Like the eCommerce Directive, the incoming EU Digital Services Act (DSA) provides for liability exemptions for internet intermediaries. Intermediaries provide technical intermediation between third party information and end users. Their services must be classified as "mere conduit", "caching" or "hosting", which is assessed solely according to the technical function of a service. The following are explicitly mentioned as intermediaries in the recitals of the DSA:
In order to benefit from the liability exemptions, the intermediary must provide its service in a neutral manner and through the mere technical and automatic processing of the information provided by the user. Depending on whether its service is to be classified as "mere conduit", "caching" or "hosting", further requirements for exemption from liability must be met. For example, hosting providers must remove illegal content as soon as they become aware of it.
Although online platforms that allow consumers to conclude distance contracts with traders are hosting providers, these platforms do not benefit from the exemption from liability for hosting service providers, in so far as they present relevant information relating to a specific transaction in such a way that it leads consumers to believe that the information was provided by the platforms themselves or by traders acting under their authority or control, even if that may not be the case in reality.
If an intermediary takes an active role or colludes with a user, the liability exemption does not apply. The intermediary's own activities aimed at detecting and removing illegal information (e.g. filtering software, teams that sift through content) do not, however, negate the exemption. Even where the exemption does not apply, the intermediary will not necessarily be liable for illegal content as that will be decided under other relevant Member State or EU law.
It is interesting that the EU legislator has taken up a problem area that has hardly been taken into account in German case law, which in many cases could lead to a de facto exemption from liability of intermediaries. Recital 26 to the DSA states:
This could result in subordinate liability of the intermediary with respect to the person who provided the information. In this case the affected person must try to claim rights violations by that person. Only when this person is not tangible would an action against an intermediary be possible. If the focus of liability were to be directed more towards the person who created the illegal content, this would be welcome.
Intermediaries must also note that the exemption from liability under the DSA does not affect the use of administrative orders. These may be orders to remove illegal content or to require the intermediary to provide information on certain users. The DSA sets out minimum conditions that must be complied with by the authorities.
Irrespective of the question of liability for specific activities by intermediaries, the DSA sets out comprehensive obligations in Chapter III. These are intended to ensure a transparent and safe online environment. The duties include, for example:
Exceptions are made for small and micro enterprises. Additional obligations apply to "very large online platforms" and "very large online search engines".
The provider of a hosting service is exempt from liability for content it stores on behalf of a user, provided that it does not have actual knowledge of illegal activity or illegal content and, as regards claims for damages, is not aware of facts or circumstances from which the illegal activity or illegal content is apparent; or (b) upon obtaining such knowledge or awareness, acts expeditiously to remove or to disable access to the illegal content.
In a mirror image, Article 14 now obliges hosting providers to provide a reporting system that users can use to notify them of illegal activities or content. The system is intended to make it easier for users to make a sufficiently specific notice by prompting them to provide sufficient justification and the specific location of the information, for example by providing a URL. By giving a sufficiently specific notice, actual knowledge or awareness of the individual piece of information in question will then be assumed. Accordingly, the hosting provider would no longer be exempt from liability if it failed to act after receiving the notification. Instead, the hosting provider must review and act on each notice promptly, carefully, free from arbitrariness and objectively. This obligation is in turn accompanied by notification obligations against the notifier.
Service providers will be relieved that the central position of the eCommerce Directive – no general obligation to monitor content – is preserved. They will, however, have to get to grips with the new regime and understand which elements apply to them, especially those service providers which may not have come within the scope of the eCommerce Directive.