EU Commission advances its Digital Single Market regulatory and antitrust strategy

In the first half of 2016, the European Commission has moved aggressively forward with its regulatory Digital Single Market (“DSM”) strategy, a multifaceted regulatory agenda announced in May 2015 to promote online security and commerce. These measures include new and proposed legislation and other measures relating to cybersecurity, geoblocking, online platforms, the collaborative economy and standard setting, with a strong consumer protection focus. In parallel, the Commission’s Directorate-General for Competition (“DG COMP”) is pursuing enforcement actions and investigations that feed into and reinforce the Commission’s regulatory agenda.

The Commission’s blizzard of communications, proposed legislation, guidelines and enforcement actions will affect virtually all businesses active in the EU. The impact of all these initiatives can be difficult to assess, in part because the Commission is moving on so many fronts at the same time, and connections between the different proposals can be difficult to discern.

The main recent initiatives can be divided into three main areas, cybersecurity, e-commerce and digitizing European industry:

• Cybersecurity: The EU Directive on security of network and information systems (the NIS Directive) was adopted on July 6, 2016 and will enter into force in August 2016. On July 5, the Commission announced a new package of cybersecurity measures, including a communication on strengthening EU cybersecurity (the “Cybersecurity Communication”) and a decision providing for the establishment of a contractual public-private partnership (the “cybersecurity cPPP”) between the Commission and the European Cyber Security Organisation (ESCO), which is expected to trigger €1.8 billion of investment by 2020.
• E-Commerce: In early June and late May 2016, the Commission announced several measures to promote e-commerce, including a communication on the European agenda for the collaborative economy (the “Collaborative Economy Communication”) and a communication on stimulating cross-border e-commerce (the “E-Commerce Communication”), which in turn included a proposed regulation on unjustified geoblocking (the “Geoblocking Regulation”), a proposal for a regulation on cross-border parcel delivery services, a proposal for amendments to the consumer protection cooperation regulation, guidance on the application of the unfair commercial practices directive, a communication on online platforms and a related staff working document (the “Online Platform Communication”), as well as a proposal for a revised directive on audiovisual media services. The Commission’s antitrust-related initiatives include publication, in March 2016, of a DG COMP report on geo-blocking practices (the “Interim Geoblocking Report”), which represents the preliminary results of DG COMP’s e-commerce sector investigation, and the acceptance, on July 26, 2016, of commitments in the long-running pay-TV case.
• Digitizing European industry: on April 19, 2016, the Commission published four communications, on digitizing European industry, a European cloud initiative, an EU e-Government Action Plan and ICT standardization priorities (the “DSM Priority Standardisation Plan”).

This briefing summarises the status of the Commission’s DSM and related antitrust initiatives as of July 2016 in each of these areas. For further background, please see our original client briefing on the Commission’s DSM strategy and our November and December 2015 updates.

Separately, the Commission has recently concluded consultations on the introduction of 5G networks; the safety of apps and other non-embedded software not covered by sector-specific legislation; the role of publishers in the copyright value chain and the “panorama exception”; the evaluation and review of the e-privacy directive following the adoption of the new General Data Protection Regulation; and revision of the European Interoperability Framework for European public services. The Commission’s proposals deriving from these consultations will follow in most cases later this year. Also later this year, the Commission will conduct a consultation on global cooperation on eHealth.

For multinationals, the principal significance of the NIS Directive lies in the obligations it imposes on two broadly defined categories of entities, “operators of essential services” and “digital service providers.” “Operators of essential services” are operators in the energy, transport, banking, financial market infrastructure, health, water, and digital infrastructure sectors that are identified as “essential” by Member State authorities by November 2018. “Digital service providers” are businesses that provide an online marketplace, online search engine, or cloud computing service.

These businesses will have to take steps to “prevent and minimise” the impact of incidents affecting the network and information systems they use with a view to ensuring the continuity of those services. In addition, the operators of essential services will have to notify incidents having a “significant impact on the continuity of the essential services” that they provide, which shall be determined by reference to high-level parameters set out in the NIS Directive, which each Member State will need to further define in order for the parameters to be practically usable.

In its Cybersecurity Communication, the Commission proposes to build on the NIS Directive by proposing a “cooperation blueprint” to coordinate the approaches of Member State and other actors in the cybersecurity ecosystem to cyberattacks and an “information hub” to allow EU and Member State institutions to share information and a high-level expert group. To encourage the development of the European cybersecurity industry, the Commission proposes to establish a European ICT security certification and labeling framework, which could be adopted in various sectors, including infrastructure projects and European public procurement, and adopted in the validation of new technologies, such as industrial automation, Internet of Things and cloud technology.

