(Ordinary legislative procedure: first reading)

The European Parliament,

–  having regard to the Commission proposal to Parliament and the Council (COM(2018)0640),

–  having regard to Article 294(2) and Article 114 of the Treaty on the Functioning of the European Union, pursuant to which the Commission submitted the proposal to Parliament (C8‑0405/2018),

–  having regard to Article 294(3) of the Treaty on the Functioning of the European Union,

–  having regard to the reasoned opinion submitted, within the framework of Protocol No 2 on the application of the principles of subsidiarity and proportionality, by the Czech Chamber of Deputies, asserting that the draft legislative act does not comply with the principle of subsidiarity,

–  having regard to the opinion of the European Economic and Social Committee of 12 December 2018(1),

–  having regard to Rule 59 of its Rules of Procedure,

–  having regard to the report of the Committee on Civil Liberties, Justice and Home Affairs and also the opinions of the Committee on Culture and Education and the Committee on the Internal Market and Consumer Protection (A8-0193/2019),

1.  Adopts its position at first reading hereinafter set out;

2.  Calls on the Commission to refer the matter to Parliament again if it replaces, substantially amends or intends to substantially amend its proposal;

3.  Instructs its President to forward its position to the Council, the Commission and the national parliaments.

(1) OJ C 110, 22.3.2019, p. 67.

THE EUROPEAN PARLIAMENT AND THE COUNCIL OF THE EUROPEAN UNION,

Having regard to the Treaty on the Functioning of the European Union, and in particular Article 114 thereof,

Having regard to the proposal from the European Commission,

After transmission of the draft legislative act to the national parliaments,

Having regard to the opinion of the European Economic and Social Committee(1),

Acting in accordance with the ordinary legislative procedure(2),

Whereas:

(1)  This Regulation aims at ensuring the smooth functioning of the digital single market in an open and democratic society, by preventing tackling the misuse of hosting services for terrorist purposes and contributing to public security in European societies. The functioning of the digital single market should be improved by reinforcing legal certainty for hosting service providers, reinforcing users' trust in the online environment, and by strengthening safeguards to the freedom of expression and, the freedom to receive and impart information and ideas in an open and democratic society and the freedom and pluralism of the media. [Am. 2]

(1a)  Regulation of hosting service providers can only complement Member States’ strategies to address terrorism, which must emphasise offline measures such as investment in social work, de-radicalisation initiatives and engagement with affected communities to achieve a sustainable prevention of radicalisation in society. [Am. 3]

(1b)   Terrorist content is part of a broader problem of illegal content online, which includes other forms of content such as child sexual exploitation, illegal commercial practises and breaches of intellectual property. Trafficking in illegal content is often undertaken by terrorist and other criminal organisations to launder and raise seed money to finance their operations. This problem requires a combination of legislative, non-legislative and voluntary measures based on collaboration between authorities and providers, in the full respect for fundamental rights. Though the threat of illegal content has been mitigated by successful initiatives such as the industry-led Code of Conduct on countering illegal hate speech online and the WePROTECT Global Alliance to end child sexual abuse online, it is necessary to establish a legislative framework for cross-border cooperation between national regulatory authorities to take down illegal content. [Am. 4]

(2)  Hosting service providers active on the internet play an essential role in the digital economy by connecting business and citizens, providing learning opportunities and by facilitating public debate and the distribution and receipt of information, opinions and ideas, contributing significantly to innovation, economic growth and job creation in the Union. However, their services are in certain cases abused by third parties to carry out illegal activities online. Of particular concern is the misuse of hosting service providers by terrorist groups and their supporters to disseminate terrorist content online in order to spread their message, to radicalise and recruit and to facilitate and direct terrorist activity. [Am. 5]

(3)  While not the only factor, the presence of terrorist content online has proven to be a catalyst for the radicalisation of individuals who have committed terrorist acts, and therefore has serious negative consequences for users, for citizens and society at large as well as for the online service providers hosting such content, since it undermines the trust of their users and damages their business models. In light of their central role and proportionate to the technological means and capabilities associated with the services they provide, online service providers have particular societal responsibilities to protect their services from misuse by terrorists and to help competent authorities to tackle terrorist content disseminated through their services, whilst taking into account the fundamental importance of the freedom of expression and freedom to receive and impart information and ideas in an open and democratic society. [Am. 6]

(4)  Efforts at Union level to counter terrorist content online commenced in 2015 through a framework of voluntary cooperation between Member States and hosting service providers need to be complemented by a clear legislative framework in order to further reduce accessibility to terrorist content online and adequately address a rapidly evolving problem. This legislative framework seeks to build on voluntary efforts, which were reinforced by the Commission Recommendation (EU) 2018/334(3) and responds to calls made by the European Parliament to strengthen measures to tackle illegal and harmful content in line with the horizontal framework established by Directive 2000/31/EC and by the European Council to improve the automatic detection and removal of content that incites to terrorist acts. [Am. 7]

(5)  The application of this Regulation should not affect the application of Article 14 of Directive 2000/31/EC(4). In particular, any measures taken by the hosting service provider in compliance with this Regulation, including any proactive measures, should not in themselves lead to that service provider losing the benefit of the liability exemption provided for in that provision. This Regulation leaves unaffected the powers of national authorities and courts to establish liability of hosting service providers in specific cases where the conditions under Article 14 of Directive 2000/31/EC for liability exemption are not met. [Am. 8]

(6)  Rules to prevent tackle the misuse of hosting services for the dissemination of terrorist content online in order to guarantee the smooth functioning of the internal market are set out in this Regulation in full and should fully respect of the fundamental rights protected in the Union's legal order and notably those guaranteed in the Charter of Fundamental Rights of the European Union. [Am. 9]

(7)  This Regulation contributes seeks to contribute to the protection of public security while establishing and should establish appropriate and robust safeguards to ensure protection of the fundamental rights at stake. This includes the rights to respect for private life and to the protection of personal data, the right to effective judicial protection, the right to freedom of expression, including the freedom to receive and impart information, the freedom to conduct a business, and the principle of non-discrimination. Competent authorities and hosting service providers should only adopt measures which are necessary, appropriate and proportionate within a democratic society, taking into account the particular importance accorded to the freedom of expression and, the freedom to receive and impart information and ideas, the rights to respect for private and family life and the protection of personal data which constitute one of the essential foundations of a pluralist, democratic society, and is one of are the values on which the Union is founded. Any Measures measures constituting should avoid interference in the freedom of expression and information and insofar as possible should be strictly targeted, in the sense that they must serve to prevent tackle the dissemination of terrorist content through a strictly targeted approach, but without thereby affecting the right to lawfully receive and impart information, taking into account the central role of hosting service providers in facilitating public debate and the distribution and receipt of facts, opinions and ideas in accordance with the law. Effective online counterterrorism measures and the protection of freedom of expression are not conflicting, but complementary and mutually reinforcing goals. [Am. 10]

(8)  The right to an effective remedy is enshrined in Article 19 TEU and Article 47 of the Charter of Fundamental Rights of the European Union. Each natural or legal person has the right to an effective judicial remedy before the competent national court against any of the measures taken pursuant to this Regulation, which can adversely affect the rights of that person. The right includes, in particular the possibility for hosting service providers and content providers to effectively contest the removal orders before the court of the Member State whose authorities issued the removal order and the possibilities for content providers to contest the specific measures taken by the hosting provider. [Am. 11]

(9)  In order to provide clarity about the actions that both hosting service providers and competent authorities should take to prevent tackle the dissemination of terrorist content online, this Regulation should establish a definition of terrorist content for preventative purposes drawing on the definition of terrorist offences under Directive (EU) 2017/541 of the European Parliament and of the Council(5). Given the need to address tackle the most harmful terrorist propaganda content online, the definition should capture material and information that incites, encourages or solicits advocates the commission or contribution to of terrorist offences, provides instructions for the commission of such offences or promotes the participation in activities of a terrorist group thereby causing danger that one or more such offences may be committed intentionally. The definition should also cover content that provides guidance for the making and the use of explosives, firearms, any other weapons, noxious or hazardous substances as well as Chemical, Biological, Radiological and Nuclear (CBRN) substances and any guidance on other methods and techniques, including the selection of targets, for the purpose of committing terrorist offences. Such information includes in particular text, images, sound recordings and videos. When assessing whether content constitutes terrorist content within the meaning of this Regulation, competent authorities as well as hosting service providers should take into account factors such as the nature and wording of the statements, the context in which the statements were made and their potential to lead to harmful consequences, thereby affecting the security and safety of persons. The fact that the material was produced by, is attributable to or disseminated on behalf of an EU-listed terrorist organisation or person constitutes an important factor in the assessment. Content disseminated for educational, journalistic or research purposes or for awareness-raising purposes against terrorist activity should be adequately protected. Especially in cases where the content provider holds an editorial responsibility, any decision as to the removal of the disseminated material should take into account the journalistic standards established by press or media regulation consistent with the law of the Union and the Charter of Fundamental Rights. Furthermore, the expression of radical, polemic or controversial views in the public debate on sensitive political questions should not be considered terrorist content. [Am. 12]

