The European Commission confirmed on April 23, 2022, that the European Parliament and Council have reached political agreement the Digital Services Act (DSA) first published in December 2020. Morgan Lewis previously reported on the publication of the DSA.
The European Commission stated, “The DSA sets out an unprecedented new standard for the accountability of online platforms regarding illegal and harmful content. It will provide better protection for internet users and their fundamental rights, as well as define a single set of rules in the internal market, helping smaller platforms to scale up.”
The DSA applies to (i) online intermediary services such as internet providers, (ii) hosted service providers, and (iii) online platform providers such as online marketplaces, app stores, and social media platforms. It applies to such entities that offer their services within the European Union, regardless of whether they are established inside or outside the European Union.
The obligations of the DSA increase depending on the size of the organization, but the fundamental principles of transparency and accountability will apply to all organizations under the scope of the DSA. The European Union has adopted this approach to ensure that small to medium-size businesses are not adversely affected by costs of compliance.
As businesses grow and are required to comply with more of the DSA’s obligations, they will be allowed a 12-month grace period in order to achieve compliance.
Some key provisions in the DSA are as follows:
- Measures to counter illegal goods, services, or content online, including an ability for users to flag such content
- Transparency requirements, including in relation to algorithms used to recommend content or products
- A requirement for very large platforms to undertake independent audits of risk management systems
- Bans on targeted advertisements to children and those based on special characteristics of users
- Rights for users to challenge a platform’s content moderation decisions and seek redress, either via an out-of-court dispute mechanism or judicial redress
One part of the DSA that applicable businesses are likely to be pleased with is the harmonization of the liability exemption, which makes it clear that platforms and other intermediaries are not liable for users’ unlawful behavior unless the platform is aware of the illegal acts and fails to remove them.
For the largest online platforms, so-called “gatekeepers,” the DSA includes prohibitions on discriminating against other businesses in favor of the gatekeeper’s services, obligations to ensure interoperability with the gatekeeper’s platform, and obligations to share, in compliance with privacy rules, data that is provided or generated through business users' and their customers' interactions on the gatekeeper’s platform.
A platform may be deemed to be a gatekeeper if it
- has a strong economic position and a significant impact on the internal market, and is active in multiple EU countries;
- has a strong intermediation position, meaning that it links a large user base to a large number of businesses; and
- has (or is about to have) an entrenched and durable position in the market, meaning that it is stable over time if the company met the two above criteria in each of the last three financial years.
EU countries will have primary responsibility for overseeing compliance with, and enforcing, the DSA, supported by a new European Board for Digital Services. For very large platforms, the EU Commission will undertake supervision and enforcement.
The political agreement is now subject to formal approval of the legislation by the European Parliament and Council. Once formally approved, the DSA will apply after 15 months or from January 1, 2024, whichever is later.
It is not clear whether the United Kingdom will adopt similar legislation; however, UK businesses in scope of the DSA that offer their services to users in the European Union will be subject to the DSA.