Skip Navigation Links

EU Commission Presents Preferred Traceability and Security Feature

26 July 2017

During a recent stakeholder workshop on the traceability and security feature requirements of the Tobacco Products Directive (TPD), the directorate of the EU Commission responsible for implementing the Directive (DG SANTE) presented a set of preferred policy options for discussion. Although the options are still provisional, they indicate the direction the Commission seems to be taking with regard to track and trace governance and choice of security features… and it may not be good news for third party providers and anti-tobacco groups.

The options were based on feedback received from a previous workshop held in December (see TSN December 2016), as well as on consultations with EU member states and internal and external analysis.

Five preferred options were chosen as answers to five key questions:
1. The most suitable operating model for the unique identifier within the EU traceability system: industry-operated, third party-operated or a mixed solution?
2. The most acceptable delay in recording and transmitting data: near real-time, once daily, or once weekly?
3. The most suitable method for processing, storing and accessing data: centralised, decentralised or a combination of both?
4. The most suitable data carrier for the traceability system: single carrier, limited variety of carriers, or a free system allowing any approved carrier?
5. The most suitable method of adding a security feature to the product: affixing, printing/integrating through a different method, or any method?

The following summary of the workshop discussions on each of these questions is taken from a report posted on DG SANTE’s website. Added to this summary, at the end of some of the sections, are comments from the International Tax Stamp Association (ITSA), which participated in the workshop.

1. Unique identifier
The Commission reported that a mixed solution for the unique identifer (UI) was preferred. Under this option, independent third parties – appointed by member states – would generate the UI, and the tobacco industry would then be allowed to carry out the more technical tasks of completing the UI with a timestamp, applying it to the pack and verifying it once on the pack.
It was further explained that the UI would have a block structure with an issuer prefix, thereby allowing for multiple issuers, and that a system of look-up tables would be envisaged, to allow the required information to be encoded on packs in a manner that minimised its size. As the look-up tables would need to be downloaded at intervals to handheld devices, expected size estimates were requested from the workshop participants.
It was further clarified that UIs would be necessary at both unit pack and aggregated levels (though there would be a differing structure and size for both).
The Commission reported that, on the whole, NGOs expressed support for the mixed solution and welcomed the concept of generation by independent third parties.
Manufacturers echoed this and stressed the need to avoid a system that would be overly complex. Manufacturers of other tobacco products stressed that the measures should take into account the complexity of their particular supply chains as well as the low levels of illicit trade in their sector.
Representatives of wholesalers/distributors expressed concern regarding the need to request UIs for aggregated levels and the potential for supply chain disruption in the case of related delays.

The International Tax Stamp Association stressed that ease of implementation was essential, and added that it believed a fully third-party operated solution was necessary to meet legal requirements. One solution provider echoed this, while others stressed the need to prioritise open standards and simplicity.
The Commission confirmed that the intention was not to opt for an overly complex system but reminded participants that the basic requirements of the TPD had to be met. It also confirmed its commitment to respecting the EU’s international legal obligations and said that the mixed solution offered the possibility of placing control in the hands of member states.

It was further clarified that the requirement for anti-tampering devices on the production line would be in addition to the requirement for manufacturers to verify UIs, but further discussion with member states on this issue would be required.
ITSA’s position is that the only acceptable solution for UI generation, from a legal point of view, is a totally third party solution, completely independent of the tobacco industry. This is because a solution where the industry itself is involved with the completion, application and verification of the UI on the production line (even if it doesn’t actually generate it) does not comply with the provisions of the WHO FCTC Protocol to Eliminate the Illicit Trade in Tobacco Products – which has been ratified by the EU.

The Protocol requires the industry to be involved only to the extent strictly necessary. This precludes the adoption and implementation of systems owned or controlled by the industry, where effective alternatives are available.

This also applies to solutions that have been developed by the industry but subsequently sold to a third party, as such a move could be construed as a ploy to make those solutions acceptable to world regulatory authorities.

To address this problem, ITSA believes it will be crucial for the Commission to establish a clear set of selection criteria for third parties wishing to be issuers of UIs under Article 15, with one criterion being that they must not have a pre-existing business relationship with the tobacco industry.