(10)  In order to cover those online hosting services where terrorist content is disseminated, this Regulation should apply to information society services which store information provided by a recipient of the service at his or her request and in making the information stored available to third parties the public, irrespective of whether this activity is of a mere technical, automatic and passive nature. By way of example such providers of information society services include social media platforms, video streaming services, video, image and audio sharing services, file sharing and other cloud services to the extent they make the information available to third parties the public and websites where users can make comments or post reviews. The Regulation should also apply to hosting service providers established outside the Union but offering services within the Union, since a significant proportion of hosting service providers exposed to terrorist content on their services are established in third countries. This should ensure that all companies operating in the Digital Single Market comply with the same requirements, irrespective of their country of establishment. The determination as to whether a service provider offers services in the Union requires an assessment whether the service provider enables legal or natural persons in one or more Member States to use its services. However, the mere accessibility of a service provider’s website or of an email address and of other contact details in one or more Member States taken in isolation should not be a sufficient condition for the application of this Regulation. It should not apply to cloud services, including business-to-business cloud services, with respect to which the service provider has no contractual rights concerning what content is stored or how it is processed or made publicly available by its customers or by the end-users of such customers, and where the service provider has no technical capability to remove specific content stored by their customers or the end-users of their services. [Am. 13]

(11)  A substantial connection to the Union should be relevant to determine the scope of this Regulation. Such a substantial connection to the Union should be considered to exist where the service provider has an establishment in the Union or, in its absence, on the basis of the existence of a significant number of users in one or more Member States, or the targeting of activities towards one or more Member States. The targeting of activities towards one or more Member States can be determined on the basis of all relevant circumstances, including factors such as the use of a language or a currency generally used in that Member State, or the possibility of ordering goods or services. The targeting of activities towards a Member State could also be derived from the availability of an application in the relevant national application store, from providing local advertising or advertising in the language used in that Member State, or from the handling of customer relations such as by providing customer service in the language generally used in that Member State. A substantial connection should also be assumed where a service provider directs its activities towards one or more Member State as set out in Article 17(1)(c) of Regulation (EU) No 1215/2012 of the European Parliament and of the Council(6). On the other hand, provision of the service in view of mere compliance with the prohibition to discriminate laid down in Regulation (EU) 2018/302 of the European Parliament and of the Council(7) cannot, on that ground alone, be considered as directing or targeting activities towards a given territory within the Union. [Am. 14]

(12)  Hosting service providers should apply certain duties of care, in order to prevent tackle the dissemination of terrorist content on their services to the public. These duties of care should not amount to a general monitoring obligation on hosting service providers to monitor the information which they store, nor to a general obligation to actively seek facts or circumstances indicating illegal activity. Duties of care should include that, when applying this Regulation, hosting services providers act in a transparent, diligent, proportionate and non-discriminatory manner in respect of content that they store, in particular when implementing their own terms and conditions, with a view to avoiding removal of content which is not terrorist. The removal or disabling of access has to be undertaken in the observance of freedom of expression and, the freedom to receive and impart information and ideas in an open and democratic society and the freedom and pluralism of the media. [Am. 15].

(13)  The procedure and obligations resulting from legal removal orders requesting hosting service providers to remove terrorist content or disable access to it, following an assessment by the competent authorities, should be harmonised. Member States should remain free as to the choice of the competent authorities allowing them to designate a judicial authority or a functionally independent administrative, or law enforcement or judicial authorities authority with that task. Given the speed at which terrorist content is disseminated across online services, this provision imposes obligations on hosting service providers to ensure that terrorist content identified in the removal order is removed or access to it is disabled within one hour from receiving the removal order. It is for the hosting service providers to decide whether to remove the content in question or disable access to the content for users in the Union. [Am. 16]

(14)  The competent authority should transmit the removal order directly to the addressee and contact point of contact of the hosting service provider and where the hosting service provider’s main establishment is in another Member State, to the competent authority of that Member State by any electronic means capable of producing a written record under conditions that allow the service provider to establish authenticity, including the accuracy of the date and the time of sending and receipt of the order, such as by secured email and platforms or other secured channels, including those made available by the service provider, in line with the rules protecting personal data. This requirement may notably be met by the use of qualified electronic registered delivery services as provided for by Regulation (EU) No 910/2014 of the European Parliament and of the Council(8). [Am. 17]

(15)  Referrals by the competent authorities or Europol constitute an effective and swift means of making hosting service providers aware of specific content on their services. This mechanism of alerting hosting service providers to information that may be considered terrorist content, for the provider’s voluntary consideration of the compatibility its own terms and conditions, should remain available in addition to removal orders. It is important that hosting service providers assess such referrals as a matter of priority and provide swift feedback about action taken. The ultimate decision about whether or not to remove the content because it is not compatible with their terms and conditions remains with the hosting service provider. In implementing this Regulation related to referrals, Europol’s mandate as laid down in Regulation (EU) 2016/794(9) remains unaffected. [Am. 18]

(16)  Given the scale and speed necessary for effectively identifying and removing terrorist content, proportionate proactive specific measures, including by using automated means in certain cases, are an essential element in tackling terrorist content online. With a view to reducing the accessibility of terrorist content on their services, hosting service providers should assess whether it is appropriate to take proactive specific measures depending on the risks and level of exposure to terrorist content as well as to the effects on the rights of third parties and the public interest of to receive and impart information, in particular where there is a substantial level of exposure to terrorist content and receipt of removal orders. Consequently, hosting service providers should determine what appropriate, targeted, effective and proportionate proactive specific measure should be put in place. This requirement should not imply a general monitoring obligation. Those specific measures may include regular reporting to the competent authorities, increase of human resources dealing with measures to protect the services against public dissemination of terrorist content, and exchange of best practices. In the context of this assessment, the absence of removal orders and referrals addressed to a hosting provider, is an indication of a low level of exposure to terrorist content. [Am. 19]

(17)  When putting in place proactive specific measures, hosting service providers should ensure that users’ right to freedom of expression and information - including to freely freedom to receive and impart information - and ideas in an open and democratic society is preserved. In addition to any requirement laid down in the law, including the legislation on protection of personal data, hosting service providers should act with due diligence and implement safeguards, including notably human oversight and verifications, where appropriate, to avoid any unintended and erroneous decision leading to removal of content that is not terrorist content. This is of particular relevance when hosting service providers use automated means to detect terrorist content. Any decision to use automated means, whether taken by the hosting service provider itself or pursuant to a request by the competent authority, should be assessed with regard to the reliability of the underlying technology and the ensuing impact on fundamental rights. [Am. 20]

(18)  In order to ensure that hosting service providers exposed to terrorist content take appropriate measures to prevent the misuse of their services, the competent authorities authority should request hosting service providers having received a substantial number of final removal order, which has become final orders, to report on the proactive specific measures taken. These could consist of measures to prevent the re-upload of terrorist content, removed or access to it disabled as a result of a removal order or referrals they received, checking against publicly or privately-held tools containing known terrorist content. They may also employ the use of reliable technical tools to identify new terrorist content, either using those available on the market or those developed by the hosting service provider. The service provider should report on the specific proactive measures in place in order to allow the competent authority to judge whether the measures are necessary, effective and proportionate and whether, if automated means are used, the hosting service provider has the necessary abilities for human oversight and verification. In assessing the effectiveness, necessity and proportionality of the measures, competent authorities should take into account relevant parameters including the number of removal orders and referrals issued to the provider, their size and economic capacity and the impact of its service in disseminating terrorist content (for example, taking into account the number of users in the Union), as well as the safeguards put in place to protect the freedom of expression and information and the number of incidents of restrictions on legal content. [Am. 21]

(19)  Following the request, the competent authority should enter into a dialogue with the hosting service provider about the necessary proactive specific measures to be put in place. If necessary, the competent authority should impose request the hosting provider to re-evaluate the measures needed or request the adoption of appropriate, effective and proportionate proactive specific measures where it considers that the measures taken do not respect the principles of necessity and proportionality or are insufficient to meet the risks. A decision to impose The competent authority should only request specific measures that the hosting service provider can reasonably be expected to implement, taking into account, among other factors, the hosting service provider’s financial and other resources. A request to implement such specific proactive measures should not, in principle, lead to the imposition of a general obligation to monitor, as provided in Article 15(1) of Directive 2000/31/EC. Considering the particularly grave risks associated with the dissemination of terrorist content, the decisions adopted by the competent authorities on the basis of this Regulation could derogate from the approach established in Article 15(1) of Directive 2000/31/EC, as regards certain specific, targeted measures, the adoption of which is necessary for overriding public security reasons. Before adopting such decisions, the competent authority should strike a fair balance between the public interest objectives and the fundamental rights involved, in particular, the freedom of expression and information and the freedom to conduct a business, and provide appropriate justification. [Am. 22]

(20)  The obligation on hosting service providers to preserve removed content and related data, should be laid down for specific purposes and limited in time to what is necessary. There is need to extend the preservation requirement to related data to the extent that any such data would otherwise be lost as a consequence of the removal of the content in question. Related data can include data such as ‘subscriber data’, including in particular data pertaining to the identity of the content provider as well as ‘access data’, including for instance data about the date and time of use by the content provider, or the log-in to and log-off from the service, together with the IP address allocated by the internet access service provider to the content provider. [Am. 23]

