The European unitary patent: what possible advantages and disadvantages?

Until now, at the European level, patents have been governed by the Munich Convention, which provides for a single, centralized procedure for granting patents entrusted to the European Patent Office (EPO).

While the procedure is uniform in terms of the granting of the patent, the same cannot be said for its protection; the European patent granted must in fact be validated in each State party to the Convention in which protection is sought. It is commonly said that the European patent corresponds to a “bundle” of national patents: in essence, following the grant, the European patent confers on the holder the same rights as would be conferred by a national patent, and all questions concerning the validity and infringement of the patent are referred to the national courts.

This situation is about to change.

European unitary patent

As we all know, the Agreement on the Unified Patent Court will enter into force on 1 June 2023 and at that point the European unitary patent will be effective, which will confer uniform protection in all European states that have chosen to adhere to this new system.

It should be made clear that the European unitary patent will not replace the “traditional” European patent, on the contrary, it will stand alongside the latter by allowing the patent holder to choose which system to join.

As it happens with the “traditional” European patent, the EPO will still be the competent office to grant unitary patent rights; furthermore, the new system has not changed the way the patent is granted. Quite simply, at the end of the grant procedure of the European patent, the patent proprietor will have the option to request unitary effect within one month and will have to do so in the language of the proceedings.

Currently, twenty-five European states have chosen to participate in this system (the big missing country is Spain); only seventeen, however, have ratified the Agreement.

This means that when the system comes into force, uniform protection will only extend to the seventeen ratifying states. The question to be asked is therefore: what will happen next? When other states ratify the Agreement, will the uniform protection automatically extend to them?

Surprising as it may be, the answer is no.

In fact, over time several “generations” of unitary patents will be created with different territorial coverage depending on the number of states ratifying the Agreement. At least in the first instance, therefore, there will not be a truly unitary patent in all the states participating in the system.

Given that this is an alternative system, how can one choose not to join it?

It is already possible to do so. As of 1 March 2023, in fact, the so-called sunrise period began, i.e. a three-month period during which the holders of European patents already granted, holders of European patent applications and holders of supplementary protection certificates granted for a product protected by a European patent may request the exclusion of these from the system and consequently remove them from the jurisdiction of the Unified Patent Court (this is referred to as an opt-out, as provided for in Article 83 of the Agreement). The opt-out can also be exercised during the transitional period (seven years). However, it is a good idea to make this choice during these three months because, if you are involved in a court action before the Unified Court after 1 June, the opt-out will no longer be permitted. If one chooses to opt-out, is one forever excluded from the system? No, it is possible to change your mind and choose to opt-in, but this choice cannot be revoked again.

What concrete advantages will the new system bring?

There are many advantages. First of all, uniform protection will be available in all states that have ratified the Agreement and the EPO will be the only office to which applications will be submitted (not only that, but the EPO will also centrally manage the post-registration phases). In addition, holders of unitary patents will pay a single annual maintenance fee and costs related to the validation phase of the patent will obviously not be paid anymore. In addition, disputes that arise in connection with the unitary patent will be subject to the exclusive jurisdiction of the Unified Patent Court, whose decisions will have effect in all states affected by the unitary effect (this will make it easier for the patent holder to stop ongoing infringement activities in all affected states).

However, the European unitary patent also seems to have certain limitations. First, it has potentially less territorial coverage than the European patent. The new system only involves those EU states that have ratified the Agreement (unlike the EPC, which also includes non-EU states such as, for example, Switzerland and Turkey). It should be added that the new system is, in certain cases, a double-edged sword. On the one hand, uniform application of the law is provided for, but on the other hand, the patent holder may be exposed to a higher risk: if the Unified Patent Court judges a patent invalid, it would be invalid in all states affected by the unitary effect.

So, is it worth joining the new system or not?

There is no straightforward answer to it. It seems compulsory to make an assessment that takes into account the peculiarities of each individual case. For example, the patent at issue and its “strength” must first be considered. But also the procedural position one takes in a possible court action; in fact, as a plaintiff, it might be useful to obtain a single decision for all the territories adhering to the patent system with unitary effects (with obvious savings in time and costs), while as a defendant, on the other hand, it might be useful to defend oneself in different states, and therefore before different judges, thus gaining time, and avoiding that an unfavorable decision would have effect on all the territories of the UPC at the same time, thus preventing the sale of the product considered to be infringing in the 17 countries adhering to the Agreement.

