A. Introduction
The international investment regime is primarily made of a network of thousands of bilateral investment treaties (BITs) conceived after the decolonization process that took place following World War II. In the past decades, BITs have been complemented by preferential trade agreements (PTAs) with investment chapters in the context of efficiency-seeking investment through global value chains. However, none of these international investment agreements (-II-As) were conceived for the profound changes the Internet brought to today’s digital economy.
This article examines whether the current international investment law framework—which was designed in the “analogue” era for “brick and mortar” investments—is still functional in the age of digitalization. For that purpose, we will focus on the scope of application IIAs, aiming to answer the following questions: Are digital assets, data processing, or virtual currencies a protected investment? How can we determine the identity of an investor in a digital world? Which State is the host State of a digital investment without a physical presence?
We then briefly ponder the effects of digitalization on the standards of treatment and protection included in IIAs, and, finally, whether the current international investment regime leaves enough policy space for States to regulate the digital transformation of their economies and societies.
B. Scope of Application of IIAs
IIAs grant different standards of protection to foreign investors, both substantive and procedural. Substantive guarantees include, among others, national treatment (NT), most-favoured-nation (-MFN-) treatment, fair and equitable treatment (-FET-), full protection and security (-FPS-), and protection against illegal expropriation. Procedural guarantees include the possibility of bringing claims against the host State outside domestic courts using investor-state dispute settlement (-ISDS-), mainly through investor-state arbitration.Footnote 1
But such “extra” protection is only granted to “covered” investments and investors that qualify as such, according to the definitions that each agreement includes in its scope of application. In this section, we will examine the impact digitalization may have on those provisions, notably in the definition of protected investment, protected investor, and the territorial application of the treaty.
C. Definition of Protected Investment
IIAs do not have a single definition of what constitutes a foreign investment.Footnote 2 However, most consider a non-exhaustive “asset-based” definition of investment that qualifies for treaty protection. These agreements broadly describe investment as “every kind of asset” (which is understood to have an economic value) and then provide an exemplary list. That traditionally includes movable and immovable property, shares and other interests in companies, claims under a contract having a financial value, business concessions under public law, and intellectual property rights (IPRs).Footnote 3 Even though few IIAs define investment as a closed list of assets, several of them include the same core categories of such “traditional” assets in the restrictive list.Footnote 4
In contrast to the “subjectivist” theory, which attributes primary importance to the definition of investment in IIAs, a competing “objectivist” theory posits the existence of implicit elements in the definition of investment, such as a contribution of capital or other resources, a certain duration, an element of risk, and a contribution to the economic development of the host State.Footnote 5 The objectivist theory has its roots in an arbitral decision in Salini v. Morocco (hereinafter the “Salini Test”), which interpreted Article 25(1) of the Washington ConventionFootnote 6 that established the International Centre for the Settlement of Investment Disputes (ICSID), the most used ISDS forum.Footnote 7 Several treaties now provide that those assets must have the “characteristics of an investment” to be covered by the agreements, which with certain variations, usually include the implicit elements described before.Footnote 8
In addition to the definition of investment, IIAs usually require as a condition to protect investments that such assets are invested in accordance with the laws and regulations of the host State. Numerous arbitral tribunals have considered that the legality requirement is applicable even when it is not explicitly provided for in the text of the agreement.Footnote 9
Digitalization may have at least two significant effects on the definition of investment included in IIAs that could affect the qualification of certain assets as protected investments, first on “traditional” types of investment in the digital economy and second, concerning purely digital assets.
