Platform power and regulatory capture in digital governance

Abstract

Digital governance is a public concern, yet under private control. After numerous scandals, all stakeholders in the European Union (EU) agreed to establish a “novel constitution for the internet” that would effectively constrain the power of large platforms. Yet the Digital Services Act (DSA) ultimately legitimized and institutionalized their position as the gatekeepers of the internet. Why? We argue that platforms prevailed thanks to their ability as intermediaries to quietly shape the available policy options. Our “platform power mechanism” combines institutional and ideational sources of business power to show how big tech drew on its entrenched position as an indispensable provider of essential services and promulgated the idea of itself as a responsible and neutral intermediary. We follow the unfolding of platform power through a process-tracing analysis of Google and Meta’s activities with respect to DSA legislation from its announcement (2020) to its adoption (2022). Besides contributing a reconceptualization of the DSA as a regulatory capture, we integrate the notion of platform power into a “regulator–intermediary–target” model and demonstrate how gatekeepers have exploited information asymmetries to share “the public space.” Our analysis thus supplements established approaches that have derived regulators’ deference to platforms from the tacit allegiance of consumers.

Introduction

The digital revolution has made internet regulation an increasingly urgent political task, as more and more scandals caused by failed data protection have become public in the recent decade. While the Snowden revelations were still fresh in mind, the next scandal popped up in 2018 when the British consulting firm, Cambridge Analytica systematically collected personal data belonging to millions of Facebook users without their consent and employed them for political advertising in the 2016 US presidential elections. In addition to these data protection scandals, the global spread of disinformation and hate speech has increasingly been regarded as a major threat to democratic governance ¹ so some scholars even warn of a “weaponization of social media in a so-called LikeWar.” ² This growing political demand has called on regulators worldwide to reform the existing institutional arrangements governing the exchange of data and the moderation of content on the internet.

The European Union (EU) appeared to be the most formidable candidate to supply tightened internet regulation in general and to trim the powerful position of large platforms in particular. Recent policy research found that the EU has comprehensively shifted towards stricter control of the private sector across several digital policy areas. ³ Also, prominent legal scholars stressed the strength of Europe’s “rights-driven regulatory model,” which needs to be differentiated from the United States’ and China’s by virtue of its protection of individual users against both platform power and state interference. ⁴

Beyond scholars, practitioners and regulators emphasized the success and impact of the EU’s existing General Data Protection Regulation (GDPR); and on her first appointment as EU Commission President in 2019, Ursula von der Leyen designated digital governance as one of her priorities, ⁵ and Commissioner Vestager declared a tougher stance vis-à-vis big tech. ⁶ Likewise, powerful legislators such as Germany and France joined in and vehemently called for stricter rules on data protection and content moderation, supported, not surprisingly, by civil rights organizations such as the European Digital Rights (EDRi) network. ⁷ Finally, even the platforms themselves supported efforts to reform the existing self-regulation. For instance, Mark Zuckerberg from Meta voiced the belief that “we need a more active role for governments and regulators” ⁸ so that eventually the Wall Street Journal published a report under the headline: “Big Tech Braces for a Wave of Regulation.” ⁹ As a result, this new Brussels consensus among all its stakeholders made the EU the most likely regulator to supply the growing demand for strict internet regulation that would protect the rights of individual users and robustly constrain the leverage of large platforms.

This overwhelming push to supply tight regulation formed the point of departure when EU regulators updated their relationships with both the intermediaries (i.e., large platforms) and the targets (i.e., individual users) at the end of 2019. The regulatory status quo was defined by the more than 20-year-old e-commerce directive ¹⁰ ; and the EU’s proclaimed objective was nothing less than a new “constitution” for the internet. ¹¹ Yet, the actual outcome, the EU’s Digital Services Act (DSA) of 2022, hardly lived up to this ambition. If it was a constitution, it was a “captured” ¹² one, as its implementation and enforcement will undoubtedly entail an “uphill battle to rein in big tech.” ¹³

We draw on the regulator–intermediaries–target (RIT) model ¹⁴ to conceptualize the institutional design that follows from DSA reforms. Although the EU as regulator has, admittedly, supplemented the existing self-regulation of intermediaries (i.e. platforms), their autonomy and thus their power position has not been weakened but rather reinforced vis-à-vis both the regulator and the target (i.e. individual users). Now, platforms not only share rule-setting with the regulator but they also act as the main enforcers of the digital space. Despite some new, but vague regulatory constraints on large platforms, the DSA has institutionalized intermediaries’ indispensable, responsible, and neutral position in internet regulation in Europe and beyond. The question thus arises of why the combination of an overwhelming demand and a straightforward supply option did not result in strict regulation of large internet platforms: Why have the intermediaries ultimately prevailed over the regulator?

We argue that platform power enabled intermediaries to capture institutional reforms. The powerful position of large data platforms has allowed them to quietly shape the availability of policy options, defend their autonomy, and advocate their interests. Our “platform power mechanism” will demonstrate—both theoretically and empirically—how big tech drew on its entrenched position as an indispensable provider of essential services in order to guarantee platforms’ autonomy from future regulatory interference. Most crucially, platforms succeeded in removing the idea of “liability” from the reform agenda and replaced it with the notion of responsibility, which ultimately discharged them from legal obligations. They also advanced an ideational strategy of being neutral intermediaries that promote merely technical solutions and help to provide public goods such as freedom and innovation. We forecast that their interests will further prevail as the DSA has not only legitimized their former behavior but also institutionalized their position for the future. After having reinforced their entrenched position, Meta and Google, for instance, will necessarily be involved in any “quiet” ¹⁵ attempt to reform the rules and implementation of internet regulation in the future. This paper will demonstrate the unfolding of platform power by a process-tracing analysis ¹⁶ of the DSA’s legislation process from its announcement by the Commission in January 2020 to its adoption in the Council in October 2022. Our explanatory strategy has focused on two of the main players, Meta and Google, which has allowed us to reduce the corpus of analyzed documents to 214 (esp. documents from legislation, internal lobby meetings, trilogues, and the media).

This paper aims for two main contributions. First, we critically question the widespread—and insistent—emphasis on the EU’s alleged public interventionism in internet regulation. ¹⁷ Our investigation suggests, by contrast, that, rather than being tamed, large platforms ultimately received what they initially preferred. Most significantly, they were able to preserve their autonomy as intermediaries by securing their own “terms of use” as the most relevant rules for individual users, the ultimate target of regulation. By drawing on the RIT model as our conceptualization of the DSA’s new institutional design (i.e. our explanandum), we highlight the soft nature of ex post control instruments which will shape the future opportunities of platforms to moderate internet content. What users will ultimately glimpse online remains to be controlled by private platforms rather than public regulators. The platforms’ entrenched position has been reinforced and legitimized, and their powers of enforcement have even been institutionalized with respect to the moderation of digital content. Unlike conventional vested interests that are somewhat outside the political decision-making system, ¹⁸ the RIT model sheds light on the fact that large platforms will now “share the public space” ¹⁹ with regulators and targets. This ultimately allows them exerting significant influence on the space’s “rules of the game.” Despite the fact that their entrenched position and ultimately their very business model were seriously threatened at the outset of the DSA’s legislative process in late 2019, they prevailed and ultimately regained the driver’s seat of regulating the moderation of digital content.