The cybersecurity cPPP is intended to promote the European cybersecurity industry, among other things through common “building blocks” in areas such as encrypted storage and processing and secured communication to help ensure the compatibility of solutions across borders.  The cybersecurity cPPP will invite customers of cybersecurity solutions to define common digital security and privacy requirements for their sectors. The cPPP could also be used as a mechanism to implement the DSM priority standardisation plan, discussed below.

The Commission has launched many initiatives aimed promoting e-commerce, and in parallel DG COMP is pursuing a proactive antitrust strategy focusing on geoblocking. The key initiatives for multinational businesses include measures to attack geoblocking, Commission proposals regarding online platforms, and amendments to EU audiovisual regulations to include online content. DG COMP has also taken aim at geoblocking in its Interim Geoblocking Report and a related enforcement action relating to online distribution of movies. These measures are summarized below.

Geoblocking is seen as a key obstacle to the growth of e-commerce in Europe, and the Commission is attacking it on several fronts, including both regulatory and antitrust initiatives.

Geoblocking and Digital Content Regulations

The Commission’s broadest regulatory initiative in this area is the proposed Geoblocking Regulation, which will supplement and reinforce existing legislation such as Directive 2000/31/EC (the e-Commerce Directive) and Directive 2007/123 (the Services Directive), as well as sector-specific rules banning discrimination for reasons related to residence in the transport and payments sectors.

The Geoblocking Regulation will prohibit discrimination among consumers seeking to buy products and services in another EU country, be it online or in person, in terms of access to prices, sales or payment conditions, unless this is objectively justified for reasons such as VAT or certain public interest legal provisions. For example, the proposal will prohibit the blocking of access to websites and other online interfaces and the rerouting of customers from one country version to another. It would also prohibit discrimination against customers in four specific cases of the sale of goods and services.

The regulation would not cover transactions where goods or services are purchased for resale by a business, which will continue to be subject to EU competition law on distribution systems. Under these antitrust rules, exclusive distribution agreements cannot prohibit distributors from accepting so-called “passive” orders from outside their territory. The Geoblocking Regulation also will not affect pricing as such, including dynamic pricing, where traders adapt their offers over time, depending on a number of factors that are not linked to customers' residences.

The Commission has also proposed an amendment to EU copyright, so that consumers who subscribe to an online content service could not be prevented from using the service while temporarily present in another Member State. Online content providers would have to provide the same content, on the same range and number of devices and with the same range of functionalities as offered in the Member State of residence, but not necessarily the same quality of service. The new rules would not apply to business users.

The Commission’s proposed revision of the Consumer Protection Cooperation Regulation will give national authorities more powers to enforce consumer rights, who will be able to check if websites geoblock consumers or engage in other unfair practices, such as offering after-sales conditions not respecting EU rules (e.g., withdrawal rights); order the immediate take-down of websites hosting scams; request information from domain registrars and banks to detect the identity of the responsible trader.

Antitrust Sectoral Investigation

The close relation between the Commission’s regulatory agenda and antitrust policy in regards to geoblocking was underlined in DG COMP’s March 2016 Interim Geoblocking Report. The Commission collected information from more than 1400 retailers and digital content providers. 38 per cent of responding retailers used geoblocking, mainly by refusing to deliver abroad, refusing to accept foreign payment methods, and website techniques such as re-routing and access blocks, while 12 per cent reported contractual restrictions on selling cross-border. 68 per cent of online digital content providers used geoblocking, and 59 per cent indicated that suppliers contractually require them to geoblock. While DG COMP did not express any conclusions as to whether specific geoblocking practices violate EU competition law, the Commission warned that geoblocking practices by dominant companies can be abusive within the meaning of Article 102 TFEU, and contractual restrictions having the effect of geoblocking may be caught by the prohibition on anti-competitive agreements and practices in Article 101(1) TFEU.

Pay-TV Antitrust Investigation Commitments

DG COMP’s investigation into cross-border movie licencing practices demonstrates its willingness to pursue geoblocking practices under the EU antitrust rules, in this case Article 101 TFEU. In July 2015, the Commission issued a Statement of Objections against six major film studios as well as Sky UK, involving contractual clauses that allegedly prevented Sky UK from allowing EU consumers located elsewhere to access pay-TV services available in the UK and Ireland and in some cases required studios to ensure other broadcasters were prevented from making their pay-TV services available in the UK and Ireland. On July 26, 2016, the Commission announced that it had accepted commitments from Paramount and closed its investigation as regards Paramount. The Commission's investigation is continuing regarding the conduct of Disney, NBC Universal, Sony, Twentieth Century Fox, Warner Bros and Sky.

