Facebook’s recent rebranding as Meta brought the term and concept of metaverse to the attention of general public, sparking a policy debate around it. Although the concept of metaverse is far from being new, being first mentioned by Niels Stephenson in his 1993 novel Snow Crash, its application has seen a strong uptake thanks to emerging new technologies such as artificial intelligence (AI) and blockchain.
While it’s difficult to reach consensus around an exact classification of ‘metaverse’, the following definition can be adopted for policy purposes: an immersive and constant virtual 3D world where people interact by means of an avatar to carry out a wide range of activities (Council of the European Union, 2022).
To further understand the concept and its current commercial development, the metaverse can be associated to a sort of Web3 (with Web1 being the world wide web and Web2 being social media). Especially compared to Web2 and social media / e-commerce, the metaverse presents four key features, namely: realism; ubiquity (as it is accessible via all digital services, but with one digital ID); interoperability; and scalability (presence of multiple persons at the same time) (European Parliament Research Service, 2022).
As a de facto virtual transposition of reality, the metaverse poses numerous policy and regulatory challenges: both policymakers and end-users are considering how and to what extent EU laws will apply to this new technology.
A widely spread etiquette has been assigned by the general public to the metaverse as an unregulated technology: EU Commissioner for the Internal Market Thierry Breton, made it clear that “we (the EU) intend to shape from the outset the development of truly safe and thriving metaverses”.
For selected policy areas, it is possible to discuss which the challenges posed by the metaverse are and whether an existing regulatory framework applies.
From a competition policy standpoint, many have pointed at the fact that the development of the metaverse may exacerbate the problem of so-called ‘killer acquisitions’ in the tech market, notably acquisitions by large companies of nascent competitors in the metaverse domain.
Rather, recent regulatory trends point at the fact that antitrust regulators will have more powers to scrutinise and eventually block such acquisitions: with the new 2021 guidance on the application of the EU Merger Regulation (EUMR), the Commission clarified that national competition authorities can ask for scrutiny on acquisitions that fall below the turnover thresholds required by the EUMR, when they see possible anticompetitive effects arising from the merger. In turn, tech acquisitions, especially in the metaverse (e.g. in the gaming industry) are likely to be scrutinised more often as they have a high value, while having low turnovers. To make an example of the latter, in 2012 Facebook paid as much as USD 1 billion for Instagram, despite the photo-sharing app seeing very low turnover at the time.
Further to the above, the recently adopted regulatory framework to tackle Big Tech’s market power, the Digital Markets Act, will require in-scope platforms such as Google, Meta and Amazon to notify the Commission about planned acquisitions of other tech companies – further reinforcing the scrutiny power of the EU in this domain.
Anti-competitive practices by incumbent metaverse operators are also very likely to fall under the scope of the Digital Markets Act and of similar national laws: the German competition authority (Bundeskartellamt) was recently able to force Meta to untie the use of its virtual reality (VR) headsets – namely the metaverse’s hardware – from a users’ Facebook account.
Standards & interoperability
As EU Commissioner Thierry Breton suggested, “private metaverses should develop based on interoperable standards and no single private player should hold the key to the public square or set its terms and conditions”. This hints at the fact that the EU wants to treat the metaverse as a public good-lookalike and foster open technological standards that in principle should allow all market players to step in. In the case of the metaverse, technological standards may indeed vary as regards user-generated content, avatars, identity management and financial transactions, inter alia.
Technology standardisation in the EU is a market-driven process that involves industry fora such as the European Telecommunications Standards Institute, where market players voluntarily agree on harmonised technical standards for widespread technologies such as Wi-Fi, 5G and others. These European Standardisation Organisations (ESO), which welcome both EU and non-EU companies’ representatives, are governed by an EU regulation, n. 1025/2012, that allows the European Commission to request the development of a given standard, and the ESO to accept or decline such request.
Recently adopted amendments to Regulation 1025/2012 will especially allow representatives from EU and European Economic Area industries, sitting in ESOs boards, to accept a standardisation request – and consequently develop a given technological standard – without the need for non-EU representatives to also vote favourably. This revised framework will, in principle, allow the EU Commission to pursue its objective of an open-standard and interoperable metaverse, by agreeing with EU companies on which standards to adopt.
This is, of course, without prejudice to the international scenario, where standardisation happens in similar industry-driven fora but with a global footprint: for example, in June 2022, a Metaverse Standards Forum was launched, with the participation of major non-EU companies such Meta, Microsoft, Huawei and Qualcomm.
The spread of illegal and harmful content (e.g. verbal and sexual harassment, disinformation) may take place in the metaverse as well and could be exacerbated in a context of immersive reality. In this regard, the structure of the metaverse may in fact complicate things when it comes to defining the scope of regulations: as a virtual reality experience, the metaverses are developed on an operating system and different services (from e-commerce, to social interaction) may be offered on the same platform by different providers.
The EU recently adopted an all-encompassing, horizontal regulation to tackle online harm, dubbed as Digital Services Act (DSA). Under the regulation, very large online platforms, notably those with more than 45 million users in the EU, will shortly have to comply with some onerous risk assessment and auditing duties, as well as develop notice, take-down and redress mechanisms. Notwithstanding the complexities of the metaverse as outlined above, it is highly likely that providers of platforms that allow user interaction within a part of the metaverse, or which act as intermediaries for the spread of user-generated content, will fall under the scope of the DSA and thus be subject to content moderation requirements.
Within the same context, likewise important regulatory aspects will also be addressed by in-the-making EU laws such as the regulation on transparency of political online advertisement and the new rules to fight the spread of child sexual abuse materials online.
Although not directly linked to the virtual component of the metaverse per se, cybersecurity issues may also arise in connection to use of hardware, namely the virtual reality (VR) and extended reality (XR) headsets.
Even in this domain, the EU has developed a regulatory framework called Cyber Resilience Act – currently in the form of a Commission’s draft Regulation that will undergo amendments by the European Parliament and the Council of the EU.
In the legislator’s intention, the Cyber Resilience Act will indeed provide a basic set of cybersecurity requirements for Internet of Things (IoT) devices, such as VR and XR headsets. These requirements span from security by default configuration (e.g. the possibility to reset the product), to the development of control mechanisms for authentication of users.
Contrary to widespread narrative, and while only considering the selected policy areas, the metaverse is not a non-regulated technological environment. In the EU, the recently enhanced digital regulatory framework will provide a comprehensive set of rules to address possible challenges arising from the uptake of metaverses, spanning from competition and antitrust, to content moderation and cybersecurity.
Whether this regulatory framework is fit for the purpose of mitigating risks and maximising opportunities remains to be seen: premature or not flexible enough regulation risks being outpaced by market and technological developments, hence hampering innovation.
Rather, the existence of such a wide array of tech laws should point EU regulators towards, on one side, efficient enforcement, as well as on smart and future-proof legislative drafting in the cases of draft laws such as the Cyber Resilience Act and the upcoming regulations of AI and AI liability.
New developments are further expected for mid-2023, when the European Commission will publish a non-legislative initiative on the metaverse, widely expected to be a roadmap on how to best use existing regulations to allow the development of the virtual worlds.
IDRN does not take an institutional position and we encourage a diversity of opinions and perspectives in order to maximise the public good.
De Falco, F. D. (2022) Metaverse: The next European policy challenge?, IDRN, 22 December. Available at: https://idrn.eu/metaverse-the-next-european-policy-challenge/ %5BAccessed dd/mm/yyyy].