🍻 Selber Bier Brauen

On 10 July 2025, the European Commission published the final version of its Code of Practice for General-Purpose AI (GPAI) – a voluntary rulebook developed by a group of independent experts and more than 1,400 stakeholders from industry, academia, civil society, and rightsholders.

Under Articles 53 to 55 of the AI Act, powerful AI models – such as GPT-4, Gemini, Llama or Mistral – will be subject to binding obligations starting in August 2025 (for new models) and August 2027 (for models already on the market). The Code is meant to prepare providers for what’s ahead: it offers a straightforward way to start complying with these future obligations under the AI Act.

While not all stakeholders are satisfied with the final outcome, others have already expressed their interest in signing the Code. Its success will ultimately depend on whether it manages to reduce compliance burdens and provide legal certainty. Even if not universally adopted, it could still serve as a regulatory benchmark under the AI Act.

Regulation of GPAI models under the AI Act

The Commission’s initial proposal for the AI Act did not specifically address GPAI models. However, the attention that these powerful models received during the legislative process led to the inclusion of specific obligations. These obligations address the substantial risks GPAI models pose – risks not adequately captured by the proposed rules on AI systems and practices.

Ultimately, this inclusion in the AI Act treats GPAI models as a distinct category with its own risk classification criteria. The AI Act classifies AI systems and practices into unacceptable-risk AI practices (Art. 5), which are prohibited; high-risk AI systems (Art. 6), which are subject to mandatory requirements; and minimal-risk AI systems, which are not subject to any mandatory requirements.

Meanwhile, the AI Act imposes horizontal mandatory requirements on all GPAI models (Art. 53(1)), particularly with regard to transparency obligations and copyright. Furthermore, GPAI models posing a systemic risk are subject to additional safety and security obligations (Art. 55(1)).

Notably, the classification criteria for GPAI models are independent of those for AI systems and practices. AI systems and practices are based on lists of prohibited practices (Article 5) and critical domains (particularly Annex III). In contrast, systemic risk of GPAI models requires assessing whether the model poses “a significant impact on the Union market due to their reach, or due to actual or reasonably foreseeable negative effects on public health, safety, public security, fundamental rights, or the society as a whole, that can be propagated at scale across the value chain” (Art. 3(65) AI Act).

Code of Practice for GPAI models

To facilitate compliance with GPAI models’ obligations, the AI Act calls for the creation of codes of practice through a co-regulatory procedure (Art. 56), thereby establishing clear parameters for ensuring and demonstrating compliance.

The recently published final version of the Code of Practice is divided into three chapters: Transparency, Copyright and Safety and Security. While the Transparency and Copyright chapters are relevant to all GPAI providers, the Safety and Security chapter only applies to GPAI models with systemic risks. This three-chapter structure first appeared in the third draft and reflects the scope of the obligations, given that the strict safety and security obligations under Art. 55(1) of the AI Act apply only to GPAI models that pose systemic risks.

Transparency Chapter

The Transparency chapter outlines how providers must make information available to the AI Office and the national competent authorities upon request pursuant to Art. 53(1)(a), Annex XI, Section I, and also proactively to downstream providers under Art. 55(1)(b) and Annex XII. In particular, the chapter defines the specific information that providers must document. It introduces a Model Documentation Form to help compile the relevant information. This form also indicates whether each element may be relevant to the AI Office, national competent authorities, or downstream providers. It may be helpful for GPAI providers to make information available in a timely manner.

The chapter also clarifies restrictions on these transparency obligations. Specifically, it designates the AI Office as the point of contact for national competent authorities requesting information from GPAI providers. Therefore, national authorities must request information through the AI Office, which will then request the relevant information in accordance with Art. 91(4) AI Act. Furthermore, the chapter reiterates that requests for information must specify the legal basis and purpose, and that the information requested must be strictly necessary for the tasks performed by the AI Office or the national authority.

