This edition of the UPChronicle examines the legal framework governing confidentiality protection in UPC proceedings, drawing on the court’s growing body of case law to consider how confidentiality orders are obtained, how the court balances competing interests, the operation of confidentiality clubs, and the sanctions available for breach.

Legal framework

The protection of confidential information is governed by Article 58 UPCA, which empowers the court to protect trade secrets, personal data, or other confidential information of a party or third party by ordering that the collection and use of evidence be restricted or prohibited, or that access to such evidence be restricted to specific persons. Rule 262A RoP provides the procedural mechanism for parties to apply for such protective orders.

Although the Trade Secrets Directive (Directive (EU) 2016/943) is not directly applicable to patent proceedings before the UPC—as it concerns only the unlawful acquisition, use, or disclosure of trade secrets—the Court of Appeal recognises that the provisions of the Directive inspired the drafting of Rule 262A RoP and, when interpreting Rule 262A, the court applies principles similar to those underlying the Directive (Sun v Vivo and Ericsson v ASUSTek).

What constitutes confidential information?

Information may be considered confidential when it is known only to a limited number of persons, its disclosure is liable to cause serious harm to the person who provided it or to third parties, and the interests liable to be harmed by disclosure are objectively worthy of protection (Microsoft v Suinno). It may include evidence or information within written pleadings (Merz v Viatris). 

The classification of information as a trade secret requires that: (a) the information is not generally known or readily accessible to persons within the relevant circles; (b) it has commercial value because it is secret; and (c) reasonable steps have been taken to keep it secret (EOFlow v Insulet).

Applying for confidentiality protection

A party seeking protection of confidential information must make an application to the court under Rule 262A RoP. The application must be made at the same time as lodging the document containing the information or evidence and must provide a copy of the unredacted relevant document and, if applicable, a redacted version. The application must contain the grounds upon which the applicant believes the information or evidence should be restricted in accordance with Article 58 UPCA.

Without an explicit application for a confidentiality order under Rule 262A, the court will not treat a document as potentially containing confidential information. Uploading a document under the “HC” (highly confidential) code in the case management (CMS) system alone does not suffice; a simultaneous Rule 262A application is required (Merz v Viatris and EOFlow v Insulet).

It is important to distinguish between Rule 262.2 RoP and Rule 262A RoP. A request under Rule 262.2 that information in pleadings or evidence be kept confidential does not automatically grant provisional protection against disclosure by the other party to the litigation—it relates only to future requests for public access to the register. Only Rule 262A allows the court to restrict the use of confidential information by the opposing party and its representatives (Merz v Viatris).

There is no implicit confidentiality limitation on the use of information received as a result of compliance with an order. It is therefore necessary to file a request for confidentiality whenever one files confidential information in the court’s CMS, otherwise such information will be available to the other party free of any confidentiality obligations (EOFlow v Insulet).

Absent an explicit request for a confidentiality order, or a statement that the information is protected under a previous order pursuant to R. 262A, the court will not treat a document as potentially containing confidential information in the sense of R. 262A RoP (Merz v Viatris).

Balancing test and proportionality

When deciding on measures for the protection of confidential information, the court must balance the following considerations:

• The need to ensure the right to an effective remedy and to a fair trial (Ericsson v ASUSTek);
• The legitimate interests of the parties and, where appropriate, of third parties (Ericsson v ASUSTek); and
• Any potential harm for either of the parties, or third parties, resulting from the granting or rejection of such measures (Sun v Vivo and Ericsson v ASUSTek).

The court may allow an application, having regard in particular to whether the grounds relied upon by the applicant for the order significantly outweigh the interest of the other party in having full access to the information (Ericsson v ASUSTek).

Confidentiality clubs and external eyes only regimes

Like other patent courts, the UPC has developed a practice of establishing “confidentiality clubs” to permit controlled access to confidential information (Merz v Viatris). Pursuant to Rule 262A.6 RoP, the number of persons to whom access is granted must be no greater than necessary to ensure compliance with the parties’ rights to an effective remedy and a fair trial, and shall include at least one natural person from each party and the respective lawyers or other representatives (Solvay v Zhejiang).

