ARTICLE
4 March 2024

The Digital Services Act Is Now Fully Applicable And Enforceable

SJ
Steptoe LLP

Contributor

In more than 100 years of practice, Steptoe has earned an international reputation for vigorous representation of clients before governmental agencies, successful advocacy in litigation and arbitration, and creative and practical advice in structuring business transactions. Steptoe has more than 500 lawyers and professional staff across the US, Europe and Asia.
On February 17, 2024, Regulation (EU) 2022/2065 on a Single Market For Digital Services, known as the "Digital Services Act" or "DSA", became fully applicable to all online intermediary services providers falling within its scope.
United States Media, Telecoms, IT, Entertainment

On February 17, 2024, Regulation (EU) 2022/2065 on a Single Market For Digital Services, known as the "Digital Services Act" or "DSA", became fully applicable to all online intermediary services providers falling within its scope. The DSA has introduced a new set of obligations for online intermediary services providers to restore a level-playing field in the digital economy, and to protect users against harmful and illegal goods, services, and content online.

1. Who does the DSA apply to?

The DSA applies to Providers of Intermediary Services offering services to individuals (B2C) and/or companies (B2B) that are established or located within the EU. Pursuant to the DSA, "Intermediary Services" refers to the following information society services:

  • "a 'mere conduit' service, consisting of the transmission in a communication network of information provided by a recipient of the service, or the provision of access to a communication network;
  • "a 'caching' service, consisting of the transmission in a communication network of information provided by a recipient of the service, involving the automatic, intermediate and temporary storage of that information, performed for the sole purpose of making more efficient the information's onward transmission to other recipients upon their request"; [or]
  • "a 'hosting' service, consisting of the storage of information provided by, and at the request of, a recipient of the service."

In light of this definition, the DSA notably applies to the following categories of Providers of Intermediary Services:

  • Online platforms;
  • Online search engines;
  • Internet service providers;
  • Marketplaces;
  • Cloud computing service providers;
  • Hosting services;
  • Messaging service providers;
  • Social media platforms;
  • Content-sharing platforms;
  • App stores;
  • Online travel and accommodation platforms; etc.

The DSA applies to "intermediary services offered to recipients of the service that have their place of establishment or are located in the Union, irrespective of where the providers of those intermediary services have their place of establishment". This means that the DSA has an extraterritorial effect, and its applicability is triggered by the EU location or establishment of the recipients of the services, and not by the country where the Provider of Intermediary Services is established.

2. Which obligations does the DSA impose?

The DSA introduces a layered approach with respect to the obligation it imposes.

1430942a.jpg

It provides obligations that apply to all Providers of Intermediary Services, which include notably:

  • Obligation to implement measures to counter illegal goods, services or content online, such as transparency obligation; annual reporting obligation related to content moderation activities; cooperation with competent authorities and "trusted flaggers";
  • Obligation to designate points of contact for users and competent authorities; and in certain cases, a

On top of the obligations that apply to all Providers of Intermediary Services, Providers of Hosting Services (including online platforms) must also notably comply with the following obligations:

  • Obligation to set-up a mechanism which enables users to report illegal content;
  • Obligation to provide statement of reasons explaining the content moderation measures implemented;
  • Obligation to report suspicion of criminal offences to law enforcement authorities.

On top of the obligations that apply to all Providers of Intermediary Services and Providers of Hosting Services, Online platforms must also notably comply with the following obligations:

  • Obligation to provide an internal complaint-handling system that enables to lodge complaints regarding content moderation measures taken;
  • Transparency obligationregarding advertisements and recommender systems;
  • Ban on targeted advertising based on profiling of children or based on special categories of personal data;
  • Ban on using "dark patterns" on the interface of online platforms, referring to misleading tricks that manipulate users into choices they do not intend to make;
  • Obligation to implement measures and protection against misuse;
  • Obligation to publish every 6 months information on the number of active users in the EU.

On top of the obligations that apply to all Providers of Intermediary Services, Providers of Hosting Services and Online Platforms, Marketplaces must also notably comply with the following obligations:

  • Obligation to conduct due diligence and ensure the traceability of business usersusing the marketplace;
  • Obligation to monitor and inform consumers about illegal product and services offered on the marketplace.

In addition to the above, the DSA provides additional obligations for larger players, namely "Very Large Online Platforms" (VLOPs) and "Very Large Online Search Engines" (VLOSEs). VLOPs and VLOSEs are online platforms and online search engines which have a number of average monthly active EU users equal to or higher than 45 million, and which have been designated as such by the European Commission. The list of VLOPs and VLOSEs that have been designated by the European Commission to date is available here. In addition to the abovementioned obligations, VLOPs and VLOSEs must also notably comply with the following obligations:

  • Obligation to conduct risk assessment on systemic risks that may affect their systems and implementation of mitigation measures;
  • Obligation to commission annual audit;
  • Obligation to provide further information about their advertising system;
  • Obligation to establish a compliance function overseeing compliance with the DSA;
  • Obligation to pay annual fee to the European Commission;
  • Obligation to provide access to data to competent authorities and vetted researchers.

All organizations falling within the scope of the DSA must have complied to their respective obligations since February 17, 2024.

3. How does the DSA interplay with the Digital Markets Act?

The Digital Market Act (DMA) and DSA both regulate online platforms; however, their scope and purpose are different. The DMA regulates the economic power of larger platforms considered as "gatekeepers", namely the platforms playing a dominant role in the digital ecosystem. Therefore, contrary to the DSA, the DMA doesn't apply to all online platforms, but only to those that meet its criteria to be qualified as "gatekeeper". Further, the purpose of the DMA is to prevent such gatekeepers from engaging in unfair practices, and to create a fair and competitive economic landscape.

4. Who will supervise and monitor compliance with the DSA?

The enforcement of the DSA is shared between the European Commission and the EU Member States. The European Commission has direct enforcement powers towards VLOPs and VLOSEs; while EU Members States are responsible for the enforcement towards other Providers of Intermediary Services.

Each Member State must designate a "Digital Services Coordinator", i.e., an independent authority responsible for supervision and monitoring of compliance with the DSA. While EU Member States had until February 17 to proceed with such designation, some EU Member States have still not communicated the contact details of their Digital Services Coordinator to the European Commission. The list of designated Digital Services Coordinators is available here.

The DSA establishes the European Board for Digital Services, which will act as an independent advisory and will advise the Digital Services Coordinators and the Commission. The European Board for Digital Services will ensure the consistent application of the DSA and an effective cooperation between the Digital Services Coordinators and the European Commission.

5. What are the risks in case of non-compliance with the DSA?

Failure to comply with the DSA obligations could be sanctioned by fines up to 6 % of the annual worldwide turnover. Furthermore, the supply of incorrect, incomplete, or misleading information, failure to reply or rectify incorrect, incomplete or misleading information and failure to submit to an inspection could be sanctioned by fines of up to 1 % of the annual income or worldwide turnover.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.

Mondaq uses cookies on this website. By using our website you agree to our use of cookies as set out in our Privacy Policy.

Learn More