The EU Digital Services Act – Overview of Key Obligations

Introduction

As digital platforms, such as e-commerce sites, social media networks, and digital applications continue to shape commerce, information, and communication in Europe, the need for regulatory clarity and a coordinated approach has become increasingly vital. Introduced in December 2020 by the European Commission and officially entering into force in November 2022, the EU Digital Services Act (DSA) aims to create a uniform regulatory framework for digital services across the EU. By establishing clear standards, the DSA enhances user safety, promotes transparency and accountability, and fosters a fair digital marketplace.

1. Scope and Obligations of the DSA

The DSA governs information society services, which are provided electronically at request, in exchange for payment, with a particular emphasis on those that provide intermediary services. It is applicable to all such services offered to users in the EU, regardless of where the service provider is physically located or incorporated. Therefore, the DSA applies to any company offering digital services in the European Economic Area, including those based outside the EU.

Taking an innovative approach, the DSA classifies intermediary services and imposes progressive obligations based on the type and size of the service provider. This classification ensures a tailored regulatory approach while maintaining overarching standards.

2. General Obligations

The DSA imposes general obligations on all providers of “intermediary services”.

Intermediary services consist of those that provide network infrastructure and operate as mere conduits (for example telecommunications services), caching services (for example Amazon CloudFront), or hosting services (for example Amazon Web Services). The providers of such services (“Intermediaries”) are subject to obligations, including but not limited to the following:

• Annual Transparency Reports: Providers must publish annual reports detailing their content moderation efforts.
• Communication Channels: Providers must establish two designated points of contact: one for engagement with EU member state authorities, the European Commission and the European Board for Digital Services, and another for direct interaction with
• Terms and Conditions: Providers must present their terms and conditions in clear, intelligible language that is accessible and user-friendly. They are also required to promptly inform users of any amendments. These terms must provide users with clear information about their rights, including the ability to contest platform decisions, and detail how their data will be used.

3. Specific Obligations

(a) Hosting Services

These services enable the storage and accessibility of online content, and in accordance with the DSA, they include all online platforms and marketplaces. In addition to the general obligations above, hosting services must also meet the following requirements, among others:

• Notice and Action Regime: Providers must establish mechanisms that enable users to notify them of alleged illegal content. This is part of a legal framework that mandates intermediaries to take action against content that contravenes their own terms of service or violates the laws of an EU member state.
• Provision of Statement of Reasons: When content is removed or restricted, providers must offer a clear explanation to the affected users.
• Notification to Law Enforcement: Providers must inform relevant national law enforcement or judicial authorities of any information that raises suspicion of criminal offenses, particularly those posing a threat to the life or safety of individuals.

(b) Online Platforms

Online platforms are hosting services that facilitate user interactions or transactions. In accordance with the DSA this category includes online marketplaces and very large online platforms. Beyond the obligations above they must adhere to additional obligations such as:

• Internal Complaints Mechanism: Online platforms are required to implement an internal complaints mechanism that enables users to challenge decisions related to their access to information, services, or accounts.
• Regulatory Support and Trusted Flaggers: The regulators of Member States are required to appoint ‘trusted flaggers’ upon application, to identify content that is illegal or violates platforms’ terms of service.
• Interface Design and Accessibility: Providers must ensure that their user interfaces comply with established design and accessibility standards. They are prohibited from creating interfaces that are deceptive or manipulative, which could hinder users from making informed decisions.
• Minors’ Safety Measures: For online platforms accessible to minors, providers must ensure high levels of security and privacy, including enhanced protections, such as banning targeted advertising directed at minors.

(c) Very Large Online Platforms and Search Engines (VLOPs & VLOSEs)

Under the DSA, VLOPs and VLOSEs are defined as online platforms and online search engines with over 45 million monthly active users in the EU. Due to their vast influence, they face stricter regulations, aimed at addressing risks like illegal content and information manipulation. Once designated as VLOPs or VLOSEs by the European Commission, these platforms are subject to additional regulatory obligations, such as:

• Risk Assessment Obligations: They must conduct annual assessments of systemic risks associated with their services, including the spread of disinformation, illegal goods, and content manipulation. These assessments focus on:

• • Dissemination of illegal content
  • Impacts on fundamental rights
  • Intentional manipulation with negative effects

• Independent Audits: They must undergo annual independent audits to verify compliance with DSA obligations and allow access to their data for research purposes.

Proportional Obligations:

The DSA outlines different obligations and responsibilities for entities based on their size and activities. Micro and small companies have requirements that match their capabilities, ensuring they remain accountable without facing excessive burdens. These smaller businesses can also benefit from a 12-month exemption from certain obligations if they grow significantly. In contrast, VLOPs and VLOSEs are subject to the most demanding requirements in the DSA, due to their size and influence in the digital landscape.

4. Enforcement and Fines

The DSA establishes provisions that collectively promote transparency, accountability, and a safe online environment. By setting clear communication and reporting standards, it ensures that both users and authorities can effectively monitor and engage with digital services, fostering trust and clarity in the operations of intermediary service providers.

To enforce these standards, the DSA grants regulators in Member States the authority to ensure compliance through penalties that are effective, proportionate, and dissuasive. Intermediary service providers that fail to meet their obligations may face fines of up to 6% of their annual turnover. This enforcement mechanism reinforces accountability and ensures that platforms uphold their responsibilities under the DSA.

Conclusion

The DSA is a crucial development in the digital landscape, addressing the complexities introduced by online platforms and services. Its implementation will reshape digital services, fostering greater accountability and safety for users while impacting businesses in the EU. Aiming to create a transparent digital space, the DSA could set a global standard for digital regulation. For providers and intermediaries, understanding and integrating relevant DSA obligations is essential to ensure compliance, avoid legal breaches and potential fines, and reinforce a commitment to trust and responsibility in the digital market.