Legal provisions of COM(2018)640 - Preventing the dissemination of terrorist content online - Contribution to the Leaders’ meeting, September 2018 - Main contents

Please note

This page contains a limited version of this dossier in the EU Monitor.

dossier	COM(2018)640 - Preventing the dissemination of terrorist content online - Contribution to the Leaders’ meeting, September 2018.
document	COM(2018)640
date	April 29, 2021

SECTION I - GENERAL PROVISIONS
Article 1 - Subject matter and scope
Article 2 - Definitions
SECTION II - MEASURES TO ADDRESS THE DISSEMINATION OF TERRORIST CONTENT ONLINE
Article 3 - Removal orders
Article 4 - Procedure for cross-border removal orders
Article 5 - Specific measures
Article 6 - Preservation of content and related data
SECTION III - SAFEGUARDS AND ACCOUNTABILITY
Article 7 - Transparency obligations for hosting service providers
Article 8 - Competent authorities’ transparency reports
Article 9 - Remedies
Article 10 - Complaint mechanisms
Article 11 - Information to content providers
SECTION IV - COMPETENT AUTHORITIES AND COOPERATION
Article 12 - Designation of competent authorities
Article 13 - Competent authorities
Article 14 - Cooperation between hosting service providers, competent authorities and Europol
Article 15 - Hosting service providers’ contact points
SECTION V - IMPLEMENTATION AND ENFORCEMENT
Article 16 - Jurisdiction
Article 17 - Legal representative
SECTION VI - FINAL PROVISIONS
Article 18 - Penalties
Article 19 - Technical requirements and amendments to the annexes
Article 20 - Exercise of the delegation
Article 21 - Monitoring
Article 22 - Implementation report
Article 23 - Evaluation
Article 24 - Entry into force and application

SECTION I - GENERAL PROVISIONS

Article 1 - Subject matter and scope

1. This Regulation lays down uniform rules to address the misuse of hosting services for the dissemination to the public of terrorist content online, in particular on:

(a)	reasonable and proportionate duties of care to be applied by hosting service providers in order to address the dissemination to the public of terrorist content through their services and ensure, where necessary, the expeditious removal of or disabling of access to such content;

(b)

the measures to be put in place by Member States, in accordance with Union law and subject to suitable safeguards to protect fundamental rights, in particular the freedom of expression and information in an open and democratic society, in order to:

(i)	identify and ensure the expeditious removal of terrorist content by hosting service providers; and

(ii)	facilitate cooperation among the competent authorities of Member States, hosting service providers and, where appropriate, Europol.

2. This Regulation applies to hosting service providers offering services in the Union, irrespective of their place of main establishment, insofar as they disseminate information to the public.

3. Material disseminated to the public for educational, journalistic, artistic or research purposes or for the purposes of preventing or countering terrorism, including material which represents an expression of polemic or controversial views in the course of public debate, shall not be considered to be terrorist content. An assessment shall determine the true purpose of that dissemination and whether material is disseminated to the public for those purposes.

4. This Regulation shall not have the effect of modifying the obligation to respect the rights, freedoms and principles referred to in Article 6 TEU and shall apply without prejudice to fundamental principles relating to freedom of expression and information, including freedom and pluralism of the media.

5. This Regulation shall be without prejudice to Directives 2000/31/EC and 2010/13/EU. For audiovisual media services as defined in point (a) of Article 1(1) of Directive 2010/13/EU, Directive 2010/13/EU shall prevail.

Article 2 - Definitions

For the purposes of this Regulation, the following definitions apply:

(1)	‘hosting service provider’ means a provider of services as defined in point (b) of Article 1 of Directive (EU) 2015/1535 of the European Parliament and of the Council (14), consisting of the storage of information provided by and at the request of a content provider;

(2)	‘content provider’ means a user that has provided information that is, or that has been, stored and disseminated to the public by a hosting service provider;

(3)	‘dissemination to the public’ means the making available of information, at the request of a content provider, to a potentially unlimited number of persons;

(4)	‘offering services in the Union’ means enabling natural or legal persons in one or more Member States to use the services of a hosting service provider which has a substantial connection to that Member State or those Member States;

