The European Parliament officially adopted, on July 5, the draft regulation on digital services known as Digital Services Act (DSA).
The text should be formally adopted by the Council in September, before being published in the Official Journal of the EU. It will be applicable in all member countries no later than January 1, 2024.
(UPDATE January 11, 2023: the text was adopted and published in the OJEU: REGULATION (EU) 2022/2065 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of October 19, 2022 on a single market for digital services and amending Directive 2000/31/EC (Digital Services Regulation)
(Updated February 17, 2022:
As part of the European digital agenda, entitled “Shaping Europe's digital future”, it has been announced that the European Commission will modernize the rules governing digital services in the EU. The European Commission has proposed two legislative initiatives: the Digital Services Regulation (DSA) and the Digital Markets Regulation (DMA).https://ec.europa.eu/digital-single-market/en/digital-services -act-package
The overall aim is to discipline GAFAM (Google, Amazon, Facebook, Apple, Microsoft) and other major internet players, to prevent abuse, and to ensure fair information and trade.
A major provision, quite recent in Union law: these regulations will apply to foreign companies operating in the Union, and the latter will have to designate a representative in the Union, able to submit the said company to administrative or judicial proceedings in the Member States, without the constraint of having to initiate proceedings outside the said States, or to be subject to rules other than those of Union law.
The DSA and the DMA pursue distinct objectives:
Its objective is to contribute to a safer digital space in which the fundamental rights of users of digital services are protected, beyond the "consumption" regulations of goods and services, to encompass aspects related to the dissemination of information or digital content in general.
This regulation will complement and amend the current directive (directive on electronic commerce 2000/31 https://eur-lex.europa.eu/legal-content/fr/ALL/?uri=celex:32000L0031) – this is to facilitate the removal of illegal content while preserving freedom of expression.
The host provider's limited liability regime continues, however much more involvement and transparency is expected from it in the process of removing or putting content back online (articles 14 and 15 in particular).
(UPDATE 11 January 2023) the text was adopted and published in the OJEU: REGULATION (EU) 2022/2065 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 19 October 2022 on a single market for digital services and amending Directive 2000/31/EC (Digital Services Regulation):
The text distinguishes, among "hosts", online platforms and very large online platforms, but also search engines and very large search engines, with a broader responsibility when the platform puts itself forward (article 6 paragraph 3):
3. Paragraph 1 shall not apply with regard to liability under consumer protection law applicable to online platforms enabling consumers to conclude distance contracts with traders, where such a platform online presents the specific information or otherwise enables the specific transaction in question in such a way that an average consumer may be led to believe that the information, product or service that is the subject of the transaction is being provided either directly by the online platform, or by a recipient of the service acting under its authority or control.
On judicial and administrative injunctions, it is worth noting Articles 9 to 14 whose valuable provisions govern the processing by the platforms, with the obligation for the platforms to designate an electronic contact point (for the authorities and for the recipients of the services ), a representative in the State concerned, and in Articles 16 and following, increased obligations of responsiveness of the major platforms in terms of reporting content and transparency.
On the project to transpose the “online hate” component in France, see the update of the article:
Update Feb. 1, 2023:
The DSA entered into force on November 16, 2022; but many obligations will only be applicable on February 17, 2023.
Are you concerned?
This text concerns all Internet players (with derogations for very small ones).
What are your obligations?
Your responsibility is engaged as soon as your role goes beyond a simple role of technical intermediary, and the conditions of your neutrality are not met.
