Concerto Italiano - Preludio
Johannes Karcher, acting chairman of the UPC’s Administrative Committee, is to be applauded for the interview he gave to the Kluwer Patent blogger recently, which sheds at least a little more light on the issues still to be addressed before the Unified Patent Court can go “live”. There are quite a number of them, as one can take from this interview.
The most interesting bit of news for me was Mr. Karcher’s admission that there is “one application for the creation of a new third location of the central division of the Court of First Instance”, which, at least in my humble opinion, can only be the one from Milano. As I wrote earlier on this blog, “Milano è pronta“.
Indeed, if one is of the view that it is a good idea at all to decentralize a “central division” over more than a single location, then there is a certain logic supporting Milano. For Milano would be the location desired by the third of the famous “three States in which the highest number of European patents was in force in the year preceding the year in which the signature of the Agreement takes place” according to Art. 89 UPCA, taking over this role from the United Kingdom that, very unfortunately, still seems to be busy in taking back control of … whatever. But I digress, so let’s come back to Milano. Mr. Karcher now said that he is
“optimistic that we can find a balanced solution how to deal with the question of competences originally attributed to London rather soon.”
This has surprised me somewhat, but in a pleasant way, since I had always been under the impression that this question had already been answered. At least one or two years ago, the plan still was to simply divide the London competences among Paris and Munich only. I must admit that I have never really understood the legal basis or theory of this planned division, which seemed to me to contradict both the letter and the spirit of Art. 7(2) UPC Agreement and Annex II thereof. But be that as it may, Mr. Karcher’s remark seems at least to indicate that the matter is less settled than I thought.
Indeed, if I read correctly between the lines, it probably means that Milano is still in the game for part of the central division. We can speculate about the meaning of “rather soon” in Mr. Karcher’s comment, but I will not indulge in this. I only hope that the matter will be settled before Germany ratifies and the sunrise period starts. Anything else would seem fairly risky: What would happen if no agreement were reached, the UPC started operating, the first revocation action came in and it has still not been settled where London’s cases of IPC Classes A and C will be tried and whether there will be a further section of the Central Division at all, in addition to Paris and Munich?
Which brings us straight to the actual topic of this post: Dear Preparation Committee, I am afraid we really need more time to get prepared for the advent of the UPC. The current plan for Germany to sign in December 2022 is over-ambitious, for at least two more reasons.
Firstly, it is genuinely no good idea to let the sunrise period start on 1/1/2023 when most practitioners and their staff as well as the UPC IT support staff, if any, will still be in their well-deserved holidays over Christmas and New Year. In practice, this will mean that not much will be happening before mid January and that the sunrise period will therefore be effectively shortened by at least one valuable week, if not two.
Secondly, and as even the optimistic Mr. Karcher alluded to between the lines, “the IT” is simply not yet ready. Even worse, it will predictably, at least in my humble opinion, not be ready before the end of this year. By “ready” I mean that the CMS will allow all stakeholders (patent attorneys, attorneys-at-law, representatives from industry, judges) a functioning access to the UPC’s new Case Management System (CMS). At present, we are far away from such a paradisiacal state; we are still in purgatory or even lower. The current procedure for even getting simple access to the UPC’s CMS is simply a nightmare. Something must fundamentally change before Germany should give the starting signal for the new system; otherwise there is a significant risk of a false start. If nothing changes, there will be only two or three horses on the racecourse in January, while all the others are still figuring out how to get through the entrance door. Edgar Degas knew how desperate this can look.
What others say
I am by far neither the first nor the only person who is complaining about the current status. Observers have complained on Managing IP (unfortunately behind paywall, so I will not link to the article), and Juve Patent has also reported, at least between the lines, about problems here. A clever survey on IPKat has asked the question “Have you managed to access the UPC CMS via the strong authentication process” and received 87% “no” answers so far. Readers will also find a lot of further useful information about CMS authentication on this blog, which I will not repeat here. My Kudos to AmeriKat for collating this information.
The UPC Preparatory Committee and Judges are clearly not deaf to these outcries. That much can be taken from Mr. Karcher’s remarks in the interview with the Kluwer IP Blogger to which I have added a few comments:
We have carefully designed the UPC-roadmap containing the final steps leading up to the entry into force of the UPCA.
No doubt you have, but there can always be surprises.
I’m optimistic that we will be able to keep this timeline.
That is, with all due respect, what the acting chairman of the preparatory committee probably has to say, and certainly what his predecessor kept saying many times in the past. A quick internet search for the keywords “Ramsay”, “UPC” and “optimistic” reveals contributions from 2016 on juve.de (“Brexit is only a speed bump”), from 2017 on leadersleague.com (“hopefully … possible for the court to open for business by the end of 2017”), from 2020 on Monday.com (“I am keen to keep all the signatory states, including the UK, in the UPC system… it would be realistic to expect the UPC to be operational in early 2021.”) and from 2021 on JuvePatent (“The London question won’t delay the UPC”). Admittedly though, Mr. Ramsay has never been in an enviable position as the UPC’s leading optimist in view of the sluggish pace of the ratification process. He was appointed as chairman in 2013!
