Article 19.1: Definitions
For the purposes of this Chapter:
algorithm means a defined sequence of steps, taken to solve a problem or obtain a result;
computing facilities means computer servers and storage devices for processing or storing information for commercial use;
covered person means:
(a) a covered investment as defined in 14.1 (Investment Chapter, Definitions);
(b) an investor of a Party as defined in Article 14.1 (Investment Chapter, Definitions), or
(c) a service supplier of a Party as defined in Article 15.1 (Cross-border Services
but does not include a covered person as defined in Article 17.1 (Financial Services
digital product means a computer program, text, video, image, sound recording or other product that is digitally encoded, produced for commercial sale or distribution, and that can be transmitted electronically;1, 2
electronic authentication means the process or act of verifying the identity of a party to an electronic communication or transaction and ensuring the integrity of an electronic communication;
electronic signature means data in electronic form that is in, affixed to, or logically associated with, an electronic document or message, and that may be used to identify the signatory in relation to the electronic document or message and indicate the signatory’s approval of the information contained in the electronic document or message;
1 For greater certainty, digital product does not include a digitized representation of a financial instrument, including money.
2 This definition should not be understood to reflect a Party’s view that digital products are a good or are a service.
government information means non-proprietary information, including data, held by the central government;
information content provider means any person or entity that creates or develops, in whole or in part, information provided through the Internet or any other interactive computer service;
interactive computer service means any system or service that provides or enables electronic access by multiple users to a computer server;
personal information means any information, including data, about an identified or identifiable natural person;
trade administration documents means forms issued or controlled by a Party that must be completed by or for an importer or exporter in connection with the import or export of goods; and
unsolicited commercial electronic communication means an electronic message, which is sent to an electronic address of a person for commercial or marketing purposes without the consent of the recipient or despite the explicit rejection of the recipient.3
Article 19.2: Scope and General Provisions
- The Parties recognize the economic growth and opportunities provided by digital trade and the importance of frameworks that promote consumer confidence in digital trade and of avoiding unnecessary barriers to its use and development.
- This Chapter applies to measures adopted or maintained by a Party that affect trade by electronic means.
- This Chapter does not apply:
(a) to government procurement; or
(b) except for Article 19.18 (Open Government Data), to information held or processed by or on behalf of a Party, or measures related to that information, including measures related to its collection.
- For greater certainty, measures affecting the supply of a service delivered or performed electronically are subject to Chapter 14 (Investment), Chapter 15 (Cross-Border Trade in Services) and Chapter 17 (Financial Services), including any exceptions or non-conforming measures set out in this Agreement that are applicable to those obligations.
3 For the United States, unsolicited commercial electronic communication does not include an electronic message sent primarily for purposes other than commercial or marketing purposes.
Article 19.3: Customs Duties
- No Party shall impose customs duties fees, or other charges on or in connection with the importation or exportation of digital products transmitted electronically, between a person of one Party and a person of another Party.
- For greater certainty, paragraph 1 shall not preclude a Party from imposing internal taxes, fees or other charges on digital products transmitted electronically, provided that those taxes, fees or charges are imposed in a manner consistent with this Agreement.
Article 19.4: Non-Discriminatory Treatment of Digital Products
- No Party shall accord less favorable treatment to digital products created, produced, published, contracted for, commissioned or first made available on commercial terms in the territory of another Party, or to digital products of which the author, performer, producer, developer or owner is a person of another Party, than it accords to other like digital products.4
- The Parties understand that this Article does not apply to subsidies or grants provided by a
Party, including government-supported loans, guarantees and insurance.
Article 19.5: Domestic Electronic Transactions Framework
- Each Party shall maintain a legal framework governing electronic transactions consistent with the principles of the UNCITRAL Model Law on Electronic Commerce 1996.
- Each Party shall endeavor to:
(a) avoid any unnecessary regulatory burden on electronic transactions; and
(b) facilitate input by interested persons in the development of its legal framework for electronic transactions.
Article 19.6: Electronic Authentication and Electronic Signatures
- Except in circumstances provided for under its law, a Party shall not deny the legal validity of a signature solely on the basis that the signature is in electronic form.
