(2) Member States are increasingly introducing or considering introducing national legislation on the matters covered by this Regulation, in particular creating due diligence obligations for providers of intermediary services with regard to how they should address illegal content, online disinformation or other societal risks. Taking into account the inherently cross-border nature of the internet, which is generally used for the provision of those services, those different national laws affect the internal market, which, in accordance with Article 26 of the Treaty on the Functioning of the European Union (TFEU), is an area without internal frontiers in which the free movement of goods and services and the freedom of establishment are ensured. The conditions for the provision of intermediary services across the internal market should be harmonized in order to provide businesses with access to new markets and opportunities to take advantage of the internal market, while offering consumers and other users greater choice. For the purposes of this Regulation, business users, consumers and other users are considered to be ‘users’.
(3) For the online environment to be safe, predictable and trustworthy, and for citizens of the Union and others to be able to exercise the fundamental rights guaranteed to them by the Charter of Fundamental Rights of the European Union (‘the Charter’), in particular the right to freedom of expression and information, the freedom to conduct a business, the right to non-discrimination and the achievement of a high level of consumer protection, it is essential that providers of intermediary services behave responsibly and diligently.
(4) In order to ensure and improve the functioning of the internal market, binding, targeted, uniform, effective and proportionate rules should therefore be laid down at Union level. This Regulation creates the conditions for innovative digital services to emerge and expand in the internal market. Aligning national regulatory measures on requirements for providers of intermediary services at Union level is necessary to prevent and end fragmentation of the internal market, to provide legal certainty and thus reduce uncertainty for developers and to promote interoperability. By making the requirements technology-neutral, innovation should be encouraged rather than hindered.
(5) This Regulation should apply to providers of certain information society services within the meaning of Directive (EU) 2015/1535 of the European Parliament and of the Council (5), namely any service normally provided for remuneration, at a distance, by electronic means and at the individual request of a user. More specifically, this Regulation should apply to providers of intermediary services, in particular providers of ‘mere conduit’, ‘caching’ and ‘hosting’ services, as the use of those services has increased exponentially, mainly for a variety of legitimate and socially beneficial purposes, and as a result they also play an increasingly important role in the intermediation and dissemination of illegal or otherwise harmful information and activities.
(6) In practice, certain providers of intermediary services mediate services that can be provided by electronic or non-electronic means, such as remote IT services or transportation, accommodation or delivery services. This Regulation should apply only to intermediary services and should be without prejudice to the requirements laid down in Union or national law for products or services mediated through intermediary services, including where the intermediary service is an integral part of another service which is not an intermediary service as recognized in the case-law of the Court of Justice of the European Union.
(7) In order to ensure the effectiveness of the rules laid down in this Regulation and a level playing field in the internal market, those rules should apply to providers of intermediary services irrespective of their place of establishment or registered office, provided that they offer services in the Union, as evidenced by a substantial connection with the Union.
(8) Such a substantial connection to the Union should be deemed to exist where the service provider has an establishment in the Union or, in the absence of such an establishment, where the number of users in one or more Member States is significant in relation to the population of that or those Member States, or on the basis of the targeting of activities to one or more Member States. The targeting of activities to one or more Member States can be determined on the basis of all relevant circumstances, including factors such as the use of a language or currency commonly used in the Member State concerned or the ability to order products or services or the use of a relevant top level domain. Furthermore, the targeting of activities to a Member State could also be inferred from the availability of an application in the relevant national app store, the display of local advertising or advertising in a language used in the Member State concerned or the management of customer relations, for example by providing customer service in a language used in the Member State concerned. The existence of a substantial connection should also be presumed where a service provider directs its activities to one or more Member States within the meaning of Article 17(1)(c) of Regulation (EU) No 1215/2012 of the European Parliament and of the Council (6). However, the mere technical accessibility of a website in the Union is not sufficient for a substantial connection to be assumed for that reason alone.
(9) This Regulation fully harmonizes the rules applicable to intermediary services in the internal market in order to ensure a safe, predictable and trustworthy online environment that counteracts the dissemination of illegal content online and the societal risks that the dissemination of disinformation or other content may entail, and in which the fundamental rights enshrined in the Charter are effectively protected and innovation is encouraged. Therefore, Member States should not adopt or maintain additional national requirements in relation to the areas falling within the scope of this Regulation, except where expressly provided for in this Regulation, as this would undermine the direct and uniform application of the fully harmonized rules applicable to providers of intermediary services in line with the objectives of this Regulation. This should be without prejudice to the possibility of applying other national legislation applicable to providers of intermediary services in accordance with Union law, including Directive 2000/31/EC, in particular Article 3 thereof, to the extent that national legislation serves a legitimate public interest other than this Regulation.
(10) This Regulation should be without prejudice to other Union acts regulating the provision of information society services in general, regulating other aspects of the provision of intermediary services in the internal market or setting out and complementing the harmonized rules laid down in this Regulation, such as Directive 2010/13/EU of the European Parliament and of the Council (7), including its provisions relating to video-sharing platforms, Regulations (EU) 2019/1148, (8), (EU) 2019/1150 (9), (EU) 2021/784 (10) and (EU) 2021/1232 (11) of the European Parliament and of the Council and Directive 2002/58/EC of the European Parliament and of the Council (12) and provisions of Union law laid down in a Regulation of the European Parliament and of the Council on European Production and Preservation Orders for electronic evidence in criminal matters and a Directive of the European Parliament and of the Council establishing common rules for the appointment of legal representatives for the purpose of gathering evidence in criminal proceedings.
Similarly, for the sake of clarity, this Regulation should apply Union law on consumer protection, in particular Regulations (EU) 2017/2394 (13) and (EU) 2019/1020 (14) of the European Parliament and of the Council, Directives 2001/95/EC (15), 2005/29/EC (16), 2011/83/EU (17) and 2013/11/EU (18) of the European Parliament and of the Council and Council Directive 93/13/EEC (19) – and Union law on the protection of personal data, in particular Regulation (EU) 2016/679 of the European Parliament and of the Council (20).
Therefore, this Regulation should also be without prejudice to Union rules in the area of private international law, in particular rules on jurisdiction and the recognition and enforcement of judgments in civil and commercial matters, such as Regulation (EU) No 1215/2012, and rules on the law applicable to contractual and non-contractual obligations. The protection of individuals with regard to the processing of personal data is governed solely by the rules of Union law in this area, in particular Regulation (EU) 2016/679 and Directive 2002/58/EC. This Regulation should also be without prejudice to Union law on working conditions and Union law on judicial cooperation in civil and criminal matters. However, to the extent that those Union acts pursue the same objectives as this Regulation, the rules of this Regulation should apply to issues that are not or not fully addressed by those other acts and to issues where those other acts leave Member States the possibility to take certain measures at national level.
(11) It should be clarified that this Regulation is without prejudice to Union law on copyright and related rights, in particular Directives 2001/29/EC (21), 2004/48/EC (22) and (EU) 2019/790 (23) of the European Parliament and of the Council, which lay down certain rules and procedures that should remain unaffected.
(12) In order to achieve the objective of ensuring a safe, predictable and trustworthy online environment, the definition of ‘illegal content’ for the purposes of this Regulation should be broadly in line with the existing rules in the offline environment. In particular, the term ‘illegal content’ should be interpreted broadly enough to include information related to illegal content, products, services or activities. In particular, the term should be interpreted to refer to information, regardless of its form, that is either unlawful in itself under applicable law, such as unlawful hate speech, terrorist content or unlawful discriminatory content, or is unlawful under applicable law because it is related to unlawful activity. Examples include the sharing of depictions of child sexual abuse, the unlawful sharing of private images without consent, cyber-stalking, the sale of non-compliant or counterfeit products, the sale of products or provision of services in breach of consumer protection law, the unauthorized use of copyrighted material, the unlawful offering of accommodation services or the unlawful sale of live animals. In contrast, an eyewitness video of a potential crime should not be considered as unlawful content merely because it shows an unlawful act, if the recording or public dissemination of such a video is not unlawful under national or Union law. In this respect, it is irrelevant whether the unlawfulness of the information or act derives from Union law or from national law that is consistent with Union law, what type of legislation is at issue and what it is concerned with.
(13) Due to the specific characteristics of the services concerned and the consequent need to impose certain specific obligations on their providers, the sub-category of online platforms should be delimited within the broader category of hosting service providers as defined in this Regulation. Online platforms such as social networks or online platforms that enable consumers to conclude distance contracts with traders should be defined as hosting service providers that not only store information provided by users on their behalf, but also publicly disseminate that information on behalf of users. However, in order to avoid overly broad obligations, hosting service providers should not be considered as online platforms provided that the activity is only an insignificant and purely ancillary function inseparably linked to another service, or an insignificant function of the main service, where the ancillary function or function cannot be used without that other main service for objective and technical reasons, and provided that the integration of the ancillary function or function into the other service does not serve to circumvent the applicability of the rules of this Regulation to online platforms. For example, a comments section of an online newspaper could constitute such a function, which is clearly ancillary to the main service, namely the publication of news under the editorial responsibility of the publisher. In contrast, the storage of comments on a social network should be considered as an online platform service if it is clear that it is a non-negligible feature of the service offered, even if it is ancillary to the publication of users’ contributions. For the purposes of this Regulation, cloud computing or web hosting services should not be considered to be an online platform where the public dissemination of certain information is an insignificant ancillary feature or a minor function of those services.
In addition, cloud computing and web hosting services, when serving as infrastructure – such as the underlying infrastructural storage and computing service of an internet-based application, website or online platform – should not in themselves be considered as a means of publicly disseminating information stored or processed on behalf of a user of an application, website or online platform they operate.
(14) The term ‘public dissemination’, as used in this Regulation, should cover the making available of information to a potentially unlimited number of persons, i.e. the provision of easy access to users in general, without requiring any further action by the user providing the information, irrespective of whether those persons actually access the information in question. Accordingly, in cases where registration or inclusion in a user group is required to gain access to information, the information should only be considered to be publicly disseminated if the users who wish to access the information are automatically registered or included, without any human decision or choice as to who is granted access. Interpersonal communications services within the meaning of Directive (EU) 2018/1972 of the European Parliament and of the Council (24), such as email or instant messaging services, do not fall within the scope of the definition of online platforms, as they are used for interpersonal communications between a finite number of persons determined by the sender of the communication. However, the obligations for online platform providers set out in this Regulation may also apply to services that enable the provision of information to a potentially unlimited number of users not determined by the sender of the communication, for example through public groups or open channels. Information should only be considered to be publicly disseminated for the purposes of this Regulation if that dissemination is made directly on behalf of the user who provided the information.
(15) Where some services provided by a provider fall within the scope of this Regulation and others do not, or where the services provided by a provider fall under different sections of this Regulation, the relevant provisions of this Regulation should apply only to those services that fall within its scope.
(16) The legal certainty created by the horizontal framework for conditional exclusions of liability for providers of intermediary services under Directive 2000/31/EC has allowed many new types of services to emerge and expand throughout the internal market. That framework should therefore remain in place. However, in view of the divergences in the transposition and application of the relevant rules at national level and for reasons of clarity and consistency, that framework should be included in this Regulation. It is also necessary to clarify certain elements of that framework, taking into account the case-law of the Court of Justice of the European Union.
(17) The rules on the liability of providers of intermediary services laid down in this Regulation should only determine when the provider of intermediary services concerned cannot be held liable in relation to illegal content provided by users. The rules should not be interpreted as providing a positive basis for determining when a provider can be held liable, which should be determined in accordance with the applicable rules of Union or national law. In addition, the exclusions of liability laid down in this Regulation should apply to any type of liability in relation to any type of illegal content, regardless of the precise subject matter or nature of such legislation.
(18) The exclusions of liability laid down in this Regulation should not apply where the provider does not limit itself to providing the services in a neutral manner and through the mere technical and automatic processing of the information provided by the user, but takes an active role in obtaining knowledge or control over that information. Accordingly, these exclusions should not apply to liability in relation to information that is not provided by the user but by the provider of the intermediary service itself, even if this information has been developed under the editorial responsibility of that provider.
(19) In view of the different characteristics of the activities of ‘mere conduit’, ‘caching’ and ‘hosting’ and the different position and capabilities of the providers of the services concerned, it is necessary to distinguish the rules applicable to those activities in so far as they are subject to different requirements and conditions under this Regulation and their scope varies according to the interpretation of the Court of Justice of the European Union.
(20) Where a provider of intermediary services knowingly cooperates with a user to engage in unlawful activities, the services should not be considered to have been provided in a neutral manner and the provider should accordingly not benefit from the exemptions from liability provided for in this Regulation. This should be the case, for example, where the provider offers its service primarily for the purpose of facilitating unlawful activities, for example by clearly stating its purpose – facilitating unlawful activities – and its services are suitable for that purpose. The mere fact that a service offers encrypted transmissions or another system that makes it impossible to identify the user should not in itself be considered as facilitating unlawful activities.
(21) A provider should be able to make use of the exclusions of liability for “mere transmission” and “caching” services if it is in no way connected to the transmitted or retrieved information. One of the prerequisites for this is that he does not change the information he transmits or makes available. However, this requirement should not apply to technical interventions in the course of transmission or provision as long as they do not alter the integrity of the information transmitted or provided.
(22) In order to benefit from the exclusion of liability for hosting services, the provider should act expeditiously and remove or block access to unlawful activities or content as soon as it obtains actual knowledge or awareness thereof. The removal or blocking of access should take place in compliance with the fundamental rights of users, including the right to freedom of expression and the right to information. The provider may obtain such actual knowledge or awareness of the illegal nature of content, inter alia, through investigations on its own initiative or through notifications received by it from persons or entities in accordance with this Regulation, provided that such notifications are sufficiently precise and duly substantiated to enable a diligent economic operator to properly identify and assess the allegedly illegal content and, where appropriate, to take action against it. However, such actual knowledge or awareness cannot be deemed to have been obtained merely because the provider is generally aware of the fact that its service is also used to store illegal content. Furthermore, the fact that the provider automatically indexes the information uploaded to its service, that it has a search function or recommends information based on users’ profiles or preferences is not sufficient to conclude that this provider has “specific” knowledge of illegal activities on this platform or of illegal content stored on this platform.
(23) The exclusion of liability should not apply where the user is under the supervision or control of the provider of a hosting service. For example, if the provider of an online platform that allows consumers to conclude distance contracts with traders sets the price of the goods or services that the trader offers, the trader could be considered to be acting under the supervision or control of that online platform.
(24) In order to ensure the effective protection of consumers in online transactions through intermediary services, certain hosting service providers, namely online platforms that enable consumers to conclude distance contracts with traders, should not be able to benefit from the exclusion of liability for hosting service providers under this Regulation, provided that those online platforms present the relevant information concerning the transactions in question in a way that leads consumers to believe that such information is provided either by the online platform itself or by a trader under its supervision or control and that the online platforms must therefore have knowledge of or control over the information, even if this is not in fact the case. Examples of such conduct could be that an online platform does not clearly display the identity of the trader as required by this Regulation, that an online platform withholds the identity or contact details of the trader until after the conclusion of the contract between the trader and the consumer, or that an online platform markets the good or service in its own name rather than in the name of the trader who will provide that good or service. In this respect, it should be determined objectively and on the basis of all relevant circumstances whether the presentation could give an average consumer the impression that the information in question was provided by the online platform itself or by a trader under its supervision or control.
(25) The exemptions from liability laid down in this Regulation should be without prejudice to the possibility of injunctions of various kinds against providers of intermediary services, even if they comply with the conditions laid down in those exemptions. Such injunctions could consist, in particular, of judicial or administrative orders issued in accordance with Union law requiring the cessation or prevention of an infringement, including the removal of or disabling of access to illegal content specified in such orders.
(26) In order to provide legal certainty and avoid deterrence of activities that providers of all categories of intermediary services may carry out on a voluntary basis to detect, identify and address illegal content, it should be specified that the mere fact that providers carry out such activities does not prevent them from benefiting from the exemptions from liability under this Regulation, provided that those activities are carried out in good faith and diligently. The condition of acting in good faith and diligently should include an objective, non-discriminatory and proportionate approach, taking due account of the rights and legitimate interests of all parties involved, and necessary safeguards against the unjustified removal of lawful content, in line with the objective and requirements of this Regulation. To this end, the providers concerned should, for example, take appropriate measures to ensure that, when using automated tools to carry out such measures, the technology concerned is sufficiently reliable to limit the error rate as much as possible. It should also be clarified that the mere taking of measures by providers in good faith to comply with the requirements of Union law, including those under this Regulation with regard to the implementation of their general terms and conditions, should not result in the exclusions set out in this Regulation not being applicable. Any such activities and measures that a provider may have undertaken should therefore not be taken into account for the purpose of determining whether the provider can benefit from an exclusion of liability, in particular in relation to whether the provider provides the service in a neutral manner and can therefore be covered by the relevant provision, without this necessarily meaning that the provider can rely on it. Voluntary measures should not be used to circumvent the obligations of providers of intermediary services under this Regulation.
(27) While the rules on the liability of providers of intermediary services laid down in this Regulation are primarily concerned with the exclusion of liability for providers of intermediary services, it is important to note that, despite the important role played by such providers in general, the problem of illegal content and activities on the internet should not be tackled by focusing solely on their liability and responsibility. Where possible, third parties affected by illegal content transmitted or stored on the internet should try to resolve conflicts related to such content without involving the intermediary service providers concerned. Users should be liable for the illegal content that they provide and that may be publicly disseminated through intermediary services, where the applicable rules of Union and national law establishing such liability so provide. Where appropriate, other actors, such as group moderators in the non-public online environment, in particular in large groups, should also help to prevent the dissemination of illegal content online in accordance with applicable law. Moreover, where it is necessary to involve information society service providers, including providers of intermediary services, any request or order for such involvement should in principle be addressed to the specific service provider that has the technical and operational capacity to act against specific illegal content in order to avoid and minimize any negative impact on the availability and accessibility of non-illegal information.
(28) Since 2000, new technologies have been developed to improve the availability, efficiency, speed, reliability, capacity and security of systems for the transmission, ‘discoverability’ and storage of data on the internet, resulting in an increasingly complex online ecosystem. In this respect, it should be recalled that providers of services for the provision and facilitation of the underlying logical architecture and smooth functioning of the internet, including technical support functions, may also benefit from the exemptions from liability set out in this Regulation, provided that their services are classified as ‘mere conduit’, ‘caching’ or ‘hosting’ services. Such services include, inter alia, wireless local area networks (WLAN), DNS services, the services of top-level domain name registries, registries and certification authorities issuing digital certificates, virtual private networks, online search engines, cloud infrastructure services or content delivery networks that enable, localize or enhance the functions of other providers of intermediary services. Services for communication purposes and the technical means for their provision have also evolved significantly, leading to the emergence of online services such as voice over internet protocol (VoIP), messaging services and web-based email services that enable communication via an internet access service. It is also possible to make use of the liability exclusions for these services if they are classified as “pure transmission”, “caching” or “hosting” services.
(29) Intermediary services encompass a wide range of economic activities that take place online and are continuously evolving to enable the fast, safe and secure transmission of information and provide convenient solutions to all stakeholders in the online ecosystem. For example, “pure conduit” intermediary services include general categories of services such as Internet exchanges, wireless access points, virtual private networks, DNS services and DNS resolvers, top-level domain name registry services, registries, certification authorities that issue digital certificates, voice over IP (VoIP) and other interpersonal communications services; while general examples of intermediary caching services include the sole operation of content delivery networks, reverse proxies or content adaptation proxies. Such services are crucial for ensuring the smooth and efficient transmission of information provided over the Internet. Examples of “hosting services” include cloud computing services, web hosting services, paid referencing services or services that enable the online exchange of information and content, including the storage and exchange of files. Intermediary services may be provided in isolation, as part of another type of intermediary service or simultaneously with other intermediary services. Whether a particular service is a “mere conduit”, a “caching” service or a “hosting” service depends entirely on its technical features, which may change over time, and should be assessed on a case-by-case basis.
(30) Providers of intermediary services should not be subject to a general monitoring obligation, either de jure or de facto. This is without prejudice to monitoring obligations in a specific case and, in particular, without prejudice to orders issued by national authorities in accordance with national law, in accordance with Union law, as interpreted by the Court of Justice of the European Union and in accordance with the conditions laid down in this Regulation. This Regulation should in no case be interpreted as imposing a general obligation to monitor, a general obligation to actively investigate or a general obligation for providers to take proactive measures in relation to illegal content.
(31) Depending on the legal system of the Member States and the area of law concerned, national judicial or administrative authorities, including law enforcement authorities, may order providers of intermediary services to take action against one or more specific items of illegal content or to provide specific information. The national laws under which such orders are issued vary considerably and the orders are increasingly issued in a cross-border context. In order to ensure that such orders can be complied with effectively and efficiently, in particular in a cross-border context, so that the authorities concerned can carry out their tasks and providers are not subject to disproportionate burdens, while avoiding any impact on the rights and legitimate interests of third parties, it is necessary to lay down certain conditions that those orders should meet and some additional requirements in relation to the processing of those orders. Therefore, this Regulation should only harmonize certain specific minimum conditions that such orders should fulfil in order to oblige providers of intermediary services to inform the relevant authorities about the execution of those orders. Therefore, this Regulation does not provide the legal basis for the adoption of such orders, nor does it regulate their territorial scope or cross-border enforcement.
(32) The applicable Union or national law on the basis of which those orders are issued may include additional conditions and should also form the basis for the enforcement of the respective orders. In the event of non-compliance with such orders, the Member State issuing the order should be able to enforce it in accordance with its national law. The applicable national legislation should comply with Union law, including the Charter and the provisions of the TFEU on the freedom of establishment and the freedom to provide services in the Union, in particular in relation to online gambling and online betting. Similarly, the application of such national legislation for the enforcement of the respective orders is without prejudice to applicable Union acts or international agreements concluded by the Union or the Member States concerning the cross-border recognition, execution and enforcement of those orders, in particular in civil and criminal matters. On the other hand, the enforcement of the obligation to inform the relevant authorities of the execution of the orders, as opposed to the enforcement of the orders themselves, should be subject to the rules laid down in this Regulation.
(33) The provider of intermediary services should inform the authority that issued the orders without undue delay of any follow-up to such orders within the time limits laid down in the relevant Union or national law.
(34) Competent national authorities should be able to issue such orders against content deemed to be unlawful or information orders on the basis of Union law or national law in accordance with Union law, in particular the Charter, and address them to providers of intermediary services, including intermediary services established in another Member State. However, this Regulation shall be without prejudice to Union law in the area of judicial cooperation in civil or criminal matters, including Regulation (EU) No 1215/2012 and a Regulation on European Production and Preservation Orders for electronic evidence in criminal matters, as well as national criminal or civil procedural law. Where, in the context of criminal or civil proceedings, such legislation lays down conditions which are additional to or incompatible with the conditions laid down in this Regulation for orders to act against illegal content or information orders, the conditions laid down in this Regulation might not apply or might be adapted. In particular, the obligation of the Digital Services Coordinator from the Member State of the authority that issued the order to transmit a copy of the order to all other Digital Services Coordinators could not apply or be adapted in the context of criminal proceedings if the applicable national criminal procedural law so provides.
In addition, the obligation for the order to contain a statement of reasons as to why the information constitutes illegal content should be adapted, where necessary, in accordance with applicable national criminal procedural law for the prevention, investigation, detection or prosecution of criminal offenses. Finally, the obligation of the provider of intermediary services to inform the user may be delayed in accordance with applicable Union or national law, in particular in the context of criminal, civil or administrative proceedings. Moreover, the orders should be issued in accordance with Regulation (EU) 2016/679 and the prohibition of general obligations to monitor information or actively investigate facts or circumstances indicating unlawful activities laid down in this Regulation. The conditions and requirements laid down in this Regulation that apply to orders to address illegal content are without prejudice to other Union legal acts that provide for similar mechanisms to address certain types of illegal content, such as Regulation (EU) 2021/784, Regulation (EU) 2019/1020 or Regulation (EU) 2017/2394, which confer specific powers to order the provision of information on Member States’ consumer protection authorities, while the conditions and requirements applicable to orders to provide information are without prejudice to other Union acts providing for similar relevant rules for specific sectors. Those conditions and requirements should be without prejudice to the provisions of applicable national law on storage and retention in accordance with Union law and requests from law enforcement authorities for confidential treatment in relation to non-disclosure of information. Those conditions and requirements should be without prejudice to the possibility for Member States to require a provider of intermediary services to prevent an infringement in accordance with Union law, including this Regulation, and in particular with the prohibition of general surveillance obligations.
(35) The conditions and requirements laid down in this Regulation should be fulfilled at the latest when the order is transmitted to the provider concerned. The order may therefore be issued in one of the official languages of the authority of the Member State concerned issuing the order. Where that language is different from the language indicated by the provider of intermediary services or from any other official language of the Member States agreed between the authority issuing the order and the provider of intermediary services, the transmission of the order should be accompanied by at least a translation of the information set out in this Regulation. Where a provider of intermediary services has agreed with the authorities of a Member State to use a specific language, it should be encouraged to accept orders issued by authorities in other Member States in the same language. The orders should contain information enabling the addressee to identify the authority issuing the order, including, where appropriate, the contact details of a contact point within that authority, and to verify the authenticity of the order.
(36) The territorial scope of such injunctions to address illegal content should be clearly defined on the basis of the applicable Union or national law enabling the issuance of the injunction and should not go beyond what is strictly necessary to achieve its objectives. In this regard, the national judicial or administrative authority, which may be a law enforcement authority issuing the order, should balance the objectives of the order, in accordance with its legal basis, against the rights and legitimate interests of any third parties that may be affected by the order, in particular their fundamental rights under the Charter. In particular in a cross-border context, the effects of the order should in principle be limited to the territory of the Member State where the order is issued, unless the unlawfulness of the content derives directly from Union law or the issuing authority considers that the rights concerned require a wider territorial scope in accordance with Union and international law, taking into account the interests of diplomatic practices.
(37) The information injunctions provided for in this Regulation concern the submission of specific information on individual users of the intermediary services concerned identified in those injunctions in order to determine whether the users comply with the applicable Union or national law. Such orders should request information to enable the identification of the users of the service concerned. Therefore, requests for information on a group of users that are not specified, including requests for the provision of aggregated information necessary for statistical purposes or evidence-based policy making, are not covered by the requirements of this Regulation on the provision of information.
(38) Orders to act against illegal content and to provide information are subject to the rules safeguarding the jurisdiction of the Member State in which the provider is established and to the rules establishing possible exceptions to that jurisdiction in certain cases in accordance with Article 3 of Directive 2000/31/EC, provided that the conditions of that Article are met. Since the orders in question relate to specific illegal content or specific information, orders addressed to providers of intermediary services established in another Member State do not, in principle, restrict the freedom of those providers to provide their services across borders. The provisions of Article 3 of Directive 2000/31/EC, including those on the need to justify measures derogating from the jurisdiction of the Member State where the provider is established for certain well-defined reasons and on the notification of such measures, therefore do not apply to these orders.
(39) Requirements for the provision of information on redress mechanisms available to the provider of intermediary services and the user who provided the content include the obligation to provide information on administrative appeal procedures and redress mechanisms, including appeals against orders issued by judicial authorities. In addition, Digital Services Coordinators could develop national tools and guidance on complaint and redress mechanisms applicable in their respective territories in order to facilitate access to such mechanisms for users of the service. In the application of this Regulation, Member States should also respect the fundamental right to an effective remedy and to a fair trial as provided for in Article 47 of the Charter. This Regulation should therefore not prevent the relevant national judicial or administrative authorities from ordering the restoration of content, on the basis of applicable Union or national law, where that content was in compliance with the terms and conditions of the provider of intermediary services but was wrongly deemed unlawful and removed by that provider.
(40) In order to achieve the objectives of this Regulation, and in particular to improve the functioning of the internal market and to ensure a safe and transparent online environment, it is necessary to lay down clear, effective, predictable and balanced harmonized due diligence obligations for providers of intermediary services. Those obligations should, in particular, aim to ensure the achievement of various policy objectives such as the safety and trust of users, including consumers, underage users and users who are particularly vulnerable to hate speech, sexual harassment or other discriminatory acts, to protect the relevant fundamental rights enshrined in the Charter, to ensure the meaningful accountability of providers and to empower users and other interested parties, while facilitating the necessary oversight by competent authorities.
(41) In this respect, it is important to adapt the due diligence obligations to the nature, scale and type of the intermediary services concerned. This Regulation therefore lays down basic obligations applicable to all providers of intermediary services, as well as additional obligations for providers of hosting services and, more specifically, for providers of online platforms and of very large online platforms and very large online search engines. Where providers of intermediary services fall into several different categories due to the nature of their services and their size, they should comply with all corresponding obligations under this Regulation in relation to those services. Those harmonized due diligence obligations, which should be proportionate and non-arbitrary, are necessary to address public policy concerns such as safeguarding the legitimate interests of users, combating unlawful practices and protecting fundamental rights enshrined in the Charter. Due diligence obligations are independent of the issue of liability of providers of intermediary services, which is why they are also assessed separately.
(42) In order to ensure smooth and effective two-way communication, including, where appropriate, acknowledgement of receipt of such communications, in relation to the matters covered by this Regulation, providers of intermediary services should be required to designate a central electronic contact point and to publish and update relevant information on that contact point, including the languages to be used for such communication. The electronic contact point may also be used by trusted whistleblowers and traders who have a specific relationship with the provider of intermediary services. Unlike the legal representative, the electronic contact point should serve operational purposes and not necessarily require a physical location. Providers of intermediary services may designate the same single point of contact for the requirements of this Regulation as well as for the purposes of other Union acts. When specifying the languages to be used for communication, providers of intermediary services should ensure that the languages chosen do not in themselves constitute a barrier to communication. Where necessary, providers of intermediary services and Member State authorities should have the possibility to reach a separate agreement on the language to be used for communication or to seek alternative means to overcome the language barrier, including the use of all available technical means or internal and external human resources.