(21)  The obligation to preserve the content for proceedings of administrative or judicial review or remedy is necessary and justified in view of ensuring the effective measures of redress for the content provider whose content was removed or access to it disabled as well as for ensuring the reinstatement of that content as it was prior to its removal depending on the outcome of the review procedure. The obligation to preserve content for investigative and prosecutorial purposes is justified and necessary in view of the value this material could bring for the purpose of disrupting or preventing terrorist activity. Where companies remove material or disable access to it, in particular through their own proactive specific measures, and do not they should inform the relevant authority because they assess that it does not fall in the scope of Article 13(4) of this Regulation, competent law enforcement may be unaware of the existence of the content. Therefore, authorities promptly. theThe preservation of content for purposes of prevention, detection, investigation and prosecution of terrorist offences is also justified. For these purposes, the terrorist content and the related data should be stored only for a specific period allowing the law enforcement authorities to check the content and decide whether it would be needed for those specific purposes. This period should not exceed six months. For the purposes of prevention, detection, investigation and prosecution of terrorist offences, the required preservation of data is limited to data that is likely to have a link with terrorist offences, and can therefore contribute to prosecuting terrorist offences or to preventing serious risks to public security. [Am. 24]

(22)  To ensure proportionality, the period of preservation should be limited to six months to allow the content providers sufficient time to initiate the review process and or to enable law enforcement authorities’ access to relevant data for the investigation and prosecution of terrorist offences. However, this period may be prolonged for the period that is necessary in case the review or remedy proceedings are initiated but not finalised within the six months period upon request by the authority carrying out the review. This duration should also be sufficient to allow law enforcement authorities to preserve the necessary evidence material in relation to investigations and prosecutions, while ensuring the balance with the fundamental rights concerned. [Am. 25]

(23)  This Regulation does not affect the procedural guarantees and procedural investigation measures related to the access to content and related data preserved for the purposes of the investigation and prosecution of terrorist offences, as regulated under the national law of the Member States, and under Union legislation.

(24)  Transparency of hosting service providers' policies in relation to terrorist content is essential to enhance their accountability towards their users and to reinforce trust of citizens in the Digital Single Market. Hosting Only hosting service providers which are subject to removal orders for that year should be obliged to publish annual transparency reports containing meaningful information about action taken in relation to the detection, identification and removal of terrorist content. [Am. 26]

(24a)  The authorities competent to issue removal order should also publish transparency reports containing information on the number of removal orders, the number of refusals, the number of identified terrorist content which led to investigation and prosecution of terrorist offences and the number of cases of content wrongly identified as terrorist. [Am. 27]

(25)  Complaint procedures constitute a necessary safeguard against erroneous removal of content protected under the freedom of expression and freedom to receive and impart information and ideas in an open and democratic society. Hosting service providers should therefore establish user-friendly complaint mechanisms and ensure that complaints are dealt with promptly and in full transparency towards the content provider. The requirement for the hosting service provider to reinstate the content where it has been removed in error, does not affect the possibility of hosting service providers to enforce their own terms and conditions on other grounds. [Am. 28]

(26)  Effective legal protection according to Article 19 TEU and Article 47 of the Charter of Fundamental Rights of the European Union requires that persons are able to ascertain the reasons upon which the content uploaded by them has been removed or access to it disabled. For that purpose, the hosting service provider should make available to the content provider meaningful information such as the reasons for the removal or disabling of access, the legal basis for the action enabling the content provider to contest the decision. However, this does not necessarily require a notification to the content provider. Depending on the circumstances, hosting service providers may replace content which is considered terrorist content, with a message that it has been removed or disabled in accordance with this Regulation. Further information about the reasons as well as possibilities for the content provider to contest the decision should be given upon request. Where competent authorities decide that for reasons of public security including in the context of an investigation, it is considered inappropriate or counter-productive to directly notify the content provider of the removal or disabling of content, they should inform the hosting service provider. [Am. 29]

(27)  In order to avoid duplication and possible interferences with investigations and to minimise the expenses of the affected service providers, the competent authorities should inform, coordinate and cooperate with each other and where appropriate with Europol when issuing removal orders or sending referrals to hosting service providers. In implementing the provisions of this Regulation, Europol could provide support in line with its current mandate and existing legal framework. [Am. 30]

(27a)  Referrals by Europol constitute an effective and swift means of making hosting service providers aware of specific content on their services. This mechanism of alerting hosting service providers to information that may be considered terrorist content, for the provider’s voluntary consideration of the compatibility with its own terms and conditions, should remain available in addition to removal orders. For that reason it is important that hosting service providers cooperate with Europol and assess Europol's referrals as a matter of priority and provide swift feedback about action taken. The ultimate decision about whether or not to remove the content because it is not compatible with their terms and conditions remains with the hosting service provider. In implementing this Regulation, Europol’s mandate as laid down in Regulation (EU) 2016/794(10) remains unaffected. [Am. 31]

(28)  In order to ensure the effective and sufficiently coherent implementation of proactive measures by hosting service providers, competent authorities in Member States should liaise with each other with regard to the discussions they have with hosting service providers as to removal orders and the identification, implementation and assessment of specific proactive measures. Similarly, such Such cooperation is also needed in relation to the adoption of rules on penalties, as well as the implementation and the enforcement of penalties. [Am. 32]

(29)  It is essential that the competent authority within the Member State responsible for imposing penalties is fully informed about the issuing of removal orders and referrals and subsequent exchanges between the hosting service provider and the relevant competent authority authorities in other Member States. For that purpose, Member States should ensure appropriate and secure communication channels and mechanisms allowing the sharing of relevant information in a timely manner. [Am. 33]

(30)  To facilitate the swift exchanges between competent authorities as well as with hosting service providers, and to avoid duplication of effort, Member States may make use of tools developed by Europol, such as the current Internet Referral Management application (IRMa) or successor tools.

(31)  Given the particular serious consequences of certain terrorist content, hosting service providers should promptly inform the authorities in the Member State concerned or the competent authorities where they are established or have a legal representative, about the existence of any evidence of terrorist offences that they become aware of. In order to ensure proportionality, this obligation is limited to terrorist offences as defined in Article 3(1) of Directive (EU) 2017/541. The obligation to inform does not imply an obligation on hosting service providers to actively seek any such evidence. The Member State concerned is the Member State which has jurisdiction over the investigation and prosecution of the terrorist offences pursuant to Directive (EU) 2017/541 based on the nationality of the offender or of the potential victim of the offence or the target location of the terrorist act. In case of doubt, hosting service providers may transmit the information to Europol which should follow up according to its mandate, including forwarding to the relevant national authorities.

(32)  The competent authorities in the Member States should be allowed to use such information to take investigatory measures available under Member State or Union law, including issuing a European Production Order under Regulation on European Production and Preservation Orders for electronic evidence in criminal matters(11).

(33)  Both hosting service providers and Member States should establish points of contact to facilitate the swift expeditious handling of removal orders and referrals. In contrast to the legal representative, the point of contact serves operational purposes. The hosting service provider’s point of contact should consist of any dedicated means allowing for the electronic submission of removal orders and referrals and of technical and personal means allowing for the swift expeditious processing thereof. The point of contact for the hosting service provider does not have to be located in the Union and the hosting service provider is free to nominate an existing point of contact, provided that this point of contact is able to fulfil the functions provided for in this Regulation. With a view to ensure that terrorist content is removed or access to it is disabled within one hour from the receipt of a removal order, hosting service providers should ensure that the point of contact is reachable 24/7. The information on the point of contact should include information about the language in which the point of contact can be addressed. In order to facilitate the communication between the hosting service providers and the competent authorities, hosting service providers are encouraged to allow for communication in one of the official languages of the Union in which their terms and conditions are available. [Am. 34]

(34)  In the absence of a general requirement for service providers to ensure a physical presence within the territory of the Union, there is a need to ensure clarity under which Member State's jurisdiction the hosting service provider offering services within the Union falls. As a general rule, the hosting service provider falls under the jurisdiction of the Member State in which it has its main establishment or in which it has designated a legal representative. Nevertheless, where another Member State issues a removal order, its authorities should be able to enforce their orders by taking coercive measures of a non-punitive nature, such as penalty payments. With regards to a hosting service provider which has no establishment in the Union and does not designate a legal representative, any Member State should, nevertheless, be able to issue penalties, provided that the principle of ne bis in idem is respected. [Am. 35]

(35)  Those hosting service providers which are not established in the Union, should designate in writing a legal representative in order to ensure the compliance with and enforcement of the obligations under this Regulation. Hosting service providers may make use of an existing legal representative, provided that this legal representative is able to fulfil the functions as set out in this Regulation. [Am. 36]

(36)  The legal representative should be legally empowered to act on behalf of the hosting service provider.

