On May 30, 2024, the Court of Justice of the EU (“CJEU”) handed down its rulings in several cases (C-665/22, Joined Cases C‑664/22 and C‑666/22, C‑663/22, and Joined Cases C‑662/22 and C‑667/22) concerning the compatibility with EU law of certain Italian measures imposing obligations on providers of online platforms and search engines.  In doing so, the CJEU upheld the so-called “country-of-origin” principle, established in the EU’s e-Commerce Directive and based on the EU Treaties principle of free movement of services.  The country-of-origin principle gives the Member State where an online service provider is established exclusive authority (“competence”) to regulate access to, and exercise of, the provider’s services and prevents other Member States from imposing additional requirements.

We provide below an overview of Court’s key findings.

Background

The cases originate from proceedings brought by several online intermediation and search engine service providers (collectively, “providers”) against the Italian regulator for communications (“AGCOM”).  The providers, which are not established in Italy, challenged measures adopted by AGCOM designed to ensure the “adequate and effective enforcement” of the EU Platform-to-Business Regulation (“P2B Regulation”).  Among other things, those measures required the providers, depending on the case, to: (1) enter their business into a national register; (2) provide detailed information, including information about the company’s economic situation, ownership structure, and organization; and (3) pay a financial contribution to the regulator for the purposes of supporting its supervision activities. 

The Country-of-Origin Principle

In its rulings, the Court notes that the e-Commerce Directive’s country-of-origin principle relieves online service providers of having to comply with multiple Member State requirements falling within the so-called “coordinated field” (as defined in Article 2(h)-(i) of e-Commerce Directive), that is, requirements concerning access to the service (such as qualifications, authorizations or notifications), and the provision of the service (such as the provider’s behavior, the quality or content of services). 

Member States other than where the service provider is established cannot restrict the freedom to provide such online services for reasons falling within the coordinated field, unless certain conditions are met.  In particular, measures may be taken when it is necessary for reasons of public policy, protection of public health, public security, or the protection of consumers, among other conditions (Article 3(4) of e-Commerce Directive).

In assessing whether the contested Italian measures could be imposed on the providers in question, the CJEU held that there was no direct link between the P2B Regulation’s objective, on which the contested measures were based, and the listed conditions for exemption.  The Court also held that Article 3(4), as an exception to the country-of-origin principle, must be interpreted strictly and cannot apply in cases where the concerned measures “are likely, at most, to have only an indirect link with one of the [P2B Regulation’s] objectives” (Joined Cases C‑664/22 and C‑666/22, para 86).

Providers Not Established in the EU

Although the country-of-origin principle does not apply to providers without an EU establishment, the Court also assessed whether the contested measures could apply to such providers.  The Court held that information gathered by national authorities can be classified as “relevant” to the objectives of the P2B Regulation “only if it has a sufficiently direct link with that objective” and that Member States cannot “gather arbitrarily selected information on the ground that it may subsequently be requested by the Commission in the exercise of its tasks of monitoring and review of that regulation” (Case C‑663/22, paras 53-54).  The Court added that the information gathered by a national authority in this context must have a “sufficiently direct link” with the regulation’s objectives. 

In this case, the Court held that “[t]he link between, on the one hand, the economic situation of a provider of such services and, on the other hand, the manner in which those services are provided for the benefit of business users, assuming that they exist, can only be indirect.” (Case C‑663/22, para 56).  Therefore, the CJEU concluded that Italy could not impose the contested measures even against online service providers without an EU establishment.

* * *

The Covington team continues to monitor developments in EU law, and we regularly advise the world’s top technology companies on their most challenging regulatory and compliance issues in the EU and other major markets. We are happy to assist with any queries.

Photo of Marty Hansen Marty Hansen

Martin Hansen has represented some of the world’s leading information technology, telecommunications, and pharmaceutical companies on a broad range of cutting edge international trade, intellectual property, and competition issues. Martin has extensive experience in advising clients on matters arising under the World Trade…

Martin Hansen has represented some of the world’s leading information technology, telecommunications, and pharmaceutical companies on a broad range of cutting edge international trade, intellectual property, and competition issues. Martin has extensive experience in advising clients on matters arising under the World Trade Organization agreements, treaties administered by the World Intellectual Property Organization, bilateral and regional free trade agreements, and other trade agreements.

Drawing on ten years of experience in Covington’s London and DC offices his practice focuses on helping innovative companies solve challenges on intellectual property and trade matters before U.S. courts, the U.S. government, and foreign governments and tribunals. Martin also represents software companies and a leading IT trade association on electronic commerce, Internet security, and online liability issues.

Photo of Laura Somaini Laura Somaini

Laura Somaini is an associate in the Data Privacy and Cybersecurity Practice Group.

Laura advises clients on EU data protection, e-privacy and technology law, including on Italian requirements. She regularly assists clients in relation to GDPR compliance, international data transfers, direct marketing rules…

Laura Somaini is an associate in the Data Privacy and Cybersecurity Practice Group.

Laura advises clients on EU data protection, e-privacy and technology law, including on Italian requirements. She regularly assists clients in relation to GDPR compliance, international data transfers, direct marketing rules as well as data protection contracts and policies.