(43) Providers of intermediary services should also be required to designate a single point of contact for users that enables fast, direct and effective communication, in particular through easily accessible means such as telephone numbers, email addresses, electronic contact forms, chatbots or instant messaging. It should be explicitly stated when a user communicates with chatbots. Providers of intermediary services should allow users to choose means of direct and efficient communication that do not rely exclusively on automated tools. Providers of intermediary services should make every reasonable effort to ensure that sufficient human and financial resources are available to ensure that such communication is carried out quickly and efficiently.
(44) Providers of intermediary services established in a third country offering services in the Union should designate a duly authorized legal representative in the Union and provide information on their legal representative to the relevant authorities and make it publicly available. In addition, in order to comply with this obligation, such providers of intermediary services should ensure that the designated legal representative has the necessary powers and resources to cooperate with the relevant authorities. This could be the case, for example, where a provider of intermediary services designates a subsidiary of the same group of the provider or its parent undertaking if that subsidiary or parent undertaking is established in the Union. However, this might not be the case where, for example, the legal representative is subject to reorganization proceedings, bankruptcy, personal insolvency or corporate insolvency. This obligation should enable the effective supervision and, where necessary, enforcement of this Regulation in respect of those providers. It should be possible for a legal representative to be appointed by more than one provider of intermediary services in accordance with national law. The legal representatives should also be able to act as contact points, provided that the relevant requirements of this Regulation are complied with.
(45) While the freedom of contract of providers of intermediary services should in principle be respected, it is appropriate to lay down certain rules on the content, application and enforcement of the general terms and conditions of those providers in order to ensure transparency, the protection of users and the avoidance of unfair or arbitrary results. Providers of intermediary services should clearly specify and keep up to date in their general terms and conditions the grounds on which they may restrict the provision of their services. In particular, they should include details of any policies, procedures, measures and tools used to moderate content, including algorithmic decision making and human review, as well as the rules of procedure for their internal complaints management system. They should also provide information on the right to terminate the use of the service. Providers of intermediary services may use graphic elements such as icons or images in their terms of use to illustrate the main elements of the information requirements under this Regulation. Providers should inform users of their service in an appropriate manner of significant changes to the terms and conditions, for example if they change the rules on the information allowed in their services, or of other such changes that could have a direct impact on users’ ability to use the service.
(46) Providers of intermediary services which are primarily aimed at minors, e.g. due to the design or marketing of the service, or which are predominantly used by minors, should make special efforts to make the explanation of their general terms and conditions easily understandable for minors.
(47) When designing, applying and enforcing those restrictions, providers of intermediary services should act in a non-arbitrary and non-discriminatory manner and take into account the rights and legitimate interests of users, including the fundamental rights enshrined in the Charter. For example, providers of very large online platforms should, in particular, have due regard to freedom of expression and information, including freedom and pluralism of the media. All providers of intermediary services should also take due account of relevant international standards for the protection of human rights, such as the United Nations Guiding Principles on Business and Human Rights.
(48) In view of their specific role and reach, it is appropriate to impose additional requirements on very large online platforms and very large online search engines in terms of information and transparency of their terms and conditions. Consequently, providers of very large online platforms and very large online search engines should make their terms and conditions available in the official languages of all Member States in which they offer their services and should also provide users with a concise and easily readable summary of the main points of the terms and conditions. Such summaries should identify the main elements of the information requirements, including the possibility to easily opt out of optional clauses.
(49) In order to ensure an appropriate level of transparency and accountability, providers of intermediary services should make publicly available in machine-readable format an annual report on their content moderation activities, including the measures they take to apply and enforce their general terms and conditions, in accordance with the harmonized requirements of this Regulation. In order to avoid disproportionate burdens, those transparency reporting obligations should not apply to providers that are microenterprises or small enterprises within the meaning of Commission Recommendation 2003/361/EC (25) and that are not very large online platforms within the meaning of this Regulation.
(50) Hosting service providers play a particularly important role in dealing with illegal content online, as they store information submitted by users on their behalf and usually allow other users to access this information, sometimes on a large scale. It is important that all hosting service providers, regardless of their size, establish easily accessible and user-friendly notice and takedown procedures that make it easy to notify the hosting service provider of certain information that the notifying party considers to be illegal content (hereinafter ’notice’), whereupon the provider can decide whether to agree with the assessment and remove or disable access to that content (hereinafter ‘takedown’). Such procedures should be clearly identifiable, located close to the information in question and at least as easy to find and use as the procedures for reporting content that violates the hosting service provider’s terms and conditions. Provided that the requirements for notifications are met, it should be possible for individuals or entities to report several specific pieces of allegedly infringing content at once in order to ensure the effective functioning of the notification and takedown procedures. As part of the reporting procedure, it should be possible, but not mandatory, to identify the reporting person or entity. For some types of reported information, the identity of the reporting person or entity may be necessary to determine whether the information in question is, as alleged, illegal content. The obligation to establish a notice and action procedure should apply, for example, to data storage and sharing services, web hosting services, advertising servers and Pastebin services, to the extent that they qualify as hosting service providers covered by this Regulation.
(51) Considering that the fundamental rights guaranteed by the Charter must be duly respected for all data subjects, any action taken by a hosting service provider upon receipt of a notice should be strictly targeted, i.e. it should be aimed at removing or disabling access to the specific information considered to be illegal content, without unduly interfering with the freedom of expression and information of users. Notifications should therefore in principle be addressed to hosting service providers that can be considered to have the technical and operational capacity to act against this specific information. Hosting service providers that receive a notification where they are unable to delete the specific information for technical or operational reasons should inform the person or entity that sent the notification.
(52) The rules on such notification and redress procedures should be harmonized at Union level in order to ensure the swift, diligent and non-arbitrary handling of notifications on the basis of uniform, transparent and clear rules that establish robust mechanisms to protect the rights and legitimate interests of all affected parties, irrespective of the Member State in which those parties are resident or established and of the jurisdiction concerned, in particular to protect their fundamental rights under the Charter. Those fundamental rights include, inter alia: for users, the right to freedom of expression and information, the right to respect for private and family life, the right to the protection of personal data, the right to non-discrimination and the right to an effective remedy; for service providers, the right to freedom to conduct a business, including freedom of contract; and for parties affected by illegal content, human dignity, the rights of the child, the right to the protection of property, including intellectual property, and the right to non-discrimination. Hosting service providers should respond to notifications in a timely manner, in particular by taking into account the nature of the reported illegal content and the urgency to take action. For example, such providers can be expected to act promptly when suspected illegal content that poses a threat to the life or safety of individuals is reported. The hosting service provider should inform the person or entity reporting the specific content immediately after deciding whether or not to act on the report.
(53) The notice and action procedures should allow for the submission of notices that are sufficiently precise and duly substantiated to enable the hosting service provider concerned to take an informed and diligent decision, compatible with freedom of expression and information, on the content to which the notice relates, in particular on whether that content should be considered illegal content and removed or access to it should be blocked. The procedures should be such that the notices can easily be accompanied by a justification as to why the notifying person or entity considers the content to be illegal and a precise indication of the location of the content in question. A notice that contains sufficient information to enable a diligent hosting service provider to determine that the content is clearly unlawful without detailed legal scrutiny has the effect of presuming actual knowledge or awareness of the unlawfulness. With the exception of the transmission of reports relating to criminal offenses under Articles 3 to 7 of Directive 2011/93/EU of the European Parliament and of the Council (26), the reporting person or entity should be required to disclose his or her identity in the course of those procedures in order to prevent abuse.
(54) Where a hosting service provider decides to remove or disable access to information provided by a user, or otherwise restrict its visibility or monetization, for example after receiving a report or on its own initiative, on the grounds that the information provided by the user constitutes illegal content or is incompatible with the terms and conditions, including through the exclusive use of automated means, the provider should inform the user in a clear and easily understandable manner of its decision, the reasons for it and the remedies available to challenge the decision with regard to possible negative consequences for the user, including in relation to the exercise of his or her fundamental right to freedom of expression. This obligation should apply regardless of the reasons for the decision, in particular regardless of whether the remedy was implemented because the reported information is considered illegal content or not in compliance with the applicable terms and conditions. If the decision was taken after receiving a report, the hosting service provider should only disclose the identity of the person or entity that submitted the report to the user if this information is necessary to establish the illegality of the content, for example in cases of intellectual property rights infringements.
(55) The restriction of visibility can consist of a downgrading in the ranking or in recommendation systems, but also in the restriction of accessibility for one or more users or in the exclusion of the user from an online community without his knowledge (“shadow banning”). The monetization of information provided by the user via advertising revenue can be restricted by suspending or terminating the monetary payment or revenue associated with this information. However, the obligation to provide a justification should not apply to misleading, large-scale commercial content disseminated through willful manipulation of the Service, in particular through inauthentic use of the Service, such as the use of bots or fake accounts or other misleading use of the Service. Notwithstanding other means of challenging the hosting service provider’s decision, the user should always have a right to an effective remedy before a court in accordance with national law.
(56) A hosting service provider could in certain cases, such as through a report by a notifying party or through its own voluntary actions, become aware of information about certain activities of a user, such as the provision of certain types of illegal content, which, taking into account all relevant circumstances of which the hosting service provider is aware reasonably justify the suspicion that that user may have committed, is committing or is likely to commit a criminal offense that endangers the life or safety of persons, such as one of the criminal offenses referred to in Directive 2011/36/EU of the European Parliament and of the Council (27), Directive 2011/93/EU or Directive (EU) 2017/541 of the European Parliament and of the Council (28). For example, certain content could give rise to a suspicion of danger to the public, such as incitement to terrorism as defined in Article 21 of Directive (EU) 2017/541. In such cases, the hosting service provider should immediately inform the competent law enforcement authorities of such suspicion. The hosting service provider should provide all relevant information available to it, including, where appropriate, the content concerned and, where available, the time when the content was posted, including the designated time zone, an explanation of its suspicions and the information necessary to locate and identify the user concerned. This Regulation does not provide a legal basis for the profiling of users for the possible detection of criminal offenses by hosting service providers. Hosting service providers should also comply with other applicable provisions of Union or national law to protect the rights and freedoms of individuals when informing law enforcement authorities.
(57) In order to avoid disproportionate burdens, the additional obligations under this Regulation for online platform providers, including platforms that enable consumers to conclude distance contracts with traders, should not apply to providers that are microenterprises and small enterprises as defined in Recommendation 2003/361/EC. For the same reason, those additional obligations should also not apply to providers of online platforms that have been classified as microenterprises or small enterprises in the past, for a period of 12 months after they have lost that status. Those providers should not be exempted from the obligation to provide information on the average monthly number of active users at the request of the Digital Services Coordinator of establishment or the Commission. However, given that very large online platforms or very large online search engines have a wider reach and more influence on how users receive and communicate information online, those providers, regardless of whether they are or have recently been classified as microenterprises or small enterprises, should not be covered by that exemption. The consolidation rules contained in Recommendation 2003/361/EC help to ensure that any circumvention of those additional obligations is prevented. This Regulation does not prevent online platform providers covered by that exemption from voluntarily setting up a system that complies with one or more of those obligations.
(58) Users should be able to easily and effectively challenge certain decisions by online platform providers on the illegality of content or its inconsistency with the general terms and conditions that have a negative impact on them. Online platform providers should therefore be required to set up internal complaint management systems that meet certain conditions designed to ensure that those systems are easily accessible and lead to swift, non-discriminatory, non-arbitrary and fair results and are subject to manual review where automated tools are used. These systems should allow all users to lodge a complaint and should not impose formal requirements such as reference to specific relevant legislation or the development of legal explanations. Users who have submitted a notification through the notification and redress procedures under this Regulation or through the procedure for reporting content that infringes the general terms and conditions of the online platform provider should be entitled to use the complaints procedure to challenge the online platform provider’s decision on their notifications, including where they consider that the measures taken by that provider were not appropriate. The possibility to lodge a complaint to overturn the contested decisions should be available for a period of at least six months, calculated from the date on which the online platform provider informed the user of the decision.
(59) In addition, the possibility should be provided for such disputes, including those disputes that could not be satisfactorily resolved through the internal complaint management systems, to be settled in good faith out of court by certified bodies that have the necessary independence, resources and expertise to carry out their activities in a fair, expeditious and cost-effective manner. The independence of out-of-court dispute resolution bodies should also be guaranteed at the level of the natural persons entrusted with the settlement of disputes, including through rules on conflicts of interest. The fees charged by out-of-court dispute resolution bodies should be reasonable, accessible, attractive, cost-effective for the consumer, proportionate and assessed on a case-by-case basis. Where an out-of-court dispute resolution entity is certified by the competent Digital Services Coordinator, that certification should apply to all Member States. Online platform providers should have the possibility to refuse to participate in an out-of-court dispute resolution procedure under this Regulation where the same dispute, in particular with regard to the information concerned and the reasons for the adoption of the contested decision, the effects of the decision and the grounds invoked for contesting the decision, has already been resolved or is already the subject of ongoing proceedings before the competent court or another competent out-of-court dispute resolution body. Users should be able to choose between the internal complaints procedure, out-of-court dispute resolution and the possibility of bringing an action before a court at any time. As the outcome of the out-of-court dispute resolution procedure is not binding, the parties should not be prevented from bringing an action in court in relation to the same dispute. The possibilities thus created to challenge the decisions of online platform providers should be without prejudice to the possibility of judicial redress in accordance with the law of the Member State concerned in all respects and should therefore not affect the exercise of the right to an effective remedy under Article 47 of the Charter. The provisions of this Regulation on out-of-court dispute resolution should not oblige Member States to set up such out-of-court dispute resolution entities.
(60) In the case of contractual disputes between consumers and businesses concerning the purchase of goods or services, Directive 2013/11/EU ensures that consumers and businesses in the Union have access to certified alternative dispute resolution entities. In that regard, it should be clarified that the provisions of this Regulation on out-of-court dispute resolution are without prejudice to that Directive, including the right of consumers under that Directive to withdraw from the procedure at any time if they are not satisfied with the conduct or performance of the procedure.
(61) Remediation of illegal content can be faster and more reliable if online platform providers take the necessary measures to ensure that reports submitted by trusted flaggers acting within their designated area of expertise are prioritized under the reporting and remediation mechanisms required by this Regulation, without prejudice to the obligation to process and take decisions on all reports submitted through those mechanisms in a swift, diligent and non-arbitrary manner. That trusted flagger status should be granted by the Digital Services Coordinator of the Member State where the applicant is established and should be recognized by all online platform providers falling within the scope of this Regulation. This trusted flagger status should only be awarded to entities, not individuals, which have demonstrated, inter alia, that they have specific expertise and competence in dealing with illegal content and that they carry out their activities diligently, accurately and objectively. These may be public bodies, such as the Internet content hotlines of national law enforcement authorities or the European Union Agency for Law Enforcement Cooperation (Europol) in the case of terrorist content, or non-governmental organizations and private or semi-public bodies, such as organizations that are part of the INHOPE hotline network for reporting child sexual abuse material, or organizations for reporting illegal racist and xenophobic content on the Internet. In order not to reduce the added value of such a procedure, the total number of trusted flaggers recognized under this Regulation should be limited. In particular, business associations representing the interests of their members are recommended to apply for the status of trusted flagger, without prejudice to the right of private entities or persons to conclude bilateral agreements with online platform providers.
(62) Trusted whistleblowers should publish easily understandable and detailed reports on reports made under this Regulation. These reports should include information such as the number of reports categorized by the hosting service provider, the type of content and the actions taken by the provider. Since trusted whistleblowers have expertise and competence, it can be assumed that the reports submitted by them can be processed with less effort and therefore faster than reports submitted by other users. However, the average processing time may vary depending on the type of illegal content, the quality of the reports and the technical procedures applicable to the submission of such reports, among other factors.
For example, while the 2016 Code of Practice on countering illegal hate speech online sets a benchmark for participating companies on the time needed to process valid reports with a view to removing illegal hate speech, the processing times for other types of illegal content may vary significantly depending on the specific facts and circumstances and the type of illegal content in question. In order to avoid misuse of the status of trusted flagger, it should be possible to suspend that status where a Digital Services Coordinator of establishment has initiated an investigation for legitimate reasons. The provisions of this Regulation relating to trusted flaggers should not be interpreted as preventing online platform providers from handling reports from entities or individuals without trusted flagger status under this Regulation in a similar manner or from otherwise cooperating with other entities in accordance with applicable law, including this Regulation and Regulation (EU) 2016/794 of the European Parliament and of the Council (29). The provisions of this Regulation should not prevent online platform providers from using such trusted flaggers or similar mechanisms to take swift and reliable action against content that is inconsistent with their terms and conditions, in particular content that harms vulnerable users, such as minors.
(63) The abuse of online platforms through the frequent provision of manifestly illegal content or the frequent submission of manifestly unfounded reports or complaints through the respective mechanisms and systems established by this Regulation leads to a loss of trust and affects the rights and legitimate interests of the parties concerned. It is therefore necessary to put in place appropriate, proportionate and effective safeguards against such abuse, respecting the rights and legitimate interests of all parties concerned, including the applicable fundamental rights and freedoms enshrined in the Charter, and in particular the right to freedom of expression. Content should be considered manifestly unlawful and reports or complaints manifestly unfounded if it is clear to a layperson, without analyzing the content, that the content is unlawful or the reports or complaints are unfounded.
(64) Under certain conditions, online platform providers should temporarily suspend their relevant services to the person involved in abusive conduct. This is without prejudice to the freedom of online platform providers to define their terms and conditions and to take stricter measures in the case of manifestly illegal content related to serious criminal offenses, such as depictions of child sexual abuse. For reasons of transparency, this option should be set out clearly and with sufficient precision in the general terms and conditions of the online platforms. Decisions taken by online platform providers in this regard should always be subject to appeal and to the supervision of the competent Digital Services Coordinator. Prior to the decision on suspension, online platform providers should issue a warning setting out the reasons for the possible suspension and the possible remedies against the online platform provider’s decision. With the decision on suspension, online platform providers should also provide the statement of reasons in accordance with the rules laid down in this Regulation. The rules on abuse laid down in this Regulation should not prevent online platform providers from taking other measures to address the provision of illegal content or other misuse of their services by users, including by breaching their terms and conditions, in accordance with applicable Union and national law. These provisions are without prejudice to any possibility under Union or national law to hold the persons involved in the misuse liable, including for damages.
(65) In view of the particular responsibilities and obligations of online platform providers, additional transparency reporting obligations should be imposed on them, in addition to the transparency reporting obligations to be fulfilled by all providers of intermediary services under this Regulation. In order to determine whether an online platform or an online search engine qualifies as a very large online platform or a very large online search engine subject to certain additional obligations under this Regulation, the transparency reporting obligations of online platforms and online search engines should also include certain obligations to publish and report information on the average monthly number of active users in the Union.
(66) In order to ensure transparency and enable control over the content moderation decisions of online platform providers and the monitoring of the dissemination of illegal content online, the Commission should maintain and publish a database containing the decisions and justifications of online platform providers to remove content or otherwise restrict the availability of and access to information. In order to keep the database up to date, online platform providers should transmit the decisions and the statement of reasons in a standard format without undue delay after a decision has been taken, in order to allow for real-time updates where this is technically possible and proportionate to the resources of the online platform concerned. The structured database should allow access to and searches of the relevant information, in particular in relation to the type of allegedly infringing content concerned.
(67) “Dark patterns” on online interfaces of online platforms are practices that are intended to, or actually do, significantly distort or impair the ability of users to make an autonomous and informed choice or decision. Such practices can be used to induce users to engage in unwanted behavior or make unwanted decisions that have negative consequences for them. Online platform providers should therefore be prohibited from misleading or inducing users and from distorting or impairing users’ autonomy, freedom of choice or choice through the structure, design or functions of an online interface or part thereof. This should include, inter alia, exploitative design patterns intended to induce users to take actions that benefit the online platform provider but may not be in the interest of users, and where choices are presented in a non-neutral way, for example by emphasizing certain choices through visual, audio or other elements when users are asked to make a choice.
It should also include practices consisting of repeatedly asking a user to make a choice when that choice has already been made, making the procedure for canceling a service significantly more cumbersome than the corresponding registration or making certain choices more difficult or time-consuming than others, making it disproportionately difficult to abandon purchases or to unsubscribe from a particular online platform, allowing consumers to conclude distance contracts with traders and misleading users by inducing them to make transactional choices or disproportionately influencing users’ decision-making through default settings that are very difficult to change, thereby distorting and impairing users’ autonomy, freedom of choice or choice. However, the provisions to prevent dark patterns should not be understood as preventing providers from interacting directly with users and offering them new or additional services. Lawful practices – for example in advertising – that are in line with Union law should not in themselves be considered as dark patterns. Those rules on dark patterns should be interpreted as covering prohibited practices that fall within the scope of this Regulation, to the extent that those practices are not already covered by Directive 2005/29/EC or Regulation (EU) 2016/679.
(68) Online advertising plays an important role in the online environment, including in the provision of online platforms where the provision of services is sometimes wholly or partly remunerated directly or indirectly through advertising revenue. Online advertising can pose significant risks – from advertising that itself contains unlawful content, to contributing to financial incentives for the publication or amplification of unlawful or otherwise harmful online content and activities, or a discriminatory presentation of advertising that runs counter to equal treatment and equal opportunities for citizens. In addition to the requirements laid down in Article 6 of Directive 2000/31/EC, providers of online platforms should therefore be required to ensure that users are provided with certain individualized information about when and on whose behalf the advertising is displayed. They should ensure that the information is presented in a prominent manner, including through standardized visual or audible cues, so that it is clearly identifiable and unambiguous for the average user, and that the information is adapted to the nature of the online interface of the service in question. In addition, users should have access to information directly on the online interface where the advertisement is displayed about the main parameters used to determine which advertisement is displayed to them, with meaningful explanations of the underlying logic, including when profiling is used.
These explanations should include information about the method used to display the advertisement – for example, whether it is contextual advertising or another type of advertisement – and, where applicable, the main profiling criteria used. The explanations should also inform users of any means available to them to change these criteria. The requirements of this Regulation on the provision of information in relation to advertising are without prejudice to the application of the relevant provisions of Regulation (EU) 2016/679, in particular as regards the right to object and automated individual decision-making, including profiling and in particular the need to obtain the consent of the data subject before processing personal data for targeted advertising. It also applies without prejudice to the provisions of Directive 2002/58/EC, in particular with regard to the storage of information on terminal equipment and access to information stored on such equipment. Finally, this Regulation complements the application of Directive 2010/13/EU, which requires measures to be taken to enable users to declare audiovisual commercial communications in user-generated videos as such. It also complements the obligations for traders in relation to the disclosure of commercial communications arising from Directive 2005/29/EC.
(69) When users are shown advertising based on advertising personalization techniques that are optimized to match their interests and potentially target their vulnerabilities, this can have a particularly serious negative impact. In certain cases, manipulative techniques can negatively impact entire groups and exacerbate societal harms, for example by contributing to disinformation campaigns or discriminating against certain groups. Online platforms are an environment that is particularly vulnerable to such practices and pose a higher societal risk. Therefore, online platform providers shall not display advertisements based on profiling in accordance with Article 4(4) of Regulation (EU) 2016/679 using special categories of personal data referred to in Article 9(1) of that Regulation, including profiling categories based on those special categories. This prohibition is without prejudice to obligations under Union law on the protection of personal data applicable to online platform providers or other service providers or advertisers involved in the dissemination of advertisements.
(70) A central component of an online platform’s business activities is the way in which information is prioritized and presented on its online interface in order to facilitate and optimize access to information for users. This is done, for example, through algorithmic recommendations, ranking and prioritization of information indicated by textual or other visual representations, or other types of curation of information provided by users. These recommendation systems can have a significant impact on users’ ability to access and interact with information online. For example, they can facilitate the search for information relevant to users and contribute to an improved user experience. They also play an important role in reinforcing certain messages, spreading information virally and encouraging online behavior. Online platforms should therefore always ensure that users are adequately informed about how recommendation systems affect the way information is displayed and how they can influence the way information is presented to them. You should present the parameters of these recommender systems in a clear and easily understandable way to ensure that users can understand how the information displayed to them is prioritized. These parameters should include at least the main criteria used to determine which information is suggested to the user and the reasons why each criterion is relevant, including cases where information is prioritized on the basis of profiling and users’ online behaviour.
(71) The protection of minors is an important policy objective of the Union. An online platform may be considered accessible to minors if its general terms and conditions allow minors to use the service, if its service is directed to or predominantly used by minors, or if the provider is otherwise aware that some of its users are minors, for example because it already processes personal data of users which reveal the age of the users for other purposes. Providers of online platforms used by minors should take appropriate and proportionate measures to protect minors, for example by designing, where appropriate, their online interfaces or parts thereof with the highest level of privacy and security for minors by default or by applying standards for the protection of minors or by participating in codes of conduct for the protection of minors. They should take into account best practices and available guidance, such as that provided in the Commission Communication entitled “A Digital Decade for Children and Young People: the new European Strategy for a Better Internet for Children (BIK+)”. Online platform providers should not display advertising based on profiling using personal data of the user concerned if they have reasonable certainty that the user concerned is a minor. In accordance with Regulation (EU) 2016/679, and in particular with the principle of data minimization within the meaning of Article 5(1)(c) of that Regulation, this prohibition should not require the online platform provider to store, acquire or process more personal data than it already holds in order to assess whether the user concerned is a minor. This obligation should therefore not create an incentive for online platform providers to collect the age of users before they use the platform. This should be without prejudice to Union law on the protection of personal data.
(72) In order to contribute to a safe, trustworthy and transparent online environment for consumers as well as for other stakeholders, such as competing traders or holders of intellectual property rights, and to prevent traders from selling products and services in breach of the applicable rules, online platforms that enable consumers to conclude distance contracts with traders should ensure that those traders can be tracked. The trader should therefore be obliged to provide certain basic information to providers of online platforms enabling consumers to conclude distance contracts with traders, including in order to advertise or offer products. This requirement should also apply to traders promoting or offering products on behalf of brands on the basis of underlying agreements. Those online platform providers should securely store all information for the duration of their contractual relationship with the trader and for six months thereafter in order to enable any claims to be made against or orders to be complied with in relation to the trader.
That obligation is necessary and proportionate to allow such information to be accessed by public authorities and private parties with a legitimate interest in accordance with applicable law, including the right to the protection of personal data, including on the basis of orders to provide information referred to in this Regulation. This obligation is without prejudice to potential obligations to retain certain content for longer periods on the basis of other Union or national law in accordance with Union law. Without prejudice to the definition laid down in this Regulation, any trader identified on the basis of Article 6a(1)(b) of Directive 2011/83/EU and Article 7(4)(f) of Directive 2005/29/EC, whether a natural or legal person, should be traceable when offering a product or service through an online platform. Directive 2000/31/EC requires all providers of information society services to make certain information enabling the identification of all providers easily, directly and permanently accessible to users and competent authorities. The traceability requirements laid down in this Regulation for providers of online platforms enabling consumers to conclude distance contracts with traders are without prejudice to the application of Council Directive (EU) 2021/514 (30), which pursues other legitimate public interest objectives.
(73) In order to ensure an efficient and proportionate application of that obligation without imposing disproportionate burdens, providers of online platforms enabling consumers to conclude distance contracts with traders should make best efforts to assess the reliability of the information provided by the traders concerned, in particular by using freely accessible official online databases or online interfaces, such as national trade registers and the VAT Information Exchange System, or by requesting the traders concerned to provide reliable supporting documents, such as copies of identity documents, certified payment account statements, business certificates or extracts from the trade register. To comply with this obligation, they can also use other sources available for remote use that offer comparable reliability. However, the providers of the online platforms concerned should not be obliged to carry out excessive or costly research on the internet or to carry out disproportionate on-site checks. Nor should it be assumed that providers that have already made best efforts as required by this Regulation ensure the reliability of the information to consumers or other stakeholders.
(74) Providers of online platforms that enable consumers to conclude distance contracts with traders should design and build their online interface in a way that allows traders to comply with their obligations under relevant Union law, in particular the requirements laid down in Articles 6 and 8 of Directive 2011/83/EU, Article 7 of Directive 2005/29/EC, Articles 5 and 6 of Directive 2000/31/EC and Article 3 of Directive 98/6/EC of the European Parliament and of the Council (31). To that end, providers of the online platforms concerned should make best efforts to verify that the traders using their services have uploaded the complete information to their online interfaces in accordance with the relevant applicable Union law. Online platform providers should ensure that products or services are not offered until that information is complete. This should not be tantamount to a general obligation for the providers of the online platforms concerned to monitor the products or services offered by traders through their services or to a general obligation to actively investigate, in particular to verify the accuracy of the information provided by traders. The online interfaces should be user-friendly and easily accessible for traders and consumers. In addition, the providers of the online platforms concerned should, after allowing the trader to offer the product or service, make reasonable efforts to verify, on a sample basis, whether the products or services offered have been found to be illegal in official, freely accessible and machine-readable online databases or online interfaces available in a Member State or in the Union. The Commission should also promote the traceability of products through technological solutions such as digitally signed QR codes (Quick Response Codes) or non-replaceable tokens. The Commission should encourage the development of standards and, in the absence of such standards, the development of market-based solutions that can be accepted by the parties concerned.
(75) Since very large online platforms play an important role in facilitating public debate, economic transactions and the public dissemination of information, opinions and ideas, and in influencing the gathering and dissemination of information on the internet, due to their reach, in particular the number of users, it is necessary to impose specific obligations on the providers of these platforms in addition to the obligations applicable to all online platforms. Due to the crucial role of large online search engines when it comes to finding information and making it available on the internet, these obligations, where applicable, must also be imposed on the providers of very large online search engines. These additional obligations on providers of very large online platforms and very large online search engines are necessary to address these regulatory concerns, as alternative, less restrictive measures will not achieve the same results.
