The Digital Services Act (DSA), applies to all services provided by digital intermediaries that are offered in the European Union. The more these services influence the content of the transmitted information and the larger the providers, the more obligations apply. The majority of the DSA is expected to apply from 1 January 2024 at the earliest with additional obligations on Very Large Online Platforms (VLOPs) and Very Large Online Search Engines (VLOSEs) applying four months from their designation as such.
The DSA applies to digital intermediaries of all kinds, and so, in principle, to all services provided via the internet. This particularly and intentionally affects hosting providers, including all platforms that store content on behalf of users (for example, content created or services offered) and make it available on demand, covering social networks and online marketplaces. Third party traders selling on online marketplaces are also affected because the online marketplaces must obtain specified information from the traders (as we explain here).
There is, however, an important exception to the scope of application: if the storage and distribution of user-generated content is only an insignificant accessory to a service, then the law does not apply. The non-binding recitals, for example, mention discussion forums of newspapers. This is because the journalistic content is the primary service, but it is unclear where the borderline lies. Whether, for example, a chat function in games on the internet is essential or insignificant, will certainly occupy the competent authorities and courts in the coming years.
Finally, during the trilogues, search engines were brought within the scope of the law. However, search engines within the scope of the DSA are not only those that are controlled by the browser: search engines are supposed to be all digital services that allow the search of web pages for search terms without regard to the kind of input. This would also apply to search functions built into proprietary operating systems of smart phones or smart TVs, for example. Such a company might even be considered a VLOSE and face additional obligations if it is likely to have more than 45 million devices in circulation in the EU on which the search function can be used.
Conduit networks are also in scope. These are services that merely forward network communications that the user has supplied or accesses from the communications network. However, these types of services are subject to relatively few requirements, and, in practice, their regulation under the DSA will light touch.
The same is likely to apply to caching services. These are services that automatically, immediately and temporarily store information entered by the user in order to make forwarding to other users more efficient. Content delivery networks are particularly relevant here.
The Digital Services Act aims to create a safe space for a digital single market in the EU. Accordingly, all relevant intermediaries which offer services in the EU are covered by the law. To this end, it is first necessary that the service is accessible from a Member State of the Union. Then the service provider must have a substantial connection to the European Union. This is the case if an establishment is maintained in the European Union. However, it is also assumed if one of two factual criteria applies: firstly, if a substantial part of the population of one or more Member States uses the service or, secondly, if the service is directed towards one or more Member States.
Of the latter two criteria, the targeting of the service to one or more Member States is likely to be the one that is easiest to establish: targeting would take place, for example, if a service is operated in an app store, under a top-level domain or in a language that is attributable to a Member State. The language of the advertising and the language of the support are also important indications that a service is directed towards a Member State. In addition, according to the explanatory memorandum accompanying the DSA, the delivery area of goods, the orientation of advertisements and the topics dealt with are also likely to be relevant.
However, the first criterion, namely use of the service by a significant proportion of the population of a Member State, seems somewhat unclear. It is even possible that a service provider might enter the scope of the law unnoticed. Of course, the lower the threshold, the more likely this would be the case. In competition law, for example, a significant market share is assumed to be around 30-40%; however, if the threshold is set at 10% of the population of a Member State in the context of the DSA (in analogy to the regulations concerning VLOPs), 52,000 users in Malta, for example, would be sufficient. Because of the obligations arising from the application of the Digital Markets Act, (see article here), service providers need to keep track of how many users they have in the EU.
The DSA supplements existing law. For example, the eCommerce Directive and the transposition law based on it are not affected. Where more specific EU Regulations, Directives or implementing laws apply, they will take precedence. In particular, the entire area of copyright law, data protection law, parts of consumer protection and product safety and criminal law take precedence. But there are other legal instruments which can also take precedence and the boundaries are not clear, particularly as the service itself will have to determine whether another legal instrument addresses a relevant issue (through regulation or intentional absence thereof) and therefore, the extent to which the DSA applies in that case.
The DSA is expected to cover the most important information society services. In particular, social networks, online marketplaces and search engines. However, it may also catch other services which are not necessarily intended to fall within scope. Providers of all digital intermediary services should therefore track developments on the DSA, including the way it is interpreted by regulators and the courts.
Gregor Schmid and Philipp Koehler highlight the key elements of the incoming EU Digital Services Act.
1 of 9 Insights
Adam Rendle looks at the differences and similarities in the approach of the EU and UK to online safety under incoming legislation.
2 of 9 Insights
Johanna Götz looks at the DSA's approach to online intermediary responsibility for illegal content.
4 of 9 Insights
Alexander Schmalenberger looks at the main obligations on intermediaries (other than those relating to illegal content).
5 of 9 Insights
Maarten Rijks and Annemijn Schipper look at the impact of the DSA on targeted advertising and the use of dark patterns and recommender systems.
6 of 9 Insights
Sasun Sepoyan and Otto Sleeking look at the impact of Article 24c of the DSA.
7 of 9 Insights
Elisa-Marlen Eschborn looks at the Member State enforcement provisions of the DSA.
8 of 9 Insights
9 of 9 Insights