The online world is constantly evolving, and everything we do — and use — is becoming more digitalised. However, the European legal framework for digital services has remained unchanged since the adoption of the e-Commerce Directive back in 2000. The aim of this Directive was to enable access to digital services across the EU, harmonise the core hardships for such services and set the liability framework for third party content hosted by intermediary services. While the Directive has accomplished much of what it promised, it can no longer keep up with the changing times.

An in-depth reform of the legal framework addressing the newer challenges that have arisen in the digital sphere has been one of the European Commission's priorities for the past years. On 15th December 2020, the Commission finally released its long-awaited proposal. The Digital Services Act Package (the 'DSA Package') is a comprehensive set of measures intended to ensure the best conditions for the development of innovative cross-border digital services, while at the same time maintaining a safe online environment. The DSA Package not only aims to empower users and to protect fundamental rights (especially freedom of expression) in the online space, but would also impose additional accountability obligations to online intermediaries.

The DSA Package is composed of proposals for two regulations serving two main initiatives. The proposal for the Digital Service Act ('DSA') aims to deepen the single market for digital services and establishing clear responsibilities for online platforms to protect their users. The proposal for the Digital Market Act ('DMA') aims to create an 'ex ante' legal framework for the economic behaviour of large platforms acting as 'gatekeepers'.

How far-reaching will the future legal EU framework for the digital world be? In the words of the European Commission, if we compared the level of technological disruption caused by the rise of online platforms to the invention of the car, the implementation of the DSA Package would be similar to the invention of the traffic light. This article provides an overview of the new concepts, key changes and obligations introduced in each of the new proposed regulations.

Digital Services Act — an updated regulatory framework for online service providers

The stated aim of the legislation necessarily translates into new obligations for online intermediaries or service providers of goods, services or content. It is important to note that this new set of rules will apply across the EU and will enhance the market for digital services, but it is not repealing the e-Commerce Directive (2000/31/EC) ('the Directive') per se. The future legal framework would build on the existing one, and will apply next to the national laws transposing the Directive into the national legal framework.

The European Commission's proposal explicitly broadens the applicable legal framework to a much larger variety of services than the ones currently falling under the scope of the Directive. As an example, the definition of 'information society service providers' has been amended, covering new categories of providers whose liability could then also be triggered. Under the current framework, it is unclear to what extent the new type of online services that have appeared since the adoption of the Directive — for example, collaborative economy platforms, online marketplaces or digital services built on electronic contracts — fall within the definition of information society service providers. The proposed Regulation sheds some light on the most recent business models operating in the digital world.

Besides broadening existing concepts, the DSA Package also introduces a definition of illegal content which was not included in the Directive: 'any information, which, in itself or by its reference to an activity, including the sale of products or provision of services is not in compliance with Union law or the law of a Member State, irrespective of the precise subject matter or nature of that law'.

Consequently, providers of hosting services will have to comply with these new and farreaching obligations to combat illegal content and will have to implement mechanisms to allow users to notify them of potentially illegal content, and inform the users in a clear, transparent and unambiguous way of the existing content moderation mechanisms. Furthermore, platforms must publish detailed reports on removals and disabling illegal content on a regular basis.

Content recognition tools such as automatic filtering systems and large platform automatic filters already play a major role in copyright protection. Such automated measures have been recommended or proposed in several pieces of legislation (for example, the EU Copyright Directive (2019/790) and will likely become the new industry standard with the implementation of the DSA. Against this background, the question of mandating online intermediaries to use automated filtering technologies to detect illegal or harmful content has been a focus of the debates on the revision of the current eCommerce framework in the European Parliament.

The enhanced transparency requirements are not only related to illegal content but to personalised advertising as well. The proposed Regulation also obliges providers to disclose why users are targeted by personalised ads, who sponsored them and why they are visible on the platform. According to the proposed text, users need to be given the chance to optout from recommendations based on profiling.

"Providers of hosting services will need to comply with new and far-reaching obligations to combat illegal content, will have to implement mechanisms to allow users to notify them of potentially illegal content, and inform the users in a clear, transparent and unambiguous way of the existing content moderation mechanisms."

