The Digital Services Act - Transforming the delivery of online services through EU regulation

20 years after the adoption of the e-commerce Directive, the EU has gone back to the drawing board. On 15th December 2020, the European Commission released its highly anticipated proposal for a Digital Services Act (“DSA“), ticking one more box of its 2020 to-do list on “Europe fit for the digital age”. The DSA intends to build on the rules set out in the e-commerce Directive, that has been the cornerstone for digital services regulation in the EU and bring them into the 21st century. The proposal will soon be with the Council and European Parliament, which will have to agree on the content of this ambitious reform of digital services.

Alongside the DSA will sit another piece of legislation, the draft Digital Markets Act, which we will not address in this article.

What is the DSA about?

Enhancing consumer protection: Current business models have highlighted some legislative gaps under which users of online services are left vulnerable. The aim is to protect online users against illegal content, and provide them with actionable rights in this respect. Basically, championing core European values of “fundamental” online rights.
Updating the liability regime of digital service providers: The European Commission wants to reform the e-commerce Directive’s provisions on the responsibilities of digital services’ providers. The goal is not only to protect users but also to give legal certainty and clarity to online businesses about what their responsibility and obligations and thereby levelling the playing field amongst online providers.
Harmonising a fragmented framework: As the e-commerce Directive is 20 years old and not really “fit for purpose” anymore, Member States have, over the past few years, taken the matter into their own legislative hands resulting in a patchwork of digital legislation unsuitable for a single digital market. The DSA will provide unifying rules – by way of a Regulation, that will apply directly across the EU, in order to:
- streamline online providers’ liability rules,
- offer consistency across the 27 Member States, and
- provide enforcement mechanisms at EU level.

However, despite these ambitious objectives – which some consider are not going far enough – the e-commerce Directive lives on. It is important to understand that it will not be repealed but only be amended by the DSA.

What is the scope of the DSA?

Actors covered: The DSA intends to cover digital service providers that act as intermediaries offering one of the following types of service (i) a mere conduit service, (ii) a caching service, or (iii) a hosting service.

In practice, it means that the scope of the DSA is very broad, covering actors such as internet service providers, domain name registrars, social media networks (of course that will include Facebook but also SnapChat, LinkedIn etc), messaging services, cloud services, app stores (whether Google Play, Apple Store, Stadia or any other similar business models) and online platforms (such as YouTube, Vimeo, TikTok) and marketplaces (e.g. Amazon, Etsy, eBay etc.) which transmit or store content of third parties.

Broad (extra-)territorial scope: The DSA would apply to all online intermediary service providers as long as their users (businesses or individuals) have their place of establishment or residence in the EU. Yes – you heard it right: the EU strikes again with extra-territoriality principles, the same way it did with the GDPR. So providers of intermediary services based outside of the EU will still have to comply with the DSA if they direct their services to EU-based users. In these cases, the non-EU based intermediary service provider must appoint a legal representative in the EU, as it is the case under the GDPR.

This is a major change from the e-commerce Directive, which only covered companies established in the EEA and was meant to ensure the free movement of information society services between the Member States. The DSA now covers the activities of companies established in third countries, which offer their services in the single market. This position is consistent with the European Commission’s approach on all its recent digital legislation and shows strong political will to lead on global digital policy by setting “golden” standards of behaviour amongst online service providers.

So what changes in terms of liability of intermediary service providers?

The liability exemptions: The European Commission proposes to move the well-known ‘mere conduit’, ‘caching’ and ‘hosting’ liability exemptions from the e-commerce Directive into the DSA to maximize harmonisation across the EU.

Some good news: No substantial changes are proposed to the ‘mere conduit’ and ‘caching’ exemption regimes. However, as for the hosting exemption, the European Commission proposes that this exemption regime won’t apply with respect to one specific illegal activity. This is the case where online platforms allow consumers to conclude distance contracts that present the object of the transaction in such a way that the user is lead to believe that it is provided by the online platform itself, or by someone acting on under its authority or control. Let’s take the example of an illegal product offered for sale in Facebook’s marketplace. Should Facebook provide a fake impression that it is the actual trader of the product, or if it appears to the user that the actual trader was somehow “mandated” by Facebook to sell this illegal product, then Facebook cannot rely on the exemption regime for hosting providers.

No general monitoring obligation: Under the DSA, the providers of intermediary services would still not be subject to a general monitoring obligation.
Voluntary own-initiative investigations: Settling a long debate, the European Commission takes the view that proactive investigations conducted by the provider of intermediary services should not result in the latter losing the protection of the hosting exemption. Although this may not be as harsh as some would like, it seems to us that promoting compliance by voluntary action has to be the way forward.

What are the new diligence obligations to fight online illegal content?

All providers of intermediary services are now subject to due diligence obligations regarding illegal content (but to different levels depending on the category they fall in):