(37)  For the purposes of this Regulation, Member States should designate competent authorities. The a single judicial or functionally independent administrative authority. This requirement to designate competent authorities does not necessarily require necessitate the establishment of new authorities a new authority but can be an existing bodies body tasked with the functions set out in this Regulation. This Regulation requires designating authorities an authority competent for issuing removal orders, referrals and for overseeing proactive specific measures and for imposing penalties. It is for Member States to decide how many authorities they wish to designate for these tasks should communicate the competent authority designated under this Regulation to the Commission, which should publish online a compilation of the competent authority of each Member State. The online registry should be easily accessible to facilitate the swift verification of the authenticity of removal orders by the hosting service providers. [Am. 37]

(38)  Penalties are necessary to ensure the effective implementation by hosting service providers of the obligations pursuant to this Regulation. Member States should adopt rules on penalties, including, where appropriate, fining guidelines. Particularly severe penalties shall Penalties should be ascertained in the event that the hosting service provider providers systematically fails and persistently fail to remove terrorist content or disable access to it within one hour from receipt of a removal order. Non-compliance in individual cases could be sanctioned while respecting the principles of ne bis in idem and of proportionality and ensuring that such sanctions take account of systematic failure. In order to ensure legal certainty, the regulation should set out to what extent the relevant comply with their obligations can be subject to penalties under this Regulation. Penalties for non-compliance with Article 6 should only be adopted in relation to obligations arising from a request to report pursuant to Article 6(2) or a decision imposing for the implementation of additional proactive specific measures pursuant to Article 6(4). When determining whether or not financial penalties should be imposed, due account should be taken of the financial resources of the provider. Moreover, the competent authority should take into account whether the hosting service provider is a start-up or a small and medium sized business and should determine on a case-by-case basis if it had the ability to adequately comply with the issued order. Member States shall should ensure that penalties do not encourage the removal of content which is not terrorist content. [Am. 38]

(39)  The use of standardised templates facilitates cooperation and the exchange of information between competent authorities and service providers, allowing them to communicate more quickly and effectively. It is particularly important to ensure swift action following the receipt of a removal order. Templates reduce translation costs and contribute to a high quality standard. Response forms similarly should allow for a standardised exchange of information, and this will be particularly important where service providers are unable to comply. Authenticated submission channels can guarantee the authenticity of the removal order, including the accuracy of the date and the time of sending and receipt of the order.

(40)  In order to allow for a swift amendment, where necessary, of the content of the templates to be used for the purposes of this Regulation the power to adopt acts in accordance with Article 290 of the Treaty on the Functioning of the European Union should be delegated to the Commission to amend Annexes I, II and III of this Regulation. In order to be able to take into account the development of technology and of the related legal framework, the Commission should also be empowered to adopt delegated acts to supplement this Regulation with technical requirements for the electronic means to be used by competent authorities for the transmission of removal orders. It is of particular importance that the Commission carries out appropriate consultations during its preparatory work, including at expert level, and that those consultations are conducted in accordance with the principles laid down in the Interinstitutional Agreement of 13 April 2016 on Better Law-Making(12). In particular, to ensure equal participation in the preparation of delegated acts, the European Parliament and the Council receive all documents at the same time as Member States' experts, and their experts systematically have access to meetings of Commission expert groups dealing with the preparation of delegated acts.

(41)  Member States should collect information on the implementation of the legislation including information on the number of cases of successful detection, investigation and prosecution of terrorist offences as a consequence of this Regulation. A detailed programme for monitoring the outputs, results and impacts of this Regulation should be established in order to inform an evaluation of the legislation. [Am. 39]

(42)  Based on the findings and conclusions in the implementation report and the outcome of the monitoring exercise, the Commission should carry out an evaluation of this Regulation no sooner than three years one year after its entry into force. The evaluation should be based on the five seven criteria of efficiency, necessity, proportionality, effectiveness, relevance, coherence and EU added value. It will should assess the functioning of the different operational and technical measures foreseen under the Regulation, including the effectiveness of measures to enhance the detection, identification and removal of terrorist content, the effectiveness of safeguard mechanisms as well as the impacts on potentially affected fundamental rights, including the freedom of expression and freedom to receive and impart information, the freedom and pluralism of the media, the freedom to conduct a business and the rights and to privacy and the protection of personal data. The Commission should also assess the impact on potentially affected interests of third parties, including a review of the requirement to inform content providers. [Am. 40]

(43)  Since the objective of this Regulation, namely ensuring the smooth functioning of the digital single market by preventing the dissemination of terrorist content online, cannot be sufficiently achieved by the Member States and can therefore, by reason of the scale and effects of the limitation, be better achieved at Union level, the Union may adopt measures, in accordance with the principle of subsidiarity as set out in Article 5 of the Treaty on European Union. In accordance with the principle of proportionality, as set out in that Article, this Regulation does not go beyond what is necessary in order to achieve that objective,

HAVE ADOPTED THIS REGULATION:

SECTION I

GENERAL PROVISIONS

Article 1

Subject matter and scope

1.  This Regulation lays down targeted uniform rules to prevent tackle the misuse of hosting services for the public dissemination of terrorist content online. It lays down in particular: [Am. 41]

(a)  rules on reasonable and proportionate duties of care to be applied by hosting service providers in order to prevent tackle the public dissemination of terrorist content through their services and ensure, where necessary, its swift removal; [Am. 42]

(b)  a set of measures to be put in place by Member States to identify terrorist content, to enable its swift removal by hosting service providers in accordance with Union law providing suitable safeguards for freedom of expression and the freedom to receive and impart information and ideas in an open and democratic society and to facilitate cooperation with the competent authorities in other Member States, hosting service providers and where appropriate relevant Union bodies. [Am. 43]

2.  This Regulation shall apply to hosting service providers offering services in the Union to the public, irrespective of their place of main establishment. [Am. 44]

2a.  This Regulation shall not apply to content which is disseminated for educational, artistic, journalistic or research purposes, or for awareness raising purposes against terrorist activity, nor to content which represents an expression of polemic or controversial views in the course of public debate. [Am. 45]

2b.  This Regulation shall not have the effect of modifying the obligation to respect the rights, freedoms and principles as referred to in Article 6 of the Treaty on the European Union, and shall apply without prejudice to fundamental principles in Union and national law relating to freedom of speech, freedom of the press and the freedom and pluralism of the media. [Am. 46]

2c.  This Regulation is without prejudice to Directive 2000/31/EC. [Am. 47]

Article 2

Definitions

For the purposes of this Regulation, the following definitions shall apply:

(-1)  ‘information society services’ means the services as referred to in point (a) of Article 2 of Directive 2000/31/EC; [Am. 48]

(1)  'hosting service provider' means a provider of information society services consisting in the storage of information provided by and at the request of the content provider and in making the information stored available to third parties the public. This applies only to services provided to the public at the application layer. Cloud infrastructure providers and cloud providers are not considered hosting service providers. It does not apply either to electronic communications services as defined in Directive (EU) 2018/1972; [Am. 49]

(2)  'content provider' means a user who has provided information that is, or that has been, stored and made available to the public at the request of the user by a hosting service provider; [Am. 50]

(3)  'to offer services in the Union’ means: enabling legal or natural persons in one or more Member States to use the services of the hosting service provider which has a substantial connection to that Member State or Member States, such as

(a)  establishment of the hosting service provider in the Union;

(b)  significant number of users in one or more Member States;

(c)  targeting of activities towards one or more Member States.

(4)  'terrorist offences' means offences as defined in Article 3(1) of Directive (EU) 2017/541; [Am. 51]

(5)  'terrorist content' means one or more of the following information material: [Am. 52]

(a)  inciting or advocating, including by glorifying, the commission of one of the offences listed in points (a) to (i) of Article 3(1) of Directive (EU) 2017/541, where such conduct, directly or indirectly, such as by the glorification of terrorist acts, advocates the commission of terrorist offences, thereby causing a danger that such acts one or more such offences may be committed intentionally; [Am. 53]

(b)  encouraging the contribution to terrorist soliciting another person or group of persons to commit or contribute to the commission of one of the offences listed in points (a) to (i) of Article 3(1) of Directive (EU) 2017/541, thereby causing a danger that one or more such offences may be committed intentionally; [Am. 54]

(c)  promoting soliciting another person or group of persons to participate in the activities of a terrorist group, in particular by encouraging the participation in or support to a terrorist group including by supplying information or material resources, or by funding its activities in any way within the meaning of Article 2(3) 4 of Directive (EU) 2017/541, thereby causing a danger that one or more such offences may be committed intentionally; [Am. 55]

(d)  instructing on providing instruction on the making or use of explosives, firearms or other weapons or noxious or hazardous substances, or on other specific methods or techniques for the purpose of committing or contributing to the commission of one of the terrorist offences listed in points (a) to (i) of Article 3(1) of Directive (EU) 2017/541.; [Am. 56]

(da)  depicting the commission of one or more of the offences listed in points (a) to (i) of Article 3 (1) of Directive (EU) 2017/541, and thereby causing a danger that one or more such offences may be committed intentionally; [Am. 57]

(6)  ‘dissemination of terrorist content’ means making terrorist content available to third parties the public on the hosting service providers’ services; [Am. 58]

(7)  ‘terms and conditions' means all terms, conditions and clauses, irrespective of their name or form, which govern the contractual relationship between the hosting service provider and their users;

(8)  'referral' means a notice by a competent authority or, where applicable, a relevant Union body to a hosting service provider about information that may be considered terrorist content, for the provider’s voluntary consideration of the compatibility with its own terms and conditions aimed to prevent dissemination of terrorism content; [Am. 59]

(9)  ‘main establishment’ means the head office or registered office within which the principal financial functions and operational control are exercised.