I. Traditional Investment in the Digital Economy
An investment could be made in “traditional” assets but in the digital economy, notably in three main areas: Footnote 10 in digital firms (e.g., ridesharing or dating apps), in digital adoption by non-digital firms (e.g., mobile banking, or online sales), and in digital infrastructure (e.g., online payment, or cloud-computing).Footnote 11 The economic sectors where investment has more digital dimensions, are information and communication technology (ICT) industries (e.g., telecommunications), audiovisual (e.g., media, music, and film streaming), professional services (e.g., digital health services), finance, and insurance.Footnote 12
On occasion, digitalization may imply a different way of proving the property or control over assets. For example, in 2019, the European Union (EU) modified its Directive 2017/1132 relating to certain aspects of company law.Footnote 13 Since then, Member States must ensure the procedures for online formation, registration, and filing of companies, although national legislation may limit them to certain types of companies. Notaries or lawyers may be involved to verify the identity and legal capacity of persons intending to create a company or register a branch. Still, such involvement should not prevent the completion of the entire procedure online. Footnote 14
Certain countries even allow “digital shares.” For instance, a law about Distributed Ledger Technology (DLT—commonly referred to as “Blockchain”) has been in force in Switzerland since February 1, 2021, making digital share certificates possible.Footnote 15 The DLT Law introduced a new type of negotiable securities, allowing the tokenization of rights, claims, and financial instruments, including shares, bonds, and derivatives. The electronic registration of rights has the same protection as any traditional security.Footnote 16
II. Investment in Digital Assets
Digitalization has also created assets that do not necessarily have a physical representation in the real world and are purely digital. There is no universally agreed-upon definition of “digital assets.” Still, for this article, we will consider them intangible interests usually subject to contracts that determine whether an owner can use, sell, transfer, exclude, donate, or dispose of them.Footnote 17 Digital assets may come in many forms, like e-mails, social media accounts, reward points programs, electronic media in digital format (music, videos, and books), software (in source or object code), compilations of data (databases), domain names, designs, trade secrets, and digital currencies.
In principle, because of the broad nature of the investment definition found in most IIAs, one could assume that digital assets would be considered included in their definition of investment. As Chaisse and Bauer put it, if tribunals accept the meaning that “every kind of asset” includes everything of economic value, then digital assets should clearly fall under these broad definitions.Footnote 18 A stricter approach would also require that digital assets have some characteristics—at least commitment of resources, certain duration, and an element of risk—following a “Salini-light” test which seems to be prevailing in current -ISDS-.Footnote 19 Although digital assets would potentially satisfy these criteria, as types of digital assets vary significantly, the analysis should probably be done on a case-by-case basis.
However, Mills has highlighted “structural challenges” in applying IIAs to ICT concerning their compositional and definitional makeup. She claims the incompatibility of terms and coverage detailed in these agreements, particularly for investments in the ICT sector’s intellectual property and digital assets.Footnote 20 For example, even though definitions of investment found in IIAs tend to be broad, predominantly asset-based open lists, the fact that they usually do not include digital assets means that to consider them protected investments, a claimant has the burden of proving that they are, in fact, assets. It is more easily justifiable that an asset exists if it fits in one of the listed categories, and if that is not the case, a tribunal would have to confirm that unnamed assets share at least some of the characteristics of those listed as examples for that general term.Footnote 21
It seems sensible then to make a more detailed analysis of some issues concerning IPRs, data, virtual currencies, and other digital tokens, to examine whether they would be covered in the definition of investment commonly included in IIAs, as well as if they comply with the different “characteristics” of an investment as described before.
1. Intellectual Property Rights
Some digital assets might already be included in the IIAs’ exemplary list of assets. This is true for most IPRs described before, like copyright (over digital music, videos, and books), designs, and trade secrets.Footnote 22 Other rights are not always explicitly mentioned as IPRs in IIAs but are considered as such in other agreements, like software, source code, and trade secrets, which are protected by the World Trade Organization (WTO) Agreement on Trade-Related Aspects of Intellectual Property Rights (-TRIPS-).Footnote 23 Software protection should include online games and virtual goods (avatars, skins) derived from it. Despite their absence from the TRIPS Agreement, domain names are increasingly featured in the intellectual property chapters of PTAs.Footnote 24 Artificial intelligence (AI) systems and their underlying algorithms can be protected under IP law, either as trade secrets, copyright, or patent.Footnote 25
Therefore, it is likely that some digital assets can be considered protected investments as IPRs, following the most used investment definition found in IIAs. In the current digital economy, the economic value of these assets should be easier to determine, as well as some investment characteristics. For example, the commitment of resources and assumption of risks are common in developing new technologies, and IPRs are protected for a specific duration. But that would not necessarily be the case for other elements, like the requirement of a contribution to the host State’s economic development—if we follow a full Salini test.
