Final Countdown: The regulation of online platforms by the Digital Services Act and the Digital Markets Act
1. Overview
a) Digital Services Act (DSA)
The main purpose of the DSA is to update andpartially replace the previously applicable provisions of the E-Commerce Directive from 2020. It applies to allso-called “intermediary services” that are provided to users established orresident in the European Union.
The term of intermediary services is very broad and covers a wide range of service providers. Unlike the E-Commerce Directive, the DSA provides for a tiered system of obligations for intermediary services. The obligations vary according to the role, size and impact in the online environment, and they become more stringent at each level. General obligations apply to all intermediary services, which are supplemented by further specific obligations at each level. A distinction is made between pure intermediary services (level 1), hosting providers (level 2), online platforms (level 3) and very large online platforms or very large online search engines (level 4):
Accordingly, the portfolio of duties is extensive. It essentially comprises the following::
- Moderation of content: Online platforms are obliged to take measures to combat illegal and harmful content. This includes, in particular, hate speech, terrorist propaganda, child pornography and disinformation.
- Transparency: Online platforms are obliged to make their algorithms and business practices more transparent. This should enable users to better understand how their data is used and how content is moderated.
- Manipulation: Online platforms are prohibited from designing their online interfaces in such a way that deceives, manipulates or otherwise interferes with users’ freedom of choice. This is intended, in particular, to put a stop to so-called “dark patterns”.
- User rights: The DSA strengthens users’ rights, particularly with regard to the protection of personal data, the exercise of freedom of expression and the prevention of discrimination. It also strengthens the protection of minors.
However, the wording of the law is sometimes vague and broad, meaning that there are likely to be many ambiguities and even gray areas. The courts will soon be called upon to provide more legal certainty.
b) Digital Markets Act (DMA)
The DMA is intended to create a level playing field in the digital markets and better protect users’ rights and data. To this end, the European Commission has been granted wide-ranging powers to intervene and take timely action against distortions of competition.
The DMA primarily targets large online platforms with a gatekeeper position. This includes companies that have a significant impact on the internal market, whose platform service serves commercial users as an important gateway to end users and has a consolidated and sustainable market position. Specifically, these are companies with an annual turnover of EUR 7.5 billion in the last three years and 45 million end users and 10,000 business users in the EU. The first six gatekeepers were designated by the EU Commission on 6 September 2023:
At the heart of the DMA are obligations for these gatekeepers in the form of Dos and Don'ts (in particular in Art. 5 and 6 DMA). These mainly concern the following aspects:
- Prohibition of Self-Advancement: Gatekeepers must not favour their own products or services over those of competitors.
- Prohibition of data misuse: Gatekeepers must not merge and reuse user data or use it for purposes that are incompatible with the original purpose for which the data was collected. In particular, they must not use data in competition with commercial users.
- Prohibition of Dependency: Gatekeepers must not take any action that would make users dependent on their services. In particular, gatekeepers must not make the use of one service dependent on the use of another service and must allow interoperability with other communication services.
Once designated by the EU Commission, gatekeepers will have six months to implement the obligations. For those gatekeepers that have already been appointed, the deadline is therefore at the beginning of March 2024.
c) Penalties
Failure to comply with these obligations can result in heavy fines, up to 25% of annual turnover under the DMA and up to 6% of annual turnover under the DSA. The penalties are set by the EU Member States.
2. Implications of DSA and DMA on Online Platforms
The two laws have far-reaching implications, some of which we will take a closer look at below.
a) Liability Regime Under the DSA
Contrary to initial expectations in view of the many debates about increasing the liability of platform operators, the EU Commission has largely retained the liability regime of the E-Commerce Directive in the DSA.
Accordingly, online platforms, as so-called hosting service providers, can benefit from a liability privilege if they provide the service in a neutral manner and through the purely technical and automatic processing of the information provided by users.
In this case, operators of online platforms are only liable for third-party content if they do not remove illegal content once they become aware of it.
This means that there is still no obligation for service providers to proactively monitor and investigate the legality of the content on their platform (as explicitly stated in Art. 8 DSA).
Another key aspect of the DSA is that illegal content must be removed quickly and efficiently. In particular, hosting service providers must set up a user-friendly notice-and-takedown procedure for this purpose, through which users can report digital content and effective remedial action is taken in the event of infringements (Art. 16 DSA).
