Else Beekman
The European Commission has referred Spain to the Court of Justice of the European Union (CJEU). The country fails to properly implement the EU’s Digital Services Act (DSA). According to a statement issued by the Commission on Wednesday, Spain has not granted sufficient powers to its designated national coordinator. Additionally Spain nor defined the penalties for non-compliance with the regulation.
The DSA, adopted in 2022, requires EU member states to appoint one or more competent authorities to enforce the rules within their territories by 17 February 2024. These authorities must be equipped with the powers necessary to oversee compliance and apply sanctions when necessary.
Spain is one of five countries now facing legal action for failing to meet these requirements. The others are the Czech Republic, Cyprus, Portugal and Poland. While Poland has yet to name a coordinator, the others have done so but have not transferred the required powers. None of the five, including Spain, has established national rules for penalties in cases of infringement.
“The work of national digital services coordinators is essential for overseeing and enforcing the DSA and ensuring its uniform application across the EU,” the Commission stated.
The role of DSA
The DSA imposes obligations on digital platforms to combat illegal content, ensure transparency in online advertising, and take measures against disinformation. It also includes special provisions to protect minors and varies in its application depending on the size of the platform.
Alongside the Digital Markets Act, the DSA represents the EU’s first major attempt to regulate large digital platforms. The laws have drawn criticism from major tech firms. Additionally, these have already led to significant fines for companies such as Apple and Meta due to monopolistic practices.
Spain to stop auto-renewals on services like Spotify and Amazon
Parallel actions on cybersecurity and environmental rules
In a separate move, the Commission also issued a formal notice, known as a reasoned opinion, to 19 EU countries, including Spain. This is for failing to transpose the updated EU cybersecurity rules known as the NIS2 Directive.
The deadline to incorporate the directive into national legislation passed on 17 October 2024. The new rules aim to improve cybersecurity across critical sectors such as energy, transport, water management, digital infrastructure, health and public administration.
“A full implementation is vital to enhancing the resilience and incident-response capacities of key public and private entities,” the Commission said.
Spain and the other 18 countries now have two months to comply. If they fail to act, the Commission may escalate the matter to the CJEU.
Additional infringement over carbon market directives
The Commission also criticised Spain and eleven other countries for not transposing updated rules related to the EU’s Emissions Trading System (ETS) by the 31 December 2023 deadline. These rules extend ETS obligations to sectors such as maritime transport and revise those affecting aviation. The aim is to align the system with the EU’s 2030 climate targets under the European Climate Law.
In January 2024, the Commission had warned all member states, except Denmark, about delays in adopting these measures. Spain is now among those formally cited for either incomplete or entirely absent transposition.
These countries also have two months to comply or face possible legal action in the EU’s top court.
Source: EFE