However, it is important to note that not all IIAs include such broad language for IPRs, and some even include exclusions to the investment definition.Footnote 26 Plus, one can consider that the rules governing the protection of IPRs are not necessarily up to date, as most were created in a different technological context. Therefore, in those treaties, it could be debatable what kind of IP rights apply to new technologies and, thus, if such a technology constitutes an asset.Footnote 27
2. Data
Certain digital assets pertain solely to digital services that can store an immense amount of personal, business, and consumer information, like e-mails, social media accounts, and reward points programs.Footnote 28 Although some of these services require a fee (usually a small one), the majority of them are provided for free. So, what would be the economic interest in such services, that could qualify them as an asset for the purpose of investment protection?
To consider tangible property as an investment, there is essentially no need to examine the nature or value of the asset: It is sufficient to own it. For intangible properties, there is a need to inquire whether the activity or relationship is plausibly an economic one.Footnote 29
As Chaisse and Bauer have pointed out, the value of digital assets is directly linked to their data. While the intrinsic value constitutes the primary reason someone might want the data (e.g., a company logo, or a domain name), the extrinsic value is represented by the metadata, which contextualises the data.Footnote 30 The Organization for Economic Cooperation and Development (OECD) considers data as a “core asset” for the digital economy,Footnote 31 and has classified data into four types based on the distinction of the parties involved in data flows: Business to Business (B2B, e.g., Internet of Things and global value chains data), Business to Consumer (B2C, e.g., health and financial services), Government to Citizen (G2C, e.g., personal health and tax data), and Citizen to Citizen (C2C, e.g., e-mails and social media messages).Footnote 32 According to Zhang and Mitchell, B2B and B2C data are likely to meet the requirement of being a contribution of capital or other resources. In contrast, G2C and C2C data are less like to do, as they are produced by the government and citizens, respectively.Footnote 33
In that context, the companies that design, provide, and operate digital services (like Facebook, Instagram, and the like) are more likely to have an investment, as they monetise access to their users by selling targeted advertisement and marketing services or allowing third parties to offer services (like applications, games, and surveys).Footnote 34 The qualification as an asset could also be achieved if it is proven an investment to obtain and collect the data. For example, in several cases, the Court of Justice of the European Union (CJEU) has defined “investment” in the obtaining, verification, or presentation of the contents of a database, as “resources used to seek out existing materials and collect them in the database but does not cover the resources used for the creation of materials which make up the contents of a database.”Footnote 35
According to the World Bank, unprocessed data has relatively little value, and added value is created through the processing of data (mining, refining, and collection) necessary to be sold.Footnote 36 That value tends to lessen over time, and old data is usually less valuable than new data.Footnote 37
In contrast to the providers of digital services, the user is interested in accessing them and their content, but in principle, is not investing in them. Although some non-personal and anonymised data could be the subject of property rights,Footnote 38 generally, it is considered that particular personal data cannot be the subject of property law.Footnote 39 But can we entirely exclude the qualification as an investment of “influencers” social media accounts in platforms like TikTok or Instagram that have millions of followers and generate important revenues?Footnote 40 In some cases, those accounts have so many followers precisely because the account holders share their own personal data.
Therefore, it is likely that data processing could be considered an asset in the current digital economy and thus protected by most IIAs. That interpretation could be more complex for personal accounts on social media, but not necessarily impossible. Even if they do not formally own their social media account, one can say that their online business derives from a contract having a financial value, one of the common assets listed in IIAs as part of the investment definition.
