Latest Posts:
Search for:

Analyzing critical legal trends and developments across data, cyber, AI and digital regulations from around the world and beyond borders

In EU Data Privacy

European Union: Recent case law and developments on the applicability of digital regulatory laws by EU Member States

by 15 Mins Read

I. In brief

This article has practical relevance for online service providers that are either established in an EU Member state or subject to the Digital Services Act and currently see themselves pressured to comply with national digital regulatory rules that have been introduced on EU Member State level (e.g. youth protection or social media laws).

II. Introduction

Two recent decisions by German administrative courts have strengthened the position of service providers who are currently required to comply with national online regulatory laws introduced at the level of EU Member States. These decisions confirm the non-binding position of the EU Commission, as previously set out in the EU TRIS notification procedure. Although this may seem to be only relevant to German law, the arguments provided by the EU Commission and the German courts have wider implications and provide a strong defence against the obligation to comply with any national online or media regulatory laws passed by EU Member States (e.g. national youth protection or social media laws that do not derive from EU law).

III. Background

(Note to reader: If you are already familiar with the EU country of origin principle, its exceptions as recently interpreted by the European Court of Justice, and the full harmonization effect of the Digital Services Act you can skip this section).

There are currently two main arguments against a compliance obligation with digital regulatory laws that have been introduced on EU Member State level: (1.) the EU country of origin principle and (2.) precedence of EU laws, in particular the Digital Services Act (“DSA”).

1. Country of origin principle

  • The EU country of origin principle has its origin in the EU E-Commerce Directive and the EU Audiovisual Media Services Directive (“AVMS Directive”). In order to rely on the country of origin principle, the service in question must be established in an EU or EEA Member State. Assuming this is the case, the country of origin principle stipulates that the service provider only has to comply with the national laws of the EU Member State in which it is established. This principle is an important legal foundation for the EU, as it promotes technical and economic growth in the digital single market. It does this by ensuring that digital service providers only have to comply with the regulatory laws of the Member State in which they are established, rather than being overwhelmed by the regulatory laws of all 27 Member States.

Some caveats apply:

  • In particular, the country of origin principle only protects against compliance obligations of laws falling within the scope of the E-Commerce or AVMS Directive. However, this scope is rather broad. For instance, it covers online media regulation laws, youth protection and social media laws. Thus, this caveat is somewhat limited. One noteworthy exception is gambling law, which is not harmonized within the EU and is explicitly exempted.
  • Another important point to note again is that the country of origin principle does not apply to services that are not established in the EU/EEA. Consequently, this principle may render a law inapplicable for some services (those established within the EU/EEA) but not for others (those established outside the EU/EEA).
    • Lastly, the country of origin principle is subject to some statutory exemptions:
      • Under the E-Commerce Directive, Member States may take measures to derogate from the country of origin principle if these measures are
        • necessary for the protection of public policy (in particular youth protection or prevention of hate speech), the protection of health, public security and the protection of consumers,
        • taken against a specific (“given”) service which prejudices these purposes or presents a serious and grave risk to do so, and
        • proportionate.
    • In addition, the relevant Member States needs to meet strict formal procedural requirements, namely
      • first asking the Member State in which the service is established to take measures and
      • notifying the EU Commission (exceptions can apply in urgent cases).
    • In the past, several Member States have tried to rely on these exceptions to pass onerous laws to regulate social networks in the pre-DSA era such as the German Network Enforcing Act (“NetzDG”) and the Austrian Communication Platform Law (“KoPL-G”).
      • However, several social network providers challenged these laws in court, relying among other things on the country of origin defense. In the case of the KoPL-G, the case was escalated to the European Court of Justice (Baker McKenzie representing two service providers).
      • The European Court of Justice (“ECJ”) ruled in favour of the social network providers, stating that the exceptions to the country of origin principle do not apply to entire laws (ECJ Decision dated 9 November 2023, Case C-376/22). Only individual measures taken by Member States can fall under the exception. For instance, a Member State could issue a blocking order against a particular service if the requirements of the country of origin exception are met. However, it cannot pass an entire abstract-general law obliging all services within scope to implement certain measures simultaneously. This would not comply with the exception requirement that the measures must be taken against a specific (‘given’) service.

                        2. Precedence of the DSA

                        The DSA became fully applicable to intermediary services and search engines in February 2024. It goes without saying that the DSA is a very onerous law, posing major challenges for all service providers falling under its remit. This includes a wide range of services, as almost anyone providing intermediary services or search engines in the EU/EEA is affected. These services may be small or incidental, such as an online discussion board, a commentary section, an upload feature or standard social media features in a video game.

                        However, the DSA also has an upside. At least it is a law that applies throughout the EU in the same way, replacing the previous situation of different national laws. This provides companies with legal certainty, as they can implement a one-size-fits-all solution across the entire EU/EEA. Furthermore, due to the DSA’s broad scope and its status as a directly applicable regulation, it takes precedence over all national laws within its scope (i.e. laws that regulate matters already covered by the DSA). This is often referred to as the DSA’s full harmonization effect. Under this effect, national laws that fall within the scope of the DSA are rendered inapplicable.

