Israel: TMT (3rd edition)

The In-House Lawyer Logo

This country-specific Q&A provides an overview to technology, media and telecom laws and regulations that may occur in Israel.

This Q&A is part of the global guide to TMT. For a full list of jurisdictional Q&As visit http://www.inhouselawyer.co.uk/practice-areas/tmt-3rd-edition/

  1. What is the regulatory regime for technology?

    Cloud services, as well as OTT services, are not regulated in Israel. With respect to telco related services, the technology is regulated, mainly in the cellular sector, in a number of aspects, as follows:

    (a) Telecom carriers, which have deployed their own network for the provision of their services, are required, to invest in new generation and advanced technologies. Moreover, one of the parameters which is considered when renewing a license, is the amount of investment made by the licensee attributable to the development and technological updates for its network. Currently, the regulator in Israel is formulating a policy for the implementation of 5G in the mobile sector and to expand the deployment of fibre optics throughout Israel, including in peripheral areas, while examining incentives for the operators in domestic fixed-lines, in order to encourage them to invest in upgrading their networks based upon advanced technology.

    (b) With regard to wireless networks, such as the cellular networks, the licensee is required to operate the systems’ radio stations using only the frequency bands which have been specifically allocated to it and as such, the licensee is not allowed to sub-assign them or to enable any other party to use them.

    (c) The licensee should comply with all the specifications prescribed by the regulator, together with all the related standards set out by the applicable international organizations, such as the ITU.

    (d) The licensee will undoubtedly have a contractual engagement with the manufacturer of the equipment installed in the licensee's system, which will ensure the requisite degree of knowledge and experience required for the construction, operation and maintenance of the system and of any part thereof.

    (e) Telecoms operators are subject to Net Neutrality requirements in order to enable consumers to access the Internet and to use any application available, regardless as to which network they are connected or what handset they are using.

    (f) Telecoms facilities (e.g. transmitters, electricity facilities and cellular devices) that emit different types of non-ionizing radiation, such as radio radiation (RF), laser radiation and UV radiation, may be considered non-ionizing radiation sources, and as such are subject to provisions set under the Non-Ionizing Law-2006.

    The Non-Ionizing Law requires the issuance of radiation permits by the Ministry of Environmental Protection for the construction and operation of a non-ionizing radiation source which is subject to payment of fees. An operation permit may be obtained only after the requirements set forth in the construction permit have been fulfilled. In most cases, the construction permit is granted for a period of several months and up to five years, and the operation permit is granted for 1 to 25 years depending on the type and location of the radiation source and additional considerations. The radiation permits may stipulate conditions regarding the permissible radiation levels, the implementation of measures for limiting exposure to radiation, the obligation to conduct radiation measurements and report the results, etc.

  2. Are communications networks or services regulated?

    Communications networks and services in Israel are regulated under the Communications Law. The principal law governing telecommunications in Israel is the Communications Law (Telecommunications and Broadcasting), 1982 (the ‘Communications Law’) and the regulations promulgated thereunder. In addition, the field of wireless communications and the allotment of electromagnetic spectrum in Israel is regulated by the Wireless Telegraphy Ordinance (New Version), 1972 (the ‘Telegraph Ordinance’) and the regulations promulgated thereunder. The Telecommunications Law (section 2), prohibits any person, other than the State of Israel, from providing telecommunications services or performing telecommunications actions without having obtained a license or a permit granted by the Ministry of Communications (MOC), except in the case of certain exemptions which are specified in section 3 of the Communications Law.

  3. If so, what activities are covered and what licences or authorisations are required?

    According to the term "Telecommunications", as defined in section 1 of the Communications Law, this Law covers activities regarding the transmission, transfer or reception of symbols, signals, writing, visual forms, voices or information, by means of wire, wireless, an optical system or other electromagnetic systems. A service provider is defined as any person who operates, installs, constructs or maintains a telecommunications equipment/device/ facility for others – all for "Telecommunications" purposes (see the above definition).