(76) Very large online platforms and very large online search engines can give rise to social risks that differ from those of smaller platforms in terms of scope and impact. Providers of such very large online platforms and very large online search engines should therefore be subject to the highest standards of due diligence proportionate to their societal impact. Once the number of active users of an online platform or active users of an online search engine, calculated as an average over a period of six months, reaches a significant proportion of the population in the Union, the systemic risks associated with the online platform or online search engine may also have a disproportionate impact in the Union. Such a significant reach should be assumed when the number exceeds an operational threshold of 45 million – 10 % of the population in the Union. That operational threshold should be kept up to date and therefore the power to supplement the provisions of this Regulation by adopting delegated acts should be delegated to the Commission where necessary.
(77) In order to determine the reach of a particular online platform or online search engine, the average number of active users of each service must be determined individually. Accordingly, the number of average monthly active users of an online platform should reflect all users who actually use the service at least once in a given period by being exposed to information disseminated through the online interface of the online platform, such as by viewing or listening to it or by providing information, such as traders on an online platform that enables consumers to conclude distance contracts with traders.
For the purposes of this Regulation, use is not limited to interacting with information by clicking, commenting, linking, sharing, purchasing or carrying out transactions on an online platform. Consequently, the concept of an active user does not necessarily coincide with that of a registered user of a service. In relation to online search engines, the concept of active user should include those who view information on the online interface, but not the owners of the websites indexed by an online search engine, as they do not actively use the service. The number of active users of a service should include all unique users who use the service in question. For this purpose, a user who uses different online interfaces such as websites or applications, even if the services are accessed via different URLs or domain names, should be counted only once if possible. However, the concept of active user should not include the occasional use of the service by users of other intermediary service providers who make information stored by the online platform provider indirectly accessible through linking or indexing by an online search engine provider. Furthermore, this Regulation does not oblige online platform providers or online search engine providers to carry out specific online tracking of individuals. If such providers are able to disregard automated users such as bots or scrapers without further processing of personal data and tracking, they may do so. Since market and technological developments may have an impact on the determination of the number of active users, the power to adopt acts should be delegated to the Commission to supplement the provisions of this Regulation by adopting delegated acts specifying the method for determining the active users of the service of an online platform or an online search engine, taking into account, where necessary, the nature of the service and the way in which the users of the service interact with it.
(78) Given the network effects typical of platform activities, the user base of an online platform or an online search engine can expand rapidly and reach the dimension of a very large online platform or a very large online search engine with the associated effects on the internal market. This may be the case, for example, if the online platform or online search engine grows exponentially over a short period of time or can fully exploit network effects as well as economies of scale and scope due to its broad global presence and turnover. In particular, a high annual turnover or a high market capitalization may indicate that the user reach is increasing rapidly. In such cases, the Digital Services Coordinator of establishment or the Commission should be able to require the provider of the online platform or online search engine to report more frequently on the number of active users in order to determine in a timely manner the moment at which the platform is to be considered a very large online platform or very large online search engine within the meaning of this Regulation.
(79) The way in which very large online platforms and very large online search engines can be used has a major impact on online safety, the formation of public opinion and discourse, and online commerce. The design of the services is generally geared towards optimizing their often advertising-supported business model and can give rise to social concerns. Effective regulation and enforcement is needed to effectively identify and mitigate the risks and social and economic harm that may arise. In the context of this Regulation, providers of very large online platforms and very large online search engines should therefore assess the systemic risks associated with the design, functioning and use of their services and with possible misuse by users and should take appropriate countermeasures, while respecting fundamental rights. In determining the significance of possible negative effects and impacts, providers should take into account the severity of the possible effects and the likelihood of all such systemic risks. For example, they could consider whether the possible negative effects may affect a large number of people, their possible irreversibility or how difficult it is to remedy the possible effects and restore the previous situation.
(80) Four categories of systemic risks should be examined in detail by providers of very large online platforms and very large online search engines. A first category concerns the risks that may arise from the dissemination of unlawful content, including the dissemination of depictions of child sexual abuse or unlawful hate speech or other types of misuse of their services for criminal activities, as well as unlawful activities such as the sale of goods or services prohibited by Union or national law, such as dangerous or counterfeit goods or unlawfully traded animals. Such dissemination or activities can pose a significant systemic risk, for example, if access to illegal content spreads rapidly and widely through accounts with a particularly wide reach or other means of amplification. Providers of very large online platforms and very large online search engines should assess the risk of dissemination of illegal content regardless of whether or not the information is also inconsistent with their terms and conditions. This assessment is without prejudice to the personal liability of the user of very large online platforms or the owners of websites indexed by very large online search engines for any illegality of their activity under applicable law.
(81) A second category concerns the actual or foreseeable impact of the service on the exercise of fundamental rights protected by the Charter of Fundamental Rights, including but not limited to human dignity, freedom of expression and information, including freedom and pluralism of the media, the right to respect for private life, data protection, the right to non-discrimination, the rights of the child and consumer protection. These risks may be due, for example, to the design of the algorithmic systems of very large online platforms or very large online search engines, or to the misuse of their service for the transmission of abusive messages or other methods of preventing freedom of expression or hindering competition. When assessing the risks to the rights of the child, providers of very large online platforms and very large online search engines should consider, for example, how easy it is for minors to understand the design and functioning of the service and how their service may expose minors to content that may harm their health or their physical, mental or moral development. Such risks may arise, for example, in connection with the design of online interfaces that intentionally or unintentionally exploit the weaknesses and inexperience of minors or that may lead to addictive behavior.
(82) A third category of risks relates to the actual or foreseeable negative impact on democratic processes, social debate and electoral processes, as well as on public safety.
(83) A fourth category of risk arises from similar concerns related to the design, functioning or use of very large online platforms and very large online search engines, including through manipulation, with actual or foreseeable negative effects on the protection of public health or minors and serious negative consequences for a person’s physical and mental well-being or in relation to gender-based violence. Such risks may also result from coordinated disinformation campaigns related to public health or from the design of online interfaces that may stimulate behavioral addictions of users.
(84) When assessing such systemic risks, providers of very large online platforms and very large online search engines should focus on the systems or other elements that may contribute to the risks, including any algorithmic systems that may be relevant, in particular their recommender systems and advertising systems, taking into account the relevant data collection and use practices. They should also consider whether their general terms and conditions and their enforcement, as well as their content moderation practices and the corresponding technical tools and allocated resources, are adequate. When assessing the systemic risks identified in this Regulation, such providers should also focus on the information which, while not unlawful, contributes to the systemic risks identified in this Regulation. Such providers should therefore pay particular attention to how their services are used to disseminate or amplify misleading or deceptive content, including disinformation. Where algorithmic amplification of information contributes to systemic risks, such providers should take due account of this in their risk assessments. Where risks are localized or linguistic differences exist, these providers should also take this into account in their risk assessments. Providers of very large online platforms and very large online search engines should in particular consider how the design and functioning of their service and the deliberate and often coordinated manipulation and use of their services or the systemic violation of their terms of use contribute to these risks. Such risks may be due, for example, to inauthentic use of the service, such as the creation of fake accounts, the use of bots or the misleading use of a service and other automated or semi-automated behaviors that may lead to the rapid and large-scale public dissemination of information that constitutes unlawful content or is inconsistent with an online platform’s or online search engine’s terms of service and contributes to disinformation campaigns.
(85) In order to allow subsequent risk assessments to build on each other and show the evolution of the risks identified, and to facilitate investigations and enforcement actions, providers of very large online platforms and very large online search engines should keep all evidence of the risk assessments they have carried out, such as information on their preparation, underlying data and data on the testing of their algorithmic systems.
(86) Providers of very large online platforms and very large online search engines should use the necessary tools to carefully mitigate the systemic risks identified in the risk assessments while respecting fundamental rights. All measures should be consistent with the due diligence obligations laid down in this Regulation and contribute adequately and effectively to mitigating the specific systemic risks identified. They should be proportionate to the economic capacity of the provider of the very large online platform or very large online search engine and take into account the need to avoid unnecessary restrictions on the use of their services, with due regard to possible negative impacts on fundamental rights. These providers should pay particular attention to the impact on freedom of expression.
(87) Providers of very large online platforms and very large online search engines should, for example, consider adapting the necessary design, function or operation of their service, such as the design of the online interface, as part of such risk mitigation measures. They should adapt and apply their terms and conditions as necessary and in accordance with the provisions of this Regulation on terms and conditions. Other appropriate measures could include adapting their systems and internal procedures for content moderation or adapting their decision-making processes and resources, including content moderation staff, their training and local expertise. This relates in particular to the speed and quality of the processing of reports. In this context, for example, the 2016 Code of Practice on Countering Unlawful Hate Speech Online sets a benchmark of less than 24 hours for processing valid reports of the removal of unlawful hate speech. Providers of very large online platforms, in particular those primarily used for the public dissemination of pornographic content, should diligently comply with all their obligations under this Regulation in relation to illegal content that constitutes online violence, including illegal pornographic content, in particular with a view to ensuring that victims can effectively exercise their rights in relation to content that constitutes the non-consensual sharing of intimate or manipulated material through the swift handling of reports and the removal of such content without undue delay. For other types of illegal content, depending on the facts, circumstances and types of illegal content involved, longer or shorter periods of time may be required to process reports. These providers may also initiate or strengthen cooperation with trusted whistleblowers and organize training and exchanges with associations of trusted whistleblowers.
(88) Providers of very large online platforms and very large online search engines should also be careful about the measures they take to test and, if necessary, adjust their algorithmic systems, not least their recommendation systems. They may need to mitigate the negative impact of personalized recommendations and correct the criteria used in their recommendations. The advertising systems used by the providers of very large online platforms and very large online search engines may also be a catalyst for systemic risk. These providers should consider corrective measures, such as ending advertising revenue for certain information, or other measures such as improving the visibility of reliable information sources or adapting their advertising systems more structurally. Providers of very large online platforms and very large online search engines may need to strengthen their internal procedures or the internal monitoring of their activities, in particular to identify systemic risks, and carry out more frequent or targeted risk assessments in relation to new features. In particular, where risks are shared across different online platforms or online search engines, they should cooperate with other providers, for example by introducing codes of conduct or other self-regulatory measures or participating in existing relevant codes or measures. They should also consider awareness-raising measures, especially for risks related to disinformation campaigns.
(89) In particular, where their services are primarily targeted at or predominantly used by minors, providers of very large online platforms and very large online search engines should take into account the best interests of minors when taking measures such as adapting the design of their service and their online interface. They should ensure that their services are organized in such a way that minors can easily access the mechanisms provided for in this Regulation, including, where appropriate, reporting, redress and complaint mechanisms. They should also take measures to protect minors from content that may impair their physical, mental or moral development and provide tools to allow controlled access to such information. In selecting the appropriate mitigation measures, providers may, where appropriate, take into account industry best practices, including those established through self-regulatory cooperation, such as codes of conduct, and should take into account the Commission’s guidelines.
(90) Providers of very large online platforms and very large online search engines should ensure that their approach to risk assessment and mitigation is based on the best available information and scientific evidence and that they review their assumptions with the groups most affected by the risks and the measures they take. To this end, they should, where appropriate, involve representatives of users and groups potentially affected by their services, as well as independent experts and civil society organizations, in their risk assessments and in the design of their risk mitigation measures. They should seek to integrate such consultations into their methods for assessing risks and designing mitigation measures, including, where appropriate, surveys, focus groups, roundtables and other consultation and design methods. In assessing whether a measure is appropriate, proportionate and effective, particular attention should be paid to the right to freedom of expression.
(91) In times of crisis, it may be necessary for providers of very large online platforms to take certain specific measures as a matter of urgency, in addition to the measures they would take in relation to their other obligations under this Regulation. In this context, a crisis should be considered to occur when exceptional circumstances arise that may lead to a serious threat to public security or public health in the Union or in substantial parts of the Union. Such crises could result from armed conflicts or terrorist acts, including emerging conflicts or terrorist acts, natural disasters such as earthquakes and hurricanes, as well as pandemics and other serious cross-border threats to public health. The Commission should be able to require providers of very large online platforms and providers of very large search engines to urgently initiate a crisis response on the recommendation of the European Digital Services Board (‘the Board’). Measures that those providers may identify and consider include, for example, adapting content moderation procedures and increasing content moderation resources, adapting terms and conditions, relevant algorithmic and advertising systems, further intensifying cooperation with trusted whistleblowers, conducting awareness-raising activities and promoting trustworthy information, and adapting the design of their online interfaces. The necessary requirements should be laid down to ensure that such measures are taken within a very short timeframe and that the Rapid Reaction Mechanism is used only if and to the extent strictly necessary and that the measures taken under that mechanism are effective and proportionate, taking due account of the rights and legitimate interests of all parties concerned. The use of the mechanism should be without prejudice to the other provisions of this Regulation, such as the provisions on risk assessments and risk mitigation measures and their enforcement and the provisions on crisis protocols.
(92) Given the need for independent expert review, providers of very large online platforms and very large online search engines should be subject to accountability for compliance with the obligations under this Regulation and, where applicable, additional commitments under codes of conduct and crisis protocols, which should be ensured through independent audits. In order to ensure that the audits are carried out in an effective, efficient and timely manner, providers of very large online platforms and very large online search engines should provide the necessary cooperation and assistance to the organizations carrying out the audits, including by granting the auditor access to all relevant data and premises necessary for the proper conduct of the audit, including, where applicable, data related to algorithmic systems, and by responding to oral or written requests. In addition, investigators should be able to use other objective sources of information, such as studies by accredited researchers. Providers of very large online platforms and very large online search engines should not interfere with the conduct of the review. Audits should be conducted in accordance with industry best practice and a high level of professional ethics and objectivity, with due regard to auditing standards and codes where appropriate. Auditors should ensure the confidentiality, security and integrity of the information they obtain in the course of their duties, including trade secrets. Such assurance should not be a means of circumventing the applicability of the audit provisions of this Regulation. Auditors should have the necessary risk management knowledge and technical competence to audit algorithms. They should be independent so that they can perform their tasks in an appropriate and trustworthy manner. They should meet the basic independence requirements for prohibited non-audit services, change of audit firm and unconditional fees. If their independence and technical competence are not beyond reproach, they should resign or relinquish the audit engagement.
(93) The audit report should be reasoned in order to provide a meaningful assessment of the activities carried out and the conclusions reached. It should include information on the measures taken by very large online platform providers and very large online search engines to comply with their obligations under this Regulation and, where appropriate, suggestions for improvement of those measures. The audit report should be sent to the Digital Services Coordinator of establishment, the Commission and the Board upon receipt of the audit report. Providers should also submit each of the risk assessment and mitigation measures reports and the audit implementation report of the very large online platform provider or the very large online search engine provider without undue delay after completion, indicating how they have complied with the recommendations from the audit. The audit report should include an audit opinion based on the conclusions from the audit evidence. A ‘positive opinion’ should be issued where all evidence shows that the very large online platform provider or very large online search engine provider complies with the obligations under this Regulation or any commitments made under a code of conduct or crisis protocol, in particular by identifying, assessing and mitigating the systemic risks associated with its system and services. A “positive report” should be supplemented by comments if the auditor wishes to add observations that do not have a material impact on the audit outcome. A “negative report” should be issued if the auditor is of the opinion that the provider of the very large online platform or the very large online search engine does not comply with this Regulation or does not fulfill the commitments made. If no conclusion could be reached in the auditor’s report for specific elements that are part of the audit scope, the reasons for this should be stated. If applicable, the report should include a description of specific elements that could not be audited and an explanation of why they could not be audited.
(94) The obligations to assess and mitigate risks should, on a case-by-case basis, require providers of very large online platforms or very large online search engines to assess and, where appropriate, adapt the design of their recommender systems, for example by taking measures to avoid or minimize bias leading to discrimination against vulnerable persons, in particular where such adaptation is in compliance with data protection law and where the information is personalized on the basis of special categories of personal data in accordance with Article 9 of Regulation (EU) 2016/679. In addition and complementary to the transparency obligations that apply to online platforms in relation to their recommender systems, providers of very large online platforms and very large online search engines should consistently ensure that users of their service are provided with alternative options for the main parameters of their recommender systems that are not based on profiling within the meaning of Regulation (EU) 2016/679. This choice should be directly accessible from the online interface where the recommendations are presented.
(95) Advertising systems used by very large online platforms and very large online search engines pose particular risks and require further public and regulatory oversight given their scale and the fact that they can target users based on their behavior inside and outside the online interface of the platform or search engine. Very large online platforms or very large online search engines should make publicly available archives of advertising displayed on their online interfaces to support oversight and research into emerging risks related to the online dissemination of advertising, such as unlawful advertising or manipulative techniques and disinformation with real and foreseeable negative effects on public health or safety, social discourse, political participation and equal treatment. The archives should contain the content of the advertisement – including the name of the product, service or brand and the subject matter of the advertisement – and related data on the advertiser and, if different, on the natural or legal person who paid for the advertisement and on the provision of the advertisement, in particular as regards targeted advertising. This information should include details of both the targeting criteria and the delivery criteria, in particular where advertising is delivered to vulnerable persons, such as minors.
(96) In order to adequately monitor and assess the compliance of very large online platforms and very large online search engines with their obligations under this Regulation, the Digital Services Coordinator of establishment or the Commission may require access to or reporting of certain data, including data relating to algorithms. This may include, for example, data necessary to assess the risks and potential harm associated with the very large online platform’s or very large online search engine’s systems, data on the accuracy, functioning and testing of algorithmic systems for content moderation, recommender or advertising systems, including, where applicable, data and algorithms on training, or data on content moderation procedures and outcomes or internal complaint management systems within the meaning of this Regulation. Such requests for access to data should not include requests for specific information on individual users for the purpose of determining compliance by those users with other applicable Union or national law. Research by researchers on the evolution and significance of systemic online risks is of particular importance to address information asymmetries, to ensure a resilient risk mitigation system and to provide information to online platform providers, online search engine providers, digital service coordinators, other competent authorities, the Commission and the public.
(97) This Regulation therefore sets out a framework for the obligation to make the data of very large online platforms and very large online search engines accessible to authorised researchers affiliated to a research organisation within the meaning of Article 2 of Directive (EU) 2019/790, which for the purposes of this Regulation may include civil society organizations carrying out scientific research with the primary aim of supporting their mission in the public interest. Any requests for access to data within this framework should be proportionate and adequately protect rights and legitimate interests, including personal data, trade secrets and other confidential information of the very large online platform or very large online search engine and other stakeholders, including users. However, in order to ensure that the objective of this Regulation is achieved, consideration of the commercial interests of providers should not result in the denial of access to data necessary for the specific research objective on the basis of a request under this Regulation. In this context, without prejudice to Directive (EU) 2016/943 of the European Parliament and of the Council (32), providers should ensure appropriate access for researchers, including, where necessary, through technical protection measures, such as data rooms. Requests for access to data could, for example, concern the number of views or, where appropriate, other types of access by users to content before its removal by the providers of very large online platforms or very large online search engines.
(98) Moreover, where such data are publicly available, such providers should not prevent researchers who meet an appropriate subset of criteria from using such data for research purposes where they contribute to the detection, identification and understanding of systemic risks. They should provide such researchers with access, including, where technically possible, in real time, to publicly available data, such as aggregated interactions with content from public pages, public groups or public figures, including perception and interaction data, such as the number of reactions, shares and comments from users of the service. Providers of very large online platforms or very large online search engines should be encouraged to cooperate with researchers and provide broader access to data for the monitoring of societal concerns through voluntary efforts, including through commitments and procedures agreed under codes of conduct or crisis protocols. These providers and researchers should pay particular attention to the protection of personal data and ensure that any processing of personal data complies with Regulation (EU) 2016/679. Providers should anonymize or pseudonymize personal data, unless this would render the research purpose impossible.
(99) Given the complexity of the functioning of the systems used and the systemic risks they pose to society, providers of very large online platforms and very large online search engines should establish a compliance function which should be independent from their operational functions. The head of the compliance function should report directly to the management body of these providers, including in relation to issues of non-compliance with this Regulation. The compliance officers who are part of the compliance function should have the necessary qualifications, knowledge, experience and skills to implement measures and monitor compliance with this Regulation within the organization of very large online platform providers or very large online search engines. Very large online platform providers and very large online search engines should ensure that the compliance function is properly involved at an early stage in all matters related to this Regulation, including in the strategy and specific measures for risk assessment and mitigation and, where appropriate, in the assessment of compliance with the commitments of those providers under the codes of conduct or crisis protocols adopted by them.
(100) Given the additional risks associated with their activities and their additional obligations under this Regulation, additional transparency requirements should apply specifically to very large online platforms and very large online search engines, in particular the obligation to report comprehensively on the risk assessments carried out and the measures subsequently taken in accordance with this Regulation.
(101) The Commission should have at its disposal the necessary human, technical and financial resources to carry out its tasks under this Regulation. In order to ensure the availability of the resources necessary for adequate supervision at Union level under this Regulation, and taking into account that Member States should be empowered to levy a supervisory fee on providers established in their territory for the supervisory and enforcement tasks carried out by their authorities, the Commission should levy a supervisory fee on very large online platforms and very large online search engines, the amount of which should be determined annually. The total amount of the annual supervisory fee should be determined on the basis of the total amount of costs incurred by the Commission in carrying out its supervisory tasks under this Regulation, as reasonably estimated in advance. That amount should include costs related to the exercise of the specific powers and tasks of supervision, investigation, enforcement and oversight in relation to providers of very large online platforms and very large online search engines, including costs related to the designation of very large online platforms and very large online search engines or to the establishment, maintenance and operation of the databases provided for in this Regulation.
This should also include costs related to the establishment, maintenance and operation of the basic information and institutional infrastructure for cooperation between the Digital Services Coordinators, the Board and the Commission, taking into account that very large online platforms and very large online search engines have a significant impact on the resources required to operate these infrastructures due to their size and reach. When estimating the total costs, the supervisory costs incurred in the previous year should be taken into account, including, where appropriate, costs over and above the annual supervisory fees collected in the previous year. The external assigned revenue from the annual supervisory fees could be used to finance additional human resources, such as contract staff and seconded national experts, as well as other expenses related to the performance of the task conferred on the Commission by this Regulation. The annual supervisory fee to be levied on providers of very large online platforms and very large online search engines should be proportionate to the size of the service resulting from the number of active users of the service in the Union. In addition, the individual annual supervisory fee should not exceed a ceiling for each provider of very large online platforms or very large online search engines, taking into account the economic capacity of the provider of the designated service or services.
(102) In order to facilitate the effective and uniform application of the obligations laid down in this Regulation, the implementation of which may require technical means, it is important to support voluntary standards covering certain technical procedures where industry can contribute to the development of standardized means to assist providers of intermediary services in complying with this Regulation, such as the possibility to transmit messages, for example through application programming interfaces, or standards relating to terms and conditions or auditing standards, or standards relating to better interoperability of advertising archives. In addition, such standards could include standards relating to online advertising, recommendation systems, accessibility and the protection of minors online. Intermediary service providers are free to adopt such standards, but their adoption is not tantamount to compliance with this Regulation. Such standards could be particularly useful for relatively small providers of intermediary services as they set out best practices. The standards could, where appropriate, distinguish between different types of illegal content or different types of intermediary services.
(103) The Commission and the Board should encourage the drawing up of voluntary codes of conduct and the implementation of the provisions of those codes as a contribution to the application of this Regulation. The Commission and the Board should aim to ensure that the codes of conduct clearly set out the nature of the public interest objectives to be pursued, that they contain procedures for the independent assessment of the implementation of those objectives and that the role of the relevant public authorities is clearly defined. Particular attention should be paid to avoiding negative impacts on security, privacy and personal data protection and the prohibition of imposing general monitoring obligations. The implementation of the codes of conduct should be measurable and subject to public oversight, but this should not affect the voluntary nature of these codes and the freedom of choice of stakeholders as to their participation. In certain circumstances, it may be important for very large online platforms to jointly establish and comply with certain codes of conduct. Nothing in this Regulation shall prevent other providers from complying with the same standards of due diligence, adopting best practices and applying the guidelines of the Commission and the Board by participating in the same codes of conduct.
(104) This Regulation should specify certain areas that are eligible for such codes of conduct. In particular, risk mitigation measures for certain types of illegal content should be the subject of self- and co-regulatory agreements. Another relevant issue is the possible negative impact of systemic risks on society and democracy, for example due to disinformation or manipulative and abusive activities, or negative effects on minors. This includes coordinated activities to amplify information, including disinformation, such as the use of bots or fake accounts to create intentionally inaccurate or misleading information, which may also be linked to a profit motive and be particularly harmful to vulnerable users such as minors. In these areas, the participation of a very large online platform or a very large online search engine in a code of conduct and compliance with it can be seen as a suitable risk mitigation measure. Where an online platform provider or an online search engine refuses, without reasonable justification, to participate in the application of such a code of conduct when requested to do so by the Commission, this could be taken into account for the purpose of determining possible infringements by the online platform or online search engine under this Regulation. Mere participation in or implementation of a particular code of conduct should not in itself be considered as compliance with this Regulation.
(105) The codes of conduct should facilitate the accessibility of very large online platforms and very large online search engines in accordance with Union and national law in order to facilitate their foreseeable use by persons with disabilities. In particular, the codes of conduct could ensure that the information is presented in a perceivable, operable, understandable and robust manner and that the forms and measures provided under this Regulation are made available in a way that is easy to find and accessible to persons with disabilities.
(106) The provisions on codes of conduct in this Regulation could serve as a basis for existing self-regulatory measures at Union level, including the Product Safety Pledge, the Memorandum of Understanding on the sale of counterfeit goods online, the Code of Practice on countering illegal hate speech online and the Code of Practice on countering disinformation. As announced in the Democracy Action Plan, the Code of Practice on Countering Disinformation has been strengthened in line with the Commission’s guidance.
(107) The provision of online advertising generally involves several actors, including intermediary services that bring advertisers together with the provider that publishes the advertisement. The codes of conduct should support and complement the transparency obligations of online platform providers, very large online platforms and very large online search engines established for advertising under this Regulation in order to provide for flexible and effective mechanisms to support and improve compliance with those obligations, in particular as regards the modalities for the transmission of the relevant information. This should include facilitating the transmission of information on the advertiser paying for the advertisement where it is different from the natural or legal person on whose behalf the advertisement is displayed on the online interface of an online platform. The codes of conduct should also include measures to ensure that meaningful information about the monetization of data is appropriately shared throughout the value chain. Multi-stakeholder engagement should ensure that these codes of conduct are widely supported, technically robust and effective, and meet the highest standards of user-friendliness in order to achieve the objectives of the transparency obligations. In order to ensure the effectiveness of the codes of conduct, the Commission should include evaluation mechanisms in the development of the codes of conduct. Where appropriate, the Commission may request the European Union Agency for Fundamental Rights or the European Data Protection Supervisor to give an opinion on the relevant code of conduct.
(108) In addition to the crisis response mechanism for very large online platforms and very large online search engines, the Commission may request the establishment of voluntary crisis protocols to coordinate a rapid, collective and cross-border response in the online environment. This may be the case, for example, where online platforms are misused for the rapid dissemination of illegal content or disinformation, or where rapid dissemination of reliable information is required. Given the important role of very large online platforms in the dissemination of information at societal and international level, providers of such platforms should be required to establish and apply specific crisis protocols. Such crisis protocols should only be activated for a limited period of time and the measures taken should be limited to what is strictly necessary to deal with the exceptional circumstances. Those measures should be consistent with this Regulation and should not lead to a general obligation for participating providers of very large online platforms and very large online search engines to monitor the information they transmit or store or to actively search for facts or circumstances indicating illegal content.
(109) In order to ensure adequate supervision and enforcement of the obligations laid down in this Regulation, Member States should designate at least one authority responsible for supervising the application and enforcement of this Regulation, without prejudice to the possibility of designating an existing authority and irrespective of its legal form under national law. However, depending on the constitutional, organizational and administrative structure of the country, Member States should be able to assign specific supervisory or enforcement tasks and responsibilities in relation to the application of this Regulation to more than one competent authority, for example for specific sectors of the economy, including existing authorities such as regulatory authorities for electronic communications or the media or consumer protection authorities. All competent authorities should, in the exercise of their tasks, contribute to the achievement of the objectives of this Regulation, namely the smooth functioning of the internal market for intermediary services, in which the harmonized rules for a safe, predictable and trustworthy online environment conducive to innovation, and in particular the due diligence obligations applicable to the different categories of providers of intermediary services, are effectively monitored and enforced in order to ensure that the fundamental rights enshrined in the Charter, including the principle of consumer protection, are effectively protected. This Regulation does not require Member States to delegate to competent authorities the task of deciding on the lawfulness of specific content.
(110) Given the cross-border nature of the relevant services and the wide range of obligations introduced by this Regulation, an authority responsible for monitoring the application and, where necessary, the enforcement of this Regulation should be designated as Digital Services Coordinator in each Member State. However, where more than one competent authority is entrusted with the supervision of the application and enforcement of this Regulation, only one authority in that Member State should be designated as Digital Services Coordinator. The Digital Services Coordinator should act as a single point of contact for the Commission, the Board, the Digital Services Coordinators of the other Member States and other competent authorities of the Member State concerned for all matters relating to the application of this Regulation. Where several competent authorities have been entrusted with tasks under this Regulation in a given Member State, the Digital Services Coordinator should coordinate and cooperate with those authorities in the definition of the respective tasks, in accordance with national law and without prejudice to the independent assessment of the other competent authorities. While this does not imply any hierarchical superiority over other competent authorities in the exercise of their tasks, the Digital Services Coordinator should ensure the effective involvement of all relevant competent authorities and report in a timely manner on their assessment in the context of cooperation on supervision and enforcement at Union level. Furthermore, in addition to the specific mechanisms for cooperation at Union level provided for in this Regulation, the Member State should, where appropriate, ensure cooperation between the Digital Services Coordinator and other competent authorities designated at national level, through appropriate tools such as pooling of resources, joint task forces, joint investigations and mutual assistance.
