An Introduction to Taiwan’s Regulations Regarding the Security Maintenance and Administration of Personal Information Files in in Digital Economy Industries

An Introduction to Taiwan’s Regulations Regarding the Security Maintenance and Administration of Personal Information Files in in Digital Economy Industries

2023/11/29

I. Preface

The Personal Data Protection Act (below, the “Act”), Article 27, paragraph 3 authorizes all central government authorities in charge of specific industries to formulate regulations regarding security standards and maintenance plans for their concerned industries.

Beginning August 27, 2022, Taiwan transferred authority over information services, software publishers, businesses that do retail sales of goods purely via the Internet, third-party payment providers, and other businesses in digital economy industries from the Ministry of Economic Affairs to the newly-established Ministry of Digital Affairs (MODA). Businesses in the digital economy industries collect, process, and use large amounts of important personal data, and therefore bear a relatively heavy responsibility for maintaining the security of personal data. In light of this, and in accordance with the Act, Article 27, paragraph 3, the MODA therefore promulgated the Regulations Regarding the Security Maintenance and Administration of Personal Information Files in in Digital Economy Industries (below, the “Regulations”) on October 12, 2023. These Regulations specify the standards for digital economy industries’ personal data file security maintenance plans and rules governing the handling of personal data following a business termination (below, “security and maintenance plans”, or “SMPs”).

These regulations apply to all businesses in the digital economy industries. In order to reinforce responsibility for personal data security maintenance in the digital economy industries, tiered management is applied to businesses at different scales. The key points of these Regulations are introduced below.

II. Where the Regulations apply

As stipulated in the Regulations, Article 2, the “digital economy industries” that these Regulations apply to refer to any natural person, private juridical person, or other group, that engages in any of the following business operations: 4871 Retail Sale via Internet (industries that engage in retail sales to others via the Internet, but not including television, radio, phone, or other electronic means, nor postal sales); 582 Software Publishing; 620 Computer Programming, Consultancy and Related Activities; 6312 Data Processing, Hosting and Related Activities (industries that engage in processing customers’ data, server & website hosting, and other related services, but not including online audio/video streaming services); 639 Other Information Service Activities; or 6699 Other Activities Auxiliary to Financial Service Activities Not Elsewhere Classified (third-party payment industries, but not including other fund management activities). For the specific industries covered, see Attachment 1 of the Regulations.

III. Security maintenance and management measures

The relevant measures are stipulated in Articles 3 to 17 of the Regulations. In consideration that the businesses so regulated may collect, process, or use large amounts of personal data as part of their business activities, they bear a larger responsibility for maintaining the security of personal data than does the average enterprise. In compliance with the Regulations, every such enterprise is required to formulate an SMP, the content of which shall comply with the specifications in Articles 5 to 17. This includes putting in place management personnel and relevant resources; defining and inventorying the scope of personal data; risk assessment; putting internal management procedures in place; and other such matters.

These Regulations also adopt tiered management for businesses based on their capital levels, in order to reinforcement the frequency at which security maintenance measures are performed. The specific regulations for security maintenance measures are introduced below.

1. Formulating an SMP

In accordance with the Regulations, Article 3, and in order to maintain the security of personal data, each enterprise shall, within three months of the date the Regulations take effect, plan and formulate their SMP. Every enterprise shall also cause all staff members to understand and fully implement the SMP. In order to monitor implementation, the MODA may require that each enterprise submit its implementation of SMP; the enterprise shall then submit their implementation status information in written form within the specified time limit.

2. Making the protection policy known internally

In accordance with the Regulations, Article 4, and to make sure that everyone in the enterprise comprehends and implements personal data protection, each enterprise shall make its personal data protection policies known to all personnel within the enterprise. Matters that must be explained include Taiwan’s legal regulations and orders on personal data protection; how personal data may only be collected, processed, and used for specific purposes and in a reasonable, secure way; that protective technology must be at a level of security that could be reasonably expected; points of contact for rights relating to personal data; personal data contingency plans; and proper monitoring of outsourced service providers to whom personal data is outsourced. All of this must be done to make sure that every enterprise carries out their duty for comprehensive, continuous SMP implementation.

3. SMP content

(1) Putting in place management personnel with relevant resources

In accordance with the Regulations, Article 5; in accordance with both the Regulations as a whole and other laws and orders regarding the protection of personal data; and in order to implement personal data protection, each enterprise shall do the following things: Weigh the size and characteristics of their business to reasonably allocate operating resources; take responsibility for the personal data protection and management policy; and formulate, revise, and implement their SMP. Also, the enterprise’s representative or the representative’s authorized personnel shall carry out formulation and revision, in order to make sure that the SMP’s content is fully carried out.

(2) Establishing the scope of personal data

In accordance with the Regulations, Article 6, in order to define the scope of personal data to be included in the SMP, each enterprise shall periodically check the status of personal data that is collected, processed, or used.

(3) Risk assessment and management mechanisms for personal data

In accordance with the Regulations, Article 7, in a timely manner, and in accordance with their already-established personal data scopes and the processes in which their business involves the collection, processing, or use of personal data, each enterprise shall evaluate risks that may arise within their scope and processes. Based on the risk evaluation results, each enterprise shall then adopt appropriate security management and response measures.

(4) Incident prevention, reporting, and response mechanisms

In accordance with the Regulations, Article 8, and in order to reduce/control damages to data subjects resulting from personal data theft, tampering, damage, destruction, leakage, or other such security incidents, each enterprise shall formulate response, reporting, and prevention mechanisms:

1. Response mechanism: Methods to be followed after a security incident has occurred, to reduce/control damages to data subjects, and appropriate ways to notify data subjects after an incident investigation, as well as what such notifications shall contain.

2. Notification mechanism: Post-incident notifications to data subjects, in a form (such as email, text message, phone call, etc.) that makes it convenient for such subjects to learn what has occurred and what the incident handling status is; also, providing data subjects with a hotline or other way of seeking information later on.

3. Prevention mechanism: A post-incident mechanism for discussing and adjusting the prevention measures.

Within 72 hours after an enterprise learns that a personal data security incident has occurred, the enterprise shall use Attachment 2, the Enterprise Personal Data Leak Reporting Form, to notify the MODA of matters such as: A description of what caused the incident; an incident summary; the damage status; possible results from the personal data leakage; proposed response measures; proposed method and time for notifying data subjects; etc. Alternately, the enterprise may notify the special municipality or county/city government to then notify the MODA. If the enterprise is unable to report the incident within the time limit or is unable to supply complete reporting information all at once, the enterprise shall attach explanation of the reasons for the delay, or provide the information in stages. After the MODA or the special municipality or county/city government receives a report, they may implement reasonable handling in accordance with Articles 22 to 25 of the Act.

(5) Internal management procedures for personal data collection, processing, and usage

In accordance with the Regulations, Article 9, in order to ensure that their collection, processing, and use of personal data complies with the laws and orders regarding the protection of personal data, each enterprise shall do the following: Formulate internal management procedures; assess whether the use, processing, or collection of special categories of personal data are involved; assess data subjects’ consent has been obtained; assess whether the legal circumstances create an exemption from the obligation to inform; etc. The internal management measures shall also include providing data subjects with information on their rights in accordance with the Act, Article 3; putting in place mechanisms for ensuring the accuracy of and inquiring regarding personal data; and periodically reviewing whether the specific purposes for collecting personal data still exist or have expired.

(6) Limits, notifications, and monitoring for international transfers

In accordance with Article 10 of the Regulations and Article 21 of the Act, when an enterprise’s transfer of personal data across a national border affects data subjects to the extent that there is a major national interests concern, the enterprise shall assess whether MODA restrictions apply to the transfer. The enterprise shall also notify the data subjects of the region(s) that the data is transferred to; perform appropriate monitoring of the data recipient; and provide the data subjects with information on their rights in accordance with the Act, Article 3.

(7) Data, personnel, and equipment security management measures

1. Data security management measures: In accordance with the Regulations, Article 11, and when personal data is backup, kept confidential, or transferred by various means based on the risk assessment results, each enterprise shall put in place protective measures against abnormal access behaviors. When an enterprise provides information/communication technology services, the enterprise shall also put in place and regularly monitor intrusion countermeasures, abnormal access monitoring and contingencies, anti-malware mechanisms, account password verification, system testing, and other such data security management measures.

2. Personnel security management measures: In accordance with the Regulations, Article 12, each enterprise shall contractually specify the obligation to maintain confidentiality with all staff members; identify personnel who job duties involve collecting, processing, or using personal data; and periodically assess the appropriateness and necessity of personnel’s permissions to access personal data.

3. Equipment security management measures: In accordance with the Regulations, Article 14, and to prevent personal data being stolen, tampered with, damaged, destroyed, or leaked, each enterprise shall put in place appropriate media protection for personal data storage devices. The protection requirements include management measures such as technology, equipment and secured environments that meet a specific level of security.

