Q&A: How Germany Is Readying Itself to Administer the Digital Services Act

In May, as part of a Tech Policy Press series marking 100 days since Europe’s Digital Services Act entered into full effect, I published a Q&A with Ireland’s Digital Services Coordinator (DSC), John Evans. We discussed what his eighty-person team was prioritizing as it headed into June’s European elections, and how Ireland’s newly-formed media regulator, Coimisiún na Meán, is approaching its relationship with the Very Large Online Platforms (VLOPs) and Search Engines (VLOSEs) its tasked with overseeing, around half of which are based in Ireland.

An additional 26 EU member states are also in the process of setting up their DSC offices, which will be key for platform accountability in the image of the DSA, with some countries farther along than others. (Belgium, Poland, and Slovakia have yet to designate their coordinators, while Cyprus, Czechia, and Portugal still have to empower theirs with the necessary competences, according to the Commission.)

Germany is one such member state making steady progress. The Bundesnetzagentur (BNetzA), Germany’s regulatory authority for electronic communications, energy, railways, and postal affairs, appointed its president, Klaus Müller, as Coordinator in May. Now, Andrea Sanders-Winter, head of the Bundesnetzagentur's division on internet, digitalization, and market analysis, is building out a DSA “task force” to begin handling complaints, certifying out-of-court dispute resolution bodies, and running DSA public awareness campaigns, among other priorities. She hopes that in 2025, with budgetary support from Germany’s legislature, the current task force will grow from fifteen people to a more robust staff of seventy.

Below is an exclusive interview with Sanders-Winter that took place in mid-July. It has been lightly edited for length and clarity.

Gabby Miller:

Every country has structured the way that they're approaching the DSA and the Digital Services Coordinators (DSCs) very differently. Can you share how Germany's doing that?

Andrea Sanders-Winter:

The DSCs are responsible for all matters relating to the supervision and enforcement of the DSA in the relevant country.The DSA foresees the possibility for member states to assign certain tasks to other competent national authorities, and the German government has done so with the German implementing law. This national law assigns the function of the DSC to BNetzA, providing a role for the federal agency for the protection of children and young people in the media sector, as well as to state media authorities with regard to the protection of minors. Furthermore, the federal data protection authority is responsible in the area of profile-based advertisement with regard to minors. So this is the split of competencies.

The role of the DSC has been given to BNetzA and the protection of minors to the federal agency as well to the state media authorities and a specific role for the data protection authorities. The DSC, as established within BNetzA, has more or less four main tasks. The first one is the oversight on intermediaries, other than VLOPs, established in Germany, then the certification task that is certifying alternative dispute resolution bodies or awarding the status of the trusted flaggers or the vetted researchers and the complaint handling for the national users as well as, as the term indicates, coordination on all levels.

First on a national level, because we are coordinating national authorities, we are cooperating with civil society, academics, associations, and of course platforms. And the second level is the European level. We have to cooperate with other DSCs, we have to cooperate within the board for digital services with the EU Commission in cross-border issues, in all the multilateral cases, or for the investigations of the Commission. So there is this coordination task force within BNetzA, and it has got a specific level of independence within BNetzA. There will be one person specifically dedicated as a DSC, as the head of the units. And it's not all integrated in the hierarchy of BNetzA, it's a specific task force within the usual authority of BNetzA.

Miller:

Can you tell me exactly what your role is in relation to the DSA and the coordination of it?

Sanders-Winter:

I'm heading the division of internet, digitalization and market analysis, but this is different from the DSC. For the time being, I'm doing both. And we're dealing with geoblocking, with net neutrality, with the internet economy, the data economy, all these things. But the DSC task force is different from that–one reason is the specific level of independence. And the DSC itself is composed of less than twenty people so far, and we will be expanded by a further thirty people in the course of this year. We hope to get further staff with a new budget in 2025. The reason why we started with limited capacities is that the national legislative process took some time. Germany was slightly late in appointing the DSC. To get new staff and money for new tasks, you need these for the budgetary year, so it's difficult to get new staff and money during the year. We would have needed a final text already at the end of last year to get the stuff for this year. That's why, for the time being, we're still limited in capacity.

