own will, decided
to entrust the monitoring of compliance with statutory requirements to a private
body.100 The added value of a certification system does not derive merely from the
97
ECJ, 23/4/1991, Case C-41/90 Klaus Höfner and Fritz Elser v Macrotron GmbH,
ECLI:EU:C:1991:161, para 21.
98
See Court of First Instance, 22/10/1997, Joined Cases T-213/95 and T-18/96 Stichting Certificatie
Kraanverhuurbedrijf (SCK) and Federatie van Nederlandse Kraanbedrijven (FNK) v Commission,
paras 120–122; Schepel (2005), pp. 291 f.
99
CFI – SCK and FNK/Commission (n 98), paras 136 f. Well considered, this partly deprives the
power of conformity assessment by third parties. See also Schepel (2005), p. 292: ‘If certification
bodies are obliged to accept ‘equivalent guaranteed’ their profitability will hurt in the short run by
losing clients and in the long run by losing credibility and visibility. Certification will thus loose
its value as a powerful marketing instrument and firms will halve less of an incentive to seek it.’
Besides, even if a system provides for the acceptance of equivalent guarantees from other systems
violation of Article 101 TFEU is possible.
100
CFI – SCK and FNK/Commission (n 98), para 194.
The Use of Conformity Assessment of Construction Products 101
fact that it imposes obligations not laid down by law. The certification system must
have real added value. This means that the conditions imposed by it should be
appropriate for the purpose of attaining the objective pursued.101
Article 102 TFEU prohibits abuse by one or more undertakings of a dominant
position within the internal market or in a substantial part of it as incompatible with
the internal market insofar as it may affect trade between Member States. Thus it
prohibits any abuse of a position of economic strength enjoyed by an undertaking
which enables it to hinder the maintenance of effective competition on the relevant
market by allowing it to behave to an appreciable extent independently of its com-
petitors and customers and ultimately of consumers.102
Undertakings could abuse a dominant position with the internal market and com-
mit an infringement of Article 102 TFEU where they, without any objective neces-
sity, use certification schemes and certification to reserve to themselves an activity,
which might be carried out by another undertaking on the same market, with the
possibility of eliminating all competition from such undertaking.103 Nor should
conformity assessment have unintended inhibiting effects on price competition or
production, markets, innovation or technical development.104
Insofar as a procedure for establishing certification schemes does not appear to
be open to all, these is an indication of a breach of competition law. This certainly
applies if there is actually little freedom to develop products that do not comply with
the certification scheme and are not eligible for the certificate. If these schemes
obstruct or disable competition from other market actors without any objective
need, conformity assessment bodies applying them will be guilty of violating Article
102 TFEU. Participation of all stakeholders in certification schemes, their access to
documents and ‘modes of control and accountability’ are important conditions for
decision-making by conformity assessment bodies; in order to ensure compliance
with competition rules.105 This also applies to standards, which the conformity
assessment is based upon.106
101
Ibid., paras 202 f; Schepel (2005), pp. 291 f.
102
ECJ, 9/11/1981, Case C-322/81 NV Nederlandsche Banden Industrie Michelin v Commission,
ECLI:EU:C:1983:313, para 30.
103
See ECJ, 3/10/1985, Case 311/84 Centre belge d’études de marché – Télémarketing (CBEM) v
SA Compagnie luxembourgeoise de télédiffusion (CLT) and Information publicité Benelux (IPB),
ECLI:EU:C:1985:394, para 27; ECJ, 13/12/2001, C-18/88 Régie des télégraphes et des téléphones
v GB-Inno-BM SA, ECLI:EU:C:1991:474, paras 14–19. The cases are not about conformity
assessment.
104
See: Kamerstukken II 1994/95, 21,670, no. 7 and no. 8, 33.
105
van der Ham (2010), pp. 115–117. See also ECJ – RTT (n. 103), paras 14–19; ECJ – Centre
belge d’études de marché – Télémarketing (n 103), para 27.
106
I will not discuss this further. See Communication from the Commission, Guidelines on the
applicability of Art. 101 of the Treaty on the Functioning of the European Union to horizontal co-
operation agreements, [2011] OJ C 11/59, 60. ‘Where participation in standard-setting is unre-
stricted and the procedure for adopting the standard in question is transparent, standardisation
agreements which contain no obligation to comply with the standard and provide access to the
standard on fair, reasonable and non-discriminatory terms will normally not restrict competition
within the meaning of Art. 101(1)’.
102 R. Neerhof
Articles 101 and 102 TFEU also apply to Member States. The Treaty requires
Member States not to take or maintain in force, measures which could destroy the
effectiveness of that provision. It seems likely therefore that governments have a
responsibility to ensure compliance with competition rules by conformity assess-
ment bodies; especially when the legislator has given probative value to their certifi-
cates and/or a minister has been given the power in national legislation to designate
these bodies.107
Further research should show whether and to what extent there are competition
law risks associated with the functioning of the system of quality certificates under
national legislation, for example the Dutch Building Decree. In this decree the leg-
islator has given probative value to recognised quality certificates but they are not
legally required and it is not a minister who decides which bodies are competent to
issue these declarations. However, there are competition law risks when these qual-
ity certificates are actually mandatory as a result of the behaviour of market parties
or competent authorities.
7 Main Findings
1. For over two decades, there has been a clear interest in conformity assessment as
an instrument for regulation and supervision in addition to exclusive government
action in the European Union and its Member States. One of the areas in which
this is the case is the construction industry.
2. According to the Construction Products Regulation (CPR), manufacturers must
draw up EC declarations of performance for products and affix CE marking to
construction products when they are covered by harmonised standards. These
standards are established by European standardisation bodies on the basis of
‘mandates’ issued by the European Commission. Based on the CPR, the
Commission establishes which system or systems of conformity assessment are
applicable to certain construction products. The Commission may require con-
formity assessment of products to be carried out by an independent third party.
This means conformity assessment must be carried out by a body, designated by
a member state, which meets requirements of independence, impartiality and
technical competence, which are enshrined in the CPR.
In the Netherlands, voluntary certification of construction products and build-
ing processes have, under certain conditions, legal effect pursuant to the national
building legislation. According to Dutch legislation and an executive agreement
between SBK (a Dutch private foundation for construction quality), the RvA (the
Dutch accreditation body), the Minister for Housing and the Minister of
Infrastructure and Environment, certification schemes have to be approved by
SBK. Conformity assessment must be done by accredited bodies.
3. Third party conformity assessment within the framework of the CPR or national
legislation, e.g. the Dutch Building Decree, involves certain risks. There are
some specific topics concerning the legitimacy of conformity assessment of con-
struction products under European law and under Dutch law. Regarding legiti-
macy of this conformity assessment, the following findings are important.
Harmonised European standards are established by committees, in which larger
companies are better represented than small and medium enterprises.
The EU Standardisation Regulation calls upon European standardisation bod-
ies to encourage and facilitate an appropriate representation and effective partici-
pation of all relevant stakeholders, but the regulation seems to provide rather soft
requirements with respect to stakeholder involvement. It is a favourable develop-
ment that the Court of Justice recently ruled in the case of James Elliott that it
has jurisdiction to give a preliminary ruling concerning the interpretation of har-
monised standards under EU harmonisation legislation. It can be assumed that
this judgment of the Court implies that the Court can also adjudicate on the
validity of the harmonised standards or their compatibility with higher EU law.
According to an analysis of the implementation of the CPR, commissioned by
the European Commission in 2015, the strict requirements for notified bodies
and the notification procedure according to the CPR have had a positive effect in
terms of increasing the credibility of the CPR, legal certainty, and transparency
with regard to ensuring that notified bodies are competent and impartial.
In conformity assessment within the Dutch Building Decree, conformity
assessment bodies use the standards provided in this Decree but they also use
other standards. According to the aforementioned EU Standardisation Regulation,
national standardisation bodies must encourage and facilitate the access of small
and medium enterprises to standards and standards development processes, but
this is a soft requirement and the regulation does not provide any enforcement
tools.
Regarding the legitimacy of certification schemes, only further investigation
could show to what extent the composition of the committees of experts deciding
upon these schemes (which are in line with public law building rules) still has
vulnerabilities in terms of commitment and support from all parties involved,
despite the watchful eye of the RvA and SBK.
4. There are also some specific topics concerning the effectiveness of conformity
assessment under European law and national law. According to the aforemen-
tioned analysis of the implementation of the CPR, stakeholders have identified
that the accreditation process for notified bodies under the CPR could be
improved. Practices of notified bodies can vary greatly. We do not know exactly
what effects market forces have on the impartiality of notified bodies. Another
problem may be that in practice there is no direct relation between harmonised
technical specifications for assessing the performance of construction products
and basic requirements for construction works.
104 R. Neerhof
References
Evers, G. J. M. (2002). Blind vertrouwen? Een onderzoek naar de toepassing van certificatie ten
dienste van handhaving van wettelijke voorschriften. Den Haag, The Netherlands: BJu.
Neerhof, A. R. (2013a). Standardization in construction law: An example of successful decentring
of regulatory governance? In A. L. B. Colombi Ciacchi, M. A. Heldeweg, B. M. J. van der
Meulen, & A. R. Neerhof (Eds.), Law & governance – Beyond the public-private law divide?
(p. 144). Den Haag, The Netherlands: Eleven.
Neerhof, A. R. (2013b). Certificering en normalisatie in het publieke bouwrecht. Den Haag, The
Netherlands: IBR.
Nwaogu, T., Upson, S., Marshall, S., Le Crom, Y., & Vermande, H. (2015). Analysis of the imple-
mentation of the construction products regulation. Final report (RPA Risk and Policy Analysis).
Peeters, M. G. W. M., Neerhof, A. R., & de Boer, J. (2009). De rol van conformiteitsbeoordelingen
bij de handhaving van het milieurecht. STEM publicatie 2008/2, Arnhem.
Purnhagen, K. (2017). Voluntary “New Approach” technical standards are subject to judicial scru-
tiny by the CJEU! – The remarkable CJEU judgment “Elliott” on private standards. European
Journal of Risk Regulation, 586.
Reich, N. (2008). AGM-COS.MET or: Who is protected by EC safety regulation? European Law
Review, 88.
Schepel, H. (2005). The constitution of private governance. Product standards in the regulation of
integrating markets. Oxford, England: Hart.
Schepel, H. (2013). The new approach to the new approach: The juridification of harmonized stan-
dards in EU law. Maastricht Journal of European and Comparative Law, 530.
Schiek, D. (2007). Private rule-making and European governance – Issues of legitimacy. European
Law Review, 446.
Scott, C. (2010). Regulatory governance and the challenge of constitutionalism (EUI Working
papers No 7). Florence, Italy: Robert Schuman Centre for Advanced Studies.
Steyger, E. (2012). Vrij verkeer en mededinging. Toenadering van privaat- en publiekrecht.
Nederlands Juristenblad, 30:2115.
Stuurman, C. (1995). Technische normen en het recht: beschouwingen over de interactie tussen het
recht en technische normalisatie op het terrein van informatietechnologie en telecommunicatie.
Deventer, The Netherlands: Kluwer.
van der Ham, M. (2010). Standaardisering onder het Europees mededingingsrecht: water en vuur
of brothers in arms? Actualiteiten Mededingingsrecht, 5:115.
van Gestel, R. (2012). Hoge Raad is duur. RegelMaat, 250.
van Gestel, R., & Micklitz, H.-W. (2013). European integration through standardization: How
judicial review is breaking down the club house of private standardization bodies. Common
Market Law Review, 154.
van Leeuwen, B. (2013). From status to impact, and the role of national legislation: The applica-
tion of Article 34 TFEU to a private certification organisation in Fra.bo. European Journal of
Risk Regulation, 406.
van Ommeren, F. J. (2008). Bestuurswetgeving en haar alternatieven: een verkenning van
beleidsregels, algemene voorwaarden van de overheid en normalisatienormen als prototypen.
RegelMaat, 82.
Verbruggen, P., & van Leeuwen, B. (2018). The liability of notified bodies under the EU’s new
approach: The implications of the PIP breast implants case. European Law Review, 405.
Vermande, H. M. (2010). Marktonderzoek productinformatie door middel van CE-markering en
kwaliteitsverklaring. Bodegraven, The Netherlands: PRC.
Volpato, A. (2017). The harmonized standards before the ECJ: James Elliott Construction.
Common Market Law Review, 597.
VROM-Inspectie. (2011). Private kwaliteitsborging in de bouwregelgeving, no. VI-2010-40.
VROM-Inspectie, Ministerie van Infrastructuur en Milieu, Den Haag, pp 20 f.
Part II
Success and Shortcomings of Certification
Systems
Privacy Through Certification?: The New
Certification Scheme of the General Data
Protection Regulation
Gerrit Hornung and Stefan Bauer
1 Introduction
The General Data Protection Regulation (GDPR)1 replaced the Data Protection
Directive 95/46/EC on 25 May 2018, and the Police and Criminal Justice Data
Protection Directive2 replaced the 2008 Data Protection Framework Decision.3 It is
no exaggeration that the GDPR is an important milestone in the evolution of the
European data protection system. On the one hand, the regulation will—to some
extent—force national legislators to adapt significant parts of their respective data
protection regime to the provisions of the GDPR, since the regulation leaves numer-
ous areas via an extensive use of opening clauses to the discretion of Member
States.4 On the other hand, many aspects that the GDPR regulates are directly appli-
cable. As a result, very little personal data will remain unaffected by the GDPR so
individuals and enterprises, inside and outside of the EU, need to become acquainted
with the relevant provisions.
1
Reg (EU) 2016/679 on the protection of natural persons with regard to the processing of personal
data and on the free movement of such data, [2016] OJ L 119/1.
2
Dir (EU) 2016/680 on the protection of natural persons with regard to processing of personal data
by competent authorities for the purposes of the prevention, investigation, detection or prosecution
of criminal offences or the execution of criminal penalties, and on the free movement of such data,
[2016] OJ L 119/89.
3
Framework Decision 2008/977/JHA on the protection of personal data processed in the frame-
work of police and judicial cooperation in criminal matters, [2008] OJ L 350/60.
4
Kühling and Martini (2016), pp. 448, 449.
When dealing with the enforcement of data protection, national legislators are
confronted with a myriad of problems. Today, some provisions remain unenforced
because there are no legal consequences if data controllers or processors do not fol-
low binding rules. In addition, there is a great deal of intransparency for the control-
ler and sometimes even for supervisory authorities.
The challenges twenty-first-century-data protection is facing cannot be ade-
quately met by the means which the traditional data protection system has to offer.
The focus on defence mechanisms and manageable data processing acts cannot
adequately deal with application scenarios such as ubiquitous computing.5 Modern
data protection can only be adequately enforced if data protection policies and the
corresponding organizational strategies form an integral part of the technology.6
Hence, there is a need for market-based incentives7 which can enhance privacy-
friendly actions. This type of data protection should be implemented in cooperation
with the controller, not without or against him.
Audit and certification mechanisms are means of co-regulation and aimed at
reaching the above-mentioned incentives, adding an optional enforcement layer,
delegated to (often) private certification bodies.8 Following up on studies in the
early 1990s,9 two German Länder, namely Schleswig-Holstein and Bremen, decided
to adopt the corresponding legal framework.10 In addition, the independent data
protection centre for Schleswig-Holstein (ULD, the respective supervisory author-
ity) transferred this concept to Europe by means of a European joint research proj-
ect, called EuroPriSe. There are also examples in other countries, most notably
France, where the data protection supervisory authority (Commission Nationale de
l’Informatique et des Libertés, CNIL) started to issue certificates after the amend-
ments of its internal regulation in 2011.11 Privacy seals also exist in Northern
America and Asia.12 Furthermore, in particular in the online world, there are numer-
ous and very heterogeneous privacy and IT security seals. These seals are often
unheard-of and lack general standards, validity and usability, which hardly incentiv-
ises their use.13 These and other efforts lead to the adoption of Articles 42 and 43 of
the GDPR. For the first time, there is a normative basis for audit and certification
5
Kühling (2007), p. 153; concerning the legal problems: Roßnagel (2007).
6
See Hornung (2011), p. 51; this is now addressed by Art 25 GDPR (“data protection by design
and by default”).
7
On the economic perspective on privacy seals cf. Waelbroeck (2018), p. 133.
8
Bock (2016), p. 335.
9
With regard to the concept and examples in other countries see Roßnagel (2000); Roßnagel
(1997), p. 505.
10
See with regard to positive experiences Bäumler (2002), p. 325; Bäumler (2004), p. 80; Schläger
(2004), p. 459; Bock (2016), p. 335 ff.; Hansen (2018), p. 35.
11
Carvais-Palut (2018), p. 49 ff.; on other countries (e.g. the UK and Switzerland) cf. Schwartmann
and Weiß (2016), pp. 68, 69.
12
Cavoukian and Chibba (2018), p. 59 ff.
13
For an inventory see ENISA (2013); ENISA (2017), p. 16 ff.; with regard to the existing market
see Feik and von Lewinski (2014), p. 59; see also the comparative analysis of Balboni and Dragan
(2018), p. 99 ff.
The New Certification Scheme of the General Data Protection Regulation 111
mechanisms at a European level. Some authors already maintain that the certification
process defined in the GDPR cannot be successful,14 although this assessment
appears rather hastily.
Against this background, it is of great importance to clarify the general concept
of data protection certification and in particular the specific rules adopted in the
GDPR. The legal effects of the new framework include specific standards, which
however pose many problems, as they are drafted rather vague and not completely
consistent. Together with the still missing standards of the European Data Protection
Board, this could put the instrument of certification at risk. In the following first
section, this chapter gives an overview of the German and European data protection
law. The most prominent impacts of the GDPR are highlighted in the second sec-
tion. The last section of this chapter addresses questions related to data protection
certification and audit mechanisms, in particular Articles 42 and 43 GDPR.
14
Lachaud (2016), p. 814.
15
Bundesverfassungsgericht (BVerfG), 15.12.1983, 65 Entscheidungen des Bundesver
fassungsgerichts 1; on this “fundamental rights innovation” cf. Hornung (2015), p. 266 ff.
16
Germany already had a Federal Data Protection Act before the population census decision. It was
enacted in 1977, but had to be completely revised after the population census decision. The new
Data Protection Act entered into force in 1990. After the Data Protection Directive 95/46/EC had
been enacted in 1995, it took the German federal legislator 6 years to transpose this directive into
a new Data Protection Act.
17
This is not to say that the Bundesverfassungsgericht invented all those principles, since it could
resort to the works of scholars, but it made those principles mandatory even for the legislator.
18
Arts 10, 11, 12, 14, 18 of Dir 95/46/EC.
112 G. Hornung and S. Bauer
The GDPR aims to reach a harmonised, consistent and high level of data protection
and remove the obstacles to flows of personal data within the Union.23
The basic principles for the processing of personal data are stipulated in Article
5 GDPR, which include lawfulness, fairness, transparency, accuracy, integrity and
confidentiality of data processing, purpose limitation, data minimisation and stor-
age limitation as well as the concept of accountability. Processing of personal data
is only permitted, if at least one of the justifications mentioned in Article 6 GDPR
applies (e.g. consent by the data subject, necessity for the performance of a contract,
compliance with legal obligations to which the controller is subject, and the highly
disputed case of “legitimate interests” of the controller or a third party).
By enhancing individual rights (such as the right to erasure provided by Article
17 GDPR and the right to data portability in Article 18 GDPR) and the possibility
of access to administrative and judicial processes, certain delivery gaps in the imple-
mentation of data protection law are intended to be reduced.
The regulation includes new or heavily revised instruments like the data breach
notification (Article 32 GDPR), the privacy impact assessment (Article 35 GDPR),
the data protection officer (Articles 37–39 GDPR), codes of conduct (Articles 40,
41 GDPR) and certification mechanisms (Articles 42, 43 GDPR) and the concepts
of privacy by design and by default (Article 25 GDPR). These are meant to enhance
compliance with the regulation, in some cases imposing heightened requirements
19
Art 6(1)(b) of Dir 95/46/EC.
20
Art 6(1)(c) of Dir 95/46/EC.
21
BVerfG (n 15) 46 f.
22
Hornung and Schnabel (2009), pp. 84, 88.
23
Recital 10 GDPR; for a more specific overview with further references see Schantz (2016),
p. 1841; Kühling and Martini (2016).
The New Certification Scheme of the General Data Protection Regulation 113
24
Bird & Bird (2016), p. 54.
25
Bird & Bird (2016), p. 47.
26
Kühling and Martini (2016), p. 448; Kühling et al. (2016).
27
In Germany, the respective national laws were enacted very quickly. § 26 of the new Federal Data
Protection Act (Bundesdatenschutzgesetz) makes use of the opening clause of Art 88 GDPR.
114 G. Hornung and S. Bauer
This section first examines the concept of audit and certification mechanisms. Then
we deal with the status quo and the GDPR with regard to these instruments of co-
regulation before concluding.28
4.1 Concept
The terms data protection audit and data protection certification are used to describe
an examination based on data protection criteria, although they are two different
processes. This examination can be executed internally or externally and can refer
to products, services, systems, organizations or results of data processing. Data pro-
tection audit and data protection certification fall under the generic term “examina-
tion”. Audits refer to a process, used by an organization or organizational unit,
which focuses on the evaluation of data privacy management systems and aims to
confirm that these systems enhance data protection.29 Certification on the other hand
focuses on IT products or services.30
All audit and certification approaches are creating market incentives. Once an
examination is successful, the controller has the right to use the audit mark, quality
seal or the like for advertising purposes. Thus, market mechanisms are supposed to
lead to more competition and continuously enhance data protection. The regulatory
approach of privacy law is thereby complemented by elements of competition and
self-regulation.
The controllers’ awareness of self-responsibility is strengthened, once a certifi-
cate demonstrates the properties of his product or an audit has forced the controller
to introduce an effective data management system. Examinations lead to more
transparency31 and thus facilitate internal and external data protection supervision,
in particular with regard to data protection officers. Transparency may further
reduce information asymmetries, thereby tackling the problem of negative exter-
nalities.32 Learning processes are also induced when everyone involved in the orga-
nizational hierarchy is aware of the extent of data handling and its effects. Audits
and certification thereby primarily aim at enhancing the implementation of data
protection.33
28
Some of the ideas mentioned in this section are based on Hornung and Hartl (2014), p. 219.
29
Roßnagel (2000), p. 65 ff.
30
With regard to § 9a FDPA, the term “product audit” is also used, see Scholz (2014), margin note
24.
31
ENISA (2017), p. 13.
32
See the economic analysis by Waelbroeck (2018), pp. 135 ff., 141 ff.
33
Hornung and Hartl (2014), p. 220.
The New Certification Scheme of the General Data Protection Regulation 115
Certification
Audit
A data protection audit in the sense of a process audit differs in many respects from
the above-mentioned certification. Instead of being limited to a certain point in time,
the audit is designed to continuously examine the controller. It is not static, but
rather aims to continuously enhance the level of data protection of the controller. By
not focussing on a single object, but rather by looking into the controller, it
34
Scholz (2014), margin note 24; Roßnagel (2000), p. 267.
35
Roßnagel (2000), p. 58; Meissner (2008), pp. 525, 526; Schläger (2004), p. 460.
36
Schläger (2004), p. 460.
37
On the example of cyber-physical systems, see Barnard-Wills (2018), p. 113.
116 G. Hornung and S. Bauer
One of the most important aspects with regard to audits and certification is the ques-
tion as to whether the examination should be limited to compliance with legal
requirements or whether it should encompass more than that. From the perspective
of a controller, the former can indeed be sufficient, if he is uncertain whether his
actions or his IT systems adhere to legal requirements.41 This will often be the case
in the field of new technologies, in particular when legal conformity depends on
general clauses such as the principle of necessity.
The main goal of audits and certification mechanisms (that is the creation of
market incentives) leads to the conclusion that the mere examination of adherence
to legal requirements42 is not appropriate. Only in exceptional cases, examined legal
compliance may be considered an asset, e.g. when dealing with a market that is
penetrated by unlawful behaviour.
If more than mere adherence to data protection law is required, the question
arises which standard of examination should be applied. On the one hand, there are
38
Roßnagel (2011), p. 267.
39
Roßnagel (2000), p. 58; Hammer and Schuler (2007), pp. 77, 79 who do not require a reference
to a certain process.
40
Roßnagel (2000), p. 141 f.
41
Weichert (2010), margin note 11.
42
In the context of the 2009 amendment of the German FDPA this ‘minimum standard’ was
rejected and regarded as a ‘bureaucratic duplication’ of the duty to observe the law, see Grentzenberg
et al. (2009), pp. 535, 542.
The New Certification Scheme of the General Data Protection Regulation 117
criteria which are imposed upon the controller externally, that is, from supervisory
authorities, the auditors or sector associations.43 On the other hand, individual stan-
dards could be considered which allow the controller to determine his own stan-
dards.44 These individual standards could be based upon an examination of legal
compliance and constitute a privacy “plus”, which would then be determined by the
controller. This second approach would, however, lower market transparency, due to
the fact that there would be no clear standard of examination linked to the audit seal.
Transparency with regard to the standard of examination would need to be estab-
lished on a case-by-case basis by means of privacy statements which would be initi-
ated by the respective customers.45 Nevertheless, such individual examinations are
not unusual in other fields, they partly offer incentives to less privacy-friendly com-
panies and they could prevent coherent standards of examination and processes
from leading to unequal burdens on unequally big enterprises.46
43
This is for example the case in the existing scheme of Schleswig-Holstein, cf. Hansen (2018),
p. 40 f. One could also consider mixed models and the (advisory) participation of additional insti-
tutions such as consumer protection organisations or foundations (e.g. the German data protection
foundation).
44
This would be Roßnagel’s concept. Hammer and Schuler (2007), p. 81 use a different
terminology.
45
Hammer and Schuler (2007), p. 78 f. with regard to “fiberizing” of certificates.
46
This was also criticized in the course of the 2009 amendment of the German FDPA, see Hammer
and Schuler (2007), p. 78 f.
47
See for example Roßnagel (2000), p. 514; Schläger (2004), p. 459; ENISA (2017), p. 9.
48
Dieterich (2016), p. 260.
49
Windmann (2010), pp. 396, 401 f.
50
In an alternative model, the verifying authority would be liable for flawed audits and certificates.
With regard to difficulties of proof and the sparsely developed concept of liability in data protec-
tion law, this approach does not seem practicable, see AG Rechtsrahmen des Cloud Computing
(2012), p. 18.
51
Following the environmental protection audit Roßnagel (2000), p. 112; Schläger (2004), p. 459.
118 G. Hornung and S. Bauer
Audits and certification are aimed at creating market incentives. However, they can
also be linked to direct legal consequences. This appears to be useful, as in practice,
market incentives have limits. A good example for this is that users tend to generally
voice their data protection interests and concerns but, when making concrete deci-
sions, paradoxically tend to give precedence to other criteria.53
As regards legal effects, certified products and audited controllers could be given
priority, for example, in the context of public procurement.54 Privileged treatment of
processors also seems useful. According to Article 28(1) GDPR, controllers, in par-
ticular with regard to cloud computing, are required to verify compliance with the
technical and organizational measures undertaken by the processor. Especially
micro, small and medium-sized enterprises can hardly fulfil this obligation, often
due to limited resources.55 Privileges for audited cloud providers could be envisaged
in this context.56 For this purpose, the respective standards need to be developed.57
It would hardly be possible to create legal certainty with regard to future exami-
nations by supervisory authorities. This reduction of responsibility might incentiv-
ise controllers to collaborate. A binding legal effect would, however, be in conflict
with the independence of supervisory authorities,58 which is stipulated in EU pri-
mary law (Article 16(2) TFEU). Audits and certification performed by supervisory
authorities or at least recognised by them could have binding effects.59 Even in this
case other national authorities would not be bound.
52
Bräutigam and Sonnleithner (2011), pp. 240, 242.
53
Heilmann and Schulz (2018), margin note 8; Hornung (2014), pp. 123, 146 ff, with regard to
social networks.
54
As is the case in the German Länder of Bremen, Mecklenburg-Vorpommern and
Schleswig-Holstein.
55
Hornung and Sädtler (2012), pp. 638, 643; AG Rechtsrahmen des Cloud Computing (2012),
p. 12 ff.
56
Currently, these privileges do not exist. As a result, existing private seals regarding commis-
sioned data processing are tainted with lacking legal certainty, see Borges and Brennscheidt
(2012), p. 68.
57
For example Lepperhoff and Jaspers (2013), p. 617; a current standard (together with a seal) was
developed in 2013 by the German associations GDD and BvD and coordinated by the Data
Protection Commissioner of Nordrhein-Westfalen (Der LfDI Nordrhein-Westfalen 2014, p. 6), for
further information see www.dsz-audit.de.
58
Wagner (2011), pp. 229, 232; Scholz (2014), margin note 15 ff.
59
On the legal situation as regards the binding effect within the GDPR framework, cf. von
Braunmühl (2016), margin note 16; Bergt (2017), margin note 27.
The New Certification Scheme of the General Data Protection Regulation 119
Currently, only few normative approaches to data protection audits and certification
mechanisms exist in Europe.
The idea of audits as a data protection control instrument came up in Germany in the
1990s. Following up on the environmental audit, which had already been estab-
lished at the European level, the project group Constitutionally Compatible
Technology Design (provet) developed an audit concept which resulted in § 17
Mediendienstestaatsvertrag of 1997 and § 9a of the Federal Data Protection Act
(Bundesdatenschutzgesetz; BDSG) in 2001,60 the latter announcing a Federal Data
Protection Audit Act. § 9a BDSG laid the groundwork with regard to addressees and
the object of examination (distinction between product and process audit; meaning
of certification and audit); this “rough concept” was not legally binding for the
German legislator. The expectations of § 9a BDSG having at least a “politically
binding effect”61 were not met. Even though the concept met strong approval in the
scientific community,62 all subsequent implementation attempts failed. A draft bill
from 2007 which stipulated the certification by private appraisers when the legal
data protection requirements were met, was widely rejected.63 In 2009, a revised
version was supposed to be adopted as part of the amendment of the Federal Data
Protection Act.64 In this version, the competence to carry a seal was given to control-
lers, once the Federal Commissioner for Data Protection had been informed. Private
certified control authorities merely exercised an ex-post control. The standard of
control included compliance with data protection law and with guidelines, which
were to be elaborated by a data protection board. After heavy criticism from the
Federal Council (Bundesrat) (too bureaucratic, costly and intransparent
implementation)65 and from experts, the Federal Data Protection Audit Act was
deleted from the final version of the amendment. While this partly caused reactions
of incomprehension and suspicion of lobbying being involved,66 other authors
referred to “fundamental criticism” from experts.67 In particular, the possibility of
60
Roßnagel (2011), p. 275.
61
Roßnagel (2000), p. 140.
62
Scholz (2014), margin note 8 with further references.
63
See, for example, the comment by the German association DVD e.V.: Schuler (2007), pp. 181,
182: “It may be doubted […] that the voluntary certificate is already issued for compliance with
data protection law. This means, that one certifies that there is no infringement of law. Apart from
sending the wrong message, there is no additional advantage that can be gained for consumers”.
64
BT-Drs. 16/12011.
65
BT-Drs. 16/12011, 38.
66
Roßnagel (2011), p. 277.
67
Grentzenberg et al. (2009), p. 542 with further references.
120 G. Hornung and S. Bauer
provisionally carrying the seal, without anyone ever having examined the level of
data protection, was criticised. Additional points of criticism were the confirmation
of mere adherence to privacy law, high expenses for small and medium-sized enter-
prises and the narrow national perspective.68
In contrast, there were also success stories in Germany: in Schleswig-Holstein,
the responsible data protection authority (ULD) awards a quality seal based on the
Land’s data protection audit regulation to IT products that are in conformity with
data protection requirements according to accredited experts.69 A number of produc-
ers of a wide range of products has seized this opportunity.70 It has certainly been
promoted by the fact that, according to § 2 of Schleswig-Holstein’s Data Protection
Act, the state administration shall preferably use products that comply with the
regulations on data protection and data security as established by the procedure
specified by the data protection audit regulation. A similar provision exists in
Nordrhein-Westfalen, however, without an audit regulated by state law. Another less
successful example can be found in Bremen.71
In 2007 and 2008, the Schleswig-Holstein auditing formed the nucleus of the
“European Privacy Seal (EuroPriSe)”, which includes several partners from other
EU Member States.72
Within the scope of the Data Protection Directive 95/46/EC, there are no corre-
sponding provisions. “Privacy by design” is regulated neither in a procedural nor in
a material way.73 Article 27 of the Data Protection Directive prescribes the drawing
up of codes of conduct, intended to facilitate the implementation of the directive.
The Art. 29 Working Party included the auditing in the concept of “accountability”,74
demanding more specific data protection measures. Still, there was no detailed con-
cept or system of audits,75 but merely general programme suggestions. The European
Commission took up these suggestions, classifying them as key objectives of the
data protection reform.76
68
See n 58.
69
Bäumler (2002), p. 325; Bäumler (2004), p. 80; Schläger (2004), p. 459; Hornung (2013),
pp. 181, 185; on the specific certification procedure, see Hansen (2018), p. 38 ff.
70
For further information and the list of products, see https://www.datenschutzzentrum.de/guete-
siegel/index.htm; for figures and examples see Hansen (2018), p. 42 f.
71
Holst (2014), p. 710.
