On June 7, 2022, Regulation (EU) 2021/784, which provides rules for the removal of online terrorist content for hosting service providers, entered into force in the European Union (EU). In particular, the regulation obligates providers to remove terrorist content within one hour of receiving a removal order.
Scope and Definitions
The regulation applies to all hosting service providers that store “information provided by and at the request of a content provider” and offer services in the EU. (Regulation art. 1, para. 2; art. 2, para. 1.) A content provider is defined as “a user that has provided information that is, or that has been, stored and disseminated to the public by a hosting service provider.” (Art. 2, para. 2.)
Terrorist content means content that:
- Incites the commission of a terrorist offense, such as kidnapping with the aim to seriously intimidate a population.
- Solicits a person or a group of persons to participate in the activities of a terrorist group.
- Commits or contributes to the commission of a terrorist offense.
- Provides instruction on the making or use of explosives, firearms, or other weapons or noxious or hazardous substances, or on other specific methods or techniques for the purpose of committing or contributing to the commission of a terrorist offense.
- Constitutes a threat to commit a terrorist offense. (Art. 2, para. 7.)
Obligations of Hosting Service Providers
The hosting service provider is not obligated to search its websites for terrorist content or put an upload filter in place. Instead, the member states must designate an authority competent to issue, scrutinize, oversee, and impose “removal orders.” (Regulation, art. 12, para. 1.) The removal order requires “hosting service providers to remove terrorist content or to disable access to terrorist content in all Member States.” (Art. 3, para. 1.) The regulation provides that hosting service providers must comply as soon as possible but no later than within one hour of receipt of the removal order. (Art. 3, para. 3.)
Noncompliance with a Removal Order
If the hosting service provider cannot comply with the removal order due to force majeure, impossibility (for example, technical or operational reasons), or manifest errors in the removal order or insufficient information for its execution, the hosting service provider must inform the competent authority. The deadline for the removal of the terrorist content starts immediately after the grounds for noncompliance have ceased to exist. (Art. 3, paras. 7, 8.) If hosting service providers systematically and persistently fail to comply with the obligation to remove terrorist content within one hour, they will be “subject to financial penalties of up to 4% of global turnover of the preceding business year.” (Art. 18, para. 3.)
Transparency Requirements and Complaint Mechanism
The removal of postings impinges on freedom of expression and freedom of the press under article 11, paragraphs 1 and 2 of the Charter of Fundamental Rights of the European Union. Articles 7 and 8 of Regulation (EU) 2021/784 therefore contain transparency requirements that call on hosting service providers to explain to content providers in their terms and conditions their approach to removing terrorist content. In addition, hosting service providers must establish an effective and accessible mechanism to allow content providers to submit a complaint after the removal of their content. Both hosting service providers and content providers have a right to an effective remedy to challenge a removal order before the national courts of the member state. (Art. 9, paras. 1, 2; art. 10, para. 1.)
Background to the Act
Several countries in the EU have experienced terrorist attacks in the recent past — for example, in Paris, France on November 13, 2015; in Hanau, Germany on February 19, 2020; and in Vienna, Austria on November 2, 2020. As the threat continued to grow, the European Commission presented its strategy for security policy for the period between 2020 and 2025 on July 24, 2020. In particular, the strategy for security policy aims to protect European citizens and protect and respect European common values, such as fundamental rights and freedom.
Both the assassin of Christchurch, New Zealand and the assassin of Halle, Germany used a livestream during their attacks. Among terrorists it is also common to publish a manifesto or a video claiming responsibility online. The European Council therefore made it clear that an important part of the prevention of radicalization must take place online. Recitals 5 and 17 of Regulation (EU) 2021/784 further specify that “the presence of terrorist content online has proven to be a catalyst for the radicalization of individuals which can lead to terrorist acts, and therefore has serious negative consequences for users, citizens and society” and that “[g]iven the speed at which terrorist content is disseminated across online services, an obligation should be imposed on hosting service providers to ensure that the terrorist content … is removed or access to it is disabled in all Member States within one hour.”
Prepared by Karen Ungerer, Law Library intern, under the supervision of Jenny Gesley, Foreign Law Specialist