Copyright Chapter

The Copyright Chapter outlines what a provider’s copyright policy must include under Art. 53(1)(2). In particular, the provider may only reproduce and extract accessible, lawful, copyright-protected content without circumventing effective technological measures (as defined in Art. 6(3) of Directive 2001/29/EC). Providers must exclude content from a dynamic list of websites that will be created by EU authorities. Additionally, web crawling should respect rights reservation, including machine-readable reservations (e.g. via robots.txt) or other appropriate methods.

To mitigate the risk of copyright infringement, providers must implement appropriate technical safeguards and prohibit copyright-infringing uses in their acceptable use policy. Finally, the GPAI provider must designate a point of contact for affected rightsholders and implement a complaint mechanism for non-compliance.

Safety and Security Chapter

The Safety and Security chapter focuses on the specific obligations of providers of GPAI models posing systemic risk under Art. 55(1) AI Act. Providers must establish and commit to a Safety and Security Framework, including a full systemic risk assessment and mitigation process after market placement and model report updates. If the model poses systemic risk, the provider must monitor it before and after release and allow external evaluators – a controversial provision of the Code.

Appendix 1 of the chapter supports providers by outlining the types, nature and sources of systemic risk they must assess. Furthermore, the chapter provides a list of default systemic risks, including chemical, biological, radiological and nuclear risks; loss of control; cyber offences; and harmful manipulation risks.

Once the systemic risks have been identified, the GPAI provider must analyse whether the existing risks would be considered acceptable according to their own pre-determined acceptance criteria. If the systemic risk is unacceptable, the provider has to implement measures to mitigate the risk until the acceptance criteria are met. Finally, the chapter details how providers must keep track of, document and report serious incidents and corrective measures pursuant to Art. 55(1)(c) AI Act.

The right path towards an effective regulation of GPAI models?

Although delayed by a few months – it was originally due in May – the Code of Practice is a necessary step to ensure the effectiveness of the AI Act. Given the critical stage at which the AI Act currently stands, with companies pressing the EU to introduce a two-year pause for enforcement of obligations, the Code of Practice could clarify the complex obligations for GPAI models, which are currently subject to considerable vagueness.

In an effort to boost interest in the Code, the Commission has informally recognized a one-year grace period within which “the AI Office will not consider them to have broken their commitments under the Code and will not reproach them for violating the AI Act. Instead, in such cases, the AI Office will consider them to act in good faith and will be ready to collaborate to find ways to ensure full compliance.”

Still, further action is needed to ensure effective AI regulation that protects fundamental rights and values. Regarding the Code of Practice, the AI Office and the AI Board will now assess its adequacy, in accordance with Art. 56(6) AI Act, and the Commission may approve it via an implementing act. Once approved, GPAI providers can voluntarily adhere to the Code (Art. 57(7)).

It remains unclear whether the Commission will require full adoption of the Code or allow selective adherence. Art. 57(7) suggests that only providers of GPAI models that do not present systemic risk may limit adherence to the Transparency and Copyright chapters – “unless they declare explicitly their interest to join the full code.” While requiring full adoption would help to avoid fragmentation, this approach would conflict with the Code’s voluntary nature and could discourage potential signatories, resulting in lower levels of adherence.

Yet some fundamental elements to encourage adherence are still missing. Over the next few weeks, the Commission will publish guidelines to clarify how the rules for GPAI providers apply, as these were not covered by the Code. It is expected that these guidelines will clarify the classification of models as GPAI, including modified models, as well as the classification of GPAI with systemic risks – according to the consultation conducted by the Commission in April 2025. Additionally, the Commission still needs to provide the template for the public disclosure of information about training data in accordance with Art. 53(1)(d), which may be a sensitive topic for providers.

Overall, the publication of the final version of the Code of Practice is a promising step forward, but effectively regulating GPAI will require completion of these remaining steps. While there is still a long way to go, the Commission appears to be heading in the right direction.

The post The GPAI Code of Practice appeared first on Verfassungsblog.

While there are many aspects of the Inter-American Court of Human Rights (IACtHR)’s Advisory Opinion 32/25 (AO-32/25) that are new and groundbreaking, the inclusion of a reflection on jus cogens might have surprised some observers.

