European Commission Unveils Ambitious and Far-Reaching Legislative Proposals for Regulating Platforms, Hosting Services and Online Intermediaries

Executive Vice President Vestager and Commissioner Breton have now presented the Commission's long-awaited proposals for new tech regulation: the Digital Services Act and the Digital Markets Act.

While promoting accountability across the single market, these proposals seek to ensure that consumers are as safe online as they are offline, and that businesses can operate on a level playing field.

In terms of next steps, the European Parliament and Council will now scrutinize the texts in order to adopt binding legislation. This could take up to two years and heated debates are to be expected. MEPs participated extensively in drafting their Committees' positions and EU Member States are working on national-level legislation.

None-the-less, these proposals represent probably the most radical attempt yet to regulate tech platforms.

DSA Key Points:

• The Commission has laid the ground rules providing for new obligations under which tech companies are to monitor and filter content on their platforms.
• Three overarching goals: more safety for users, increased transparency for platforms and better enforcement.
• Safety: protect users from illegal and harmful content while preserving freedom of expression. To do so the DSA suggests:
  • New due diligence obligations: illegal content (that will still be defined at Member State level) will have to be removed and an explanation provided to users. Users are to be given the opportunity to lodge complaints.
  • Obligation to know your business customer: market players are required to check users' identity.
  • As under the eCommerce Directive, the DSA provides that hosting providers are not liable for content unless they have actual knowledge of illegal content and do not subsequently act to expeditiously remove it. The DSA also maintains the prohibition on requiring intermediaries to monitor generally.
• Transparency: platforms will be required to explain how algorithms work, so that users can understand how they are being influenced. This will also shed light on why some sellers are more visible than others.
  • Very large platforms (more than 45 million average monthly active EU users) have to publish annual reports on their risk assessment and mitigation process in relation to the dissemination of illegal content through their services, impacts on fundamental rights and intentional manipulation of their service.
  • Key platforms will also need to give researchers access to data.
• Enforcement: rules across Europe need to be harmonized and breaches will be subject to sanctions, in particular fines of up of 6% of global turnover of the preceding financial year.

Whilst the DSA is set to provide cross-sectoral rules (and does not seek to replace or amend existing legislations), it is potentially disruptive. As an example, the provisions dealing with user-facing transparency of online advertising will add to existing disclosure rules, such as those under GDPR. The DSA shares with GDPR (and with recent initiatives in the market), the trend towards extraterritorial reach (i.e., applying EU rules to those offering their services in the EU’s single market, even if they are not established in the EU). The DSA also provides for high fines for non-compliance (up to 6% of global turnover - even higher than GDPR). Contrary to GDPR, under the DSA the Commission, rather than Member States, will have the power to enforce against very large platforms; the prospect of tougher enforcement looms.  

DMA Key Points:

• The Commission's main message to platforms is that the bigger they are, the more responsibility they bear. Therefore, rules under the DMA apply specifically to gatekeepers, as opposed to the DSA whose scope is horizontal.
• To qualify as a gatekeeper, online businesses should meet three criteria:
  • Be sizeable and significantly impact the internal market, with a global turnover of 6.5 billion euros in the last three financial years, or an average market capitalization of 65 billion euros in the last financial year, while being in at least three Member States.
  • Operate as an important gateway for business users towards end-users, with at least 45 million active users per month, and at least 10,000 yearly business users in the last financial year.
  • Act in this entrenched position over time - which is presumed when the other two criteria are met in each of the last three financial years - or is expected to benefit from such position in the short term.
• Businesses are expected to come before the Commission and explain whether they believe they identify as gatekeepers or not. The Commission may launch an investigation if it does not agree with the businesses' decision to not qualify as a gatekeeper, or decides that there is a risk that it is an emerging gatekeeper.
• Once designated as a gatekeeper, the platform will have to comply with two types of ex-ante obligations: self-executing ones and those subject to further amendment at a later stage. For instance, the ban on businesses self-preferencing their own services and products is expected to be clarified in further legislation.
• Should a gatekeeper be found to breach the rules, the Commission can impose fines of up to 10% of global turnover in the previous financial year.

The DMA aims to regulate for the first time how gatekeepers interact with their business users online in order to preserve fair competition. Tech companies likely to qualify as gatekeepers have previously warned that such new rules could stifle innovation. However, Executive Vice President Vestager stressed that these common sets of rules will help European companies scale-up in an open and fair market. While the impact of the new rules is limited in scope to the gatekeepers, much interaction with the Parliament and Council is to be expected by a range of tech companies over the next year, in particular on the criteria establishing which businesses qualify as gatekeepers.