72
Meissner (2008), p. 525.
73
Hornung (2011), p. 53; Kamara and De Hert (2018), pp. 7, 9.
74
With regard to this concept, see Art. 29 Working Party, WP 173 (2010); see also Hornung (2013),
p. 188 f. Art 5(2) GDPR now explicitly includes the principle, which as a link to certification, see
ENISA (2017), p. 13; Carvais-Palut (2018), p. 54 f.
75
See Art. 29 Working Party (2010), p. 9 and in particular 17 ff.
76
See COM(2010) 609 final, 12 f.
The New Certification Scheme of the General Data Protection Regulation 121
4.3.1 Proposals
The European Commission adopted its proposal for a General Data Protection
Regulation on 25 January 2012. On 12 March 2014, the European Parliament
endorsed the proposal of its Committee on Civil Liberties, Justice and Home Affairs
(LIBE). The Council of the European Union released its position on 11 June 2015.
The European Commission took up the concept of audit and certification in Article
39 of its proposal for a reform of the European data protection law.77 However, these
rules were phrased very vague. The establishment of certification mechanisms was
to be “encouraged” by Member States and the Commission. The draft lacked any
statement as to the competent authority, the procedure, applicable criteria and legal
consequences of certification. It was left completely unclear by which standards the
Commission was expected to make use of the power to adopt delegated acts and lay
down technical standards via implementing acts pursuant to Article 39(2) and (3) of
its proposal.78
77
COM(2012) 11 final.
78
Hornung and Hartl (2014), p. 223; Kamara and De Hert (2018), p. 11 f.
79
European Parliament Doc 7427/14.
80
See Kamara and De Hert (2018), p. 12 f.
81
Hornung and Hartl (2014), p. 223 f.
122 G. Hornung and S. Bauer
Position of the Council
The Council proposed to split up the provisions into two. These Articles 39 and 39a
of the proposal of the Council82 were transferred—by and large—to Articles 42 and
43 of the final version of the GDPR, although the Council did not take up Article
39(1)(b) of the LIBE proposal, which foresaw a “transparent” process.
The GDPR contains provisions for the establishment of data protection certification
mechanisms and of data protection seals and marks in Articles 42 and 43.
General Approach
According to Article 42(1) GDPR, Member States, the supervisory authorities, the
European Data Protection Board and the Commission shall encourage, in particular
at Union level, the establishment of data protection certification mechanisms and of
data protection seals and marks, for the purpose of demonstrating compliance with
the GDPR of processing operations by controllers and processors. The GDPR itself
does not establish these mechanisms. Member States and the European authorities
mentioned above are merely encouraged to follow the mandate given by the
Regulation. This notion is stressed again in Article 57(1)(n) GDPR, according to
which each supervisory authority shall encourage the establishment of certification
mechanisms, urging supervisory authorities to actively initiate certification
schemes.83
Certification is voluntary and available via a transparent process (Article 42(3)
GDPR), leaving it to the imagination of Member States and the European authori-
ties as to what “transparent” actually means. There is no reference to financial
aspects (such as “affordable”, “unduly burdensome” in the LIBE proposal).
Pursuant to Articles 42(5) and 43(1) GDPR, certification schemes are issued
either by the supervisory authority or by private or other public bodies. According
to Article 42(7) GDPR, the certificate can be issued for a maximum period of 3 years
and may be renewed, if the relevant requirements continue to be met. The certifica-
tion bodies are accredited for a maximum period of 5 years (Article 43(4) GDPR).84
After this period, a new accreditation will be necessary.
82
Council Doc 9565/15; cf. Kamara and De Hert (2018), p. 13 and the analysis of Korff (3 October
2014), http://eulawanalysis.blogspot.nl/2014/10/warning-eu-council-is-trying-to.html.
83
Spindler (2016), pp. 407, 408; Art 70(1) lit. n) GDPR contains a similar rule with regard to the
European Data Protection Board.
84
However, supervisory authorities, which are also considered certification bodies, are not accred-
ited at all.
The New Certification Scheme of the General Data Protection Regulation 123
As per Article 43(1) GDPR, the accreditation is performed by the either the
supervisory authority and/or the national accreditation body named in accordance
with Regulation (EC) No 765/2008.85 In order to guarantee some “transparency”,
the European Data Protection Board will collate all certification mechanisms and
data protection seals and marks in a register and will make them publicly available
(Article 42(8) GDPR).86
Specific Aspects
Subject
The GDPR does not clearly differentiate between the certification of products and
the audit of processes. It is not entirely clear what exactly shall be examined87 and
what is meant by “criteria” and “requirements”.88 Article 42(1) GDPR simply refers
to data protection “certification mechanisms” for the purpose of demonstrating
compliance with the GDPR. Recital (100) of the GDPR on the other hand refers to
certification mechanisms, which allow data subjects to assess the level of data pro-
tection of relevant “products and services”. However, since only controllers and
processors are bound to demonstrate adherence with the GDPR (and neither pro-
ducers nor service providers), priority must be given to the wording of Article 42(1)
GDPR. As a result, Article 42(1) GDPR only allows for the audit of processes in
companies, government agencies etc.89
Standard of Examination
The standard of examination, as set out in Article 42(1) GDPR, is aimed at deter-
mining whether the controller or processor adheres to the regulation. Adherence to
more than what is required by the GDPR is not rewarded.90 One might argue that
85
Reg (EC) No 765/2008 setting out the requirements for accreditation and market surveillance
relating to the marketing of products [2008] OJ L 218/30, see ENISA (2017), p. 14.
86
Cf. Kamara and De Hert (2018), p. 21 f.
87
Paal (2018), margin note 6; with regard to the LIBE-proposal see Hornung and Hartl (2014),
p. 223.
88
Cf. ENISA (2017), p. 22.
89
Cf. Hornung (2017), margin notes 8 ff.; von Braunmühl (2016), margin note 7; ENISA (2017),
p. 15; against Paal (2018), margin note 7; Bergt (2017), margin note 3; Eckhardt (2017), margin
notes 31 ff.; Lepperhoff (2017), margin note 9; Raschauer (2017), margin note 23.
90
Lepperhoff (2017), margin note 26; against Bergt (2017), margin note 15; Heilmann and Schulz
(2018), margin notes 15, 34. See also ENISA (2017), pp. 14 f., 22.
124 G. Hornung and S. Bauer
this costly procedure, in particular with regard to micro, small and medium-sized
enterprises, brings no operational benefit, considering the mandatory nature of the
GDPR. Furthermore, a seal that rewards mere compliance might mislead consumers
and/or customers. However, one goal of certification mechanisms is to guarantee
legal certainty for controllers and processors and to reduce liability risks, at least in
the context of administrative fines; which is apparent from Article 83(2)(j) GDPR,
according to which adherence to approved certification mechanisms is a mitigating
factor with regard to administrative fines. This can be viewed as a certain market
incentive, even though some micro-sized enterprises might conclude that the pos-
sible costs resulting from administrative fines are more acceptable than the costs
resulting from the certification procedure. What is more, some authors argue that
Member States could in fact go beyond what is required by the GDPR with regard
to areas which do not fall under the scope of the regulation. Member States might
for example legislate that the burden of proof in civil litigation is also determined by
certification mechanisms.91 In areas however, which are explicitly regulated by the
Regulation, such as Article 83(2)(j) GDPR with regard administrative fines, Member
States are bound by the standard which the GDPR provides. This is mainly due to
the principle of effectiveness (effet utile), according to which the domestic rules of
each Member State must not render virtually impossible or excessively difficult the
exercise of rights conferred by Union law.92 Apart from this, the GDPR does not
prevent controllers and processors from voluntarily going beyond the standards set
out by the Regulation; a legal obligation to do so, however, does not exist.
A certificate shall only be issued on the basis of criteria approved by supervisory
authorities or by the European Data Protection Board. This might lead to unneces-
sary competition between national schemes approved by Member States and
schemes approved by European authorities.93 If the European Data Protection Board
approves the criteria, this may result in a common certification, the “European Data
Protection Seal”, Article 42(5) GDPR. Apparently, there is hope that this seal would
harmonize criteria and processes in the Union. In that way, it could lead to more
transparency and facilitate advertisement for data protection compliance in the
internal market. As the “European Data Protection Seal” is not mentioned elsewhere
in the Regulation, the exact benefits remain unclear though.
Pursuant to Article 43(6) GDPR, the supervisory authority has to make public
the criteria in an easily accessible form. Still, much is left to the imagination with
regard to the actual criteria.94 This uncertainty is reduced by the fact that the
European Commission is competent to adopt delegated acts for the purpose of spec-
ifying the requirements to be taken into account for the data protection certification
mechanisms. In addition, the Commission may lay down technical standards for
91
With regard to this “presumption of conformity” see Spindler (2016), p. 414.
92
See, for example, CJEU, Case C-326/96 B.S. Levez vs. T.H. Jennings (Harlow Pools) Ltd.,
ECLI:EU:C:1998:577.
93
Lachaud (2016), p. 825; the ENISA (2017), p. 23, argues for harmonized criteria across EU
Member States.
94
On the details of the process see Kamara and De Hert (2018), p. 22 ff.
The New Certification Scheme of the General Data Protection Regulation 125
certification mechanisms and data protection seals and marks by adopting imple-
menting acts, Article 43(8) and (9) GDPR. Finally, according to Article 70(1)(q)
GDPR, the European Data Protection Board may provide the Commission with an
opinion on the certification requirements referred to in Article 43(8) GDPR, which
might lead to more clarity.
If the assessed controller or processor infringes the criteria of the certificate, a
withdrawal of the certificate can either be performed by the corresponding certifica-
tion body or the competent supervisory authority. The certification body is forced to
regulate the conditions of withdrawal in its terms and conditions (according to
Article 43(2)(c) and (d)). This might lead to problems when the validity of the “cer-
tification contract” between the certification body and the controller or processor
comes to question.
Certification Bodies
According to Article 42(5) GDPR, the certificate is issued either by the competent
supervisory authority or by the private or public certification bodies referred to in
Article 43 GDPR.95 Whether this competition between public and private schemes
undermines the sustainability of private initiatives96 remains to be seen. In any case,
it raises important issues of cross-border recognition of national certifications,
which is, at least in principle, needed within the internal market.97
The private or public certification bodies are accredited by the competent super-
visory authority and/or by the national accreditation body named under Regulation
(EC) No 765/2008, in accordance with EN-ISO/IEC 17065(2012 and with the addi-
tional requirements established by the supervisory authority (Article 43(1) GDPR).98
Whether the national accreditation body or the supervisory authority are able to
accredit certification bodies on their own, is left to the discretion of Member States.
The GDPR does not contain any provisions with regard to the organization of work
between the national accreditation body and the supervisory authority. What is
more, the Regulation does not specify whether the accreditation process led by the
supervisory authority also has to be in accordance with Regulation (EC) No
765/2008 and in accordance with EN-ISO/IEC 17065/2012. This could lead to con-
fusion with regard to the quality of accreditation and raise consistency issues.99
Before issuing the certificate, the certification body must inform the supervisory
authority and provide it with the reasons for granting or withdrawing the requested
certificate, Article 43(1) and (5) GDPR. Pursuant to Article 58(2)(h), each
supervisory is entitled to order the certification body not to issue a certificate if the
95
It is frequently argued that the supervisory authorities should not take up this role, as this could
come into conflict with their supervisory functions (cf. ENISA 2017, p. 25). In the German exam-
ple of Schleswig-Holstein (cf. Sect. 4.2.1) however, this conflict has not appeared.
96
See Lachaud (2016), p. 825.
97
See ENISA (2017), p. 24 f.; Kamara and De Hert (2018), p. 20 f.
98
ENISA (2017), pp. 11, 15; cf. Kamara and De Hert (2018), p. 18 ff. on different models.
99
See Lachaud (2016), p. 818.
126 G. Hornung and S. Bauer
certification requirements are not or no longer met.100 This process enables the
supervisory authority to effectively exercise its (control) powers (e.g. by revoking a
certificate issued by the certification body). The national accreditation body, how-
ever, does not need to be informed, since it cannot revoke or grant certificates.
In order to be accredited, the private or public certification body must have an
“appropriate level of expertise” in relation to data protection (Article 43(1) GDPR).
Furthermore, an accreditation shall only be issued if the certification body fulfils the
requirements referred to in Article 43(2) GDPR. This includes, for example, the
demonstration of independence and the establishment of procedures for the issuing,
periodic review and the withdrawal of data protection certificates, seals and marks.
Although the GDPR does not explicitly state this, prior consultation services per-
formed by the certification body may compromise its independence, since no one
can judge and be judged at the same time.101
The competent supervisory authority or the European Data Protection Board
approve criteria that are the basis for the accreditation of these certification bodies,
Article 43(3) GDPR. This however does not necessarily imply the simultaneous
existence of accreditation criteria at the national as well as at the European level.
The coordination and dispute resolution processes envisioned in Articles 64(1)(c)
and 65(1)(c) GDPR are aimed to reduce complexity and guarantee harmonized cri-
teria, which may encourage especially micro and small sized enterprises to apply
for the certification mechanisms.102
Pursuant to Article 43(4) GDPR, the accreditation issued is valid for a maximum
period of 5 years and can be renewed. The certification bodies are responsible for
the proper assessment leading to the certificate or the withdrawal of such. The
accreditation can be revoked if the conditions for the accreditation are not, or are no
longer, met or if actions taken by the certification body infringe the GDPR.103
Legal Effects
The certification does not reduce the responsibility of the controller or the processor
for compliance with the GDPR and is without prejudice to the tasks and powers of
the supervisory authorities, pursuant to Article 42(4) GDPR.104 The same is
expressed in Article 58(2)(h) GDPR, which states that each supervisory authority
can withdraw a certificate or order the certification body to withdraw a certificate
issued or order the certification body not to issue a certificate if the requirements for
the certification are not or are no longer met. This approach, however, may lead to
inconsistencies with regard to the principle that administrative authorities are bound
by their own acts. The wording of Article 58(2)(h) GDPR seems to assume that this
100
See Kamara and De Hert (2018), p. 20 f.
101
Bergt (2017), margin note 7; Lepperhoff (2017), margin note 8; Spindler (2016), p. 409.
102
See also ENISA (2017), p. 23 f.
103
Heilmann and Schulz (2018), margin notes 21 f.; Bergt (2017), margin notes 14 f.; Spindler
(2016), p. 412.
104
Cf. Kamara and De Hert (2018), p. 24 ff.
The New Certification Scheme of the General Data Protection Regulation 127
105
Spindler (2016), p. 413.
106
Cf. Bergt (2017), margin notes 4, 31; Kamara and De Hert (2018), p. 25 f. This however could
discriminate against those micro and small-sized businesses which cannot “afford” to be certified;
in this context see Lachaud (2016), p. 820.
107
See Heilmann and Schulz (2018), margin notes 43 f.; Paal (2018), margin note 9; Bergt (2017),
margin notes 2, 28; Lepperhoff (2017), margin note 4; Will (2017), margin note 5; von Braunmühl
(2016), margin note 14; Kamara and De Hert (2018), p. 26 ff.
108
See Kamara and De Hert (2018), p. 28 f.
128 G. Hornung and S. Bauer
5 Conclusions
References
109
See in particular the lessons learnt from the example of Schleswig-Holstein, Hansen (2018),
p. 44 ff.; see also Carvais-Palut (2018).
110
On this perspective and the possibilities to transfer concepts and experiences in the area of data
protection, see Balboni and Dragan (2018), p. 83 ff.
The New Certification Scheme of the General Data Protection Regulation 129
Bock, K. (2016). Data protection certification: Decorative or effective instrument? Audit and seals
as a way to enforce privacy. In D. Wright & P. De Hert (Eds.), Enforcing privacy regulatory.
Legal and technological approaches (p. 335). Heidelberg, Germany: Springer.
Borges, G., & Brennscheidt, K. (2012). Rechtsfragen des Cloud Computing – ein Zwischenbericht.
In G. Borges & J. Schwenk (Eds.), Daten- und Identitätsschutz in Cloud Computing,
E-Government und E-Commerce (1st ed., p. 43). Berlin, Germany: Springer.
Bräutigam, P., & Sonnleithner, B. (2011). Stiftung Datenschutz – Ein Schritt in die richtige
Richtung. Anwaltsblatt, 240.
Carvais-Palut, J. (2018). The French privacy seal scheme: A successful test. In R. Rodrigues
& V. Papakonstantinou (Eds.), Privacy and data protection seals (p. 49). Berlin, Germany:
Springer.
Cavoukian, A., & Chibba, M. (2018). Privacy seals in the USA, Europe, Japan, Canada, India and
Australia. In R. Rodrigues & V. Papakonstantinou (Eds.), Privacy and data protection seals
(p. 59). Berlin, Germany: Springer.
Der LfDI Nordrhein-Westfalen. (2014). Datenschutzsiegel in Nordrhein-Westfalen. Datenschutz
und Datensicherheit, 6.
Dieterich, T. (2016). Rechtsdurchsetzungsmöglichkeiten der DS-GVO Einheitlicher Rechtsrahmen
führt nicht zwangsläufig zu einheitlicher Rechtsanwendung. Datenschutz und Datensicherheit
ie, 260.
Eckhardt, J. (2017). Art. 42. In H. Wolff & S. Brink (Eds.), BeckOK Datenschutzrecht (22nd ed.).
Munich, Germany: C.H. Beck.
European Union Agency For Network and Information Security (ENISA). (2013). On the
security, privacy and usability of online seals. https://www.enisa.europa.eu/publications/
on-the-security-privacy-and-usability-of-online-seals
European Union Agency For Network and Information Security (ENISA). (2017).
Recommendations on European data protection certifications. https://www.enisa.europa.eu/
publications/recommendations-on-european-data-protection-certification
Feik, S., & von Lewinski, K. (2014). Der Markt für Datenschutz-Zertifizierungen. Zeitschrift für
Datenschutz, 59.
Grentzenberg, V., Schreibauer, M., & Schuppert, S. (2009). Die Datenschutznovelle (Teil II).
Kommunikation und Recht, 535.
Hammer, V., & Schuler, K. (2007). Cui bono? – Ziele und Inhalte eines Datenschutz-Zertifikats.
Datenschutz und Datensicherheit, 77.
Hansen, M. (2018). The Schleswig-Holstein data protection seal. In R. Rodrigues &
V. Papakonstantinou (Eds.), Privacy and data protection seals (p. 35). Berlin, Germany:
Springer.
Heilmann, S., & Schulz, W. (2018). ‘Art. 42’ and ‘Art. 43’. In S. Gierschmann, K. Schlender,
R. Stentzel, & W. Veil (Eds.), Kommentar Datenschutz-Grundverordnung. Cologne, Germany:
Bundesanzeiger Verlag.
Holst, S. (2014). Bremische Datenschutzauditverordnung in Kraft. Datenschutz und
Datensicherheit, 710.
Hornung, G. (2011). Eine Datenschutz-Grundverordnung für Europa?. Zeitschrift für Datenschutz,
51.
Hornung, G. (2013). Regulating privacy enhancing technologies: Seizing the opportunity of the
future European Data Protection Framework. Innovation The European Journal of Social
Science Research, 26, 181.
Hornung, G. (2014). Europa und drüber hinaus – Konzepte für eine Neuregelung des Datenschutzes
im Internet und in sozialen Netzwerken. In H. Hill & U. Schliesky (Eds.), Die Neubestimmung
der Privatheit (p. 123). Baden-Baden, Germany: Nomos.
Hornung, G. (2015). Grundrechtsinnovationen. Tübingen, Germany: Mohr Siebeck.
Hornung, G. (2017). Art. 42. In M. Eßer, P. Kramer, & K. von Lewinski (Eds.), DSGVO BDSG (5th
ed.). Cologne, Germany: Carl Heymanns Verlag.
130 G. Hornung and S. Bauer
Hornung, G., & Hartl, K. (2014). Datenschutz durch Marktanreize – auch in Europa? Stand der
Diskussion zu Datenschutzzertifizierung und Datenschutzaudit. Zeitschrift für Datenschutz,
219.
Hornung, G., & Sädtler, S. (2012). Europas Wolken – Die Auswirkungen des Entwurfs für eine
Datenschutz-Grundverordnung auf das Cloud Computing. Computer und Recht, 638.
Hornung, G., & Schnabel, C. (2009). Data protection in Germany I: The population census deci-
sion and the right to informational self-determination. Computer Law & Security Review, 25,
84.
Kamara, I., & De Hert, P. (2018). Data protection certification in the EU: Possibilities, actors
and building blocks in a reformed landscape. In R. Rodrigues & V. Papakonstantinou (Eds.),
Privacy and data protection seals (p. 7). Berlin, Germany: Springer.
Korff, D. (2014, October 3). Warning: The EU council is trying to undermine privacy seals (and
through this, the General data protection regulation). EU Law Analysis Blog. http://eulawanaly-
sis.blogspot.nl/2014/10/warning-eu-council-is-trying-to.html
Kühling, J. (2007). Datenschutz in einer künftigen Welt allgegenwärtiger Datenverarbeitung –
Aufgabe des Rechts? Die Verwaltung, 40, 153.
Kühling, J., & Martini, M. (2016). Die Datenschutz-Grundverordnung: Revolution oder Evolution
im europäischen und deutschen Datenschutzrecht? Europäische Zeitschrift für Wirtschaftsrecht,
448.
Kühling, J., Martini, M., Heberlein, J., Kühl, B., Nink, D., Weinzierl, Q., et al. (2016). Die
Datenschutz Grundverordnung und das nationale Recht. Münster, Germany: Monsenstein und
Vannerdat.
Lachaud, E. (2016). Why the certification process defined in the General Data Protection Regulation
cannot be successful. Computer Law & Security Review, 32, 814–826.
Lepperhoff, N. (2017). Art. 42. In P. Gola (Ed.), DS-GVO. Munich, Germany: C.H. Beck.
Lepperhoff, N., & Jaspers, A. (2013). Neuer Datenschutzstandard DS-BvD-GDD-01 mit passen-
dem Gütesiegel. MultiMedia und Recht, 617.
Meissner, S. (2008). Zertifizierungskriterien für Datenschutzgütesiegel EuroPriSe. Datenschutz
und Datensicherheit, 525.
Paal, B. (2018). Art. 42. In B. Paal & D. Pauly (Eds.), Datenschutz-Grundverordnung
Bundesdatenschutzgesetz (2nd ed.). Munich, Germany: C.H. Beck.
Raschauer, N. (2017). Art. 42. In G. Sydow (Ed.), Europäische Datenschutzgrundverordnung.
Baden-Baden, Germany: Nomos.
Roßnagel, A. (1997). Datenschutzaudit. Datenschutz und Datensicherheit, 505.
Roßnagel, A. (2000). Datenschutzaudit. Wiesbaden, Germany: Springer.
Roßnagel, A. (2007). Datenschutz in einem informatisierten Alltag. Berlin, Germany:
Friedrich-Ebert-Stiftung.
Roßnagel, A. (2011). Datenschutzaudit – ein modernes Steuerungsinstrument. In L. Hempel,
S. Krasmann, & U. Bröckling (Eds.), Sichtbarkeitsregime (1st ed., p. 277). Wiesbaden,
Germany: Springer.
Schantz, P. (2016). Die Datenschutz-Grundverordnung – Beginn einer neuen Zeitrechnung im
Datenschutzrecht. Neue juristische Wochenschrift, 1841.
Schläger, U. (2004). Gütesiegel nach Datenschutzauditverordnung Schleswig-Holstein.
Datenschutz und Datensicherheit, 459.
Scholz, P. (2014). § 9a BDSG. In S. Simitis (Ed.), Bundesdatzenschutzgesetz (8th ed.). Baden-
Baden, Germany: Nomos.
Schuler, K. (2007). Stellungnahme zum Bundesdatenschutzauditgesetz vom 7. September 2007.
Datenschutznachrichten, 181.
Schwartmann, R., & Weiß, S. (2016). Ko-Regulierung vor einer neuen Blüte (Teil 1). Recht der
Datenverarbeitung, 68.
Spindler, G. (2016). Selbstregulierung und Zertifizierungsverfahren nach der DS-GVO Reichweite
und Rechtsfolgen der genehmigten Verhaltensregeln. Zeitschrift für Datenschutz, 407.
The New Certification Scheme of the General Data Protection Regulation 131
von Braunmühl, P. (2016). Art. 42. In K. Plath (Ed.), BDSG DSGVO (2nd ed.). Cologne, Germany:
Otto Schmidt.
Waelbroeck, P. (2018). An economic analysis of privacy seals. In R. Rodrigues & V. Papakonstantinou
(Eds.), Privacy and data protection seals (p. 133). Berlin, Germany: Springer.
Wagner, E. (2011). Bundesstiftung Datenschutz - Chancen? Grenzen! Eine Erwiderung
auf Piltz/Schulz, Stiftung Datenschutz - moderner Datenschutz neu gedacht. Recht der
Datenverarbeitung, 229.
Weichert, T. (2010). § 9a. In W. Däubler, T. Klebe, P. Wedde, & T. Weichert (Eds.),
Bundesdatenschutzgesetz (3rd ed.). Frankfurt am Main, Germany: Bund-Verlag.
Will, M. (2017). Art. 42. In E. Ehmann & M. Selmayr (Eds.), Datenschutz-Grundverordnung.
Munich, Germany: C.H. Beck.
Windmann, J. (2010). Der Verifikateur und der Aufsichtsbeamte als zentrale Elemente des
Sachverständigen-Vollzugsmodells im Technikrecht. Die öffentliche Verwaltung, 396.
Can Certification Enhance the Feasibility
of Insurance?
Miranda P. M. Meuwissen
1 Introduction
Insurance of agricultural risks is often not feasible because actors in food and agri
supply chains have a big influence on the size of risk. For instance, the majority of
animal feed crises were linked to human mistakes or fraud in the animal feed ingre-
dient sectors.1 Also, widespread losses due to animal and plant epidemics are largely
influenced by the pace at which reporting and loss mitigation measures are enforced
and implemented.2 Although insurance companies attempt to capture insureds’ risk
behaviour in the process of underwriting,3 there are often high transaction costs
involved.4 Using the certified status to map the risk profile of e.g. a farm or feed
company, may reduce costs of underwriting.
Since major feed and food crises in the early 2000s, number and scope of certifi-
cation schemes have grown enormously and companies increasingly use certifica-
tion as a tool to demonstrate good practice and due diligence. Along with this,
literature has covered multiple issues related to certification, including costs of
implementation and auditing, and impact on the size of risk.5 The functionality of
certification as a tool to increase trust among businesses, and between business and
1
See Meuwissen et al. (2009), p. 878.
2
See Breukers et al. (2008), p. 137; Meuwissen et al. (2003), p. 305; Meuwissen et al. (2013),
p. 10.
3
See Rejda (1998).
4
See Meuwissen et al. (2001), p. 343.
5
See, e.g., Valeeva et al. (2006), p. 511, for feed safety risks in dairy chains; Tufa et al. (2010),
p. 537, regarding yield risks of potato production.
M. P. M. Meuwissen (*)
Business Economics Group, Department of Social Sciences, Wageningen University,
Wageningen, The Netherlands
e-mail: miranda.meuwissen@wur.nl
consumers was discussed by among others Trienekens et al.6 Evidence on the oppor-
tunities of certification schemes for financial institutions, such as insurance compa-
nies, is however scarce. It is timely to address this topic, as currently insurance
companies explore various alternatives to deal with the behavioural component of
agricultural risks. Such alternatives (e.g. remote sensing and index-based contracts)
might be less cost-effective than the use of well-established and institutionalised
certification schemes.
This chapter aims to explore the role of certification for insurance schemes cov-
ering agricultural risks. Section 2 first elaborates on the key issues hampering the
insurability of risks and the potential role certification could play. Section 3 presents
three cases on agricultural risks, and the potential role of certification herein: (1)
liability insurance for animal feed industries, (2) epidemic disease insurance for
farmers, and (3) liability insurance for the horse business. Based on the case study
findings, Sect. 4 comprises the discussion and conclusions.
2 T
wo Key Factors Determining the Insurability of Risks
and the Potential Role of Certification
6
Trienekens et al. (2012), p. 55.
7
Harrington and Niehaus (1999).
8
See Rejda (1998).
9
See Harrington and Niehaus (1999).
Can Certification Enhance the Feasibility of Insurance? 135
Table 1 Potential contribution of certification to deal with problems of adverse selection, moral
hazard and systemic risk
How certification could contribute
Adverse – As an eligibility criterion to access the insurance
selection – As part of the risk classification used for premium differentiation
Moral hazard – Through monitoring the risk behaviour of insureds through regular audits
– Through certification institutes delivering expert knowledge for loss
adjustment
Systemic risk – Through standards on tracking and tracing
– Through standards including incentives for rapid disclosure
any factors that may lead to above normal risk. Based on such information, insureds
are classified and premiums are differentiated for different classes of risk. Moral
hazard is traditionally coped with through imposing deductibles and co-payments,
implying that part of the loss is paid by insureds themselves.
The second problematic factor when pooling risk is the extent to which risks are
stochastically independent. If systemic (i.e. positively correlated) risks are pooled,
the variance of losses decreases less compared to the pooling of independent risks.
Many agricultural risks are somewhat positively correlated due to e.g. extreme
weather events affecting large regions, and contagious plant and animal diseases
rapidly spreading across farms.10 Insurance companies respond to the systemic
nature of risk by limiting insurance cover, and including catastrophic loadings in
premium rates.11
Although insurance tools, such as risk classification and use of catastrophic load-
ings, are generally considered effective, well designed certification schemes could
serve as an additional mechanism to deal with the above described problems.
Table 1 summarises potential contributions of certification.
3 Selected Cases
Cases have been selected in the area of risks which are difficult to insure, among
others for the reasons mentioned in the previous section. Each case includes a short
description of the risk, the case study approach, and results. All cases are situated in
the Netherlands.
10
See Meuwissen et al. (2003).
11
See Rejda (1998).
136 M. P. M. Meuwissen
Risk Animal feeds form a major link in the animal production chain: they have a
direct influence on the quality and safety of food of animal origin. Consumers of
meat, milk and eggs expect industry and retail to supply safe, high-quality products.
The government has therefore established stringent rules in the animal feed legisla-
tion which guarantee the quality of animal feeds and consequently the quality of
meat, milk and eggs. Companies in the animal feed sector may voluntarily go a step
further by producing according to the certifiable GMP+ (Good Manufacturing
Practice) standard. This standard applies to producers of and traders in compound
feeds, animal feeds, premixes and additives as well as transport, storage and trans-
shipment, cultivation, storage and livestock farms. Yet a further deepening of the
GMP+ standard is the SecureFeed standard which includes systematic screening of
animal feed ingredient suppliers. Despite the various preventive measures, experts
expect a contamination to occur on average once per 5-year period.12
Case Study Approach Conjoint analysis13 was used to elicit the opinion of experts
about the contribution of six factors to losses from animal feed crises. So-called
profiles, each consisting of a combination of these factors with its different levels,
were evaluated by animal feed experts. The outcomes of the evaluation explain the
impact of these factors on contamination risk (and, therefore, liability risk) of ani-
mal feed companies in the Netherlands. The six factors were selected through a lit-
erature review on factors associated with the size of losses from animal feed
contaminations.14 Factors include Type of animal feed, whereby compound feed is
considered as more risky than wet feed; Supply to the US, with supplying to the US
being regarded as risky due to the US claiming culture; Company size, with higher
risks being attributed to large industries; Separated production lines, with a strong
preference for separated lines especially for chemical risks; Certified quality assur-
ance, for which Securefeed is regarded as more advanced than GMP+; and Farm
types supplied, whereby literature distinguishes between reproduction and meat
farms (without clear expectations on the farm type generating highest losses).
Selected factors and distinct levels per factor are shown in Table 2.
In spring 2008, questionnaires were sent to 28 quality managers of major animal
feed companies in the Netherlands. A cover letter explained the aim of the survey,
i.e. to identify feed industry’s risk profiles to be used in insurance schemes covering
damage of feed crises. Experts evaluated conjoint profiles on a scale from 1 (very
low preference) to 7 (very high preference). After 1 month 14 questionnaires were
returned and used for further analyses. Experts represent 14 compound feed produc-
ers from which 2 are also engaged in wet feed. Furthermore, most (i.e. 12) are from
12
See van Asseldonk et al. (2011), p. 169.
13
Rao (2013).
14
Valeeva et al. (2006), Meuwissen et al. (2009) and van Asseldonk et al. (2011).
Can Certification Enhance the Feasibility of Insurance? 137
Table 2 Perceived importance of factors related to liability risk of animal feed companies in the
Netherlands (n = 14)
Relative importance of
Factors Distinct levels per factora factors (%)
Type of animal feed – Compound feed, i.e. pelleted feed for 32
livestock*
– Wet feed, i.e. by-products of food processing
industry e.g. wheat starch
Export to US – Yes 30
– No*
Certified quality – GMP+ 12
assurance – GMP+ and SucureFeedb,*
Separated – Separated production lines* 11
production lines – No separation of production lines
Company size – Large: >100,000 ton kg per year 8
– Small: <100,000 ton kg per year*
Farm types – Reproduction farms, i.e. farms with sows, 7
supplied dairy cattle, or laying hens*
– Meat farms, i.e. farms with hogs, beef cattle,
or broilers
100
a
Asterisks indicate most preferred level per factor
b
When carrying out the survey, SecureFeed was called ‘TrusQ’
large companies producing more than 100,000 ton kg of animal feed per year.