Second, our explanation contributes not only to conceptualizing platform power ²⁰ but to investigating it empirically as it unfolds within an RIT setting. We integrate two often separated sources of platform power—the pre-existing self-regulatory institutions and the importance of ideas—into a generalizable mechanism to explain processes of how regulators make via intermediaries collectively binding decisions for the digital domain. This allows us to trace how entrenched gatekeepers exploit ideational asymmetries and leverage their power position into desired outcomes. ²¹ Our approach helps to explain how these private firms influence the policy agenda by tracing their lobbying activities mostly in quiet politics; i.e. platforms’ influence partly depends on the extent of an issue’s salience within the policy process. “The more the public cares about an issue, the less managerial organizations will be able to exercise disproportionate influence over the rules governing that issue.” ²² Given that the two-years regulatory design process was relatively quiet, our “backdoor perspective” complements scholarship on platform power, which primarily derives regulators’ deference to platforms from the “tacit allegiance of consumers.” ²³ Moreover, empirical studies of the DSA found that platforms had hardly applied these indirect strategies, but drew on direct forms of policy influence instead. ²⁴ Therefore, our mechanism supplements this seminal line of theorizing platform power through consumers by investigating platforms more direct forms of shaping regulation on their terms. This makes it theoretically applicable to policy-making processes where public regulators need to interact with platforms, whose preferences however diverge—be it in the EU or beyond.

The paper proceeds as follows. First, we draw on the RIT model to conceptualize and empirically map the regulatory outcome, namely the EU’s Digital Services Act. Second, we introduce our theoretical framework that shows how platform power ties in with the RIT model to derive an explanatory mechanism focusing on the interactions between the regulator and intermediaries in the DSA. Third, we set out our methodology and present the findings of our process-tracing analysis, which showcase how Google and Meta constrained institutional reforms and pushed the available policy options closer to their own interests. Finally, we discuss the implications of our paper as well as the future of the EU’s regulation of digital services.

The RIT Model and the EU’s reform of internet regulation

The institutional design of internet regulation in the EU used to be based on the 20-year-old e-commerce directive. ²⁵ Yet, given that “Internet sites often serve as platforms for disinformation, bullying, hatred, and repulsive content, undermining the safety and dignity of individuals while dividing societies and destabilizing democracies,” ²⁶ EU policy-makers were called upon to reform these mainly self-regulatory arrangements and to design safeguards against those threats. ²⁷

The regulator (R), the intermediaries (I), and the target (T)

The recent institutional reform (i.e. the DSA)—jointly with the Digital Markets Act—seeks “to create a safer digital space in which the fundamental rights of all users of digital services are protected.” ²⁸ In accordance with these objectives, the EU as a regulator makes rules; individual users as targets take rules. Yet, the DSA also “foresees an important role for private entities both when it comes to the further elaboration of the regulatory framework applicable to intermediary service providers and to its enforcement.” ²⁹ Given the prominent position of large platforms such as Google and Meta, ³⁰ this form of regulation “operates indirectly via chains of intermediation” so that “regulators and targets can expand their capacities by selecting, [and] engaging intermediaries.” ³¹ These intermediaries perform specific functions and relevant roles as they possess and operate capacities that regulators normally lack or could only provide at higher cost.

We draw on this RIT model ³² —the chain from the regulator (R) via intermediaries (I) towards a target (T)—to conceptualize the DSA as an outcome of the EU’s institutional reform of internet regulation. The power position of intermediaries (i.e., large platforms) depends on the extent of political intervention. The more control a regulator exercises over intermediaries, the less autonomy intermediaries have to act and the less power they have to impose their preferences on outcomes. While “power works in various forms and has various expressions that cannot be captured by a single formulation,” ³³ we will draw on the working definition: A causes B (i) to do or (ii) to know something that B otherwise would not. ³⁴ We distinguish between three conceivable designs of our RIT model and thus three distinct power positions of intermediaries. ³⁵

First, we start out from an RIT design characterized by the near absence of direct control and involvement by the regulator (i.e., the EU) and, therefore, operating mostly under rules set by intermediaries (i.e., large platforms) for the targets (i.e., individual users). Such forms of self-regulation are normally initiated by private actors and characterized by their voluntary and non-binding engagement. In such an RIT design, intermediaries perform an extremely powerful and thus influential role almost without any interference by the regulator. Yet, the political level is not fully excluded. Policy-makers and regulators often informally encourage private actors to take action, a setup that has sometimes been described as “regulation by raised eyebrow.” ³⁶

Second, the regulator may also share responsibility for rule setting and enforcement with intermediaries, ³⁷ though the specific balance between them may vary from case to case. ³⁸ For instance, one might think of public regulators setting the general rules, while intermediaries oversee the operational dimensions of implementation and monitoring. ³⁹ The intermediaries’ power position is more constrained by the regulator’s control than in the first instance, but there are still numerous opportunities for them to impose their interests on both regulators and targets. Given its inherent vagueness, this design suggests a relatively unstable equilibrium, as it will arguably tilt the balance more towards those in charge of implementing the rules than those setting them.

Third, the regulator may also prevent intermediaries as far as possible from engaging with the targets. For instance, statuary regulation largely implies a logic of command and control and thus hierarchical direction, even though intermediaries are often involved. ⁴⁰ Despite some flexibility within this type, the common ground is that “the government sets the regulations and enforces them.” ⁴¹ This results in maximal control by the regulator and thus minimal autonomy as well as a weak power position for the intermediaries.

The RIT design of the DSA

Against the backdrop of these three conceivable RIT designs, this step explores the EU’s recent institutional reforms to internet regulation in the DSA. How does the EU, as regulator, interact with large platforms, as intermediaries, in both rule setting and rule enforcement? We start out from the regulator, then, gravitate towards the intermediaries.

First, the EU as a regulator has set several standards in the DSA that are binding on private actors. ⁴² However, these hierarchically set standards are mostly prescriptive about what is to be achieved rather than about how precisely it is to be achieved. ⁴³ As a result, intermediaries are granted the right to draft many of the standards that define how the regulatory objectives of the DSA are to be met. Take, for instance, the supposedly far-reaching rule prohibiting advertising targeted at minors. ⁴⁴ At first glance, this is highly interventionist as it directly controls how platforms address different targets. It may even challenge the very business models of intermediaries such as Google and Meta. ⁴⁵ Yet, given that a ban only applies if platforms know “with reasonable certainty” (Art. 28) ⁴⁶ that a user is under age, it may turn out to be hollow. The reason is that the DSA does not even oblige platforms to gather information about this characteristic. ⁴⁷ The general and merely prescriptive nature of rules of this kind thus grants intermediaries substantial discretion in how to implement the standards set by the EU. The devil is eventually in the detail.

