On 7 June 2022, the Regulation on preventing the dissemination of terrorist content online ("Terrorist Content Regulation") has entered in force. With this Terrorist Content Regulation, the EU legislator is pursuing the goal of curbing the spread of terrorist content and thus strengthening public security in the European Union. The Terrorist Content Regulation is directly applicable in all EU member states and contains far-reaching obligations for host providers both inside and outside the European Union.
The Terrorist Content Regulation has an extremely broad scope of application. It applies to all hosting service providers, i.e. all providers of information society services consisting of the storage of information provided by and at the request of a content provider. Therefore, providers of social media services, sharing services, and certain cloud services are covered. The place of establishment is irrelevant as long as services are provided to users in the EU – thus, also non-EU providers are covered. However, some regulations apply only to providers who are "exposed to terrorist content". This status is determined by the competent authority and requires a decision on the basis of objective factors and a notification of the authority to the provider.
Hosting service providers are faced with a wide range of obligations:
The most important obligation of hosting providers in this respect is the duty to remove terrorist content as soon as possible, but in any case, within one hour after having received a removal order by the competent authority (of each Member State). However, if the provider concerned has never received such an order before, an official notice about the applicable procedures and deadlines will be issued at least 12 hours before the order is issued, except in cases of special urgency. The providers have to establish a contact point for removal orders to be received electronically and processed without delay. The information about this contact point shall also be made publicly available.
In addition, hosting service providers are subject to a whole range of notification obligations.
The hosting service providers exposed to terrorist content must also take certain "specific measures". The provider itself may decide on the measures to be taken, but the regulation states that they may include:
However, two things still need to be noted: First, the obligation to take specific action does not go hand in hand with an obligation to use an automated process. Secondly, it is not accompanied by a general obligation to monitor the information stored or transmitted by the provider or to actively search for facts or circumstances indicating illegal activities.
In addition, hosting service providers must establish an effective and accessible mechanism that allows content providers whose content has been blocked or removed to appeal the removal or blocking and request the restoration or unblocking of the content.
Lastly, hosting service providers that are not established in the European Union but offering their services to the EU must appoint a legal representative the European Union. This representative is designated to receive, comply with and enforce removal orders and decisions of the competent authority. The legal representative may potentially be held liable for violations of the Terrorist Content Regulation by the hosting service provider, which is a novelty. Not appointing an EU representative shall trigger the sanctioning regime of the Terrorist Content Regulation.
Specific sanctions may vary from EU member state to member state However, the sanctions must be effective, proportionate and dissuasive. In the event of a systematic or persistent breach of the obligation to remove terrorist content as quickly as possible, financial penalties of up to 4% of the provider's annual global revenue generated in the previous financial year shall be imposed.
Co-Autor: Hannes Bastians