Implementation of E-Commerce Directive 2000/31

Printed in Euromoney - Telecoms, Media & Technology Finance Review 2004

According to a recent survey published in the Italian financial daily Il Sole 24 Ore, while practically all Italian businesses possess an internet connection, only about ten percent actually use the internet as an instrument for sales of products and services.  While the reasons for this may vary, one important factor is certainly the general perception that the internet is an unregulated and unsecured medium.  This sense of a lack of adequate security for the on-line transmission of personal data and, more importantly, credit card details leads the Italian consumer to approach e-commerce with a certain amount of scepticism.  

On 28 March 2003, the Italian Parliament passed Legislative Decree n. 70 (“D.Lgs. 70/2003” or “Decree”) implementing European Directive 2000/31 concerning information society services, in particular e-commerce.  With this Decree, the Italian Government proposes to “encourage the development of a knowledge based economy and the modernisation of markets through new types of commerce.”  One of the principle goals of the Decree is to provide transparent procedures for the negotiation and conclusion of on-line contracts in order to increase consumer confidence by guaranteeing security, reliability of on-line communications, the integrity of documents and a rapid system of extrajudicial resolution of disputes. 

In general terms, D.Lgs. 70/2003 implements the language of Directive 2000/31 almost verbatim, with a few minor changes.  In practice, D.Lgs. 70/2003 merely adds additional rules to an already complex series of Italian commercial norms without introducing any significant novelty to the field of e-commerce.  This has led to quite a bit of criticism on the part of Italian legal commentators, as well as creating additional confusion concerning the possible liabilities of service providers. 

Overview of D.Lgs. 70/2003

Article 1 sets out the scope of the Decree as the promotion of the free movement of information society services, including e-commerce, followed by a series of exceptions to its application:

  • the field of taxation;
  • questions relating to the processing of personal data in the telecommunications sector;
  • questions relating to agreements or practices governed by cartel law;
    activities of information society services carried out by subjects residing in non-EU countries;
  • the activities of notaries or equivalent professions to the extent that they involve a direct and specific connection with the exercise of public authority;
  • the representation of a client and defence of his interests before the courts;
  • gambling activities which involve wagering a stake with monetary value in games of chance, including lotteries and betting transactions.

Under article 3, the Decree implements the concept of “country of origin” into Italian law for the purposes of information society services.  Specifically, article 3.2 reads: “pursuant to article 2, letter h, this provision cannot limit the free circulation of services by the information society coming from a provider who is established in another member State.”  Unfortunately, this concept runs into an immediate hurdle. 

According to the definitions contained in article 2, letter c, an established service provider is defined as a “service provider who effectively pursues an economic activity using a fixed establishment for an indefinite period.  The presence and use of the technical means and technologies required to provide the service do not, in themselves, constitute an establishment of the provider.”  As such, is a UK service provider who opens a server farm in Italy to manage and clear e-commerce transactions established in Italy or the UK?  Depending on how this turns out, presumably by a court decision, the service provider will be subject to either Italian or UK law concerning the “coordinated field” requirements set forth in article 2, letter h, which include:

  • the taking up of the activity of an information society service, such as requirements concerning qualifications, authorisation or notification; and,
  • the pursuit of the activity of an information society service, such as requirements concerning the behaviour of the service provider, requirements regarding the quality or content of the service including those applicable to advertising and establishment, or requirements concerning the liability of the service provider.

Apart from the above difficulty in interpretation, article 4 of the Decree adds a list of further exceptions to the country of origin principle.  These include:

  • intellectual and industrial property rights;
  • issuance of electronic money pursuant to article 8, paragraph 1 of Directive 2000/46/EC;
  • article 44, paragraph 2 of Directive 85/611/EC, concerning publicity for mutual funds;
  • insurance activities covered by various EU Directives;
  • right of parties to chose the applicable law to their contract;
  • contractual duties concerning the conclusion contracts by the consumers;
  • validity of contracts concerning real property;
  • admissibility of unsolicited commercial communications by electronic mail.
Authorisation for Providers

Article 6 of the Decree provides that pursuit of the activity of an information society service provider may not be made subject to prior authorisation or any other requirement having equivalent effect. 

This article has created some controversy among Italian commentators.  In particular, the prohibition of prior authorisations would seem to directly conflict with Italian law on distance contracts or sales by correspondence under Legislative Decree n. 114/98, which requires prior communication to the public authorities.  In fact, it is rather difficult to understand why telemarketing or mail catalogue sales require prior authorisation, but placing the same catalogue on the internet would not. 

The solution to this may be found in paragraph 2 of article 6, which states: “Paragraph 1 shall be without prejudice to authorisation schemes which are not specifically and exclusively targeted at information society services.”   Although some commentators believe that the Decree may have an abrogating effect on previous requirements in relation to e-commerce, a more probable interpretation is that paragraph 2 above will leave such prior authorisation schemes in place, since they are not specifically and exclusively targeted at e-commerce.  In other words, a service provider will more likely than not need some sort of authorisation to conduct e-commerce in Italy, regardless of the apparent prohibition of such contained in article 6.

