It has long been said that politics makes strange bedfellows. In this case, Ann Marie Buerkle, the Acting Chairman of the United States Consumer Product Safety Commission, a Republican, sided with Democratic Commissioners Robert Adler and Elliot Kaye to elect Commissioner Adler as the incoming Vice-Chair of the Commission. That means Commissioner Adler will assume the Acting Chairmanship of the agency when Ms. Buerkle steps down as Chairman on September 30, 2019—a little less than one year after the Republicans gained the majority on the Commission for the first time in twelve years.

In today’s hyper-partisan politics, such a vote is noteworthy and surprising to many. Currently, the Commission is made up of five commissioners—Republicans Buerkle, Dana Baiocco, and Peter Feldman, and Democrats Robert Adler and Elliot Kaye. Traditional, partisan thinking presumes that the majority of the Commission (i.e., the three Republicans) would have elected a Republican to replace Ms. Buerkle as Acting Chair of the agency. But that is not the case here.

In a statement issued on Friday, Ms. Buerkle stated that “consumer protection is not political” and that she believed the incoming Acting Chairman should be “the most experienced, most senior commissioner who has previously served in this role.” A commissioner since 2009, Mr. Adler served as the Acting Chairman of the Commission in late 2013 and early 2014 upon the departure of then-Chairman Inez Tenenbaum. Although Ms. Buerkle and Mr. Adler, admittedly, have diverging political and regulatory philosophies, they are known within the product safety community to have a cordial working relationship grounded in mutual respect.

So what does this mean for the regulated community and other product safety stakeholders? In the short term, upon Acting Chairman Buerkle’s departure from the agency altogether on October 27, 2019 (about one month after she relinquishes the chair to Adler), the Commission will return to a 2-2 split along party lines and presumably some partisan gridlock, although the Commission will continue to operate according to its current fiscal year’s operating plan. As to longer term implications, presumably, Friday’s vote will incentivize the White House to nominate, and the Republican-controlled Senate to confirm, a third Republican commissioner to restore the Republican majority upon Ms. Buerkle’s departure from the agency in late October.

In the meantime, we congratulate Commissioner Adler on this development, and look forward to continue working with him and his staff.

Protecting creative endeavors and designs is a core activity of just about all fashion companies. Fashion items (clothing, accessories, handbags, shoes, etc.) can indeed be protected by copyright and design rights within the European Union.

Lesser known is the ‘unregistered community design’ (or: ‘UCD’) established by the European legislator in 2002 for the protection of products with a short lifespan. As the fashion industry is driven by rapid innovation, based on seasonal collections with new designs each time, this specific, unregistered and therefore inexpensive intellectual property right provides the ideal protection for many fashion companies. As fashion is a wide spread phenomenon and knows no boundaries, this intellectual property right could turn out to be the excellent fit not only for European fashion companies, but also for US fashion companies operating within the EU.

In this post, we will take a closer look at the how, what and why of this unregistered design right.

The object of protection in design law

The design right, be it the registered or unregistered variant, essentially protects the appearance of a product, which is determined by its characteristic features. These are in particular the lines, contours, colors, shape, texture, decorations, logos, photos, illustrations, materials, etc. For example, new designs of clothing or accessories, as well as decorative prints qualify for design protection.

The requirements for protection

To claim design protection, the design must meet two requirements: the design must be new and have an individual character.

The design will be considered new if no identical design has been made available to the public. Designs are considered to be identical if their characteristics differ only in unimportant details.

The design will have an individual character if the general impression it has on the informed user (the attentive consumer, shopper, fashionista or fashion blogger) differs from the general impression that the user has in comparison with older, existing designs. In other words, no déjà-vu feeling may arise.

In order to be able to claim an unregistered community design, it is also important that the designer properly notes, maintains and documents who created which designs, when, and when they were first disclosed to the public. Conversely, to avoid wrongful allegations of infringement, it is important to properly document and date the entire design process. Only in this way it can be demonstrated that the design was independently developed. Sketches, inspiration boards and brainstorming sessions are therefore best kept in a structured and chronological manner.