This is the first time that an international court has explicitly recognised the jus cogens character of the obligation not to create irreversible damage to the climate and the global environment.

The majority of the IACtHR concluded that “[b]y virtue of the principle of effectiveness, the peremptory prohibition of anthropogenic conduct that may irreversibly affect the interdependence and vital balance of the common ecosystem that makes life possible for species constitutes a norm of jus cogens.” (para. 8) Notably, however, three of the Judges, including the IACtHR’s current President, dissented from this conclusion.

Jus cogens norms are a special kind of customary law. Customary law is created by States through state practice and corresponding opinio iuris. It is generally binding on all states, with limited exceptions for states that have consistently objected to a particular norm of customary international law. But, within this broad category, there are certain norms that are recognised by the international community of States as a whole and from which no derogation is permissible, even through treaties or agreements. Only those constitute norms of jus cogens. 

The legal consequences of a norm being classed as jus cogens are several in international and domestic law. Any international agreement that violates jus cogens is void ab initio. States cannot disregard these obligations, and violations are violations against the international community as a whole, meaning that all States, not just the injured State, can require compliance. In domestic law, States will normally prohibit the behaviour and use criminal law to reinforce such prohibition. 

This blog argues that while the recognition of a jus cogens norm protecting against existential threats to life on Earth may initially appear expansive or novel, the IACtHR’s conclusion in AO-32/25 rests on solid foundations. While not following the established International Law Commission (ILC) methodology, the IACtHR’s reasoning draws upon the established understanding that jus cogens norms emerge from the most fundamental values of the international community, and the preservation of human existence itself represents the ultimate prerequisite for all other human rights protections. Given the Court’s progressive jurisprudence on environmental rights and the interconnectedness of human rights with ecological integrity, the elevation of protection against planetary-scale threats to jus cogens status reflects a logical evolution of international law’s core commitment to safeguarding against irreversible damage to the climate and the global environment.

Jus Cogens and the Climate Crisis

Although the concept of jus cogens has faced some controversy since its early discussion in legal literature and obiter mention in the International Court of Justice’s (ICJ’s) Barcelona Traction case, it now enjoys widespread acceptance among legal commentators, courts, and tribunals. This consensus is reflected in Article 53 of the Vienna Convention on the Law of Treaties, which establishes that jus cogens norms cannot be derogated by treaty or acquiescence, but only by the emergence of a new jus cogens norm. The international legal community has further solidified this acceptance through the ILC Articles on State Responsibility (ILC Articles) and especially the 2022 ILC Draft Conclusions on Identification and Legal Consequences of Peremptory Norms of General International Law (jus cogens) (ILC Draft Conclusions), which collectively forge an international consensus on the existence of several jus cogens norms. The ICJ has itself recognised specific norms as having jus cogens character, including self-determination, the prohibition of racial discrimination and apartheid, slavery, aggression, and genocide.

While the consequences of a breach of a jus cogens norm are currently being tested in ICJ cases, it is clear that no country should benefit from a breach of a jus cogens norm. It is perhaps this insight, together with a general obligation of States to cooperate to address a violation of jus cogens, that is most relevant when it comes to the obligation not to create irreversible damage to the climate and the global environment.

An Existential Threat violating an Essential Human Value

The IACtHR’s analysis in AO-32/25 highlights the international community’s growing commitment to developing legal frameworks that protect essential human values and ensure planetary habitability for current and future generations. International environmental law has established key principles like precaution and polluter pays, created erga omnes obligations to prevent transboundary harm, produced agreements addressing climate change and biodiversity loss, developed concepts of intergenerational equity, and pursued criminalisation of conduct causing severe environmental damage. These developments highlight, in the eyes of the IACtHR, that the obligation not to create irreversible damage to the climate and the global environment cannot be treated like any other obligation. The fact that the prohibited conduct creates “risks of irreversible damage to the ecosystems that sustain life” (para. 287) is another important indicator for the IACtHR of the jus cogens character of the norm.  