    The Communications Law provides for the granting of these types of licenses: (i) a special license or general permit to perform telecommunications action and to provide domestic or international telecommunication services, which is limited to a certain category of telecommunications action or service, such as transmission services only or private network services. The general permit may be issued subject to the fulfilment of at least one of the conditions detailed in section 4a1 of the Communications Law, such as the condition according to section 4a1 (5), which authorizes the MOC to issue a general permit for the provision of specific services for which a large number of licenses have been issued in a unified format to provide the services, in regard to the provision of internet access services. The general permit enables any person who complies with the eligibility conditions set out in the permit, to only register with the MOC prior to providing telecommunications services; (ii) a general license, which relates to the establishment and operation of a public telecommunications network and for the provision of domestic or international telecommunications services, via such network, such as domestic telephony and data transmission services, fixed or mobile, or the provision of network services, such as broadband connectivity; and (iii) a general united license for the provision of a number of services, including the following: domestic fixed line telecommunications services without a universal service obligation; international telephony; and mobile services by using the telecommunication of another mobile services licensee's network (MVNO).

    In addition, any entity wishing to provide narrowcasting television services through cable or satellite can only do so upon the receipt of a licence. The licensing process is regulated by the Minister of Communications and the Cable and Satellite Broadcasting Council. The Communications Law provides for the granting of four types of narrowcasting television licences: (i) general licences for the provision of multichannel television services via cable network; (ii) general licences for the provision of multichannel television services via satellite; (iii) special licences for the provision of one television channel using such cable network of the general licensees; and (iv) a licence for providing video on demand services.

  4. Is there any specific regulator for the provisions of communications-related services?

    The specific regulator for the provision of telecommunications-related services is, in accordance with the Communications Law, through the Ministry of Communications.

  5. Are they independent of the government control?

    The Ministry of Communications is not an independent authority. It is a ministerial office, controlled by the government of the day.

  6. Are platform providers (social media, content sharing, information search engines) regulated?

    The platform providers are not regulated.

  7. If so, does the reach of the regulator extend outside your jurisdiction?

    Israeli law is territorial, that is to say, it applies only within the territory of the State of Israel, unless otherwise expressly stated in a particular statute or statutory provision which may apply extra-territorially. Being a territorial law, the Communications Law and its licensing requirements apply only if the telecommunications installation is located within the territory of Israel. If it is within the State of Israel, such installation will be regulated and if it is located outside Israel, then the MOC does not have any authority as to the operation of a telecommunications action or service.

  8. Does a telecoms operator need to be domiciled in the country?

    Telecoms operators are required to be domiciled in Israel. Moreover, licensees which are corporations, are required to be incorporated in Israel, and, in the case of a general licensee which is required to deploy and operate a public telecommunications network for the provision of domestic or international telecommunications services, via such network, there is an additional requirement by which its centre of business will be located in Israel.

  9. Are there any restrictions on foreign ownership of telecoms operators?

    There are restrictions on foreign ownership of telecoms operators. According to regulations promulgated under the Communications Law, which set out the procedures and conditions for obtaining a general license for the provision of domestic, fixed or mobile services, or international telecommunications services, via public electronic communication networks, at least twenty percent (20%) of each of the means of control of the applicant for the license should be held directly by an Israeli citizen and a resident thereof, or by a company which is controlled by an Israeli citizen and resident therein (the 'Minimum Israeli ownership requirement').

    According to the regulations with respect to narrowcasting television services, the Minimum Israeli ownership requirement is 26%.

  10. Are there any regulations covering interconnection between operators?

    Interconnections between operators are regulated under: the Communications Law (section 5); under specific regulations on interconnection tariffs for fixed and mobile operators of a public telecommunications network; and according to particular provisions as set out in their licenses.

    The Communications Law authorizes the Minister of Communications to require the operators to provide interconnect services to each other. The default, according to this Law, is to leave the interconnection arrangements to the negotiations between the operators, based on reasonable prices, while granting the Minister of Communications the authority to intervene in any case of disagreement and to give his ruling in regard to any matter in dispute between the parties.

    After realising that the interconnect tariffs set by the operators in the past did not meet the criteria of reasonable price as determined by the Communications Law, since the Ministry of Communications found that they were far higher than the cost required for performing the interconnection, while harming small providers and new competitors entering the market, the Minister of Communications decided to regulate the interconnection tariffs and enacted specific regulations in which the interconnect tariffs are prescribed that reflect a significant reduction in the tariffs, as compared to those charged by the operators prior the enactment of such regulations.

