This article attempts to provide a short overview on certain legal issues arising in the context of charging stations, in particular data protection and IT security matters.
1. Parties involved in e-charging station infrastructures
To facilitate a wide coverage for a Swiss e-charging infrastructure, more than one party is usually involved. First, there is the driver of an electronic vehicle (the client or simply "User"), second, most likely a Mobility Service Provider ("MSP") and thirdly, a Charging Station Operator ("CSO"). The latter does not need to coincide with the MSP. The latter are mostly different gas station operators or facility owners scattered throughout Switzerland's territory. They mostly act in their own name and on their own behalf, but cooperate with MSPs. Finally, it is not uncommon for MSPs and CSOs to use intermediary service platforms or so called "roaming providers" ("RP"). RPs enable the Users to also use e-charging stations from other MSPs (and not just those in the MSP's network).
In terms of relevant contracts, the User usually enters into a service agreement with the MSP while MSPs and CSOs usually enter into an internal agreement with each other (see further details later). Finally, the MSPs and CSOs usually also have a "brokering contract" with the RP in place.
Let's look at these contractual relationships a little bit in more detail:
1. Mobility Service Provider
The MSP provides a charging infrastructure to the User. In order to make this infrastructure available, the MSP usually manages charging cards and/or offers a mobile application ("App") with which Users can identify themselves and start the charging process at an e-charging station. Usually, the MSP assigns a personal static customer ID-number ("E-mobility ID") to the User, which then authorizes him to charge. The relationship between the MSP and the User is usually governed under an agreement, which may contain various promises, but it is most likely qualified as an "electricity supply contract" with various additional service aspects (such as e.g. access to roadmaps and gas station location guidance). Charging activities are invoiced to the User (either through the App, which often operates credit card-based in-App purchase or by way of regular invoicing).
2. The Charging Station Operator
An e-charging station is usually operated (i.e. installed and maintained) by the CSO. In practice, it is not uncommon for the e-charging station not to be owned by the CSO, but leased from a third party. The CSO has usually concluded an access agreement with the MSP. A joint IT-backend usually interconnects the CSO and the MSP. It is used to approve charging requests or to bill charging processes. Via this backend, on one hand, the MSP "approves" the User at the e-charging station and, on the other hand, the CSO transfers the data collected during the charging process to the MSP in order to make the MSP able to bill the User for the charging process.
3. Roaming Providers
It is not uncommon for MSPs and CSOs to use intermediary service platforms or roaming providers ("RP"). These RPs enable the User to also use e-charging stations from other operators (and not just those in the MSP's network). MSPs and CSOs each have a "brokering contract" with the RP.
4. Other involved parties
In an e-charging station infrastructure, there are regularly other players, such as the owner of the e-charging station (if this is not the CSO itself), the electricity supplier or the distribution network operator, who have concluded grid connection contracts with the MSP or CSO.
2. Data flows in the electronic charging process
At the start of a charging process with an e-charging station, Users usually identify themselves either (i) by selecting the e-charging station in the customer portal of their mobile App or (ii) by connecting the MSP Charging Card to the e-charging station (usually using an RFID tag) or (iii) directly via the vehicle's charging cable (known as the "Plug and Charge" method). Either method enables the allocation of the charging and invoicing process to the relevant charger involved. In all three constellations, the User's E-mobility ID is transmitted to the e-charging station, thus, to the CSO. The E-mobility ID is in essence an anonymized key-number. The MSP confirms the successful identification of the User to the CSO via a backend database and the CSO then releases the e-charging station for the User to charge. Finally, at the end of the charging process, the CSO transmits a charging protocol containing the E-mobility ID and the parameters of the charging process (e.g. number of the e-charging station, charging period, amount of electricity) to the MSP via a measuring instrument of the e-charging station (so-called smart meter). This serves for ultimate billing purposes.
3. Existing regulatory framework
3.1 Requirements for electrical energy meters
E-charging stations contain an electrical energy meter that displays active energy. Electrical energy meters contain considerable potential for abuse and musttherefore meet special requirements. These requirements follow from the European Measuring Instruments Directive 2014/32/EU ("MID"), which Switzerland has implemented into national law unilaterally under the Measuring Instruments Ordinance ("MessMV") as well as the Ordinance of the FDJP on measuring equipment for electrical energy and power ("EMmV"). Among others, the EMmV outlines technical requirements for electrical energy meters and includes regulations on the procedures for placing them on the market and for maintaining their measurement stability (i.e., electrical energy meters must be recalibrated regularly by an authorized verification body).
