The country of origin principle: How to regulate global platforms
The country of origin principle is an effective tool for protecting providers of information society services. In the latest instalment in the controversies involving online platforms, the Court of Justice took their side, holding that the country of origin principle protects service providers with a subsidiary in the European Union. Only the state where they are established can exercise primary control over their activities, and other member states cannot impose additional obligations on them. Italy was recently challenged for infringing this principle in a set of cases decided by the Court of Justice. In the article below, we discuss the ramifications of the rulings by the EU’s top court.
The EU freedom to provide services vs. non-EU companies
One of the fundamental principles of the EU single market is the freedom to provide services, enshrined in Art. 56 of the Treaty on the Functioning of the European Union. It protects undertakings established in any member state, including subsidiaries of non-EU companies. The freedom to provide services is also elaborated and harmonised in secondary EU law, i.e. directives and regulations.
Across the EU, harmonisation applies in particular to information society services, defined in Art. 1(1)(b) of the Single Market Transparency Directive (2015/1535) to mean any service:
- Normally provided for remuneration
- At a distance
- By electronic means, and
- At the individual request of the recipient.
Information society services include, for example, social media, online sales platforms, and internet search engines.
Information society services are covered by the e-Commerce Directive (2000/31/EC), which partially harmonises the law in this area. Partial harmonisation means that the directive establishes certain rules in the area of information society services, but does not regulate them exhaustively. Nevertheless—and crucially for the issues here—the directive introduces the country of origin principle.
The country of origin principle in information society services—benefits for foreign tech companies
The purpose of the country of origin principle (also known as “home state regulation”) is to avoid situations where a business from one member state wishing to provide services in other member states has to meet requirements for those services in each of the other member states. This principle means that the primary responsibility for regulating the activities of an information society service provider rests with the EU member state where the service provider has its registered office (including in the form of a subsidiary or branch). The country where the undertaking has its registered office may impose certain obligations on the service provider and oversee compliance with these obligations. On the other hand, the other member states may not, as a rule, impose additional obligations on the service provider.
The country of origin principle supports the single market by facilitating the cross-border provision of services. Indeed, to provide information society services throughout the EU, it is sufficient for a business to meet the requirements applicable in only one member state, the one where it has its registered office.
The United States is the world’s leading exporter of services, including internet services. Thus it is not surprising that American tech companies doing business in the EU and wishing to take advantage of the freedoms of the single market have established operating subsidiaries in EU countries—for example, Airbnb and Google operate through subsidiaries in Ireland, and Amazon in Luxembourg.
Italy runs afoul of the country of origin principle
Laws adopted by the Italian Republic were challenged under the country of origin principle in a set of cases decided by the Court of Justice on 30 May 2024 (Joined Cases C‑662/22, Airbnb Ireland UC, and C‑667/22, Amazon Services Europe Sàrl; Joined Cases C‑664/22, Google Ireland Ltd, and C‑666/22, Eg Vacation Rentals Ireland Ltd; and C-665/22, Amazon Services Europe).
Italy adopted laws imposing certain obligations on providers of information society services, regardless of whether their registered office is in Italy, another member state, or outside the EU. The only relevant criterion was whether they provided services in Italy. The controversial obligations included:
- Entry in Italy’s Register of Communications Operators
- Submission of information on the service provider’s corporate structure and economic situation
- Payment of periodic fees to the Italian telecommunications regulator (AGCOM).
Failure to comply was punishable by a fine. Italy asserted that it had adopted these rules in order to implement the EU’s Platform-to-Business (P2B) Regulation (2019/1150).
Subsidiaries of Google, Amazon and Airbnb registered in member states other than Italy challenged these laws in an Italian court, seeking a declaration that the laws were invalid because they violated the freedom to provide services (Art. 56 TFEU) and acts of secondary EU law, including the Services Directive (2006/123/EC) and the e-Commerce Directive.
In a separate case, these laws were also challenged by the US-based Expedia Inc., which operates accommodation and travel booking platforms (C-663/22, Expedia). Unlike the plaintiffs in the other cases, Expedia did not have a subsidiary in the EU, but only did business there. Expedia argued that there was no relationship between the questioned provisions and compliance with the P2B Regulation.
