Message 001
Communication from the Commission - TRIS/(2023) 2222
Directive (EU) 2015/1535
Notification: 2023/0461/FR
Notification of a draft text from a Member State
Notification – Notification – Notifzierung – Нотификация – Oznámení – Notifikation – Γνωστοποίηση – Notificación – Teavitamine – Ilmoitus – Obavijest – Bejelentés – Notifica – Pranešimas – Paziņojums – Notifika – Kennisgeving – Zawiadomienie – Notificação – Notificare – Oznámenie – Obvestilo – Anmälan – Fógra a thabhairt
Does not open the delays - N'ouvre pas de délai - Kein Fristbeginn - Не се предвижда период на прекъсване - Nezahajuje prodlení - Fristerne indledes ikke - Καμμία έναρξη προθεσμίας - No abre el plazo - Viivituste perioodi ei avata - Määräaika ei ala tästä - Ne otvara razdoblje kašnjenja - Nem nyitja meg a késéseket - Non fa decorrere la mora - Atidėjimai nepradedami - Atlikšanas laikposms nesākas - Ma jiftaħx il-perijodi ta’ dewmien - Geen termijnbegin - Nie otwiera opóźnień - Não inicia o prazo - Nu deschide perioadele de stagnare - Nezačína oneskorenia - Ne uvaja zamud - Inleder ingen frist - Ní osclaíonn sé na moilleanna
MSG: 20232222.EN
1. MSG 001 IND 2023 0461 FR EN 24-07-2023 FR NOTIF
2. France
3A. Ministères économiques et financiers
Direction générale des entreprises
SCIDE/SQUALPI - Pôle Normalisation et réglementation des produits
Bât. Sieyès -Teledoc 143
61, Bd Vincent Auriol
75703 PARIS Cedex 13
d9834.france@finances.gouv.fr
3B. Ministère de l'économie, des finances et de la souveraineté industrielle et numérique
Direction générale des entreprises
SEN - Pôle Régulation des Plateformes Numériques
Bât. Necker -Teledoc 767
120 Rue de Bercy
75012 PARIS
4. 2023/0461/FR - SERV60 - Internet services
5. Legislative provisions to secure and regulate the digital space
6. Information Society Services
7.
8. Article 1 has been amended to explicitly oblige publishers of online public communication services to verify the age of their users, rather than simply requiring them to comply with their age verification system.
Article 2 has been amended to add providers of domain name resolution systems to the list of actors from whom Arcom may request blocking of offending pornographic sites.
An Article 2a has been added. It enables the Regulatory Authority for Audiovisual and Digital Communication to ask software application stores to prevent, within 48 hours, the download of social networking applications that do not comply with the age verification obligation established by the law of 7 July 2023 aimed at establishing a digital majority and combating online hate. The Article also allows ARCOM to ask application stores to prevent, within 48 hours, the download of an application broadcasting pornographic content that would not comply with the legal age verification obligations in force.
Article 3 has been amended to provide for the possibility of deferring the application of the obligation to inform the publisher that child pornography content has been removed.
An Article 4A has been added. It requires publishers of pornographic websites to display, before broadcasting content simulating certain crimes or offences, a message alerting consumers to the illegal nature of the behaviour depicted.
An Article 4B has been added. It introduces an obligation for web hosts to remove pornographic content broadcast without the consent of the person filmed.
Article 4 has been amended to include all non-European on-demand television and media services broadcast or distributed in France within the scope of audiovisual regulation. The amendments also provide for the list of offending sites to be blocked to be notified to providers of domain name resolution systems.
Article 5 has been amended several times. The range of offences for which the additional penalty of suspending the online platform service access account may be imposed has been extended. This penalty has also been extended to online social media networking services and video sharing platform services, and now concerns any access account regardless of whether it is the sole or main means of committing the offence. The framework within which this penalty may be imposed has also been amended. The possibility for the judicial authority to prohibit access to the platform access account is now provided for in three additional cases: the implementation of an alternative to prosecution, an alternative to imprisonment or a probationary suspended sentence. Article 46 of Law No. 78-17 of 6 January 1978 on data processing, data files and individual liberties now applies in the context of the additional penalty.
Article 5a has been added. It introduces an offence of online contempt, which is punishable by law for posting content online that violates the dignity of a person or is abusive, degrading or humiliating or creating an intimidating, hostile or offensive situation.
Article 6 has been amended several times. The finding of malicious cyber activities is now based on the obvious realisation of the infringement and no longer on the obvious design to carry it out. The blocking procedure has also been subject to several amendments. The formal notice to cease the infringement is now concomitant with the alert requesting the display of the warning message and the blocking of the website must be carried out without delay. The list of players involved in blocking websites has also been amended. Websites at risk must now be de-referenced by directory and search engine providers, and the penalties will apply to internet access providers, domain name resolution system providers and browser providers.
