Monday, 6 July 2026

What is wrong with the proposal to exclude some Ukrainians from temporary protection?

 



 

Dr. Meltem İneli Ciğer, Associate Professor of International Law, Suleyman Demirel University Faculty of Law, Türkiye; Honorary Fellow, School of Law and Social Justice, University of Liverpool

With comments from Professor Steve Peers, Law School, Royal Holloway University of London

 

Photo credit: President of Ukraine, via Wikimedia Commons

 

 

Nearly every year since I started teaching temporary protection and the Council Directive 2001/55/EC of 20 July 2001 (Temporary Protection Directive) at the Odysseus Summer School in 2022, a familiar pattern has emerged. Each year, while updating my PowerPoint slides, the European Commission adopts a proposal to extend the temporary protection regime implemented for Ukrainians fleeing the full-scale Russian invasion. I usually read and incorporate this new development, either the Commission Proposal or the adopted Council Implementing Decision, when I am flying to Brussels. This year is no exception.

 

This year’s Proposal for a Council Implementing Decision (COM(2026) 345 final) marks a departure from previous practice. Aside from proposing to extend temporary protection for an additional year, namely until 4 March 2028, the Commission is proposing, for the first time, to restrict the scope of temporary protection for a specific subset of newcomers. In particular, Article 2 of the Proposal targets newly arriving Ukrainian citizens who are subject to military service obligations under Ukrainian law and who lack explicit, official authorisation from the Ukrainian authorities to leave the country. By proposing this conditionality, the Commission is effectively linking eligibility for temporary protection to the enforcement of a home state’s conscription laws.

 

I have written here and here why I believe these yearly extensions run contrary to the Temporary Protection Directive itself and the risks they bring. This year, however, I will do something different. Since over the years, I have covered the legal problems with yearly extensions, I want to focus specifically on the legal questions brought by the new proposal, namely, those relating to the new restrictions it introduces.

 

Here, I will pose four main legal questions relating to these new restrictions and give my opinion on them. I should mention that the idea to write this post emerged from an exchange on LinkedIn, where I am a somewhat active user, and the comments I received from Steve Peers. I asked Steve to include his answers to these questions, to provide a ‘devil’s advocate’ perspective on some points. Finally, I should mention the sources that can help this analysis. You can watch the Commission’s official press conference video, where some similar questions were posed to the Commission. Additionally, a recent Council of Europe report explicitly warns about the human rights risks of the proposed restriction of scope. Of course, these legal questions will only arise if the proposal is adopted as it is. What are they?  

Question 1: Is restricting the scope of temporary protection and excluding newly arriving military-age men from Ukraine discriminatory?

Meltem: Yes, there is a very strong legal argument that this specific restriction is discriminatory under both EU and international human rights frameworks. First, let us look at who is excluded: Article 2 of the proposal explicitly targets newly arriving Ukrainian citizens who are subject to military service obligations under Ukrainian law and who lack official authorisation from the Ukrainian authorities to leave the country. Because martial law and mobilisation frameworks in Ukraine predominantly apply to adult males aged 18 to 60, this measure selectively excludes military-age men from receiving temporary protection in the EU in future.

Article 21 of the Charter of Fundamental Rights strictly prohibits any form of discrimination based on sex or nationality. By implementing a rule that disproportionately and systematically strips temporary protection eligibility away from mostly adult men, the proposal introduces a gender-discriminatory measure. Treating newly arriving men less favourably than women fleeing the same conflict zone creates direct friction with this principle of equal treatment. This is further reinforced by Article 14 of the European Convention on Human Rights (ECHR), which prohibits sex-based discrimination when read alongside the protection of fundamental rights under Article 3 or Article 8 ECHR (cf para 30 here). Of course, although these excluded individuals will retain their absolute right to apply for asylum under Article 18 of the Charter, this route opens up further complex legal questions. Most notably, what happens if their international protection claim is rejected?

If a Member State examines an individual’s asylum (ie international protection) claim (which can still be made, according to the temporary protection Directive, even if temporary protection is refused), and concludes that evading conscription under these specific circumstances does not meet the high threshold for refugee status or subsidiary protection, the individual is left in a dangerous legal vacuum. Because they are barred from registering as temporary protection beneficiaries by this new proposal, this may expose them to the immediate risk of a return decision. 

Steve: A devil’s advocate view: the Charter also provides for possible restrictions of Charter rights in its Article 52, which allows limitations on rights to support ‘objectives of general interest recognised by the Union or the need to protect the rights and freedoms of others’. The argument here is that the EU is seeking to support the Ukrainian defence effort, which could be described either as an objective of general interest, or protection of the rights and freedoms of others. The measure is arguably proportionate as long as the return of each Ukrainian citizen in the individual case would not amount to non-refoulement (and only provided that any application for international protection they have made has failed on the merits; the concerns raised about human rights and conscription in Ukraine can obviously be argued in this context). Having said that, the Commission’s proposal can fairly be criticised for failure to make any specific reference to the possibility of applying for international protection instead.

Question 2: Does the Temporary Protection Directive give the Council the power to restrict its scope after four years of its activation?

Meltem: No, it does not. Neither Article 5 nor any other provision in the temporary protection Directive (TPD) grants any power to the Council to retroactively alter, narrow, or restrict the objective scope of who qualifies for that protection via a yearly implementing decision. Article 5 is invoked by the Commission in the Proposal to justify restricting the scope of the TPD’s application. However, if you look closely at the TPD, you will see Article 5 is intended to designate the specific categories of persons eligible for temporary protection at the very beginning, when there is a mass influx. It does not give the Council the power to dynamically designate or exclude different groups in subsequent yearly extensions. In my opinion, attempting to introduce new restrictions now is completely contrary to the TPD provisions. These new restrictions essentially introduce new exclusion grounds for temporary protection status. When looking at Article 28 of the Directive, which explicitly sets out the allowed exclusion grounds, it is clear that the new restrictions are also not permitted as additional exclusion grounds.

Steve: Again, a devil’s advocate might argue the opposite here – that this is not an issue of a new exclusion from temporary protection (which would definitely need an amendment to the parent Directive to be created), but rather a narrowing of those included by temporary protection. The scope of people included by the current iteration of temporary protection is defined not by the parent Directive, but by the 2022 decision to trigger it in response to the main Russian invasion of Ukraine, which has been amended (to extend its duration) several times already. The parent Directive is silent on the issue of whether the scope of who is covered by temporary protection can be altered (either to narrow it or to widen it) after temporary protection is triggered, but perhaps the earlier CJEU judgment in Kaduna – which accepted that Member States could narrow the scope of any ‘optional’ temporary protection they initially offered on top of the EU minimum if they chose – applies by analogy to EU-wide temporary protection, ie the EU can narrow the scope of temporary protection it initially offered, as long as the parent Directive’s test for terminating temporary protection is met for the specific group of people being removed from the scope of that protection as regards future applications. That test is:

...the situation in the country of origin is such as to permit the safe and durable return of those granted temporary protection with due respect for human rights and fundamental freedoms and Member States' obligations regarding non-refoulement.