The choice between the registered and the unregistered community design

As soon as the design meets the above requirements, the designer has two options in the field of design law:

1) The designer chooses to register the design for a fee at a national or international design agency (for example the European Office, the EUIPO, or the Benelux Office, the BOIP). The protection lasts for a term of 5 years, after which it can be extended up to 5 times against payment up to a maximum protection term of 25 years;

2) or the designer opts for the unregistered design, which is created automatically (read: free and without registration obligation) for a one-time term of protection of 3 years from the date the design is made available to the public within the European Union for the first time. The designer must therefore disclose his creation to the public instead of undergoing the whole registration process. Public disclosure or making the design available to the public means: publishing, exhibiting, placing on the market or otherwise making publicly available in such a way that, in normal practice, the specialized circles operating within the European Union can reasonably be aware of the design. In other words, a design that has remained on the drawing board will not be deemed to have been made public.

The scope of protection of the registered and unregistered community design

However, the scope of protection of a registered and unregistered design will be different. As such, the holder of an unregistered design can only take action against counterfeiting in the literal sense of the word. It will thus be necessary to prove that the copycat-design was created by copying the older design.

On the other hand, a registered design has a broader scope of protection: its holder may exclusively exploit this design and has the right to oppose the use or subsequent registration by third parties of products with the same appearance or with an appearance that does not create a different overall impression.

Tips and tricks for the unregistered design

Although an unregistered community design offers less scope for protection, it remains a hugely interesting intellectual property right in the fashion sector. It is free, flexible, requires no administrative hassle, and offers a relatively short but clear scope of protection against counterfeiters. A well-documented and chronologically structured creation process, on the other hand, is indispensable in order to be able to claim this protection (or, to defend against possibly unjustified claims of design holders).

This article was originally published in Fashion United here.

Under a new rule that became effective August 3, 2019, the United States Patent and Trademark Office (“USPTO”) requires all foreign-domiciled trademark applicants, registrants, and parties to a trademark proceeding to be represented by an attorney who is licensed to practice law in the United States. This requirement applies to any entity with a principal place of business outside of the United States and its territories and any individual with a permanent legal residence outside of the United States and its territories.

This new rule is one of the USPTO’s responses to an increasing number of inaccurate, overbroad, and in some instances, possibly fraudulent trademark submissions, some of which originate abroad. The goal of this rule (and other USPTO efforts not focused solely on foreign trademark owners) is to help improve the accuracy of the U.S. trademark register and increase compliance with U.S. trademark law.

According to the USPTO, “increasing numbers of foreign applicants are likely receiving inaccurate or no information about the legal requirements for trademark registration in the U.S., such as the standards for use of a mark in commerce, who can properly aver to matters and sign for the mark owner, or even who the true owner of the mark is under U.S. law.” As further explained by Andrei Iancu, Under Secretary of Commerce for Intellectual Property and Director of the USPTO, “Businesses rely on the U.S. trademark register to make important legal decisions about their brands. In order to maintain the accuracy and integrity of the register, for the benefit of all its users, the USPTO must have the appropriate tools to enforce compliance by all applicants and registrants. This rule is a significant step in combatting fraudulent submissions.”

Applications and submissions that were filed prior to August 3, 2019 by someone other than a U.S. – licensed attorney will be considered by the USPTO as-is. However, applicants and registrants may not respond to USPTO office actions without first appointing U.S. counsel. Further, for ongoing TTAB proceedings where a foreign-domiciled party is not currently represented by a U.S.-licensed attorney, the TTAB will suspend the proceeding and require appointment of a U.S. -licensed attorney.

Further guidance can be found here.

On August 27, 2019, the U.S. International Trade Commission (ITC) published a final rule regarding the procedures for the preparation and filing of Miscellaneous Tariff Bill (MTB) petitions and public comments. The Miscellaneous Tariff Bill (MTB) Act temporarily reduces or eliminates import duties on specified raw materials and intermediate products used in manufacturing that are not produced or available domestically. It is intended to ensure that U.S. manufacturers are not at a disadvantage to their foreign competitors when sourcing manufacturing components. Under the MTB process, U.S. importers may petition for duty-free or reduced-duty treatment of certain imported products by submitting an MTB petition to the ITC. Typically, importers request duty relief for manufacturing raw material inputs such as chemicals, electronic goods, and proprietary parts that are not produced in the United States. However, there are no restrictions on what products and parts can be requested. In general, for an MTB petition to be successful there must not be any domestic industry opposition, and any reduction of duties resulting from the change to the duty rate for the proposed product breakout may not exceed $500,000 per annum. Importers can request an elimination or reduction of duties, depending on the annual duty savings anticipated and the $500,000 threshold.

