The European Union Digital Services Act (DSA) now applies to all digital “intermediary services” that provide users with access to online goods, services, and content. The DSA took effect on November 16, 2022, and regulates a wide range of aspects such as transparency, safety, targeted advertising, and liability for illegal content. The broad range of obligations under the DSA varies depending on the category of online service. The most stringent regulations—which are for very large online platforms (VLOPs) and very large online search engines (VLOSEs)—were the first to take effect. Beginning on February 17, 2024, the majority of regulations in the DSA became enforceable to all applicable providers of online services.
Quick Hits
- The DSA forms a key element of the EU’s Digital Strategy to strengthen the legal framework for digital advancements and ensure a safe online environment for EU residents.
- The DSA aims to enable more informed business decisions by increasing the transparency of online services internal operations.
- The extraterritorial application of the DSA means that it also applies to non-EU organisations that target the EU market or that have a significant number of EU users.
The Digital Services Act does not affect all online services in the same way and instead has provisions based on the category of the service. Three categories of “intermediary services” are covered by the DSA, including “mere conduit services,” “caching services” and “hosting services.” Article 3 of the DSA provides definitions for each of the three categories of services, while recital 29 provides examples. In general, “intermediary services” refers to:
- enabling the access or transmission of information via a communication network;
- storing data temporarily as it is transferred via recipients of the service network to increase the efficiency of that data exchange; and
- storing information provided by the recipients of the service at their request.
Depending on the type of service, the DSA sets various obligations. These include the following:
Transparency and Notice
There are transparency reporting obligations for all online platforms and hosting services. Providers are required to submit a public report when notices are received regarding content moderation. This means a “statement of reasons” must be provided to a European Commission public database whenever content is restricted or removed. Public reports must contain information such as the amount of content removed, the number of notices received, and the number of orders from all relevant national judicial or administrative authorities. Online platforms must prioritise notices by organisations deemed “trusted flaggers” by the designated member state’s Digital Services Coordinator (DSC). Additional transparency requirements apply for VLOPs and VLOSEs. Some reports for these platforms have already been published.
Clarity and Accessibility
Service providers must clearly describe any restrictions they impose on the use of their services in their terms and conditions and must correctly enforce such restrictions. Additionally, services aimed at users under eighteen years of age must provide conditions and restrictions in a manner understandable to a minor.
Online platforms must create online platform interfaces that do not interfere with the ability of service recipients to make free and informed decisions and are prohibited from using malicious nudging such as “dark patterns” which are incorporated into digital design interfaces to distort the choices of the user. They must also provide transparency regarding any advertisements that may appear on their platforms. The DSA requires online platforms to establish an internal complaint management system. The DSA also directs EU member states to establish certified out-of-court dispute settlement bodies to handle disputes about withdrawn content that were not resolved through an online provider’s internal complaint management system.
Intermediary services must provide two points of contact: one for the recipients of the services and one to permit direct communication with the DSC. Providers that are not based in the European Union but provide services there must appoint a legal representative in the European Union.
Hosting Services Additional Obligations
As well as the obligations applicable to all providers of intermediary services, the providers of hosting services must establish a mechanism to enable third parties to notify the presence of allegedly illegal content. If a provider chooses to delete information, suspend, or end service delivery, it must give the relevant user a reasoned explanation. Should the finding raise concern of a criminal offence national law enforcement or judicial authorities must be informed.
Online Marketplaces
In addition to online platforms’ obligations, online marketplaces will be required to assess whether traders have sufficient and reliable information. Furthermore, online marketplaces are required to implement mechanisms for flagging illegal content and goods that infringe a trader’s rights, including intellectual property rights, or that compete on an unfair level.
Noncompliance
The DSA carries significant fines for noncompliance, including up to 6 percent of an organisation’s annual global turnover.
The European Commission together with DSCs will continue to enforce the DSA, with further obligations set to take effect in 2025. The DSA will indirectly affect a large group of organisations, including online traders and intellectual property owners such as brand owners. Organisations may wish to remain aware of these updates and evaluate their compliance with the latest provisions of the DSA.
Lorraine Matthews contributed to this article.