EU’s Code of Conduct on Disinformation Integrated into DSA

On February 13, the European Commission (EC) and the European Board for Digital Services (EBDS) endorsed the integration of the Code of Practice on Disinformation (the Disinformation Code) into the framework of the Digital Services Act (DSA). 

Article 45 of the DSA provides for the formation of voluntary codes of conduct at EU level to ”contribute to the proper application of” the DSA. The Disinformation Code is the second code integrated into the DSA via Article 45, following the EC’s recent integration of the Code of Conduct on Countering Illegal Hate Speech Online into the DSA which we previously covered here. 

Background

The Disinformation Code was first established in 2018 (the 2018 Code) before being significantly strengthened in 2022, with the intention that it would become recognised as a Code of Conduct under the DSA. The 2018 Code was the first time that online platforms agreed to self-regulatory standards to combat disinformation. After receiving guidance from the EC, the 2018 Code was updated in 2022 to contain enhanced commitments and measures. There are currently 42 signatories of the Disinformation Code, which include Adobe, Google (in respect of its Advertising, Search and YouTube services), Meta, Microsoft (in respect of its Advertising, Bing and LinkedIn services), TikTok and Vimeo. 

The Commitments of the Disinformation Code

The  Disinformation Code is extensive. It includes 44 commitments and 128 specific measures that address different facets of disinformation, while upholding free speech and enhancing transparency. The commitments and measurements span across the following different but interlinked areas:

• Demonetisation: The Disinformation Code aims to ensure that purveyors of disinformation will not benefit from advertising revenues. Signatories commit to avoiding the placement of advertising next to disinformation, along with the dissemination of advertising which contains disinformation.
• Transparency in Political Advertising: Signatories commit to stronger transparency measures which will allow users to easily identify political ads. These measures include more efficient labelling, committing to reveal the sponsor, ad spend and display period.
• Integrity of Services: Signatories commit to measures to reduce manipulative behaviour used to spread disinformation, such as fake accounts, bot-driven amplification, impersonation and malicious deep fakes. Signatories commit to review the tactics, techniques and procedures employed by malicious actors and to implement policies covering these behaviours. 
• Empowerment of Users, Researchers, and Fact-Checkers: Signatories commit to providing better tools for users to identify disinformation, improving access to data for researchers, and expanding fact-checking efforts across the EU.

Implementation and Recommendations

The Commission and the EBDS have also provided a series of recommendations for the signatories, which do not form part of the Code itself but which are intended to enhance its  implementation.. Key among these recommendations are:

• Rapid Response System: Finalising the Rapid Response System to cover all national elections and crises, ensuring timely actions during critical periods.
• Taskforce Collaboration: Facilitating discussions within the Disinformation Code’s permanent task force to follow up on commitments related to the prevention of disinformation.
• Data Reporting: Providing comprehensive data to address gaps in reporting and to allow for the development of efficient, measurable indicators of progress.

The Commission determined that the Disinformation Code conversion will take effect from 1 July 2025. 

Impact of the Code

As is the case with the Hate Speech Code, the Disinformation Code is voluntary. Subscribing to the code is not mandatory and a signatory’s failure to comply with the Disinformation Code will not constitute an infringement of the DSA. However, Recital 104 of the DSA does state that “refusal without proper explanations […] of the Commission’s invitation to participate in a code could be taken into account” when determining if an infringement of the DSA has taken place. Furthermore Article 35(1)(h) of the DSA provides that compliance with relevant Article 45 Codes is among the suggested ways for VLOPs/VLOSEs to discharge their risk mitigation obligations. [Where signatories are obliged to complete an independent audit under Article 37 of DSA, that audit will also assess the signatories compliance with its commitments under the Disinformation Code. As such, there is some impetus for service providers to comply with such voluntary codes.

However, some aspects of the Code have been criticised. For example, some of the specific requirements within the fact-checking provisions have been criticised within the industry as disproportionate, where other tools to address disinformation may be more effective.. The practical impact of the Code remains to be seen. On the one hand, the lack of significant immediate repercussions for non-compliance may disincentivise complete adherence to the extensive obligations under the Code. On the other hand, the extent to which Code compliance forms part of the European Commission’s larger assessment of risk mitigation obligations under the DSA may prove to be a significant incentive.

If you would like any further information on the Disinformation Code, please contact Dr Stephen King, Partner, Eoghan O’Keeffe, Rosalyn English or your usual contact on A&L Goodbody’s Technology team.