At present, only certain e-charging stations are subject to the EMmV (in particular so-called "wallboxes" in parking garages belonging to tenants or condominium owners). Under the current EMmV, electrical energy meters installed in e-charging stations that are only used by "short-term customers" are not subject to the EMmV (see Art. 2 para. 2 let. a EMmV). Consequently, many of these "public" e-charging stations are often not compliant with the requirements set by the EMmV and, in particular, do not have the necessary EU declaration of conformity.
The Swiss Federal institute of Metrology (METAS) is currently preparing a revision of the EMmV, which may include regulations on electrical energy meters for e-charging stations used by short-term customers. The revision aims to take into account the increased importance of electromobility since the EMmV originally entered into force in 2015. On the one hand, the revision targets more comprehensive protection of short-term customers against abusive measuring and, on the other hand, the promotion of fair competition between the various providers of e-charging stations. Transitional provisions are envisaged to ensure that the affected e-charging stations may continue to be used for a transitional period after the EMmV-revision comes into force.
A consultation of interested parties on the EMmV-revision took place until December 29, 2023. When the revision can enter into force depends, among other things, on the results of this consultation. As a rough timeline, the metrological regulation of e-charging stations is expected to be revised on July 1, 2024. Pursuant to the current draft of the revision of the EMmV, a transitional period of probably 3 years after the entry into force of the revision is planned for electrical energy meters at e-charging stations for short-term customers in order to ensure that the affected e-charging stations may continue to be used temporarily.
New Media & Technologies
Changing business models through new technologies
3.2 Qualification issues under data protection law
3.2.1. Personal data
As part of the charging process, personally identifiable data of the User will or may be processed: The User's information collected by the MSP (name, address, bank information) is personally identifiable data. User and MSP are in a classical Customer – Provider – Relationship and they know of each other. The E-mobility ID known to the CSO is in essence pseudonymized, but it may become identifiable when a connection between the data of the e-charging station and the MSP's backend occurs. While some MSPs have a validation system in place under which no personal data is shared with the CSO, some MSP may disclose the identity of the User to the CSO if this is necessary for billing purposes. Thus, depending on the models chosen, we must assume that CSO's could also have access to personally identifiable data and must consider obligations arising under data privacy legislation.
3.2.2. Roles of parties involved
From what can be seen in practice, MSP and CSO often each decide separately on the purposes and means of processing of data. CSOs view Users driving by as their own customers. Often, they not only e-charge, but also buy groceries in their local store and/or spend time in the restaurant and CSO has an intrinsic interest in shaping his attractiveness and relationship to each User. Therefore, assuming that personal data is at stake for both parties, we believe that each party (MSP and CSO) are oftentimes likely to be qualified as data controllers on their own or possibly joint controllers when it comes to the e-charging facilitation – depending on the specific set-up between the MSP and the CSO. If and to the extent that CSO acts merely under the instructions of MSP as pure aiders, payment facilitator, unable to gather any personal data from Users at all, a qualification as mere processor may sometimes also be possible.
The qualification as of MSP and CSOs as sole or joint controller(s) entails certain consequences:
- Information duties (art. 19 para. 1 FADP, art. 21 para. 1 FADP) and access right procedures (art. 25 FADP) apply directly to each controller. In other words, each controller will usually have to inform users on data exchange/sharing with the other controller and provide reference to the other controller's data privacy policy for further information.
- Furthermore, each controller is obliged to keep records of his personal data processing activities (with minimum requirements set out in art. 12 para. 2 FADP).
- Finally, controllers with residence abroad are obliged to designate a representative in Switzerland (art. 14 para. 1 FADP). This might be applicable if e.g. Users/drivers from Switzerland transit to CSOs abroad and use their infrastructure.
- Before processing personal data, controllers are obliged to conduct a data protection impact assessment ("DPIA") if the intended data processing may lead to a high risk for the data subject's personality or fundamental rights (art. 22 et seq. FADP). There are no obvious indications that MSPs or CSOs would engage in highly risky processing (no sensitive data and mostly pseudonymized).
- In case of high risk data security breaches, a controller is obliged to notify the Swiss Federal Data Protection and Information Commissioner ("FDPIC") and, if applicable, the data subject – whereas a processor would only be obliged to notify the controller (and not the supervisory authority).
- Aside from the above overview, controllers are obliged to meet further obligations established in more detail in the Swiss Federal Data Protection Act ("FDPA").