(8) Education and training

In accordance with the Regulations, Article 13, each enterprise shall periodically use education and training to ensure that all staff members understand the following things: The laws and regulations pertaining to personal data protection; their personal duties and roles within their scopes of responsibility; and the requirements for all SMP management procedures, mechanisms, and measures. For any enterprise that engages in retail sales via the Internet, their SMP shall include user training and education regarding personal data protection and management; and the enterprise shall also formulate personal data protection rules for compliance.

(9) Continuous audit, recording, and improvement mechanisms

1. Data security auditing mechanisms: In accordance with the Regulations, Article 15, each enterprise shall periodically do internal audits of personal data, then put the audit results into an evaluation report that reviews improvements to the enterprise’s protection policy, SMP, etc. If there are any deficiencies, the enterprise shall make corrections.

2. Use of records, tracking data, and retention of evidence: In accordance with the Regulations, Article 16, and as part of carrying out its SMP, each enterprise shall retain a minimum of five years of records on the collection, processing, and use of personal data; tracking data for automated machinery; and evidence of having implemented the SMP. After an enterprise’s operations cease, it shall retain records of the destruction, transfer, or other deletion of personal data for a minimum of five years.

3. Comprehensive, continuous improvement for personal data security maintenance: In accordance with the Regulations, Article 17, any time an enterprise’s SMP is not implemented, the enterprise shall adopt corrective and preventive measures. Also, based on the SMP’s implementation status, its handling methods/implementation status, developments in data technology, adjustments to the enterprise’s business, and changes in the law and regulations, each enterprise shall periodically review and amend its SMP.

4. Tiered management

In accordance with the Regulations, Article 18, and to prevent relatively small businesses having to take on excessive personal data management costs, tiered management is applied. For an enterprise with a specific business scale (having capital of NT$10 million or more, or holding 5,000 or more personal data records), stronger security measure implementation is required, namely, the personal data security measures shall be implemented, reviewed, and improved at least once every twelve months. If an enterprise reaches NT$10 million or more in capital after the Regulations take effect, or if an enterprise’s number of personal data records held reaches 5,000 or more as a result of direct or indirect data collection, then within six months of meeting those conditions, the enterprise shall implement and review the improvement measures at least once every twelve months.

5. Outsourced personal data

Commercial outsourcing in the digital economy comes in many forms. In light of this, and in order to make clear each enterprise’s security management obligations with regard to the collection, processing, and use of personal data, Article 19 of the Regulations clearly spells out what duties shall be carried out with regard to any outsourcing that touches on personal data. When an enterprise outsources the collection, processing, or use of personal data, it is considered equivalent to the enterprise’s own activity. Thus, the enterprise shall understand and follow the legal orders and regulations on personal data set by the central government authorities in charge of the outsourcing party’s industries. Any oversight responsibilities arising from outsourcing the collection, processing, or use of others’ personal data shall be clearly stipulated in the outsourcing contract or other such documents.

IV. Conclusion

The Regulations Regarding the Security Maintenance and Administration of Personal Information Files in in Digital Economy Industries are designed to balance development for Taiwan’s digital economy industries with comprehensive, continuous improvement of personal data security maintenance. In pursuit of those goals, the Regulations clarify what each enterprise must do: Plan, formulate, and carry out security maintenance plans for personal data that falls within the bounds of the enterprise’s business; ensure that all staff members receive training on personal data protection; provide personal data subjects with channels to file complaints and seek consultation on their rights; and inform the government authorities in charge of the digital economy about the enterprise’s SMP, including the status of any personal data security incidents. All this is done in hopes that the security measures will continuously improve the security of personal data in Taiwan’s digital economy industries.

※An Introduction to Taiwan’s Regulations Regarding the Security Maintenance and Administration of Personal Information Files in in Digital Economy Industries,STLI, https://stli.iii.org.tw/en/article-detail.aspx?no=105&tp=2&i=170&d=9095 (Date:2024/04/15)
Quote this paper
You may be interested
Legal Aspects and Liability Issues Concerning Autonomous Ships