With this limited staff capacities, we have to set clear priorities this year. And generally speaking these are the certification tasks, the complaints handling, the cooperation and the support to the investigations loaned by the EU Commission against the VLOPs. Further initial focus was on the overall raising awareness among providers and users, because it's really helpful to explain in more detail what the DSA contains, what the DSC can do, what is not covered by the DSA, because this is a problem. Further, the priority of focus was on the European elections. And currently also on current problems with marketplaces, in particular with some Chinese online platforms, through which numerous illegal products are supplied to the German market. So the day-to-day job is dependent on the team you are working in.

Miller:

You said you're splitting your time between divisions for now, is there going to be you and someone else? Are you transitioning to heading the task force for the DSA, for what will eventually be thirty people?

Sanders-Winter:

It is a so-called “task force” for the time being and we have split this into five teams. And during the year we will start with three units and then we will raise it up to five units for the DSC. And there will be one person heading the whole DSC department composed of five units, maybe in 2025. But Herr [Klaus] Müller, our president, is currently the person who has been nominated by law as heading this whole division, until we have appointed one person heading the whole department. This will be a usual proceeding and I think by the end of the year, it will be pretty clear who will do this. But for the time being it's me and my team who is doing the job.

Miller:

You said you have a staff of less than twenty people currently. You’re adding thirty more?

Sanders-Winter:

We will add thirty more. So the midterm aim is to raise the number of staff to seventy people. But of course, this belongs to the decision of the German legislator, in particular when it comes to the budget. So for the time being, we already have fifteen staff, and it will be 22 in a few weeks. In autumn, the task force plans to hire up to thirty more people. If we raise up to seventy in 2025, that will depend on the decision of the legislature.

Miller:

What types of people are you staffing the office with? Are you bringing in academics, policy analysts, technologists?

Sanders-Winter:

In Germany, it's quite usual to have interdisciplinary teams. Usually, we have a lot of economists, lawyers, engineers. But for the time being, we are hiring data scientists, computer scientists, we are looking for people with a specific focus on media law, but also to have more people who have in-depth expertise when it comes to algorithms and the functioning of platforms. Usually these people are academics, but we also have people with more technical backgrounds. And further experts helping to set up IT processes, data centers, et cetera.

Miller:

So the clear priorities of your office right now are certification, claim handling, you also mentioned elections. What does election readiness look like for your task force?

Sanders-Winter

In the week leading up to the [European] elections, the German DSC was informed by one Very Large Online Platform that around 550,000 fake accounts, which are intended to manipulate voter behavior, were detected and successfully deleted. So for us, it is really crucial that the VLOPs take action in order to detect and delete such accounts and minimize the spread of disinformation. And I think the new provisions, as well as the guidelines of the Commission on the integrity of elections helped a lot in that regard. Because one of the best practice examples was the rapid response system, which was established with platforms. And they worked quite well in Germany. There were specific communication channels with the platforms, where such fake accounts or botnets were identified and could rapidly be deleted. I think there is some positive progress, there is good reason to hope that a rethinking is taking place in that regard.

Miller:

In terms of the VLOPs, I wanted to talk about the nature of that relationship, especially in terms of the different approaches between the EU Commission versus what's happening at the national levels. What does that do in terms of these VLOPs and VLOSEs wanting to cooperate? How is Germany thinking about potential tension that might arise as a result of working with them for election integrity, election readiness, and then also enforcement?

Sanders-Winter:

In Germany, there is just one VLOP [Zalando] that is situated in Germany. Our situation is different from the Irish DSC because I think the clear focus when it comes to elections, for example, or I think the focus of a variety of DSC provisions, is on communication platforms, it's not on the fashion platform in itself. However, we are regularly in contact with Zalando, but this platform offers its own brands and products from direct manufacturers. The possible infringement of the DSA is not very likely, so this is not in the focus of our work so far.