(5)

‘substantial connection’ means the connection of a hosting service provider with one or more Member States resulting either from its establishment in the Union or from specific factual criteria, such as:

(a)	having a significant number of users of its services in one or more Member States; or

(b)	the targeting of its activities to one or more Member States;

(6)	‘terrorist offences’ means offences as defined in Article 3 of Directive (EU) 2017/541;

(7)

‘terrorist content’ means one or more of the following types of material, namely material that:

(a)

incites the commission of one of the offences referred to in points (a) to (i) of Article 3(1) of Directive (EU) 2017/541, where such material, directly or indirectly, such as by the glorification of terrorist acts, advocates the commission of terrorist offences, thereby causing a danger that one or more such offences may be committed;

(b)	solicits a person or a group of persons to commit or contribute to the commission of one of the offences referred to in points (a) to (i) of Article 3(1) of Directive (EU) 2017/541;

(c)	solicits a person or a group of persons to participate in the activities of a terrorist group, within the meaning of point (b) of Article 4 of Directive (EU) 2017/541;

(d)

provides instruction on the making or use of explosives, firearms or other weapons or noxious or hazardous substances, or on other specific methods or techniques for the purpose of committing or contributing to the commission of one of the terrorist offences referred to in points (a) to (i) of Article 3(1) of Directive (EU) 2017/541;

(e)	constitutes a threat to commit one of the offences referred to in points (a) to (i) of Article 3(1) of Directive (EU) 2017/541;

(8)	‘terms and conditions’ means all terms, conditions and clauses, irrespective of their name or form, which govern the contractual relationship between a hosting service provider and its users;

(9)	‘main establishment’ means the head office or registered office of the hosting service provider within which the principal financial functions and operational control are exercised.

SECTION II - MEASURES TO ADDRESS THE DISSEMINATION OF TERRORIST CONTENT ONLINE

Article 3 - Removal orders

1. The competent authority of each Member State shall have the power to issue a removal order requiring hosting service providers to remove terrorist content or to disable access to terrorist content in all Member States.

2. Where a competent authority has not previously issued a removal order to a hosting service provider, it shall provide that hosting service provider with information on the applicable procedures and deadlines, at least 12 hours before issuing the removal order.

The first subparagraph shall not apply in duly justified cases of emergency.

3. Hosting service providers shall remove terrorist content or disable access to terrorist content in all Member States as soon as possible and in any event within one hour of receipt of the removal order.

4. Competent authorities shall issue removal orders using the template set out in Annex I. Removal orders shall contain the following elements:

(a)	identification details of the competent authority issuing the removal order and authentication of the removal order by that competent authority;

(b)	a sufficiently detailed statement of reasons explaining why the content is considered to be terrorist content, and a reference to the relevant type of material referred to in point (7) of Article 2;

(c)	an exact uniform resource locator (URL) and, where necessary, additional information for the identification of the terrorist content;

(d)	a reference to this Regulation as the legal basis for the removal order;

(e)	the date, time stamp and electronic signature of the competent authority issuing the removal order;

(f)	easily understandable information about the redress available to the hosting service provider and to the content provider, including information about redress to the competent authority, recourse to a court, as well as the deadlines for appeal;

(g)	where necessary and proportionate, the decision not to disclose information about the removal of or disabling of access to terrorist content in accordance with Article 11(3).

5. The competent authority shall address the removal order to the main establishment of the hosting service provider or to its legal representative designated in accordance with Article 17.

That competent authority shall transmit the removal order to the contact point referred to in Article 15(1) by electronic means capable of producing a written record under conditions that allow to establish the authentication of the sender, including the accuracy of the date and the time of sending and receipt of the order.

6. The hosting service provider shall, without undue delay, inform the competent authority, using the template set out in Annex II, of the removal of the terrorist content or the disabling of access to the terrorist content in all Member States, indicating, in particular, the time of that removal or disabling.

7. If the hosting service provider cannot comply with the removal order on grounds of force majeure or de facto impossibility not attributable to the hosting service provider, including for objectively justifiable technical or operational reasons, it shall, without undue delay, inform the competent authority that issued the removal order of those grounds, using the template set out in Annex III.