Legal Aspects and Liability Issues Concerning Autonomous Ships   All sectors of business and industry are transforming into digital society, and maritime sector is not out of the case. But the new thing is the remote control ships or fully automatics ships are becoming a reality.   Remote control ships and autonomous ships will be a tool to reach safety, effectiveness, and economical goal. However, as it intends to take over human element in the maritime industry, the implement of remote control ships or autonomous ships brings new legal issues and liability considerations.   This study aims to highlight some critical legal issues of autonomous ships to reader, but will not try to solve them or give clear answers. I. The Approach of International Maritime Organization   In order to solve issues from the deployment of autonomous ship, International Maritime Organization Maritime Safety Committee (MSC) has taken first steps to address autonomous ships. In the meeting of MSC 100, the committee approved the process of assessing IMO instruments to see how they may apply to ships with various degrees of autonomy.   For each instrument related to maritime safety and security, and for each degree of autonomy, provisions will be identified when: apply to MASS and prevent MASS operations; or apply to MASS and do not prevent MASS operations and require no actions; or apply to MASS and do not prevent MASS operations but may need to be amended or clarified, and/or may contain gaps; or have no application to MASS operations.   The degrees of autonomy identified for the purpose of the scoping exercise are: Degree one: Ship with automated processes and decision support: Seafarers are on board to operate and control shipboard systems and functions. Some operations may be automated and at times be unsupervised but the seafarers on board are ready to take control. Degree two: Remotely controlled ship with seafarers on board: The ship is controlled and operated from another location. Seafarers are available on board to take control and to operate the shipboard systems and functions. Degree three: Remotely controlled ship without seafarers on board: The ship is controlled and operated from another location. There are no seafarers on board. Degree four: Fully autonomous ship: The operating system of the ship is able to make decisions and determine actions by itself.   The initial review of instruments under the purview of the Maritime Safety Committee will be conducted during the first half of 2019 by a number of volunteering Member States, with the support of interested international organizations. MSC working group is expected to meet in September 2019 to move forward with the process with the aim of completing the regulatory scoping exercise in 2020.   The list of instruments to be covered in the MSC’s scoping exercise for MASS includes those covering safety (International Convention for the Safety of Life at Sea, SOLAS); collision regulations (The International Regulations for Preventing Collisions at Sea, COLREG); loading and stability (International Convention on Load Lines, Load Lines); training of seafarers and fishers (International Convention on Standards of Training, Certification and Watchkeeping for Seafarers, STCW); search and rescue (International Convention on Maritime Search and Rescue, SAR); tonnage measurement (International Convention on Tonnage Measurement of Ships, Tonnage Convention); Safe Containers (International Convention for Safe Containers, CSC); and special trade passenger ship instruments (Special Trade Passenger Ships Agreement, STP).   IMO will also develop guidelines on MASS trial. The guideline include ensuring that such guidelines should be generic and goal-based, and taking a precautionary approach to ensuring the safe, secure and environmentally sound operation of MASS. Interested parties were invited to submit proposals to the next session of the Committee for the future development of the principles. II. Other Legal issues concerning Autonomous Ships   In March 2017, the (Comité Maritime International, CMI) Working Group on Unmanned Ships circulated a questionnaire. The questionnaire aimed to identify the nature and extent of potential obstacles in the current international legal framework to the introduction to (wholly or partly) unmanned ships. The questionnaire can be summarized into the following legal issues. The legal definition and registration of the remote control ship and autonomous ship The definition of remote control or autonomous ship is based on the purpose of each individual convention. Current international conventions regulating ships do not generally contain recognized definition of the “Ship” and “Vessel”. However, due to its geographical feature, countries tend to have different safety requirement for ships; therefore, even the definition of remote control or autonomous ships given by international regulations, may not be accepted by national register of ships. For example, according to the reply to the questionnaire from Argentina association of maritime law, Argentina Navigation Act prescribes that in order to register a ship in the Argentine Register, regulatory requirements regarding construction and seaworthiness must be fulfilled. However, there are no rules regarding the registration of remote control ships or autonomous ships, as current act are based on the existence of crew on board. The unmanned ships would not be registered by Argentina Registry of ships. At present, the fragmentation of the definition and registration of ships can affect the deployment and application of remote control ships or autonomous ships. Due to the feature of shipping, which is related to the global transportation network, the definition and registration issue had better be solved at international level by International Maritime Organization (IMO). Legal issue of the seafarer International Convention on Standard of Training Certification and Watchkeeping (STCW) 1978 sets minimum qualification standard for masters, officers and watch personnel on seagoing merchant ships and large yachts. In the sight of replacing human operator on board with machine, will the convention find no application to remotely controlled or autonomous unmanned ships? The research of CMI points out the maritime law associations of Finland, Panama and United State assume that the STCW convention would likely apply to shore-based personnel as well in excepted circumstances where there is no new specific legislation. And the British maritime law association states that regardless of whether STCW would apply to unmanned operation or not, it is clear that certain provisions on training and competence would not apply to shore-based controller and other personnel. Japanese maritime association also states that although the convention does not find application to a remotely controlled unmanned ship, certain rules requiring watchkeeping officers to be presented may nevertheless arguably be interpreted to render an unmanned ship in breach of STCW and to that extent be applicable to unmanned ships. Therefore the amendment of convention seems inevitable. Standing on the other side, the Institute of Marine Engineering Science & Technology recommended that pairing human with machine effectively to enhance human intelligence and performance rather than totally replacing human is an area that should not be overlooked. Even if the application of unmanned ships comes in reality, seafarer skill will still remain an essential component in the long term future of the shipping sector. The minimum qualification of masters, officers and watch personnel may not need to be changed. Human error has been used to create a blame culture towards the workforce at sea, and it also results from poor implementation/ introduction/ preparation for new technology. Many studies show that seafarers are worried about the impact of autonomous ships. If the development of autonomous ships means replacing all the human elements on ships, people who work in marine sector will not accept those novel technologies easily, and this won’t lead to a safer future of maritime industry. Safety requirement of the remote control ship and autonomous ship Rule 8 (a) and rule 5 of the international regulation for preventing collisions at sea, 1972(COLREGS) require the operation of ships to comply with the duty of “good seamanship”, “proper lookout”. These rules are based on the operation by human, thus, leading to the following two questions: (1) Would the operation of unmanned ship contrary to the duty of “good seamanship”? The duty of good seamanship emphasizes the importance of human experiences and judgments in the operation of a vessel, and the adaptability of responses provided by good seamanship. Whether an autonomous ship would be able to reach this level of adaptive judgment would depend on the sophistication of its autonomous system. According to CMI’s research, the maritime law associations of countries including Argentina, British, Canada, China, German, Japan and Panama emphasize the requirement that autonomous ship must be at least as safe as ships operated by a qualified crew. (2) Would the proper lookout sets in rule 5 satisfied by camera and aural censoring equipment? COLREG rule 5 has two vital elements. First, crew on the bridge should pay attention to everything, not just looking ahead out of the bridge windows but looking all around the vessel, using all senses and all personnel equipment. Second, use all information continuously to assess the situation your vessel is in and the risk of collision. In this context, if the sensors and transmission equipment are sufficient to enable an appraisal of the information received in a similar manner available as if the controller was on board, then Rule 5 should be considered satisfied. However, it is unlikely that fully autonomous ship could comply with rule 5. It depends on the sophistication of its autonomous system. If the technology is unlikely at present to provide as equivalent spatial awareness and appreciation of the vessel’s positon as there are human on board, then rule 5 would not be considered fulfilled. Liability Liability is an important issue which is frequently mentioned in the area of autonomous ship. According to the study of MUNIN in 2015, liability issue of autonomous ship might arise under the following situations: (1) Deviation Suppose a ship was navigating autonomously, and the deviation of the system caused collision damage, how might liability be apportioned between ship-owner and the manufacturers? According to the research of CMI, 10 maritime law associations stated that under its domestic law, the third party may have a claim against the manufactures. (British, Canada, China, Croatia, Dutch, French, Germany, Italy, Spain, Malta) They may do so in tort if negligence on the part of manufacturers can be proved and if this can be shown to be causative of the damage. In European Union, third parties may also claim under Council Directive 85/374/EEC of 25 July 1985 on the approximation of the laws, regulations and administrative provisions of the Member State concerning liability for defective products. (2) Limitation of liability Article 1 of the 1976 convention on limitation of liability of owner of ships provides that ship-owner may limit their liability to all claims arising from any incident. The size of limitation is based upon the tonnage of the ship. Within the convention, the term ship-owner is held to include the ship’s owner, charterer, manager or operator. International conventions dealing with limitation of liability are phrased in neutral terms with regard to the presence of a master or crew; therefore, circumstances in which a ship has no person on board do not appear to undermine the operation of those conventions. (3) Bill of lading Bill of lading is a written document signed on behalf of the owner of ship in which goods are embarked, and the ship-owner acknowledges the receipt of the goods, and undertakes to deliver them at the end of voyage. Typically, the shipper will sign the bill of lading along with the owner of the cargo at the point that shipper takes carriage of the cargo in question. The bill of the lading will then be signed by the cargo’s recipient once it has reached its destination. In other words, the document accompanies the cargo all the time, and is signed by the owner, shipper and recipient. It will generally describe the nature and quantity of goods being shipped. A question arises as in the absence of a master or any crew on board the ship, how will the bill of lading be signed by ship’s master? III. Conclusion   The shipping industry is a rich, highly complex and diverse industry, which has a history of both triumph and tragedy in its adoption of technology. In light of the potential for the remote and autonomous ship, and for the sake of contributing to the assurance of safe and efficient operation, it is better to understand the impact on the industry. The taxonomy of automation between human and machine is vast and complex, especially in the sector of law.   Therefore, before the system can reach fully autonomy and undertake independent, our law should be ready. IV. Reference [1] Comité Maritime International, Maritime Law for Umanned Ships, 2017, available at https://comitemaritime.org/work/unmanned-ships/ (last visited Dec. 25, 2018) [2] MUNIN, D9.3: Quantitative Assessment, Oct. 10, 2015, available at http://www.unmanned-ship.org/munin/news-information/downloads-information-material/munin-papers/ (last visited Dec. 25, 2018) [3] Martime Digitalisation & Communication, MSC 100 set to review MASS regulations, Oct. 23, 2018, available at https://www.marinemec.com/news/view,msc-100-set-to-review-mass-regulations_55609.htm (last visited Dec. 25, 2018) [4] IMAREST, Autonomous Shipping-Putting the human back in the headline, April. 2018, available at https://www.imarest.org/policy-news/institute-news/item/4446-imarest-releases-report-on-the-human-impact-of-autonomous-ships (last visited Dec. 25, 2018) [5] Danish Martime Authority, Analysis of regulatory barriers to the use of autonomous ships(Final Report), Dec. 2017, available at https://www.dma.dk/Documents/Publikationer/Analysis%20of%20Regulatory%20Barriers%20to%20the%20Use%20of%20Autonomous%20Ships.pdf (last visited Dec. 25, 2018)