2. Recording and transmitting data
Under this point, the Commission explained that near real-time recording and transmitting was the preferred option.
It said that three types of events were currently foreseen for the reporting of transactional information: issuance of purchase order, issuance of invoice and issuance of receipt of payment. It was further clarified that in a limited number of cases (such as dispatch), reporting prior to the event may be required.
Wholesaler/distributors raised questions regarding the costs of implementing such reporting requirements, in particular for SMEs. They said further clarification regarding event triggers would be needed.

It was pointed out that reporting of transactional information prior to dispatch would be difficult as invoices were often only issued following dispatch.
Regarding event triggers and what events needed to be reported, the Commission said the TPD was quite explicit, requiring reporting of entry into possession, exit and all intermediate movements.

It confirmed that the concerns of SMEs were being taken into consideration, as illustrated by the possible transition arrangements under consideration. It was further clarified that the trigger to report a transactional event came with the occurrence of the event itself, eg. the issuance of an invoice (whenever this may take place), but said it had noted the points raised relating to dispatch/invoice sequences.

3. Processing, storing and accessing data
The Commission explained that this point related to the question of where the data should be stored in order to best meet TPD requirements. It said that the option currently preferred was a combined data storage model.

The Commission’s third-party contractor, Everis, then explained that the option would comprise multiple decentralised repositories, selected by each manufacturer/importer, and a common data repository, hosting a copy of all data stored in the decentralised repositories and guaranteeing access and a global overview of the supply chain for authorities and the Commission.

Everis added that the proposed architecture would include a ‘router’, via which events transmitted by distributors/wholesalers would be routed to the relevant decentralised repository, thereby reducing the burden for this sector. The Commission further explained that to facilitate operations, a system of ‘registries’ of manufacturing facilities, economic operators etc., would need to be established.

NGOs asked why a central storage system had not been preferred and expressed concerns regarding how the provider of the central element would be selected. A coalition organisation also questioned who would run the central element and ITSA expressed a preference for a central system.
A standards body stressed the need for robust governance to determine who can access the potentially sensitive commercial data and for what purpose. Manufacturers asked who would be responsible for managing the registries and how it would be possible to avoid double registration of entities.
The Commission pointed out that while the combined model would allow manufacturers to select their own data storage repositories, it would not exclude that some or all may opt for the same provider. It said it believed the combined model would be capable of offering the required access for authorities as they would receive a full copy of all transmitted information.

Regarding the selection of the provider responsible for the central element, the Commission said that further reflection was required, but one preliminary idea would be for the primary level data storage providers to be responsible.

Regarding the registries, the Commission said it may be possible to assign responsibility to the issuers of the UIs. And regarding the risk of duplicating entities it said a clear allocation of responsibility for registration would be needed.
ITSA’s position is that a virtual single data storage model, controlled and protected by member states would be the most effective, and questions the rationale of having decentralised repositories in addition to a common data repository, as this could open the door to data manipulation.
In ITSA’s view, all events data should first be stored in these government-controlled central repositories, and then – if the member state agrees – copied to manufacturer/importer databases.

4. Data carriers
The Commission then introduced the discussion on data carriers, explaining that the option currently preferred would be a limited variety of carriers, in order to maximise flexibility whilst ensuring compatibility across the supply chain.
Everis then presented the various drivers that could influence the selection of the data carriers, and the Commission presented a list of specific data carriers, as well as certain quality requirements, currently under consideration.
Manufacturers requested clarification on the marking requirements for products for export. They stressed that the additional coding requirements of third countries should be taken into account.

NGOs stressed the need to ensure that data carriers were protected against cloning, and that aggregation levels were well protected.
One standards organisation asked for clarification as to whether the GS1 dotcode would be amongst the permitted data carriers, stressing that it had the potential to maximise space. It also drew attention to SSCC label formats for aggregation levels.
The Commission clarified that all tobacco products manufactured in the EU would be required to be marked with a UI, and that all movements until the last event within the EU would need to be recorded, including information on which third country the product was destined for. Movements outside the EU would not, however, be subject to reporting requirements.

