Home Knowledge In Conversation with the Regulators – Preparing for the EU Digital Services Package and the OSMR

In Conversation with the Regulators - Preparing for the EU Digital Services Package and the OSMR

William Fry hosted an event on 11 October 2023, on Ireland’s preparations for the incoming European Union (EU) Digital Services Package.

The focus was on the EU Digital Services Act (DSA) and the Online Safety and Media Regulation Act 2022 (OSMR). The Attorney General (AG), Rossa Fanning SC, delivered the keynote address on Ireland’s implementation of the EU Digital Services Package and the government’s work to combat harmful content online through the OSMR. The address was followed by a fireside chat moderated by Leo Moore, William Fry Partner, and Head of Technology, with Niamh Hodnett (Commissioner for Online Safety) and John Evans (Commissioner for Digital Services) (together, the Commissioners) of Coimisiún na Mean (An Coimisiún). The Commissioners discussed their regulatory approach to enforcing the DSA and OSMR, and the plan for regulating digital services and platforms.

Digital platforms are now regulated in the same way as traditional broadcasting platforms

The AG commenced the event by discussing the context of the Digital Services Package across the EU. He highlighted the importance of regulation in an environment where “people are spending increasing amounts of time online for work, retail, and leisure”. The AG stated that increased use of technology creates an array of risks “that do not arise with traditional broadcasting platforms, yet traditional broadcasting platforms are heavily regulated while digital platforms have been left largely self-regulated”. This sentiment was echoed by the Commissioners. The Digital Services Package aims to address this imbalance, ensuring accountability among online platforms for the risks their platforms present.

The DSA is a legislative priority for the government, with ambitions to have the transposing bill (Bill) “published before the Dáil goes into recess for Christmas on the 15 December 2023”.

An EU-Wide harmonised approach – with Ireland at the centre

The OSMR establishes a systemic regulatory framework for online safety by legislating for “harmful” content. The OSMR will allow the Irish state to regulate online media meaningfully and will give Ireland a central role in the single market through the establishment of An Coimisiún. An Coimisiún will have a pivotal role in enforcing the online content rules in Ireland, a role that was described by the AG as akin to that of the Data Protection Commission. The AG also highlighted that while the OSMR is an Irish law, it will introduce regulations that will affect large tech companies established in Ireland that operate across the EU. Accordingly, such rules may influence some operations in companies outside Ireland.

The AG also mentioned that nine out of the top ten US tech companies that operate across the EU are established in Ireland. Therefore, decisions of the Coimisiún, from a DSA perspective, will influence how the DSA is implemented by designated authorities in other Member States. The Commissioners added that a collaborative approach will be adopted when implementing the OSMR and DSA, which aligns with the EU Commission’s aim to ensure that online safety practices are “harmonised across the EU”.

The DSA seeks to create a uniform framework applicable to all digital service providers to prevent illegal content and disinformation and promote transparent advertising. The DSA will extend the investigation and enforcement powers of An Coimisiún to include offences and sanctions under the DSA. An Coimisiún will share enforcement powers with the EU Commission for Very Large Online Platforms (VLOPs) and Very Large Online Search Engines (VLOSEs) under the DSA. The DSA sets out criteria to identify VLOPs and VLOSEs, including a minimum threshold of 45 million active monthly users. The designated companies are perceived as potentially having greater impacts on society. As such, they will have certain obligations under the DSA including risk assessments, transparency requirements etc.

Niamh Hodnett acknowledged that

it will be a significant challenge across the EU to ensure that there is a consistent and harmonised approach to the EU-led DSA with domestic legislation.

How the DSA will interact with other EU regulations and directives, such as existing laws on online terrorist content, new laws on online political content, and child abuse, is still unfolding. This is an ongoing challenge An Coimisiún will face as they roll out their plans for the implementation of the OSMR and the DSA in Ireland.

Coimisiún na Mean – “A startup regulator”

An Coimisiún was established by the Minister for Tourism, Culture, Arts, Gaeltacht, Sports and Media, Catherine Martin.  It will have five Commissioners. The Commissioners will have responsibility for online content. An  Coimisiún plans to have a substantial team of 180 people, with hopes to hire for 160 roles by mid-2024. John Evans highlighted the importance of its responsibility for “addressing online harmful content” and “delivering value to the public”.

