Finalised Online Safety Code to be adopted and applied in Ireland from Autumn 2024

Written By

shauna joyce Module
Shauna Joyce

Associate
Ireland

I am a senior associate in Bird & Bird's International Privacy and Data Protection Group, based in the Dublin office where I am a member of the Irish Privacy & Data Protection team. I am a specialist in my field, advising across a broad spectrum of privacy, data protection and related issues.

anna morgan Module
Anna Morgan

Partner
Ireland

I'm a partner in Bird & Bird's International Privacy and Data Protection Group, based in the Dublin office where I'm head of the Irish Privacy & Data Protection practice. My unique background combining litigation, regulation and data protection means I bring a fresh and different perspective when helping clients find solutions.

A new online safety regime in Ireland

Ireland recently introduced a statutory online safety regime for the first time with a landmark piece of legislation, the Online Safety and Media Regulation Act 2022, which amends the Broadcasting Act 2009 (the “OSMRA”).

Under the OSMRA, a new multi-person regulatory commission has been established - Coimisiún na Meán (“CnaM”) (which is the Irish language for “media commission”); this new regulator has multiple roles concerning not only the Irish online safety regime but also television and radio broadcasting and the regulation of audiovisual and video-on-demand services, as well as overseeing and enforcing the EU regime for the regulation of terrorist content online. Significantly, CnaM is also the Digital Services Co-Ordinator and lead competent authority in Ireland for the EU Digital Services Act (“DSA”). Under the OSMRA, CnaM is tasked with establishing a regulatory framework for online safety in Ireland, with this function led by the Online Safety Commissioner. While there are no substantive online safety obligations set out in the OSMRA itself, the OSMRA empowers CnaM to regulate and enforce against organisations which fall under the new online safety regime through the creation and implementation of a system of binding statutory online safety codes. These codes once established and in force will impose, amongst other things, proactive obligations on designated “relevant online services” to minimise the availability of, and risks arising from, harmful online content and to protect users from potential harms posed by such content.

“Relevant online services” are defined in the OSMRA as meaning either: (1) a video-sharing platform service (a “VSPS”), the provider of which is under the jurisdiction of the State; or (2) an information society service that is under the jurisdiction of the State and on which user-generated content is made available, either directly or indirectly (but excluding an audiovisual on-demand media service). If caught within either limb of this definition of a relevant online service, an organisation is in scope to be designated by CnaM as one to which one or more online safety codes apply.

The first Online Safety Code and designation of video-sharing service providers

In accordance with its statutory duties, a draft of its first Online Safety Code (the “Code”), which is focused on VSPSs, was published by CnaM in December 2023, with a public consultation period following. In the same month, the designation process for those VSPSs to which the Code will apply was also completed by CnaM, with it announcing in January 2024 the ten VSPSs which would be captured by the Code. The full list of in-scope VSPSs is available via the CnaM website.

Following the public consultation period, an updated finalised version of the Code was published in May 2024. The obligations for those designated VSPSs set out above, include:

  • To  impose obligations in relevant terms and conditions that preclude users from uploading and sharing “restricted video content” which is specified in the code (this includes, for example, content promoting eating disorders, content promoting self-harm and suicide, and content by which one person bullies or humiliates another);
  • To include in relevant terms and conditions appropriate information relating to the suspension of accounts for infringing behaviours;
  • To implement effective age assurance mechanisms to prevent children seeing “adult only video content” (this is pornographic content and content consisting of realistic representations or the effects of gross/ gratuitous acts of violence or cruelty);
  • To deploy parental controls in relation to children under the age of 16 in connection with content that may impair the physical, mental or moral development of children so that parents can restrict their child from viewing certain content or restrict others from viewing content that their child has uploaded, as well as enabling parents to set time limits in respect of their child viewing video content;
  • To provide user-friendly, transparent information about parental controls deployed; and
  • To provider user-friendly, transparent information about reporting, flagging and complaint handling and resolution procedures.

The harmonisation process

Following the publication of this final version of the Code, it was submitted by CnaM to the European Commission on 27 May 2024 under the EU Technical Regulations Information System (TRIS) process. Under this harmonisation process, national authorities of EU Member States are required to inform the European Commission of any draft technical regulations on products and information society services before they are adopted into national law, in order to ensure alignment with EU laws. This process usually lasts around 3-4 months while the European Commission examines the proposed measures.

On 29 August 2024 CnaM announced that the EU TRIS process in relation to the Code had concluded and that no comments on the Code had been received from the European Commission or any other EU Member States. This essentially means that the path is now clear for the Code to enter into force under Irish law and CnaM stated in the same announcement that it intends to adopt and apply the Code to VSPSs based in Ireland later in the autumn.

Next steps

The conclusion of the EU TRIS process represents a significant step towards the operationalisation of the new online safety regulatory regime in Ireland. Once adopted, the contents of the Code will be legally binding on the VSPSs to which it applies, with CnaM able to impose maximum fines of the greater of either €20 million or 10% of the turnover of the service provider for the previous financial year, for failure to comply with the Code.

This is a remarkably fast turnaround from publication of the draft Code in December 2023 and CnaM has already indicated that there are more codes to come. While the focus for such codes has not been announced, it is notable that the Online Safety Commissioner recently highlighted her “growing concern” in relation to AI-generated material before a recent Irish parliamentary committee hearing concerning the protection of children in the use of AI, so it will be interesting to see whether the next codes proposed will seek to tackle online safety risks related to generative AI. Irrespective of the focus of the next code(s), service providers which fall under the definition of “relevant online service” should monitor developments in this space closely as they may be caught by the scope of forthcoming codes.


For further information, please contact Anna Morgan and Shauna Joyce.

This article was published in our monthly Connected newsletter, to sign-up to receive future newsletters for the latest Regulatory & Public Affairs news and updates, see below:

TO SUBSCRIBE TO OUR CONNECTED NEWSLETTER CLICK HERE 

Latest insights

More Insights
featured image

Guiding through ‘the maze of food labelling’ – The most recent European Court of Auditors’ special report

6 minutes Dec 20 2024

Read More
featured image

EDPB weighs in on key questions on personal data in AI models

1 minute Dec 20 2024

Read More
featured image

Update on recent UK data protection guidance in the financial services space

3 minutes Dec 19 2024

Read More