You have the obligation to
– designate a point of contact and a legal representative in France;
– update your terms and conditions; describe content moderation procedures;
– set up a system for reporting illegal content;
– obligation to report threats to the life and safety of persons to the authorities;
– set up an internal appeal system against the hosting provider's decisions;
– set up a system for correcting the abuse of denunciation of illegal content;
– transparency report, in particular on the number of disputes handled out of court;
– increased information for the Internet user before making a decision;
– transparency as to the existence and origin of the advertising presented;
– reinforced protection of minors; prohibition of profiling of minors;
– traceability and evaluation of information provided by professionals;
Platform providers presenting a contracting process between the professional and the consumer:
– put in place the means enabling professionals to fulfill their pre-contractual information obligations;
– obligation to report an illegal product or service;
– carry out an impact analysis of the risks involved;
– provide a crisis response mechanism;
– offer at least one recommendation option that does not reproach profiling;
Very large platforms and engines:
– keep a register of advertisements with increased information;
– appoint a compliance officer to liaise with the authorities;
– transparency: on moderation, the number of users;
– obligation of independent audit;
– payment of a monitoring fee;
Analyzes and processes must therefore be put in place; the Firm supports you on these subjects.
Its objective is to establish a level playing field to promote innovation, growth and competitiveness, both in the single European market and in the world. This regulation will complement the platform to business regulation 2019/1150 (https://eur-lex.europa.eu/legal-content/FR/TXT/?uri=CELEX%3A32019R1150). Il s’agit de limiter l’effet anti-concurrentiel des gatekeepers.
Uncertainty about the MAD: it is applicable without prejudice to the application of existing European and national rules, and thus risks being reduced to a trickle.
Entry into force of the Digital Markets Act (DMA)
of 14 September 2022 on contestable and fair markets in the digital sector and amending Directives (EU) 2019/1937 and (EU) 2020/1828 (regulation on digital markets), after a few final modifications since the first proposal.
- the quantitative thresholds bringing a company into the scope of the DMA have been set at:
- 7.5 billion euros in annual turnover in the European Union
- 75 billion euros at market capitalization level
- the maximum fine of 20% of worldwide turnover that may be imposed by the European Commission in the event of non-compliance with the rules by an access controller, will only apply in the event of a repeat offence.
- a maximum fine of 10% of worldwide turnover will apply in the event of a first offence.
The DMA will be applied from May 2, 2023.
On this date, access controllers will have two months to notify their essential platform services to the European Commission. The latter will decide within 45 working days on the qualification or not of these actors as access controllers. The new obligations for gatekeepers so appointed will start to apply from March 2024.
The Class Actions Directive (DIRECTIVE (EU) 2020/1828 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 25 November 2020 on representative actions aimed at protecting the collective interests of consumers and
repealing Directive 2009/22/EC)– which Member States must transpose by the end of 2022, will apply in the event of breaches of DMA rules by access controllers, allowing consumer associations to take legal action against access controllers.
Reform of consumer law:
Changes to guidelines:
See as well :
See: decree 2022-32 of January 14, 2022 (obligations of platforms against hateful content)
D. No. 2022-32, Jan. 14, 2022 taken for the application of Article 42 of Law No. 2021-1109 of August 24, 2021 confirming compliance with the principles of the Republic and relating to the setting of a threshold of connections from which online platform operators contribute to the fight against the public dissemination of illegal content
Digital Law 2023
In short :
France has presented a bill aimed at securing and regulating the digital space by bringing French legislation into line with the European regulations DMA, DSA and DGA, while strengthening the regulation of players.
The text designates ARCOM as “Coordinator of digital services” and gives it significant powers of investigation, injunction and sanction. The DGCCRF will be responsible for controlling the providers of online marketplaces, in accordance with the DSA. The CNIL will have the means to enforce the rules of the DSA on the platforms, in particular the limitations of the profiling of advertisements, as well as a control on "data-altruism". The text also concerns the protection of minors and the regulation of pornographic sites, for which ARCOM will have the power to sanction sites that do not set up age verification mechanisms, as well as access providers and search engines that do not block or delist them.
How to regulate the digital space?
The bill includes a title VIII which aims to implement the European DMA, DSA and DGA regulations in France. Article 18 designates ARCOM as “Digital Services Coordinator”, a body imposed by the DSA. The CNIL and the DGCCRF will also be involved in the implementation of the DSA. ARCOM will have significant powers of investigation, injunction and sanction. The DGCCRF will be responsible for monitoring providers of online marketplaces in accordance with the DSA.