It should also not be forgotten that the system is new and right holders will be “exposed” to it. The tightness and efficiency of the rules will really be put to the test once the system comes into force. Likewise, the case law of the new Court is obviously not known. It has also been pointed out by several parties that the unitary patent provides less flexibility; it will not, for example, be possible to carry out the so-called selective abandonment, which is instead feasible for the “traditional” European patent (the unitary patent will have to be maintained or abandoned in all countries). It will also not be possible to transfer the patent only in certain states.


In conclusion, the unitary patent presents some advantages on the one hand, but also disadvantages on the other, which must be carefully weighed up according to the specific case. In the case of the opt-out, this is the right time to start making initial assessments. For everything else, one will have to wait for the entry into force of this new system to understand its actual scope and operational efficiency.

Artificial intelligence travels fast and with autopilot

Self-driving, profiling, social scoring, bias, chatbot and biometric identification are just some of the many terms entered in our daily life. They all refer to artificial intelligence (“AI”), which is the machine’s ability to show human-like skills such as reasoning, learning, planning and creativity[1]. Today like never before, AI has an enormous impact on persons and their security. It is sufficient to mention the Australian case that involved the driver of a Tesla “Model 3” who hit a 26-year-old nurse[2], while the vehicle was on autopilot.

With reference to this tragic accident, one naturally wonders who should be held liable for the critical conditions of the poor nurse. Is it the driver, despite the fact she was not technically driving the vehicle at the moment of the accident? Is it the manufacturer of the vehicle that hit the nurse? Or, again, the producer/developer of the software that provides to the vehicle the information on how to behave when it detects a human being on its way?

As of now, the driver – although she was released on bail – has been accused of causing a car accident. That doesn’t change the fact that – if the charge will be confirmed after the pending judgement – the driver will have the subsequent right to claim damages on the producer/developer of the AI system.

The above-mentioned case deserves an in-depth analysis, especially regarding the European AI industry.

It is worth mentioning that, despite the gradual rise of the AI use in the widest scope of our daily life[3], to date there is no law, regulation or directive related to the civil liability on the use of AI systems.

At an EU level, the Commission seems to have been the first that seriously dealt with the issue of civil liability by highlighting gaps regarding this subject, and publishing, among other things, a Regulation proposal establishing harmonized rules of AI systems[4].

By analogy, it is possible to retrieve from the above proposal three different definitions of civil liability: liability from faulty product, developer’s liability and vicarious liability.

Liability from faulty product applies in the case under exam, which considers the machine to lack legal personality[5].

Hence, as is evident, in the event an AI system causes damage to a third party, the liability will be on its producer/developer and not, on the contrary, on the device/system that incorporates it.

Returning to the case in question, it would therefore be up to the developer of the AI system (i.e. the US company Tesla) to compensate the injured nurse, if the latter is able to prove the connection between the damage/injuries caused and the fault of the AI system. For its part, the developer of the AI system could exclude the damage only if it is able to prove the so-called “development risk”, i.e. providing proof that the defect found was totally unpredictable based on the circumstances and manner in which the accident occurred.

Some commentators have observed on the point that the manufacturer should be able to control the AI system remotely and predict, thanks to the algorithms, unscheduled conduct at the time of its commercialization[6]. Moreover, as we already know, the algorithms incorporated in the AI systems installed in cars can collect data over time, self-learn and study particular behaviors and/or movements of human beings, increasingly reducing the risk of accidents.

From this point of view, the manufacturer would therefore have an even more stringent burden to exclude any hypothesis of liability, that is, to demonstrate that it has adopted all the appropriate safety measures to avoid the damage.

In this regard, the European Parliament has also drafted the “Resolution containing recommendations to the Commission on a civil liability regime for artificial intelligence” which introduces the category of the so-called “High-risk AI”, i.e. those artificial intelligence systems operating in particular social contexts such as, for example, education, or those technologies that collect sensitive data (as in the case of biometric recognition), or that are used in the selection of personnel (which would risk falling back into social scoring or other discriminatory acts) or, again, the technologies used in the field of security and justice (through which there would be the risk of biases: prejudices of the machine on the subject being judged). It has been observed that for such “high-risk AI” systems there is an objective liability of the producer in case of a harmful event unless the latter is able to demonstrate the existence of force majeure event.