It might, of course, be argued that this test is not met for men of military age. In any event, the parent Directive’s guarantee that they can apply for international protection at any time, and the Return Directive’s guarantee that they cannot be refouled, have to be satisfied too, on an individual basis.

It might also be argued that since the parent Directive only sets minimum standards, it must remain open to Member States to grant temporary protection to military age men as an option, as long as they are fleeing Ukraine for the same reason as others seeking temporary protection (see the Kaduna judgment by analogy, as regards those who left Ukraine shortly before the main Russian invasion). This might be relevant in particular to Hungary, which has reportedly objected to this aspect of the proposal.

Question 3: What will happen to the family members of those who fall within the scope of temporary protection in line with Council Implementing Decision (EU) 2022/382 of 4 March 2022?  

Meltem: This raises a very messy legal question regarding family unity. Under the initial Council Implementing Decision (EU) 2022/382, family members of Ukrainian nationals, as well as those of third-country nationals holding refugee or equivalent protection status in Ukraine prior to the full-scale invasion, are explicitly included as a core category entitled to temporary protection alongside the principal applicant.  Article 15 of the Temporary Protection Directive sets out mandatory duties for Member States to reunite family members who were separated due to the circumstances of the mass influx. (cf. Milios’s contribution here) The new proposal creates a direct clash between Article 15 of the TPD and the proposed exclusion grounds. If a newly arriving, military-age man leaves Ukraine to join family members who have held temporary protection in the EU since 2022, his exclusion would directly undermine the right to family life and the obligations in the 2022 Decision and the Directive. Conversely, admitting him while excluding single men in identical circumstances introduces severe issues of differential treatment and discrimination.

Steve: here I think the devil’s advocate has no good argument to make. Family members of those with temporary protection are entitled to temporary protection, according to the 2022 Decision, and family reunion, according to the parent Directive, unless the criteria for exclusion set out in that Directive (ie security risks and serious crimes, defined similarly to the exclusion clauses in the Refugee Convention) apply. This route to temporary protection is most likely to be relevant to men whose wives or partners have temporary protection in the EU (for partners, this is subject to the criteria of having a ‘stable relationship’, and that the host Member State treats partners in a ‘comparable’ way to married couples). As Jane Austen might have said, “It is a truth universally acknowledged, that a single man seeking temporary protection from a Russian platoon, must be in want of a wife.”

Question 4: Is Recital 5 of the Proposal a mistake or a new interpretation of the Krasiliva case (C-753/23) by the Commission?

In the Krasiliva case (C-753/23), the Court of Justice of the European Union (CJEU) confirmed that displaced persons from Ukraine have a right to choose the Member State where they want to apply for temporary protection. However, the Court ruled that national authorities cannot declare a newcomer’s temporary protection registration and resident permit request inadmissible simply because they already applied for a permit in another Member State but have not received it. Interestingly, the Court left open the question whether a person who has received temporary protection status and a resident permit attached to this status in one Member State can apply and be granted temporary protection in another MS.

Recital 5 of the Commission Proposal notes “Given that a person can benefit from the rights attached to temporary protection in only one Member State at a time, to ensure that this is the case, and to avoid multiple registrations for temporary protection, Member States should reject residence permit requests made on the basis of Article 8(1) of Directive 2001/55/EC when it is apparent that the person concerned has already obtained a residence permit on that basis in another Member State and therefore is enjoying the rights attached to temporary protection therein, including social assistance. This would be coherent with the judgment of the Court of Justice of the European Union in case C-753/23 and in particular paragraph 30 thereof.”

Steve: To my mind, the Krasiliva judgment is ambiguous. The key para in the judgment says that it is “open to the authorities of a Member State to verify, in the course of examining” a temporary protection application, “whether those persons have already obtained a residence permit in another Member State”. This is not explicitly definitive either way. The important point here is the addition of the words in the Commission proposal: “and therefore is enjoying the rights attached to temporary protection therein, including social assistance”, which do not appear in the previous Council decision extending temporary protection. This suggests that if another Member State has granted temporary protection but has not done so correctly, ie does not extend the substantive rights set out in the parent Directive to beneficiaries in practice, another Member State is obliged to consider a temporary protection application from those persons. This would be consistent with CJEU case law on international protection (Ibrahim).

Meltem: I believe the Commission adopts a very restrictive reading of the Judgment by noting Member States should reject residence permit requests made on the basis of Article 8(1) of the Directive when it is apparent that the person concerned has already obtained a residence permit in another MS. However, as Steve pointed out, what happens if a person holds TP status in a Member State but is not enjoying the rights attached to temporary protection therein, including social assistance? Then can they apply for temporary protection in another Member State? I think the recital somehow supports this reading. Is this on purpose or a mistake we do not know.

Conclusion

In conclusion, although the Commission's proposal to restrict the scope of temporary protection to help Ukrainian allies is understandable from a policy point of view, it raises many serious legal problems. For the reasons I have outlined, ranging from discrimination and ultra vires overreach to the risk of creating a dangerous legal gap for those whose asylum claims might be rejected, I argue that the Commission proposal should not be adopted as it is.

Wednesday, 1 July 2026

Double Direct Effect? The UK Supreme Court’s revisiting of the direct effect conditions in Dillon

 


 

Dr Eleni Frantziou, Associate Professor in Public Law and Human Rights, Durham Law School, and Dr Sylvia de Mars, Reader in Transnational Public Law, Newcastle Law School

 

Photo credit: Samuel Lennox, via Wikimedia Commons

 

Introduction

 

Is there anything left to say on the direct effect of EU law? Yes, according to the UK Supreme Court, which handed down its much-awaited judgment in Dillon et al on 7 May 2026. The UK reference above is not a typo: despite Brexit, aspects of the EU/UK Withdrawal Agreement (‘WA’) have direct effect under the conditions provided for in EU law, in line with Article 4 WA. In Dillon, the UK Supreme Court was asked to interpret whether one provision of this agreement – Article 2(1) of the Ireland/NI Protocol (‘Protocol’), which is itself a core part of the WA (Article 182 WA) – is directly effective and, if so, on what terms.

 

The case concerned the Legacy (Troubles and Reconciliation) Act 2023, which set out a broad range of immunities for serious crimes committed in Northern Ireland during the Troubles. The principal claimants were one direct victim and three relatives of victims killed in the conflict – a wife, mother and sister who, as O’Donoghue observes, were but minimally acknowledged by the UKSC. They challenged the immunities provisions of the Act under the ECHR and EU law.

 

In this post, we focus only on the EU law dimensions of the case and, particularly, on the question of direct effect. In our view, Dillon raises significant questions about the correct application of the direct effect conditions, the ultimate arbiter of which is the CJEU. In particular, we argue that the UKSC’s interpretation of direct effect in Dillon is inconsistent with EU law, because it creates an unprecedented requirement of ‘double direct effect’: it applies the direct effect conditions to both a provision of the Withdrawal Agreement/Protocol and to measures referenced in this provision.

 

Why was EU law still relevant in Dillon in 2026?

