The Digital Services Act (DSA) entered into force on November 16, 2022. This new European regulation builds on the Electronic Commerce Directive to strengthen the moderation obligations of online platforms regarding illegal content, such as racism, child pornography, counterfeiting and disinformation. Among various obligations, online platforms must remove illegal content as soon as they become aware of it and comply with new transparency obligations to avoid heavy fines. For more insights, please refer to our journal article, The Proposed Digital Services Act Package - What You Need To Know.
Which companies are subject to the DSA?
Providers of intermediary services
The DSA applies to providers of intermediary services, and in particular, intermediary services consisting of "mere conduit," "caching" and/or "hosting" services. The rules specified in the DSA primarily concern online platforms and search engines. Some examples of online platforms include online marketplaces, social networks, content-sharing platforms, app stores, cloud services, and online travel and accommodation platforms, among others.
Providers having a substantial connection to the European Union
The DSA applies to all providers of intermediary services, insofar as they offer services in the EU, as evidenced by a "substantial connection" to the EU. This substantial connection exists where the provider:
- Has an establishment in the EU.
- Has a significant number of users in one or more EU member states, in relation to the population of such member state(s).
- Targets its activities toward one or more EU member states.
In practice, this means that the DSA can apply to companies established outside the EU, as long as they are targeting the EU market or a significant number of EU-based users.
What are the main milestones?
February 17, 2023
By February 17, 2023, and every six months thereafter, all but the smallest online platforms must disclose publicly on their interface information on the average monthly active recipients of their service in the EU. A specific methodology outlined in a delegated act will be published by the European Commission to help with calculating this number, which will consist of an average of recipients that have actually engaged with the service over the past six months. On this basis, the European Commission will determine which providers should be considered as "very large online platforms" (VLoPs). Following such designation, these large providers will have four months to comply with their obligations under the DSA.
To date, the delegated act has not been published, although the European Commission has published guidance on how to determine the number of users. The key takeaways of this guidance are as follows:
- To be counted as an "active recipient" of a service, it is unnecessary for the recipient to purchase a product or service through an online marketplace. Instead, it is enough for the recipient to engage with a service when they interact with and are exposed to the information in the online interface of an online platform (including illegal content). The DSA contains a nonexhaustive list of examples that constitute an "engagement" with a service - such as interacting with information by clicking on, commenting, linking, sharing, purchasing or carrying out transactions on an online platform.
- To be counted as an "active recipient" of a service, it is unnecessary for the recipient to be a registered/logged-in user of the service.
- Providers of online platforms that allow consumers to conclude distance contracts with traders must count all recipients interacting with their services, including both consumers and traders, when calculating the average monthly active recipients of their service.
February 17, 2024
The DSA will directly apply across the EU from February 17, 2024. By then, all online intermediaries subject to the DSA must comply with the new requirements - in an asymmetric way consisting of more stringent obligations:
- All providers of intermediary services are subject to the baseline DSA requirements (e.g., appointment of points of contact and representatives).
- Hosting service providers are subject to their own DSA requirements, in addition to those described above. Notably, this includes setting up a notice and action mechanism to report illegal content.
- Providers of online platforms also must comply with all DSA requirements above, as well as their own requirements. For example, providers of online platforms must establish a complaint handling system.
- VLoPs will be subject to all DSA requirements, including stricter obligations that apply specifically to them. For example, VLoPs must appoint a compliance officer.
Act before it is too late
Providers of intermediary services having a substantial connection to the EU are strongly advised to kick off their DSA compliance projects early in 2023. Although publication of the above-mentioned delegated act is pending, it is already possible to gather information as to the number of EU users to get prepared. A good understanding of the steps involved will allow providers of intermediary services to avoid fines of up to 6% of their annual global turnover.
To assess how the DSA will affect your business, please contact Patrick Van Eecke, Enrique Capdevila or Loriane Sangaré-Vayssac.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.