In conclusion, despite the efforts made by the Commission and then by the European Parliament with regard to the regulation of AI systems, there are still a lot of questions to be answered regarding the profiles of liability connected to them.

For example, it would be useful to understand how AI systems that are not considered to be “high risk”, such as the self-driving systems discussed in this article, should be framed and regulated. Or again, what threshold of liability to apply if in the not-too-distant future an AI device may be considered fully comparable, in terms of reasoning capabilities, to a human being (as recently claimed by a Google employee on the search engine AI system[7]).

What is sure is that, as often happens with any technological innovation, only a significant integration and adoption in our society of artificial intelligence systems will outline concrete hypotheses of liability, as applicable in contexts of daily operations.

In any case, we have high hopes that the aforementioned Regulation - whose date of entry into force is not yet known - will be able to provide a discipline that is as complete as possible and that above all reduces the risks and responsibilities of the users of AI systems and increases, on the other hand, the burdens borne by the manufacturers of the same to guarantee their safety.

[3] Considerando (2), Proposta di Regolamento del Parlamento europeo e del Consiglio che stabilisce regole armonizzate sull'intelligenza artificiale (legge sull'intelligenza artificiale) e modifica alcuni atti legislativi dell'unione, 2021/0106, del 21 aprile, 2021
[4] Proposta di Regolamento del Parlamento europeo e del Consiglio che stabilisce regole armonizzate sull'intelligenza artificiale (legge sull'intelligenza artificiale) e modifica alcuni atti legislativi dell'unione, 2021/0106, del 21 aprile, 2021
[5] Barbara Barbarino, Intelligenza artificiale e responsabilità civile. Tocca all’Ue,, 15/05/2022
[6] Ut supra fn 5

European Green Certificate: freedom of movement in Europe during the pandemic

It's called the European "Green Certificate," but actually you can read it as "Covid-19 Pass". It purports to make movement of citizens within the European Union easier, as well as to contribute to the containment of the spread of the Sars-CoV-2 virus.

Let's try to understand what are the features of the green certificate, who will issue it and what guarantees it will have in place for the protection of personal data, including sensitive data.

1. Premise

On 17 March 2021, the European Commission proposed the introduction of a European "Green Certificate", which aims to allow the exercise of the right of free movement of citizens – as provided under Article 21 of the Treaty on the Functioning of the EU (TFEU) – during the Covid-19 pandemic. This certificate would be issued by each Member State, in digital and/or paper format and would have the same legal value throughout the EU.

However, to speak of just one "Green Certificate" is not correct. Indeed, as explained in the Proposal for a European Regulation published by the EU Commission[1], there are three different types of certificates that may be issued:

i. “Vaccination certificate": namely an attestation certifying that a person has received an anti Covid-19 vaccine authorized for marketing in the EU;

ii. "Test certificate": a certification that an individual has tested for Covid-19, via an antigenic or molecular test (as long as it is not self-diagnostic) which has returned a negative result;

iii. "Certificate of recovery": a document proving that a person who had been diagnosed with Covid-19 has subsequently recovered from it.

Each certificate will be in the official language of the relevant Member State and in English, it will be free of charge and will be issued by duly authorized institutions/authorities (e.g., hospitals, diagnostic/testing centres or the health authority itself).

2. How does the certificate work?

The certificate has a "QR (Quick Response) code" containing essential information about its holder, a digital signature that prevents forgery and a seal that guarantees its authenticity.

When a European citizen enters a Member State of which he or she is not a native, the institutions and/or competent authorities of that State will scan the QR code on the certificate and verify the digital signature contained therein. This verification of the digital signature will take place by comparing it with the signature keys held by the institutions/authorities of the State of destination, which will be stored in a secure database of each State.

In addition, a single "gateway" managed by the EU Commission will be made available at an EU level, via which the digital signatures of green certificates may be verified throughout the EU.

3. Processing of personal data contained in the certificate

Each certificate - whether related to vaccination, test or recovery - will contain a series of information relating to the person to whom it refers such as, for example: name, surname, date of birth, date of vaccination, result of the antigenic/molecular test, diseases which he/she has recovered from. This is information that falls under the definition of "personal data" pursuant to art. 4 of Regulation 679/2016 ("GDPR") insofar as it relates to an identified natural person and, for this reason, must be processed in accordance with the principles and guarantees provided by that Regulation.