Concerning investment characteristics, data processing generally implies the commitment of resources as well as some associated business risks proper of new technologies. These include the limitations of the cross-border flow of data and requirements on data localization, which some countries like China, India, Russia, and Turkey have enacted.Footnote 41 Data compilations, whether in machine-readable or another form, are also protected by the TRIPs agreement for a specific duration.Footnote 42 Building and updating such databases over time would probably meet the duration requirement.Footnote 43 Again, like with digital assets covered by IPR, the most challenging condition to comply with would be the contribution to economic development (if the full Salini test is followed).
According to the OECD, there are many ways in which data can bring economic and social benefits to the host State. These include increased competition and cooperation within and across sectors, creating business opportunities for data intermediaries and start-ups, developing user-driven innovation, and driving productivity growth.Footnote 44 For some, the data of foreign companies can contribute to the host State’s development by promoting its digital economy.Footnote 45 But those positive effects are less clear if data processing is done outside the territory from where the data is collected, and if the business activities generate minimum or no tax revenues for the host State.
Streinz has warned that broad investment definitions in many IIAs and the different approaches deployed by ISDS tribunals make it plausible that data will soon be recognised as a protected asset, granting property-type protection under international investment law even though such protection largely remains uncertain under domestic law.Footnote 46
3. Virtual currencies and digital tokens
Virtual currencies (also known as “cryptocurrencies”) are the digital representation (or “token”) of value operating with DLTFootnote 47. They are used as means of payment for goods and services, as a store of value, or as vouchers to access goods or services.Footnote 48 The best-known cryptocurrency is “Bitcoin,” the one for which blockchain technology was invented. Footnote 49
Currently, cryptocurrencies are not considered to be “money,” as for that they should satisfy four conditions: be a medium of exchange, a unit of account, a store of value, and a standard of deferred payment.Footnote 50 Even if some cryptocurrencies could partially fulfil these purposes, that does not mean they would be considered money, and even then, cryptocurrencies have broadly not been recognised as legal tender. In fact, only a couple of countries have done so. In September 2021, El Salvador became the first to make bitcoin legal tender, Footnote 51 followed in April 2022 by the Central African Republic.Footnote 52 In both cases, economic agents were required to accept bitcoins for all payments. Several Central banks worldwide are exploring the design and implications of central bank digital currencies (CBDCs), but this is for operations among those banks and not for private transactions.Footnote 53
Cryptocurrencies can be used to pay for goods and services, provided the counterparty accepts this form of payment. In Switzerland, tax authorities of the Canton of Zug started to accept some cryptocurrencies for tax payments in 2021.Footnote 54 Additionally, they could be considered non-financial assets.Footnote 55 A task force of the European Central Bank (ECB) has defined “crypto-asset” as “any asset recorded in digital form that is not and does not represent either a financial claim on, or a financial liability of, any natural or legal person, and which does not embody a proprietary right against an entity.”Footnote 56 Since 2015, Kazakhstan has recognised cryptocurrency as a form of property,Footnote 57 not a financial instrument or means of payment. From June 2020, it has legalised its mining, adding information to a DLT with the expectation of a reward from the same system.Footnote 58
But markets for other digital tokens have recently exploded in recent years: non-fungible tokens (-NFT-s) minted using “smart contracts.” Unlike cryptocurrencies, -NFT-s are unique digital assets, each with different attributes that are sold and bought like real-world objects. Fairfield has argued that -NFT-s are personal property, not contracts (or pure intellectual property licenses), and considers them digital equivalents of collectables, rare artworks, and other assets that gain value from scarcity.Footnote 59 Others are more sceptical about recognising that quality. Examining the most common type of NFT—a metadata file containing information encoded with a digital version of the work being tokenised—Guadamuz points out that NFTs are not always subject to copyright protection, and most do not involve the transfer of rights.Footnote 60 Additionally, there is no consensus on whether “smart contracts” are a contract in the legal meaning of the word. For some is a misnomer, as they are merely a self-executing, computer-coded agreement.Footnote 61
Even if cryptocurrencies do not qualify as money or legal tender, it is likely that they may be considered an asset and thus protected by most IIAs, especially in those countries where domestic law has recognised them at least as a means of payment. However, the situation could be more difficult for NFTs and other digital tokens if they cannot be considered equivalent to IPRs or contracts having a financial value.