 

One of the most contentious aspects of the Withdrawal Agreement negotiations was the status of Northern Ireland. It is widely documented that EU membership was one of the principal catalysts for the Belfast/Good Friday Agreement (‘BGFA’) that officially marked the end of the Northern Ireland conflict known as ‘the Troubles’. As EU membership by both the UK and Ireland had ensured free movement between the Irish north and south, the creation of special arrangements that secured this after Brexit was a crucial aspect of the UK’s exit negotiations.

 

These special arrangements were embedded into the Ireland/NI Protocol (as of 2023 also known as the ‘Windsor Framework’ in the UK), which was appended to the Withdrawal Agreement as a core part of it dealing with a specific ‘withdrawal’ issue.  The Protocol provides for continued north/south cooperation, avoiding a hard border and protecting both trade and cross-border work. Importantly for the purposes of the Dillon case, the Protocol also notes in recital 7 of its Preamble that ‘Union law has provided a supporting framework for the provisions on Rights, Safeguards and Equality of Opportunity of the 1998 Agreement’ (‘RSEO’) and includes a specific non-regression guarantee with respect to this part of the BGFA. To this end, Article 2(1) of the Protocol provides:

 

The United Kingdom shall ensure that no diminution of rights, safeguards or equality of opportunity, as set out in that part of the Belfast/Good Friday Agreement entitled Rights, Safeguards and Equality of Opportunity results from its withdrawal from the Union, including in the area of protection against discrimination, as enshrined in the provisions of Union law listed in Annex 1 to this Protocol, and shall implement this paragraph through dedicated mechanisms.

 

It was this article of the Protocol that formed the basis of the EU law claim in Dillon. The claimants’ argument went as follows: since the UK had been subject to the Victims’ Rights Directive (‘VRD’) before Brexit and this had been implemented in NI through domestic measures, the immunities created by the Legacy Act reduced the level of protection of fundamental rights available during the UK’s membership of the EU, and were therefore in conflict with Article 2 of the NI Protocol. This claim was made possible by Article 4(1) WA, which states that the “Agreement shall produce in respect of and in the United Kingdom the same legal effects as those which they produce within the Union and its Member States” and the test for individuals to rely on a provision of the Withdrawal Agreement before domestic courts is that such a provision should “meet the conditions for direct effect under Union law.”

 

In line with the widely known Van Gend en Loos formula, a provision of EU law has direct effect if it confers rights to individuals that are clear, precise, and unconditional, rather than being subject to the adoption of further measures by either Member States or the EU.  The wording of Article 2(1) of the Protocol prima facie meets these conditions with ease. The right conferred by Article 2(1) is to not have ‘rights, safeguards or equality of opportunity’ as set out in the BGFA and in Annex 1 of the Protocol diminished. This paragraph contains a ‘textbook’ negative obligation. It requires no further measures at all – the UK simply needs to refrain from introducing new measures that reduce the level of protection of EU fundamental rights as it stood on 31 December 2020.

 

The claimants consequently argued that, since Article 4 WA also provides for the Agreement to have primacy and, at paragraph 2, requires that domestic courts be capable of disapplying incompatible provisions, the immunity provisions of the Legacy Act had to be disapplied. Two courts in Northern Ireland had found for the claimants, disapplying the offending provisions – but the government challenged this on appeal to the UKSC. It argued that if Article 2 was to have direct effect, it could only do so by reference to obligations that were themselves clear, precise and unconditional.

 

The Supreme Court sided with the government. It found that Article 2 could not always have direct effect, but only under certain circumstances, namely when the measures cross-referenced in Article 2 were themselves directly effective.  It is worth setting out its reasoning in some detail.

 

The UKSC commences, at paragraph 112, by citing the so-called Demirel test.  Demirel is one of the early cases in which the CJEU considered whether provisions in bilateral agreements signed by the EU could have direct effect; and it found at paragraph 14 that:

 

…a provision in an agreement concluded by the European Union with a non-member country must be regarded as being directly applicable when, regard being had to its wording and to the purpose and nature of the agreement, the provision contains a clear and precise obligation which is not subject, in

its implementation or effects, to the adoption of any subsequent measure... (emphasis added)

 

So far, so good.  While, as we discuss further below, the treatment of the Withdrawal Agreement (or Protocol) as part of ordinary EU external relations law is questionable, this does reflect the commonly used test for evaluating the direct effect of bilateral agreements involving the EU.

 

However, the UKSC proceeds with the following statement in paragraph 113:

 

The obligation imposed on the United Kingdom by article 2(1) of the Windsor

Framework relates to rights, safeguards or equality of opportunity “as set out in” the RSEO chapter. It is therefore necessary to consider whether, having regard to the wording and to the purpose and nature of the RSEO chapter and of article 2(1) of the Windsor Framework, those provisions read together impose a clear and precise obligation which satisfies the test for direct effect.

 

In our view, the words “therefore necessary” make a huge argumentative leap, hitherto unseen in any EU law treatment of direct effect. In this single short paragraph, the CJEU takes the Demirel test but applies it simultaneously to the Withdrawal Agreement and its provisions and the BGFA’s RSEO chapter’s provisions. In other words, the UKSC reasons that Article 2 of the Protocol cannot have direct effect as such: for it to be directly effective, anything it references must also be directly effective.  This leads to its even more confounding finding, which is – ultimately – that Article 2 of the Protocol sometimes has direct effect – but at other times it does not. This is because, according to the UKSC, it is impossible to identify a clear and precise obligation without reference to the RSEO chapter. As the UKSC puts it at paragraph 116, “[i]t is only in this way that the obligation not to diminish rights, safeguards or equality of opportunity acquires any content.”

 

This aspect of the ruling – which we dub ‘double direct effect’ –presents a deep challenge to settled understandings of the direct effect of EU law.

 

The fallacy of the UKSC’s direct effect

 

The UKSC’s ruling does not question the possibility of Article 2 of the Protocol to have direct effect, nor does it challenge the terms of direct effect. According to the Court, as per paragraph 112, the relevant conditions are the conditions set out in EU law. But the choice of EU law is already telling of the ruling’s direction and tone: rather than going straight for the Van Gend en Loos conditions, the Court refers to the Demirel test on the direct effect of international agreements.

 

While this choice is defensible to a degree as the WA is, after all, a bilateral agreement, the confidence with which the UKSC resorts to it is puzzling. Unlike association agreements, such as the one between the EU and Turkey at stake in Demirel, or even the UK/EU Trade and Cooperation Agreement, EU competence for which resides in external relations law (Article 217 TFEU), the Withdrawal Agreement is a very specific type of agreement. The competence to conclude it is found in the constitutional part of the Treaty on European Union – Article 50 TEU – and it is Article 50 (2) that sets out that the terms of withdrawal are to be negotiated in accordance with Article 218(3) TFEU. The Withdrawal Agreement is thus a category in its own right: it is not about a third state negotiating the terms of its association with the EU, however deep, but about a Member State negotiating its departure from the bloc in line with its own constitutional requirements, as set out in Article 50 TEU.  The exceptionality of the Withdrawal Agreement has been raised indirectly in litigation before the CJEU and, albeit that the Court has not had specific occasion to address what this means for direct effect, it has emphasised the significance of Article 50 TEU as the essential legal context for analysing the provisions of the Withdrawal Agreement (see, e.g., Préfet du Gers I, para 54). 

