In view of the applicability of the Digital Services Act (DSA) as of 17 February 2024 and its extensive new obligations, there is not a lot of time for affected service providers to diligently identify gaps, prepare and take the necessary and appropriate measures to ensure compliance. As we all know, time flies by. Such time pressure on implementing the DSA’s requirements does not solely affect providers of intermediary services, but also the individual EU Member States, particularly because the DSA also provides a considerable need for implementing the required new regulatory supervision and enforcement structures, which must be completed by 16 February 2024 (Art. 49 para. 3 DSA).
Inter alia, this concerns the establishment and appointment of the so-called Digital Services Coordinator (DSC) within each EU Member State (Art. 49 et seq. DSA). This in turn is also relevant for affected service providers, because the DSC is the key regulatory domestic contact for them in connection with the DSA. Apart from that, the EU also has some homework to do, such as setting up the necessary structures for the DSA’s regulatory information sharing system (Art. 85 DSA) and the European Board for Digital Services (Art. 61 et seq. DSA) as well as drawing up guidelines inter alia concerning (a) the framework conditions of trusted flaggers (Art. 22 para. 8 DSA), (b) online interfaces (Art. 25 para. 3 DSA), (c) the protection of minors (Art. 28 para. 4 DSA) and (d) specific systemic risks in connection with VLOPs and VLOSEs (Art. 35 para. 3 DSA).
Overview on the allocation of the DSA’s competences
The tasks of monitoring and enforcing compliance with the DSA are in principle the responsibility of each EU Member State (Art. 56 para. 1 DSA). To this end, each EU Member State must establish an appropriate regulatory structure, consisting of the DSC and (if desired) further competent authorities (Art. 49 DSA). However, as always, there are exceptions to this principle, so that the allocation of competences is basically as illustrated in the table below.
| DSA rules |
Addressees |
Competent institution(s) |
| Art. 33 bis 43 |
Providers of VLOPs and VLOSEs |
The European Commission (Art. 56 para. 2 DSA) |
| All provisions, except for Art. 33 to 43 |
Providers of VLOPs and VLOSEs |
- Primarily the European Commission (Art. 56 para. 3 DSA)
- To the extent that the European Commission has not initiated proceedings, the EU Member state, where the service provider is established (Art. 56 para. 4 DSA)
|
| All provisions that do not solely address providers of VLOPs and VLOSEs |
Providers of intermediary services, except for providers of VLOPs and VLOSEs |
The EU Member State, where the service provider is established (Art. 56 para. 1 DSA) |
| All provisions |
Providers of intermediary services without an establishment in the EU but with a legal representative in the EU |
The EU Member State, where the legal representative resides or is established, or the European Commission (Art. 56 para. 5 DSA) |
| Providers of intermediary services without an establishment in the EU and without a legal representative in the EU |
All EU Member States or the European Commission (Art. 56 para. 7 DSA) |
The institution of the DSC in general
The DSC is basically the DSA’s regulatory face within each EU Member State being responsible for all matters relating to the DSA’s supervision and enforcement within the respective EU Member State, unless the EU Member State assigns certain specific tasks or sectors comprised by the DSA to other designated domestic authorities, which each EU Member State may do in its free discretion (Art. 49 para. 1 and 2 DSA). Regardless of whether one or more competent authorities are designated by the respective EU Member State, the DSC remains responsible for ensuring the coordination of DSA matters at national level and for contributing to the effective and consistent supervision and enforcement of the DSA throughout the EU (Art. 49 para. 2 DSA). Overall, the DSC has a key role as (a) a point of contact for service providers and recipients as well as (b) an interface to competent authorities in other EU Member States and at EU level within the DSA’s regulatory framework.
The DSC must be an autonomous and independent body, which is able and possesses appropriate technical, financial and human resources to fulfil its assigned tasks in an impartial, transparent and timely manner (Art. 50 para. 1 DSA).
For the supervision and enforcement of the DSA, the DSCs will be vested with several powers, such as:
- The power of investigation (Art. 51 para. 1 DSA), including (a) the right to information vis-à-vis service providers and persons working for them, (b) the right to carry out on-premise inspections as well as (c) the right to request explanations vis-à-vis the service provider’s personnel or representatives and to record answers obtained, subject to consent.
