Test your DSA compliance HERE: https://form.jotform.com/240393993151056.
Regulation (EU) 2022/2065 of the European Parliament and of the Council of 19 October 2022 on a Single Market for Digital Services and amending Directive 2000/31/EC (Digital Services Act or DSA) governs the obligations of digital services functioning as intermediaries when offering consumer access to goods, services, and content, encompassing online marketplaces and similar entities. It aims to strengthen user protection and fundamental online rights, creating a comprehensive transparency and accountability framework for online platforms, and establishing a unified regulatory environment across the EU.
I. Scope of Application | Intermediary service providers & Online Platforms
Mere conduit services
Service that consists of the transmission in a communication network of information provided by a user of a service, or the provision of access to a communication network (e.g. internet service providers, direct messaging and email services, virtual private networks, DNS providers).
Hosting services
Service that consists of the storage of information provided by, and at the request of, a recipient of the service (e.g. cloud service providers, web-hosting).
II. VLOPs and VLSEs (Very large Online Platforms and Search Engines)
Online platforms search engines with at least 45 million monthly active users in EU, which are designated as very large online platforms or very large online search engines (e.g. Facebook, Booking.com, Amazon, Wikipedia)
Online platforms
Hosting services that store and disseminate information to the public, at the request of its users (e.g. social media, marketplaces, app stores, online travel providers, content-sharing websites)
Caching services
Service that transmits information provided by a user across a communication network, involving automatically, intermediately and temporarily storing of information exclusively for a more efficient information transfer (e.g. content distribution networks, content adaptation and other proxies).
2.1. Obligations for Intermediary Services Providers
Intermediary services defined by the DSA include a ‘mere conduit’ service, caching service and hosting services, defined before. The obligations applicable to the all providers of intermediary services under the DSA will include the following:
- Points of Contact & Representatives
- Transparency reports
- Cooperation regarding orders
- Terms & Conditions
2.2. Obligations for Hosting services providers
Besides obligations provided in the previous slide, hosting services providers must set up systems enabling third parties to report suspected illegal content.
Reporting of criminal activity
If a hosting service provider suspects that information on their platform indicates a potential, ongoing, or past criminal threat to someone’s life or safety, they must immediately report it to law enforcement or judicial officials.
Notice & action mechanism
Hosting services providers shall put mechanisms in place to allow any individual or entity to notify them of the presence on their service of specific items of information that the individual or entity considers to be illegal content.
Statement of reasons
Upon removing or restricting access to content, hosting service providers must notify the user about all actions taken and related reasons through a statement of reasons.
2.3. Obligations forOnline Platforms providers
DSA clarifies that services limited to closed, specific-user groups and micro or small enterprises will not be considered online platforms. Besides obligations provided in the previous slides, under the DSA, Online platforms shall have the obligations related to:
- Internal complaint-handling system
- Out-of-court dispute settlement
- Trusted flaggers
- Measures and protection against misuse
- Transparency reports
- Online interface design and functionality
- Online advertising
- Cooperation regarding orders
- Online protection of minors
2.4. Obligations for VLSEs and VLOPs
Providers of very large search engines and online platforms shall comply with a set of further requirements in addition to the obligations outlined in the previous slides. In brief, some of these requirements include:
- Risk management
- Crisis response mechanism
- Independent audit
- Not profile-based recommendations
- Stringent transparency obligations
- Data sharing obligations
- Independent compliance officer
Competent authorities and Digital Services Coordinators (DSCs)
Each EU state is required to appoint one or more authorities to oversee its application and enforcement and one specific authority as the Digital Services Coordinator. This coordinator is tasked with managing all aspects of the regulation’s application and enforcement within their Member State, except for any specific tasks or sectors assigned to other authorities.
In Romania, the implementation of the Digital Services Act (DSA) law is underway, with ANCOM proposed as the digital services coordinator. ANCOM’s role includes supervising and enforcing the regulation, acting as the primary contact for its application, and liaising with the European Commission and coordinators in other Member States. Additionally, ANCOM will join the European Digital Services Committee, assisting in investigations, opinion formation, and guideline development.
Enforcement & Penalties | ISP, online platforms and VLOPs & VLSEs
- European Board for Digital Services (EBDS)
EBDS is an independent advisory group of DS, has been established to oversee intermediary service providers and DSCs. It will also coordinate and contribute to the Commission’s guidance and analysis on emerging issues in the internal market, as well as assisting in supervising large online platforms.
- European Commission
The Commission coordinates the EBDS which facilitates enforcement of the DSA by national authorities. Commission has expansive investigatory and enforcement powers over online platforms to ensure compliance with DSA obligations and can directly impose fines to such.
- Fines up to 6% of the world-wide annual turnover
For DSA breaches, penalties can reach up to 6% of the global turnover of the involved intermediate service provider in the previous fiscal year. In certain cases (such as not providing accurate, complete, and truthful information, or not complying with inspection requirements) fines may not exceed 1% of the global turnover, but this shall be further confirmed by the national legislation.
How can STRATULAT ALBULESCU assist with DSA compliance?
- Initial DSA scope assessment;
- DSA internal Audit & GAP Analysis;
- Drafting & implementation of DSA policies and procedures;
- Internal Staff Trainings;
- Compliance checklists and timeline;
- Review of T&Cs, policies and vendor contracts;
- Hands-on review of ads practices and dark patterns;
- Other compliance actions and requirement (SoR, N&A, etc).
For any further information on this, please contact our DSA specialists Elena Stan (Managing Associate) and David Negru (Associate).