Article 7 has been amended several times. The maximum duration of cloud computing assets has been set at 1 year. Any exclusivity clause in connection with these assets and any tying of cloud computing services where it constitutes an unfair commercial practice has been prohibited. Migration fees have been limited to actual costs (with control by Arcep), with the Article stating that it is forbidden to charge for them when switching cloud service providers.
Article 9 has been amended to compel Arcep to distinguish between cloud computing services infrastructure, platforms and software when establishing rules on interoperability and portability and to take these differences into account when enacting technical specifications.
Article 10 has been amended to increase the cap on penalties for breaches of the portability and interoperability obligations for cloud computing services by referring to the global turnover of providers.
An Article 10a A has been added. It introduces new obligations to protect against government access through extraterritorial legislation: suppliers must take measures to ensure the protection of sensitive data and use qualified cloud computing services for such data.
An Article 10a has been added. It introduces a transparency obligation on exposure to extraterritorial laws for cloud computing providers and their intermediaries.
Article 22, which was not notified in its original version, intended only to adapt Law No 2004-575 of 21 June 2004 on confidence in the digital economy (LCEN), has been the subject of several amendments. An increased transparency obligation of online service publishers about the identities of all hosts of data of users of their services has been added. An obligation to immediately remove contentious content reported by a minor under 15 years of age has been introduced.
Article 28, which was not notified in its original version, intended only to adapt certain provisions of the Consumer Code in order to make them consistent with the implementation of the Digital Services Regulation (DSA), has been amended as follows: Video sharing platforms have been added to the list of entities likely to receive recommendations from Arcom to improve the fight against the dissemination of false information and those that do not store content have been designated as falling within the scope of the DSA.
Article 29, which was not notified in its original version, intended only to adapt Law No 2018-1202 of 22 December 2018 on the fight against the manipulation of information for the purposes of implementation and consistency with the DSA Regulation, has been amended to retain the obligation for platforms to set up a system for reporting false information.
Article 36 has been amended to align the entry into force of the measures governing transfer and migration fees with the transitional period provided for in the Data Act.
9. The SREN bill affirms that the success of the digital transition, for citizens, businesses and public services alike, depends primarily on our ability to create the conditions for a digital environment conducive to trust, fairness and equity in the economy and in exchanges on these new technological interfaces.
Article 1 ensures that users wishing to access pornographic content published by an online public communication service are adults. Thus, only adults will henceforth have access to websites with pornographic content through an age verification system that will strengthen everyone’s privacy.
Article 2 strengthens Arcom’s powers of intervention in the fight against access of minors to websites with pornographic content. These provisions are likely to greatly facilitate Arcom’s monitoring tasks, which are currently forced to use bailiffs to address these concerns, and will enable to secure and increase efficiency and speed in the collection of evidence in the context of the procedure for blocking pornographic websites.
Article 2a ensures the application of Arcom’s blocking mechanism within the mobile application universe when the age verification obligation is not complied with by the relevant players.
Articles 4A and 4B enable to better inform the user of pornographic websites and to further protect the filmed persons whose content has been broadcast without their consent.
Article 4 enables to ensure that operators concerned by the European restrictive measures are prohibited from broadcasting.
Article 5 enables to limit repetition of cyberbullying offences after conviction.
Article 5a makes it easier to punish online harassment.
The system, defined in Article 6, aims to protect citizens from phishing attempts and to reduce the risks of financial scams (counterfeit payments), identity theft, the misuse of personal data for malicious purposes or the collection of personal data through fraudulent, unfair or unlawful means.
Article 7 aims to regulate certain business practices that are currently prevalent in the cloud services market that alter freedom of choice and competition when a company wishes to contract with a cloud computing services provider or change the provider. The provisions address the twofold problem of lock-in of users within the environment of their first provider: business users are strongly encouraged to conclude a contract with providers that offer them cloud computing assets, and then become captive to these first providers because of the commercial and technical barriers to portability and interoperability. In particular, these providers may then charge high tariffs, based on the impediment to migration represented by the fees charged for data transfer, which are unrelated to the actual cost of the operation, as well as by the lack of technical interoperability with third-party services offered by other providers or developed by users.
Articles 9 and 10 ensure the relevant governance and application of the provisions described in Articles 7 and 8.
Articles 22, 28 and 29 adapt the national legal framework to the entry into force of Regulation 2022/2065.
10. References to basic texts: There are no reference texts
11. No
12.
13. No
14. No
15. No
16.
TBT aspects: No
SPS aspects: No
**********
European Commission
Contact point Directive (EU) 2015/1535
email: grow-dir2015-1535-central@ec.europa.eu