During the survey period, no animal feed crises occurred.
Results Among the six factors contributing to the size of contamination and liabil-
ity risk, type of animal feed and export to the US are perceived as most important
with relative importance scores of 32% and 30% respectively (shown in last column
of Table 2). Certification is regarded as the third most relevant factor (relative
importance of 12%), thereby being perceived as more important than the separation
of production lines (11%), company size (8%) and farm types supplied (7%).
Looking more closely into the preferred levels per factor, they are all as hypothe-
sised in literature, except the higher preference for compound feed. This probably
relates to the unbalanced sample with most experts representing compound feed
industries.
Regarding the importance of certification, results illustrate that certified quality
assurance is perceived as a relatively important factor determining the size of liabil-
ity risk. Insurance companies could therefore, for instance, consider certification as
eligibility criterion for liability insurance, or differentiate premiums based on the
type of certification (e.g. with lower premiums for SecureFeed certified
companies).
138 M. P. M. Meuwissen
Table 3 Epidemic disease insurance schemes in the Netherlands and reference to certified and
non-certified standards
Certified
Mutual Sector Disease risk covered standards Non-certified standards
Avipol Broilers Salmonella; Integrated –
(rearing, mycoplasma; hysteria Chain Control
breeding) (IKB) Chickens
Potatopol Potatoes Brownrot; ringrot; –b Phytosanitary code of
PSTVd (potato good practice
spindle tuber viroid)
Ovipola Sheep and Scrapie –b –c
goats
Q-pola Greenhouse Quarantine organisms –b Phytosanitary code of
crops good practice, and
additional rules in case of
import
Porcopola Sows Aujeszky’s disease; –b –c
foot and mouth
disease; swine fever
a
Ceased due to lack of participation in 2003 (Ovipol), 2004 (Q-pol, and 2012 (Porcopol)
b
Certified standards are available but they are not referred to in the insurance contracts
c
Insurance contracts refer to general rules of risk prevention
Risk Outbreaks of plant and livestock diseases can have large financial conse-
quences for farmers involved.15 Typically, governments bear direct costs of destroy-
ing infected plants and animals, but consequential losses due to e.g. business
interruption are taken by farmers. For most sectors, consequential loss insurance is
only available through mutuals.16
Results Results of the assessment show that all mutuals mention risk prevention
measures in their contract specifications (columns 4 and 5 of Table 3). However,
only Avipol is based on a certified standard, i.e. Integrated Chain Control (IKB)
Chickens. It uses IKB Chicken as eligibility criterion, i.e. only IKB certified farms
can become a member of the mutual. The other mutuals refer to codes of good
15
See Breukers et al. (2008) and Meuwissen et al. (2003).
16
See Meuwissen et al. (2013).
Can Certification Enhance the Feasibility of Insurance? 139
p ractices (Potatopol, Q-pol) or define general rules of risk prevention (Ovipol and
Porcopol), but apparently choose not to use the certifiable standards. A possible
reason explaining the importance of certification for Avipol might be their focus on
high-value stages of the chain (i.e. rearing and breeding stages) for which business
continuity highly depends on disease prevention. Other mutuals address mainstream
farming. These mutuals might have preferred low entry barriers, e.g. to attract a
large pool of farmers.
Risk Due to substantial growth of the horse business sector, there are relatively
many accidents with severe bodily injuries.17 Due to this growth and the wide vari-
ety of the sector, i.e. including horse riding stables, breeders and farmers providing
for pension stables, insurance companies face difficulties in estimating the size of
liability risk related to bodily injuries. In 2002, a safety certificate for the horse busi-
ness (SVP) was introduced, mainly focusing on mitigating the risk of bodily
injuries.
Approach In order to analyse the risk management situation in certified versus non-
certified horse businesses, a structured questionnaire was developed in 2011 and
sent to 240 randomly selected horse businesses from the yellow pages covering the
whole of the Netherlands. The questionnaire included a variety of risk factors and
risk management strategies and was pretested by a veterinarian, an insurance expert,
and an employee of the Dutch horse riding federation. Response was stimulated
through two rounds of reminders and by indicating that three €25-vouchers would
be allotted among respondents. In total, 35 questionnaires were returned, of which
33 could be used for further analyses, including riding stables (18), horse breeders
(7), pension stables (7), and one other type of horse business. Business were rela-
tively large as the average number of horses was 35.8, compared to an average in the
Netherlands of 9 horses per business. In total, there were 15 SVP certified busi-
nesses, fairly equally distributed across business types. A Chi-square test of homo-
geneity of responses was used to make statistical inferences about the variation in
responses among certified and non-certified groups.18
Results Table 4 shows the 10 risk management strategies related to risk of bodily
injuries. For most strategies, certified business indicate more frequently to ‘always’
implement them, especially strategies related to emergency staff and planning, and
proficiency of staff. However, also the non-certified businesses show to care about
risk management, e.g. with regard to rules for outdoor riding. Due to the sincere
attention for risk management in both groups, SVP certification does not seem to be
17
Hitchens et al. (2010), p. 693.
18
Pashaei Kamali et al. (2014), p. 949.
140 M. P. M. Meuwissen
Table 4 Application of risk management strategies related to liability risks by certified and non-
certified horse businesses in the Netherlandsa,b
Certified (n = 15)c Non-certified (n = 18)c
Risk management Never Sometimes Alwaysd Never Sometimes Alwaysd
strategies (%) (%) (%) (%) (%) (%)
Member of farm 64 7 29 50 17 33
assistance service
Risk analysis of working 21 29 50 53 27 20
environment
Safety instructions for 14 21 64 25 25 50
employees
Availability of emergency 7 0 93 6 29 65
staff*
Availability of emergency 0 7 93 38 25 38
plan**
Proficient staff in stables 0 13 87 7 13 80
Proficient staff for training 7 0 93 0 7 93
Active matching of horse 0 20 80 0 38 63
and horse riders
Outdoor riding with 31 0 69 0 18 82
horses familiar to (large)
traffic*
Outdoor riding with 23 23 54 9 9 82
supervision
a
Certification refers to the SVP safety certification for horse business
b
Asterisks indicate significant differences between certified and non-certified stables at P < 0.10
(*) and P < 0.05 (**) levels
c
Percentages refer to percentage of respondents who indicated ‘never’, ‘sometimes’, or ‘always’
d
Top 3 strategies are in bold
a fair instrument to be used as eligibility criterion, but might well be considered for
risk classification purposes.
4 Discussion and Conclusions
References
Breukers, A., Mourits, M. C. M., van der Werf, W., & Oude Lansink, A. G. J. M. (2008). Costs and
benefits of controlling quarantine diseases: A bio-economic modeling approach. Agricultural
Economics, 38, 137.
Harrington, S. E., & Niehaus, G. R. (1999). Risk management and insurance. Boston: Irwin
McGraw-Hill.
Hitchens, P. L., Blizzard, C. L., Jones, G., Day, L., & Fell, J. (2010). Predictors of race-day jockey
falls in flat racing in Australia. Occupational and Environmental Medicine, 67, 693.
Meuwissen, M. P. M., Assefa, T., & van Asseldonk, M. A. P. M. (2013). Supporting insurance in
European agriculture; Experience of mutuals in the Netherlands. EuroChoices, 12(3), 10.
Meuwissen, M. P. M., Hardaker, J. B., Huirne, R. B. M., & Dijkhuizen, A. A. (2001). Sharing risks
in agriculture: Principles and empirical results. NJAS Wageningen Journal of Life Science, 49,
343.
Meuwissen, M. P. M., van Andel, A. A., van Asseldonk, M. A. P. M., & Huirne, R. B. M. (2009).
Eliciting processing industry damage from feed crises. British Food Journal, 111(8), 878.
Meuwissen, M. P. M., van Asseldonk, M. A. P. M., & Huirne, R. B. M. (2003). Alternative risk
financing instruments for swine epidemics. Agricultural Systems, 75(2–3), 305.
Pashaei Kamali, F., Meuwissen, M. P. M., De Boer, I. J. M., Stolz, H., Jahrl, I., Garibay, S. V., et al.
(2014). Identifying sustainability issues for soymeal and beef production chains. Agricultural
& Environmental Ethics, 27(6), 949.
Rao, V. R. (2013). Applied conjoint analysis. Berlin, Germany: Springer.
Rejda, G. E. (1998). Principles of risk management and insurance. New York: Harper Collins.
Trienekens, J. H., Wognum, P. M., Beulens, A. J. M., & van der Vorst, J. G. A. J. (2012).
Transparency in complex dynamic food supply chains. Advanced Engineering Informatics,
26(1), 55.
142 M. P. M. Meuwissen
Tufa, A., Meuwissen, M. P. M., Tesfaye, A., Lommen, W. J. M., Oude Lansink, A. G. J. M.,
Tsegaye, A., et al. (2010). Analysis of seed potato systems in Ethiopia. American Journal of
Potato Research, 87, 537.
Valeeva, N. I., Meuwissen, M. P. M., Oude Lansink, A. G. J. M., & Huirne, R. B. M. (2006).
Cost implications of improving food safety in the Dutch dairy chain. European Review of
Agricultural Economics, 33(4), 511.
van Asseldonk, M. A. P. M., Meuwissen, M. P. M., & Huirne, R. B. M. (2011). A risk analysis
of compound feed contamination. In S. R. Borgearo (Ed.), Animal feed: Types, nutrition and
safety (p. 169). New York: Nova Publishers.
Control in the Label: Self-Declared,
Certified, Accredited?
On-Pack Consumer Communication About
Compliance Control in Voluntary Food Schemes from a
Legal Perspective
Hanna Schebesta
1 Introduction
In the EU, the number of voluntary food schemes has grown rampantly over the past
20 years.1 From a consumer perspective, what was initially praised as a solution to
the information asymmetry problem of credence goods soon became a problem of
itself: Consumers do not know what the various food scheme labels mean. Some
authors therefore propose education measures to help consumers better understand
labels.2 In this contribution, we approach the issue from a different angle and show
that on pack communication of food scheme labels offers significant opportunities
for influencing consumer perceptions. We argue therefore that food businesses are
under a legal duty not to mislead consumers and to ensure that information is suf-
ficiently clear.
At EU level, the proliferation of voluntary food schemes has sparked inquiry into
the potential need for public intervention: in 2010, the European Commission com-
missioned an inventory of food schemes in the EU.3 Shortly after, Commission
1
A total number of 901 food labelling schemes was identified in 2013 on the EU market, see Ipsos
and London Economics (2013).
2
For instance Koos (2011), p. 127.
3
Areté, Inventory of Certification Schemes for Agricultural Products and Foodstuffs Marketed in
the EU Member States, 2010.
H. Schebesta (*)
Law and Governance Group, Wageningen University, Wageningen, The Netherlands
e-mail: hanna.schebesta@wur.nl
Guidelines4 were issued, establishing a set of best practices for voluntary certification
schemes for agricultural products and foodstuffs. In 2013, an additional consumer
market study was conducted that surveyed the functioning of voluntary food
schemes in the EU.5
In some fields, EU regulation of food schemes already occurred, notably the
Organic Scheme and the PDO and PGI Quality Schemes. In other areas, the
Commission lets the market play out before proposing regulatory intervention. For
example, the option to expand the existing EU Ecolabel6 into the food sector gener-
ally7 or to the fish sector specifically8 was dismissed.
In the absence of specific EU law on voluntary food schemes, the question is how
the general legal framework can address the new challenges that emerge with their
unprecedented proliferation.
In this contribution, we focus on the consumer interest in food schemes. Mostly,
scheme labelling is seen as one way of remedying the information asymmetry char-
acterizing promises about product quality that cannot be verified by consumers.9
However, the verification processes on compliance used by food schemes vary dras-
tically, resulting in a difference in “rigour and outcome” that is “not always
understood”.10 We follow up on the insight that research mostly studied the standard-
setting process itself, and therefore examine the food schemes’ compliance control
in relation to consumer perception. The question we analyse in this contribution is
the following: What are the possibilities of food businesses to influence the con-
sumer understanding of schemes’ verification processes through labelling, and what
are their legal duties in this respect?
In order to define the notion of compliance control in food schemes, we rely on
the distinctions drawn between standard-setting, certification and accreditation as
put forward in the so-called Tripartite Standards Regime framework (Sect. 2.1) and
analyse different models of compliance control in food standards from a legal per-
spective (Sect. 2.2).
We subsequently investigate the communication of compliance control to con-
sumers. Studies show that the different control mechanisms are not well understood
by consumers (Sect. 3.1). In addition, food schemes handle very diverging labelling
policies on how adherence to a scheme is communicated towards the consumer on
pack (Sect. 3.2). On this basis, we reason that compliance control in schemes is a
consumer protection concern.
4
European Commission Communication EU Best Practice Guidelines for Voluntary Certification
Schemes for Agricultural Products and Foodstuffs, [2010] OJ C 341/5.
5
Ipsos and London Economics (2013).
6
Reg (EC) No 66/2010 on the EU Ecolabel [2010] OJ L 27/1.
7
Oakdene Hollins (2011).
8
MRAG (2016).
9
Dekhili and Akli Achabou (2014), p. 305.
10
Global Food Safety Initiative (GFSI), Enhancing Food Safety Through Third Party Certification
(2011), p. 14.
Control in the Label: Self-Declared, Certified, Accredited? 145
Lastly, we examine whether and how the current EU legal framework of con-
sumer law and food information law can be used to secure consumer protection. We
find that some food schemes risk infringing the consumers’ rights to take informed
decisions expressed in the prohibition on misleading practices and the duty to
provide clear food information (Sect. 4.1). As we argue, different labelling styles
contribute largely to the perception of compliance control in consumers, and there-
fore should be used adequately to ensure that they are sufficiently clear and not
misleading (Sect. 4.2).
Compliance control is the activity of assessing whether standard users fulfil stan-
dard requirements. This section briefly surveys the development of different busi-
ness models of control and compares compliance control in different food standards
from a legal perspective.
11
TSR is not a perfect model as it does not of itself engage with differences between first, second
and third party certification; further, it anchors accreditation in a model of control, thereby neglect-
ing alternatives to third-party oversight self-assessment with third-party audits and participatory
guarantee systems. See for a discussion of the controversy around third-party assurance Loconto
and Fouilleux (2014), p. 166. Also, the element of enforcement is not incorporated into the model.
On enforcement of standards, see Verbruggen (2013), p. 512.
12
Fouilleux and Loconto (2017), pp. 1, 3.
13
Loconto and Busch (2010), pp. 507, 517 ff.
14
Fouilleux and Loconto (2017), p. 8.
15
Loconto and Busch (2010), p. 514.
146 H. Schebesta
2.2 T
he Compliance Control of Voluntary Food Schemes
Under EU Law
16
Hatanaka et al. (2005), pp. 354, 358.
17
Tanner (2000), p. 415.
18
Deaton (2004), p. 615.
19
Loconto and Busch (2010).
20
See for example the difference of quality in auditing across different certification bodies observed
in Albersmeier et al. (2009), p. 927.
21
Henson and Humphrey (2010), p. 1628.
22
Loconto and Busch (2010), p. 510 note that 75% of their data set qualified as public or
quasi-public.
23
Ibid., 510.
24
As also argued by Havinga in respect of a blurring between the public and the private, and further
distinguishing different ‘privates’ (notably retailers) in the formulation of standards Havinga
(2008). And the questions of legitimacy raised Fuchs et al. (2011), p. 353.
Control in the Label: Self-Declared, Certified, Accredited? 147
2.2.1 C
ompliance Control in Voluntary Food Schemes: Accreditation
Endorsed But Not Imposed
Different business models of certification exist, the most prevalent being third-party
certification. Alternatives are first-party self-declarations, and second-party certifi-
cation (first party’s paid consultants).25 Third-party certification bodies (hereafter
simply certification bodies) can, but do not have to be, accredited. According to the
voluntary EU food schemes inventory of 2010, 78% of food schemes were certified,
and 18% self-declared. According to the same data, around 71% of certification was
carried out by an accredited body.26
In the EU, accreditation is an exercise of public authority; it is ‘the last level of
public authority control’.27 The Accreditation Regulation (Regulation (EC) No
765/2008)28 instituted a harmonised system of requirements for accreditation and
market surveillance for the marketing of products and required each Member State
to appoint a single national accreditation organisation. The system further enshrines
several principles in order to safeguard the independent functioning of accredita-
tion. Notably, it institutes a separation from national authorities and certification
bodies. Accreditation bodies have to operate on a not-for-profit basis29 and may not
compete with conformity assessment bodies or other accreditation bodies.30 They
must be independent and without conflicts of interest; objective and impartial; and
competent.31 Further, accreditation bodies are subject to a peer evaluation of other
national accreditation bodies, a process ultimately overseen by the European
Commission.32
For voluntary food certification schemes, the non-binding Commission
Guidelines list certification by accredited bodies as a best practice. The Commission
Guidelines recommend, in order to safeguard impartiality and independence of cer-
tification, compliance assessments that are carried out by an independent body
accredited either by a national accreditation body appointed by Member States
according to the Accreditation Regulation or an accreditation body signatory to the
multilateral recognition arrangement (MLA) for product certification of the
International Accreditation Forum (IAF).33 These best practices therefore endorse a
full TSR framework for voluntary food standards.
25
Tanner (2000).
26
Ipsos and London Economics (2013), p. 50.
27
European Accreditation (EA), What Is Accreditation, available at http://www.european-accredi-
tation.org/what-is-accreditation.
28
Reg (EC) No 765/2008 Setting out the Requirements for Accreditation and Market Surveillance
Relating to the Marketing of Products, [2008] OJ L 218/30.
29
Art. 4 Accreditation Regulation.
30
Art. 6 Accreditation Regulation.
31
Art. 8 Accreditation Regulation.
32
Art. 10 Accreditation Regulation.
33
European Commission (2010), recommendation no 6.
148 H. Schebesta
2.2.2 C
ontrol in ‘Public’ EU Food Schemes: The Organic Scheme
and Quality Scheme (PDO, PGI)
2.2.3 Summary
The voluntary EU ‘public’ food schemes (Organic and PDO and PGI Quality
Schemes) are subject to a control system. Even where these controls are partially
delegated to private or mixed bodies, accreditation is used as a public assurance
system in the background. Voluntary schemes, on the other hand, are not subject to
legally mandated control requirements, which means that they leave room for a
diversity of control mechanisms (and lack thereof).
34
In principle, ISO certification can be undertaken by accredited and non-accredited bodies, see
https://www.iso.org/certification.html. Therefore, the statement certified to ISO is different from
accredited to ISO, only the latter would require certification to ISO by an accredited certification
body.
35
Accreditation to European Standard EN 45011 or ISO Guide 65 (General requirements for bod-
ies operating product certification systems) is required if there is delegation, see Council Reg (EC)
No 834/2007 on organic production and labelling of organic products, [2007] OJ L 189/1, Art
27(5)(c). This standard has been revised by ISO/IEC 17065:2012.
36
In accordance with European Standard EN 45011 or ISO/IEC Guide 65 (General requirements
for bodies operating product certification systems), as revised by ISO/IEC 17065:2012.
37
Reg (EU) No 1151/2012 on quality schemes for agricultural products and foodstuffs, [2012] OJ
L 343/1, Art. 39(3).
Control in the Label: Self-Declared, Certified, Accredited? 149
The qualitatively very different control mechanisms behind different private food
standards is potentially problematic: among stakeholders, third party certification
was identified as one of the top issues concerning best practices regarding scheme
operation.38 Interestingly, the consumer organisations regarded this issue as less sig-
nificant, i.e. only one in five organisations mentioned third party certification as
relevant.39 Certification by accredited bodies was identified as an issue less often.40
Therefore, third party certification (and to a lesser extent accreditation) was flagged
as an acute concern only by the ‘insiders’ of the supply chain but not by the outsid-
ers, i.e. consumer organisations.
Despite this evidence, we argue that the compliance control behind food schemes
should be a consumer protection concern.
3.1 C
onsumer Perception Studies on Standards and Their
Compliance Control
Empirical evidence shows that consumer confusion prevails when it comes to stan-
dard conformity control. In the consumer market study conducted in 2013, stake-
holders41 overwhelmingly assessed that consumers cannot distinguish between
public and private schemes or self-declared and certification food labelling
schemes.42 Consumers’ actual knowledge about the control of food certification
schemes emerged as very limited and false beliefs as widespread.43 Many consum-
ers incorrectly believe that all food labelling schemes are certified by a third party
organisation44; that all certifiers are public bodies45; and that food producers cannot
38
It was highlighted as important by a third of the accreditation bodies, 42% of the producer,
farmer, retailer associations and 44% of scheme operators, see Ipsos and London Economics
(2013).
39
Ibid.
40
It was regarded as important by 25% of the accreditation bodies and cited by 29% of the scheme
operators. Other stakeholders did not mention accreditation at all, see Ipsos and London Economics
(2013), p. 110.
41
I.e. accreditation/certification bodies, producer/farmer/retailer organisations, and consumer
bodies.
42
Ipsos and London Economics (2013), p. 127; on both questions, stakeholders across the board
disagreed or totally disagreed with the consumers’ ability.
43
Ibid., 153.
44
Only around 20% of consumers positively know that, in fact, not all food schemes are certified.
Testing the actual knowledge of consumers about certification, a dire picture emerged: one third of
consumers thought that all food labelling schemes are certified by a third party organisation (with
little below a half indicating ‘I don’t know’).
45
Over 36% of consumers believe that all third-party organisations that certify schemes have to be
public bodies; only 25% consumers answered correctly, i.e. that not all certifiers are public bodies.
150 H. Schebesta
establish their own food labelling schemes based on their own product standards.46
Uncertainty47 about these issues is widespread in consumers. Further, consumer
trust in third-party certified schemes vastly exceeds that for self-certified schemes;
i.e. trust in third party certified schemes is totally agreed or agreed to by 71% of the
consumers, but only by 30% for self-certified schemes.48 Stakeholders also believe
that consumers trust more in public than in private certification schemes.49 The lit-
erature strongly supports this view: ‘According to a large number of studies, the
most important requirement is that the label is issued and controlled by a public or
independent authority, a so-called “third party”’.50
It is firmly established that certification improves consumer trust in food prod-
ucts significantly. This is troubling when combined with the fact that many consum-
ers erroneously assume that standards are by definition subject to compliance
control conducted by a public body, or at least an independent certification body.
3.2 H
ow Do Schemes Communicate Compliance Control
to Consumers?
In addition, consumer perceptions about schemes are very much influenced by food
labelling. It is therefore necessary to examine how messages about compliance con-
trol are communicated to the consumer on pack and how they affect consumers.
From a legal perspective, scheme operators are usually51 the owner of registered
trademarks. Trademark law can protect the word mark of a scheme (i.e. the brand/
scheme name), figurative marks and figurative marks with word elements (i.e. a
pictoral logo with or without word elements such as the brand name). Scheme own-
ers then licence the use of their trademark and can draw up labelling policies speci-
fying how it is to be used in business and/or consumer directed communication.
Some standardisation schemes understand themselves as clearly business-to-
business geared and prevent the use of the scheme for consumer communication
purposes at scheme level. For example, GlobalGAP is a certification scheme that
Notably, the percentage of consumers incorrectly believing that certifiers are public is highest in
the EU-12, a group of consumers that is usually identified as a ‘higher educated’ consumer.
46
Around 32% consumers incorrectly think that food producers cannot establish their own food
labelling schemes based on their own product standards; again with roughly a third of respondents
giving the correct answer and a third indicating ‘I don’t know’.
47
I.e. consumers indicating that they do not know the correct answer.
48
Ipsos and London Economics (2013), p. 178. Independent research has confirmed a more posi-
tive attitude to “independent labels” than towards self-declared (environmental) claims and also a
higher propensity to pay for labelled as opposed to self-declared claim products Ertz et al. (2017),
p. 1 and numerous studies cited.
49
Ipsos and London Economics (2013), p. 187.
50
Thøgersen (2000), p. 285.
51
In some EU Member States, registration of certification marks is possible.
Control in the Label: Self-Declared, Certified, Accredited? 151
prohibits certified producers from using the GlobalGAP trademark on the product
or packaging (although it may be used in business-to-business communication).52
Similarly, The BRC Global Standard for Food Safety (Issue 7) allows the use of a
logo only for marketing purposes, but clarifies that the BRC logo is not a product
certification mark and therefore may not be used on products.53
Other schemes are less prescriptive: compliance with the Unilever Sustainable
Agriculture Code can be assessed on the basis of both, self-declarations or through
certification. The Unilever Sustainable Agriculture Code does not have a logo or
trademark associated with the scheme. Sustainability messages in the form of text
are taken at brand level.54
UTZ certified, by contrast, identifies as a business-to-business scheme, but
allows the use of the trademark in accordance with the very detailed UTZ Labelling
and Trademark Policy.55 The UTZ labelling logo always includes the word ‘Certified’
and must be used in combination with a text claim.56 The Marine Stewardship
Council (MSC) allows the use of the MSC ecolabel and MSC textual claims on the
package. It requires a paid license before the label may be used, and stipulates an
approval procedure. Where the label is used, it must be accompanied by one of the
five MSC model textual claims. Some, but not all, of these model text claims con-
tain an explicit reference to certification.57
The EU regulated schemes deploy primarily logos: the PDO and PGI logos
appear as an officious ‘seal’.58 The EU Organic Scheme uses the organic logo, and
additionally regulates the use of words, i.e. ‘organic’ and derivatives such as ‘bio’
and ‘eco’, alone or combined, may be used only on products conforming with the
scheme.59
Not all voluntary food schemes allow consumer messages on pack. Those that do
vary significantly in whether and how such communication is regulated at scheme
level, or whether the prime responsibility for labelling is left to brand owners using
food schemes.
From the consumer point of view, it is clear that consumer confusion about the
degree to which different types of schemes communicated to them on pack are
52
MSC, MSC ecolabel user guide (April 2016) available at https://www.msc.org/documents/logo-
use/msc-ecolabel-user-guide.
53
BRC, BRC Global Standard for Food Safety Issue 7. Point 7.6.
54
See standardsmap.org.
55
UTZ, Labeling and Trademark Policy May 2016, available at https://utz.org/?attachment_id=
7318/.
56
Ibid., point 1.3.
57
The MSC Claim — Marine Stewardship Council, available at https://www.msc.org/get-certified/
use-the-msc-ecolabel/msc-claim#english.
58
Art. 12 Reg (EU) No 1151/2012 (n 35) that can include ‘protected designation of origin’ or ‘pro-
tected geographical indication’ or the corresponding abbreviations ‘PDO’ or ‘PGI’ may appear on
the labelling, as well as text, graphics or symbols referring to the Member State and/or region in
which the geographical are located. The registered product name should appear in the same field
of vision as the logo.
59
Art. 23 Organic Regulation.
152 H. Schebesta
Given food businesses’ wide freedom in labelling voluntary claims, what are their
legal duties in respect of the consumer’s right to make informed choices? Under EU
consumer law, this right is given expression through the prohibition on unfair com-
mercial practices in general and, food information regulation specifically. The cor-
responding legal framework is the Unfair Commercial Practices Directive 2005/29/
EC (UCPD)61 and food specific legislation that deals with the provision of informa-
tion to the consumer (i.e. the General Food Law, the Food Information Regulation
and certain sector specific laws, such as the Common Market Regulations). These
stipulate that commercial practices may not mislead the consumer and that food
information must be clear.
4.1 T
he Legal Framework: Prohibition on Misleading
the Consumer and Food Information Requirements
It is generally accepted that the UCPD can serve as a useful legal framework in
order to combat unfair practices also with respect to ‘labels’.62 In several general
clauses, the UCPD prohibits unfair commercial practices that are misleading63 and
aggressive64 practices; as well as practices that infringe professional diligence.65
60
For instance, UTZ guiding principles are “clarity, credibility and correctness” (n 50), point 1.6.
61
Directive 2005/29/EC concerning unfair business-to-consumer commercial practices in the inter-
nal market, [2005] OJ L 149/22.
62
The European Commission recently published a new guidance on the UCPD (‘UCPD Guidance
2016’) that contains a section on eco-labels. Commission Staff Working Document. Guidance on
the Implementation/application of Directive 2005/29/EC on Unfair Commercial Practices. A
Comprehensive Approach to Stimulating Cross-Border E-Commerce for Europe’s Citizens and
Businesses, COM(2016) 320 final, (‘UCPD Guidance 2016’). Further, UCPD compliance was
touched upon in the Feasibility Reports for Eco-labelling; and the Market Study of 2013. Third-
party verification and self-declaration with the UCPD was not specifically examined.
63
Arts. 6 and 7 UCPD.
64
Arts. 8 and 9 UCPD.
65
Art. 5(2) UCPD.
Control in the Label: Self-Declared, Certified, Accredited? 153
The UCPD prohibits misleading practices that deceive or are likely to deceive the
average consumer even if the information is factually correct (Article 6). The
deceiving information must concern one of a number of elements, for instance the
main characteristics of the product or the extent of the trader’s commitments (Article
6(1)(a) and (c) respectively). Further, the information must be consequential and the
consumer’s economic behaviour must be altered: the information must cause or be
likely to cause the average consumer to ‘take a transactional decision that he would
not have taken otherwise’.68 This prohibition does not test the intention of the food
business operator; it is a prohibition that tests the achieved effect on the consumer.
Information about scheme control constitutes information about the characteris-
tics of a product, and perhaps more pertinently about the extent of the trader’s com-
mitment. In light of the empirical research reviewed (see Sect. 3.1), consumers
expect scheme affiliations on pack to be more than merely aspirational and assume
that independent control mechanisms exist. Self-declared schemes, then, regularly
risk to deceive the consumer, because they are—contrary to the average consumers’
beliefs—not subject to certification or accreditation. The empirical studies further
suggested that consumer trust is significantly higher in certified as opposed to self-
declared schemes and also show that certification increases consumers’ willingness
to pay. This provides evidence that the transactional decision of consumers is likely
distorted by the false belief that self-declared schemes are subject to independent
control. Although a legal appreciation of food scheme labelling will have to be
assessed on a case-by-case basis, self-declared schemes potentially engage in a mis-
leading practice.
The food information law provisions echo the general spirit of the UCPD, but
they lack its more elaborated tests. The overarching, horizontal General Food Law
Regulation69 lays down principles governing all food legislation and commit to a
high level of protection of consumers’ interest. Labelling, advertising and
66
Annex I UCPD.
67
UCPD Guidance 2016, 16. See also e.g. ECJ, 16 July 2015, Joined Cases C-544/13 and C-545/13
Abcur AB v Apoteket Farmaci AB and Apoteket AB, ECLI:EU:C:2015:481, paras 72, 74 and 82.
68
Art. 2(k) UCPD defines ‘transactional decision’ as ‘any decision taken by a consumer concerning
whether, how and on what terms to purchase, make payment in whole or in part for, retain or dis-
pose of a product or to exercise a contractual right in relation to the product, whether the consumer
decides to act or to refrain from acting.’
69
Reg (EC) No 178/2002 laying down the general principles and requirements of food law, estab-
lishing the European Food Safety Authority and laying down procedures in matters of food safety,
[2002] OJ L 31/1.
154 H. Schebesta
While the prior meaning of misleadingness relies on the deception of the consumer,
there are also more objective requirements on food information in se. The UCPD
regulates the omission of information; the provision of information ‘in an unclear,
unintelligible, ambiguous or untimely manner’ is a misleading practice (Article
7(2)).74 Again, this information must be consequential and likely to lead the con-
sumer to take a transactional decision s/he would not otherwise have taken. However,
limitations of space, which regularly apply in case of food products, may be taken
into account.75
Additionally, food information to consumers (comprising on-pack, but also sur-
rounding information on food products) is regulated in detail by the Food Information
70
Art. 8 of Reg (EC) No 178/2002, and Art 16 on the presentation of food products.
71
Art. 7(a) of Reg (EU) No 1169/2011.
72
Art. 7(b) of Reg (EU) No 1169/2011.
73
ECJ, 4 June 2015, Case C-195/14 Bundesverband der Verbraucherzentralen und
Verbraucherverbände - Verbraucherzentrale Bundesverband e.V. v Teekanne GmbH & Co. KG,
ECLI:EU:C:2015:361, see Schebesta and Purnhagen (2016), p. 595.
74
Art. 7(1) UCPD underlines that to assess whether a commercial practice is misleading, it needs
to be considered “in its factual context, taking account of all its features and circumstances and the
limitations of the communication medium”, this can include “any measures taken by the trader to
make the information available to consumers by other means.”
75
Art. 7(3) UCPD “Where the medium used to communicate the commercial practice imposes
limitations of space or time, these limitations and any measures taken by the trader to make the
information available to consumers by other means shall be taken into account in deciding whether
information has been omitted.”
Control in the Label: Self-Declared, Certified, Accredited? 155
After having established that, principally, food scheme labelling may risk to violate
the law if not done properly, we turn to examine the different information elements
that are regularly used in scheme labelling on food products. As has been shown
above, the combination of graphical, textual and reference to off-pack information
can do much to influence consumer understanding of the scheme and influence
consumers’ expectations about scheme compliance control. While most research
76
Reg (EU) No 1169/2011 on the provision of food information to consumers, [2011] OJ L 304/18
(‘Food Information Regulation’ (FIR)).
