UK exits the EU (third country status)

I posted several times regarding EU Notices and Notices from EU regulatory agencies. These remind that the UK will be a third country (as respects the EU) on exit at 12pm CET 29th March 2019. If you have not already done so, please read these Notices.

Any Transition Period that is agreed is in the context of the EU-UK Withdrawal Treaty, and will continue certain EU arrangements only.

One of the aspects is UK membership of EU regulatory agencies (third countries are not members of EU regulatory agencies).

On 11th April 2018, the European Medicines Agency (EMA) confirmed that the EU27 member states and the EMA had completed the task of redistribution of the UK portfolio of centrally authorised medicine and veterinary products. The UK will not be a member of the EMA on its exit. Arrangements were already in place to relocate the EMA (from the UK) to an EU27 member state.

Please read the information that is published about this redistribution here.

UK exits the EU (more EU Notices)

More EU Notices were issued 21st March (and one on 19th March) – here.

Reminder : the UK is a third country on 30th March 2019. Please read the EU notice that applies to your operations. Note also that EU Agencies (on the link) also issue Notices.

The EU-UK Withdrawal Agreement (subject to ratification) may change this date to 31st December 2020 with conditions (via transition clauses in the Agreement).

The EU-27 agreed today its guidelines for its negotiation of a EU-UK trade deal. These guidelines are here.

UK exits the EU (more EU Notices)

Further EU Notices were issued on 12th March. All Notices are gathered here.

Reminding : EU decentralised agencies also publish information in relation to the UK’s withdrawal from the EU, for example the Community Plant Variety Office, the European Chemicals Agency, the European Medicines Agency and the European Union Intellectual Property Office.

Furthermore, the three European Supervisory Authorities (the European Banking Authority, the European Securities and Markets Authority and the European Insurance and Occupational Pensions Authority) and the Single Supervisory Mechanism have issued opinions and guidance.

Notices are important because they set out the legal position that will operate from March 2019. Transition arrangements that might be agreed may change the requirements.

Returning EU powers (UK)

The UK government has today published its provisional analysis of the returning EU powers that will result in the devolved administrations of the UK receiving extensive new powers as the UK exits the EU. This document is here.

The analysis covers 153 areas where EU laws intersect with devolved competence. There are 24 policy areas identified that are subject to more detailed discussion to explore whether legislative common framework arrangements might be needed, in whole or in part.

Please look out for further Blog posts, as the situation evolves.

[the image is a screen grab of the first page of the 24 policy areas, found on page 17 of 21]

Personal Protective Equipment (EU)

Existing PPE Directive 89/686/EEC covers the manufacture and marketing of personal protective equipment. It defines legal obligations to ensure that PPE on the European market provides the highest level of protection against hazards. The CE marking affixed to PPE provides evidence of this protection. Manufacturers or their authorised representative in the EU comply with the technical requirements directly or with European Harmonised Standards. The latter provides a presumption of conformity to the essential health and safety requirements.

Applicable 21 April 2018, Directive 89/686/EEC is repealed by the new Regulation (EU) 2016/425 of the European Parliament and of the Council of 9 March 2016 on personal protective equipment – here.

The new PPE Regulation is aligned to the EU’s New Legislative Framework policy. In addition, it slightly modifies the scope (enlarged to include PPE designed and manufactured for private use to protect against heat) and the risk categorisation of products. It also clarifies the documentary obligations of economic operators.

As a European Regulation (not a Directive) it is directly binding on a Member State (and on operators marketing to a Member State) without enactment of national law (although national law may be additionally enacted).

Brexit : PPE is covered by the EU Notice on Industrial Goods here. (I have posted a number of times with links to EU Notices)

Brexit in the UK, this new EU PPE Regulation applies from 21 April 2018, after Brexit it applies via the EU (Withdrawal) Bill. NB: the EU (Withdrawal) Bill is not yet enacted.

Subscribers to Cardinal Environment EHS Legislation Registers and Checklists will be sent an Email Alert of the addition of this new EU Regulation to the PPE Register and Checklist component in their websystems.

General Data Protection Regulation (EU)

The General Data Protection Regulation (2016/679) is here. Article 5 sets out the principles.

This GDPR applies from 25th May 2018 and overrides national law (although in some instances new national law may additionally be brought in).

[Brexit : the GDPR applies in the UK from 25th May 2018 – after Brexit, the GDPR will apply in the UK via the EU (Withdrawal) Bill – see separate Blog post – the EU (Withdrawal) Bill is not yet enacted]

[UK : separately (and not to be confused) a new UK Data Protection Bill is almost enacted – see Explanatory Notes here]

The general data protection regulation (GDPR) is part of the EU data protection reform package.

Features

• a single set of EU-wide rules — it repeals the pre-existing European Directive 95/46/EC;

• a data protection officer, responsible for data protection, must be designated by public authorities and by businesses which process data on a large scale;

• one-stop-shop — businesses will deal with one single supervisory authority (in the EU country in which they are mainly based);

• EU rules for non-EU companies — companies based outside the EU must apply the same rules when offering services or goods, or monitoring the behaviour of individuals, within the EU;

• privacy-friendly techniques must be used, such as pseudonymisation (when identifying fields within a data record are replaced by one or more artificial identifiers) and encryption (when data is coded in such a way that only authorised parties can read it);

• removal of notifications — the new data protection rules will scrap most notification obligations and the costs associated with these, one of the aims of the data protection regulation is to remove obstacles to free flow of personal data within the EU;

• impact assessments — businesses must carry out impact assessments when data processing may result in a high risk for the rights and freedoms of individuals;

• record-keeping — SMEs are not required to keep records of processing activities, unless the processing is regular or likely to result in a risk to the rights and freedoms of the person whose data is being processed.

—-

The UK Information Commissioner’s Office (ICO) has a useful updated guide in English here.

ICO guidance for small organisations is here.

UK exits the EU (more EU Notices)

The European Commission has published four further EU Notices to Stakeholders and Companies. I posted earlier with the website where all such EU Commission Notices are compiled. Here it is again – Link.

Please remember the EU agencies are also publishing Notices. I posted earlier about this. Here is the ECHA support available – Link.