- What Domain 9 Actually Tests
- Core Legal Frameworks You Must Know
- GDPR and European Data Protection: The Exam's Heaviest Hitter
- The Hague Evidence Convention and Letters Rogatory
- Blocking Statutes and Foreign Data Sovereignty
- How CEDS Scenario Questions Test Domain 9
- Where Domain 9 Collides with Other CEDS Domains
- A Domain-Aligned Study Schedule for Cross-Border Mastery
- Registration, Format, and Exam-Day Mechanics
- Frequently Asked Questions
- Domain 9 covers cross-border and international discovery-a legally dense topic tested through 4-hour, 100-question multiple-choice scenarios.
- GDPR, the Hague Evidence Convention, and foreign blocking statutes are the three pillars candidates must be able to apply in fact-pattern questions.
- The CEDS exam costs approximately $1,695 for the standard package; you have one year from purchase to sit the exam.
- Cross-border discovery overlaps directly with Domain 2 (Preservation), Domain 3 (Collection), and Domain 6 (Production)-study them together.
What Domain 9 Actually Tests
Cross-border and international discovery sits at the intersection of law, technology, and geopolitics. For CEDS candidates, Domain 9 is not about memorizing a single statute-it demands that you understand how competing legal systems create friction when a U.S. litigation team needs data that physically exists in Frankfurt, Tokyo, or São Paulo.
The ACEDS exam, governed by BARBRI's Association of Certified E-Discovery Specialists, tests this friction through scenario-based multiple-choice questions. You won't see a question that asks "What does GDPR stand for?" You will see a question describing a U.S. federal court order compelling production of employee emails stored on a German server, and you'll need to identify the correct procedural and legal response. That applied framing is what separates Domain 9 from a general legal knowledge quiz.
Domain 9's content spans three broad categories: the procedural mechanisms for requesting evidence across borders, the substantive foreign and domestic laws that limit what can be transferred, and the practical workflow decisions that e-discovery professionals make when those laws conflict. Each of those categories can appear in exam questions.
Core Legal Frameworks You Must Know
Before diving into individual laws, recognize that international discovery operates under layers of authority: U.S. federal procedural rules, bilateral or multilateral treaties, and the domestic laws of the country where the data resides. A CEDS candidate must hold all three layers in mind simultaneously.
The Federal Rules of Civil Procedure in a Global Context
The Federal Rules of Civil Procedure (FRCP) govern discovery in U.S. federal litigation, but they have no extraterritorial enforcement power on their own. When a U.S. court issues a discovery order touching foreign-held data, the opposing party-or a foreign government-may argue that compliance violates local law. Understanding the limits of FRCP authority is foundational for Domain 9 questions.
The CLOUD Act
The Clarifying Lawful Overseas Use of Data (CLOUD) Act of 2018 directly affects how U.S. law enforcement and, by extension, civil litigants deal with data stored abroad by U.S.-based cloud providers. CEDS candidates should understand how CLOUD Act executive agreements interact with traditional mutual legal assistance treaties (MLATs) and what that means for corporate data custodians.
Essential Cross-Border Legal Instruments
Candidates must be able to distinguish between these mechanisms and identify when each applies:
- Hague Evidence Convention (1970): Multilateral treaty governing civil evidence gathering across member states via letters of request
- Mutual Legal Assistance Treaties (MLATs): Bilateral agreements for criminal and regulatory cooperation; slower but legally authoritative
- Letters Rogatory: Formal judicial requests from one court to a foreign court; used when no treaty framework exists
- CLOUD Act Agreements: Streamlined bilateral frameworks for law enforcement data access across borders
- GDPR Chapter V: Governs transfers of personal data from the EU/EEA to third countries
- Foreign blocking statutes: Domestic laws in France, Germany, China, and other jurisdictions that actively prohibit compliance with foreign discovery orders
GDPR and European Data Protection: The Exam's Heaviest Hitter
The EU's General Data Protection Regulation is the most frequently tested cross-border discovery topic, and for good reason-it is the most operationally consequential privacy law that U.S. e-discovery practitioners encounter. Candidates who treat GDPR as simply "a European privacy law" will struggle. The CEDS exam tests the specific mechanisms GDPR provides and prohibits.
