The Digital Services Act is undoubtedly a key piece of EU digital legislation. The significance and potential impact of the DSA Regulation is compared by some to the GDPR. While this comparison is not an exact match, the DSA will, like the GDPR, find direct application in EU Member States.
The DSA will unify and fundamentally change the liability framework for online intermediaries operating in the EU. The DSA regulation definitely tightens the requirements for online intermediary service providers regarding, among other things, managing illegal and harmful content and the goods and services sold through them. However, the DSA does not treat all providers of such services on an equal footing.
Regulation (EU) 2022/2065 of the European Parliament and of the Council of 19 October 2022 on a Single Market For Digital Services and amending Directive 2000/31/EC (Digital Services Act, here: the “DSA” or the “DSA Regulation“) entered into force on 16 November 2022, with the new piece of legislation commonly being referred to as the “Constitution of the Internet”.
The “Constitution of the Internet” – Who is affected by the new regulations
The DSA Regulation sets out a new framework for the conduct of business by all online intermediary service providers delivering services to customers established or resident in the European Union. Most of the provisions of the DSA will come into force on 17 February 2024, but online platform operators that are not micro or small businesses will be required to publish information on the number of active users as early as next year.
Businesses may face hefty fines for failing to comply with their DSA obligations. Penalties for DSA infringements will be set by individual Member States. However, the DSA indicates a maximum fine for infringements of up to 6% of the annual global turnover of a specific intermediary service provider in the previous financial year.
What new obligations for businesses arise from the Digital Services Act
The DSA significantly changes the liability framework for online intermediaries operating in the EU and tightens the requirements against publishing illegal content. Under this regulation, the term “illegal content” is understood broadly and includes not only illegal content per se, but also information that is illegal by reference to an action, including the sale of products or the provision of services.
The DSA provides for various obligations for intermediate service providers. Among other things, these providers will be required to adapt their activities and internal procedures to the new rules. It may therefore be necessary to adapt the terms and conditions of service, fulfil reporting obligations, designate points of contact, cooperate with national authorities, carry out risk assessments, etc.
However, the DSA does not affect all providers in the same way – the extent of the obligations depends on the type and scale of the business. Determining which obligations are incumbent on an intermediary first requires the identification of the category of services provided.
The DSA also provides for additional transparency for advertisements displayed on the interfaces of online platforms and search engines, for example, with requirements to label them unambiguously.
What services are governed by the DSA
The DSA applies to all indirect services which, as defined in the DSA, include:
- A “mere conduit” service consisting of the transmission in a communication network of information provided by a recipient of the service, or the provision of access to a communication network
- A “caching” service consisting of the transmission in a communication network of information provided by a recipient of the service, involving the automatic, intermediate and temporary storage of that information, performed for the sole purpose of streamlining the information’s onward transmission to other recipients at their request
- A “hosting” service consisting of the storage of information provided by, and at the request of, a recipient of the service.
In view of the above, intermediary services cover a wide range of online business activities, e.g. domain name registries, cloud computing services, online trading platforms, app shops, etc.
Different categories of intermediaries
As mentioned above, the scope of DSA obligations depends primarily on the category to which a specific intermediary belongs. The DSA imposes additional obligations on, inter alia, online platforms which, as defined in the regulation, mean a hosting service that, at the request of a recipient of the service, stores and disseminates information to the public.
The largest scope of obligations has been imposed on very large online platforms and search engines. These additional obligations relate in particular to systemic risk management and include, for example, risk analysis and assessment, application of risk mitigation measures, submission to an independent audit. The category of very large platforms or search engines includes entities where the number of active recipients, calculated as an average over a six-month period, reaches a significant share of the EU population, with a significant share being currently understood as 45 million people, representing 10% of the EU population.
If you are wondering how to adapt your business to the new regulations and what obligations will be imposed on your company, please contact us for advice and assistance.