Brexit Checklist for US Technology Businesses

Following a lengthy departure process, the UK exited the EU on 31st January 2020 and the Brexit transition period ended on 31st December 2020. The EU-UK Trade and Cooperation Agreement has been given effect from 1st January 2021.

US Tech businesses need to be aware of the key implications for their businesses arising from the UK’s new status as a “third country” outside the EU.


There is now no free movement of people between the EU and the UK. The EU-UK Trade Agreement includes a framework for new mobility routes for business travelers but does confer any new residence rights.

EU nationals who were lawfully resident in the UK at the end of the transition period and wish to stay in the UK can continue to reside in the UK. They must register in order to preserve their rights under UK law.

British Citizen employees residing and working in the EU must comply with national requirements to protect their continued right to reside and work in that Member State after the end of the transition period.

For people moving to the UK after the end of the transition period, there are new immigration rules which will apply to all non-UK nationals. Applications can now be made for the new Skilled Worker and Intra-company Transfer visa.

For Tech companies in the UK the message is clear. Whilst freedom of movement for EU nationals to the UK has ceased, most work visa restrictions have been removed. It will be much easier to sponsor non-UK nationals as new hires.

Data Protection

EU to UK data transfers: Transfers of personal data from the EU to the UK now constitute a transfer of personal data to a "third country". As the UK does not yet have an adequacy decision, the EU-UK trade agreement includes a temporary arrangement allowing personal data transfers for 4 months (extendable up to 6 months). During this period alternative safeguards, such as Standard Contractual Clauses, are not required.

Data transfers from the UK: The UK will continue to treat EU countries' laws as adequate. On this basis, transfer adequacy mechanisms are not needed for UK to EU data transfers.

Personal data transfers to other jurisdictions will be as per the pre-Brexit position. EU adequacy decisions, and alternative safeguards are recognised for these transfers.

Lead supervisory authority and representative issues: The GDPR "one stop shop" no longer applies in the UK for investigations that have a multi country dimension. Organisations could face distinct investigations and sanctions in the UK and the EU. In a large-scale data breach, for instance, both the ICO and at least one EU regulator may need to be notified, and each could follow up with distinct investigations and sanctions.

Trade, tax and tariffs

Trade between the EU and UK and vice versa is tariff and quota free but customs declarations and procedures are necessary for the import and export of goods into and out of the EU and GB. UK businesses must have an Economic Operator Registration and Identification (EORI) number. For VAT purposes, businesses which have relied on a UK-based Mini One-Stop Shop (MOSS) need to re-register in an EU jurisdiction.

Until 30 June 2021 there will be a simplified import customs clearance system for imports into the UK from the EU. From 1 July 2021, full formalities will apply. Full export declarations for exports from the UK to the EU are required from 1 January 2021.


The EU-UK Trade Agreement does not include any provisions relating to the enforceability of business contracts or the mutual recognition and enforcement of judgments.

On the choice of governing law, the Rome I and Rome II EU Regulations governing the choice of law have been incorporated into UK law and continue to apply.
On enforceability, for cases commenced after 1 January 2021 the Hague Convention will be applicable and the UK may accede to the Lugano Convention in due course. Hague only applies to exclusive jurisdiction clauses and the enforcement of judgments based on these clauses in civil and commercial matters. In other cases, English courts will apply common law rules which are generally less predictable.

Practically speaking, permission to serve a claim outside of the jurisdiction will almost always be required (unless the Hague Convention applies). 

Online Tech Services - Regulatory Compliance

The EU eCommerce Directive no longer applies to the UK. Article 3 of the Directive provides “passporting” protection for EU established online service providers allowing them to operate in any EEA country while only following relevant rules in the country in which they are established.

UK companies providing online services across the EU now need to comply with the national rules applicable to their services in each EU country where their services are available


EU trademarks and registered and unregistered community designs no longer have effect in the UK. Comparable UK trademarks and registered community designs have been automatically created, at no charge, with effect from the end of the transition period.

This does not apply to pending applications. Companies with pending applications should apply to register a comparable UK trademark as soon as possible. For new filings, companies should dual-file in the EU and UK.

Software export controls

The UK is now a “third country” for EU export control purposes. The EU General Export Authorisation for the export of all dual use items (including encryption software) now covers exports from the EU to the UK. For transfers from GB to the EU, an Open General Export Licence (OGEL) covers the export of dual use items (including encryption software).

Conformity Assessments (CE marks)

Conformity assessments carried out by UK conformity assessment bodies prior to the end of the transition period are no longer valid for EU purposes.

In the UK, it will be possible in most instances to use the EU CE mark until 1 January 2022. The new UK Conformity Assessed (UKCA) mark is also available and must be used after 1 January 2022.


The EU Geo-Blocking Regulation has been revoked in the UK. As a result, companies are not prohibited from discriminating in the UK between EU customers and UK customers in their on-line businesses. Within the EU27 the EU Regulation will continue to apply to UK businesses.


Companies operating in the UK and the EU should consider potential exposure to parallel investigations by the European Commission and UK Competition and Markets Authority (CMA).

Further detail on all of these issues is available at Bird & Bird Brexit Hub

Latest insights

More Insights
Egg Timer

One step closer to the final approval of the eIDAS regulation reform

Mar 01 2024

Read More

Women in Tech powered by Bird & Bird: At the forefront of innovation - Key takeaways from Nima Tisdall, Nordic Makers

Mar 01 2024

Read More
surveillance cameras

Low-value data breach claims: death by 1000 cuts

Mar 01 2024

Read More