In a similar vein, the EU’s Commission is, at first glance, designated as the key enforcer of the DSA. Due to the fact that it is an asymmetric regulation, some specific elements only apply to designated intermediaries. For instance, this is the case for systematic risk assessment and risk mitigation measures, which only apply to Very Large Online Platforms (VLOPs) and Search Engines (VLOSEs) and which are primarily overseen and enforced by the Commission. Jointly with the so-called Digital Services Coordinators (who are appointed by the member states), the Commission is entitled to conduct on-site inspections, interviews, and request data from platforms, ⁴⁸ on whom it can impose extensive fines of up to 6 percent of their worldwide turnover. ⁴⁹ The Commission is also designated to supervise VLOPs and VLOSEs with more than 45 million users per month in the EU. However, assessing their compliance is left to independent auditors, which—under the DSA—are supposed to define and operationalize the auditing criteria themselves. Therefore, several parties have noted that such a design might lead to “audit-washing” ⁵⁰ . Furthermore, “the mere expectation to provide auditing services to the same provider in the future might influence the auditor’s objectivity.“ ⁵¹ In addition, legacies of prior arrangements, such as non-binding codes of conduct, continue to play an important role in key areas, such as targeted advertising or systemic risk assessment (Arts. 35–37). They have been designed by the intermediaries themselves. Here, the Commission, as regulator, is referred to “in weak terms,” by the use of such expressions as “facilitate,” “invite,” and “aim to ensure.” ⁵²

Second, large platforms, as intermediaries, have preserved autonomy and control over their business models thanks to the DSA. They remain largely immune from extensive regulatory intervention. Most significantly, Art. 6 defines that “the service provider shall not be liable for the information stored at the request of a recipient of the service,” ⁵³ but providers are encouraged to take voluntary measures (e.g., monitoring technology, indexing content) to prevent hate speech and fake news from spreading. As long as they act in good faith and with due diligence (Art. 7), they are relatively free as regards achieving the general objectives of the DSA. For example, if providers find harmful content and delete it, they have to provide a transparent and accessible complaint mechanism to enable the decision to be questioned. Buri and van Hoboken ⁵⁴ have stressed that the responsibility for pursuing this lies principally with the platforms themselves. It is based on their terms of use, rather than on specified policies set out in the DSA—for instance, “through internal complaint-handling mechanisms, out-of-court dispute settlement and judicial redress [Art. 17 (3) (f)].” ⁵⁵ As a result, there is a “tendency to outsource primary decisions on fundamental rights and speech governance to platforms.” ⁵⁶ In other words, intermediaries have sweeping discretion over how individuals (i.e. targets) exercise their rights and obligations in digital space.

In a similar vein, intermediaries are relatively autonomous in implementing the enforcement of the DSA. ⁵⁷ This becomes particularly clear with regard to the asymmetric approach of the DSA. “So-called “Very Large Online Platforms” and “Very Large Online Search Platforms” mainly monitor themselves (i.e. their compliance with the DSA and (self-set) codes of conduct). They are directly supervised by the Commission and regularly provide reports, risk assessments, and mitigations (Arts. 34–35). Their supervision is “relatively light touch.” ⁵⁸ While the platforms are obliged to evaluate the systemic risk stemming from their service, they do this via a self-assessment and impose mitigation measures on that basis. This allows them to design mitigation in accordance with their own terms of service as well as already established internal practices.

These procedures, then, serve as the foundation for the European Board of Digital Services and the Commission to further identify “best practices,” which may ultimately be translated into general guidelines (Art. 27). The DSA also designates an important role for civil rights organizations by integrating their experts into consultations and recommendations. ⁵⁹ Yet, it remains vague what the future role of these experts will be with regard to drafting guidelines and standards (e.g. regular round tables). ⁶⁰ Moreover, rather than by the regulator, the audit supervisor is chosen by intermediaries to conduct the annual audit. While the Commission retains the right to impose fines, it needs to clarify that intermediaries have not complied with imposed obligations in the way of risk assessments and audits. ⁶¹ Due to its scarce financial ressources for an adequate enforcement, the Commision aims to impose a supervision fee (up to 0,05 percent of the annual turnover) on the VLOPs and VLOSEs. ⁶² Given that it is seeking to enforce the DSA with approximately “123 full-time employees” but “Meta and TikTok … each had more than 1,000 people working on DSA implementation at the time,” it will remain an “uphill battle” ⁶³ at best. Figure 1 summarizes the findings of our analysis:

Figure 1. The regulator–intermediaries–target model and the European Union’s internet regulation.

In sum, the RIT model helps to conceptualize what is at stake in internet regulation. We have introduced three baseline RIT designs that set out how the intermediaries’ power position may be institutionalized in setting and enforcing the rules governing digital space. They range from essential autonomy in self-regulatory arrangements via a sharing of tasks with the regulator up to virtual exclusion of intermediaries from statutory regulatory design. Unlike the initial expectations of the DSA in 2019, the so-called Brussels consensus regarding a strong demand for tight controls on intermediaries has not materialized into institutional reforms. Instead, intermediaries’ autonomy and thus their power position has been institutionalized vis-à-vis both the EU as regulator and individual users as target. To some extent, it has even been strengthened since their role as co-regulator and main enforcer of digital space has been formally legitimized. Two characteristics of the DSA’s design are of particular importance. First, the idea of liability—that is, who is ultimately in charge of illegal and harmful content—was strongly contested as this rule-setting directly touches upon the degree of ex post control between the regulator and the intermediary. Second, the idea to specify technological instruments—that is, who is in charge of future implementation—was another contested issue as it speaks to the future response to technological innovation and thus also defines the relationship between the regulator and the intermediary. If both ideas had prevailed, this would have resulted in tight control of platforms. As it stands today, however, the DSA’s design has clearly fallen behind these initial ambitions. Platforms will largely continue to predominate the day-to-day practices of internet regulation and content moderation in the EU and beyond. ⁶⁴

Theorizing the platform power of intermediaries in the RIT model

This section theorizes how intermediaries shape institutional reforms by employing platform power within the legislative process, which will then serve as the basis for specifying a causal mechanism to explain the RIT design of the EU’s DSA.

Intermediaries in institutional reforms

How can an intermediary that has been formally excluded from the legislative reform process (i.e., through lack of veto) nevertheless shape the outcome? Our starting point in tackling this question is “how ideas and institutions limit the range of possible solutions that policymakers are likely to consider when trying to resolve policy problems.” ⁶⁵ The premise is that any institutional reform like the DSA involves distributional conflicts in general, and a potential challenge to vested interests of intermediaries in particular. ⁶⁶ All intermediaries are thus expected to employ their power to move the outcome of institutional reform in a preferred direction.

Unlike conventional business firms, however, platforms can draw on an additional asset, namely the support of consumers (i.e., regulatory targets), which they can combine with their scale advantages as classic monopolies. Public decision-makers anticipate the “political fallout to which overeager regulators would expose themselves by messing with the infrastructure of people’s lives.” ⁶⁷ This reluctance to antagonize consumers gives rise to a permissive environment for platforms to influence institutional reforms. Enacting platform power within the legislative process is, then, based both on their entrenched capacities to leverage information asymmetries and their ideational expertise as digital gatekeepers. ⁶⁸ We theorize two distinct, but mutually reinforcing, processes whereby platforms can shape desired institutional reforms of digital governance.