  11. If so are these different for operators with market power?

    The regulations covering interconnection between operators are not different for operators with market power. However, as regards the fixed-line sector, there are additional regulations which apply to operators having their own fixed-line infrastructure, which in fact hold a dominant position. The provisions set out under section 5 of the Communications Law, regarding the interconnection arrangements, apply respectively to the obligation of such providers to give other providers, which do not have a fixed-line infrastructure, access to their facilities, and to enable them to use their network or any component of a network, including passive infrastructure elements, such as pipes, ducts and manholes. This obligation is part of the “wholesale” policy and rules in Israel regarding the fixed-line domestic sector. Wholesale services, including the usage of others operators' network, their prices and the quality of the services are regulated, such that operators which do not have their own fixed-line infrastructure can compete with those which own the infrastructure. In addition to the above, telecoms regulations covering interconnection between operators operator with market power, which constitutes a monopoly in any telecommunications service, is subject to the provisions of the Competition Act, which prohibits, inter alia, the abuse of a dominant position.

  12. What are the principal consumer protection regulations that apply specifically to telecoms services?

    In general, the Israeli Consumer Protection Law, 1981 and the regulations enacted thereunder (collectively: the 'CPL') regulates the relationship between consumers [1] and dealers [2], including telecoms service providers. The CPL sets out various principles and requirements which may apply to telecoms service providers when offering services to Israeli consumers. These include, inter alia, rules regarding on-going transactions (and their cancellation); transactions entered into remotely; indication of prices for services; the matter of size letters in a standard contract; etc.

    One obligation under the CPL (Section 18B) which specifically applies to telecoms service providers (e.g. licensees for the provision of fixed line telecommunication services within Israel, licensees for the provision of mobile radio telephone services, licensees for the provision of cable and satellite broadcasts) is the obligation to maintain a human response call centre, free of charge, the purpose of which is to respond to consumer claims regarding telecom services and to clearly notify consumers regarding the existence of such call centre and its details (such as telephone number and working hours). In addition, the CPL also sets out additional requirements with respect to the operation of the call centre, such as with respect to mandatory response times, maximum waiting times, etc. (the Consumer Protection Regulations (Providing Telephone Services), 2012).

    In addition, there are consumer protection aspects specifically applicable to telecoms services stipulated from the Communications Law and the telecommunications different licenses. In this regard, the principal regulations attributable to consumer protection stipulated from the Communications Law and the telecommunications different licenses, are as follows:

    (1) Contract for the provision of the services to a subscriber - the maximum commitment period for purchasing the services is limited to 18 months and if the subscriber decides to terminate the contract before the end of its period, it will be prohibited (section 51a of the Communications Law) to charge him for any payment thereof, or to deprive him of a benefit that he would have received had he not terminated the agreement or to demand an immediate payment of the balance for the equipment he purchased from his provider. The license determines which information operators are required to be made available to the consumers in the contract, in an explicit, comprehensive and easily accessible form. The minimum contractual information shall include, inter alia, the subscriber's right to cancel the agreement before the end of its term, the duration of the commitment period of the subscriber to the contract, the tariffs of each service, the price of the terminal equipment purchased from the licensee and the terms of payment for it, each benefit given to the subscriber and its extension, information on all restrictions on the access and use of services and applications, the minimum level of service quality offered, as well as information on the service quality indices, the conditions of the disengagement, the arrears interest rates due to non-payment on time, and the conditions for changes in the prices of the service;

    (2) Linkage between services - a licensee is prohibited by law (Section 51b) of the Communications Law) to condition the subscriber's engagement to receive a service to the purchase, rental, lending or lease of terminal equipment from the licensee, including by way of granting a discount or any other benefit;

    (3) Net Neutrality Regulations – it is prohibited (Section 51c(b) of the Communications Law) to cause a restriction to or block access to any service or application provided on the Internet or the use of terminal equipment on any telecommunications network;

    (4) Privacy protection rules – unless a subscriber explicitly agrees, a licensee is prohibited to transfer to others information regarding personal data of the subscriber or his usage of the services, other than to those authorized by law;

    (5) Licensee's duties under the license - to provide its subscribers with the agreed level of service; free of charge access to public emergency services; and, similarly to the obligation pursuant to the CPL as mentioned above, an operating service center to receive requests/complaints from subscribers, details of which are be included in each account, in order to create transparency and clarity; informing subscribers in advance and via SMS, as to the use of a surfing package, before its fully utilized and blocking access to the surfing service after the package has been fully utilized; detailed instructions regarding access to premium services that involve high payments, which are intended to create full transparency towards the subscriber; and a duty on the part of the Licensee to offer the subscriber means to block access to harmful sites for protecting minors and offering free of charge filtering sites service.