The new rules take effect on September 26, 2019.  It is anticipated that the ITC will begin accepting MTB petitions after October 15, 2019, and petitions must be filed within 60 days of this date.  These dates will be confirmed after the ITC formally announces the commencement of the MTB petition process. Any successful petition would then need to pass Congress and be signed into law by the president before becoming effective. If signed into law, then the MTB petitions may become effective January 1, 2021, with an expiration date of December 31, 2024.

The new procedures appear more stringent than those applied during the 2016 round of MTB petitions. The petitions should include to the extent available: (1) CBP rulings issued on the product; and (2) a copy of other CBP documentation indicating where the article is classified in the HTS. Additionally, the petitions should include:

  1. an estimate of both total value and dutiable value for the product for the next five calendar years;
  2. an estimate of the share of total imports represented by the petitioner’s imports of the subject article;
  3. the names of any domestic producers of the article, if available;
  4. a certification of completeness and correctness; and
  5. an acknowledgement of the petitioner’s awareness that the information submitted is subject to ITC audit and verification.

The ITC has also indicated that there will be a clearer way to renew current MTBs. However, that information is not yet available

Here, we identify 10 key issues relating to how the U.S. antitrust agencies—the Federal Trade Commission (FTC) and Department of Justice (DOJ)—analyze CPG transactions.

1) High-End vs. Low-End

Antitrust agencies often define the market for the merging parties’ products quite narrowly. In one notable example, the FTC defined a market limited to “intense mints” (think Altoids), which excluded traditional mints (think Life Savers).

The antitrust agencies often define markets around product sub-segments based on distinct prices, characteristic, or measures of quality within a broader category. In particular, the antitrust agencies frequently segment CPGs along a spectrum from high-end to low-end products.

2) In-Store Location

A CPG’s shelf-space location in a retail store or positioning on the shelf may also affect how the antitrust agencies define the product market and assess the merger’s effect. This is a frequent issue in food and beverage mergers.

For example, in 2002, the FTC sued to block a merger that would have combined Vlasic and Claussen pickles. The agency alleged that refrigerated pickles constituted a separate market from shelf-stable pickles sold in the center aisles.

3) Branded vs. Private Label

There is no bright line rule on whether the antitrust agencies will consider private label products “in” or “out” of the market. It depends on the facts.

Private label products were excluded when the FTC defined the market for branded seasoned salt products. In contrast, the FTC reportedly cleared Energizer Holdings’ acquisition of Spectrum Brands’ battery business (Rayovac branded batteries) because the evidence confirmed that branded batteries face strong competition from private-label batteries.

4) Sales Channels

The agencies may also limit the market to particular sales channels. For example, in a recent case challenging the combination of two cooking oil products, the FTC alleged that the market was limited to sales made to retailers. In 2011, the DOJ alleged that hairspray sold in retail stores was a separate market from the sale of such products in salons because of differences in price, location convenience, and breadth of brands carried.

Additionally, there is no bright-line guidance for whether online retail sales will be “in” the market. Only a transaction-by-transaction assessment will determine how online sales factor into market definition and competitive-effects analysis.

5) Geographic Markets

The agencies typically define the relevant geographic market in CPG mergers as national, or no broader than national. High transportation costs, differences in brands, U.S. regulations that make it difficult for customers to purchase products sold outside the U.S., or a lack of imports, may contribute to the agencies’ assessment.

Geographic markets may also be limited to certain regions, states, or metropolitan areas, at least where the seller can charge different prices to retailers based on differing competitive conditions.

6) Merger’s Effect on Competition

The ultimate question in any merger investigation is whether the transaction will “substantially lessen competition.” In short, the investigating antitrust agency tries to assess whether a merger is likely to result in higher prices, lower quality, or reduced innovation.

In CPG transactions, the concern about potentially diminished price competition isn’t limited to higher shelf prices or lower discounts to consumers. The agencies are also concerned about the potential for the merger to reduce promotional discounts, slotting allowances, and trade spend paid to retailers.

7) Brand Equity and Entry Requirements

Brand is often a key ingredient for success. But brand may also be a key reason the FTC or DOJ raises concerns about barriers to entry, expansion, or repositioning. In many of the agencies’ enforcement actions, brand equity was one of the most significant barriers to entry because it could make it time-consuming and costly for a new entrant to convince retailers to stock their product or gain consumer acceptance.

