No 3 of our blog post series on the Digital Services Act: The DSA's liability regime (Chapter II)
With the third post of our blog series on the Digital Services Act (DSA) (see our previous posts on the designation process and obligations of very large online platforms (VLOP) and online search engines (VLOSE) and on the baseline obligations beyond these obligations) we want to take a closer look at the liability regime established in Chapter II of the DSA.
I. The liability regime under the DSA: What's new?
Chapter II of the DSA provides for a liability regime that establishes rules on the liability of providers of intermediary services for third party content disseminated online. Prior to the DSA, the liability of online service providers was regulated at EU level in Articles 12 to 15 of Directive 2000/31/EC (e-Commerce Directive). These rules were widely accepted in the digital sector and allowed many novel services to scale up across the internal market, such as online platforms, social networks or online search engines.
The DSA largely maintains the principles laid down in the e-Commerce Directive with only small clarifications to ensure a coherent application across all Member States:
As before, the DSA does not positively state when providers are liable for online content – which is left to specific national and EU regulations – but rather determines certain conditions under which providers of intermediary services are exempt from liability for illegal content (see below under 1). In addition, the DSA provides for detailed rules on notice-and-action mechanisms to be established by providers of hosting services which have to be read in conjunction with the liability exemptions (see below under 2). The principle known as the ‘good samaritan principle’ was already recognised under the e-Commerce Directive and is now codified in the DSA. Given that there is no general monitoring or active fact-finding obligation, it allows service providers to carry out voluntary investigations or take other measures aimed at detecting and removing or disabling illegal content without risking losing their liability privileges (see below under 3).
1) Liability exemptions
Like the e-Commerce Directive, the DSA determines exemptions from liability for illegal content disseminated online. A definition of ‘illegal content’ can be found in Article 2 lit. h) DSA and Recital 12, but essentially refers back to applicable laws: Accordingly, illegal content is all information which is unlawful from a Union law or national law perspective, including the sale of products or the provision of services. The information may either be illegal itself, such as hate speech or terrorist content, or may relate to activities that are illegal, such as the sharing of images depicting child abuse, or the non-authorized use of copyright protected material.
The new liability regime under the DSA maintains the differentiation between mere conduit, cashing and hosting services which are subject to different liability exemptions:
Article 4 DSA continues the previous liability privilege for providers of mere conduit services. Providers which do not:
- initiate the transmission;
- select the receiver of the transmission; or
- select and modify the information transmitted
remain free of any liability even if they are aware of illegal content or activities. An exception applies if the provider and a user deliberately collaborate to undertake illegal activities (Recital 20).
Similarly, the liability privilege for providers of caching services is retained in Article 5 DSA. Accordingly, providers shall not be liable for the automatic, intermediate and temporary storage of information on the condition that they:
- do not modify the information;
- comply with conditions on access to the information;
- comply with rules regarding the updating of the information;
- do not interfere with the lawful use of technology to obtain data on the use of the information; and
- act expeditiously to remove or to disable access to the information stored upon obtaining actual knowledge of the fact that the initial information has been removed or access to it has been restricted, or that a judicial or an administrative authority has ordered such removal or restriction.
According to the rules on the liability for host providers in Article 6 DSA, providers are only liable for illegal content stored on their servers if:
- they have actual knowledge of illegal activity or illegal content or are aware of facts or circumstances from which the illegal activity or illegal content is apparent; or
- they do not act expeditiously to remove or to disable access to the illegal content after obtaining such knowledge or awareness.
Interestingly, the DSA clarifies that general awareness of the fact that a service might also be used to store illegal content does not give rise to a provider’s knowledge. Also, merely indexing information, offering a search function or recommending information is not sufficient for the assumption that providers have ‘specific’ knowledge of illegal activities carried out on their platform or of illegal content stored on it. However, the DSA draws the line where the third party providing the content acts under the provider’s authority or control, as did the e-Commerce Directive before (Article 14(2)). In that case, the provider can no longer rely on the liability exemption.
For online marketplaces, i.e. online platforms that allow consumers to conclude distance contracts with traders, a special provision is now provided in Article 6(3) DSA: Providers may not benefit from the liability exemption stipulated in Article 6(1) DSA, if an item or information is presented in a way that would deceive a recipient about the originator of the information and creates the impression that the product or service is provided by the online marketplace itself or by someone acting under its control. Providers of online marketplaces need to design their online interface in a way that they still benefit from the liability exception.
