CJEU stands by country-of-origin principle for online service providers

In a recent decision (Joined Cases C‑662/22 and C‑667/22) on the country-of-origin principle in the EU, the Court of Justice of the European Union (CJEU or the Court) clarified that information service providers are only subject to regulation by their home Member State, and that other Member States cannot restrict their freedom to provide such services except for in exceptional circumstances.  

Background

Airbnb Ireland UC (Airbnb) is an Ireland-based company and the operator of the European version of the eponymous website, which offers an online marketplace for property rentals and homestays. Airbnb collects the relevant rental payments from the person seeking to rent a property, and transfers such payments to the person letting out the property, minus a commission which is retained by Airbnb. 

Amazon Services Europe Sàrl (Amazon), which has its registered office in Luxembourg, operates the Amazon online marketplace in Europe. 

In Italy, certain legislative measures (including Decisions Nos 200/21 and 14/21) were adopted in 2020 and 2021 which subjected providers of online intermediation services and search engines, such as Airbnb, Expedia, Google, Amazon and Vacation Rentals, to certain obligations, including to:

• be entered in a register (the RCO) held by the national regulatory agency for the communication industries (AGCOM); 
• periodically send AGCOM a document setting out detailed financial information; and
• pay a financial contribution to cover AGCOM's administrative costs.

Companies which do not comply with these obligations may be subject to significant fines (not less than 2% and not more than 5% of the company's turnover in the last financial year).

All of the companies mentioned above sought to challenge the relevant Decisions, but this blog post focuses for brevity on the actions brought by Airbnb and Amazon before the Tribunale amministrativo regionale per il Lazio (the TAR), seeking the annulment of Decisions Nos 200/21 and 14/21 based on the principle of freedom to provide services within the EU. 

Airbnb and Amazon argued that they are mainly subject to the legal system of the Member State in which they are established (i.e. Ireland and Luxembourg, respectively), and that Italian law cannot therefore seek to impose impose on them additional obligations relating to their operation as information society services, so any obligations that seek to do so are contrary to EU law. 

Reference to the Court

The TAR noted that in order to be entered in the RCO register, service providers must complete several forms relating not only to their activities, but also to their organisation, including regarding their share capital, the names of the shareholders (together with their shareholdings and voting rights), the composition and term of office of the administrative body, and its directors. This information must be updated annually under threat of fines. 

In light of this, the TAR considered that the obligations may be incompatible with EU law, in particular with the principle of the freedom to provide services, but decided to stay the proceedings and to refer certain questions, which can summarily be broken into two groups, to the CJEU for a preliminary ruling:

• Firstly, whether the adoption by national authorities of provisions that, in order to promote fairness and transparency for business users of online intermediation services, including by adopting guidelines, encouraging codes of conduct to be drawn up and gathering relevant information, impose additional administrative and financial obligations on operators established in another Member State, such as those set out above, is precluded by any or all of:

• Regulation 2019/1150 (the P2B Regulation); 
• Article 3 of Directive 2000/31 (the E-commerce Directive); and/or
• The principle of freedom to provide services laid down in Article 56 of the Treaty on the Functioning of the European Union (TFEU) and Article 16 of Directive 2006/123 (the Services Directive).

• Secondly, whether Member states are required to notify the European Commission of such measures pursuant to Directive 2015/1535 or Article 3(4)(b) of the E-commerce Directive. 

The Court's ruling

As a preliminary point, the CJEU noted that both the E-commerce Directive and the Services Directive were intended to give concrete expression to the freedom of provide services enshrined in Article 56 TFEU, with the only difference being that Article 56 TFEU additionally applies to measures in the field of taxation, which was not relevant to the facts in dispute. 

Further, as Article 3(1) of the Services Directive states that, in the event of a conflict with another provision of relevant EU legislation, such other legislation will prevail, the Court decided that the best place to begin its assessment was in respect of Article 3 of the E-commerce Directive. If it were to establish that the contested measures were precluded by this provision, there would be no need to assess the referred questions in the context of the Services Directive. 

