BREXIT and Compliance


BREXIT and compliance

Jonathan ArmstrongBy Jonathan Armstrong
27 June 2016

The BREXIT vote clearly has considerable ramifications for the UK but what does it mean for compliance?

In the short-term the change will be minimal. Longer term there is likely to be lots to do on the separation and with the UK putting in place agreements to replace current EU deals – many variations are currently possible. UK politicians have talked of a 6-month scoping exercise as the work on separation starts. Then there is effectively a notice period of two years as the UK exits the EU. Much depends on the new Government and who will be the next UK Prime Minister. The current Prime Minister, David Cameron, has announced his intention to resign an he has said it will be up to his successor to start the process off. As a result it is hard to predict what will happen, especially given that the referendum result is not technically law but a recommendation to the Government to make law.

There will be high-level meetings of EU Member State leaders and an extraordinary plenary session of the European Parliament on 28 June to discuss the matter and things may become a little clearer after that. That said here are some initial thoughts:

What about GDPR and data protection?

We think planned changes like the General Data Protection Regulation (GDPR) will still go ahead although the names and details may be different – our alert in March explains a little more on this. In addition the UK will shortly have a new data protection regulator, Elizabeth Denham, who has spoken previously of the need for new GDPR powers and is likely to push for similar legislation too. There are more details on Ms Denham’s background here. The ICO’s announcement today seems to agree with the position we set out in March.

Data security

There are data breach provisions in GDPR and we are likely to see something similar come into UK law. The EU is also in the process of adopting a new Cyber Security Directive. There is some background on that here. The UK Government consulted on implementation of new cyber security measures and our gut feel is that it is unlikely this Directive will be adopted in full. Much depends in this and other areas however on the timing of the UK’s exit.

Data transfer

There has obviously been lots of debate in Europe about data transfer issues. Exactly what happens with the UK after exit remains to be seen. Much is likely to depend on whether the UK remains in the European Economic Area (EEA) – if it does there may be little practical change. If it doesn’t the UK would likely have to go through some sort of an adequacy assessment which we have discussed in our alert relating to GDPR. Data transfer could be complicated if the UK does not remain in the EEA, particularly given the Snowden allegations which fuelled the Schrems litigation in Europe given that some of the allegations also touched on surveillance by UK Government agencies. In the short term existing data transfer rules apply which we have discussed extensively on our website. Theoretically if a working Privacy Shield deal can be done next month the UK would still be a party to that, at least in the short term. Whilst it is too early to say for sure those businesses who have a scheme of Binding Corporate Rules (BCR) on exit could also have an easier time with other EU data protection authorities.

How will this affect bribery & corruption?

Here there is likely to be little change. The UK Bribery Act 2010 isn’t part of a body of EU legislation and the UK bribery prosecutors are independent of the EU regime. There may be an effect on some investigations, for example into alleged corruption in EU funds, but the law will remain the same. We have some FAQs on UK bribery laws – do let us know if you would like a copy.


We are likely to see some changes here although substantive competition law will probably remain the same. Procedurally there will likely be two regimes in areas like merger filings, one at the UK internal level and one at the EU level where relevant, which is likely to be costly and give rise to uncertainty. What will be interesting to see is the issue of State aid – for example, will the UK set up its own State aid regulator, either because it wishes to do so or because it will be required to under the negotiations to come to a new deal with the EU?

The competition law regime is unified across the EU, and the level of fines levied in recent years has been considerable. However, the EU does have co-operation agreements with other countries like Switzerland (so-called ‘dedicated agreements’) and negotiations may well start on a dedicated agreement soon. So far the EU has signed more than 80 dedicated agreements. There is more information on dedicated agreements here.


UK employment law essentially all derives from EU law and provides strong protection for worker’s rights, within the context of the free movement of workers. Many aspects have often been a bone of contention for UK conservative governments who may prove to be keen to start tearing up the rule-book. But, this can be expected to be an area that the EU will be very tough on in the negotiations as a quid pro quo for access to the EU Single Market as it is one of the cherished cornerstones of EU law.

Product liability

The EU runs a common product recall alert system known as RAPEX which covers the EU and European Free Trade Association (EFTA) members like Norway. However each country in Europe has its own authorities who police product safety and reports into RAPEX are made by national authorities. It is likely that, at least in the short term there will be little change but the exact details remain to be seen. There are details of the RAPEX scheme here.

Chemicals regulatory

In the longer term this may be an area of some change. Europe has a common chemicals regulatory regime referred to as REACH (Registration, Evaluation, Authorisation & Restriction of Chemicals). This is likely to be a challenge in the negotiations as regards the nitty-gritty of what is a technically very complicated regime.


The EU has just renewed certain of its sanctions against Russia to 23 June 2017. There are more details of that in our alert here. One prominent UK politician has spoken already about this being a potential area of change. In the short term the EU sanctions regime will still apply to the UK.

Modern Slavery

Broadly no change here since the UK law is not harmonised with the EU. There is more on this legislation here.


There will be some things that change significantly in healthcare and some that remain the same. As we have said already tougher regulatory requirements on the handling of health data introduced by GDPR are also likely to find their way into UK law. One of the biggest questions that remains to be answered in healthcare is the location of the European Medicines Agency (EMA). The EMA is a decentralized agency of the EU and it is located in London. It is responsible for scientific evaluations, supervision and safety monitoring of medicines developed by pharma companies for use in the EU. It also has a role in animal health. If the EU remains in the EEA or some sort of ‘association’ deal is reached then there is perhaps a possibility that the EMA can stay where it is. If not it may have to relocate (we understand that a number of countries have already put bids in) and that is likely to have a considerable impact on staffing and productivity in the short term. This is another area which is likely to need close attention.

Retail & eCommerce

eCommerce and distance selling regulations are common across the EU. In the short term again there is likely to be little change however in time we may see different regulations for retail in the UK compared with the rest of the EU. This is a complex area, made more challenging by the recent European Court decision in the Weltimmo case. There are also issues to consider with distribution agreements and intellectual property. For example whilst the UK has its own trademark regime there is also an EU registry run by the European Union Intellectual Property Office in Spain. Thought will need to go in to how those regimes will work together going forward.


Direct taxation is essentially the prerogative of the individual EU Member States but certain EU rules do exist for example as regards harmonised standards for company taxation. The EU has particular competence concerning indirect taxation within the context of the free movement of goods and the freedom to provide services – competition must not be distorted by variations in indirect taxation rates etc. The EU plays a significant role as regards value-added tax (VAT – sales tax) and excise duties. So indirect taxation in the context of access to the Single Market is likely to be a hot area in the negotiations.

Other industry specific regulations

In addition to the more general regulations there are EU wide regimes in a huge number of areas – from banking and finances to beach cleanliness. Again these regimes will need to be unravelled and clearly some will have a higher priority than others. We expect many clients will want to have input into how those new regimes may look for their industry and we will be monitoring developments to help our clients with that.

For more information please contact Jonathan Armstrong or André Bywater who are lawyers with Cordery in London where their focus is on compliance issues.

[clickToTweet tweet=”What does BREXIT mean for compliance? @SCCE @armstrongjp” quote=”What does BREXIT mean for compliance? ” theme=”style3″]