Agents in the Virtual Enterprise: Some Legal Notes

Virtual Enterprises are ICT-enabled business-cooperation structures that can derive a substantial support from the use of agent technology. However, this poses a series of legal issues that have to be adequately tackled in the light of available legal tools, from applicable rules and regulations in force, to private agreements and usage. This short paper does not aim at providing consolidated research results but rather at highlighting some notes and observations on the issue, also as discussed within the ALIVE European project. 1. The Virtual Enterprise concept The demanding economic scenario characterised by the integration of ICT in the companies’ value chains, the dramatic shortening of products’ life cycles, the urge for high specialisation, the expansion of supply and demand markets are some of the trends that have generated radical changes in business strategy and structure. At present, it can often be irrational for a single business entity to individually operate on the market, especially when its dimensions and resources are limited. The setting up of agreements and collaborations such as Virtual Enterprises can be one of the solutions to reach otherwise unattainable results. As can be derived from the work of Mowshowitz [Mowshowitz, 1986], in this case the term ‘virtual’ is to be reconnected to the idea of something whose outcome is superior than the sum of its parts, similarly to the computer’s virtual memory, rather than ‘appearing to be’ or ‘non-existent’, as in common language. The first substantial research contributions on Virtual Enterprises have appeared in the early nineties [Davidow, Malone, 1992]. Since then, a certain scientific debate on the subject has opened, especially in the areas of business organisation and information technology. Up until very recently, however, the legal research has substantially disregarded the issue, with rare exceptions [Scholz 94, Sommerlad 96, Conaway Stilson 97, Cousy et al. 99]. A consolidated definition of the concept still has to be developed; this can possibly be connected with the fact that VE’s constitute dynamic, fluid entities and possess various, sometimes contrasting features. For the purposes of this work, two possible definitions are proposed, based both on the analysis of available literature and of case studies; in a business perspective, the VE can be described as “a collaboration of legally independent subjects, set up to rapidly and effectively exploit a business opportunity and jointly bring products and services to the market. It generally has a temporary nature and is flexible, dynamic and fast-acting. It does not aim at achieving a legal status separate from the one of its partners; no hierarchic structure is formally set up and members participate on a peer-to-peer basis. The partners’ activities can possibly be co-ordinated by a ‘business integrator’ or ‘broker’ or by one particularly experienced partner. Its partners are usually geographically dispersed entities but the existence of a locally-based VE cannot be excluded. Through the massive use of state-of-the-art information and communication technologies, partners collaborate, also by way of cross-borders, crosscompany working groups. By concentrating on their core competencies and taking care of particular stages of the VE value chain, the partners rationally combine their activities, thus achieving economies of scale and scope, improving their own individual value chains, developing new innovative products, penetrating new markets and meeting the needs of new customers. All these results could not possibly be attained by them individually in a cost-effective way”. For the purposes of the legal research, some purely economic characteristics, although necessary to better frame the meaning, can be deemed irrelevant; consequently, reference shall be made to the VE as “a temporary, often cross-border ICT-enabled collaboration between legally independent entities aimed at the joint provision of goods and/or services, where each partner contributes to particular tasks and activities. The VE does not aim at achieving a legal status separate from the one of its partners and does not set up a formal hierarchical structure despite appearing as one organisation towards third parties”. 2. Some basic legal notes on agents In purely legal terms, agents can be regarded to as a software possessing particular characteristics, although it is known that not every software is also classifiable as an agent. Software can be considered as a means to transmit the conditional will of its owner. Provided that it has been correctly developed and that it is reliable, it can be affirmed that its behaviour can be foreseen; software is developed to exactly perform particular tasks and subsequently stop; it is completely dependent upon a higher entity. However, it is not possible to be completely sure of the results of its actions, if not in theory, as it may not have been adequately verified and may contain errors [Finocchiaro 97]. Unlike with software, not even the exact behaviour of the agent in different circumstances and conditions is to be totally foreseeable. This makes it difficult to affirm that agents are in fact an instrument for the transmission of their owner’s will, not even where conditional. It cannot be given for granted, in fact, that given a particular context and particular instructions the agent will always act in the same manner. It may inferred, therefore, that a part of the agent owner’s will, as concerns both its development and its subsequent manifestation, can be technically attributed to the agent itself. Given the presently