77
Art. 7(2) of Reg (EU) No 1169/2011.
78
Art. 36(2)(b) of Reg (EU) No 1169/2011.
79
Art. 36(2)(c) of Reg (EU) No 1169/2011.
80
Such as the Fishery and Aquaculture Products Common Market Organization Regulation that
specifies that voluntary information must be clear and unambiguous Art. 39(1) of the CMO
Regulation and may not be included if it cannot be verified Art. 39(4) of the CMO Regulation.
81
These are the most important obligations for the research question examined in this article; other
information requirements include accuracy and verifiability. Also, the trader is subject to the
requirement to act with a due diligence required in the industry.
82
Tang et al. (2004), p. 85.
83
For instance on eco-labels: ‘consumer trust in independent certifications depends on whether
these certifications can clearly convey [emphasis added] responsible standards.’ Dekhili and Akli
Achabou (2014) citing Boström and Klintman (2008).
156 H. Schebesta
has distinguished and focused on the complementarity of visual and verbal com-
munication, for food products additional information elements should be
distinguished:
• Word mark (e.g. scheme name)
• Figurative mark (pictoral logo)
• Figurative mark with fixed word elements
• Explanatory textual claims, sometimes limited mandatory models of phrasing,
and/or subject to approval procedures
• Reference to further information, e.g. inclusion (sometimes mandatory) of a link
to scheme operator’s website.
These elements can be used alone or in combination. Behavioural research con-
firms that visual and verbal communication is additive.84 From a legal point of view,
the overall impression of the product presentation is decisive,85 which means that all
information elements need to be examined together.
A consumer’s understanding of a food scheme begins commonly with the food
scheme name, and how descriptive it is: Fair Trade conveys the purpose of the
scheme, where the name Max Havelaar is much less intuitive. UTZ certified on the
other hand immediately clarifies that the scheme is a certification scheme. Further,
the notoriety of the brand name is significant to consumers. For instance, a famous
(at the time) self-declared sustainability food scheme (Nespresso AAA) was shown
to generate very high confidence rates in consumers, because customers trust big
brands—the trust generated was comparable to that of a famous certified pro-
gramme.86 Scheme labelling is not commonly used to communicate the fact that a
food scheme is certified by an accredited body. One of the few exceptions is the
Tesco Nurture scheme which has labels featuring ‘Independently Accredited
Farming Standards Since 1992’.
Very often, food schemes will also allow the use of a logo in the form of figura-
tive marks on the food packaging. This logo can be used with or without word-
marks. Pictures are powerful,87 and figurative marks have a strong and fast effect on
consumers in cognitive terms. Consumers respond with greater immediacy to them,
and the CJEU has rightly held that pictures may constitute claims for the purposes
of EU law.88 Particularly officious looking logos (‘seals’) may create the impression
of being a form of ‘official’ or at least independent endorsement, and hence control.
Logos further go a long way in complementing textual claims and achieve a more
positive evaluation of the text they support; labels therefore have a reassuring func-
tion. The effect is attributed to consumers perceiving labels as being institutional-
ized and more credible.89
84
Teisl et al. (2002), p. 44.
85
ECJ – Teekanne (n 68).
86
Dekhili and Akli Achabou (2014).
87
See for the famous ‘picture superiority effect’: Kaplan et al. (1968), p. 73.
88
See ECJ – Teekanne (n 68); Schebesta and Purnhagen (2016).
89
Ertz et al. (2017) and Schumacher (2010), p. 2202.
Control in the Label: Self-Declared, Certified, Accredited? 157
Problematic about figurative marks used alone is that they allude to attributes
without being explicit. Therefore, pictures by themselves, and without any addi-
tional information element, can be considered as vague or ambiguous claims. In this
respect, the EU public logos could serve as an example of a bad practice: the EU
Organic Scheme is a figurative mark only (a leaf shape made of stars on a green
background). The scheme relies on graphic recognition of the consumer and does
not include descriptive textual elements, which makes it difficult for consumers to
comprehend the formal nature of the scheme. It has been generally lamented that
‘(e)co-label designs usually incorporate visual logos, but only a small number of
them include a verbal message to communicate the key reason why the label has
been granted.’90 Although graphic marks alone can suggest positive attributes, they
are not suitable to communicating the control element, i.e. whether a scheme is self-
certified, certified or accredited. Legally, it is settled that vague claims, for example
environmental claims such as ‘nature’s friend’, can be prohibited as a misleading
practice under the UCPD if not substantiated.91 This reasoning could be applied by
analogy to figurative marks. In addition, their vagueness can violate food informa-
tion law in terms of being ambiguous and confusing.
Generally, the meaning of figurative marks should be supported by the provision
of additional information. Studies indicate that ‘the most effective eco-labels would
be those having a “seal” and an additional “written message” that indicates the pri-
mary environmental attribute of the product.’92
Therefore, incorporating textual references to the control element (such as ‘certi-
fied scheme’) induces a more accurate consumer understanding. Further, a textual
claim mentioning certification/accreditation will also be more effective due to the
increase in the claim’s concreteness.93 In the case of UTZ, ‘certified’ as it is a man-
datory textual element used in addition to the seal. Such practice enables consumers
to positively distinguish a certified/accredited label from non-certified ones.
Lastly, the definition of food information is very encompassing, and can cover
any type of information about the food product, not solely on-pack. This means that
additional information can be made available for instance through a link to a web-
site. Food products have very limited on pack space, and therefore a website is an
option for providing details about the scheme. The Commission Guidelines, as well
as the subsequent market study,94 rely heavily on the provision of information on
90
Dekhili and Akli Achabou (2014).
91
Commission Guidance on the UCPD (n 60), section 5.1.2.
92
Tang et al. (2004).
93
Ibid., also David (1998), p. 180.
94
Ipsos and London Economics (2013). Suggesting the policy solution that there should be a ‘[c]
lear statement on the website if the scheme is certified or self-declaration; and, if the scheme is
certified the name of the certification body and information on the certification process and require-
ments in clear and transparent language for non-technical readers should be available. For exam-
ple, how often certification procedures take place. More detailed technical specifications and
requirements could also be provided on the website for users who want access to more specific
details. However, this would be in addition to information that was easy to access and understand
for the consumer’, 114.
158 H. Schebesta
websites, also when it comes to the notion of control. The Commission Guidelines
recommend that ‘[s]chemes should clearly state (e.g. on their website) that they
require certification by an independent body and provide contact details of certifica-
tion bodies which provide this service.’95 For the consumer, in choosing food
products, on-pack information will, however, constitute the most immediate and
important source of information, while other sources, such as websites, will be con-
sulted only in a subsidiary way. References to websites will therefore not in all cases
suffice to prevent consumers from being misled and to ensure information clarity in
line with the legal framework.
By adopting on pack label policies that emphasise the certified/accredited nature
of a scheme, food schemes can foster consumer information and ensure compliance
with the legal framework.
The above analysis identified several shortcomings in the current labelling practices
of food schemes, in particular when it comes to enabling the consumer to distin-
guish whether schemes are self-declared, certified or accredited. Some of these
labelling practices may be illegal because they violate the consumers’ right to take
informed decisions. Beyond identifying the legal risks for food business operators,
this contribution wants to support food business operators in ensuring that the infor-
mation they provide in their labelling is sufficiently clear and does not mislead the
consumer.
While there is a legal framework that captures food scheme labelling practices,
the provisions are very broad and it is questionable whether they are able to deliver
legal certainty. Also the policy initiative taken by the European Commission in the
form of the Best Practices Guidelines mainly relies on recommending disclosure of
food schemes’ mechanisms for compliance control at a secondary level, i.e. on web-
sites. For immediate purchasing decision, this kind of information is likely to be too
remote for consumers to consider.
Perhaps surprisingly, another area of law is moving towards much more stringent
solutions than food information law in the narrow sense. The new EU Trademark
Regulation96 introduced EU certification marks. These already existed in some, but
not all, national intellectual property right systems. In intellectual property law,
certification marks are discussed as a bridge over the trust gap that emerged when
normal trademarks became used for exaggerated marketing claims.97 They are
95
European Commission (2010).
96
Reg (EU) 2015/2424 amending Council Reg (EC) No 207/2009 on the Community Trade Mark
and Commission Reg (EC) No 2868/95 implementing Council Regulation (EC) No 40/94 on the
Community Trade Mark, [2015] OJ L 341/21, hereafter referred to as ‘EU Trade Mark Amending
Regulation (2015)’.
97
Chon and Fujiye (2016).
Control in the Label: Self-Declared, Certified, Accredited? 159
References
Albersmeier, F., Schulze, H., Jahn, G., & Spiller, A. (2009). The reliability of third-party certifica-
tion in the food chain: From checklists to risk-oriented auditing. Food Control, 20, 927.
Areté. (2010). Inventory of certification schemes for agricultural products and foodstuffs mar-
keted in the EU member states. http://ec.europa.eu/agriculture/quality/certification/inventory/
inventory-data-aggregations_en.pdf
Boström, M., & Klintman, M. (2008). Eco-standards, product labelling and green consumerism.
Basingstoke, England: Palgrave Macmillan.
Chon, M. (2014). Marks and more(s): Certification in global value chains. In I. Calboli & E. Lee
(Eds.), Trademark protection and territoriality challenges in a global economy (p. 79).
Cheltenham, England: Edward Elgar.
Chon, M., & Fujiye, M. T. (2016). Leveraging certification marks for public health. Retrieved May
10, 2017, from https://papers.ssrn.com/abstract=2821815
David, P. (1998). News concreteness and visual-verbal association do news pictures narrow the
recall gap between concrete and abstract news? Human Communication Research, 25, 180.
98
Dir (EU) 2015/2436 to approximate the laws of the Member States relating to trade marks,
[2015] OJ L 336/1, Art. 27(a), hereafter referred to as ‘EU Trademark Directive’.
99
Art. 74a(2) EU Trade Mark Amending Regulation (2015); Art. 28(2) EU Trademark Directive.
100
Art. 74b(2) EU Trade Mark Amending Regulation (2015).
101
Art. 74c(2) EU Trade Mark Amending Regulation (2015).
102
Chon (2014), pp. 79, 83.
160 H. Schebesta
Deaton, B. J. (2004). A theoretical framework for examining the role of third-party certifiers. Food
Control, 15, 615.
Dekhili, S., & Akli Achabou, M. (2014). Eco-labelling brand strategy: Independent certification
versus self-declaration. European Business Review, 26, 305.
Ertz, M., François, J., & Durif, F. (2017). How consumers react to environmental information: An
experimental study. Journal of International Consumer Marketing, 1.
Fouilleux, E., & Loconto, A. (2017). Voluntary standards, certification, and accreditation in the
global organic agriculture field: A tripartite model of techno-politics. Agriculture and Human
Values, 34, 1.
Fuchs, D., Kalfagianni, A., & Havinga, T. (2011). Actors in private food governance: The legiti-
macy of retail standards and multistakeholder initiatives with civil society participation.
Agriculture and Human Values, 28, 353.
Global Food Safety Initiative (GFSI), Enhancing Food Safety Through Third Party Certification.
(2011). http://www.mygfsi.com/images/mygfsi/schemes_certification/certification/third_
party/GFSI_White_Paper.pdf
Hatanaka, M., Bain, C., & Busch, L. (2005). Third-party certification in the global agrifood sys-
tem. Food Policy, 30, 354.
Havinga, T. (2008). Actors in private food regulation: Taking responsibility or passing the buck to
someone else? Nijmegen Sociology of Law Working Papers Series 2008/01. Retrieved April 25,
2017, from https://papers.ssrn.com/sol3/papers.cfm?abstract_id=2016083
Henson, S., & Humphrey, J. (2010). Understanding the complexities of private standards in global
agri-food chains as they impact developing countries. The Journal of Development Studies,
46, 1628.
Ipsos and London Economics. (2013). Consumer market study on the functioning of voluntary
food labelling schemes for consumers in the European Union.
Kaplan, S., Kaplan, R., & Sampson, J. R. (1968). Encoding and arousal factors in free recall of
verbal and visual material. Psychonomic Science, 12, 73.
Koos, S. (2011). Varieties of environmental labelling, market structures, and sustainable consump-
tion across Europe: A comparative analysis of organizational and market supply determinants
of environmental-labelled goods. Journal of Consumer Policy, 34, 127.
Loconto, A., & Busch, L. (2010). Standards, techno-economic networks, and playing fields:
Performing the global market economy. Review of International Political Economy, 17, 507.
Loconto, A., & Fouilleux, E. (2014). Politics of private regulation: ISEAL and the shaping of
transnational sustainability governance. Regulation & Governance, 8, 166.
MRAG. (2016). Feasibility report on options for an EU ecolabel scheme for fishery and aquacul-
ture products. http://ec.europa.eu/fisheries/file/3360/download_sv?token=TthyUWe8
MSC. (2016, April). MSC ecolabel user guide. https://www.msc.org/documents/logo-use/
msc-ecolabel-user-guide
Oakdene Hollins. (2011). EU ecolabel for food and feed products – Feasibility study. http://www.
oakdenehollins.co.uk/media/251/EC%2D%2D03_251_v3.pdf
Schebesta, H., & Purnhagen, K. (2016). The behaviour of the average consumer: A little less nor-
mativity and a little more reality in the court’s case law? Reflections on Teekanne. European
Law Review, 595.
Schumacher, I. (2010). Ecolabeling, consumers’ preferences and taxation. Ecological Economics,
69, 2202.
Tang, E., Fryxell, G. E., & Chow, C. S. F. (2004). Visual and verbal communication in the design of
eco-label for green consumer products. Journal of International Consumer Marketing, 16, 85.
Tanner, B. (2000). Independent assessment by third-party certification bodies. Food Control, 11,
415.
Teisl, M. F., Peavey, S., Newman, F., Buono, J., & Hermann, M. (2002). Consumer reactions to
environmental labels for forest products: A preliminary look. Forest Products Journal, 52, 44.
Control in the Label: Self-Declared, Certified, Accredited? 161
Carola Glinski
1 Introduction
This chapter uses the example of certification of biofuels in order to analyse prob-
lems, preconditions and constraints of (private) standards and certification as a
means to ensure compliance with legal requirements, within the European Union but
even more abroad, in the ‘Global South’. It first presents an overview of the substan-
tive requirements for biofuels of the Renewable Energy Directive 2009/28/EC and
the way in which certification is meant to ensure compliance of operators with those
requirements. It then turns to an analysis and critique of both, with a focus on the
certification system, and to legislative measures (of 2015) and new legislative pro-
posals that address the shortcomings of the system, before offering conclusions.
On 23 April 2009, Directive 2009/28/EC on the promotion of the use of energy from
renewable sources1 (Renewable Energy Directive, often referred to as ‘RED’) was
adopted. It is part of the climate and energy package of the EU. This package of
binding legislation is intended to ensure that the EU meets its climate and energy
[2009] OJ L 140/16.
1
C. Glinski (*)
Centre for Private Governance (CEVIA), Faculty of Law, University of Copenhagen,
Copenhagen, Denmark
e-mail: carola.glinski@jur.ku.dk
targets by 2020. The Directive emphasises that the control of energy consumption
in Europe and the increased use of energy from renewable sources together with
energy savings and an improved energy efficiency are essential elements of the set
of measures that is to reduce greenhouse gas emissions and to provide for compli-
ance with the Kyoto Protocol to the United Nations Framework Convention on
Climate Change and other EU and international commitments to reduce greenhouse
gas emissions beyond 2012.
Within the European strategy to combat climate change, Directive 2009/28/EC
promotes the use of biofuels and bioliquids. Article 3(4) of the Directive requires
Member States to ensure a share of at least 10% of energy from renewable sources
in its final energy consumption in transportation in 2020.
As the use of electro-mobility is still in its infancy, until now, this share is mainly
achieved by the use of biofuels. Biofuels are defined in Article 2(i) Renewable
Energy Directive as ‘liquid or gaseous fuel for transport produced from biomass’.
Basically, two types of biofuels can be distinguished: so-called ‘first-generation
biofuels’, mainly derived from energy crops such as oilseeds, sugarcane or cereals,
and so-called ‘second generation biofuels’, derived, for example, from waste or
residues.
In order for the EU to reach its sustainability goals, the challenge is not only to
ensure that the promoted biofuels have a positive greenhouse gas balance, as com-
pared to fossil fuels, but also that this positive effect is not invalidated by negative
(direct or indirect) impacts on greenhouse gas stocks, negative (direct or indirect)
impacts on environmental protection in general or on biodiversity in particular, neg-
ative impacts on (local) livelihoods, or negative impacts on food security due to
(direct or indirect) changes in land use. To this end, Articles 17, 18 and 19 Renewable
Energy Directive shall ensure that only biofuels and bioliquids are taken into
account, which fulfil certain sustainability criteria, irrespective of whether the raw
materials were cultivated inside or outside the territory of the EU. Other biofuels
can also be placed on the EU market but cannot be counted towards meeting the
mandatory national targets and they cannot receive financial support available to
promote the use of biofuels.
Article 17(2) provides that the use of biofuels lead to greenhouse gas emission
savings emissions of at least 35%, from 2017 of at least 50%, and from 2018 of at
least 60%.2 Biofuels shall not be made from raw material obtained from land with
high biodiversity value in or after January 2008, namely primary forests, areas des-
ignated for nature protection, or highly biodiverse grasslands, whether or not the
land continues to have that status, see Article 17(3). The same applies to biofuels
obtained from land with a high carbon stock in 2008, namely wetlands, continu-
ously forested areas and from peatlands, Article 17(4) and (5). In addition to that,
agricultural raw materials cultivated in the EU shall be produced in accordance with
the requirements and standards for good environmental and agricultural practice,
Article 17(6). The latter, however, does not apply to energy crops cultivated outside
the EU.3 Moreover, the Renewable Energy Directive of 2009 did not contain any
standards or requirements relating to land use conflicts; which will be discussed
below.
The increased need for biofuels that resulted from the 10% target has led to an
enormously increased cultivation of energy crops, not only within the EU but in
particular in the ‘Global South’ where bioliquids, in particular palm oil and soy oil,
can be produced cheaper and more efficiently than in the EU. In fact, the EU would
not even be able to produce the necessary amount of biomass on its own territory.4
Already in 2012, an estimated 4.4 million hectares of cropland within in the EU and
3.5 million hectares outside the EU were used for energy crops in order to achieve
a biofuel share of around 3–4%. Main exporters were Argentina, Indonesia, the
United States and Brazil.5
The resulting challenge is to make sure that biofuels actually comply with the
requirements of the Renewable Energy Directive, a challenge that is even greater
where production takes place outside the EU.
Biofuels go through a supply chain, beginning with the farm where energy crops are
cultivated, through production steps such as oil mills and ending at the petrol sta-
tion. Thus, in order to make sure that biofuels are produced in compliance with the
sustainability criteria of the Renewable Energy Directive, control must extend to the
whole supply chain. Here, transnational supply chains pose particular problems. In
fact, the EU legislator expressed concern that production of biofuels and bioliquids
in certain third countries might not respect minimum environmental or social
requirements.6
Authorities from EU Member States can only control production in third coun-
tries with the permission of the exporting State, and controls abroad produce signifi-
cant administrative costs. Thus, using private standardization and/or certification
systems would seem to provide for a feasible and cost-effective means to ensure
compliance with certain social or environmental standards.7
Article 18 Renewable Energy Directive lays down the main features for the veri-
fication of compliance of operators with the system. To this end, the Renewable
Energy Directive provides for three different routes. According to Article 18(4), the
Commission can recognise national or international regulations, agreements or
3
For a more detailed description see Romppanen (2015), pp. 46 ff.
4
See Ponte and Daugbjerg (2015), pp. 96 ff.
5
See European Commission, Technical assessment of the EU biofuels sustainability and feasibility
of 10% renewable energy in transport, SWD (2015) 117 final, 3.
6
See recital (74) of Dir 2009/28/EC.
7
See also Ponte and Daugbjerg (2015), p. 96.
166 C. Glinski
National schemes are those, which have been set up by the Member States in their
implementing legislation in order to fulfil their obligations stemming from Article
18(3) Renewable Energy Directive. To this end, Member States can provide national
authorities with the (additional) competence to evaluate and approve private stan-
dardisation schemes. Compliance with the sustainability criteria has to be ensured
by independent auditing, which is usually carried out by certification bodies, which
on their part have to be supervised by the competent national authorities. In
Certification of the Sustainability of Biofuels in Global Supply Chains 167
8
See the Commission proposal for a Directive on the promotion of the use of energy from renew-
able sources, COM(2008) 19 final, 8; Romppanen (2015), 48.
9
See Romppanen (2012), pp. 173 and 176 ff. See also the European Commission’s Staff Working
Document accompanying the Renewable Energy Progress Report of 27/3/2013, SWD(2013) 102
final, 17 f.
10
For a description of the Finnish system, see Romppanen (2013), pp. 340 and 344 ff.
11
Verwaltungsvorschrift für die Anerkennung von Zertifizierungssystemen und Zertifizierungsstellen
nach der Biokraftstoff-Nachhaltigkeitsverordnung (Biokraft-NachVwV) of 12/3/2010, as amended.
12
Verwaltungsvorschrift für die Anerkennung von Zertifizierungssystemen und Zertifizierungsstellen
nach der Biomassestrom-Nachhaltigkeitsverordnung (BioSt-NachVwV) of 10/12/2009, as
amended.
168 C. Glinski
certification of the oil mills by approved certification bodies; which on their part are
under the control of the competent authority, the BLE. The BLE is responsible for
the recognition and supervision of standardisation schemes as well as for the recog-
nition and supervision of certification bodies. The individual standardisation
schemes further set up specific requirements on (recognized) certification bodies
that they cooperate with.
Certification bodies are independent natural or legal persons who issue certifi-
cates to economic operators along the supply chain and who monitor all operations
along the supply chain with regard to the fulfilment of the requirements laid down
in the Renewable Energy Directive and in German legislation adopted for its imple-
mentation as well as other requirements of the used system.
Certification bodies issue certificates only to certain types of operators: the so-
called ‘interfaces’ (Schnittstellen). The interfaces include the first gathering points
or gatherers (first interfaces) as well as all conversion operations (final interfaces).
The first gathering points are establishments and operational sites, which first
acquire the biomass required to produce biofuels from the producers that grow and
harvest such biomass for the purpose of trading it on (for example, agricultural trad-
ers). Gatherers are establishments and operations that first take on the biomass
required for the production of biofuels in the form of waste and residues from the
operations or private households which generated the waste and residues, for the
purpose of trading it on. Conversion operations include establishments and opera-
tions which process biomass from sustainable cultivation or from biogenic waste or
residues and supply the semi-finished products to further processing stages for the
purpose of biofuel or bioliquids production (for example oil mills, biogas plants, fat
preparation plants or other plants the process step of which is not sufficient to
achieve the quality level required for final use) and establishments and operations
that process liquid or gaseous biomass up to the quality class required for final use
(for example oil mills, esterification plants, ethanol plants, hydrogenation plants or
biogas processing plants).
The certification bodies are responsible for the monitoring of compliance with
the legal requirements not only of the interfaces but also of producers (cultivators)
and traders within the supply chain. Their certificates certify that the specific
requirements of the Renewable Energy Directive for the production of sustainable
biofuels or bioliquids are met. Certification bodies can act within one or several
certification systems.13
Currently, two certification schemes14 and 25 certification bodies are recognised
in Germany.15
13
See also Müller (2011), p. 405.
14
International Sustainability and Carbon Certification (ISCC) and REDcert.
15
For the list, see https://www.ble.de/SharedDocs/Downloads/DE/Klima-Energie/Nachhaltige-
Biomasseherstellung/Anerkennung_de.pdf?__blob=publicationFile&v=13.
Certification of the Sustainability of Biofuels in Global Supply Chains 169
16
For critique, see Romppanen (2015), 111 ff.
17
See only https://en.wikipedia.org/wiki/Roundtable_on_Sustainable_Palm_Oil. For more
detailed information, see the German Wikipedia page at https://de.wikipedia.org/wiki/
Roundtable_on_Sustainable_Palm_Oil.
18
See https://ec.europa.eu/energy/sites/ener/files/documents/voluntary_schemes_overview_
dec17.pdf.
19
For the following, see also Hamelmann (2016), pp. 30 ff.; Naiki (2016), pp. 129 and 138 ff.
20
See the overview of voluntary schemes at https://ec.europa.eu/energy/sites/ener/files/documents/
voluntary_schemes_overview_dec17.pdf.
21
E.g., the Gafta Trade Assurance Scheme.
170 C. Glinski
not only impact on their governance structures but, according to the findings of the
European Court of Auditors, also on their transparency.22
All voluntary schemes must of course include the minimum requirements on
sustainability of the Renewable Energy Directive. Some, however, provide for addi-
tional regulation and concretization of substantive sustainability standards.
Typically, industry-driven schemes tend to include only the minimum requirements
of the Renewable Energy Directive, whereas multi-stakeholder initiatives often go
beyond them and include additional environmental requirements, such as environ-
mental impact assessment and good agricultural practice, and aspects of social
responsibility and human rights.23
Finally, one may suspect that they might also differ in relation to fees and to the
intensity of control exercised; the latter having been confirmed by the audit team of
the European Court of Auditors (see infra, Sect. 3.5).
The system of the Renewable Energy Directive has been criticised in many ways in
academic writing. The voluntary schemes, in particular, and their recognition and
supervision by the European Commission, were even the subject of a special report
of the European Court of Auditors in 2016.24 The most important issues are dis-
cussed hereinafter.
In order for a compliance control system to meet its task, a few preconditions have
to be fulfilled and potential constraints to be taken into consideration. Here, the aim
is to ensure the sustainability of biofuels, which count for the EU system for the
promotion of renewable energy. Thus, first of all, there have to be clear encompass-
ing, problem covering and problem solving sustainability standards. Standards that
are too low or that cover only parts of the problem could put the whole system at
risk. The same applies to sustainability problems, which in their complexity or only
indirect relatedness to the immediate production of energy crops cannot be covered
by the certification of production sites only. Second, the proper implementation of
the requirements must be ensured. Third, adherence to the required standards must
be ensured. Here, as the system in principle provides for a two-layered delegation of
22
European Court of Auditors (2016), p. 27.
23
See also Hamelmann (2016), pp. 37 ff., for a comparison of the multi-stakeholder schemes of
ISCC and Roundtable on Sustainable Biomaterials EU RED with the Red Bioenergy Sustainability
Assurance (RSBA) scheme that was developed by the Abengoa Bioenergy company.
24
See n 22.
Certification of the Sustainability of Biofuels in Global Supply Chains 171
authority to private parties, first from the European Commission (or the Member
State) to private standardisation schemes concerning the proper implementation of
standards, and secondly the delegation of control (from the standardisation schemes)
to private certification bodies, the reliability of the private parties involved must be
ensured at both levels. Forth, there have to be effective sanctions for non-compliance.
Otherwise, there is the risk of dysfunctional certification systems, ‘greenwashing’
and unwanted steering effects. In addition, in this case of alternating multi-level
compliance systems, inconsistencies between the different alternatives or levels of
implementation must be avoided. A particular problem may arise from competition
between alternative systems, which might lead to a race to the bottom (see infra,
Sect. 4).
First of all, and perhaps most importantly, in their original version, the legal mini-
mum sustainability requirements of the Renewable Energy Directive 2009/28/EC
only excluded energy crops which were grown on land that had high ecological
value in 2008 but did not address the issue of replacement of other land uses, such
as the growing of food crops. In many countries, this resulted in indirect land use
changes. Indirect land use changes occur when energy crops do not directly replace
land of high ecological value but replace food crops, which then, on their part, are
grown on land of formerly high ecological value, leading to deforestation and to the
destruction of natural lands and biodiversity. The use of palm oil in particular has
been heavily criticized by environmental organizations, NGOs in the field of devel-
opment cooperation and not least the European Parliament.25 This threat to the
effectiveness of the sustainability criteria had been criticised from the very
beginning,26 and it indeed reflects one of the major limitations of the certification of
production sites.27
Consequently, the audit team of the European Court of Auditors ‘found that the
assessments carried out by the Commission as a basis for the recognition of volun-
tary schemes did not adequately cover some important aspects necessary to ensure
the sustainability of biofuels. In particular, the Commission did not require volun-
tary schemes to verify that the biofuel production they certify does not cause signifi-
cant risks of negative socio-economic effects, such as land tenure conflicts, forced/
child labour, poor working conditions for farmers and dangers to health and safety.
Similarly, the impact of indirect land-use changes (ILUC) on the sustainability of
biofuels is not covered by this assessment. Although we acknowledge the technical
25
See also infra, Sect. 6.
26
See, for example, Bowyer (2010).
27
See, for example, van Dam et al. (2010), pp. 2445 and 2460 ff.
172 C. Glinski
28
See European Court of Auditors (2016), p. 35.
29
See, for example, IPC and Renewable Energy International Law (2006); Switzer and McMahon
(2011), p. 713; Lydgate (2013), pp. 159 ff. For the relationship of private or voluntary schemes and
WTO law, see also Glinski (2017), p. 120, in particular 138 ff.
30
See WT/DS443 European Union and a Member State – Certain Measures Concerning the
Importation of Biodiesel; WT/DS459 European Union and certain Member States – Certain
Measures on the Importation and Marketing of Biodiesel and Measures Supporting the Biodiesel
Industry – Request for consultations by Argentina.
31
See also Schmeichel (2014), pp. 174 ff.; van Dam et al. (2010), pp. 2445 and 2460 ff.
Certification of the Sustainability of Biofuels in Global Supply Chains 173
32
See Ugarte et al. (2013). In contrast, Germany was the first Member State to implement the cer-
tification system of Directive 2009/28/EC and has recognised two certification systems already in
2010, see BLE (2011), p. 10.
33
See, for example, European Commission, Communication on voluntary schemes and default
values in the EU biofuels and bioliquids sustainability schemes, [2010] OJ C 160/1; Commission,
Communication on the practical implementation of the EU biofuels and bioliquids sustainability
scheme and on counting rules for biofuels, [2010] OJ C 160/8. See also Romppanen (2012),
pp. 177 ff.
34
See Council Reg (EU) No 1307/2014 on defining the criteria and geographic ranges of highly
biodiverse grassland for the purposes of Art 7b(3)(c) of Dir 98/70/EC relating to the quality of
petrol and diesel fuels and Art 17(3)(c) of Dir 2009/28/EC on the promotion of the use of energy
from renewable sources, [2014] OJ L 351/3.
35
For critique, see the European Court of Auditors (2016), p. 26.
36
For critique, see Romppanen (2015), p. 91.
37
European Commission note on ‘Verification of the chain of custody of biofuels made from waste
and processing residues’ (10.10.2014); available at https://ec.europa.eu/energy/sites/ener/files/
documents/2014_letter_wastes_residues.pdf.
38
European Court of Auditors (2016), p. 25. See also infra, Sect. 3.4.
174 C. Glinski
39
For details, see Schmeichel (2014), pp. 167 ff.
40
See Schmeichel (2014), pp. 167 f.
41
With the positive exception, in particular, of RSB.
42
See also Schmeichel (2014), pp. 169 f.
43
Ibid., 169 f, 175.
44
See also ibid., 171.
45
See European Court of Auditors (2016), p. 21.
46
See Schmeichel (2014), p. 172.
Certification of the Sustainability of Biofuels in Global Supply Chains 175
verification procedures and institutional set-up are essential. Thus, the Commission’s
benchmarks for assessment as well as the approval procedure play a decisive role.
The recognition of voluntary schemes is an implementing act by the Commission
in terms of Article 291 TFEU, following the advisory procedure of Article 4 of
Regulation (EU) No. 182/2011 laying down the rules and general principles con-
cerning Commission’s exercise of implementing powers.47 Hereby, the Commission
has to take into consideration the opinion of the Committee on the Sustainability of
Biofuels and Bioliquids, see Articles 18(6) and 25(3) Renewable Energy Directive.
NGOs have criticized the recognition procedure for lack of transparency and
public participation. Several NGOs tried to get access to documents relating to the
recognition of voluntary schemes and, failing to obtain them, claimed an infringe-
ment of their right to access to environmental information. The General Court, how-
ever, dismissed the claim for procedural reasons.48
Article 18(4) subpara. 2 of Directive 2009/28/EC requires voluntary schemes to
provide for accurate data, comply with the methodological requirements concerning
measurement, ensure compliance with the sustainability criteria and meet ‘adequate
standards of reliability, transparency and independent auditing’.
The Commission’s Communication on voluntary schemes49 concretises that vol-
untary schemes (in line with national schemes) have to use the mass balance sys-
tem50 and must provide information on the country of origin, and states that evidence
showing compliance with the sustainability criteria could be provided by a related
statement. Furthermore, the schemes must ensure that the economic operators are
audited before they can participate in the scheme. Also, the schemes have to ensure
regular—at least annual—audits by independent external auditors following the
approval,51 and they must provide for a documentation management, which allows
the verification of information provided.
The audit team of the European Court of Auditors was also critical of the recog-
nition practice. For example, it found that the Commission granted recognition to
voluntary schemes, which did not have appropriate verification procedures to ensure
that, as required by Directive 2009/28/EC, biofuel crops cultivated in the European
Union fulfil the EU environmental requirements for agriculture. Another shortcom-
ing was the verification of the origin of biofuels produced from waste as indeed
waste. The problem here is that waste is counted double because it provides for a
more sustainable source of energy and in particular not in competition with food
production (Article 21(2)). This created an incentive to declare, for example, virgin
oil as waste oil.52
47
[2011] OJ L 55/13. See also Art 13(1)(a) of Reg (EU) 182/2011.
