European Tech Law Faces Test to Address Interference, Threats, and Disinformation in 2024 Elections

The DSA is a useful model constructed around three principles: due diligence requirements for tech companies, mandated transparency via public reporting of their compliance with those requirements, and the threat of hefty fines to ensure compliance and accountability. The size of the EU market is large enough that, as with the General Data Protection Regulation (GDPR), some tech companies may be incentivized to comply with the law’s provisions even without sanctions. The DSA’s strictest provisions apply to the world’s largest online platforms and search engines (those with more than 45 million users). These companies are required to routinely assess activity on their platforms and services for “systemic risks” involving elections, illegal content, human rights, gender-based violence, protection of minors, and public health and safety. 

Companies have delivered initial assessments, which are publicly available, as well as information about the actions they have taken to comply. The EU website hosts a massive and growing online archive of hundreds of thousands of content moderation decisions made by the companies. In early enforcement actions, the EU has requested that Meta and other companies take down false ads and sought more information about their safety practices. For example, the EU queried X about its decision to cut its content moderation team by 20 percent since last October. Reduced content moderation on one of the world’s largest platforms is obviously a great concern given the number of elections and aggressive disinformation and interference campaigns by Russia and its proxies as it seeks to boost the fortunes of rising rightwing populists, Euroskeptic parties, and pro-Russian and anti-Ukraine candidates, as recently occurred in Slovakia and other Central and Eastern European countries.  

Thus far, the DSA has not yet levied fines, but the threat alone of stiff penalties of up to 6 percent of gross revenues has led most companies to provide the required information. This treasure trove of information about how these tech companies are policing their own platforms is itself valuable; it enables governments and researchers to understand the effectiveness of measures being employed by trust and safety divisions of companies, some of which embrace the goal of a safe internet. The EU law explicitly seeks to guard free speech as well as innovation by companies, but the experience of implementation will inform lingering concerns about free speech, direct government decision-making, and censorship of content, including whether an authoritarian government could exercise control over their populations through digital policing and firewalls. Those concerns color the current negotiations at the United Nations over a Global Digital Compact, which is to be announced as part of the Summit of the Future in September. 

The essence of the DSA is not to make content decisions directly but to set standards for due diligence and require companies to demonstrate that they are monitoring and mitigating risks via their own codes of conduct. Voluntary standards may vary, but the sharpest debates revolve around defining what constitutes illegal content. The EU has taken additional measures to harmonize laws regarding what is illegal content across the EU member states, which has been a difficult and contentious matter. The United Kingdom (UK) went through a similar multiyear debate over concerns about curtailing free speech before passing its Online Safety Act late last year. The UK law adopted some features in the DSA, including the due diligence reporting requirement and fines of up to ten percent of gross revenue. It defines the scope of risks more narrowly than the DSA, although the UK law does criminalize “extreme” pornography and may criminalize the creation of deepfake porn. Enforcement of the UK law awaits finalization of codes of conduct by year’s end. The EU also has moved to harmonize what constitutes illegal content as the laws of the twenty-seven member states currently vary greatly in defining what is illegal. Germany’s Network Enforcement Act, which was passed in 2018, is one of the world’s stiffest hate speech laws, which aims to stem rising neo-Nazi hate speech. The far-right Alternative fur Deutschland party has surged in state elections and exceeded the popularity of the leading Social Democrats in national polls. 

Thus far, the DSA has not yet levied fines, but the threat alone of stiff penalties of up to 6 percent of gross revenues has led most companies to provide the required information. This treasure trove of information about how these tech companies are policing their own platforms is itself valuable; it enables governments and researchers to understand the effectiveness of measures being employed by trust and safety divisions of companies, some of which embrace the goal of a safe internet. The EU law explicitly seeks to guard free speech as well as innovation by companies, but the experience of implementation will inform lingering concerns about free speech, direct government decision-making, and censorship of content, including whether an authoritarian government could exercise control over their populations through digital policing and firewalls. Those concerns color the current negotiations at the United Nations over a Global Digital Compact, which is to be announced as part of the Summit of the Future in September. 

The essence of the DSA is not to make content decisions directly but to set standards for due diligence and require companies to demonstrate that they are monitoring and mitigating risks via their own codes of conduct. Voluntary standards may vary, but the sharpest debates revolve around defining what constitutes illegal content. The EU has taken additional measures to harmonize laws regarding what is illegal content across the EU member states, which has been a difficult and contentious matter. The United Kingdom (UK) went through a similar multiyear debate over concerns about curtailing free speech before passing its Online Safety Act late last year. The UK law adopted some features in the DSA, including the due diligence reporting requirement and fines of up to ten percent of gross revenue. It defines the scope of risks more narrowly than the DSA, although the UK law does criminalize “extreme” pornography and may criminalize the creation of deepfake porn. Enforcement of the UK law awaits finalization of codes of conduct by year’s end. The EU also has moved to harmonize what constitutes illegal content as the laws of the twenty-seven member states currently vary greatly in defining what is illegal. Germany’s Network Enforcement Act, which was passed in 2018, is one of the world’s stiffest hate speech laws, which aims to stem rising neo-Nazi hate speech. The far-right Alternative fur Deutschland party has surged in state elections and exceeded the popularity of the leading Social Democrats in national polls. 

Linda Robinson is Senior Fellow for Women and Foreign Policy at CFRThis article is published courtesy of the Council on Foreign Relations (CFR).