The EU Digital Services Act – Europe’s New Regime for Content Moderation
The EU Digital Services Act – Europe’s New Regime for Content Moderation
On October 4, 2022, the European Council gave its final approval to the Regulation on a Single Market for Digital Services, also referred to as the “Digital Services Act” or DSA. This marks the final step for the DSA to come to life. Its main goal is to create a safe, predictable, and trustworthy online environment, and to protect the digital space against the spread of illegal content, online disinformation, and other societal risks. When adopting the DSA in July 2022, the EU Parliament praised it as “strong, ambitious regulation of online platforms,” enabling “the protection of users’ rights online.” And indeed, the DSA is more than just a refresh of the EU’s existing regulatory framework for the online sector. It introduces a comprehensive regime of content moderation rules for a wide range of businesses across the EU.
The DSA harmonizes the diverging national rules of the European Member States that had emerged under the E-Commerce Directive (2000/31/EG) since its entry into force in 2000 on how online services must moderate the third-party content that they distribute. With the DSA, the EU is now introducing a complete makeover of the relevant rules, particularly aiming to better reflect the importance of (large) online intermediary services for a democratic society. Unlike the E-Commerce Directive, the DSA will apply immediately in all Member States without a need for further implementation into national laws.
It may, however, still take some time until the DSA’s obligations are fully fleshed out. The DSA provides that the EU Commission will lay out certain details in implementing acts to supplement the main text. In particular, the Commission shall adopt acts to clarify the criteria for identifying “very large online platforms” and “very large search engines” (together, VLOPs) and for certain technical specifications. Those regulations are not yet available, not even in draft form. It will therefore take some additional time until the full scale of the DSA’s provisions is clear.
The DSA will apply to online intermediary services offered to consumers and business users in the EU. Services are typically offered in the EU, if, for example, users can order products or services in one or more Member States, pay in Euro, select an EU language, or access the service via a relevant top-level domain. The providers’ place of establishment or location, within or outside the EU, is irrelevant in this regard.
Specifically, the DSA addresses four different categories of online intermediaries:
To safeguard the development of start-ups and smaller enterprises in the internal market, micro- and small enterprises will be exempted from certain of the DSA’s obligations.
The DSA applies a staggered approach to its substantive obligations. While its most basic obligations apply to all providers of intermediary services, additional obligations apply to providers in the other categories, with the heaviest regulation targeting VLOPs.
Obligations applicable to all providers of intermediary services:
Additional obligations applicable only to providers of hosting services:
Additional obligations applicable only to providers of online platforms:
Additional obligations applicable only to providers of VLOPs:
Each Member State will have to designate a competent authority as a Digital Services Coordinator (DSC) to be responsible for supervising intermediary services established in their territory and enforce DSA rules against them. The Commission will be solely competent to supervise and enforce the specific obligations under the DSA for VLOPs.
The DSC will serve as a single point of contact for the Commission and will be required to participate in the EU cooperation mechanism. The national DSCs will cooperate within an independent advisory group, called the European Board for Digital Services (the “Board”). The Board will work with the Commission and the DSCs to promote effective cooperation. It mainly serves to achieve a consistent application of the DSA.
Each EU Member State will determine its rules for penalties for DSA infringements under its own competence. The DSA only specifies the maximum amount of fines that a Member State can impose. For a failure to comply with a DSA obligation, the maximum fine will be 6% of the offender’s annual worldwide revenue. For the supply of incorrect, incomplete, or misleading information, failure to reply or rectify such information, and failure to submit to an inspection, the maximum fine will be 1% of the offender’s annual global revenue. The maximum amount of a periodic penalty payment will be 5% of the offender’s average daily worldwide revenue. The Commission will be able to impose similar fines (only) against VLOPs.
Failure of an intermediary to comply with the DSA can also trigger private claims for compensation for damages or losses suffered due to an infringement by providers of their DSA obligations. Such compensation can be claimed on other grounds, especially under applicable national law or consumer protection rules. National authorities, including courts, must not make decisions that are contrary to Commission decisions which were adopted under the DSA.
The DSA complements sector-specific legislation such as the Audiovisual Media Services Directive, the Terrorist Content Online Regulation, and other relevant EU laws that regulate other aspects of intermediary services. The DSA builds on the E-Commerce Directive, which has been the main legal framework for the provision of digital services in the EU for the last 20 years. As far as the DSA does not amend the E-Commerce Directive, it will not affect its application. Specifically, the DSA replaces the E-Commerce Directive’s provisions on provider liability. Otherwise, the E-Commerce Directive remains in effect and therefore continues to provide, for example, the country-of-origin privilege for online services, and to govern imprint and general advertising obligations for online services.
The DSA seeks to fully harmonize the rules applicable to intermediary services. Accordingly, Member States must not adopt or maintain additional national requirements on the matters falling within the scope of the DSA. Member States can thus still adopt and enforce national rules that pursue public interest objectives other than those pursued by the DSA. On this basis, e.g., the German government expects that the DSA will largely replace the German Network Enforcement Act (Netzwerkdurchsetzungsgesetz, NetzDG), which regulates how social networks and video sharing platforms must treat user reports of alleged criminal content. Against this background, it has already announced a revision of the NetzDG, while it also plans to revise the German Telemedia Act (Telemediengesetz, TMG) and Youth Protection Act (Jugendschutzgesetz, JuSchG) following the entry into force of the DSA.
After the final approval of the European Council on October 4, 2022, the DSA will be published in the EU’s Official Journal. The DSA will enter into force 20 days after that publication. Affected service providers will then have until January 1, 2024 to comply with its provisions.
For VLOPs, which are directly supervised by the Commission, the new rules might kick in earlier. To allow VLOP designations, the obligations for online platforms to report on their user numbers as well as the rules on the VLOP designation process will apply immediately. And, once designated by the Commission, providers of VLOPs have only four months to comply with the DSA, even if that deadline is earlier than January 1, 2024.
The DSA establishes a gigantic set of new rules for digital services in the EU. And other than the recently adopted Digital Markets Act, its scope is not limited to just a few “gatekeeper” companies and their “core platform services.” The DSA will ultimately affect every company doing business with third-party content in the EU, regardless of size and place of establishment. All of these providers of intermediary services will need to comply with the numerous DSA obligations, unless they are exempted from certain rules as micro- or small enterprises. Affected companies can expect significant organizational and operational challenges to ensure compliance and to avoid potential regulatory fines.