An Coimisiún must deliver public value through the implementation of control mechanisms allowing it to implement the OSMR and DSA and in turn reduce harmful online content. An Coimisiún wants to put the building blocks in place for online safety regulation, to ensure services are designated and that the online safety code is in place. Under the OSMR, An Coimisiún will set up a centre through which the public can report online content they perceive as harmful. It is intended that this will be available from next year. An Coimisiún will appoint nominated bodies to address complaints made through the centre.

An Coimisiún plans to engage with service providers after 17 February 2024. The Department of Enterprise, Trade and Employment is currently completing research that identifies Internet Service Providers and their presence in Ireland. An Coimisiún proposes using this research to identify service providers it needs to engage with under the DSA that have not been designated as VLOPs or VLOSEs.

Consultations with platforms – practical implementation

An Coimisiún launched a public consultation to inform the development of Ireland’s first binding online safety code. The online safety code will focus on video-sharing platform service providers to ensure they take measures to address online harms to users. An Coimisiún received over 50 responses from various entities with some interesting insights, in particular from NGOs.  Those insights included:

  • harm to and protection of minors;
  • cyberbullying;
  • promotion of suicide;
  • information on suicide and disordered eating;
  • intimate image sharing;
  • toxic beauty standards;
  • child abuse; and
  • harmful content under Article 21 of the EU Charter of Human Rights, including incitement to hatred on the grounds of sex orientation and gender, terrorism, and child sex abuse.

An Coimisiún will implement rules to enable companies to reduce harmful content online through:

  • complaints handling;
  • flagging harmful content;
  • age verification (not self-declaration by minors); and
  • parental controls, amongst other measures.

An Coimisiún also published a consultation on the draft levy model, which remains open. This will allow An Coimisiún to self-fund its online regulator mandate.

The collaborative approach to enforcement – “A College of Commissioners”

As the appointed regulator under the OSMR, An Coimisiún will be responsible for enforcing the online safety code, using sanctions and fines. Administrative fines of up to ten per cent of the turnover of the company or €20m, whichever is greater, may be imposed. An Coimisiún is also appointed to enforce the DSA in Ireland. It will enforce penalties applicable to infringements of the DSA for Intermediary Service Providers. The details of these penalties will be available when the Bill is published however, the DSA provides for a maximum fine of 6% of turnover. The Commissioners stated that it is likely that there will be “significant overlap” with the enforcement powers in the OSMR and DSA, and the sanctions and fines under each of them.

An Coimisiún is part of a digital regulatory group with the Data Protection Commission, the Competition and Consumer Protection Commission and the Gardaí. Niamh Hodnett and John Evans noted that the “enforcement measures would be a collaborative approach,” which has already been exhibited in dealings with online safety issues to date. The Commissioners intimated that a more formal arrangement may be established with the Gardaí.  An Coimisiún also collaborates with the European Regulators Group for Audiovisual Media and the Global Online Safety Regulators Network which covers UK and Australia.

Niamh Hodnett highlighted the importance of having a “College of Commissioners” and the necessity for the Commissioners to implement sound decision-making processes to support their objectives. Work has commenced through reaching out to designated VLOPs and VLOSEs that will be regulated under the DSA.  An Coimisiún will continue to send out information requests to companies that may have obligations under the DSA to determine the correct designation and consult with them on that basis.

Next Steps for Companies

John Evans advised that platforms and intermediary services should understand their obligations under the OSMR and DSA. They should start their compliance preparations by implementing safeguards to reduce the risk of harmful online content on their platforms. The scope of the legislation and other digital reforms coming down the line is broad, and there is a lot of uncertainty on potential obligations for companies operating in the digital domain.

To ensure companies are supported in this period of unprecedented regulatory change, William Fry has developed the Technology Regulation Playbook, which provides a high-level overview of the 16 new pieces of legislation resulting from the EU’s Digital Decade Policy program. The Technology Regulation Playbook can be downloaded by following this link.

William Fry has also developed “TechReg Connect”, an innovative solution that provides a first port of call for companies who need to identify and implement their obligations under the incoming legislation. In utilising technology, we are helping client preparations in a simple, innovative, and cost-effective way.

Our experienced technology team, who developed the innovative platform, will be at hand to provide further advice to companies and address any issues with implementation of their obligations. Having created the platform, which required detailed knowledge of each of the incoming acts the Technology lawyers at William Fry are well placed to provide nuanced advice to companies.

 

Contributed by Aoife Keenan