    There are also specific regulations for ensuring access to services for disabled end-users, such as offering special handsets for blind people.

    [1] A "consumer" is defined under the CPL as "a person who purchases a product or a service from a dealer within the framework of the dealer's business, mainly for a personal, home or familial use".

    [2]. A "dealer" is defined under the CPL as "any person who sells goods or offers services by way of business, including a manufacturer".

  13. What legal protections are offered in relation to the creators of computer software?

    Software can be protected by copyright, patent, or trade secret, and in appropriate circumstances by claims for unjust enrichment (although this exceeds the scope of the current discussion).

    Copyright

    Software is considered a “literary work” under the Copyright Act 2007 (the 'Copyright Act'), although there is no moral right in software.[3] According to Section 4(a) of the Copyright Act, copyright subsists in any original literary, dramatic, musical or artistic work if it is fixed in any form. Copyright subsists automatically upon creation and there is no registration of copyright in Israel.

    The author of a literary work, including software, is the first owner of copyright in the work and the employer is the first owner of copyright in a work created by an employee during and as a result of his or her employment.

    Under Section 38 of the Copyright Act copyright protection endures for the life of the author plus 70 years after his or her death, subject to certain exceptions. In the case of a joint work, copyright subsists throughout the life of its longest surviving joint author plus 70 years after his or her death.

    Patent

    Patent protection is available when the software is part of a patentable invention; most technological inventions include some form of software. As a general rule, standalone software is not patentable, but according to court and Patent Commissioner Jurisprudence, the fact that an invention contains software will not prevent its registration as a patent. It is questionable whether software combined with a business system is patentable.

    The Patents Law 1967 (the 'Patent Law') governs patents in Israel. Patents only afford protection once they are registered. The Commissioner of Patents, Trademarks, and Designs is responsible for the Patent Registry. Patents have a term of 20 years from application, subject to certain exceptions.

    A patent holder is entitled to prevent any third party from exploiting the invention for which the patent has been granted without his or her permission, either in the manner defined in the claims or in a similar manner.

    Patent owners have the exclusive right to do the following for the duration of the registration:

    (i) in respect of an invention that is a product – any act that is one of the following: production, use, offer for sale, sale, or import for purposes of one of the aforesaid acts; and

    (ii) in respect of an invention that is a process – use of the process.

    As with copyrights, the basic rule is that the inventor is the owner of the rights. In the absence of an agreement to the contrary, the employer is the owner of rights in inventions made by employees during and in the course of his or her service (a “Service Invention”), although in some circumstances the employee may be entitled to royalties from the commercialization of any such Service Invention.

    Patents can be licensed, but in order for a license to be binding upon third parties, it must be recorded with the Israeli Patent Office.

    Trade secrets

    Software – mainly source code - that falls within the definition of “trade secret” under the Commercial Torts Law 1999, is protected as a trade secret.

    Trade secrets are defined as “any business information, which is not publicly known and which cannot readily and legally be discovered by the public, the secrecy of which grants its owner an advantage over his or her competitors, provided that its owner takes reasonable steps to protect its confidentiality”. In theory, there is no limit on the duration of the right. Information can remain protected as a trade secret as long as it remains confidential and does not enter the public domain.

    Usually, the owner of the information owns the trade secret; in an employment relationship the trade secret will belong to the employer. Patent applications that have not yet been published also constitute trade secrets.

    Trade secrets can be licensed and there is no need to record the grant.

    [3] The moral right consists of the author’s rights of attribution and non-distortion.

  14. Do you recognise specific intellectual property rights in respect of data/databases?

    Data per se is not afforded intellectual property protection under Israeli law (although data that constitutes a trade secret will be subject to trade secret protection, as detailed in Section 7 above), nor is there a sui generis database right.

    There is, however, copyright protection for the manner of expression of data (e.g. facts and figures), such that the creator of an original database has copyright in the selection and arrangement of the data, though not in the data itself. The Copyright Act, 2007 protects original compilations, where the definition of “compilation” includes “a compilation of data, including databases”; Section 4(b) of the Copyright Act states that originality in the context of a compilation is the originality of selection and arrangement of the works or data contained therein.

    As noted above with regard to software, in appropriate circumstances rights in data and databases may also be protected by claims for unjust enrichment.