ITSA’s position: ITSA concurs with the Commission in preferring a limited variety of data carriers. This being said, the choice of data carrier should ultimately be made at the national sovereign level.
However, ITSA’s main concern is that traceability under the TPD is being viewed as a stand-alone issue, without due attention given to the authentication of the data carrier.

For any traceability solution to work in any industry the physical/digital combination is essential. If unsecured codes for track and trace are used in isolation, without integration into optical and covert security elements, this opens the door to valid codes being duplicated onto unauthorised products – with nobody any the wiser, since the codes may look the same and ostensibly perform the same function.

ITSA would ask the Commission whether it intends to ensure compliance with relevant published ISO standards, which recommend the building up of secure links between security features and unique identifiers. Indeed, ITSA is concerned that the Commission continues to regard the tracking and tracing system and the security feature requirement as two completely separate entities (which is not helped by the fact that they are divided into two different articles – 15 and 16 – in the directive).

5. Security features
The Commission explained that the current intention with regard to security features was to allow for flexibility, as well as to take account of the high degree of innovation that exists in this area.
Everis then presented a list of security feature categories currently on the market, which it considered suitable based on its findings to date. The Commission stressed that this list should be considered non-exhaustive and should in no way be regarded as final.

One NGO asked why combining the security feature with the UI was not being considered by the Commission. This was echoed by several other participants. One solution provider said it welcomed the open approach outlined, while another stressed the need for further concrete details.
A separate solution provider organisation said it believed affixing would be the best application method for security features, while a carton makers association said that they would advocate for direct printing during pack manufacturing, and that this process should be standardised.

The Commission said it had taken note of the various points raised and that these would be very useful for the ongoing analysis. It added that the discussion had confirmed that it would be important for flexibility to be taken into account.

ITSA’s position: ITSA strongly believes that directly printed security features are inferior to affixed ones, in terms of their reliability, the ability of consumers to authenticate them with the naked eye (without the help of devices), the speed with which they can be authenticated, and their resistance to fraud. For this reason, ITSA disagrees with the preferred option to allow the security feature to be printed or affixed, or a combination of the two.
In addition, there is a further risk that member states could interpret the recommendation as if it were acceptable to leave the choice of the printed security features with manufacturers. Allowing this would leave the door open to fraud. Instead, the choice of the security features should be with member state authorities, and the application of the features on the packs should be assigned to an independent third party in a highly secured environment.
ITSA believes that the most effective way to add the security feature is by affixing it via a label, such as a tax stamp. Indeed, many tax stamps worldwide already incorporate a layered security architecture – combining overt, semi-covert and covert security features, in line with the principles of high security.
Next steps and conclusions

As a next step, Everis presented the outline of its next interim report (WP3), which is in the drafting process. It was explained that the input from the workshop discussions would be used to further inform this work. It was not, however, mentioned whether stakeholders would have the opportunity to comment – and thereby influence the final wording of – the interim report.

All the Commission did say was that the relevant acts of secondary legislation regarding the implementation of the traceability and security feature system would be published in advance of their adoption at the end of 2017.

To summarise, ITSA’s two key concerns with regard to current TPD discussions are that:

1. The Commission appears to be allowing the tobacco industry more control over the operation of the unique identifier than what is permissable under the WHO FCTC. Indeed, there appears to have been no discussion in the workshop of the EU’s obligations as party to the FCTC Protocol;
2. The discussions are too heavily focused on the UI and track and trace requirements of Article 15, with insufficient consideration accorded to the need for an effective authentication feature (Article 16) to work alongside the UI. As mentioned above, trace and unique identifiers, in themselves, do not deliver authentication, but ITSA has found nothing in the proposals discussed at the workshop to address this issue. (On this subject, see also Ian Lancaster’s viewpoint on page 3, where he highlights the danger of relying solely on barcodes and computers.)
These two concerns were raised by ITSA with the Commission and it is hoped that they will be taken into due consideration in the imminent interim report, the purpose of which is to lay out technical specifications for the tracking and tracing system, data storage model, and security features.


Press Releases

Press Releases

© International Tax Stamp Association
10 Windmill Business Village
Brooklands Close
Sunbury-on-Thames TW16 7DY
United Kingdom
Privacy Policy
All rights reserved.
All trademarks acknowledged