The EU Digital Services Act: What it is and Why it Shouldn’t Happen

Ursula von der Leyen, the president-elect of the European Commission, has recently published political guidelines for 2019-2024. Those who have been careful enough to read the document would have noticed that “a Europe fit for the digital age” is one of the six political goals the president-elect wants to achieve. Among various statements populating the section on digital Europe, the following is found:

A new Digital Services Act will upgrade our liability and safety rules for digital platforms, services and products, and complete our Digital Single Market.

The words should have claimed the attention of professionals and businesses alike. They are remarkable not only for their terseness but also for naming the act, thus indicating that preparations are well underway.

Just a few days later a document leak confirmed that DSM Steering Group is engaged in drafting the the EU Digital Services Act that would serve as a basis for:

The two ideas signalled here are interesting each in their own right.

The E-Commerce Directive, dating to 2001, and based on the ideas from the late 90s, has served remarkably well. Similar to the Clinton/Magaziner approach in the US, the directive is based on the ‘no-regulation-for-regulation’s sake’ principle and on the laissez faire approach of regulating only where there was a specific need. The two main ideas it is based on are home country control (the idea that information society services (ISSs) should be regulated in the home country only) and the heavy insulation of bona fide ISSs from liability. The reasons for the Directive’s relative longevity can be found both in its flexible character and in the political difficulties which its potential revision would initiate. As a framework instrument for the entire e-commerce regulatory ‘silo’, the Directive had been designed to last.

But, that some of the fundamental principles the Directive is based on would eventually have to be revisited became all too apparent already in the 2015 when the Digital Single Market Strategy had been published. There, the Commission indicated that

It is not always easy to define the limits on what intermediaries can do with the content that they transmit, store or host before losing the possibility to benefit from the exemptions from liability set out in the e-Commerce Directive.

Crucially, the Commission shifted the focus from ISSs to platforms.1 Soon thereafter, the language in the many policy documents on platforms changed. Platforms, the Commission claimed, need to act “responsibly” if they are to continue to benefit from insulation. In its highly controversial Copyright in the DSM Directive the Commission suggests that even ISSs falling under Article 14 ECD need to have effective protective technologies and that they cannot rely on the article if they do not. ‘Active’ providers cannot rely on the protection as they are not responsible enough in the Commission’s mind.

When the two ideas are joined, the picture becomes to emerge: the Commission would like the ECD REFIT exercise – which seems to be overdue – to result in a more nuanced approach, recognising that only responsible platforms can be protected and revising the insulation regime.

What does the preparatory document reveal about the Commission’s ambition and the scope of the potential intervention?

Five problems are listed:

  • a) divergent rules for online services in Member States. This item signals the existence of divergent rules in Member States, some of which have already engaged in regulated issues as diverse as hate speech, advertising or social networks.
  • b) outdated rules and regulatory gaps. The second item indicates that the ECD rules no longer “adequately reflect the technical, social and economic reality of today’s services“. In particular the concepts of active and passive providers are labelled as being out of date. Furthermore, the document claims that some online intermediaries simply do not know what regime they are under.
  • c) insufficient incentives to tackle online harms and protect legal content. Here the claim is that platforms are disincentivized to act proactively and that small and medium platforms face regulatory risk as a result.
  • d) ineffective public oversight. This item indicates that there is no dedicated “platform” regulator which would exercise oversight in “content moderation or advertising transparency”
  • e) high entry barriers for innovative services. The last item talks of “no legally binding, controlled way for regulatory experimentation with innovative services” currently in existence.

The document is clear in proposing the scope of application to include “all digital services, and in particular online platforms.” For each of the crucial ECD components, something new is proposed.

  1. It is proposed that home country control be kept and its scope extended. This would now include “consumer protection, commercial communications and contract laws” but also services established in the third countries. Finally, it is also proposed that any exceptions be narrowly interpreted. This is a problem as consumers and contract laws are largely outside the scope of the “coordinated filed”. It is not clear whether Member States would accept such a dramatic expansion of the operation of the article. It is even less clear why the extension is suggested as home country control generated little to no case law and even less problems in practice.
  2. The documents names ISSs as still relevant. It suggests, however, that there are “grey areas” and names them as “ISPs, cloud services, content delivery networks, domain name services, social media services, search engines, collaborative economy platforms, online advertising services, and digital services built on electronic contracts and distributed ledgers.” This is a remarkable claim as the list includes almost all intermediaries in operation today, which amounts to a claim that the concept of information society services is inadequate. This claim is not substantiated. The mention of the European Electronic Communications Code (EECC) is a nod to convergence.It is suggested that future ISS services here may be defined “on the basis of a large or significant market status, complementing the competition threshold of dominance”. This effectively brings in the ad hoc sector-specific regulation of the kind applied to telecommunications services. This approach would require that digital service providers be classified as having the correct market status or power before regulation would be applied to them. Ex ante regulation is only imposed on those with the required market power. There are numerous problems with this idea but two are particularly significant. First, the ad hoc regime in the telecoms sector has always been a temporary measure going toward full application fo competition law. In e-commerce law, competition rules are already fully functional and little to nothing would be gained by this exercise. Second, the market analysis process would inevitably have to be conducted by various national authorities designated for the purpose which would, in turn lead to insurmountable practical problems and divergence, thus eliminating any positive effects achieved.
  3. The liability provisions of ECD would be updated. The “harmonised graduated and conditional exemption” approach is suggested kept but with additions. First, the case-law would be used to update the present issues in Articles 12-15. Second, new rules or clarifications of the principles to “collaborative economy services, cloud services, content delivery networks, domain name services, etc.” would be needed. The notions of “active” and “passive” hosts would be replaced with notions of “editorial functions, actual knowledge and the degree of control”. Finally, an exemption for proactive measures would be introduced.The changes suggested here essentially fall into two categories. The non-problematic ones result from CJEU’s case-law on intermediaries. While that case-law is not without problems in itself,2 it has largely followed the contours of Articles 12-15. The more problematic are specific rules on platforms. It is not clear which of these “special” categories would need special rules and what these would aim to achieve. It is even less clear what liability regime would be imposed on them and if the disastrous Copyright in the DSM proactive filtering would find its way here too. It seems that it would, as it is not clear how it would be possible to proactively and “responsibly” catch alleged illegalities without expensive (and potentially unreliable) AI solutions. Even more worryingly, no suggestion is made here (as it was in DSM Directive) that smaller platforms would be exempt.