The deadline set out in paragraph 3 shall start to run as soon as the grounds referred to in the first subparagraph of this paragraph have ceased to exist.

8. If the hosting service provider cannot comply with the removal order because it contains manifest errors or does not contain sufficient information for its execution, it shall, without undue delay, inform the competent authority that issued the removal order and request the necessary clarification, using the template set out in Annex III.

The deadline set out in paragraph 3 shall start to run as soon as the hosting service provider has received the necessary clarification.

9. A removal order shall become final upon the expiry of the deadline for appeal where no appeal has been lodged in accordance with national law or upon confirmation following an appeal.

When the removal order becomes final, the competent authority that issued the removal order shall inform the competent authority referred to in point (c) of Article 12(1) of the Member State where the hosting service provider has its main establishment or where its legal representative resides or is established of that fact.

Article 4 - Procedure for cross-border removal orders

1. Subject to Article 3, where the hosting service provider does not have its main establishment or legal representative in the Member State of the competent authority that issued the removal order, that authority shall, simultaneously, submit a copy of the removal order to the competent authority of the Member State where the hosting service provider has its main establishment or where its legal representative resides or is established.

2. Where a hosting service provider receives a removal order as referred to in this Article, it shall take the measures provided for in Article 3 and take the necessary measures to be able to reinstate the content or access thereto, in accordance with paragraph 7 of this Article.

3. The competent authority of the Member State where the hosting service provider has its main establishment or where its legal representative resides or is established may, on its own initiative, within 72 hours of receiving the copy of the removal order in accordance with paragraph 1, scrutinise the removal order to determine whether it seriously or manifestly infringes this Regulation or the fundamental rights and freedoms guaranteed by the Charter.

Where it finds an infringement, it shall, within the same period, adopt a reasoned decision to that effect.

4. Hosting service providers and content providers shall have the right to submit, within 48 hours of receiving either a removal order or information pursuant to Article 11(2), a reasoned request to the competent authority of the Member State where the hosting service provider has its main establishment or where its legal representative resides or is established to scrutinise the removal order as referred to in the first subparagraph of paragraph 3 of this Article.

The competent authority shall, within 72 hours of receiving the request, adopt a reasoned decision following its scrutiny of the removal order, setting out its findings as to whether there is an infringement.

5. The competent authority shall, before adopting a decision pursuant to the second subparagraph of paragraph 3 or a decision finding an infringement pursuant to the second subparagraph of paragraph 4, inform the competent authority that issued the removal order of its intention to adopt the decision and of its reasons for doing so.

6. Where the competent authority of the Member State where the hosting service provider has its main establishment or where its legal representative resides or is established adopts a reasoned decision in accordance with paragraph 3 or 4 of this Article, it shall, without delay, communicate that decision to the competent authority that issued the removal order, the hosting service provider, the content provider who requested the scrutiny pursuant to paragraph 4 of this Article and, in accordance with Article 14, Europol. Where the decision finds an infringement pursuant to paragraph 3 or 4 of this Article, the removal order shall cease to have legal effects.

7. Upon receiving a decision finding an infringement communicated in accordance with paragraph 6, the hosting service provider concerned shall immediately reinstate the content or access thereto, without prejudice to the possibility to enforce its terms and conditions in accordance with Union and national law.

Article 5 - Specific measures

1. A hosting service provider exposed to terrorist content as referred to in paragraph 4 shall, where applicable, include in its terms and conditions and apply provisions to address the misuse of its services for the dissemination to the public of terrorist content.

It shall do so in a diligent, proportionate and non-discriminatory manner, with due regard, in all circumstances, to the fundamental rights of the users and taking into account, in particular, the fundamental importance of the freedom of expression and information in an open and democratic society, with a view to avoiding the removal of material which is not terrorist content.

2. A hosting service provider exposed to terrorist content as referred to in paragraph 4 shall take specific measures to protect its services against the dissemination to the public of terrorist content.