- The power of enforcement (Art. 51 para. 2 DSA), including (a) the power to accept commitments from service providers in relation to the DSA’s compliance and to make such commitments legally binding, (b) the power to order the cessation of infringements and to impose proportionate remedies, (c) the power to impose fines or periodic penalty payments in accordance with Art. 52 DSA as well as (d) the power to adopt interim measures to avoid risks of serious harm.
Apart from that, the DSC will also be in charge of several other tasks, such as certifying and supervising out-of-court dispute settlement bodies (Art. 21 para. 3 DSA), awarding, suspending and revoking the status of trusted flaggers (Art. 22 DSA), being the desk for recipients’ complaints (Art. 53 DSA) as well as drawing up and publishing annual reports on its activities, including the number of complaints received, an overview on the follow-ups, the number of orders pursuant to Art. 9 and 10 DSA and the effects given to them (Art. 55 DSA).
Further, the DSC will have a key role with respect to the DSA’s transparency obligations that apply as of 17 February 2023. In particular, the DSC (aside from the European Commission) will be the one authorized to request information on the average monthly active recipients in the EU (AMARs) from providers of online platforms and online search engines (Art. 24 para. 3 DSA). More information on the DSA’s publication and reporting requirements pursuant to Art. 24 para. 2 and 3 DSA can be found in our separate article here.
Current state of DSC developments in Germany
So far, the German Federal Government is keeping quite a low profile on who it wants to appoint as the DSC. In parallel or even due to this current restraint, a controversial discussion about the appropriate institution is already in full swing. Whereas, some believe that a new authority should be shaped and established, others argue that an existing authority should be designated. Among the advocates of an existing authority, there are some who believe that a combination of several existing authorities would be the most appropriate solution for Germany. Which particular constellation the German Federal Government favours is currently unclear. At the moment, there is only certainty that (a) the German Federal Ministry of Digital and Transport is responsible for the designation process of the DSC and (b) the German Federal Government plans to present the chosen DSC through a draft law, which is expected sometime in the first quarter of 2023. To this end, the German Federal Ministry of Digital and Transport has inter alia obtained an expert opinion by the University of Regensburg dated 18 October 2022 concerning the DSC’s requirement of autonomy.
The expert opinion as well as a statement of the Federal German Government dated 31 January 2023 somewhat provide the impression that the German Federal Network Agency is in the pole position for DSC in comparison to other German federal authorities, such as the German Federal Ministry of Justice or the German Federal Cartel Office. In particular, the expert opinion focusses on the aspect if the German Federal Network Agency’s structure and design are sufficiently autonomous and independent. Identified issues in this context are that the German Federal Network Agency is subject to instructions from higher-level authorities, especially concerning technical, legal and internal supervision. However, according to the expert opinion, such issues are overall manageable and – in principle – do not preclude a (theoretical) appointment of the German Federal Network Agency as the DSC for Germany.
Apart from that, the expert opinion also addresses the additional complexity that the DSA affects law areas that (a) on the one hand fall into the sphere of competence of the German Federation and (b) on the other hand into the sphere of competence of the German Federal States. In principle, it lays out two potential approaches: Either the German Federal States transfer their affected competences to the German Federation in order to enable a German federal institution (such as the German Federal Network Agency) to fulfil the tasks required by the DSA. Or such tasks are divided in accordance with the respective sphere of competences, whereby as a result the DSC must be composed of (a) a German federal authority (such as the German Federal Network Agency) and (b) German federal state authorities (such as the German Federal State Media Institutions). Especially, the latter approach raises the question if the DSC must by all means be a single authority or if it can also be composed of several authorities. According to Art. 49 para. 2 and Rec. 110 DSA, it is clearly indicated that a single authority is supposed to be appointed as the DSC. Apart from the DSA’s clear wording, such understanding is also supported by the DSA’s aim that the DSC is supposed to be a single point of contact for the European Commission, the European Board for Digital Services and the authorities of other EU Member States. In this context, it is also noteworthy that the European Commission recently stressed vis-à-vis the EU Member States how important it is to improve coordination within each EU Member State and to preserve the independence and confidentiality of all relevant authorities during consultation.
