Recap
The Digital Services Act (DSA), alongside the Digital Markets Act (DMA), is part of the EU Commission’s digital strategy, aimed at reinforcing the single market for digital services and creating a more level playing field for businesses of all sizes across the EU. To this end, the DSA builds on the E-Commerce Directive, with its central provisions on the liability safe harbour for online intermediaries – which over time have been subjected to diverging case-law and application across the Member States.
The European Commission (EC) presented its vision for the comprehensive reform package in a first DSA draft on 15 December 2020. The European Parliament and the Council followed with their amendments to the draft in late-2021 and early 2022. While the texts varied significantly in their details, they all contained new and far-reaching staggered obligations for the different types of online intermediaries, and in particular:
- Very detailed requirements for content moderation, including a harmonized notice and action mechanism, internal and external redress possibilities, and special rules with respect to trusted flaggers and abusers.
- Advertising transparency: Online platforms must inform users about the commercial source of each individual ad and why it has been targeted to that individual user.
- Seller-vetting obligations for B2C online marketplaces and app stores (“know your business customer” - KYBC).
- Severe obligations relating to systemic risks for online platforms with more than 45 million monthly active users (“very large online platforms” - VLOPs), and
- A comprehensive enforcement system with new oversight bodies and severe penalties for providers who fail to comply with the new regulations.
For details on earlier drafts, you can refer to our previous articles (here, here and here).
The EU institutions discussed the drafts in their ‘trilogue’ negotiations and reached political agreement on the cornerstones of the DSA in late April 2022. After the agreed text was finalised on a technical level, it was passed by the European Parliament on 5 July 2022 with a vast majority.
Key aspects of the latest DSA draft
The consolidated DSA draft now approved by the European Parliament maintains the approach of introducing staggered obligations for different types of intermediary services as outlined above. However, it also contains notable changes over the earlier drafts which service providers will need to be aware of when preparing for compliance:
- Dark patterns: Online platforms will have to ensure that their online interfaces do not impair the ability of users to make free and informed decisions – in addition to those forms of manipulative practices that are already covered by the Unfair Commercial Practices Directive and the GDPR.
- Advertising restrictions: Online platforms shall not present advertising to users based on profiling with sensitive data (e.g. data revealing ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, genetic, biometric or health data, etc.).
- Online protection of minors: Online platforms must refrain from advertising based on profiling using data of minors. They shall also implement measures to ensure a high level of privacy, safety, and security of minors on their service.
- Monitoring obligations for B2C businesses: B2C marketplace and app store operators will have to assess whether traders have provided mandatory pre-contractual, compliance and product safety information before their listings go live, and also have to conduct “random checks” against official databases on whether products have been identified as illegal.
- Supervisory fee: Providers of online platforms and search engines with more than 45 million monthly active users in the EU (“very large online platforms” - VLOPs and“very large search engines” - VLSEs) will be charged an annual supervisory fee by the European Commission as their regulator of up to 0,05% of the provider’s worldwide annual net income.
- Accelerated timeline for big tech: The DSA will become appliable for most service providers in January 2024. For VLOPs and VLSEs, however, the implementation deadline was shortened drastically as they will be required to adhere to the DSA within four months after their respective designation by the EC. This will mean applicability for ‘big tech’ companies as early as July 2023 – which will require unprecedented compliance efforts considering that these providers will be subject to the broadest and strictest obligations under the DSA.
The changes called out above exemplify once again the ambitious approach of the DSA. The law will fundamentally change the way online intermediaries operate in the EU, not least due to the new enforcement systems which allow regulators to issue penalties and fines of up to 6% of a provider’s worldwide annual turnover for any breach of the DSA.
Outlook
With the successful conclusion of the trilogue negotiations and the adoption by the European Parliament, the DSA has passed final milestones on its way to becoming Europe’s new ‘digital constitution’.
The Council is expected to approve the draft in September 2022. The law will then be published in the official journal and enter into force shortly after.
With the new rules becoming applicable in January 2024 – or even earlier for VLOPs – time is now of the essence for all (potentially) affected service providers. Online intermediaries are well advised to review their current workflows against the new DSA obligations, and start preparing for compliance now – if they are not already busy doing so. GDPR implementation has shown that it is highly advisable to tackle compliance audits for such major reforms of regulatory regimes as early as possible. Now is the time to evaluate current workflows, perform impact assessments and gap analyses, and plan all steps necessary for future compliance.
Authored by Anthonia Ghalamkarizadeh and Florian Richter.
Our dedicated online services task force
Online services are subject to a growing number of rapidly evolving legal requirements and regulations – and substantial enforcement penalties. Our global team can help you navigate these complex frameworks to support and grow your business. We work closely with you to assess the requirements and provide practical, commercially oriented solutions in a collaborative way. We bring a cross-border and cross-practice perspective to help you adapt to the fast-changing environment and anticipate upcoming regulatory developments. And should you face an enforcement action, investigation, or litigation, our team can support you with a proper response and help ensure cross-border consistency.