The IACtHR argues that “[o]ver the last decades – thanks to the development of scientific knowledge on the subject – the States of the international community have reached consensus on existential risks and have identified specific anthropogenic behaviours that can irreversibly affect the interdependence and vital balance of the common ecosystem that make the life of species on the planet possible.” (para. 288). In other words, when existential risks are at stake, peremptory norms are necessary to prevent ultimate collapse. 

The IACtHR has rightly identified the magnitude and legal importance of the climate crisis. The IACtHR then proceeds to give examples of the most severe environmental harms, such as irreversible deforestation of primary forests essential for biodiversity and climate regulation, massive species loss and habitat destruction, persistent pollution of freshwater, oceans and the atmosphere with long-lasting toxic effects, and the irreversible disruption of natural biogeochemical cycles like carbon and nitrogen that sustain planetary life, particularly through extreme climate change impacts. These types of large-scale environmental destruction are also candidates for the emerging international crime of ecocide.

The IACtHR follows this with the conclusion that the fundamental rights to life, integrity, and health of all species create a binding obligation to halt human activities that threaten planetary ecosystem balance. Since preserving our common ecosystem is essential for enjoying other fundamental rights, the prohibitions against such destructive behaviours are so fundamental that they constitute jus cogens (para. 291).

No Derogation Permissible as an Argument for Jus Cogens

From a legal perspective, the prohibition of conduct that irreversibly threatens the vital balance of interdependent ecosystems necessary for present and future generations derives from general principles of law. Especially important is the principle of effectiveness, which ensures that recognised rights and obligations are applied to achieve their purpose. The IACtHR here argues from first principles because the obligation not to create irreversible damage to the climate and the global environment would be ineffective if it could be overridden by international treaties or mere State consent. The IACtHR’s emphasis on the principle of effectiveness is worth highlighting. As Crawford explains, “[i]n the literature, the principle of effectiveness (ex factis jus oritur) is often set against the principle of legality (ex injuria jus non oritur). A decentralized custom-based system in which sovereignty is a cardinal value must necessarily have regard to considerations of effectiveness.” (p. 580). In other words, the emphasis on effectiveness by the IACtHR underlines perhaps a certain unease about its lack of global recognition by the international community of States. Arguably, the IACtHR did not have to rely so heavily on effectiveness. According to the principle of legality, there are good arguments to recognise the jus cogens character of a norm in light of new scientific insights that can identify if an action or omission constitutes an irreversible existential threat. 

It should be highlighted that the IACtHR here does not follow the methodology recommended by the ILC on the identification of jus cogens. The ILC wrote that jus cogens must be “accepted and recognised by the international community of States as a whole” (2022 Draft ILC Conclusions), meaning a “very large and representative majority of States”. Some might question that this acceptance exists with respect to avoidance of climate harms, given that in the Advisory Proceedings before the ICJ, several States explicitly contested the jus cogens character of all or any climate norms. On the other hand, it is perhaps harder to identify customary norms when the UNFCCC and the Paris Agreement have near-universal membership, since this makes it difficult to identify State practice and opinio iuris as distinct from treaty compliance. 

It can be argued that, if human life on Earth faces an existential threat, the requirement for acceptance and recognition by the international community of States as a whole should be interpreted more dynamically. Indeed, even according to the ILC Draft Conclusions, it is not the mere mechanical number of States that counts for the acceptance but rather acceptance and recognition by the international community of States as a whole. This necessitates that such “acceptance and recognition transcend regional, legal systemic, and cultural boundaries, thereby ensuring broad representation across diverse juridical traditions and geographical constituencies”, which arguably exists in the case of irreversible damage to the climate and the global environment.

Four Key Reasons for the IACtHR’s Jus Cogens Recognition

The IACtHR establishes four key reasons for the jus cogens recognition. 

First, there is a clear dependency between protecting fundamental rights (life, integrity, health, non-discrimination) and prohibiting anthropogenic conduct with irreversible ecosystem impact, as ecosystem preservation is a sine qua non condition for all human rights validity. 

