Blog

Digital Services Act

Digital Services Act proposal: the start of a new era in digital regulation

On 15 December, the European Commission published proposals for Regulations on the Digital Services Act (DSA) and the Digital Markets Act (DMA), with the goal to reform the digital space, creating a comprehensive set of new rules for all digital services, including social media, online market places, and other online platforms that operate in the European Union.

The proposed Regulation on a Digital Services Act aims to update the eCommerce Directive (ECD) from the year 2000 as well as introduce new binding, harmonized, EU-wide obligations which will have a significant impact on a wide range of digital services that connect consumers to goods, services and content. This blog post sheds some light on some of the main provisions of the Digital Services Act and their subsequent impact on businesses.

Which companies will be affected by the new Digital Services Act proposal?

The Digital Services Act proposal includes rules for online intermediary services. The obligations of different online players match their role, size and impact in the online ecosystem. Among the regulated groups are intermediary services offering network infrastructure (Internet access providers, domain name registrars), hosting services such as cloud and webhosting services, online platforms bringing together sellers and consumers such as online marketplaces, app stores, collaborative economy platforms and social media platforms, and very large online platforms. All online intermediaries offering their services in the EU Single Market, whether they are established in the EU or outside, will have to comply with the new rules. Micro and small companies will have obligations proportionate to their ability and size while ensuring they remain accountable.

An asymmetric approach: different obligations for different players

The Digital Services Act will introduce a series of new, harmonized EU-wide obligations for digital services, carefully graduated on the basis of those services’ size and impact. All intermediaries falling under the scope of the DSA will have obligations in terms of transparency and fundamental rights protection and would have to cooperate with national authorities. Additionally, all intermediaries not established in the EU but offering services in the Union will have to designate a legal representative in one of the Member States where the provider offers its services. The absence of general monitoring obligations, already enshrined in the ECD, will remain in place in the Digital Services Act. Additionally, the Commission has introduced a “good Samaritan” principle, under which providers of intermediary services are not excluded from liability exemptions because they carry out voluntary activities to detect and remove illegal content.

For online platforms and hosting services, the proposal includes requirements for more detailed notice & action provisions. The proposal also introduces the concept of trusted flaggers, appointed by Member States authorities, whose notices should be processed with priority. Furthermore, the proposal introduces a “Know your business customer” principle, under which platforms will be required to obtain and verify identification information from the traders prior to allowing them to use their services. Finally, transparency obligations for online advertising will require online platforms to provide their users information on the sources of the ads they see online, including on why an individual has been targeted with a specific advertisement.

Platforms that reach more than 10% of the EU’s population (45 million users) monthly in average will be considered systemic in nature and will be subject to specific obligations to control their own risks. Very large online platforms will have to conduct yearly risk analyses, they will be subject at their own expenses to annual audits, adhere to transparency obligations for recommender systems as well as comply with additional measures for online advertising transparency. Finally, very large online platforms will have to appoint one or more compliance officers responsible for monitoring their compliance with the Digital Services Act Regulation. Member States will have to lay down the rules on penalties applicable to infringements of these rules by providers of intermediary services under their jurisdiction with the maximum not exceeding 6 percent of the annual income or turnover of the intermediary service.

Strengthened enforcement & cross-border cooperation

EU countries will be required to appoint a so-called “Digital Services Coordinator” to oversee enforcement of the regulation, which will have powers in terms of investigation, enforcement (including fines) and the imposition of access restrictions. Additionally, the coordinator would have the possibility of cooperating cross-border by requesting another digital service coordinator in a country of establishment to carry out an investigation. An independent advisory group of Digital Services Coordinators named the “European Board for Digital Services” will be established, which will contribute to the guidance and consistent application of the regulation and assist the digital service coordinators. For the case of very large platforms, the Commission will have direct supervision powers and, in the most serious cases, will be able to impose fines of up to 6 percent of the global turnover of a service provider.

What implications could the Digital Services Act proposal have for businesses?

