New basic rules for the internet: The Digital Services Act and the Digital Markets Act
In November 2022, two of the European Union’s key regulatory projects for the Digital Single Market enter into force. With the enactment of the Digital Services Act (DSA) and the Digital Markets Act (DMA), the EU has redefined the rules of the game for digital services. The DSA and the DMA are the two main pillars of the future European regulation of the digital space. They are particularly ambitious projects that affect all users and providers of online services.
The regulatory package creates numerous new compliance and transparency requirements that companies will have to implement in the coming months. What was originally planned as a single piece of digital legislation was divided into two parts during the legislative process: The DSA regulates the liability of digital intermediary services for illegal content uploaded by users and introduces due diligence obligations for providers in order to curb the negative effects of online services. The DMA establishes specific competitive conduct rules for large platforms that act as gatekeepers in order to limit the market power of the large digital companies.
I. Digital Services Act (DSA)
The DSA sets forth uniform responsibilities and obligations throughout the EU for providers of digital intermediary services, such as internet access services (e.g. Telekom and Vodafone), social networks (e.g. Facebook and Twitter), online marketplaces (e.g. eBay and Amazon) and search engines (e.g. Google and Bing). To this end, the DSA relies on two regulatory approaches:
- As the successor to the eCommerce Directive, the DSA answers the question of who is liable if a user distributes illegal content via an intermediary service. The DSA draws on the established liability privilege accorded to intermediaries and adds specific procedural requirements for deletion orders and information requests by authorities.
- The DSA supplements the liability provisions for third-party content with far-reaching due diligence obligations, which are differentiated according to the type and size of the service and are intended to take into account the specific risks of online services. The most important requirements include obligations to offer points of contact for users and authorities and to set up a notice and action procedure for illegal content as well as to follow extensive rules for online advertising and the design of websites. Particularly strict requirements apply to very large online platforms and search engines with at least 45 million monthly active users in the EU. These very large services must examine the societal risks of their services, for example with regard to the viral spread of harmful content and their impact on elections, human rights or the mental health of users, and take measures to mitigate identified risks.
In this respect, the DSA is the EU’s response to the increasing importance of online platforms in political discourse, disinformation campaigns and fake news in the run-up to elections, and the societal impact of hate speech.
While it is clear that regulation is focussed on the tech giants from the Silicon Valley, thousands of smaller European services will also be affected by the new obligations. Companies affected by the Act should begin in good time to adapt their organisational and technical processes to ensure that they are in compliance with their obligations as from 17 February 2024. Otherwise companies are exposed to the risk of high fines. This is especially true for providers of very large online platforms and search engines. They will be subject to the more extensive obligations four months after the European Commission has notified them that they have been designated as a very large service.
You can find further information on the Digital Services Act here.
II. Digital Markets Act (DMA)
As the second pillar of digital regulation, the DMA aims to ensure the contestability and fairness of markets in the digital sector, to promote innovation and to better protect consumers. It is aimed at the large online platforms that are known as “gatekeepers” and for which certain rules of conduct (obligations and prohibitions) apply.
Gatekeepers are companies providing core platform services that allow business users essential access to end users. The DMA defines a total of ten such core platform services, such as online search engines (e.g. Google), operating systems (e.g. Microsoft), web browsers (e.g. Chrome), virtual assistants (e.g. Alexa) and social networks (e.g. Facebook). A number of rules of conduct will be imposed on gatekeepers to ensure that they do not unfairly undermine the contestability of core platform services. These rules of conduct are bolstered by the compliance, monitoring and reporting duties to which gatekeepers are subject.
The DMA defines thresholds above which there is a presumption of gatekeeper status. These thresholds are comparable to the criteria for very large services under the DSA. In addition, the European Commission may initiate a market investigation under the DMA if it wishes to (i) designate a company as a gatekeeper outside its regular procedure for doing so, (ii) investigate systematic non-compliance with the obligations or (iii) include new core platform services in the scope of the DMA. In addition to providing the European Commission with far-reaching powers of investigation, inspection and decision-making, the DMA grants it power to impose penalties. For example, the European Commission may impose fines of up to 20% of the gatekeeper’s annual worldwide turnover or impose behavioural or even structural remedies.
The European Commission has the sole responsibility for deciding whether to designate a company as a gatekeeper and for enforcing the DMA. The DMA grants third parties a number of rights of participation and indirect means of redress that can be asserted before the European Commission, national competition authorities and national courts. However, national courts that apply the DMA are not permitted to take decisions that diverge from those reached by the European Commission under the DMA.
You can find further information on the Digital Markets Act here.
III. Significance for IP law
The new set of digital rules is closely intertwined with traditional IP law. On the one hand, the DMA provides for rights to data portability and interoperability that may conflict with providers’ intellectual property rights. On the other hand, the DSA defines and supplements the principles governing the liability of platform providers, something which has always been highly controversial in IP law.
The starting point for this remains the long established liability privilege accorded to intermediaries: Platforms that provide intermediary services will retain their exemption from liability for illegal third-party content and will not have a general duty to monitor the content posted by their users. However, the DSA sets out, for the first time, uniform rules across Europe requiring hosting providers to have a mechanism in place, which will allow third parties to report suspected illegal content. In future, this mechanism will be the starting point for the liability of providers which do not act quickly to block or remove content after a notice has been made. Another innovation is the “Good Samaritan” rule, which ensures that online intermediaries do not lose their liability privilege simply because they voluntarily review user content. This provision is intended to give legal certainty to providers when they use filters or have their employees check uploaded content in order to proactively detect infringements. Although the DSA does to this extent only provide a new basis for many familiar principles, the significance of its specific details for the protection of intellectual property within the EU cannot be underestimated.