Second, legally recognising the obligation to preserve ecosystem balance against irreversible anthropogenic damage reflects humanity’s collective interest and is necessary—not merely convenient—for fulfilling existing international human rights obligations with no alternative guarantee. 

Third, this obligation has solid grounding in general legal principles, fundamental human rights, and growing international consensus, making its recognition legally sound rather than arbitrary. 

Fourth, recognising this obligation as a non-derogable norm does not contradict existing positive law but rather enhances comprehensive compliance with existing norms, reaching sufficient consolidation and universal recognition to justify its characterisation as jus cogens due to its indispensable connection to human life, dignity, and intergenerational justice. Further, State practice, multilateral environmental treaties, UN General Assembly resolutions, and regional court jurisprudence constitute progressive consolidation toward emerging legal recognition of the non-derogable prohibition of irreversible environmental damage. 

The principle of effectiveness, combined with considerations of dependence, necessity, universality of underlying values, and non-contradiction with existing law, provides the legal foundation for recognising the imperative prohibition of massive and irreversible environmental damage while contributing to compliance with already recognised international legal obligations. (paras. 292-294).

From La Oroya to AO-32/25

The IACtHR previously found in La Oroya v. Peru (2023) that obligations that “protect the environment against unlawful or arbitrary conduct that causes serious, extensive, lasting and irreversible damage to the environment in a scenario of climate crisis that threatens the survival of species” require “the progressive recognition of the prohibition of conducts of this type as a peremptory norm (jus cogens) accepted by the international community as a whole as a norm from which no derogation is permitted (para. 129, La Oroya)”.

In AO-32/25, the IACtHR followed its reasoning in La Oroya closely (see above ‘survival of species’), but with one important difference. Rather than reflecting on the “progressive recognition,” the IACtHR in the AO recognised the jus cogens character. No longer is there an argument about the progressive recognition of a future development, but rather, in AO-32/25, the IACtHR recognised the jus cogens character as lex lata. In other words, the IACtHR went one decisive step further than in La Oroya.

The IACtHR has long taken a more liberal view of imperative norms of international law. For example, it recognised “at the present stage of the development of international law, [that] the fundamental principle of equality and non-discrimination has entered into the domain of jus cogens. The legal framework of national and international public policy rests upon it and permeates the entire legal order.” (para 590 AO, citing Cfr. Opinión Consultiva OC-18/03, supra, para. 101, y Caso Dos Santos Nascimento y Ferreira Gomes Vs. Brasil, supra, para. 92).

Support in the Interventions before the ICJ

Several intervenors in the ICJ Advisory Opinion argued that climate norms may have jus cogens status, either through their connection to self-determination or as standalone obligations. Vanuatu and the Melanesian Spearhead Group suggested that the right to a healthy environment, essential to self-determination, may itself constitute a jus cogens norm, citing submissions by Samoa and El Salvador. El Salvador asked the Court whether this right is evolving into a peremptory norm. Panama and Ghana stressed the possible jus cogens character of large-scale atmospheric pollution and climate destruction. Burkina Faso argued that protecting the climate is an erga omnes and jus cogens obligation, triggering the legal consequences of international liability. Kiribati linked the recognition of the right to a healthy environment as a jus cogens norm to sovereign equality and intergenerational equity. In addition, the IACtHR’s own La Oroya judgement was approvingly cited before the ICJ by Barbados, St. Lucia and by the IUCN .

It should be noted that these interventions come from all parts of the world and thus transcend regional, legal systemic, and cultural boundaries, thereby ensuring an emerging broad representation across diverse juridical traditions and geographical constituencies, as required for jus cogens norms. 

Consequences of Recognising Irreversible Climate Harm as Jus Cogens

The legal consequences of the recognition as jus cogens of the obligation not to create irreversible damage to the climate and the global environment are profound. Treaties violating the norm are void, customary international law rules cannot exist, nor does the persistent objector rule apply. Unilateral acts are invalid, and acts of international organisations have no legal effect. In domestic law, any jus cogens prohibition should not just trigger domestic prohibitions for such actions but would normally incur criminal sanctions. If your State has a climate-denying Head of State or Government and their decisions violate the emerging jus cogens obligation not to create irreversible damage to the climate and the global environment, then international liability and action by the international community as a whole should follow. This somewhat surprising finding by the IACtHR might become one of its most consequential yet.

