The competent authority of the Member State where the hosting service provider has its main establishment (or where its legal representative resides or is established) may adopt a decision finding that the provider is “exposed to terrorist content”. In other words, this means it runs a higher risk than other providers that its platform will be used to disseminate terrorist content.
This decision is taken by the competent authority (in Belgium, the BIPT) on the basis of objective factors, such as the receipt by the provider of at least 2 final removal orders in the previous 12 months. As soon as this decision is notified to the provider concerned, it is considered a hosting service provider “exposed to terrorist content”. However, it may, at any time, request the competent authority to review and, where appropriate, amend or revoke its decision.
The hosting service provider “exposed to terrorist content” is subject to additional obligations regarding other providers.
Adoption of specific measures
The exposed hosting service provider is required to take specific measures to protect its services against the dissemination to the public of terrorist content. These specific measures must be diligent, proportionate and non-discriminatory in order to ensure that fundamental rights are protected and that non-terrorist content is not removed.
It is up to the hosting service provider to choose the specific measures it wishes to adopt. These measures may include one or more of the following or any other measure it considers appropriate to combat the provision of terrorist content on its services:
- appropriate technical and operational measures or capacities (e.g. appropriate staffing or technical means to identify and expeditiously remove terrorist content or disable access to such content);
- easily accessible and user-friendly mechanisms for users to report to the hosting service provider alleged terrorist content;
- any other mechanism to increase the awareness of terrorist content on its services (e.g. mechanisms for moderation).
The specific measures adopted by the provider must comply with a set of requirements (e.g. effectiveness in mitigating the level of exposure, proportionality, application in a manner as to take full account of the rights and legitimate interest of the users (in particular fundamental rights), human supervision and verification when using automated tools). It is up to the competent authorities (in Belgium, the BIPT) to monitor compliance with these requirements.
The hosting service provider’s terms and conditions must include information about the specific measures adopted (e.g. explain how the specific measures work and, where applicable, the use of automated tools).
Where it is considered to be “exposed to terrorist content”, the hosting service provider must report to the competent authority on the specific measures within 3 months (and then annually) it has taken and intends to take. It must also do so if the competent authority adopts a decision stating that the specific measures taken by the provider do not meet the requirements imposed.
However, the TCO Regulation specifies that the adoption of specific measures does not impose on this provider
- any general obligation to monitor the information which they transmit or store, nor a general obligation actively to seek facts or circumstances indicating illegal activity.
- any obligation to use automated tools.
Complaint mechanism
The hosting service provider must establish an effective and accessible mechanism allowing content providers (where their content has been removed or access thereto has been disabled) to submit a complaint and to request the reinstatement of the content or of access thereto. Each complaint must be expeditiously examined, the content provider must be informed and the content must be reinstated without undue delay where its removal or disabling of access thereto was unjustified.
Preservation of content
As is the case for content removed as a result of a removal order, the exposed provider must also preserve content (and related data) which has been removed or access to which has been disabled as a result of specific measures.
Adaptation of terms and conditions
Where applicable, the hosting service provider is required to include in its terms and conditions provisions to address the misuse of its services for the dissemination to the public of terrorist content. It must apply these provisions in a diligent, proportionate and non-discriminatory manner, taking into account freedom of expression and information.
Transparency obligations
Where the provider has had to adopt specific measures, it must publish an annual transparency report containing information such as
- measures to identify and remove or disable access to terrorist content;
- measures to address the reappearance online of material which has previously been removed or to which access has been disabled, in particular where automated tools have been used;
- the number of items of terrorist content removed or to which access has been disabled following specific measures,
- the number and outcome of complaints it handled;
- the number of cases of reinstatement of content or of access thereto following a complaint from the content provider.