The decision as to the choice of specific measures shall remain with the hosting service provider. Such measures may include one or more of the following:

(a)	appropriate technical and operational measures or capacities, such as appropriate staffing or technical means to identify and expeditiously remove or disable access to terrorist content;

(b)	easily accessible and user-friendly mechanisms for users to report or flag to the hosting service provider alleged terrorist content;

(c)	any other mechanisms to increase the awareness of terrorist content on its services, such as mechanisms for user moderation;

(d)	any other measure that the hosting service provider considers to be appropriate to address the availability of terrorist content on its services.

3. Specific measures shall meet all of the following requirements:

(a)	they shall be effective in mitigating the level of exposure of the services of the hosting service provider to terrorist content;

(b)

they shall be targeted and proportionate, taking into account, in particular, the seriousness of the level of exposure of the services of the hosting service provider to terrorist content as well as the technical and operational capabilities, financial strength, the number of users of the services of the hosting service provider and the amount of content they provide;

(c)	they shall be applied in a manner that takes full account of the rights and legitimate interest of the users, in particular users’ fundamental rights concerning freedom of expression and information, respect for private life and protection of personal data;

(d)	they shall be applied in a diligent and non-discriminatory manner.

Where specific measures involve the use of technical measures, appropriate and effective safeguards, in particular through human oversight and verification, shall be provided to ensure accuracy and to avoid the removal of material that is not terrorist content.

4. A hosting service provider is exposed to terrorist content where the competent authority of the Member State of its main establishment or where its legal representative resides or is established has:

(a)	taken a decision, on the basis of objective factors, such as the hosting service provider having received two or more final removal orders in the previous 12 months, finding that the hosting service provider is exposed to terrorist content; and

(b)	notified the decision referred to in point (a) to the hosting service provider.

5. After having received a decision as referred to in paragraph 4 or, where relevant, paragraph 6, a hosting service provider shall report to the competent authority on the specific measures that it has taken and that it intends to take in order to comply with paragraphs 2 and 3. It shall do so within three months of receipt of the decision and on an annual basis thereafter. That obligation shall cease once the competent authority has decided, upon request pursuant to paragraph 7, that the hosting service provider is no longer exposed to terrorist content.

6. Where, based on the reports referred to in paragraph 5 and, where relevant, any other objective factors, the competent authority considers that the specific measures taken do not comply with paragraphs 2 and 3, that competent authority shall address a decision to the hosting service provider requiring it to take the necessary measures so as to ensure that paragraphs 2 and 3 are complied with.

The hosting service provider may choose the type of specific measures to take.

7. A hosting service provider may, at any time, request the competent authority to review and, where appropriate, amend or revoke a decision as referred to in paragraph 4 or 6.

The competent authority shall, within three months of receipt of the request, adopt a reasoned decision on the request based on objective factors and notify the hosting service provider of that decision.

8. Any requirement to take specific measures shall be without prejudice to Article 15(1) of Directive 2000/31/EC and shall entail neither a general obligation for hosting services providers to monitor the information which they transmit or store, nor a general obligation actively to seek facts or circumstances indicating illegal activity.

Any requirement to take specific measures shall not include an obligation to use automated tools by the hosting service provider.

Article 6 - Preservation of content and related data

1. Hosting service providers shall preserve terrorist content which has been removed or access to which has been disabled as a result of a removal order, or of specific measures pursuant to Article 3 or 5, as well as any related data removed as a consequence of the removal of such terrorist content, which are necessary for:

(a)	administrative or judicial review proceedings or complaint-handling under Article 10 against a decision to remove or disable access to terrorist content and related data; or

(b)	the prevention, detection, investigation and prosecution of terrorist offences.

2. The terrorist content and related data, as referred to in paragraph 1, shall be preserved for six months from the removal or disabling. The terrorist content shall, upon request from the competent authority or court, be preserved for a further specified period only if and for as long as necessary for ongoing administrative or judicial review proceedings, as referred to in point (a) of paragraph 1.

3. Hosting service providers shall ensure that the terrorist content and related data preserved pursuant to paragraph 1 are subject to appropriate technical and organisational safeguards.

Those technical and organisational safeguards shall ensure that the terrorist content and related data preserved are accessed and processed only for the purposes referred to in paragraph 1, and ensure a high level of security of the personal data concerned. Hosting service providers shall review and update those safeguards where necessary.

