The Digital Services Act (DSA) was approved by the European Parliament today (July 5th, 2022). It is one of the EU’s flagship projects for the digital world – also referred to as a “constitution for the internet”. What does the regulation stipulate? When will it come into force? Which impact will it have on tech companies and start-ups? The attorneys Philipp Koehler (Salary Partner) and Dr. Gregor Schmid (Partner) of the international law firm Taylor Wessing provide the first answers.
The Digital Services Act (DSA) – EU-wide rules for digital intermediary services
The legislative process for the DSA, a flagship project of the current European Commission to promote the EU’s digital single market, is approaching its conclusion. The final version was approved by the European Parliament today.
By introducing the DSA, the European legislator is attempting to provide, for the first time, a uniform European response for dealing with illegal content, disinformation and other developments considered as a risk in new, innovative digital business models.
Providers of digital intermediary services (intermediaries), such as social networks, online marketplaces, but also online search engines, should no longer be confronted with different national regulations of EU member states in the future. Instead, the DSA establishes a largely harmonised EU standard as to the conditions under which they can offer their digital services in the EU. Users and consumers are also meant to be protected by the new uniform EU rules.
In addition, the DSA allows authorities to impose significant fines of up to 6 % of the annual turnover. Being a regulation, the DSA will apply directly in all EU member states. Most of the DSA rules will presumably apply from January 1st, 2024. Rules for very large online platforms and very large online search engines (with more than 45 million active users within the EU) may apply earlier, namely four months after the European Commission has appropriately qualified the respective online platform or online search engine as such.
What is the aim of the DSA and what impact does it have on existing national legislation of the EU member states, such as the German Network Enforcement Act (NetzDG)?
Philipp Koehler: „As envisaged by the European legislator, the DSA aims to create uniform EU rules for digital intermediaries, for example social networks and online marketplaces. Thus, national stand-alone approaches, such as the NetzDG in Germany, are aimed to be barred. One the one hand, this has the potential to make things easier for companies in EU-wide dealings with illegal content as well as due diligence, transparency and reporting obligations. On the other hand, the European legislator expects an increase in legal certainty.“
Strengthening the European digital single market, innovation and consumer protection
The EU-uniform regulations of the DSA are intended to promote free, cross-border competition within the digital economy as part of the European single market and create a basis for innovation and interoperability, but simultaneously they introduce significant new requirements. At the same time, consumer protection and European fundamental rights are supposed to be strengthened.
To this end, the DSA provides for a tiered regulatory system, which determines the scope of the applicable obligations depending on the type and classification of the service provider (for instance, host provider, online platform or very large online platform). The most extensive and at the same time strictest obligations apply to very large online platforms and very large online search engines with more than 45 million active users within the EU. The DSA contains numerous new due diligence, transparency and reporting obligations for service providers.
Core aspects of DSA include:
- Duty to remove illegal content quickly and efficiently.
- Liability privileges (safe harbour principles).
- Mechanisms and formal requirements for reporting illegal content and handling user/recipient complaints, including the provision of an internal complaint management system.
- Measures for the protection of minors.
- B2C online marketplaces must, among other things, collect and verify traders’ data (KYBC) and take measures to prevent illegal content.
- Prohibition of “dark patterns” and requirements for “compliance by design”.
- Ban of personalised advertising to minors.
- Duties for very large online platforms and very large online search engines in crisis situations (war, epidemics etc.).
- Service providers from countries without an establishment in the EU must designate a contact person in the EU.
- Possibility for users/recipients to claim compensation for damages.
In order not to place a disproportionate burden on smaller companies with fewer than 50 employees and less than 10 million euros in annual turnover, the DSA also contains some exemptions for them, for example with respect to reporting obligations.
In particular, what do digital intermediary service providers need to prepare for?
Dr. Gregor Schmid and Philipp Koehler: „The DSA partially redefines the framework conditions for the European digital single market. It is obvious that the DSA is likely to trigger a considerable need for adaptation and effort on the part of service providers in many respects. For example, with regard to the design and procedures for adverse decisions vis-à-vis users/recipients, regular reports on issued administrative/court orders, notifications and their handling, shaping offers or advertisements in order to avoid so-called ‘dark patterns’, inadmissible ‘profiling’ of minors and the verification of traders. In this context, it will be important to deal with the new rules of the DSA early on in order to thoroughly prepare for them.“
Are there any concessions for small businesses, such as start-ups?
Philipp Koehler: „In order not to place a disproportionate burden on smaller companies in coping with the new requirements, the DSA contains some exemptions for them. This applies, for example, to several transparency and reporting obligations, to the provision of a complaint management system and the involvement of out-of-court dispute settlement bodies. Whether this will lead to sufficient relief may be questioned.“
Are there also critical voices? What legal uncertainties are there?
Dr. Gregor Schmid: „In view of the abundance of new regulations, it is not surprising that there are also critical voices. Whereas the European legislator was frequently accused of not taking decisive action with regard to digitization and the internet, the pendulum is now swinging in the opposite direction. The DSA pursues the ambitious goal of integrating some very different regulatory areas – such as liability, point-of-contact regulations, general terms and conditions, protection of minors as well as transparency and reporting obligations – into a uniform framework. At the same time, several special laws remain in place, so that a number of interpretation issues are to be expected. Even if the focus is on the very large online platforms, the ‘cost of doing business’ is likely to increase noticeably for most providers of digital services.“
Philipp Koehler: „As with other European laws, a number of open questions unfortunately remain. As with the GDPR, for example, we will need to be patient until these questions are clarified by the courts. Until then, however, measures are conceivable to prevent risks and minimise them.“
The DSA provides for extensive new regulations, but at the same time leaves a number of special laws unaffected, so that a number of open questions of interpretation are to be expected. In order to be able to plan ahead diligently, companies should analyse the effects of the DSA on their digital activities in due time.