(9a)  ‘competent authority’ means a single designated judicial authority or functionally independent administrative authority in the Member State. [Am. 60]

SECTION II

Measures to prevent the dissemination of terrorist content online

Article 3

Duties of care

1.  Hosting service providers shall take appropriate, reasonable and proportionate actions act in accordance with this Regulation, against the dissemination of terrorist content and to protect users from terrorist content. In doing so, they They shall act do so in a diligent, proportionate and non-discriminatory manner, and with due regard in all circumstances to the fundamental rights of the users and take into account the fundamental importance of the freedom of expression and, the freedom to receive and impart information and ideas in an open and democratic society and with a view to avoiding removal of content which is not terrorist. [Am. 61]

1a.  These duties of care shall not amount to a general obligation on hosting service providers to monitor the information they transmit or store, nor to a general duty to actively seek facts or circumstances indicating illegal activity. [Am. 62]

2.  Hosting service providers shall include in their terms and conditions, and apply, provisions to prevent the dissemination of terrorist content. [Am. 63]

2a.  Where hosting service providers obtain knowledge or awareness of terrorist content on their services, they shall inform the competent authorities of such content and remove it expeditiously. [Am. 64]

2b.  Hosting service providers who meet the criteria of the definition of video-sharing platforms providers under Directive (EU) 2018/1808 shall take appropriate measures to tackle the dissemination of terrorist content in accordance with Article 28b, paragraph 1(c) and paragraph 3 of Directive (EU) 2018/1808. [Am. 65]

Article 4

Removal orders

1.  The competent authority of the Member State of main establishment of the hosting service provider shall have the power to issue a decision removal order requiring the hosting service provider to remove terrorist content or disable access to it in all Member States. [Am. 66]

1a.  The competent authority of a Member State where the hosting service provider does not have its main establishment or does not have a legal representative may request access to be disabled to terrorist content and enforce this request within its own territory. [Am. 67]

1b.  If the relevant competent authority has not previously issued a removal order to a hosting service provider it shall contact the hosting service provider, providing information on procedures and applicable deadlines, at least 12 hours before issuing a removal order. [Am. 68]

2.  Hosting service providers shall remove terrorist content or disable access to it as soon as possible and within one hour from receipt of the removal order. [Am. 69]

3.  Removal orders shall contain the following elements in accordance with the template set out in Annex I:

(a)  identification of the competent authority via an electronic signature issuing the removal order and authentication of the removal order by the competent authority; [Am. 70]

(b)  a detailed statement of reasons explaining why the content is considered terrorist content, at least, by and a specific reference to the categories of terrorist content listed in Article 2(5); [Am. 71]

(c)  a an exact Uniform Resource Locator (URL) and, where necessary, additional information enabling the identification of the content referred; [Am. 72]

(d)  a reference to this Regulation as the legal basis for the removal order;

(e)  date and time stamp of issuing;

(f)  easily understandable information about redress available to the hosting service provider and to the content provider, including redress with the competent authority as well as recourse to a court as well as deadlines for appeal; [Am. 73]

(g)  where relevant necessary and proportionate, the decision not to disclose information about the removal of terrorist content or the disabling of access to it referred to in Article 11. [Am. 74]

4.  Upon request by the hosting service provider or by the content provider, the competent authority shall provide a detailed statement of reasons, without prejudice to the obligation of the hosting service provider to comply with the removal order within the deadline set out in paragraph 2. [Am. 75]

5.  The competent authorities authority shall address removal orders to the main establishment of the hosting service provider or to the legal representative designated by the hosting service provider pursuant to Article 16 and transmit it to the point of contact referred to in Article 14(1). Such orders shall be sent by electronic means capable of producing a written record under conditions allowing to establish the authentication of the sender, including the accuracy of the date and the time of sending and receipt of the order. [Am. 76]

6.  Hosting service providers shall acknowledge receipt and, without undue delay, inform the competent authority about the removal of terrorist content or disabling access to it, indicating, in particular, the time of action, using the template set out in Annex II. [Am. 77]

7.  If the hosting service provider cannot comply with the removal order because of force majeure or of de facto impossibility not attributable to the hosting service provider, including for technical or operational reasons, it shall inform, without undue delay, the competent authority, explaining the reasons, using the template set out in Annex III. The deadline set out in paragraph 2 shall apply as soon as the reasons invoked are no longer present. [Am. 78]

8.  If the The hosting service provider cannot comply with may refuse to execute the removal order because if the removal order contains manifest errors or does not contain sufficient information to execute the order, it. It shall inform the competent authority without undue delay, asking for the necessary clarification, using the template set out in Annex III. The deadline set out in paragraph 2 shall apply as soon as the clarification is provided. [Am. 79]

9.  The competent authority which issued the removal order shall inform the competent authority which oversees the implementation of proactive specific measures, referred to in Article 17(1)(c) when the removal order becomes final. A removal order becomes final where it has not been appealed within the deadline according to the applicable national law or where it has been confirmed following an appeal. [Am. 80]

Article 4a

Consultation procedure for removal orders

1.  The competent authority which issues a removal order under Article 4(1a) shall submit a copy of the removal order to the competent authority referred to in Article 17(1)(a) in which the main establishment of the hosting service provider is located at the same time it is transmitted to the hosting service provider in accordance with Article 4(5).

2.  In cases where the competent authority of the Member State in which the main establishment of the hosting service provider is located has reasonable grounds to believe that the removal order may impact fundamental interests of that Member State, it shall inform the issuing competent authority. The issuing authority shall take these circumstances into account and shall, where necessary, withdraw or adapt the removal order. [Am. 81]

Article 4b

Cooperation procedure for issuing an additional removal order

1.  Where a competent authority has issued a removal order under Article 4(1a), that authority may contact the competent authority of the Member State where the hosting service provider has its main establishment in order to request that the latter competent authority also issue a removal order under Article 4(1).

2.  The competent authority in the Member State where the main establishment of the hosting service provider is located shall either issue a removal order or refuse to issue an order as soon as possible but no later than one hour of being contacted under paragraph 1 and shall inform the competent authority that issued the first order of its decision.

3.  In cases where the competent authority in the Member State of main establishment needs more than one hour to make its own assessment of the content, it shall send a request to the hosting service provider concerned to disable temporarily the access to the content for up to 24 hours, during which time the competent authority shall make the assessment and send the removal order or withdraw the request to disable the access. [Am. 82]

Article 5

Referrals

1.  The competent authority or the relevant Union body may send a referral to a hosting service provider.

2.  Hosting service providers shall put in place operational and technical measures facilitating the expeditious assessment of content that has been sent by competent authorities and, where applicable, relevant Union bodies for their voluntary consideration.

3.  The referral shall be addressed to the main establishment of the hosting service provider or to the legal representative designated by the service provider pursuant to Article 16 and transmitted to the point of contact referred to in Article 14(1). Such referrals shall be sent by electronic means.

4.  The referral shall contain sufficiently detailed information, including the reasons why the content is considered terrorist content, a URL and, where necessary, additional information enabling the identification of the terrorist content referred.

5.  The hosting service provider shall, as a matter of priority, assess the content identified in the referral against its own terms and conditions and decide whether to remove that content or to disable access to it.

6.  The hosting service provider shall expeditiously inform the competent authority or relevant Union body of the outcome of the assessment and the timing of any action taken as a result of the referral.

7.  Where the hosting service provider considers that the referral does not contain sufficient information to assess the referred content, it shall inform without delay the competent authorities or relevant Union body, setting out what further information or clarification is required. [Am. 83]

Article 6

Proactive Specific measures [Am. 84]

1.  Without prejudice to Directive (EU) 2018/1808 and Directive 2000/31/EC hosting Hosting service providers shall, where appropriate, may take proactive specific measures to protect their services against the public dissemination of terrorist content. The measures shall be effective, targeted and proportionate, taking into account paying particular attention to the risk and level of exposure to terrorist content, the fundamental rights of the users, and the fundamental importance of the right to freedom of expression and the freedom to receive and impart information and ideas in an open and democratic society. [Am. 85]

2.  Where it has been informed according to Article 4(9), the competent authority referred to in Article 17(1)(c) shall request the hosting service provider to submit a report, within three months after receipt of the request and thereafter at least on an annual basis, on the specific proactive measures it has taken, including by using automated tools, with a view to:

(a)  preventing the re-upload of content which has previously been removed or to which access has been disabled because it is considered to be terrorist content;

(b)  detecting, identifying and expeditiously removing or disabling access to terrorist content.

Such a request shall be sent to the main establishment of the hosting service provider or to the legal representative designated by the service provider.

The reports shall include all relevant information allowing the competent authority referred to in Article 17(1)(c) to assess whether the proactive measures are effective and proportionate, including to evaluate the functioning of any automated tools used as well as the human oversight and verification mechanisms employed. [Am. 86]

3.  Where the competent authority referred to in Article 17(1)(c) considers that the proactive measures taken and reported under paragraph 2 are insufficient in mitigating and managing the risk and level of exposure, it may request the hosting service provider to take specific additional proactive measures. For that purpose, the hosting service provider shall cooperate with the competent authority referred to in Article 17(1)(c) with a view to identifying the specific measures that the hosting service provider shall put in place, establishing key objectives and benchmarks as well as timelines for their implementation. [Am. 87]

4.  Where no agreement can be reached within the three months from the request pursuant to paragraph 3 After establishing that a hosting service provider has received a substantial number of removal orders, the competent authority referred to in Article 17(1)(c) may issue a decision imposing specific additional send a request for necessary and, proportionate proactive and effective additional specific measures that the hosting service provider will have to implement. The competent authority shall not impose a general monitoring obligation, nor the use of automated tools. The decision request shall take into account, in particular, the technical feasibility of the measures, the size and economic capacity of the hosting service provider and the effect of such measures on the fundamental rights of the users and the fundamental importance of the freedom of expression and the freedom to receive and impart information and ideas in an open and democratic society. Such a decision request shall be sent to the main establishment of the hosting service provider or to the legal representative designated by the service provider. The hosting service provider shall regularly report on the implementation of such measures as specified by the competent authority referred to in Article 17(1)(c). [Am. 88]