- No Party shall adopt or maintain measures for electronic authentication and electronic
4 For greater certainty, to the extent that a digital product of a non-Party is a “like digital product,” it will qualify as an “other like digital product” for the purposes of Article 19.4.1.
signatures that would:
(a) prohibit parties to an electronic transaction from mutually determining the appropriate authentication methods or electronic signatures for that transaction; or
(b) prevent parties to an electronic transaction from having the opportunity to establish before judicial or administrative authorities that their transaction complies with any legal requirements with respect to authentication or electronic signatures.
- Notwithstanding paragraph 2, a Party may require that, for a particular category of transactions, the electronic signature or method of authentication meets certain performance standards or is certified by an authority accredited in accordance with its law.
- Each Party shall encourage the use of interoperable electronic authentication.
Article 19.7: Online Consumer Protection
- The Parties recognize the importance of adopting and maintaining transparent and effective measures to protect consumers from fraudulent and deceptive commercial activities as referred to in Article 21.4.2 (Competition Policy – Consumer Protection) when they engage in digital trade.
- Each Party shall adopt or maintain consumer protection laws to proscribe fraudulent and deceptive commercial activities that cause harm or potential harm to consumers engaged in online commercial activities.
- The Parties recognize that cooperation between their respective national consumer protection agencies or other relevant bodies on activities related to cross-border digital trade in order to enhance consumer welfare is important and in the public interest. To this end, the Parties affirm that the cooperation sought under Article 21.4.4 and Article 21.4.5 (Competition Policy – Consumer Protection) includes cooperation with respect to online commercial activities.
Article 19.8: Personal Information Protection
- The Parties recognize the economic and social benefits of protecting the personal information of users of digital trade and the contribution that this makes to enhancing consumer confidence in digital trade.
- To this end, each Party shall adopt or maintain a legal framework that provides for the protection of the personal information of the users of digital trade. In the development of its legal framework for the protection of personal information, each Party should take into account
principles and guidelines of relevant international bodies5, such as the APEC Privacy Framework
and the OECD Recommendation of the Council concerning Guidelines governing the Protection of Privacy and Transborder Flows of Personal Data (2013).
- The Parties recognize that these key principles include: limitation on collection; choice; data quality; purpose specification; use limitation; security safeguards; transparency; individual participation; and accountability. The Parties also recognize the importance of ensuring compliance with measures to protect personal information and ensuring that any restrictions on cross-border flows of personal information are necessary and proportionate to the risks presented.
- Each Party shall endeavor to adopt non-discriminatory practices in protecting users of digital trade from personal information protection violations occurring within its jurisdiction.
- Each Party shall publish information on the personal information protections it provides to users of digital trade, including how:
(a) individuals can pursue remedies; and
(b) business can comply with any legal requirements.
- Recognizing that the Parties may take different legal approaches to protecting personal information, each Party should encourage the development of mechanisms to promote compatibility between these different regimes. The Parties shall endeavor to exchange information on the mechanisms applied in their jurisdictions and explore ways to extend these or other suitable arrangements to promote compatibility between them. The Parties recognize that the APEC Cross- Border Privacy Rules system is a valid mechanism to facilitate cross-border information transfers while protecting personal information.
Article 19.9: Paperless Trading
Each Party shall endeavor to accept trade administration documents submitted electronically as the legal equivalent of the paper version of those documents.
Article 19.10: Principles on Access to and Use of the Internet for Digital Trade
The Parties recognize the benefits of consumers in their territories having the ability to: (a) access and use services and applications of a consumer’s choice available on the
Internet, subject to reasonable network management;
(b) connect the end-user devices of a consumer’s choice to the Internet, provided that such devices do not harm the network; and
privacy, or laws that provide for the enforcement of voluntary undertakings by enterprises relating to privacy.
(c) access information on the network management practices of a consumer’s Internet access service supplier.
Article 19.11: Cross-Border Transfer of Information by Electronic Means
- No Party shall prohibit or restrict the cross-border transfer of information, including personal information, by electronic means if this activity is for the conduct of the business of a covered person.
