ARTICLE
10 June 2024

Digital Services Act: Need For Action Or Business As Usual For Swiss Companies?

BK
Bär & Karrer

Contributor

Bär & Karrer is a renowned Swiss law firm with more than 170 lawyers in Zurich, Geneva, Lugano and Zug. Our core business is advising our clients on innovative and complex transactions and representing them in litigation, arbitration and regulatory proceedings. Our clients range from multinational corporations to private individuals in Switzerland and around the world.
The Digital Services Act ("DSA") that entered into full effect in February 2024 affects companies in Switzerland who offer their services to persons in the EU and who are considered online intermediaries...
Switzerland Corporate/Commercial Law

The Digital Services Act ("DSA") that entered into full effect in February 2024 affects companies in Switzerland who offer their services to persons in the EU and who are considered online intermediaries (or offer "intermediary services"). Online platforms, shops, search engines, and social media, hosting providers and cloud providers are all considered online intermediaries (or "intermediary services"). Consequently, Swiss companies are subject to increased due diligence and transparency obligations. This Briefing provides an overview of the DSA, focusing on what an intermediary service is, what new obligations apply, and what the sanctions regime is. In particular, this Briefing highlights when Swiss providers are affected by the DSA and provides a checklist for Swiss companies tackling the new requirements.

What is an 'intermediary service'?

The notion 'intermediary services' is defined in a broader sense under the DSA and includes the following service categories:

  1. 'mere conduit' is a service that passes information between a sender and recipient over a communication network or facilitates access to that network. Examples are Internet Exchange Points (e.g., DE-CIX), Internet Service Providers (e.g., T-Mobile), local wireless networks, DNS services, top-level domain name providers (e.g., Verisign), Voice over IP and direct messaging services (e.g., Skype, WhatsApp), and VPNs.
  2. 'caching' services consist in the transmission of information provided by a recipient of the service and essentially involves the automatic, intermediate, and temporary storage of that information to make the onward transmission of the information more efficient. Examples are Content Delivery Networks (e.g., Azure CDN, Cloudflare, etc.) or content adaption proxies (such as Oxylabs, Smartproxy, etc.).
  3. 'hosting' services entail the storage of information provided by, and at the request of, a recipient. Examples are social networks (such as Instagram, Snapchat, Twitter, YouTube, Facebook, TikTok, LinkedIn, etc.), online marketplaces (such as eBay, Amazon, Alibaba, Walmart, etc.), cloud service providers(e.g., Google, AWS, or Microsoft) as well as app stores (e.g., Google Play, App Store, etc.) and any other form of online platforms (e.g., game distributors, online travel and accommodation websites, some online games, etc.).

When are Swiss providers affected by the DSA?

Similarly to the GDPR, the DSA can also apply to companies domiciled outside of the EU and therefore, can be relevant for Swiss companies if they offer services to users located in the EU.

The following factors, among others, could indicate whether a service is considered to be offered in the EU: the offer is made in EU languages (i.e., not just languages spoken in Switzerland, but for example, also in Spanish or Swedish), the prices are in Euros, deliveries are made available in EU countries, or the app is available in the app store of an EU member state. However, the mere fact that a website is also available in the EU, does not in itself mean that the DSA applies.

What are the new obligations under the DSA?

The obligations under the DSA are classified into four categories

Very large online platforms (category 4) must fulfill more extensive obligations compared to other online platforms. Conversely, micro or small enterprises (i.e., companies with less than 50 employees and less than 10 million in annual turnover) are partially exempt from certain obligations.

In any case, online intermediaries still do not have an obligation to actively monitor and take down illegal content.

CATEGORY 1

This category comprises general obligations applicable to all online intermediaries, such as:

  • Appointment of a point of contact for authorities and users (not necessarily in the EU, but easily contactable).
  • Appointment of a legal representative in the EU for providers who do not have an establishment in the EU. This person can theoretically be directly fined for any misconduct of the company it is representing under the DSA.
  • Transparency in the General Terms and Conditions ("GTC"), especially regarding any restrictions on the information provided by the users as well with processes for dealing with illegal content ("content moderation").
  • Annual publication of transparency reports on content moderation.

CATEGORY 2

This category includes obligations for hosting providers (incl. online platforms), e.g.:

  • Establishment of a notice and action mechanisms for illegal content.
  • Provision of reasons to affected users for certain restrictions on their content or use of the hosting services (e.g., suspension of the user's account) imposed because of illegal content.
  • Notification of law enforcement or judicial authorities regarding potential criminal offences involving a threat to life or safety.

The liability of hosting providers is limited to the illegal content of which the hosting provider has actual knowledge.

CATEGORY 3

This category comprises additional obligations for online platforms, such as:

  • Establishment of a user-friendly internal complainthandling system to allow users to lodge complaints against decisions of the provider regarding illegal content affecting the users.
  • Option for the users to refer to an independent non-judicial body of their choice against decisions of online platforms (out-of-court dispute settlement).
  • Transparency obligations for advertising on online platforms, in particular advertisements must be clearly recognisable as such, and the online platforms must provide the parameters that led to the display of a particular personalised advertisement. It is forbidden to display advertisements based on sensitive personal data.
  • Transparency when using a recommender system (e.g., "You may also like these products..."). This includes providing information about the parameters and terms and conditions of using recommender systems.
  • Additional protection obligations for online platforms which are accessible to minors.

CATEGORY 4

The last category comprehends obligations for very large platforms designated by the EU Commission, i.e., those that reach more than 45 million users in the EU per month (e.g., Alibaba, Amazon Store, Google Shopping, Instagram, Pinterest, Zalando, TikTok, etc.). Those obligations are for example, additional risk assessments duties, extensive transparency obligations, etc.

What is the sanction regime?

The fines under the DSA can amount to max. 6% of the annual worldwide turnover of the affected company.

Need for action or business as usual?

Yes, Swiss providers who offer their services as online intermediaries in the EU and who are not classified as micro or small enterprises need to take action. The following checklist provides an overview of the initial steps Swiss companies should take to deal with the DSA:

  1. Check whether the company offers services in the EU and if so, qualify the offered intermediary services according to the DSA.
  2. Identify the relevant obligations (for the identified category) and gaps that need to be closed.
  3. Appoint a point of contact and a legal representative in the EU, define and implement the process for dealing with illegal content, examine and adapt the general terms and conditions, and define roles and responsibilities within the company.
  4. Implement further obligations if applicable, and carry out regular reviews to ensure that internal processes are compliant with the DSA.

What are Switzerland's plans?

Last year, the Swiss government reacted to the developments in the EU legal framework and mandated the Federal Council (Bundesrat) to propose potential necessary legal amendments to implement laws similar to the DSA in Switzerland. The Federal Council then mandated the Federal Department of the Environment, Transport, Energy and Communications (DETEC) to draft a bill that is to be submitted for consultation by March 2024. This period has been extended and it is yet to be seen how and to what extent Switzerland will implement legislation similar to the DSA.

To view the full article click here

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.

Mondaq uses cookies on this website. By using our website you agree to our use of cookies as set out in our Privacy Policy.

Learn More