Concerning investment characteristics, cryptocurrencies imply both the commitment of resources and the assumption of risks (and sometimes high ones). Elements of duration and a link to the development of the host State’s economy would be more difficult to ascertain. Prieto has suggested a category of “crypto-assets” could be recognised in the context of IIAs if they comply with three elements: (i) the digitalization of an asset; (ii) a connection to a -DLT- governance infrastructure; and (iii) a strong link to the economy of the host State.Footnote 62
D. Definition of Protected Investor
IIAs generally consider as protected foreign investors, either natural persons or juridical persons—primarily private companies. On occasions, investment treaties extend their protection also to “permanent residents,” although article 25 of the ICSID Convention does not consider it a valid link to trigger investor-state arbitration.Footnote 63 The investor’s nationality determines the “foreignness” of the investment,Footnote 64 which in the case of legal entities is usually recognised as the place of incorporation or the main seat of business. However, several treaties also go beyond these formal elements and require a bond between the corporate investor and the State whose nationality claims, such as “substantial business activities,” or include provisions on denial of benefits in order to avoid nationality planning or the creation of “paper” legal entities just for the benefit of the IIA’s protection.Footnote 65
The impact of digitalization in investment treaties concerning the definition of investor is somewhat limited, but it could appear in at least two situations. The first one concerns the emergence of electronic residence, in the event that the resident status is protected under investment treaties. According to the EDIT database, at least 104 BITs include such provisions.Footnote 66 Virtual or “E-Residency” programs offer a digital identity to start and manage an online company. Estonia was the first country to introduce one in December 2014. Any individual who signs up and receives an -ID- in accordance with the established procedure can register and manage companies online from anywhere in the world, as well as use online banking services, declare assets online, sign documents, and enter contracts using an electronic digital signature.Footnote 67 Following Estonia’s footsteps, other countries launched their own e-residency program, like Lithuania (in January 2021)Footnote 68 and Ukraine (in July 2021).Footnote 69 At least 8 IIAs from these countries grant protection to permanent residents.Footnote 70
The question would be then whether e-residents could benefit from the protection granted to permanent residents in IIAs. At least from the status of the virtual residency programs referred to above, the answer is likely to be negative, as currently, that type of residence is only offered for a limited period of time, but this is a policy that such countries (or others in the future) could change over time.
The second situation where the qualification as a protected investor could be affected by digitalization concerns the requirement of “substantial business activities” found in some IIAs—either as part of the investor definition or as a basis for the denial of the treaty benefits. For example, Estonia and Ukraine’s e-residency programmes explicitly allow establishing a completely digital company, meaning inter alia, digitally managing share capital structures, conducting board decisions, and declaring taxes. This trend is likely to be followed by other countries. As mentioned, the -EU- has already modified its Directive 2017/1132, and the Member States must ensure online procedures for forming, registering, and filing companies.
When a company is established and managed digitally abroad, one can question whether a such economic activity is substantial enough for the purposes of IIA protection. Because of the official recognition of the digital status of such companies, a likely answer would be that if such business activities are real or material, protection should still be granted, even if such activities take place predominantly online. In Amto v. Ukraine, the tribunal interpreted this requirement as meaning that there must be business activities, they need not be large, and the materiality, not the magnitude of the business activity, is the decisive question.Footnote 71 Following the same criteria, the tribunal in Masdar v. Spain, decided that “substantial” in this context means of substance and not merely of form or size.Footnote 72 In 9REN v. Spain, the tribunal rejected a denial of benefits objection on the basis that the determination of what “substantial business activities” is depends on the nature of the business (e.g., activities of a holding company are different from those of bricks and mortar business).Footnote 73 However, in GCM Mining v. Colombia, the tribunal held that “substantial” provides an important materiality threshold. A business activity may not be mere cursory, fleeting, or incidental. Still, it must be of sufficient extent and meaning as to constitute a genuine connection by the company to its home State.Footnote 74
E. Territoriality of Digital Investments
According to Article 29 of the Vienna Convention of the Law of the Treaties (VCLT), “[u]nless a different intention appears from the treaty or is otherwise established, a treaty is binding upon each party in respect of its entire territory.”Footnote 75 Many IIAs require a territorial nexus or physical link and only grant protection to investments that are made “in the territory” of the host State.Footnote 76 IIAs usually include definitions of “territory” or “area” where investment is made.
