OpenLobby.EU
Explore

The International Tax Stamp Association Limited

ITSA

ITSA is working to ensure better understanding of the benefits of modern tax stamps and secure track and trace systems and their role in the fight against illicit trade.

Lobbying Activity

Response to Implementing act under Article 15(11) of the Tobacco Products Directive 2014/40/EU

2 Oct 2017

ITSA represents an industry with longstanding proven expertise in supplying independent systems for tax stamps, product authentication and secure track and trace. The industry is concerned that the act guarantees neither independence from the tobacco industry nor security against illicit trade. It is also concerned that the act does not allow for a completely interoperable system based on open standards. ITSA demands that substantive changes be made to the act to take account of the factors set out below. INDEPENDENCE The act allows producers to print the UI onto the product, using an electronic file received from an independent issuer. Although the UI itself will be genuine, if producers are free to print it, there is nothing to stop them from printing the same UI multiple times – or not at all – or in such a poor quality that it is unreadable. Producers are therefore given a window of possible manipulation of the UI, which is not acceptable. Producers are also required to verify the UI themselves. The verification system cannot detect if a single UI has been printed multiple times (given that the non-compliant producer will only record one of the printed UIs in the system). Furthermore the system, as proposed, will not be able to detect a UI if it is poorly printed or raise the alarm over a pack carrying no UI at all, and it would be almost impossible for inspectors to differentiate between valid and invalid UIs. Apart from failing to provide a guarantee of independence, the involvement of producers in printing and verifying the UI also fails to comply with the WHO FCTC and its Protocol, which state that Member States may not delegate duties assigned to them to the tobacco industry and that interaction with this industry must be kept to the strict minimum. Therefore, ITSA recommends the UI is only supplied to the producer as a pre-printed, secured label, such as a tax stamp, which he then registers on the production line before applying to the product. The UI would thus be quality-controlled and authentic and the risk of duplicates would be eliminated. The act should be modified accordingly. INTEROPERABILITY ITSA’s concern is that the UI described in the act is essentially a proprietary code and not a standard. It is not because the form of the code matches an ISO standard that its content will also meet that standard. This means that to ensure EU-wide interoperability, all Member States would need to use the same proprietary encryption method. This contradicts other facets of the act, and is also anti-competitive. ITSA contends that Member States should have the right to select their own solution while ensuring FCTC compliance and interoperability. To guarantee such interoperability, as well as independence from the tobacco industry, the UI should follow international standards. ITSA recommends the use of an eIDAS-based, trusted environment for the mutual recognition of signatures between all Member States. The eIDAS regulation comes into force in January 2018 and should be made full use of in the TPD to align Member States on a solid foundation. The act should be modified accordingly. SECURE TRACEABILITY ITSA is concerned that traceability is viewed as a separate matter from security features, without due attention given to the security needed to protect the UI itself. For any secure traceability solution to work the physical/digital combination is essential. If unsecured codes for track and trace are used in isolation, without integration into visible and covert security elements, this opens the door to valid codes being duplicated (or cloned) onto unauthorised products – with nobody any the wiser, since the codes may look the same and ostensibly perform the same function. To avoid this risk UIs should carry physical security features. Alternatively – and in ITSA’s view the best method – the UI can be combined with Article 16 security features on the same label or tax stamp.
Read full response

Response to Implementing act under Article 16(2) of the Tobacco Products Directive 2014/40/EU