Paramount has committed, for a period of five years, not to (re)introduce obligations in its EEA pay-TV licenses (i) preventing or limiting pay-TV broadcasters from responding to unsolicited requests from consumers within the EEA but outside of the pay-TV broadcaster’s licensed territory or (ii) requiring Paramount to prohibit or limit pay-TV broadcasters located outside the licensed territory from responding to unsolicited requests from consumers within the licensed territory. The commitments cover both standard pay-TV services and subscription video-on demand services, as well as both online services and satellite broadcast services.

One of the Commission’s most far-reaching consultations in late 2015 was its consultation on online platforms, cloud & data, liability of intermediaries, and the so-called “collaborative economy” exemplified by services like Airbnb and Uber. The principal results of this consultation so far are the Online Platform Communication and the Collaborative Economy Consultation.

To the relief of many, the Online Platform Communication does not propose a new general law on online platforms, nor does it suggest to change the liability regime set by the e-Commerce Directive. However, the Communication does propose measures to address concerns relating to the lack of level-playing field in certain sectors; lack of transparency; certain business-to-business practices; and the tackling of illegal content online. Specifically, the Commission plans the following actions:

• a review of EU telecoms legislation and the e-privacy directive to assess the partial deregulation of traditional communication services, where they face competition from platforms and other digital players, and applying communications-specific rules to all comparable services. In the e-Privacy Directive, review, the Commission will consider extending data protection obligations currently applicable only to telecoms companies to platforms.
• a copyright reform package aiming to achieve a fairer allocation of value generated by the online distribution of copyright-protected content by online platforms providing access to such content.
• assessment of the need for guidance on the liability of online platforms when putting in place voluntary measures to fight illegal content online and the need for a formal notice-and-action procedures.
• guidance on interoperability of electronic identifications (eIDs) to encourage platforms to recognise those identified under the regulation on electronic identification and trust services for electronic transactions in the internal market (eIDAS).
• A free-flow-of-data initiative to facilitate switching and portability of data among different online platform and cloud computing services and to address legal uncertainties regarding data ownership and usability or access, including issues related to application programming interfaces.

The Commission has no current plans to introduce legislation to address concerns about allegedly "unfair" practices, in particular for access to important data bases; platforms refusing access to markets or essential business data necessary for suppliers; or platforms promoting their own services to the disadvantage of third-party suppliers. Instead, it will continue to examine these practices and decide in 2017 if action to address fairness in business-to-business relations is necessary. Separately, however, the Commission published updated guidance on the Unfair Commercial Practices Directive, for instance the criteria making an online platform qualify as a "trader" promoting or selling goods, services or digital content to consumers. Platforms must state clearly that rules on unfair commercial practices do not apply to private persons selling goods, and search engines would be required to clearly distinguish paid placements from natural search results.

The Collaborative Economy Communication provides the first comprehensive guidance on how EU law should be applied to participants in the collaborative economy. The Commission distinguishes between service providers, who share assets, resources, time or skills and who can be private individuals offering services on an occasional basis (“peers”) or providers acting in a professional capacity; users of these services; and platforms that connect providers with users and facilitate transactions between them. The Commission defines collaborative economy platforms as Internet-based platforms that enable transactions between people providing and using a service generally without there being a transfer of ownership of an asset.

The Commission notes that under the e-Commerce Directive, Member States cannot impose market access requirements on platforms except in exceptional circumstances and that, when doing so, they need to take into account the specific features of the collaborative economy, without favouring one business model over another. In particular, Member States should seek to differentiate between collaborative platforms providing the underlying service and those only acting as an intermediary; and between private individuals offering services occasionally and services providers acting in a professional capacity.

The Collaborative Economy Communication discusses a number of key areas of legal uncertainty relating to the collaborative economy, including the application of sector-specific rules, liability of collaborative platforms, who qualifies as a worker for labour law purposes, applicable consumer protection and tax rules.

While national liability rules apply to the collaborative economy, for example in relation to the bad execution of contracts or for violation of contractual terms, and services they themselves offer, such as payment services. However, the e-Commerce Directive foresees that online platforms can under certain circumstances be exempted from liability for the information they store if the services provided are of a merely technical, automatic and passive nature, and the platform has no knowledge of illegal information stored on its website or, once it becomes aware of such information, it acts swiftly to remove or disable access. EU countries cannot oblige platforms to generally monitor or to actively seek out illegal activity, but they can carry out voluntary checks, such as on the identity of providers or the quality of the services provided without being seen automatically as playing an active role for purposes of this liability exemption.

As regards consumer protection rules, EU consumer and marketing legislation addresses business-to-consumer transactions between a consumer and a trader, excluding consumer-to-consumer transactions. However, the collaborative economy blurs the lines between consumers and traders. The Commission says Member States should seek a balanced approach to ensure that consumers enjoy a high level of protection from unfair commercial practices, while not imposing disproportionate obligations on private individuals who are not traders but who provide services on an occasional basis.