A new provision in this context is that voluntary investigations or other measures to ensure compliance with the law do not exclude liability privileges (Art. 7 DSA).
b) Targeting Giants
The DSA and DMA focus on the really big players - in the case of the DMA, the gatekeepers mentioned above. In the case of the DSA, these are the “very large online platform” and “very large online search engine”, which are at the highest level in the DSA's system of obligations.
In addition to the general obligations under the DSA, the latter are subject to additional obligations regarding general terms and conditions, protection of minors, transparency of online advertising and the establishment of a compliance department. They must also carry out a risk analysis of new functions with regard to the dissemination of illegal content or negative effects on public security. They will also have to pay a supervision fee to cover the Commission’s enforcement costs. The organizational and economic burden of implementing the regulations should not be underestimated.
Providers with an average of more than 45 million active monthly users in the EU fall into the category of very large online platforms. The classification will be based on a decision by the European Commission. A first desgination has already been made. This includes online platforms such as Amazon, Google, Facebook, X (formerly Twitter), TikTok, Booking.com and Zalando.
Some of the affected companies, including Amazon, have already taken legal action against their classification as a very large online platform and the consequences of this classification. Amazon has achieved a first partial success in proceedings for interim measures. The General Court of the European Union granted an interim relief to suspended Amazon’s obligations to publish a directory of advertisements under the DSA on the grounds that Amazon would otherwise suffer serious and irreparable harm. A decision in the main proceedings is still pending.
The EU Commission has also already taken legal action, opening proceedings under the DSA for the first time on 18 December 2023 — against the online platform X. Amongst others, X is accused of failing to take sufficient action against illegal and misleading content, contrary to legal requirements.
However, this is likely to be just the beginning of the EU Commission’s battle against the giants, as it had already announced in October last year that it intended to initiate similar proceedings against Meta and TikTok.
3. Summary
4. Conclusions for Your Company
The DSA and DMA reform package introduces a number of new regulations and obligations. While the focus is on the aforementioned “very large online platforms” and gatekeepers, ultimately all digital service providers are potentially affected.
As of 17 February 2024, all “intermediary services” must comply with the far-reaching obligations of the DSA. There is not much time left.
Moreover, the organizational, technical and legal effort involved in the implementation should not be underestimated. It is therefore advisable to identify, analyze and implement the necessary steps at an early stage.
Given the regulatory uncertainties that still exist in some areas, it is likely to be a major challenge not only for the giants among the companies in the digital market to maintain an overview.
We therefore recommend you to proceed as follows:
- Identification: Companies should check whether and to what extent the DSA and/or DMA apply to them.
- Analyse: If companies are subject to the regulations, they should examine whether and what specific action is required as a result.
- Implementation: If action is required, the implementation should take into account relevant deadlines and other existing laws.
- Monitoring: The above points should be reviewed on a regular basis, as non-compliance can result in significant sanctions.
We are happy to advise you on the necessary steps and strategic implementation.
You might also be interested in this
The European Union has implemented significant reforms to the Court of Justice of the European Union (CJEU). The changes, which took effect on September 1, 2024, are designed to improve the efficiency of the court system and increase transparency in its operations.
The law of jurisdiction contains a number of pitfalls which are often underestimated in practice, particularly at the interface between contractual and tort claims. In this article, we discuss a recent decision of the Oberlandesgericht Karlsruhe (Karlsruhe Higher Regional Court), which had to rule on a claim brought by a journalist who had unsuccessfully challenged the blocking of his account on an internet platform on the grounds of a breach of the law on unfair competition (OLG Karlsruhe, Urt. v. 8.Mai 2024,Az.6U198/23).
So-called repeat filings, often intended to circumvent the obligation to put the trademark to genuine use and thus taking advantage of further grace periods for the refiled trademarks, might seem attractive in particular to reduce costs. However, they also involve the risk of finding bad faith at least under EU law. The concept of bad faith is not legally defined but is shaped by the respective case-law. In this respect, the “Monopoly” Judgment of the General Court sets forth relevant principles and provides important strategic guidelines. Furthermore, the recent decisions of the Cancellation Division of the EUIPO regarding the trademarks of the famous artist Banksy representing one of his best known artworks, the Flower Thrower, demonstrate the importance of having a sound strategy behind any trademark filing. In the following, we will have a closer look at these cases to illustrate the possible risks of repeat filings and to provide some advice on risk-minimizing trademark filing strategies.
The Federal Court of Justice (BGH) has ruled on a lawsuit over an advertisement from the German confectionery company Katjes. This involved competition law issues relating to the use of the climate neutrality statement of the production of Katje's products.