8) Documents

The merging parties’ documents are a key factor in whether the FTC or DOJ opens a detailed investigation and, ultimately, whether the agency decides to clear the merger or attempt to block it in court.

Two types of documents can be pivotal: (1) those describing the effects of the merger and (2) those reflecting how the parties analyze their market and calculate market shares.

9) Customers

Customer views carry significant weight in merger investigations. During investigations, the agencies typically call the parties’ largest customers, such as retailers and distributors, to learn how they view the merging parties’ products and which other products may be reasonable alternatives to the parties’ products.

10) Data

The antitrust agencies also routinely rely on data-driven analyses to assess the likely competitive effects of the transaction and help define markets. Two common analyses in a CPG merger are:

  • Natural Experiments. The agencies typically seek to use scanner data to evaluate the impact of certain events on the parties’ sales and prices. For example, did sales or prices of the parties’ products change after a rival product went out on recall or a new branded product was introduced?
  • Diversion analysis. A common technique is to use an event, such as an entry, an exit, or a promotion, to quantify the amount by which sales were diverted from one product to another. If a substantial volume of sales shift, the antitrust agencies are likely to view those brands as particularly close substitutes.


When evaluating potential mergers and acquisition in the CPG space, antitrust risk can be a key consideration. With guidance, careful planning, and early read-outs from anticipated economic analyses, that risk can be carefully managed to meet business objectives.

This blog post is a condensed version of an article that originally appeared August 18, 2019 on Retail Leader. Visit Retail Leader for the full version of the article, which include pre-deal pointers for industry executives and counsel.

Alexis Gilman is a Partner in Crowell & Moring LLP’s Antitrust Group in Washington, DC. From 2010-2017, he worked at the Federal Trade Commission, including three years as the head of the Mergers IV Division, where he oversaw numerous investigations of mergers involving branded consumer products, retail, and other industries.

Elizabeth M. Bailey is an economist and academic affiliate at NERA Economic Consulting in San Francisco where she handles CPG mergers and acquisitions.

In today’s protectionist environment, importers are facing heightened legal risks and a potential False Claims Act (FCA) violation when providing information to Customs and Border Patrol (CBP). In June, the United States Attorney’s Office for the Southern District of New York filed a civil fraud lawsuit against Manhattan-based children’s apparel companies Stargate Apparel, Inc., Rivstar Apparel, Inc., and their CEO, Joseph Bailey. The Complaint, filed under seal, had alleged that Bailey, Rivstar, and Stargate violated the FCA when they submitted invoices to CBP understating the true value of imported goods.

The alleged fraud was first brought to light by a whistleblower who filed a complaint under the FCA. It alleged that from 2007 to 2015, Stargate engaged in a double-invoicing scheme with a manufacturer in China. And that the manufacturer provided Stargate with two invoices for the each shipment of goods. One invoice, referred to as the “pay by” invoice, was for a much higher amount and reflected the actual price Stargate paid the manufacturer for the goods. The second invoice was for a much lower price. Stargate presented only this second invoice to CBP and thus was able to pay a fraudulently lower amount of customs duties.

A second variation of this fraud scheme involved invoices for “sample” goods. The Chinese manufacturer would send two invoices for one shipment, one marked commercial invoice and one marked sample invoice. Together, the two invoices reflected the real price Stargate paid to the manufacturer, but Stargate only paid customs duties on the commercial invoice and not on the sample invoice because sample goods are not subject to customs duties. According to the Complaint, none of the goods Stargate received from the manufacturer were actually sample goods.

The allegations claim that Bailey, Stargate, and Rivstar engaged in similar schemes with additional manufacturers. Through these schemes, the Complaint alleges that they undervalued imports by tens of millions of dollars and cost the U.S. government over $ 1 million in duty revenue. Bailey and his companies now face civil penalties and treble damages, and Bailey faces an additional criminal charge of conspiracy to commit wire fraud.

Importer FCA cases just like this one have been on the rise in recent years. The Trump administration’s focus on trade policy will likely only lead to continued scrutiny in this area. Additionally, the recent Supreme Court ruling in U.S. ex rel Hunt v. Cochise Consultancy, No. 18-315 (2019), has allowed whistleblowers to take advantage of a longer statute of limitations period previously only available to the government under 31 U.S.C. § 3731(b)(2). Thus, where the government does not learn of the FCA violation, a lawsuit can be filed up to 10 years after the date the false statement was made. This expanded statute of limitations may also contribute to the increase in importer FCA cases.