Information Requirements for Service Providers
General Information

Article 7 of the Decree provides that, in addition to other information requirements for specific goods and services, the service provider shall render easily, directly and permanently accessible to the recipients of the service and competent authorities, the following information:

  • the name of the service provider, the denomination or the company name;
  • address of legal domicile;
  • the details of the service provider, including his electronic mail address, which allow him to be contacted rapidly and communicated with in a direct and effective manner;
  • the trade register in which the service provider is entered and his registration number;
  • where the activity is subject to an authorisation scheme, the particulars of the relevant supervisory authority;
  • as concerns the regulated professions:
    • any professional body or similar institution with which the service provider is registered, and the register number;
    • the professional title and the Member State where it has been granted;
    • a reference to the applicable professional rules in the Member State of establishment and the means to access them;
  • the VAT number of the service provider or equivalent in other Member States;
  • the indication  clear and direct of the prices and tariffs of  various services of the information society, outlining if the prices include taxes, delivery costs, and other further expenses specified;
  • the indication of the activities allows the consumer and the consignee of the service and in the event that the activity is subject to authorization or if the object of the service is given on the basis of the license agreement than details of the contract must be provided;
  • the service provider must update the information contained above;
  • the registration of an internet publisher is mandated exclusively for the activities in which the service provider intends to take advantage of the benefits provided by Law 62/2001.

In essence, the above list can be broken down into two basic concepts.  First, in addition to the various items listed, the service provider must also comply with the information requirements for “specific goods and services”, which simply means all other general disclosure and publication requirements of Italian commercial law.  Second, this information must be readily accessible, in a direct and permanent manner. 

The Decree does, however, add two additional requirements not found in the Directive.  These concern an obligation to update the information and the registration of editorial publications.  This latter requirement was made necessary by Law 62/2001 concerning norms for publishing and editorial activities, according to which all web sites that contained information or news would have been required to register as journalistic publications. 


In order to achieve the goals of increasing consumer confidence, the validity and enforceability of on-line contracts is fundamental.  This is dealt with in articles 12 and 13 of the Decree.  Although the Decree generated much initial anticipation that the issue of on-line contracts would finally be clarified, in reality the Decree fails to offer much that can truly be considered new.  In fact, electronic contracts as well as digital signatures have been recognised as legally valid for a number of years in Italian legislation.  While the Decree does provide useful guidelines concerning certain procedures for on-line contracts, the substantive issues relative to formation and enforceability are left to the pre-existing norms contained in the Italian Civil Code. 

Turning to the language of the Decree, article 12 states that, in addition to other information requirements for specific goods and services, as well as distance contracts legislation, the service provider shall, except when otherwise agreed by parties who are not consumers, provide the following information clearly, comprehensibly and unambiguously and prior to the order being placed by the recipient of the service:

  • the different technical steps to follow to conclude the contract;
  • the means by which the concluded contract will be filed by the service provider and its accessibility;
  • the technical means for identifying and correcting input errors prior to the placing of the order to the provider;
  • codes of conduct adhered to and how to access them electronically;
  • the languages offered for the conclusion of the contract other than Italian;
  • indication of the methods for dispute resolution;
  • contract terms and general conditions provided to the recipient must be made available in a way that allows him to store and reproduce them.

Norms relative to the conclusion of contracts shall also apply to cases in which the recipient of a good or service of an information society places an order through electronic means.  Unless otherwise agreed between parties other than consumers, the provider shall, without undue delay and by electronic means, acknowledge the receipt of the recipient’s order indicating the general and specific conditions applicable to the contract, information on the goods and services provided, pricing details, payment means, right of withdrawals, costs of delivery and applicable taxes.  The order and the acknowledgement of receipt are deemed to be received when the parties to whom they are addressed are able to access them.

The exclusion of contracts between parties who are not consumers effectively focuses the objective of these articles on B2C transactions, leaving B2B agreements to be regulated by general commercial law.  In addition, the above rules will not apply to contracts concluded exclusively by exchange of electronic mail or by equivalent individual communications, although the reason for this exemption is unclear. 

Advertising and Spam

General commercial advertisements must contain information clearly identifying them as such.  Specifically, in addition to other information requirements for specific goods and services, commercial communications which are part of, or constitute, an information society service shall from the first delivery contain the following in a clear and unequivocal manner:

  • the commercial communication shall be clearly identifiable as such;
  • the natural or legal person on whose behalf the commercial communication is made shall be clearly identifiable;
  • promotional offers, such as discounts, premiums and gifts, and the conditions which are to be met to qualify for them shall be presented clearly;
  • promotional competitions or games, where permitted, and the conditions which are to be met to qualify for them shall be clearly identifiable.

Concerning spam, article 9 of the Decree requires the service provider to clearly and unequivocally identify unsolicited commercial e-mail and provide the means for the recipient of the message to elect not to receive future communications.  The burden of proof in this case is placed on the service provider.  As such, the Decree appears to endorse the “opt out” method for privacy purposes, which apparently contradicts prior Italian legislation on data privacy that clearly provides for an “opt in” procedure. 

In addition, the Italian legislature has recently implemented EU Directive 58/2002 concerning data privacy.  The implementing legislation, Legislative Decree 196/2003, provides that the use of automated calling systems without human intervention, including e-mail, for the purposes of direct marketing is allowed with the consent of the recipient.  Such consent to send materials to an e-mail address has to be made in the context of a sale of a product or service, i.e., the recipient must be given the opportunity to deny consent at the moment his e-mail address is collected.  Resolution of the apparent conflict between the various norms will be left to the Italian Privacy Guarantor, which has recently ruled that the fact that an e-mail address is published on a website doe not imply consent to receive unsolicited commercial messages.

Having reviewed the basic contents of the E-Commerce Decree, we return to the original scope proposed for this legislation, i.e., to expand e-commerce by increasing consumer confidence in the security and reliability of on-line transactions.  Only time will tell whether or not this goal has been achieved, but, in the opinion of the authors, the Decree is unlikely to have a significant impact on e-commerce in Italy.  In fact, considering the number of often conflicting norms in this field, of which the Decree only adds to the confusion, a comprehensive review and integration of the various rules into a single text governing on-line transactions is still needed.