Two important pieces of legislation have been proposed by the European Commission. The Digital Services Act addresses the responsibility of online platforms in the EU while the NIS Directive is an important legislation for cybersecurity. Both proposals include a few elements that are relevant for the community of emergency services. Benoit Vivier, EENA’s Public Affairs Manager, informs us of the key aspects:

DIGITAL SERVICES ACT

What is it about?

The Digital Services Act (DSA), together with the Digital Markets Act (DMA), are regulations which will regulate how we use digital services in the European Union. The goal of the DSA is to “create a safer digital space in which the fundamental rights of all users of digital services are protected”. In order words, this regulation looks at the responsibility of online platforms regarding the content that is shared, something which hasn’t been addressed by any piece of legislation at the EU level in 20 years. The DMA’s objective is to ensure fair competition between online platforms.

Why is it important to the public safety community?

Among the main topics discussed, the DSA intends to address some important issues such as illegal content online (such as terrorist content, child sexual abuse material…).

What’s to follow?

The main part for the public safety community is the article 8 about “orders to act against illegal content” and which requires platforms to take immediate action to remove a specific item of illegal content when they receive an order to act from a judicial or administrative authority. Large platforms will also be required to perform yearly risk assessments to look at “the dissemination of illegal content through their services” (article 26). While this has initially been considered, the scope of the legislation does not include any removal obligation on content that is harmful but not necessarily illegal (disinformation, hate speech…), partly because of the implications it might have on freedom of expression and because of a lack of harmonisation between EU Member States on the definition of what content can be considered as ‘harmful’.

What are the next steps?

After the text was proposed by the European Commission yesterday, the European Parliament (composed of representatives elected by EU citizens) and the Council of the EU (composed of the governments of the 27 Member States of the EU) will work on the text and be able to amend it. The text has to be voted in the same terms by the two institutions. As the text will be heavily discussed, the legislative work is expected to take about 2 years before the final adoption. Once adopted, the provisions will be directly applicable in the Member States.

The issue of terrorist content is also being addressed by a specific regulation (Terrorist Content Online Regulation) which is being adopted by the EU institutions.

What role will EENA play?

EENA will keep monitoring and informing its members on the developments around this file.

More information:
  • European Commission webpage about the Digital Services Act and the Digital Markets Act (including the proposal) – Here
  • ‘Europe rewrites rulebook for digital age’, Politico EuropeHere
  • E.U. proposes sweeping new rules for online business that could force fundamental changes for digital giants’, Washington Post – Here
  • ‘Terrorist content online: Council presidency and European Parliament reach provisional agreement’, Website of the Council of the EU – Here

NIS2 DIRECTIVE

What is it about?

The Directive of security of network and information systems (NIS) was adopted in 2016 in order to boost the EU’s cybersecurity capabilities. This relied on three main requirements: requiring the Member States to be appropriately equipped to respond to cyberthreats (establishment of Computer Security Incident Response Teams and competent national authorities); cooperation between Member States through the establishment of specific networks and promoting “a culture of security” across specific sectors. 4 years after its adoption, the European Commission has proposed a review of the directive in order to address more specific issues that have arisen.

Why is it important to the public safety community?

Recent events have demonstrated that public safety organisations can be exposed to cyberthreats, which can result in tragic consequences. Hence, by article 2(2) of the proposed text, the directive applies to entities where “a potential disruption of the service provided by the entity could have an impact on public safety, public security or public health”.

What’s to follow?

As the previous text was quite vague, the new directive brings clarity regarding the scope and the objective. The importance of ensuring the continuity of “public safety, public security and public health” is here explicitly referred. Entities of which a disruption of service could impact public safety (for instance: mobile network operators) will have to strengthen their security requirements with a minimum list of basic security elements that have to be applied and with a stricter incident reporting process.

What are the next steps?

After the text was proposed by the European Commission yesterday, the European Parliament (composed of representatives elected by EU citizens) and the Council of the EU (composed of the governments of the 27 Member States of the EU) will work on the text and be able to amend it. The text has to be voted in the same terms by the two institutions. This should take about 1 year.

After the adoption of the text, the Member States will have 18 months to ‘transpose’ (= implement the provisions in their national laws) the directive.

What role will EENA play?

EENA will keep monitoring and informing its members on the relevant developments around this file.

More information:
  • Proposed directive on measures for a high common level of cybersecurity across the Union – Here
  • Webpage about the current NIS Directive – Here