On 15 December 2020, the European Commission published a long-awaited set of rules intended to reform the online space, in two parts: (i) the proposal for a regulation on a Single Market for Digital Services and amending Directive 2000/31/EC, called the “Digital Services Act” or “DSA”, setting out harmonised rules for regulating digital platforms and increasing user protection; and (ii) the proposal for a regulation on contestable and fair markets in the digital sector, called the “Digital Markets Act” or “DMA”. Together they form the “Digital Services Act Package”, designed to prohibit unfair conditions imposed by online platforms that have or are expected to become “gatekeepers” to the single market.
Why has the European Commission proposed these regulations?
It was the purpose of Directive 2000/31/EC (the “e-Commerce Directive”) to facilitate (i) a well-functioning internal market for digital services, (ii) the effective removal of illegal online content without infringing on fundamental rights, and (iii) an adequate level of information and transparency for consumers. Although these objectives are still relevant today, no tools have yet emerged that are sufficiently well adapted to ensure their effectiveness in light of the current digital market players.
The Digital Services Act Package is the result of a consultation of various stakeholders over the past five years leading to the consensus that, under the legal framework currently in force, there is a need for action in terms of both addressing online safety and sophisticating the internal market for digital services.
The new proposals deliberately provide for consistency with the current legal framework, ensuring that sector-specific legal instruments will remain in force and allowing the Digital Services Act Package to supplement them by addressing the regulatory gaps identified by the European Commission. The driving philosophy behind the measure (fairness, transparency, consumer protection and accountability) is close to the spirit of other recent EU legislation (e.g. Regulation EU 2016/679, or the “General Data Protection Regulation”; and Regulation (EU) 2019/1150, or the “Platform to Business Regulation”). (See also: What’s new in e-commerce?)
I. The Digital Services Act
Material and territorial scope
The DSA applies to the provision of intermediary services in the internal market, irrespective of their location, as long as their service recipients have their place of establishment or residence in the Union.
One specific focus of the DSA is very large online platforms which have an important social impact (operational threshold of more than 45 million service recipients, i.e. those platforms serving at least 10% of the Union population). This threshold can be amended by delegated acts where necessary, enabling the obligations upon platforms to remain proportionate to their societal impact.
Fundamentals of the DSA
The DSA defines clear responsibilities and accountability for providers of intermediary services, in particular online platforms such as social media and marketplaces.
The EU Commission’s proposal introduces the legal concept of algorithmic accountability. It sets new obligations to assess the risks which arise from the systems used by these platforms, with the objective of adopting tools that better protect the integrity of online services (by preventing the use of manipulative techniques, for instance).
1. Intermediary service providers will have new due diligence obligations, including inter alia:
- establishing a single point of contact and designating a legal representative within the EU (where operating from outside the EU),
- implementing mechanisms allowing third parties to flag illegal content,
- for very large platforms, in particular:
- providing for a complaint-handling system and facilitating out-of-court settlements,
- adopting measures against misuse,
- escalating information in case of suspicion of serious criminal offences involving a threat to the life or safety of persons,
- using an interface enabling traders to respect EU consumer product safety laws,
- publishing reports on illegal content removal,
- providing transparent information with respect to online advertising, and
- managing systemic risk (risk assessment regarding the functioning and/or use of online services) and transparent reporting of related assessments.
2. Implementation and enforcement of the DSA
- Independent national authorities called Digital Services Coordinators will be created that are locally competent inter alia to receive complaints about breaches of the regulation, investigate, audit, carry out interviews and on-site inspections, and impose interim measures and fines. These cooperate with one another, in particular to enable joint investigations.
- A European Board for Digital Services will be set up, in particular to supervise the Digital Services Coordinators and support the coordination of joint investigations.
- With respect to very large platforms, where an infringement of the DSA persists, the EU Commission will be allowed to intervene and will have the power to carry out investigations, audits, interviews and on-site inspections, as well as to impose interim measures, fines, etc.
The DSA provides for penalties of up to 6% of the annual income or turnover of a provider of intermediary services in the event of infringement. Considering the size of the platforms concerned by the proposal, this could represent a very substantial penalty.
II. The Digital Markets Act
Scope and fundamentals of the DMA
The aim of the DMA is to address what the Commission sees as the negative consequences arising from core platform services. Large platforms have indeed emerged which increasingly act as gateways or gatekeepers between business users and end users. They therefore enjoy an entrenched and durable position, often as a result of the creation of conglomerate ecosystems around their core platform services. The Commission points out that the problems identified with respect to such gatekeepers are currently not being (effectively) addressed by existing EU legislation or national laws.
The DMA will only apply to large companies that are identified as gatekeepers; i.e. those which control at least one “core platform service” (such as search engines, social networking services, certain messaging services, operating systems and online intermediation services) and have a large, lasting user base in multiple countries in the EU.
The DMA establishes a set of narrowly defined, objective criteria for determining whether a large online platform qualifies as a gatekeeper. These criteria will be met where a company:
- has a strong economic position and a significant impact on the internal market, and is active in multiple EU countries. This is presumed to be the case if the company achieved an annual turnover in the European Economic Area (EEA) of €6.5 billion or more in the last three financial years or if its average market capitalisation or equivalent fair market value amounted to €65 billion or more in the last financial year, and if it provides a core platform service in at least three Member States;
- has a strong intermediation position, meaning that it links a large user base to a large number of businesses. This is presumed to be the case if the company operates a core platform service which had more than 45 million monthly active end users established or located in the EU and more than 10,000 yearly active business users established in the EU in the last financial year;
- has (or is about to have) an entrenched and durable position in the market, meaning one which is stable over time. This is presumed to be the case if the company met the other two criteria in each of the last three financial years.
A provider of core platform services which meets all of these criteria must notify the Commission within three months of attaining the relevant thresholds.
The DMA imposes a number of obligations upon such gatekeepers. In particular, they must (i) refrain from engaging in several practices the Commission considers to be “clearly unfair” (e.g. blocking users from un-installing any pre-installed software or apps, using data obtained from business users to compete with those business users, etc.) and (ii) proactively engage in certain behaviours (i.e. allowing business users to promote their offerings and conclude contracts with customers outside the gatekeeper’s platform, implementing targeted measures to enable third-party software to function properly and interoperate with their own services, etc.).
The DMA is without prejudice to the implementation of EU competition rules (Articles 101 and 102 TFEU) and to national competition rules regarding unilateral behaviour. The DMA addresses unfair practices by gatekeepers that either (i) fall outside the existing EU rules on competition, or (ii) cannot always be effectively dealt with by these rules due to the systemic nature of some behaviours, as well as the ex-post and case-by-case nature of competition law. The DMA will thus minimise the harmful structural effects of these unfair practices ex-ante, without limiting the EU’s ability to intervene ex-post via the enforcement of existing EU competition rules.
Sanctions for non-compliance are provided for, including fines of up to 10% of the gatekeeper’s worldwide turnover. For recurrent infringers there are also structural remedies, such as obliging a gatekeeper to sell a business, or parts of it (i.e. selling units, assets, intellectual property rights or brands).
The main objective of the DSA and the DMA is thus to ensure user protection and fair competition between businesses and to define the responsibilities and obligations of providers of digital services, and online platforms in particular.
The European Commission is on track to finalise and adopt these proposals within the next 18 months.