applicable legal framework, the agent cannot be considered an autonomous entity to whom rights and duties can be imputed; it does not possess a subjectivity in the legal sense. Therefore, it should be reflected upon the theoretical solutions necessary to legally impute to its owner that portion of will connected with the agent. Some doctrinal contributions, albeit related to the unpredictability of software a concept which is not to be totally sharable, as mentioned before have proposed solutions in this sense. In particular, it has been affirmed [Borruso 88] that software possesses a potential will that cannot be totally foreseen by its owner and thus it is deemed acceptable the application by analogy of the principles of voluntary agency. However, it can be argued that this may be considered unfeasible, as software agents cannot in any case be considered ‘agents’ also in a legal sense, that is a subject possessing its own legal positions, including specific rights and duties. In relation to artificial intelligence applications, the results of the processing have to be imputed to the subject who avails himself of the programme and in any case the rights of those who have relied on the validity of an agreement and on the correct manifestation of the will of their counterpart have to be protected. From another perspective, it could be resorted to the principle of objective liability. It is the situation in which a subject appears liable for a fact from which damages have arisen, although neither intentional wrongdoing nor fault from his part are to be envisaged. The foundation of objective liability lies in the very connection between the fact and the event which has caused damage. The author of the fact will be liable unless he proves that the event was unforeseeable or inevitable, thus dissolving the cause-effect relationship [Galgano 00]. The use of agents might thus be reconnected with and compared to the carrying out of dangerous activities, as of art. 2050 Italian civil code. Where an activity can be considered dangerous by nature or in relation to the nature of the means utilised in its performance, the damage caused through it shall be compensated, except in case the author of the fact provides evidence that he has adopted all measures suitable to avoid damage. If the technological state-of-the-art does not allow for adequate measures to be taken to prevent damage, the dangerous activity will be performed at its author’s risk, as the affirmation of the absence of prevention tools does not, in any case, exempt him from liability. 3. Agents in the Virtual Enterprise The setting up and the subsequent management of the internal and external interactions of a VE strongly depends upon the use of technology. It is generally affirmed that there would be no Virtual Enterprises without ICT and that this latter is to be regarded to as an enabling factor [Faisst 97]. While in reality most Virtual Enterprises avail themselves of a combination of both advanced and more traditional tools, whose legal implications have already been partly solved by the legislator and widely discussed by literature, such as in case of telephones, facsimiles and, partly, of electronic signatures, the attention of the legal researcher today is drawn to the complex interrelations and legal institutes involved by the use of agent technology. When a business opportunity arises, the potential partners of a Virtual Enterprise need to be identified and selected. In this stage, specific search tools are needed. This is a very delicate task, which the very success of the collaboration depends upon; at the same time, it is essential that the partnership is formed with the utmost speed. Software agents can contribute to a rapid, thorough and mistake-proof search. Assuming that a subject, such as the VE broker, undertakes the task of initiating the VE, he shall assign certain goals, skills, tasks and rules to the agent that are supposed to be law-abiding. A possible different option is that of a VE originated from previous business collaborations, districts or marketplaces whose members make use of heterogeneous agents, developed on the basis of different needs and assumptions. Once the VE is formed and its operational stage starts, agents can again be used for search purposes, in order to have access to a wider knowledge of potential supply and demand markets. Agents can also be employed in contacting and carrying out negotiations with third parties and possibly also in performing and executing transactions on line with other agents or human entities on behalf of their owner. A further contribution of agents could be provided in the automatic resolution of internal and external disputes involving the VE, as traditional Court or ADR procedures may prove too lengthy for a temporary structure, especially where short-term based. From a legal standpoint, whenever agents move through a network and search for information, they should not be allowed to infringe other subjects’ rights, such as copyright or the right to privacy or to enter protected computer systems without the administrator’s or the owner’s express authorisation. In relation to data protection, the performance of the agents’ tasks implies activities, such as the acquisition, retrieval and storage of data, which can be classified as processing of personal data and therefore fall within the scope of application of Directive 95/46/EC and imply the compliance with its provisions. Attention shall be placed, in particular, to the rules laid down for legitimate data processing, such as the obligation to provide information to the data subject (identity of the controller, the purposes of the