The TCO Regulation (Terrorist Content Online Regulation) is a European law aimed at preventing the dissemination of terrorist content online.
This Regulation has been applicable in all EU Member States since 7 June 2022.
What is the objective?
- establish common rules to ensure that hosting service providers prevent their services from being misused to disseminate terrorist content.
- ensure public safety, while safeguarding fundamental rights such as freedom of expression and information.
In practice? In order to reinforce the fight against the online dissemination of terrorist content, the TCO Regulation imposes several obligations on hosting service providers.
To whom do the obligations of the TCO Regulation apply?
The TCO Regulation applies to hosting service providers who store and disseminate content online at the request of users. Hosting services are online services, such as:
- social media platforms;
- video, image and audio sharing services;
- file-sharing services and other cloud services.
As long as these providers disseminate the stored content publicly at the request of the user, they are subject to the TCO Regulation.
Non-European providers must comply with the rules as well. In order to protect users throughout the European Union, the TCO Regulation also applies to hosting service providers outside the EU from the moment they offer their services in the EU.
What obligations does the TCO Regulation impose?
Hosting service providers must comply with a number of important obligations, including:
Remove or block terrorist content following an order
- Competent authorities in the EU may order a hosting service provider to remove terrorist content or block access to it in all Member States. The provider must execute the order as soon as possible and in any case within 1 hour of receipt of the order.
Report life-threatening dangers to law enforcement authorities
- If hosting service providers become aware of terrorist content involving an imminent threat to life, they shall promptly inform authorities competent for the investigation and prosecution of criminal offences.
Transparency obligations
- Hosting services providers are required to set out clearly in their terms and conditions their policy for addressing the dissemination of terrorist content.
- In addition, a provider who has taken or has had to take measures to prevent the dissemination of terrorist content should publish an annual transparency report containing information on that subject.
Additional measures for high-risk hosting services
- Certain hosting service providers are more at risk of being used for the dissemination of terrorist content. The competent authority, such as the BIPT in Belgium, can identify those providers on the basis of objective factors. For example, if the provider has received at least two final removal orders in a year.
- If a hosting services provider is designated as at risk (officially "exposed to terrorist content"), it must take specific measures to protect its services from the dissemination of terrorist content.
- However, the provider may at any time ask the competent authority to review and, where appropriate, amend or withdraw this classification.
- The specific measures should be diligent, proportionate and non-discriminatory, so as to protect fundamental rights and to ensure that non-terrorist content is not unjustly removed.
- The hosting service provider should clearly explain in his general terms and conditions the specific measures taken to combat terrorist content, including the use of any automatic detection systems.
- does not impose a general obligation to monitor the information stored or transmitted, nor to actively search for illegal activities;
- does not impose an obligation to use automatic detection systems.