Lawful Bases for Transfer Under GDPR Chapter V
When a U.S. litigation team wants EU personal data, GDPR Chapter V controls whether that transfer is lawful. Know the difference between an adequacy decision, standard contractual clauses (SCCs), and binding corporate rules (BCRs). The invalidation of Privacy Shield by the Schrems II decision-and its replacement by the EU-U.S. Data Privacy Framework-is exam-relevant content because it illustrates how transfer mechanisms can disappear overnight, forcing practitioners to pivot.
Data Subject Rights as a Discovery Complication
GDPR grants data subjects rights to access, erasure, and portability. In an e-discovery context, a data subject's erasure request can create a direct conflict with a litigation hold obligation. Domain 9 questions may ask you to identify which obligation takes precedence and what documentation a practitioner should maintain. This intersects directly with the cross-border discovery frameworks you are mastering and with Domain 8 (Legal Hold and Litigation Readiness).
Key Takeaway
GDPR's "legitimate interests" and "legal claims" exceptions under Articles 6 and 9 can justify processing personal data for litigation purposes-but only within narrow limits. Know these exceptions by name and know their boundaries.
EU Member State Variations
GDPR is a regulation, meaning it applies uniformly across the EU-but member states have discretion in certain areas, including employment data and data protection authority enforcement priorities. Germany's particularly strong labor data protections and France's blocking statute work alongside GDPR to create a layered compliance challenge that the CEDS exam reflects.
The Hague Evidence Convention and Letters Rogatory
The 1970 Hague Convention on the Taking of Evidence Abroad in Civil or Commercial Matters is the primary multilateral treaty mechanism for cross-border civil discovery. Its central instrument is the Letter of Request-a formal judicial document sent from the requesting state's court to a central authority in the requested state.
For the CEDS exam, the critical issue is the tension between using Hague Convention procedures and seeking direct discovery under U.S. rules. U.S. courts have held that the Hague Convention is permissive, not mandatory, for U.S. litigants-meaning domestic courts can order discovery directly even when a Hague process exists. However, foreign courts and governments do not always agree with that interpretation, and many jurisdictions treat the Convention as the exclusive mechanism. That disagreement is precisely what produces the conflict scenarios you'll see in exam questions.
Blocking Statutes and Foreign Data Sovereignty
Blocking statutes are domestic laws specifically designed to prevent compliance with foreign discovery orders. France's "French Blocking Statute" (Law No. 68-678) is the most frequently cited example in e-discovery literature and on the CEDS exam. China's Data Security Law and Cybersecurity Law create similar barriers for data held within China's borders.
The Balancing Test for Competing Obligations
When a U.S. discovery order conflicts with a foreign blocking statute, U.S. courts apply a comity-based balancing test to determine whether to compel production anyway. The Restatement (Third) of Foreign Relations Law factors are the standard framework: importance of the information, hardship to the party, nationality of the party, location of the information, and the extent to which foreign law actually prohibits compliance.
CEDS candidates must know these factors exist, understand how courts weigh them, and-critically-recognize the e-discovery practitioner's role when a court orders production despite a blocking statute. That practitioner-level perspective is what distinguishes CEDS scenario questions from pure bar exam questions.
China's Data Localization Requirements
China's Cybersecurity Law and Data Security Law impose strict localization requirements on "important data" and "critical information infrastructure." Cross-border transfer of data from China requires security assessments from Chinese authorities in many circumstances. This is an increasingly tested area as global commercial disputes involving Chinese operations multiply.