(111) The Digital Services Coordinator and other competent authorities designated under this Regulation play a crucial role in ensuring the effectiveness of the rights and obligations under this Regulation and in achieving its objectives. It is therefore necessary to ensure that those authorities have the necessary means, including financial and human resources, to supervise all providers of intermediary services under their jurisdiction in the interest of all Union citizens. Given the diversity of providers of intermediary services and their use of advanced technology in the provision of their services, it is also of utmost importance that the Digital Services Coordinator and the relevant competent authorities have the necessary number of staff and experts with specialist knowledge and the necessary advanced technical means to carry out their tasks and that they independently manage the necessary financial resources for that purpose. In addition, the allocation of resources should take into account the size, complexity and potential societal impact of the providers of intermediary services under their jurisdiction and the reach of their services across the Union. This Regulation is without prejudice to the possibility for Member States to establish funding mechanisms based on a supervisory fee levied under national law in accordance with Union law on providers of intermediary services, provided that they have their main establishment in the Member State concerned, that they are strictly limited to what is necessary and proportionate to cover the costs of carrying out the tasks conferred on competent authorities under this Regulation, with the exception of tasks conferred on the Commission, and that appropriate transparency is ensured with regard to the collection and use of such supervisory fees.
(112) The competent authorities designated under this Regulation should also act fully independently from private and public entities and should not be obliged or able to seek or take instructions, including from the government, without prejudice to specific duties to cooperate with other competent authorities, the Digital Services Coordinator, the Board and the Commission. On the other hand, the independence of those authorities should not mean that they cannot be subject to proportionate accountability mechanisms with regard to the general activities of the Digital Services Coordinators, such as their financial expenditure or reporting to national parliaments, to the extent that this is in line with the national constitution and does not prejudice the achievement of the objectives of this Regulation. The requirement of independence should not prevent the exercise of judicial review or the possibility to consult or have a regular exchange of views with other national authorities, including, where appropriate, law enforcement authorities, crisis management authorities or consumer protection authorities, in order to keep each other informed of ongoing investigations, without prejudice to the exercise of their respective powers.
(113) Member States may delegate to an existing national authority the function of Digital Services Coordinator or certain tasks related to the monitoring of the application and enforcement of this Regulation, provided that that designated authority meets the requirements of this Regulation, including with regard to its independence. Moreover, Member States are not, in principle, prohibited from merging functions within an existing authority in accordance with Union law. The measures concerned may include, inter alia, a prohibition on dismissing the President or a member of an organ of an existing authority before the end of his or her term of office only for the reason that an institutional reform has been carried out combining different functions within an authority, where there are no provisions in place to ensure that such dismissals do not jeopardize the independence and impartiality of those members.
(114) Member States should allocate sufficient powers and resources to the Digital Services Coordinator and any other competent authority designated under this Regulation to ensure the effectiveness of investigations and enforcement in accordance with the tasks assigned to them. This includes the power of competent authorities to take interim measures in accordance with national law where there is a risk of serious harm. Those interim measures, which may include orders to terminate or remedy a particular alleged infringement, should not go beyond what is necessary to ensure that serious harm is prevented pending the final decision. In particular, the Digital Services Coordinator should be able to investigate and obtain information located on its territory, including in the context of joint investigations, taking due account of the fact that supervisory and enforcement measures in relation to providers under the jurisdiction of another Member State or the Commission should be decided by the Digital Services Coordinator of that other Member State, where appropriate in accordance with the procedures for cross-border cooperation, or by the Commission, where appropriate.
(115) Member States should set out in detail in their national law the conditions and limits for the exercise of the investigatory and enforcement powers of their Digital Services Coordinators and, where appropriate, other competent authorities under this Regulation, while respecting the provisions of Union law, in particular this Regulation and the Charter.
(116) In exercising those powers, the competent authorities should comply with the applicable national procedural and substantive rules, including, for example, the obligation to obtain judicial authorization before entering certain premises and to respect the privileges of legal practitioners. In particular, these provisions should ensure respect for the fundamental rights to an effective remedy and to a fair trial, including the rights of the defense, and the right to respect for private life. The safeguards provided for the Commission’s procedures under this Regulation could serve as an appropriate point of reference in this context. A fair and impartial procedure should be guaranteed before any final decision is taken, including the right of the persons concerned to be heard and to have access to the file, while respecting confidentiality and professional and commercial secrecy and providing meaningful reasons for decisions. However, this should not preclude emergency measures in duly justified cases and subject to appropriate conditions and procedural arrangements. Furthermore, the exercise of powers should, inter alia, be proportionate to the nature of the infringement or suspected infringement and the overall actual or potential damage caused. The competent authorities should take into account all relevant facts and circumstances of the case, including information obtained from competent authorities of other Member States.
(117) Member States should ensure that infringements of the obligations under this Regulation can be sanctioned in an effective, proportionate and dissuasive manner, taking into account the nature, gravity, frequency and duration of the infringement, the public interest pursued, the scale and nature of the activities carried out and the economic capacity of the offender. In particular, penalties should take into account whether the provider of intermediary services concerned systematically or repeatedly fails to comply with its obligations under this Regulation and, where applicable, the number of users concerned, whether it has acted intentionally or negligently and whether it operates in more than one Member State. Where this Regulation provides for a maximum amount of fines or periodic penalty payments, that maximum amount should apply to each individual infringement of this Regulation and without prejudice to the adjustment of fines and periodic penalty payments for specific infringements. Member States should ensure that fines or periodic penalty payments imposed for infringements are effective, proportionate and dissuasive in each individual case by laying down national rules and procedures in accordance with this Regulation, taking into account all criteria relating to the general conditions for the imposition of fines or periodic penalty payments.
(118) In order to ensure effective enforcement of the obligations laid down in this Regulation, natural persons or representative organizations in the territory where they have received the service should be able to submit any complaint regarding compliance with those obligations to the Digital Services Coordinator, without prejudice to the rules of this Regulation on the allocation of responsibilities and the applicable rules on the handling of complaints in accordance with national principles of good administration. Complaints could provide a factual overview of concerns regarding compliance with the Regulation by a particular provider of intermediary services and could also provide information on cross-cutting issues for the Digital Services Coordinator. The Digital Services Coordinator should involve other national competent authorities and, where cross-border cooperation is required, the Digital Services Coordinator of another Member State, in particular the coordinator of the Member State where the provider of intermediary services concerned is established.
(119) Member States should ensure that Digital Services Coordinators are able to take effective and proportionate measures to address certain particularly serious and persistent infringements of this Regulation. In particular, where those measures may affect the rights and interests of third parties, which may be the case in particular in the case of restrictions on access to online interfaces, it should be ensured that the measures are subject to further safeguards. In particular, third parties that may be affected should have the right to be heard and such orders should only be issued where no powers to take such measures are adequately available under other Union or national law, for example to protect the collective interests of consumers, to ensure the prompt removal of websites containing or disseminating child pornography or to prevent access to services that are misused by third parties for infringements of intellectual property rights.
(120) Such an access restriction order should not go beyond what is necessary to achieve its objective. It should therefore be limited in time and should in principle be addressed to an intermediary service provider, such as the hosting or internet service provider, registry or domain name registrar concerned, as those entities are reasonably able to achieve that objective without unduly restricting access to lawful information.
(121) Without prejudice to the provisions on the exclusion of liability under this Regulation in relation to information transmitted or stored at the request of a user, the provider should be liable for any damage suffered by users of the services caused by breaches by the relevant provider of intermediary services of the obligations laid down in this Regulation. Such compensation should be provided in accordance with the rules and procedures of the applicable national law and without prejudice to other remedies available under consumer protection rules.
(122) For example, the Digital Services Coordinator should publish on its website regular reports on the activities carried out in accordance with this Regulation. In particular, the report should be published in a machine-readable format and should include an overview of the complaints received and the follow-up to them, such as the total number of complaints received and the number of complaints that led to the opening of a formal investigation or to referral to other Digital Services Coordinators, but should not include personal data. As the Digital Services Coordinator is also informed through the information exchange system of orders to take action against illegal content or to provide information in accordance with this Regulation, it should also indicate in its annual report the number and categories of such orders issued by judicial and administrative authorities to providers of intermediary services in its Member State.
(123) In the interests of clarity, simplicity and effectiveness, the powers to supervise and enforce the obligations under this Regulation should be conferred on the competent authorities of the Member State where the main establishment of the provider of intermediary services is located, that is to say, where the provider has its head office or registered office, where the main financial functions and operational control are exercised. Providers that are not established in the Union but provide services in the Union and therefore fall within the scope of this Regulation should, given the role of legal representatives under this Regulation, be subject to the jurisdiction of the Member State where they have appointed their legal representative. However, in order to ensure the effective application of this Regulation, all Member States or, where applicable, the Commission should be competent where providers have not appointed a legal representative. That competence may be assumed by one of the competent authorities or the Commission, provided that the provider is not subject to enforcement proceedings by another competent authority or the Commission in respect of the same facts. In order to ensure compliance with the ne bis in idem principle and, in particular, to avoid that the same breach of the obligations laid down in this Regulation is sanctioned more than once, any Member State intending to exercise its competence in respect of such providers should immediately inform all other authorities, including the Commission, through the information exchange system established for the purposes of this Regulation.
(124) Given their potential impact and the challenges associated with their effective supervision, specific rules are needed for the supervision and enforcement of providers of very large online platforms and very large online search engines. The Commission, assisted where appropriate by national competent authorities, should be responsible for the supervision and public enforcement of systemic aspects, such as aspects with a wide-ranging impact on the collective interests of users. Therefore, the Commission should have exclusive competence to monitor and enforce the additional obligations relating to the management of systemic risks imposed on providers of very large online platforms and very large online search engines under this Regulation. The exclusive competence of the Commission should be without prejudice to certain administrative tasks conferred on the competent authorities of the Member State of establishment under this Regulation, such as the prior checking of researchers.
(125) The responsibility for monitoring and enforcing due diligence obligations other than the additional obligations relating to the management of systemic risk imposed on providers of very large online platforms and very large online search engines under this Regulation should lie with both the Commission and the national competent authorities. On the one hand, the Commission could in many cases be in a better position to address systemic infringements by these providers, such as those affecting several Member States, serious repeated infringements or the failure to put in place effective mechanisms required by this Regulation. On the other hand, competent authorities in the Member State where the main establishment of a provider of a very large online platform or a very large online search engine is located might be better placed to address individual infringements by those providers that do not cause systemic or cross-border problems. In the interests of efficiency, to avoid duplication of work and to ensure compliance with the ne bis in idem principle, it should be for the Commission to assess whether it considers it appropriate to exercise those shared competences in a given case and, once it has initiated proceedings, Member States should no longer be able to do so. Member States should cooperate closely both with each other and with the Commission, and the Commission should cooperate closely with the Member States, to ensure that the system of supervision and enforcement established by this Regulation functions smoothly and is effective.
(126) The rules of this Regulation on the attribution of jurisdiction should be without prejudice to the provisions of Union law and national rules of private international law on jurisdiction and applicable law in civil and commercial matters, such as actions brought by consumers before the courts of the Member State in which they are domiciled, in accordance with the relevant provisions of Union law. As regards the obligation imposed by this Regulation on providers of intermediary services to inform the issuing authority about the execution of orders to take action against illegal content and of orders to provide information, the rules on the attribution of responsibilities should only apply to the monitoring of the enforcement of that obligation and not to other matters related to the order, such as the responsibility for issuing the order.
(127) Given the cross-border and cross-sectoral nature of intermediary services, a high level of cooperation is necessary to ensure the consistent application of this Regulation and the availability of relevant information for the exercise of enforcement tasks through the information exchange system. Without prejudice to specific joint investigations, this cooperation may take different forms depending on the issues at stake. In any case, the Digital Services Coordinator at the place of establishment of a provider of intermediary services must inform the other Digital Services Coordinators of problems, investigations and measures taken in respect of that provider. In addition, where a competent authority in a Member State holds relevant information for an investigation carried out by the competent authorities in the Member State of establishment, or is able to collect such information located on its territory to which the competent authorities in the Member State of establishment do not have access, the Digital Services Coordinator of destination should assist the Digital Services Coordinator of establishment in a timely manner, including by exercising its investigatory powers in accordance with applicable national procedures and the Charter. The addressee of those investigative measures should comply with them and be liable for non-compliance, and the competent authorities in the Member State of establishment should be able to use the information collected through mutual assistance to ensure compliance with this Regulation.
(128) The Digital Services Coordinator of destination should be able to request the Digital Services Coordinator of establishment to take investigatory or enforcement measures in relation to a provider under its jurisdiction, in particular on the basis of complaints received or, where appropriate, input from other national competent authorities or the Board in the case of matters involving at least three Member States. Such requests for action should be based on substantiated evidence demonstrating the existence of an alleged infringement with a negative impact on the collective interests of the users of the service in the Member State concerned or with a negative impact on society. The Digital Services Coordinator of establishment should be able to rely on mutual assistance or ask the Digital Services Coordinator that made the request for a joint investigation if further information is needed to take a decision, without prejudice to the possibility to ask the Commission to assess the matter if there is reason to believe that there may be a systematic infringement by a very large online platform or search engine.
(129) The panel should be able to refer the matter to the Commission where there is disagreement as to the assessments or the measures taken or proposed, or where no measures could be agreed following a request for cross-border cooperation or a joint investigation in accordance with this Regulation. Where the Commission considers, on the basis of the information provided by the authorities concerned, that the proposed measures, including the proposed level of fines, cannot ensure the effective enforcement of the obligations laid down in this Regulation, it should be able to express its serious doubts accordingly and request the relevant Digital Services Coordinator to reassess the matter and take the necessary measures to ensure compliance with this Regulation within a specified period of time. This possibility is without prejudice to the Commission’s general task of monitoring and, where necessary, enforcing the application of Union law under the control of the Court of Justice of the European Union in accordance with the Treaties.
(130) In order to facilitate cross-border supervisory activities and investigations in relation to the obligations laid down in this Regulation involving several Member States, Digital Services Coordinators of establishment should be able to invite other Digital Services Coordinators through the information exchange system to participate in a joint investigation in relation to an alleged infringement of this Regulation. Other Digital Services Coordinators and, where appropriate, other competent authorities should be able to participate in the joint investigation proposed by the Digital Services Coordinator of establishment, unless the latter considers that an excessive number of participating authorities, taking into account the characteristics of the alleged infringement and the absence of direct impact on users in those Member States, could hamper the effectiveness of the investigation. Joint investigation activities may include a variety of measures to be coordinated by the Digital Services Coordinator of establishment in accordance with the availabilities of the participating authorities, such as coordinated data collection, pooling of resources, task forces, coordinated requests for information or joint inspections of premises. All competent authorities participating in a joint investigation should cooperate with the Digital Services Coordinator of establishment, including by exercising their investigative powers on their territory in accordance with applicable national procedures. The joint investigation should be concluded within a specified time limit with a final report taking into account the contributions of all participating competent authorities. Furthermore, if requested by at least three Digital Services Coordinators of destination, the Panel may recommend to a Digital Services Coordinator of establishment to launch a joint investigation and provide guidance on its organization. In order to avoid deadlocks, the Panel should be able to refer the matter to the Commission in certain cases, for example if the Digital Services Coordinator of establishment refuses to initiate the investigation and the Panel does not agree with the reasoning.
(131) In order to ensure uniform application of this Regulation, it is necessary to establish an independent advisory group at Union level, a European Digital Services Board, to assist the Commission and to contribute to the coordination of the activities of the Digital Services Coordinators. The Board should include the Digital Services Coordinators, where appointed, but the Digital Services Coordinators should have the possibility to invite or appoint, on an ad hoc basis, representatives of other competent authorities that have been assigned specific tasks under this Regulation to attend meetings where this is required by the allocation of tasks and responsibilities at national level. Where several persons from a Member State participate, voting rights should be limited to one representative per Member State.
(132) The Board should contribute to developing a common Union view with a view to a consistent application of this Regulation and support cooperation between competent authorities, for example by advising the Commission and the Digital Services Coordinators on appropriate investigation and enforcement measures, in particular with regard to providers of very large online platforms or very large online search engines and with particular regard to the freedom of providers of intermediary services to provide services across the Union. The Board should also contribute to the development of relevant templates and codes of conduct and to the analysis of emerging general trends in the development of digital services in the Union, including by issuing opinions or recommendations on issues related to standards.
(133) To that end, the Board should be able to issue opinions, requests and recommendations to the Digital Services Coordinators or other competent national authorities. Although these are not legally binding, a decision to deviate from them should be duly justified and could be taken into account by the Commission when assessing the compliance of the Member State concerned with this Regulation.
(134) The Board should include representatives of the Digital Services Coordinators and, where appropriate, other competent authorities and should be chaired by the Commission in order to assess the matters submitted to it from a broad European perspective. In view of possible broader aspects that may also be relevant for other regulatory frameworks at Union level, the Board should be able to cooperate with other Union bodies, offices, agencies and advisory groups active, for example, in the areas of equal treatment, including gender equality and non-discrimination, data protection, electronic communications, audiovisual services, detection and investigation of fraud against the Union budget in relation to customs, consumer protection or competition law, to the extent necessary for the performance of its tasks.
(135) The Commission should chair the panel but should not have voting rights. Through the chairmanship, the Commission should ensure that the agenda of the meetings is set in accordance with the requests of the members of the panel, the rules of procedure and the tasks of the panel set out in this Regulation.
(136) To support the activities of the panel, it should be able to draw on the knowledge and human resources of the Commission and the competent national authorities. The specific operational arrangements for the internal functioning of the panel should be laid down in the rules of procedure of the panel.
(137) As very large online platforms or very large online search engines are significant in terms of their reach and impact, the lack of compliance with their specific obligations could have an impact on a significant number of users in different Member States and lead to major societal harm; at the same time, such lack of compliance may be particularly difficult to detect and address. For this reason, the Commission, in cooperation with the Digital Services Coordinators and the Panel, should develop Union expertise and capacity in relation to the supervision of very large online platforms and very large online search engines. The Commission should therefore be able to coordinate those authorities and draw on their expertise and resources, for example by analyzing, on a permanent or temporary basis, specific trends or problems that arise in relation to one or more very large online platforms or very large online search engines. Member States should cooperate with the Commission in the development of such capabilities, including, where appropriate, by seconding staff, and contribute to the creation of a common Union supervisory capacity. In order to develop expertise and capacity at Union level, the Commission may also make use of the expertise and capacity of the Online Platform Economy Observatory established by the Commission Decision of 26 April 2018 setting up the Online Platform Economy Observatory Expert Group, relevant expert panels and centers of excellence. The Commission may invite experts with specific expertise, including in particular accredited researchers, representatives of Union agencies and bodies, industry representatives, user associations or civil society associations, international organizations, private sector experts and other stakeholders.
(138) The Commission should be able to investigate infringements on its own initiative in accordance with the powers provided for in this Regulation, including by requesting access to data, by requesting information or by carrying out inspections, and by making use of the assistance of the Digital Services Coordinators. Where the monitoring by national competent authorities of individual suspected infringements by providers of very large online platforms or very large online search engines indicates systemic problems, such as problems with a wide-ranging impact on the collective interests of the users of the service concerned, Digital Services Coordinators should have the possibility to refer those problems to the Commission on the basis of a duly reasoned request. Such a request should at least contain all the necessary facts and circumstances supporting the alleged infringement and its systemic nature. Depending on the outcome of its own assessment, the Commission should be able to take the necessary investigatory and enforcement measures in accordance with this Regulation, including, where appropriate, the opening of an investigation or the taking of interim measures.
(139) In order to carry out its tasks effectively, the Commission should have discretion as regards the decision to initiate proceedings against providers of very large online platforms or very large online search engines. Once the Commission has initiated the proceedings, the Digital Services Coordinators of establishment should be prohibited from exercising their investigatory and enforcement powers in respect of the conduct in question of the very large online platform provider or very large online search engine provider concerned, in order to avoid duplication, inconsistency and risks from the perspective of the ne bis in idem principle. However, the Commission should be able to request individual or joint contributions from Digital Services Coordinators to the investigation. In line with the duty of sincere cooperation, the Digital Services Coordinator should make every effort to comply with reasonable and proportionate requests from the Commission in the context of an investigation. In addition, the Digital Services Coordinator of establishment as well as the Board and, where applicable, any other Digital Services Coordinator should provide the Commission with all necessary information and assistance to enable it to carry out its tasks effectively, including information collected in the context of data collection or data access, unless precluded by the legal basis on which the information was collected. In turn, the Commission should inform the Digital Services Coordinator of establishment and the Board of the exercise of its powers, in particular when it intends to initiate proceedings and exercise its investigatory powers. In addition, when the Commission communicates its preliminary findings, including the issues on which it raises objections, to the providers of a very large online platform or a very large online search engine concerned, it should also communicate them to the Panel. The panel should express its views on the Commission’s objections and assessments and the Commission should take those views into account when justifying its final decision.
(140) As measures to ensure compliance with this Regulation by providers of very large online platforms or very large online search engines can be particularly challenging, and at the same time effective measures are very important in view of their scale and impact and the possible resulting harm, the Commission should have effective investigatory and enforcement powers to take investigatory, enforcement and supervisory measures in relation to compliance with the provisions of this Regulation, taking full account of the fundamental right to be heard and to have access to the file in the context of the enforcement procedure, the principle of proportionality and the rights and interests of the parties involved.
(141) The Commission should be able to request the information necessary to ensure the effective implementation of and compliance with the obligations laid down in this Regulation throughout the Union. In particular, the Commission should have access to all relevant documents, data and information necessary to initiate and conduct investigations and to monitor compliance with the relevant obligations laid down in this Regulation, irrespective of whose possession the documents, data or information concerned are and irrespective of their form or format, their storage medium or the exact location where they are stored. The Commission should be able to require the provider of a very large online platform or a very large online search engine concerned and, where applicable, any other natural or legal person acting for purposes relating to its trade, business, craft or profession who is likely to have knowledge of information relating to the alleged infringement or the infringement, to provide it directly with all relevant evidence, data and information by means of a duly justified request for information. In addition, the Commission should be able to obtain relevant information for the purposes of this Regulation from any authority, body or agency within the Member State. The Commission should be able to request access to and explanations of documents, data, information, databases and algorithms of relevant persons, through the exercise of investigatory powers such as requests for information or interviews, and to interview, with their consent, any natural or legal person who may possess useful information and to record the statements made by any technical means. The Commission should also be empowered to carry out the inspections necessary for the enforcement of the relevant provisions of this Regulation. Those investigatory powers should complement the possibility for the Commission to request assistance from Digital Services Coordinators and other Member State authorities, for example by providing information or exercising its powers.
(142) Provisional measures can be an important tool to ensure that the infringement under investigation does not result in a risk of serious harm to users during an investigation. They are an important means of avoiding developments which would be very difficult to reverse by a Commission decision at the end of the procedure. The Commission should therefore be empowered to impose interim measures by decision in the context of proceedings initiated with a view to the possible adoption of a non-compliance decision. That power should apply in cases where the Commission has prima facie clearly established a breach by the provider of a very large online platform or a very large online search engine of the obligations under this Regulation. A decision imposing interim measures should only apply for a limited period of time, either until the conclusion of the proceedings by the Commission or for a fixed period that is renewable where necessary and appropriate.
(143) The Commission should be able to take appropriate measures to monitor the effective implementation of and compliance with the obligations laid down in this Regulation. It should be possible to appoint independent external experts and auditors to assist the Commission in this task, including, where appropriate, experts from competent authorities of the Member States, such as data protection or consumer protection authorities. The Commission should ensure sufficient rotation in the appointment of auditors.
(144) Compliance with the relevant obligations under this Regulation should be enforceable by means of fines and periodic penalty payments. To that end, fines and periodic penalty payments should be set at an appropriate level also for non-compliance with procedural obligations and provisions, subject to appropriate limitation periods, in accordance with the principles of proportionality and double jeopardy. The Commission and the relevant national authorities should coordinate their enforcement efforts to ensure that these principles are respected. In particular, the Commission should take into account any fines and penalties imposed on the same legal person by way of a final decision in proceedings for an infringement of other Union or national rules relating to the same facts, in order to ensure that the total fines and penalties imposed are proportionate and correspond to the gravity of the infringement committed. All decisions taken by the Commission on the basis of this Regulation are subject to review by the Court of Justice of the European Union in accordance with the TFEU. The Court of Justice of the European Union should have unlimited jurisdiction to review fines and periodic penalty payments in accordance with Article 261 TFEU.
(145) Given the potential significant societal impact of an infringement of the additional obligations relating to the management of systemic risk that apply only to very large online platforms and very large online search engines, and in order to address those regulatory concerns, a system of enhanced oversight of all measures taken to effectively terminate and remedy infringements of this Regulation is necessary. Therefore, once an infringement of any of the provisions of this Regulation that apply exclusively to very large online platforms or very large online search engines has been detected and, where necessary, sanctioned, the Commission should require the provider of such a platform or such a search engine to draw up a detailed action plan to remedy the effects of the infringement for the future and communicate that action plan to the Digital Services Coordinators, the Commission and the Board within a timeframe to be determined by the Commission. The Commission should determine, taking into account the opinion of the Board, whether the measures contained in the action plan are sufficient to remedy the infringement, including whether compliance with the relevant codes of conduct is among the measures proposed. The Commission should also monitor any subsequent action taken by the provider of a very large online platform or very large online search engine concerned in accordance with its action plan, taking into account, inter alia, an independent audit of the provider. If, after the implementation of the action plan, the Commission still considers that the infringement has not been fully remedied, or if the action plan has not been submitted or if it considers the action plan to be inappropriate, it should be able to take all investigatory and enforcement measures in accordance with this Regulation, including the power to impose periodic penalty payments and to initiate proceedings to block access to the service concerned.
(146) The provider of a very large online platform or a very large online search engine concerned and other persons who are affected by the exercise of the Commission’s powers and whose interests could be affected by a decision should be given the opportunity to comment before the decision is adopted and the decisions adopted should be widely publicized. In addition to safeguarding the rights of defense of the parties involved, in particular the right of access to the file, the protection of confidential information is also essential. In addition, the Commission should ensure that all information on which its decision is based is published to an extent that enables the addressee of the decision to understand the underlying facts and considerations, while respecting the confidentiality of the information.
(147) In order to ensure the uniform application and enforcement of this Regulation, it is necessary to ensure that national authorities, including national courts, have all the information necessary to ensure that their decisions do not conflict with a decision adopted by the Commission under this Regulation. This is without prejudice to Article 267 TFEU.
(148) The effective enforcement and monitoring of this Regulation requires a seamless exchange of information in real time between the Digital Services Coordinators, the Board and the Commission based on the information flows and procedures set out in this Regulation. This may also justify access to the system by other competent authorities, where appropriate. At the same time, as the information exchanged may be confidential or contain personal data, it should remain protected from unauthorized access, in accordance with the purposes for which the information was collected. Therefore, any communication between those authorities should be based on a reliable and secure information exchange system, the details of which should be laid down in an implementing act. The information exchange system may be based on existing internal market instruments in so far as they can meet the objectives of this Regulation in a cost-effective manner.
(149) Without prejudice to the right of users to have recourse to a representative in accordance with Directive (EU) 2020/1828 of the European Parliament and of the Council (33) or to any other type of representation under national law, users should also have the right to mandate a legal person or a public body to exercise their rights under this Regulation. Such rights may include rights relating to the submission of notifications, to challenge the decisions of providers of intermediary services and to lodge complaints against providers for infringements of this Regulation. Certain bodies, organizations and associations have particular expertise and competence in detecting and reporting erroneous or unjustified content moderation decisions, and their complaints on behalf of the users of the service concerned can have a positive impact on freedom of expression and freedom of information in general. Online platform providers should therefore deal with these complaints promptly.
(150) In the interests of effectiveness and efficiency, the Commission should carry out a general evaluation of this Regulation. That general evaluation should address, inter alia, the scope of the services covered by this Regulation, the interaction with other acts, the impact of this Regulation on the functioning of the internal market, in particular with regard to digital services, the implementation of the codes of conduct, the obligation to designate a legal representative established in the Union, the impact of the obligations on small and micro-enterprises, the effectiveness of the monitoring and enforcement mechanism, and the impact on the right to freedom of expression and information. In order to avoid disproportionate burdens and to ensure the continued effectiveness of this Regulation, the Commission should also carry out an assessment of the impact of the obligations contained in this Regulation on small and medium-sized enterprises within three years of its application and an assessment of the scope of the services covered by this Regulation, in particular for very large online platforms and for very large online search engines, and of the interaction with other legal acts within three years of its entry into force.
(151) In order to ensure uniform conditions for the implementation of this Regulation, implementing powers should be conferred on the Commission to lay down templates for the form, content and other details of content moderation reports, to determine the amount of the annual supervisory fee for very large online platform providers and very large online search engines and to lay down the practical arrangements for the initiation of proceedings, the hearings and negotiated disclosure of information carried out in relation to the supervision, investigation, enforcement and monitoring of very large online platform providers and very large online search engines, as well as the practical and operational modalities for the functioning of the information exchange system and its interoperability with other relevant systems. Those powers should be exercised in accordance with Regulation (EU) No 182/2011 of the European Parliament and of the Council (34).
(152) In order to achieve the objectives of this Regulation, the power to adopt acts in accordance with Article 290 TFEU should be delegated to the Commission in respect of supplementing this Regulation with regard to the criteria for the designation of very large online platforms and very large online search engines, the procedural steps, the assessment methods and reporting templates for the assessments, the technical specifications for access requests and the detailed methodology and procedures for setting the supervisory fee. It is of particular importance that the Commission carry out appropriate consultations during its preparatory work, including at expert level, in accordance with the principles laid down in the Interinstitutional Agreement of 13 April 2016 on Better Law-Making (35). In particular, to ensure equal participation in the preparation of delegated acts, the European Parliament and the Council receive all documents at the same time as Member States’ experts, and their experts systematically have access to meetings of Commission expert groups dealing with the preparation of delegated acts.
(153) This Regulation respects the fundamental rights recognized by the Charter of Fundamental Rights of the European Union and fundamental rights which constitute general principles of Union law. This Regulation should therefore be interpreted and applied in accordance with those fundamental rights, including freedom of expression and information and freedom and pluralism of the press. When exercising the powers provided for in this Regulation, all authorities involved should, in accordance with the principle of proportionality, take into account the rights concerned in a balanced manner where there is a conflict between different fundamental rights.
