- about us
you are being redirected to the website of our parent company, Schönherr Rechtsanwälte GmbH
The Digital Services Act ("DSA")1 was published in the Official Journal of the European Union on 27 October 2022.2 This means that the Act, targeting numerous online services, will enter into force only 20 days later, on 16 November 2022.
As part of the European Commissions' digital strategy3 for the EU, the DSA aims to transform the internet into a safer space for users in Europe. Its focus is on protecting the fundamental rights of users and tackling illegal content and misinformation in the context of digital services. By creating extensive obligations for providers of digital services regarding, e.g. targeted advertisements, content moderation, transparency for terms and conditions, internal "complaint-handling systems" and the like, websites and online platforms are to become more transparent.
The DSA targets many online services, ranging from websites to online/internet infrastructure services and online platforms.
Pursuant to Art 2, the DSA applies to all information society services (or "intermediary services") offered to recipients that are established or located in the EU, irrespective of where the service provider is established. Intermediary service means (i) a mere conduit service, providing access to or transmitting information in a communication network, (ii) a caching service, transmitting information in a communication network also involving the temporary storage of that information, and (iii) a hosting service, consisting of the storage of information provided by a user (or "recipient") of the service.
This means that the DSA applies not only to internet access providers, but also to cloud and webhosting services, search engines, online platforms such as social media platforms, online marketplaces, app stores and collaborative economy platforms, among others. All those services, whether established in the EU or not, will have to comply with the DSAs' regulations.
SMEs will benefit from numerous provisions adapted to their respective size and capabilities, without reducing their accountability under the DSA.4 Likewise, there will be specific provisions which provide for additional obligations for very large online platforms ("VLOP") or online search engines ("VLOSE") (i.e. platforms or search engines with an average of at least 45 million active users per month).5
The DSA explicitly states that intermediary services have no obligation to monitor all the information they transmit or store "to seek facts or circumstances indicating illegal activity".6 This means that the widely discussed obligation to implement upload filters did not make it into the final text of the DSA.
Other things that affect all intermediaries include:
Additional obligations for online platforms
For online platforms allowing consumers to conclude distance contracts with traders, the following additional obligations apply:
Pursuant to Art 49 DSA, Member States must designate the authorities responsible for supervising the intermediaries and enforcing the DSA, as well as a Digital Services Coordinator responsible for coordination at a national level. Notably, the Commission itself will be the administrative body responsible for supervising and enforcing the DSA vis-à-vis VLOPs and VLOSEs to prevent a "bottleneck" effect in DSA enforcement due to inadequately staffed or funded national authorities.10
The penalties following an infringement of the DSA are quite harsh and can amount to up to 6 % of the annual worldwide turnover achieved by the intermediary in the preceding financial year. This means that fines are even higher than under the GDPR (4 % of worldwide turnover).
After being published in the Official Journal of the European Union, the DSA will enter into force by 16 November 2022 and will be effective only 15 months later by 17 February 2024.
However, certain obligations for VLOPs and VLOSEs will apply as early as 16 November 2022. These are, among others, the reporting obligation on the number of monthly users, the Commission's competence to adopt delegated acts to designate online platforms or search engines as VLOPs or VLOSEs, to lay down rules for the performance of audits and to establish the technical conditions for data access.
Considering the extensive internal changes (organisational, technical and procedural) required for intermediaries to comply with the DSA's regulations and the severe fines, intermediaries should waste no time in setting the necessary requirements for DSA compliance.
1 Regulation (EU) 2022/2065 of the European Parliament and of the Council of 19 October 2022 on a Single Market For Digital Services and amending Directive 2000/31/EC (Digital Services Act).
2 https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=OJ:L:2022:277:TOC (accessed on 27 October 2022).
3 For more information on the digital strategy see https://www.schoenherr.eu/content/the-european-data-act/; https://digital-strategy.ec.europa.eu/en.
4 See Art 29 DSA.
5 See Art 33 DSA et seq.
6 See Art 8 DSA.
7 See Art 11 – 16 DSA.
8 See Art 22: The status "trusted flagger" may be awarded upon application by the Digital Services Coordinator of the applicant's Member State.
9 See Art 9 (1) GDPR: This means data on racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data, health data or data concerning a natural person's sex life or sexual orientation.
10 See Art 56 DSA.
author: Florian Terharen