2) Notice-and-action mechanism for host providers
The provisions on the liability regime for host providers have to be read in conjunction with the obligation of host providers to establish an easily accessible and user-friendly electronic notification mechanism via which recipients of a service can report allegedly illegal content (Articles 16, 17 DSA). This is a novelty, given that the e-Commerce Directive did not provide for a detailed procedure through which providers could be informed or become aware of unlawful content.
A report submitted via a reporting mechanism may give rise to the host service provider gaining actual knowledge or awareness of unlawful acts or content. In order to do so, reports have to be sufficiently precise and adequately substantiated, including, for example, information on the reasons for the alleged unlawfulness and a clear indication of the electronic location (e.g. URL) of the reported content.
The DSA indicates that a host provider may use automatic means to process and action such reports, whereas no detailed information is provided regarding the time within which service providers have to check the content of a notification and act upon it. In this regard, Recital 52 DSA simply states that providers of hosting services should act on notices in a 'timely manner' and should take into account the type of illegal content and the urgency of taking action. That means providers should act without delay when allegedly illegal content involving a threat to life or safety of persons is notified.
This is of particular interesting in the context of the online transmission of live events where urgent action of host providers after receiving a notice is essential in order to minimise the harm caused by unauthorised retransmission of live events. The Commission has recently addressed this issue in its Recommendation on combating online piracy of sports and other events (COM(2023) 2853 final). It suggests that, for example, providers of hosting services should engage with trusted flaggers and deploy technical solutions to facilitate the efficient processing of notices in order to ensure that notices are processed and decided upon during the live transmission of an event.
Once a sufficiently reasoned report is received and the hosting providers concludes that the reported content is illegal, it may impose restrictions on the content or the service as such. Restrictions may include reducing the visibility of content, for example removing or demoting, or suspending or terminating monetary payments, the provision of the service, or the user’s account itself. In doing so, providers must consider the fundamental rights of users, in particular their freedom of expression and information, and must provide a statement of reasons to any affected recipients of the service on the restriction imposed. Despite the lack of a clear statement in this regard, Article 17(1) DSA indicates that providers of hosting services may also take such actions, if the content is (only) incompatible with their terms and conditions.
3) No general obligation to monitor and the ‘good samaritan principle’
The core principle of service provider liability, formerly set out in Article 15 e-Commerce Directive, is now included in Article 8 DSA and Recital 30: There is no general obligation to monitor the information which providers of intermediary services transmit or store, nor are providers obliged to actively seek for indications of illegal activity or to take proactive measures in relation to illegal content.
In addition, Article 7 DSA codifies a principle that was commonly accepted but not laid down in the e-Commerce Directive: According to the so-called ‘good samaritan principle’, providers of intermediary services do not lose their liability privilege, if they carry out voluntary investigations at their own initiative or take other measures aimed at detecting, identifying and removing or disabling illegal content. The provision intends to resolve the dilemma that host providers, who did not monitor content, benefited from the liability privilege due to a lack of knowledge of the illegal content, while those who voluntarily monitored had to take action based on the knowledge obtained. With its codification the DSA aims at creating legal certainty and to encourage activities to detect, identify and act against illegal content.
II. Conclusion and key take-aways
The DSA retains the general liability regime established by the e-Commerce Directive but also introduces some innovations. For example, the DSA specifies the requirements for a notice to the provider and codifies the ‘good samaritan privilege’. In addition, providers of online marketplaces need to design their online interface in a way that they don’t create the impression that it’s their own content if they still want to benefit from the liability exception introduced in Article 6(3) DSA.
Other questions remain open, such as the relationship with other national and EU legal acts. While the DSA – due to its character as an EU regulation – generally takes precedence over conflicting national laws, it leaves other Union acts unaffected which regulate aspects of the provision of intermediary services in the internal market insofar as they pursue different objectives than the DSA or provide comprehensive and detailed provisions on issues covered under the DSA (Article 2(4) DSA and Recitals 10 and 11).
This raises many questions on the scope and distinction of EU legal acts, in particular with regard to acts which regulate providers of digital services with the aim of creating a save online environment, such as Regulation EU/2021/784 on addressing the dissemination of terrorist content online or Directive EU/2019/790 on copyright and related rights in the Digital Single Market (DSM Directive). In particular with regard to the latter, Article 2(4) lit. b) DSA and Recital 11 state that Union law provisions on copyright remain unaffected by the DSA. However, given that the DSA regulations on host provider liability are also relevant in the context of liability for copyright violations, it has to be assessed on a provision-by-provision basis, which of the two is applicable under which circumstances, and this can be tricky in practice.
Despite these open questions, the new liability regime established under the DSA means that the key principles on liability for illegal content online continue to apply for businesses that offer online services and create more legal certainty in the internal market as the DSA is now directly applicable in all Member States.