SECTION III - SAFEGUARDS AND ACCOUNTABILITY

Article 7 - Transparency obligations for hosting service providers

1. Hosting service providers shall set out clearly in their terms and conditions their policy for addressing the dissemination of terrorist content, including, where appropriate, a meaningful explanation of the functioning of specific measures, including, where applicable, the use of automated tools.

2. A hosting service provider that has taken action to address the dissemination of terrorist content or has been required to take action pursuant to this Regulation in a given calendar year, shall make publicly available a transparency report on those actions for that year. It shall publish that report before 1 March of the following year.

3. Transparency reports shall include at least the following information:

(a)	information about the hosting service provider’s measures in relation to the identification and removal of or disabling of access to terrorist content;

(b)	information about the hosting service provider’s measures to address the reappearance online of material which has previously been removed or to which access has been disabled because it was considered to be terrorist content, in particular where automated tools have been used;

(c)

the number of items of terrorist content removed or to which access has been disabled following removal orders or specific measures, and the number of removal orders where the content has not been removed or access to which has not been disabled pursuant to the first subparagraph of Article 3(7) and the first subparagraph of Article 3(8), together with the grounds therefor;

(d)	the number and the outcome of complaints handled by the hosting service provider in accordance with Article 10;

(e)	the number and the outcome of administrative or judicial review proceedings brought by the hosting service provider;

(f)	the number of cases in which the hosting service provider was required to reinstate content or access thereto as a result of administrative or judicial review proceedings;

(g)	the number of cases in which the hosting service provider reinstated content or access thereto following a complaint by the content provider.

Article 8 - Competent authorities’ transparency reports

1. Competent authorities shall publish annual transparency reports on their activities under this Regulation. Those reports shall include at least the following information in relation to the given calendar year:

(a)

the number of removal orders issued under Article 3, specifying the number of removal orders subject to Article 4(1), the number of removal orders scrutinised under Article 4, and information on the implementation of those removal orders by the hosting service providers concerned, including the number of cases in which terrorist content was removed or access thereto was disabled and the number of cases in which terrorist content was not removed or access thereto was not disabled;

(b)	the number of decisions taken in accordance with Article 5(4), (6) or (7), and information on the implementation of those decisions by hosting service providers, including a description of the specific measures;

(c)	the number of cases in which removal orders and decisions taken in accordance with Article 5(4) and (6) were subject to administrative or judicial review proceedings and information on the outcome of the relevant proceedings;

(d)	the number of decisions imposing penalties pursuant to Article 18, and a description of the type of penalty imposed.

2. The annual transparency reports referred to in paragraph 1 shall not include information that may prejudice ongoing activities for the prevention, detection, investigation or prosecution of terrorist offences or interests of national security.

Article 9 - Remedies

1. Hosting service providers that have received a removal order issued pursuant to Article 3(1) or a decision pursuant to Article 4(4) or to Article 5(4), (6) or (7), shall have a right to an effective remedy. That right shall include the right to challenge such a removal order before the courts of the Member State of the competent authority that issued the removal order and the right to challenge the decision pursuant to Article 4(4) or to Article 5(4), (6) or (7), before the courts of the Member State of the competent authority that took the decision.

2. Content providers whose content has been removed or access to which has been disabled following a removal order shall have the right to an effective remedy. That right shall include the right to challenge a removal order issued pursuant to Article 3(1) before the courts of the Member State of the competent authority that issued the removal order and the right to challenge a decision pursuant to Article 4(4) before the courts of the Member State of the competent authority that took the decision.

3. Member States shall put in place effective procedures for exercising the rights referred to in this Article.

Article 10 - Complaint mechanisms

1. Each hosting service provider shall establish an effective and accessible mechanism allowing content providers where their content has been removed or access thereto has been disabled as a result of specific measures pursuant to Article 5 to submit a complaint concerning that removal or disabling, requesting the reinstatement of the content or of access thereto.