 

But even if we were to accept that the Withdrawal Agreement should be treated just like any other bilateral treaty, its own terms make its ‘intention’ clear, given the express wording of Article 4 WA on the application of the direct effect conditions – a very unusual stipulation that, to our mind, would not go unnoticed by the CJEU. In fact, as Gallo and Labus note, specific exclusions of direct effect are the norm in the external relations context, as is indeed the case for the TCA, Article 5 of which preclude direct reliance by individuals on its provisions. The choice of the Demirel conditions is, therefore, significant for at least two reasons: first, it is important symbolically. The UKSC makes a choice to treat the Withdrawal Agreement as one of many international agreements the UK has signed. This automatically limits any perceived onus on its part to read the ‘purpose and nature’ of the Withdrawal Agreement or the Protocol as resulting in different obligations than other international law. Second, the reliance on the Demirel test and its focus on not only the precision and unconditionality of the relevant provisions, but also the ‘purpose and nature’ of the agreement, enables the UKSC’s further findings about Article 2(1) WA. For, as already highlighted above, rather than treating ‘purpose and nature’ as pertaining to the Withdrawal Agreement and its provisions, the UKSC understands this test as applying to the RSEO section of the BGFA.

 

The ‘purpose and nature’ of the BGFA is summarised in paragraph 119 as “establishing peace in Northern Ireland after decades of sectarianism and civil conflict”. This reference appears to preclude a reading of the BGFA as aiming to secure cross-community equality in a broader sense, which makes reliance on Article 2 for the purposes of ensuring the non-diminution of EU fundamental rights altogether less likely. It will be far more difficult to link provisions in the RSEO chapter to EU law if it is essential to prove that their purpose and nature was ‘establishing peace’. This focus on the Demirel condition of the nature and purpose of the agreement thus appears to negate, at least to an extent, the practical relevance of Article 2 as a non-regression clause. Rather than protecting the ‘supporting framework’ of fundamental rights that membership of the EU meant for the peace process in tune with the Protocol’s Preamble, the interpretation could prove to be much narrower– a possibility that remains to be fleshed out further in subsequent case law.

 

Beyond the type of direct effect it chooses, though, the UKSC also commits, in our view, a fundamental, substantive error of EU law in its application of the direct effect conditions. This error rests on the finding that Article 2(1) is a provision that could sometimes, but not always, have direct effect – depending on what else it references. This position does not withstand scrutiny from the perspective of EU law. 

 

It is trite EU law, including under Demirel, that the direct effect conditions refer to ‘a provision’. Leaving the categorical exclusion of certain forms of direct effect for certain instruments (eg, the horizontal direct effect of directives), the CJEU has never held that a provision can both have and lack direct effect. The test is a clear binary: the provision either meets the conditions and it is directly effective or it does not, and it is not.

 

In this sense, it may have been more coherent for the UKSC to state that Article 2 is not directly effective at all. That, however, would have created the problem that some of the EU law explicitly referred to in the provision (the Equality directives) are par excellence directly effective obligations. Finding that Article 2(1) lacks direct effect altogether would have created a procedurally awkward situation, whereby the Annex to the Protocol has direct effect and supremacy in accordance with Article 4(1) WA, but its ‘activating’ provision does not. It was also clear that the provision was thought to have direct effect when negotiated and the UK government did not challenge the right of individuals to invoke it with respect to the annexed Directives; while the UKSC made it clear that UK government interpretations of its own commitments made when concluding the WA were of no help in determining of Art 2 of the Protocol was directly effective (see paragraphs 123-124 of the judgment), it seems to have wanted to avoid making the existence of that Annex 1 and, indeed, Article 2 itself wholly pointless from a litigation perspective. Hence, the UKSC resorts to a half-way house: if the provisions against which non-diminution is sought are themselves directly effective, then Article 2 can be invoked before domestic courts. If they are not, it cannot. Much like Schrödinger’s cat, then, direct effect is simultaneously alive and dead – it all depends on what Article 2 is referencing. 

 

This reasoning in our view misunderstands (though it does not reference) CJEU case law on the direct effect of provisions that also refer to other provisions, as well as the nature of the direct effect conditions as interpreted in EU law, more generally. For example, Charter provisions regularly give ‘specific expression’ to non-directly effective measures of directives (see, eg, the Grand Chamber rulings in Egenberger, Braathens,  KL v X). Unlike the approach espoused by the UKSC, it is not the non-directly effective measures detailing the core obligation that suddenly acquire direct effect. Rather, the presence of a directly effective measure, such as Art 47 CFR, makes the more specific obligations listed in the directives invocable in court, where they otherwise would not be. The core obligation is directly effective regardless of what it cross-references. The CJEU makes this very clear in Egenberger:

 

78. [L]ike Article 21 of the Charter, Article 47 of the Charter on the right to effective judicial protection is sufficient in itself and does not need to be made more specific by provisions of EU or national law to confer on individuals a right which they may rely on as such [emphasis added].

 

In other words: it is the more general provision of primary law – Article 47 of the Charter – that gives rise to a clear, precise and unconditional obligation. This does not require a cross-reference to a separate provision that is also directly effective in order to be relied upon. Rather, the only effect of the directives in the above cases is to show that the scope of EU law – and hence the relevant provision of the Charter – was engaged.

 

We found similar reasoning in CJEU judgments that involve international agreements, where the cross-referencing to Annexes and Protocols is very common. In Sevince, for instance, concerning the EEC-Turkey Association Agreement, the CJEU found in paragraph 22 that provisions in several decisions adopted under this association agreement had direct effect – and that this

 

cannot be affected by the fact that [other provisions] provide that the procedures for applying the rights conferred onto Turkish workers are to be established under national rules. Those provisions merely clarify the obligation of the Member States to take such administrative measures as may be necessary for the implementation of those provisions, without empowering the Member States to make conditional or restrict the application of the precise and unconditional right which the decisions of the Council of Association grant to Turkish workers. (emphasis added) 

 

The analogy is, in our view, powerful: similarly to Article 2, this case concerned a standstill obligation that no further obstacles to the free movement of workers be imposed. Moreover, like Article 2, there was an expectation that national procedures would be introduced to ensure the effectiveness of this core obligation. The CJEU clearly distinguished this procedural conditionality from the primary negative duty. 

 

The idea that the ‘referred-to’ provisions do not themselves have to be directly effective for a primary provision to be directly effective is also expressly confirmed in the 2022 ruling in Deutsche Umwelthilfe, which concerned standing requirements in the implementation of the Aarhus Convention. The CJEU’s reasoning is worth citing in some detail:

 

66. [W]hile it is true that Article 9(3) of the Aarhus Convention does not have direct effect in EU law and cannot, therefore, be relied on, as such, in a dispute falling within the scope of EU law, in order to disapply a provision of national law which is contrary to it, the fact remains that, first, the primacy of international agreements concluded by the European Union requires that national law be interpreted, to the fullest extent possible, in accordance with the requirements of those agreements and, secondly, that Article 9(3) of the Aarhus Convention, read in conjunction with Article 47 of the Charter, imposes on Member States an obligation to ensure effective judicial protection of the rights conferred by EU law, in particular the provisions of environmental law...

