The first draft of the long-awaited Digital Services Act (“DSA”) and Digital Markets Act (“DMA”) legislative package was published today by the European Commission. As expected, it raises the bar for digital service providers and introduces significant fines for non-compliance, pushing a greater onus onto the major tech companies to take responsibility for their role in relation to the internet and the digital ecosystem at large.
This new legislative package is a turning point for regulating the online environment in the European Union and beyond. Originally announced by Ursula von der Leyen in her political guidelines in July 2019, the DSA was at the time expected to be the main piece of legislation resulting from this initiative. The DSA went onto form part of the European Digital Strategy “Shaping Europe’s digital future” and was subject to public consultation from June to September 2020. You can find out more about the public consultation in our post here.
At the time of its conception, the DSA was expected to reinforce the single market for digital services by fostering the innovation and competitiveness of the European online environment, upgrade the EU’s liability and safety rules for digital platforms and provide smaller businesses with the legal clarity and level playing field they need to compete effectively in the digital economy.
In October 2020 the European Parliament overwhelmingly approved two associated legislative initiative reports encouraging the European Commission to go considerably further than this and recommending in particular that the DSA should contain tougher regulation on targeted advertising and the management of illegal content as well as powers for a new regulatory authority to oversee content hosting platforms. You can read more about those recommendations here.
A consistent aspect of this package since its inception has been the focus on those major technology companies and online platforms who are perceived to be the “gatekeepers” of the online world and the desire to introduce new “ex-ante” rules to foster competition and ensure that these companies treat their B2B customers fairly. Possibly in recognition of the fact that these competition issues are slightly separate from the more consumer-facing issues which the DSA seeks to address, the European Commission has created a separate dedicated piece of legislation known as the Digital Markets Act to address these concerns and form the second pillar of the new package.
The legislative package also reinforces and builds on some of the key principles of the eCommerce Directive adopted in the year 2000 (for example the liability rules for providers of intermediary services), which up until now has been the key piece of EU legislation regulating digital services.
The legislative package comprises two pieces of legislation, a draft Digital Services Act and Digital Markets Act. We are currently analysing the detail of both documents and their likely impact and a further briefing will follow. In the meantime, we highlight below some of the key initial takeaways from the proposed legislation.
The DSA is broad in reach and is intended to apply to a range of key players across the digital ecosystem including intermediary services offering network infrastructure, hosting services such as cloud and webhosting services, online platforms bringing together sellers and consumers ( such as online marketplaces, app stores, collaborative economy platforms and social media platforms), and very large online platforms (see below).
Given the global nature of digital services, these rules necessarily apply to service providers which are established outside the EU but offer services within the EU (as well as to EU-based providers). To reinforce the intended extra-territorial effect of the new rules, the draft DSA envisages that non-EU-based providers will be required to appoint a legal representative within the EU to ensure effective oversight and compliance with the new rules. These representatives may also be held liable for any non-compliance.
- Very large platforms
The DSA places enhanced controls and new responsibilities on “very large platforms”. Very large platforms are defined as those with more than 45m users (roughly 10% of the European Union population). Note that this designation is distinct from that of a “gatekeeper” under the DMA (we will post on this separately).
- Advertising and transparency
All online platforms (not just very large platforms) displaying advertisements online will be required to ensure that individuals using their services can identify “in a clear and unambiguous manner and in real time”:
- that the information displayed is an advertisement;
- on behalf of whom the advertisement is being displayed; and
- “meaningful information about the main parameters used to determine the recipient to whom the advertisement is displayed”.
Very large platforms will also be subject to additional online advertising transparency obligations, including a requirement to compile and make publicly available a repository containing historic information as to the content and targeting of advertisements and the total number of recipients reached. This requirement will invariably cause headaches for all the major social media platforms, as well as other platforms.
- Illegal content
To further combat illegal content online, all online platforms which provide hosting services will be required to put in place user-friendly notice and action mechanisms, which will allow third parties to notify the platform of illegal content on their services. The host will be required to make a decision in relation to any notice it receives in a “timely, diligent and objective manner”. In addition, very large platforms will be required to provide more detailed reporting to authorities on the control of illegal content.
