Blocking and removing of terrorist content

The obligations set forth in the Regulation enter into effect from 7 June 2022 and apply to all web hosting service providers in the European Union. A ‘hosting service provider’ is understood to mean a person who stores material provided by and at the request of a content provider (web user) in a publicly accessible format. It is not important whether storing such material and making it accessible to the public is just technical, automatic and/or passive. Such platforms may include social media as well as video and audio sharing services.

As an exception, the scope of the application of the Regulation does not include communication services, such as e-mails and private messages or cloud infrastructure services.

If a hosting service provider detects terrorist content online, it must remove or disable the detected terrorist content in the entire territory of the European Union. The hosting service provider must store the removed or disabled online content in accordance with requirements for up to 6 months from removing or disabling the content.

If a hosting service provider receives a removal order from an authorised state institution, it is obligated to remove or disable access to terrorist content within one hour at the latest. After that, the hosting service provider must inform the authorised institution of the removal of/disablement of access to the terrorist content, indicating the time of removal/disablement. In Estonia, the Internal Security Service is the authorised institution.

What is the ‘one-hour-rule’?

Terrorist content is the most harmful in the first hours after its publication. It is therefore important that hosting service providers remove or disable access to terrorist content online within one hour at the latest. Upon receiving an order for the first time, the hosting service provider has 12+1 hours.

• Hosting service providers operating in the territory of the European Union must designate or create a contact point located in the European Union for the electronic receipt of removal orders and ensure the prompt processing thereof.
• Terrorist content removal orders are prepared by competent authorities of the European Union Member States (in Estonia, the Internal Security Service). A competent authority may issue a removal order to all the hosting service providers operating in the European Union. If the contact point of a hosting service provider is not located in the same Member State with the competent authority, the competent authority forwards a copy to the competent authority of the respective country.
• A hosting service provider must comply with the removal order, but the competent authority of the country of location may declare the removal order invalid within 72 hours from receipt of the removal order if it is not in accordance with the Regulation and does not endanger fundamental rights.
• The removal order form is provided in the Terrorist Content Online Regulation and must contain the reasons for the removal of terrorist content, the web link to the location, and information on the possibility of contesting the removal order.
• A hosting service provider has the right to request that the competent authority of the country of location verify the removal order. If the competent authority detects a violation in the removal order, the hosting service provider is obligated to immediately restore the content or again grant access to it upon learning of the corresponding decision.

• Updating the terms and conditions of use by adding a prohibition to publish terrorist content online and informing the users thereof.

• Designating a contact point through which removal orders can be received, and publishing the information on the homepage.

• Establishing the readiness to comply with notices and removal orders (an established work process for reviewing notices and complying with removal orders, including for the storage of information)

• The Regulation sets forth the measures which hosting service providers exposed to terrorist content must apply upon a relevant decision of the Consumer Protection and Technical Regulatory Authority in order to avoid the misuse of their services.

  A hosting service provider can itself decide which of the measures set forth in the Regulation it must implement in order to prevent the dissemination of terrorist content online in their services. 

These may include:

• Relevant technical or other solutions, such as additional personnel for detecting and promptly removing or disabling access to terrorist content.
• Additional notification mechanisms for users to give notice of or mark alleged terrorist content.
• Other measures which a hosting service provider deems appropriate and efficient for preventing or reducing the accessibility of terrorist content in its services or for increasing the awareness of terrorism.

• Hosting service providers are not obligated to implement automatic tools for detecting or removing terrorist content online, but it is one of the options.

  If a hosting service provider decides to use such tools, it must also ensure the subsequent verification of the detected online content and publicly report on the operation of such tools.

• The protective measures established in the case of the removal or disablement of terrorist content online resolve any contradictions with fundamental rights, particularly the freedom of speech.
• Transparent operation means that both the Member States and the hosting service providers are obligated to submit annual reports on the measures implemented.
• Hosting service providers are subject to an obligation to inform, which means that – with certain exceptions – users are also immediately informed and given information about the possibilities for removing  the content.
• Hosting service providers exposed to terrorist content as determined by a decision of the Consumer Protection and Technical Regulatory Authority must have a user-friendly complaint procedure. In addition, they must ensure that complaints are resolved quickly. There must be mechanisms to ensure that erroneously removed content can be restored as promptly as possible in the same format it was published.
• Hosting service providers have the right to request that the competent authority of the country of location verify removal orders and they can also appeal to the courts of the respective Member States.