Industry stakeholders’ first impressions of the proposal are mixed, with generalized positive reactions to the extra harmonization measures, and the preservation of the ECD’s core principles. However, many raise concerns about the Act’s compatibility with other existing legislation, such as the Platform-to-Business Regulation and the Omnibus Directive, as well as the way the trusted flaggers’ concept would work in terms of transparency, an issue raised also by consumer protection groups. The inclusion of the requirement for non-EU companies to have a legal representative in the EU, while burdensome for such companies, has so far been accepted positively by European players as it would ensure a level playing field within the Single Market. Relating to the fines, the issue has been raised that the threat of significant fines for non-compliance might lead to preventive removal of content which might otherwise be considered legal, putting companies in the uncomfortable position of risking fines under the Digital Services Act or being criticised for violating freedom of expression by censorship.

Another example of businesses that would be impacted by the new rules are information society services offering a wide range of services such as search engines, cloud services and other platforms. Those businesses generally welcome the fact that the core foundations of the e-Commerce Directive are maintained, i.e. limited liability, no general monitoring obligations and the maintenance of the country of origin principle. However, there will be extra obligations for ‘very large online platforms’, having more than 45 million users across the Union. These platforms will have to provide regulators and outside groups with greater access to internal data, and appoint independent auditors who will determine if these firms are compliant with the new rules. The biggest tech companies will also be forced to provide greater transparency on online advertisements. These extra obligations will require additional resources and also raise a question about the legislative coherence between the Digital Services Act on the one hand, and provisions in for instance the recently published European Democracy Action Plan on the other. As the Action Plan foresees platforms to take actions against disinformation, it is worrying that the concept of disinformation might include not only illegal but also harmful content, a concept which has not been included in the Digital Services Act.

Finally, there have been concerns among Big Tech companies that the criteria for identifying very large platforms need to be clearer and more inclusive, with several accusing the Commission in selection bias. Furthermore, the Digital Services Act is likely to have significant consequences for gig economy companies, such as well-known travel accommodation websites, as the extra requirements against illegal content and the provision of information on users would allow local authorities to require the removal of unregistered properties and receive information on hosts with outstanding tax obligations. City authorities in big European cities such as Amsterdam, Berlin and Paris, had adopted rules against said platforms and the Digital Services Act would allow them to enforce them.

What to expect next in the legislative process?

After the publication of the Digital Services Act and Digital Markets Act proposals, they will be the subject of long and likely arduous discussions in the Council of the EU and in the European Parliament. As confirmed by the upcoming Portuguese Presidency of the Council of the EU, the Digital Services Act will be discussed in the Internal Market Working Party, falling within the remit of the Competition Council formation. Work on the proposals in the Council is expected to start in the first week of January, as the Digital Services Act and the Digital Markets Act will be key files for the Portuguese Presidency. In the European Parliament, there is strong internal competition over which committee would take the file, with Internal Market Committee (IMCO) Chair Anna Cavazzini (Greens/EFA, Germany) arguing that both proposals should be assigned to her committee, while other MEPs call for shared competencies between the Internal Market, Legal Affairs and Civil Liberties committees for the DSA, and the Economic and Monetary Affairs Committee taking over the DMA.

In terms of the time frame for adopting the DSA, France has announced a highly ambitious plan to conclude the negotiations for both proposals during its Presidency of the Council of the EU in the first half of 2022. The Commission shares this objective for the co-decision process to be finalised in a year and a half, however, it is useful to remember that other recent and major files, such as the General Data Protection Regulation and the Copyright Reform, took respectively 5 and 2.5 years to be adopted.

Dr2 Consultants closely monitors the developments on this file for its clients. If you would like to know more about the proposal, and how it might impact your business, please contact Dr2 Consultants.

Visit our Digital & Tech webpage to learn more about our services.

You might also be interested in:

Data Governance Act: main elements and business implications

Tax initiatives on the digitalisation of the economy and their implications for businesses