The post Jus Cogens and the Climate Crisis appeared first on Verfassungsblog.

A recent report claiming that EU tech regulation has entered the ongoing trade negotiations with the U.S. has sparked fears that enforcement of the Digital Services Act (DSA) might be halted altogether. Although the DSA only came into full effect in February 2024, the European Commission’s subsequent enforcement has already showcased conflicts regarding its role as an autonomous political and administrative enforcement body. Considering the potential impact of the DSA on online communication, the Commission’s current role in DSA enforcement raises serious concerns. This calls for a search for alternative models of DSA enforcement. Three options present themselves.

A discrepancy in the DSA enforcement system

Art. 1(1) DSA explicitly states that ensuring a “safe, predictable, and trustworthy online environment” requires the regulation of online platforms. This, in turn, demands proper law enforcement that is both effective and appropriate. Considering the potential impact of the DSA on online communication and the subsequent effects on fundamental rights, it is particularly important to shield all DSA enforcement processes from pressure from political or interest groups to ensure independent decision-making. Accordingly, Art. 50(2) DSA mandates the “complete independence” of the national authorities responsible for enforcing the DSA (Digital Services Coordinators).

The DSA, however, does not impose similar requirements on the European Commission, which is mainly responsible for overseeing very large online platforms (VLOPs) under Art. 56(2, 3) DSA. This distinction is notable, not only because direct enforcement of EU law by the Commission has generally been an exception, (see here, p. 404), or because the internally responsible Directorate-General for the DSA – DG Connect – lacked the necessary enforcement expertise at the time of the framework’s passing. What’s striking is that the Commission – despite being a politically embedded (Art. 17(7) TEU) and controlled (Art. 17(8) TEU, 234 TFEU) authority, and the Union’s agenda-setting “gatekeeper” by virtue of its initiative monopoly (Art. 17(2) TEU; see here, p. 227ff.) –, is responsible for enforcing the DSA. Though based on the internal market competence of Art. 114 TFEU, the DSA significantly touches upon the digital spaces where much of today’s online communication takes place (see here, p. 609f.).

As a political actor, the Commission is naturally judged by its political successes; but it also has to navigate competing policy objectives. Both dynamics are likely to have negative implications for DSA enforcement. Since the Commission operates based on the principle of collegiality, even administrative decisions made at the bureaucratic level must be presented to the College of Commissioners if they are of importance or political sensitivity – such as adopting non-compliance decisions pursuant to Art. 73 DSA regarding non-EU VLOPs. The early enforcement phase of the DSA by the Commission stresses these concerns, as signs of over- as well as under-regulation have already become evident. This is not least harmful to the legitimacy of the EU, which is based on the rule of law (Art. 2 TEU).

Reflecting on the Commission’s initial DSA enforcement

The initial phase of enforcement showed signs of over-regulation. This was best exemplified by Thierry Breton, the former Commissioner for Internal Market (2019-2024). He was responsible for overseeing the early enforcement of the DSA by the Commission. In this role, he gained particular attention through his open letters concerning online platforms such as X. The content of these letters often left unclear whether he was speaking as a politician or a regulator. Since an international online platform company like X typically provides a globally standardized single product that facilitates communication across continents and legal systems (see here, p. 607), the DSA could be used as an instrument to regulate processes on platforms that primarily or entirely concern non-EU countries. When an interview between Trump and Musk was announced as part of an U.S. election campaign, available worldwide through a livestream on  X, Breton attempted to intervene by posting a public letter addressed to Musk. Emphasising X’s legal obligations to comply with the DSA, he warned Musk about the consequences of disseminating “harmful content” with “potential spillovers in the EU”. This was met with criticism of “electoral interference”, and even prompted a response from multiple civil society organisations calling on Breton to “stop politicising the Digital Services Act”.