The administrative court in Rome that was hearing all of these cases sought a preliminary ruling from the Court of Justice.
The court’s assessment
The Court of Justice reviewed the principles for assessing the compatibility of national law with EU law. It explained that because the e-Commerce Directive and the Services Directive “give concrete expression to the freedom to provide services” enshrined in Art. 56 TFEU, those directives are the first point of reference for determining whether national law is compatible with EU law. Indeed, if national law conflicts with a directive, there is no need for additional examination under Art. 56 TFEU.
Further, the court pointed out that a hierarchy of application also exists between directives. The Services Directive provides that in the event of a conflict, the EU law regulating the type of services in greater detail shall take precedence. Since the e-Commerce Directive is a more specific act than the Services Directive (i.e. dealing specifically with information society services), the compatibility of the Italian laws in question should be assessed firstly under the e-Commerce Directive.
The court explained that the country of origin principle, as established in Art. 3 of the e-Commerce Directive, refers to requirements that an information society service provider must meet in order to provide such services. In particular, these might include:
- Holding appropriate qualifications
- Obtaining a permit
- Listing in a national register
- Verification of service quality.
The country of origin principle applies to these issues. As a result, information society services are regulated exclusively in the member state where the service provider has its registered office, while the other member states where the services are provided (countries of destination) cannot require the service provider to comply with the obligations established in their legal system, as they apply only to undertakings with their registered office in that country.
The court found that the obligations under the Italian laws in question fell under the country of origin principle, and thus adoption of those laws was essentially unacceptable.
However, the country of origin principle is not absolute. In certain situations, Art. 3(4) of the e-Commerce Directive allows another EU country to derogate from the country of origin principle “in respect of a given information society service.” And here a problem arose in the Italian case. To be permissible, such a measure must be exceptional, not a general obligation for a certain category of information society services (see C-376/22, Google Ireland), i.e. applying to any business providing services in that category. The Italian provisions established just such obligations: general, applied without distinction to an entire category of entities. For this reason alone, they did not meet the test for admissibility under Art. 3(4) of the e-Commerce Directive.
Moreover, the permissibility of such obligations depends on whether they are necessary to protect a specific public interest, i.e.:
- Public policy
- Public health
- Public security, or
- Protection of consumers, including investors.
Italy claimed that the purpose of the national regulations was to implement the objectives of the P2B Regulation. But the Court of Justice observed that the P2B Regulation expressly states (Art. 1(5)) that the regulation “shall be without prejudice to Union law,” particularly in the field of electronic commerce, among other areas. As the e-Commerce Directive is specifically about electronic commerce, the objective which the Italian lawmakers were allegedly pursuing under the P2B Regulation would have to fall within one of the areas referred to in the e-Commerce Directive justifying a derogation from the country of origin principle. The Court of Justice concluded that this was not the case: none of the objectives of the Italian regulations concerned public policy, public health, or public security. As for the objective of consumer protection, the regulations pursued this at most only indirectly. Derogation from the country of origin principle is exceptional and therefore must be interpreted strictly (e.g. C-119/12, Probst; C-817/19, Ligue des droits humains). Thus this exception does not apply to measures that only indirectly pursue a given objective, and the Italian regulations also failed to meet the admissibility test in terms of a protected public interest.
In short, according to the Court of Justice, the obligations established in Italy did not fall within the exceptions permitted by the e-Commerce Directive, first because the obligations were general and abstract, and second because they did not pursue any of the public-interest objectives identified in the e-Commerce Directive.
The parallel Expedia case (C-663/22), where the undertaking had no subsidiary in the EU, was different. There, the Court of Justice did not analyse whether the Italian regulations could be applied to such foreign entities, as this was beyond the scope of the question raised by the Italian court. (Nonetheless, it should be recognised that provision of information society services by non-EU companies that are not based in any member state may be independently regulated by each EU country.) The issue of interest to the Italian court boiled down to whether the obligation (to provide business information) established in Italy furthered the objectives of the P2B Regulation, as it was only in this narrow scope that the telecommunications regulator (AGCOM) had the statutory authority to issue regulations. (If it turned out that this obligation was not justified in the Italian act, it would have to be concluded that AGCOM exceeded its authority and the rules it issued in this regard were invalid.) When responding to the questions raised, the Court of Justice stated that implementation of the P2B Regulation did not justify measures such as the Italian regulations at issue.