  15. What key protections exist for personal data?

    Israeli law has a high regard for the protection of privacy. Section 7 of the Basic Law: Human Dignity and Freedom, 1992, entitled “Privacy and Secrecy of the Individual”, expressly protects privacy as a basic right of human dignity, elevating it to the status of a fundamental, constitutional right. At the same time, the right to privacy and the protection of personal data is regulated by the Protection of Privacy Law, 1981 (the 'Privacy Law').

    The Privacy Law is viewed as providing for a broad scope of protection, enumerating several activities, each of which constitutes an unauthorized invasion of the privacy of another if done without consent. Consent under the Privacy Law refers to a "knowledgeable consent", such that the individual should receive sufficient information regarding the specific matter in order to be able to assess whether or not to provide his/her consent, and in general the Privacy Law recognizes both explicit and implicit consent.

    Some of the activities that are prohibited under the Privacy Law if done without consent include, inter alia: (a) Eavesdropping prohibited under law; (b) Copying or using without permission of the addressee or writer, the content of a letter or any other writing (including electronic communications) not intended for publication; (c) Infringing a duty of secrecy laid down by a statute in respect of a person’s private affairs; and (d) Using, or passing onto another, information on a person’s private affairs otherwise than for the purpose for which it was given.

    In addition, the Privacy Law also regulates the matter of computerized databases[4] containing personal data and the responsibilities of owners (data controllers), holders (data processors) and managers of such databases. Such responsibilities include, inter alia, registration of databases with the Databases Registrar (the 'Registrar') within the Israeli Protection of Privacy Authority in the Ministry of Justice (the 'PPA') when one or more of the conditions for registration under the Privacy Law are met; to provide a privacy notice to data subjects outlining the data practices relating to the personal data collected; access and correction rights to data subjects; security of the databases; direct marketing; engagement with third parties processing personal data, etc.

    [4] A "database" is defined under the Privacy Law as "a collection of data, maintained by magnetic or optical means and intended for computer processing".

  16. Are there restrictions on the transfer of personal data overseas?

    The transfer outside of Israel of personal data from a database in Israel is regulated by the Protection of Privacy Regulations (The Transfer of Data to a Database outside the State Borders), 2001 (the 'Transfer Regulations').

    The Transfer Regulations prohibit the transfer of personal data from a database in Israel to a database located abroad, unless the receiving country in question ensures a level of protection of data which is not lower than the level of protection provided for under the Israeli law. The Transfer Regulations lay down a number of principles that should be reviewed in order to determine whether or not a country provide an adequate level of protection which enables the transfer of data aboard, including principles which relate to the collection and the processing of the data, the possession, use and the transfer of the data, the reliability and up-to datedness of the data, the grant of the right to view the data and amend it as well as the obligation to take appropriate security measures in order to protect the data.

    Notwithstanding the above, the Transfer Regulations lay down several conditions which enable the transfer of data from a database in Israel to a database abroad, even when the law of the country in which the data is received provides a level of protection which falls below that which is provided for under Israeli law. Upon the fulfilment of any one of the following, the transfer of data, as aforementioned, shall be permitted: (1) the receipt of the consent to the transfer of the data from the person who is the subject of the data; (2) it is not possible to receive the consent of the person who is the subject matter of the data and the transfer of the data is vital for the protection of his/her health or bodily well-being; (3) the data is being transferred to a corporation under the control (i.e. the ability to direct the activities of an entity) of the owner of the Israeli database and it has ensured the protection of privacy following the transfer; (4) the data is being transferred to someone who has undertaken in an agreement, with the owner of the Israeli database, to fulfil the conditions laid down in Israel for the maintenance and use of the data; (5) the data has been published or opened up to the public by an authority under law; (6) the transfer of the data is necessary for the protection of public welfare or security; (7) the transfer of data is obligatory under Israeli law; and (8) the data is being transferred to a database in a country that is either: (a) a party to the European Convention for the Protection of the Individual with regard to Automatic Processing of Personal Information; (b) receives data from member states in the European Union, under the same conditions of receipt; and (c) the Registrar has notified with respect to such country, in a notification which has been published in the Official Gazette, that there exists in such country a designated authority to protect privacy, after it has reached an arrangement for cooperation with such authority (no such notification has been published to date).