| Jurisdiction | Primary Instrument | Key Discovery Constraint | Practitioner Response |
|---|---|---|---|
| European Union | GDPR Chapter V | Personal data transfers require lawful transfer mechanism (SCCs, adequacy decision) | Map data categories; engage DPO; use SCCs for U.S. production |
| France | French Blocking Statute (1968) | Criminal penalties for transmitting economic information to foreign authorities outside treaty channels | Route requests through Hague Convention; document good-faith efforts |
| Germany | GDPR + BDSG + Labor Law | Employee data processing requires works council involvement; Hague Art. 23 reservation | Engage local counsel; works council consultation before collection |
| China | Cybersecurity Law; Data Security Law | Cross-border transfer of important data requires security assessment; broad government access rights | Local counsel essential; consider mirror data approach in litigation planning |
| Canada | PIPEDA / provincial privacy laws | Personal information disclosure requires consent or legal authority | Identify applicable provincial law (Quebec Law 25 is stricter); document legal basis |
How CEDS Scenario Questions Test Domain 9
The CEDS exam's 100 multiple-choice questions are scenario-based-each one presents a realistic professional situation and asks what the correct course of action is, what a document means, or what risk is present. Domain 9 scenarios tend to follow recognizable patterns that candidates can train themselves to recognize.
Pattern 1: Jurisdiction Identification
A scenario describes data located in a specific country and asks what legal framework governs its collection or transfer. The correct answer requires you to match the jurisdiction to the right treaty, regulation, or domestic law-not just name the law in the abstract.
Pattern 2: Conflict Resolution
A scenario presents a direct conflict between a U.S. court order and a foreign law prohibition. The question asks what the e-discovery professional should do. Correct answers almost always involve engaging local counsel, notifying the court of the conflict, and following comity principles-not simply complying with the U.S. order without disclosure.
Pattern 3: Transfer Mechanism Selection
A scenario identifies a data transfer situation and lists four possible legal bases or mechanisms. The correct answer requires knowing which mechanism applies and, importantly, which mechanisms have been invalidated or are unavailable in the described circumstances. This is where knowledge of Schrems II and the EU-U.S. Data Privacy Framework pays off. Supplementing your study with full-length CEDS practice exams is the best way to internalize these patterns before exam day.
Where Domain 9 Collides with Other CEDS Domains
Cross-border discovery does not exist in isolation within the CEDS curriculum. Understanding where Domain 9 overlaps with other domains helps you study more efficiently and answer questions that blend multiple subject areas-which the CEDS exam regularly does.
Domain 2: Identification and Preservation
Legal hold obligations must account for foreign data custodians. GDPR erasure rights can conflict with preservation duties. Know how to document the conflict and which law takes precedence in litigation contexts.
- Foreign custodian hold notification requirements may trigger local labor law protections
- Some jurisdictions prohibit unilateral preservation actions without employee consent or regulatory approval
Domain 3: Collection
Physical or remote collection of data from foreign systems raises consent, proportionality, and data sovereignty issues. Forensic collection methods acceptable under U.S. law may violate foreign employment or privacy law.
- On-site collection in EU jurisdictions may require works council notification in Germany
- Remote collection of China-based data without government approval may violate Chinese law
Domain 6: Production
Producing foreign personal data to U.S. courts or opposing counsel constitutes a "transfer" under GDPR. The production itself-not just the collection-requires a lawful transfer basis. This is a high-frequency exam topic.
- Protective orders in U.S. litigation can help satisfy GDPR's data minimization and security requirements
- Redaction of non-responsive personal data before production is a proportionality and GDPR compliance measure
Candidates preparing for Domain 9 should also review CEDS Domain 10: Technology-Assisted Review, because TAR and predictive coding decisions are increasingly made in the context of cross-border review populations where language, data residency, and privacy law all interact.
A Domain-Aligned Study Schedule for Cross-Border Mastery
Because ACEDS does not publish official domain percentage weightings, candidates cannot rely on a mathematically derived study allocation. What we do know is that the CEDS study guide covers approximately 250 pages across 11 domains, and that cross-border discovery is complex enough to warrant dedicated, structured preparation rather than a single cram session.