Conversely, ever since the beginning of Trump’s second presidency and the subsequent shift of the political landscape in the U.S. – where most VLOPs are based – there have been concerns over potential under-regulation regarding the DSA’s enforcement. The DSA had already became a political target during the U.S. election campaign, to such an extent that the future Vice-President of Trump suggested withdrawing U.S. NATO support over the regulation of X by the EU. Consequently, in the aftermath of the U.S. elections, members of the European Parliament expressed concern that the Commission “may back off from tough enforcement of rules that regulate social media […] for fear of retaliation” from Trump. Since its inauguration, the new U.S. administration has only escalated the political pressure exerted on the EU over the DSA: Denouncing the regulation as “censorship”, threatening to launch tariff attacks as the DSA “will face scrutiny from the Administration”, or even announcing the restriction of visas for foreign nationals “who censor Americans”. This very likely means EU officials enforcing the DSA.

The concerns expressed by members of the European parliament now seem to have materialized. The Commission’s ongoing investigation into Musk’s X, who played a significant role in the new U.S. administration, suggests that DSA enforcement has indeed been swayed by political pressure. The formal proceedings appear to be influenced by unrelated considerations. The Commission is reportedly contemplating “the risks of further antagonizing Mr. Trump amid wider trans-Atlantic disputes over trade, tariffs and the war in Ukraine” when determining the extent of fines imposed for DSA violations. Other parts of tech-regulation have also already seen signs of a “de-regulatory turn” by the European Commission, and so future scenarios in which the Commission might “sacrifice the Digital Services Act” for political expediency appear increasingly plausible. The Digital Markets Act (DMA), considered the “sister” of the DSA and solely enforced by the Commission, is reportedly already part of ongoing U.S.-EU trade negotiations. Although the Commission denies these claims, this development sparks concerns over the effectiveness of this regulation.

The changing role of the Commission

Given the discussions about both over- and under-regulation, it is important to note that even the Commission itself did not originally intend to assume the significant role of primarily regulating VLOPs, which it now fulfils under Art. 56(2,3) DSA. Instead, under Art. 40(1) of the initial proposal for the DSA by the Commission in 2020, it was the national Digital Services Coordinators that were, among other responsibilities, primarily in charge of supervising and enforcing the DSA obligations for VLOPs to manage systemic risks (Chapter III, Section 4). Subsequently, the Commission took on a backseat role pursuant to Art. 50 and 51 of the proposal, only potentially getting involved when a VLOP was suspected or found to have violated the aforementioned DSA regulations.

The current version of the DSA thus reflects amendments made later in the legislative process. Member states assigned the Commission to “have exclusive powers for the supervision and enforcement of the obligations applicable to [VLOPs]” in Art. 44a(1a) of the 2021 DSA proposal by the Council of the European Union. They were possibly motivated by efforts to ensure an adequate counterpart to the economic power VLOPs possess or to prevent a “regulatory capture” of national authorities as experienced in enforcement of the GDPR (see here, Art. 56, ref. 15). As noted, however, the tension between the political and regulatory objectives within the Commission causes a new kind of enforcement concern. In light of the DSA’s far-reaching implications for online communication, what is needed going forward is an enforcement body that is sufficiently independent from political pressure – accountable for its actions but not dependent on political successes. The protection of the relevant fundamental rights (e.g., Art. 11 CFR in relation to Art. 10 ECHR) that the DSA aims for pursuant to Art. 1(1) should not become subject to the whims of international politics as a result of biased enforcement.

Alternatives to guarantee independent DSA enforcement

Retaining the general enforcement structure of the DSA while assigning the role of the Commission to an enforcement body free from political pressure gives rise to three possible options: keeping the current DSA enforcement team within the Commission in charge while adding safeguards to ensure sufficient independence, establishing a new Regulatory European Agency, or creating a new independent body at the EU level.