First, institutional platform power derives from the “entrenched position” of intermediaries that enables them to contribute to the basic provision of those services that are essential for a given society in the capacity of “infrastructural goods.” ⁶⁹ More specifically, the institutional status quo of internet regulation has mostly been one where platforms regulate themselves (e.g., through non-binding codes of conduct). ⁷⁰ Therefore, their power does not exclusively derive from economic markets themselves or lobbying activities, but from certain institutional arrangements through which regulators “invite or allow private interests to play a central role in providing crucial collective goods on which society depends.” ⁷¹ Feedback effects from both formal ⁷² and informal ⁷³ institutions structure interactions between regulators and intermediaries. Rather than deriving from a strict separation of their respective domains, institutional platform power unfolds by “sharing public space.” ⁷⁴

Put briefly, the more entrenched intermediaries are in the provision of public (infrastructural) services, the more they will be able to appear indispensable and the better they will be able to impose their preferences on institutional reforms.

Second, ideational platform power derives from the fact that regulators, intermediaries, and targets engage in activities as a result of interpreting their surroundings, which are constituted by narratives and ideas. ⁷⁵ For instance, intermediaries “seek to influence the beliefs of others by promoting their own ideas at the expense of others.” ⁷⁶ Hence, they may employ ideational elements as tools to shape the definition of the policy problem as well as the resulting solution, which makes their power, at least partly, traceable in policy-making processes. ⁷⁷ More specifically, intermediaries draw on different ideational strategies to shape the reform agenda by framing and enhancing desired options. For instance, rather than being one idea among several alternatives, a preferred idea may be framed as the only objective and neutral idea. It is not an idea, it is the idea. It does not serve some particular interest, it is in the public interest instead. Within the context of any technological revolution, it is helpful to be credited with responsibility and techno-solutional expertise. ⁷⁸ If regulators essentially subscribe to these ideas, intermediaries may be successful in “influencing public actors’ beliefs both in the necessity and effectiveness of the solutions offered by platforms and in the compatibility of public and private interests.” ⁷⁹ Both institutional change and resistance to reforms may be based on strategically employing ideas:

Put briefly, the better intermediaries succeed in appearing to be responsible experts and in putting forward (neutral) techno-solutionist arguments, the more they will be able to frame the reform agenda in the way they desire and the better they will be able to impose their preferences on institutional reforms.

If we hypothesize that these two processes might mutually reinforce one another, the design of an RIT model of this kind would indicate “weak regulatory capture”: that is to say that the institutional reform has intentionally created a regulation that serves the regulated intermediaries rather than the public interest. ⁸⁰ This form of regulatory capture is to be understood as weak rather than strong because the public will still benefit from the institutional reform more than from maintaining the status quo. Yet, it seems not to be in the public interest for intermediaries, as gatekeepers, to be able to decide on access to and the distribution of information. The same applies to information exploitation. Institutional reforms to tackle that part of platform power from a public interest angle would include, for instance, “ending surveillance-based business models (by requiring platforms to spin off their ad networks).” ⁸¹ Hence, the new regulation serves the regulated intermediaries first and foremost—even though the public may be better off than under the e-commerce directive of 2000.

This form of regulatory capture is fully conceivable from an RIT perspective: “Intermediaries often have unusual influence in these settings: their expertise, informational advantages, and experience put them in a better position than the regulator in terms of understanding what modifications are needed. In such cases, intermediaries become the leaders in regulation, with the ostensible rule-makers following them.” ⁸² The next section draws on these two processes to develop a “platform power mechanism,” which helps us to link these theoretical expectations with more specific empirical observations of the DSA legislative process.

The ‘platform power mechanism’ in the DSA

Applied to the DSA, the trigger for institutional reform is the perceived demand for more effective internet regulation in general, and better protection of private data in particular. This demand aligns with an overwhelming majority of stakeholders, who all prefer a tighter RIT design with less autonomy for and closer control of platforms. As there was no essential opposition to such an approach, we can even speak of a Brussels consensus among regulators and intermediaries in January 2020, when the legislative process for the DSA began.

The outcome, then, is an institutional design of shared co-regulation. The DSA is neither an instance of tight regulation nor will it effectively control intermediaries. As we have shown above, it reinforces and institutionalizes a powerful position for large platforms as intermediaries in both rule-setting and rule enforcement. This indicates a weak form of regulatory capture. The two theorized processes help us to formulate the “actors and activities” that interact in a causal pathway leading from the trigger to the outcome. ⁸³

First, large platforms have informally been integrated as intermediaries into the legislative process as they have been recognized as indispensable providers of essential services. Rather than merely powerful firms, they “exercise broad control over the terms of access to crucial services on which a wide range of other actors depend.” ⁸⁴ Yet, their explicit consent is not necessary for legislation. Given the strong trigger of the Brussels consensus, future regulation may involve more liability for platforms, reduce the autonomy of intermediaries, and thus strengthen the regulator’s control. ⁸⁵ This is the most conceivable regulatory outcome as platforms have no formal veto power, in spite of their entrenched institutional position.

Consequently, when interactions between the regulator and intermediaries unfold as part of the legislative hearing process, platforms need to focus their efforts on shaping the decision-making agenda. ⁸⁶ Accordingly, we expect them to stress their indispensability and to opt for a quiet politics strategy—rather than pushing, for instance, the liability question into the public sphere. The “preferred arena of conflict for business is typically a regulatory conference room rather than a public parliamentary hearing” ⁸⁷ —somewhere where informal meetings can be held with key decision-makers to address the regulatory proposals. These meetings serve as venues for intermediaries to make them appear as indispensable providers of public goods and to articulate their definition of the problem in a less formal and less public setting. By contrast, extensive media coverage of legislation is undesired as a “prime indicator of loudness.” ⁸⁸

Second, intermediaries will advance an ideational strategy to shape a policy agenda that highlights the responsibility of large platforms, on the one hand, and their technical expertise and thus neutrality when addressing problems, on the other. The regulators’ intervention becomes unnecessary and possibly harmful to future innovation. Therefore, intermediaries will fiercely (i) contest platforms’ liability for content and highlight soft responsibility instead; (ii) they will also stress uncertainty about future policy problems, thus suggesting a flexible technological fix by the experts themselves. The objective of this ideational strategy is to shape the available policy options of the regulator in a desired way to preserve intermediaries’ autonomy of the self-regulatory status quo.