         

78. … the discretion conferred on the Member States to lay down rules governing the right to bring proceedings, referred to in [Article 9(3) of the Aarhus Convention], does not affect their obligation to ensure a right to an effective remedy enshrined in Article 47 of the Charter, as, moreover, also alluded to in Article 9(4) of the Aarhus Convention. Article 47 of the Charter is sufficient in itself and does not need to be made more specific by provisions of EU or national law in order to confer on individuals a right which they may rely on as such … Thus, that article may be relied on as a limit on the discretion left to the Member States under Article 9(3) of the Aarhus Convention.

 

This case is also analogous to what the UKSC had to consider in Dillon: a primary provision that set out a clear, precise and unconditional right (Article 47 of the Charter) – and further provisions, covering more specific situations in which such a right might apply, which are not directly effective (in Article 9(3) of the Aarhus Convention).  The CJEU had every opportunity to set out that both Article 9(3) of the Aarhus Convention and Article 47 of the Charter had to be directly effective, but did not do so – instead, it stressed that Article 47 sets out framework conditions for how a conditional, imprecise referred provision had to function.  This is in our view similar to the function that Article 2 of the Protocol carries out: it sets out the conditions that apply once the RSEO and Annex 1 directives need to be considered, in the form of setting a non-diminution test.

 

Finally, the UKSC’s understanding of the core negative obligation in Article 2 as vacuous without a contemporaneous assessment of the RSEO sets too high a threshold for clarity and precision. If this was how its reasoning worked, the CJEU would have denied the direct effect of most provisions of EU primary law. To take one iconic example, it clearly would have declined to accept the direct effect of Article 157 TFEU in Defrenne back in 1976; as Daniele Gallo puts it, “[t]he contents of the obligation of [what is now Article 157 TFEU] were considered sufficiently clear, to the extent that the Member States must ensure ‘the application of the principle that men and women should receive equal pay for equal work’, despite … that there was, at the time, relative uncertainty about the concept of ‘equal work’ as well as that of ‘work of equal value’.  (Gallo, OUP 2025, 83).

 

To summarise, the RSEO determines the scope of Article 2 and it is squarely for the Supreme Court to interpret what this means. As noted above, there may be disagreement about how narrowly the ambit of the RSEO was drawn in this ruling – disagreement which can be further discussed in the Specialised Committee on the Windsor Framework. Such disagreement, however, would concern the substantive question of diminution (i.e., was there a relevant RSEO right that has now been diminished?) – and not the relevant test for direct effect. As a matter of the direct effect conditions, there can be little doubt, based on CJEU authority on direct effect, that Article 2 can be invoked before domestic court. In turn, if disagreement arises about the direct effect conditions, the correct interpretation must be determined by the CJEU – a point to which we now turn, in concluding.

 

Is this the final word on the direct effect of Article 2 NIP?

 

Assuming that our analysis is correct, and that the application of the direct effect conditions in Dillon is inaccurate, can anything be done about it? The UKSC was not entitled to make a reference to the CJEU on the matter of direct effect, as this is not provided for under this part of the Protocol. While references are possible with regard to a limited number of other provisions, primarily relating to trade, they are not provided for in the context of the non-diminution guarantee. It is to be hoped, however, that the Joint Committee overseeing the WA will discuss these issues in its upcoming meeting, particularly given the significance of the direct effect question for ongoing litigation on Article 2 at lower levels and, more generally, for the very ability of the Dedicated Mechanism set up under the Protocol to contribute to the enforcement of the non-diminution guarantee through litigation.

 

Arguably, regardless of the outcome of the political discussion, a question should now be put to the CJEU about the correct application of the direct effect criteria by agreement of the parties. The Dillon case demonstrates the technical difficulties associated with ongoing Brexit litigation that involves EU law concepts without the possibility of interpretive clarity through the preliminary reference structure, and it is in nobody’s interest for different versions of a 60 year old test to apply in the EU itself and its closest trading partner. Ultimately, though, if no agreement is reached about what the correct interpretation of the direct effect conditions is in the context of Article 2 within the Joint Committee, an arbitration panel may be appointed to determine the issue. Its decision will be binding on both parties. Crucially, the arbitration panel would be required to make a reference to the CJEU to determine any issues of EU law before it reaches its decision. Undoubtedly, the concept of direct effect would be such an issue.

 

 

 

 

Monday, 29 June 2026

The End of Immunity for Internet Service Providers? C-188/24 WebGroup Czech Republic and NKL Associates and C-190/24 Coyote System, judgment 16 June 2026



 

Lorna Woods, Professor Emerita, University of Essex

Photo credit: TodayTesting.com, via Wikimedia Commons   

This recent CJEU judgment has been flagged in some quarters as upholding the French rules requiring age verification for porn sites. In others, it has been seen as stripping intermediary immunity from social media sites. Based on the e-Commerce Directive, however, is this just a transient discussion, fading away as the Digital Services Act (DSA) becomes the relevant law?

 

The Facts

 

The national cases in Case C-188/24 concern French rules requiring porn operators to implement technical age verification mechanisms to prevent minors from accessing those sites.  The companies were each the subject of a formal notice pursuant to Decree No 2021/1306 implementing Law No 2020-936 and Article 227-24 of the Criminal Code which prohibits any person from broadcasting a pornographic message likely to be seen by a minor. The rules in Coyote System concern the restriction on the broadcasting of information to drivers about roadside checks (eg in relation to speed or drunk driving). The relevant implementing measures were also derived from the French criminal code. These measures were subject to judicial challenge before the French Conseil d’État. The companies in question were not established in France and questioned the applicability of the French rules.

 

The Issues

 

The first question the CJEU had to address was whether the measures fell within the coordinated field of the  e-Commerce Directive (Directive 2000/31) and would therefore be caught by Article 3, which provides for the country of origin principle (COOP). Recital 22 which states that ‘information society services should be supervised at the source of the activity’. This means that services in general comply with the domestic law of the State in which they are established and do not have to comply with the laws of the States in which their services are capable of being accessed.  Article 3(3) excludes certain areas from the coordinated field and Article 3(4) et seq provide for limited grounds of derogation from the COOP and provide conditions with which the receiving State must comply to access the derogation.   The COOP applies only to laws falling within the coordinated field. Here the relevant laws were not sector specific measures targeting information society services in particular, but the general criminal law. The referring court questioned whether the provisions in issue fell within the coordinated field and referred the issue to the CJEU.

 

The ban on transmission in Coyote System was, according to the applicant, contravening the prohibition on general monitoring found in Article 15 e-Commerce Directive. This application of this article is dependent on the information society services in question falling within one of the categories of service found in Articles 12-14 e-Commerce Directive (mere conduit, caching services or hosting services respectively). The Court thus then had to consider whether the service in Coyote System was a hosting service within the meaning of Article 14 e-Commerce Directive. Article 14(1) provides:

 

Where an information society service is provided that consists of the storage of information provided by a recipient of the service, Member States shall ensure that the service provider is not liable for the information stored at the request of a recipient of the service, on condition that:

 

(a) the provider does not have actual knowledge of illegal activity or information and, as regards claims for damages, is not aware of facts or circumstances from which the illegal activity or information is apparent; or

(b) the provider, upon obtaining such knowledge or awareness, acts expeditiously to remove or to disable access to the information.

