This interview follows our earlier conversation with Amelia, ‘Negotiating Trade and Competition in the Digital World.'

With Amelia Andersdotter


National security exemptions in trade agreements reflect the often tenuous dialectic between national sovereignty and the multilateral trading system.

Given the current geopolitical landscape, national security measures are increasingly framing various aspects of the global digital economy.

We spoke to Amelia Andersdotter to understand the implications of these measures on local businesses, with a particular focus on the EU and Sweden.

Interestingly, we’re seeing an increasing reliance on national security exceptions in trade negotiations. Can you talk about the politics of national security provisions in trade agreements?

Amelia: All trade agreements have national security exceptions that governments can rely upon if they really feel the need to do so. National security exceptions are normally not invoked, because it’s like opening a can of worms. National security is also amoebic. It can be expanded to encompass almost any policy at all and it's been raised in the past few years that it is being expanded, dramatically. So a can of worms full of amoebas. The European Union does not have national security competencies though - it is made weaker the more national security expands.

But I think we’re living in a time now where governments are feeling more insecure about their place in the world, their relationships with each other, and their power games. So all the negotiations taking place at this point, exploring the ramifications of national security exemptions- or even more so, making moves towards claiming that national security could somehow be overridden by trade interests- I think that’s a critical issue for most governments right now.

We’re living in a time now where governments are feeling more insecure about their place in the world, their relationships with each other, and their power games.

We see this in the EU. Well, I live in Sweden, and I have noticed that in the past five- six years that the Swedish government is shifting various policies to the national security space, and to the ministry of justice and defense.

One possible interpretation of this shift is that the Swedish government has full control with the ministry of justice and defense. In all other ministries, Sweden is always impacted by European decisions.

But with the ministry of justice and the ministry of defense there is a small space where the Swedish government can make its own laws and claim absolute sovereignty. Which is ironic, because while Sweden is playing this sovereignty game, they are also actually consenting to putting more and more power in Brussels.

It’s an interesting conflict about who ultimately has the political power to decide what happens in Sweden. We end up with conflicting regulatory frameworks, they’re very confusing for the private sector and for private persons as well. It is very destructive and inconsistent.

How does this impact local Swedish technology companies and startups?

Amelia: For instance, we have the General Data Protection Regulation (GDPR) which nominally sets the strategy for the entire EU to be global leaders in personal data security. But the Swedish government doesn’t really subscribe to it. So when it comes to issuing guidelines, or giving resources to the data protection authorities that can clarify the rules around the collection or processing of data- that money is not there. This is just confusing and stressful for companies that try to comply with the laws, or organizations that don’t want to violate these laws, or just literally don’t know how to be compliant.

With the network and information security (NIS) directive, the Swedish government issued an implementation of the directive approximately at the same that they issued a new information security law for the Swedish territory.

The implementation of the NIS directive was not particularly well done. It was basically a literal translation of the European directive, with some additions about telecommunications operators, without any guidelines on what the implementation of any of these laws actually means, as they were foreseen to be issued only 4 months later. It's enforced by a public authority whose general director has been the constant focus of media scandals for more than ten years.

Whereas the information security law had a lot of guidelines. It was also backed up by the security services which are normally well connected with the media, and they have all of these procedures in place where they actually assess if you’re complying with a law.

Let's take then a small company- a three man company running an electricity grid in the west of Sweden. If they were trying to minimize risk and had to choose which one of these laws to comply with- what do you think they would pick? The badly implemented European directive; or the information security law that is under the security services which are well connected with the media, and have a procedure in place telling you whether or not you’ve succeeded in complying with the law.

Normally, any small company would choose the latter. Especially because the risk of erroneously not following the information security law is much higher, while the support for being compliant is so much better.

But to fall under the information security law you need to be able to claim that you’re important for national security. And if you are this three man company running an electricity grid in the West of Sweden, then maybe you’re not nationally relevant. How do you spin that? How can you get this other, better constructed law to apply to you?

I had a request from a lawyer who is working with business and compliance issues around six months ago, and they said that’s it’s highly unusual for law to cause so much confusion two years after it enters into force. This is not meant to happen, but with the NIS directive, it is happening.

And this is damaging- in this case it mostly effects corporate interests because the law targets corporations and companies. But it also damages trust in the government, and in the legislative system- the trust that people have in the ability of governments to make consistent policies.

 

And this is damaging- in this case it mostly effects corporate interests because the law targets corporations and companies. But it also damages trust in the government, and in the legislative system- the trust that people have in the ability of governments to make consistent policies. 

The lack of regulatory consistency between national and international rules damages trust in the government, and in the legislative system- the trust that people have in the ability of governments to make consistent policies. 

 


 

This article is part of our series on Trade and the Digital Economy.