Gerard de Graaf is charged with making sure Silicon Valley plays by Europe’s rules—but Elon Musk isn’t answering his email.
Gerard de Graaf’s office is easy to miss.
Gerard de Graaf’s office is easy to miss.
Since September, de Graaf and his three-person team have been installed in a corner of the Irish consulate on the 23rd floor of a high-rise building in downtown San Francisco. There’s no sign he’s even there when you exit the elevator bank, where signs for the consulate and Tourism Ireland greet visitors.
At the back of a conference room, next to a door with an image of a golden harp on a blue background (the national symbol of Ireland), the writing on the wall reads “Delegation of the European Union-San Francisco Office.”
It’s the kind of makeshift co-working arrangement familiar to dozens of smaller players in the technology industry that de Graaf has been working to regulate for years.
“It’s like starting up a company,” de Graaf said in an interview in late November on his new role as senior EU envoy for digital. In keeping with the hectic pace of a start-up, the interview was rescheduled twice before being switched from in person to virtual.
“We wanted to start quickly, and we are growing,” de Graaf said. “You might end up in an office that is either too big or too small. The Irish have been very generous in saying, ‘OK, you can co-locate with us.’”
But he is well aware that as the team grows—the aim is to at least double to eight people in the near future—things will start to get a little bit cramped. De Graaf’s role is part enforcer, part liaison, and part evangelist for Europe’s approach to technology regulation, and the next few months will be crucial.
While de Graaf said his role is merely to be “an interface” between the U.S. tech industry and his colleagues in Brussels, it’s hard not to conceive of this as a David and Goliath-style battle. Barely a mile down the road from de Graaf’s digs at the Irish consulate is Twitter’s massive headquarters. Meta and Google have large offices nearby in addition to their sprawling headquarters about an hour outside of San Francisco in Menlo Park and Mountain View, respectively. Keep driving and you hit Apple’s futuristic, spaceship-like campus, built on land spanning more than 170 acres.
De Graaf has moved from Brussels to the Bay Area to spread word on the Digital Services Act (DSA), which was recently passed by the European Parliament. This act is the latest in a series of landmark pieces of legislation by the European Union that impose far-reaching obligations on large technology companies, and it could reshape large parts of the internet as we know it. De Graaf was heavily involved in drafting the DSA and its sister legislation, the Digital Markets Act (DMA)—aimed at checking the potential monopoly power of large tech firms—in his previous role at the European Commission.
The DSA subjects online platforms to stringent content moderation and transparency requirements. These include quickly taking down illegal content (or illegal goods sold on e-commerce sites), revealing how their recommendation algorithms work, giving users the ability to challenge content takedown decisions, and banning targeted advertising to children.
The law will also designate companies with more than 45 million users in the EU as “very large” platforms and search engines. This group would include several big U.S. tech companies, such as Meta, Apple, Google, and Amazon. Those platforms will face additional rules, including independent audits, risk assessments, and giving researchers access to their internal data.
Companies have until early next year to report their total user numbers, following which the European Commission will designate the ones that qualify as “very large” and give them four months to come into compliance with the regulations.
Many of those companies will also be subject to the DMA, which designates a set of “gatekeeper” digital platforms that have outsized influence on the way people access services online. Those gatekeepers—app stores operated by Google and Apple on the smartphones they sell, for instance—would have to allow certain third-party services, give businesses that sell through those stores access to their data, and be restricted from favoring its own services or forcing users to use pre-installed apps, among other requirements.
The penalties for noncompliance are significant. Companies violating the DSA will be fined up to 6 percent of their annual revenue, a number that rises up to 10 percent (or 20 percent for repeat offenses) for the DMA. For the likes of Apple, Google, Amazon, and Meta, that means tens of billions of dollars. In particularly egregious cases—such as repeat offenses of the laws—they could even be banned from operating in Europe by the continent’s courts, senior officials in Brussels have said.
Europe has already shown an unparalleled willingness to go after Big Tech aggressively, slapping record fines on Google, Amazon, and Meta that is worth billions of dollars collectively for flouting EU data protection regulations and indulging in anti-competitive practices.
And it’s not just the digital realm EU regulators are going after. This year, they approved a rule mandating that electronic devices, including smartphones and tablets, support the common charging standard USB-C port—a rule that will disproportionately affect Apple, which has long made money off selling unique proprietary charging cables with its devices. (Apple has said it will comply with the law, which is set to go into effect by 2024.)
It helps that de Graaf, 61, has decades of experience in tech policy and has been with the European Commission since 1991. He studied regional planning, economics, and law before joining the commission after a stint in the private sector, where he ran an industrial market research company.
This is his second stint in the United States; he served as a trade counselor for the European Commission in Washington between 1997 and 2001, focusing in part on data protection and technology. Over the ensuing years, he also worked on Europe’s innovation policy and cybersecurity issues, among other things.
He is an envoy by title and is often referred to as Europe’s “ambassador” to Silicon Valley, but he is not a diplomat in the traditional sense, he said—the kind who “gets a briefing from headquarters and then goes out and says, ‘OK, the DSA and DMA is really important. How are you doing? Any issues that you find challenging? Can we help?’”
His underlying message—as well as the EU’s—is unambiguous: Europe will engage with the tech industry in crafting and implementing its rules but give no quarter when it comes to protecting its citizens online.
“If you are within the scope of that measure, you will have to comply, and you have to demonstrate the capacity to comply,” he said. “The enforcement will have to be there, and there is a big stick behind the door.”