 

Judgment

 

The Coordinated Field

 

The Court emphasised that the coordinated field

 

covers all requirements laid down by the legal systems of the Member States relating to the taking up or pursuit of the activity of an information society service, … that definition does not make the coordinated field subject to the condition that only matters harmonised by that directive are covered. [para 52]

 

Following the Advocate General (at para 56 of his Opinion), it remarked that Article 3 is of particular importance precisely for the areas of law not harmonised. The mere fact that the laws apply generally cannot remove them from the coordinated field. Moreover, the Directive excludes certain areas from the scope of the Directive, so the question of exclusion had been taken into account in the Directive. Taking a different approach would undermine the purpose of the Directive.

 

The Court confirmed that requiring age verification sets the conditions for access to the information society services and is a requirement concerning the pursuit of an activity within Article 2(h)(i) (see Case C-649/18 A (Advertising and sale of medicinal products online)). For the roadside broadcasts, the Court took the view that the prohibition constituted a requirement relating to the content of the service. Both sets of measures therefore fall within the coordinated field.

 

The COOP and Derogation

 

The key question for the application of the COOP was whether the measures restricted the free movement of the services. This question the Court answered in the affirmative before considering whether the derogation in Article 3(4) could be used.

 

The derogation has substantive and procedural conditions. Substantively, the measure must be necessary in the interests of one of more of: public policy; protection of public health; public security; or protection of consumers. Further, those measures should be taken against an information society service which actually prejudices those objectives or presents a serious and grave risk to those objectives. Finally, the measures must be proportionate to the objectives. In procedural terms, the recipient Member State must first have issued an unsuccessful request to the host Member State to fix the issue and, secondly, notified the Commission.  A failure to comply renders the obligations unenforceable (Case C-390/18 Airbnb Ireland – following long established case law).

 

General rules applying without distinction do not satisfy the second of the substantive conditions. The rules, however, provided for the issuing of individual notices which satisfy this requirement [para 90]. The third substantive element – that of proportionality – was satisfied in relation to the protection of human dignity and the rights of the child as regards the broadcasting of pornography [para 94] and, without much elaboration, the prohibition on rebroadcasting is also proportionate [para 96]. 

 

So in principle, the national rules could meet the substantive criteria but it was for the referring court to determine whether the procedural rules were satisfied.

 

General Monitoring

 

Hosting

 

As noted above, the possibility of relying on Article 15 depends on whether the service in issue – here the service in Coyote System - is a host within the scope of Article 14 [see para 105]. The Court noted that the definition of hosting did not automatically preclude a service which also has elements of broadcasting from being a host, referring to long-standing caselaw as well as more recent (Case C-360/10 SABAM; Case C-682/18 YouTube and Cyanado and Case C-401/19 Poland v Parliament and Council). Conversely, just because a service includes the storage of information does it mean that the service is a host for the purposes of Article 14. The Court reiterated the limitations arising from Recital 42 – that the services should be of a mere technical, automatic and passive nature. This implies, according to the Court’s case law (Case C-324/09 L’Oréal and Case C-682/18 YouTube and Cyanado), “the information society service provider has neither knowledge of nor control over the information which is transmitted or stored” [para 108].  The Court underlined that “those two conditions requiring knowledge and control should be understood as being alternative to and independent of each other” [para 110].  The Court then held that

 

if, beyond the mere categorisation and indexation of information for the purpose of improving its accessibility, the algorithm used determines, in the interest of the operator or its service, under what conditions, how and in which order of priority that information is or is not be broadcast, that operator exercises control over that information, with the result that the service it offers cannot be classified as an ‘information society service … that consists of the storage of information provided by a recipient of the service’ [para 112].

 

Impact on Article 14(3) and Article 15

 

If a service exercises control over content, it does not fall within Article 14 and therefore the restrictions imposed on Member States by Article 15 are not applicable to such are service. The questions were for the national court to determine.

 

On the assumption that the service were found to be neutral, the national court must decide whether the prohibition on rebroadcasting the information on roadside checks is permitted by Article 14(3) which concerns orders requiring a neutral host to terminate any infringement on the part of the recipient of the service due to, inter alia, the presence of illegal information stored on its website or on its platform by removing or blocking access to that information.

 

Considering Article 15, the Court referred to Recital 47 e-Commerce Directive, which clarifies that Article 15 does not apply to monitoring in specific cases. Referring to the test laid down in Glawischnig-Piesczek (Case C-18/18), paras 46 and 47, the Court noted in this case that the information targeted by the prohibitions “is circumscribed in such a way that its rebroadcasting may be automatically prevented by the operator concerned” [para 121].

 

 

Comment

 

Coordinated Field and COOP

 

The Court has taken a typical approach here, a broad approach to the areas covered: criminal law rules and public policy rules can fall within the scope of the directive, provided they impose requirements on the access or conduct of an information society service. Furthermore, none of the criminal law in general, public policy and public security measures appear on any of the exclusions from the scope of the directive. The Court’s ruling makes explicit that this absence from the exclusions is deliberate. This position is in the interests of ensuring that a service is not subject to multiple regulation, but it can lead to unevenness and gaps in protection from the viewpoint of a person expecting the rules of the member state in which they reside to apply to services providers providing services in that self-same Member State. This is especially the case when the aspect potentially taking the national rule outside the derogation regime is about its form, not its substance.  The COOP principle has long given rise to concerns about forum shopping and a race to the bottom (as can be seen also in the broadcasting sector and the Audiovisual Media Services Directive) but has been re-affirmed as a central tenet of the EU regime (see eg Case C-769/22 Commission v Hungary (Values of the European Union)). 

 

It is also worth noting that the Court in principle accepted that both sets of rules in the cases referred were aimed at achieving legitimate aims and were proportionate. The Court drew on the fact that the AVMSD requires age verification in relation to pornography to reach this latter assessment. In so doing, the Court engaged in a joining up the dots activity between different piece of EU digital legislation. 

 

In this ruling, the Court underlined both the importance of the right to human dignity and the rights of the child.

 

Impact on Article 14

 

The headline news from this ruling is the impact on Article 14 and the test for neutral intermediary. The hosting safe harbour in Article 14 was always meant for neutral, passive intermediaries – entities whose activity is “purely technical, automatic and passive”, implying that the provider “has no knowledge of or control over” the information stored (Recital 42 e-Commerce Directive). This has been the standard position since the early case law – for example L’Oreal.  What this means, and in particular the impact of automated tools, has been the subject of some discussion. In a different context (copyright infringement), the Court even if an operator automatically indexes infringing content to recommended videos based on each users’ use did not necessarily mean that the host had specific knowledge of the infringing content, and the Court determined that this sort of specific knowledge was what was required. This could be seen as quite a generous view towards the hosting services and the scope of immunity. It might almost be said that there was an assumption that platforms would benefit from Article 14 (provided they responded to notices). In Coyote there is a shift of focus.