processing, the recipients of the data, the right of access to the data and of rectifying them, etc.). A mechanism should be developed to impose onto the agent the duty to process data only after having obtained the consent, if necessary, of the data subject and provided the information set by law. As to the data subject’s right to access her data and possibly to obtain their modification, integration or cancellation, it has to be stressed that an agent should be developed as to be technically able to make it possible for data subject to exercise these rights. The appointed controller of personal data who can be chosen by agreement within the VE has the duty to implement appropriate technical and organisational measures for the protection of personal data against possible destruction, loss, alteration, unauthorised disclosure or access, in particular where they are transmitted over a network, and any unlawful processing. The level of security will have to be appropriate in relation to the risks implied by the processing and also the nature of the data. With respect to this, agents shall be developed in such a manner as to possess the ability to implement said security measures. The protection of intellectual property rights (IPR) is also to be considered by the VE partners whenever using agent technologies. The perspective is twofold; on the one side, the agent has the ability to intercept, store and transmit data covered by IPR, such as images, text, sounds, videos, etc. and process them according to the needs and instructions of its owner. To this purpose, adequate protocols should be developed in order to enable the agent to distinguish, where possible, between freely utilisable and protected material. While this can be easier where appropriate technologies have been used by the copyright owner, such as for example watermarking, or whenever adequate copyright disclaimers recognisable by the agent have been inserted, for example, in his web pages, in other cases such task may result more difficult. On the other side, also the agent and the in-built knowledge accumulated throughout its life cycle could be the object of activities potentially infringing its owner’s intellectual property rights. As the agent can be legally classified as a software, it will enjoy the protection granted to it on the basis of copyright legislation, as foreseen, for example, in the EU territory, in particular by Directive 91/250/EEC. More difficult can be the protection of the knowledge possessed by it. Know-how in itself does not enjoy a specific protection; however, the information gathered and processed by the agent could be regarded to and protected as a database, provided it can fit into its definition by the legislator. An agent can be vulnerable with respect to the attacks coming from the outside, that is from the environment in which it is placed. In theory, in the absence of adequate protection, it could be detected and detained by an IT system, which could modify the instructions originally assigned to it, so that subsequently the agent would be in the position to infringe applicable rules. Besides technically protecting the agent, its owner could periodically check the agent and affix to it an electronic signature and a time stamping in compliance with the applicable legal framework and store a copy thereof. The data which make up the agent would thus be crystallised and it would be possible to affirm that at a certain moment the agent possessed particular characteristics, in compliance with an identified set of applicable rules and regulations. Irrespective of pathological situations, the VE partners implementing agent technologies for their purposes shall be aware of the fact that the agent, if acting on behalf of each and every one of them, will have to comply with their national applicable legal framework. Besides, agents move through open networks which are international by nature, and thus can perform actions which are deemed perfectly legal by some systems and tortious in other ones. The VE partners have the duty to develop rules to be assigned to the agent in order to limit its possible wrongdoing or, in a technical perspective, to prevent the agent from performing particular actions in certain environments. The agent could, for example, be instructed not to operate where it detects information in particular languages, or from particular web sites which can pertain to countries with a very different legal system, largely incompatible with the one applicable to and complied with by the agent. 4. The role of non-State legal tools At present, a clear qualification of the VE’s legal identity by the legislator is still absent; their international character would require a level of harmonisation among contrasting legislation which does not always appear easy to achieve; their massive use of rapidly evolving information and communication technologies contrasts with the slow law-making process and the performance of activities with the aid of sophisticated technological tools, as are electronic agents, requires a level of technicality connected with commercial processes and their complex interrelations, which can be supported by usage. These considerations and especially the absence of a coherent and certain legal framework applicable to agents and agent-based interactions stress the importance of decentralised, social rule-making processes of private origin, if not for direct regulation, at least to support the interpretation and application of rules in force that are deemed applicable by analogy. The Lex Mercatoria, intended as as a body of international legal practice [Mertens 97] as well as contractual and