The first option of additional safeguards has the benefit of building on the experience already gained from enforcing the DSA and may not require any changes to the text of the DSA itself. However, it raises the question of how to ensure sufficient independence of an enforcement team within the Commission. Potential sources of inspiration could be drawn from Eurostat, the statistical office of the EU, or OLAF, the European Anti-Fraud Office, as both entities are established within the Commission yet considered independent in certain respects. In order to ensure the professional independence of Eurostat, for example, correspondent safeguards are implemented with Art. 2(1)(a), 6(2) of Regulation (EC) No. 223/2009 and the first core principle of the European Statistics Code of Practice. Furthermore, Art. 6a(3) of Regulation (EC) No. 223/2009 also protects the Eurostat Director-General, although they are selected and appointed by the Commission, from seeking or taking instructions from other institutions or bodies when performing certain statistical tasks. At the same time, Eurostat remains accountable through mechanisms such as parliamentary oversight pursuant to Art. 6a(4) of Regulation (EC) No. 223/2009, which contributes to the legitimacy of the Commission; it is part of the broader European statistical framework System, which also encompasses peer reviews of Eurostat, and judicial review through the European Court of Justice. As long as DSA enforcement remains within the Commission itself, however, there remains a risk that political pressure could be exerted through other internal means (e.g., hiring or firing personnel, budget decisions). While Eurostat and OLAF may serve as possible blueprints for implementation, their unique positions within the Commission are strengthened by their respective connections to EU primary law (Art. 338(2), 325 TFEU) – a legal anchor that a DSA enforcement body would lack.

A second option would be establishing a new Regulatory European Agency through EU secondary law, responsible for enforcing the DSA instead of the Commission. This option, which the European Parliament also considered (e.g. during a 2020 resolution), relies on a type of decentralized EU body that has been increasingly used over the past decades and incorporates varying levels of formal independence. The establishment of a Regulatory European Agency has also been recommended regarding the Commission’s problematic role in independent DMA enforcement, given its benefits like increased flexibility, more options for participation by Member States, and greater spatial autonomy (see here, p. 433, 309ff.). Moving DSA enforcement out of the Commission may likely result in an increase of systemic independence but it might impact ongoing procedures during the transitional period, with previously accrued expertise potentially to be lost as well. But establishing a European Regulatory Agency could prove to be extremely efficient in the long-run: in its objectives, structure, and staffing, it is wholly designed for the purpose of DSA enforcement. Nonetheless, the accountability and legitimacy of European Regulatory Agencies remain subjects of ongoing academic debate. Delegating this task also raises significant legal challenges. As the DSA grants the Commission a range of powers – from adopting non-compliance decisions to issuing certain implementing or delegated acts – the principles of the ECJs (modified) “Meroni doctrine” must be considered in particular, which serves as a limit for the permissible delegation of decision-making powers.

Finally, an entirely new independent body could be established on the EU level to enforce the DSA in the Commission’s stead, drawing inspirations from institutions such as the European Central Bank. Notably, the European Parliament also considered this option during a legislative initiative process on the DSA, with one committee draft report supporting “the creation of an independent EU body to exercise effective oversight of compliance with the applicable rules”. Compared to the previous options, establishing an entirely new independent body on the EU level notably offers most freedom of design in ensuring independence. This freedom comes at the price of a comparatively higher legislative effort, however. Also, the wide range of possible design choices offers no guarantee of increased independence. Rather, the option functions as an institutional “wildcard” – one that opens the door to many potential approaches to legitimacy, accountability and dimensions of independence that may or may not be in favour of the intended change in DSA enforcement. But because of its range of possibilities, it also should not be dismissed too early. Considering the ever-increasing role of communication on VLOPs, the unusual decision to enforce the regulation at the EU level may likewise call for an equally unorthodox choice of enforcement authority.

While the need for independent DSA enforcement calls for changes in the current role of the Commission, alternative options preserving the broader enforcement framework of the DSA do exist. Although immediate changes are not feasible, considering the previously outlined discussions toward over- and under-regulation, this contribution may serve as an initial step toward a necessary debate on independent DSA enforcement at the EU level.

The authors are researching the topic of this blog post as part of the DSA Research Network, which is funded by Stiftung Mercator.

The post Independence as a Desideratum appeared first on Verfassungsblog.