Product Liability of Living Lab Products

I. Forward Only about 18% of the products or services continue to create good sales and have long product life cycles after entering the stream of commerce. This might denote that mass investing in the R&D does not necessary guarantee to develop popular goods and services. In order to overcome this obstacle, many experts and scholars from different research areas propose different R&D mechanisms to solve this problem. The so called “open innovation” is one of the most dynamic R&D mechanisms in recent years, which is created to compensate the weakness of “closed innovation”. By introducing the concept of “open innovation”, Living Lab invites real users join the projects of un-launched products and services for every possible R&D process to obtain the real interaction wherefrom, to fulfill the goal of “user centric” innovation. However, if users or any third party is injured or damaged from the trial products or services, to what extent Living Labs is liable for is one important question to further future innovation environment. This article will first gives a brief introduction and the development of living labs in Taiwan, follow by applying national laws and analysising obstacles to the liability issue caused by defective Living Lab products. Then, the article will continue to refer to foreign legislation and Living Lab practice, and conclude by suggestions and recommendations to the Living Labs practice in Taiwan. II. Brief Introduction of Living Labs A. Composition of Living Labs The concept of Living Labs was developed by Professor William J. Mitchell from the MIT Media Lab and School of Architecture. Professor Mitchell proposed applying the user-centric research method by using Living Lab as a R&D platform and bring together stockholders (co-creators), including public sectors, companies, universities and research fellows, and the most important, the end-users communities, both professional or non-professionals from various backgrounds, to join the R&D process. B. Operation Mode of Living Labs Living Lab invites end users to join the real world testing either in a digital, physical or virtual environment. Un-launched products or services are provided for testing and users are required to give feedbacks either experience, opinions, suggestions or even ideas to the products or services in return. Living Lab then collets and utilizes the feedbacks and observe the behavior patterns for product or service modification and improvement, future R&D plans and market analysis. C. Benefits of Living Labs Lirving Lab could effectively converse different backgrounds and levels of empirical environment, enhance the efficiency in R&D and bring about different benefits to the stakeholders. By participating in the R&D process, users could give feedbacks to Living Labs to further up the un-launched products and services (on the marketplace) to fit consumers’ needs. For industry, Living Lab provides platforms to get together stakeholders, speed up the integration of stakeholders of different size or from different fields and promote the R&D efficiency. For universities and research institutes, the public-private-people (user)-partnership (PPPP), could further more flexible services or R&D ecosystem and not only to have user-centric innovation, but also user-driven innovation.1 D. Development of Living Labs Living Labs has been energetically developed in Europe. Through the integration of project resources, individual Living Lab forms into Living Labs networks and actively engaging in cross-border or cross-project co-operation. 2 The concept of Living Labs has been introduced into Taiwan, there are several Living Labs in Taiwan so far, for example, Living Labs Taiwan from Institute for Information Industry (III), 3Touch Center (Center for Technology of Ubiquitous Computing and Humanity) from National Cheng Kung University, 4 Insight (Center of Innovation and Synergy for Intelligent Home and Living Technology) from National Taiwan University, 5 and Eco City from National Chiao Tung University. 6 The Living Labs aim to bring about the user-centric and user-driven model and bring new elements to R&D innovation. III. Liability of Losses, Damages, or Injuries Caused by Living Lab Products In order to encourage more end users join the Living Labs experiment, Living Labs usually provide the un-launched products or services as gifts or lend it for free. However, if products or services caused injury, economic loss or property damages to the users or third party during the experiment, to what extent should the Living Lab be liable for. A. Legal Status Upon on discussing of legal liability of Living Labs, the first prong to review is the legal status of Living Labs under the legal system in Taiwan. Although it is called “Lab”, but it is not necessarily to be a lab with “physical facility”, it could also be “virtual Labs”, for example, HP and Firebox are both launch for virtual Living Labs online to invite users join their open innovation projects. The concept of open innovation within the Living Labs environment, where Living Labs play as a role of a cook pot which gather personnel, equipment, and technology from parties from different working fields, integrate resources and creativeness to catalyze innovative ideas for new products and services. Normally, each Living Lab can be viewed as an independent "legal entity". In other words, it can exercise rights ad bear responsibility/liabilities under the law, and therefore, to response to needs for R&D, increase efficiency and contribute matters of legal compliance. B. User’s Legal Claims Against Living Labs 1. Contractual Liability Living Labs often use “user agreements” as legal documents to regulate the legal relationship between Living Labs and users. If there is any injury, damages or losses occurred during the experiment, users can sue Living Labs for breach of contract and sue for liability, warranty or violation of justice of contract. If the product is defective, such as manufacture defect, design defect or lack of proper warning, the injured user can sue Living Labs based on warranty. However under the provisions of Article 411 of the Civil Code, 7 if the product is offered for trial free for charge, if the gift is defective and caused injury, damages or losses to the users, Living Lab is not liable for breach of warranty. Unless the Living Lab intentionally conceal the defects and not information the user, or represent to the user that the product is guaranteed flawlessness and free from defects. Under this situation, Living Lab will be liable for damages caused by the defect. In the situation that when Living Lab only lend the products for trial, with the provisions of Article 466 of the Civil Code, 8 only when Living Lab intentionally conceal the defect, then is liable for the injuries and damages resulting there from. However, the purpose of the Living Labs experiment is to implement the open innovation, through the operation of the mechanism, by inviting potential users to join the experiment and require them to give feedbacks, ideas and recommendations for future product improvement. In addition to that, in most of the situations, it is difficult for Living Labs to foresee the existence of potential risks of their products or intentionally conceal the defects or guarantee the products are without defects; therefore it will be even harder for the injured users to bear the burden to proof the above situations. It is worth to address that, Living Labs and users shall enjoy contract autonomy as long as the provisions and terms of contract are not violating laws, public order and good morals, but not without any restriction. When parties have right of freedom of contract, at the mean time, their contract shall not exceed the boundaries of contractual justice. Especially, the burden and allocation of risks needs to be measured and assessed by the status and interests of the parties on rational bases. Because one of the special characteristics of Living Lab is open to general users to participate the experiment voluntarily, Living Lab usually adapts fill-in standard form contracts for convenience. But for the protection of the users, Living Lab shall pay more attention to the provisions and terms of contract which must not violate Article 247-1 of the Civil Code, 9 for example, provisions of contract shall not waive, decrease or increase liabilities of the parties, waive or limit any party to exercise his/her rights, or significant detriment one another’s’ interests, otherwise that part of the provision shall be void. 2. Tortious Liability When damages are caused by defective Living Lab products, users may be able to sue Living Labs and based his/her causes of action on Consumer Protection Law Article 7 business operator’s liability, 10 The Civil Code Article 191-1 manufacturer’s liability 11 and as well as The Civil Code Article 184 (1) tortious liability. 12 Yet, in order to provide motivations and incentives for users to join the open innovation, Living Labs usually gratuitous lending or gifting products or services to the users, at least in this stage, Living Labs are not conform with the definition of “business operators” 13 in the Consumer Protection Law, in designing, producing, manufacturing, importing or distributing goods, or providing services design, manufacturing, inputs, distribution of goods or the provision of services for business enterprise operators. Nor the Living Labs users are under the same definition of “consumer” 14 protected under the definition of the Consumer Protection Law, as those who enter into transactions, use goods or accept services for the purpose of consumption. Therefore, the relationship between Living Labs and the users are not “consumer relationship” 15 for sale of goods or provision of services, for which the Consumer Protection Law might not be applicable to offer protection to the users. Reviewing from the legislative history, Article 191-1 of the Civil Code was amended after the Consumer Protection Law. The reason for amendment was to maintain the completeness of the torts liability in the Civil Code and in supplement to the inadequacy of the Consumer Protection Law. 16 In referred from the above, the definition of “goods” is synonymous with the definition in the Consumer Protection Law. In order to apply the provisions, parties must be in the “consumer relationship” as regulated in Article 2 (3) of the Consumer Protection Law. As mentioned above, usually, Living Labs provide the products free of use or as gifts, it is really difficult to say there is “consumer relationship” between the parties. The first clause of Article 184 of the Civil Code states, “A person who, intentionally or negligently, has wrongfully damaged the rights of another is bound to compensate him for any injury arising there from. The same rule shall be applied when the injury is done intentionally in a manner against the rules of morals.” Hence, in this situation the burden of proof will lay on the users to prove that Living Labs is either with negligent or intent to damage the users by the defective products. Living Labs adapt open innovation to encourage users to participate into the every possible R&D process and obtain feedbacks or recommendations in return. Therefore, most of the time, Living Labs do not have “intent” to cause damages to the users, but whether Living Labs are with “negligence” will often be difficult to prove by the users. C. Third Party’s Legal Claim Against Living Labs 1. Contractual Liability In the case when a third party, who is not associated with the Living Labs experiment, sustains injury or damage from the defective Living Labs products, he or she might not be able to sue under the terms of contract because there is no contractual relationship exists between the parties. The possible cause of action for the third party might be able to sue Living Labs based on torts liability for damages. 