作者

Thanos Rammos, LL.M.

合伙人

柏林

Overview Digital Legislation EU

In-depth analysis

Download PDF

Digital Markets Act (DMA)

What it´s about

Regulation of digital markets and in particular very large online platforms.

Status

In effect since November 1, 2022. Will enter into force on Mai 2, 2023. Some provisions already apply.

Who is affected

In particular, operators of central platform services, which are to be classified as “gatekeepers”.

En Detail

The classification as a gatekeeper is mainly based on the platform’s impact on the internal market, its intermediary character between commercial users and end users, and the (foreseeable) solidity and permanence of the platform’s activity. To facilitate the classification of central platform operators as gatekeepers, the DMA provides thresholds which, if exceeded, have a presumptive effect. The DMA lists what exactly a central platform service is in its definitions. The classification as a gatekeeper entails (new) prohibitions and requirements for them. An overview can be found here. The EU Commission also has the power to specify further measures that the gatekeeper must implement to comply with its obligations if it deems the existing measures insufficient.

Interactions with other laws

General antitrust law remains applicable alongside the DMA. Consumers and entrepreneurs will be able to pursue violations of the DMA by way of collective action and under the UWG. The gatekeeper status is also referred to in other current (Commission) drafts, for example in the Data Act, which provides for (negative) exemptions for gatekeepers from some regulations. According to its explanatory memorandum, the draft builds on the existing P2B Regulation, is coherent with the DSA, and supplements existing EU competition regulations and data protection law.

Powers of the authorities

The Commission is responsible for the application of the DMA. Notwithstanding this, the member states may authorize their competition authorities to investigate and forward the results to the Commission. Violations of the DMA’s rules of conduct can result in fines of up to 10 %, and in the case of repeated violations, even 20 % of annual worldwide turnover. In the case of systematic violations, gatekeepers may even be banned from mergers for a limited period of time. In addition, the Commission can impose behavioral and structural remedies. An overview can be found here.

Digital Services Act (DSA)

What it´s about

Creating a safe digital space, free of illegal content and ensuring protection of users’ fundamental rights.

Status

In effect since November 16, 2022. Will enter into force on February 16, 2024. Some provisions apply earlier, such as from February 17, 2023 the duty to disclose he numbers of recipients of a online platform or a search engine. Some minor provisions will apply later.

Who is affected

All providers of intermediation services (intermediaries), including in particular providers of online platforms. Tiered regulation for intermediary services, host providers, online platforms, and very large online platforms. Also all providers of search engines and very large search engines.

En Detail

Comprehensive regulations, for example, concerning liability, the handling of illegal content, the provision of a notice-and-takedown procedure, and the regulation of (very large) online platforms. The liability rules in particular, however, do not really entail many innovations. The question of “whether” liability will continue to depend on the regulations of the member states. However, the DSA restricts some liability privileges. For example, a privilege for host providers does not apply if a consumer has the impression that the service offered originates from the host provider itself or that the host provider is responsible for it.

Interactions with other laws

In principle, liability privileges should continue to apply to intermediaries, as is currently the case in Germany, for example, under §§ 7 ff. TMG. Liability provisions for Internet Service Providers (ISPs) regarding illegal content remain; the liability provisions of the E-Commerce Directive are reproduced verbatim. Furthermore, no general obligation for ISPs to actively monitor transmitted or stored information.

Powers of the authorities

The member states appoint authorities, one of which acts as a “Digital Services Coordinator”. These have comprehensive rights of information, search, order and sanction. In the case of measures against very large online platforms, the Commission has a right of entry. Sanctions for infringements are possible in the amount of up to 6 % of annual revenues or annual turnover.

Directive on Copyright and related Rights in the Digital Single Market (DSM-RL)

What it´s about

Tightening of copyright law on the Internet. New regulation of copyright responsibility. Establishment of uniform exceptions for the use of content for the purposes of quotation, criticism, review, caricature, parody and pastiche.