    It seems that the drafters of the document operate with the false assumption that active/passive dichotomy is the basis of EU case law on intermediaries. It is not. While there are cases where this approach (otherwise originating in the USA) is used, the CJEU cases are more nuanced and speak of levels and types of engagement, precisely in line with that the document otherwise demands.

  4. The document pays lip service to the prohibition of general monitoring of Article 15. However, it suggests that “algorithms for automated filtering technologies” should be considered for better “transparency and accountability”. Filtering, in principle, may be specific and general. The CJEU case law suggests that general filtering is prohibited while specific is allowed. The problem is that the document goes beyond specific filtering and suggest that AI technologies essentially playing the role of general monitoring are OK. One cannot have both. Either the prohibition on general monitoring is maintained OR AI and filtering solutions are allowed. They cannot coexist.
  5. Tailored and EU-wide notice-and-action rules are suggested. These are have already been introduced in the Illegal Content Communication. Binding transparency obligations are suggested as are options for “algorithmic recommendation systems of public relevance”.
  6. New regulatory structure is suggested with “a central regulator, a decentralised system, or an extension of powers of existing regulatory authorities” all being considered. Any of the three solutions would be problematic. Centralised regulators are difficult or impossible to achieve in any area of shared competence. The decades of experience the EU gained in the telecoms sector is a testimony to this. The decentralised system is possible but would require a prior harmonisation of competences which is politically just marginally easier to achieve than a central authority. Finally, extending the powers of the existing authorities may be viable but would not serve the Single Market purposes proclaimed in this document and elsewhere.

While there may be a number of problems with various suggestions made in the document, the main criticism can be summarised as follows:

  • no convincing reasons are given for abandoning the approach based on information society services (ISSs) and moving to platforms. While it is certainly true that confusion exists (both in terms of fully digital and composite services) as to what is or is not an ISS, any move needs to be justified. Platforms are ill-defined and fluid (both in the EU and elsewhere) and vary from one-man blogs to multi-billion dollar global conglomerates. There are no convincing reasons to use them as replacement for ISSs. The confusion is compounded by the insistence on keeping the ISSs as regulatory units while insisting that almost everything on the Web today is a “grey area” and needs a different treatment.
  • the liability regime in Articles 12-15 has proven adequate as have various kinds of relief (including injunctive). The CJEU case-law adequately managed to deal with different aspects of ISS liability and managed to apply Articles 12-15 to modern phenomena. Any change to this regime must be based on throughly-researched and very specific suggestions. While it is good that the drafters seek to incorporate the CJEU cases, their suggestions as to the liability in other situations are superficial at best. Equally worrying is their refusal to address the criticism already directed at filtering solutions in the DSM proposal. While few would disagree with the claim that the Facebook and others need to act “more responsibly”, this does not extend to the claim that all platforms need to nor does it equal the obligation to filter. That the drafters know this is confirmed in their problematic suggestion that market status should determine the scope of regulatory burden.
  • the document demonstrates the lack of understanding (and even lack of interest in) the modern phenomena such as blockchain technologies or AI. The former are mentioned with a vague suggestion that some regulation may be needed but without any conviction as to what the policy goals should be.
  • The bundling of such diverse problems as copyright infringement, illegal speech, hate speech, advertising, etc. under one umbrella is a mistake. Experience has taught us that the difference between them justify differences in the regulatory approach. While convergence in real life suggests that regulatory convergence may also be necessary, this is neither the declared nor the actual aim of the potential Digital Services Act. On the contrary, the document is actively averse to convergence problems and suggests that current regulatory silos be kept.
  • Finally, the suggestion that single regulator should be possible is politically naive

The reform of the ECD, more than any other issue, needs to address two issues, if it is to be successful.

The first is the effect of convergence on regulation. In other words, we need to know how are converged services to be regulated. The present document is as far from solving this problem as can be possible. The proposal is just a reform of the E-Commerce silo that maintains that very silo. Telecoms, audio-video and e-commerce have each their own regulatory circles, often with separate regulators. No attempt has been made to address this, either in the EECC or here.

The second is: what types of regulatory approaches (including soft-law, standardisation, etc.) should be used for governing modern digital services in order to stimulate innovation while protecting the categories of population that need to be protected. Again, the present document makes no attempt to solve this question as it sticks to old-fashioned black-letter law. Modern digital services are inherently disruptive and may require completely different governance structures. The Commission seems to be confused, mixing soft and hard law, general and subject-specific, new and legacy, often in the same documents, sometimes even in the same sentence.

  1. On why this may be problematic in itself, see my article
  2. See Martin Husovec, Injunctions Against Intermediaries in the European Union, CUP 2017.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s