2. Tortious Liability Although Article 7 of the Consumer Protection Law does provide cause of action for the third party to sue against the business operator for defective products, the third party must base his or her claim on the “consumer relationship” between the Living Labs or users. However, as mention as above, the relationship between Living Labs and the users are not under the “consumer relationship” as prescribed in the Consumer Protection Law, thus third party cannot sue Living Labs for damages in accordance with the Consumer Protection Law. As to the application process of provisions prescribed in Article 191-1 and 184 (1) of the Civil Code, the result is as the same as above. IV. Foreign Legislation and Practice A. American Jurisprudence 2d In the Comment of the 63A Am. Jur. 2d Products Liability §1142 states, “[s]trict liability covers not only products which have been sold, but also products that have been designed to be sold, have been produced to be sold, or are offered to be sold or marketed”. Furthermore, introduction into the stream of commerce does not require a transfer of possession; strict liability rests on “foreseeability”, and not on esoteric concepts relating to transfer or delivery of possession. Furthermore, the Comment extends the scope of application of strict liability to the “Transaction Other than Sales”. Strict liability also applies to the distribution products in a commercial transaction other than a sale, one provides the product to another either for use or consumption or as a preliminary step leading to ultimate use or consumption. For products made available for demonstration, testing or trial regulated in 63A Am. Jur. 2d Products Liability §1147, where a product-caused injury has taken place while the product is being tested or used for trial purposes by the prospective buyer, prior to the completion of a sales transaction, the person or entity who placed the product into the stream of commerce by providing it to the prospective buyer may be strictly liable. Strict liability also applies to those who manufacture and supply products to consumers on an investigational basis, even though the "supplying" does not technically amount to a sale. In the Observation of §1147 states that “[a] manufacturer who enters the marketing cycle by way of a demonstration, lease, free sample, or sale is in the best position to know and correct defects in its product, and as between the manufacturer and its prospective consumers, should bear the risk of injury to those prospective consumers when any such defects enter the market uncorrected. In sum, if one sustained injury, damages or economic losses by Living Labs products, he or she may sue Living Labs for product strict liability prescribes in §1142 & §1147. B. Living Labs Practice in Foreign Countries Referring to provisions of “Standard Contract” used between Living Labs and the users in other countries, most of the time, Living Labs might disclaim damages to property, but cannot disclaim legal protection or injury compensation. At the mean time, most of the Living Labs also adapt public safety insurance and product liability insurance to protect themselves and the users. V. Conclusion and Recommendation In conclude, the legal norms in Taiwan seems not be able to offer proper protection to Living Labs and the users. This article suggests that in order to form the ecosystem for the open innovation model of Living Labs, Living Labs shall provide proper protection to the users in order to balance the interests between Living Labs and users and catalyze the motive for the users to join the experiment. In referring to the “Guidelines for Good Clinical Practice for Trials on Pharmaceutical Products” 17 from the Department of Health, besides the proper duty, the main purpose of the guideline is to ensure the safety of the human participants. In the provisions prescribe in Article 22 of the “Good Clinical Guidelines”, the clinical trial agreement or related document shall provide participants with proper compensation or treatment when damage occurs. The “Model Clinical Trail Agreement” also provides provisions of damage compensation and insurance in the template which state the application to the assumption of risks and consumer protection. However, because the pharmaceutical clinical trial is with higher risk, the competent authorities, Department of Health, particularly get involved within the regulations and mechanisms of clinical trials to protect the human participants. In sum, whether the similar mechanism can be applied directly between the Living Labs and users needs for further consideration. Finally, for the continuous operating environment, it is necessary for Living Labs to adapt related laws and measures for the open innovation operating model. It is suggested that Living Labs shall enter contracts in the terms with proper risk allocation in accordance to contract justice and possibly with public safety or product insurance to share their liabilities. 1.EUROPEAN COMMISSION INFORMATION SOCIETY AND MEDIA, Living Labs for User-Driven Open Innovation:An Overview of the Living Labs Methodology, Activities and Achievements, European Commission(2009),at7,availableat http://ec.europa.eu/information_society/activities/livinglabs/docs/brochure_jan09_en.pdf (last accessed on Dec. 31, 2012). 2. Id., at 11-12 & 14. 3.Living Lab Taiwan, http://www.livinglabs.com.tw/index.html (Last accessed Dec. 26, 2012). 4. Touch Center from National Cheng Kung University, http://touch.ncku.edu.tw/touch/?q=node/52 (Last accessed Dec. 26, 2012). 5.Insight from National Taiwan University, http://insight.ntu.edu.tw/zh-tw/node/662 (Last accessed Dec. 26, 2012). 6.Eco City from National Chiao Tung University, http://www.ecocity.org.tw (Last accessed Dec. 26, 2012). 7.Civil Code Article 411, “The donor is not liable for a defect in the thing or right given. But, if he has intentionally concealed the defect or expressly guaranteed that the thing was free from such defect, he is bound to compensate the donee for any injury arising therefrom.” 8.Civil Code Article 466, “If the lender intentionally conceals a defect in the thing lent, he is responsible to the borrower for any injury resulting therefrom.” 9.Civil Code Article 247-1, “If a contract has been constituted according to the provisions which were prepared by one of the parties for contracts of the same kind, the agreements which include the following agreements and are obviously unfair under that circumstance are void. (1) To release or to reduce the responsibility of the party who prepared the entries of the contract. (2) To increase the responsibility of the other party. (3) To make the other party waive his right or to restrict the exercise of his right. (4) Other matters gravely disadvantageous to the other party. 10.Consumer Protection Law Article 7, “ business operators engaging in the design, production or manufacture of goods or in the provisions of services shall ensure that goods and services provided by them meet and comply with the contemporary technical and professional standards of the reasonably expected safety prior to the sold goods launched into the market, or at the time of rendering services. Where goods or services may endanger the lives, bodies, health or properties of consumers, a warning and the methods for emergency handling of such danger shall be labeled at a conspicuous place. Business operators violating the two foregoing two paragraphs and thus causing injury to consumers or third parties shall be jointly and severally liable therefore, provided that if business operators can prove that they are not guilty of negligence, the court may reduce their liability for damages.” 11.Civil Code Article 191-1, “The manufacturer is liable for the injury to another arising from the common use or consumption of his merchandise, unless there is no defectiveness in the production, manufacture, process, or design of the merchandise, or the injury is not caused by the defectiveness, or the manufacturer has exercised reasonable care to prevent the injury. The manufacturer mentioned in the preceding paragraph is the person who produces, manufactures, or processes the merchandise. Those, who attach the merchandise with the service mark, or other characters, signs to the extent enough to show it was produced, manufactured, or processed by them, shall be deemed to be the manufacturer. If the production, manufacture, process, or design of the merchandise is inconsistent with the contents of its manual or advertisement, it is deemed to be defective. The importer shall be as liable for the injury as the manufacturer.” 12.Civil Code Article 184 (1), “A person who, intentionally or negligently, has wrongfully damaged the rights of another is bound to compensate him for any injury arising there from. The same rule shall be applied when the injury is done intentionally in a manner against the rules of morals.” Consumer Protection Law Article 2 (2), “business operators" means those who are engaged in the business of designing, producing, manufacturing, importing or distributing goods, or providing services. Consumer Protection Law Article 2 (1), “consumers" means those who enter into transactions, use goods or accept services for the purpose of consumption. Consumer Protection Law Article 2 (3), “consumer relationship” means the legal relationship arising between consumers and business operators for sale of goods or provision of services. 16.王澤鑑,侵權行為法第二冊:特殊侵權行為,第313-314頁 (出版日期2006年7月) 17.DEPARTMENT OF HEALTH, Guidelines for Good Clinical Practice for Trials on Pharmaceutical Products, http://www.6law.idv.tw/6law/law3/%E8%97%A5%E5%93%81%E5%84%AA%E8%89%AF%E8%87%A8%E5%BA%8A%E8%A9%A6%E9%A9%97%E6%BA%96%E5%89%87.htm (last visited Dec. 31, 2012)

