The proposed Digital Services Act (DSA) and the Digital Markets Act (DMA) form part of the EU’s Digital Single Market Strategy and are expected to enter into force in 2022. The European Commission’s stated aims of these initiatives are:
- “to create a safer digital space in which the fundamental rights of all users of digital services are protected; and
- to establish a level playing field to foster innovation, growth, and competitiveness, both in the European Single Market and globally.”
Following the UK’s exit from the EU, this article explores whether UK digital service providers may be left behind by the EU’s Digital Single Market Strategy or whether they may benefit from decreased regulation.
The Digital Services Act (DSA)
The DSA will apply to intermediary services which includes online platforms, social media services, messaging services, marketplaces and ISPs. It will clarify the obligations and liability of intermediary services providers in respect of third party or user generated content hosted on their platform which infringes/contravenes the law of the EU or the member state where the intermediary service is based.
Under the DSA, all intermediary service providers will be required to introduce/implement on-platform notification and response functionality that allows service users to flag illegal content. These will need to be supported by adequate internal procedures for handling such complaints made and resolving any resultant disputes with service users. Reactive measures will not be enough however; providers will be required to take proactive measures to identify and remove illegal content including introducing a “trusted flagger” priority reporting mechanism for entities who have demonstrated expertise in identifying illegal content. Additionally, all intermediary service providers will be required to publish an annual report on their content moderation activities.
For larger intermediary services (those with more than 45 million monthly users) more onerous compliance obligations apply, including appointment of a compliance officer and a requirement to conduct annual risk assessments.
The consequences of non-compliance can be significant, with the European Commission able to impose fines of up to 6% of the annual income or turnover of the intermediary service provider.
The Digital Markets Act (DMA)
The DMA will apply primarily to gatekeeper platforms, determined by reference to narrow but complex qualifying criteria including their economic position, geographical coverage, user base and market share. In practical terms, this is designed to capture such as tech-giants like Amazon, Google, Facebook and Apple, with the aim of promoting fair conditions for businesses using their platforms and appropriate choice for consumers.
The main provisions of the Digital Markets Act include:
- allowing third parties to inter-operate with the gatekeeper’s own services in certain situations. The European Commission’s long standing concern is that a lack of interoperability between rival companies allows them to monopolise certain markets; if the devices from different companies don't work together, then consumers may be ‘locked in’ to just one provider;
- allowing business users of gatekeeper platforms to access the data that they generate while using the gatekeeper platform;
- allowing business users of gatekeeper platforms to offer and conclude contracts with their customers acquired via the gatekeeper’s platform outside of that platform. This may particularly affect business models such as Apple’s “App Store” which currently charges a 30% commission on all subscriptions made through its platform.
Again, the new legislation is not without ‘teeth’. Non-compliance may result in fines of up to 10% of the platform operator’s worldwide annual turnover and ongoing penalty payments for non-compliance of up to 5% of the platform operator’s worldwide annual turnover.
What does this mean for UK businesses and consumers?
Since the UK is no longer a member of the EU, neither the DSA nor the DMA will be automatically/required to be transposed into UK law. Instead, the UK government has committed to introducing a new Online Safety Bill which will be overseen and enforced by OFCOM. The Online Safety Bill will introduce a new “duty of care” on digital service providers to ensure they have policies and procedures in place to keep their users safe from illegal and harmful content. Full details of the Online Safety Bill have yet to be published, however it’s understood that the proposed regime will empower OFCOM to impose fines of up to £18 million or 10% of global turnover. Brexit does not mean that UK tech businesses are “off the hook”.
In addition, UK businesses operating or supplying digital services to consumers based in the EU will need to understand the implications of the EU legislative regime. The DSA, in particular, will apply to intermediary services which are not established in the EU if those services have a “substantial connection” to any member state of the EU. This will include UK-based intermediary service providers who, for the purposes of the DSA, have a significant proportion of EU users or otherwise target their activities towards consumers based in the EU. Those providers who do not have an establishment in the EU will also be required to designate a legal representative in the EU who will be responsible for liaising with the relevant local supervisory authority.
While the UK regime is developing it seems UK tech businesses with an international outlook may therefore have more, rather than less, regulatory requirements to comply with, under both the UK and EU’s regulatory regimes.