The Digital Services Act – what you need to know

Regulation (EU) 2022/2065, better known as the Digital Services Act (DSA) has begun to enter into force across the European Union (EU) as of August this year. The DSA is a regulation in EU law amending the Electronic Commerce Directive 2000 regarding illegal content, transparent advertising and disinformation. The DSA imposes obligations on all service providers deemed to be an intermediary service provider (ISP) operating within the EU. The aim of the DSA is to create a safer online experience for digital users.

Intermediary Service Providers 

The DSA covers a broad spectrum of online services provided by ISPs. They are categorised into the following groups:

• "Catching" and "mere conduit" services, like internet access providers;
• "Hosting" services, involves storing information provided by and at the request of the service recipient;
• "Online platforms", a subset of hosting services that also distribute information to the public, including social media and online marketplaces; and
• "Very large online platforms and search engines" (VLOPs and VLOSEs), referring to online platforms with an average monthly user base of at least 45 million in the EU.

Obligations imposed by the DSA

The DSA imposes a diverse set of obligations that correspond to the size and impact of various online services. Some of the most prominent obligations are outlined below.

VLOPs and VLOSEs

VLOPs and VLOSEs must conduct comprehensive periodic risk assessments related to illegal content dissemination and potential negative impacts on minors, civil discourse, gender violence, mental health and electoral discourse. VLOPs and VLOSEs must establish corresponding risk mitigation measures and adhere to auditing requirements.

The DSA also introduces a crisis response mechanism which allows for ongoing analysis of the impact of the activities of VLOPs and VLOSEs on a given 'crisis', and decide on proportionate and effective measures to ensure the respect of fundamental rights. This is of particular note in light of the Russian military invasion of Ukraine and widespread violations of human rights and manipulation of online information.

Google, Microsoft and Meta are included in the 17 VLOPs and 2 VLOSEs that have been designated as such within the EU, each of these services were required to be fully compliant with the full set of DSA obligations by 25 August 2023.

Ban on Certain Targeted Adverts

The DSA prohibits adverts targeted at children or those that use special categories of personal data, such as sexual orientation, ethnicity and political views.

Action Against Illegal Content and Transparency Measures

All services must respond to requests to address illegal content on their platforms and inform users of their actions. Additionally, they must update their terms and conditions to reflect content moderation practices and public transparency reports regarding content moderation.

ISPs must also make public the algorithms that they utilise for recommendations.  

Hosting Services

Hosting services must establish "notice and action" mechanisms to allow users to report illegal content and ensure timely responses.

Online Marketplaces

Online marketplaces are required to perform "Know Your Business Customer" checks and inform consumers if illegal products or services have been sold on their platform.

Online Platforms

Online platforms must implement an effective internal complaints handling system and adopt measures to safeguard the privacy, safety and security of minors.

Timelines

As stated above, VLOPs and VLOSEs were required to be fully compliant with the DSA by 25 August 2023. The DSA applies to other ISPs from 17 February 2024.

Summary

The DSA represents a significant shift in the regulatory landscape. These companies will need to adapt to these changes, which could involve significant operational and strategic challenges. However, the DSA also presents opportunities for these companies to demonstrate their commitment to creating a safer and more open digital space. While most of the attention in regards to the impact of the DSA has been directed towards platforms like Google, Meta and WhatsApp, it is important to note the DSA will extend its reach to encompass all ISPs within the EU. Accordingly, it is vital that businesses with a digital presence within the EU determine whether they are within the scope of the DSA, and if so, ensure they are complaint with their obligations under the Act before 17 February 2024.

Impact on ISPs

ISPs who do not comply with the DSA could face a complete ban in the EU or fines of up to 6% of its global revenue.

Service providers should carry out an evaluation as to whether their services fall within the DSA's scope. Where services are interlinked, a process would need to be developed to determine where the necessary distinction of obligations that a provider must comply with and calculation of monthly active users.

Service providers should examine their terms and conditions to ensure same are in compliance with the DSA. Additionally, they need to consider whether their internal systems are complaint with the DSA and if not, what changes must be made to ensure compliance. 

About Ogier

Ogier is a professional services firm with the knowledge and expertise to handle the most demanding and complex transactions and provide expert, efficient and cost-effective services to all our clients. We regularly win awards for the quality of our client service, our work and our people.

Disclaimer

This client briefing has been prepared for clients and professional associates of Ogier. The information and expressions of opinion which it contains are not intended to be a comprehensive study or to provide legal advice and should not be treated as a substitute for specific advice concerning individual situations.

Regulatory information can be found under Legal Notice