The question is then whether a person or a company can have an “investment” in a state with nothing but a digital presence (e.g., a presence through the Internet).Footnote 77 So, where is a person investing when acquiring assets in the digital world or the metaverse?Footnote 78
Establishing physical connections for digital investment could be a complicated enterprise and will largely depend on the nature of the digital assets being invested (more than their economic sector). Following the categorization proposed by Bick, based on the location of digital assets,Footnote 79 Chaisse and Bauer have suggested a distinction between three different types: those contained in a device that is under the owner’s control (“Class One”), those located in a computer or other storage device owned by another person (“Class Two”), and those that do not have any physical point of presences (“Class Three”). Establishing a territorial link could be more straightforward in Class One and Two digital assets, like e-mails, software, or data, in as much as they are physically stored (e.g., on a computer or server) under the company’s control inside the host State. It is much more difficult to establish that link in Class Three assets like data processing, data visualization, and data from social media, as, by definition, they have no physical presence.Footnote 80
However, the abovementioned categories could be mixed, as it is not uncommon for certain parts of an investment to be carried out outside the host State, especially in the digital economy. For example, cloud-based providers might house their servers locally, regionally, or on servers outside the host State’s territory.Footnote 81 Under some ISDS case law, as long as these activities could be allocated to the investment and are destined to the host country, it would suffice in order to meet the territoriality requirement. Footnote 82
The other problem is that in certain digital assets, it is not clear who has “control” over them. For example, the use of DLT for digitalising assets implies decentralised governance, meaning that it is not introduced into a specific territory, like a physical asset. Prieto believes that it is unclear whether an investment or participation in a DLT could be categorised as an investment unless it represents the operation of services physically linked to that activity, like to its development, such as “mining” on a large scale.Footnote 83
In the absence of known investment disputes about digital investments, existing ISDS caselaw (mostly involving financial instruments or operations) could help examine the difficulties in establishing the territorial link when operations are primarily intangible.
Some cases have taken a restrictive approach, requiring a clear territorial nexus. In SGS v. Philippines, the tribunal held that “in accordance with normal principles of treaty interpretation, investments made outside the territory of the Respondent State, however beneficial to it, would not be covered by the BIT.”Footnote 84 Along the same lines, in Energoalians v. Moldova, it was decided that a contract for electricity sale does not fall within the definition of investment “because it does not involve economic activity in the territory of the host State.” Footnote 85 In his dissenting opinion in Abaclat v. Argentina, Abi-Saab declared that:
[T]he financial securities instruments that constitute the alleged investment, i.e. the security entitlements in Argentinean bonds, have been sold in international financial markets, outside Argentina, with choice of law and forum selection clauses subjecting them to laws and for a foreign to Argentina. In fact, they were intentionally situated outside Argentina and out of reach of its laws and tribunals. There is no way then to say (and no legal basis for saying) that they are legally located in Argentina.Footnote 86
But interpretations have been more flexible in other cases. In CSOB v. Slovakia, a case concerning loan obligations, the tribunal held that “a transaction can qualify as an investment even in the absence of a physical transfer of funds.”Footnote 87 Likewise, according to the tribunal in SGS v. Paraguay:
There is no suggestion in the BIT that an investment in the territory of the State is limited to only those investments that a State requires to be made in its territory; it covers any qualifying investments that merely are in the territory … intertwined services under a contract are not divisible—some occurring in the territory and some outside the territory.Footnote 88
Several cases have emphasised whether the funds could be used to the benefit of a person or the host State, regardless of the lack of physical transfer to that territory. In Fedax v. Venezuela, it was decided that:
It is a standard feature of many international financial transactions that the funds involved are not physically transferred to the territory of the beneficiary, but put at its disposal elsewhere. In fact, many loans and credits do not leave the country of origin at all, but are made available to suppliers or other entities. The same is true of many important offshore financial operations relating to exports and other kinds of business. The important question is whether the funds made available are utilised by the beneficiary of the credit, as in the case of the Republic of Venezuela, so as to finance its various governmental needs.Footnote 89
Likewise, the majority in Abaclat decided that the determination of the place of the investment depends on its nature:
With regard to investments of a purely financial nature, the relevant criteria should be where and/or for the benefit of whom the funds are ultimately used, and not the place where the funds were paid out or transferred. Thus, the relevant question is where the invested funds were ultimately made available to the Host State and did they support the latter‘s economic development?Footnote 90
The tribunal in British Caribbean Bank Ltd. v. Belize clearly decided that “[t]he location of a financial instrument is to be assessed on the basis of the location of the benefit of that investment … that the benefit of a loan agreement is to be found in the location to which the funds were disbursed.”Footnote 91 Other cases have reiterated the criteria of considering that an investment may be made in the territory of a host State without a direct transfer of funds there, if the transaction accrues to the benefit of the State itself.Footnote 92
In summary, the territoriality link would probably be challenging to ascertain in a hypothetical investment case dealing with digital assets, mainly when transactions concerning them occur in several territories, in decentralised environments, or entirely online. However, the existing ISDS case law could provide an indication that a territorial nexus could be established if the benefits of that investment have an economic effect on the territory of the host State, regardless of the absence of an effective transfer of funds to it. Digital Services may be seen as located in a State if their chief impact takes place in that territory.Footnote 93
However, as Zhang pointed out, a large part of the operations of some digital companies (like social media) do not need to have any physical presence or to register in the territory of host States and neither engage in any obvious flow of capital or other resources into host States.Footnote 94
F. Standards of Treatment and Protection
Once we pass the threshold of the scope of application of IIAs, the effects of digitalization could also occur concerning their standards of treatment and protection. For example, are the host State’s responsibilities towards investors facing digital threats, such as cyber-attacks, covered by standards like -FET- or -FPS-? Could data localization or source code disclosure requirements affect investors’ national treatment?
Concerning the first question, Ginsburg points out that many of the conflicts arising out of the regulation (or the lack of) of cross-border digital investment are likely to fall under the umbrella of the -FET-, given its broad scope.Footnote 95 Chaisse and Bauer have concluded that in the context of cyber claims, the lack of host State legislation or prosecutorial remedies might fall below the FET standard by failing to provide adequate access to local remedies.Footnote 96 Moreover, for them, the FPS standard contains a groundwork for including the protection of intangible assets, and investors might seek recourse where states have allowed an unsafe investment environment prone to cyberattacks, under limitations of proportionality, meaning that states vulnerable to cybercrime have the means to provide adequate cybersecurity protections.Footnote 97
Yet, it is important to note that without an explicit mention of “legal security” in the respective IIA,Footnote 98 many arbitral tribunals have rejected the interpretation that FPS offers a guarantee of legal protection, and should be restricted to physical protection and security.Footnote 99 Several IIAs concluded in the 2010s onwards have also explicitly excluded legal protection from FPS, being limited to the necessary level of police protection.Footnote 100 Mills has pointed out that because of the nature of modern investments in the digital economy, it is unclear if and how FPS would apply to digital and intangible assets, like websites, because of their boundless nature, making them seemingly incompatible with geographically based laws.Footnote 101 One could also question the limits of FPS, even if it would include legal security, in case of extreme disruptions of the Internet, for example, during large-scale cyber-attacks (e.g., during the Russian invasion of Ukraine), which would likely be covered by IIAs provisions protecting against strife rather than FPS.