Article 3(1) of the E-commerce Directive

The Court began by assessing Article 3(1) of the E-commerce Directive, which states that each Member State must ensure that the information society services provided by a service provider established on its territory comply with the national provisions applicable in the Member State in question which fall within the "coordinated field" (which is defined in Article 2(h) as the "requirements laid down in Member States' legal systems applicable to information society service providers or information society services").

Article 3(2) states that Member States may not, for reasons falling within the coordinated field, restrict the freedom to provide information society services from another Member State.

At the heart of the E-commerce Directive is, therefore, the principle of control by the home Member State and mutual recognition by other Member States, such that information society services are regulated solely in the Member State in which they are established (Google Ireland and Others, C‑376/22).

The Court therefore observed that it is the responsibility of each Member State to protect the general interest objectives referred to in the E-commerce Directive and, in accordance with the principle of mutual recognition, not to restrict the free movement of those services by requiring compliance with additional obligations, falling within the coordinated field, which it has adopted.

The Italian Government's argument, on this point, was that the obligations under Decisions Nos 200/21 and 14/21 did not fall within the "coordinated field" because: (a) the service providers affected could continue to provide their services without complying with the obligation to be entered in the RCO register; and (b) secondly, the obligation to provide information to AGCOM and to pay a financial contribution was intended to enable it to carry out its supervisory functions. Therefore the measures in question did not affect the access to or exercise of an information society service activity. 

The Court was not convinced by either of these points, finding that, as regards the obligation to be entered in a register, the fact that a provider could in practice continue to provide a service (at risk of having to pay a fine) had no bearing on the requirement to fulfil this requirement in order to exercise the provision of services lawfully, nor did the the fact that the obligations to provide information and pay a financial contribution were imposed for the purposes of AGCOM's supervision affect the scope of such obligations. 

Accordingly, the Court found that the obligations imposed by such as those laid down by Decisions Nos 200/21 and 14/21 did constitute requirements "relating to the exercise of the activity of an information society service", such that they fell within the definition of "coordinated field" for the purposes of the E-commerce Directive, and were therefore precluded by Article 3(1) of the E-commerce Directive, unless they satisfied the conditions set out in Article 3(4). 

Kat enjoying some information service provision

Article 3(4) of the E-commerce Directive

Article 3(4) of the E-commerce Directive allows Member States to derogate from Article 3(1) in certain specific circumstances, e.g. where the measures are aimed at a specific information society service (which did not apply here) and are necessary to ensure public policy, the protection of public health, public security or the protection of consumers.

Accordingly, the Court considered it appropriate to determine whether the Decisions Nos 200/21 and 14/21 might fall within the scope of Article 3(4)(b) in that they were necessary to ensure the application of Regulation 2019/1150. 

However, the Court observed that it was clear from the recitals 7 and 51 of Regulation 2019/1150 that such regulation aims to establish a targeted set of mandatory rules at Union level in order to create a fair, predictable, sustainable and trusted online business environment within the internal market, and there was no direct link between such objective and those listed in Article 3(4)(a)(i) of the E-Commerce Directive. It was common ground that the objective of Regulation 2019/1150 did not concern public policy, the protection of public health or public security, and concerned the protection of business rather than consumers. 

Further, any exception to the country-of origin principle must be interpreted strictly (see Probst, C‑119/12, and Ligue des droits humains, C-817/19) and cannot therefore be applied in respect of measures which are likely to, at best, have only an indirect link with one of the objectives referred to in Article 3(4)(b).

Consequently the Court found that Italy was precluded, by reason of Article 3 of the E-commerce Directive, from seeking to impose on information service providers established in other Member States additional obligations which are not imposed in their Member State of establishment. There was accordingly no need to also answer the questions regarding notifying the Commission. 

Comment

This decision appears to be consistent with the country-of-origin principle and will be very comforting particularly to tech/media companies which operate across the EU and will have been concerned about the cumbersome administrative and financial burden of complying with different regulatory requirements in each Member State in which they offer their service (particularly when the consequence of non-compliance is a significant financial penalty).