48
See EGC, Case T-278/11 Client Earth et al v Commission, ECLI:EU:T:2012:593; see also
Schmeichel (2014), p. 134.
49
Commission, Communication on voluntary Schemes and default values in the EU biofuels and
bioliquids sustainability schemes, [2010] OJ C 160/1.
50
Ibid., para 2.2.3.
51
Ibid., para 2.2.2.
52
European Court of Auditors (2016), p. 25.
176 C. Glinski
Interestingly, the European Commission did not carry out the assessment of vol-
untary schemes with its own staff but through an external contractor that the Court
of Auditors however found to have applied the rules correctly.53
According to the Commission’s Communication on voluntary schemes, certifi-
cation bodies and auditors must possess sufficient capabilities and expertise to
ensure sustainability. They comply with these requirements when they follow the
ISO 19011 standard on quality and/or environmental management auditing.54 The
main requirements are that audits have to be planned, conducted and reported prop-
erly, and that risk assessments and verification measures have to be carried out.
Apart from that, no detailed requirements on the auditing process or on the required
institutional set-up were codified. In particular, there are no further requirements
concerning the inclusion of stakeholders in order to ensure the independence and
transparency of the audits.55
Moreover, the European Commission’s recognition does not extend to certifica-
tion bodies, nor are they subject to any Commission assessment. The Directive
appears to envisage that certification bodies are recognized and monitored by the
operators of the voluntary schemes. Indeed, the exclusion of certification bodies
from assessment and recognition was regarded as a major shortcoming of the com-
pliance procedure.56 As mentioned above, in the German system, the BLE is respon-
sible for the recognition and supervision of certification bodies both in national
schemes and in voluntary schemes. In the special report of the European Court of
Auditors, this supervision by the BLE is seen as a restriction of the effects of the
European Commission’s recognition of a voluntary scheme, and as an additional
burden to the controls already carried out by the voluntary schemes. In fact, the
Commission also seems to be more concerned with avoiding ‘excessive administra-
tive burden’ on economic operators than with strict control of their activities.57
3.5 Monitoring
One of the main criticisms related to monitoring. In fact, the Renewable Energy
Directive does not require the Commission to exercise supervision over voluntary
schemes.58 Accordingly, once it had recognised them, the Commission did not
supervise the voluntary schemes.
53
European Court of Auditors (2016), p. 20.
54
Commission, Communication on voluntary Schemes and default values in the EU biofuels and
bioliquids sustainability schemes, [2010] OJ C 160/1, para 2.2.2.
55
For critique, see Romppanen (2015), p. 49.
56
See e.g. Schmeichel (2014), pp. 136 f.
57
See the Staff Working Document (2013), 17.
58
In fact, the German participants in the Committee on the Sustainability of Biofuels and Bioliquids
explicitly suggested that monitoring of the voluntary systems should be one of the tasks of the
Committee, which, however, was not regarded as necessary. See the summary report of the m eeting
Certification of the Sustainability of Biofuels in Global Supply Chains 177
According to the Commission, the only control instrument at its disposal is the
withdrawal of the recognition of a scheme, if it has evidence that the scheme has
incurred a serious infringement of its certification rules and requirements. However,
as the audit team rightly remarked, as the Commission does not supervise how vol-
untary schemes operate, it is very unlikely that it can obtain sufficient evidence in
this regard.60 Moreover, no complaint system was in place that could have alerted
the Commission.61
Monitoring apparently has not even taken place where it would have been easy
to do. In relation to the implementation of the European Commission’s guidance
note on ‘Update of Commission website, notifications and transparency measures’
of March 2015,62 the audit team of the European Court of Auditors found, with a
simple review of the voluntary schemes’ websites, that almost 1 year after the guid-
ance note had been issued, the requirements were far from being accomplished:
many gaps still existed where information had either not been published or was
unclear or incomplete.63
Procedural shortcomings concerning the recognition and supervision of volun-
tary schemes also impact on the proper implementation (apart from their vagueness)
of the substantive sustainability requirements by the voluntary schemes. Without
supervision of the voluntary schemes following their recognition, there is obviously
no guarantee that they really provide ‘accurate data’.64 Also, the intensity of the
control exercised by individual schemes is unclear, and again the reason is that the
European Commission has not controlled their activities.
Indeed, the special report of the European Court of Auditors concluded that,
‘because of weaknesses in the Commission’s recognition procedure and subsequent
supervision of voluntary schemes, the EU certification system for the sustainability
of biofuels is not fully reliable.’65
of the Committee on the Sustainability of Biofuels and Bioliquids of 27 May 2011, quoted by
Schmeichel (2014), p. 136.
59
European Court of Auditors (2016), p. 29.
60
Ibid., 28.
61
Ibid., 29.
62
Available at https://ec.europa.eu/energy/sites/ener/files/documents/PAM%20to%20vs%20
on%20transparency%20ARES%202015%201094930.pdf.
63
See European Court of Auditors (2016), p. 30.
64
See, e.g., Schmeichel (2014), p. 135.
65
European Court of Auditors (2016), p. 8.
178 C. Glinski
This may be contrasted with the supervision of the German national schemes and
the German certification bodies by the Federal Agency of Agriculture and Food
(BLE); whereby it should be remembered that the latter applies to certification bod-
ies under the national scheme and under the voluntary schemes alike if they are situ-
ated in Germany.
Supervision by the BLE of certification bodies includes office audits at the certi-
fication bodies on a yearly basis and risk-oriented evaluation of the audit work of
the certification bodies (witness audits).66 The BLE auditors monitor certification
audits of certification bodies (so-called witness audits) all over the world, provided
that the countries concerned have permitted the BLE to carry out witness audits on
their territory. According to its latest report relating to 2016, in that year the BLE
monitored 163 (previous year: 146) certification audits carried out by the certifica-
tion bodies. 96 of these audits were carried out in Germany, the remaining 67 audits
took place all over the world in countries both within and outside of the European
Union.67
The audit team of the European Court of Auditors was not in the legal position to
control the voluntary schemes themselves, as the voluntary schemes are not financed
out of the EU budget. However, four voluntary schemes voluntarily agreed to a
review. In relation to the criterion of compliance with EU environmental law, as
envisaged by Article 17(6) of the Renewable Energy Directive, the audit team found
that the certification standards of three of them did not allow effective and compre-
hensive verification of the fulfilment of that sustainability criterion. Those schemes
relied on controls carried out by national authorities of EU Member States in the
framework of the Common Agricultural Policy, but they had no access to the results
of such controls.68
4 C
ompetition Between Different Systems: A Race
to the Bottom?
The free choice between national schemes and (a variety of) voluntary schemes
creates competition between those schemes. As mentioned above, the voluntary
schemes differ substantially in that some of them go beyond the minimum
66
See BLE (2017), p. 15.
67
Ibid., 23.
68
European Court of Auditors (2016), pp. 20 f.; hereby the audit team indicates that infringements
by farmers of EU environmental law are frequent; which indicates that the controls carried out by
national authorities may be insufficient.
Certification of the Sustainability of Biofuels in Global Supply Chains 179
69
See also Hamelmann (2016), p. 45.
70
On the possibility of such ‘scheme shopping’, see European Court of Auditors (2016), p. 32.
71
ISCC and REDcert, see BLE (2011), p. 10.
72
Ibid., 13.
73
BLE (2012), p. 18.
74
See also the critique of the audit team of the European Court of Auditors (2016), p. 30.
180 C. Glinski
July 2011.75 In 2012, the first participants, in particular from Germany and France,
left the German national schemes; which the BLE related to the coming into effect
of the voluntary schemes.76 From 2013 on, the decrease was significant. In 2013, the
number of participants in the German national schemes decreased by 16% as com-
pared to 2012. Among the participants from third countries, the decrease was even
22%. In contrast, the number of participants in the voluntary schemes that were
registered in the German database more than doubled.77 In 2014, the number of
participants in the voluntary schemes for the first time exceeded the number of par-
ticipants in the German national scheme.78 The trend continued, and in its report on
2016, the BLE counted 1062 participants in the German national schemes, as com-
pared to nearly 2000 participants in 2011 and 2012; whereas 2614 operators (with
relevance for the German market) participated in the voluntary schemes.79
One reason for the move away from national schemes towards voluntary schemes
has certainly been that certification under the voluntary schemes must be recognised
by all Member States, whereas the Renewable Energy Directive had not introduced
a system of mutual recognition of certification under the national schemes. However,
as mentioned above, it also seems that the avoidance of strict controls may have
been an incentive, as can be concluded from the subsequent legislative
development.
5 Amendments in 2015
Most importantly, that Directive addressed the problem of indirect land use changes.
Following an impact assessment by the European Commission,81 published in
October 2012, the EU legislator acknowledged that based on forecasts of biofuel
75
In the UK and the Netherlands, national systems had been established by that time as well, see
BLE (2012), p. 18.
76
See BLE (2013), pp. 17 and 20.
77
See BLE (2014), pp. 17 ff.
78
BLE (2015), p. 19.
79
See BLE (2017), p. 21.
80
[2015] OJ L 239/1.
81
Impact Assessment accompanying the proposal for a Directive amending Directive 98/70/EC
relating to the quality of petrol and diesel fuels and amending Directive 2009/28/EC on the promo-
tion of the use of energy from renewable sources, SWD(2012) 343 final.
Certification of the Sustainability of Biofuels in Global Supply Chains 181
demand provided by the Member States and estimates of indirect land-use change
emissions for different biofuel feedstocks, it was likely that greenhouse gas emis-
sions linked to indirect land-use change were significant, and could negate some or
all of the greenhouse gas emission savings of individual biofuels. This is because
almost the entire biofuel production in 2020 could be expected to come from crops
grown on land that could be used to satisfy food and feed markets. In order to reduce
such emissions, it was therefore deemed appropriate to distinguish between crop
groups such as oil crops, sugars and cereals and other starch-rich crops
accordingly.82
To this end, the EU established a ceiling of 7% for the share of biofuels obtained
from food crops (first generation biofuels), see Article 3(4) of Directive 2009/28/EC
as amended by Article 2(2) of Directive 2015/1513/EU, and changed the timing of
the sustainability criterion of the increased minimum savings from 35% to 50%
(from 2018) and 60% for new installations (since 1 January 2017). The 7% ceiling
applies from 2020. Thus, the rest of the 10% renewable energies target must be
achieved by other means, for example through biofuels derived from waste (second
generation biofuels).
With regard to the voluntary systems, the 2015 Directive has introduced detailed
annual reporting requirements for voluntary schemes in Article 18(5) subpara 2 and
(6) subpara 2 Renewable Energy Directive (as amended). These reports have to be
made public on the transparency platform referred to in Article 24. They shall pro-
vide the basis of a detailed analysis by the Commission concerning the functioning
of these schemes, see Article 18(6) subpara 3 (a)–(k). In addition, the Commission
may specify the standards of independent auditing in order to prevent fraud, accord-
ing to Article 18(5) subpara 3 Renewable Energy Directive (as amended).
Proposal for a Directive on the promotion of the use of energy from renewable sources (recast),
83
84
European Parliament doc. P8_TA-PROV(2018)0009 of 17/1/2018, Amendment 307 on Art 7(1)
subpara 4 of the Commission proposal.
85
European Parliament doc. A8-0066/2017.
86
See recital (81) and Art 27(3) of the proposal.
Certification of the Sustainability of Biofuels in Global Supply Chains 183
monitor the certifications, and the economic operators are to register sustainability
certificates in databases. The intention of this is to reduce the vulnerability to fraud
by automatically ensuring that a certain amount of sustainable goods can only
obtain government funding once, even in the case of cross-border dealings.
Moreover, the European Parliament has asked for an amendment, according to
which Member States should get into the position of being able to intervene in vol-
untary schemes. According to amendment 261, Article 27(3) shall include the fol-
lowing sentence:
Where a Member State raises a concern as to the operation of a voluntary scheme, the
Commission shall investigate the matter and take appropriate action.
This seems to be another consequence of the findings of the audit team of the
European Court of Auditors, demonstrating that trust in the European Commission’s
engagement to investigate the effectiveness of voluntary schemes is limited.
7 Conclusions
87
See also Schmeichel (2014), pp. 174 ff.
184 C. Glinski
References
Naiki, Y. (2016). Trade and bioenergy: Explaining and assessing the regime complex for sustain-
able bioenergy. European Journal of International Law, 27, 129.
Ponte, S., & Daugbjerg, C. (2015). Biofuel sustainability and the formation of transnational hybrid
governance. Environmental Policy, 24, 96.
Romppanen, S. (2012). The EU’s biofuels: Certified as sustainable? Renewable Energy Law and
Policy Review, 173.
Romppanen, S. (2013). The role and relevance of private actors in EU biofuel governance. Review
of European, Comparative & International Environmental Law, 22, 340.
Romppanen, S. (2015). New governance in context: Evaluating the EU biofuels regime.
Dissertation, University of Eastern Finland.
Schmeichel, A. (2014). Towards sustainability of biomass importation – An assessment of the EU
renewable energy directive. Groningen, The Netherlands: Europa Law Publishing.
Switzer, S., & McMahon, J. (2011). EU biofuels policy – Raising the question of WTO compat-
ibility. International and Comparative Law Quarterly, 60, 713.
Ugarte, S., van Dam, J., & Spijkers, S. (2013). Recognition of private certification schemes for pub-
lic regulation – Lessons learned from the renewable energy directive. Deutsche Gesellschaft
für internationale Zusammenarbeit.
van Dam, J., Junginger, M., & Faaij, A. P. C. (2010). From the global efforts on certification of
bioenergy towards an integrated approach based on sustainable land use planning. Renewable
and Sustainable Energy Reviews, 2445.
Part III
Liability for Negligent Certification
Certification of Medical Devices: Lessons
from the PIP Scandal
Peter Rott
1 Introduction
EU product safety law generally aims to ensure that only safe products are put into
circulation in the EU.1 At the substantive law level, safety standards have been
adopted. The procedural mechanisms that are put into place in order to achieve this
goal depend on the risk that is inherent in the relevant category of products. For
certain categories of high risk products, EU law requires pre-market approval.
Examples include pharmaceuticals,2 genetically modified organisms3 and pesti-
cides.4 Otherwise, the producer who puts products into circulation must certify him-
self that the products comply with the required safety standards.5 Certification is at
the same time an essential element of EU internal market law. Products that bear the
1
See, for example, recital (4) of Dir 2001/95 on general product safety, [2002] OJ L 11/4. For
medical devices, see the fifth recital of the Medical Devices Dir 93/42/EEC, [1993] OJ 1993, L
169/1.
2
See, for example, Art 6 of Dir 2001/83/EC on the Community code relating to medicinal products
for human use, [2001] OJ L 311/67.
3
See Art 4(2) of Reg (EC) No 1829/2003 on genetically modified food and feed, [2003] OJ L
268/1.
4
See Art 28(1) of Reg (EC) No 1107/2009 concerning the placing of plant protection products on
the market, [2009] OJ L 309/1.
5
For more details, see Hodges (2005), p. 53 ff; Schepel (2005), p. 227 ff; van Leeuwen (2017),
p. 40 ff; Verbruggen and van Leeuwen (2018), pp. 394, 396 ff. VI Daskalova and MA Heldeweg,
‘Challenges for Responsible Certification in Institutional Context. The Case of Competition Law
Enforcement in Markets with Certification’, in this volume, refer to this phenomenon as first party
certification.
P. Rott (*)
Institute of Economic Law, Faculty of Economics and Management, University of Kassel,
Kassel, Germany
e-mail: rott@uni-kassel.de
CE mark can circulate freely in the internal market:6 which means that Member
States cannot make their marketing subject to a prior approval procedure,7 and they
cannot ask for additional self-certification by the person who puts the product into
circulation either.8
Medical devices come under the self-certification system,9 first established by
Directive 93/42/EEC concerning medical devices. The EU legislator has, however,
recognised that some medical devices pose higher risk to patients than others. For
example, whilst the risk associated with an injection needle appears to be low, the
same does not apply to artificial hips or breast implants. Therefore, medical devices
are classified into the different categories I, IIa, IIb and III.10 The conformity assess-
ment procedures for Class I devices can be carried out, as a general rule, under the
sole responsibility of the manufacturers in view of the low level of vulnerability
associated with these devices. For class III devices, which include breast implants,11
prior authorisation by way of third party certification by a notified body is required
so as to ensure the safety of high risk devices.
The proper functioning of that system has been doubted for long. The scandal
around cheap and defective breast implants that were produced and distributed by
the French producer Poly Implant Prothèse (PIP), whose product design was
certified by TÜV Rheinland as being safe, brought the problems to the attention of
the public and also served as a wake-up call for the legislator. Although it was an
atypical case, as neither the certified product design nor the qualification of TÜV
Rheinland as notified body for medical devices was in question, the case triggered
broader amendments to the system.12 Indeed, medical devices law and practice per-
fectly illustrates the variety of ways in which a certification system may fail.
Following the PIP scandal, a number of additional measures have been taken. At the
6
See, for example, Art 4 of the Medical Devices Dir 93/42/EEC.
7
See ECJ, 17/4/2007, Case C-470/03 A.G.M.-COS.MET Srl v Suomen valtio and Tarmo Lehtinen,
ECLI:EU:C:2007:213.
8
See ECJ, 8/5/2003, Case C-14/02 ATRAL SA v Belgium, ECLI:EU:C:2003:265.
9
See also Singh (2013), p. 465.
10
See the 15th recital of Directive 93/42/EEC: ‘Whereas it is necessary, essentially for the purpose
of the conformity assessment procedures, to group the devices into four product classes; whereas
the classification rules are based on the vulnerability of the human body taking account of the
potential risks associated with the technical design and manufacture of the device […].’ On dif-
ferentiation between risk categories within the conformity assessment procedures see generally
Kapoor and Klindt (2008), pp. 649, 650 f.
11
See Commission Dir 2003/12/EC on the reclassification of breast implants in the framework of
Directive 93/42/EEC concerning medical devices, [2003] OJ L 28/43. Prior to that Directive,
breast implants had been classified as class IIb medical devices.
12
For a chronic of the PIP scandal and the related problems, see the Commission Staff Working
Document Impact assessment of the revision of the regulatory framework for medical devices,
SWD(2012) 273 final, Appendix 11—Analysis of the PIP breast implants case in the light of the
envisaged revision of the EU regulatory framework for medical devices (“stress test”). See also van
Leeuwen (2014), pp. 338, 339; de Bruyne and Vanleenhove (2016), pp. 823, 833 f; Verbruggen and
van Leeuwen (2018), p. 395 f.
Certification of Medical Devices – Lessons from the PIP Scandal 191
same time, liability of TÜV Rheinland was tested in litigation in Germany and
France.
This chapter briefly explains the safety system of the Medical Devices Directive
93/42/EEC and the role of certification organisations within that system (2) and the
control system established to make sure that they fulfil that role (3). It then discusses
the recognised weaknesses of that system and the immediate (public law) measures
taken by the European Commission to tackle them (4) as well as the new features of
the new Medical Devices Regulation of 2017 that are aimed to improve the func-
tioning of the system, and analyses potential remaining problems (5).
Finally, this chapter argues in favour of tort liability of notified bodies for insuf-
ficient control or supervision, to complement the public law safety system in its
objective to protect patients (6).
2 T
he Function of Certification Bodies in the Medical
Devices Directive 93/42/EEC
As mentioned above, in the case of high risk, that is, class III medical devices, the
producer is only allowed to affix the CE mark if the product design has been certi-
fied by a notified body, Article 11(1) with Annex II of the Directive. It is the special
expertise of that notified body that adds the necessary safety to the process.
Duties of the notified body relate to the pre-marketing stage and to post-marketing
monitoring. At the pre-marketing stage, the notified body must, on application of
the producer, audit the quality system of the producer that must guarantee that the
products conform to the provisions of the Directive which apply to them at every
stage, from design to final inspection. The notified body must also examine the
manufacturer’s dossier relating to the product design as to its conformity with the
requirements of the Directive.13
These duties were amended with Directive 2007/47/EC14 that mainly served to
modernize the system, for example, by clarifying the law relating to software, to
enhance cooperation within the EU and at the international level and to clarify the
respective roles of notified bodies and the competent authorities responsible for
market surveillance once a medical device has been put into circulation, but also
13
See, in particular, Annex II Sec 3.3. and 4.3. of Dir 93/42/EEC.
14
[2007] OJ L 247/21.
192 P. Rott
15
For an overview, see Klümper and Vollebregt (2008), p. 57.
16
For an overview of German case law, see Rott and Glinski (2015b), p. 87.
17
BGH, 9/4/2015, VII ZR 36/14, (2015) Verbraucher und Recht 271 with case note Rott (2017a).
18
CJEU, 16/2/2017, Case C-219/15 Elisabeth Schmitt v TÜV Rheinland LGA Products GmbH,
ECLI:EU:C:2017:128; on which see Rott (2017b), p. 1146; Brüggemeier (2017), p. 527; Unger
(2017), p. 299; Heynemann (2017), p. 98; Oeben (2017), p. 42; Degen (2017), p. 462; Wagner
(2018), p. 130.
19
BGH, 22/6/2017, VII ZR 36/14, (2017) Neue Juristische Wochenschrift 2617 and Verbraucher
und Recht with case note P Rott. See also Brüggemeier (2018), p. 191; Verbruggen and van
Leeuwen (2018), p. 399 ff.
Certification of Medical Devices – Lessons from the PIP Scandal 193
however, may not have been the final word yet as the claimant had raised a number
of (new) potential reasons why TÜV Rheinland should have mistrusted PIP and its
products; reasons that the BGH could not, for reasons of civil procedural law, con-
sider in its decision on the case of Ms Schmitt20 but that will have to be considered
in other cases that are still pending in the instance courts.21
It should be mentioned that the notified bodies are of course not the only actors
to ensure the safety of medical devices. As the CJEU noted,22 the primary respon-
sible is of course the manufacturer himself. Moreover, according to Article 2 of
Directive 93/42/EEC, Member States shall take all necessary steps to ensure that
devices may be placed on the market and put into service only if they do not com-
promise the safety and health of patients, users and, where applicable, other persons
when properly installed, maintained and used in accordance with their intended
purpose. In addition to that, Directive 93/42/EEC imposes specific surveillance
obligations on Member States, including the obligation, under Article 8, to take all
appropriate interim measures to withdraw devices from the market or prohibit or
restrict their being placed on the market or put into service if such devices are found
to potentially compromise the health and/or safety of patients, users or, where appli-
cable, other persons; the vigilance procedure under Article 10 relating to informa-
tion and central evaluation of incidents involving medical devices; and particular
health monitoring measures under Article 14b.23 As mentioned above, however,
Article 4 of the Directive stops Member States from restricting the movement of
medical devices beyond these specific competences once they bear the CE mark.
The broader function of notified bodies in the system has been subject to debate, in
particular, in the German courts dealing with the PIP scandal, and following national
litigation also in the Court of Justice. The debate has been triggered by a special
feature of German tort law, more precisely, of § 823 para. 2 of the German Civil
Code (Bürgerliches Gesetzbuch; BGB) which imposes liability on a person who has
breached a law that is ‘meant to protect the victim’ (Schutzgesetz), thereby causing
harm to the victim.
The notified body is involved due to a private law contract with the producer.24
From this, some German courts had concluded that the role that medical devices law
20
Ibid., margin notes 30 ff. For critique, see Brüggemeier (2018), p. 195, arguing that the BGH
should have passed the case back to the previous instance court, the OLG Zweibrücken, for a
proper inquiry into the facts.
21
See also Heynemann (2017), p. 100; Finn (2017), pp. 2590, 2592.
22
CJEU – Elisabeth Schmitt (n 18), para 51.
23
See also CJEU, 24/11/2016, Case C-662/15 Lohmann & Rauscher International GmbH & Co.
KG v BIOS Medical Services GmbH, ECLI:EU:C:2016:903, paras 35 ff.
24
See, for example, BGH, 31/3/2011, III ZR 339/09, (2011) Monatsschrift des deutschen Rechts
658.
194 P. Rott
ascribes to notified bodies is merely to help the producer to achieve the level of
safety that is required to put his products on the market. Consequently, they argued
that it was not for the notified body but only for the producer to protect patients
from unsafe products.25 They found support in their view by the fact that public
authorities are also involved in the safety of medical devices as the post-market
control lies in their hands.26
In contrast, some academic authors argued that the role of notified bodies in the
law on high risk medical devices was precisely to protect patients.27 They found
support in the recitals of the Directive as well as in a statement by the European
Commission, according to which ‘[c]onformity assessment is a key to trust and
confidence in the regulatory system’s capacity to protect patients and citizens.’28
Quoting that statement, the German Bundesgerichtshof referred the question to the
Court of Justice as to whether it is the purpose and intention of [Directive 93/42]
that, in the case of Class III medical devices, the notified body responsible for audit-
ing the quality system, examining the design of the product and surveillance acts in
order to protect all potential patients and may therefore, in the event of a culpable
infringement of an obligation, have direct and unrestricted liability towards the
patients concerned.29 Advocate General Sharpston shared the view ‘that it is the
purpose and intention of Directive 93/42 that, in the case of Class III medical
devices, the notified body responsible for auditing the quality system, examining the
design of the product and surveillance acts in order to protect all potential patients
and may therefore, in the event of a culpable infringement of an obligation under
that directive, be liable to the patients and users concerned’.30 The Court confirmed
that the Directive serves, amongst others, the health and safety of patients but also
held that the Directive did not require Member States to introduce civil liability of
notified bodies who breach their duties under the Directive, while at the same time
not excluding such liability under national law.31
25
See, in particular, OLG Zweibrücken, 30/1/2014, 4 U 66/13, (2014) Medizinprodukterecht 62, 65
with case note Handorn (2014), p. 84. See also Spickhoff (2014) margin note 3; Beyerbach (2015),
pp. 522, 525.
26
See expressly OLG Zweibrücken (n 25).
27
For detailed discussion, see Rott and Glinski (2015a), p. 192. See also Spindler (2017) margin
note 304; OLG Frankfurt, 13/1/2015, 8 U 168/13, (2015) Beck-Rechtsprechung 09145.
28
European Commission Communication on medical devices, COM(2003) 386 final, 6.1.
29
BGH, 9/4/2015, VII ZR 36/14, (2015) Verbraucher und Recht 268 with case note P Rott.
30
AG Sharpston, 15/9/2016, Case C-219/15 Elisabeth Schmitt v TÜV Rheinland LGA Products
GmbH, ECLI:EU:C:2016:694, para 40.
31
CJEU—Elisabeth Schmitt (n 18), paras 50 ff.
Certification of Medical Devices – Lessons from the PIP Scandal 195
3 Quality Control
Quite obviously, the system heavily depends not only on the duties but also on the
quality of notified bodies. To ensure that quality, notified bodies in the field of medi-
cal devices law need to satisfy a number of requirements set out in Annex XI to
Directive 93/42/EEC. These requirements relate to the independence of the notified
body and its personnel from the manufacturer, professional integrity, financial inde-
pendence, sufficient personal resources and facilities, the relevant qualification of
personnel, impartiality and finally professional indemnity insurance.
In formal terms, notified bodies need to be designated by the competent authority
of their home state or by another body that has been entrusted with the task of des-
ignation, or accreditation, services. Concerning the designating bodies, Directive
93/42/EEC, or EU product safety law in general, did not contain any rules; which
turned out to be a problem. In a review of the ‘New Approach’, the European
Commission found, amongst others, (distortion to competition due to) differing
national practices in relation to the designation of conformity assessment bodies.32
The EU legislator reacted with the adoption of Regulation (EC) No 765/2008
setting out the requirements for accreditation and market surveillance relating to the
marketing of products,33 accompanied by Decision (EC) No 765/2008 on a common
framework for the marketing of products,34 of which the notified bodies and the
notification authorities were one focus point.35 That Decision was not specific to
medical devices law but applied to product safety law in general. It set up, among
others, requirements relating to notified bodies and to accreditation bodies (also
called ‘notifying authorities’), to be applied generally in EU product safety law,
unless sectoral legislation provides otherwise.
The then new catalogue of requirements for notified bodies, laid down in Article
R17 of Decision (EC) No 765/2008, was far more detailed than the one in Annex XI
of Directive 93/42/EEC. At the same time, it reduced the leeway of designating
(accreditation) bodies in accepting certification institutes as notified bodies.
For the first time, the EU also addressed the notifying authorities. In order to
avoid unhealthy competition between notifying authorities and to ensure the neces-
sary level of confidence in conformity certificates, Article 4 of Regulation (EC) No
765/2008 allows Member States only one accreditation body that shall be a public
authority or exercise a public authority activity. According to Article 8, accredita-
tion bodies shall be established in such a way that no conflict of interest with con-
formity assessment bodies occurs. They shall be organised and operated so as to
safeguard the objectivity and impartiality of its activities. Accreditation bodies shall
be organised in such a way that each decision relating to notification of a conformity
32
See, e.g., the Communication of the European Commission ‘Enhancing the Implementation of
the New Approach Directives’, COM(2003) 240 final.
33
[2008] OJ L 218/30.
34
[2008] OJ L 218/82.
35
See, in particular, recitals (37) and (38) of Dec (EC) No 765/2008.
196 P. Rott
assessment body is taken by competent persons different from those who carried out
the assessment. Most importantly, they shall not offer or provide any activities that
conformity assessment bodies perform or consultancy services on a commercial or
competitive basis. The EU legislator even found it worth regulating that accredita-
tion bodies shall have a sufficient number of competent personnel at their disposal
for the proper performance of their tasks.
Whilst the European Commission itself was not integrated into that control sys-
tem (beyond its competence to bring proceedings under Article 258 TFEU),
Regulation (EC) No 765/2008 introduced a peer assessment system, under which
the accreditation bodies of the Member States exercise mutual control.36
Already after the introduction of the obligation of notified bodies to assess docu-
mentation related to clinical investigation with the 2007 Directive, authors had
doubted that all notified bodies would be able to fulfil that duty.37 Following the PIP
scandal, the European Commission organised ‘joint assessments’ by national
experts and Commission experts of notified bodies and accreditation bodies in 23
countries that were carried out between January 2013 and November 2014. Even
though participation was voluntary (which should mean that only those notified
bodies were assessed who thought to do well),
the joint assessment process has identified weaknesses which were common to a number of
NBs in the areas of organisational requirements and quality management systems. More
importantly, a number of NBs could not provide sufficient evidence that some of the staff
employed for conformity assessment activities were appropriately qualified and experi-
enced for the task. Other recurring issues concerned the thoroughness of the NBs’ review
of manufacturers’ clinical evaluations. (…) In several cases, the seriousness of the findings
led to the DAs requiring urgent corrective actions from the NBs with restrictions and sanc-
tions being imposed (including de-designation).38
One may therefore conclude that, despite the 2008 reform, the quality system
was not entirely effective. In the light of the PIP scandal, the European Parliament
claimed ‘the failure of the current system of certification of compliance with essen-
tial health and safety requirements and of the control and surveillance of notified
bodies by national competent authorities’.39
36
For more details, see Kapoor and Klindt (2009), p. 134.
37
Ibid., 65.
38
European Commission, Overview Report of a Series of FVO Missions Carried out in 23 Countries
from January 2013 to November 2014 in the Framework of the Voluntary Joint Assessment Process
for Notified Bodies Designated under the Medical Devices Directive, DG(SANTE)/2014-7666 –
MR final.
39
See European Parliament, Resolution on defective silicone gel breast implants made by French
company PIP, [2012] OJ C 332E/89, J.
Certification of Medical Devices – Lessons from the PIP Scandal 197
The EU Commission reacted speedily to the PIP scandal, with a ‘Joint Plan für
Immediate Actions under existing Medical Devices Legislation’, also called the
‘PIP Action Plan’.40 That action plan resulted in the adoption of Commission
Implementing Regulation (EU) No 920/2013 on the designation and the supervision
of notified bodies under (…) Directive 93/42/EEC41 and of Recommendation
2013/473/EU on the audits and assessments performed by notified bodies in the
field of medical devices.42 Moreover, in September 2012, the Commission tabled a
proposal for a new Regulation on medical devices43 that ultimately replaced the
Medical Devices Directive (see below).
The Commission identified three major weaknesses in the system: the insuffi-
cient supervision duties of the notified bodies and insufficient minimum standards
on notified bodies as such, as well as insufficient supervision of notified bodies by
their accreditation bodies. In other words, in the system that was in place there was
no guarantee that notified bodies would fulfil their role and that anybody up the
control chain would notice incorrect certification or supervision and take action.
40
See European Commission, ‘PIP Action Plan’, https://ec.europa.eu/growth/sectors/medical-
devices/pip-action-plan_de.
41
[2013] OJ L 253/8.
42
[2013] OJ L 253/27.
43
COM(2012) 542 final.
44
In fact, the Commission was criticised for having exceeded its competences by regulating aspects
of the administrative procedure as well as the supervision of notified bodies in detail, see Spickhoff
(2014), margin note 7.
45
See recital (1). See also Spielberg (2009), p. A-1602.
46
See, for example, Newell and Watt (2012).
