The Digital Services Act – what you need to know

Organizations need to prepare for “unprecedented new standards” as the digital services act ramps up data protection and other online rights.
6 January 2023

If all goes to plan, the Digital Services Act Package will create a safer digital space for users. Image credit: Shutterstock.

You may have heard about the recent Digital Services Act (DSA) that became effective on November 16th, 2022 and will be enforced on February 7th, 2024. The DSA’s primary aim is to protect the basic rights of EU citizens online and to ensure “proper functioning of the internal market”.  It also intends to ensure protection of personal data and the freedom of information and expression for those online.

The DSA will impact businesses around the world, especially in Europe and the US. Therefore, organizations must be prepared for the establishment of these “unprecedented new standards” for online platforms.

Companies such as Google, Facebook, Twitter, and Meta will be held accountable for any harmful or illegal content on their platforms when the DSA is enforced. When in action, this new section of the EU’s data protection drive will force online platforms to share their algorithms and how they work. Processes will need to be put in place to remove illegal content and goods swiftly, as well as take necessary action against any users who spread “fake news”.

Let’s explore what the Digital Services Act may mean for you and what you will need to consider when it’s implemented.

The Digital Services Act: What Is It?

The first proposal of the DSA was brought forward on December 15, 2020. In the first announcement, the EU Commission states:

“The Commission has proposed today an ambitious reform of the digital space, a comprehensive set of new rules for all digital services, including social media, online marketplaces, and other online platforms that operate in the European Union: The Digital Services Act and the Digital Markets Act.”

The European Commission’s main goals with the DSA are:

  • To provide better protection for consumers and their fundamental rights when online.
  • To encourage growth, innovation, and competitiveness in the single market.
  • To create a strong accountability and transparency template for online platforms.

All in all, the DSA is a new legislation that will hold online platforms, including social media networks, search engines, and marketplaces accountable for patrolling site content.

Who Does It Affect?

The DSA could affect many types of businesses in several ways. For example, it could impose new obligations on online platforms to remove illegal or harmful content from their platforms, or to take measures to prevent the spread of such content. It could also establish new rules for the use of personal data by online platforms and could require platforms to be more transparent in their operations.

In the US, the DSA could have an impact on businesses that operate online platforms or provide digital services to consumers in the EU. These businesses may need to adapt their operations to comply with the new rules and regulations established by the DSA.

Companies that provide diverse services and products, such as domain name registration, online marketplaces, cloud storage hosting, and social media platforms, are all regarded to be intermediary services. Such companies will be subject to the most stringent requirements by the DSA. But, smaller, “micro” businesses (those that employ under 250 people with an annual revenue of under 50 million euros), are mostly excluded from abiding by the new DSA regulations.

Overall, the impact of the DSA on businesses in the US and the EU will depend on the specific provisions of the legislation and how they are implemented. It is important for businesses to keep abreast of developments in this area and to ensure that they are prepared to comply with any new rules and regulations that are put in place.

What Might You Need to Do?

The DSA might be confused with the DMA (Digital Markets ACT), but they differ in various ways. The DMA is enforced by the European Union only, whereas the DSA will be enforced by the European Commission and all countries, depending on the location of the company and how large it is.

Each of these countries can select an agency or agencies that will implement the DSA. They must also assign a digital services coordinator to enforce the DSA. They must also ensure cooperation within and between the European Commission, the European Board for Digital Services, and various countries.

Digital Services companies (intermediary services) have a range of obligations, including the following:

  • Transparent reporting
  • To cooperate fully with national authorities
  • Contact points, and when necessary, legal representatives
  • Terms of service requirements that consider fundamental rights

Hosting services must follow all these obligations, and “notice and action and obligation to provide information to users”. Moreover, any criminal offences must also be reported to the authorities.

Online platforms

The DSA regulations are a little more “Draconian” for online platforms. These will need to implement and adhere to the following commitments:

  • Have full transparency of recommended systems
  • Have measure sin place that are against abusive and counter notices
  • Have trusted flaggers
  • Incorporate a redress and complaint mechanism, as well as out of court settlements
  • Supply transparency of online advertising that is user-friendly

Ads targeted at children are banned and those that target certain characteristics of users are also prohibited.

For marketplaces, there are unique obligations to meet, such as verifying the credentials of third-party suppliers. Random checks will be carried out, too.

For the largest companies (Google, Facebook, Meta, etc.), they must comply will all the above obligations and be responsible for:

  • Codes of conduct
  • Risk management duties (plus crisis response)
  • Give users the choice not to have recommendations sent to them based on their characteristics or profiling
  • Independent and external auditing, public accountability, and internal compliance function

Currently, if a company violates the DSA, the maximum fine is 6% of their worldwide revenue. For repeat serious offenders, they may be banned from operating in the EU single market.