What happened?

On 15 December 2020, the European Commission published the Digital Services Act Package, which includes two significant proposals:

These proposals are expected to affect various types of providers of digital services (such as marketplaces, social media platforms, content-sharing platforms) in the European Union (the "EU") and to create a safer and more open digital space while further developing the European Single Market for digital services. The choice of a regulation that will be directly applicable in all Member States (instead of a directive) shall guarantee the implementation of uniform rights and obligations for users and providers throughout the EU and improve legal certainty. It is specified that these proposals are "Texts with EEA relevance"

The Digital Markets Act ("DMA") will impose obligations for large online platforms (e.g.online search engines, video-sharing platform services, cloud computing services) that behave as "gatekeepers", such status being more fully defined in the DMA. The DMA aims to refrain from anti-competitive and unfair practices and ensure that gatekeepers themselves act in a way that guarantees an open online environment.

The developments below focus only on the proposal for a Digital Services Act (the "DSA Proposal").

What is the context?

The Commission's DSA Proposal is part of a general trend aiming at implementing rules at EU level to further protect the consumers and (business) users in the digital space and to regulate and supervise more strictly the activities of the various providers of digital services. The DSA Proposal has a general scope and is designed to complement existing sector-specific legislation 1.

The DSA Proposal clarifies and upgrades the responsibilities and the accountability of the providers of digital services with respect to any illegal content they intermediate or disseminate without wiping out past principles. The DSA Proposal covers specifically the "providers of intermediary services" (i.e. the providers of mere conduit, caching or hosting services as defined in the DSA Proposal) which includes "online platforms" (defined as the providers of a hosting service which, at the request of a user of the service, stores and disseminates information to the public), those entities acting as intermediaries in their role of connecting consumers with goods, services and content.

The two following principles already existing under the e-Commerce Directive adopted in 2000 and introduced in Luxembourg law shall remain applicable:

  • the providers of online intermediary services would benefit from a liability exemption if they meet certain cumulative conditions set out in the DSA Proposal;
  • the providers of online intermediary services would not be subject to a general obligation to monitor the information they transmit or store or to actively seek facts or circumstances indicating illegal activity.

Moreover, the DSA Proposal clarifies that the providers of intermediary services shall not lose the benefit of liability exemptions if they carry out voluntary own-initiative investigations or other activities aimed at detecting, identifying and removing, or disabling of access to, illegal content.

Entities targeted by the DSA Proposal

The DSA Proposal would apply to all entities providing intermediary services in the EU irrespective of their place of establishment as long as the users of their services have their place of establishment or residence in the EU.

What would be the key obligations imposed by the DSA Proposal?

The DSA Proposal represents a major strengthening of the rules for the providers of online intermediary services and online platforms (the "Digital Service Providers") since the adoption of the e-Commerce Directive in 2000.

The DSA Proposal sets out several layers of obligations, which shall apply to the Digital Service Providers depending on the type of services they provide in the digital space. Therefore, basic obligations (see under (i) below) would apply to all providers of online intermediary services (e.g. Internet access providers or domain name registrars) while specific obligations would only apply to:

  • providers of hosting services (e.g. cloud and webhosting services) and online platforms (e.g. marketplaces, social media platforms, content-sharing platforms, app stores, online travel and accommodation platforms) (see under (ii) below); or
  • online platforms (see under (iii) below); or
  • very large online platforms (see under (iv) below).

It should be noted, however, that micro and small enterprises 2 would be exempted from certain obligations under the DSA Proposal.

(i) Basic obligationsapplicable to all Digital Service Providers are, for instance, the obligation to establish a single point of contact and the obligation to designate a legal representative in the EU for Digital Services Providers not established in any Member State, but offering their services in the EU.

Under the scope of the basic obligations, the Digital Service Providers would also have the obligation to clarify and highlight in their terms and conditions the existence of any restrictions having an impact on the use of their service. Restrictions may, for instance, refer to measures and tools implemented by the Digital Service Providers for the purpose of content moderation, including algorithmic decision-making and human review. The DSA Proposal also imposes transparency reporting obligations for Digital Service Providers.