2 Oct 2017

ITSA represents an industry with longstanding proven expertise in supplying independent systems for tax stamps, product authentication and secure track and trace. The industry is concerned that the act guarantees neither independence from the tobacco industry nor security against illicit trade. ITSA demands that substantive changes be made to the act to take account of the factors set out below. INADEQUATE INDEPENDENCE A key concern is that only 1 out of the 5 required authentication elements must be provided by an independent third party. Does this mean that the other 4 features can be produced by the producers themselves, under their control? We strongly question the premise that this represents an independent solution and do not believe that the integrity of the solution can be assured if this is the case. Furthermore, the act states ‘The combination of different authentication elements should be required as an important step in guaranteeing that the integrity of the final security feature… is well protected’. But how can this combination be considered secure if only one of the elements is sourced from a third party? In ITSA’s view it is critical to the security of the solution that all 5 authentication elements be provided by an independent third party, and defined by Member States rather than producers. LACK OF HARMONISATION Another concern is that the act is not prescriptive enough to ensure a harmonised framework of EU-wide security feature standards. It merely requires that each Member State communicates to producers the types of authentication elements allowed, and that these include at least the 12 elements listed in the annex. This infers that as long as Member States have ‘communicated’ the allowed elements, producers can select their own features. This will lead to a patchwork situation where different brands in different states carry different authentication elements. This is not a harmonised solution and undermines the ability of Member States to carry out their enforcement duties. It is ITSA’s view that Member States should be free to choose approved security features, as is the case with travel documents across the world. INADEQUATE SECURITY FEATURE DEFINITION There is no measurable criteria by which supplementary authentication elements (in addition to those in the annex) are defined. The act does not define any standards for Member States to determine these elements. The draft also contradicts itself in that, on one hand, its says ‘the technical standards for security features should give due regard to the high degree of innovation that exists in this area’. Yet it lists a set of incomplete measures that ignore some proven technologies, and even includes some ineffective security features in its annex: - Incomplete, because, for example, nowhere are holograms mentioned on the list. This omission is difficult to understand considering that holograms are a key high-security technology already used on tax stamps in 7 member states and on other security documents. This technology must therefore be included in this list in order for it to have any value; - Ineffective, because elements such as watermarks (which are also on the list) are only effective on items such as banknotes which allow the light to pass through them. FAILURE TO ACCOUNT FOR PROVEN EXPERTISE The drafting process constitutes a breach to the Protocol, which clearly states: ‘Each Party shall establish […] taking into account their own national or regional specific needs and available best practice.’ The EU, as Party to the Protocol, should have sought to understand the specifics of tax stamps, and the reasons why 23 out of 28 Member States use such programmes. It could have visited some of the production lines around the world – qualified as best international practices by the WHO – where tax stamps are used as traceability vehicles. The act and annex on security features should be modified accordingly
Read full response

Response to Delegated act under Article 15(12) of the Tobacco Products Directive 2014/40/EU

2 Oct 2017

ITSA represents an industry with longstanding proven expertise in supplying independent systems for tax stamps, product authentication and secure track and trace. The industry is concerned that the draft guarantees neither independence from the tobacco industry nor security against illicit trade, and demands that substantive changes be made to the draft to take account of the factors set out below. CONFLICT OF INTERESTS With regard to the data repositories, ITSA believes that producers are given too much room to choose their own data repository provider, since they will be the ones contracting with and paying the provider of the primary repository. This represents a conflict of interests when one considers that certain producers have been accused of malpractice (vis UK case against BAT for oversupply within the EU). This is multiplied by the suggestion that the providers of the primary repositories would ‘appoint among themselves’ a provider of the centralised, secondary repository into which the primary repositories are fed. In ITSA’s view, the provider of the secondary repository should not be a provider of any primary repository, as this would lead to a possible conflict of interest between Member State's objectives and those of the tobacco industry, as well as to issues relating to impartiality and supplier favoritism. Such delegation to the producers undermines Member State control, in contradiction therefore with the provisions of the WHO Protocol which the EU and numerous Member States have collectively and individually signed or ratified. We strongly recommend that it be the Member States that choose the secondary data repository provider. Furthermore, we contend that a unique EU data repository, hosted by DG SANTE (as opposed to primary and secondary repositories designated by the tobacco manufacturers) will do a more secure job of consolidating all UIs into an interoperable solution that offers intra-EU controls in real time and that can, in due course, be connected to the Global Information Sharing Focal Point (GISFP) foreseen in the WHO Protocol.
Read full response