intra-organisational rules can prove adequate tools to this purpose. In this sense, the VE’s themselves can affirm as rule-making entities. Certain authors have coined the term ‘Lex Electronica’ [Gautrais, Lefebvre, Benyekhlef 97], to describe the set of informal legal rules applicable to electronic environments and interactions, which include (a) international treaties and conventions; (b) standard contracts applicable to particular sectors; (c) arbitration awards; (d) usage; (e) the general principles of the law [Béguin 84]. A further distinction can include standard contracts, codes of conduct and the self-regulation of professional associations [De Ly 92]. Proceeding to analyse the contractual tool, a distinction can be made between codes of conduct and standard contracts. The former are achieving an increasingly relevant role in the regulation of international ICT-based relations, in which Virtual Enterprises can be included. Whereas No. 49 to Directive 2000/31/EC, for example, affirms that Member States and the Commission shall encourage the drafting of codes of conduct; art. 16 confirms this affirmation and fosters the voluntary transmission of said codes by trade, professional and consumer associations to the Commission, in particular as concerns their application and impact on practices, habits or customs related to e-commerce. In regulatory terms, a relevant role can actually be played by the agreements drafted between the VE partners as regards the development and the subsequent utilisation of agents in their activities; this, however, will be connected with and depend upon the actual technical possibility to have access to and to modify the agent’s actions by each partner. Even more important will be the set of rules assigned to the agent from the very beginning of its activity, especially in consideration of the fact that it will then proceed to act in autonomy following the path laid down by such rules. 5. ICT law and the Virtual Enterprise: The ALIVE project ALIVE is a presently ongoing European project within the IST (Information Society Technology) Programme, denominated “Working group on Advanced Legal Issues in Virtual Enterprise”. It aims at stimulating the co-operation between the industrial sector and legal and ICT professionals operating in the new economy area. The project’s main objectives are: to define a taxonomy of VE-related legal issues; to carry out a deep analysis of the individual legal issues as identified by a legal issues taxonomy on the basis of the law, rules and regulations in force at national and European level; to create a legal roadmap for VE’s on harmonised solutions; to exchange information and co-operate with external subjects on Virtual Enterprises; to formulate proposals for future policies and new RTD actions. The ALIVE project has developed a concept of Virtual Enterprise that provides the basis for the legal research. The basic characteristics of said VE concept consist in the presence of a Business Integrator, who can act either as a broker or as a VE architect. While the latter is conceived as a third party external to the Virtual Enterprise, who plays a relevant role in designing the VE, the former is a partner of the same Enterprise; this may therefore affect his independence and neutrality. As to the nature of the VE, it is denied a legal personality separate from the one of its partners and is compared to a partnership latu sensu, whose members are subject to joint and several liability. The relationships among the partners are regulated through the “VE Framework Co-operation Agreement”. This consists in a detailed contract signed by all participants, which complies with the methodology and know-how developed by the Business Integrator. In particular, the agreement contains clauses on the exclusivity of the partners’ activities with reference to the object of their collaboration; confidentiality of the information collected, received or transferred during the agreement; the apportioning of costs and revenues; the management of proprietary information; limitation of liability; termination; survival of representations and warranties. Besides being a research forum on VE-related issues, the ALIVE consortium could in itself be regarded to as a Virtual Enterprise. It is formed by partners located in different EU Member States, who collaborate on a project-basis for the achievement of the VE’s final goals. The collaboration has been started to catch the business opportunity provided by the EU financial support and will subsequently dissolve, thus possessing a temporary nature. The partners are bound by bilateral agreements signed with the main contractor and this latter is responsible for the direct contractual relation with the European Commission. The partners collaborate thanks to the massive support of information and communication technologies and only meet in person at pre-defined dates at official project meetings and workshops. An ALIVE interest group has also been created, to actively involve interested parties and disseminate the results of the project; it is aimed in particular at the business world, for which the ALIVE results shall provide a reference basis and support for action in undertaking possible VE initiatives. Within the ALIVE project a special attention is devoted to the use of technology and its legal implications, as ICT is considered the very engine of this business collaboration structure. A deliverable is actually devoted to the analysis of the legal issues connected with the use of ICT in the Virtual Enterprise, with particular reference to electronic signatures and objects, electronic commerce, software agents and ASP providers.