(154) Given the scale and impact of societal risks that can be caused by very large online platforms and very large online search engines, the need to address those risks as a matter of priority and the capacity to take necessary measures, it is justified to limit the timeframe after which this Regulation starts to apply to providers of such services.
(155) Since the objectives of this Regulation, namely to contribute to the proper functioning of the internal market and to create a safe, predictable and trusted online environment in which the fundamental rights enshrined in the Charter are adequately protected, cannot be sufficiently achieved by the Member States, since they cannot achieve the necessary harmonization, cooperation and coordination on their own, but can rather, by reason of the territorial and personal scope, be better achieved at Union level, the Union may adopt measures, in accordance with the principle of subsidiarity as set out in Article 5 of the Treaty on European Union. In accordance with the principle of proportionality, as set out in that Article, this Regulation does not go beyond what is necessary in order to achieve those objectives.
(156) The European Data Protection Supervisor has been consulted in accordance with Article 42(1) of Regulation (EU) 2018/1725 of the European Parliament and of the Council (36) and delivered an opinion on 10 February 2021 (37) – # CHAPTER I GENERAL PROVISIONS
(2) This Regulation lays down harmonized rules for the provision of intermediary services in the internal market. In particular, it lays down the following:
a) a framework for the conditional exemption from liability of providers of intermediary services;
(b) rules on specific due diligence obligations tailored to certain categories of providers of intermediary services;
(c) rules on the implementation and enforcement of this Regulation, including cooperation and coordination between competent authorities.
(2) This Regulation shall not apply to services which are not intermediary services, nor to requirements imposed on such a service, irrespective of whether the service is provided through the use of an intermediary service.
(3) This Regulation shall not affect the application of Directive 2000/31/EC.
(4) This Regulation shall be without prejudice to the provisions of other Union acts regulating other aspects of the provision of intermediary services in the internal market or specifying and supplementing this Regulation, in particular the following:
a) Directive 2010/13/EU,
(b) Union rules in the field of copyright and related rights,
c) Regulation (EU) 2021/784,
d) Regulation (EU) 2019/1148,
e) Regulation (EU) 2019/1150,
(f) Union legislation in the field of consumer protection and product safety, including Regulations (EU) 2017/2394 and (EU) 2019/1020 and Directives 2001/95/EC and 2013/11/EU,
g) the Union provisions on the protection of personal data, in particular Regulation (EU) 2016/679 and Directive 2002/58/EC,
(h) Union rules in the area of judicial cooperation in civil matters, in particular Regulation (EU) No 1215/2012 or Union acts laying down the law applicable to contractual and non-contractual obligations,
(i) Union rules in the area of judicial cooperation in criminal matters, in particular a Regulation on European Production and Preservation Orders for electronic evidence in criminal matters,
(j) a directive laying down uniform rules on the appointment of legal representatives for the purpose of gathering evidence in criminal proceedings.
(a) ‘information society service’ means a service as defined in point (b) of Article 1(1) of Directive (EU) 2015/1535
(b) ‘user’ means any natural or legal person who makes use of an intermediary service, in particular to obtain or access information;
(c) ‘consumer’ means any natural person who is acting for purposes which are outside his trade, business, craft or profession;
(d) ‘providing services in the Union’ means enabling natural or legal persons in one or more Member States to use the services of a provider of intermediary services that has a substantial connection with the Union;
(e) ’substantial connection with the Union’ means a connection of a provider of intermediary services with the Union either by virtue of its establishment in the Union or on the basis of specific factual criteria such as
- a significant number of users in one or more Member States in relation to its or their population; or
- the targeting of activities to one or more Member States;
(f) ‘entrepreneur’ means any natural or legal person, whether privately or publicly owned, acting for purposes relating to his trade, business, craft or profession, whether by himself or through another person acting in his name or on his behalf;
(g) ’switching service’ means any of the following information society services:
(i) ‘mere transit’, which consists of transmitting information provided by a user in a communications network or providing access to a communications network,
ii) a “caching” service, which consists of transmitting information provided by a user in a communication network, whereby an automatic, time-limited intermediate storage of this information takes place for the sole purpose of making the transmission of the information to other users more efficient at their request,
iii) a “hosting” service, which consists of storing information provided by a user on their behalf;
(h) ‘unlawful content’ means any information which, as such or by its reference to an activity, including the sale of products or the provision of services, does not comply with Union law or the law of a Member State, irrespective of the precise subject matter or nature of the legislation concerned;
(i) ‘online platform’ means a hosting service which stores and publicly disseminates information on behalf of a user, provided that this activity is not merely an insignificant and purely ancillary function of another service or an insignificant function of the main service which, for objective and technical reasons, cannot be used without that other service, and provided that the integration of the ancillary or insignificant function into the other service is not intended to circumvent the applicability of this Regulation;
(j) ‘online search engine’ means a mediation service that allows users to enter queries in the form of a keyword, phrase, group of words or other input to perform a search in principle on all websites or on all websites in a given language on any subject and to obtain results in any format in which information related to the requested content can be found;
(k) ‘public dissemination’ means the making available of information to a potentially unlimited number of third parties on behalf of the user who provided the information;
(l) ‘distance contract’ means a distance contract within the meaning of Article 2(7) of Directive 2011/83/EU;
(m) ‘online interface’ means software, including websites or parts thereof and applications, including mobile apps;
(n) ‘Digital Services Coordinator of establishment’ means the Digital Services Coordinator of the Member State in which the head office of a provider of an intermediary service is located or in which its legal representative is resident or established;
(o) ‘Digital Services Coordinator of destination’ means the Digital Services Coordinator of a Member State where the switching service is provided;
(p) ‘active user of an online platform’ means a user of the service who uses an online platform by requesting the online platform to provide information or who is exposed to the content of the online platform that it makes available and distributes via its online interface;
(q) ‘active user of an online search engine’ means a user of the service who submits a search query to an online search engine and is exposed to the indexed information presented on its online interface;
(r) ‘advertising’ means information which is intended to disseminate the message of a legal or natural person, whether for commercial or non-commercial purposes, and which is presented by an online platform on its online interface for a fee specifically to publicize that information;
(s) ‘recommendation system’ means a fully or partially automated system used by an online platform to suggest or prioritize certain information to users on its online interface, including as a result of a search initiated by the user, or which otherwise determines the relative order or prominence of the information displayed;
(t) ‘content moderation’ means the activities of intermediary service providers, whether automated or not, aimed at identifying, detecting and combating, in particular, illegal content or information provided by users that is incompatible with the provider’s terms and conditions, including measures related to the availability, display and accessibility of the illegal content or information, such as downgrading, demonetization, disabling access or removal, or related to the ability of users to provide such information, such as closing or suspending a user’s account. e.g. downgrading, demonetization, blocking of access or removal, or in relation to the ability of users to provide such information, e.g. closure or suspension of a user’s account;
(u) ‘general terms and conditions’ means all clauses, regardless of their name or form, governing the contractual relationship between the provider of intermediary services and the users;
(v) ‘persons with disabilities’ means persons with disabilities as defined in point (1) of Article 3 of Directive (EU) 2019/882 of the European Parliament and of the Council (38);
(w) ‘commercial communication’ means commercial communication as defined in Article 2(f) of Directive 2000/31/EC;
(x) ‘turnover’ means the turnover achieved by an undertaking within the meaning of Article 5(1) of Council Regulation (EC) No 139/2004 (39).
a) does not initiate the transfer,
b) does not select the addressee of the transmitted information and
c) does not select or change the transmitted information.
(2) The transmission of information and the provision of access in accordance with paragraph 1 shall also include the automatic temporary intermediate storage of the transmitted information, provided that this is only done to carry out the transmission in the communications network and the information is not stored for longer than is normally necessary for the transmission.
(3) This Article shall be without prejudice to the possibility for a judicial or administrative authority under the law of a Member State to require the service provider to bring an infringement to an end or to prevent it.
a) it does not change the information,
b) it observes the conditions for access to the information,
c) it observes the rules for updating information that are widely recognized and used in the industry,
(d) it does not interfere with the acceptable use of information collection technologies that are widely recognized and used in the industry; and
(e) it acts expeditiously to remove or disable access to information it has stored as soon as it has actual knowledge that the information has been removed from the network or access to it has been disabled at the original source of the transmission or has been ordered to be removed or disabled by a judicial or administrative authority.
(2) This Article shall be without prejudice to the possibility for a judicial or administrative authority under the law of a Member State to require the service provider to bring an infringement to an end or to prevent it.
a) has no actual knowledge of any unlawful activity or unlawful content and is not aware of any facts or circumstances from which unlawful activity or unlawful content is evident in relation to claims for damages, or
b) as soon as it becomes aware of this knowledge or awareness, it acts swiftly to block access to the illegal content or to remove it.
(2) Paragraph 1 does not apply if the user is under the control or supervision of the service provider.
(3) Paragraph 1 shall not apply to the consumer protection liability of online platforms that enable consumers to conclude distance contracts with traders if the online platform presents the specific individual information or otherwise facilitates the individual transaction in question in such a way that an average consumer can assume that the information or the product or service that is the subject of the transaction is provided either by the online platform itself or by a user under its control.
(4) This Article shall be without prejudice to the possibility for a judicial or administrative authority under the law of a Member State to require the service provider to bring an infringement to an end or to prevent it.
(2) Member States shall ensure that an order referred to in paragraph 1 meets at least the following conditions when transmitted to the service provider:
(a) this order contains the following:
(i) an indication of the legal basis under Union or national law for the order,
(ii) a justification as to why the information constitutes illegal content, with reference to one or more specific provisions of Union or national law in accordance with Union law,
(iii) information identifying the issuing authority,
(iv) clear information enabling the intermediary service provider to identify and locate the illegal content concerned, such as one or more precise URL addresses, and, where necessary, further information,
(v) information on redress mechanisms available to the provider of intermediary services and the user who provided the content,
(vi) where appropriate, details of the authority to be informed of the execution of the order;
(b) the territorial scope of this Order is limited to what is strictly necessary to achieve its objective, on the basis of the applicable rules of Union and national law, including the Charter, and, where applicable, general principles of international law;
(c) that order is transmitted in one of the languages indicated by the provider of intermediary services in accordance with Article 11(3) or in another official language of the Member States agreed between the issuing authority and that provider and sent to the electronic contact point designated by that provider in accordance with Article 11; where the order is not in the language specified by the provider of intermediary services or in another bilaterally agreed language, the order may be transmitted in the language of the issuing authority, provided that it is accompanied by at least a translation of the elements referred to in points (a) and (b) of this paragraph into such a specified or bilaterally agreed language.
(3) The authority issuing the order or the authority that may be specified therein shall transmit it, together with any information received from the provider of intermediary services on the execution of that order, to the Digital Services Coordinator in the Member State of the issuing authority.
(4) Upon receipt of the order from the judicial or administrative authority, the Digital Services Coordinator of the Member State concerned shall immediately transmit a copy of the order referred to in paragraph 1 to all other Digital Services Coordinators through the system established under Article 85.
(5) At the latest at the time of compliance with the order or, where applicable, at the time specified by the issuing authority in its order, providers of intermediary services shall inform the user concerned of the order received and its execution. This information to the user shall include a statement of reasons, the available means of redress and a description of the territorial scope of the order in accordance with paragraph 2.
(6) The conditions and requirements laid down in this Article shall be without prejudice to national civil and criminal procedural law.
(2) Member States shall ensure that an order referred to in paragraph 1 meets at least the following conditions when transmitted to the service provider:
(a) this order contains the following:
(i) an indication of the legal basis under Union or national law for the order;
(ii) information identifying the issuing authority;
(iii) clear information enabling the intermediary service provider to identify the specific recipient(s) for whom information is requested, such as one or more account names or unique identifiers;
(iv) a justification of why the information is needed and why the information injunction is necessary and proportionate to determine whether the users of the intermediary service comply with applicable Union or national law in accordance with Union law, unless such justification cannot be given for reasons of prevention, investigation, detection and prosecution of criminal offenses;
(v) information on redress mechanisms available to the service provider and the users concerned;
(vi) where appropriate, details of the authority to be informed of the execution of the order;
b) this order only obliges the service provider to provide information which it has already collected for the purpose of providing the service and which is under its control;
(c) that order is transmitted in one of the languages indicated by the provider of intermediary services in accordance with Article 11(3) or in another official language of the Member States agreed between the issuing authority and the service provider and sent to the electronic contact point designated by the provider in accordance with Article 11. Where the order is not in the language indicated by the provider of intermediary services or in another bilaterally agreed language, the order may be sent in the language of the issuing authority, provided that it is accompanied by at least a translation of the elements referred to in points (a) and (b) of this paragraph into such an indicated or bilaterally agreed language.
(3) The authority issuing the order or the authority that may be indicated therein shall transmit it to the Digital Services Coordinator in the Member State of the issuing authority, together with the information received from the provider of intermediary services on the execution of that order.
(4) Upon receipt of the order from the judicial or administrative authority, the Digital Services Coordinator of the Member State concerned shall immediately transmit a copy of the order referred to in paragraph 1 to all Digital Services Coordinators through the system established under Article 85.
(5) At the latest at the time of compliance with the order or, where applicable, at the time indicated by the issuing authority in its order, providers of intermediary services shall inform the user concerned of the receipt of the order and of its execution. This information to the user shall include a statement of reasons and the available means of redress in accordance with paragraph 2.
(6) The conditions and requirements laid down in this Article shall be without prejudice to national civil and criminal procedural law.
(2) Providers of intermediary services shall publish the information necessary to easily identify and communicate with their central contact point. This information must be easily accessible and always kept up to date.
(3) In the information referred to in paragraph 2, providers of intermediary services shall indicate the official language or languages of the Member States which, in addition to a language understood by as many citizens of the Union as possible, can be used to communicate with their contact point and which shall include at least one of the official languages of the Member State in which the provider of intermediary services has its main establishment or in which its legal representative resides or is established.
(2) In addition to the obligations laid down in Directive 2000/31/EC, providers of intermediary services shall publish the information necessary to enable users to easily identify and communicate with the central contact points of providers of intermediary services. This information shall be easily accessible and kept up to date.
(2) Providers of intermediary services shall empower their legal representatives so that they may be addressed by the competent authorities of the Member States, the Commission and the Board, in addition to or instead of the service providers, on any matter necessary for the receipt of, compliance with and enforcement of decisions under this Regulation. Providers of intermediary services shall provide their legal representative with the necessary powers and sufficient resources to cooperate effectively and in a timely manner with the competent authorities of the Member States, the Commission and the Board and to comply with decisions.
(3) It is possible to hold the designated legal representative liable for breaches of obligations under this regulation; this does not affect the liability and legal action that can be taken against the provider of intermediary services.
(4) Providers of intermediary services shall notify the name, postal address, e‑mail address and telephone number of their legal representative to the Digital Services Coordinator in the Member State where their legal representative is resident or established. They shall ensure that this information is publicly available, easily accessible, accurate and kept up to date.
(5) The appointment of a legal representative in the Union in accordance with paragraph 1 shall not be considered as establishment in the Union.
(2) Providers of intermediary services shall inform users of any significant changes to the General Terms and Conditions.
(3) If an intermediary service is primarily aimed at minors or is predominantly used by minors, the provider of intermediary services shall explain the conditions and any restrictions on the use of the service in such a way that minors can understand them.
(4) Providers of intermediary services shall apply and enforce the restrictions referred to in paragraph 1 in a diligent, objective and proportionate manner, taking into account the rights and legitimate interests of all stakeholders and the fundamental rights of users enshrined in the Charter, such as freedom of expression, freedom and pluralism of the media and other fundamental rights and freedoms.
(5) The providers of very large online platforms and very large search engines provide users with a compact, easily accessible and machine-readable summary of the general terms and conditions, including the available remedies and redress mechanisms, in clear and unambiguous language.
(6) Very large online platforms and very large online search engines within the meaning of Article 33 shall publish their terms and conditions in the official languages of all Member States in which they offer their services.
(a) for providers of intermediary services, the number of orders received from Member State authorities, including orders issued pursuant to Articles 9 and 10, broken down by the type of illegal content concerned, the Member State issuing the order and the median time taken to inform the issuing authority or the other authorities specified in the order of the receipt of the order and to comply with the order;
(b) for hosting service providers, the number of notifications made in accordance with Article 16, broken down by the type of suspected illegal content concerned, the number of notifications submitted by trusted flaggers, any action taken on the basis of the notifications, distinguishing whether this was done on a legal basis or in accordance with the provider’s terms and conditions, the number of notifications processed exclusively by automated means and the media time until action was taken;
(c) for intermediary service providers, meaningful and comprehensible information on content moderation carried out on the provider’s own initiative, including the use of automated tools, the measures taken to train and support persons responsible for content moderation, the number and type of measures taken affecting the availability, discoverability and accessibility of information provided by users and the ability of users to provide such information on the service, and other relevant restrictions on the service; the information reported is disaggregated according to the type of illegal content or violation of the service provider’s terms and conditions, the method used to detect it and the type of restriction applied;
(d) for providers of intermediary services, the number of complaints received through the internal complaint management systems in accordance with the provider’s general terms and conditions and, in addition, for providers of online platforms, in accordance with Article 20, the basis of those complaints, the decisions taken on those complaints, the time taken to reach a decision and the number of cases where those decisions were reversed.
(e) the possible use of automated means for content moderation, with a qualitative description, indicating the precise purposes, accuracy indicators and possible error rate of the automated means used in fulfilling those purposes and safeguards applied.
(2) Paragraph 1 of this Article shall not apply to providers of intermediary services which are micro or small enterprises as defined in Recommendation 2003/361/EC and which are not considered to be very large online platforms within the meaning of Article 33 of this Regulation.
(3) The Commission may adopt implementing acts laying down templates for the form, content and other details of the reports referred to in paragraph 1 of this Article, including harmonized reporting periods. Those implementing acts shall be adopted in accordance with the advisory procedure referred to in Article 88.
(2) The procedures referred to in paragraph 1 shall facilitate the submission of sufficiently accurate and duly substantiated notifications. To that end, hosting service providers shall take the necessary measures to enable and facilitate the submission of notifications containing all of the following elements:
a) a duly substantiated explanation of why the person or entity in question considers the information in question to be illegal content;
b) a clear indication of the exact electronic storage location of this information, such as the precise URL address or addresses, or, if necessary, further information relevant to the type of content and the specific type of hosting service in order to identify the illegal content;
(c) the name and e‑mail address of the reporting person or entity, unless the information is considered to relate to a criminal offense referred to in Articles 3 to 7 of Directive 2011/93/EU;
(d) a statement that the reporting person or entity has a good faith belief that the information and particulars contained in the report are accurate and complete.
(3) The notifications referred to in this Article shall have the effect of presuming actual knowledge or awareness of the individual information concerned for the purposes of Article 6 if they enable a diligent hosting service provider to determine, without detailed legal scrutiny, that the relevant activity or information is unlawful.
(4) If the report contains the electronic contact details of the reporting person or entity, the hosting service provider shall immediately send this person or entity an acknowledgement of receipt.
(5) The provider shall also inform the person or entity concerned without delay of its decision with regard to the reported information and indicate the possible legal remedies against this decision.
(6) Hosting service providers shall process all notifications they receive under the procedures referred to in paragraph 1 and shall decide on the reported information in a timely, diligent, non-arbitrary and objective manner. If they use automated means for this processing or decision-making, they shall also provide information on the use of these means in their notification in accordance with paragraph 5.
a) any restrictions on the display of certain individual information provided by the user, including removal of content, blocking of access to content or downgrading of content;
b) Suspension, termination or other restriction of cash payments;
c) Suspension or termination of all or part of the provision of the service;
d) Suspension or closure of the user’s account.
(2) Paragraph 1 shall only apply if the provider is aware of the relevant electronic contact details. It shall apply at the latest from the date on which the restriction is imposed, irrespective of why or how it was imposed.
Paragraph 1 shall not apply in the case of misleading, extensive commercial content.
(3) The justification referred to in paragraph 1 must contain at least the following information:
(a) whether the decision concerns the removal of the information, the disabling of access to the information, the downgrading of the information or the restriction of the display of the information or the suspension or termination of payments in relation to that information, or imposes other measures referred to in paragraph 1 in relation to the information, and the territorial scope of the decision, if any, and the duration of its validity;
(b) the facts and circumstances on which the decision is based, including, where appropriate, whether the decision was taken as a result of a notification made pursuant to Article 16 or as a result of a voluntary own-initiative inquiry and, where strictly necessary, the identity of the notifying person;
(c) where applicable, information as to whether automated means have been used to make the decision, including information as to whether the decision was made in relation to content identified or determined by automated means;
(d) if the decision concerns allegedly unlawful content, a reference to the legal basis and an explanation of why the information is considered to be unlawful content on that basis;
(e) if the decision is based on the alleged incompatibility of the information with the hosting service provider’s terms and conditions, a reference to the relevant contractual provision and an explanation of why the information is considered incompatible with it;
(f) clear and user-friendly information on the legal remedies available to the user against the measure, in particular – depending on the circumstances – internal complaint management procedures, out-of-court dispute resolution and judicial remedies.
(4) The information provided by hosting service providers under this Article shall be clear and easily understandable and as accurate and specific as reasonably possible under the circumstances. In particular, the information shall be such as to enable the user concerned reasonably to exercise effectively the remedies referred to in paragraph 3(f).
(5) This Article shall not apply to orders referred to in Article 9.
(2) If the hosting service provider cannot identify with sufficient certainty the Member State concerned, it shall inform the law enforcement authorities of the Member State where it is established or where its legal representative resides or is established, or Europol, or both.
For the purposes of this Article, the Member State concerned shall be the Member State in which the offense was, is or could be committed, or the Member State in which the suspect is domiciled or resident, or the Member State in which the victim is domiciled or resident.
Where undertakings lose the status of micro or small enterprises under Recommendation 2003/361/EC, this Section, with the exception of Article 24(3), shall not apply to online platform providers in the 12 months following the loss of that status under Article 4(2) of that Recommendation, unless they are very large online platforms within the meaning of Article 33.
(2) By way of derogation from paragraph 1, this Section shall apply to online platform providers that have been classified as very large online platforms within the meaning of Article 33, irrespective of whether they are microenterprises or small enterprises.
a) Decisions on whether to remove the information, block access to it or restrict the display of the information;
b) decisions on whether to suspend or terminate the provision of the service to users in whole or in part;
c) Deciding whether to suspend or close the user’s account;
d) Decisions whether to suspend or terminate monetary payments in connection with information provided by users or otherwise restrict users’ ability to monetize it.
(2) The date on which the user is notified of the decision in accordance with Article 16(5) or Article 17 shall be deemed to be the start of the period of at least six months referred to in paragraph 1 of this Article.
(3) Providers of online platforms shall ensure that their internal complaint management systems are easily accessible and user-friendly and enable and facilitate the submission of sufficiently precise and adequately substantiated complaints.
(4) Online platform providers shall handle complaints submitted through their internal complaint management system in a timely, non-discriminatory, diligent and non-arbitrary manner. If a complaint contains sufficient grounds for believing that the decision not to act on a report is unfounded or that the information to which the complaint relates is neither unlawful nor in breach of the general terms and conditions, or contains information indicating that the complainant’s conduct does not justify suspension or termination of the service or closure of the account, the online platform provider shall reverse its decision referred to in paragraph 1 without undue delay.
(5) Online platform providers shall inform complainants without undue delay of the reasoned decision they have taken in relation to the information to which the complaint relates and shall inform complainants of the possibility of out-of-court dispute resolution in accordance with Article 21 and of other available remedies.
(6) Online platform providers shall ensure that the decisions referred to in paragraph 5 are taken under the supervision of appropriately qualified personnel and not solely by automated means.
Online platform providers shall ensure that the information on the possibility for users to access out-of-court dispute resolution referred to in the first subparagraph is easily accessible on their online interface in a clear and user-friendly manner.
The first subparagraph shall be without prejudice to the right of the user concerned to take legal action at any time in accordance with applicable law to challenge the decisions of online platform providers.
(2) Both parties shall cooperate in good faith with the selected certified out-of-court dispute resolution body to resolve the dispute.
Online platform providers may refuse to cooperate with such an out-of-court dispute resolution body if a dispute concerning the same information and the same grounds for the alleged unlawfulness of the content or its alleged incompatibility with the general terms and conditions has already been settled.
The authorized out-of-court dispute resolution body is not authorized to impose binding dispute resolution on the parties.
(3) The Digital Services Coordinator of the Member State where the out-of-court dispute resolution entity is established shall accredit that entity, at its request, for a maximum period of five years, which may be extended, after the entity has demonstrated that it meets all of the following conditions:
(a) it shall be impartial and independent, including financially independent, from providers of online platforms and from users of the services provided by those platforms and also from the reporting persons or entities;
(b) it has the necessary expertise in relation to issues arising in one or more specific areas of illegal content, or in relation to the application and enforcement of the terms and conditions of one or more types of online platforms, so that the body can contribute effectively to the resolution of a dispute;
c) its members are remunerated in a manner that is not related to the outcome of the proceedings;
(d) the out-of-court dispute resolution offered is easily accessible by electronic means of communication and it is possible to initiate the dispute resolution online and submit the necessary relevant documents online;
(e) it is able to resolve disputes quickly, efficiently and cost-effectively in at least one of the official languages of the institutions of the Union;
(f) the out-of-court dispute resolution offered follows clear and fair procedural rules that are easily and publicly accessible and that are compatible with applicable law, including this Article.
The Digital Services Coordinator states the following in the approval:
(a) the specific matters referred to in point (b) of the first subparagraph in which the body has expertise; and
(b) the official language or languages of the institutions of the Union in which the body is able to resolve disputes referred to in point (e) of the first subparagraph.
(4) The accredited out-of-court dispute resolution bodies shall report annually on their activities to the Digital Services Coordinator that accredited them, indicating at least the number of disputes they have received, information on the outcome of those disputes, the average duration of the dispute resolution and any shortcomings or difficulties. They shall provide additional information at the request of the Digital Services Coordinator.
Every two years, the Digital Services Coordinators shall draw up a report on the functioning of the out-of-court dispute resolution bodies they have approved. This report shall include in particular
a) a list of the number of disputes received by each authorized out-of-court dispute resolution body per year;
(b) information on the outcome of the disputes they have received and the average duration of dispute resolution;
(c) a description and explanation of any systemic or sectoral deficiencies or difficulties in the functioning of those bodies;
(d) a statement of best practice in relation to this operation;
e) any recommendations for improving this working method.
The authorized out-of-court dispute resolution bodies shall make their decisions available to the parties within a reasonable period of time, but no later than 90 calendar days after receipt of the complaint. In the case of highly complex disputes, the authorized out-of-court dispute resolution body may, at its own discretion, extend the period of 90 calendar days by a further period not exceeding 90 days, so that the maximum total period is 180 days.
(5) If the out-of-court dispute resolution body decides the dispute in favor of the user, including the reporting person or entity, the online platform provider shall bear all fees charged by the out-of-court dispute resolution body and reimburse the user, including the person or entity, for any other reasonable costs paid by him or her in connection with the dispute resolution. If the out-of-court dispute resolution body decides the dispute in favor of the online platform provider, the user, including the reporting person or entity, is not obliged to reimburse any fees or other costs paid or to be paid by the online platform provider in connection with the dispute resolution, unless the out-of-court dispute resolution body concludes that the user has clearly acted in bad faith.
The fees charged by the out-of-court dispute resolution body to the providers of online platforms must be reasonable and may in no case exceed the costs incurred by the dispute resolution body. Dispute resolution must be available to users free of charge or for a nominal fee.
The authorized out-of-court dispute resolution bodies shall inform the user, including the notifying persons or entities, and the provider of the online platform of the fees or the procedure used to determine the fees before initiating the dispute resolution.
(6) Member States may establish out-of-court dispute settlement bodies for the purposes of paragraph 1 or support the activities of some or all of the out-of-court dispute settlement bodies that they have authorized in accordance with paragraph 3.
Member States shall ensure that their actions taken pursuant to the first subparagraph do not interfere with their Digital Services Coordinators’ ability to accredit the entities concerned in accordance with paragraph 3.
(7) A Digital Services Coordinator that has accredited an out-of-court dispute resolution entity shall withdraw that accreditation if, as a result of an investigation it conducts on its own initiative or on the basis of information received from third parties, it finds that the out-of-court dispute resolution entity concerned no longer meets the conditions referred to in paragraph 3. Before withdrawing that accreditation, the Digital Services Coordinator shall give that entity the opportunity to comment on the results of its investigation and on the intended withdrawal of the accreditation of the out-of-court dispute resolution entity.
(8) Digital Services Coordinators shall notify to the Commission the out-of-court dispute resolution entities which they have accredited in accordance with paragraph 3, including, where applicable, the specifications referred to in the second subparagraph of that paragraph, as well as the out-of-court dispute resolution entities whose accreditation they have withdrawn. The Commission shall publish and keep up to date a list of those bodies, including the specifications referred to, on a dedicated and easily accessible website.
(9) This Article is without prejudice to Directive 2013/11/EU and the alternative dispute resolution procedures and bodies for consumers established under that Directive.
(2) The status of trusted flagger under this Regulation shall be granted, at the request of an entity, by the Digital Services Coordinator of the Member State in which the applicant is established to an applicant who has demonstrated that he or she fulfills all of the following conditions:
a) the body has special expertise and competence in recognizing, identifying and reporting illegal content;
b) it is independent of any online platform provider;
c) it carries out its reporting activities diligently, accurately and objectively.
(3) Trusted whistleblowers shall publish, at least once a year, easily understandable and detailed reports on the reports submitted in accordance with Article 16 during the relevant period. The report shall include at least the number of reports by the following categories:
a) Identity of the hosting service provider,
b) The type of allegedly illegal content reported,
c) measures taken by the provider.
These reports include an explanation of the procedures to ensure that the trusted whistleblower maintains his or her independence.
Trusted whistleblowers submit these reports to the Digital Services Coordinator and make them publicly available. The information in these reports must not contain any personal data.