    In addition to the fulfilment of the above conditions, under the Transfer Regulations, the owner of the database must ensure (by way of a written obligation from the recipient of the data), that the recipient is taking steps to ensure the privacy of the person to whom the data relates, and that the recipient undertakes that the data shall not be transferred to any person other than himself/herself, whether such person be in the same country or not.

  17. What is the maximum fine that can be applied for breach of data protection laws?

    The PPA is entitled to impose administrative fines ranging from 10,000 NIS (approx. 2,800 USD) to 25,000 NIS (approx. 7,000 USD) for breach of certain provisions of the Privacy Law (e.g. failure to register a database, failure to provide privacy notices, failure to allow data subjects to fulfil their access and correction rights, etc.), whereas for continued violations, the administrative fine will include 1/10 of the amount provided for the said violation, for each day that the violation continues to occur (i.e., a daily fine may be imposed for each day in which the violation occurs following the notice of violation issued by the PPA).

    In addition, a breach of the right to privacy of an individual constitutes both a civil and criminal offence.

    Section 4 to the Privacy Law states that any act or omission in violation of the Privacy Law constitutes a tort to which the Civil Wrongs Ordinance (New Version) shall apply. In this regard, a person who has been harmed may file a claim for damages against the infringing party without limitation in amount (as long as such damages are proven) and also file a petition for certification of a class action. In addition, according to Section 5 of the Privacy Law, the breach of privacy also gives rise to a criminal offense. Where the infringement is committed wilfully, the offence is punishable by up to 5 years imprisonment.

    Section 29A(a) of the Privacy Law authorizes a court to order a person who has been convicted under Section 5 of the Privacy Law to pay the injured person statutory damages of up to approx. 50,000 NIS (approx. 14,000 USD; linked to the Consumer Price Index). In addition, Section 29A(b) of the Privacy Law states that in a civil tort proceeding under Section 4 of the Privacy Law, the court may order the defendant to pay the plaintiff statutory damages of up to 50,000 NIS as well. However, in civil tort proceedings where it is proven that the infringement of privacy was carried out with intent to cause harm, the court may order the defendant to pay the plaintiff statutory damages of up to 100,000 NIS (approx. 28,000 USD).

  18. What additional protections have been implemented, over and above the GDPR requirements?

    The GDPR is not applicable in Israel. Although not a point of difference, the Israeli Protection of Privacy Regulations (Data Security), 2017 set out a more comprehensive and detailed requirements and obligations with respect to data security applicable to computerized databases (depending on the protection level to which a specific database is subject (high, medium or basic)) than the mere general obligation to take appropriate technical and organisational measures to ensure the level of security that is appropriate to the level of the risk under the GDPR. In addition, as set forth above, under the Privacy Law, data controller who maintains computerized database is required to register such database with the Registrar.

  19. Are there any regulatory guidelines or legal restrictions applicable to cloud-based services?

    Cloud services are in principle permitted in Israel, however, the use of cloud-based services is subject to the provisions of the Privacy Law (and the regulations enacted there under) (to the extent data contained in the cloud is considered personal data), to specific guidelines issued by the PPA in relation to the use of outsourcing services for processing of personal data (directive 2/2011) and to specific guidelines pertaining to the use of cloud services in specific sectors, mainly in the public sector and in the banking, health and financial sectors.

    The above mentioned sector-specific guidelines set out various rule and principles in relation to the use of cloud-based services (whether with respect to personal and non-personal data). These include, inter alia:

    • Corporate governance requirements;
    • Risk management;
    • Prior approvals from the applicable regulator for the use of cloud-based services with respect to certain operations;
    • Engagement with third party cloud service providers, including the obligation to maintain audit and control measures over the activity of the service provider;
    • Mandatory security standards to be implemented by the cloud-based service provider;
    • Mandatory provisions to be included in tenders for the provision of cloud-based services to public bodies.
  20. Are there specific requirements for the validity of an electronic signature?

    In general, the issue of electronic signatures[5] is regulated under the Electronic Signature Law, 2001 (the 'Electronic Signature Law'). Under the Electronic Signature Law, an electronic signature will not be deemed inadmissible solely because it is an electronic signature.

    However, with respect to document that is legally required to be signed, an electronic signature will be sufficient and valid when the electronic message is signed with (a) a Certified Electronic Signature ; or (b) other electronic signature, provided the type of signature[6] used is adequate to fulfill, to a sufficient degree of certainty, the purposes of such requirement (this is a vague standard that has not yet been examined by the Israeli courts). At this stage, the only documents that cannot be signed by some form of electronic signature are certain inheritance-related documents. In addition, we note that most government agencies will not accept electronically signed documents, and documents that are required to be filed with various registries and governmental authorities are still required to be manually signed.