On the second question, Zhang and Mitchell argue that a clash between national treatment commitments and requirements for the localization of data would depend on specific circumstances. These include the domestic regulation of foreign investment, the host State’s scope of data localization, and whether IIAs explicitly or implicitly incorporate data protection through exceptions for the protection of the State’s essential security interests, public order, or public morals.Footnote 102 We agree that a breach of an IIA’s national treatment provision would not happen automatically because a data localization obligation is in place. Still, the tension is not always solved because nationals are under the same requirement and could imply the breach of another standard, like FET or FPS, depending on how localization requirements are implemented.
Bauer et al. have pointed out that data localization mainly enables governments to surveil their own citizens. Still, those actions could also be directed against foreigners, and in some cases, measures to protect personal privacy and enhance cybersecurity can be regarded as discriminatory against foreign investors.Footnote 103
One way of dealing with the tension between standards of treatment or protection in IIAs and digitalization would be to directly address them in such agreements. According to the OECD, digital transformation presents challenges and opportunities for investment policymakers. Future investment treaties can offer both opportunities for commitments and ensure that governments have the necessary policy space to regulate issues like data protection, cybersecurity, localization requirements, online consumer protections, e-government services, or prohibitions on forced transfers of technology or source code.Footnote 104
However, we believe that caution should be exercised about including digital transformation commitments in IIAs, as they could increase the chance of ISDS. Unfortunately, most agreements do not have provisions that include enough policy-space flexibility for states, either through exceptions, exclusions, or carve-out of certain sensitive areas like personal data protection.Footnote 105 Although some IIAs have exceptions on national security interests, it is still far from being a common provision in these treaties.Footnote 106
In some instances, IIAs restrict the possibility of host States imposing performance requirements, such as an amount of technology transfer, or a software’s source code.Footnote 107 A recent model investment treaty, Canada’s 2021 Foreign Investment Promotion and Protection Agreement, includes an exception to such a restriction but in minimal terms. It does not preclude a regulatory body or judicial authority of a Party from requiring a person of the other Party to preserve and make available the source code, or an algorithm expressed in that source code, to the regulatory body for a specific investigation, inspection, examination, enforcement action, or judicial proceeding, subject to safeguards against unauthorised disclosure.Footnote 108
G. Conclusion
International Investment Agreements are “analogue” treaties, and their provisions are, in principle, not intended for the digital era. The impact of digitalization in the international investment law regime is, until now, mainly theoretical, but it is evident for both traditional and digital investments. In the case of the former, the impact is primarily on the way of proving the property, control, and management over assets.
Concerning digital investments, the usually broad scope of application of existing IIAs is likely to cover investments in digital assets, depending on the definition of protected investments and protected investors, provided that there is a flexible interpretation of the territorial nexus, in the absence of a physical presence on the assets in the territory of the host States. As Mitchell and Hepburn have pointed out, these threshold requirements are complicated, but likely met.Footnote 109 Once the scope of application of IIAs has been cleared, a new set of problems might appear concerning the implementation of IIAs’ standards of treatment and protection and the digital world. Such analysis would require more time and space than that provided in this article, and we have only intended to give some initial thoughts in this regard.
Considering the digital policy is still shaping up, and there is no consensus on a number of issues, like cross-border data flows and data localization, it would be wise to avoid explicitly including the protection of digital assets in IIAs. Although up to now, there is no -ISDS- case directly involving digital assets, the impact of digitalization on investment treaties and its dispute settlement is already becoming evident, and it is likely to continue in the future in different innovative ways. For example, digital tokens have been used to fund an investment arbitration.Footnote 110 The discussion then will probably turn to the application of analogue rules to a digital world, or the need to create new ones.
Author’s Note
A partial and preliminary version of this article, co-authored with Mira Burri, was presented at the Frankfurt Investment Law Workshop on March 9, 2019, and I am grateful for the comments and suggestions received at that time. All errors and omissions are mine.
Competing Interests
The author declares none.
Funding Statement
No specific funding has been declared in relation to this article.