Amazon could face a theoretical fine of as much as 26 billion euros ($28 billion) for future noncompliance with the DSA. Repeat offenders could be barred from operating in the EU.

The world’s biggest technology companies could face billions of dollars in fines for breaches of new European Union legislation after lawmakers reached an agreement on its scope early Saturday.

The landmark Digital Services Act is the EU’s answer to what it sees as a failure by tech giants to combat illegal content on their platforms. Noncompliance could cost companies as much as 6% of global annual sales when the rules go into effect, in 2023 or 2024 depending on their size.

Failures could be extremely costly. Based on its reported 2021 annual sales, Amazon.com Inc. (No. 1 in the 2022 Digital Commerce 360 Top 1000), for instance, could face a theoretical fine of as much as 26 billion euros ($28 billion) for future noncompliance with the DSA. Repeat offenders could be barred from operating in the EU.

A ‘global gold standard’

Facebook whistle-blower Frances Haugen said the DSA could represent a “global gold standard” for regulating social media companies. After more than a year of internal wrangling, key rules will include:

  • A ban on using sensitive data such as race or religion for targeting ads.
  • A ban on targeting any ads to minors.
  • A ban on so-called “dark patterns,” specifically tactics to push people into consenting to online tracking.

All websites will be accountable to the DSA, but platforms with more than 45 million users in the EU will have to abide by stricter rules such as paying Brussels a supervisory fee of as much as 0.05% of their global annual revenue to enforce the law — the figure was reduced in the final negotiations — and providing regulators with annual reports about illegal and harmful content on their sites.

advertisement

“With the DSA, we help create a safe and accountable online environment,” Margrethe Vestager, the EU’s competition chief, said in a statement on Saturday. “With today’s agreement we ensure that platforms are held accountable for the risks their services can pose to society and citizens.”

The deal still needs to be signed-off by parliamentarians and the 27 EU countries before being made official later this year. Large companies will then have four months to comply with the rules, and all other companies will have 15 months. Smaller companies can apply to be exempt from certain rules.

Google said it welcomed the DSA’s goals and looked forward “to working with policymakers to get the remaining technical details right to ensure the law works for everyone.”

The EU’s Digital Markets Act also finalized

The DSA is the second major piece of legislation in Brussels’ digital rulebook to be cemented in a month. On March 24, the EU finalized its Digital Markets Act, a related framework that requires “gatekeepers” to adhere to strict antitrust rules.

advertisement

Both laws were designed to address market dominance and internet safety. But while the previously announced DMA targets about a dozen major, mostly U.S.-based tech companies, the DSA sets basic standards for all websites.

Large companies — including the likes of TikTok Inc and Pornhub — will face additional obligations including opening their algorithms to enforcers and designated researchers. Social media companies and search engines will also have to offer a product not based on profiling, while e-commerce sites will have to conduct random checks of products sold on their sites.

They’ll also have to explain to Brussels what they are doing to combat harmful content, such as propaganda or misinformation during emergencies, often seen during the Covid-19 pandemic and Russia’s war in Ukraine.

The EU could issue fines or require changes to policies if companies can’t show they’re doing enough to combat harmful content.

advertisement

The new fines are in addition to penalties applicable under the DMA. Under that law, the world’s biggest tech companies face fines of as much as 10% of their global annual sales for an initial breach, rising to 20% for repeat infringements. Those routinely violating the rules could be temporarily banned from conducting mergers and acquisitions.

Maximum fines unlikely

Still, it’s highly unlikely the EU would issue such massive fines. It’s never applied the maximum penalties possible under its General Data Protection Regulation laws, for example. Those rules have been in force since 2018 and allow for fines of as much as 20 billion euros or 4% of a company’s global sales. The largest issued to date was a 746 million-euro penalty handed to Amazon in July, which the company is appealing.

Amazon and Google have long been targets of antitrust investigations from Brussels, but these cases dragged out for years in courts and have had negligible impact on behavior. Officials say they need tools like the DSA and DMA to break what the EU states is a stranglehold on digital ecosystems and platforms by a handful of giants.

But questions remain over how Brussels will enforce the two new laws, as both combined require over 200 people in the European Commission to oversee compliance. It’s for this reason that companies with more than 45 million users will have to pay the annual supervisory fee.

advertisement

If successful, the EU’s rules could be a model for other countries to rein in tech platforms. Though Washington initially pushed back against the EU’s plans to regulate big tech, some U.S. lawmakers now are looking to Brussels to enact similar restrictions. Former U.S. presidential candidate and Secretary of State Hillary Clinton endorsed the DSA ahead of the final negotiations.

The United Kingdom’s recently proposed Online Safety Bill goes even further by imposing bigger fines and possibly jail time for executives who fail to comply.

Favorite