5.  A hosting service provider may, at any time, request the competent authority referred to in Article 17(1)(c) a review and, where appropriate, to revoke a request or decision pursuant to paragraphs 2, 3, and paragraph 4 respectively . The competent authority shall provide a reasoned decision within a reasonable period of time after receiving the request by the hosting service provider. [Am. 89]

Article 7

Preservation of content and related data

1.  Hosting service providers shall preserve terrorist content which has been removed or disabled as a result of a removal order, a referral or as a result of proactive specific measures pursuant to Articles 4, 5 and 6 and related data removed as a consequence of the removal of the terrorist content and which is necessary for: [Am. 90]

(a)  proceedings of administrative or, judicial review, or remedy; [Am. 91]

(b)  the prevention, detection, investigation and prosecution by law enforcement authorities of terrorist offences. [Am. 92]

2.  The terrorist content and related data referred to in paragraph 1 (a) shall be preserved for six months and deleted after this period. The terrorist content shall, upon request from the competent authority or court, be preserved for a longer further specified period when only if, and for as long as necessary for ongoing proceedings of administrative or, judicial review or remedies referred to in paragraph 1(a). Hosting service providers shall preserve the terrorist content and related data referred to in paragraph 1(b) until the law enforcement authority reacts to the notification made by the hosting service provider in accordance with Article 13(4) but no later than six months. [Am. 93]

3.  Hosting service providers shall ensure that the terrorist content and related data preserved pursuant to paragraphs 1 and 2 are subject to appropriate technical and organisational safeguards.

Those technical and organisational safeguards shall ensure that the preserved terrorist content and related data is only accessed and processed for the purposes referred to in paragraph 1, and ensure a high level of security of the personal data concerned. Hosting service providers shall review and update those safeguards where necessary.

SECTION III

SAFEGUARDS AND ACCOUNTABILITY

Article 8

Transparency obligations for hosting service providers [Am. 94]

1.  Where applicable, hosting service providers shall set out clearly in their terms and conditions their policy to prevent the dissemination of terrorist content, including, where appropriate applicable, a meaningful explanation of the functioning of proactive specific measures including the use of automated tools. [Am. 95]

2.  Hosting service providers which are or have been subject to removal orders in that year, shall publish make publicly available annual transparency reports on action taken against the dissemination of terrorist content. [Am. 96]

3.  Transparency reports shall include at least the following information:

(a)  information about the hosting service provider’s measures in relation to the detection, identification and removal of terrorist content;

(b)  information about the hosting service provider’s measures to prevent the re-upload of content which has previously been removed or to which access has been disabled because it is considered to be terrorist content, in particular where automated technology has been used; [Am. 97]

(c)  number of pieces of terrorist content removed or to which access has been disabled, following removal orders, referrals, or proactive specific measures, respectively, and the number of orders where the content has not been removed in accordance with Article 4(7) and (8) together with reasons for refusal; [Am. 98]

(d)  overview number and outcome of complaint procedures and actions for judicial review, including the number of cases in which it was established that content was wrongly identified as terrorist content. [Am. 99]

Article 8a

Transparency obligations for competent authorities

1.   Competent authorities shall publish annual transparency reports that shall include at least the following information:

(a)   number of removal orders issued, the number of removals and the number of refused or ignored removal orders;

(b)   number of identified terrorist content which led to investigation and prosecution and the number of cases of content wrongly identified as terrorist;

(c)   a description of measures requested by the competent authorities pursuant to Article 6 (4). [Am. 100]

Article 9

Safeguards regarding the use and implementation of proactive specific measures [Am. 101]

1.  Where hosting service providers use automated tools pursuant to this Regulation in respect of content that they store, they shall provide effective and appropriate safeguards to ensure that decisions taken concerning that content, in particular decisions to remove or disable access to content considered to be terrorist content, are accurate and well-founded. [Am. 102]

2.  Safeguards shall consist, in particular, of human oversight and verifications where appropriate and, in any event, where a detailed assessment, of the appropriateness of the relevant context is required in order to determine whether or not the decision to remove or deny access to content is to be considered terrorist content, in particular with regard to the right to freedom of expression and freedom to receive and impart information and ideas in an open and democratic society. [Am. 103]

Article 9a

Effective remedies

1.  Content providers, whose content has been removed or access to which has been disabled following a removal order, and hosting service providers that have received a removal order, shall have a right to an effective remedy. Member States shall put in place effective procedures for exercising this right. [Am. 104]

Article 10

Complaint mechanisms

1.  Hosting service providers shall establish an effective and accessible mechanisms allowing content providers whose content has been removed or access to it disabled as a result of a referral pursuant to Article 5 or of proactive specific measures pursuant to Article 6, to submit a complaint against the action of the hosting service provider requesting reinstatement of the content. [Am. 105]

2.  Hosting service providers shall promptly examine every complaint that they receive and reinstate the content without undue delay where the removal or disabling of access was unjustified. They shall inform the complainant about the outcome of the examination within two weeks of the receipt of the complaint with an explanation in cases where the hosting service provider decides not to reinstate the content. A reinstatement of content shall not preclude further judicial measures against the decision of the hosting service provider or of the competent authority. [Am. 106]

Article 11

Information to content providers

1.  Where hosting service providers removed remove terrorist content or disable access to it, they shall make available to the content provider comprehensive and concise information on the removal or disabling of access to terrorist content and the possibilities to contest the decision, and shall provide him or her with a copy of the removal order issued in accordance with Article 4 upon request. [Am. 107]

2.  Upon request of the content provider, the hosting service provider shall inform the content provider about the reasons for the removal or disabling of access and possibilities to contest the decision. [Am. 108]

3.  The obligation pursuant to paragraphs paragraph 1 and 2 shall not apply where the competent authority decides based on objective evidence and considering the proportionality and necessity of such decision, that there should be no disclosure for reasons of public security, such as the prevention, investigation, detection and prosecution of terrorist offences, for as long as necessary, but not exceeding [four] weeks from that decision. In such a case, the hosting service provider shall not disclose any information on the removal or disabling of access to terrorist content. [Am. 109]

SECTION IV

Cooperation between Competent Authorities, Union Bodies and Hosting Service Providers

Article 12

Capabilities of competent authorities

Member States shall ensure that their competent authorities have the necessary capability and sufficient resources to achieve the aims and fulfil their obligations under this Regulation, with strong guarantees of independence. [Am. 110]

Article 13

Cooperation between hosting service providers, competent authorities and where appropriate relevant competent Union bodies [Am. 111]

1.  Competent authorities in Member States shall inform, coordinate and cooperate with each other and, where appropriate, with relevant Union bodies such as Europol with regard to removal orders and referrals to avoid duplication, enhance coordination and avoid interference with investigations in different Member States. [Am. 112]

2.  Competent authorities in Member States shall inform, coordinate and cooperate with the competent authority referred to in Article 17(1)(c) and (d) with regard to measures taken pursuant to Article 6 and enforcement actions pursuant to Article 18. Member States shall make sure that the competent authority referred to in Article 17(1)(c) and (d) is in possession of all the relevant information. For that purpose, Member States shall provide for the appropriate and secure communication channels or mechanisms to ensure that the relevant information is shared in a timely manner. [Am. 113]

3.  Member States and hosting service providers may choose to may make use of dedicated tools, including, where appropriate, those established by relevant Union bodies such as Europol, to facilitate in particular: [Am. 114]

(a)  the processing and feedback relating to removal orders pursuant to Article 4;

(b)  the processing and feedback relating to referrals pursuant to Article 5; [Am. 115]

(c)  co-operation with a view to identify and implement proactive specific measures pursuant to Article 6. [Am. 116]

4.  Where hosting service providers become aware of any evidence of terrorist offences, content they shall promptly inform authorities competent for the investigation and prosecution in criminal offences in the concerned Member State or. Where it is impossible to identify the Member State concerned, the hosting service provider shall notify the point of contact in the Member State pursuant to Article 14(2) 17(2), where they have their main establishment or a legal representative. Hosting service providers may, in case of doubt, and also transmit this information to Europol for appropriate follow up. [Am. 117]

4a.  Hosting service providers shall cooperate with competent authorities. [Am. 118]

Article 14

Points of contact

1.  Hosting service providers previously in receipt of one or more removal orders shall establish a point of contact allowing for the receipt of removal orders and referrals by electronic means and ensure their swift expeditious processing pursuant to Articles Article 4 and 5. They shall ensure that this information is made publicly available. [Am. 119]

2.  The information referred to in paragraph 1 shall specify the official language or languages (s) of the Union, as referred to in Regulation 1/58, in which the contact point can be addressed and in which further exchanges in relation to removal orders and referrals pursuant to Articles Article 4 and 5 shall take place. This shall include at least one of the official languages of the Member State in which the hosting service provider has its main establishment or where its legal representative pursuant to Article 16 resides or is established. [Am. 120]

3.  Member States shall establish a point of contact to handle requests for clarification and feedback in relation to removal orders and referrals issued by them. Information about the contact point shall be made publicly available. [Am. 121]

SECTION V

IMPLEMENTATION AND ENFORCEMENT

Article 15

Jurisdiction

1.  The Member State in which the main establishment of the hosting service provider is located shall have the jurisdiction for the purposes of Articles 6, 18, and 21. A hosting service provider which does not have its main establishment within one of the Member States shall be deemed to be under the jurisdiction of the Member State where the legal representative referred to in Article 16 resides or is established.

