With the upcoming Digital Services ActFootnote 1 the European Commission is striving for modernisation of the eCommerce directive—the foundation of EU legislation on digital services—and launched a respective public consultation.Footnote 2 Currently, the eCommerce directive provides the basis for the regulation of digital services in the EU, which has not been changed in the last 20 years. The directive is based on ideas and concepts that reflect the online reality of the late twentieth century. No doubt that eCommerce has changed dramatically since then—developing from a niche market to a widely accepted trade channel, with new stakeholders and developments emerging constantly. In the late 1990s, only few online shops existed, and consumers access to the internet was very limited and not very flexible. Today, large worldwide operating platforms dominate the market, and consumers are able to purchase online twenty-four seven via mobile devices using electronic payment services, something that was unimaginable 20 years ago.

1 Chances and challenges

However, the new opportunities that the modern eCommerce market provides to consumers and businesses come along with certain risks and challenges. Offers can be placed worldwide and products can be shipped from outside the EU directly to consumers in the Member States, often circumventing official controls, e.g., at border control posts or customs. Large market places and other service providers play a key role in facilitating these online sales and therefore can provide crucial pieces to the eCommerce trace-back puzzle. Therefore, the question of responsibility of these service providers—whose influence and contribution to online sales is beyond question—has to be rethought entirely. Moreover, according to the eCommerce directive, other important eCommerce players like payment service providers (PSPs) currently do not fall under the definition of “service providers”. PSPs play a key role not only when it comes to official information requests, e.g. when following the money flow, but also as far as aiding competent authorities to perform anonymous sampling and respective payment methods are concerned. Therefore, it is about time that—with the Digital Services Act—EU legislation in this field catches up with these developments, since authorities need to be equipped with appropriate tools for being able to perform risk-based controls and protect consumers.

2 The question of liability and responsibility

According to Art. 14 of Directive 2000/31/EC, a service provider “is not liable for the information stored at the request of a recipient of the service, on condition that […] the provider, upon obtaining such knowledge or awareness, acts expeditiously to remove or to disable access to the information.” Thus, platforms—even though many of them voluntarily established systems for the removal of non-compliant offers—only have to react upon notification e.g. by an authority. However, today’s online reality requires a paradigm shift from reactive to proactive responsibility of service providers, in particular regarding the liability for third party content and offers on their websites and platforms. Otherwise, if millions of offers from third country vendors on market places are addressing consumers within the EU, authorities will have to check the compliance of these offers in this vast market—and inform the service providers accordingly—in order to protect the consumers. It becomes obvious, that the well-established ways of official controls of the conventional market do not provide all answers for the eFood sector.

3 Vendor location vs. consumer location

The necessity for an adaption of the EU digital services legislation is very much based on the specific nature of online sales and the challenges to identify the competent authority. Unlike in conventional sales, not only the location of the online food business operator (eFBO) indicates which authority should deal with a certain online offer. The first and central question in eFood control is, whether an online offer is addressing consumers in a respective Member State, e.g. based on website language and currency. Court decisions of the German Federal Court of Justice (30.03.2006—I ZR 24/03 l)Footnote 3 and the European Court of Justice (2011/C 55/06)Footnote 4 provide respective guidance. In those cases, EU/national legislation is applicable and the need for international cooperation arises. Within the EU, the Rapid Alert System for Food and Feed (RASFF) and the Administrative Assistance and Cooperation System (AAC) are suitable to transfer those cases to the respective Member State to take action. But what if the vendors are hiding or located outside the EU? That is where the responsibility and immediate actions of other important online players become crucial, and that should not be solely voluntary.

4 What changes are needed?

No matter which field of competence, eCommerce control teams in the entire EU are facing similar challenges. In order to effectively and efficiently control eCommerce, the competent authorities must have the right to perform anonymous online searches for non-compliant/hazardous products, conduct anonymous sampling and request vendor information on websites, market places and social media platforms. This is a prerequisite to establish a high level of eFood safety, comparable with the conventional market. To ensure that, a broad interpretation of the service provider definition, a proactive responsibility of service providers/PSPs and the obligation to cooperate with competent authorities and law enforcement, as well as adequate empowerments for control authorities are needed. That is especially important when—as an “ultima ratio”—the cessation of a website according to Art. 138 (2) i, Regulation (EU) 2017/625 should be ordered. If a vendor is not cooperative, an obligatory cooperation of web space and/or internet service providers is essential to enforce these measures. This extended service provider definition and responsibility is not only crucial for consumer protection, but also to guarantee a fair competition between eFBOs within and outside the EU. The rules for a safe online experience apply for all vendors, and it needs proper legislation to allow competent authorities to enforce them.

Moreover, online marketplaces and social media providers must be obliged to check whether eFood sellers on their platforms are registered as FBO according to Art. 6, Regulation (EC) No 852/2004. The offered food products should be checked regarding safety, misleading/fraudulent practices, and their compliance with food information requirements of Regulation 1169/2011, by the platforms. If non-compliant products have already reached the consumer, these platforms should be obliged to inform the public according to Art. 19, Regulation (EC) No 178/2002.

Each eFBO should need to register each of its eFood websites with the competent authority in their Member State. Similar to the Market Surveillance Regulation (EU) 2019/1020, eFBOs from outside the EU should have to name an authorised representative within the EU. Via an EU-wide automated registration system, websites could be assigned with a registration number displayed on the website, transparent for consumers and authorities. As a first step, the large online platforms should extend the „Product Safety Pledge“Footnote 5 and check whether eFBOs offering food via their platforms are registered with their competent authorities.

The Digital Services Act provides a great opportunity to modernise and broaden the EU legislation on digital services and newly define the responsibility and liability of service providers. Changes are urgently needed to ensure a high level of consumer protection—comparable with the conventional market—not only for the eFood sector.