 

The first point to note is the Court’s statement that hosting services do not automatically benefit from Article 14. While this is not new – and, indeed, can be seen the Court’s previous jurisprudence – the reminder feels significant, especially in the light of the rest of the ruling. The Court here confirmed that a service has to satisfy both the knowledge and the control tests, a point not laboured in previous judgments. The Court (at para 110) makes this really clear: if a service exercises control, even if it has no knowledge, it will fall outside the intermediary immunity provision.

 

Whereas Cyanado dealt with knowledge, System Coyote looks at control. Significantly, the Court held that algorithmic curation constitutes “control”.  The Court (following its Advocate General) held (para 111):

 

it is, inter alia, by means of the algorithm used that such an operator exercises control over the information stored. So long as it has predetermined, by means of that algorithm, the conditions under which such information may or may not be broadcast, it is irrelevant that that operator does not itself carry out additional interventions which have the effect of promoting, modifying or deleting information stored with a view to it being broadcast.

 

In other words, when a service which stores information uses an algorithm to determine – in its own interest or that of its service – under what conditions, in what manner, and in what order of priority information is or is not disseminated it has control (see para 112). It does not matter that this is automatic. So creating the algorithmic system is exercising control.  In focussing on control, the Court avoids outright conflict with its earlier position (for example in Cyanado), but it certainly signals a change in emphasis and (in line with thinking underpinning parts of the DSA) a recognition that the algorithm is not necessarily neutral.

 

Not all categorisation or prioritising satisfies the control test. Simple categorisation and indexing of information to improve its accessibility do not on their own constitute control. Essentially, the Court is trying to draw the line between a neutral index, or chronological feed, and something more editorial (and it is telling to remember that the services themselves have claimed first amendment rights – is relating to their speech – in relation to how results are provided). 

 

Nonetheless, this ruling will affect a wide range of services based on curating user generated content, from social networks, video-sharing services and – of course – services that rebroadcast user reports (eg about police checks), as well as recommended products on a marketplace. The judgment could be read as stripping most (if not all) of the large social media platforms of their immunity (though this does not mean they will automatically be liable in all cases – that will depend on national law and the facts in individual cases). It could also be said to follow a similar path to the Russmedia decision (Case C-492/23), discussed here, which also took a narrow view of immunity (hosting defence does not apply to liability under the GDPR).

 

Impact on Article 15

 

The prohibition on general monitoring only relates to those services covered by intermediary immunity. Although this follows the language of Article 15(1) there had been some dispute as to who could claim the protection of Article 15. The answer is now clear: fall outside Article 14 (or 12 or 13) and Article 15 does not apply. 

 

The Court also reiterates its position on the distinction between general and specific monitoring and highlighting the possibility of using automated techniques to identify particular types of content. This could be relevant for Member States’ ability to impose monitoring or filtering obligations (in services of some public interest) – these (in relation to copyright infringements, e.g. SABAM, above) had been thought problematic in the relatively early days of the e-Commerce Directive, and platforms have often challenged such obligations as constituting general monitoring. The Court’s discussion here is focussed tightly on content; it does not discuss behavioural monitoring or profiling (which might be techniques by services to reduce the incidence of illegal content or behaviour across their services). It will be interesting to see how this line of case law joins up with the jurisprudence under the e-Privacy directive on collection of metadata and intrusions into communications privacy (see eg Case C-746/18 Prokurator).

 

Impact on DSA

 

Article 6 DSA, which replaces Article 14 e-Commerce Directive, provides that hosting providers are not liable for information stored at the request of a recipient of the service, provided that they do not have actual knowledge of illegal activity or content, unless the recipient acts under the authority  “or control” of the provider. It has been assumed given the similarity in the text, that the case law on Article 14 is relevant for understanding Article 6 DSA, including as regards the threshold condition of neutral. The wording of the relevant recitals in the DSA differ, however, from the text in the e-Commerce Directive (noted above) – and the Court has relied heavily on that text in its interpretation of Article 14.  Indeed, Article 14 itself does not refer to control. Recital 22 DSA specifies:

[i]n order to benefit from the exemption from liability for hosting services, the provider should, upon obtaining actual knowledge or awareness of illegal activities or illegal content, act expeditiously to remove or to disable access to that content. … The provider can obtain such actual knowledge or awareness of the illegal nature of the content, inter alia, through its own-initiative investigations or through notices submitted to it by individuals or entities in accordance with this Regulation in so far as such notices are sufficiently substantiated to allow a diligent economic operator to reasonably identify, assess and, where appropriate, act against the illegal content. However, such actual knowledge or awareness cannot be considered to be obtained solely on the ground that the provider is aware, in a general sense, of the fact that its service is also used to store illegal content. Furthermore, the fact that the provider automatically indexes information uploaded to its service, that it has a search function or that it recommends information on the basis of profiles or preferences of the recipients of the service is not a sufficient ground for considering that provider to have ‘specific’ knowledge of illegal activities carried out on that platform or of illegal content stored on it. [emphasis added]

 

At first glance, the recital seems to contradict the ruling in Coyote System. The wording of the recital seems to follow the approach the Court adopted in Cyanado and like that judgment deals with the question of knowledge. We have noted earlier, the Court’s sidestep in this case, to talk about control. The recital says nothing about control and is therefore not inconsistent with the approach in Coyote System.  Of course, this means that there is no reference to “control” in the text of the DSA because Article 6, like its predecessor Article 14, is silent on the point. It is far from clear, however, that the change in wording in the recital was intended to mark a change in meaning from Article 14 resulting in an expansion of the scope of immunity. Rather it seems an intention to align the DSA with the case law on Article 14 e-Commerce Directive. Presumably, there will be much litigation on this point as well as the linked question as to where the boundary between control and “mere categorisation and indexation of information” [para 112].


Thursday, 28 May 2026

Amazon, systemic risk, and the Digital Services Act: What the General Court did and did not decide

 



 

Catalin Gabriel Stanescu, Associate Professor of Private Law at the University of Southern Denmark. His research focuses on consumer law, digital regulation, financial vulnerability, and the political economy of private law.

 

Photo credit: David Dixon, via Wikimedia Commons

 

The DSA Observatory recently published a thoughtful post on the General Court’s judgment in Amazon v Commission, which rejected Amazon’s argument that it should not have been listed as a ‘very large online platform’ (VLOP) under the Digital Services Act (DSA), and, in doing so, critiqued a working paper of mine on ‘systemic risk’ under the Digital Services Act. For me, it was a valuable engagement. The judgment does influence how arguments about systemic risk under the DSA can be framed. However, it does not support the broader claim that a financial-law analogy about the definition of ‘systemic risk’ has been displaced. When read carefully, Amazon takes a narrower approach: it rejects one specific application of the financial analogy, while preserving a more structural comparison between financial supervision and the DSA’s systemic-risk regime.