3.2.3. Legal grounds of justification
The Swiss FADP is based on a quiet liberal understanding of data processing activities. In other words, the FADP generally permits the processing of personal data as long as established data processing principles according to Art. 6 FADP are complied with, such as e.g. lawfulness, good faith, transparency, proportionality, purpose-limitation of processing. On the other hand, for the event that such principles cannot be met resp. are violated, the FADP provides for grounds of justification that can work as a basis for processing as well: For instance, (i) consent of a data subject (Art. 31 para. 1 FADP); (ii) overriding public or private interest or justification under statutory law (art. 31 para. 1 FADP); or (iii) data processing of the contractual party in direct connection with the conclusion or the performance of a contract (Art. 31 para. 2 lit. a. FADP). We believe that the FADP would generally permit the processing of personal data in the described data sharing mechanism between MSP and CSOs. This sharing is inherent part of the business model the Users subscribe to and usually made transparent in advance. Nonetheless, even if one was to assert a violation of such principles, the following justification arguments would likely apply:
- Exchange and validation of E-Mobility-ID (possible via RP):
By validating the E-Mobility-ID and transmitting it to the CSO (possible via RP), the MSP processes personal data of the User in direct connection with the performance of the contract between MSP and User. This should qualify as a justification under Art. 31 para. 2 lit. a. FADP. The purpose of the collection of the E-Mobility-ID by CSO is to authenticate the User in view of the contract concluded between MSP and User. Based on the wording of Art. 31 para. 2 lit. a. FADP, we believe it is not detrimental that the CSO is not a direct party to this contract, since the CSO is a sub-contracted party involved in the overall electricity-distribution scheme. What's more, agreements between the MSP and the User might even provide direct claims of Users against CSOs. Furthermore, the processing is most likely carried out under overriding private interests of the MSP and the CSO under the general clause of Art. 31 para. 1 FADP. Given the fact that the E-Mobility-ID is a pseudonym and no further personal data of the User is transmitted to the CSO in this context, the processing also appears proportionate and limited by its necessary purpose (art. 6 para. 2 FADP).
- Creation of the charging protocol and its submission from CSO to MSP (possible via RP):
As stated above, a ground of justification for the creation of the charging protocol and its submission to the MSP can be seen in the performance of the contract between MSP and User (Art. 31 para. 2 lit. a FADP) and in the overriding private interests of MSP and the CSO (Art. 31 para. 1 FADP). As outlined above, the MSP is User's contact point and responsible for invoicing the charging sessions and providing the User with details on it. If the CSO should envisage using the charging protocol, i.e., to prepare statistical analyses and reports to optimize his own services, i.e., processing of personal data for non-personally identifiable purposes, but only for research and statistics, Art. 31 para. 2 lit. e. FADP could provide such ground of justification.
3.3 Qualification issues under information security law
CSOs are not (yet) considered a "critical infrastructure" pursuant to Art. 5 lit. c. of the Swiss Information Security Act ("ISA"). Critical infrastructure providers under the ISA are subject to a comprehensive set of obligations, among others, data protection related obligations and obligations to implement a specific information security management system. Furthermore, reporting obligations regarding cyberattacks may arise since an amendment to the ISA to this effect was recently approved by the Swiss Parliament and is scheduled to enter into force in January 2025. CSOs do not figure under the currently listed infrastructure providers (probably other than the charging station's energy supplier/s). According to our understanding, CSOs are not yet considered to be involved themselves in other processes, systems and facilities that are essential for the functioning of the economy or the well-being of the population (art. 2 para. 5, art. 5 para. 5 ISA). Consequently, the increased security and notification obligations of the ISA should not (yet) be applicable to CSOs. However, it is recommended to follow developments on the ISA closely in this regard.
4. Outlook
There is neither publicly available case law nor recommendations from Swiss regulatory authorities on use cases for e-charging station business interactions. We recommended monitoring the ongoing legal developments, especially the revision of the EMmV, guidances issued from data protection supervisory authorities and/or any developments with regard to the ISA (and authorities' statements on qualifications as "critical infrastructures").
In the context of the revision of the EMmV, it is noteworthy that the EMmV provides for a legal obligation to retain data: According to No. 11 of Appendix 1 of the EMmV, a measuring instrument that is not used to measure utility services – in casu: the e-charging station (de lege ferenda) – must permanently record a measurement result and the information required to determine a specific transaction if (i) the measurement is not repeatable, and (ii) the measuring instrument is normally used in the absence of one of the parties (free translation). While this should not directly impact personal data treatment, we believe it might well surpass the CSO's capacity to store technical/business data in a broader sense than it currently does in Switzerland.
.jpg?v=3)
Social Media cookies collect information about you sharing information from our website via social media tools, or analytics to understand your browsing between social media tools or our Social Media campaigns and our own websites. We do this to optimise the mix of channels to provide you with our content. Details concerning the tools in use are in our privacy policy.