De Graaf is bedding in at a time when Silicon Valley is struggling more than it has in several years. The historic tech boom engendered by the pandemic has crashed in spectacular fashion, with tens of thousands of employees laid off in November at Meta, Amazon, and several other companies—and with many more companies slowing or freezing hiring.
The elephant in the room, of course, is Twitter. While smaller than many of the other platforms de Graaf’s team is dealing with by hundreds of millions of users, the social media platform plays an outsized role in driving the global conversation and is frequently used by world leaders and government agencies to convey and even shape policy. De Graaf joined the platform in November with an @EUinSF Twitter account in an effort to more directly engage with Silicon Valley and the public in his new role.
Billionaire Elon Musk had purchased Twitter for $44 billion the previous month and proceeded to lay off roughly half of its 7,500-strong global workforce, including its human rights team and much of its content moderation teams. Senior executives in charge of security, trust, and safety left the company soon after.
Musk has publicly expressed his support for the DSA, saying in a conversation with Thierry Breton, the European commissioner for the internal market, in May—before Musk officially bought Twitter—that the law was “exactly aligned” with his own thinking. “I think we’re very much of the same mind, and I think that anything my companies can do that would be beneficial to Europe, we want to do that,” the billionaire said.
But Musk hasn’t made a public statement on the European regulations since actually taking over the platform in late October, and de Graaf—sitting about eight blocks from Twitter’s headquarters—said his team hasn’t been able to get a meeting.
“We’ve tried to interact with the company; it was very difficult,” he said, adding that many of the people they were emailing left or were fired.
Twitter remains a big concern of de Graaf’s. “You have a piece of legislation which will enter into force in the next six to eight months, and you see a very important company basically kind of decreasing quite significantly its capacity to moderate content,” he said.
Like everyone else, however, Musk will have no choice but to comply when the DSA starts being enforced next summer. “And if that’s not the case, then there will be consequences, even to the point—which is the very, very last resort—where services can be closed down,” de Graaf said.
Another priority of de Graaf’s is to engage with U.S. regulators and lawmakers to build a united Western approach to technology, which he hopes will stand in contrast to approaches adopted by authoritarian governments, such as China and Russia.
“I would define success [as] we are closer together,” he said. “Maybe we’ve learned—taken some bits from the U.S., the U.S. has taken some bits from us—and as a result, both of us as leading democracies in the world, we kind of are a lighthouse for other countries.”
U.S. lawmakers and regulators have stepped up their efforts to bring Big Tech to heel in recent years, with ongoing antitrust lawsuits pitting Amazon, Meta, and Google against several pieces of proposed legislation. But they’ve moved far slower than their European counterparts.
“The EU is not the only one that asks itself the question: How can we keep the internet safe and, at the same time, protect our fundamental freedoms? Or how do we make sure that the internet remains competitive and isn’t kind of cornered by a limited number of very, very large companies that basically become quasi-monopolies?” de Graaf added. “Those questions are being asked all around the world, but we are the first ones that are giving answers to these questions in the form of regulatory measures that are enforceable.”
Next year will set the tone, with the DMA and DSA taking full effect early on. “That’s, of course, one of the things that a lot of countries are now looking at. It’s all nice on a piece of paper, [but] how is this going to be enforced by the European Union, and what are the effects we’re going to see as a result?” de Graaf said.
There has been friction, of course. Big Tech companies are pushing back and criticizing EU regulations, including the DSA, arguing that some measures could harm innovation, hurt small businesses that depend on larger platforms, and make devices less secure if they are opened up to third-party services.
At a panel discussion about the DSA at de Graaf’s office on Dec. 8, representatives of Apple, Google, and Meta were in attendance to talk about the law. (Attendance from Twitter was notably absent.) In front of an audience of a few dozen people—technology executives, academics, journalists, and policy representatives—de Graaf was the only panelist in a suit, and he spoke calmly even when the debate was at times combative.
“Platforms don’t want to become the vehicles for illegal content and disinformation,” he said, highlighting what he believes is the legislation’s win-win nature.
A couple of panelists asked if the DSA’s content moderation rules could end up suppressing speech. De Graaf responded by stressing that the EU was not in favor of “over-removal” of content. The law, he said, is “about protecting the fundamental rights of our citizens when they upload and they express their opinions.”
It is not, he told FP earlier, about lecturing or finger-pointing. Europe’s focus is on creating regulatory systems rather than going after any particular companies. He compared it to actions taken to regulate the financial and medical sectors.
“Like we regulate banks, we regulate pharmaceuticals because we want people not to get sick when they take medication. We regulate cars because we don’t want people to get into accidents because of malfunctioning of motor vehicles. We should also regulate these tech platforms.”
Showing he’s not completely different from other diplomats, de Graaf was at pains to stress how pleasantly surprised he was by Silicon Valley’s receptiveness to European ideas.
“I have thought that maybe we would have encountered more critical voices about what the EU is doing,” he said. “So that has been a positive surprise, to see the interest and I think also the recognition that Europe is not doing stupid things.”
Rishi Iyengar is a reporter at Foreign Policy. Twitter: @Iyengarish
More from Foreign Policy
A New Multilateralism
How the United States can rejuvenate the global institutions it created.
America Prepares for a Pacific War With China It Doesn’t Want
Embedded with U.S. forces in the Pacific, I saw the dilemmas of deterrence firsthand.
The Endless Frustration of Chinese Diplomacy
Beijing’s representatives are always scared they could be the next to vanish.
The End of America’s Middle East
The region’s four major countries have all forfeited Washington’s trust.