My paper’s central claim was not that the DSA should be read as banking law in another guise. Nor was it that systemic risk under the DSA must be defined by interbank contagion or by the existence of a closed system of interconnected undertakings. What I proposed was that the DSA relocates into digital governance a supervisory rationality already familiar from EU financial law: a mode of regulation built around ex ante risk assessment, differentiated obligations for systemically significant actors, and a recalibrated proportionality analysis where institutions are acting under conditions of complexity, uncertainty, and potentially large-scale harm. That remains, in my view, the right level at which to compare the two regimes.    

The General Court’s judgment, however, establishes an important limitation. Amazon contended that marketplaces could not generate “systemic” risks because, unlike financial institutions, they do not form part of an interconnected system. In paragraph 69, the Court summarized Amazon’s submission that marketplaces are not interdependent, do not constitute a system, and therefore cannot give rise to systemic risks in the manner of financial institutions. The Court rejected this argument in paragraph 70. It held that the DSA is not concerned with systemic risks posed by marketplaces due to their participation in a “system” in that sense. Instead, the DSA aims to mitigate systemic risks to society as a whole, insofar as those risks may affect a significant portion of the European Union’s population. Consequently, the Court found that the independence of marketplaces from one another does not prevent them from generating some of the risks identified in Article 34(1) DSA (ie the risks which VLOPs are obliged to assess).

This is a significant point. Under the DSA, interconnectedness in the financial-law sense is not a necessary criterion for defining systemic risk. Instead, the Court places decisive emphasis on reach, scale, and disproportionate societal impact. This approach is evident not only from paragraph 70, but also from the Court’s reliance on recitals 75 and 76 DSA, which highlight the reach of very large online platforms, their role in facilitating public debate and economic transactions, and the potential for disproportionate impact once they reach a significant share of the Union’s population. The same reasoning appears later when the Court notes that marketplaces above the Article 33 DSA threshold for designating VLOPs may pose risks to society that differ in scale and impact from those posed by smaller platforms. On this point, the Observatory’s interpretation is correct: Amazon shifts the analysis away from a narrow contagion model.

What does not follow, however, is the stronger conclusion that the judgment rejects the relevance of financial systemic-risk thinking altogether. The Observatory interprets Amazon as attributing a more autonomous meaning to systemic risks under the DSA and as introducing a break with the reliance on financial systemic-risk regulation as a reference point. I believe this interpretation overstates the case. The Court rejected Amazon’s specific application of the analogy, but did not assert that the DSA lacks structural affinity with systemic-risk governance as developed in other areas of EU law.

This distinction is important because the DSA’s regime retains a recognizably systemic-risk structure.

First, the regime is actor-specific. In the present context, Articles 34 to 43 DSA apply only to platforms designated as VLOPs, while more broadly it also includes very large online search engines (VLOSEs). The Court accepts this differentiation as resting on the legislative judgement that platforms of such scale may generate risks with a disproportionate impact in the Union. In paragraphs 52 and 53, the Court summarizes the obligations imposed on VLOPs: risk assessment, potential adaptation of service design, independent audit, profiling-free recommender options, advertising repositories, data access for researchers, internal compliance functions, transparency reports, and supervisory fees. In paragraphs 63 to 65 and 77, the Court accepts the legislative premise that VLOPs may cause societal risks that differ in scope and impact from those caused by smaller platforms, and that marketplaces above the threshold may give rise to the risks listed in Article 34(1). This is not merely a semantic distinction regarding the meaning of what qualifies as “systemic.” It is a sorting mechanism that imposes heightened obligations on actors deemed systemically significant due to their scale. This feature is central to the financial-law genealogy discussed in my paper.

Second, the regime is preventive. The obligations upheld in Amazon are not limited to sanctioning completed infringements, but are intended to identify, assess, and mitigate risks before harm occurs. The Court’s summary of Articles 34 to 43 confirms this preventive orientation. This is why the financial-law comparison remains relevant at the level of supervisory logic. In both contexts, the law acts proactively rather than waiting for collapse or completed harm before intervening. My paper identified this preventive approach as a central element of systemic-risk governance in EU law, both in finance and under the DSA. Nothing in Amazon contradicts this analysis.

Third, and most importantly, Amazon strongly supports the argument that systemic-risk governance is accompanied by a relatively flexible form of proportionality review. The Court explicitly recognizes that Article 33(1), by subjecting VLOPs to Articles 34 to 43, interferes with the freedom to conduct a business under Article 16 of the Charter, as these obligations may entail significant costs, substantial organizational effects, and complex technical solutions. Nevertheless, the Court upholds this interference because the legislature possesses broad discretion when making political, economic, and social choices and undertaking complex assessments. In this context, only measures that are “manifestly inappropriate” can be deemed unlawful. The Court further emphasizes that the freedom to conduct a business is not absolute and must be balanced with the objective of ensuring a high level of consumer protection under Article 38 of the Charter. It concludes that the legislature did not commit a manifest error in treating marketplaces above the threshold as capable of generating the risks identified in Article 34(1), and that Article 33(1) DSA was not shown to be manifestly inappropriate for achieving the Regulation’s objectives.

This aspect of the judgment is at least as significant as paragraph 70. Even if one accepts that DSA systemic risk is not linked to interconnectedness in the financial sense, the Court’s reasoning still supports a model of anticipatory, differentiated, and intrusive supervision, constitutionally sustained through broad institutional discretion and limited judicial review. This is precisely the dimension of systemic-risk governance that my paper sought to highlight. EU financial-law jurisprudence exhibits the same pattern: preventive intervention, differentiated obligations for systemically significant actors, and a proportionality review tailored to technical complexity and predictive judgment. At this level, the comparison is not only valid but also illuminating.

The core disagreement with the Observatory is not whether Amazon alters the analytical landscape –it does – but rather concerns the appropriate level of abstraction for comparison. If the argument were that DSA systemic risk merely replicates bank-contagion logic, the judgment would be difficult to defend. However, that was not my position. My argument is that the DSA adopts a macroprudential style of governance: it identifies a subset of actors whose scale enables them to cause significant harm, subjects them to enhanced due diligence and supervision, and justifies these obligations through a preventive public-interest rationale. Amazon does not undermine this claim, it only refines it.

One further point should be noted. The judgment did not resolve all interpretive questions regarding Article 34 DSA. Specifically, it did not explicitly determine whether the list of risks to be assessed, set out in Article 34(1), is exhaustive. While the Observatory may reasonably infer from certain passages that this is the case, such an inference does not constitute a definitive holding. The repeated references to the risks “referred to in Article 34(1)(a) to (d)” are consistent with the narrower view that these were the risks relevant to the case at hand. On this issue, a cautious approach remains advisable.

In my view, the most accurate reading of Amazon is as follows. The judgment narrows the conceptual overlap between financial and digital systemic risk by rejecting interconnectedness as a necessary definitional criterion under the DSA. However, it reinforces the structural overlap at the level of governance. Under the DSA, systemic risk continues to justify a regime that is differentiated, preventive, supervisory, and constitutionally sustained through a broad margin of institutional discretion. Therefore, the financial analogy I proposed remains useful, provided it is applied at the appropriate level of abstraction. The DSA is not banking law for platforms, but it is law crafted in a distinctly macroprudential register.