    [5] An "electronic signature" is defined under the Electronic Signature Law as "a signature that is electronic data or an electronic sign that is attached to or associated with an electronic message". An "electronic message" is defined under the Electronic Signature Law as "information produced, sent, received or stored by electronic or optical means, which is visualized, read, heard or retrieved by aforesaid means".

    [6] An electronic signature will be "certified" if (a) It complies with the requirements for a "secure electronic signature"; and (b) The signing device used to produce it has been verified by a registered certification authority, namely an authority that issued electronic certificates confirming that a certain signing device belongs to a certain person, and is registered in a registry existing under the Electronic Signature Law. An electronic signature will be "secure" if it complies with the following requirements: (a) It is unique to the owner of the signing device (a signing device is "unique software, a unique object or unique information required for producing a secure electronic signature"); (b) It allows apparent identification of the owner of the signing device; (c) It has been created using a signing device that is under the sole control of the owner of the signing device; and (d) It allows detection of any change to the electronic message subsequent signing.

  21. In the event of an outsourcing of IT services, would any employees, assets or third party contracts transfer automatically to the outsourcing supplier?

    There are no laws regarding an automatic transfer of employees and nor is there is automatic transfer of third party contracts or assets under law in the case of an outsourcing agreement. Generally, the parties will negotiate an outsourcing agreement, and include therein, detailed provisions to facilitate the relevant transfers, and the methods of transfers. Moreover, employees cannot be transferred automatically, and there is a legal requirement to explicitly obtain their consent to any transfer from one employer to another.

  22. If a software program which purports to be a form of A.I. malfunctions, who is liable?

    There is currently no straightforward answer for this question as various legal doctrines may apply, depending on the context and various factors. Further, the current main liability regimes do not fully or adequately resolve the challenges posed by AI-based programs.

    Under the current main liability regimes, products liability law may be the most adequate doctrine for applying liability in this scenario. Under products liability law, the manufacturer of the software will be held liable for harms caused by a software with an unintentional defect (namely, the program does not function as intended due to a manufacturing failure or defect against the manufacturer’s specification), or where a design effect occurred, or where provision of instructions or warnings could have reduced or avoided foreseeable risks of harm. However, this doctrine is generally limited to physical injuries and damages to property and cannot necessarily account for other types of damages (such as violations of privacy). Moreover, the application of product liability in the context of AI-based products is challenging with respect to AI-based products that, by nature and at least to some extent, perform in an unforeseeable manner (in which event, if the product operated as intended then the products liability may not apply).

    The negligence regime may also potentially apply to this scenario. Under the negligence doctrine, the manufacturer of the program may be held liable if it acted at fault, namely if it breached a duty of care (i.e. the duty to act as a reasonable person). However, negligence as a liability regime may be inadequate due to the expected difficulty to set the level of care in the context of AI-based programs, specifically given that the duty of care and the standards for reasonable precautions are dependent on a baseline that is constantly changing in these technological fields, and are disrupted by new types of unexpected harms and a general lack of foreseeability, undermining both the concept of breach of duty and the general concept of causation.

  23. What key laws exist in terms of: (a) obligations as to the maintenance of cybersecurity; (b) and the criminality of hacking/DDOS attacks?

    a) obligations as to the maintenance of cybersecurity; and

    With respect to obligations as to the maintenance of cybersecurity, the Privacy Protection Regulations (Data Security), 5777-2017 (“Data Security Regulations”), implemented the data security requirements of Israel’s Protection of Privacy Law, 5741-1981. The Data Security Regulations require owners and possessors of personal data to implement various security measures to protect personal data (such as access controls, monitoring for vulnerabilities, use of encryption, etc.).

    In addition, specific regulators have issued regulations imposing minimum standards with respect to cybersecurity, such as the guidelines to financial institutional entities published by the Commissioner of the Capital Market, Insurance and Savings at the Israeli Ministry of Finance, which includes guidelines for managing cyber risks within specified institutions and adopting certain measures to enhance cyber protection; the guideline issued by the Banking Supervision Department of the Bank of Israel applicable to banks; the position statement published by Israel Securities Authority (ISA), addressing public companies’ required disclosures for all cyber-related issues; and more.

    b) The criminality of hacking/DDOS attacks?

