The following sections provide guidance on elements that you, as a HSP, should consider when drafting ToS in the context of the TCO Regulation.
It is important to emphasise that developing ToS is an iterative process: the ToS can and should be adapted if necessary, for example, in response to user suggestions and by keeping pace with national or international legislation developments. The TCO Regulation calls for such adaptability: HSPs, if they are exposed to terrorist content, are required to amend their ToS to state that and outline what actions will be taken to counter misuse of the platform for terrorist purposes (TCO Regulation, Art. 5.1).
Specifically, we recommend paying heed to the clarity and structure of the ToS. Studies show that users spend little time reading ToS and do not pay sufficient attention to the the information presented; ToS rather act as a remider to users’ general perception of what is allowed and what is not. To aid navigation and comprehension of the ToS, it is advisable to invest time in the visual design of the ToS and to work with clear headings or bullet point lists. It can also be useful to remind users of ToS aspects from time to time and, if suspicious behaviour has been detected, to warn of possible consequences (e.g. via a pop-up).
When setting up and revising the ToS, the following checklist can serve as a guide to optimise compliance with the TCO Regulation.
Please click on the check boxes, to expand the individual points and see a explanation including additional advice.
Checklist
Having working definitions of terrorism and terrorist content is important for actioning content and behaviour against. These definitions should be appear in the ToS and be referred to when evaluating content. Existing definitions already presented and discussed in this guide (see the definition here), in particular those of the EU based on EU Directive 2017/541, can provide useful guidance in this regard.
The TCO Regulation obliges HSPs exposed to terrorist content to explain in their ToS both their strategy for combating the dissemination of such content and any automated means used (e.g. in identifying prohibited content; chapter 2). The TCO Regulation further requires HSPs to implement specific measures once exposed to terrorist content (e.g. systems for reporting harmful content from users, complaint systems for content removals; chapter 4) (TCO Regulation, Art. 7.1).
A variety of content types can be harmful to users, to society and to the platform itself. Thus, HSPs should consider the following additional prohibitions, also addressed by other legal frameworks like the Digital Services Act, and, thus, prohibit content containing for example hate speech or incitement to violence. At the actor level, terrorist groups may be excluded from platform use. Designation lists (i.e. official lists of terrorist groups published by democratic states) are a good resource for such bans. Furthermore, competent authorities may alert HSPs to content which is not classifiable as terrorist but nonetheless harmful; assessing the content against the ToS and the eventual handling of non-terrorist but harmful content is ultimately the responsibility of HSPs (TCO Regulation, 40).
ToS should also describe, by reference to platforms’ values and purposes, what usage behaviours are not simply accepted but also welcomed and encouraged by HSPs’. There is no universal standard for this – it varies greatly depending on the platform’s functionalities and principles. Having said this, describing accepted use is not explicitly required to meet the TCO Regulation’s obligations.
One way of surfacing illegal and ToS violative content is through user reporting systems. HSPs should therefore include a section in the ToS which explains processes for reporting content suspected of violating an HSP’s ToS.
To ensure ToS violations are dealt with transparently and to remain accountable to the public, HSPs should clearly set out in their ToS the actions to be taken against users and/or content for ToS violations. Per the TCO however, a removal order from a competent authority must result in content removal within one hour of its being flagged. Removal orders may also be actioned by blocking the content or geo-blocking it in the EU.
When preparing and revising the ToS, HSPs should publicly commit themselves to publishing transparency reports on a regular basis. Practical tips and TCO regulatory requirements for creating transparency reports follow in chapter 6.