The first part starts out with a self-designation as an impartial platform rather than a media or telecommunications company, as “the term is a valuable and persuasive token in legal environments.” ⁸⁹ This notion of a neutral host of content allows them to circumvent regulations that typically govern traditional media and telecommunications sectors (especially not being liable for the content that is distributed via their technological infrastructure). As a consequence, liability for content rests with the targets (i.e. individual users), rather than the producers. ⁹⁰ Yet, an ideational strategy that consists only of opposing liability may damage the intermediaries’ reputation for innovation, so a more constructive approach may become necessary. When the regulator emphasizes the demand for platform liability, intermediaries may counter with a proposal of platform responsibility for the content they host, even though “the shape of this responsibility is by no means clear.” ⁹¹

The second part of the strategy involves framing most of the regulatory challenges, such as hate speech or misinformation, as problems whose nature is uncertain, but is likely, ultimately, to be technical rather than political. This idea needs to draw on technological solutionism—that is, the belief that there is a technical solution for any problem and there is always an expert who is capable of designing such a solution. ⁹² Since intermediaries are the ones with expertise in technical issues, they are indispensable and should have flexible discretion with regard to how these issues are to be addressed without being hampered by control and tight prescriptions. Given their technical rather than political nature, these measures will arguably have few distributional implications. They are based on the idea of neutral expertise.

In sum, this section has theorized and empirically specified how large platforms, as intermediaries, respond to the regulator’s willingness to tighten regulation in digital governance. They draw on their entrenched position to employ ideational strategies that may help to preserve some of their autonomy and prevent tighter regulation. Figure 2 summarizes our ‘platform power mechanism’ in the DSA’s legislative process:

Figure 2. The “platform power mechanism” at work in Digital Services Act legislation.

Large platforms as intermediaries in the DSA legislative process

Our analysis draws on Beach and Pedersen’s theory-building process-tracing. ⁹³ We seek to identify observable manifestations that are empirical fingerprints of our “platform power mechanism.” This will enhance the degree of confidence in our theorizing efforts. We focus, therefore, on the regulator’s and intermediaries’ (i.e. the two entities) activities in the legislative process and explore how the trigger is translated through our “platform power mechanism” into the outcome (i.e. the relative autonomy of intermediaries and weak regulatory capture). As far as large platforms are concerned, we have chosen to focus on Google and Meta. ⁹⁴ Google dominates the realm of search engines and Meta owns several of the most relevant social media platforms (e.g. Facebook). ⁹⁵ Finally, they are both key to issues of content moderation, targeted advertising, and thus private data protection, more broadly.

Given that our theoretical approach also stresses informal practices of quiet politics, we need to focus on the use of internal channels—outside the public sphere—to trace the path of platform power and how it has contributed to the watering down of policy options. ⁹⁶ Relevant documents to investigate, therefore, include emails, memos, and minutes of meetings as well as legislative documents and media reports. Internal documents from lobbying meetings, however, are not automatically published by the EU. According to Regulation 1049/2001 EU, citizens have the right of access to documents in EU treaties. ⁹⁷ Several documents relating to the DSA have thus been published through the website “Ask the EU.” As these documents do not cover all the lobbying meetings identified, we put in further requests via the platform and received additional material. As a result of our data-generation efforts, the corpus eventually consisted of 214 documents (esp. legislative documents, internal lobby meeting documents, trilogue documents, media, and research reports) that we analyzed. ⁹⁸

The prolog

From a procedural perspective, the DSA was an ordinary legislative procedure (COD), and thus a co-decision between the Commission, Parliament, and Council. ⁹⁹ Before the Commission initiated a proposal, it consulted various stakeholders for feedback and made an impact assessment. Then, the co-legislators, that is, the Council and Parliament, acted on the proposal. Afterward, the negotiations moved on to the trilogues, which are inter-institutional negotiations between the Council and the Parliament, mediated by the Commission. They are normally highly secret and a crucial step in drafting the ordinary legislative procedure. The Commission and the co-legislators ultimately reached a provisional agreement that had yet to be agreed on in legislative procedures in the Parliament and Council. ¹⁰⁰

From an institutional perspective, the DSA did not emerge from an empty page. The pre-existing setting had predominantly been designed as one of self-regulation as part of the EU’s e-Commerce Regulation of 2000. While the latter imposed some general obligations on providers with regard to the disclosure of information and the protection of regulatory targets (i.e. users), it also laid down rules that granted certain intermediaries immunity for two decades as far as third-party content on their platforms was concerned. ¹⁰¹ It was intermediaries—rather than public regulators—that set, enacted, and enforced most rules of digital governance. However, the EU had taken an important legislative step before the DSA in 2016. ¹⁰² The General Data Protection Regulation (GDPR) to some extent represented a turnaround with regard to the regulation of data privacy as it affected the collection and processing of data. ¹⁰³ It is primarily related to content moderation and also liability. ¹⁰⁴ Despite overlaps with the DSA, the latter was primarily characterized by its general take on content regulation that also included “political advertizing,” whereas former initiatives tackled more sector-specific areas on (illegal) online content, such as terrorist activities. ¹⁰⁵

In sum, the ordinary legislative procedure of the DSA was initiated within an institutional setting of self-regulation involving strong positions for large platforms as the predominant intermediaries. Yet, tighter rules for the private sector, which would have constrained the autonomy of intermediaries, were not only the Zeitgeist, ¹⁰⁶ but they also predominated the initial agenda.

The legislative process

By the end of the 2010s and after constantly recurring instances of systematic data protection violation as well as the voter manipulation by Cambridge Analytica, the public demand that rules for large platforms should be tightened had become salient for policy-makers at different levels. The Commission wrote in a leaked preparatory document for the DSA that “specific obligations should be examined for cross-border online advertising services, including for rules around political advertising.” ¹⁰⁷ Commentators agreed that these ideas would directly challenge internet platforms such as Google and Meta: ¹⁰⁸ , as indicated by the New York Times headline “A Global Tipping Point for Reining In Tech Has Arrived.” ¹⁰⁹ Due to the unfolding Brussels consensus that “some of the darker sides of digital technologies have become visible,” ¹¹⁰ Commission President Ursula von der Leyen announced in 2019 that better data protection measures, as provided by the GDPR, were only the “first steps.” ¹¹¹ Although industry self-regulation had been relied on for decades, EU officials, member states, and civil society players were now calling for stricter regulations. And even the companies themselves allegedly asked to be regulated as intermediaries. ¹¹²

As a result, an indisputable demand for internet regulation helped to form a new Brussels consensus among stakeholders and thus triggered the drafting of a strict design for the DSA in order to tame the large platforms.

Institutional platform power shapes influence…

In accordance with our mechanism, this first step will investigate whether and how institutional platform power unfolded in this situation. Process-tracing shows the entrenched position from which large platforms, as intermediaries, interacted with the EU, as regulator, in the course of the DSA’s legislative procedure. First, it was undisputed that they were deeply involved in delivering essential public services. Second, neither the regulator nor any other public actor could realistically substitute for these services on its own. ¹¹³

The role of online intermediaries as providers of essential goods and services is based on their backbone function in modern societies: “Google and Facebook are increasingly part of our information infrastructure, shaping the distribution of and access to news, ideas and information on which our economy, culture and increasingly our politics depend.” ¹¹⁴ This infrastructure is crucial beyond digital markets. Many firms are dependent on these services as they can only reach potential consumers through Google or Facebook. Both users and businesses thus have to accept their “terms of service” when using this infrastructure, which turns platforms into gatekeepers. ¹¹⁵ In addition, this enables platforms to collect personal data from users as well as from businesses that operate on their platforms and make use of it; that is, a procedure referred to as “information exploitation.” ¹¹⁶ Their entrenched position goes back at least to the 2010s when public regulators encouraged private intermediaries to draft and enforce standards. From this time onwards, large platforms increasingly contributed to public functions.