(4) The Digital Services Coordinators shall notify the Commission and the Board of the names, addresses and e‑mail addresses of the entities to which they have granted the status of trusted flagger in accordance with paragraph 2 or whose status as trusted flagger they have revoked in accordance with paragraph 6 or withdrawn in accordance with paragraph 7.
(5) The Commission shall publish the information referred to in paragraph 4 in an easily accessible and machine-readable format in a publicly accessible database and keep it up to date.
(6) Where an online platform provider has information indicating that a trusted flagger has submitted a significant number of insufficiently precise, inaccurate or insufficiently substantiated reports through the mechanisms referred to in Article 16, including information collected in the context of the handling of complaints through the internal complaint-handling systems referred to in Article 20(4), it shall provide that information, together with the necessary explanations and evidence, to the Digital Services Coordinator which has granted trusted flagger status to the entity concerned. Upon receipt of the information from the online platform provider and in the event that the Digital Services Coordinator considers that there are legitimate grounds for initiating an investigation, the trusted flagger status shall be suspended for the duration of the investigation. This investigation will be conducted without delay.
(7) The Digital Services Coordinator that has granted trusted flagger status to an entity shall revoke that status if, as a result of an investigation it conducts on its own initiative or on the basis of information it has received from third parties, including information provided by an online platform provider in accordance with paragraph 6, it finds that the entity concerned no longer meets the conditions set out in paragraph 2. Before revoking that status, the Digital Services Coordinator shall give the entity the opportunity to comment on the results of its investigation and on the intended revocation of the entity’s status as a trusted flagger.
(8) The Commission shall, after consulting the Board, issue guidelines, where necessary, to assist online platform providers and digital service coordinators in the application of paragraphs 2, 6 and 7.
(2) Online platform providers shall suspend the handling of reports and complaints received through the reporting and redress mechanisms or internal complaint management systems referred to in Articles 16 and 20 from persons or entities or from complainants who frequently submit manifestly unfounded reports or complaints for a reasonable period of time after prior warning.
(3) When deciding on suspension, online platform providers shall assess on a case-by-case basis, in a timely, diligent and objective manner, whether the user, person, entity or complainant is involved in an abusive use referred to in paragraphs 1 and 2, taking into account all relevant facts and circumstances apparent from the information available to the online platform provider. Such circumstances shall include at least:
a) the absolute number of manifestly unlawful content or manifestly unfounded reports or complaints provided or submitted within a given period;
(b) their relative share of the total number of individual pieces of information provided in a given period or reported within a given period;
(c) the seriousness of the cases of misuse, including the nature of the illegal content and its consequences;
(d) the intentions pursued by the user, person, entity or complainant, where those intentions can be determined.
(4) Online platform providers shall set out clearly and in detail in their terms and conditions their rules for dealing with the abusive use referred to in paragraphs 1 and 2 of this Article and provide examples of facts and circumstances that they take into account when assessing whether a particular behavior constitutes abusive use and for the duration of the suspension.
(a) the number of disputes submitted to the out-of-court dispute resolution bodies referred to in Article 21, the outcome of the dispute resolution and the duration of the mediation until the conclusion of the dispute resolution procedures, and the proportion of disputes where the online platform providers have implemented the decisions of the body;
(b) the number of suspensions under Article 23, distinguishing between suspensions for manifestly unlawful content, for submitting manifestly unfounded notifications and for submitting manifestly unfounded complaints.
(2) By 17 February 2023, and at least every six months thereafter, providers shall publish in a publicly accessible area of their online interface, for each online platform or online search engine, information on the average monthly number of their active users in the Union, calculated as an average over the previous six months and in accordance with the methodology set out in the delegated acts referred to in Article 33(3), where those delegated acts have been adopted.
(3) Online platform providers or online search engine providers shall provide the Digital Services Coordinator of establishment and the Commission, at their request and without undue delay, with the information referred to in paragraph 2, updated at the time of that request. That Digital Services Coordinator or the Commission may require the online platform provider or online search engine provider to provide additional information on the calculation referred to in that paragraph and explanations and justifications in relation to the data used. That information shall not contain personal data.
(4) Where, on the basis of the information received in accordance with paragraphs 2 and 3 of this Article, the Digital Services Coordinator of establishment has reason to believe that an online platform provider or online search engine provider meets the threshold of average monthly active users in the Union set out in Article 33(1), it shall notify the Commission thereof.
(5) Online platform providers shall transmit to the Commission without delay the decisions and justifications referred to in Article 17(1) for inclusion in a publicly accessible machine-readable database managed by the Commission. Online platform providers shall ensure that the information submitted does not contain personal data.
(6) The Commission may adopt implementing acts laying down templates for the form, content and other details of the reports referred to in paragraph 1 of this Article. Those implementing acts shall be adopted in accordance with the advisory procedure referred to in Article 88.
(2) The prohibition in paragraph 1 does not apply to practices covered by Directive 2005/29/EC or Regulation (EU) 2016/679.
(3) The Commission may issue guidelines on the application of paragraph 1 to a specific practice, in particular in relation thereto,
a) that certain choices are emphasized more strongly when the user has to make a decision,
b) that the user is repeatedly asked to make a selection even though such a selection has already been made, in particular by displaying a window that impairs the user experience,
(c) that the procedure for terminating a service is made more difficult than the procedure for subscribing to that service.
(a) that the information is advertising, including by means of prominent marking, which may follow standards in accordance with Article 44,
b) the natural or legal person in whose name the advertisement is displayed,
(c) the natural or legal person who paid for the advertising, if that person is different from the natural or legal person referred to in point (b),
(d) meaningful information, directly and easily accessible through the advertisement, on the main parameters for determining the users to whom the advertisement is displayed and how these parameters may be changed.
(2) The providers of online platforms offer users a function with which they can declare whether the content they provide constitutes a commercial communication or contains such a commercial communication.
Where a user makes a statement in accordance with this paragraph, the online platform provider shall ensure that other users can determine clearly and unambiguously and in real time, including through prominent markings which may follow standards set out in Article 44, that the content provided by the user constitutes or contains a commercial communication as described in that statement.
(3) Online platform providers may not display advertising to users that is based on profiling in accordance with Article 4(4) of Regulation (EU) 2016/679 using special categories of personal data in accordance with Article 9(1) of Regulation (EU) 2016/679.
(2) The key parameters referred to in paragraph 1 shall explain why certain information is proposed to the user. They shall include at least the following:
a) the criteria that are most important for determining the information proposed to the user,
b) the reasons for the relative importance of these parameters.
(3) Where several options referred to in paragraph 1 are available for recommender systems to determine the relative order of priority of the information provided to users, online platform providers shall also make available a function allowing users to select and change their preferred option at any time. This function shall be directly and easily accessible from the specific section of the online interface of the online platform where the information is prioritized.
(2) Online platform providers may not display advertising on their interface based on profiling in accordance with Article 4(4) of Regulation (EU) 2016/679 using the user’s personal data if they are reasonably certain that the user in question is a minor.
(3) In order to comply with the obligations laid down in this Article, online platform providers shall not be obliged to process additional personal data to determine whether the user is a minor.
(4) The Commission may, after consulting the Committee, issue guidelines to assist online platform providers in the application of paragraph 1.
Where businesses lose the status of micro or small enterprises under Recommendation 2003/361/EC, this Section shall not apply to providers of online platforms that enable consumers to conclude distance contracts with traders, even in the 12 months following the loss of that status under Article 4(2) of that Recommendation, unless they are very large online platforms within the meaning of Article 33.
(2) By way of derogation from paragraph 1, this Section shall apply to providers of online platforms enabling consumers to conclude distance contracts with traders that have been classified as very large online platforms within the meaning of Article 33, irrespective of whether they are micro or small enterprises.
a) Name, address, telephone number and e‑mail address of the entrepreneur,
(b) a copy of the trader’s identity document or other electronic identification within the meaning of Article 3 of Regulation (EU) No 910/2014 of the European Parliament and of the Council (40),
c) Details of the entrepreneur’s payment account,
d) if the trader is registered in a commercial register or similar public register, the commercial register in which it is registered and its commercial register number or an equivalent identifier used in that register,
e) Self-certification by the trader in which the trader undertakes to offer only products or services that comply with the applicable provisions of Union law.
(2) After receiving the information referred to in paragraph 1 and before allowing the trader concerned to use its services, the provider of the online platform enabling consumers to conclude distance contracts with traders shall use its best efforts to verify that the information referred to in points (a) to (e) of paragraph 1 is reliable and complete by consulting freely available official online databases or using online interfaces provided by a Member State or the Union or by requesting evidence from reliable sources from the trader. For the purposes of this Regulation, traders shall be liable for the accuracy of the information provided.
With respect to traders already using the services of providers of online platforms that enable consumers to conclude distance contracts with traders for the purposes referred to in paragraph 1 on February 17, 2024, providers shall use their best efforts to obtain the information specified in the list from those traders within 12 months. If those traders do not provide the information within that period, providers shall suspend the provision of their services to those traders until they have provided all the information.
(3) Where the provider of the online platform enabling consumers to conclude distance contracts with traders receives sufficient information or has reason to believe that any individual information referred to in paragraph 1 received from the trader concerned is inaccurate, incomplete or not up to date, the provider shall require the trader to remedy the situation without undue delay or within the time limit set out in Union and national law.
If the trader fails to rectify or complete this information, the provider of the online platform enabling consumers to conclude distance contracts with traders shall suspend its services in relation to the offer of products or services to consumers in the Union to the trader without undue delay until the trader has fully complied with the request.
(4) Without prejudice to Article 4 of Regulation (EU) 2019/1150, where a provider of an online platform enabling consumers to conclude distance contracts with traders refuses to allow the use of its service in accordance with paragraph 1 or suspends the provision of its service in accordance with paragraph 3 of this Article, a trader shall have the right to lodge a complaint in accordance with Articles 20 and 21 of this Regulation.
(5) The provider of the online platform that enables consumers to conclude distance contracts with traders shall store the information received in accordance with paragraphs 1 and 2 in a secure manner for a period of six months after the end of the contractual relationship with the trader concerned. It shall then delete the information.
(6) Without prejudice to paragraph 2 of this Article, the provider of the online platform enabling consumers to conclude distance contracts with traders shall only disclose the information to third parties if they are required to do so by applicable law, including the orders referred to in Article 10 and the orders issued by the competent authorities of the Member States or the Commission for the performance of their tasks under this Regulation.
(7) The provider of the online platform enabling consumers to conclude distance contracts with traders shall make the information referred to in points (a), (d) and (e) of paragraph 1 available to users on its online platform in a clear, easily accessible and comprehensible manner. That information shall be available at least on the online interface of the online platform where the information on the product or service is provided.
In particular, the provider shall ensure that its online interface allows traders to provide information on the name, address, telephone number and e‑mail address of the economic operator within the meaning of Article 3(13) of Regulation (EU) 2019/1020 and other Union legislation.
(2) Providers of online platforms that enable consumers to conclude distance contracts with businesses shall ensure that their online interface is designed and organized in such a way that traders can provide at least the following:
(a) the information necessary to clearly and unambiguously identify the products or services advertised or offered to consumers in the Union through the services of suppliers,
b) a sign identifying the entrepreneur, such as the trademark, symbol or logo, and,
(c) where required, the information relating to labeling and marking in accordance with the provisions of applicable Union law on product safety and product conformity.
(3) Providers of online platforms enabling consumers to conclude distance contracts with traders shall use their best endeavors to assess whether such traders have provided the information referred to in paragraphs 1 and 2 before allowing them to offer their products or services on those platforms. After allowing the trader to offer products or services on its online platform that enables consumers to conclude distance contracts with traders, the trader shall make reasonable efforts to check, on a random basis, in an official, freely accessible and machine-readable online database or online interface, whether the products or services offered have been classified as unlawful.
a) the fact that the product or service is unlawful
b) the identity of the entrepreneur and
c) the relevant legal remedies.
The obligation under the first subparagraph shall only apply to the purchase of unlawful products or services in the past six months from the date on which the provider became aware of the unlawfulness.
(2) Where, in the situation referred to in paragraph 1, the provider of the online platforms enabling consumers to conclude distance contracts with traders does not have the contact details of all consumers concerned, that provider shall make the information on the infringing product or service, the identity of the trader and the relevant remedies publicly and easily accessible on its online interface.
(2) The Commission shall adopt delegated acts in accordance with Article 87 to adjust the average monthly number of active users in the Union referred to in paragraph 1 if the population of the Union increases or decreases by at least 5 % compared to its population in 2020 or, after adjustment by a delegated act, compared to its population in the year in which the last delegated act was adopted. In that case, it shall adjust the figure so that it corresponds to 10 % of the population of the Union in the year in which it adopts the delegated act, rounded up or down so that the figure can be expressed in millions.
(3) The Commission may, after consulting the Board, adopt delegated acts in accordance with Article 87 to supplement, for the purposes of paragraph 1 of this Article and Article 24(2), the provisions of this Regulation by supplementing the methodology for calculating the average monthly number of active users in the Union and ensuring that the methodology takes into account market and technological developments.
(4) The Commission shall, after consulting the Member State of establishment or after taking into account the information provided by the Digital Services Coordinator at the place of establishment in accordance with Article 24(4), adopt a decision designating, for the purposes of this Regulation, the online platform or online search engine as a very large online platform or very large online search engine with an average monthly number of active users equal to or greater than the number referred to in paragraph 1 of this Article. The Commission shall take its decision on the basis of the data reported by the provider of the online platform or online search engine in accordance with Article 24(2) or the information requested in accordance with Article 24(3) or any other information available to the Commission.
Failure by the online platform provider or online search engine provider to comply with Article 24(2) or with the request of the Digital Services Coordinator of establishment or the request of the Commission pursuant to Article 24(3) shall not prevent the Commission from designating that provider as a very large online platform provider or very large online search engine provider in accordance with this paragraph.
Where the Commission bases its decision on other information available to it pursuant to the first subparagraph or on additional information requested pursuant to Article 24(3), it shall give the provider of the online platform or online search engine concerned 10 working days to comment on the Commission’s preliminary findings that it intends to designate the online platform or online search engine as a very large online platform or very large online search engine. The Commission shall take due account of the comments of the provider concerned.
Where the provider of the online platform or online search engine does not take a position in accordance with the third subparagraph, this shall not prevent the Commission from designating that online platform or online search engine as a very large online platform or very large online search engine on the basis of other information at its disposal.
(5) The Commission shall revoke the designation if the online platform or online search engine does not have an average monthly number of active users equal to or higher than the number referred to in paragraph 1 for an uninterrupted period of one year.
(6) The Commission shall notify the online platform provider or online search engine concerned, the panel and the Digital Services Coordinator of establishment of its decisions referred to in paragraphs 4 and 5 without delay.
The Commission shall ensure that the list of designated very large online platforms and very large online search engines is published in the Official Journal of the European Union and shall keep that list up to date. After four months from the notification to the provider referred to in the first subparagraph, the obligations set out in this Section shall apply or cease to apply to the very large online platforms and very large online search engines concerned.
They shall carry out the risk assessments by the date of application referred to in the second subparagraph of Article 33(6) and at least once a year thereafter, and in any event before the introduction of functionalities that are likely to have a critical impact on the risks identified in accordance with this Article. That risk assessment shall be specific to their services and proportionate to the systemic risks, taking into account their severity and likelihood, and shall include the following systemic risks:
a) Distribution of illegal content via their services;
(b) any actual or foreseeable adverse effect on the exercise of fundamental rights, in particular the fundamental right to respect for human dignity enshrined in Article 1 of the Charter, the fundamental right to respect for private and family life enshrined in Article 7 of the Charter, the fundamental right to protection of personal data enshrined in Article 8 of the Charter, the fundamental right to freedom of expression and information, including media freedom and pluralism, enshrined in Article 11 of the Charter, the fundamental right to non-discrimination enshrined in Article 21 of the Charter, the rights of the child enshrined in Article 24 of the Charter and the comprehensive consumer protection enshrined in Article 38 of the Charter;
c) any actual or foreseeable adverse effects on social debate and electoral processes and public safety;
(d) any actual or foreseeable adverse consequences in relation to gender-based violence, the protection of public health and minors, and serious adverse consequences for a person’s physical and mental well-being.
(2) When carrying out the risk assessment, providers of very large online platforms and very large online search engines shall take particular account of whether and how the following factors influence the systemic risks referred to in paragraph 1:
a) the design of their recommendation systems and other relevant algorithmic systems;
b) their content moderation systems;
c) the applicable general terms and conditions and their enforcement;
d) Systems for the selection and display of advertising;
e) the data-related practices of the provider.
The assessments shall also analyze whether and how the risks referred to in paragraph 1 are affected by intentional manipulation of their service, including through inauthentic use or automated exploitation of the service, as well as by the amplification and the possibility of rapid and wide dissemination of illegal content and information that is incompatible with their terms and conditions.
Specific regional or linguistic aspects are also taken into account in the assessment if they are specific to a Member State.
(3) Providers of very large online platforms and very large online search engines shall keep the relevant risk assessment documents for at least three years after the risk assessments have been carried out and transmit them to the Commission and to the Digital Services Coordinator of establishment, if necessary.
(a) adapting the design, features or functioning of its services, including its online interfaces;
b) Adaptation of the general terms and conditions and their enforcement;
(c) adapting content moderation procedures, including the speed and quality of the processing of reports on certain types of illegal content, and, where necessary, swiftly removing or disabling access to the reported content, in particular in relation to illegal hate speech or cyber violence; and adapting all relevant decision-making processes and the means used for content moderation;
d) testing and adapting their algorithmic systems, including their recommendation systems;
(e) adapting their advertising systems and adopting targeted measures to restrict or adapt the display of advertising in connection with the service they provide;
f) strengthening the internal processes, resources, auditing, documentation or supervision of its activities, in particular with regard to the identification of systemic risks;
(g) the initiation or adaptation of cooperation with trusted flaggers in accordance with Article 22 and the implementation of decisions of out-of-court dispute resolution bodies in accordance with Article 21;
(h) starting or adapting cooperation with other online platform providers or online search engine providers on the basis of the codes of conduct or crisis protocols referred to in Articles 45 and 48;
i) Raising awareness and adapting their online to provide users with more information;
(j) targeted measures to protect the rights of the child, including age verification and parental control tools and tools to enable minors to report abuse or receive support;
(k) ensuring that an item of information, whether generated or manipulated image, sound or video content, which bears a striking resemblance to any existing person, object, place or other entity or event and falsely appears to a person to be genuine or truthful, is recognizable by a prominent marking when displayed on its online interfaces, and furthermore providing a user-friendly function to enable users of the service to view such information.
(2) The committee publishes a comprehensive report once a year in cooperation with the Commission. The report contains the following information:
(a) identification and assessment of the most prominent recurring systemic risks reported by providers of very large online platforms and very large online search engines or identified through other sources of information, in particular from the information provided in accordance with Articles 39, 40 and 42;
b) best practices for providers of very large online platforms and very large online search engines to mitigate the identified systemic risks.
That report shall include information on systemic risks, broken down by the Member States where they occurred, where relevant, and, where appropriate, in the Union as a whole.
(3) The Commission may, in cooperation with the Digital Services Coordinators, issue guidelines on the application of paragraph 1 in relation to specific risks, in particular to present best practices and recommend possible measures, taking due account of the possible impact of the measures on the fundamental rights of all stakeholders as enshrined in the Charter. The Commission shall carry out public consultations with a view to drawing up such guidelines.
(a) an assessment of whether and, if so, to what extent and how the operation and use of their services contribute or are likely to contribute significantly to a serious threat as referred to in paragraph 2;
(b) the identification and application of targeted, effective and proportionate measures, such as measures referred to in Article 35(1) or Article 48(2), to prevent, eliminate or mitigate such contribution to the serious threat identified in accordance with point (a);
(c) reporting to the Commission, by a specific date set out in the Decision or at regular intervals, on the evaluations referred to in point (a), on the precise content, implementation and qualitative and quantitative impact of the targeted measures taken pursuant to point (b), and on any other issue related to those evaluations or measures, as specified in the Decision;
When identifying and applying measures pursuant to point (b), the service provider(s) shall duly take into account the seriousness of the serious threat referred to in paragraph 2, the urgency of the measures and the actual or potential impact on the rights and legitimate interests of all parties concerned, including the possible failure of the measures to respect fundamental rights as enshrined in the Charter.
(2) For the purposes of this Article, a crisis shall be deemed to have occurred when exceptional circumstances arise which may lead to a serious threat to public security or public health in the Union or in substantial parts of the Union.
(3) When taking a decision in accordance with paragraph 1, the Commission shall ensure that all of the following requirements are met:
(a) the measures required by the decision are strictly necessary, justified and proportionate, in particular in relation to the gravity of the serious threat referred to in paragraph 2, the urgency of the measures and the actual or potential impact on the rights and legitimate interests of all parties concerned, including the possible failure of the measures to respect fundamental rights as enshrined in the Charter;
(b) the decision shall set a reasonable time limit within which the targeted measures referred to in paragraph 1(b) are to be taken, taking into account in particular the urgency of those measures and the time needed for their preparation and implementation;
(c) the measures required by the decision are limited to a maximum duration of three months.
(4) After the adoption of the decision referred to in paragraph 1, the Commission shall immediately take the following measures:
a) it notifies the decision to the provider or providers to whom the decision is addressed;
b) it makes the decision publicly accessible; and
c) it informs the body of the decision, invites it to comment on it and keeps it informed of any further developments in connection with the decision.
(5) The choice of targeted measures to be taken in accordance with point (b) of paragraph 1 and the second subparagraph of paragraph 7 shall remain with the provider or providers to whom the Commission decision is addressed.
(6) The Commission may, on its own initiative or at the request of the provider, enter into a dialog with the provider to determine whether the measures referred to in point (b) of paragraph 1 are effective and proportionate to achieve the objectives pursued, taking into account the specific circumstances of the provider. In particular, the Commission shall ensure that the measures taken by the service provider pursuant to paragraph 1(b) comply with the requirements set out in paragraph 3(a) and (c).
(7) The Commission shall monitor the application of the targeted measures taken pursuant to the decision referred to in paragraph 1 on the basis of the reports referred to in point (c) of paragraph 1 and any other relevant information, including information that it may request pursuant to Article 40 or 67, taking into account the evolution of the crisis. The Commission shall report regularly, and at least monthly, to the Board on that monitoring.
Where the Commission considers that the targeted measures referred to in point (b) of paragraph 1 planned or implemented are not effective or proportionate, it may, after consulting the panel, require the provider to review the identification or application of those targeted measures by adopting a decision.
(8) Where appropriate in view of the evolution of the crisis, the Commission may, on the recommendation of the Board, amend the decision referred to in paragraph 1 or the second subparagraph of paragraph 7 by
(a) revoke the decision and, where appropriate, require the very large online platform or very large online search engine to cease applying the measures identified and implemented in accordance with point (b) of paragraph 1 or the second subparagraph of paragraph 7, in particular where the grounds for such measures no longer apply;
(b) extends the period referred to in paragraph 3(c) by a maximum of three months;
(c) take into account the experience gained in the application of the measures, in particular the possible failure of the measures to respect the fundamental rights enshrined in the Charter.
(9) The requirements of paragraphs 1 to 6 shall apply to the decision referred to in this Article and any amendment thereto.
(10) The Commission shall take the utmost account of any opinions expressed by the Panel in accordance with the recommendations set out in this Article.
(11) The Commission shall report to the European Parliament and to the Council on the application of the specific measures adopted pursuant to this Article annually after the adoption of decisions under this Article and in any case three months after the end of the crisis.
a) the obligations laid down in Chapter III,
(b) the commitments made in accordance with the codes of conduct referred to in Articles 45 and 46 and the crisis protocols referred to in Article 48.
(2) Providers of very large online platforms and very large online search engines shall provide the necessary assistance to, and cooperate with, the organizations conducting the examinations referred to in this Article to enable them to conduct those examinations in an effective, efficient and timely manner, including by granting them access to all relevant data and premises and by answering oral or written questions. They shall not hinder, unduly influence or undermine the conduct of the audit.
Those audits shall ensure an appropriate level of confidentiality and compliance with the obligation of professional secrecy with regard to the information they receive from the providers of very large online platforms and very large online search engines and third parties in the course of the audits, including after the audits have been completed. However, compliance with this requirement shall not adversely affect the conduct of the inspections and other provisions of this Regulation, in particular the provisions on transparency, monitoring and enforcement. To the extent necessary for the purposes of the transparency reporting obligations referred to in Article 42(4), the report on the conduct of the audit referred to in paragraphs 4 and 6 of this Article shall be accompanied by versions of the audit report which do not contain information that could reasonably be considered confidential.
(3) The inspections referred to in paragraph 1 shall be carried out by bodies which
(a) are independent from, and have no conflicts of interest with, the provider of the very large online platform or very large online search engine concerned and any legal entity related to that provider; in particular
i) have not provided any non-audit services in connection with the audited matters to the provider of the very large online platform or very large online search engine concerned and to legal entities associated with it in the 12 months prior to the start of the audit and have undertaken not to provide such services to them in the 12 months following completion of the audit,
(ii) have not provided audit services under this Article to the provider of a very large online platform or very large online search engine concerned and to legal entities related to it for a period of more than 10 consecutive years,
iii) do not carry out the audit for fees that depend on the result of the audit;
b) have proven expertise in the field of risk management as well as technical skills and capacities,
c) have a proven track record of working with objectivity and in accordance with professional ethics, in particular by complying with codes of conduct or relevant standards.
(4) Providers of very large online platforms or very large online search engines shall ensure that the bodies carrying out the checks prepare a check report for each check. This report contains a written justification and at least the following:
(a) the name, address and contact point of the provider of the very large online platform or very large online search engine being audited and the period covered by the audit,
b) Name and address of the body or bodies carrying out the inspection,
c) Declaration of interests,
d) Description of the specific elements tested and the method used,
e) Description and summary of the main findings of the audit,
f) List of third parties consulted during the audit,
(g) the auditors’ opinion on whether the audited very large online platform provider or very large online search engine provider has complied with the obligations and commitments referred to in paragraph 1, either ‘positive’, ‘positive with comments’ or ’negative’,
(h) if the opinion is not ‘positive’, operational recommendations for specific actions to be taken to comply with all obligations and commitments and the recommended timeframe for doing so.
(5) If the body that carried out the audit was not able to audit certain elements or give an opinion on the basis of its investigations, the audit report shall contain an explanation of the circumstances and reasons why these elements could not be audited.
(6) Providers of very large online platforms or very large online search engines that do not receive a “positive” audit report shall take due account of the operational recommendations addressed to them and take the necessary measures to implement them. Within one month of receiving these recommendations, they shall adopt a report on the implementation of the audit findings in which they set out these measures. If they do not implement the operational recommendations, they shall justify this in the report and explain the alternative measures they have taken to remedy any breaches identified.
(7) The Commission shall be empowered to adopt delegated acts in accordance with Article 87 to supplement this Regulation by laying down the necessary rules for the conduct of the scrutinies referred to in this Article, in particular as regards the necessary rules on the procedural steps, the scrutiny methods and the reporting templates for the scrutinies carried out in accordance with this Article. The delegated acts shall take into account any voluntary audit standards referred to in point (e) of Article 44(1).
(2) The archive contains at least all of the following information:
a) the content of the advertisement, including the name of the product, service or brand and the subject of the advertisement;
b) the natural or legal person in whose name the advertisement is displayed;
c) the natural or legal person who paid for the advertising, if that person is different from the person referred to in point (b),
d) the period during which the advertisement was displayed;
(e) whether the advertisement should be targeted to one or more specific groups of users and, if so, the main parameters used for this purpose, including the main parameters used to exclude one or more such specific groups, if any;
(f) commercial communications published and identified on the very large online platforms referred to in Article 26(2);
(g) the total number of users reached and, where applicable, aggregated figures broken down by Member State for the group or groups of users to whom the advertising was targeted.
(3) With regard to points (a), (b) and (c) of paragraph 2, the archive shall not contain the information referred to in those points where a provider of a very large online platform or very large online search engine has removed or blocked access to a particular advertisement on grounds of suspected illegality or incompatibility with its terms and conditions. In this case, the archive for the advertisement in question shall contain the information referred to in Article 17(3)(a) to (e) or Article 9(2)(a)(i).
The Commission may, after consulting the panel, the relevant accredited researchers referred to in Article 40 and the public, issue guidelines on the structure, organization and functioning of the archives referred to in this Article.
(2) Digital Services Coordinators and the Commission shall use the data accessed in accordance with paragraph 1 solely for the purpose of monitoring and assessing compliance with this Regulation, taking due account of the rights and interests of the very large online platform providers or very large online search engines and users concerned, including the protection of personal data, the protection of confidential information, in particular trade secrets, and the maintenance of the security of their service.
(3) For the purposes of paragraph 1, providers of very large online platforms or very large online search engines shall, at the request of the Digital Services Coordinator of establishment or the Commission, explain the design, logic, functioning and testing of their algorithmic systems, including their recommender systems.
(4) Providers of very large online platforms or very large online search engines shall, upon a reasoned request from the Digital Services Coordinator at the place of establishment and within a reasonable period of time specified therein, grant access to data to approved researchers that meet the requirements set out in paragraph 8 of this Article for the sole purpose of conducting research that contributes to the detection, identification and understanding of systemic risks in the Union in accordance with Article 34(1), including in relation to the assessment of the adequacy, effectiveness and impact of the risk mitigation measures referred to in Article 35.
(5) Within 15 days of receipt of a request pursuant to paragraph 4, providers of very large online platforms or very large online search engines may request the Digital Services Coordinator of establishment to amend the request if they are unable to provide access to the requested data for either of the following reasons:
a) they do not have access to the data;
(b) granting access to the data leads to significant vulnerabilities in the security of their service or in the protection of confidential information, in particular trade secrets.
(6) Requests for amendments under paragraph 5 shall include proposals for one or more alternative ways of granting access to the requested data or to other data that are adequate and sufficient for the purposes of the request.
The Digital Services Coordinator at the place of establishment shall decide on the request for amendment within 15 days and notify the provider of the very large online platform or very large online search engine of the decision in question and, where applicable, the amended request with the new deadline for its fulfillment.
