Europe Wants to Be the World’s Cyber Cop. Big Tech Will Pay the Price.
Pavel Durov may not be the last internet billionaire to run afoul of European authorities.
To be sure, the Telegram CEO was arrested by French police, not the European Union. But the EU has jumped ahead of the global regulatory curve with two sweeping pieces of legislation: the Digital Services Act, or DSA, which took effect for a dozen “very large online platforms” a year ago, and the AI Act, which just hit the books in August.
With a market of 450 million customers and annual gross domestic product around $15 trillion at stake, the titans of global tech will have to take notice. “I think becoming global regulator by default is part of the EU’s plan,” says Jacob Mchangama, founder of Denmark-based free speech advocate Justitia.
European Commission enforcers have hit the ground running, relatively, on DSA. They are investigating Meta Platforms’ Facebook and Instagram for deceptive ads and “visibility of political content,” online marketplace AliExpress for permitting illegal content, and TikTok for “addictive design.” (No. Really?)
The subject of the most advanced probe is—no surprise here—Elon Musk’s renamed X. In July, Brussels handed down a preliminary finding that the “blue check mark” that X awards to supposedly verified users is deceptive.
The DSA doesn’t empower regulators to censor social media directly. The commission would have to “jump through many hoops” before enacting the sort of summary shutdown that Brazil lately ordered for X, says Jan Penfrat, senior policy advisor at European Digital Rights.
The platforms themselves need to formalize guidelines and report on how they are moderating “systemic risks.” Some of these sound pretty slippery slope-ish, though, like “negative effects on civic discourse.”
“There is a threat of creeping unintentional stifling in the DSA,” says Julian Jaursch, lead for platform regulation at Berlin-based NGO Interface.
The conduct of Thierry Breton, who has overseen the DSA rollout as the EC internal markets commissioner, has exacerbated that threat, says Daphne Keller, director of the program on platform regulation at Stanford University’s Cyber Policy Center.
Breton publicly warned Musk, hours before the X owner’s recent live interview with Donald Trump, to ensure “that all effective mitigation measures are put in place regarding the amplification of harmful content.” After Hamas’ Oct. 7 attack on Israel, he urged a number of these large online platforms to be “very vigilant” about complying with EU content guidelines.
“Breton’s letters are a catastrophic example of the DSA working badly,” Keller remarks.
At the very least, the EU’s superregulations will be a costly pain in the neck for Big Tech. The DSA, among much other paperwork, requires the platforms to conduct an annual external compliance audit. “This is an exhaustive look at platform operations that is extremely expensive,” Keller says.
The law’s true Pandora’s box is a right for any user whose content has been removed, or whose complaint about someone else’s content is ignored, to appeal to an “out of court dispute settlement” body, at the platform’s expense. The large online platforms have logged more than nine billion such decisions within the EU since the DSA took effect, Keller reports. No data yet on the number of appeals.
Compliance won’t come cheap with the AI Act, either, which requires robust documentation on the data sets used to “train” artificial-intelligence systems, says Florence G’sell, leader of the digital governance and sovereignty chair at France’s Sciences Po. “You have to have a very good legal team even to understand the regulations,” she observes.