In any case, the DSA allows the EU Member States to designate several competent authorities aside from the DSC (Art. 49 para. 1 and 2 DSA). Hence, it could be an option for the German Federation to solely appoint the German Federal Network Agency as the DSC, whereby certain German federal state authorities could be responsible for the supervision and enforcement of specific areas of the DSA. In such scenario, it must be ensured that the respective tasks of such German federal state authorities and the DSC are clearly defined, separated and demarcated. Otherwise, such structure would not be in line with Art. 49 para. 2 DSA. Further, this would highly likely create additional issues regarding the mix of competences of the German Federation and the German Federal States, which is forbidden in accordance with case law of the German Federal Administrative Court.
As mentioned above, there are also discussions about shaping a new authority as the DSC. The advantage of this approach is that such authority could be accurately tailored to the role of the DSC. In particular, the new authority could be structured as an autonomous authority established with the required competences, so that legal risks and uncertainties with respect to the DSA’s requirements will be minimized. However, the disadvantage is that such approach will be very likely more expensive, time-consuming and elaborate in comparison to using and building on existing regulatory structures and their already existing know-how. In this context, installing a new authority might ultimately be already impracticable, considering the short amount of time to appoint the DSC until 16 February 2024 at the latest.
Altogether, there are many ongoing controversial discussions about the appointment of the DSC in Germany, without any clear message by the German Federal Government yet which journey Germany is taking. Apart from that, it seems that the DSC’s role is quite popular. At the moment, various authorities are clamouring such role by emphasizing their existing long-term experience with the supervision of digital services. There is also light at the end of the tunnel, as the German Federal Government announced a draft law to appoint and empower the DSC, which is expected to be presented sometime in the first quarter of 2023.
Current state of regulatory developments in the EU
Preparations are underway not only in Germany and other EU Members States but also at EU level. For example, this involves the following:
ECAT
For its role as competent authority and supervisor of VLOPs and VLOSEs, the European Commission works on establishing the European Centre for Algorithmic Transparency (ECAT). The ECAT is intended to support the European Commission by providing scientific and technical expertise. In this context, the ECAT will be responsible to analyse transparency, assess potential risks as well as propose new transparent approaches and best practices, including the following topics:
- Algorithmic transparency
- Recommender systems, information retrieval and online search engines
- Fairness, accountability and transparency
- Ethical, economic, legal and social impacts
- Risk assessment and risk mitigation measures
- Fundamental rights
According to the European Commission, the ECAT will be fully operational in the first quarter of 2023.
Delegated regulation on supervisory fees
Further, the European Commission has presented a draft delegated regulation regarding the methodologies and procedures of supervisory fees charged by the European Commission vis-à-vis providers of VLOPs and VLOSEs (Art. 43 DSA). In accordance with Art. 43 para. 5 lit. c DSA, the draft regulation stipulates that the supervisory fees do not exceed the maximum overall limit equal to 0.05% of the worldwide profits of the respective VLOP or VLOSE in the preceding financial year. Further, it lays out a detailed methodology and procedure for determining the estimated costs and calculating the individual fees. Recently, on 19 January 2023, the public feedback period for the draft delegated regulation was closed. It is currently planned that such delegated regulation comes into force in May 2023.
Q&A document on the identification and calculation of AMARs
On 1 February 2023, the European Commission services published a Q&A document that is supposed to help providers of online platforms and online search engines with their identification and calculation of the average monthly active recipients in the EU (AMARs) (Art. 24 para. 2 and 3 DSA). In particular, this is positive progress, because the obligation to publish and report the number of AMARs is subject to many questions by service providers, while such obligation already applies as of 17 February 2023. More information on this topic can be found in our separate article here.
Conclusion and outlook
There is still a considerable need for preparation and implementation, when it comes to the DSA’s supervision and enforcement structures. While some efforts are already underway, several other relevant aspects on the regulatory side still seem to be at the very beginning or subject to measures envisaged at a later point in time. For instance, there seems to be no substantial progress concerning most possible guidelines by the European Commission. This is especially not ideal, as some guidelines are of considerable importance for affected service providers in order to better understand the occasionally very broad and vague wording of the DSA. Overall, we recommend to keep the upcoming regulatory developments in close view. It will be very interesting to see how things will further develop.