- Traceability of business users and illegal goods
There will be new obligations on traceability of business users in online market places, to help identify and track down sellers of illegal goods (which will be particularly relevant for sites like Amazon). All online platforms will be required to vet the credentials of third party suppliers (“know your business customer”), which conclude distance contracts with consumers through their platform. Traders will be required to provide certain essential information to the online platform, including a self-certification by the trader that it only offers goods or services which comply with EU law.
- Enforcement and fines
EU Member States will each be required to appoint a ‘Digital Services Coordinator’ which will be responsible for ensuring compliance with the DSA, verifying platform user numbers in the EU and designating platforms as very large online platforms at least every six months. In addition, a new body will be created at EU level to coordinate compliance and enforcement. Failure to comply with the DSA will result in fines of up to 6% of the annual income or turnover of the provider or platform. The size of the fine will be linked to the severity of the breach, as well as the duration and frequency of the violation.. The Member States or the Commission may also impose fines of up to 1% of annual income or turnover of the provider or platform for providing incorrect, incomplete or misleading information in response to a request for information.
- Digital Markets Act
The Digital Markets Act is aimed at addressing what the Commission sees as the negative consequences arising from certain behaviours by platforms acting as digital “gatekeepers”. These are platforms that have a significant impact on the internal market, serve as an important gateway for business users to reach their customers, and which enjoy, or will foreseeably enjoy, an entrenched and durable position. The DMA prohibits gatekeepers from engaging in a number of practices the Commission considers to be “clearly unfair”, such as blocking users from un-installing any pre-installed software or apps, and requires gatekeepers to proactively put in place certain measures, such as targeted measures allowing the software of third parties to properly function and interoperate with their own services. It also imposes sanctions for non-compliance, which could include fines of up to 10% of the gatekeeper’s worldwide turnover. For recurrent infringers, these sanctions may also involve structural remedies, potentially extending to divestiture of certain businesses. For further information please refer to our separate post here.
The likely impact for online service providers based in the UK
- The Brexit effect: The legislation envisaged takes the form of two separate Regulations that will be directly applicable in EU member states. This is intended to harmonise practices across the EU single market and alleviate the existing fragmentation caused by the current patchwork of legislation. The UK has now left the EU and the Regulations will be finalised after the transition period ends (i.e. after 31 December 2020). They will therefore not be directly applicable in the UK, however, they will still have a significant impact on UK online service providers and digital platforms given that they apply to services which are being provided to users within the EU, irrespective of the place of establishment of the providers of those services.
Whilst it may have the freedom to do so, it seems unlikely that the UK would deviate far from this framework in any subsequent UK legislation regulating the online environment, as the creation of two sets of rules may well be unworkable for pan-European organisations operating in both the UK and the EU. The UK Government confirmed today that we are likely to see draft primary legislation and codes of practice in respect of the UK’s Online Safety Bill pass through Parliament next year (see here and here for further information).
- A UK voice at the table: Traditionally the UK has been actively involved in the evolution of new and innovative EU regulatory frameworks. In light of the impact and the landmark nature of this Regulation, the UK will no doubt want to feed into related consultations developing both the primary legislation and any related codes of practice and guidance. However, the extent of the UK’s involvement (if any) remains to be seen after the transition period. Whilst the UK is no longer a member state, it will continue to have some form of representation to the EU through the UK Mission which seeks to ensure that the UK’s interests are promoted and explained to member states and the EU institutions on the full range of EU business.
- Enforcement: It remains to be seen the extent to which the UK will either want or be able to coordinate its own enforcement of digital regulation with the new Digital Services Coordinators across the EU and how the enforcement regime will apply in respect of UK entities.
The European Parliament and European Council (the Member States) will debate, amend and ultimately must approve the Commission’s proposal. The proposal will follow the ordinary legislative procedure meaning that the Council and Parliament are “co-legislators” and both must approve the final text. A majority, not unanimity, is required in Council. This process is expected to take over a year. Once adopted, the new rules will be directly applicable across the EU.
Watch this space for more in-depth analysis on both the DSA and the DMA coming soon.