198 P. Rott
other information, including from other Member States, which might indicate the
non-fulfilment of the obligations by a notified body or its deviation from common
or best practice. The designating body shall also initiate unannounced or short-
notice on-site assessments if those on-site assessments are needed to verify compli-
ance. Quite obviously, the designation has to be withdrawn if the requirements are
not met any longer.
Under Article 6 of the Regulation, the European Commission can itself investi-
gate cases regarding the competence of a notified body or the fulfilment of the
requirements and responsibilities to which a notified body is subject under medical
devices law.47 If the Commission finds that the notified body no longer meets the
requirements, it will request the Member State in question to take the necessary
measures.
The operation of the designating bodies themselves is subject to Article 8 of the
Regulation that specifies the very general Annex XI to Directive 92/43/EEC and
fleshes out standards such as a sufficient number of competent personnel, objectiv-
ity and impartiality and avoidance of conflicts of interest. In particular, the designat-
ing authorities shall be organised so that each decision relating to a notification of a
conformity assessment body is not taken by the same member of personnel who
carried out the assessment of that body. Obviously, this is meant to prevent regula-
tory capture.
Moreover, the work of the designating bodies also receives some element of
external control, according to Article 3 of the Regulation. Member States shall
involve representatives of the designating authorities from two other Member States
as well as a Commission representative in the procedure for appointing notified
bodies. That body, together with the representatives consulted, shall produce within
45 days after the on-site assessment an assessment report containing, among other
things, a recommendation with regard to the designation. The assessment reports
shall be made available to all other Member States. Legally, the assessment reports
of the consulted representatives of other designating authorities, as well as any fur-
ther comments by designating authorities, by competent agencies of other Member
States and by the Commission, are not binding. A Member State whose designating
body designates a notified body against the recommendation of such a report would
however face the risk of infringement proceedings under Article 258 TFEU.
These measures have already produced the effect that a number of certification
organisations have ceased their activities as notified bodies in the medical devices
sector.48
See Graf (2016a), p. 43; Eggenberger Stöckli (2015), p. 202. A list of withdrawn and expired
48
49
See also Graf (2016a), p. 43.
50
For more details, see de Bruyne and Vanleenhove (2016), p. 832 f.
51
See Rott and Glinski (2015a), p. 205 f.
52
For more details, see Graf (2016a), p. 43 ff.
53
See European Parliament, Resolution on defective silicone gel breast implants made by French
company PIP [2012] OJ C 332E/89, no 7.
54
[2017] OJ L 117/1.
55
See Art. 53 of Reg (EU) 2017/745.
200 P. Rott
First of all, important changes apply to the duties of notified bodies. With the
increased requirements on the manufacturer’s quality management system, the
requirements on its assessment by the notified body increase likewise (Annex IX
Section 2). Moreover, the post-certification supervision duties of the notified bodies
were intensified, following the approach of the non-binding Recommendation
2013/473/EU and reflecting what went wrong in the case of PIP. The duties are now
regulated in Annex IX Section 3 of Regulation (EU) 2017/745. Besides the regular
periodic audits (at least every 12 months), the notified body shall randomly perform
at least once every 5 years unannounced audits on the site of the manufacturer and,
where appropriate, the site of the manufacturer’s suppliers and/or subcontractors,
which may be combined with the mentioned periodic surveillance assessment or be
performed in addition to that surveillance assessment. Within the context of such
unannounced on-site audits, the notified body shall test an adequate sample of the
devices produced or an adequate sample from the manufacturing process to verify
that the manufactured device is in conformity with the technical documentation.
Alternatively, notified bodies shall take samples of devices from the market for test-
ing purposes (Annex IX Section 3.4.).
The requirements for notified bodies, laid down in Article 36 with Annex VII, reflect
the increased duties but also experience with the competence of notified bodies.
They by and large reiterate the requirements laid down in Annex I of Commission
56
For details, see Graf (2017a), p. 57.
Certification of Medical Devices – Lessons from the PIP Scandal 201
Implementing Regulation (EU) No 920/2013 but are even more detailed, in particu-
lar in relation to the independence of the notified body from the manufacturer but
also from the accreditation body. Special emphasis is placed on the permanent avail-
ability of sufficient administrative, technical and scientific personnel, Article 36(1).
Annex VII Section 1.4.1. still requires notified bodies to take out appropriate liabil-
ity insurance for its conformity assessment activities; which the Court of Justice,
unlike Advocate General Sharpston, found of being of no relevance in its judgment
in Elisabeth Schmitt but which is clearly important in the light of third party liability
under national laws (see below, Sect. 6.3).
More remarkable are the extensive documentation duties of notified bodies,
relating to their concepts and procedures, in particular for the conformity assess-
ment, and also to the results of their assessments; which allow the accreditation
body as well as the European Commission (see below) to review the notified bodies’
activities in great detail (see also Article 36(2) of the Regulation); again this may be
a result of the experience gathered in the joint assessment exercise mentioned above
(see supra, Sect. 4).
Article 39 of the new Medical Devices Regulation takes up the joint assessment in
the procedure of appointing notified bodies, involving experts from the European
Commission and other Member States, as first introduced by Commission
Implementing Regulation (EU) No 920/2013. While designating, or accreditation
authorities do not have to follow the recommendation of that joint assessment team,
they have to provide a duly substantiated justification if they deviate, Article 42(4).
Any Member State as well as the European Commission can raise objections against
the notification, which then leads to proceedings in front of the Medical Device
Coordination Group (MDCG), an expert committee composed of persons desig-
nated by the Member States based on their role and expertise in the field of medical
devices (see Article 103).
Monitoring of notified bodies is regulated in detail in Article 44. The primary
responsible is of course the designating authority of the Member State where the
notified body is established. At least once a year, the designating authorities shall
re-assess whether the notified bodies established on their respective territory still
satisfy the requirements and fulfil their obligations set out in Annex VII. That review
shall include an on-site audit of each notified body and, where necessary, of its sub-
sidiaries and subcontractors, Article 44(4). In addition to that, the designating
authority responsible for notified bodies may conduct short-notice, unannounced or
‘for-cause’ reviews if needed to address a particular issue or to verify compliance,
Article 44(7). Moreover, the notified body must also send, upon request, all
202 P. Rott
The designating authorities, or the Member States themselves, are also placed under
closer scrutiny. As notified bodies, they are subject to extensive reporting duties that
allow the European Commission and other Member States (through the MDCG) to
control compliance with their monitoring obligations, see for example Article 44(4)
subpara 2 and (12). Moreover, the peer review mechanism, coordinated by the
European Commission, as established by Regulation (EC) No 765/2008, is also
specified in Article 48 of the Medical Devices Regulation.
57
[2011] OJ L 55/13.
Certification of Medical Devices – Lessons from the PIP Scandal 203
Without any doubt, the risk of tort liability has an influence on the potential tortfea-
sor.58 This impact has also been recognised by practitioners for the sector of medical
devices certification who predict stricter assessment and monitoring of manufactur-
ers by notified bodies.59 Vice versa, it has been argued that the absence of third party
liability was suitable to ‘relax’ the supervision of manufacturers by notified bodies
due to the adverse incentive of solicitation and payment by the manufacturers.60
Given the EU-wide competition of notified bodies for medical devices manufacturer
customers, there may be a risk that notified bodies rather act in their own interest of
acquiring and maintaining business than in the patients’ interest in health and
safety.61
As mentioned above, the Court of Justice has rejected the view that the Medical
Devices Directive 93/42/EEC requires Member States to impose civil liability on
notified bodies who breach their duties under the Directive.
First, the Court argued that the Medical Devices Directive 93/42/EEC was silent
on the issue of civil liability. This is an argument, however, that has never prevented
the Court of Justice from imposing on Member States the duty to provide for civil
liability in the past. For example, in the cartel law case of Courage, the Court had
argued that the existence of the right to claim damages ‘strengthens the working of
the Community competition rules and discourages agreements or practices, which
are frequently covert, which are liable to restrict or distort competition. From that
point of view, actions for damages before the national courts can make a significant
contribution to the maintenance of effective competition in the Community.’62
Surely, the same would apply to the covert dealings between notified bodies and
manufacturers of medical devices.
58
See only AG Bot, opinion of 20/10/2014, joined cases C-503/13 and C-504/13 Boston Scientific
Medizintechnik GmbH v AOK Sachsen-Anhalt — Die Gesundheitskasse et al, ECLI:EU:C:2014:2306,
para 38, relating to product liability law. See also Reich (2015), pp. 619, 624 ff.; de Bruyne and
Vanleenhove (2016), p. 846 ff.
59
See Oeben (2017), p. 47 f.; Unger (2017), p. 303.
60
On the latter, see, for example, Jahn et al. (2005), pp. 53, 54 and 57 ff.
61
See Rott and Glinski (2015a), p. 209 f.; Wagner (2017), margin note 805; Wagner (2018),
p. 134 ff. See also Kapoor and Klindt (2009), p. 136, concerning the situation prior to the 2008
reform.
62
ECJ, judgment of 20/9/2001, Case C-453/99 Courage Ltd v Bernhard Crehan,
ECLI:EU:C:2001:465, para 27.
204 P. Rott
Surprisingly, the Court reached its conclusion by way of reference to the case of
Peter Paul63; a case that also turned on supervisory duties (by Member States) but is
otherwise so different from the case of Elisabeth Schmitt that AG Sharpston had
explicitly rejected that reference.64 In Peter Paul,65 state liability for insufficient
control over a bank under the Banking Directive 2000/12/EC66 had been at stake.
The bank went bankrupt, and depositors lost parts of their savings. For those losses,
they claimed damages from the Federal Republic of Germany under state liability,
arguing that the German supervisory authority had negligently failed to prevent that
bankruptcy and/or the losses to savers arising from it. The first instance court
awarded the claimants the equivalent of ECU 20,000 (plus interest) because
Germany had failed to implement Directive 94/19/EC on deposit-guarantee
schemes67 in time. Under Article 7(1) of that directive, the aggregate deposits of
each depositor had to be covered up to ECU 20,000 in the event of deposits’ being
unavailable. The court concluded that due to that failure, the depositors had no
claim against any deposit-guarantee scheme, for which the Federal Republic of
Germany was liable. At the same time, the LG Bonn rejected further claims, arguing
that the German legislator had expressly stipulated in banking law that banking
supervision was merely in the public interest but not in the interest of bank custom-
ers, thereby excluding tort law claims against the state.68 The OLG Cologne con-
firmed that decision on appeal,69 whereas the Bundesgerichtshof had doubts whether
that interpretation was in compliance with EU banking supervision law and referred
the case to the Court of Justice.70
The Court rejected the view that the Banking Directive 2000/12/EC implicitly
required Member States to provide for civil liability of the supervisory authority, or
rather the state, in case of a breach of supervisory duties. The Court argued that (at
the time) harmonisation of banking supervision law was restricted to that which was
essential, necessary and sufficient to secure the mutual recognition of authorisations
and of prudential supervision systems, making possible the granting of a single
licence recognised throughout the (then) EC and the application of the principle of
home Member State prudential supervision, whereas the coordination of the national
rules on the liability of national authorities in respect of depositors in the event of
defective supervision did not appear to be necessary to secure these results.71
63
CJEU – Elisabeth Schmitt (n 18), para 55. For further examples, see Reich (2015), p. 632 ff.
64
AG Sharpston – Elisabeth Schmitt (n 30), para 38 with fn 27. See also Reich (2015), p. 638;
against van Leeuwen (2014), p. 349.
65
ECJ, judgment of 12/10/2004, Case C-222/02 Peter Paul et al v Germany, ECLI:EU:C:2004:606.
66
Directive 2000/12/EC related to the taking-up and pursuit of the business of credit institutions
[2000] OJ L 126/1.
67
[1994] OJ L 135/5.
68
See LG Bonn, 16/4/1999, 1 O 186/98, (2000) Neue Juristische Wochenschrift 815.
69
OLG Cologne, 11/1/2001, 7 U 104/00, (2001) Neue Juristische Wochenschrift 2724.
70
BGH, 16/5/2002, III ZR 48/01, (2002) Neue Juristische Wochenschrift 2464.
71
ECJ – Peter Paul (n 61), paras 42 f.
Certification of Medical Devices – Lessons from the PIP Scandal 205
Moreover, the Court pointed towards the variety of interests, including financial
stability that the banking supervision authorities were to protect.72
Finally, as mentioned above, potential loss of savings was addressed by the spe-
cial regime of Directive 94/19/EC on deposit-guarantee schemes. The Court of
Justice saw the risk that this legislative decision to only limited protection of deposi-
tors would be undermined if savers could claim their remaining losses by way of
state liability.73 That kind of legislative decision on limitations to the claims of
patients resulting from damage caused by medical devices is obviously missing in
medical devices law. By failing to recognise this, the Court of Justice jumped too
short in simply replacing the analysis of the Medical Devices Directive with a refer-
ence to a non-comparable earlier case.74
In contrast, it would rather seem that civil liability was absolutely necessary to
achieve the aims and objectives of the Directive, which is, amongst others, the pro-
tection of patients.75 Given the situation prior to the post-PIP scandal reforms, with
the above-mentioned insufficient quality controls within the safety system of the
Medical Devices Directive, the reference to the judgment in Peter Paul seems to be
seriously flawed.
Of course, EU law provides for a product liability regime that has established
strict liability of producers and EU importers in cases in which a defective product
causes damage. This regime, however, does not provide any safety net when the
producer goes bankrupt, as PIP did. In fact, in the area of medical devices, this is a
quite realistic scenario, since the medical device sector in Europe comprises around
25,000 companies, of which 95% are Small and Medium-sized Enterprises
(SMEs).76 Compulsory insurance was required by Annex XI Section 6 of Directive
93/42/EEC for notified bodies—who, according to the Court of Justice, are not lia-
ble towards patients—but not for producers; and national manufacturers’ compul-
sory insurance as required, for example, in France, does not extend to patients who
are not domiciled in that Member State.77 This left a gap, as the PIP case
demonstrates.
72
Ibid., para 44.
73
Ibid., paras 45 ff.
74
See also Reich (2015), p. 638.
75
Verbruggen and van Leeuwen (2018), p. 402, conclude that the safety of products and therefore
the health and safety of patients was only a secondary aim of the Medical Devices Directive,
whereas its primary aim was the promotion of the free movement of medical devices. For discus-
sion, see also Reich (2008), pp. 85, 96.
76
See European Commission, Medical devices, https://ec.europa.eu/growth/sectors/
medical-devices_de.
77
See OLG Karlsruhe, 20/4/2016, 7 U 241/14, (2016) Gesundheitsrecht 363; Cour d‘appel
d‘Aix-en-Provence, 22/1/2015, No 2015/21. For a different view, see Micklitz et al. (2015), p. 37.
206 P. Rott
The new Regulation (EU) 2017/745 is also silent on the issue of civil liability. It
does, however, provide for a much tighter net of control mechanisms than the
Medical Devices Directive 93/42/EEC. Has the need for civil liability therefore
ceased?
First, as mentioned above, the number of notified bodies has already decreased,
and one would hope that it was the less competent or less reliable ones that have
ceased their operations under medical devices law. At the same time, this means that
a smaller number of notified bodies has to deal with the more than 25,000 compa-
nies in that sector and the share of their products that come under the rules on con-
formity assessment, with massively increased duties. Monitoring of the individual
assessments, as it is now foreseen under Article 55 of the Medical Devices
Regulation, will only be able to cover a small proportion of the medical devices on
the market. Monitoring of the concepts and activities of the notified bodies will not
normally lead to immediate withdrawal of their notification, in particular since too
strong reduction of the number of notified bodies might threaten the whole certifica-
tion system. It should also be noted that—according to the judgment of the Court of
Justice in Elisabeth Schmitt, none of the actors in the control system needs to be
submitted to civil liability if the Member State decides so; which means that in a
worst case scenario, the only incentive to comply with monitoring duties may stem
from the procedure under Article 47 with Article 114(3) of the Medical Devices
Regulation, for notified bodies, and from potential proceedings brought by the
European Commission under Article 258 TFEU, for accreditation bodies or the
Member States.78 A fairly weak threat indeed that is therefore unlikely to prevent
damage. Moreover, all these measures may come too late as the medical device will
already have entered the market.
Regulation (EU) 2017/745 implicitly recognises that damage cannot be entirely
prevented by the new system by addressing product liability. Under Article 10 no
16, ‘[m]anufacturers shall, in a manner that is proportionate to the risk class, type of
device and the size of the enterprise, have measures in place to provide sufficient
financial coverage in respect of their potential liability under Directive 85/374/EEC,
without prejudice to more protective measures under national law.’ This resembles
Article 17 of the Directive (EU) 2015/2302 on package travel and linked travel
arrangements,79 although the latter provision provides for a clearer formula. The
obvious goal is to ensure that the producer, as the primary responsible for the medi-
cal device, will be able to compensate the loss of potential victims. This is a note-
worthy development, although there is no clarity yet as to who will control that
manufacturers actually take sufficient insurance, given the immense risks of modern
medical devices.80
78
See also Rehmann (2010), margin note 3.
79
[2015] OJ L 326/1.
80
See also Graf (2016b), p. 214.
Certification of Medical Devices – Lessons from the PIP Scandal 207
Complementary (joint and several) liability of the notified bodies would then
seem to be abdicable, from the point of view of the compensation of patients’ dam-
ages. What remains, however, is the preventive function of tort law that also pro-
vides for an incentive to comply with duties.
As mentioned above, the threat of damage claims in the aftermath of the PIP
scandal has raised fear that notified bodies could cease their activities, and that the
whole system of the ‘New Approach’ might break down81; an argument that seems
to find support in the latest development. Apart from the fact that this is an often
used argument against new legislation, or even new case law, however, this scenario
is nevertheless quite unlikely, given the lucrative business of certification organisa-
tions.82 After all, it only illustrates the flaws in a system that seems to be built on no
third party liability and therefore no accountability, and therefore on too little incen-
tive to comply with the law.
As the Directive, in the interpretation of the Court of Justice, does not regulate civil
liability of notified bodies at all, the Member States are free to decide on the matter;
which means, of course, that the rules may differ from one Member State to the
next.83
For example, under French law, all that is needed to establish tort law liability is
the breach of a duty that causes damage.84 Consequently, the Tribunal de Commerce
de Toulon found no difficulties, in principle, to establish tort law liability of TÜV
Rheinland vis-à-vis the patients that had been implanted PIP breast implants once it
was satisfied that TÜV Rheinland had breached its duties under the Medical Devices
Directive.85 Also, the Cour d’appel d’Aix-en-Provence did not overturn the decision
of the Tribunal de Commerce de Toulon for doctrinal reasons but because it dis-
agreed with the first instance courts on the content of these duties, and therefore on
the breach, quite in line with the reasoning of the Bundesgerichtshof.86 The Cour de
cassation has repealed that decision and ordered a new trial before the Cour d’appel
81
See, for example, Unger (2017), p. 303. See also Graf (2017b), pp. 486, 489.
82
On which see Schmidt (2015).
83
See also Heynemann (2017), p. 101, who fears that some Member States will be less strict than
others.
84
See, for example, Sonnenberger and Autexier (2000), margin note 89; Verbruggen and van
Leeuwen (2018), p. 403. On relevant heads of damage, see Fröding and Chivoret (2016), p. 181.
85
Tribunal de commerce de Toulon, 14/11/2013, 2011F00517 (Société GF ELECTROMEDICS &
société EMI IMPORTACAO E DISTRIBUCAO LTDA & société J&D MEDICALS et autres inter-
venants volontaires); on which see Fröding (2014), p. 1; van Leeuwen (2014), p. 345 f; Rott and
Glinski (2015a), de Bruyne and Vanleenhove (2016), p. 839. See also Tribunal de commerce de
Toulon, 20/1/2017, 2014F00306; on which see Verbruggen and van Leeuwen (2018), p. 404.
86
Cour d‘appel d‘Aix-en-Provence, 22/1/2015, No 2015/21; on which see Fröding (2015), p. 162;
de Bruyne and Vanleenhove (2016), p. 840; Verbruggen and van Leeuwen (2018), p. 404.
208 P. Rott
de Paris.87 It followed the opinion that TÜV Rheinland has breached its duties by
not even checking the books for potential inconsistencies.
German law also offers the possibility of holding the notified body liable for a
breach of its duties under medical devices law, now that the protective aim of these
duties has been clarified by the Court of Justice (supra at Sect. 2.2.).
Given the potential differences between the liability regimes of the Member
States,88 the rules of private international law become relevant. Here, the basic rule
is Article 4(1) of the Rome II Regulation (EC) No 864/2007,89 according to which
the law applicable to a non-contractual obligation arising out of a tort/delict shall be
the law of the country in which the damage occurs. This would be the laws of all the
Member States where the medical device is used on patients. The Rome II
Regulation, however, also has some deviating rules for special situations, one of
them being product liability. Indeed, one could consider applying the special regime
of Article 5 for product liability cases, so as to align the applicable law concerning
the liability of notified bodies with that of the producer who actually puts the prod-
ucts on the market.90 This would add the additional requirement that the medical
device was marketed in the country where the damage occurred, thereby excluding
the laws of countries that were not reasonably foreseeable for the notified body.
These would be all the EU Member States where the manufacturer wants to market
the medical device and which he can choose freely, due to the CE mark. In other
words, no matter whether Article 4 or 5 Rome II Regulation applies, the notified
body will normally run the risk of being held liable, at least for negligent breach, in
some Member States91; which impacts on the level of professional insurance that the
notified body has to take under Annex VII Section 1.4.1. of the Medical Devices
Regulation.
7 Conclusion
The PIP scandal and the following thorough analysis of the certification and accred-
itation system of EU medical devices law have demonstrated the systemic failure of
a system that is based on trust as well as on common interests of controllers and
those controlled to deliver to the benefit of third parties (here: patients). That the
massively increased control mechanisms in the hands of accreditation bodies,
Member States and the EU Commission will be able to remedy the failures may be
87
Arrêt n° 610, 10/10/2018 (15-26.093); Arrêt n° 615, 10/10/2018 (16-19.430).and Arrêt n° 616,
10/10/2018 (17-14.401), all available at https://www.courdecassation.fr.
88
For potential grounds of liability under English law, see Glinski and Rott (2018); for Dutch law,
see Verbruggen (2013), p. 39.
89
Reg (EC) No 864/2007 on the law applicable to non-contractual obligations (Rome II), [2007]
OJ L 199/40.
90
Against de Bruyne and Vanleenhove (2016), p. 844.
91
See also Fulli-Lemaire (2015), pp. 99, 118.
Certification of Medical Devices – Lessons from the PIP Scandal 209
doubted, given the economic and also social significance of the medical devices
industry. The current drama around the car industry may serve as a deterrence.
What is therefore clearly necessary is a player in the other camp; which is the
patients and the organisations or law firms representing their interests, to provide an
incentive to comply with the law. As in other areas, including competition law,
patients then become agents of EU medical devices safety law. Despite the dissatis-
factory outcome of the individual case of Elisabeth Schmitt, that player is now pres-
ent on the scene, and it is changing the industry already. With regard to their new
liability risk, it has already been suggested that notified bodies should be regarded
as part of the public administration, with the effect that the State would be liable for
their torts, rather than the notified body.92 This suggestion at the same time indicates
that a privately organised scheme might not be the best way to serve the public inter-
est and that public interest concern should not eclipse the need for proper third party
protection.93
References
Beyerbach, H. (2015). Haftung der Benannten Stelle für Mängel in der Medizinprodukteherstellung?
Gesundheitsrecht, 522.
Brüggemeier, G. (2017). Fehlerhafte Brustimplantate und die Haftung der Zertifizierungsinstitute –
Das EuGH-Urteil in der Rechtssache Schmitt v. TÜV Rheinland. Medizinrecht, 527.
Brüggemeier, G. (2018). Luxemburg locuta, causa finita? – Eine Nachbetrachtung der juristischen
Behandlung der sogenannten PIP-Affäre in Deutschland. Juristenzeitung, 191.
de Bruyne, J., & Vanleenhove, C. (2016). Liability in the medical sector: The ‘Breast-Taking’ con-
sequences of the poly implant Prothèse case. European Review of Private Law, 823.
Degen, J. K. (2017). Die Haftung der “Benannten Stelle” i.S.v. § 3 Nr. 20 MPG. Versicherungsrecht,
462.
Eggenberger Stöckli, U. (2015). Pharma Recht Schweiz. Pharma Recht, 202.
Finn, M. (2017). Keine Haftung mangels nachgewiesener Hinweise auf minderwertige
Brustimplantate. Neue Juristische Wochenschrift, 2590.
Fröding, V. (2014). Industriesilikon in Brustimplantaten – Urteil des Handelsgerichtes (Tribunal de
Commerce) Toulon vom 14. November 2013. Medizinprodukterecht, 1.
Fröding, V. (2015). PIP Brustimplantate: Warum das Berufungsgericht Aix-en-Provence die
Haftung des TÜV abgelehnt hat. Medizinprodukterecht, 162.
Fröding, V., & Chivoret, I. (2016). Schadensersatz bei Haftung für Gesundheitsprodukte.
Medizinprodukterecht, 181.
Fulli-Lemaire, S. (2015). Affaire PIP: Quelques Réflexions sur les Aspects de Droit International
Privé. Revue Internationale de Droit Economique, 99.
Glinski, C., & Rott, P. (2018). The role and liability of certification organisations in transnational
value chains. Deakin Law Review, 23, 83.
Glinski, C., & Rott, P. (2019). Liability of certification bodies in the field of medical devices: The
PIP breast implants litigation and beyond. European Review of Private Law, 2, (forthcoming).
92
See Unger (2017), p. 303.
93
See also Glinski and Rott (2019). See, however, van Leeuwen (2014), p. 440, who points at the
inconsistency of a liability scheme with the New Approach.
210 P. Rott
Vibe Ulfbeck and Anders Møllmann
1 Introduction
The chapter is a contribution to the project ‘Certification Bodies – Trust, Accountability, Liability’,
funded by the Deutsche Forschungsgemeinschaft, and to the project on Private/Public Enterprise
Liability, funded by the Danish Research Council for independent research.
1
For literature on the liability of classification societies in general, see inter alia De Bruyne (2014),
p. 181; De Bruyne (2015); De Bruyne and Vanleenhove (2014), p. 103; Basedow and Wurmnest
(2005), Lagoni (2007), Antapassis (2007), Pulido Begines (2005), p. 487. For a law and policy
perspective, see Furger (1997), p. 445.
The role of CSs in the maritime industry has a century-long history. In the late
seventeenth and throughout the eighteenth century, in London an increasing ten-
dency to insure seaborne cargoes raised a need for the underwriters to be able better
to assess the risk of the individual journey. The most important factor in this regard
was the physical condition of the ship in question. Thus, a need for neutral assess-
ments of the ships’ condition arose. This development eventually led to the estab-
lishment of the first classification society in 1760. Throughout the nineteenth
century, classification societies were established in most of the major shipping
nations of the time.2
The CSs developed criteria on which to categorize ships into different classes
depending on their condition. CSs have continued to develop these criteria into what
is nowadays comprehensive and detailed specifications on especially ships’ hull,
machinery and electrical systems, normally referred to as the ‘rules’ of the CS.3
Ships are no longer divided into classes depending on their condition. A ship is
either in class or not, but there are different classes signifying that a ship has addi-
tional qualities or uses. A ship may for instance be ice classed. Shipowners employ
a CS to certify that their ship comply with the specifications of the CS (the rule-
book) and is thus ‘in class’. The CS will conduct various surveys under its own rules
to verify that this is the case and will then issue a class certificate. These services are
rendered on the basis of a contract between the shipowner and the CS. It is difficult
bordering on impossible for a shipowner to trade the ship’s services without being
in class.
In the twentieth century, public law rules on safety at sea, including specifica-
tions for ships to comply with, have emerged and now form a large body of require-
ments mainly regulated in public international law instruments. These have mainly
been developed in the International Maritime Organization (IMO). In terms of
requirements regarding the physical condition of ships, the Safety of Life at Sea
Convention (SOLAS)4 is by far the most important. This convention places various
obligations in terms of surveys, inspections and certificate issuance on flag states.
For practical reasons, the convention (and other conventions) allow flag states to
delegate such obligations to classification societies under certain conditions. It is
illegal (in most parts of the World) to use a ship without SOLAS (and other conven-
tion) certificates.5
2
For brief, informative introductions to the concept of classification and the history thereof, see
e.g., Boisson (1994), p. 363; Lagoni (2007), part 1 (including the historical development of CSs in
part 1. A. II.), and Basedow and Wurmnest (2005), part 1. General information on classification
societies can be found in Goebel (2018). Interesting information can also be found on the website
of the International Association of Classification Societies, www.iacs.org.uk.
3
See e.g. Basedow and Wurmnest (2005), p. 8 f.
4
International Convention for the Safety of Life at Sea, 1974, as amended. For an overview of its
content and history, see http://www.imo.org/en/About/Conventions/ListOfConventions/Pages/
International-Convention-for-the-Safety-of-Life-at-Sea-%28SOLAS%29%2c-1974.aspx.
5
The method for achieving this differs in the conventions. The two main methods are that the con-
vention obligates (ratifying) flag states to ensure that ships flying their flag obtain the proper certifi-
cates and that the convention requires ratifying states to deny ships not in possession of certificates
Public Function Liability of Classification Societies 215
Broadly speaking, negligent class certification may give rise to two different kinds
of claims; claims by the owner based on the contract between the CS and the owner
for mal-performance of the contract and claims raised by third parties, such as for
instance ship buyers or cargo owners.
The major problem with regard to claims based on the contract between the
owner and the CS—seen from the point of view of the owner—is that these claims
will often be subject to limitation of liability clauses.7
With regard to claims raised by third parties, the third party may seek to rely on
tort law but in many legal systems, recovery for pure economic loss in tort will be
ruled out as a starting point.8 And even if the claim is for loss suffered due to p hysical
injury, the third party must show that recovery of the third party comes within the
under the convention in question access to its ports or to detain ships calling at their ports. SOLAS
is ratified by 163 states representing over 99% of the World’s tonnage, cf. http://www.imo.org/en/
About/Conventions/StatusOfConventions/Documents/Status%20of%20Treaties.pdf.
6
The implications of the difficulties in drawing the line between private and public certification
will be further explored below in Sect. 4.
7
As an example, the case of the Sundancer could be mentioned (799 F Supp 363, 1992 AMC 2946
(SDNY 1992), and for an analysis of the exemption clause in the case, see e.g. Honka (1994),
pp. 1, 15.
8
In German law this follows from §§ 823 ff BGB, limiting the liability for pure economic loss to
certain specific situations. In English law, as a general rule, the doctrine of pure economic loss bars
recovery for this type of loss.
216 V. Ulfbeck and A. Møllmann
protective purpose of the certification rules that have been infringed. As a recent
example of the application of this rule, the Prestige case may be mentioned.9 In this
case, a claim by the Spanish state (as flag state) against ABS (the CS) for environ-
mental damage was rejected on the basis that the CS could not be presumed to have
a duty of care towards the flag state to prevent “reckless” class certification.
Furthermore, to rely on contract law is normally not an option for the third party
because of the principle of privity of contract.10
Thus, several obstacles must be overcome to succeed with a claim based on the
mal-performance of class certification.11 However, as will be shown below, even
greater challenges exist with regard to claims based on negligent public (statutory)
certification.
3.1 Introduction
The international conventions on maritime safety and pollution from shipping place
various obligations on the state parties to ensure the compliance with the
conventions.
For instance, SOLAS chapter I, Part B sets out a number of rules on surveys of
different types of ships and equipment. With regard to performance of these,
Regulation I/6 sets out that the inspections and surveys ‘so far as regards the enforce-
ment of the provisions of the present regulations […] shall be carried out by officers
of the Administration’ (i.e. the flag state government). The second sentence, how-
ever, goes on to allow the Administration to ‘entrust the inspections and surveys
either to surveyors nominated for the purpose or to organizations recognized by it’.
Pursuant to Regulation XI-1/1, the recognized organizations must comply with the
RO Code adopted by the IMO.12
In essence, this means that CSs can become recognized organizations (ROs)13
and a state party to SOLAS can then authorize such ROs (one or more) to perform
9
Reino de Espana v The American Bureau of Shipping, 729 F Supp 2d 63d5 8 SDNY 2010.
10
In some legal systems, this problem has been solved by construing third party rights to rely on
the contract, see e.g. on the concept of the ‘contract with protective effects towards third parties’,
Basedow and Wurmnest (2005), p. 45 ff. In German law this has been accepted in principle, but did
not lead to liability in the concrete case, see OLG Hamburg, 14/6/1990 – 6 U 34/90 (1991)
Versicherungsrecht 476.
11
More recent cases where this has been attempted include the English cases The Nicholas H
[1996] 1 AC 211, [1995] 2 Lloyd’s Rep. 299 (HL) (cargo claim), The Morning watch [1990] 1
Lloyd’s Rep. 547 (pure economic loss). See further e.g. De Bruyne (2015), pp. 221, 223 ff.
12
Resolution MSC.349(92) of 21 June 2013.
13
For the purposes of this chapter, it is only relevant to look at CSs that have in fact been “recog-
nized” and are thus also ROs as otherwise they cannot be authorized to perform flag state obliga-
tions. Throughout the chapter, however, the term CS will be preferred, but this should thus not be
Public Function Liability of Classification Societies 217
its obligations as flag state in respect of surveys and inspections on its behalf. The
CS (RO) when carrying out these functions will then, in fact, be exercising public
functions resting on the flag state.
