Digital Services Act
Status: In force
- Since 1 November 2022
EU Regulation introducing a single set of rules regulating compliance obligations for providers of online intermediary services to create a safer and more transparent digital space. Designed to protect the fundamental rights of EU citizens in the online world and to foster innovation, growth, and competitiveness within the single market.
Applies to all online intermediary services from mere conduit services (e.g. VPN), caching services (e.g. proxy servers), to online search engines and hosting services (e.g. file storage). This includes online platforms which disseminate third-party information to the public and online market places on which consumers can enter into transactions with traders.
- The DSA creates a layered set of obligations tailored to different categories of digital services, with the most stringent set of rules applying to the largest online platforms and search engines.
- Based on the liability regime of the e-Commerce-Directive, the DSA establishes rules for the liabilitiy of online intermediaries from illegal content and sets out a framework for conditional liability exemptions.
- A bifurcated enforcement system allows for significant fines and penalties while relying on cross-border and inter-institutional cooperation between public authorities.
Obligations for digital services
- A set of baseline obligations apply to all online intermediaries and require, for example, the designation of single points of contacts for authorities and users, annual transparency reporting and clear terms and conditions.
- Increased obligations for online platforms connecting customers with goods, services and content require providers to implement a notice and action mechanism, to adopt adequate measures to combat the dissemination of illegal content online and to increase the transparency of their platforms for users.
- Additional specific obligations apply for online marketplaces and aim at ensuring traceability of traders and safeguarding users’ rights.
- The most stringent rules apply to designated online platforms and search engines with more than 45 million monthly active users in the Union (VLOP and VLOSE). They need, inter alia, to identify and mitigate systemic risks stemming from their services, to grant researchers access to internal data and to implement further transparency obligations.
- Plethora of new obligations create high compliance efforts for businesses providing digital services and potentially require restructuring internal compliance structures.
- Very broad scope of intermediary services, but layered application of obligations requires careful scoping for each service.
- Little guidance on scope of obligations leaves significant leeway when implementing the DSA but also means uncertainty for businesses.
- Interplay with other European and national acts in similar areas of law is yet to be determined, potentially creating overlaps and conflicts with rules on copyright, media freedom, data protection, audio-visual media regulation, consumer protection, telecommunication, or national acts on content moderation.
- Cross-border and inter-institutional enforcement system may lead to overlapping competencies and varying implementation measures, increasing complexity and compliance risks for businesses.