Besides all the novelties related to the fight against illegal content and the enhancement of transparency requirements, the liability exemption created under the Directive, also known as the 'Safe Harbor' principle remains in the proposed Digital Service Act. The Safe Harbor principle was introduced in the Directive, under which online intermediaries hosting or transmitting content provided by a third party are exempt from liability unless they do not act adequately to stop harmful or illegal content after becoming aware of it. In practice, this principle varies greatly and national jurisprudence on online liability remains very fragmented, while European Court of Justice case law does not provide much guidance. The DSA Package preserves the Safe Harbor principle, and clarifies its scope and the distinction between active and passive online intermediaries, subject to an objective 'test of reasonableness'.

Regarding territorial scope, the proposed DSA, like the GDPR, would come along with an extra-territorial effect. The future rules would not only directly apply within the EU single market but will also bind those online intermediaries established outside of the EU who offer services in the single market. In other words, the obligations under the DSA are extended to online services providers established anywhere in the world having a 'substantial connection to the EU'.

Another significant novelty of the proposed DSA is the introduction of specific rules applicable to 'very large online platforms'. Platforms providing services to an average of 45 million recipients a month, according to the proposed Regulation, will be subject to additional obligations which apply cumulatively to the obligations for other information society service providers. An example of this additional obligation would be the requirement to appoint Compliance Officers responsible for monitoring compliance with the DSA to carry out independent audits for assessing compliance with the DSA obligations.

Compliance with the new rules will be ultimately overseen by the European Board for Digital Services ('Board'), an independent advisory group composed of the national Digital Services Coordinators, chaired by the European Commission. The Board will have powers to support the coordination of joint investigations, support competent authorities in the analysis of reports and results of audits of very large online platforms.

As a final note regarding the enforcement of the new measures, noncompliance with the DSA can be sanctioned with monetary fines running up to 6% of annual income or turnover. The proposed DSA also includes periodic penalty payments for ongoing infringements of up to 5% of the average daily turnover in the preceding financial year.

Digital Markets Act — new competition rules for the digital era

Next to the DSA, the European Commission has tabled another proposal for a regulation: The Digital Markets Act ('DMA'). Over the past decade, a relatively small number of digital platforms have emerged as key players in the digital transformation that has profoundly changed the functioning of the global economy and society. This group of few, dubbed as 'gatekeeper platforms' control a significant portion of the access channels between consumers and businesses, be it for information, services, or goods. These large platforms have become unavoidable trading partners for the million organisations trading via platforms for whom they serve as intermediaries to reach consumers. An organisation not being present on these platforms faces an immediate and significant competitive disadvantage, as it misses out on connecting with a large share of the consumer market.

The DMA includes ex-ante rules to regulate the biggest tech companies. Instead of waiting for the results of investigations led by the competition authorities or civil lawsuits brought by competitors and consumers, the future legislation would instead impose obligations on companies on the basis of being 'gatekeepers'.

The term 'gatekeeper' refers to providers of one or more intermediary services that are, practically speaking, unavoidable for businesses and users in the digital economy seeking market access in the European Union. The term is closely related to the notions of 'companies with strategic market status', 'companies with bottleneck power', 'platforms with substantial market power' and 'companies with paramount cross-market significance'.

In this context, where a small number of platforms serve as an intermediary to millions of organisations, different national rules in some Member States are emerging to address problems such as unfair practices by gatekeeper platforms vis-a-vis business users and competitors, fragmented and ineffective institutional oversight and enforcement. The more significant initiatives in this regard are emerging from Belgium, France, Germany and the Netherlands.

The DSA Package and the subsequent legislative developments at EU level aim to strengthen the single market but also come as a response to the legislative action taken on the same issues by the Member States who have started legislating in this field to limit the power of the 'gatekeepers'. Similar reflections have also been sighted in some of EU's major trading partners, including Japan, the US, UK and Australia.

Conclusion

Keeping in mind that the proposed DSA Package is the first step of a lengthy legislative process that may take up to two years before it is completed, it is advisable for every business operating in the digital ecosystem to start carrying out an internal assessment regarding the impact of the future legislation, build a strategy and anticipate changes.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.