A new European regulatory regime: What are the Dos and Don’ts?

21 Jun 2022 14:45h - 15:30h

Session webpage

Event report

Over the last decade, the EU has started a wave of legislation on digital technologies and companies, specifically on content moderation, monitoring and control mechanisms, intermediary liabilities, and transparency obligations. Panellists were invited to speak about the consequences of these regulations and on what stakeholders must do to steer the EU regulatory regime and the general industrial standard-setting practices in the right direction. 

Although not under the EU, the Council of Europe has often laid firm foundations for potential EU legislation as it helps achieve binding treaties among and beyond Europe. Mr Thomas Schneider (Ambassador and Director of International Affairs, the Swiss Federal Office of Communication) explained that the Council of Europe, set up after World War II, has become an important generator of soft law instruments, such as guidelines or recommendations. It has also produced more than 250 binding treaties signed by both member states and non-member states, reaching a broad range of players beyond those on European soil. Such influence is significant in setting standards and achieving agreement before the EU takes legislative action. Schneider mentioned the ongoing efforts of the Council of Europe to develop an ethical charter for the use of AI and the relevant judicial systems advised by European values such as human rights, democracy, and the rule of law. As all 27 members of the EU are also members of the Council of Europe, Schneider expected the two entities to work closely to ensure the interoperability of these instruments. 

Mr Jacques Beglinger (Co-chair, the Swiss IGF) presented a comprehensive mapping of all of EU digital legislation. Beglinger stressed that EU legislation does not operate in a vacuum; instead, much of the work is based on previous work of the Organisation for Economic Co-operation and Development (OECD) or the Council of Europe. Beglinger highlighted that EU legislation extends both horizontally, covering topics related to digital technologies, and vertically, detailing sectoral approaches within each digital topic. An example of a horizontal expansion includes the extension of privacy in the General Data Protection Regulation (GDPR) to general platform obligations in the Digital Services Act (DSA) package. On the other hand, an example of a vertical expansion includes the more sector-specific obligations outlined by the EU Health Union with regard to the health data space on top of the GDPR. 

When asked about his take on the existing and upcoming digital legislations, Mr Vittorio Bertola (Head of Policy & Innovation, Open-Xchange) believed that it is best if we examine each act separately for its consequences and performance. Referencing the growing interest in children’s rights in cyberspace, Bertola mentioned varying approaches to regulations and, therefore, differences in regulatory acts in drawing lines between individual fundamental rights to protect certain groups. An audience member and panellist, Ms Jutta Croll (Project Manager Children’s Rights and Child Protection in the Digital World, Stiftung Digitale Chancen), indicated that the frequent references each act makes with regard to one another and the multiple linkages between these acts render individual evaluation difficult. Croll suggested that we should look at the wider landscape of EU legislation and allow regulatory acts to override each other to fit the implementation reality after entering into force. 

However, as wide-reaching as the various legislative acts seem, Beglinger underscored that almost 90% are not in force due to the slow progression of the legal track. This contradicts the rapid development of technology and technical standardisation, hinting that EU actors can act only on rough consensus. On the other hand, companies, especially small and medium enterprises (SMEs), often need to predict which regulations are coming and their potential obligations. An audience member said that while a lot of activity on the regulatory front occurs, where the regulators and civil society groups interact frequently, yet a lack of presence of the policymakers on the technological standard-setting front allows technical companies to lead the rulemaking of new technologies. Beglinger harkened back to the point that, as the EU is acting mostly on rough consensus, many soft law instruments are standing in place of hard law regulations. This would be a point of entry for civil society groups to influence both the legislative front and technological standard-setting front. 

On the side, Croll explicated the 3-step mechanisms of the coming regulation on Child Sexual Abuse Material (CSAM) on online platforms. At first, a risk assessment would be made of the platform to discover potential pitfalls that might enable children’s sexual abuse. Developers would then be asked to make adjustments of the platform. A detection order would be in place only when the previous steps all failed. 

By Yung-Hsuan Wu