In this week’s edition of our ‘DSA decoded’ blog series, we look at the “safe harbour” provisions of the DSA dealing with liability of online services providers for content available via their services. We explain the concept of liability exemption, evolving from its initial implementation in the e-Commerce Directive, we highlight an important nuance applicable to online marketplaces, and discuss potential overlaps with other EU laws, making life more difficult for platforms in practice.
[You can find all episodes of our DSA decoded blog series here.]
Liability rules: from the e-Commerce Directive to the DSA
Prior to the DSA, the liability of online service providers was regulated in the EU by the e-Commerce Directive (200/31/EC) which exempted intermediaries from liability for content made available by third parties on their service. For hosting services, the condition for such exemption to be invoked was that the hosting service provider does not have any knowledge of the illegal content and removes such content expeditiously once knowledge of its prevalence is obtained. This is still true under the DSA.
A key principle underlying the liability exemption is that the intermediary should not be obliged to generally monitor or proactively moderate third-party content. The DSA clarifies this further by stating that general awareness of the fact that a service might be used to store illegal content does not give rise to knowledge of that fact and therefore potential liability. The DSA draws the line where the third party providing the content acts under the provider’s authority or control. In such a case, the provider is deemed to have sufficient knowledge and control over the content to be held liable. To encourage pre-emptive diligence by providers, the DSA introduces the so-called ‘good Samaritan clause’, which enables service providers to undertake voluntary investigations and implement other measures aimed at identifying and removing illegal content without risking losing their liability privilege.
In contrast to the e-Commerce Directive, the DSA establishes a specific set of rules for a ‘notice and takedown’ mechanism for users to report illegal content: Once the hosting service provider has received a notice, providing the exact electronic location of the content and sufficiently substantiated reasons for the illegality of the content, it will give rise to the hosting service provider gaining actual knowledge or awareness of the unlawful content flagged in the notice. In other words, the provider must effectively remove such content for the liability exemption to apply – but at the same time ensure that the rights of the user who uploaded or owns the content in question – including potentially affected fundamental rights and freedoms – are duly considered. This difficult assessment as to whether the content in question should, or should not, be considered illegal, ultimately lies with the provider.
Carve-out for online marketplaces
To address issues arising from online marketplaces under consumer protection law, the DSA includes a new carve out that limits the ability of online marketplaces to benefit from the liability exemption in certain circumstances. The carveout extends only to breaches of consumer law and is engaged where a marketplace holds itself out as the seller of goods or services. It is intended as a consumer protection measure, seemingly grounded in a concern that the line between a platform as an intermediary and traders can be blurred in the modern digital economy, making it difficult for consumers to identify their contractual counterpart.
The carve out is triggered where consumers are led to believe that ‘the information, or the product or service that is the object of the transaction, is provided either by the online platform itself or by a recipient of the service who is acting under its authority or control’ (Art. 6 (2) DSA). Based on their active role, providers usually wouldn’t be privileged in such circumstances under the previous rules already but the new carve out clarifies that it will suffice if an average consumer gets this impression. This may include circumstances where providers of online marketplaces fail to clearly display the identity of the third party trader, where an online platform withholds the identity or contact details of the trader until after the conclusion of the contract concluded between the trader and the consumer, or where an online platform markets the product or service in its own name rather than in the name of the trader who will supply that product or service.
Overlaps with other laws
The implementation of a liability exemption applicable to such a broad scope of digital services in a densely regulated space, inevitably results in considerable overlaps with other regulations. Especially the requirement for service providers to remove illegal content expeditiously once on notice of its existence, intersects with various provisions of other laws that contain liability mechanisms relating to such content. These include the Digital Single Markets Directive (DSM-Directive) (Directive (EU) 2019/790), the Terrorist Content Online Regulation (TCOR) (Regulation (EU) 2021/784), the General Product Safety Regulation (Regulation (EU) 2023/988) as well as the proposed Regulation to prevent and combat child sexual abuse (which can be accessed here). For companies in this space, it is important to be aware of these other existing and upcoming laws to include additional requirements on dealing with potentially illegal content effectively into their governance.
In practice, dealing with overlapping regulations often requires delving into the intricacies of the respective scope of the regulations. Let’s take copyrighted content for example: Here, the interplay of the DSA with the DSM-Directive illustrates the complexities in reconciling different EU laws which typically all aim for full harmonization within their respective scope:
- The DSM-Directive aims to introduce new regulations on copyright in a digitalized market and has introduced its own liability regime for online content in Art. 17, requiring so-called Online Content Sharing Service Providers (OCSSPs) to obtain authorization for user generated copyrighted content or prove that they made “best efforts” to obtain such authorization as well as having implemented sufficient notice and takedown/staydown systems.
- The overlap of this regime with DSA’s provisions on illegal content is meant to be addressed by the DSA’s application without prejudice to provisions of other Union law regulating other aspects of intermediary services or further specifying and supplementing the DSA.
- Applying these application principles renders the liability regime of Art. 17 DSM-Directive lex specialis since it specifically addresses liability of specific types of providers for specific types of content. As a result, intermediaries falling into the scope of Art. 17 DSM-Directive will not be able to rely on the liability exemption provided under the DSA, if they do not adhere to the (more specific) exemption requirements pursuant to Art. 17 DSM-Directive.
- However, the devil is in the details and this exercise becomes trickier when looking e.g., at the obligations to implement notice-and-takedown systems. The DSA requires such systems to not only enable users of the service, but also third parties not using the service, to report illegal content. It does not provide further specification on who is to be enabled to report which content. Regarding copyrighted content on Art. 17 in-scope platforms, , this gap is closed by the DSM-Directive, which foresees a removal obligation only where the rightsholder has reported copyright infringing content. In addition, Art. 17 DSM-Directive also mandates Member States to make sure copyrighted works covered by exceptions or limitations must not be taken down, and certain copyright exemptions such as for purposes of caricature, parody or pastiche can be relied upon by users.
- In other words, the more specific regime of the DSM-Directive is not automatically ‘stricter’ than the mechanism provided in the DSA but may also result in more ‘liberal’ rules regarding the availability of certain content. The interplay of both legal acts results in a situation in which intermediaries falling into the scope of Art. 17 DSM-Directive must implement notice-and-takedown systems according to the DSA but only remove copyright infringing content upon receipt of a notification by rightsholders, and duly considering applicable copyright exemptions.
On balance, the DSA is meant to present the baseline regulation for digital services offering a go-to set of rules applying in the digital space, including a clear-cut liability exemption for hosting service providers. However, the multitude of legal acts aiming to regulate specific liability aspects of digital services considerably complicates the issue of the Host-Provider-Liability, creating the need for a holistic moderation approach depending on the type of platform and content in question.