One point we need to pay particular attention to is the Case Management System. It is key that the functions are available including e.g. the proper set up of the authentication which has been a subject of late. We are therefore running tests and they will need to show satisfactory results.’
Here we are. What I understand Mr. Karcher to say in these three diplomatic sentences is (i) We are aware that there is a problem here. (ii) At this moment we have no idea how to solve it, but it is a critical problem (“it is key”). (iii) At this moment, tests have not yet shown satisfactory results. (iv) However, the results will need to be satisfactory… but why and what for? If I read correctly between the lines, Mr. Karcher thinks that the results will need to be satisfactory for Germany to ratify and thus send the starting signal for the sunrise period.
I really hope that my benevolent interpretation is right. It should be a no brainer that a sunrise period for opting out patents that is worth its name can only start if and when the sun is actually about to rise, i.e. if and when stakeholders are actually able to access the CMS. At this moment, we are far away from this paradisiacal state. I heard the rumor that even Mr. Karcher himself is not yet able to authenticate himself at the CMS. Whether this is true or not, does not matter – the big majority of users is definitely not yet able to access the CMS.
You may wonder why the hack is this so difficult? In my humble opinion, the main reason is No. 1 of the “14 Common Reasons why Software Projects Fail” as nicely summarized here: Not understanding the needs of the business. Users want simple and inexpensive, yet secure access to the CMS. Just to name two examples here, European Patent Attorneys would have been delighted if their EPO smart card that provides them with secure access to the European Patent Office had also worked for the CMS of the Unified Patent Court, which is supposed to be the Patent Court for Europe. And German attorneys-at-law, who have been using their beA cards for digitally communicating with the German courts, would have been delighted if their card had worked as well for the UPC. Unfortunately and very disappointingly, neither of them does.
I have spoken to a number of tech-savvy colleagues and friends. If I understood them correctly, the reason is that somebody within the UPC wanted to re-invent the wheel and establish a completely new and complicated authentication system, because… why exactly? I know of course that the UPC is an EU court and should comply with EU law in the first place. But are our EU laws so rigid and inflexible that they do not allow smartcards that securely work for digital communication with the only European Patent Office that exists in the EU to be accepted as well by the only European Patent Court that there is in the EU?
The explanation given to me is that the UPC requires a pretty unique “Client Authentication Certificate” that must be acquired (and they are not cheap!) from a provider listed in the List of Providers from the EU in the eIDAS Dashboard. A screenshot of this website is reproduced here:
If you scroll down this website, you will see that the European Patent Organization is not listed among these providers, perhaps because it is – arguably – not domiciled within the EU (and therefore not safe? or politically unreliable? – I cannot think of a really compelling reason why the EPO should not be allowed to provide such services to European Patent Attorneys for giving them access to the CMS of the UPC).
On top of that, you will also spot problem number 2: The trust service providers shown here offer a “QCert for ESig”, i.e. a qualified certificate for electronic signature and other certificates, yet NONE of them seems to offer a “Client Authentication Certificate” as required by the UPC. Users are left to contacting each of these companies to find out whether they offer such a certificate as well. To the best of my knowledge, there is currently no provider of such a certificate in Germany. Readers, please correct me if I am wrong and/or provide comments how the system works or does not work in your home countries. This can be very valuable for everybody! Nonetheless, I think that this service should rather be provided by the UPC preparation committee or the IT specialists it has entrusted with setting up this system.
As far as I have been informed, there is exactly one service provider – from Luxembourg! – that seems to offer both certificates required by the UPC to Germans. I am not sure whether establishing such a de facto monopoly is in agreement with EU law and I cannot believe that this is what the UPC Preparation Committee actually wanted. The Federal Chamber of Notaries that provides the smart cards for German Attorneys-at-Law has told my colleagues that they would not be able to offer the authentication certificate in the foreseeable future.
I just wonder how one can even seriously think of introducing a system that requires a particular kind of certificate for access which is only available from one particular service provider in Europe (or a handful of such providers at most)? Moreover, I keep hearing that the process for acquiring the certificates and the associated hardware is both expensive and very time-consuming.
And even if you have managed to install your Client Authentication Certificate, you are not fully done yet, because you must also link your software with the software for qualified signature from the digital service provider. One of my extremely tech-savvy friends wrote to me that to accomplish this, he first had to install a certain “middleware” which then runs in the background of your computer. Following that, he was able to activate his card via the website of the digital provider. He concluded his report:
Nach spätestens 4 Stunden ist die Smartcard dann einsatzbereit und es kann signiert werden.
To conclude, I can only reiterate my plea one more time: Dear Preparatory Committee, please provide the prospective users of the CMS with the information from which providers they can get a functioning Authentication Certificate and please allow all of us (the end users, the judges, the IT service providers etc. etc.) sufficient time to obtain it and to integrate it in our software environments. You may also wish to check with the providers whether they have sufficient amounts of hardware (smartcards) on stock so that users can be timely provided therewith.
With that, I wish all readers a happy first advent.