In this regard, it is appropriate to summarise the most important contents of the opinion dated 31 March 2021 that the European Data Protection Board ("EDPB") and the European Data Protection Supervisor ("EDPS") provided to the EU Commission regarding the green certificate.

a) The processing of personal data contained in the certificates should be carried out only for the purpose of proving and verifying the vaccination, negativity or recovery status of the holder of the certificate and, consequently, to facilitate the exercise of the right of free movement within the EU during the pandemic.

b) In order to facilitate the exercise of privacy rights by the data subjects, it would be advisable for each country to draw up and publish a list of the persons authorized to process such data as data controllers or data processors and of those who will receive the personal data (in addition to the authorities/institutions of each Member State competent to issue certificates, already identified as "data controllers" by the proposal for a Regulation at issue).

c) The legal basis for the processing of personal data in the certificates should be the fulfilment of a legal obligation (art. 6, para. 1, lett. c of GDPR) and "reasons of substantial public interest" (art. 9, para. 2, lett. g of GDPR).

d) In accordance with the GDPR principle of "storage limitation" of personal data, retention of data should be limited to what is necessary for the purposes of the processing (i.e. facilitation of the exercise of the right to free movement within the EU during the Covid-19 pandemic) and, in any case, to the duration of the pandemic itself, which will have to be declared ended by the WHO (World Health Organization).

e) The creation of EU-wide databases will be absolutely forbidden.

4. Critical remarks and conclusions

In addition to the innovative implications of the proposed Regulation, there are certain aspects which deserve further study or, at least, clarification by the European legislator in order to ensure the correct application of the new European legislation.

a. Issuing and delivery of certificates

The proposal for a Regulation provides that certificates are "issued automatically or at the request of the interested parties" (see Recital 14 as well as articles 5 and 6). Therefore, as also pointed out by the EDPB and the EDPS, the question is whether a certificate:

i. will be created and then delivered to the individual only if expressly requested by the latter;
or if, on the contrary
ii. such certificate will be created automatically by the competent authorities (e.g., as a result of vaccination) but delivered to the individual only upon his/her express request.

b. Possession of a certificate does not prevent member states from imposing any entry restrictions

The proposed Regulation provides that a Member State may still decide to impose on the holder of a certificate certain restrictive measures (such as, for example, the obligation to undergo a quarantine regime and/or self-isolation measures) despite the presentation of the certificate itself, as long as the State indicates the reasons, scope and period of application of the restrictions, including the relevant epidemiological data to support them.

However, one may wonder if these restrictions and their enforcement conditions will be defined at European level, or whether their identification will be left to each State; in the latter case, this would involve accepting the risk of frustrating the attempt of legal harmonisation pursued by the proposed Regulation.

c. The duration of the certificate

The proposed Regulation provides that only the "Certificate of recovery" must also contain an indication of the validity period. Therefore, once again we may wonder what will be the duration of the other two certificates ("vaccination" and "test") and how it will be possible to ensure the accuracy of what is attested by a certificate after a certain period of time from the date of issuance (for example, let us think about the various cases of positivity found after the administration of a vaccine or the so-called "false negative / positive" cases).

d. The obligations of the certificate holder

What are the obligations of the certificate holder? For example, if a certificate has been issued attesting a Covid-19 negative result and, after a few months, the holder finds out that in fact he or she is positive, would the holder be obliged to apply to the competent authorities/institutions of his/her country in order to have the certificate revoked? Furthermore: in the event that the holder tries to use a false certificate for entry in another Member State, what sanctions would he/she have to face?

e. The protection of personal data

The new proposal for a Regulation tasks the Commission with adopting, by means of implementing acts, specific provisions aimed at guaranteeing the security of the personal data contained in the certificates.

However, given the extremely sensitive nature of the data in question, will the EU Commission also ask for a prior opinion from the Data Protection Authorities of the Member States? Perhaps it would be useful to ensure, also in this context and with specific reference to the privacy documentation to be provided to the data subjects prior to the issuance of certificates, a quasi-unanimous European approach in order to prevent the possible dilution of the guarantees provided under Regulation 679/2016 ("GDPR").

In conclusion, this is a proposal which, if implemented with due care, could contribute greatly to the return to a somewhat normal life; however, it is feared that without a particularly detailed regulation on this matter, a high risk of making cross-border movements even more complex would ensue, also considering that each State would most likely adopt further measures regarding the regulation of this certificate.