2. Each hosting service provider shall expeditiously examine all complaints that it receives through the mechanism referred to in paragraph 1 and reinstate the content or access thereto, without undue delay, where its removal or disabling of access thereto was unjustified. It shall inform the complainant of the outcome of the complaint within two weeks of the receipt thereof.

Where the complaint is rejected, the hosting service provider shall provide the complainant with the reasons for its decision.

A reinstatement of content or of access thereto shall not preclude administrative or judicial review proceedings challenging the decision of the hosting service provider or of the competent authority.

Article 11 - Information to content providers

1. Where a hosting service provider removes or disables access to terrorist content, it shall make available to the content provider information on such removal or disabling.

2. Upon request of the content provider, the hosting service provider shall either inform the content provider of the reasons for the removal or disabling and its rights to challenge the removal order or provide the content provider with a copy of the removal order.

3. The obligation pursuant to paragraphs 1 and 2 shall not apply where the competent authority issuing the removal order decides that it is necessary and proportionate that there be no disclosure for reasons of public security, such as the prevention, investigation, detection and prosecution of terrorist offences, for as long as necessary, but not exceeding six weeks from that decision. In such a case, the hosting service provider shall not disclose any information on the removal or disabling of access to terrorist content.

That competent authority may extend that period by a further six weeks, where such non-disclosure continues to be justified.

SECTION IV - COMPETENT AUTHORITIES AND COOPERATION

Article 12 - Designation of competent authorities

1. Each Member State shall designate the authority or authorities competent to:

(a)	issue removal orders pursuant to Article 3;

(b)	scrutinise removal orders pursuant to Article 4;

(c)	oversee the implementation of specific measures pursuant to Article 5;

(d)	impose penalties pursuant to Article 18.

2. Each Member State shall ensure that a contact point is designated or established within the competent authority referred to in point (a) of paragraph 1 to handle requests for clarification and feedback in relation to removal orders issued by that competent authority.

Member States shall ensure that the information on the contact point is made publicly available.

3. By 7 June 2022, Member States shall notify the Commission of the competent authority or authorities referred to in paragraph 1 and any modification thereof. The Commission shall publish the notification and any modification thereto in the Official Journal of the European Union.

4. By 7 June 2022, the Commission shall set up an online register listing the competent authorities referred to in paragraph 1 and the contact point designated or established pursuant to paragraph 2 for each competent authority. The Commission shall publish any modification thereto regularly.

Article 13 - Competent authorities

1. Member States shall ensure that their competent authorities have the necessary powers and sufficient resources to achieve the aims of and fulfil their obligations under this Regulation.

2. Member States shall ensure that their competent authorities carry out their tasks under this Regulation in an objective and non-discriminatory manner while fully respecting fundamental rights. Competent authorities shall not seek or take instructions from any other body in relation to the carrying out of their tasks under Article 12(1).

The first subparagraph shall not prevent supervision in accordance with national constitutional law.

Article 14 - Cooperation between hosting service providers, competent authorities and Europol

1. Competent authorities shall exchange information, coordinate and cooperate with each other and, where appropriate, with Europol, with regard to removal orders, in particular to avoid duplication of effort, enhance coordination and avoid interference with investigations in different Member States.

2. Competent authorities of Member States shall exchange information, coordinate and cooperate with the competent authorities referred to in points (c) and (d) of Article 12(1) with regard to specific measures taken pursuant to Article 5 and penalties imposed pursuant to Article 18. Member States shall ensure that the competent authorities referred to in points (c) and (d) of Article 12(1) are in possession of all the relevant information.

3. For the purposes of paragraph 1, Member States shall provide for the appropriate and secure communication channels or mechanisms to ensure that the relevant information is exchanged in a timely manner.

4. For the effective implementation of this Regulation as well as to avoid duplication of effort, Member States and hosting service providers may make use of dedicated tools, including those established by Europol, to facilitate in particular:

(a)	the processing and feedback relating to removal orders pursuant to Article 3; and

(b)	cooperation with a view to identifying and implementing specific measures pursuant to Article 5.