Status

The directive was adopted in April 2019; the implementing act in Germany “Act on the Adaptation of Copyright Law to the Requirements of the Digital Single Market” came into force on June 7, 2021. The regulations on the copyright responsibility of upload platforms in the Copyright Service Providers Act (UrhDaG) followed on August 1, 2021. The status of implementation can be followed here.

Who is affected

In particular, online content sharing platforms (upload platforms).

En Detail

Among other things, the directive contains a performance protection right for publishers based in a member state with regard to the reproduction and provision for online use of their press products by providers of information society services. In addition, there are regulations on so-called online content sharing platforms, according to which these are themselves liable for content uploaded by users that infringes the copyright of third parties. Last but not least, the directive also contains a number of provisions for the protection of authors and artists, in particular to ensure appropriate remuneration.

Interactions with other laws

The directive brings together the eleven directives that together make up the EU copyright legislation. The directive was implemented in Germany with the “Act on the Adaptation of Copyright Law to the Requirements of the Digital Single Market”; the parliamentary process leading up to the final law can be accessed here.

Powers of the authorities

Enforcement is the responsibility of the national authorities. There have been no changes with regard to powers.

Data Act (DA)

What it´s about

Ensure equitable distribution of value created from IoT data among data economy stakeholders and promote data access and use.

Status

The draft was presented on February 23, 2022. The current state of consultation can be viewed here.

Who is affected

The manufacturers, owners, holders and users of IoT devices. In addition, third parties who want to use data from IoT devices.

En Detail

The DA regulates obligations of manufacturers and developers of products to facilitate the accessibility of data generated during the use of the products for the user (or a third party designated by the user). This is accompanied by certain transparency obligations. In addition, the DA contains general provisions for (fair and non-discriminatory) data provision obligations, specific controls on contractual clauses, and (compulsory) access by public bodies to data “held” by companies in exceptional cases. Finally, the DA also contains regulations on IT security requirements for providers of data processing services and on data interoperability requirements.

Interactions with other laws

At European level, the Data Act will be supplemented by sector-specific special regulations such as the European Health Data Space or the Mobility Data Space. The Data Governance Act, which facilitates the voluntary exchange of data, will also be supplemented. Further, the DSA, the DMA and the GDPR provide for access rights. In addition, the Data Act supplements a large number of other legal acts.

Powers of the authorities

The Commission is to lay the foundations for data exchange with the exchange fees and technical standards. The Data Act will be enforced by national authorities. Since the authorities concerned with data protection are to remain responsible in parallel, coordination issues are likely to arise. The member states must also determine the sanctions. Sanctions can amount to up to EUR 20 million or, in the case of a company, up to 4 % of its annual global sales in the previous fiscal year.

Data Governance Act (DGA)

What it´s about

Promoting the availability of data.

Status

Adopted on May 30, 2022. Effective as of September 24, 2023.

Who is affected

Specifically, public entities that “own” data, data brokering services, and organizations that seek to further certain public interest objectives using “data altruism.”

En Detail

The DGA relies on four pillars to promote data availability: The re-use of protected data “owned” by public sector bodies, data intermediation services, data altruism, the creation of a European Data Innovation Council. In particular, conditions are set for the re-use of certain data; a registration and supervision framework for data intermediaries is established and the possibility to obtain privileges as a “recognized data altruistic organization” is created.

Interactions with other laws

According to the explanatory memorandum, the DGA supplements the Open Data Directive. In addition, it is intended to leave competition law unaffected. Some friction could arise from the fact that, according to Art. 1(3), Union and Member State data protection provisions, in particular the GDPR, are to take precedence. The German Federation is currently preparing a federal law to execute the DGA on national level. Inter alia the law will designate the competent authorithies.