For instance, when mushrooming hate speech threatened social peace, curbing it was undoubtedly a public task. Yet, the EU encouraged large platforms to make those quasi-collectively binding decisions; albeit in a politically objective way. Hence, platforms innovated by establishing in-house regulatory bodies, such as the Meta Oversight Board to “independently judge” and distinguish hate speech from free speech. ¹¹⁷ Farrand has recently demonstrated how “platforms have increasingly been brought into the regulatory structures for combating hate speech online.” ¹¹⁸ At the same time, intermediaries have left no doubt that their self-set rules (i.e., “terms of service”) would ultimately trump the non-binding codes of conduct agreed on at the EU level. ¹¹⁹ As a result, platforms unilaterally defined the standards and conditions for the regulatory targets (i.e. users) to access information and content. In other words, public regulators for a long time relied on private platforms’ self-initiatives and self-commitments to prevent hate speech.

Entrenching intermediaries in a position of providing public services (e.g., reducing hate speech) reinforced existing information asymmetries and strengthened their gatekeeper position. ¹²⁰ The regulator simply did not know how to implement measures against such things as hate speech. By contrast, intermediaries were able to enact this task and, then, feed their experiences back into the legislative process of the DSA. In addition to information about the technologies they were using and their knowledge of their own business models and algorithms, the large platforms thus also possessed detailed information about the substance of regulatory initiatives.

Given the political salience of some of these challenges, however, the regulator obviously did not fully surrender to Meta and Google. Instead, informal arrangements became increasingly prevalent. Since 2015 the annual EU Internet Forum, a “collaborative environment for governments in the EU, the internet industry, and other partners to (…) address the challenges posed by the presence of malicious and illegal content online,” ¹²¹ has provided an informal setting for discussing rules of data governance. Intermediaries have taken charge of helping to provide public functions. Informality has increasingly shaped the interactions between Google and Meta with the regulator. Politics has become more and more quiet.

This entrenchment pattern has been reinforced by a number of non-binding codes of conduct as well as further informal “meetings.” ¹²² During the legislative process for the DSA, for instance, informal coordination also extended to the member-state level. In a highly critical phase in November 2021, Google and Meta informally met up with Irish policy-makers, and “parties were granted confidentiality and assured that no detailed notes would be taken on their discussions, according to redacted emails released under FoI.” ¹²³

Moreover, Google and Meta’s entrenchment found expression in their frequent exchanges with the Commission. ¹²⁴ Over the entire period of our analysis, Google had 13, and Meta 11 meetings with representatives of the Commissioners, Thierry Breton (DG CONNECT) and Margrethe Vestager (DG COMP) ¹²⁵ . As trilogue meetings approached, the number of Commission meetings would increase. Otherwise, Google and Meta also had regular exchanges with parliamentarians (est. Google 23, Meta 16) and member state representatives, though data concerning these exchanges are clearly less reliable. ¹²⁶ The publicly available position of large platforms was generally status-quo-oriented and thus typical of vested interests that strongly benefit from the existing institutional order. In their public responses to the Inception Impact Assessment as well as their Public Consultation answers, Meta and Google both stressed that while new regulations were welcome, the basic framework of the previous regulations should remain in place. Emphasis was put on the idea of updating existing frameworks by identifying gaps and shortcomings rather than redrafting them from scratch. ¹²⁷ Up to this point, process-tracing suggests three main findings:

First, the EU’s prior internet regulation was ultimately one of self-regulation by intermediaries—or regulated self-regulation, as some authors have framed it. ¹²⁸ Platforms had a privileged institutional status as they were not liable for content distributed through their infrastructure. This regulatory design reinforced their gatekeeping position since the platforms were the ones defining the terms and conditions for the use of infrastructure crucial for information flows as well as digital markets. ¹²⁹ This has strongly leveraged large platforms, which drew on the entrenched positions they maintained thanks to holding critical information on the technological side as well as the regulatory side. Interactions between the regulator and intermediaries were mainly informal and, despite recurring public outrage, politics evolved in a relatively quiet way.

Second, the intermediaries’ provision of regulatory functions is indisputable. For example, the Commission had considered changes with regard to the prohibition of a general monitoring obligation but discarded the idea at an early stage, as is evident from the impact assessment. Changes to the provision might lead to obligations that “could disproportionately limit users’ freedom of expression and freedom to receive information, or could burden service providers excessively and disproportionately, and thus unduly interfere with their freedom to conduct a business.” ¹³⁰ This reflects the “permissive consensus” par excellence. ¹³¹ Users, rather than merely the platforms themselves, supposedly supported the regulatory status quo as platforms served a hinge function between sellers and customers.

Third, the extent to which public actors might substitute for private services was, at least, questionable. Whether it was more a case of the EU, as regulator, being unwilling to step in or being incapable of doing so cannot be definitely clarified. What is, however, clear is that large platforms were entrenched in the EU’s institutional setting of internet regulation. Despite their lack of formal veto, they were ultimately the indispensable partner and thus had manifold opportunities at their disposal to shape the legislative agenda.

To sum up the first part of our mechanism, platforms were clearly entrenched in the provision of public (infrastructural) services, which made them indispensable for any reform. They were in a largely autonomous position without strong control exercised by the regulator. The institutional opportunities for transforming potential platform power into power over outcomes were undoubtedly given.

Ideational platform power drives entrenched interests home…

Again in accordance with our mechanism, this second step will investigate how Google and Meta employed their ideational platform power to shape the design of the DSA. The intermediaries’ baseline approach was to position themselves as the technological experts whose solutions would help Europe to become innovative and competitive in digital markets. ¹³² Platforms thus aligned with small and medium enterprises (SMEs), ¹³³ which were “the backbone of Europe’s economy” ¹³⁴ and represented 99 percent of businesses in the EU. Google emphasized in its public consultation submission that its services “helped SMEs to enter and expand rapidly in new markets by improving their ability to find and connect with potential new customers.” ¹³⁵ This is enacting platform power—that is, implicitly pointing out how stricter regulations might ultimately antagonize the majority of consumers. Therefore, platform representatives argued that a ban on targeted advertising, “would be detrimental also to SMEs.” ¹³⁶ These ads were allegedly in the public interest; and only coincidentally accounted for more than two-thirds of most platforms’ revenues. As the research groups, Corporate Europe Observatory and Lobby Control, summed up the situation as regards Google: “the tech giant wanted to push for new narratives that focused less on the company itself and more on the alleged ‘unintended impact’ of well-meaning regulatory policies.” ¹³⁷ While platforms did not always succeed in building a coalition with SMEs, their ideas for providing the foundations of innovation shaped the reform agenda. After having pointed out platforms’ baseline approach, we distinguish between two main pillars of the DSA that the large platforms targeted with their ideational strategies, namely non-liability and technical flexibility.