In the EU, the competence to ‘recognize’ CSs has been taken over by the EU. It
is thus the EU Commission who ‘recognizes’ CSs.14 However, the competence to
authorize ROs to act on behalf of the Member State in its capacity as flag state rests
with the Member States.15 The authorization is normally done by an agreement that
sets out the scope of the authorization and the conditions therefore as well as some
(very limited issues regarding liability).16
When a CS exercises public functions two basic questions arise. One is whether
the CS may—in the same ways as states—enjoy procedural immunity from law
suits in foreign courts.17 The other one is whether the CS—to the extent it can be
sued in some court—enjoys substantial immunity from liability claims, in other
words whether there may be barriers in national law to claims based on the fact the
CS has exercised a public function.18
As explained in Sect. 3.1, in the EU, it is the Member States who have the compe-
tence to decide to delegate the authority to perform surveys and inspections on
behalf of the Member State as flag state. However, when the Member State decides
to do so, it must do so in accordance with Directive 2009/15/EC on common rules
and standards for ship inspection and survey organisations and for the relevant
activities of maritime administrations.19 The directive only to a very limited extent
regulates the potential liability of the RO, namely in relation to the recourse liability
of the RO to the Member State if that state is held liable towards a third party for
actions or omissions attributable to the RO.20 However, in the preamble, recital (16)
states that when an RO issues certificates on behalf of the Member State, the
Member State ‘should consider enabling them [i.e. the ROs], as regards these dele-
gated activities, to be subject to proportionate legal safeguards and judicial protec-
tion, including the exercise of appropriate rights of defence, apart from immunity,
which is a prerogative that can only be invoked by Member States as an inseparable
right of sovereignty and therefore that cannot be delegated’.
The recital thus suggests that ROs should be given some kind of (extra?) protec-
tion from claims when acting in a public capacity, but that this may not be immu-
nity. The question is what the recital really means and what the legal value of it is.
First, it may be asked whether ‘immunity’ refers to procedural or substantial
immunity. While the directive itself does not provide an answer, it seems difficult to
accept that substantial immunity is ‘an inseparable right of sovereignty’ which
would suggest that it is procedural immunity that is intended. This part of the recital
thus presents itself as an interpretation of the public international law principle of
sovereign immunity.
Second, it may be asked what the value is of a statement in a recital which has
not found its way to the articles of the directive. In this respect, it should be noted
that the directive only deals with the liability of the RO in very limited terms.
Questions of liability both for the RO and for the Member State who has delegated
authority to the RO are thus subject to (the otherwise applicable) national law. It is
only the question of recourse by the Member State when it is held liable for the
actions or omissions of the RO that is regulated. Furthermore, issues of immunity
against liability generally is not a matter regulated by EU law, but by the Member
States (including in their application of public international law). It could therefore
be argued that the EU cannot bind the Member States in this manner simply by a
statement in a recital to the directive.21 As stated, this part of the recital seems to be
an interpretation of the principle of sovereign immunity, but it does not seem to be
for the EU to make such an interpretation in the preamble of a directive, but rather
for the Member States to legislate on or its courts to apply in a liability case against
the RO. For this reason, the following sections describe the various approaches that
have been adopted in different national legal systems.
20
Art 5(2).
21
In the Al-Salam Boccaccio 98 case, see below n 65, the Italian court held that the recital had no
binding force under Italian law because the Italian legislation implementing the directive had not
transformed its content into a positive law provision, see Siccardi (2013), pp. 41, 66 available at
www.shippinglbc.com/content/uploads/members_documents/Webfile_-_Classification_Societies.
pdf.
Public Function Liability of Classification Societies 219
When a CS carries out statutory certification on the basis of an agreement with the
flag State, it carries out a public task and exercises public authority. In other words,
it carries out the tasks that would have otherwise been performed by the state. If the
state had carried out these tasks, it would have been immune from law suits for mal-
performance in foreign courts. Thus, it is a basic principle under international law
that states cannot be sued in foreign courts since this would conflict with the prin-
ciple of state sovereignty.22 The principle applies both to criminal and civil liabili-
ty.23 For this reason, it could be argued that when the CS carries out the tasks of the
state also the CS should be immune from law suits in foreign courts. This view has
been put forward in some recent cases and has been accepted by various national
courts.
The Erika case24 is a good example. The case concerned oil pollution off the
French coast caused by the vessel Erika sailing under Maltese flag. Erika had been
class certified by the Italian RINA (private certification). RINA had also acted as
RO for Malta and issued an International Safety Certificate (statutory certification).
In this case, the French state sued RINA claiming damages on the basis that the oil
pollution was caused (in part) by negligent class certification on the part of
RINA. RINA claimed procedural immunity since it had acted as RO for Malta. In
the first instance, the French Tribunal Correctionnel found that RINA did not enjoy
procedural immunity since the inspections and certification of the vessel had been
performed in the interest of the vessel owner (i.e. private certification).25 However,
the Cour d’Appel found that certificates issued by a classification society acting as
RO were ‘actes de puissances publiques’ and not simple administrative acts (‘actes
de gestion’).26 For this reason, RINA was able to claim (procedural) immunity.27
It is thus apparent that liability litigation against a CS encounters the risk that the
CS is protected by procedural immunity (unless the CS has waived its immunity).
Consequently, in order to be sure that the claim against the CS is not dismissed on
procedural grounds, the CS must be sued in the authorizing state (flag state) which
is the only state in which the CS with certainty does not enjoy procedural
immunity.
This raises the question of whether the courts of the flag state have jurisdiction in
a case against the CS. The answer will depend on the jurisdiction rules of that state.
22
See UN Convention on Jurisdictional Immunities of states and Their Property, 2005.
23
See Shaw (2008), p. 699.
24
The case of the Erika, Tribunal de Grande Instance Paris, January 16, 2008, no 9934895010,
p 1-358, The case of the Erika, Cour d’Appel Paris, March 30, 2010, no RG 08/02278-A, p 1-487,
The case of the Erika, Cour de Casssation, September 25, 2012, no H 10-82.938.
25
The case of the Erika, Tribunal de Grande Instance Paris, January 16, 2008, no 9934895010, 276.
26
The case of the Erika, Cour d’Appel Paris, March 30, 2010, nr. RG 08/02278-A, 232.
27
On the blurring of the line between the public and the private function of the CS in this case, see
further infra in Sect. 4.4. Another example where procedural immunity was granted can be found
in the Italian case Al-Salam Boccaccio 98, see infra Sect. 4.4.
220 V. Ulfbeck and A. Møllmann
If under the jurisdiction rules of the flag state the courts of that state do not have
jurisdiction to hear a case against the CS, potential claimants will, thus, not have
access to any venue in which they can sue the CS if the CS enjoys procedural immu-
nity in the other relevant venues.
In Europe, the question of jurisdiction for tort claims in general is regulated by
Regulation (EU) No 1215/2012 on jurisdiction and the recognition and enforcement
of judgments in civil and commercial matters.28 The Regulation applies to ‘civil and
commercial matters’, article 1(1). However, it ‘shall not extend, in particular, […]
to the liability of the State for acts and omissions in the exercise of State authority
(acta iure imperii)’, ibid. It is probably questionable that this will be interpreted by
the CJEU to also cover a situation where it is the liability of a CS acting on behalf
of the state which is at issue.29 It cannot therefore be said with certainty whether
Regulation (EU) No 1215/2012 will apply to a case of this kind.30 If the Regulation
applies, the general rule is that persons domiciled in a Member State must be sued
in that state, article 4(1).31 If the regulation does not apply, the national rules on
jurisdiction of most states, it is submitted, also grant jurisdiction for claims against
persons (including legal persons) domiciled in that state. In this connection, it is
important that many agreements by which flag states authorize CSs to act on their
behalf, include a provision that the CS must establish a local representation to estab-
lish legal personality in the flag state and ensure the competence of that state’s
courts.32 It must thus be assumed that there will often be jurisdiction for a liability
claim against a CS in the courts of the flag state that has authorized the CS to act on
its behalf.
As will be apparent, the procedural immunity defense may severely limit the
extent to which it is possible for a third party to sue a CS performing public func-
tions in another state than the flag state. However, even when it is possible procedur-
ally to sue, such a suit may encounter further obstacles in the form of substantial
immunity as will be developed in the following part.
28
[2012] OJ L 351/1.
29
Recital (16) of Directive 2009/15/EC would suggest that the EU Commission would take the
stance that these two situations are not to be treated as equal. See above, Sect. 3.2.
30
A deeper analysis of this issue falls outside the scope of the present chapter.
31
In tort cases, the tortfeasor may also be sued in the courts of the place where the harmful event
occurred, art 7(2). For present purposes this will only be the case if the accident by chance occurs
in the territory of the flag state. In respect of persons not domiciled in a Member State, jurisdiction
is to be determined on the basis of the national law of each Member State.
32
Dir 2009/15/EC, Art. 5(3) allows for this type of provision. As an example, see the Danish RO
Agreement, n 16, cl 5.2.
Public Function Liability of Classification Societies 221
3.4.1 Introduction
Suing a classification society may also give rise to issues of substantial immunity.
Thus, as was seen in the cases concerning procedural immunity, the classification
society carrying out public functions may be seen as in one way or the other repre-
senting the state. This raises the question whether principles of substantial liability
immunity (or limited immunity) applying to the state also applies to the classifica-
tion society, or whether the classification society will be subject to other liability
principles. Different models apply in different legal systems.
In the US, the starting point is governmental immunity from tort law liability.33
Moreover, the principle applies not only to public entities but—under certain condi-
tions—also to private entities fulfilling the role of the public entity.34 The doctrine
of sovereign immunity has historical roots back to the idea that ‘the King can do no
wrong’. Today, this principle has been modified. Several exceptions apply. Thus, in
the US, governmental immunity has to some extent been waived through the Federal
Tort Claims Act (FTCA)35 and through the Suits in Admiralty Act (SIAA).36 The
SIAA applies if the CS acts on behalf of the US and if the act constitutes an action
in admiralty.37 A claim lies in admiralty if the issue relates to traditional maritime
activity.38 It must be assumed that the question of the liability of statutory certifiers
of vessels is an issue that is related to traditional maritime activity and that conse-
quently, the SIAA is applicable (as lex specialis). This means that as a starting point,
the principle of governmental immunity from liability does not apply to a
CS. However, the waiver of immunity is limited to certain cases. Thus, under the
FTCA, the waiver of immunity does not apply to cases of ‘discretionary function’.39
The reason for this is that discretionary function involves an element of choice
which according to the separation of powers-principle should be left to the admin-
istration or the legislator.40 The SIAA does not contain an explicit discretionary
function exemption. However, case law has established an implied discretionary
33
Lagoni (2007), p. 243, fn 930 with reference to Craig (2005), vol 1, § 1-1.
34
Yearsley v W.A. Ross Construction Co 309 US 18 at 20–21 (US 1940).
35
28 U.S.C. § 2674.
36
46 U.S.C. App. § 742.
37
Lagoni (2007), p. 244.
38
Ibid., 245.
39
28 U.S.C. § 2680 (a).
40
Lagoni (2007), p. 247.
222 V. Ulfbeck and A. Møllmann
function limitation of liability in the SIAA.41 On this basis, it must be assumed that
a CS acting on behalf of the government enjoys immunity from liability when it
carries out statutory certification.42 In other words, the principle of immunity is
transferred from the state to the CS.43
In German law, the question of the liability of the CS when exercising public func-
tions is linked to the question of state liability according to § 839 para 1 of the Civil
Code (Bürgerliches Gesetzbuch; BGB) and art 34 para 1 of the Basic Law
(Grundgesetz; GG). According to § 839 para 1 BGB, the state (the public authority)
is liable for its officials (Beamte) exercising public functions on its behalf. At the
same time, it is only the public authority which becomes liable, not the official
itself. This follows from art 34 para 1 GG. In other words, to the extent a CS may be
regarded an ‘official’ in the sense of § 839 para 1 BGB, it may be exempted from
liability.44 Consequently, the concept of an ‘official’ under § 839 para 1 BGB
becomes crucial. The concept is not narrowly defined. In addition to employees, the
concept covers persons who have been given a certain public function (Beliehene)
and also aides of the administration (Verwaltungshelfer), i.e. certain independent
contractors carrying out tasks for the administration. It has been accepted in case
law that licensed motor vehicle experts by issuing attestations that motor vehicles
live up to public law rules on safety exercise a public function to ensure safety of
traffic and that these experts are therefore so closely integrated in the administrative
functions that they can be regarded as part of the administration (‘officials’) for the
purpose of § 839 para 1 BGB.45 On this basis, it could be argued that also a CS
should be regarded as a public official exercising public tasks under § 839
BGB. However, the status of the classification society when exercising public tasks
is unclear under German law and it has been pointed out that a foreign classification
society may not qualify as an official or Beliehener under § 839 BGB since foreign
entities cannot be assigned functions of public authority.46 In this case, the CS would
41
Ibid, 247, fn 953.
42
Ibid, 248.
43
Another example of CS liability immunity created via governmental immunity is represented by
Bahamian law. Thus, according to the Bahamian Merchant Shipping Act, 1976 (with later amend-
ments), § 275 any government appointee is immune from liability for issuing certificates in good
faith. In Sundancer, above n 5, it was a held that a CS was included in the sphere of immunity.
Consequently, under Bahamian law, the extent to which a CS can be held liable is limited in the
same way as the liability of the public authority, Honka (1994), p. 18.
44
The elimination of the liability of the ‘official’, also when the official is a private party exercising
public functions, was recently confirmed in BGH, 9/10/2014 – III ZR 68/14 (2014) Neue Juristische
Wochenschrift 3580.
45
See e.g. BGH, 30/11/1967 – VII ZR 34/65 (1968) Versicherungsrecht 200; BGH, 25/3/1993 – III
ZR 34/92 (1994) Versicherungsrecht 216.
46
See Peets et al. (2016), SeeArbG § 135 margin notes 1 f.
Public Function Liability of Classification Societies 223
The question of the public function liability of the CS has never been tried in
Scandinavian case law. However, in legal writing it has been argued that the CS
should be subject to a professional liability standard.50 In general, a professional
liability standard would be stricter that an ordinary negligence standard. It is also
emphasized that the professional liability standard should apply regardless of
whether the state would be subject to a milder liability standard or no liability at
all.51 It is explicitly stated that ‘there seems to be no valid grounds for rejecting
liability’ towards passengers, crew members and landowners.52
3.5 Summing Up
47
Lagoni (2007), p. 252.
48
The dictum is in the case The Nicholas H [1996] 1 AC 211, [1995] 2 Lloyd’s Rep 299 (HL) (n 6).
See also Lagoni (2007), p. 237.
49
Lagoni (2007), p. 237.
50
Krüger (1991), pp. 273, 279, 280, 286.
51
Ibid., 277 with reference to Norwegian preparatory works.
52
Ibid., 286. See also Honka (1994), p. 30 ff, making reference to Krüger, but finding that reliance
and control become the real issue.
224 V. Ulfbeck and A. Møllmann
liability had it carried out the task itself. In particular, this approach is found in US
law. Also in German law, a CS may be exempted from liability when it exercises
public functions but this is on a different basis. Under German law, the line of
thought is a ‘respondeat superior’ line of thought implying that the ‘public official’
is relieved from liability when acting on behalf of the state because the state becomes
liable instead. The UK represents a third model according to which a public entity
is subject to the same liability rules as a private. No special principles of govern-
mental immunity apply. This also means that no such rules protect the CS even if it
exercises public functions. Under UK law, a CS can primarily be held liable in
personal injury cases. Apparently, only in the Scandinavian legal systems has it
been argued (in academic writing) that the CS should be subject to a professional
liability regime and that it should be possible to hold liable the CS for the exercise
of public functions regardless of whether the public authority behind would have
been liable had it carried out the task itself.53 Until now, this position has not been
confirmed in case law.
4 T
he Blurring of the Distinction Between Private
and Public Function and Liability Consequences
4.1 Introduction
Seen in light of the fact that additional defenses against liability seem often to be
available to a CS exercising public functions, the question of how to define public
functions as opposed to private functions becomes relevant. In this respect, it is
interesting to note that the distinction in fact seems to become increasingly blurred
both in case law and in legislation.
4.2 T
he Interplay and Overlap Between Private and Public
Certification
The failure to live up to both the private and the public standards may in fact lead to
the same types of losses. Thus, if a vessel does not live up to the technical standards
of a CS, the vessel may not be seaworthy and may risk sinking. The same is true if
the vessel does not live up to the public law standards. If a vessel sinks, damage may
be caused to the owner of the ship, mortgagees, owners of cargo on board the ship,
passengers and the environment if the vessel for instance leaks oil.
In line with this, the Danish Safety at Sea Act even has a provision which explicitly states that the
53
Danish Maritime Authority is not vicariously liable for a CS that it has authorized.
Public Function Liability of Classification Societies 225
Thus, private certification may also serve a public function and public certifica-
tion may serve a private function. This sentiment is reinforced by SOLAS itself. As
described in Sect. 3.1, SOLAS sets out a large number of requirements as to the
safety of ships, and it obliges the flag states to carry out various surveys and inspec-
tions and to issue certificates in this regard. These tasks are clearly public functions.
However, SOLAS further requires that ships ‘shall be designed, constructed and
maintained in compliance with the structural, mechanical and electrical require-
ments of’ an RO.54 Ships may alternatively comply with national standards of the
flag state which ‘provide an equivalent level of safety’, but few, if any, flag states
have issued such national standards. While the development of structural, mechani-
cal and electrical requirements (the ‘rulebook’) is clearly performed as a private
function by the RO, it is a statutory requirement that ships comply with such a rule-
book. Thus, a ship cannot obtain certificates under SOLAS unless it complies with
the rulebook of an RO. It should be noted that it is not a requirement that a ship is
in class, that is, that it is certified by an RO that the ship complies with its rulebook,
but the shipowner must be able to document that the ship complies with the rule-
book. A certificate to verify the compliance of the ship with an RO’s rulebook may
thus be issued by the flag state authorities. In practice, however, almost all ships are
classed, and the RO thus issues a class certificate and—if it has been authorized by
the flag state—inter alia on the basis thereof issues certificates under SOLAS.
Maintaining a very strict distinction between the public and private functions of
the RO can in these circumstances seem strained. This seems to be reinforced by
developments in recent international legislation and case law as will be described in
the following sections.
In 2013, the IMO adopted a Code for Recognized Organizations.55 The RO Code
sets out minimum requirements which CSs must fulfil in order for flag states to
recognize and authorize them to act on their behalf as well as guidelines for the
oversight of the ROs by flag states.56 Notably, the Code does not deal with the liabil-
ity of the RO neither towards its customer nor towards third parties.57
The Code states that it applies to ROs when they perform ‘statutory certification
and services on behalf of’ the flag state.58 The term ‘Statutory certification and
54
Reg II-1/3-1.
55
Resolution MSC.349(92) of 21 June 2013.
56
Part 1, reg 1.
57
Appendix 3 sets out elements to be included in an agreement between the flag state and the
RO. Item 8.4 simply states ‘Liability’. However, the footnote indicates that this mainly refers to the
potential recourse of the state against the RO in case the state is held liable for loss or damage
caused by any negligent act or omission of the RO.
58
e.g. Part 1, regs 2.1.1 and 2.2.2.
226 V. Ulfbeck and A. Møllmann
services’ has a lengthy definition set out in Part 2, regulation 1.1.3: ‘certificates
issued, and services provided, on the authority of laws, rules and regulations set
down by the Government of a sovereign State. This includes plan review, survey,
and/or audit leading to the issuance of, or in support of the issuance of, a certificate
by or on behalf of a flag State as evidence of compliance with requirements con-
tained in an international convention or national legislation. This includes certifi-
cates issued by an organization recognized by the flag State in accordance with the
provisions of SOLAS regulation XI-1/1, and which may incorporate demonstrated
compliance with the structural, mechanical and electrical requirements of the RO
under the terms of its agreement of recognition with the flag State’. This is a very
wide definition. The final sentence seems clearly to indicate that the RO is also per-
forming ‘statutory certification and services’ when it conducts surveys and issues a
class certificate, i.e. certifying that the ship is in class in accordance with the RO’s
own rulebook. This would seem to mean that the RO’s issuance of a class certificate
is also considered under the RO Code to be performed ‘on behalf of the flag state’.59
This has been objected to by the EU.60 Directive 2009/15/EC61 distinguishes very
clearly between ‘statutory certificates’ and ‘class certificates’ which are defined in
article 2, lit i) and k) respectively. After the adoption of the IMO RO Code, the
European Commission adopted the Commission Implementing Directive 2014/111/
EU amending Directive 2009/15/EC with regard to the adoption by the International
Maritime Organization (IMO) of certain Codes and related amendments to certain
conventions and protocols.62 The interesting part in the present context is the pre-
amble in which the Commission analyzes how the RO Code (and the so-called III
Code) differ from the Directive and Regulation (EU) No 391/2009. Recital (21)
makes it clear that this distinction is to be maintained and that the certificates have
different natures. Statutory certificates have a ‘public nature’ while class certificates
have a ‘private nature’. Thus, class certificates ‘are documents of a strictly private
nature which are neither acts of a flag State nor carried out on any flag State’s
behalf’. It is specifically set out that this is also the case even when the class certifi-
cate is verified by a flag state as proof of compliance with the requirement in SOLAS
that the ship must comply with the rulebook of an RO.
The RO code and the EU instruments thus take very differing standpoints as to
the nature of class certification. Whereas the EU instruments consider such certifi-
cation as being of a strictly private nature, the RO Code does not seem to differenti-
ate between statutory and class certification. Neither of the instruments deal with
the liability of ROs towards third parties. However, as shown above, further defenses
in the form of immunity may be available to the RO when acting on behalf of the
flag state and the distinction thus becomes relevant also in relation to the liability
questions. The instruments may therefore rub off on the liability issue. Seen in this
light, it is an interesting development that the RO Code seems to include class
59
De Bruyne (2015), p. 237.
60
See also ibid.
61
Above text to n 13 ff and Sect. 3.2.
62
[2014] OJ L 366/83.
Public Function Liability of Classification Societies 227
c ertification in its definition of ‘statutory certification and services’. This may have
been influenced by the SOLAS requirement that ships must comply with the rule-
book of an RO.
Similar blurring of the line between private and public functions of the RO as a
result of the difficulty of categorizing class certification can be seen in The Erika
case.63
Interestingly, in this case as described above, the fact that it was the class certifi-
cation service that had been negligently performed did not seem to be of impor-
tance. In this context, the court placed emphasis on the fact that by virtue of the
SOLAS convention class certification is a precondition for statutory certification.
For this reason, class certification plays a role in improving safety at sea and thus
serves the public interest.64 Thus, according to this decision, the defense of proce-
dural immunity seems applicable (under French law) also to claims based on negli-
gent class certification (and not only to statutory certification). In other words, a
public function defense is being pulled into a private function claim.
Similar arguments were forwarded in The Al-Salam Boccaccio 98 case.65 The
Al-Salam Boccaccio 98, flying the Panamanian flag, sank in 2006 in the Red Sea
leading to the tragic loss of more than 1000 lives. The ferry had previously flown the
Italian flag. The Italian RO RINA had throughout acted as CS, issuing class certifi-
cates, and had also acted as RO, issuing statutory certificates, first on behalf of Italy
and after the flag change on behalf of Panama. An association of victims’ families
sued RINA in damages in the Italian courts. The plaintiffs claimed inter alia that
RINA had acted negligently when performing the class certification. RINA claimed
procedural immunity because it claimed to have acted as an RO on behalf of a flag
state. The City Court of Genova found that RINA was protected by procedural
immunity. Interestingly, the court held that no distinction should be made between
statutory and class certification in this regard, inter alia considering that class certifi-
cates are required for each ship to sail.66 It would seem that the court thus placed
emphasis on the SOLAS requirement that ships must comply with the rulebook of
an RO.
63
See n 24.
64
De Bruyne (2015), p. 228.
65
Abdel Naby Hussein Maboruk Aly v RINA s.p.a., Tribunale di Genova, 8/3/2012, no. 9477/2010.
The present mention of this case is based on the summaries of the case by Siccardi (2013), p. 62 ff,
De Bruyne (2014), p. 217 f and De Bruyne (2015), p. 231 f.
66
Siccardi (2013), p. 65; De Bruyne (2015), p. 232.
228 V. Ulfbeck and A. Møllmann
5 Conclusion
References
De Bruyne, J. (2015). Liability of classification societies. Developments in case law and legis-
lation. In M. Musi (Ed.), New challenges in maritime law: De lege lata et de lege ferenda
(p. 221). Bologna, Italy: Bonomo.
De Bruyne, J., & Vanleenhove, C. (2014). An EU perspective on the liability of classification soci-
eties. Selected current issues and private international law concerns. Journal of International
Maritime Law, 20, 103.
Finke, J. (2010). Sovereign immunity: Rule, comity or something else? European Journal of
International Law, 21, 853.
Furger, F. (1997). Accountability and systems of self-governance: The case of the maritime indus-
try. Law & Policy, 19, 445.
Goebel, F. (2018). Classification societies: Competition and regulation of maritime information
intermediaries. Münster, Germany: LIT Verlag.
Honka, H. (1994). The classification system and its problems with special reference to the liability
of classification societies. Tulane Maritime Law Journal, 19, 1.
Krüger, K. (1991). Fault liability for classification societies towards, third parties? In L. Gorton,
J. Ramberg, & J. Sandström (Eds.), Festskrift til Kurt Grönfors (p. 271). Stockholm, Sweden:
Nordstedts.
Lagoni, N. (2007). The liability of classification societies. Berlin, Germany: Springer.
Orakhelashvili, A. (2015). Research handbook on jurisdiction and immunities in international law.
Cheltenham, England: Edward Elgar.
Peets, R., Bubenzer, C., & Mallach, E. (2016). Seearbeitsgesetz. Baden-Baden, Germany: Nomos.
Pulido Begines, J. L. (2005). The EU law on classification societies: Scope and liability issues.
Journal of Maritime Law and Commerce, 36, 487.
Shaw, M. N. (2008). International law (6th ed.p. 699). New York: Cambridge University Press.
Siccardi, F. (2013). Immunity from jurisdiction are CS entitled to it (a) as recognized organisa-
tions acting for flag states (b) when performing class services. In: Conference paper in the
conference material Classification Societies’ regulatory regime and current issues on liability,
London Shipping Law Centre, 21 February 2013, p 41.
Liability of Rating Agencies Under
German and European Law
Axel Halfmeier
1 Introduction
In the aftermath of the financial crisis that culminated in the Lehman Brothers col-
lapse in 2008, one of the many issues was the role of rating agencies in the develop-
ment of the crisis. These rating agencies act globally and have developed a lucrative
business model that is usually described as “solicited rating” or “issuer pays” rating.
In this model, banks or other financial institutions develop financial “products” that
are structured in complex and mathematically sophisticated ways. The arranging
bank then contracts with the rating agencies to receive a rating of the “product”, in
return for a fee. With this rating, the arranging bank can then sell its “product” to
investors—mostly institutional investors, but occasionally also retail investors.
Investors are often inclined to buy only investments with a certain quality or risk
category that is signified by the rating. Some investors may even have internal rules
under which they are obliged to buy only financial products with a certain rating.
In the process of “solicited ratings”, it was common—at least before 2008—to
see a wondrous transition from rather speculative assets or casino-type bets and
options to “AAA” rated financial products.1 This transition was achieved by certain
mathematical operations and highly complex structures of the products, structures
that were incomprehensible to all but a few experts in mathematics.
However, if one looks at the incentive structures of such “solicited rating” con-
tracts, the transition from junk to gold becomes less astonishing: If the “producer”
1
The rating “AAA” is used in one of the usual rating systems as the grade for the most secure
investments possible, such as government bonds of highly respected and economically successful
countries.
A. Halfmeier (*)
Leuphana Law School, Leuphana University of Lüneburg, Lüneburg, Germany
e-mail: axel.halfmeier@leuphana.de
pays the rating agency good money for the rating, there is a strong interest on both
sides to arrive at a good rating: The producer can sell his product better—or in many
cases only—if the “AAA” stamp by a well-known rating agency is attached to the
product. The rating agency has an interest to keep its customers happy, so that they
come back with more business.2 Accordingly, there is a strong incentive to simply
give the good rating without asking too many questions—unless there is something
to lose by publishing wrong ratings.
Interestingly, the employees at Standard & Poor’s, one of the leading rating
agencies, were themselves astonished how well their business model of turning junk
into gold was working: “Let’s hope we are all wealthy and retired by the time this
house of cards falters”, as a senior S&P employee put it.3 In the literature, it is esti-
mated that 80% or even 90% of the rating agencies’ income comes from “issuer
pays” rating activity.4
In a corporate law context, the German Higher Regional Court of Dusseldorf has
even argued that because of the conflict of interest for the rating agency in “issuer
pays” situations, such ratings could not be relied on at all and that it is negligent for
a company’s executive to make investment decisions based solely on such ratings.5
In economic literature, there is broad discussion regarding the incentive structure
in such circumstances, in particular with a view to the “reputation risk” for rating
agencies that deliver false or careless ratings. There seems to be some evidence that
under the specific market situation of rating agencies and the oligopolistic structure
of the ratings market, these reputational risks are rather low.6 This means that even
if ratings are unreliable, this will not affect the rating agencies’ business. This the-
ory with respect to the lack of reputational risks is supported by recent historical
evidence: Notwithstanding the false ratings of “AAA” regarding many financial
products in the pre-crisis era, the large rating agencies have come out of the crisis
without losing their large market shares.
Liability for false ratings towards investors who suffered losses could therefore—
at least as a theoretical possibility—act as an additional incentive to be more careful
in the “solicited ratings” business model. There are several court cases in which this
issue was discussed after the financial crisis. Most notably, Australian courts handed
down judgments against Standard & Poor’s in which they accepted large damage
claims by investors based on “unreasonable, unjustified and misleading ratings”.7
Australian investors had trusted into the “AAA” ratings given by S & P with regard
to structured financial instruments that proved to be rather worthless. In her
2
Regarding this conflict of interest see e.g. Darcy (2009), p. 605.
3
Taibbi (2013).
4
Dreher and Ballmaier (2015), pp. 1357, 1359 with fn 30 with further references.
5
OLG Dusseldorf, 9.12.2009, 6 W 45/09 – IKB, (2010) Zeitschrift für Wirtschaftsrecht (ZIP) 28.
6
See the comprehensive description of the relevant incentive and interest structures by Kumpan
(2009), p. 261.
7
Full Federal Court of Australia, 6.6.2014, ABN AMRO Bank NV v. Bathurst Regional Council
[2014] FCAFC 65, 224 FCR 1, with case notes by Sahore (2015), p. 437 and Harding-Farrenberg
and Donovan (2015), p. 91.
Liability of Rating Agencies under German and European Law 233
1 000-pages opinion, the trial judge had described the construction of these securi-
ties as “grotesquely complicated”.8
In this case, Australian procedural law allowed a discovery procedure which
resulted in the disclosure of e-mails and other documents that were seen as evidence
that S & P as well as the issuing bank knew or should have known the mathematical
flaws in the “AAA” ratings. Based on this evidence, European investors also brought
proceedings against S & P, which were settled in 2016 before the High Court in
London; the details of the settlement are confidential. Smaller claims against S & P
were also brought before German courts.9 In the US, the federal government sued
Standard & Poor’s for alleged false ratings and reached a settlement over the amount
of US-$ 1.5 billion.10
Apart from and beyond these individual cases, the issue of rating agencies’ lia-
bility remains relevant for the future. An adequate liability regime may create useful
incentives for these agencies, which can, in principle, serve a useful function within
the economy: It is not very efficient if each individual investor tries to individually
evaluate the quality and risk category of a possible investment. If one could rely on
rating agencies to perform their task adequately, they would act as trustworthy pro-
fessional intermediaries and thus save substantial amount of transaction costs which
would be economically beneficial.11
Before this background, this chapter looks into specific aspects of the current
liability regime for rating agencies, namely issues of jurisdiction (Sect. 2) and con-
flicts of law (Sect. 3) as well as the recent introduction of relevant substantive law
in the European Union (Sect. 4). As the new EU legislation has not yet had much
practical relevance, German law will also be covered as an example for a possibly
applicable EU Member State’s law (Sect. 5).
2 Jurisdiction
The bigger rating companies typically have their headquarters in New York, so that
the issue of jurisdiction becomes relevant for cases brought before EU Member
States’ courts. The EU Brussels I Regulation12 very often will not apply, as the
defendant has its seat outside the EU. This means that the national jurisdictional
rules of the forum state will apply and that even “exorbitant” grounds for
jurisdiction—mentioned in Article 5(2) Brussels I Regulation—may be used against
8
Federal Court of Australia, 5.11.2012, Bathurst Regional Council v. Local Government Financial
Services Pty Ltd (No 5) [2012] FCA 1200.
9
See e.g. Bundesgerichtshof, 13.12.2012, (2013) Neue Juristische Wochenschrift 386.
10
See Pacces and Romano (2015), pp. 673, 675.
11
On the important economic function of rating agencies see e.g. Lehmann (2011), pp. 60, 61 f;
Pacces and Romano (2015), p. 673 f with further references.