                        However, as with the country of origin defence, relying on the precedence of the DSA has a caveat. Services can only do so if they themselves are subject to the DSA. Taking ‘precedence’ means that, in case of conflict, the conflicting law is superseded, but not generally rendered null and void in relation to other parties. Therefore, as with the country of origin principle, the same law could be rendered inapplicable to some services while remaining applicable to others.

                        For example, a social media service could argue that it is not obliged to comply with national legislation regulating notice and takedown procedures or transparency obligations, as these are already covered by the DSA. This is because a social media company is an intermediary service, which falls within the scope of the DSA. In contrast, video-on-demand and music streaming services cannot rely on this argument because they are not intermediary services and are therefore not subject to the DSA.

                        However, the argument that the DSA takes precedence over national laws that fall within its scope also has an important advantage over the country of origin defense in that it also applies to services that are not established in the EU/EEA.

                        Furthermore, it should be noted that it is not necessary to fully comply with the DSA in order to argue that it supersedes national law, as these are two separate issues. Whether it is wise to make this argument in the event of non-compliance with the DSA, however, is another question and needs to be assessed on a case-by-case basis. National competencies to enforce the DSA, for instance, play a decisive role in answering this question.

                        IV. New developments

                        Two German administrative courts recently issued rulings that further clarified and defined the defensive arguments summarized above (i.e. the country of origin defense and precedence of the DSA). These rulings paint a bleak future for German media regulation and have been described by some as sounding its death knell. However, the courts’ arguments are also relevant outside Germany, as they technically apply to online regulation laws passed by other member states too.

                        1. Country of origin principle

                        The first court decision concerned the country of origin principle (Administrative Court Düsseldorf, decision dated 19 November 2025, case no. 27 L 1350/24). The court ruled that, when taking into account the arguments set out by the ECJ in C-376/22 (the decision summarized above), the legal basis for a blocking order concerning a pornography platform is no longer applicable to a service established in another EU Member State.

                        1. Germany vs. EU Commission – Part 1

                        The Court confirmed a position previously taken by the EU Commission during the TRIS notification procedure regarding the legal framework, which included the disputed provision (notification 2024/188/DE). The TRIS notification procedure requires every EU Member State to notify the EU Commission of new laws regulating e-commerce services. The Commission can then analyse the law and provide non-binding comments. The purpose of the procedure is to prevent technical barriers to trade from being enacted.

                        During the TRIS procedure, the EU Commission took the position that the law notified by Germany would violate the country of origin principle as interpreted by the ECJ because it also applies to services established in the EU. The Commission reiterated that the ECJ had made it clear that laws stipulating general and abstract obligations for e-commerce services could not rely on the exceptions to the country of origin principle (see the decision summarized above). Such exceptions would require measures to be taken by a Member State in relation to a specific (‘given’) service. They cannot regulate several services at once in a general and abstract manner (as is the case with most laws, which are rarely passed to regulate just one specific case/service).

                        Unsurprisingly, Germany rejected the EU Commission’s position and passed the disputed law without making (significant) changes. The legislator even stated in the legislative materials that the EU Commission’s position would call into question German media regulation in its entirety.

                        • The decision of the Administrative Court Düsseldorf

                        The Administrative Court Düsseldorf now had to decide on the matter and clearly sided with the EU Commission and its interpretation of the ECJ case law. While this might at first seem like a straightforward confirmation of ECJ case law by a national court, it is much more significant than that. The devil is in the detail, and the assertion by the German legislator that German media regulation is now in question in its entirety could not be more accurate. However, the arguments also apply to regulatory laws passed by other EU Member States at a national level.

                        • The impact of the decision

                        To understand the significance of the decision, it is important to remember how regulation works at the outset. Simplified, it follows a two-step scheme:

                        1. First, there needs to be legal basis. This is a requirement in most countries and a key pillar of the rule of law. Typically, the legal basis regulating an e-commerce service stipulates some form of obligation. This could be a prohibition to distribute certain content, a requirement to obtain a license, to notify the service, or the obligation to implement disclaimers, transparency obligations, must-carry rules, etc.
                        2. Second, if the obligation stipulated by the legal basis is not complied with, the competent regulator can enforce it by imposing enforcement measures or sanctions. The enforcement process is always case-by-case specific, i.e. the authority imposes the enforcement measures against a specific non-compliant service provider. This could be an order to comply with the obligation, a blocking order for the service, the imposition of a fine, etc.

                        Previously, it was widely assumed that, in order to apply the legal basis with regard to a service provider established in another Member State, only the enforcement measures (i.e. step 2) had to comply with the exceptions to the country of origin principle, including the formal procedural steps (as summarized above). However, this rarely happened due to the restrictive interpretation of these requirements and the effort involved in going through the formal procedure. Nevertheless, it was generally considered to be theoretically possible.

