This post, authored by John Rosenthal, is republished with permission from The Daily Sceptic
It has been widely reported that the EU’s Code of Practice of Disinformation, a voluntary tech industry code created under the aegis of the European Commission, became mandatory on July 1st: namely, as consequence of its “integration” into the EU’s flagship regulatory legislation, the Digital Services Act (DSA).
This is, however, incorrect and is based on a misunderstanding of what the code “integration” means. The Code of Practice is no more mandatory today than it was prior to July 1st.
Companies that are not signatories of the code, like X, are no more bound by its commitments than they were previously.
Not being a piece of legislation and having never been considered, much less voted on by the European Parliament, the code could not be rendered binding by the European Commission by fiat.
Rather what the European Commission and the European Digital Services Board (an auxiliary body created by the DSA) have done is to recognise signatories’ reporting under the code as a “benchmark” for compliance with the DSA.
This is all that the code “integration” means. It is not an integration into the law as such, but rather into a “framework” of “voluntary codes” – this is the wording of the law – created under Article 45 of the DSA.
The DSA itself identifies “disinformation” as a “systemic risk” that so-called “Very Large Online Platforms” (VLOPs) and “Very Large Online Search Engines” (VLOSEs) are required to address.
Thus, the Commission’s February 2025 press release announcing the forthcoming code ‘integration’ explains:
To be recognised as a DSA Voluntary Code of Conduct, the Code needs to fulfil the criteria set out in the Digital Services Act. The Commission and the Board adopted separate positive assessments in this regard, endorsing the official integration of the Code into the DSA framework.
With its integration, full adherence to the Code may be considered as an appropriate risk mitigation measure for signatories designated as VLOPs and VLOSEs under the DSA. As such, the Code will become a significant and meaningful benchmark for determining DSA compliance.
This is not to say that non-signatories of the Code, like X, thus still have no obligation to limit the spread of “disinformation”. It is to say rather that they have had this obligation all along: namely, under the DSA itself.
Since they are not signatories of the code, they cannot use code reporting to demonstrate compliance, but they still have to demonstrate compliance by other means: including their public DSA reporting and periodic audits.
This obligation kicked in, more precisely, for all designated platforms, whether code signatories or not, in mid-2023, four months after their designation by the European Commission (as can be seen in Commission ‘DSA Timeline’ below).
As Commission spokesperson Thomas Regnier told Tech Policy Press – for an article that nonetheless suggests otherwise! – “Compliance with the Code is voluntary. Compliance with the DSA is not.”
John Rosenthal is a journalist specialising in European politics. His writings have appeared in such venues as World Affairs, World Politics Review and Brussels Signal. His new essay on ‘How the US Can Defeat EU Censorship‘ is available in the Claremont Review of Books.
Your support is crucial in helping us defeat mass censorship. Please consider donating via Locals or check out our unique merch. Follow us on X @ModernityNews.
More news on our radar