How Does Taiwan Respond to Tax Challenges Arising from Digitalization

How Does Taiwan Respond to Tax Challenges Arising from Digitalization Yuan-Qing, Liao Attorney and Legal Researcher 2022/3/24 I. The Tax Challenges arising from Digitalization   According to the Ability-to-pay principle, companies need to pay income tax for their income or profit. Nevertheless, in order to avoid their tax obligations, Multinational Corporations (MNCs) have been continuously developing sophisticated and refined tax planning practices to disconnect or mismatch between “where value is created” and “where taxes are paid”, and such practices erode the tax base.[1]   A well-known example of trade model under digitalization of MNCs is that “MNCs do not necessarily have to open domestic physical stores or set up servers, those domestic consumers can purchase goods and services from MNCs directly through the Internet”. This trade model not only breaks the international tax rules “With Permanent Establishment (PE), With taxing power”, but also disconnects or mismatches between “where value is created” and “where taxes are paid” more perfectly. As a result, the taxing power of “where value is created” is eroded. This is a classical type of challenges faced by tax regulators in the age of digitalization of the economy.   In response, The European Commission (EC) and The Organization for Economic Cooperation and Development (OECD) had respectively proposed new plans to ensure that digital business activities are taxed in a fair and friendly way. (I) The Digital Service Tax proposed by EC[2]   In 2018, EC proposed a temporary tax - Digital Services Tax (DST), which a basic rate of 3% to be imposed on revenues of a digital platform when such platform meets all of the following criteria, including (1) online placement or advertising services, (2) sales of collected user data, (3) facilitate interactions between users, (4) annual worldwide revenues exceeding 750 million euros and (5) taxable revenues within the European Union (EU) exceeding 50 million euros.[3]   Concerning that the DST apparently targeting US MNCs - Google, Amazon, Facebook and Apple (GAFA), the US government once threatened to impose retaliatory tariffs. Insofar, it seems that only a part of MNCs will be immediately affected by DST, but the entire trading systems in the rest of the world will be impacted if the retaliatory tariffs conducted by the US take effect. (II) The Two-Pillar plan released by OECD[4]   In October 2020, OECD had released Reports on the Pillar One and Pillar Two Blueprints (The Two-Pillar plan), which aimed to terminate the international dispute resulting from DST of EC and provide solutions for tax challenges arising from the digitalization of the economy in the long term.[5]   Pillar One is “Unified Approach”, to ensure the exercise of taxing powers of governments and a fairer distribution of profits among countries where largest MNCs, including digital companies are located at. It would “re-allocate” the taxing powers over MNCs among governments of different jurisdictions. The governments located at the place where MNCs have business activities and earn profits will have the tax powers over those MNCs, even MNCs do not have a physical presence there. Pillar Two is “Global Anti-Base Erosion rules (GloBE)”, tried to protect tax bases of countries through the introduction of “Global Minimum Tax (GMT)” which sets up a minimum corporate income tax rate on MNCs to prevent tax competitions among countries.   Compared with DST proposed by EC, which focuses on the taxing powers of the government that is located at the place where value is created. The Two-Pillar plan focuses more on both re-allocation of international taxing powers and protects the tax base of each country. (II) The Consensus on The Two-Pillar plan[6]   The Group of Seven (G7[7]), G20[8] and 137 countries and jurisdictions OECD stated not only agreed to remove the DST or the similar measures, but also had a consensus on Two-Pillar plan to reform international taxation rules[9]. In order to ensure that MNCs pay a fair share of tax wherever they operate, as well as to set a GMT rate to protect tax base of each country. Moreover, the new international tax system that the GMT rate is 15%[10] is expected to take effect in 2023 and an estimated 154 domestic MNCs will be thus affected accordingly. II. The Response of Taiwan to Tax Challenges   A foreign enterprise has to pay Taiwan taxing regulators enterprise income tax for income generated in Taiwan in the premise that this foreign enterprise has a PE in Taiwan. In other words, a PE in Taiwan, which is recognized as the fixed place of business through which the business of an enterprise is wholly or partly carried on[11], is the determinant that affects the power of Taiwan to tax the profits of a foreign enterprise. In brief, “No PE, No taxing power”.   In the era of digitalization, the foreign enterprises can create value through the digital means without establishing a PE in Taiwan. The situation of disconnection or mismatch between where value is created and where taxes are paid not only erodes the taxing power of Taiwan, but also breaks the principle of equality in substantive taxation[12] as mentioned above. As a result, the Ministry of Finance (MOF) adjusted and implemented several new taxation policies or measures, including, inter alia, “Income Taxation on Cross Border Electronic Services[13]” and “Income Basic Tax Act”. These two measures were once considered similarly to DST or GMT individually. (I) Income Taxation on Cross Border Electronic Services   Responding to tax challenges posed by foreign enterprises under digitalization, the MOF promulgated a new income tax regulation “Income Taxation on Cross Border Electronic Services[14]”, and asked those foreign enterprises who provide cross-border electronic services to purchasers in Taiwan, shall register for business value-added tax (VAT), including register a tax identification number and file taxes. The causation between the electronic services and national economy shall be the determinant to identify income generated in Taiwan: The payment made by a purchaser located in Taiwan to a foreign enterprise in order to procure following products or services provided by such foreign enterprise shall be deemed as income generated in Taiwan. (1) The product that is produced, manufactured, transmitted, downloaded and saved in a digital device and can only be provided with assistance by individuals or enterprises in Taiwan. (2) The real-time, interactive, handy, and continuing electronic services that are provided through digital means A foreign enterprise provides a digital platform to conduct transactions, once one of the transaction parties is in Taiwan, the sales amounts shall be recognized as income generated in Taiwan (II) Income Basic Tax Act (IBT)   To promote domestic economic development and industrial innovation, Taiwan has enacted many laws on tax incentives, mainly tax deductions and credits. However, these laws have been overdeveloped, the implement period has also been excessively extended, which contributes to severely unreasonable tax burden inequality.   Therefore, Taiwan officially introduced Alternative Minimum Tax System (AMT) and promulgated Income Basic Tax Act (IBT)[15] since 2006. As a separate taxation system, AMT is imposed by government that places a floor on the percentage of taxes a certain filer must pay, regardless of how many tax incentives the filer may claim[16]. Hence, in accordance with Article 1 of IBT “[T]he purposes of this Act are to uphold tax equity, to ensure tax revenue for the country, and to establish the basic requirements of profit-seeking enterprises and individuals in regard to their obligation to fulfill their income tax burden as a contribution to public finance.”   AMT uses a different set of rules to determining taxable income compared with the normal tax calculations. Once the regular income-tax amount is higher than the AMT, the taxpayer pays the regular income tax. Thus, if AMT is higher, then the taxpayer pays the AMT. And according to Article 8 (1) of IBT, the enterprise IBT rate is prescribed of 12% since 2013.[17]   However, according to Article 3 (1) (5) of IBT[18], a foreign enterprise without domestic fixed place of business or domestic business agent is not regulated by IBT. (III) Conclusion “Income Taxation on Cross Border Electronic Services (Hereinafter referred to as “the measure”)” asked the foreign enterprises to file income tax. But the elements of “the measure” are different from DST. The reasons may be (1) “This measure” has been designed and promulgated earlier than DST and (2) The DST is essentially more like alternative minimum tax. IBT may effect by the concept of “with PE, with taxing power”. Therefore, a foreign enterprise without PE in Taiwan is not regulated by IBT, this means “No PE, No obligation of IBT”. Also, the IBT rate of profit-seeking enterprise is 12%. III. The Remaining Problems of Tax System in Taiwan   It is foreseeable that with the international consensus on launching the Two-Pillar Plan in 2023, those countries and jurisdictions will start to adjust their tax policies, inclusive of increasing the income tax rate as well as basic tax rate. As long as the issue of "Taiwan companies abusing tax planning to hide wealth aboard and avoid domestic tax obligations" is not solved, this issue will lead to the continuous erosion of Taiwan taxing power.   Concretely, in order to reduce domestic tax burden, several Taiwan companies abusing tax planning to detain profits in foreign affiliated companies or disguise as foreign companies. Though Income Taxation on Cross Border Electronic Services has taking effect, those companies pay income tax only on income generated in Taiwan instead of global income. Therefore, the Controlled Foreign Company Rules and the Place of Effective Management Rules have been proposed. (I) The Controlled Foreign Company Rules   A controlled foreign corporation (CFC) is a corporate entity that is registered and conducts business in foreign countries or jurisdictions, and is either directly or indirectly controlled by a resident taxpayer.   According to Article 43-3 of the Income Tax Act, if a parent company holds 50% or more of the shares of a foreign subsidiary, or has significant influence on such foreign subsidiary, the subsidiary may be seen as a conduit of the parent company and subject to domestic enterprise income, whether there is dividend distribution to the parent company or not, unless the subsidiary can pass the substantial activity test or its revenue is below a certain threshold.[19]   Yet, the “Paragraph 3”, compared with “Paragraph 4”, is not ruled the “a CFC can deduct the domestic income tax from foreign income tax it paid[20]”, which may result in double taxation.   The Taiwan CFC rules have not come into effect yet. However, according to the ancillary resolution passed by Legislative Yuan[21], our CFC Rules will come into effect within one year after the tax amnesty legislation, "The Management, Utilization, and Taxation of Repatriated Offshore Funds Act", expires. Namely, the Taiwan CFC Rules will finally come into effect in 2022 at the latest. (II) The Place of Effective Management Rules   The place of effective management (PEM) is defined as a place where key managements and commercial decisions a business entity substantially made.[22] This means, once a foreign company sets and operates a branch in Taiwan, and this branch substantially made key managements and commercial decisions for the foreign company, then it will be deemed as a PEM, the foreign company will also be deemed as a domestic company, and will be subject to tax assessment in accordance with the Taiwan Income Tax Act and other tax regulations.