On August 12, 2019, a jury in Delaware federal court found L’Oreal USA Inc. liable for misappropriating Olaplex LLC’s trade secrets, infringing two patents relating to hair-coloring, and breaching a nondisclosure agreement between the two parties. The jury awarded $91.3 million to Olaplex. Olaplex’s victory demonstrates the importance of entering into nondisclosure agreements before disclosing potential intellectual property to a competitor – especially a large one.

This suit stems from a meeting in 2015 between L’Oreal and Olaplex to discuss a potential acquisition or licensing deal. Olaplex alleged that after the parties met, L’Oreal exploited its trade secrets and created “three knockoff versions” of products discussed during the meeting. At trial, the jury found that L’Oreal stole Olaplex’s trade secrets in violation of the nondisclosure agreement.

The jury found that L’Oreal willfully infringed both patents, leaving open the possibility of an award of increased damages.

L’Oreal hopes to remove this stain upon its reputation on appeal.

In June 2018, the Office of the United States Trade Representative (USTR) announced additional tariffs on products imported from China. The additional tariffs are part of the U.S.’ response to China’s unfair trade practices related to “the forced transfer of American technology and intellectual property” pursuant to Section 301 of the Trade Act of 1974. To date, three lists of tariffs against China have been posted.

Today, August 13, 2019, the USTR released two additional lists (List 4A and List 4B) of products that will be subject to a 10% tariff that will directly affect the Fashion Industry, particularly apparel and clothing accessories, footwear, and hats.

This list will go into effect September 1, 2019. The ad valorem tariff could potentially impact approximately $42 billion worth of imported apparel.

List 4A covers the following:

Footwear articles (91 tariff lines);
Apparel and clothing accessories (e.g., scarves, gloves, trousers, suits, blouses, shirts, skirts)(356 tariff lines); and
Headwear products (hair-nets, safety headgear of reinforced or laminated plastics, and safety headwear) (3 tariff lines).

List 4B (the second list of products subject to the tariffs) will not go into effect until December 15, 2019.  It will include an additional 56 lines of footwear articles; and 35 lines of apparel and clothing accessories.

List 4A: Effective as of September 1, 2019

List 4B: Effective as of December 15, 2019

USTR also indicated that it will launch an exclusion request process for products subject to the additional 10 percent ad valorem tariff.

The complete list of Chinese Tariffs, Trade Actions, and Retaliatory Measures is available here.

On July 9, the European Commission (EC) fined the Japanese company Sanrio – which holds and licenses various popular brands, including Hello Kitty, Chococat and the Mr. Men characters – € 6.2 million for licensing practices that restricted online and cross-border sales of merchandise. In late June it also published the full text of its decision fining Nike €12.5 million for similar behaviour. Both decisions form part of the series of enforcement actions taken by the EC in the wake of its e-commerce sector inquiry that we have discussed in previous posts.

What did Sanrio and Nike do?

The European Commission’s Sanrio fine stemmed from Sanrio having entered into non-exclusive licensing agreements for territories within the EEA that included clauses (i) explicitly prohibiting out-of-territory sales within the EU single market, (ii) requiring licensees to refer orders from outside their territory to Sanrio, and (iii) limiting the languages to be used on merchandising. Sanrio also implemented a series of measures to ensure compliance with the restrictions, including carrying out audits and not renewing contracts in case of non-compliance.

Nike – about whose behaviour we have more detail now – restricted cross-border and online sales of licensed merchandise in similar ways. The practices condemned by the EC included:

  • License conditions expressly prohibiting out-of-territory sales;
  • Restrictions on online sales, including license terms that authorized the use of websites accessible from outside the territory provided “such website does not allow any person … [from] outside the Territory to purchase”;
  • Indirect restrictions on out-of-territory sales, including obligations to refer out-of-territory orders to Nike, obligations to pay back profits from out-of-territory sales (clawbacks), and double royalties on out-of-territory sales;
  • Use of standard license conditions to prevent or discourage out-of-territory sales, including threats of termination for breach, non-renewal on expiry, and third party audits;
  • Limiting the supply from Nike of holographic “security labels” attached to merchandise to certify authenticity in circumstances where out-of-territory sales were suspected; and
  • Prohibiting sales to customers suspected of exporting merchandise between licensee territories.