You mentioned the elections and of course, we are in contact with the German representatives of such platforms, like X or Meta, Instagram, Facebook. These are situated in Ireland, but we would like to get an overview of the possible problems on the German market. And any indication we get from users, from associations, from academics, flows into the investigations of the Irish colleagues or of the EU Commission. This system is aiming at identifying whether a platform has a systemic risk and needs to take mitigation measures and that might differ from country to country. There might be a systemic risk or problems in Germany, which are not automatically the same as in Romania or in Sweden. So the idea behind this is to cooperate with these platforms, and also to get an overview of what is happening in Germany.

The experiences [with the VLOPs] are rather positive. The platform's are making themselves available. They are open for modifications or requests when we have identified problems. And I think this is quite helpful, as the rationale behind the DSA is to change the attitude of platforms through effective supervision. And our experience so far, it's limited. But we are slightly positive that the experience during the elections showed that things are developing positively.

Miller:

You said you’re “slightly positive”? Is there skepticism on the other side of that?

Sanders-Winter:

Well, of course, not all the problems have been solved. And we have delivered a lot of indications that we have collected for the German market to the investigations of the Commission. And you know that the Commission has launched a lot of proceedings, they are not finalized. So for the time being, we haven't come to any decision. But we have a lot of areas identified where we would like to get to know in more depth, to learn from the platforms and how they are mitigating the systemic risk, what are they doing to get information about this? So there is some reluctance, otherwise, we wouldn't have needed such infringement proceedings from the Commission.

Miller:

Is there anything that's specific to the needs of German users and the German markets that you all are taking a slightly different approach to from other DSCs? Or is that still being figured out?

Sanders-Winter:

I don't think that there are huge differences between the priorities mentioned by our Irish colleagues. Maybe, as I already mentioned, the problems with the Chinese platforms on the marketplaces–and this is specifically a problem that is currently highly debated in Germany–this might be one of the priorities that are specific to Germany. You mentioned child online safety, this is a priority for us as well. It is under the competencies of the Protector of the Federal Agency for Protection of Children (BzKJ), children and young people in media, as well as under the remit of the media state authorities. But they are very much cooperating with us on this. The Commission has designated four adult platforms as VLOPs and we are engaged in ensuring that such platforms mitigate systemic risks, such as those related to the dissemination of illegal content, or the negative effects on mental and physical well-being of minors.

Here, one focus is the prevention of minors from accessing pornographic content, including with adequate age verification systems. We have a strong debate on what is meant by an adequate age verification system, and that there is a high need to install such a system by these platforms. This might be a priority, which is also set by the Irish. There is a new working group who's dealing with that as a subgroup of the European Board for Digital Services and it will be one of the priorities for the rest of this year. Of course, it's voluntary. So if it's not on your priority list, you are not obliged to work on this. But I guess on the protection of minors, all DSCs will be engaged in this, to come to a consistent view on how we can ensure this. If it comes to the requirements of an age verification system, it does make sense that all the DSCs agree on a specific system or a specific level of age verification system, at least in order to have a consistent implementation of the DSA requirements.

Miller:

Any closing thoughts about topics we haven't covered that you think are important?

Sanders-Winter

Maybe one point, which is a very specific aspect of the model of the DSA. I've seen that you asked my Irish colleague whether we have learned any lessons from the GDPR. I think the DSA model is a unique one because it's a split governance model between the European Commission and the DSCs. And the whole thing is not just, here's the Commission doing the governance on the VLOPs and here are the DSCs doing the national job. It's a sort of team exercise doing the whole implementation of the DSA. And I think it's challenging, but I'm really keen on putting this into practice. It's a real exciting exercise and BNetzA is ready to show that this team can work together and is ready to deliver as quickly as possible.