Regulation on addressing the dissemination of terrorist content online enters into force

IRIS 2021-8:1/24

Ronan Ó Fathaigh

Institute for Information Law (IViR)

On 6 June 2021, the new EU Regulation on addressing the dissemination of terrorist content online came into force, following a three-year passage through the legislative process, beginning with the Commission’s proposal first published in autumn 2018 (see IRIS 2019-1/4). The purpose of the new Regulation is to establish uniform rules across the EU to address the misuse of hosting services for the dissemination of terrorist content online, and will be directly applicable in all EU member states from June 2022. Notably, the Regulation will permit competent national authorities to issue orders requiring hosting services providers to remove certain “terrorist content” within specific timeframes.It also introduces a range of new obligations on certain hosting services providers to address the misuse of their services for the dissemination of terrorist content.

Importantly, at the outset, the concept of “terrorist content” is given an extensive definition under Article 2(7) of the Regulation, which includes material that incites the commission of a terrorist offence (as defined under the 2017 EU Directive on combatting terrorism), where such material “directly or indirectly, such as by the glorification of terrorist acts, advocates the commission of terrorist offences, thereby causing a danger that one or more such offences may be committed”. Notably, this definition is subject to Article 1(3), which importantly states that material disseminated to the public for “educational, journalistic, artistic or research purposes”, including material which represents an expression of polemic or controversial views in the course of public debate, “shall not be considered” terrorist content. 

Crucially, Section II of the Regulation contains new provisions on measures to address the dissemination of terrorist content online. The most consequential is contained in Article 3, where the national designated authorities will have the power to issue “removal orders” requiring hosting service providers to remove or “disable access” to terrorist content in “all Member States”. Notably, under Article 3(3), hosting service providers are required to remove or disable access to terrorist content in all member states as “soon as possible and, in any event, within one hour of receipt of the removal order”. Of note, Article 3(4) sets out a number of elements that must be included in a removal order, including a “sufficiently detailed statement of reasons explaining why the content is considered to be terrorist content”. 

Of further note is Article 5, which allows for the designation of certain hosting service providers as “exposed to terrorist content”, and once designated, these hosting services are required to include in their terms and conditions and apply provisions to “address the misuse of its services for the dissemination to the public of terrorist content”. A hosting service provider can be so designated if it received “two or more final removal orders in the previous 12 months”. Crucially, under Article 5(3), such hosting services are also required to take “specific measures” to protect their services against the dissemination of terrorist content, including (a) appropriate “technical” measures to identify and expeditiously remove or disable access to terrorist content; and (b) implementing mechanisms for users to report or flag alleged terrorist content. 

In terms of safeguards and accountability, Article 7 imposes new transparency obligations on hosting service providers, including the publication of annual transparency reports on action taken to address the dissemination of terrorist content, including on the number of items of terrorist content removed or which access has been disabled following removal orders or specific measures. Importantly, under Article 9, users will have the right to challenge a removal order before national courts of the member state. Further, Article 10 requires hosting service providers to put in place complaint-handling mechanisms for users whose content has been removed or access thereto has been disabled, and requesting the reinstatement of the content or of access thereto. 

Finally, EU member states will be required to designate a national authority as competent to issue removal orders and enforce the Terrorist Content Regulation by 7 June 2022, the date upon which it will apply.