Based on well-established case law, the EC concluded that these measures constitute per se restrictions of EU competition law. Among others, in the absence of exclusive territories, no restrictions on out-of-territory sales can be imposed within the EEA.

More developments in this area are expected in the coming months with the Vertical Block Exemption Regulation up for review. On July 31, the EC published a summary of the public feedback it has received in this regard. A majority of the respondents expressed concerns about the complexity of rules in this area and called for a revision of the guidance in particular in relation to online sales restrictions.

You need only to look around you to see that the number of connected devices is increasing exponentially. Watches, TVs, fridges, coffee machines, speakers… If they are not “smart” and connected to some type of network, there is a greater chance of finding them in an antique store than in the average Western household.

Greater connectivity comes with greater cybersecurity risk, which threatens not only the functionality and availability of the connected services but, more importantly, the confidentiality and security of the underlying data.

It is against this backdrop that the European General Data Protection Regulation (GDPR) became applicable in May 2018. With possible fines of up to 4 percent of an organization’s global revenue, this legislation has forced a reassessment of the risks emanating from the processing of personal data.

But when is the technology used to process this data “safe enough”? Many companies struggle to find objective standards to determine the level of security of Information and Communication Technology (ICT) products, services or processes – standards that will justify their use of the technology in the event something goes wrong.

This uncertainty is one of the problems that the European Union wanted to solve with its recent Cybersecurity Act. This legislation, which entered into force on June 27 and which is directly applicable in all EU Member States, creates an EU-wide cybersecurity certification scheme for ICT products, services, and processes. Furthermore, it renews and reinforces the mandate of the EU’s Cybersecurity Agency ENISA and determines its specific role and tasks.

While the GDPR focuses on Data Protection by Design, which has both privacy and security components, the EU Cybersecurity Act focuses on Security by Design. These are focus area that we also see in the United States, where guidance for managing IoT cybersecurity and privacy risks was recently published by the National Institute of Standards and Technology (NIST).

The cybersecurity certification framework is in line with the European Union’s Cybersecurity Strategy and the Commission’s Digital Agenda. These aim to harmonize the EU’s digital ecosystem so as to better exploit the potential of ICT in order to foster smart, sustainable, and inclusive innovation, economic growth and progress in Europe.

ICT designers and manufacturers now have the opportunity to benefit from an EU-wide cybersecurity certification that could significantly increase trust in their products, services and processes. The certification is voluntary, unless otherwise specified by EU or Member State law, and it is explicitly stipulated that the European Commission should assess, at least every 2 years, whether a particular certification should be made mandatory (with December 31, 2023 as the deadline for a first assessment).

The EU Cybersecurity Act introduces three levels of assurance: basic, substantial, or high. These levels reflect the risk associated with the intended use of the ICT product service or process in terms of the probability and impact of an incident. Each assurance level determines the security functionalities to be assessed and the corresponding rigor and depth of the assessment.

Manufacturers or providers of ICT products, services and processes that present a low risk, corresponding to the ‘basic’ assurance level, may issue a statement of conformity based on a self-assessment. Where there is no such self-assessment, or the assurance level is ‘substantial’ or ‘high’, the certification procedure is carried out by an independent third party. The certification scheme should indicate whether that third party should be a private or public conformity assessment body or a national cybersecurity certification authority.

Will the cybersecurity certification make the ICT product, service or process absolutely secure? No, obviously and unfortunately not. The conformity assessment will attest that they have been tested, and that they comply with certain cybersecurity requirements (e.g., technical standards).

But cyber attacks continue and cyber risks evolve, which is presumably why certificates will be issued only for a specific period. Furthermore, the authority or body issuing the certification should be notified of any subsequently detected vulnerabilities or irregularities concerning the security of the certified ICT product, service, or process that may have an impact on its compliance with the requirements related to the certification. Such information is to be forwarded without undue delay to the national cybersecurity certification authority concerned.

To give this legislation teeth, EU Member States are expected to impose penalties for infringing the European cybersecurity certification schemes as from mid-2021. Such penalties should be “effective, proportionate, and dissuasive”.

It remains to be seen whether the ICT market will react favorably to this initiative, which is intended to ensure and increase trust in their products and services. Even in cyberspace, the proof of the pudding is in the eating…