Current status and possible future developments
The country of origin principle remains central to the market for online services (e.g. C-119/12, Probst; C-817/19, Ligue des droits humains). Moreover, the country of origin principle also applies to audiovisual media services (Art. 2–3 of Directive 2010/13), which are also often provided via internet.
As a rule, supervision of service providers is vested in the service provider’s country of origin, and only that country can impose obligations on it. In practice, this means that all of the requirements for operation of many foreign platforms, including the largest ones, are decided by small countries like Ireland and Luxembourg, where the European subsidiaries of these big platforms are established.
Newer EU laws, such as the Directive on Copyright in the Digital Single Market (2019/790) and the P2B Regulation, which were intended to more closely regulate global platforms, clearly uphold the inviolability of the country of origin mechanism established in Art. 3 of the e-Commerce Directive (even though the e-Commerce Directive itself excludes copyright and industrial property rights from its scope). The country of origin principle is also well established in the case law of the Court of Justice.
The table below, based on the case law to date from the Court of Justice, summarises which obligations imposed on service providers by an EU member state other than their country of origin are permitted and which are prohibited.
Obligations in an EU member state other than an undertaking’s country of origin | |
PERMITTED | PROHIBITED |
Providing tax authorities with customer information (C-674/20, Airbnb Ireland) | Implementation of a system for handling reports of illegal content (C-376/22, Google Ireland) |
Forwarding data on rental agreements to tax authorities (C-83/21, Airbnb Ireland) | Preparing a periodic report on handling reports of illegal content (C-376/22, Google Ireland) |
Withholding tax (C-83/21, Airbnb Ireland) | Submitting such report to the national regulator and posting the report on the undertaking’s own website (C-376/22, Google Ireland) |
Appointment of a tax representative (C-83/21, Airbnb Ireland) | Appointing a person to ensure compliance with the foregoing obligations regarding illegal content (C-376/22, Google Ireland) |
Obtaining a permit to operate an intermediation system between road transport providers and customers (C-320/16, Uber France, holding that the Uber rideshare service is not an information society service, but a transportation service, not covered by the e-Commerce Directive or the Services Directive) |
|
As this breakdown suggests, the permitted exceptions to the country of origin principle mainly concern taxes. While taxation was expressly excluded from the scope of the e-Commerce Directive (Art. 1(5)(a)), tax regulations are still subject to evaluation under the freedom to provide services (Art. 56 TFEU), requiring regulations to be non-discriminatory, necessary and proportionate.
Art. 3(4) of the e-Commerce Directive also provides for the possibility of member states intervening when necessary to protect public policy, public health, public security, consumers and investors. These reasons may seem broad enough to give some leeway to member states—certainly it would be plausible to ground many additional regulations on public health (including mental health) and consumer protection. But the case law of the Court of Justice demonstrates that this is difficult in practice, especially because these measures must not be general and abstract—which by definition they usually are.
Properly framing an obligation so that it meets the standard required by the Court of Justice poses a challenge for member states. To be allowed, such an obligation must relate to “a given information society service.” As the court has pointed out, use of the singular and the word “given” means that the service must be an individualised service provided by one or more service providers (C-376/22, Google Ireland). Thus, under the case law, to meet the requirements of Art. 3(4) of the e-Commerce Directive, it must be possible to identify all entities charged with such an obligation. But it is not clear from the case law whether, if the member state regulation were so narrowly targeted, it might fall under a charge that it is discriminatory.
Online platforms play a key role in contemporary society, so it is tempting for individual countries to try to regulate them in accordance with their own prevailing cultural norms. But in doing so, in the EU it is easy to fall afoul of the country of origin principle. For now, the platforms appear to have the upper hand. This should be borne in mind by national lawmakers. Even if they are driven by noble intentions (such as fighting illegal online content), they must expect a firm response from platforms to any attempt to impose additional obligations.
Barbara Załęcka-Wysocka, attorney-at-law, patent attorney, Wardyński & Partners