The Digital Services Act (DSA) was finally adopted on 19 October 2022 and published on 27 October 2022. The following provides an overview of this important piece of European legislation.
Who is affected?
B2B and B2C providers of digital intermediary services (intermediaries) who provide users/recipients with access to goods, services and content. In particular, providers of
(a) mere conduit services (Art. 3 lit. g sublit. i), such as internet exchange points, wireless access points, virtual private networks and DNS services;
(b) caching services (Art. 3 lit. g sublit. ii), such as content delivery networks, reverse proxies and content adaptation proxies;
(c) hosting services (Art. 3 lit. g sublit. iii), such as cloud computing and web hosting;
(d) online platforms (Art. 3 lit. i), such as social networks and online marketplaces; and
(e) online search engines (Art. 3 lit. j).
The most comprehensive and at the same time strictest requirements apply to very large online platforms (VLOPs) and very large online search engines (VLOSEs) with at least 45 million average monthly active users/recipients within the EU.
The DSA affects such providers if they have (a) an establishment within the EU or (b) otherwise a so-called substantial connection to the EU (Art. 3 lit. e). Such substantial connection is inter alia given, when the respective provider has a significant number of users/recipients in one or more EU Member States in relation to their population or targets activities in one or more EU Member States. Indicators can be language, currency, top level domain of an EU Member State or the delivery of products/services to the EU. In contrast, the mere accessibility of a website alone does not suffice.
Certain exemptions will apply to small companies and micro enterprises (Art. 19 and 29).
What is the DSA about?
The DSA is one of the flagship projects of the European Commission. It aims to set an EU-wide uniform regulatory standard for digital intermediary services in the European Single Market in order to adapt it to the current and future state of digitization. To this end, it aims to provide a safe digital environment free from illegal content, to enhance transparency and accountability and strengthen the protection of consumers and fundamental European rights.
From when must the DSA’s rules be observed?
The DSA enters into force on 16 November 2022 and will essentially apply from 17 February 2024 (Art. 93 para. 2). However, some of its rules applicable to specific service providers must be obeyed earlier. In particular:
- Providers of online platforms and online search engines must publish information for each online platform / online search engine comprising the average monthly active users/recipients within in the EU until 17 February 2023 and every six months thereafter (Art. 24 para. 2), and provide such information to the Digital Services Coordinator (DSC) upon request (Art. 24 para. 3).
- Providers of VLOPs and VLOSEs must obey the rules specifically applicable to them four months after their designation as such by the European Commission (Art. 92).
What are the key aspects of the DSA?
The DSA contains a multitude of new rules and follows a tiered regulatory system. All digital intermediary services are subject to basic duties, which are then supplemented by further special duties depending on the classification of the respective digital intermediary service. Such new rules include:
|Liability privileges (safe harbor principles) largely similar to the current European e-Commerce Directive.
||Art. 4 to 8
|The duty to designate a single point of contact for competent authorities and users/recipients and to publish its contact details.
|| Art. 11 and 12
|For providers without an establishment in the EU, the appointment of a legal representative within the EU.
|| Art. 13
|The duty to remove illegal content swiftly and efficiently upon the order of a court or administrative body.
|| Art. 9
|Formal content moderation requirements and procedures, provisions on notice-and-action mechanisms, internal complaint-handling procedures regarding adverse decisions towards users/recipients and to establish an out-of-court dispute settlement body.
|| Art. 16, 17, 20 and 21
|Various transparency duties, inter alia including the duty to provide transparent information on restrictions affecting the provision of information, such as content moderation, recommender system transparency and new rules on transparency reporting.
|| Art. 14, 15, 24, 27 and 42
|Enhanced protection of minors, including the ban of profiling-based ads.
|| Art. 28
|For B2C online marketplaces, the duty to collect and verify data of their traders (KYBC).
|| Art. 30
|Prohibition of dark patterns and requirements for compliance by design.
|| Art. 25 and 31
|Prohibition of profiling-based ads using sensitive data (e.g. health-related data).
|| Art. 26 para. 3
|Possibility for users/recipients to claim compensation for damages caused by infringements of the DSA.
|| Art. 54
What is the supervision structure?
Which powers do competent authorities have?
The DSA aims to optimize cross-border communication and coordination between the competent authorities of the EU Member States. Each EU Member State must appoint a so-called Digital Service Coordinator (DSC)
to monitor and enforce compliance with the DSA until 17 February 2024. The competent authority for VLOPs and VLOSEs
is primarily the European Commission.
The competent authorities have extensive rights of access, to obtain information, to inspect, to order and to sanction providers of digital intermediary services (Art. 51, 67 to 69). Infringements of the DSA can potentially be subject to sanctions/fines of up to 6% of the worldwide turnover of the preceding financial year
(Art. 52 para. 3 and Art. 74 para. 1).