[23]   Following the PEM rules, which is incorporated into Article 43-4 of the Income Tax Act, the elements of PEM including (1) decision making location, (2) record keeping and maintenance location, and (3) actual operating location are all in Taiwan.   However, take foreign experience for example, German practice believes that the PEM rules only need to list "decision making location" as a necessary condition. The rest elements "record keeping and maintenance location" and "actual operating location" are more like reference factors than necessary conditions[24].   The Taiwan PEM rules list all three elements as necessary conditions, which may probably cause excessive restrictions on future applications. And the PEM Rules were announced by the MOF in July 2016, which have yet to take effect neither. (III) Attachment: The Sophisticated and Conflicting Tax System   The enterprise income tax rate in Taiwan is 20% to 24% in accordance with Article 5 (5) and Article 66-9 (1) of Income Tax Act. Still, to achieve specific policy goals by promoting or suppressing certain behaviors, a policy that oriented tax deductions and credits is called tax incentives, and the disadvantage of which is apparently turn the tax burden into inequality. In the end, to solve the inequality of tax burden resulting from tax incentives and to ensure tax revenue, the minimum tax will be levied by AMT. The AMT rate in Taiwan is 12% as aforementioned.   The implementation of tax incentives and AMT has made the domestic tax system over-complicated. Since the overused tax incentives have abnormally increase the amount of uncompetitive enterprises, who heavily rely on them. While the AMT may strangle the enterprises, who are compliance with economic policies. Then, the interaction and conflicts between tax incentives and AMT not just complicate the domestic tax system, also substantively result in unpredictability and inconsistency of domestic tax environment, which may cause a double-loss situation between tax revenue for the country and economic development policies. IV. Conclusions and Prospects (I) Conclusion Amend the Income Basic Tax Act and Increase Enterprise Rate to at Least 15%   First, those foreign enterprises without PE but create value in Taiwan are not ruled by IBT. Second, the enterprise IBT rate in Taiwan is now 12%, apparently lower than GMT of 15%. If IBT rate maintains 12% through 2023, the difference between GMT and IBT may be deemed as a harmful tax-based competition. Hence, it is imperative to amend the IBT to rule the foreign enterprises without PE but create value in Taiwan and increase the enterprise IBT rate to at least 15%.   Once consider that GMT is aimed at large MNCs, the IBT may adopt a categorized approach and set different rates based on the size of the enterprise. For instance, increase the IBT rate of MNCs that meet all GMT criteria to 15%, and the rest maintains 12%. Amend and Take CFC rules and PEM rules into effects   A domestic company pays income tax on global income, while a foreign company with PE in Taiwan pays income tax on income generated in Taiwan. Responding to digitalization, the implement of Income Taxation on Cross Border Electronic Services regulates foreign companies without PE in Taiwan to pay income tax generated in Taiwan fairly.   It is necessary to implement both CFC rules and PEM rules, to prevent domestic companies from abusing tax planning to detain the profit in foreign affiliated companies or to disguise as foreign companies for reducing domestic tax burden, which may continuously eroding taxing power of Taiwan. However, CFC rules and PEM rules still leave some problems to be improved and solved as aforementioned, which is undoubtedly the obligation of Taiwan government. (II) Prospects Substantive Review the Tax Incentives and Reconstruction of Taiwan Tax System   The Reasoning of Interpretation No.565 mentioned that “[W]hile taxpayers should, under the principle of equality in taxation, pay taxes which they are supposed to pay according to their actual taxpaying ability, it is not forbidden by Article 7 of the Constitution to specify, with reasonable cause, differential treatments by way of exceptions or special provisions within the scope of discretion authorized by law to grant taxpayers of a particular class tax benefits in the form of tax reduction or exemption in order to promote the public interest.”.   The principle of ability-to-pay means that those who have greater ability to pay taxes, usually measured by income, wealth and financial capability, should pay more in taxes compared with those who have minor capability. Since taxation is the pecuniary obligation with non-counter performance under public law, the only foundation of legitimacy is the principle of ability-to-pay. Therefore, this is the core principle of the tax law.   To achieve specific policy goals, a policy that oriented tax deductions and credits to promote or suppress certain behaviors is called tax incentives, which can be permitted only in case of justifiable reasons presented. Nevertheless, the weak connection between the policy goals and the tax incentives made the acts, especially the tax incentives, unreasonable.   Additionally, the tax-form expenditure is generally a formal review of fiscal balance, no substantive review of the impact on principle of ability-to-pay taxation and the compensation for it. Under these premises, the excessively extended implementation period of tax incentives has resulting in severely unreasonable tax burden inequality and excessive reliance of uncompetitive enterprises on tax incentives.   To sum up, instead of implement the tax incentives to limit the principle of ability-to-pay, then solve it with AMT. The enactment, amendment and implement of tax laws must strictly abide by above principle. The restriction of above principle must be strictly review and limited as a whole. Namely, it is better to comply with the principle of ability-to-pay strictly. Therefore, it is important to substantively review the domestic tax incentives and reconstruct the domestic tax system. Ministry of Digital Development and The Tax Reform   Taiwan government is intending to form Ministry of Digital Development (MODD),[25] which is considered as a step toward the right direction to coordinate and expedite the development of Taiwan’s digital economy.   According to Article 1 of the Organizational Act of MODD, "[T]o promote the development of digital industries such as national communications, information, cyber security, network and communication, to undertake digital governance and digital infrastructure, and to assist the digital transformation of public and private sectors, the Executive Yuan has specially established the Ministry of Digital Development."[26]   However, in name of the above-mentioned policies and ideals, which may possibly related to tax policies. Thus, this article considered that, once the MODD is staffed with public servants and experts both proficient in tax law as well as forward-thinking, and given a clear mandate, the MODD may not only contribute significantly to both domestic digital transformation and the tax reform, but also improve the efficiency of tax administration and maximize the overall economic and social benefits. [1] OECD, 〈BEPS – Base Erosion and Profit Shifting〉, https://cleartax.in/s/beps-oecd (last visited Aug 20, 2021). [2] 拙著,〈柳暗花明的數位服務稅〉,工商時報名家評論,2021年5月17日,網址:https://view.ctee.com.tw/tax/29375.html,最後瀏覽日:2021年11月24日。 [3] 陳衍任,〈歐洲數位服務稅發展簡析〉,台灣經濟論衡,2020年3月,第18卷第1期,頁58,網址:https://www.ndc.gov.tw/Content_List.aspx?n=1BD4A3B93EF55A5F,最後瀏覽日:2021年4月21日。 [4] 拙著,〈勢在必行的全球企業最低稅負制〉,工商時報名家評論,2021年4月20日,網址:https://view.ctee.com.tw/tax/28814.html,最後瀏覽日:2021年11月24日。 [5] 拙著,〈勢在必行的全球企業最低稅負制〉,工商時報名家評論,2021年4月20日,網址:https://view.ctee.com.tw/tax/28814.html,最後瀏覽日:2021年11月24日。 [6] 拙著,〈取消數位服務稅已為國際趨勢〉,工商時報名家評論,2021年11月23日,網址:https://view.ctee.com.tw/economic/34152.html,最後瀏覽日:2021年11月24日。 [7] Mayer Brown LLP, 〈The G7 Agrees on a Broad Framework for Pillar One and Two〉, June 23, 2021, https://www.mayerbrown.com/en/perspectives-events/publications/2021/06/one-small-step-but-perhaps-one-giant-leap-for-global-tax-reform-the-g7-agrees-on-a-broad-framework-for-pillar-one-and-two (last visited Nov 11, 2021). [8] G20, 〈G20 ROME LEADERS’ DECLARATION〉, at 11 of 20, https://www.g20.org/wp-content/uploads/2021/10/G20-ROME-LEADERS-DECLARATION.pdf (last visited Nov 11, 2021). [9] OECD, 〈Mauritania joins the Inclusive Framework on BEPS and participates in the agreement to address the tax challenges arising from the digitalization of the economy〉, https://www.oecd.org/tax/mauritania-joins-the-inclusive-framework-on-beps-and-participates-in-the-agreement-to-address-the-tax-challenges-arising-from-the-digitalisation-of-the-economy.htm (last visited Nov 11, 2021). [10] Statement on a Two-Pillar Solution to Address the Tax Challenges Arising From the Digitalization of the Economy, at 4 (Aug 2021), available at https://www.oecd.org/tax/beps/statement-on-a-two-pillar-solution-to-address-the-tax-challenges-arising-from-the-digitalisation-of-the-economy-july-2021.pdf (last visited Aug 20, 2021). [11] Model Tax Convention on Income and on Capital 2010 (Full Version), at c(5)-1 (2010), available at https://read.oecd-ilibrary.org/taxation/model-tax-convention-on-income-and-on-capital-2010_9789264175181-en#page208 (last visited Aug 20, 2021) [12] 稅捐稽徵法第12條之1第1項:「涉及租稅事項之法律,其解釋應本於租稅法律主義之精神,依各該法律之立法目的,衡酌經濟上之意義及實質課稅之公平原則為之。」亦有釋字第420、460、496、519、597、625及第700號供參。 [13] 資誠,〈法國徵數位服務稅,我不跟進〉,2019年7月24日報導,網址:https://www.pwc.tw/zh/news/media/media-20190724-1.html,最後瀏覽日:2021年4月15日。 [14] 財政部賦稅署,〈外國營利事業跨境銷售電子勞務課徵所得稅制度簡介〉,2018年4月27日,頁1以下,網址:https://www.dot.gov.tw/download/dot_201804270002_1_doc_476,最後瀏覽日:2021年4月21日。 [15] 中華民國94年12月28日總統華總一義字第09400212601號令制定公布全文18條;本條例施行日期除另有規定外,自95年1月1日施行。 [16] 所得基本稅額條例第1條:為維護租稅公平,確保國家稅收,建立營利事業及個人所得稅負擔對國家財政之基本貢獻,特制定本條例。 [17] 財政部台財稅字第10100670710號函:自102年度起營利事業基本稅額之徵收率為12%。 [18] 所得基本稅額條例第3條第1項第5款:營利事業或個人除符合下列各款規定之一者外,應依本條例規定繳納所得稅:五、所得稅法第七十三條第一項規定之非中華民國境內居住之個人或在中華民國境內無固定營業場所及營業代理人之營利事業。 [19] 所得稅法第43條之3第1項:營利事業及其關係人直接或間接持有在中華民國境外低稅負國家或地區之關係企業股份或資本額合計達百分之五十以上或對該關係企業具有重大影響力者,除符合下列各款規定之一者外,營利事業應將該關係企業當年度之盈餘,按其持有該關係企業股份或資本額之比率及持有期間計算,認列投資收益,計入當年度所得額課稅:一、關係企業於所在國家或地區有實質營運活動。二、關係企業當年度盈餘在一定基準以下。但各關係企業當年度盈餘合計數逾一定基準者,仍應計入當年度所得額課稅。 [20] 參考「所得稅法增訂第43條之3建立我國受控外國公司(CFC)課稅依據,係以受控外國公司當年度盈餘,依控制公司對其持有之資本比率按「權益法」認列之國外投資收益。惟查此依權益法認列之投資收益,似漏未規定該關係企業在國外已納所得稅額可予扣抵,恐形成公司階段稅負重複課稅;對照本條第4項規範營利事業於實際獲配股利或盈餘時,國外已納所得稅額得予扣抵之規定,其疏漏自明。」立法院,〈受控外國公司課稅新制相關問題評析〉,110年8月,網址:https://www.ly.gov.tw/Pages/Detail.aspx?nodeid=6590&pid=210513,最後瀏覽日:2021年10月25日。 [21] 境外資金匯回管理運用及課稅條例自2019年8月15日起施行,施行期間2年,已於今(2021)年8月14日失效,故我國CFC制度至遲於明(2022)年8月14日前報請行政院核定施行日期。參考「另附帶決議針對105年增訂之「所得稅法」第43條之3條文(營利事業CFC制度),與106年增訂之「所得基本稅額條例」第12條之1條文(個人CFC制度),要求財政部於本案施行期滿後1年內報請行政院核定施行日期,有助落實反避稅條款。」立法院,〈制定境外資金匯回管理運用及課稅條例〉, 網址:https://www.ly.gov.tw/Pages/Detail.aspx?nodeid=33324&pid=184215,最後瀏覽日:2021年8月20日。 [22] OECD, 〈THE IMPACT OF THE COMMUNICATIONS REVOLUTION ON THE APPLICATION OF “PLACE OF EFFECTIVE MANAGEMENT”AS A TIE BREAKER RULE〉, at 4 (Feb 2001), https://www.oecd.org/ctp/treaties/1923328.pdf (last visited Aug 20, 2021). [23] 所得稅法第43條之4第1項:依外國法律設立,實際管理處所在中華民國境內之營利事業,應視為總機構在中華民國境內之營利事業,依本法及其他相關法律規定課徵營利事業所得稅;有違反時,並適用本法及其他相關法律規定。 [24] 參考「從德國的經驗回頭看台灣可以發現:台灣雖然立意良善地將「決策者或決策地」、「帳簿及會議紀錄的製作或儲存地」,以及「實際執行主要經營活動地」,「同時」列為PEM的認定標準。然而,其中只有「決策者或決策地」確實屬於PEM認定上的必要條件;至於將「財務報表、會計帳簿紀錄、董事會議事錄或股東會議事錄的製作或儲存處所」及「實際執行主要經營活動地」也列為PEM的認定標準,恐怕就值得商榷。因為上述兩項標準,固然可以作為認定企業的PEM是否在台灣境內的「參考因素」,但卻不適合作為認定企業的PEM在台灣境內的『必要條件』」。陳衍任,〈實際管理處所在適用上的爭議問題〉,月旦會計實務研究,2018年3月,頁29以下。 [25] 2021 Taiwan White Paper Overview, 〈Facing New and Existing Challenges Head On〉, at WP7 (2021), https://amcham.com.tw/wp-content/uploads/2021/06/June-2021-Taiwan-Business-TOPICS.pdf (last visited Aug 20, 2021). [26] 作者自譯。