2.  Where a hosting service provider which does not have its main establishment within one of the Member States fails to designate a legal representative, all Member States shall have jurisdiction. Where a Member State decides to exercise this jurisdiction, it shall inform all other Member States. [Am. 122]

3.  Where an authority of another Member State has issued a removal order according to Article 4(1), that Member State has jurisdiction to take coercive measures according to its national law in order to enforce the removal order. [Am. 123]

Article 16

Legal representative

1.  A hosting service provider which does not have an establishment in the Union but offers services in the Union, shall designate, in writing, a legal or natural person as its legal representative in the Union for the receipt of, compliance with and enforcement of removal orders, referrals, and requests and decisions issued by the competent authorities on the basis of this Regulation. The legal representative shall reside or be established in one of the Member States where the hosting service provider offers the services. [Am. 124]

2.  The hosting service provider shall entrust the legal representative with the receipt, compliance and enforcement of the removal orders, referrals, and requests and decisions referred to in paragraph 1 on behalf of the hosting service provider concerned. Hosting service providers shall provide their legal representative with the necessary powers and resource resources to cooperate with the competent authorities and comply with these decisions and orders. [Am. 125]

3.  The designated legal representative can be held liable for non-compliance with obligations under this Regulation, without prejudice to the liability and legal actions that could be initiated against the hosting service provider.

4.  The hosting service provider shall notify the competent authority referred to in Article 17(1)(d) in the Member State where the legal representative resides or is established about the designation. Information about the legal representative shall be publicly available.

SECTION VI

FINAL PROVISIONS

Article 17

Designation of competent authorities

1.  Each Member State shall designate the a judicial or a functionally independent administrative authority or authorities competent to [Am. 126]

(a)  issue removal orders pursuant to Article 4;

(b)  detect, identify and refer terrorist content to hosting service providers pursuant to Article 5; [Am. 127]

(c)  oversee the implementation of proactive specific measures pursuant to Article 6; [Am. 128]

(d)  enforce the obligations under this Regulation through penalties pursuant to Article 18.

1a.  Member States shall designate a point of contact within the competent authorities to handle requests for clarification and feedback in relation to removal orders issued by them. Information on the contact point shall be made publicly available. [Am. 129]

2.  By [six months after the entry into force of this Regulation] at the latest Member States shall notify the Commission of the competent authorities referred to in paragraph 1. The Commission shall set up an online register listing all those competent authorities and the designated contact point for each competent authority. The Commission shall publish the notification and any modifications of it in the Official Journal of the European Union. [Am. 130]

Article 18

Penalties

1.  Member States shall lay down the rules on penalties applicable to systematic and persistent breaches of the obligations by hosting service providers under this Regulation and shall take all necessary measures to ensure that they are implemented. Such penalties shall be limited to infringement of the obligations pursuant to: [Am. 131]

(a)  Article 3(2) (hosting service providers' terms and conditions); [Am. 132]

(b)  Article 4(2) and (6) (implementation of and feedback on removal orders);

(c)  Article 5(5) and (6) (assessment of and feedback on referrals); [Am. 133]

(d)  Article 6(2) and (4) 6(4) (reports on proactive specific measures and the adoption of measures following a decision request imposing additional specific proactive measures); [Am. 134]

(e)  Article 7 (preservation of data);

(f)  Article 8 (transparency for hosting service providers); [Am. 135]

(g)  Article 9 (safeguards in relation to proactive with regard to the implementation of specific measures); [Am. 136]

(h)  Article 10 (complaint procedures);

(i)  Article 11 (information to content providers);

(j)  Article 13 (4) (information on evidence of terrorist offences content); [Am. 137]

(k)  Article 14 (1) (points of contact);

(l)  Article 16 (designation of a legal representative).

2.  The penalties provided for pursuant to paragraph 1 shall be effective, proportionate and dissuasive. Member States shall, by [within six months from the entry into force of this Regulation] at the latest, notify the Commission of those rules and of those measures and shall notify it, without delay, of any subsequent amendment affecting them. [Am. 138]

3.  Member States shall ensure that, when determining the type and level of penalties, the competent authorities take into account all relevant circumstances, including:

(a)  the nature, gravity, and duration of the breach;

(b)  the intentional or negligent character of the breach;

(c)  previous breaches by the legal person held responsible;

(d)  the financial strength of the legal person held liable;

(e)  the level of cooperation of the hosting service provider with the competent authorities.; [Am. 139]

(ea)  the nature and size of the hosting service providers, in particular for microenterprises or small-sized enterprises within the meaning of Commission Recommendation 2003/361/EC(13). [Am. 140]

4.  Member States shall ensure that a systematic and persistent failure to comply with obligations pursuant to Article 4(2) is subject to financial penalties of up to 4% of the hosting service provider's global turnover of the last business year. [Am. 141]

Article 19

Technical requirements, criteria for assessing significance, and amendments to the templates for removal orders [Am. 142]

1.  The Commission shall be empowered to adopt delegated acts in accordance with Article 20 in order to supplement this Regulation with the necessary technical requirements for the electronic means to be used by competent authorities for the transmission of removal orders. [Am. 143]

1a.   The Commission shall be empowered to adopt delegated acts in accordance with Article 20 in order to complement this Regulation with criteria and figures to be used by competent authorities for determining what corresponds to a significant number of uncontested removal orders as referred to in this Regulation. [Am. 144]

2.  The Commission shall be empowered to adopt such delegated acts to amend Annexes I, II and III in order to effectively address a possible need for improvements regarding the content of removal order forms and of forms to be used to provide information on the impossibility to execute the removal order.

Article 20

Exercise of delegation

1.  The power to adopt delegated acts is conferred on the Commission subject to the conditions laid down in this Article.

2.  The power to adopt delegated acts referred to in Article 19 shall be conferred on the Commission for an indeterminate period of time from [date of application of this Regulation].

3.  The delegation of power referred to in Article 19 may be revoked at any time by the European Parliament or by the Council. A decision to revoke shall put an end to the delegation of the power specified in that decision. It shall take effect the day after the publication of the decision in the Official Journal of the European Union or at a later date specified therein. It shall not affect the validity of any delegated acts already in force.

4.  Before adopting a delegated act, the Commission shall consult experts designated by each Member State in accordance with the principles laid down in the Interinstitutional Agreement on Better Law-Making of 13 April 2016.

5.  As soon as it adopts a delegated act, the Commission shall notify it simultaneously to the European Parliament and to the Council.

6.  A delegated act adopted pursuant to Article 19 shall enter into force only if no objection has been expressed either by the European Parliament or the Council within a period of two months of notification of that act to the European Parliament and the Council or if, before the expiry of that period, the European Parliament and the Council have both informed the Commission that they will not object. That period shall be extended by two months at the initiative of the European Parliament or of the Council.

Article 21

Monitoring

1.  Member States shall collect from their competent authorities and the hosting service providers under their jurisdiction and send to the Commission every year by [31 March] information about the actions they have taken in accordance with this Regulation. That information shall include:

(a)  information about the number of removal orders and referrals issued, the number of pieces of terrorist content which has been removed or access to it disabled, including the corresponding timeframes pursuant to Articles Article 4 and 5, and information on the number of corresponding cases of successful detection, investigation and prosecution of terrorist offences; [Am. 145]

(b)  information about the specific proactive measures taken pursuant to Article 6, including the amount of terrorist content which has been removed or access to it disabled and the corresponding timeframes;

(ba)  information about the number of access requests issued by competent authorities regarding content preserved by hosting service providers pursuant to Article 7; [Am. 146]

(c)  information about the number of complaint procedures initiated and actions taken by the hosting service providers pursuant to Article 10;

(d)  information about the number of redress procedures initiated and decisions taken by the competent authority in accordance with national law.

2.  By [one year from the date of application of this Regulation] at the latest, the Commission shall establish a detailed programme for monitoring the outputs, results and impacts of this Regulation. The monitoring programme shall set out the indicators and the means by which and the intervals at which the data and other necessary evidence is to be collected. It shall specify the actions to be taken by the Commission and by the Member States in collecting and analysing the data and other evidence to monitor the progress and evaluate this Regulation pursuant to Article 23.

Article 22

Implementation report

By … [two years after the entry into force of this Regulation], the Commission shall report on the application of this Regulation to the European Parliament and the Council. Information on monitoring pursuant to Article 21 and information resulting from the transparency obligations pursuant to Article 8 shall be taken into account in the Commission report. Member States shall provide the Commission with the information necessary for the preparation of the report.

Article 23

Evaluation

No sooner than [three years One year from the date of application of this Regulation], the Commission shall carry out an evaluation of this Regulation and submit a report to the European Parliament and to the Council on the application of this Regulation including the functioning of and the effectiveness of the safeguard mechanisms, as well as the impact on Fundamental Rights, and in particular on freedom of expression, freedom to receive and impart information and the right to respect for one’s private life. In the context of this evaluation, the Commission shall also report on the necessity, the feasibility and the effectiveness of creating a European Platform on Terrorist Content Online, which would allow all Member States to use one secure communication channel to send removal orders for terrorist content to hosting service providers. Where appropriate, the report shall be accompanied by legislative proposals. Member States shall provide the Commission with the information necessary for the preparation of the report. [Am. 147]

Article 24

Entry into force

This Regulation shall enter into force on the twentieth day following that of its publication in the Official Journal of the European Union.

It shall apply from [612 months after its entry into force]. [Am. 148]

This Regulation shall be binding in its entirety and directly applicable in all Member States.