First, from the outset, large platforms fought fiercely against the idea of becoming legally liable—unlike media companies—for the content posted via their channels. They were no more in favor of strict and precise regulations governing how harmful content should be moderated. According to Politico and other news outlets, however, the preparations for the DSA in 2019 had been moving in precisely these directions. This new idea would have critically tied in with evolving case law. Most significantly, the European Court of Human Rights addressed the balance between freedom of expression and illegal speech in Delfi v Estonia (2013). It concluded that an online intermediary may be held liable for third-party content, even if it had no actual knowledge of that content. The Court thus opted for a narrow interpretation of the liability of online intermediaries. In light of there being some opposition to this ruling, the Court took a more nuanced perspective in MTE v Hungary in 2016. It added refinements regarding the illegal nature of speech and thus the criteria under which intermediaries might be held liable. ¹³⁸ Yet, Pandora’s box had been opened, and this severely threatened both the entrenched power position of the intermediaries and their business models. Unlike under the status quo, platforms under legal pressure to moderate content adequately would forfeit autonomy and no longer be able to decide unilaterally how information was to be accessed and distributed.

However, Google and Meta vehemently insisted on the premise of not being liable—with some pre-specified exceptions—and, instead, introduced the legally non-binding notion of responsibility. Meta continuously resisted all attempts by stating that a “strict liability regime holding online intermediaries directly liable would have prevented a whole range of innovative services from entering the market and would have resulted in overremoval of content.” ¹³⁹ Interestingly, large platforms not only stood up for the public good of innovation but also stressed that there was no technical solution for the political problem. Large platforms “do not possess the capacity and requisite knowledge to comprehensively assess the legality of most content on their platforms.” ¹⁴⁰ Instead, non-binding responsibility was supported. “The platform then has a responsibility to take appropriate action on that content. (…) We take our responsibility seriously.” ¹⁴¹

When the Commission was still setting up the first legislative proposal in 2020, platforms did not merely oppose reforms, but they had already argued strongly in favor of the constructive idea of responsibility during meetings with members of the Breton and Vestager cabinets—thus in direct interactions. Internal notes show that representatives of Meta advocated for “responsibility for the content that is being published, secondary liability.” ¹⁴² That is to say, they wanted to keep things as they were, according to the notes of a meeting with Google: “Important to preserve the main principles of the E-Commerce Directive (country of origin, liability exemption and incentives for voluntary action).” ¹⁴³ While the notion of responsibility was not completely novel to the digital realm, platforms rapidly took it up and re-interpreted it to avert a stricter liability regime by advancing new ideas toward the policy agenda. In its Public Consultation Response, Meta argued for establishing two distinct, rather than, one idea: “[A]ny new framework needs to clearly distinguish between the liability and responsibility of online intermediaries.” ¹⁴⁴

Platforms forcefully fought for their new idea of responsibility. When Google’s lobbying strategy was leaked, however, its resolve to defend the status quo of non-liability could no longer be questioned. The intermediary was supposedly taking a multi-pronged approach—via both third parties and events. As Corporate Observatory noted, Big Tech’s “message is amplified by a wide network of think tanks and other third parties.” ¹⁴⁵ This suggests that there was some kind of interest coalition between the platforms and those business organizations that they are members of and they fund in significant parts. ¹⁴⁶ Google and Meta, for instance, are prominent members of the trade association Dot.Europe (i.e. formerly known as EDiMA). ¹⁴⁷ The association proactively sent its so-called “Responsibility Framework” to the DG CONNECT and Commissioners Breton and Vestager. Again, they sought to add responsibility to liability with the objective of weakening a strict notion of liability. They emphasized, “that a new framework should be created which clearly distinguishes between the principles of responsibility and liability.” ¹⁴⁸ According to the leaked document, the focus was on informal meetings with these two DGs; and the objective was ultimately to seed conflicts within the Commission: “The document singled out Mr Breton, who has been one of the EU’s chief proponents of breaking up big tech companies, listing among its objectives to “increase pushback” on the French commissioner, while also ‘weakening support’ for the proposed legislation within Brussels.” ¹⁴⁹ Our process-tracing analysis demonstrates that—despite of the regulator’s initial willingness and the evolving case law—platforms have succeeded in re-frame the agenda for re-moving the idea of liability step-by-step.

At the outset of the legislative process, tightened control of intermediaries was no longer reflected by the first “official” proposals made by the Commission. The idea of conditionality between the liability exemption and the due diligence regime was initially considered by the Commission as they stated in their Impact Assessment. However, it was “discarded, as failing to achieve the objectives of the intervention, placing disproportionate burdens on authorities, and introducing further legal uncertainty on service providers.” ¹⁵⁰ Platforms that do not comply with the due diligence obligation, thus do not have to fear losing their liability exemption but must pay a fine that could, however, be up to 6 percent of their annual turnover. ¹⁵¹

During the legislative process, the JURIs parliamentary report amended the Commission’s initial proposal by making the liability exemption conditional on specific time-frames for platforms to remove flagged content. The Committee on the Internal Market and Consumer Protection even invited the famous whistleblower, Frances Haugen, for a public hearing on “Whistleblowers’ testimonies on the negative impact of big tech companies’ products on users.” The final report of the committee also amended the initial Commission’s text by imposing deadlines for illegal content removal.

Towards the end of the DSA’s legislative process, the idea of responsibility eventually arrived in the European Parliament. This was increasingly evident in several debates between 2020 and 2022. For instance, Rapporteur Andreas Schwab stated in the debate immediately before the vote on the first reading: “For the first time, platforms will have to take responsibility for the legality of the content posted there.” ¹⁵² Parliamentarians repeatedly drew on the notion of “responsibility” rather than that of liability. In short, platforms had evaded tighter control by watering down the available ideas for content moderation.

Second, platforms put forward the idea that the DSA should not by any means become “over-prescriptive” with regard to technology. Again, they defended the status quo. Google even stated: “That is, they should avoid mandating specific technological fixes (emphasis added).” ¹⁵³ Instead, the gatekeepers, Google and Meta themselves, should decide what the appropriate solution would be in the event of a problem. Meeting notes show that Meta emphasized to members of the Commission that “platforms and AI knows [sic] what to look for.” ¹⁵⁴ This also applied to rules to moderate harmful content. Rather than precise and predefined rules, Google and Meta argued for ideas of flexible and non-binding “codes of conduct.” ¹⁵⁵ “Any regulation looking at harmful content should focus on ways to hold internet companies accountable for having certain systems and procedures in place to address harmful content rather than holding them liable for specific content.” ¹⁵⁶ In other words, platforms promoted ideas of autonomy and rejected those of control.

For instance, the three legislators—Commission, Parliament, and Council—had initially discussed a complete ban on targeted advertising. The platforms, whose business model would be threatened, responded to these ideas by suggesting technological fixes against “information exploitation.” Autonomy over employing the targeted advertising technology could thus be preserved. According to the memo, Google noted during a meeting that it was “increasingly able to do the same with less data or using synthetic data.” ¹⁵⁷ In any case “regulation that is overly prescriptive or rigid could interfere with development and uptake of digital services.” ¹⁵⁸ Tracing the meeting notes demonstrated that Google and Meta pointed out initiatives and technological developments to the Commission. In doing so, they proposed a variety of technological solutions and recommended themselves as the ones with technological expertise.