Whether a particular person may be granted access must be determined on the basis of the relevant circumstances of the case, including:

• The role of that person in the proceedings before the court;
• The relevance of the confidential information to the performance of that role; and
• The trustworthiness of the person in keeping the information confidential (Ericsson v ASUSTek and Solvay v Zhejiang).

The fact that a person is an employee of a party is, as a general rule, not sufficient to deny access to that person (Sun v Vivo). The Court of Appeal held that excluding employees would severely restrict a party’s freedom to choose who will represent it in proceedings, and that employees are often better positioned to present the party’s view, provide and review relevant information, and instruct representatives than persons external to the party’s organization. Consequently, access for a party’s employee will often be essential to ensure compliance with the right to an effective remedy and fair trial (Sun v Vivo). It is therefore difficult to obtain “External Eyes Only” regimes in UPC proceedings.

Where confidential information concerns a FRAND licence agreement between a party and a third party, the potential harm for the third party resulting from allowing access to employees may be mitigated by requiring such employees to refrain from involvement in patent licensing negotiations with the third party for a certain period (a so-called “licensing bar”). This bar prevents employees from using the confidential information in negotiations, whether intentionally or not, and provides all parties with greater legal certainty (Sun v Vivo).

Continuing obligations and sanctions

The obligation of confidentiality continues to apply after the termination of the proceedings (Ericsson v ASUSTek). Information classified as confidential shall not be used or disclosed outside the court proceedings, except to the extent it has verifiably come to the receiving party’s knowledge from a non-confidential source not bound by a confidentiality obligation (Ekahau v Google).

In the event of a culpable breach of a confidentiality order, the court may impose a penalty payment on the relevant party. Penalty payments are imposed on the parties to the proceedings, not on legal representatives in their personal capacity. However, legal representatives remain subject to their professional obligations under any code of conduct adopted pursuant to Rule 290.2 RoP, and the court may exclude a representative from proceedings for non-compliance. The court has ordered penalty payments of up to €1,000,000 per breach in appropriate cases (Sun v Vivo and Ericsson v ASUSTek).

Public access to the register

Pleadings and proceedings before the UPC are generally open to the public pursuant to Article 45 UPCA, unless the court decides to make them confidential to the extent necessary in the interest of one of the parties, other affected persons, or in the general interest of justice or public order (Gowling v Merz and Docket Navigator v Sumi Agro).

Written pleadings and evidence lodged at the court are available to the public upon “reasoned request” (Rule 262.1(b)) to the Registry, with a decision made by the judge-rapporteur after consulting the parties (EOFlow v Insulet and Herbert Smith v Insulet and EOFlow). The request to the Registry should specifically list the documents on the register being sought rather than describing them by category types or vague descriptions (Gowling v Merz).

When a request for public access is made, the interest of the member of public in obtaining access must be balanced against the general interests in Article 45 UPCA, including the protection of confidential information and personal data, and the protection of the integrity of proceedings (Docket Navigator v Sumi Agro and Gowling v Merz). These interests are usually properly balanced if access is given after the proceedings have come to an end (Docket Navigator v Sumi Agro).

Conclusion

The UPC’s approach to confidentiality protection reflects a careful and principled balancing of competing interests: the right of parties to a fair trial and effective remedy on the one hand, and the legitimate need to protect commercially sensitive information on the other. The court’s emerging case law demonstrates a willingness to engage substantively with these tensions, providing practical guidance on the mechanics of confidentiality applications, the composition of confidentiality clubs, and the consequences of breach. As the UPC’s docket continues to grow, its jurisprudence in this area will be of considerable importance to patentees, licensees, and practitioners alike. Parties engaged in, or contemplating, UPC proceedings would be well advised to consider confidentiality protection at an early stage and to ensure that any applications are made in strict compliance with the procedural requirements of Rule 262A RoP.