Legal Framework Foundation
- Read the CEDS study guide's cross-border chapter in full; annotate treaty names and key articles
- Create a jurisdiction map: for each major region (EU, China, Canada, UK), list the primary legal instrument and its key discovery constraint
- Complete 15-20 Domain 9 practice questions to establish your baseline; note every concept you cannot explain without looking it up
GDPR and Blocking Statute Deep Dive
- Study GDPR Chapters IV and V in detail; focus on transfer mechanisms and derogations for legal claims
- Review France, Germany, and China blocking statute principles using secondary sources and practice scenarios
- Re-test on the same 15-20 questions plus 10 new ones; use the Feynman technique to explain the Hague Convention's Article 23 reservation aloud in plain language
Integration and Scenario Practice
- Study Domain 9 intersections with Domains 2, 3, 6, and 8 side by side
- Run timed 25-question mixed-domain practice sets from the CEDS practice test platform to simulate exam conditions
- Review any questions involving comity balancing, CLOUD Act, and MLATs-these are commonly missed
Registration, Format, and Exam-Day Mechanics
Understanding the CEDS exam's administrative structure is part of exam readiness. The standard certification package costs approximately $1,695 and includes the study guide, one practice exam, and a single exam attempt. The Virtual Classroom bundle is approximately $2,180 and adds instructor-led instruction. Both packages require candidates to sit the exam within one year of purchase.
Before you can register for the exam, you must demonstrate 40 qualifying credits drawn from professional experience (maximum 20 credits), training (maximum 25 credits), and education (maximum 15 credits). Two professional references are also required. This prerequisite structure means the typical CEDS candidate already has meaningful e-discovery experience-which shapes how Domain 9 questions are framed. They assume you understand what a document review workflow looks like; they test whether you know what changes when that workflow crosses a border.
After passing, you have up to 90 days to submit your application for certification. The CEDS credential requires annual renewal through continuing education, keeping certified practitioners current on evolving cross-border frameworks-a meaningful benefit given how quickly international data protection law changes.
The exam is vendor-neutral and follows ICE (Institute for Credentialing Excellence) standards. It is not tied to any specific software platform or law firm's methodology, which reinforces why scenario-based question practice-rather than product-specific training-is the right preparation approach.
Frequently Asked Questions
No. ACEDS does not publicly disclose the percentage breakdown of questions by domain. The 11 domains are validated by a global taskforce and ACEDS member survey, but the specific weighting per domain on any given exam is not published. Candidates should treat every domain as potentially significant and avoid concentrating study so narrowly that other domains suffer.
No. The CEDS exam is designed for e-discovery professionals across job functions-attorneys, paralegals, technologists, project managers, and consultants all sit it. Domain 9 tests applied knowledge: what you do when cross-border issues arise, not how to litigate them. Understanding the legal frameworks well enough to make correct workflow and escalation decisions is the target skill level.
GDPR receives the most attention because it directly affects the largest number of cross-border discovery scenarios, but Domain 9 content also encompasses the Hague Evidence Convention, blocking statutes from multiple jurisdictions, the CLOUD Act, MLATs, letters rogatory, and the data protection laws of major economies including Canada's PIPEDA, China's data laws, and the UK GDPR post-Brexit. Candidates should not over-index on GDPR at the expense of these other frameworks.
The overlap is substantial. When a legal hold must cover data custodians in foreign jurisdictions, the hold itself must comply with local law. In Germany, notifying employees of a litigation hold may require works council approval. Under GDPR, processing employee data for litigation purposes requires a documented lawful basis. Candidates should study these domains together, particularly the scenarios where preservation obligations and data subject rights collide.
Run timed, full-length mixed-domain practice tests and review every incorrect answer at the concept level-not just the answer level. For Domain 9 specifically, make sure you can explain why each wrong answer is wrong, not just which answer is right. The CEDS exam's scenario format means that recognizing the trap in a distractor is as important as knowing the correct rule. Practice tests that mirror the exam's four-option, scenario-based structure are the most direct preparation available.
Ready to Start Practicing?
Domain 9 is one of the most legally complex areas of the CEDS exam-and one of the most rewarding to master. Our scenario-based practice questions mirror the exact format of the ACEDS exam, covering cross-border discovery, GDPR transfer mechanisms, blocking statutes, and the Hague Convention in the applied, four-option format you'll face on test day. Start building your confidence today.
Start Free Practice Test