12
Reg (EU) 1215/2012 on jurisdiction and the recognition and enforcement of judgments in civil
and commercial matters, [2012] OJ L 351/1.
234 A. Halfmeier
the defendant. For example, the German Federal Court decided that the much-dis-
cussed asset-based jurisdiction rule of § 23 ZPO (German Civil Procedure Code)
was sufficient to provide jurisdiction against a US rating agency because the agency
held assets within Germany and the claimant was domiciled in Germany.13
3 Conflicts of Law
13
Bundesgerichtshof, 13.12.2012, (2013) Neue Juristische Wochenschrift 386, 387.
14
[2008] OJ L 177/6.
15
[2007] OJ L 199/40.
16
ECJ, 17.11.2011, Case C-412/10 Homawoo v GMF, ECLI:EU:C:2011:747, paras 33 and 36.
17
In this sense, see the English decision of Alliance Bank v. Aquanta, [2012] Lloyd’s Law Reports
181 (Q.B.D. 2011); see also Knöfel (2016) margin note 10; Halfmeier (2015) margin note 5.
Liability of Rating Agencies under German and European Law 235
“expert liability” under certain conditions as contractual.18 This view is rooted to the
German case law on “contracts with protective effect for third parties” that was
developed by German courts and doctrine in order to cope with perceived deficien-
cies in German tort law.19 The idea here is that the contract between the issuer of the
securities and the rating agency creates a protective effect for third parties—the
investors—in the sense that they could bring claims in a similar way as the contract-
ing party can, making these claims “contractual” in a broader sense.
However, the Rome I and II Regulations must be interpreted autonomously from
a EU perspective and not through the lens of particular private law systems. In order
to define “contractual” obligations, the European Court of Justice often speaks of an
obligation that is “freely assumed” by the debtor in relation to the other party.20 In
the context of experts’ liability vis-á-vis third parties, this is typically not the case:
The expert may freely assume an obligation to act diligently in relation to his con-
tracting partner by whom he is paid. In relation to—possibly very many—third
parties, it would not be adequate to say that such obligations are “freely assumed”
by the expert. Therefore, expert liability towards third parties is—in a comparative
and European perspective—rather a question of tort law, so that the Rome II
Regulation is to be applied.21
None of the special conflict rules in Articles 5 to 9 Rome II Regulations are relevant.
In particular, “product liability” in the sense of Article 5 Rome II Regulation is
meant to cover only physical products.22 This means that notwithstanding the usual
bankers’ lingo of “financial products”, non-contractual liability in the area of finan-
cial services comes under the general conflicts rule in Article 4 Rome II Regulation.
According to Article 4(1) Rome II Regulation, the applicable law is that of the
“country in which the damage occurs”. Investors who suffer losses due to false rat-
ings have only financial damage, not physical damage. For such purely financial
losses, the “country in which the damage occurs” is notoriously hard to determine.
The reason for this is that Article 4(1) Rome II Regulation presupposes a geographi-
cal location of the “damage”. Such a geographical approach may be feasible in case
18
OLG Hamburg, 21.5.1981, (1983) Versicherungsrecht 350 (bank’s third party liability for false
information); OLG Köln, 17.9.1993, (1993) Recht der Internationalen Wirtschaft 1023, 1025
(bank’s third party liability in money transfer situation); Magnus (2002) margin no. 37 with further
references.
19
See on this development in Germany Bussani and Palmer (2003), p. 150 f.
20
ECJ, 20.1.2005, Case C-27/02 Petra Engler v Janus Versand, ECLI:EU:C:2005:33, paras 50 and
51; ECJ, 14.3.2013, Case C-419/11 Česká spořitelna v. Feichter, EU:C:2013:165, paras 46 and 47.
21
This is also the prevailing view in more recent German literature, see van Hein (2011) margin
note 10; Dutta (2009), pp. 293, 294.
22
Junker (2018) margin note 13.
236 A. Halfmeier
of physical damage, because physical events do have a location in space. With finan-
cial losses, it is different, because the idea of “wealth” or “money”—unless we are
talking of tangible coins and paper money, which typically are not involved in
investment cases—is not physical, but relies on social and legal constructions.
When I get a letter in my home in Frankfurt, sent from my Swiss bank with a bank
statement that shows large losses on my account that result from trading on the
New York stock exchange, where is the damage geographically located?
The answer to this question cannot be based on a literal interpretation of the
Regulation, but needs to be supported by normative standards concerning the regu-
latory interests at stake. For example, if a certain investment offer is tailored to
German investors as a target group, there may be good reasons why German law
should govern the question of non-contractual liability, even if—for example—one
of the buyers uses a Swiss bank account for the transaction. The question of what is
the adequate liability regime should not depend on contingent factors such as the
bank accounts involved.
Unfortunately, the European Court of Justice has not—at least not explicitly—
given much consideration to such a normative approach. Relevant cases come
mainly from the EU law of jurisdiction, where jurisdiction in tort cases can also be
based on the place of the damage.23 In this context, the ECJ has decided that the
place of financial damage is located “where the investor suffered it”, which is speci-
fied further as the investor’s domicile if the loss occurred in a bank account held
with a bank established in that same country.24
Even though this case law on the localisation of the place of damage is much
discussed and far from settled,25 it leads at least for the moment to the conclusion
that in the context of Article 4(1) Rome II Regulation, purely financial damage can
probably be located at the domicile of the victim of the alleged tort, unless there are
foreign bank accounts or other special factors involved. This would mean that the
victim’s home law would be applicable.
On the other hand, some authors argue that a “market-place” principle should be
applied with regard to rating agencies’ liability, similar to arguments that have been
brought forward in the area of prospectus liability.26 From a normative point of view,
this makes sense: In the area of financial markets, liability law does not only have a
23
Ever since ECJ, 30.11.1976, Case 21/76 Bier v. Mines de Potasse d’Alsace, ECLI:EU:C:1976:166,
paras 24 and 25.
24
ECJ, 28.1.2015, Case C-375/13 Kolassa v. Barclays Bank, ECLI:EU:C:2015:37, paras 54 and
55.
25
See e.g. the very critical comment on the ECJ’s Kolassa decision by Freitag (2015), p. 1165.
26
On rating agencies’ liability see Wagner (2017) margin note 141; with regard to prospectus lia-
bility see Lehmann (2016), p. 318.
Liability of Rating Agencies under German and European Law 237
After the financial crisis, the shady activities of the big rating agencies came into the
legislative focus of the European Union. One of the results was the creation of a
liability provision in Regulation (EC) 1060/2009 (amended in 2013) on credit rating
agencies (“Ratings Regulation”).28 The new Article 35a of this Regulation is titled
“civil liability” and appears as a largely substantive law provision, but with sprin-
kles of conflict rules in it. It has not yet seen any application in practice.
Reg (EC) No. 1060/2009 on credit rating agencies, [2009] OJ L 302/1, as amended by Reg (EU)
28
Article 35a Ratings Regulation has a very limited scope of application: The whole
Regulation, including the civil liability provision, only applies to rating agencies
which are registered in the EU, see Article 2(1) of the Regulation. There is a special
registration process with the European Securities and Markets Authority (ESMA)
described in Articles 14 to 20 of the Regulation. The ESMA keeps a list of these
EU-registered rating agencies.29 That ESMA list shows that of the dominating rating
agencies, only Fitch (with double headquarters in New York and London) is regis-
tered with its group parent company, while Moody’s and Standard & Poor’s have
only registered their European subsidiaries. This means that insofar as the activity
of the US parent companies is concerned, Article 35a Ratings Regulation is not
applicable.
With regard to jurisdiction, Article 35a(4) states that the competent court to
decide on a claim brought by an investor—or even an issuer of financial i nstruments—
shall be “determined by the relevant rules of private international law”. Here, the
term “private international law” is used in the broader sense that is common in the
English-speaking world, that is, it includes both conflict rules and rules regarding
the jurisdiction of courts. Since no new rules on jurisdiction are introduced, the
results outlined above (at Sect. 2) remain valid in principle, although the Brussels I
Regulation will play a bigger role in cases coming under Article 35a Ratings
Regulation, as the potential defendants are all headquartered in the EU.
With regard to the applicable law, Article 35a is less clear. It is not a new conflict
rule, but rather a rule of harmonised substantive law. This is evident from Article
35a(1) which sets out substantive conditions for a liability claim against rating
agencies. Therefore, Article 35a Ratings Regulation could at first glance be imme-
diately applied without the prior determination of an applicable law, similar to uni-
form laws. On a closer look, however, things are not that easy. First of all, Article
35a(4) explicitly orders that the legal terms and concepts employed in the provision
shall be interpreted not as autonomous EU concepts—as it would be the case in
most EU legislation—but according to the “applicable national law as determined
by the relevant rules of private international law.” This means that Article 35a cre-
ates a mixture between a harmonised normative structure and its interpretation
according to the applicable national laws.
This is a rather unusual approach in the area of harmonised substantive law. To
be sure, any uniform law may leave open issues that need to be filled in a given case
with additional national rules. For example, Article 7(2) of the Convention on the
International Sale of Goods (CISG) provides that matters not expressly dealt with in
the uniform law shall be settled in accordance with general legal principles or, as a
last resort, in conformity with the applicable national law. What is striking with
respect to Article 35a Ratings Regulation is that this provision does not even attempt
to harmonise central concepts—such as “gross negligence” or “due care”—but
29
See https://www.esma.europa.eu/supervision/credit-rating-agencies/risk.
Liability of Rating Agencies under German and European Law 239
30
It is therefore unclear why Lehmann (2011), p. 73 argues that certain French laws regarding rat-
ing agencies’ liability cannot be applied because of the EU Ratings Regulation.
31
Reg 1060/2009, Annex III, no I. 42 and 43.
240 A. Halfmeier
With regard to the burden of proof, Article 35a(1) subpara 2 stipulates that the
investor must prove reasonable reliance on the rating when making the investment
decision. We know from other areas of capital market law—such as prospectus
liability—that the issue of reliance is typically contested and often difficult to prove.
This is why some national systems presume reliance in certain cases, depending on
the exact circumstances.32 The apparently rigid rule in Article 35a Ratings Regulation
may therefore provide a major obstacle to investor claims.33 On the other hand, as
Article 35a(4) orders the interpretation of “reasonable reliance” according to the
applicable national law, there is a possibility that more flexible standards from
national legal systems may influence cases brought under Article 35a Ratings
Regulation.
Summing up, Article 35a Ratings Regulation appears to be a rather unusual pro-
vision that is clearly the outcome of a complicated political compromise. Its signifi-
cance probably does not lie so much in its possible application, but rather in the
symbolic value of a European Union minimum standard regarding rating agencies’
liability.
The foregoing analysis shows that due to the limited reach of EU law, national laws
will continue to play an important role in the area of rating agencies’ liability. As an
example—and since it did play a certain role in actual disputes—we will analyse the
situation in German law. As mentioned above, German case law on experts’ liability
vis-á-vis third parties is centred around the doctrine of the “contract with protective
effect for third parties”.
In one of the leading cases under this doctrine, an architect was commissioned to
provide an expert opinion on the condition of a house. The owner wanted this opin-
ion in order to present it to prospective buyers of the house, and the architect knew
about this intent. The opinion was flawed, since the architect did not inspect the
roof, which in fact was defective. The seller of the house knew about this defect but
succeeded in hiding it from the negligent architect. After the house had been sold,
the buyer found out about the defective roof and sued the architect for damages—
the seller was apparently insolvent. The German Federal Court confirmed the “pro-
tective effect” of the contract between seller and architect, for the benefit of the
buyer.34 Note that the buyer in this case has more “contractual” rights against the
32
In particular in prospectus liability cases under German law, see § 23 para (2)
Wertpapierprospektgesetz, according to which reliance on the prospectus is presumed unless the
defendant proves non-reliance.
33
Wagner (2017), margin note 141.
34
Bundesgerichtshof, 10.11.1994, (1995) Neue Juristische Wochenschrift 392, 393.
Liability of Rating Agencies under German and European Law 241
architect than the actual contracting partner (the house seller) who probably could
not claim that the expert opinion was faulty or negligently prepared in a situation
where he himself had instructed the architect not to look for problems with the
roof.35 Furthermore, the third party’s rights are independent of the will of the origi-
nal contracting parties, that is, they cannot avoid the protective effect: “An expert
assessment that is presented to third parties as a basis for economic transactions in
relation to the person who ordered the expert assessment and that is supposed to be
used for this purpose, includes in principle the protection of these third parties; a
contrary will of the parties aimed at deceiving the third parties is against good faith
and therefore ineffective.”36
This complete denial of party autonomy shows clearly that the German courts
may use contract law language here, but have in fact extended and re-designed the
German law of torts by case law.
In the defective roof case, only the one single buyer was seen as the protected
third party. In a more recent decision, the Federal Court extended this legal con-
struction to a larger number of investors: Again, the case dealt with an opinion on
the value of real estate, but in this case, the real estate was to be used as collateral
for the emission of bonds with a total value of 10 million DM. The Federal Court
reasoned that there was no structural difference here to the earlier expert opinion
cases, so that the protective effect of the original contract between the expert and his
client extended to all the investors who had bought bonds in reliance on the expert
opinion.37 To justify this decision, the Court added that the total amount of the liabil-
ity risk—the volume of the bond emission—was foreseeable from the start.
Therefore, it should not matter whether the complete risk relates to one protected
party or is divided among a number of investors.38
Another area where the protective effect contract doctrine is relevant is the liabil-
ity of accountants and auditors towards third parties. German courts distinguish
between regular audits—in particular concerning annual statements—that have no
protective effect vis-à-vis third parties, and more specific audits that are done in the
interest of specific third parties, for example a potential creditor, and where the audit
result is to be used by that third party as a basis for its decisions. Such specific audits
contracts (between the company and the auditor) do unfold their protective effect
for the relevant third parties.39 This applies in principle also to the audit of a pro-
spectus in the emission process of bonds or other securities.40
35
Ibid.
36
Bundesgerichtshof, 20.4.2004, (2004) Neue Juristische Wochenschrift 3035, 3036 (translation by
author).
37
Ibid., 3037.
38
Ibid., 3038.
39
Bundesgerichtshof, 14.6.2012, (2012) Neue Juristische Wochenschrift 3165, 3167 with further
references to the case law development.
40
Bundesgerichtshof, 31.10.2007, (2008) Neue Juristische Wochenschrift - Rechtsprechungsreport
286.
242 A. Halfmeier
This case law shows that German law provides for a significant area of experts’
liability for financial loss by investors, albeit through the doctrine of the contract
with protective effect which may look rather unusual in a comparative perspective.
For rating agencies, the structure seems very similar to the cases described above:
Just like real estate experts or auditors, the rating agency has a certain reputation
and function relating to the risk assessment done by investors. In the system of
“issuer pays” or “solicited rating”, the rating agency knows from the beginning that
the rating result will be presented to potential investors as part of the acquisition
strategy used by the issuer. Furthermore, the total volume of the prospective emis-
sion is typically known to the rating agency—in practice, it is sometimes even used
to measure the rating agency’s fee as a certain fraction of the emission volume.
Therefore, the rating agency may not know the exact number or even identity of the
investors that rely on the rating, but it knows the total risk volume so that the risk
exposure for the agency is not limitless but can be calculated. The described case
law therefore fits the “solicited rating” situation, so that at least in such situations, a
rating agency is liable under German law towards investors if they rely on the rating
result and if the result has been achieved in breach of professional duties.
This result is shared by important authors in German legal literature.41 However,
there are also other voices that completely deny liability by rating agencies, espe-
cially in the older literature that does not always distinguish between “solicited” and
“unsolicited” ratings.42 Many of these more sceptical authors add that although they
do not see such liability under the current law, they are in favour of implementing it
de lege ferenda.43 In view of the described evolution of the case law, such deference
to the legislator seems rather unnecessary, as German tort law has already been
completely revised by the courts when they created the protective-effect-contract
doctrine.44 In fact, the German legislator has had very little influence on the relevant
law: With the reform of the German law of obligations in 2002, the legislator intro-
duced a new provision in the German Civil Code, § 311 para 3 BGB. This provision
creates the possibility that quasi-contractual obligations could arise even in relation
to “persons who do not themselves become party to the contract”. In 2002, an influ-
ential commentator saw this as a legislative endorsement of the protective-effects-
contract doctrine.45 One could have expected that since then, case law would have
been based on this new provision. This was not the case, however. The courts con-
tinued their old line of case law, often without even mentioning the new provision
in the Code.46 This development is another sign for the de-codification process that
German law has experienced in this area.
41
Grundmann and Renner (2013), pp. 379, 383.
42
Berger and Stemper (2010), pp. 2289, 2291.
43
Haar (2010), pp. 1281, 1285; Habersack (2005), pp. 185, 208; Wagner (2013), pp. 467, 478.
44
The development in this area is described as “purest judge-made law” by Vogenauer (2007) mar-
gin note 124 (translation by author).
45
In particular Canaris (2001), pp. 499, 520; for further references see Vogenauer (2007).
46
See, e.g., the Federal Court’s summary of the protective-effects doctrine without even mention-
ing its possible codification from 2002: Bundesgerichtshof, 14.6.2012, (2012) Neue Juristische
Wochenschrift 3165, 3166 f.
Liability of Rating Agencies under German and European Law 243
In 2017, a lower German court delivered what may be the first ruling in a rating
agency liability case: An investor had suffered losses in corporate bonds and argued
that he had relied on the “BBB” rating given by the (German) rating agency with
respect to the issuing company, and that this rating had been grossly negligent. The
court dismissed the claim and in particular rejected any claims based on the “con-
tract with protective effect for third parties”.47 The court argued that the parties to
the original contract did not want such protection and that the extent of the possible
liability towards investors would be without limits.48 Both arguments appear to be
rather weak in view of the previous development of the case law described above:
The fact that the original parties had no interest in such protection did not stop the
Federal Court from assuming third-party protection in the defective roof case.49 As
to the possible extent of liability, it appears in the Düsseldorf case that the rating was
solicited by the company in view of a specific bond emission,50 so that this volume
could indicate the amount of exposure just as in the real estate bond emission case.51
The Düsseldorf court does not even mention these higher court decisions, nor
does it make any effort to distinguish the case at hand from them. Accordingly, the
decision was criticised in the literature52 and will probably have only limited influ-
ence on future case law.
47
LG Düsseldorf, 17.3.2017, (2017) Verbraucher und Recht 383, 384. The decision was confirmed
on appeal by OLG Düsseldorf, 8.2.2018, (2018) Neue Juristische Wochenschrift 1615. In this deci-
sion, the appeal court in particular relies on the argument that the rating related not to a specific
emission, but to a company in general.
48
LG Düsseldorf (n 47 above).
49
See n 36.
50
LG Düsseldorf, 17.3.2017, (2017) Verbraucher und Recht 383: The background of the rating was
that the rated company intended to offer its bonds on a public stock exchange.
51
See n 39.
52
A Meier, case note on LG Düsseldorf, 17.3.2017, (2017) Verbraucher und Recht 385; G
Deipenbrock, case note on the same case, (2017) Entscheidungssammlung zum Wirtschafts- und
Bankrecht (WuB) 438 (arguing that the decision has no relevance for emission-related ratings).
244 A. Halfmeier
of § 823 para 2 BGB, also lead to civil law liability. Whether or not criminal fraud
can be proven in the area of rating agencies’ liability depends on the specific case,
but it is theoretically possible.
The second important liability provision for pure economic loss within the
German Civil Code is § 826 BGB, stipulating liability for the intentional infliction
of damage against good morals. This is a residual provision designed to allow the
courts to provide liability in cases that are not covered by specific rules but where
liability nevertheless seems adequate from a normative point of view. The courts
have developed various lines of case law under this provision, and in particular, they
have softened the “intent” requirement significantly. As intent is hard to prove for
the claimant, it is now sufficient to show reckless behaviour by the defendant in the
sense of a very strong and manifest form of negligence, and the courts will presume
conditional intent from such reckless behaviour.53 As this interpretation of “intent”
comes close to “gross negligence”, a German commentator has even said that for
practical purposes, there is not much difference between Article 35a Ratings
Regulation and § 826 BGB.54
The application of § 826 BGB therefore depends largely on what degree of reck-
lessness or even intentional misbehaviour on the rating agency’s side can be shown.
If one looks at the Australian cases and the e-mails cited earlier, it seems that at least
in that case, the rating agency’s employees knew very well that what they were
doing was against any mathematical principles and that in fact they were cheating
investors who relied on the ratings. In such a factual setting, the provision of § 826
BGB would probably give rise to liability claims as well.
As a practical matter, however, the demonstration of recklessness requires evi-
dence that is typically not in the hands of the plaintiff—unless a whistleblower is
present on the rating agency’s side. Therefore, the success of litigation depends
largely on the applicable procedural rules on the disclosure of evidence. Apparently,
such disclosure rules forced the rating agency in the Australian case to uncover its
own reckless behaviour. In a system without such extensive disclosure rules, as in
Germany, it will typically be much more difficult to prove the required degree of
recklessness under § 826 BGB.
In this context, it is important to note that Article 35a(2) Ratings Regulation
addresses the evidence problem by determining that courts shall “take into consid-
eration” the fact that the investor “may not have access to information which is
purely within the sphere of the credit rating agency” when they assess the require-
ment for the claimant to produce information that can prove the defendant’s infringe-
ments. EU law therefore forces the Member States—regardless of their local
procedural law systems—to find an adequate solution for the disclosure problem.55
53
Bundesgerichtshof, 19.2.2008, (2008) Neue Juristische Wochenschrift 1734, 1737;
Bundesgerichtshof, 22.6.1992, (1992) Neue Juristische Wochenschrift 3167, 3174 with further
references.
54
Wagner (2017), margin note 142.
55
For proposals regarding the development of disclosure and burden of proof rules in this context
see Seibold (2016), pp. 211–216.
Liability of Rating Agencies under German and European Law 245
There are significant parallels here to the development in antitrust law, where both
the ECJ’s case law56 and legislative activities at EU level57 have contributed to a rise
in litigation activity and to better chances for claimants to recover damages, includ-
ing adequate disclosure rules.58
56
Starting with ECJ, 20.9.2001, Case C-453/99 Courage v Crehan, ECLI:EU:C:2001:465.
57
In particular Dir 2014/104/EU on certain rules governing actions for damages under national law
for infringements of the competition law provisions of the Member States and of the European
Union, [2014] OJ L 349/1.
58
This parallel is highlighted by Möllers and Niedorf (2014), pp. 333, 350.
59
See above n 36; see also Gottwald (2016) margin note 2.
60
Bundesgerichtshof, 13.1.2000, (2000) Neue Juristische Wochenschrift - Rechtsprechungsreport
998, 999.
61
Wildmoser et al. (2009), pp. 657, 667; Berger and Stemper (2010), p. 2293 f; Wagner (2013),
p. 486.
246 A. Halfmeier
for the contracting partner to sell one’s services but at the same time deny in one’s
form contracts any liability for breaches of contract by inadequate performance.
In conclusion, standard form disclaimers as they are used by rating agencies will
usually not have any legal significance under German law. In comparison, Article
35a(4) Ratings Regulation appears to be a bit more lenient towards the rating agen-
cies, as it seems to create the possibility that limitation of liability by the rating
agency may be valid if it is “reasonable and proportionate”, as letter (a) of that
provision puts it. This apparently refers to quantitative limitations, since a complete
exclusion of liability is generally ruled out at the end of that provision. Even with
regard to quantitative limitations of liability, however, letter (b) of this provision
requires that such a limitation must be allowed by the applicable national law.
Although the case law mentioned above deals with complete waivers of liability,
quantitative limitations come basically under the same rules, as § 309 para 7 (b)
BGB makes clear (“waiver or limitation”). This means that if German law is the
applicable law, limitation of liability terms will typically be invalid not only with
respect to claims under German law, but also with regard to the claims under Article
35a Ratings Regulation.
Another typical issue in cases where rating agencies’ liability is claimed is the
claimant’s contributory negligence. Especially in the cases relating to the pre-2008
ratings of structured financial instruments, it is rather obvious that the buyers of
these instruments could not reasonably have thought that the “AAA” rating was cor-
rect. No reasonable person can truly believe that an extremely complicated and
intransparent bundling of credit claims would arrive at the same credit rating as US
or German treasury bonds. The main reason for investing in these speculative instru-
ments was probably that “everybody did it”. The question is how this follow-the-
herd instinct is treated under the law of contributory negligence.
Article 35a Ratings Regulation is silent on this issue, so that the applicable
national rules become relevant, both in regard to claims under national law and to
Article 35a claims. Looking at German law, there is an explicit provision on con-
tributory negligence in § 254 BGB which plays an important role in practice. In
cases of alleged false consulting or false advice, however, the case law hardly ever
uses it. The predominant argument is that if one holds himself out to give advice or
consulting for money, it seems rather odd and unfair if that same person then later
defends himself with the argument that the other party should not have believed this
advice.62 The same holds true for rating agencies: It seems hardly acceptable to
allow a rating agency to argue on the one hand that it never did anything wrong in
its rating activities, and on the other hand that the flaws in the ratings were so obvi-
ous that everybody should have seen them. In view of this problem, a rating agency
will probably not be able to rely on the claimant’s alleged contributory negligence.
6 Outlook
This overview of European and German law shows that there is a significant devel-
opment towards more or at least some liability of rating agencies for false ratings,
in particular in cases of “issuer pays” ratings. The main issue for the future develop-
ment in this area will be not the “if” of such liability in principle, but instead the
“how far” and “under what circumstances”. As rating agencies fulfil an important
economic function in their position as information intermediaries, an adequate lia-
bility regime should be tailored to provide sufficient incentives to perform this func-
tion diligently, but at the same time the liability regime must accept that errors are
always possible and that an information intermediary’s business could become
impossible if every error leads to large-scale liability.
We therefore arrive at the question that has been raised similarly in other areas of
tort law related to business activity: What is the best liability regime in order to
secure the economically efficient activity of the rating agency? Many proposals can
be found in legal literature on how to structure such liability: In particular, a “liabil-
ity ceiling” has been proposed in order to not put the existence of rating agencies at
risk in cases of large-scale damage.63 This proposal has been criticised, as a purely
quantitative ceiling cannot distinguish between clear and egregious errors and minor
errors.64
However, this raises the question as to how to define an adequate standard of care
for rating agencies’ activities. In this regard, the EU Regulation’s decision to use
“gross negligence” is not necessarily the best solution. One of the major problems
in the discussion regarding rating agencies’ liability for negligent behaviour is the
ex post situation. The mere fact that a rating turns out to be false does not make the
rating activity negligent, because ratings are predictions looking into the future, and
it is normal for predictions that they do not necessarily come true. The legal treat-
ment of wrong predictions must be careful to avoid the usual hindsight bias in the
sense that because the prediction did not come true, it must have been the result of
an ex ante breach of the duty of care. A clear assessment of an ex ante breach of
adequate care is not easy—with the exception of situations as in the Australian case
where the rating agency itself apparently did not believe in the ex ante accuracy of
its own ratings. But in situations where the behaviour of the rating agency is less
clear, it is very hard for a court to set an adequate level of care and thereby define
what is good rating practice and what is not.65
63
Wagner (2013), pp. 491–493.
64
Lehmann (2011), pp. 67–68.
65
Coffee (2011), pp. 231, 347.
248 A. Halfmeier
References
Berger, K. P., & Stemper, M. M. (2010). Haftung von Ratingagenturen gegenüber Anlegern.
Wertpapiermitteilungen, 2289.
Bigus, J. (2016). Optimism and auditor liability. Accounting and Business Research, 46, 577.
Bussani, M., & Palmer, V. (2003). Pure economic loss in Europe. Cambridge, England: Cambridge
University Press.
Canaris, C.-W. (2001). Die Reform des Rechts der Leistungsstörungen. Juristenzeitung, 499.
66
Pacces and Romano (2015), p. 679 ff.; but see also Bigus (2016), p. 577 (comparing strict liabil-
ity and negligence regimes in the field of auditors’ liability).
67
Dimitrov et al. (2015), pp. 505, 518.
68
Pacces and Romano (2015), p. 693.
69
Ibid., 697.
70
Ibid., 700.
71
Schäfer (2002), pp. 453, 458 f.
Liability of Rating Agencies under German and European Law 249
Coffee, J. (2011). Ratings reforms: The good, the bad and the ugly. Harvard Business Law Review,
1, 231, 347.
Darcy, D. (2009). Credit rating agencies and the credit crisis: How the “issuer pays” conflict con-
tributed and what regulators might do about it. Columbia Business Law Review, 605.
Dimitrov, V., Palia, D., & Tang, L. (2015). Impact of the Dodd-Frank act on credit ratings. Journal
of Financial Economics, 115, 505.
Dreher, M., & Ballmaier, C. (2015). Die Nutzung externer Ratings durch Versicherungsunternehmen.
Wertpapiermitteilungen, 1357, 1359.
Dutta, A. (2009). Das Statut der Haftung aus Vertrag mit Schutzwirkung für Dritte. Praxis des
Internationalen Privat- und Verfahrensrechts (IPRax), 293, 294.
Freitag, R. (2015). Internationale Prospekthaftung revisited – Zur Auslegung des europäischen
Kollisionsrechts vor dem Hintergrund der “Kolassa”-Entscheidung des EuGH.
Wertpapiermitteilungen, 1165.
Gottwald, P. (2016). § 334. In Münchener Kommentar BGB (7th ed.). Munich, Germany:
C.H. Beck.
Grundmann, S., & Renner, M. (2013). Vertrag und Dritter – zwischen Privatrecht und Regulierung.
Juristenzeitung, 379.
Haar, B. (2010). Haftung für fehlerhafte Ratings von Lehman-Zertifikaten – Ein neuer Baustein für
ein verbessertes Regulierungsdesign im Ratingsektor. Neue Zeitschrift für Gesellschaftsrecht,
1281.
Habersack, M. (2005). Rechtsfragen des Emittenten-Ratings. Zeitschrift für das gesamte Handels-
und Wirtschaftsrecht (ZHR), 169, 185.
Halfmeier, A. (2015). Rome II Art. 32. In G.-P. Calliess (Ed.), Rome regulations (2nd ed.). Alphen
aan den Rijn, The Netherlands: Wolters Kluwer.
Harding-Farrenberg, R., & Donovan, K. (2015). Case note: Duty of care, rating agencies and
the ‘Grotesquely Complicated’ Rembrandt: Bathurst Regional Council v Local Government
Financial Services Pty Ltd (No 5). Business Law International, 16, 91.
Junker, A. (2018). Rom II-VO Art 5. In Münchener Kommentar BGB (7th ed.). Munich, Germany:
C.H. Beck.
Knöfel, O. (2016). Art. 32 Rome II Regulation. In Nomos Kommentar BGB (3rd ed.). Baden-
Baden, Germany: Nomos.
Kumpan, C. (2009). Conflicts of interest in securitisation: Adjusting incentives. Journal of
Corporate Law Studies, 9, 261.
Lehmann, M. (2011). Civil liability of rating agencies – An insipid sprout from Brussels. Capital
Markets Law Journal, 11, 60.
Lehmann, M. (2016). Prospectus liability and private international law – Assessing the landscape
after the CJEU’s Kolassa ruling (Case C-375/13). Journal of Private International Law, 12,
318.
Magnus, U. (2002). Art 32 EGBGB. In Staudingers Kommentar zum Bürgerlichen Gesetzbuch.
Berlin, Germany: De Gruyter.
Möllers, T., & Niedorf, C. (2014). Regulation and liability of credit agencies – A more efficient
European law? European Company and Financial Law Review, 333.
Pacces, A., & Romano, A. (2015). A strict liability regime for rating agencies. American Business
Law Journal, 52, 673.
Sahore, S. (2015). Case note: ABN Amro Bank NV v Bathurst Regional Council: Credit rating
agencies and liability to investors. Sydney Law Review, 37, 437.
Schäfer, H.-B. (2002). Liability of experts and the boundaries between tort and contract. Theoretical
Inquiries in Law, 3, 453.
Seibold, S. (2016). Die Haftung von Ratingagenturen nach deutschem, französischem, englischem
und europäischem Recht. Tübingen, Germany: Mohr Siebeck.
Taibbi, M. (2013). The last mystery of the financial crisis. Rolling Stone of 4 July 2013. http://
www.rollingstone.com/politics/news/the-last-mystery-of-the-financial-crisis-20130619
250 A. Halfmeier
van Hein, J. (2011). Rom I-VO Art 1. In T. Rauscher (Ed.), Europäisches Zivilprozess- und
Kollisionsrecht: Rom I-VO, Rom II-VO. Köln, Germany: Otto Schmidt.
Vogenauer, S. (2007). §§ 328–335. In Historisch-Kritischer Kommentar zum BGB (Vol. II/2).
Tübingen, Germany: Mohr Siebeck.
Wagner, G. (2013). Die Haftung von Ratingagenturen gegenüber dem Anlegerpublikum. In P. Jung
et al. (Eds.), Einheit und Vielheit im Unternehmensrecht, Festschrift für Uwe Blaurock (p. 467).
Tübingen, Germany: Mohr Siebeck.
Wagner, G. (2017). § 826. In Münchener Kommentar BGB (7th ed.). Munich, Germany: C.H. Beck.
Wildmoser, G. et al. (2009). Haftung von Ratingagenturen gegenüber Anlegern. Recht der inter-
nationalen Wirtschaft, 657.