The Gist: The Internet IrRegulator
Ireland's new and controvertial proposed regulator for the Internet is due to be launched next year. But the newest Ship of State may already have a hole below the waterline. This is the Gist.
You may know that Ireland has, for reasons left obscure, taken it upon itself to pre-empt the EU-wide regulatory framework for the internet and just go ahead and roll its own.
Back in 2020, the Government sent their draft law to the EU Commission to see if it was OK under EU law. This is the famous TRIS procedure that the Dept of Justice skipped for their Data Retention law. (see previous Gists Too Urgent to Get Right and Too Wrong to Fix)
The EU Commission at the time passed it as OK, so the law came back and spent the next two years wandering like a particularly mad ghost up and down the corridors of power, before being signed into law on the 9th December 2022.
Problem: Papers sent to me under a completely flukey FOI request have revealed that the EU Commission wrote and suggested the government should resubmit the amended text, to avoid the risk of having the entire law found void.
I have been contacted by the Commission to ensure you are aware of your notification obligations.
They have requested I pass on the following communication.
"The Commission services understood that the Irish authorities have been progressively amending this law, and will continue to do it in order to adapt the newly created Media Commission to the requirements of the DSCs under the DSA. In order to ensure compliance with the notification obligation, I would like to ask whether you could provide us more information on whether the Irish authorities intend to notify these amendments to the Commission, or if not, whether the Irish authorities could explain the reasons why they do not consider that a new notification is necessary in this regard.
As you know, the consequences of failure to comply with the notification obligation in accordance with the case law of the CJEU are the inapplicability of the non-notified provisions under the CIA Security case."
The Dept told the Commission and the Minister everything was Fine. Just Fine.
Then Technology Ireland- the industry group for Big Tech- wrote to the Minister on the 1st December and warned that the Act was no longer covered by the EU's 2020 pass, and needed to be resubmitted. The same argument the Commission had suggested they consider.
They had also pointed out that the whole proposed law was a relic of an earlier age, when the EU wasn't about to regulate this whole area with the Digital Services Act.
They weren't subtle about it. In an email to the Minister of the 7th October, they warned;
The rationale for the OSMR Bill now faces a changed landscape since its initial proposal three years ago. Specifically, the parallel implementation of the DSA within the same general time frame as the OSMR Bill makes it imperative that the Government considers the risk of legal conflict, misalighment of scope and duplication arising between the two.
Instead of addressing these concerns, the Department just got the President to sign the Bill into law and then wrote back on the 19th December to tell them the deed was done now anyway.
"I would like to thank you and your members for your engagement on the development of the Bill. As of 6 December 2022, the Online Safety and Media Regulation Bill was passed by both Houses of the Oireachtas and, on 10 December, the Online Safety and Media Regulation Act was signed into law by the President."
The Department's argument was that the new parts of the Act- primarily the bits of that had been introduced after the EU's approval had been obtained didn't constitute a legislative action that needed fresh approval because they just kicked the can down the road to a future Online Safety Commission decision.
But that still left the Department having to reply to the European Commission.
First, they discussed it amongst themselves.
"the query relates to how the DSC is to be implemented. As we know, it will require legislation, which will, at least in part, amend our OSMR Bill (Act)."
-(16th Nov 2022)
Then a briefing note was prepared for the Minister.
The DSA has not yet been published in the Official Journal of the European Union and Ireland will have 15 months from when it comes into force (likely end-November) in order to do so. This will require separate legislation, which is likely to require some additions to the Bill (which will then be an Act).
But, despite acknowledging internally that the Digital Services Act EU provision was going to require amendments to the Irish OSMR Act 2022, they settled on a different message to be sent back to the EU Commission.
A reply should be sent along the following lines-
The Online Safety and Media Regulation Bill 2022 is not being amended to implement the Digital Services Act in Ireland.
-17th November 2022
What's the upshot of all of this?
Well, it is likely that the BAI's new incarnation as the Media Commission will be launched with a potentially fatal flaw in its foundations. If the EU Commission and Big Tech's lawyers were right and the OSMR Act ought to have been resubmitted to TRIS before it was passed as a law, then the new Irish Regulator for the Internet is at risk of being challenged the first time it takes strong action, and the whole law on which it stands being declared non-applicable.
Which, given the stakes and resources of the companies it will be attempting to police, feels like a question that will haunt the Media Commission long into the future.