Elon Musks plans to turn Twitter Inc. into a free speech haven could run into its biggest political obstacles in the European Union, where he has to contend with its new Digital Services Act, which forces companies to take down illegal content. Musk said hell follow national laws and specifically reassured concerned EU officials that hell follow the DSA but this will be difficult in practice with so few staff left to moderate content. It wont be easier in the EUs lawmaking capital of Brussels, where Twitters office is now lifeless.

EU leaders know Musk himself was a controversial speaker on Twitter he was taken to court for defamation after he called a British caver a pedo guy (Musk won), the US SEC sued him for tweets about taking Tesla Inc. private (Musk settled), he tweeted a Nazi meme (then deleted it), and posted misinformation about an attack on US House Speaker Nancy Pelosis husband (also deleted.)

While most if not all of these wouldnt have breached the DSA, its certainly made lawmakers attentive to the possibility that they were signs of whats to come.


What new rules must Twitter follow in Europe?

One rule makes it a requirement for platforms like Twitter to remove content thats illegal in any of the EU blocs member states. For instance, content promoting Nazism would have to be taken down in Germany, where such speech is illegal. But it wouldnt have to be taken down across the border in Denmark, where it isnt. Another rule is that platforms like Twitter must show the European Commission, the blocs executive arm, that its doing an appropriate amount of work to decrease the spread of content that breaks no law, but can be seen as harmful. This would include disinformation. Companies will have to show how theyre tackling such posts this summer. If the EU concludes not enough is being put in place, this second rule gives them the power to demand changes to algorithms or policy, for instance. 

What other rules must Twitter follow in Europe? 

Musk will have to follow the EUs landmark data protection rules, the GDPR, which requires Twitter to have a data protection officer in the EU. It also means Twitter must get consent before targeting ads to specific user groups, and makes Twitter liable for any data breaches. Musk will have to keep his eye on other legislation in the works like the EUs AI Act. The current proposal bans the use of algorithms shown to discriminate against people, which could impact Twitters face-cropping tools that have been shown to favor thin, young women. The EUs Child Sexual Abuse Materials proposal could force Twitter to screen private messages for child sexual abuse imagery, or grooming. These are still being debated in the EU.

How will EU regulators enforce the rules?

In extreme cases, they could ban Twitter from operating in the bloc. In more modest scenarios, they could sanction raids on its remaining offices to see if its doing what it says its doing, and use what they discover to force stronger changes to behavior. And in more likely initial situations, they would issue strongly-worded demands, fines, and dangle the threat of further action. 

These are options open to all companies subject to Brusselss law, including Meta Platforms Inc., Alphabet Inc., Microsoft Corp. and others. However, Musks stance on free speech and his dismissal of about half of Twitters employees have already put him in regulators spotlight. Twitter will have to do a lot more work to comply with the DSA, including adding a mechanism for users to easily flag illegal content and having enough moderators to review content in each EU country. The EU has not been afraid of taking on big US tech companies in the past. Irelands data protection watchdog fined Twitter 450,000 ($448,360) in 2020 for violating the GDPR. Inc., Metas WhatsApp, and Alphabets Google have been slapped with fines in the millions of euros, although critics argue these symbolic fines do little to change big techs behavior as companies see them as cost of doing business in Europe.

When could action be taken?

As far as the DSA is concerned, no time soon. Twitter will have to publish the number of users it has in February, which kick-starts the process of commission supervision, but it wont have to submit a risk assessment until next summer. Instead, Musks first chance to show the EU that he takes content seriously is by upholding the EUs Code of Practice on Disinformation. Twitter signed the code this summer, promising to not profit off disinformation and to fight fake accounts and bot driven amplification. While the code is voluntary, its obviously not a great look if Musk backs out of the promise or violates it right away. 

Irelands supervisor has said its closely monitoring Musks moves. After the departure of Twitters sole chief privacy officer, the company reassured Irelands data watchdog that it was complying with the GDPR and would have someone in charge of data in the meantime. The biggest risk could be having too few staff to safeguard the platform from hacks that expose user data.

Is the EU the only place Musk should be worried about?

The US Supreme Court will hear two cases that could make social media companies liable for algorithms that promote illegal or harmful content. This could dramatically change how companies in the US moderate content. Meanwhile, Twitter sued India over a new law that essentially gives the government control to censor social media posts. Its unclear if this goes against Musks ideas of free speech enough that hell continue the suit or if hell just adhere to the law.

Our new weekly Impact Report newsletter will examine how ESG news and trends are shaping the roles and responsibilities of todays executivesand how they can best navigate those challenges. Subscribe here.