Japanese Virtual Currency Transaction Law System – with “Payment Services Act” as the Core

  In recent years, because of the uncertainty of the positing of virtual currency under law, the issues of transparency and security etc. arising out in connection therewith are emerging, and the incidents of money-laundering, terrorist attack and investor fraud involving therewith lead to concerns of various countries.   Therefore, the new change in Japanese legislations relating to virtual currency exchange service providers falls mainly in the effect of amended contents of “Payment Services Act” and “Act on Prevention of Transfer of Criminal Proceeds”. The reasons for amendment to the legislations are such that virtual currency transaction involves the exchange with statutory currency, and is the outlet/ inlet of the existing financial system; therefore it is necessary to have the virtual currency exchange service providers be supervised[1]. Essential points involving the amendments are stated as follows: 1. Payment Services Act   The keys to the amendment to Payment Services Act (hereinafter referred to as the “Act”) are the Act recognizes that virtual currency has the nature of property and inputs the registration system for the exchange service providers, and provides relevant supervisory regulations. (1) Definition of virtual currency   As defined in items 1 and 2 of Paragraph 5 of Article 2 of the amended Payment Services Act, virtual currency can be divided into two kinds, but is limited to that which is recorded on an electronic device or any other object by electronic means, and excludes the domestic (Japanese) currency, foreign currency and currency-denominated assets[2]. ① It has 3 elements as follows: It can be used in relation to unspecified persons for the purpose of payment consideration for the purchase or leasing of goods or the receipt of provision of services. It can be purchased from and sold to unspecified persons. Its property value can be transferred by means of an electronic data processing system. ② Its property value can be mutually exchanged with other virtual currency and can be transferred by means of an electronic data processing system.   In addition, some authors[3] consider that virtual currency is equivalent to the use of blockchain technology. However, according to the definition after the amendment to laws in Japan, the definition of virtual currency is based the judgment of the above elements rather than the use of blockchain technology. (2) Input of registration system for virtual currency exchange service providers   Pursuant to Paragraph 7 of Article 2 of the Payment Services Act, “Exchange Service” is defined as the operation of exchange, agency or management activities. No person may engage in the virtual currency exchange service unless the person is registered[4] with the competent authority (Article 63-2 of the Act). A person who has conducted the virtual currency exchange service without obtaining the registration is subject to imprisonment for not more than three years or a fine of not more than three million yen or both based on Subparagraphs 2, 5 of Article 107 of the Act. (3) Mechanism of users protection:   The purpose of the amendment is to take countermeasures for the risks generated from virtual currency exchange, such as pecuniary loss caused by insufficient information, the loss incurred in the custody of users’ property, and disclosure of personal information of users)[5]. Discussions are divided into 4 points. ① Information security management A virtual currency exchange service provider must take necessary measures for information security management (Article 63-8 of the Act) ② Measures for users protection A virtual currency exchange service provider must take relevant protective measures for users, including the provision of explanation for misunderstood transaction and information about contents of transaction (Article 63-10 of the Act) ③ Separate management of property A virtual currency exchange service provider must manage its own property separately from the money or virtual currency of the users, and must retain a certified public accountant or an audit corporation to periodically conduct the external financial audit (Article 63-11 of the Act) ④ Designated Dispute Resolution Organization Referring to financial ADR system, the complaint or dispute matter of users shall be concluded by the Designated Dispute Resolution Organization (Article 63-12 of the Act) (4) Supervision over virtual currency exchange service providers:   As regulated by Articles 63-13 ~ 63-20 of the new Payment Services Act, essential contents of supervisory requirements for virtual currency exchange service providers are stated below: ①The obligation to prepare and maintain books and documents ②Annual financial reports ③The authority of the Prime Minister to inspect relevant business ④The Prime Minister orders a virtual exchange service provider to conduct business improvement. ⑤The Prime Minister may revoke the registration of a virtual currency exchange service provider who has obtained the registration through illegal or wrongful means. (5) Penalty for violation of obligations   The existing penalties under articles 107~109 and articles 112~117 of the Payment Services Act also apply to virtual currency exchange service providers. The causes of violation of obligations and corresponding penalties are summarized as follows: ① Any person who has not obtained registration or has obtained registration through wrongful means or by use of other’s name is subject to imprisonment for not more than three years or a fine of not more than three million yen, or both (Article 107 of the Act) ② An exchange service provider who has violated the separate management of property or has violated the disposition of suspension of operation is subject to imprisonment for not more than two years or a fine of not more than three million yen, or both (Article 108 of the Act). ③ Any person who has failed to prepare or has falsely prepared books, reports, attachment and documents or has refused to answer the questions or has refused to accept or has hindered the business inspection is subject to imprisonment for not more than one years or a fine of not more than three million yen, or both (Article 109 of the Act) ④ A person who fails to take necessary measure for improving its operation is subject to a fine of not more than one million yen. 2. Act on Prevention of Transfer of Criminal Proceeds   In order to prevent from money-laundering, the legitimacy of fund sources must be assured. The amended “Act on Prevention of Transfer of Criminal Proceeds” (hereinafter referred to as the “Act”) incorporates the virtual currency exchange service providers as “specified business operators” and imposes them with the following main obligations: (1) The obligation to confirm user identification (Article 4 of the Act) (2) The obligation to confirm and preserve transaction records (Articles 6 & 7 of the Act) (3) The obligation to report suspicious transactions (Article 11 of the Act)   The above are major contents of the amendments to legislations in relation to virtual currency exchange service providers in Japan. The purposes of the amendment are to promote the innovation of virtual currency operators and the balanced development with consumer protection. Therefore, they are included in the Payment Services Act and are subject to similar supervision as with electronic bill and Funds Transfer Service[6]. The reorganization of virtual currency system in Japan has stepped forward. However, the application of actual operation needs continual follow-up and observation, so as to be used as reference for the relevant law system of our country. [1]Financial System Council, The Working Group on Payments and Transaction Banking of the Financial System Council, P27. [2]Currency-Denominated Assets, Assets denominated in currency refers to the “Currency-Denominated Assets” in Japanese and defined in the Payment Services Act: as used in this Act means assets which are denominated in the Japanese currency or a foreign currency, or for which performance of obligations, refund, or anything equivalent thereto (hereinafter referred to as "performance of obligations, etc." in this paragraph) is supposed to be made in the Japanese currency or a foreign currency. In this case, assets for which performance of obligations, etc. is supposed to be made by means of Currency-Denominated Assets are deemed to be Currency-Denominated Assets. [3] <Improvement System of Virtual Currency>, Daiwa Institute of Research, see website:, http://www.dir.co.jp/research/report/law-research/financial/20160520_010904.pdf#search=%27%E4%BB%AE%E6%83%B3%E9%80%9A%E8%B2%A8+%E8%B3%87%E9%87%91%E6%B1%BA%E6%B8%88%E3%81%AB%E9%96%A2%E3%81%99%E3%82%8B%E6%B3%95%E5%BE%8B+%E3%83%96%E3%83%AD%E3%83%83%E3%82%AF%E3%83%81%E3%82%A7%E3%83%BC%E3%83%B3%27 (Last browse date: 12/07/2017) [4]Article 63-2 of the Payment Service Act provides the registration with the Prime Minister; however, in practical operation, the operators shall apply for registration with the local financial bureau. [5]Financial System Council, The Working Group on Payments and Transaction Banking of the Financial System Council, P29. [6]In the Payment Services Act of Japan, it is specified that the remittance business engaged by a non-banking provider was officially named as “Funds Transfer Service”, in which business contents aim at the third payment works. Financial Research Development Funds Management Committee, “Study of the industrial development and management between international non-financial institution payment services”, written by Kuo Chen-Chung and Hsu Shih-Chin, pp60~61(2015).

TOP