Powers of the authorities

The new law establishes the Data Innovation Council, an advisory body to provide expert input on the development of guidelines for European data rooms. Monitoring and registration of data intermediaries will be left to member state authorities. The powers of data protection authorities coexist. The Commission may also adopt model contractual clauses and adequacy decisions to facilitate data transfers to affected third countries. Member States determine the sanctions autonomously; no maximum limit is set by the EU.

Regulation on the European Health Data Space (EHDS)

What it´s about

The creation of a European Data Space in the health sector for efficient exchange and direct access to different health data in health care itself (primary use), as well as in health research and health policy (secondary use).

Status

The Commission presented its plan on May 3, 2022. The public consultation will last until July 20, 2022 and the status can be found here.

Who is affected

Basically, all patients, health care providers, researchers, manufacturers of health-related products, and others who have an interest in the use of health data.

En Detail

Provisions regarding common standards and procedures, infrastructures, a governance framework for primary and secondary use of electronic health data. The data space should be based on three pillars: Strong governance system and rules for data exchange, (ensuring) data quality and (ensuring) strong infrastructure and interoperability.

Interactions with other laws

The EHDS is based on legislation such as the General Data Protection Regulation, the Medical Devices Regulation, the In Vitro Diagnostics Regulation, the AI Act, the Data Governance Act, the proposed Data Act, the NIS Directive and its proposed successor NIS-2, and the Patient Rights Directive.

Powers of the authorities

Member States set the penalties and enforce them with their authorities. The Commission, however, is to create the framework for data exchange through delegated acts.

Artificial Intelligence Act (AI-Act)

What it´s about

Establish a single legal framework for regulating AI.

Status

Negotiations between the EU institutions (trilogue) are expected to start at the end of the year and be completed in early 2023 and be completed by 2024.

Who is affected

Providers and users of AI systems.

En Detail

There is agreement on risk-based regulation. AI systems whose use involves an unacceptable risk (manipulation, social scoring) will be banned altogether. High-risk AI systems will be heavily regulated. In particular, these must undergo a “conformity assessment” before being placed on the market, demonstrating that they meet the AI Act’s mandatory requirements for them. Limited-risk AI systems are subject only to transparency requirements, while low-risk AI systems remain unregulated.

Interactions with other laws

Promoting innovation in AI is closely linked to the Data Governance Act, the Data Act, the Open Data Directive, and other initiatives under the European Data Strategy. Data-driven AI models benefit from the (intended) greater sharing and public availability of data. Moreover, according to its explanatory memorandum, the AI Act complements the GDPR.

Powers of the authorities

The monitoring of AI applications is to be carried out by the competent national market surveillance authorities. They will also set the fines, the threshold values of which will be regulated in the regulation. The penalties can reach a maximum of EUR 30 million or 6 % of global annual turnover.

行业技术、媒体与通信 (TMC)

Hot Topics GDPR Online content safety

本系列内容

信息技术

Digital Services Act (DSA): What digital intermediaries need to know

2024年2月21日

作者作者

DSA National Implementation

2024年2月17日

作者作者

技术、媒体与通信 (TMC)

145 days DSA for VLOPs: The takeaways for smaller service providers

2024年1月17日

作者作者

信息技术

Update on reporting and transparency requirements under the DSA

2023年12月15日

作者 Nathalie Koch, LL.M. (UC Hastings)

数据和网络

Getting DSA-ready: 4 relevant steps in order to achieve compliance

2023年11月16日

作者 Dr. Gregor Schmid, LL.M. (Cambridge), Philipp Koehler

技术、媒体与通信 (TMC)

Requirements for online marketplaces under the EU Digital Services Act (DSA)

2023年9月15日

作者 Philipp Koehler

技术、媒体与通信 (TMC)

A snapshot of the DSA’s impact on media companies

Philipp Koehler and Thomas Walter look at the issues faced by many media companies when deciding whether or not they fall within scope of the EU’s Digital Services Act.

2023年6月12日

作者 Philipp Koehler, Thomas Walter

技术、媒体与通信 (TMC)