    The two main Israeli cybersecurity-related statues addressing the criminality of hacking/DDOS attacks are the Computers Law, 5755-1995, and the Penal Law of 5737-1977.

    Both the Computers Law and the Penal Law criminalizes hacking and prohibits, among others, programming software to carry out an illegal operations, including:

    • Disrupting the proper operation of a computer or interfering with its use, or deleting, altering or disrupting computer material;
    • Unlawfully penetrating computer material;
    • Composing a software program in a manner that enables it to cause damage to or disruption of a non-specific computer or computer material.
  24. What technology development will create the most legal change in your jurisdiction?

    The OTT platform will create a significant legal change. The increasing demand for Audio-Visual content provided via the Internet platform, instead of consumption of "traditional" multi-channel TV, such as Cable or Satellite TV. Foreign content service provides (Netflix, Amazon Prime and others), as well as local telecoms operators, are offering a variety of "TV like" content to the Israeli public, at attractive prices, while competing with the Israeli Cable TV and Satellite operators. Since OTT services are not at all regulated, whilst the "traditional" TV operators are heavily regulated, a problematic competitive imbalance has been created in the Media market which led the Government, following public consultations and recommendations of several committees, to publish a Bill according to which, regulation would be applied to the provision of audio-visual content over the Internet, to the extent that the providers are Israelis, alongside a relieving regulation which applies to multi-channel TV operators. With regard to foreign providers, the Government is considering whether to impose a duty for such providers to pay taxes, since they collect revenues from their subscribers in Israel in respect of the content services provided by them.

    The Internet of Things, M2M services, and other such network-connected smart devices, will also give rise to and spur significant legal changes. These technological developments will require a real reform and re-perception of the basic norms of existing tort law and contract law. The existing legislation is inapt for this new technology in which machines/devices are capable of entering into contracts with other machines/devices and things/vehicles, in order to operate without human intervention. It will require a new legislative approach that will need to address the contractual and tortious aspects. For example, when an autonomous car or a machine causes an injury or damage, the tort law should address the question who bears tort liability in the event of an injury occurring and whose fault it is or when damage has occurred as a result of the transfer of misinformation from one machine to another, who will bear the damage and how will the mens rea - the "intention of the parties", be interpreted or apply, which is currently a basic rule of contract and tort law.

  25. Which current legal provision/regime creates the greatest impediment to economic development/ commerce?

    The Israeli telecommunications regulator is a government ministry, controlled by the government. As such, it is subject to the restrictions of the government apparatus, in terms of manpower and budgets. It is also dependant on government decisions when requiring confirmation. Since the Minister is appointed for a short period of term – 3-4 years, between the parliamentary elections, this invariably results in there being no long-term policy, which causes uncertainty in regard to the regulatory framework and prevents investment in developing the communications infrastructure. Delay in upgrading the infrastructure technology, especially the deployment of 5G technology in the mobile network and in fibre optics networks in the fixed-line sector, could harm the national economic growth which advanced communications networks can offer.

  26. Do you believe your legal system specifically encourages or hinders digital services?

    Israel's legal system encourages the use of digital services by adopting regulatory and legal approach, which supports and encourages the development of new technologies and does not impose an excessive licensing regime for digital services. The provision of content services via the internet platform is not regulated. OTT services in general are not regulated although they compete with regulated content related services. Net-neutrality regulations are imposed on telecoms operators to ensure non-discriminatory access to network infrastructure, and to enable availability of any application which is provided to every consumer.

    However, in order to allow the development of IoT and M2M products and services, the regulator should re-evaluate the barriers in the licensing regime for implementing such services, such as using embedded foreign sim cards or using foreign numbers or granting specific mobility licenses.

  27. To what extent is your legal system ready to deal with the legal issues associated with artificial intelligence?

    There is currently no legislation in Israel that specifically deals with artificial intelligence. General consumer protection laws will apply to legal issues in respect of the use of artificial intelligence software. However, they may be inapplicable to certain liability issues since these do not deal with virtual acts or omissions and as such, cannot be based on the concept of mens rea and thereby, attributing liability or fault for causing damage. Accordingly, issues of liability will inevitably be more complex with regard to artificial intelligence. In this regard, artificial intelligence will require legal systems to fundamentally change the concept of basic legal norms.