Done at ...,

For the European Parliament For the Council

The President The President

ANNEX I

REMOVAL ORDER FOR TERRORIST CONTENT (Article 4 Regulation (EU) xxx)

Under Article 4 of Regulation (EU)….(14) the addressee of the removal order shall remove terrorist content or disable access to it, within one hour from receipt of the removal order from the competent authority.

In accordance with Article 7 of Regulation (EU) ….(15), addressees must preserve content and related data, which has been removed or access to it disabled, for six months or longer upon request from the competent authorities or courts.

The removal order should be sent in one of the languages designated by the addressee pursuant to Article 14(2)

SECTION A:

Issuing Member State: ………………………………………………………………………………….……………..

NB: details of issuing authority to be provided at the end (Sections E and F)

Addressee (legal representative)

………………………………………………………………………………….……………..

Addressee (contact point)

………………………………………………………………………………….……………..

Member State of jurisdiction of addressee: [if different to issuing state] ………………………………………………………………………………….……………..

Time and date of issuing the removal order

………………………………………………………………………………….……………..

Reference number of the removal order: ………………………………………………………………………………….……………..

SECTION B: Content to be removed or access to it disabled within one hour without undue delay: [Am. 162]

A URL and any additional information enabling the identification and exact location of the content referred:

…………………….…………………………………………………………………………

Reason(s) explaining why the content is considered terrorist content, in accordance with Article 2 (5) of the Regulation (EU) xxx. The content (tick the relevant box(es)):

□ incites, advocates or glorifies the commisison of terrorist offences listed in points (a) to (i) of Article 3 (1) of Directive (EU) 2017/541 (Article 2 (5) a) [Am. 149]

□ encourages the contribution to solicits another person or group of persons to commit or contribute to the commission of terrorist offences listed in points (a) to (i) of Article 3 (1) of Directive (EU) 2017/541 (Article 2 (5) b) [Am. 150]

□ promotes solicits another person or group of persons to participate in the activities of a terrorist group, encouraging participation in or support of the group listed in points (a) to (i) of Article 3 (1) of Directive (EU) 2017/541 (Article 2 (5) c) [Am. 151]

□ provides instructions or techniques on the making or use of explosives, firearms or other weapons or noxious or hazardous substances, or on other specific methods or techniques for committing terrorist offences listed in points (a) to (i) of Article 3 (1) of Directive (EU) 2017/541 (Article 2 (5) d) [Am. 152]

□ depicting the commission of offences listed in points (a) to (i) of Article 3 (1) of Directive (EU) 2017/541 (Article 2(5)e) [Am. 153]

Additional information on the reasons why the content is considered terrorist content (optional): ………………………………………………………………… ………………………………………………………………………………………………….. ………………………………………………………………………………………………….

SECTION C: Information to content provider

Please note that (tick, if applicable):

□ for reasons of public security, the addressee must refrain from informing the content provider whose content is being removed or or to which access has been disabled.

Otherwise: Details of possibilities to contest the removal order in the issuing Member State (which can be passed to the content provider, if requested) under national law; see Section G below:

SECTION D: Informing Member State of jurisdiction

□Tick if the state of jurisidiction of the addressee is other than the issuing Member State:

□ a copy of the removal order is sent to the relevant competent authority of the state of jurisdiction

SECTION E: Details of the authority which issued the removal order

The type of authority which issued this removal order (tick the relevant box):

□ judge, court, or investigating judge

□ law enforcement authority

□ other competent authority→ please complete also Section (F)

Details of the issuing authority and/or its representative certifying the removal order as accurate and correct:

Name of authority: ………………………………………………………………………………….…………

Name of its representative: ………………………………………………………………………………….…………

Post held (title/grade): ………………………………………………………………………………….…………

File No:….…………………………………..……………………………..……………..

Address:…………………………………………………………….…………..………..

Tel. No: (country code) (area/city code) …………………………………………..…………….

Fax No: (country code) (area/city code) ………………………………………………………………………………….…………

Email: …………………………………………………………..……………..………….

Date:

………………………………………………………………………………….…………

Official stamp (if available) and signature(16): ………………………………………………...……

ANNEX II

FEEDBACK FORM FOLLOWING REMOVAL OR DISABLING OF TERRORIST CONTENT (Article 4 (5) of Regulation (EU) xxx)

SECTION A:

Addressee of the removal order :

………………………………………………………………………………….……………..

Authority which issued the removal order:

………………………………………………………………………………….……………..

File reference of the issuing authority

………………………………………………………………………………….……………..

File reference of the addressee:

………………………………………………………………………………….……………..

Time and date of receipt of removal order:

………………………………………………………………………………….……………..

SECTION B:

The terrorist content/access to terrorist content, subject to the removal order has been (tick the relevant box):

□ removed

□ disabled

Time and date of removal or disabling access ……………………………………………..

SECTION C: Details of the addressee

Name of the hosting service provider/ legal representative:

………………………………………………………………………………….……………..

Member State of main establishment or of establishment of the legal representative: ………………………………………………………………………………….……………..

Name of the authorised person:

………………………………………………………………………………….……………..

Details of contact point (Email): ……………………………………………………………………….

Date:

………………………………………………………………………………….……………..

ANNEX III

INFORMATION ON THE IMPOSSIBILITY TO EXECUTE THE REMOVAL ORDER (Article 4 (6) and (7) of Regulation (EU) xxx)

SECTION A:

Addressee of the removal order:

………………………………………………………………………………….……………..

Authority which issued the removal order:

………………………………………………………………………………….……………..

File reference of the issuing authority:

………………………………………………………………………………….……………..

File reference of the addressee:

………………………………………………………………………………….……………..

Time and date of receipt of removal order:

………………………………………………………………………………….……………..

SECTION B: Reasons for non-execution

(i)  The removal order cannot be executed or cannot be executed within the requested deadline for the following reason(s):

□ force majeure or de facto impossibility not attributable to the addressee or the service provider, including for technical or operational reasons [Am. 155]

□ the removal order contains manifest errors

□ the removal order does not contain sufficient information

(ii)  Please provide further information as to the reasons for non-execution:

………………………………………………………………………………………………….

(iii)  If the removal order contains manifest errors and/or does not contain sufficient information, please specify which errors and what further information or clarification is required:

………………………………………………………………………………………………….

SECTION H: Details of the service provider / its legal representative

Name of the service provider/ legal representative:

………………………………………………………………………………….……………..

Name of the authorised person:

………………………………………………………………………………….……………..

Contact details (Email):

………………………………………………………………………………….……………..

Signature:

………………………………………………………………………………….……………..

Time and date: ………………………………………………………………………………….……………..

(1) OJ C 110, 22.3.2019, p. 67. (2) Position of the European Parliament of 17 April 2019. (3) Commission Recommendation (EU) 2018/334 of 1 March 2018 on measures to effectively tackle illegal content online (OJ L 63, 6.3.2018, p. 50). (4) Directive 2000/31/EC of the European Parliament and of the Council of 8 June 2000 on certain legal aspects of information society services, in particular electronic commerce, in the Internal Market ('Directive on electronic commerce') (OJ L 178, 17.7.2000, p. 1). (5) Directive (EU) 2017/541 of the European Parliament and of the Council of 15 March 2017 on combating terrorism and replacing Council Framework Decision 2002/475/JHA and amending Council Decision 2005/671/JHA (OJ L 88, 31.3.2017, p. 6). (6) Regulation (EU) No 1215/2012 of the European Parliament and of the Council of 12 December 2012 on jurisdiction and the recognition and enforcement of judgments in civil and commercial matters (OJ L 351, 20.12.2012, p. 1). (7) Regulation (EU) 2018/302 of the European Parliament and of the Council of 28 February 2018 on addressing unjustified geo-blocking and other forms of discrimination based on customers' nationality, place of residence or place of establishment within the internal market and amending Regulations (EC) No 2006/2004 and (EU) 2017/2394 and Directive 2009/22/EC (OJ L 601, 2.3.2018, p. 1). (8) Regulation (EU) No 910/2014 of the European Parliament and of the Council of 23 July 2014 on electronic identification and trust services for electronic transactions in the internal market and repealing Directive 1999/93/EC (OJ L 257, 28.8.2014, p. 73). (9) Regulation (EU) 2016/794 of the European Parliament and of the Council of 11 May 2016 on the European Union Agency for Law Enforcement Cooperation (Europol) and replacing and repealing Council Decisions 2009/371/JHA, 2009/934/JHA, 2009/935/JHA, 2009/936/JHA and 2009/968/JHA (OJ L 135, 24.5.2016, p. 53). (10) Regulation (EU) 2016/794 of the European Parliament and of the Council of 11 May 2016 on the European Union Agency for Law Enforcement Cooperation (Europol) and replacing and repealing Council Decisions 2009/371/JHA, 2009/934/JHA, 2009/935/JHA, 2009/936/JHA and 2009/968/JHA (OJ L 135, 24.5.2016, p. 53). (11) COM(2018)0225. (12) OJ L 123, 12.5.2016, p. 1. (13) Commission Recommendation of 6 May 2003 concerning the definition of micro, small and medium-sized enterprises (OJ L 124, 20.5.2003, p. 36). (14) Regulation of the European Parliament and of the Council on preventing the dissemination of terrorist content online (OJ L …). (15) Regulation of the European Parliament and of the Council on preventing the dissemination of terrorist content online (OJ L …). (16) A signature may not be necessary if sent through authenticated submission channels.