At the same time, Meta and Google repeatedly insisted on the idea that not even technologically innovative firms, such as themselves, could predict innovation paths. Therefore, technologically specific tools should be avoided: Again, “relying on automatic filtering and detection leads to significant over-removals of content.” ¹⁵⁹ They continued: “While breakthroughs in machine learning and other technology are impressive, the technology is far from perfect, and less accurate on more nuanced or context-dependent content.” ¹⁶⁰ In particular, Google stressed the idea that regulation should not prescribe specific technologies to combat problems: “Flexibility to accommodate new technology: Given the fast-evolving nature of the sector, laws should be technologically neutral” (emphasis added). ¹⁶¹ Policy needed to remain flexible: “In any event, we believe regulatory reform of any kind should aim to be flexible and future-proof to adapt to technological change and accommodate the diverse European tech ecosystem.” ¹⁶² In short, they vehemently advanced the idea of future platform autonomy rather than increasing regulator control.

In sum, our process-tracing analysis shows how large platforms such as Google and Meta adopted two ideational strategies. They put their reputation as technical experts up front and sought to comment on alternative ideas from a third-party-expert perspective. On that basis they fiercely challenged any ideas on binding liability, proposing a commitment to responsibility in its place. Based on a similar argumentative pattern, they described most political problems as being based on technical challenges. Since these challenges cannot be predicted, they promoted the idea that the expert should—autonomously—deal with them in the future. Technologies needed to remain general, flexible, or simply open. These ideational strategies strongly suggest autonomy for intermediaries and loss of control by the regulator. It will be “technological experts” that resolve future problems. As a result, big tech would predominate the day-by-day practices of internet regulation in the EU and beyond.

Conclusion

Our paper contributes, on the one hand, to a reconceptualization of the EU’s recent DSA as a (weak) regulatory capture by large platforms that are clearly closer to the status quo than to a new and ground-breaking constitution of the internet. The DSA manifests liability exemptions of platforms preserving the fundament of the previous regulatory regime. The intermediaries’ autonomy from the EU’s tight control was reinforced as platforms remained institutionalized providers as enforcers of last resort. This becomes specifically visible in the technological openness of the DSA which puts them as autonomous experts and hub for future considerations. At the same time, the enforcement framework heavily relies on platforms’ assessments when it comes to build a comprehensive supervision. On the other hand, we have integrated the notion of platform power into the RIT model and fleshed out how entrenched gatekeepers and the exploitation of ideational asymmetries helped to move regulatory outcomes closer to the preferences of intermediaries. This explanation proved not only robust in our process-tracing analysis of the EU’s legislative process for the DSA, but is contingently applicable to platforms’ exertion of regulatory influence to other areas of content moderation, such as “political advertizing” or even “terrorist content.”

We also demonstrated that—even under the least-likely conditions of the EU’s digital governance regime ¹⁶³ —the operation of platform power led to regulatory capture of the DSA, albeit in a weak form. It is weak given that the “net social benefits of regulation are diminished as a result of special interest influence, but remain positive overall.” ¹⁶⁴ The regulatory targets, individual users in the EU, will be certainly better off than they would have been under a self-regulatory regime run by the platforms on the basis of the 20-year-old e-commerce directive. In light of the huge demand for tighter regulation and the initial Brussels consensus, however, the DSA is undoubtedly a missed opportunity. Our process-tracing has demonstrated how the regulatory terms lost their focus on the goal of public interest (esp. protection of private data, adequate content moderation, prevention of any destabilization of democracy) and moved toward guaranteeing the intermediaries’ autonomy (esp. as ultimate enforcers). Platforms successfully advanced an ideational shift from strict legal liability toward a vague notion of responsibility. Neither could the legislative process show why the preservation of targeted advertising would be in the public interest. Instead, what became clear was the “permissive consensus” that operates when platforms shape legislative processes. Regulators seem to fear—or, at least, take into account—the users’ diffuse support of platforms that they do not wish to antagonize. This shows the supplementary nature of our “platform power mechanism” to scholarship that stresses the importance of consumers for exerting policy influence.

The explanation of this (weak) regulatory capture draws on the RIT model that pointed us to focus on the interactions between the EU as a regulator and large platforms as intermediaries in an institutional reform process. Our ‘platform power mechanism’ helped us to trace how the influence of intermediaries could unfold systematically. We argued that the entrenched position of large platforms has enabled them to move the policy process into a quiet mode, which has allowed them entangling the regulator with an ideational narrative concerning their indispensability, responsibility, and neutrality. Intermediaries’ autonomy from tight control by the EU was able to be maintained and even reinforced for the future. As a result, Meta, Google, and other big tech platforms will necessarily be involved in any attempt to reform internet regulation. They have indirectly reserved their seats at a future quiet table.

Finally, this effectiveness of “platform power” prompts several normative concerns. The paper has shown that the initial Brussels consensus could have been expected to constrain the unfolding of the large platforms’ influence. The specific conditions of DSA legislation together with the more general constraints on business actors might have led to another regulatory outcome. Scholarship on interest group success has demonstrated that, whenever the European Parliament is involved in legislation, it is the preferences of citizen groups rather than business that prevail. ¹⁶⁵ Yet, platform power seems to operate at a level beyond that of conventional business groups. When we integrate more scholarly insights with our findings, we may derive some important suggestions about how platforms exercise this expanded influence. Heike Klüver ¹⁶⁶ has, first, revealed the importance of coalition politics, something we support and supplement with our findings on the essentially joint approach of Google and Meta. Second, she stresses that information asymmetries form the basis of business influence. When we combine this explanation with the two steps of our “platform power mechanism,” the unfolding of platform power becomes comprehensible. The intermediaries’ entrenched position provides them not only with a reputation of indispensability but also with informational advantages that they, then, made use of by combining an ideational narrative of responsibility with one of technically neutral expertise. To some extent, the regulator trades influence for information supply; or, in the words of Abbott et al., ¹⁶⁷ the EU gains competence at the expense of control over platforms. Public regulators can either engage with competent intermediaries that are, however, hard to control; or they may exercise tight control of non-competent intermediaries. One of the general “lessons learned” from our study is thus to shed light on how highly competent intermediaries persistently succeed to avert future public control. The key political question for regulators will be where to draw the line—and this applies to digital platforms as much as, for instance, to the banking or semiconductor industries.

In conclusion, this rise of “platform capitalism” has arguably tilted the balance between regulators and intermediaries in favor of the latter. ¹⁶⁸ Digital networks are mostly owned and operated by private providers. They strive for profits and market shares; yet, they have become entrenched in providing some of the most essential functions for modern societies. Therefore, regulators worldwide necessarily need to collaborate with them as regards infrastructure, but they also need to work with those that run the exchange of information, such as search engines and social networks. ¹⁶⁹ Today’s internet regulations are thus not the end of the story, merely a stopover, since digitalization will advance further on the back of ever more intrusive artificial intelligence, which similarly awaits effective regulatory measures taken on behalf of the public interest.