Home > Organisation > DG 1 > The Vice-President > Announcements > 2021

12.03.2021

Follow-up information on the use of MS cloud services in DG 1

The VP 1 news item "Outlook Migration to the Cloud" of 04.02.2021 was based on the following main rationale:

Given Microsoft's obligation under US law to grant security and intelligence agencies access to data stored in its cloud, very sensitive data of the Organisation itself and data our applicants expect us to treat with special care need to be encrypted. This includes information classified as "EPO strictly confidential" (information unauthorised disclosure of which could compromise or cause severe damage to the EPO or could cause damage to an identifiable individual or his or her reputation), and additionally the highly sensitive data of unpublished patent applications and information relating to unpublished patent applications.

Considering the feedback received after publication of VP 1's item of 04.02.2021 and the results of further investigations with major stakeholders (BIT, DPO, Patent Law, Procedural Support, HR, PD Communication), the documents which are to be treated in the same way as "EPO strictly confidential" information for the purposes of the patent grant process, and so must not be sent by email without encryption, have been limited to:

i. application documents of unpublished applications (EP, PCT, national)

ii. search reports, search opinions, communications and decisions relating to unpublished applications

iii. search statements resulting in the disclosure of unpublished application documents (Guidelines B-III, 2.4; B-IV, 2.4)

Previous section (iv) has been deleted. The documents mentioned there, e.g. documents which are marked as non-public in DI+, can be sent without encryption. This also applies to draft (oppo) decisions, legal opinions and votums.

There have been requests for a comprehensive list of documents/information used in the patent grant process and its administration which can be shared using MS cloud services without encryption. Due to the endless possibilities of exchanging data using MS cloud services, this is unfortunately not possible.

However, if you are dealing with information which you consider to be highly sensitive or strictly confidential, you may, of course, apply the rationale set out above and encrypt it. Units dealing frequently with highly sensitive data (e.g. Investigation Unit, HR or Health & Safety) have their own encryption policies and will provide you with guidance on this on request.

Call for CKT Daytips

If you have ideas about ways to efficiently share data relating to unpublished patent applications either without using MS cloud tools or by clever encryption, please forward them to the CKT Daytip team.

Points to consider

In the meantime, please also consider the following points:

 It is recommended that you apply the rationale defined above to all MS cloud services and products and to Skype for Business.
 It is recommended that you share the text of an unpublished application (possibly annotated) by copying and pasting the link to DI+ into an email.
 For consultations during the search phase (e.g. on CII or CPC classes), it is possible to share the text of an unpublished application via screen-sharing in Skype or MS Teams but you should do this only if the session is not recorded or transcripted. Any chat session/whiteboard, however, is permanently stored and should not be used for sharing unpublished material.
 No encryption is necessary for any exchanges with applicants per email (i.e. proposal of amendments) as, by then, examination of the patent application has already progressed to the stage that it has been published.
 Scans of annotated unpublished patent documents made on network printers should go on to a USB-stick and not to an email address. Further instructions on USB scanning will be provided as soon as possible. Please delete the file on the stick immediately after transferring it to your laptop/PC.