The text also provides for measures to protect minors, in particular by regulating pornographic sites. Pornographic sites will have to implement age verification mechanisms, and ARCOM will be responsible for sanctioning sites that do not implement them, as well as access providers and search engines that do not block them. or do not dereference them.
– DMA: Digital Markets Act, a European regulation aimed at regulating large digital platforms.
– DSA: Digital Services Act, a European regulation aimed at regulating digital services.
– DGA: Data Governance Act, a European regulation aimed at regulating the use of data.
– ARCOM: Audiovisual and Digital Communication Regulatory Authority, a French authority responsible for regulating audiovisual and digital media.
– CNIL: Commission Nationale de l'Informatique et des Libertés, a French authority responsible for protecting personal data.
– DGCCRF: Directorate General for Competition, Consumer Affairs and Fraud Prevention, a French authority responsible for protecting consumers and combating unfair competition.
A text that goes beyond the DSA and the DMA:
Presented to the Council of Ministers, this bill aims to adapt French legislation to the DMA, DSA and DGA regulations of the European Union. But it also contains additional provisions that go beyond these regulations.
The implementation of European regulations is the main objective of this new law. The obligations provided for by the DMA, DSA and DGA are already contained in the European regulations, but it is necessary to adapt French law to implement some of the new rules and designate the various supervisory authorities. ARCOM is designated as “Digital Services Coordinator” by the DSA. The CNIL and the DGCCRF will be the other competent authorities to implement the DSA. ARCOM will have significant powers of investigation, injunction and sanction.
The DGCCRF will be responsible for controlling the providers of online marketplaces, in accordance with the DSA. Any sanctions pronounced against the platforms will be pronounced by the criminal judge. To adapt the commercial code to the DMA, the Competition Authority and the DGCCRF will be able to open investigations into “access controllers”, these platforms which are an access point for companies to reach their customers.
The text will give the CNIL the means to enforce the rules of the DSA on the platforms, in particular the limitations on the profiling of advertisements, as well as control over “data-altruism”. In particular, the authority will maintain a public register of data altruistic organists, who share data that they consider useful for the general interest.
The first title concerns the protection of minors and in particular the regulation of pornographic sites. Pornographic sites are forced to implement age verification mechanisms. If these verification mechanisms are not technically successful, the text diverts the sanction procedure which will henceforth be entirely in the hands of ARCOM. It will be able to penalize the sites which do not set up these mechanisms, but also the access providers which do not block them and the search engines which do not dereference them.
The national cybersecurity filter is a measure put forward by the government. Cyber-malicious sites (scams, fishing) will be listed and navigation software such as access providers and domain name resolution systems will then have to filter them and warn consumers. This administrative action will be carried out under the supervision of a qualified person designated by ARCEP.
The text also regulates cloud activities, in order to facilitate competition: the data transfer fees charged by certain cloud providers will be prohibited. Similarly, the free credits used by certain service providers will be regulated. The government wants to ensure interoperability between different cloud solutions and the portability of digital assets. Everything will be done under the control of the Regulatory Authority for Electronic Communications, Posts and Press Distribution (ARCEP), which will adopt harmonized standards.
The draft also provides for the creation of control authorities within the Council of State and the Court of Cassation and the Court of Auditors to monitor the processing operations carried out by the administrative, judicial and financial courts.
Finally, the Digital Regulation Expertise Center (PEReN) will be able to access the data more easily, to strengthen its expertise. These data will feed into ARCOM's work.
This new digital law goes beyond European regulations to strengthen the regulation of players in the digital space. It aims to protect minors, fight against cybercrime and facilitate competition in the field of the cloud. Competent authorities now have significant powers of investigation, injunction and sanction to enforce these new rules.