Law no. 50/2024 on establishing measures for the application of the Regulation of the European Parliament and of the Council of 19 October 2022 on a single market for digital services and amending Directive 2000/31/EC (the “DSA”), as well as on amending and supplementing Law no. 365/2002 on electronic commerce, was published in the Official Journal of Romania no. 232/2024 of 19 March 2024 (“Law 50/2024”), and entered into force on 22 March 2024.
1. OVERVIEW OF THE LEGAL FRAMEWORK ENACTED BY THE DSA
The DSA has entered into full force on 17 February 2024 with the purpose of fostering a safer digital landscape for both consumers and companies in the European Union. The DSA enacts a set of rules designed to establish the responsibilities of online platforms and social media in a more precise manner and safeguard the fundamental rights of all users of digital services and combat the dissemination of illegal content and disinformation online.
In a nutshell, the DSA introduced responsibilities and new transparency requirements for providers of intermediary services, such as internet access providers, app stores, social networks, online marketplaces, content-sharing platforms, and online travel and accommodation platforms. Amongst other obligations, the DSA imposes the following:
- designation of points of contact and legal representatives: a single point of contact must be assigned so that service recipients can communicate directly with the providers of intermediary services. Providers that do not have an establishment in the EU must designate a legal representative in one of the Member States where it provides services;
- publication of transparency reports: providers of intermediary services have an obligation to publish, at least once a year, clear and easily comprehensible reports on any content moderation that they engaged in during the relevant period;
- protection of minors: providers of online platforms must adopt measures to ensure a high level of privacy, safety, and security for minors;
- rules on online advertising: such rules on advertising transparency include (a) information on the main parameters for determining targeted advertising, (b) a ban on presenting advertisements based on profiling minors, and (c) a ban on using “dark patterns” (e., practices that aim to prevent users from making autonomous and informed choices or decisions);
- anti-illegal content measures: these include (a) implementing mechanisms for users to easily report illegal content, (b) alerting the authorities if there is a suspected crime, (c) temporarily suspending services for users who frequently provides manifestly illegal content;
- transparency regarding the terms and conditions: providers of intermediary services have the obligation to establish, in their terms and conditions, information on any policies, procedures, measures and tools used for the purpose of content moderation, including algorithmic decision-making and human review, as well as the rules of procedure of their internal complaint handling system;
- complaints and extrajudicial dispute resolution: providers of intermediary services must create an effective internal complaint-handling system that enables recipients to lodge complaints, electronically and free of charge so that complaints can be handled quickly. It establishes the possibility of recourse to the out-of-court dispute settlement, including those that have not been settled through the internal system.
The DSA provides stricter rules for both very large online platforms (“VLOPs”) and search engines (“VLOSEs”) (i.e., platforms and search engines that have at least 45 million active users per month in the European Union), which will have to comply with further requirements, such as:
- conducting an annual assessment of systemic risks, such as the dissemination of illegal content, intentional service manipulation and negative effects on fundamental rights, on electoral processes and in relation to gender-based violence or mental health, and
- adopting risk mitigation measures, such as adapting the design, features or functioning of their services, including their online interfaces, as well as their algorithms and recommender systems.
2. MAIN PROVISIONS OF LAW 50/2024
While the DSA had direct legal effect in EU Member States and consequently its provisions applied directly to providers of intermediary services, it was necessary to have national legislation to implement measures on the supervision and enforcement of the obligations enacted by the DSA. In this regard, Law 50/2024 sets out the following:
- designation and attributions of the Digital Services Coordinator
Law 50/2024 designates the National Authority for the Management and Regulation in Communications (“ANCOM”) as the national Digital Services Coordinator, responsible for the supervision of providers of intermediary services and enforcement of the DSA.
In this capacity, ANCOM monitors the compliance with the DSA and is entitled, among others, to perform investigations and apply sanctions and corrective measures. Moreover, ANCOM may carry out inspections of the premises that the providers of intermediary services use for purposes related to their trade, business, craft or profession, when it is necessary to examine the information system or obtain copies of the algorithmic systems used. Such inspections are subject to a prior authorization by a judge.
ANCOM may annually set a supervisory fee for the providers of intermediary services established in Romania. The amount of the supervisory fee is limited to covering the expenses related to fulfilling ANCOM’s tasks under Law 50/2024.
The supervisory fee may be imposed on the providers of intermediary services by ANCOM’s decision starting with 1 January 2027.
- information obligation
Providers of intermediary services must provide ANCOM, no later than 45 days after the beginning of service provision, with information on their identification details and their point of contact. As regards the providers of intermediary services that offered such services prior to the entry into force of Law 50/2024, the 45-day term begins upon the enactment of secondary legislation by ANCOM.
Subsequent to receiving information from the provider of intermediary services, ANCOM automatically creates an individual account for the provider to access the “My ANCOM” service.
- responsible authorities
Public authorities or institutions vested with responsibilities regarding the supervisions of certain sectors or domains of activity may issue to providers of intermediary services (i) orders to act against illegal content or (ii) orders to provide information.
The provider of intermediary services that has received an order as per the paragraph above must inform ANCOM, no later than 10 days from the date of receipt, regarding the implementation of the order issued by the judicial authorities.
- sanctions
Failure to comply with the obligations laid down in the DSA will result in fines ranging from RON 5,000 (approximately EUR 1,000) up to 6% of the annual worldwide turnover of the provider of intermediary services in the preceding financial year.
ANCOM minutes on the infringement and the related sanction may also be concluded in an electronic form. In this situation, the minutes shall be communicated to the provider of intermediary services via My ANCOM service within a maximum of two months from the date the sanction is applied.
Providers of intermediary services may challenge the minutes within 15 days from the communication date.
- amendment and completion of Law no. 365/2002 on electronic commerce
Law no. 365/2002 on electronic commerce was amended as to include the new provisions laid down by the DSA. In this respect, the Authority for the Digitalization of Romania was designated as the relevant authority to supervise and ensure compliance with the provisions of such law.
