Introduced in December 2020 by the European Commission, the EU Digital Services Act (DSA) is a new European law that seeks to establish broad legal rules for digital services operating in the EU, including social media platforms, online marketplaces, and search engines. The aim of the DSA is to make online platforms more accountable for the content they host and to strengthen user rights and protections. More specifically, the DSA’s objectives are to effectively combat illegal activities, reinforce the fundamental rights of individuals, and improve the free movement of services within the EU. This is done so by introducing stringent legal obligations on online platforms, granting control power to the European Commission pertaining to very large media platforms, and the introduction of severe penalties.
The DSA will be directly applicable across the EU from 17 February 2024 and will have an extraterritorial reach, thus applying to any company that offers digital services to customers in the EU, including those based abroad.
What are the key aspects of the DSA?
One of the key aspects of the DSA is the requirement for digital services providers to take greater responsibility for the content that they post on their platforms, whether in a B2B (business to business) or in a B2C (business to consumer) setting, thereby extending the protection to companies as well. All internet platforms are deemed digital services for purposes of the DSA. The obligations introduced by the new law include removing illegal content promptly and making sure that the platform’s terms of service and community guidelines are clear and transparent. As a reminder, digital services include a large category of online services, from simple websites to internet infrastructure services and online platforms.
Under the DSA, providers of digital services will also be required to implement measures to combat online disinformation and to protect individual fundamental rights such as freedom of expression and the right to privacy. Providers without a physical presence in the EU will be required to appoint a legal representative within the EU and to establish a system for dealing with complaints from EU users and authorities.
The DSA also introduces specific additional obligations for very large online platforms and very large online search engines, i.e., “online platforms and online search engines which have a number of average monthly active recipients of the service in the (European) Union equal to or higher than 45 million 1 .”
Thus, the DSA specifically takes an approach allowing tackling contemporary issues linked with the cyberspace. The transparency reporting obligations for providers of online platforms, laid down by Article 24 of the DSA, require online platforms to provide transparency reports that include information on the number of disputes submitted to dispute settlement bodies, outcomes of dispute settlement procedures, the median time for completing the procedures, and the number of suspensions for manifestly illegal content, unfounded notices and complaints.
Providers of online platforms are also required to publish information on the average monthly active users of the platform for the previous six months, and to provide this information to the Digital Services Coordinator and the European Commission upon request. The European Commission may adopt implementing acts to specify the form and content of these reports.
Furthermore, Article 25 of the DSA prohibits online platform providers from designing, operating, or organizing their online interfaces in a way that deceives or manipulates users or otherwise impairs their ability to make free and informed decisions.
Finally, Article 28 of the DSA requires providers of online platforms that are accessible to minors to implement appropriate measures to ensure a high level of privacy, safety, and security for such minors. Providers are also prohibited from presenting advertisements on their interface using personal data of the recipient of the service when they know or have reasonable certainty that the recipient is a minor. Compliance with these obligations does not require providers to process additional personal data to assess whether the recipient is a minor. The European Commission may issue guidelines to help providers comply with the requirements of this article.
Specific obligations for providers of online marketplaces
In addition, the DSA introduces specific legal obligations for providers of online marketplaces.
First, such providers must know their business customer (KYC). Indeed, Article 30 of the DSA outlines regulations that online platform providers must follow when allowing traders to offer products or services to consumers in the European Union. Before allowing traders to use their services, platform providers must obtain and assess certain information about the trader, such as their contact details and identification documents. Traders are responsible for providing accurate information. Platform providers must also promptly request that traders update their information if it is found to be inaccurate. If a platform provider suspends a trader’s service, the trader has the right to file a complaint. The platform provider must securely store the information obtained and disclose it only as required by law. Finally, the provider must make certain information about the trader available to consumers in a clear and easily accessible manner on the platform.
Secondly, providers of online marketplaces must respect the principle of compliance by design. Article 31 of the DSA outlines regulations which require providers of such platforms to ensure that their online interface allows traders to comply with their obligations under EU law, such as providing pre-contractual information, compliance and product safety information. Specifically, the provider must ensure that traders can provide clear identification of their products or services, as well as any necessary labeling and marking in compliance with EU law. Additionally, providers must make best efforts to verify that traders have provided accurate information before allowing them to offer products or services on the platform, and must also make reasonable efforts to randomly check for illegal products or services.
Finally, providers of online marketplaces must respect the consumers’ right to information. Specifically, Article 32 of the DSA requires said providers to inform consumers who purchased illegal products or services through their services, of the fact that the product or service is illegal, the identity of the trader, and any relevant means of redress. This obligation is limited to purchases made within six months preceding the moment the provider became aware of the illegality. If the provider does not have contact details of all concerned consumers, they must make the information publicly available on their online interface.
What comes next?
Online platforms operating in the EU will have obligation to publish their number of active users by February 17, 2023. This information is to be published in a publicly available section of their online interface and must be updated at least once every six months. If the platform or the search engine has more than 45 million users (10% of the population in Europe), the European Commission will designate the service as a “very large online platform or a very large online search engine”. These services will have 4 months starting from the date of their designation as a “very large online platform or a very large online search engine” to comply with the obligations of the DSA, which includes carrying out and providing the European Commission with their first annual risk assessment. Among other things, when such platforms recommend content, users will be able to modify the criteria used, and choose not to receive personalized recommendations, and shall publish their terms and conditions in the official languages of all the Member States in which they offer their services.
EU Member States will have to appoint Digital Services Coordinators (DSC) by February 17, 2024. The DSC will be the national authority responsible for ensuring coordination at the national level, as well as contributing to the effective and consistent application and enforcement of the DSA. February 17, 2024 is also the date starting which all regulated entities will have to comply with all the DSA rules.
Why is this important for U.S.-based companies?
The EU Digital Services Act will be important for U.S.-based companies because it will affect any digital service that operates in the EU, regardless of where the company is based. Similar to the GDPR, the DSA has an extraterritorial reach, which means that any company that offers digital services to customers in the EU, such as social media platforms, online marketplaces, and search engines, will need to comply with the new rules and regulations set out in the DSA.
Among other things, the DSA will require foreign companies to review and update their policies and procedures to ensure that they meet the requirements of the new law. For example, they will need to establish a legal representative within the EU, establish a system for handling user complaints, and ensure that their terms of service and community guidelines are clear and transparent.
Any company, including foreign entities, that does not comply with the DSA could face significant fines and penalties, going up to 6 % of the annual worldwide revenue of the preceding financial year.
Conclusion
The DSA is a significant step towards regulating the digital economy in the EU and ensuring that online platforms are accountable for the content they host, regardless of whether they are based in the EU or not. It is also a recognition of the growing influence of digital services and the need for a coordinated approach to regulation. This law is likely to have a significant impact on the digital economy in the EU and beyond, and U.S.-based companies doing business in the EU must therefore prepare themselves for the extensive new upcoming legal obligations.
At the Law Office of S. Grynwajc, PLLC, we are admitted as lawyers both in Europe and in North America (United States and Canada) and have a particular expertise in internet and privacy law. Should you wish to ensure that your company complies with all of its legal obligations in Europe, do not hesitate to contact us, we will be happy to assist you in your effort.
1 DSA, article 33 (1).