5. Where hosting service providers become aware of terrorist content involving an imminent threat to life, they shall promptly inform authorities competent for the investigation and prosecution of criminal offences in the Member States concerned. Where it is impossible to identify the Member States concerned, the hosting service providers shall notify the contact point pursuant to Article 12(2) in the Member State where they have their main establishment or where their legal representative resides or is established, and transmit information concerning that terrorist content to Europol for appropriate follow-up.

6. The competent authorities are encouraged to send copies of the removal orders to Europol to allow it to provide an annual report that includes an analysis of the types of terrorist content subject to an order to remove it or to disable access thereto pursuant to this Regulation.

Article 15 - Hosting service providers’ contact points

1. Each hosting service provider shall designate or establish a contact point for the receipt of removal orders by electronic means and their expeditious processing pursuant to Articles 3 and 4. The hosting service provider shall ensure that information about the contact point is made publicly available.

2. The information referred to in paragraph 1 of this Article shall specify the official languages of the Union institutions referred to in Regulation 1/58 (15) in which the contact point can be addressed and in which further exchanges in relation to removal orders pursuant to Article 3 are to take place. Those languages shall include at least one of the official languages of the Member State where the hosting service provider has its main establishment or where its legal representative resides or is established.

SECTION V - IMPLEMENTATION AND ENFORCEMENT

Article 16 - Jurisdiction

1. The Member State of the main establishment of the hosting service provider shall have jurisdiction for the purposes of Articles 5, 18 and 21. A hosting service provider which does not have its main establishment within the Union shall be deemed to be under the jurisdiction of the Member State where its legal representative resides or is established.

2. Where a hosting service provider which does not have its main establishment in the Union fails to designate a legal representative, all Member States shall have jurisdiction.

3. Where a competent authority of a Member State exercises jurisdiction pursuant to paragraph 2, it shall inform the competent authorities of all other Member States.

Article 17 - Legal representative

1. A hosting service provider which does not have its main establishment in the Union shall designate, in writing, a natural or legal person as its legal representative in the Union for the purpose of the receipt of, compliance with and the enforcement of removal orders and decisions issued by the competent authorities.

2. The hosting service provider shall provide its legal representative with the necessary powers and resources to comply with those removal orders and decisions and to cooperate with the competent authorities.

The legal representative shall reside or be established in one of the Member States where the hosting service provider offers its services.

3. The legal representative may be held liable for infringements of this Regulation, without prejudice to any liability of or legal actions against the hosting service provider.

4. The hosting service provider shall notify the competent authority referred to in point (d) of Article 12(1) of the Member State where its legal representative resides or is established of the designation.

The hosting service provider shall make the information about the legal representative publicly available.

SECTION VI - FINAL PROVISIONS

Article 18 - Penalties

1. Member States shall lay down the rules on penalties applicable to infringements of this Regulation by hosting service providers and shall take all measures necessary to ensure that they are implemented. Such penalties shall be limited to addressing infringements of Article 3(3) and (6), Article 4(2) and (7), Article 5(1), (2), (3), (5) and (6), Articles 6, 7, 10 and 11, Article 14(5), Article 15(1) and Article 17.

The penalties referred to in the first subparagraph shall be effective, proportionate and dissuasive. Member States shall, by 7 June 2022, notify the Commission of those rules and of those measures and shall notify it, without delay, of any subsequent amendment affecting them.

2. Member States shall ensure that the competent authorities, when deciding whether to impose a penalty and when determining the type and level of penalty, take into account all relevant circumstances, including:

(a)	the nature, gravity and duration of the infringement;

(b)	whether the infringement was intentional or negligent;

(c)	previous infringements by the hosting service provider;

(d)	the financial strength of the hosting service provider;

(e)	the level of cooperation of the hosting service provider with the competent authorities;

(f)	the nature and size of the hosting service provider, in particular whether it is a micro, small or medium-sized enterprise;

(g)	the degree of fault of the hosting service provider, taking into account the technical and organisational measures taken by the hosting service provider to comply with this Regulation.

3. Member States shall ensure that a systematic or persistent failure to comply with obligations pursuant to Article 3(3) is subject to financial penalties of up to 4 % of the hosting service provider’s global turnover of the preceding business year.

