The EU Wants To Grow Homegrown Tech. Its Courts Keep Making That Impossible.

Just a couple weeks ago, the European Commission put out its plan for “European tech sovereignty.” It’s not surprising that Europeans are looking at their internet platform options and seeing a choice between US companies and Chinese companies as something that isn’t that appealing. Of course, Europe has mostly itself to blame for this mess. As an Economist piece in April noted, the EU effectively regulated its own internet ambitions to death:

Here is an uncomfortable truth for hand-wringing policymakers in Paris, Berlin and beyond: Europe’s dependency on America Inc is in no small part Europe’s own fault. Decades of over-regulating the old continent’s economy left businesses there unable to compete with American firms, which went on to trounce European ones even in their own backyards. What Europeans could not build quickly for themselves, due to a thicket of regulations, they often imported just as quickly from abroad….

Tech is where the dependency seems most acute. Europe has few firms at the forefront of AI, space or high-end computing (one notable exception is ASML, a Dutch firm globally vital to chipmaking). Even governments often have little choice but to use the likes of Microsoft or Amazon for cloud services, Palantir to sift through data or SpaceX to launch military satellites. Quixotic attempts to shake off big tech abound, for example by having civil servants ditch Windows for some clunky substitute. Too often the European alternatives are lacking anyway. It turns out that boasting about regulating AI before the public had made their first ChatGPT query—as the European Union did in 2021—is not conducive to home-growing AI champions.

Yes, EU rules often applied to American firms, insofar as they wanted to offer their wares in the bloc. But regulation in practice hit European firms harder. The costs of administering complex data-protection rules, say, could easily be absorbed by a Google or OpenAI, with their hordes of compliance staff. Not so their European rivals, which have usually lacked scale (if only because the EU’s fragmented single market made it harder for them to grow beyond their home country). The EU thus generated barriers to entry that often ended up protecting American giants.

And so the EU is going back to the drawing board, once again thinking that it can technocrat its way to technical competence, and that seems unlikely. After all, weren’t the EU’s two biggest pieces of signature tech legislation — the Digital Services Act (DSA) and Digital Markets Act (DMA) — supposed to solve all of this already?

I’ve long been a critic of both laws that were in some ways too vague and in other ways too restrictive all along, but at the very least they were the product of a fairly lengthy process, in which EU regulators were made well aware of the tradeoffs of various approaches. And they chose to land where they landed. This new move by the European Commission isn’t quite an admission of failure, but it sure is a sign that what they insisted would create the right incentives for local competition hasn’t yet worked.

But, of course, none of that may matter if the Court of Justice of the European Union (CJEU) — the highest court across the EU — continues to YOLO its way through internet law. Back in December we wrote about its deeply problematic ruling in the Russmedia case, which more or less ignored the fragile balance that the DSA had set forth regarding intermediary liability for third-party speech, by insisting that any platform operator must scan any user generated content for “sensitive personal data” about anyone else and block it. It effectively required full scanning of every piece of uploaded content, a ban on anonymous speech, and a requirement that “bad” posts somehow be blocked from anyone copying them.

And now it’s taken that up a notch in its new WebGroup ruling (full ruling currently only available in French, but Google translate works, at least while Google can still operate in the EU). While the headline regarding the ruling is that the CJEU says that age verification mandates are fine regarding pornographic content (matching the US Supreme Court on that one), the ruling goes even further, and suggests that any website that has algorithmic recommendations for content should take on liability for the content it recommends.

I recognize that some people are cheering this on because they hate “big tech” and think this will somehow damage it. That’s wrong. It will damage smaller tech players (such as the ones the EU is trying to encourage companies to build in the EU) way, way more. I’ve written before, in the US Section 230 context, why it’s a terrible idea to make recommendation algorithms liable for the content they recommend, and that reasoning applies equally in the EU.

Recommendation algorithms actually do, on the whole, make the internet experience much more bearable. I get that more and more internet users grew up in an era dominated by the algorithm, but it was not better before that. The internet was so filled with nonsense and junk that people begged for better algorithms. And in this new era, with the rise of AI slop, it would be even worse.

But, more to the point, a recommendation algorithm is simply stating an opinion of “this is what we think you should look at next.” We can debate the purpose of that opinion, and whether it is solely to extract more attention or money from users, or to actually provide them value. But that doesn’t matter. Nothing in “this is what we think you should look at next” is (by definition) a full-throated endorsement of the content. It’s literally “based on other stuff you’ve looked at, and our own weights and priorities, here’s what you should look at next.” It has no way of reviewing the actual quality of the content, determining if it’s helpful or not, factual or not, or nonsense or not.

That’s just not how any of this works.

But once you put liability just for recommending “this is what the algorithm thinks you should look at next” you make it ridiculously expensive to offer any sort of algorithm — even in situations like Bluesky where anyone can create and share their algorithms for others.

The end result is that the only companies who will be able to recommend content — which, by every possible measure in every possible study, we’ve seen the vast majority of internet users prefer — will be the largest companies in the world: Google, Meta, TikTok. All of the upstart competitors, all of the services the EU now says it wants to grow at home, would find it impossibly difficult to offer such a feature, because the risk of liability would be way too intense.

For all the many problems I had with the DSA, on this it mostly got the equation right, recognizing that pinning liability on platforms in this manner could have really negative effects. And while I still think the DSA should have gone much further in protecting intermediaries, the CJEU interpretation here basically takes a sledgehammer to the attempted balance within the DSA.

The mistake the CJEU is making here, as highlighted by expert Daphne Keller, is that in thinking that this will “make big tech more responsible” it actually empowers them, encourages them to engage in constant monitoring and surveillance, and basically appoints them as the speech police. What could go wrong?

Some of us have been making this point for years. And the results of earlier laws (like the GDPR) showed exactly how this would play out, entrenching the largest companies and leaving the EU once again flailing around demanding new laws to fix the situation their old laws created.

It’s understandable that the EU doesn’t like its tech platform choices. But it’s now in a loop of its own making. Fail to understand the technology, fall prey to a moral panic, over regulate… and then wonder why no one is building and the big American tech companies just get bigger. Rinse and repeat. The CJEU’s latest ruling undermines the attempt at balance laid out by the DSA and completely sabotages the “homegrown” sovereign competitors the Commission so desperately claims it wants to cultivate — while handing the surveillance infrastructure bill to the only players big enough to pay it. The Commission can call it tech sovereignty all it wants. The CJEU just made vassalage structural.

Filed Under: age verification, algorithmic recommendations, algorithms, cjeu, digital services act, dma, dsa, eu, eu commission, france, intermediary liability

Companies: webgroup