The Digital Services Act: A Brief Overview of the New Obligations for Intermediaries

Almost two years after the first proposal for a regulation was introduced, on November 16, 2022, Regulation (EU) No. 2022/2065 (more widely known as the Digital Services Act, “DSA”) entered into force. Providers have a 15-month grace period to comply with the provisions set forth in the DSA.

However, the first important deadline is already looming: providers have until February 17, 2023, to communicate to the EU Commission their numbers of active monthly users. On the verge of designation of Very Large Online Platforms (“VLOPs”) and Very Large Online Search Engines (“VLOSEs”), businesses are expected to speed up internal procedures to comply with the many obligations of the DSA.

The DSA is specifically targeted to intermediaries, i.e., mere conduit services, caching services, hosting services, online platforms, and online search engines. The DSA leaves the exemption of liability provided in Directive EC 2000/31 (the “Directive”) largely untouched and codifies what is informally known as the “good Samaritan provision.” Article 7 provides that intermediaries shall not lose the exemption from liability if they, in good faith and with due diligence, voluntarily conduct investigations to detect and take action against illegal content on their platforms. This provision appears to be an attempt to strike a balance between the current neutrality of intermediaries and the need to combat illegal content.

The DSA is designed to provide obligations that expand in proportion to the services provided by an intermediary. In addition to the general obligations applicable to all intermediaries (such as the obligation to designate points of contact with EU authorities and users), the DSA provides obligations applicable to hosting providers and online platforms. These include:

  • A notice and action mechanism facilitated by intermediaries.
  • The obligation to provide a clear and comprehensive statement of reasons when intermediaries impose restrictions on recipients.
  • The obligation to notify in case of suspicion of criminal offenses.

For providers of online platforms, the DSA establishes that:

  • Providers have to provide users with a user-friendly internal complaint system.
  • Users have an opportunity for redress with a certified out-of-court settlement body.
  • Providers must create a priority reporting channel for certified trusted flaggers.
  • Providers can take steps against misuse of the internal complaint system, provided that a recipient receives a warning before being suspended.
  • Providers have increased transparency reporting obligations.
  • Online platforms shall have a clear and non-deceptive interface design.
  • Providers have to ensure that users can readily and easily identify online advertisements.

The DSA also includes obligations geared toward safeguarding consumers who enter into contracts with traders through online platforms, ensuring that the providers have sufficient information about traders before allowing them to offer goods and services on their platforms.

In addition, VLOPs and VLOSEs designated as such by the EU Commission will have a shorter four-month grace period to comply with the DSA. VLOPs and VLOSEs are intermediaries that provide their services to more than 45 million monthly users in the EU alone. VLOPs and VLOSEs are subject to obligations in addition to the obligations set forth in the previous sections. These include the obligation to conduct a risk assessment, the obligation to appoint an independent compliance officer, the obligation to have an annual independent audit, and the obligation to abide by even more stringent transparency requirements.

To ensure compliance with the obligations set forth in the DSA, the regulation mandates that each Member State shall designate an authority to supervise implementation of and compliance with the DSA, as well as designating a Digital Service Coordinator.

The Digital Service Coordinator will be granted wide-ranging investigative powers. Compliance with DSA provisions is ensured via an enforcement mechanism that includes monetary penalties and fines for non-compliance of up to 6% of the provider’s worldwide turnover, as well as daily penalties for ongoing breaches of the DSA of up to 5% of the provider’s average daily worldwide turnover.

Follow us on