We hosted an online discussion last week to share thoughts, ask questions and talk about the potential impact of the European Commission's upcoming Digital Services Act.
The discussion was the latest in our new series of RIPE NCC Open House online events, and it brought together 45 participants from the Internet community to talk about the implications of this wide-reaching legislative proposal, which the European Commission is expected to put forward by the end of 2020. You can watch the recording of the session or keep reading for a summary of some of the topics discussed.
The Digital Services Act is essentially an update to the E-Commerce Directive of 2000, which provides the legal framework regulating digital services in the EU and and sets out the liability regime for "information society service" providers, including Internet service providers, as well as those that act as "online intermediaries", such as hosting and cloud providers. (There's a good comprehensive background paper by the European Parliamentary Research Service that goes into depth about the current liability regime's aim and scope, as well as current implementation gaps that the new act should seek to address.)
Eva Jordan Vankova from the European Commission, Sebastian Schwemer from the University of Copenhagen and Athina Fragkouli from the RIPE NCC kicked off the discussion by providing some background, context, and lots of open questions about exactly how Internet service providers, DNS providers, content hosting providers and others are likely to be affected by the new legislation.
Eva Jordan Vankova (third from top) presented an overview of the European Commission's upcoming Digital Services Act
Of note was the fact that DNS providers don't readily fit into any of the three different categories of service providers that are not liable for transmitting, caching or hosting content provided by a third party (unless they are aware of the illegal content and do not act adequately to stop it). These include "mere conduit service providers", caching providers and hosting providers. On top of that, one of the main ambiguities in the current directive is the lack of a clear definition for what constitutes illegal content and what counts as "adequately" trying to stop it.
However, there are many other open questions about the new legislation's scope, implementation and enforcement, as well as its harmonisation across EU member states.
The RIPE NCC Open House discussion focused on several of these that are most pertinent to the RIPE community and RIPE NCC members. In addition to highlighting the need for more clarity about how DNS operators would fit into the new liability regime, participants also discussed how cross-border enforcement will work. The European Commission has put forward the idea of a European-wide regulatory authority to try to harmonise the act's implementation that could also be responsible for enforcement - but exactly how this would work, and whether a new body is needed in addition to existing agencies is far from settled.
Another topic that came up was how proactive providers will need to be in monitoring content, how much content filtering happens via algorithms and AI, and the burden this could place on smaller organisations - although the European Commission has signalled that, like the E-Commerce Directive, the Digital Services Act will not include general monitoring obligations. Corresponding US legislation includes a "Good Samaritan" clause, whereby a provider who acts in good faith to try to stop illegal or harmful content will not be held responsible for the consequences (for example, if it turns out the content was not in fact illegal), and it seems as though the new act may include a similar concept, raising questions about what the terms of such a clause might be.
There was also a general consensus that legislators tend to focus on the Internet's content when developing regulation, and many participants urged the European Commission not to interfere with the core infrastructure in its attempt to regulate the applications that run on top of that.
"Because politicians do not understand the technology, there is always a temptation to mess with the core, when they only have problems with what is happening ON the Internet."
Indeed, one of the recurring themes throughout the discussion was the need for the technical community to advise policymakers and actively contribute to the process. The European Commission is holding an open consultation on the Digital Services Act that runs until 8 September and we encourage anyone with an opinion on the topic to participate. There's a comprehensive questionnaire, but you can simply fill out the parts that are relevant to you. Learn more about the open consultation and how to get involved.
Another topic of interest to the participants was how to level the playing field so that smaller businesses can afford to keep up with regulation on par with larger (mostly American) companies that many have come to view as near monopolies. Others wondered about the Digital Services Act's impact on public interest services, and how it might distinguish between commercial service providers and not-for-profits, as the current directive covers services that are "normally provided for remuneration". We also discussed whether "paying" for a free service by supplying the provider with personal data would count as remuneration.
Participants also expressed concern over a reliance on automated content filtering, including both its lack of efficacy and the extra burden any such requirements would place on smaller organisations. The question of how filtering will play into the "no special obligation to monitor" concept - one of the cornerstones of the current directive, which the European Commission has signalled will be retained under the new legislation - is another that remains, for now, unanswered but which has the potential to have a major impact on hosting providers.
By the end of the discussion, it was clear that we needed more than one hour to tackle the wide range of topics covered by the Digital Services Act. But it was an excellent start to the conversation, which we hope will continue through various channels. Please feel free to leave your comments below, or join the discussion on the RIPE Cooperation Working Group mailing list, which is for all topics related to cooperation between public and private spheres in the Internet landscape. We also regularly publish updates on current EU regulatory developments, the latest of which you can find here.
The RIPE NCC plans to contribute to the European Commission's open consultation on the Digital Services Act to explain how the regulation could impact us in our own operations as a Regional Internet Registry and, again, we urge you to do the same. The technical community has a wealth of information and expertise to share with those setting the policies that will end up affecting us all - so let's take advantage of the opportunity to make our voices heard.