(7) Providers of very large online platforms or very large online search engines shall facilitate and provide access to data referred to in paragraphs 1 and 4 through appropriate interfaces specified in the request, including online databases or application programming interfaces.
(8) Upon duly justified request from researchers, the Digital Services Coordinator at the place of establishment shall grant the status of “accredited researchers” to such researchers for specific research referred to in the request and shall submit a reasoned request for access to data to a provider of a very large online platform or very large online search engine in accordance with paragraph 4, provided that the researchers demonstrate that they meet all of the following conditions:
(a) they are affiliated to a research organization within the meaning of Article 2(1) of Directive (EU) 2019/790
b) they are independent of commercial interests;
c) your application provides information about the funding of the research;
(d) they are able to comply with the specific data security and confidentiality requirements associated with each request and to protect personal data, and they describe in their request the appropriate technical and organizational measures they have taken to do so;
(e) their application demonstrates that the access to the data and the time limits requested are necessary and proportionate for the purposes of their research and that the expected results of that research will contribute to the purposes referred to in paragraph 4;
(f) the planned research activities are carried out for the purposes referred to in paragraph 4;
(g) they have undertaken to make their research results publicly available free of charge within a reasonable period of time after the completion of the research, taking into account the rights and interests of the users of the service concerned, in accordance with Regulation (EU) 2016/679.
The Digital Services Coordinator of establishment shall inform the Commission and the panel of the receipt of requests under this paragraph.
(9) Researchers may also submit their request to the Digital Services Coordinator of the Member State of the research organization to which they are affiliated. Upon receipt of the request referred to in this paragraph, the Digital Services Coordinator shall carry out an initial assessment of whether the researchers concerned meet all the conditions set out in paragraph 8. The Digital Services Coordinator concerned shall then transmit the request, together with the supporting documents submitted by the researchers concerned and the initial assessment, to the Digital Services Coordinator of establishment. The Digital Services Coordinator at the place of establishment shall decide whether a researcher shall be granted the status of ‘approved researcher’ without delay.
While due account shall be taken of the initial assessment provided, the final decision on the granting of “approved researcher” status in accordance with paragraph 8 shall be the responsibility of the Digital Services Coordinator at the place of establishment.
(10) The Digital Services Coordinator that has granted the status of an accredited researcher and has submitted a reasoned request for access to data to providers of very large online platforms or very large online search engines for the benefit of an accredited researcher shall take a decision to terminate access if, following an investigation, it finds, on its own initiative or on the basis of information provided by third parties, that the accredited researcher no longer meets the conditions referred to in paragraph 8 and shall inform the provider of the very large online platform or very large online search engine concerned of the decision. Before terminating access, the Digital Services Coordinator shall give the accredited researcher the opportunity to comment on the results of the investigation and the intention to terminate access.
(11) The Digital Services Coordinators at the place of establishment shall communicate to the panel the names and contact details of the natural persons or entities to whom they have granted the status of ‘approved researcher’ in accordance with paragraph 8, as well as the purpose of the research for which the application was made, or they shall communicate this information to the panel when access to data has been terminated in accordance with paragraph 10.
(12) Providers of very large online platforms or very large online search engines shall provide immediate access to data, including, where technically feasible, real-time data, provided that the data are publicly available through their online interface to researchers, including researchers affiliated with non-profit institutions, organizations and associations that meet the conditions set out in points (b), (c), (d) and (e) of paragraph 8 and use the data exclusively for research purposes that contribute to the detection, identification and understanding of systemic risk in the Union in accordance with Article 34(1).
(13) The Commission shall, after consulting the Board, adopt delegated acts supplementing this Regulation by specifying the technical conditions under which providers of very large online platforms or very large online search services are to make data available in accordance with paragraphs 1 and 4 and the purposes for which the data may be used. Those delegated acts shall specify the specific conditions under which such data sharing with researchers may take place in accordance with Regulation (EU) 2016/679 and the relevant objective indicators and the procedures and, where necessary, the independent advisory mechanisms to support data sharing, taking into account the rights and interests of very large online platforms or very large online search engines providers and users, including the protection of confidential information, in particular trade secrets, and the maintenance of the security of their service.
(2) The management body of the provider of the very large online platform or very large online search engine shall ensure that the compliance officers have the professional qualifications, knowledge, experience and skills required to perform the tasks referred to in paragraph 3.
The governing body of the provider of the very large online platform or very large online search engine shall ensure that the head of the compliance department is an independent manager who is specifically responsible for the compliance department.
The head of compliance shall report directly to the management body of the very large online platform provider or very large online search engine provider and may raise concerns and alert that body where risks referred to in Article 34 or non-compliance with this Regulation affect or may affect the very large online platform provider or very large online search engine provider, without prejudice to the responsibilities of the management body in its supervisory and management functions.
The head of the compliance department may not be replaced without the prior consent of the management body of the provider of the very large online platform or very large online search engine.
(3) Compliance officers have the following tasks:
(a) cooperate with the Digital Services Coordinator at the place of establishment and with the Commission for the purposes of this Regulation;
(b) ensuring that all risks referred to in Article 34 are identified and properly reported and that appropriate, proportionate and effective risk mitigation measures are taken in accordance with Article 35;
(c) organizing and supervising the activities of the provider of the very large online platform or very large online search engine in relation to the independent audit referred to in Article 37;
(d) informing and advising the management and employees of the provider of the very large online platform or very large online search engine about the relevant obligations under this Regulation;
(e) monitoring that the provider of the very large online platform or very large online search engine complies with its obligations under this Regulation;
(f) where applicable, monitoring compliance with the commitments made by the very large online platform provider or very large online search engine provider under the codes of conduct referred to in Articles 45 and 46 or the crisis protocols referred to in Article 48.
(4) Providers of very large online platforms or very large online search engines shall communicate the name and contact details of the head of the compliance department to the Digital Services Coordinator at the place of establishment and to the Commission.
(5) The management body of the very large online platform provider or very large online search engine provider shall be responsible for establishing, overseeing and being accountable for the implementation of the provider’s governance arrangements that ensure the independence of the compliance function, including the allocation of responsibilities within the very large online platform provider’s or very large online search engine provider’s organization, the avoidance of conflicts of interest and the responsible management of systemic risks identified in accordance with Article 34.
(6) The management body shall regularly, and at least annually, approve and review the strategies and measures for addressing, managing, monitoring and mitigating the risks identified in accordance with Article 34 to which the very large online platform or very large online search engine is or may be exposed.
(7) The management body shall devote sufficient time to examining the measures associated with risk management. It shall actively participate in risk management decisions and ensure that adequate resources are allocated to the management of risks identified in accordance with Article 34.
(2) The reports published by providers of very large online search engines in accordance with paragraph 1 of this Article shall contain the following information in addition to the information referred to in Article 15 and Article 24(1):
(a) the human resources dedicated by the very large online platform provider to the moderation of content related to the service offered in the Union, disaggregated by each relevant official language of the Member States, including for compliance with the obligations set out in Articles 16 and 22 and for compliance with the obligations set out in Article 20;
(b) the qualifications and language skills of the persons carrying out the activities referred to in point (a) and the training and support of such personnel;
(c) the accuracy indicators and related information referred to in Article 15(1)(e), broken down by each official language of the Member States.
The reports shall be published in at least one of the official languages of the Member States.
(3) In addition to the information referred to in Article 24(2), providers of very large online platforms or very large online search engines shall include the average monthly number of users for each Member State in the reports referred to in paragraph 1 of this Article.
(4) Providers of very large online platforms or very large online search engines shall submit the following documents to the Digital Services Coordinator of establishment and the Commission no later than three months after receipt of the audit report referred to in Article 37(4), without undue delay after its completion, and make them publicly available:
(a) a report on the results of the risk assessment referred to in Article 34,
(b) the specific remedial measures taken pursuant to Article 35(1),
(c) the audit report referred to in Article 37(4),
(d) the report on the implementation of the audit results referred to in Article 37(6),
(e) where applicable, information on the consultations carried out by the provider to support the risk assessments and the design of the risk mitigation measures.
(5) Where a provider of a very large online platform or very large online search engine considers that the publication of information referred to in paragraph 4 could lead to the disclosure of confidential information of that provider or of users, cause significant vulnerabilities to the security of its service, affect public security or harm users, the provider may remove that information from the publicly available reports. In that case, the provider shall submit the complete reports to the Digital Services Coordinator of establishment and to the Commission, together with a justification for the removal of the information from the publicly available reports.
(2) The total amount of the annual supervisory fees shall cover the estimated costs incurred by the Commission in relation to its supervisory tasks under this Regulation, in particular the costs related to the designation pursuant to Article 33, the establishment, maintenance and operation of the database pursuant to Article 24(5) and the information exchange system pursuant to Article 85, the referrals pursuant to Article 59, the assistance to the Board pursuant to Article 62 and the supervisory tasks pursuant to Article 56 and Chapter IV, Section 4.
(3) Providers of very large online platforms and very large online search engines shall be charged an annual supervision fee for each service for which they have been designated in accordance with Article 33.
The Commission shall adopt implementing acts to determine the amount of the annual supervisory fee for each provider of a very large online platform or very large online search engine. When adopting those implementing acts, the Commission shall apply the methodology set out in the delegated act referred to in paragraph 4 of this Article and shall respect the principles set out in paragraph 5 of this Article. Those implementing acts shall be adopted in accordance with the advisory procedure referred to in Article 88.
(4) The Commission shall adopt delegated acts in accordance with Article 87 laying down the detailed methodology and procedures for the following:
a) the determination of costs in accordance with paragraph 2;
b) the determination of the individual annual supervisory fees in accordance with paragraph 5 letters b and c;
(c) the setting of the maximum overall limit referred to in paragraph 5(c); and
d) the details required for making the payment.
When adopting those delegated acts, the Commission shall comply with the principles set out in paragraph 5 of this Article.
(5) The implementing act referred to in paragraph 3 and the delegated act referred to in paragraph 4 shall comply with the following principles:
a) the costs incurred in the previous year are taken into account when estimating the total amount of the annual supervisory fee;
(b) the annual supervisory fee is proportionate to the average monthly number of active users in the Union of each very large online platform or very large online search engine designated in accordance with Article 33;
(c) the total amount of the annual supervisory fee charged to a particular provider of a very large online platform or a very large search engine shall in no case exceed 0,05 % of its worldwide annual net revenue in the preceding financial year.
(6) The individual annual supervisory fees charged in accordance with paragraph 1 shall constitute external assigned revenue within the meaning of Article 21(5) of Regulation (EU, Euratom) 2018/1046 of the European Parliament and of the Council (41).
(7) The Commission shall report annually to the European Parliament and the Council on the total amount of costs incurred for the performance of the tasks under this Regulation and on the total amount of individual annual supervisory fees levied in the previous year.
(a) electronic transmission of notifications in accordance with Article 16;
b) Templates, design and procedural standards for user-friendly communication with users about restrictions resulting from the General Terms and Conditions and their amendments;
(c) electronic transmission of reports by trusted flaggers in accordance with Article 22, including via application programming interfaces;
(d) specific interfaces, including application programming interfaces, which facilitate compliance with the obligations laid down in Articles 39 and 40;
(e) examination of very large online platforms and very large online search engines in accordance with Article 37;
(f) interoperability of the advertising archives referred to in Article 39(2);
(g) data transfers between advertising intermediaries in the context of the transparency obligations under Article 26(1)(b), (c) and (d);
(h) technical measures enabling compliance with the obligations in this Regulation in relation to advertising, including the obligations in relation to clearly visible labeling of advertising and commercial communications in accordance with Article 26;
(i) selection interfaces and presentation of information on the main parameters of different types of recommender systems in accordance with Articles 27 and 38;
j) standards for targeted measures to protect minors on the Internet.
(2) The Commission shall support the revision of the standards, taking into account the development of technology and the behavior of the users of the services concerned. The relevant information on the revision of the standards shall be publicly available and easily accessible.
(2) Where significant systemic risks within the meaning of Article 34(1) arise that affect several very large online platforms or very large online search engines, the Commission may invite the very large online platform providers or very large online search engine providers concerned and, where appropriate, other very large online platform providers, very large online search engine providers, online platform providers and intermediary service providers as well as competent authorities, civil society organizations and other relevant stakeholders to participate in the development of codes of conduct; This may include obligations to take specific risk mitigation measures and a framework for regular reporting on all measures taken and their results.
(3) In implementing paragraphs 1 and 2, the Commission and the Board, and other bodies as appropriate, shall endeavor to ensure that the codes of conduct clearly set out the specific objectives they pursue and include key performance indicators to measure the achievement of those objectives, and that the codes take due account of the needs and interests of all stakeholders, and in particular of citizens, at Union level. In addition, the Commission and the Board shall endeavor to ensure that stakeholders regularly report to the Commission and their respective Digital Services Coordinators at the place of establishment on all actions taken and their results, measured against the key performance indicators in the codes. The key performance indicators and reporting obligations shall take into account the differences in size and capacity of the individual stakeholders.
(4) The Commission and the panel shall assess whether the codes of conduct meet the objectives set out in paragraphs 1 and 3 and shall regularly monitor and evaluate the achievement of the objectives pursued, taking into account any key performance indicators included therein. They shall publish their conclusions.
The Commission and the Panel also promote and facilitate the regular review and adaptation of the codes of conduct.
In the event of a systematic breach of the codes of conduct, the Commission and the Panel may request the signatories to the codes of conduct to take the necessary measures.
(2) The Commission is committed to ensuring that the codes of conduct aim at an effective transmission of information in full respect of the rights and interests of all stakeholders and a competitive, transparent and fair environment in online advertising in accordance with Union and national law, in particular as regards competition and the protection of privacy and personal data. The Commission is committed to ensuring that the codes of conduct cover at least the following:
(a) the transmission to users of information held by providers of online advertising mediation services regarding the requirements referred to in points (b), (c) and (d) of Article 26(1);
(b) the transmission of information held by providers of online advertising mediation services to the archives in accordance with Article 39;
c) meaningful information on the monetization of data.
(3) The Commission encourages the development of codes of conduct by February 18, 2025 and their application by August 18, 2025.
(4) The Commission calls on all actors along the online advertising value chain referred to in paragraph 1 to promote and comply with the obligations set out in the codes of conduct.
(2) The Commission is committed to ensuring that the codes of conduct pursue the objective of ensuring the accessibility of these services in accordance with Union and national law in order to maximize their foreseeable use by persons with disabilities. The Commission is committed to ensuring that the codes of conduct address at least the following objectives:
a) Designing and adapting services to make them accessible to people with disabilities by making them perceivable, operable, understandable and robust;
(b) explaining how the services meet the applicable accessibility requirements and making this information available to the public in a way that is accessible to persons with disabilities;
(c) providing information, forms and measures under this Regulation in a way that makes them easy to find, easy to understand and accessible to persons with disabilities.
(3) The Commission encourages the development of codes of conduct by February 18, 2025 and their application by August 18, 2025.
(2) The Commission shall encourage and facilitate the participation of providers of very large online platforms, very large online search engines and, where appropriate, other online platforms or other online search engines in the development, testing and application of those crisis protocols. The Commission shall endeavor to ensure that these crisis protocols include one or more of the following measures:
(a) highlighted presentation of information on the crisis situation provided by Member States’ authorities or at Union level or by other relevant reliable bodies, depending on the context of the crisis;
(b) ensure that the provider of intermediary services designates a specific contact point for crisis management, which may be the electronic contact point referred to in Article 11 or, for providers of a very large online platform or a very large online search engine, the compliance officer referred to in Article 41;
(c) adapting, where necessary, the resources earmarked for fulfilling the obligations referred to in Articles 16, 20, 22, 23 and 35 to the needs arising from the crisis situation.
(3) The Commission shall, where appropriate, involve the authorities of the Member States in the development, testing and monitoring of the application of the crisis protocols and may also involve Union bodies, offices and agencies. Where appropriate, the Commission may also involve civil society organizations or other relevant organizations in the development of the crisis protocols.
(4) The Commission is committed to ensuring that all of the following elements are clearly set out in the crisis protocols:
(a) the specific parameters for determining the particular exceptional circumstances to be addressed by the crisis protocol and the objectives pursued;
b) the role of the individual parties involved and the measures they must take in preparation for and after activation of the crisis protocol;
c) a clear procedure to determine when to activate the crisis protocol;
(d) a clear procedure for determining the period during which the measures to be taken after activation of the crisis protocol are to be implemented, strictly limited to what is necessary to deal with the particular exceptional circumstances;
(e) safeguards to avoid any negative impact on the exercise of fundamental rights enshrined in the Charter, in particular freedom of expression and information and the right to non-discrimination;
f) a procedure for public reporting on all measures taken, their duration and their results after the end of the crisis situation.
(5) Where the Commission considers that a crisis protocol does not effectively address the crisis situation or does not protect the exercise of the fundamental rights referred to in point (e) of paragraph 4, it shall request the parties to revise the crisis protocol, including by taking additional measures.
(2) Member States shall designate one of the competent authorities as their Digital Services Coordinator. The Digital Services Coordinator shall be responsible for all matters relating to the supervision and enforcement of this Regulation in that Member State, unless the Member State concerned has delegated certain specific tasks or sectors to other competent authorities. In any event, the Digital Services Coordinator shall be responsible for ensuring the coordination of those matters at national level and for contributing to the effective and consistent supervision and enforcement of this Regulation throughout the Union.
To that end, the Digital Services Coordinators shall cooperate with each other and with other national competent authorities, the Board and the Commission, without prejudice to the possibility for Member States to provide for cooperation mechanisms and regular exchanges of views between the Digital Services Coordinator and other national authorities where relevant for the performance of their respective tasks.
Where a Member State designates one or more competent authorities in addition to the Digital Services Coordinator, it shall ensure that the respective roles of those authorities and of the Digital Services Coordinator are clearly defined and that they cooperate closely and effectively in the performance of their tasks.
(3) Member States shall appoint the coordinators for digital services by February 17, 2024.
Member States shall make publicly available the names of their competent authorities designated as Digital Services Coordinators and information on how to contact them and shall communicate them to the Commission and to the Board. The Member State concerned shall communicate to the Commission and to the panel the name of the other competent authorities referred to in paragraph 2 and their respective tasks.
(4) The provisions on Digital Services Coordinators laid down in Articles 50, 51 and 56 shall also apply to any other competent authorities designated by Member States in accordance with paragraph 1 of this Article.
(2) In performing their tasks and exercising their powers under this Regulation, Digital Services Coordinators shall act completely independently. They shall operate free from external influence and may neither directly nor indirectly seek or receive instructions from other authorities or private bodies.
(3) Paragraph 2 of this Article shall be without prejudice to the tasks of Digital Services Coordinators within the monitoring and enforcement system provided for in this Regulation and the cooperation with other competent authorities referred to in Article 49(2). Paragraph 2 of this Article shall not prevent the exercise of judicial review and shall be without prejudice to appropriate accountability obligations in relation to the general activities of Digital Services Coordinators, such as financial expenditure or reporting to national parliaments, provided that those obligations do not undermine the achievement of the objectives of this Regulation.
(a) the power to require those providers and any other person acting for purposes relating to their trade, business, craft or profession who is likely to have knowledge of information relating to a suspected infringement of this Regulation, including organizations carrying out the checks referred to in Article 37 and Article 75(2), to transmit that information without delay,
(b) the power to carry out inspections, or to request a judicial authority in its Member State to order such inspections, or to request other authorities to do so, in any premises used by those providers or those persons for the purposes of their trade, business, craft or profession, in order to investigate, seize or make or obtain copies of information relating to an alleged infringement, irrespective of the storage medium,
(c) the power to ask any employee or representative of those providers or persons to make statements on any information relating to an alleged infringement and to record the answers by any technical means with their consent.
(2) To the extent necessary for the performance of their tasks under this Regulation, Digital Services Coordinators shall have the following enforcement powers in respect of providers of intermediary services falling within the jurisdiction of their Member State:
(a) the power to accept commitments from those providers to comply with this Regulation and to declare those commitments binding,
(b) the power to order the cessation of infringements and, where appropriate, to impose remedies proportionate to the infringement and necessary to bring the infringement effectively to an end, or to require a judicial authority in its Member State to do so,
(c) the power to impose fines or to require a judicial authority in its Member State to do so, in accordance with Article 52, for failure to comply with this Regulation, including investigation orders issued pursuant to paragraph 1 of this Article,
(d) the power to impose a periodic penalty payment or to require a judicial authority in its Member State to do so, in accordance with Article 52, in order to ensure that an infringement is brought to an end following an order issued pursuant to point (b) of this subparagraph or a failure to comply with an investigation order issued pursuant to paragraph 1 of this Article;
(e) the power to take interim measures to prevent the risk of serious harm or to request the competent national judicial authorities in their Member State to do so.
With regard to points (c) and (d) of the first subparagraph, Digital Services Coordinators shall also have the enforcement powers referred to in those points in respect of the other persons referred to in paragraph 1 for non-compliance with orders issued to them pursuant to that paragraph. They shall exercise those enforcement powers only after providing those other persons with all relevant information in relation to such orders in a timely manner, including the period of application, the fines or periodic penalty payments that may be imposed for non-compliance and the means of redress.
(3) To the extent necessary to carry out their tasks under this Regulation, Digital Services Coordinators shall, in relation to providers of intermediary services under the jurisdiction of their Member State, where all other powers under this Article to bring an infringement to an end have been exhausted, the infringement has not been remedied or is continuing and is causing serious harm which cannot be avoided by the exercise of other powers under Union or national law, have the power to take the following measures:
(a) require the management body of that provider to examine the situation without delay, adopt and submit an action plan setting out the measures necessary to bring the infringement to an end, ensure that the provider takes those measures and report on the measures taken,
(b) where the Digital Services Coordinator considers that an intermediary service provider has not sufficiently complied with the requirements referred to in point (a), that the infringement has not been remedied or is continuing and is causing serious harm, and that the infringement constitutes a criminal offence threatening the life or safety of persons, it shall request the competent judicial authority of its Member State to order that users’ access to the service affected by the infringement or, only where technically impossible, to the online interface of the provider of intermediary services on which the infringement takes place, be temporarily restricted.
Unless the Digital Services Coordinator acts at the request of the Commission in accordance with Article 82, it shall, before sending the request referred to in point (b) of the first subparagraph of this paragraph, give interested parties the opportunity to comment in writing within a period of at least two weeks, setting out the measures envisaged and indicating the addressee or addressees of the request. The provider of intermediary services, the addressee or addressees and any other third party who demonstrates a legitimate interest shall be entitled to participate in the proceedings before the competent judicial authority. Any measure ordered must be proportionate to the nature, gravity, repetition and duration of the infringement without unduly restricting the access of users of the service concerned to lawful information.
The restriction of access shall apply for a period of four weeks, subject to the possibility for the competent judicial authority in its order to allow the Digital Services Coordinator to extend that period up to a maximum number of further periods of the same duration determined by that judicial authority. The Digital Services Coordinator shall only extend the period if, taking into account the rights and interests of all parties affected by that restriction and all relevant circumstances, including all information that the provider of intermediary services, the addressee or addressees and any other third party who has or have demonstrated a legitimate interest can provide to it, it considers that both of the following conditions are met:
(a) the provider of intermediary services has failed to take the necessary measures to bring the infringement to an end,
(b) the temporary restriction does not unduly restrict users’ access to lawful information, taking into account the number of users concerned and whether there are suitable and easily accessible alternatives.
Where the Digital Services Coordinator considers that the conditions set out in points (a) and (b) of the third subparagraph are met, but is nevertheless unable to further extend the period referred to in the third subparagraph, it shall address a new request to the competent judicial authority in accordance with point (b) of the first subparagraph.
(4) The powers listed in paragraphs 1, 2 and 3 apply without prejudice to section 3.
(5) The measures taken by Digital Services Coordinators in the exercise of their powers referred to in paragraphs 1, 2 and 3 shall be effective, dissuasive and proportionate, taking into account in particular the nature, gravity, repetition and duration of the infringement or suspected infringement to which those measures relate and, where appropriate, the economic, technical and operational capacity of the provider of intermediary services concerned.
(6) Member States shall lay down specific conditions and procedures for the exercise of the powers referred to in paragraphs 1, 2 and 3 and shall ensure that any exercise of those powers is subject to appropriate safeguards laid down in the applicable national law in compliance with the Charter and the general principles of Union law. In particular, such measures shall be taken only in accordance with the right to respect for private life and with the rights of the defense, including the right to be heard and the right of access to the file, and subject to the right of all parties concerned to an effective judicial remedy.
(2) Sanctions must be effective, proportionate and dissuasive. Member States shall notify those rules and measures to the Commission and shall notify it without delay of any subsequent amendment affecting them.
(3) Member States shall ensure that the maximum amount of fines that can be imposed for non-compliance with an obligation laid down in this Regulation is 6 % of the annual worldwide turnover of the provider of intermediary services concerned in the preceding business year. Member States shall ensure that the maximum amount of fines that can be imposed for providing incorrect, incomplete or misleading information, for failing to reply or to correct incorrect, incomplete or misleading information and for failing to submit to an inspection is 1 % of the annual worldwide turnover of the provider of intermediary services or person concerned in the preceding business year.
(4) Member States shall ensure that the maximum amount of a periodic penalty payment is 5 % of the average daily worldwide turnover or average daily worldwide revenue of the provider of intermediary services concerned in the preceding financial year, calculated from the date specified in the relevant decision.
(2) The annual report also contains the following information:
(a) the number and subject matter of orders to act against illegal content and information orders issued by a national judicial or administrative authority of the Member State of the Digital Services Coordinator in accordance with Articles 9 and 10,
(b) compliance with those orders as notified to the Digital Services Coordinator in accordance with Articles 9 and 10.
(3) Where a Member State has designated several competent authorities in accordance with Article 49, it shall ensure that the Digital Services Coordinator prepares a single report on the activities of all competent authorities and that the Digital Services Coordinator receives all relevant information and assistance from the relevant other competent authorities.
(2) The Commission has exclusive powers to monitor and enforce Chapter III, Section 5.
(3) The Commission shall have powers to monitor and enforce this Regulation against providers of very large online platforms and very large online search engines other than those set out in Section 5 of Chapter III of this Regulation.
(4) Where the Commission has not initiated proceedings for the same infringement, the Member State in which the main establishment of the provider of a very large online platform or a very large online search engine is located shall have the powers to monitor and enforce the obligations of this Regulation in respect of such providers, unless they are laid down in Section 5 of Chapter III.
(5) Member States and the Commission shall cooperate closely to ensure that the provisions of this Regulation are monitored and enforced.
(6) Where a provider of intermediary services that is not established in the Union has no establishment, the Member State where its legal representative is resident or established or the Commission, as appropriate, shall have the powers to supervise and enforce the relevant obligations under this Regulation in accordance with paragraphs 1 and 4 of this Article.
(7) Where a provider of intermediary services does not designate a legal representative in accordance with Article 13, all Member States and, in the case of a provider of a very large online platform or a very large online search engine, the Commission shall have the powers to monitor and enforce those powers in accordance with this Article.
Where a Digital Services Coordinator intends to exercise its powers in accordance with this paragraph, it shall inform all other Digital Services Coordinators and the Commission and ensure that the applicable safeguards laid down in the Charter are respected, in particular to avoid that the same conduct is sanctioned more than once for non-compliance with the obligations laid down in this Regulation. Where the Commission intends to exercise its powers under this paragraph, it shall notify all other Digital Services Coordinators of that intention. Where a notification has been made in accordance with this paragraph, the other Member States shall not initiate proceedings for the same infringement as that referred to in the notification.
(2) For the purposes of an investigation, the Digital Services Coordinator of establishment may request other Digital Services Coordinators to provide specific information on a particular provider of intermediary services at their disposal or to exercise their investigatory powers referred to in Article 51(1) in relation to specific information located in their Member State. Where appropriate, the Digital Services Coordinator receiving such a request may involve other competent authorities or other authorities of the Member State concerned.
(3) The Digital Services Coordinator receiving a request pursuant to paragraph 2 shall comply with that request and inform the Digital Services Coordinator of the Member State of establishment of the measures taken without undue delay and no later than two months after receipt of the request, unless
(a) the scope of the subject matter of the request is not sufficiently specified, justified or proportionate to the purpose of the investigation; or
(b) neither the Digital Services Coordinator to whom the request is addressed nor any other authority of that Member State holds or has access to the requested information; or
(c) the request cannot be complied with without infringing Union or national law,
The Digital Services Coordinator receiving such a request shall justify its refusal by means of a reasoned reply within the period referred to in the first subparagraph.
(2) At the request of at least three Digital Services Coordinators of destination that have reason to believe that a specific provider of intermediary services has infringed this Regulation in a way that negatively affects users in their Member States, the Board may, unless the Commission has opened an investigation into the same infringement, request the Digital Services Coordinator of establishment to investigate the matter and take the necessary investigatory and enforcement measures to ensure compliance with this Regulation.
(3) A request pursuant to paragraph 1 or 2 must be duly justified and contain at least the following information:
(a) the contact point of the provider of intermediary services concerned in accordance with Article 11;
(b) a description of the relevant facts, the relevant provisions of this Regulation and the grounds on which the Digital Services Coordinator that issued the request or the panel suspects that the provider has infringed this Regulation, including a description of the negative consequences of the suspected infringement;
(c) any other information that the Digital Services Coordinator that submitted the request or the panel considers relevant, including, where appropriate, information gathered on its own initiative or proposals for specific investigative or enforcement measures, including interim measures.
(4) The Digital Services Coordinator of establishment shall take utmost account of the request referred to in paragraphs 1 or 2 of this Article. Where it considers that it does not have sufficient information to comply with the request and has reason to believe that the Digital Services Coordinator that issued the request or the panel could provide additional information, the Digital Services Coordinator of establishment may either request that information in accordance with Article 57 or initiate a joint investigation in accordance with Article 60(1), in which at least the Digital Services Coordinator that issued the request shall participate. The period referred to in paragraph 5 of this Article shall be suspended until that additional information has been provided or until the invitation to participate in the joint investigation has been refused.
