The Digital Services Act (“DSA”) has been published introducing relevant change in the liability regime for ISPs.
The long-awaited Digital Services Act, the European Regulation on a single market for digital services and amending the eCommerce Directive 2000/31/EC, introducing novelties regarding the liability of Internet Service Providers (“ISPs”) has been finally published.
Compared to the eCommerce Directive 2000/31/EC, which by its very nature established the objectives that Member States had to achieve, leaving it up to individual countries to decide on how to implement it-the DSA, being a “Regulation,” has the great advantage of providing harmonized rules that are directly applicable in all EU Member States, leaving no room for the discretion of individual states.
Among the most interesting innovations, in addition to introducing new rules to govern the liability of ISPs, the DSA also addresses the issue of jurisdiction over foreign companies not based in EU territory. Indeed, as expressly stated in Recital 7 of the Regulation, to ensure the effectiveness of the rules and a level playing field in the EU internal market, these rules will apply to all ISPs, regardless of their place of establishment or location, to the extent that they provide services within the European territory.
The DSA applies to a wide range of ISPs that are classified according to (i) the type of information society service provided and according to (ii) their respective sector and/or size.
With respect to the first classification, ISPs of mere conduit, so-called mere conduit, temporary storage, so-called caching, and storage of information provided by the recipient at the recipient’s request, so-called hosting, are identified. Under the second criterion, on the other hand, intermediary service platforms are divided into four categories: 1) intermediary services that offer network infrastructures, such as Internet access providers or domain name registrars; 2) hosting services, such as cloud and web hosting services; 3) online platforms understood as online marketplaces, app stores, collaborative economy platforms, and social media platforms; and finally, 4) large-scale online platforms.
Regarding the liability regime of ISPs, the DSA incorporates in Chapter II the provisions on the exemption from liability of intermediary service providers, referred to as safe harbor, in the same terms in which they were already provided in the eCommerce Directive 2000/31/EC in Articles 12-15.
In Chapter III of the DSA, on the other hand, the ISPs’ duty of care obligations are specified with a progressive integration of detailed rules aimed at the various subcategories of providers. Specifically:
- Section I includes general rules applicable to all ISPs;
- Section II establishes additional obligations applicable to hosting providers that include a “notice and take-down” mechanism to ensure the removal of illegal online content, products, and services and the subsequent obligation, should such providers decide to remove or disable specific information provided by users, to give the recipient a sufficiently adequate justification;
- Section III establishes specific rules applicable to all online platforms, which are in addition to anything already provided in Sections I and II; and
- Section IV sets out enhanced systemic risk management requirements for very large online platforms, in addition to the provisions in Sections I, II, and III.
The final version of the DSA was signed by the President of the European Parliament and the President of the Council on October 4, 2022. The final text will be published in the Official Journal of the EU and will enter into force twenty days after that publication.
The Digital Services Act will be directly applicable throughout the EU fifteen months after its entry into force or as of January 1, 2024, whichever is later. Whereas, with regard to the obligations of large online platforms and search engines, the law will apply earlier, between the spring and summer of 2023.
With this new package of rules, the European Union wanted to update and supplement the former rules protecting the digital environment. The obligations under the Digital Services Act will apply to all digital services that connect consumers to goods, services, or content, implementing new procedures for faster removal of illegal content while ensuring the protection of users’ fundamental rights.
On a similar topic, the article “What is the liability deriving from the blockchain? And how to handle it?” may be of interest.