EU labour law is applicable to people who are in an employment relationship. The collaborative economy also blurs the lines between employees entitled to such protection. The EU Court of Justice applies three essential criteria to determine the existence of an employment relationship: whether they act under the direction of the platform (i.e., the platform determines the choice of activity, remuneration and working conditions), the nature of the work (e.g., is it genuine, effective and regular), and whether the work is remunerated. The Communication provides orientation that Member States may wish to consider when deciding when people providing services through collaborative platforms are to be considered employees of a platform (e.g., relation of subordination to the platform, nature of the work, remuneration). The Commission encourages EU Member States to assess whether their national employment rules are adequate for the different needs of workers and self-employed persons in the collaborative economy, as well as the innovative nature of collaborative business models and to provide guidance on the national employment rules that apply to the collaborative economy providers.

Relevant taxes for collaborative economy service providers and platforms include taxes on personal income, corporate income tax and value-added tax. The Commission considers that EU countries should apply functionally similar tax obligations to businesses providing comparable services and establish close cooperation between national authorities and collaborative platforms (e.g., to improve tax compliance and collection). In the case of VAT, there may be difficulties in assessing the obligations of participants in the collaborative economy, and many collaborative economy service providers will be below the registration threshold.

The Commission encourages Member States to follow so-called “good practices” on the collaborative economy, including:

• Establishing thresholds to differentiate between individual citizens providing services on an occasional basis and providers acting in a professional capacity;
• Cooperating with collaborative economy platforms to record economic activity to facilitate and improve tax collection, while respecting data protection legislation;
• Issuing guidance on the application of employment rules and market access requirements to new business models;
• Not demanding prior authorisations for the short-term rental of primary residences; and
• Reviewing quantitative restrictions in transport sectors and facilitating market access for all operators.

Amendments to the Audiovisual Media Services Directive

The Commission presented proposed amendments to the Audiovisual Media Services Directive to update the rules applicable to traditional broadcasters to video-on-demand providers to cover video-sharing platforms. A video-sharing platform is defined as a commercial service addressed to the public which:

• Stores a large amount of programmes or user-generated videos, for which the video-sharing platform provider does not have editorial responsibility;
• Where the content is organised in a way determined by the provider of the service, in particular by hosting, displaying, tagging and sequencing;
• Where the principal purpose of the service (or a dissociable section thereof) is devoted to providing programmes and user-generated videos to the general public, in order to inform, entertain or educate; and
• Is made available by electronic communications networks.

Social media, such as Facebook would not be covered by the proposed rules, because they do not have as a principal purpose the provision of programmes or user-generated videos to the public, but YouTube would be. Newspaper websites would remain outside the directive, but standalone parts of newspaper websites featuring audiovisual programmes or user-generated videos will be considered as video-sharing platforms.

Controversially, the proposed amendments would extend requirements on advertising and European content that have long applied to television stations to video-sharing platforms, although there would be significant differences in the specific obligations applicable to the two categories.

In a package of proposals announced in April, the Commission aims to mobilise over €50 billion in public and private investments to support the digitisation of European industry, including through coordinating national and regional initiatives, focusing investments in EU public-private partnerships, investing €500 million in a pan-EU network of digital innovation hubs and setting up large-scale pilot projects in relation to the Internet of things and advanced manufacturing.

In relation to the European cloud initiative, the Commission anticipates public and private investments of €6.7 billion over five years, including over €2 billion of Horizon 2020 funding, for actions including creating a European Open Science Cloud for European researchers and their global scientific collaborators (2016); opening up by default all scientific data produced by future projects to ensure that the scientific community can re-use the enormous amount of data they generate (2017); launching an initiative to accelerate the development of quantum computing technology (2018); developing and deploying a large-scale European high performance computing, data storage and network infrastructure, including by establishing a European big data centre and upgrading the backbone network for research and innovation (2020).

In its e-Government Action Plan, the Commission put forward 20 measures to be launched by the end of 2017, including setting up a digital single gateway enabling users to obtain all information, assistance and problem-solving services needed to operate efficiently across borders; connecting all business registries and insolvency registers and to the e-justice portal; setting up a pilot project applying the "once-only" principle for businesses providing paperwork to public authorities across borders; helping EU Member States develop cross-border e-health services such as e-prescriptions and patient summaries; and accelerating the transition to e-procurement, e-signatures and implementation of the "once-only" principle in public procurement.

In relation to standards, the Commission proposes to speed up the standard setting process in five priority areas: 5G, cloud computing, internet of things, data technologies and cybersecurity, and to co-finance the testing and experimentation of technologies to accelerate standards setting, including in relevant public-private partnerships.