                        This is where the recent decision of the Düsseldorf Administrative Court comes into play. According to the court, the obligation set out in the legal basis alone (i.e. step 1 above) would violate the country of origin principle, even if the regulator did not enforce the rule.

                        Put simply, if a provision states ‘It is prohibited to do X’ or ‘To provide your service, you must do Y’, this constitutes a direct legal restriction, as the service provider must comply with this obligation to avoid violating the law or facing sanctions. Consequently, the law cannot be applied to service providers established in another EU Member State, since the country of origin principle prohibits “restrictions on the freedom to provide e-commerce services from another Member State” [sic].

                        This decision has such a fundamental impact because almost all regulatory provisions stipulate an obligation (step 1 above). This is the core drafting mechanism behind almost all regulatory laws, not just in Germany. Consequently, any provision at Member State level that stipulates an obligation can now theoretically be challenged by service providers established in another EU Member State on the basis that the rule does not apply from the outset, regardless of whether the regulator is actually trying to enforce it. This also means that the regulator cannot attempt to enforce the law (step 2 above), for example by complying with the exceptions to the country of origin principle. Enforcement (step 2) always requires a legal basis (step 1), which is no longer applicable in these cases.

                        2. Precedence of the DSA

                        The second decision issued by the Administrative Court Neustadt concerned the argument on the precedence of the DSA (decision dated 13 January 2026, case no. 5 K 475/24.NW). Similar to the first decision, the court ruled that the legal basis for a blocking order concerning a pornography platform is no longer applicable.

                        1. Germany vs. EU Commission – Part 2

                        As with the initial decision, the Court confirmed a position previously taken by the EU Commission during the TRIS notification procedure with regard to the legal framework, which included the disputed provision.

                        During the procedure, the Commission applied a broad interpretation of the scope of the DSA. The Commission took the view that the DSA conclusively regulates the field of minor protection. This broad interpretation came as a surprise not only to national regulators and lawmakers, but also to neutral observers, as it meant that Member States would be completely blocked from passing or applying any youth protection laws regulating intermediary services or search engines. Any such law would no longer be applicable.

                        Unsurprisingly, the Commission’s interpretation was rejected by Germany. According to Germany, the DSA’s youth protection rules (in particular Art. 28 DSA) would be too general and abstract to be seen as a conclusive youth protection regulation for intermediaries.

                        • The decision of the Administrative Court Neustadt

                        Like the VG Düsseldorf (see above), the VG Neustadt also sided with the EU Commission’s interpretation. The court conducted an in-depth analysis of the DSA, providing numerous arguments as to why it conclusively regulates the area of protection of minors for intermediary services and search engines. Since the disputed provision was included in a German youth protection law, the court ultimately concluded that it could no longer be applied to intermediary services or search engines. Once more, the arguments and position adopted by the court (and the EU Commission) should also apply to other youth protection laws passed on EU Member State level.

                        However, it should be noted that the decision will most likely be appealed. Nevertheless, when considered alongside the EU Commission’s statements, the recent German court decision provides compelling arguments against the idea of services subject to the DSA being obliged to comply with national youth protection laws.

                        For the sake of completeness, it should also be noted that the court confirmed that the disputed legal basis would no longer apply due to a violation of the country of origin principle. The court provided the same arguments as the Administrative Court Düsseldorf before. Therefore, alongside the initial decision summarised above, two courts have now adopted this view.

                        V. Outlook – What about age thresholds for social networks?

                        There is currently an intensive debate among several countries about whether age thresholds and age gating requirements for social media services should be introduced. Australia and France have already adopted such laws, and Germany is considering doing the same. As mentioned above, the prevailing opinion seems to be that the DSA will fully harmonies youth protection laws for intermediaries, including social media services. Additionally, any age threshold or age gating requirement constitutes a restriction of the freedom to provide e-commerce services, and is prohibited under the country of origin principle unless exempted. General laws cannot rely on the exception to the country of origin principle. Nevertheless, on 27 January 2026, the EU Commission confirmed that France may pass a law regulating minors’ access to social media platforms if certain requirements are met. It will be interesting to see how such national laws are supposed to comply with the strict requirements set out above. In any case, social media services should closely assess all national laws in light of the above developments and consider challenging national laws that do not comply with the requirements, which seems not unlikely, given the limited space that is left for national lawmakers to manoeuvre.



                        Categories:
                        Author

                        Sebastian Schwiddessen is a senior associate and a member of Baker McKenzie's TMT Practice in Munich. Sebastian has been working in the entertainment and video games industry for over 18 years, from both an operational and legal perspective. Sebastian’s clients range from platform providers over market leading video gaming, film and entertainment companies to indie publishers. Sebastian is well-known as an advisor in the video games and entertainment sector. He also regularly advises a wide range of leading social media companies and video-sharing-platforms on regulatory and copyright related matters.

                        Related Posts