What to Expect from the Digital Services Act

The EU’s Ecommerce Directive (ECD) is two decades old this year, and it’s time for an overhaul. Officials are already working on it, and businesses should be ready for change.

The Directive removed barriers for cross-border online business by giving companies more legal certainty about operating rules. When it was created, the first dot com bubble was bursting and Napster was still a thing. A lot has changed.

The European Commission, which is the executive branch of the EU, realizes that it’s time for a review. Last year, its then-president-elect (now president) Ursula von der Leyen published its Political Guidelines for 2019-2024. One measure stood out: new legislation called the Digital Services Act. Details were scarce, but the document revealed it “will upgrade our liability and safety rules for digital platforms, services and products, and complete our Digital Single Market.”

leaked document offered more detail. The legislation would update the Ecommerce Directive, addressing several problems. It would look at how to remove illegal content (such as hate speech) on online services like social networks, and how to fill a legal vacuum in online advertising rules that make it easy to set up disinformation campaigns but difficult to track them. It would also look at imbalances in regulations between different countries that make it difficult for online businesses to scale. Different regional tax regulations might make it hard for an ecommerce provider offering tax-related services to expand into different countries, for example.

What might this mean for online service providers across Europe? One of the biggest changes will likely be an expansion of the ECD’s scope. There has been a grey area for services ranging from ISPs and cloud services through to content delivery networks, domain name services, social media services, and search engines, the leaked document said. It will clarify their status and also might define an entirely separate category of services based on “large or significant market statuS,” which seems to be a direct nod in the direction of big tech.

Expect uniform roles on the removal of illegal content, the document said. Legislators might also accommodate “harmful” content that is not necessarily illegal, reflecting sentiments found in the UK’s Online Harms White Paper. This suggestion has worried commentators like the Center for Data Innovation. It wants a clear definition of what’s illegal and what isn’t (something that the ECD didn’t provide), and has warned the EU against overreach by addressing content that is legitimate, even if it is distasteful.

Other measures could include a specific focus on the use of AI to curate content like newsfeeds.

The new legislation might also remove an ECD distinction between ‘passive’ services (notably online hosting) and ‘active’ online services (those companies that take a strong role in providing and curating content, like social media networks). The ECD held active services liable for illegal content, while effectively only protecting hosting companies with limited liability. Things have changed, and the distinction today is less clear. According to the EC, “more appropriate concepts reflecting the technical reality of today's services” are necessary, based on notions such as actual knowledge and how much control a provider has over data on its platform.

It’s still early days for this legislation, for which we can expect a public consultation this year. We may not see anything implemented in law until next year (and with COVID-19 taking up everyone’s time, who knows?) but businesses involved in any kind of online content hosting or moderation should definitely have this on their agendas and keep monitoring the situation.

What’s Hot on Infosecurity Magazine?