- Nothing in this Article shall prevent a Party from adopting or maintaining a measure inconsistent with paragraph 1 necessary to achieve a legitimate public policy objective, provided that the measure:
(a) is not applied in a manner which would constitute a means of arbitrary or unjustifiable discrimination or a disguised restriction on trade; and
(b) does not impose restrictions on transfers of information greater than are necessary to achieve the objective.6
Article 19.12: Location of Computing Facilities
No Party shall require a covered person to use or locate computing facilities in that Party’s territory as a condition for conducting business in that territory.
Article 19.13: Unsolicited Commercial Electronic Communications
- Each Party shall adopt or maintain measures providing for the limitation of unsolicited commercial electronic communications.
- Each Party shall adopt or maintain measures regarding unsolicited commercial electronic communications sent to an electronic mail address that:
(a) Require suppliers of unsolicited commercial electronic messages to facilitate the ability of recipients to prevent ongoing reception of those messages; or
(b) Require the consent, as specified according to the laws and regulations of each
Party, of recipients to receive commercial electronic messages.
- Each Party shall endeavor to adopt or maintain measures that enable consumers to reduce
6 A measure does not meet the conditions of this paragraph if it accords different treatment to data transfers solely on the basis that they are cross-border in a manner that modifies the conditions of competition to the detriment of service suppliers of another Party.
or prevent unsolicited commercial electronic communications sent other than to an electronic mail address.
- Each Party shall provide recourse against suppliers of unsolicited commercial electronic communications that do not comply with the measures adopted or maintained pursuant to paragraph 2 or 3.
- The Parties shall endeavor to cooperate in appropriate cases of mutual concern regarding the regulation of unsolicited commercial electronic communications.
Article 19.14: Cooperation
- Recognizing the global nature of digital trade, the Parties shall endeavor to:
(a) exchange information and share experiences on regulations, policies, enforcement and compliance regarding digital trade, including:
(i) personal information protection, particularly with the view to strengthening existing international mechanisms for cooperation in the enforcement of laws protecting privacy;
(ii) security in electronic communications; (iii) authentication; and
(iv) government use of digital tools and technologies to achieve better government performance;
(b) cooperate and maintain a dialogue on the promotion and development of mechanisms, including the APEC Cross-Border Privacy Rules, that further global interoperability of privacy regimes;
(c) participate actively in regional and multilateral fora to promote the development of digital trade;
(d) encourage development by the private sector of methods of self-regulation that foster digital trade, including codes of conduct, model contracts, guidelines and enforcement mechanisms;
(e) promote access for persons with disabilities to information and communications technologies; and
(f) promote, through international cross-border cooperation initiatives, the development of mechanisms to assist users to submit cross-border complaints regarding protection of personal information.
- The Parties shall consider establishing a forum to address any of the issues listed above, or any other matter pertaining to the operation of this chapter.
Article 19.15: Cybersecurity
- The Parties recognize that threats to cybersecurity undermine confidence in digital trade. Accordingly, the Parties shall endeavor to:
(a) build the capabilities of their national entities responsible for cybersecurity incident response; and
(b) strengthen existing collaboration mechanisms for cooperating to identify and mitigate malicious intrusions or dissemination of malicious code that affect electronic networks and use those mechanisms to swiftly address cybersecurity incidents, as well as the sharing of information for awareness and best practices.
- Given the evolving nature of cybersecurity threats, the Parties recognize that risk-based approaches may be more effective than prescriptive regulation in addressing those threats. Accordingly, each Party shall endeavor to employ, and encourage enterprises within its jurisdiction to use, risk-based approaches that rely on consensus-based standards and risk management best practices to identify and protect against cybersecurity risks and to detect, respond to, and recover from cybersecurity events.
Article 19.16. Source Code
- No Party shall require the transfer of, or access to, source code of software owned by a person of another Party, or to an algorithm expressed in that source code, as a condition for the import, distribution, sale or use of that software, or of products containing that software, in its territory.