(5) The Digital Services Coordinator of establishment shall, without undue delay and in any event no later than two months after receipt of the request referred to in paragraph 1 or 2, communicate to the Digital Services Coordinator that sent the request and to the Board the assessment of the alleged infringement and an explanation of any investigation or enforcement measures taken or envisaged in relation thereto to ensure compliance with this Regulation.
(2) The Commission shall provide an assessment of the matter within two months of its referral in accordance with paragraph 1, after having consulted the Digital Services Coordinator of establishment.
(3) Where, in accordance with paragraph 2 of this Article, the Commission considers that the assessment or the investigatory or enforcement measures taken or envisaged pursuant to Article 58(5) are not in conformity with this Regulation or are not sufficient to ensure its effective enforcement, it shall inform the Digital Services Coordinator of Establishment and the Board of its views and request the Digital Services Coordinator of Establishment to review the matter.
The Digital Services Coordinator of establishment shall take the necessary investigatory or enforcement measures to ensure compliance with this Regulation, taking utmost account of the views and the request for review of the Commission. The Digital Services Coordinator of establishment shall inform the Commission and the requesting Digital Services Coordinator or body that has taken measures pursuant to Article 58(1) or (2) of the measures taken within two months of the request for review.
(a) on its own initiative, to investigate a suspected infringement of this Regulation by a particular provider of intermediary services in several Member States; or
(b) on the recommendation of the panel acting at the request of at least three Digital Services Coordinators who, on the basis of reasonable suspicion, suspect an infringement by a particular provider of intermediary services affecting users in their Member States.
(2) A Digital Services Coordinator that demonstrates that it has a legitimate interest in participating in a joint investigation pursuant to paragraph 1 may request such an investigation. The joint investigation shall be concluded within three months of its initiation, unless the participants agree otherwise.
The Digital Services Coordinator of establishment shall communicate its preliminary views on the alleged infringement to all Digital Services Coordinators, the Commission and the Board no later than one month after the expiry of the period referred to in the first subparagraph. The preliminary position shall take into account the views of all Digital Services Coordinators participating in the joint investigation. Where appropriate, that preliminary position shall also set out the enforcement measures envisaged.
(3) The Panel may refer the matter to the Commission in accordance with Article 59 if
(a) the Digital Services Coordinator of establishment has not communicated its provisional position within the period referred to in paragraph 2;
(b) the panel disagrees substantially with the preliminary view of the Digital Services Coordinator at the place of establishment; or
(c) the Digital Services Coordinator of establishment has not initiated the joint investigation without undue delay following the recommendation of the panel referred to in point (b) of paragraph 1.
(4) When conducting the joint investigation, the Digital Services Coordinators shall cooperate in good faith, taking into account, where appropriate, the information provided by the Digital Services Coordinator of establishment and the recommendation of the Panel. Digital Services Coordinators of destination participating in the joint investigation shall be entitled, upon request or after consultation with the Digital Services Coordinator of establishment, to exercise their investigatory powers in accordance with Article 51(1) in respect of the providers of intermediary services concerned by the alleged infringement with regard to information and premises on their territory.
(2) The Board shall advise the Digital Services Coordinators and the Commission in accordance with this Regulation in order to achieve the following objectives:
(a) contribute to the uniform application of this Regulation and to the effective cooperation of Digital Services Coordinators and the Commission on matters covered by this Regulation;
(b) coordinating and contributing to guidance and analysis by the Commission, Digital Services Coordinators and other competent authorities on emerging issues related to matters covered by this Regulation across the internal market;
(c) supporting the Digital Services Coordinators and the Commission in the supervision of very large online platforms.
(2) The panel shall be chaired by the Commission. The Commission shall convene the meetings and prepare the agenda in accordance with the tasks of the Board under this Regulation and in accordance with its rules of procedure. Where the Board is requested to adopt a recommendation in accordance with this Regulation, it shall immediately make that request available to the other Digital Services Coordinators through the information exchange system referred to in Article 85.
(3) Each Member State has one vote. The Commission has no voting rights.
The panel shall adopt its decisions by simple majority. When adopting its recommendation to the Commission in accordance with the first subparagraph of Article 36(1), the panel shall vote within 48 hours of the request being made by the chairperson of the panel.
(4) The Commission shall provide administrative and analytical support for the activities of the panel in accordance with this Regulation.
(5) The panel may invite experts and observers to its meetings and cooperate with other Union bodies, offices and agencies, advisory groups and, where appropriate, external experts. The panel shall make the results of this cooperation available to the public.
(6) The committee can consult interested parties and makes the results of this consultation publicly available.
(7) The committee adopts its own rules of procedure following approval by the Commission.
a) Supporting the coordination of joint investigations;
(b) assist competent authorities in the analysis of reports and results of audits of very large online platforms or very large online search engines to be submitted in accordance with this Regulation;
(c) issue opinions, recommendations or advice to Digital Services Coordinators in accordance with this Regulation, taking into account in particular the freedom to provide services of providers of intermediary services;
(d) advising the Commission on the measures referred to in Article 66 and issuing opinions in relation to very large online platforms or very large online search engines in accordance with this Regulation;
(e) supporting and promoting the development and implementation of European standards, guidelines, reports, templates and codes of conduct in cooperation with relevant stakeholders in accordance with this Regulation, including by issuing opinions or recommendations on matters related to Article 44, and identifying emerging issues in relation to matters covered by this Regulation.
(2) Digital Services Coordinators and, where applicable, other competent authorities that do not comply with the opinions, requests or recommendations addressed to them by the Board shall, when reporting under this Regulation or when adopting their relevant decisions, state the reasons, including an explanation of the investigations and actions they have carried out, as appropriate.
(2) In addition, the Commission, in cooperation with the Digital Services Coordinators and the Board, shall coordinate the assessment of systemic and emerging issues related to very large online platforms or very large online search engines across the Union with regard to matters covered by this Regulation.
(3) The Commission may request the Digital Services Coordinators, the Board and other Union institutions, bodies, offices and agencies with relevant expertise to assist it in the assessment of systemic and emerging issues across the Union under this Regulation.
(4) Member States shall cooperate with the Commission, in particular through their respective Digital Services Coordinators and, where appropriate, other competent authorities, including by making their expertise and capacities available.
(2) Where a Digital Services Coordinator has reason to believe that a provider of a very large online platform or a very large online search engine has infringed or is systematically infringing the provisions of Section 5 of Chapter III of this Regulation and that this infringement has a serious impact on users in its Member State, it may submit a request to the Commission to investigate the matter through the information exchange system referred to in Article 85.
(3) A request pursuant to paragraph 2 must be duly justified and contain at least the following information:
(a) the contact point of the relevant provider of the very large online platform or very large online search engine referred to in Article 11;
(b) a description of the relevant facts, the relevant provisions of this Regulation and the grounds on which the Digital Services Coordinator that sent the request suspects that the provider of a very large online platform or very large online search engine concerned has infringed this Regulation, including a description of the facts demonstrating that the infringement is of a systemic nature;
(c) any other information that the Digital Services Coordinator who sent the request considers relevant, including, where appropriate, information gathered on its own initiative.
(2) Where the Commission decides to initiate a procedure under paragraph 1 of this Article, it shall notify all Digital Services Coordinators and the panel on the information exchange system referred to in Article 85, as well as the provider of the very large online platform or very large online search engine concerned.
The Digital Services Coordinators shall provide the Commission, without delay after being informed of the initiation of the procedure, with all information at their disposal concerning the infringement in question.
The initiation of proceedings by the Commission pursuant to paragraph 1 of this Article shall relieve the Digital Services Coordinator and, where applicable, any competent authorities of their powers to monitor and enforce obligations under Article 56(4) of this Regulation.
(3) In the exercise of its investigatory powers under this Regulation, the Commission may request the individual or joint assistance of Digital Services Coordinators concerned by the alleged infringement, including the Digital Services Coordinator of establishment. The Digital Services Coordinators that have received such a request and any other competent authority, if involved by the Digital Services Coordinator, shall cooperate sincerely and expeditiously with the Commission and shall be entitled to exercise their investigatory powers in accordance with Article 51(1) in respect of the provider of the very large online platform or very large online search engine concerned with regard to information, persons and premises on the territory of their Member State and in accordance with the request.
(4) The Commission shall provide the Digital Services Coordinator of establishment and the Board with all relevant information on the exercise of the powers referred to in Articles 67 to 72 and shall communicate its preliminary assessment to the Board in accordance with Article 79(1). The Board shall submit its views on the preliminary assessment to the Commission within a time limit set in accordance with Article 79(2). The Commission shall take the utmost account of the views of the panel in its decision.
(2) When sending a simple request for information to the provider of a very large online platform or a very large online search engine concerned or to another person in accordance with paragraph 1, the Commission shall state the legal basis and the purpose of the request, specify what information is required and set the time limit for providing the information and indicate the fines provided for in Article 74 in the event that incorrect, incomplete or misleading information is provided.
(3) Where the Commission requests, by decision, that the provider of a very large online platform or a very large online search engine or any other person submit information pursuant to paragraph 1, it shall state the legal basis and the purpose of the request, specify what information is required and set the time limit within which the information is to be provided. It shall also indicate the fines provided for in Article 74 or indicate or impose periodic penalty payments provided for in Article 76. In addition, it shall refer to the right to have the decision reviewed by the Court of Justice of the European Union.
(4) The providers of the very large online platform or very large online search engine concerned or any other person referred to in paragraph 1 or their representatives and, in the case of legal persons, companies or firms, or where they have no legal personality, the persons authorized to represent them by law or by their constitution, shall provide the requested information on behalf of the provider of the very large online platform or very large online search engine concerned or any other person referred to in paragraph 1. Duly authorized lawyers may provide the information on behalf of their clients. The latter shall remain fully responsible for ensuring that the information provided is complete, accurate and not misleading.
(5) At the request of the Commission, Digital Services Coordinators and other competent authorities shall provide the Commission with all information necessary to carry out the tasks assigned to it under this Section.
(6) The Commission shall transmit a copy of the simple request or decision referred to in paragraph 1 of this Article to the Digital Services Coordinators through the information exchange system referred to in Article 85 without undue delay after its transmission.
(2) Where the consultation referred to in paragraph 1 is not carried out on the premises of the Commission, the Commission shall inform the Digital Services Coordinator of the Member State on whose territory the consultation takes place. At the request of that Digital Services Coordinator, its officials may assist the Commission officials in charge of the interview and the other accompanying persons authorized by it.
(2) The Commission officials responsible for the inspections and the other accompanying persons authorized by the Commission are authorized,
(a) enter any premises, land or means of transportation of the relevant provider of a very large online platform or a very large online search engine or the relevant other person,
b) to check the books and other records in connection with the provision of the service in question, irrespective of the respective data carrier,
c) to make or request copies or extracts in any form whatsoever from these books and other records,
(d) require the provider of a very large online platform or a very large online search engine or the other person concerned to provide access to and explain the organization, functioning, IT system, algorithms, data management and business practices and to record or document those explanations,
e) to seal all premises used by the provider of a very large online platform or a very large online search engine or the other person concerned for the purposes of his/her commercial, business, craft or professional activity, as well as all books and other records for the duration of the inspection and to the extent necessary for the inspection,
(f) to ask any representative or official of the very large online platform provider or very large online search engine provider or other person concerned to provide explanations on facts or documents relating to the subject matter and purpose of the inspection and to record the answers,
(g) to address questions relating to the subject matter and purpose of the inspection to such representatives or officials and to record the answers.
(3) Verifications may be carried out with the assistance of auditors or experts designated by the Commission in accordance with Article 72(2) and with the assistance of the Digital Services Coordinator or other competent national authorities of the Member State on whose territory the verification is to be carried out.
(4) Where the requested books or other records relating to the provision of the service concerned have not been produced in full or where the answers to the questions asked in accordance with paragraph 2 are incorrect, incomplete or misleading, the officials and other accompanying persons authorized by the Commission to conduct an inspection shall exercise their powers upon production of a written mandate specifying the subject matter and purpose of the inspection and indicating the penalties provided for in Articles 74 and 76 applicable to the case. The Commission shall inform the Digital Services Coordinator of the Member State on whose territory the inspection is to be carried out in good time before the inspection.
(5) During inspections, the officials and other accompanying persons authorized by the Commission, the auditors or experts designated by it, the Digital Services Coordinator or the other competent authorities of the Member State on whose territory the inspection is carried out may request explanations from the very large online platform provider or very large online search engine provider or other person concerned on the organization, functioning, IT system, algorithms, data management and business conduct and may question its key personnel.
(6) The provider of a very large online platform or very large online search engine or other natural or legal person concerned shall be obliged to submit to inspections ordered by decision of the Commission. The decision shall specify the subject matter and purpose of the inspection, fix the date on which it is to begin, indicate the penalties provided for in Articles 74 and 76 and refer to the right to have the decision reviewed by the Court of Justice of the European Union. The Commission shall consult the Digital Services Coordinator of the Member State on whose territory the inspection is to be carried out before taking that decision.
(7) The officials of the Digital Services Coordinator of the Member State on whose territory the verification is to be carried out and the other persons authorized or designated by it shall, at the request of that Digital Services Coordinator or of the Commission, actively assist the officials of the Commission and the other accompanying persons authorized by it in the verification. To that end, they shall have the powers listed in paragraph 2.
(8) Where the officials or other accompanying persons authorized by the Commission find that the provider of a very large online platform or very large online search engine or the other person concerned opposes an inspection ordered pursuant to this Article, the Member State on whose territory the inspection is to be carried out shall provide those officials or other authorized persons, at their request and in accordance with the law of the Member State, with the necessary assistance, including coercive measures by a competent law enforcement authority if permitted under national law, to enable them to carry out the inspection.
(9) Where the assistance provided for in paragraph 8 requires authorization from a national judicial authority in accordance with the national law of the Member State concerned, the Digital Services Coordinator of that Member State shall apply for such authorization at the request of the Commission officials and other accompanying persons authorized by the Commission. The authorization may also be requested on a precautionary basis.
(10) Where the authorization referred to in paragraph 9 is requested, the national judicial authority to which the case has been referred shall verify whether the Commission decision ordering the inspection is authentic and whether the coercive measures envisaged are neither arbitrary nor excessive having regard to the subject matter of the inspection. When carrying out such an inspection, the national judicial authority may ask the Commission, directly or through the Digital Services Coordinators of the Member State concerned, for detailed explanations, in particular on the grounds on which the Commission suspects an infringement of this Regulation, the seriousness of the alleged infringement and the nature of the involvement of the very large online platform provider or very large online search engine provider or other person concerned. However, the national judicial authority may neither question the necessity of the inspection nor request information from the Commission’s file. The legality of the Commission’s decision is exclusively subject to review by the Court of Justice of the European Union.
(2) A resolution pursuant to paragraph 1 shall be valid for a limited period of time and may be extended if necessary and appropriate.
(2) The Commission may reopen the proceedings upon request or ex officio,
a) if there has been a material change in the facts on which the decision was based,
b) if the provider of a very large online platform or a very large online search engine breaches its commitments, or
(c) where the decision was based on incomplete, incorrect or misleading information provided by the provider of a very large online platform or very large online search engine concerned or any other person referred to in Article 67(1).
(3) Where the Commission considers that the commitments offered by the provider of a very large online platform or very large online search engine concerned cannot ensure effective compliance with the relevant provisions of this Regulation, it shall reject those commitments in a reasoned decision at the end of the procedure.
(2) The measures referred to in paragraph 1 may include the designation of independent external experts and auditors and the designation of experts and auditors from national competent authorities, with the agreement of the authority concerned, to assist the Commission in monitoring the effective implementation of and compliance with the relevant provisions of this Regulation and to provide the Commission with specific expertise or knowledge.
(a) the relevant provisions of this Regulation,
(b) provisional measures ordered in accordance with Article 70,
(c) commitments binding in accordance with Article 71.
(2) Before adopting the decision referred to in paragraph 1, the Commission shall communicate its preliminary assessment to the provider of a very large online platform or very large online search engine concerned. In that preliminary assessment, the Commission shall explain what measures it intends to take or the provider of a very large online platform or very large online search engine concerned should take in order to take effective account of the preliminary assessment.
(3) In the decision adopted pursuant to paragraph 1, the Commission shall order the provider of a very large online platform or very large online search engine concerned to take the necessary measures to ensure compliance with the decision referred to in paragraph 1 within a reasonable period of time specified therein and to provide information on the measures that provider intends to take to comply with that decision.
(4) The provider of a very large online platform or very large online search engine concerned shall provide the Commission with a description of the measures it has taken to ensure compliance with the decision referred to in paragraph 1 when implementing it.
(5) If the Commission finds that the conditions of paragraph 1 are not met, it shall conclude the investigation with a decision. The decision shall be immediately applicable.
(a) infringes the relevant provisions of this Regulation,
(b) fails to comply with an order imposing provisional measures pursuant to Article 70; or
(c) fails to comply with a commitment which has been declared binding by a decision pursuant to Article 71.
(2) The Commission may by decision impose on the provider of a very large online platform or a very large online search engine or on any other natural or legal person referred to in Article 67(1) fines not exceeding 1 % of the total annual revenue or the total annual worldwide turnover in the preceding business year where, intentionally or negligently
(a) provides incorrect, incomplete or misleading information in response to a simple request or a request made by decision in accordance with Article 67,
b) does not respond to a request for information issued by way of a resolution within the set deadline,
c) fails to correct incorrect, incomplete or misleading information provided by an employee within the time limit set by the Commission or fails or refuses to provide complete information,
(d) refuses to submit to an inspection pursuant to Article 69,
(e) does not comply with the measures adopted by the Commission pursuant to Article 72; or
(f) does not comply with the conditions for access to the Commission file referred to in Article 79(4).
(3) Before adopting the decision referred to in paragraph 2, the Commission shall notify the provider of a very large online platform or very large online search engine concerned or any other person referred to in Article 67(1) of its preliminary assessment.
(4) In setting the amount of the fine, the Commission shall take into account the nature, gravity, duration and repetition of the infringement and, in the case of fines imposed pursuant to paragraph 2, the delay caused in the proceedings.
(2) In the decision referred to in Article 73, the Commission shall require the provider of a very large online platform or very large online search engine concerned to submit to the Digital Services Coordinator, the Commission and the Board, within a reasonable period specified in the decision, an action plan setting out the measures necessary and sufficient to bring the infringement to an end or to remedy it. Those measures shall include a commitment to carry out an independent audit of the implementation of the other measures referred to in Article 37(3) and (4), specifying the identity of the auditors and the procedure, timing and follow-up of the audit. The measures may also include a commitment to participate in a relevant code of conduct in accordance with Article 45.
(3) Within one month of receipt of the action plan, the panel shall submit its opinion on the action plan to the Commission. Within one month of receipt of this opinion, the Commission shall decide whether the measures provided for in the action plan are sufficient to bring the infringement to an end or to remedy it and shall set a reasonable deadline for its implementation. In taking this decision, it shall take into account any commitment to comply with the relevant codes of conduct. The Commission shall then monitor the implementation of the action plan. To that end, the provider of a very large online platform or very large online search engine concerned shall submit the audit report to the Commission once it is available and shall keep the Commission informed of the steps taken to implement the action plan. Where necessary for such monitoring, the Commission may request the very large online platform provider or very large online search engine provider concerned to provide additional information within a reasonable time limit set by the Commission.
The Commission shall keep the Panel and the Digital Services Coordinators informed of the implementation of the Action Plan and of its monitoring of implementation.
(4) The Commission may take the necessary measures in accordance with this Regulation, in particular Article 76(1)(e) and Article 82(1), where
a) the provider of the very large online platform or very large online search engine concerned fails to submit an action plan, the audit report, up-to-date information or the requested additional information within the specified time limit,
(b) the Commission rejects the proposed action plan because it considers that the measures provided for therein are not sufficient to bring the infringement to an end or to remedy it; or
(c) the Commission considers, on the basis of the audit report, any updated information or additional information or any other relevant information at its disposal, that the implementation of the action plan is not sufficient to bring the infringement to an end or to remedy it.
(a) provide correct and complete information in response to a decision to request information in accordance with Article 67,
(b) to submit to an inspection ordered by the Commission by means of a decision pursuant to Article 69,
(c) comply with a decision ordering provisional measures pursuant to Article 70(1),
(d) comply with commitments declared binding by a decision pursuant to Article 71(1),
(e) comply with a decision referred to in Article 73(1) and, where applicable, with the requirements of the action plan referred to in Article 75 contained therein.
(2) Where the provider of a very large online platform or a very large online search engine or any other person referred to in Article 67(1) has complied with the obligation which the periodic penalty payment was intended to enforce, the Commission may set the final amount of the periodic penalty payment at a lower amount than the amount set out in the initial decision.
(2) The time limit shall run from the day on which the infringement was committed. In the case of continuing or repeated infringements, however, the time limit shall run from the day on which the infringement ceases.
(3) Any action taken by the Commission or the Digital Services Coordinator for the purpose of investigating or prosecuting an infringement shall interrupt the limitation period for the imposition of fines or periodic penalty payments. Measures that interrupt the limitation period include in particular
(a) a request for information from the Commission or a Digital Services Coordinator,
b) Verifications,
(c) the opening of proceedings by the Commission pursuant to Article 66(1).
(4) After each interruption, the period shall begin anew. However, the limitation period for the imposition of fines or periodic penalty payments shall expire at the latest on the day on which a period equal to twice the limitation period has elapsed without the Commission having imposed a fine or periodic penalty payment. That period shall be extended by the period during which the limitation period was suspended in accordance with paragraph 5.
(5) The limitation period for the enforcement of fines or periodic penalty payments is suspended for as long as proceedings relating to the Commission’s decision are pending before the Court of Justice of the European Union.
(2) The limitation period runs from the day on which the decision becomes legally binding.
(3) The limitation period for the enforcement of sanctions is interrupted by the following:
(a) the notification of a decision amending the original amount of the fine or periodic penalty payment or rejecting an application for such an amendment,
(b) any measure aimed at the enforced recovery of the fine or periodic penalty payment by the Commission or by a Member State acting at the request of the Commission.
(4) The period begins anew after each interruption.
(5) The limitation period for the enforcement of sanctions is suspended as long as
a) a payment period has been granted,
b) enforcement is suspended by a decision of the Court of Justice of the European Union or a decision of a national court.
(a) the Commission’s preliminary assessment, including the statement of objections; and
(b) the measures which the Commission intends to take in the light of the preliminary assessment referred to in point (a).
(2) The provider of a very large online platform or very large online search engine concerned or any other person referred to in Article 67(1) may submit comments on the Commission’s preliminary assessment within a reasonable period set by the Commission in its preliminary assessment, which shall not be less than 14 days.
(3) The Commission bases its decisions exclusively on objections on which the parties concerned have had the opportunity to comment.
(4) The rights of defense of the parties concerned shall be fully respected during the proceedings. Subject to the legitimate interest of the provider of a very large online platform or a very large online search engine concerned or the other person concerned in the protection of their business secrets, they have the right to inspect the Commission’s files by mutual agreement. The Commission is authorized to take decisions on the terms of disclosure in the event of disagreement between the parties. The right of access to the Commission’s files shall not extend to confidential information and internal documents of the Commission, the Panel, the Digital Services Coordinators, other competent authorities or other public authorities of the Member States. In particular, correspondence between the Commission and the authorities of the Member States shall be excluded from access to the file. Nothing in this paragraph shall prevent the Commission from disclosing and using the information necessary to prove an infringement.
(5) The information obtained in accordance with Articles 67, 68 and 69 shall be used exclusively for the purposes of this Regulation.
(2) Publication shall take into account the rights and legitimate interests of the provider of a very large online platform or a very large online search engine concerned, any other person referred to in Article 67(1) and any third parties in the protection of their confidential information.
Before sending such a request to the Digital Services Coordinator, the Commission shall give interested parties the opportunity to comment in writing within a period of at least 14 working days, describing the measures envisaged and indicating the addressee or addressees of the request.
(2) Where the consistent application of this Regulation so requires, the Commission may, on its own initiative, send a written opinion to the competent judicial authority referred to in Article 51(3). With the agreement of the judicial authority concerned, it may also deliver an oral opinion.
For the sole purpose of preparing its opinion, the Commission may request that judicial authority to provide it with all the documents necessary for the assessment of the case or to ensure that they are provided.
(3) Where a national court rules on a matter which is already the subject of a Commission decision under this Regulation, that national court shall not take a decision contrary to that Commission decision. National courts shall also avoid taking decisions which might conflict with a decision which the Commission intends to take in proceedings initiated by it under this Regulation. To that end, the national court may consider whether it is necessary to stay the proceedings before it. This shall be without prejudice to Article 267 TFEU.
(a) the procedures referred to in Articles 69 to 72,
(b) the hearings referred to in Article 79,
(c) the consensual disclosure of information in accordance with Article 79.
Before taking the measures referred to in paragraph 1, the Commission shall publish a draft of those measures and invite all interested parties to submit their comments within the time limit specified therein, which shall not be less than one month. Those implementing acts shall be adopted in accordance with the advisory procedure referred to in Article 88.
(2) The Digital Services Coordinators, the Commission and the Board shall use the information exchange system for all communications under this Regulation.
(3) The Commission shall adopt implementing acts laying down the practical and operational arrangements for the functioning of the information exchange system and its interoperability with other relevant systems. Those implementing acts shall be adopted in accordance with the advisory procedure referred to in Article 88.
a) It does not intend to make a profit.
(b) it is properly constituted in accordance with the law of a Member State.
c) Its statutory objectives give rise to a legitimate interest in ensuring compliance with this Regulation.
(2) Online platform providers shall take the necessary technical and organizational measures to ensure that complaints submitted by entities, organizations or associations referred to in paragraph 1 of this Article on behalf of users through the mechanisms referred to in Article 20(1) are dealt with and resolved as a matter of priority and without undue delay.
(2) The power to adopt delegated acts referred to in Articles 24, 33, 37, 40 and 43 shall be conferred on the Commission for a period of five years from November 16, 2022. The Commission shall draw up a report in respect of the delegation of power not later than nine months before the end of the five-year period. The delegation of power shall be tacitly extended for periods of an identical duration, unless the European Parliament or the Council opposes such extension not later than three months before the end of each period.
(3) The delegation of power referred to in Articles 24, 33, 37, 40 and 43 may be revoked at any time by the European Parliament or by the Council. A decision of revocation shall put an end to the delegation of the power specified in that decision. It shall take effect the day following the publication of the decision in the Official Journal of the European Union or at a later date specified therein. The decision of revocation shall not affect the validity of any delegated acts already in force.
(4) Before adopting a delegated act, the Commission shall consult experts designated by each Member State in accordance with the principles laid down in the Interinstitutional Agreement of April 13, 2016 on Better Law-Making.
(5) As soon as it adopts a delegated act, the Commission shall notify it simultaneously to the European Parliament and to the Council.
(6) A delegated act adopted pursuant to Articles 24, 33, 37, 40 and 43 shall enter into force only if no objection has been expressed either by the European Parliament or the Council within a period of three months of notification of that act to the European Parliament and the Council or if, before the expiry of that period, the European Parliament and the Council have both informed the Commission that they will not object. That period shall be extended by three months at the initiative of the European Parliament or the Council.
(2) Where reference is made to this paragraph, Article 4 of Regulation (EU) No 182/2011 shall apply.
(2) References to Articles 12 to 15 of Directive 2000/31/EC shall be construed as references to Articles 4, 5, 6 and 8 of this Regulation.
“(68)
Regulation (EU) 2022/2065 of the European Parliament and of the Council of 19 October 2022 on a single market for digital services (Digital Services Act) and amending Directive 2000/31/EC (Digital Services Act) (OJ L 277, 27.10.2022, p. 1).”
By November 17, 2025, the Commission shall assess the following and report to the European Parliament, the Council and the European Economic and Social Committee:
(a) the application of Article 33, including the scope of providers of intermediary services subject to the obligations laid down in Section 5 of Chapter III of this Regulation,
(b) the way in which this Regulation interacts with other legal acts, in particular those referred to in Article 2(3) and (4).
(2) By November 17, 2027, and every five years thereafter, the Commission shall evaluate this Regulation and report to the European Parliament, the Council and the European Economic and Social Committee.
This report deals with the following in particular:
(a) the application of points (a) and (b) of the second subparagraph of paragraph 1,
(b) the contribution of this Regulation to the deepening and efficient functioning of the internal market for intermediary services, in particular with regard to the cross-border provision of digital services,
(c) the application of Articles 13, 16, 20, 21, 45 and 46,
d) the scope of the obligations for small and micro-enterprises,
e) the effectiveness of monitoring and enforcement mechanisms,
f) the impact on respect for the right to freedom of expression and information.
(3) The reports referred to in paragraphs 1 and 2 shall be accompanied, if necessary, by a proposal to amend this Regulation.
(4) In the report referred to in paragraph 2, the Commission shall also assess and report on the annual reports on the activities of the Digital Services Coordinators to be submitted to the Commission and to the panel referred to in Article 55(1).
(5) For the purposes of paragraph 2, Member States and the panel shall provide information at the request of the Commission.
(6) In the assessments referred to in paragraph 2, the Commission shall take into account the views and findings of the European Parliament, the Council and other relevant bodies or sources and shall pay particular attention to small and medium-sized enterprises and the position of new entrants.
(7) By February 18, 2027, the Commission shall, after consulting the Board and taking into account the first years of application of the Regulation, carry out an evaluation of the functioning of the Board and the application of Article 43 and report thereon to the European Parliament, the Council and the European Economic and Social Committee. On the basis of the results and taking utmost account of the opinion of the panel, that report shall be accompanied, if appropriate, by a proposal to amend this Regulation as regards the structure of the panel.
(2) This regulation applies from February 17, 2024.
However, Article 24(2), (3) and (6), Article 33(3) to (6), Article 37(7), Article 40(13) and Sections 4, 5 and 6 of Chapter IV shall apply from November 16, 2022. This Regulation shall be binding in its entirety and directly applicable in all Member States.