In addition to the basic obligations mentioned under (i):

(ii) Providers of hosting services (including online platforms) must implement notice-and-action mechanisms to allow third parties to notify the presence of alleged illegal content. In the event of removal or disabling of such alleged illegal content provided by a user, a "statement of reasons" would have to be provided to the concerned user.

(iii) Online platforms shall put at the user's disposal internal complaint-handling systems regarding decisions they take in relation to alleged illegal content or content incompatible with their terms and conditions. These mechanisms shall be combined with the possibility for the users to engage in out-of-court dispute settlement proceedings if necessary. Online platforms shall also ensure that notices submitted by entities granted the status of "trusted flaggers" (subject to compliance with conditions set out in the DSA Proposal) will be treated with priority. Online platforms would also be subject to obligations aiming at strengthening online advertising transparency.

(iv) Very large online platforms (specifically defined in the DSA Proposal) are subject to additional obligations. Essentially this term designates online platforms, which have a significant societal and economic impact, reaching at least 45 million users in the EU representing 10% of the population. The DSA Proposal would,in particular, oblige very large online platforms to conduct risk assessments on the systemic risks stemming from the functioning and use of their services in the EU and to take proportionate and effective measures aimed at mitigating the risks identified. They would also be subject to independent audits, at least once a year.

Implementation of strengthened supervisory framework

The DSA Proposal provides that the enforcement of the DSA would be monitored at Member State level and at EU level.

Each Member State would have two months as from the date of entry into force of the DSA to establish a new independent authority referred to as a "Digital Services Coordinator" ("DSC"), whose mission will be the application and enforcement of the DSA. Users of the service would be able to lodge a complaint with the DSC of their residence or establishment in the event of an alleged breach of the DSA.

The DSC would enjoy extensive powers of investigation (such as the power to carry out on-site inspections and to interview any staff member of the provider of intermediary service) and powers of enforcement (such as the power to order the cessation of violations of the DSA and to impose remedies including fines). The DSA Proposal encourages cooperation between the DSCs of different Member States.

At EU level, the DSA Proposal provides for the establishment of the European Board for Digital Services ("Board"), an independent advisory body composed in particular of the DSCs. The Board would support the coordination of the joint investigations conducted by the DSCs, issue opinions and recommendations to the DSCs and promote the development and implementation of guidelines and reports on topics addressed by the DSA. Such tasks remind those of the European Data Protection Board set up under the General Data Protection Regulation ("GDPR"). The Board would also assist the DSCs and the Commission in the supervision of very large online platforms.

New sanctions for non-compliance

Failure to comply with the obligations of the DSA would result in penalties reaching up to 6% of the annual income or turnover of the provider concerned. Penalties for the supply of incorrect, incomplete or misleading information would lead to penalties reaching 1% of the annual income or turnover of the provider concerned.

Under specific circumstances detailed in the DSA Proposal, should persistent infringement by the Digital Service Provider occur, the DSCs would be able to request the competent judicial authority of a Member State to order the temporary restriction of access of users of the service concerned by the infringement.

What's next?

The Digital Services Act Package will be discussed by the members of the European Parliament and the Council of the EU. Given the impact on the digital sector, the DSA Proposal will certainly be highly debated and further amended (just as the GDPR in its time). We expect the legislative process to be lengthy and the final text will not be voted on for several months.


1. Such as the new Copyright Directive of 17 April 2019 (Directive (EU) 2019/790) or the Platform-to-Business Regulation of 20 June 2019 (Regulation (EU) 2019/1150). Please note that on 10 February 2021, the Luxembourg Government published draft legislation aiming at transposing the new Copyright Directive into Luxembourg law.

2. As defined in Commission Recommendation 2003/361/EC of 6 May 2003 concerning the definition of micro, small and medium-sized enterprises (OJ L 124, 20.5.2003, p. 36).