- Nothing in this Article shall preclude a regulatory body or judicial authority of a Party from requiring a person of another Party to preserve and make available the source code of software, or an algorithm expressed in that source code, to the regulatory body for a specific investigation, inspection, examination enforcement action or judicial proceeding7, subject to safeguards against unauthorized disclosure.
Article 19.17: Interactive Computer Services
- The Parties recognize the importance of the promotion of interactive computer services,
7 Such disclosure shall not be construed to negatively affect the software source code’s status as a trade secret, if such status is claimed by the trade secret owner.
including for small and medium-sized enterprises, as vital to the growth of digital trade.
- To that end, other than as provided in paragraph 4 below, no Party shall adopt or maintain measures that treat a supplier or user of an interactive computer service as an information content provider in determining liability for harms related to information stored, processed, transmitted, distributed, or made available by the service, except to the extent the supplier or user has, in whole or in part, created, or developed the information.8
- No Party shall impose liability on a supplier or user of an interactive computer service on account of:
(a) any action voluntarily taken in good faith by the supplier or user to restrict access to or availability of material that is accessible or available through its supply or use of the interactive computer services and that the supplier or user considers to be harmful or objectionable; or
(b) any action taken to enable or make available the technical means that enable an information content provider or other persons to restrict access to material that it considers to be harmful or objectionable.
- Nothing in this Article shall:
(a) apply to any measure of a Party pertaining to intellectual property, including measures addressing liability for intellectual property infringement; or
(b) be construed to enlarge or diminish a Party’s ability to protect or enforce an intellectual property right; or
(c) be construed to prevent:
(i) a Party from enforcing any criminal law; or
(ii) a supplier or user of an interactive computer service from complying with a specific, lawful order of a law enforcement authority.9
- This Article is subject to Annex 19-A.
Article 19.18: Open Government Data
- The Parties recognize that facilitating public access to and use of government information
8 For greater certainty, a Party may comply with this Article through its laws, regulations, or application of existing legal doctrines as applied through judicial decisions.
9 The Parties understand that measures referenced in paragraph 4(c)(ii) shall be not inconsistent with paragraph 2 in situations where paragraph 2 is applicable.
fosters economic and social development, competitiveness, and innovation.
- To the extent that a Party chooses to make government information, including data, available to the public, it shall endeavor to ensure that the information is in a machine-readable and open format and can be searched, retrieved, used, reused, and redistributed.
- Parties shall endeavor to cooperate to identify ways in which each Party can expand access to and use of government information, including data, that the Party has made public, with a view to enhancing and generating business opportunities, especially for small and medium-sized enterprises.
- Article 19.17 shall not apply with respect to Mexico until three years after entry into force of this agreement.
- The Parties understand that Articles 145 and 146 of Mexico’s Ley Federal de Telecomunicaciones y Radiodifusión, as in force on the date of entry into force of this Agreement, are not inconsistent with Article 19.7.3. In a dispute with respect to this article, subordinate measures adopted or maintained under the authority of and consistent with Articles
145 and 146 of Mexico’s Ley Federal de Telecomunicaciones y Radiodifusión shall be presumed to be not inconsistent with Article 19.7.3.
- The Parties understand that Mexico will comply with the obligations in Article 19.7.3 in a manner that is both effective and consistent with the Constitución Política de los Estados Unidos Mexicanos, specifically Articles 6 and 7.
- For greater certainty, Article 19.17 is subject to Article 32.1 (General Exceptions), which, among other things, provides that, for purposes of Chapter 19, the exception for measures necessary to protect public morals pursuant to paragraph (a) of Article XIV of GATS is incorporated into and made part of this Agreement, mutatis mutandis. The Parties agree that measures necessary to protect against online sex trafficking, sexual exploitation of children, and prostitution, such as Public Law 115-164, the “Allow States and Victims to Fight Online Sex Trafficking Act of 2017,” which amends the Communications Act of 1934, and any relevant provisions of Ley General para Prevenir, Sancionar y Erradicar los Delitos en Materia de Trata de Personas y para la Protección y Asistencia a las Víctimas de estos delitos, are measures necessary to protect public morals.