Article 19 - Technical requirements and amendments to the annexes

1. The Commission shall be empowered to adopt delegated acts in accordance with Article 20 in order to supplement this Regulation with the necessary technical requirements for the electronic means to be used by competent authorities for the transmission of removal orders.

2. The Commission shall be empowered to adopt delegated acts in accordance with Article 20 to amend the annexes in order to effectively address a possible need for improvements regarding the content of templates for removal orders and to provide information on the impossibility to execute removal orders.

Article 20 - Exercise of the delegation

1. The power to adopt delegated acts is conferred on the Commission subject to the conditions laid down in this Article.

2. The power to adopt delegated acts referred to in Article 19 shall be conferred on the Commission for an indeterminate period of time from 7 June 2022.

3. The delegation of power referred to in Article 19 may be revoked at any time by the European Parliament or by the Council. A decision to revoke shall put an end to the delegation of the power specified in that decision. It shall take effect the day after the publication of the decision in the Official Journal of the European Union or at a later date specified therein. It shall not affect the validity of any delegated acts already in force.

4. Before adopting a delegated act, the Commission shall consult experts designated by each Member State in accordance with the principles laid down in the Interinstitutional Agreement of 13 April 2016 on Better Law-Making.

5. As soon as it adopts a delegated act, the Commission shall notify it simultaneously to the European Parliament and to the Council.

6. A delegated act adopted pursuant to Article 19 shall enter into force only if no objection has been expressed either by the European Parliament or the Council within a period of two months of notification of that act to the European Parliament and the Council or if, before the expiry of that period, the European Parliament and the Council have both informed the Commission that they will not object. That period shall be extended by two months at the initiative of the European Parliament or of the Council.

Article 21 - Monitoring

1. Member States shall collect from their competent authorities and the hosting service providers under their jurisdiction and send to the Commission by 31 March of every year information about the actions they have taken in accordance with this Regulation in the previous calendar year. That information shall include:

(a)	the number of removal orders issued and the number of items of terrorist content which have been removed or access to which has been disabled and the speed of the removal or disabling;

(b)	the specific measures taken pursuant to Article 5, including the number of items of terrorist content which have been removed or access to which has been disabled and the speed of the removal or disabling;

(c)	the number of access requests issued by competent authorities regarding content preserved by hosting service providers pursuant to Article 6;

(d)	the number of complaint procedures initiated and actions taken by the hosting service providers pursuant to Article 10;

(e)	the number of administrative or judicial review proceedings initiated and decisions taken by the competent authority in accordance with national law.

2. By 7 June 2023, the Commission shall establish a detailed programme for monitoring the outputs, results and impacts of this Regulation. The monitoring programme shall set out the indicators and the means by which and the intervals at which the data and other necessary evidence are to be collected. It shall specify the actions to be taken by the Commission and by the Member States in collecting and analysing the data and other evidence to monitor the progress and evaluate this Regulation pursuant to Article 23.

Article 22 - Implementation report

By 7 June 2023, the Commission shall submit a report on the application of this Regulation to the European Parliament and to the Council. That report shall include information on monitoring under Article 21 and information resulting from the transparency obligations under Article 8. Member States shall provide the Commission with the information necessary for the drafting of the report.

Article 23 - Evaluation

By 7 June 2024, the Commission shall carry out an evaluation of this Regulation and submit a report to the European Parliament and to the Council on its application including:

(a)	the functioning and effectiveness of the safeguard mechanisms, in particular those provided for in Article 4(4), Article 6(3) and Articles 7 to 11;

(b)	the impact of the application of this Regulation on fundamental rights, in particular the freedom of expression and information, the respect for private life and the protection of personal data; and

(c)	the contribution of this Regulation to the protection of public security.

Where appropriate, the report shall be accompanied by legislative proposals.

Member States shall provide the Commission with the information necessary for the drafting of the report.

The Commission shall also assess the necessity and feasibility of establishing a European platform on terrorist content online for facilitating communication and cooperation under this Regulation.

Article 24 - Entry into force and application

This Regulation shall enter into force on the twentieth day following that of its publication in the Official Journal of the European Union.

It shall apply from 7 June 2022.

This Regulation shall be binding in its entirety and directly applicable in all Member States.