Authors

Dr. Gregor Schmid, LL.M. (Cambridge)

Partner

Read More

Philipp Koehler

Salary Partner

Read More
Authors

Dr. Gregor Schmid, LL.M. (Cambridge)

Partner

Read More

Philipp Koehler

Salary Partner

Read More

16 November 2023

Getting DSA-ready: 4 relevant steps in order to achieve compliance

  • In-depth analysis

The clock is ticking: In a little less than 3 months (on 17 February 2024), the comprehensive catalog of obligations under the Digital Services Act (DSA) will have to be observed by all affected service providers. In this article, we provide a suggested checklist for getting DSA-ready. It comprises basic items to get going and needs to be adapted to your organization’s individual needs. For any questions, reach out to our team.

1. Check whether the DSA applies to you

  • Is your business / service in scope of the DSA? 
  • Even if your establishment is outside of the European Union (EU), the DSA will still apply if you have a substantial connection to the EU. For instance, if you have a significant number of recipients or target activities in the EU.

 

2. Check what type of intermediary you are

  • Access provider. 
  • Caching provider. 
  • Hosting provider. 
  • Provider of an online platform. 
  • Provider of a B2C online marketplace (i.e. an online platform that allows consumers to conclude distance contracts with traders). 
  • Online search engine.

 

3. Check what types of obligations apply to you

  • This will be the core of the compliance project and depend on the type of intermediary you are. Below is a rough overview from the European Commission that needs individual adaptation, depending on the type of intermediary service you are.

 

New obligations Intermediary services

(cumulative obligations)
Hosting
services

(cumulative obligations)
Online
platforms 

(cumulative obligations)
Very large
platforms

(cumulative obligations)
Transparency reporting X X X
Requirements on terms of service due account of fundamental rights X X X X
Cooperation with national authorities following orders X X X X
Points of contact and, where necessary, legal representative X X X X
Notice and action and obligation to provide information to users   X X X
Reporting criminal offences   X X X
Complaint and redress mechanism and out of court dispute settlement     X X
Trusted flaggers     X X
Measures against abusive notices and counter-notices     X X
Special obligations for marketplaces, e.g. vetting credentials of third party suppliers ('KYBC'), compliance by design, random checks     X X
Bans on targeted adverts to children and those based on special characteristics of users     X X
Transparency of recommender systems     X X
User-facing transparency of online advertising     X X
Risk management obligations and crisis response       X
External & independent auditing, internal compliance function and public accountability       X
User choice not to have recommendations based on profiling       X
Data sharing with authorities and researchers       X
Codes of conduct       X
Crisis response cooperation       X

Quelle: European Commission

 

4. Planning your DSA implementation project

Many of the DSA’s obligations cannot be realized overnight and need time to be set up and get going within your organization. 

  • Scoping of the service. In cases where the service’s classification lies in the legal grey area, a robust and defensible assessment of the classification should be made. 
  • Gap analysis. 
  • Risk analysis. 
  • Project plan (project planning, engaging all stakeholders and defining priorities). 
  • Implementation of a DSA’s compliance structure. The DSA includes numerous requirements that have not yet existed or at least not to that extent under EU law and need proper implementation in your organization. 
  • Watch out and regularly monitor for delegated acts of the European Commission. They will eventually come and provide further clarification. 
  • Regular checks and updates with respect to the measures taken.
Call To Action Arrow Image

Latest insights in your inbox

Subscribe to newsletters on topics relevant to you.

Subscribe
Subscribe

Related Insights

Technology, media & communications

145 days DSA for VLOPs: The takeaways for smaller service providers

17 January 2024
Briefing

by multiple authors

Click here to find out more
Technology, media & communications

Requirements for online marketplaces under the EU Digital Services Act (DSA)

15 September 2023
In-depth analysis

by Philipp Koehler

Click here to find out more
Data & cyber

Overview on the Digital Services Act (DSA)

29 November 2022
In-depth analysis

by Philipp Koehler and Dr. Gregor Schmid, LL.M. (Cambridge)

Click here to find out more