3. Data & Technology
  5. European Union: The Digital Services Act - What is changing in the world of tech?

European Union: The Digital Services Act - What is changing in the world of tech?

17 Oct 2023    5 minute read
DSA DT Featured Content

In brief

The Digital Services Act (DSA) imposes wide-ranging and transformative obligations on online intermediaries and platforms.

As has been well-publicized over the last few months, the most onerous obligations and tighter deadlines for compliance fall on services designated by the Commission as very large online platforms (VLOPs) or very large online search engines (VLOSEs).

However, all online platforms and online search engines were required to publish information on their user figures earlier this year, and all online intermediaries in scope should be preparing for full compliance in February 2024.

The European Commission's Digital Services package also includes the Digital Markets Act (DMA), which is targeted at a more limited number of "gatekeepers" and imposes additional obligations on these "core platform services," which have until early 2024 to comply. Please contact us for more information on the DMA.

Contents

Key takeaways

The steps in-scope organizations should be thinking about now are:

  • Determine your role: Even if you are not considered a VLOP or VLOSE if you are providing intermediary services, hosting services, or operating an online platform, you will fall within the scope of the DSA. Different categories of service providers will have different obligations under the DSA, so it is crucial to identify which type of service provider you are.
  • Prepare for implementation: The DSA will apply to all service providers on 17 February 2024. Once you have determined which obligations apply to you as a service provider, you must start taking steps to ensure you are DSA-compliant by the applicable deadline.
  • Future planning and future proofing: It's never too soon to start thinking about how your current obligations may change going forwards. Consider now how your plans for future products/services may tip you into a different category of service provider (with its own new obligations) or whether the growth of your business will trigger a future designation as a VLOP/VLOSE.
  • Understand the practical burden of compliance: for example,
    • For online platforms, including prominent ad disclosures identifying the advertiser and main parameters of the ad targeting and updating T&Cs with the main parameters used in recommender systems.
    • Additionally, for marketplaces, complying with obligations relating to trader traceability (to obtain, verify, and publish information on all traders offering goods/services on the platform).

These new requirements will have a significant impact on online platforms and marketplaces, involving new processes and disclosures (both proactive and reactive).

In more detail

Timeline

What's happened already?

  • 17 February 2023 - all online platforms and online search engines were required to publish information on the "average monthly active recipients of the service" (MARs) in the EU (and continue to publish these figures every six months thereafter).
  • Online platforms and search engines with 45 million or more average MARs in the EU will be designated as VLOPs/VLOSEs. The European Commission designated the first set of 17 VLOPs and two VLOSEs in April 2023.
  • The DSA applied to designated VLOPs/VLOSEs from August 2023.

What's next?

  • 17 February 2024 - the DSA will apply to all other in-scope service providers.
  • Further designations of VLOPs/VLOSEs based on MAR calculations will likely follow in the coming months.

Who will enforce the DSA?

  • The Commission is responsible for the supervision and enforcement of the DSA against VLOPs and VLOSEs.
  • Enforcement against other service providers will be via Digital Services Coordinators designated by each Member State.
  • Intermediaries based outside the EU will be in scope if they have significant numbers of EU recipients, target their activities towards the EU, or if other facts result in a "substantial connection" with the EU.

Who is in scope?

The DSA applies to "intermediary services" including:

  • Services offering network infrastructure, such as internet access providers or domain name registrars.
  • Hosting services, such as cloud and web hosting services.
  • Online platforms, such as online marketplaces, social networks, content-sharing platforms, app stores, and online travel and accommodation platforms.
  • Online search engines.

One point worth flagging is that "online platform" is defined broadly; if a service hosts content provided by users and disseminates it as its main purpose, it will be caught.

Key issues

  • Product/service categorization.
    • The first step is for service providers to determine whether they provide "intermediary services" and, if so, what category their services fall into. Categorization is often difficult, particularly for services that have a range of functionalities / intermediary functionalities and content sources, but it is important: for Online Platforms, it will impact how to calculate MARs and, therefore, the likelihood of designation as a VLOP/VLOSE, and determine which substantive obligations under the DSA apply. Service providers also in the scope of the DMA will need to consider how their services are categorized under both the DSA and DMA in parallel. We expect the Commission to take a close interest in service categorization and to apply the definitions strictly.
  • Reporting monthly active recipients.
    • All online platforms and online search engines were required to publish information on MARs of their service in February 2023 and every six months thereafter. The Commission has published guidance on this requirement; as the DSA beds in, we expect to see enforcement action for failure to publish and further development of the Commission's methodology for determining MARs.
  • Actions required for compliance - these may include:
    • Making proactive changes to products or building new functionality.
    • Building new internal processes, for example, to assess DSA compliance, respond to takedown requests, or manage account suspensions.
    • Preparing for proactive and reactive disclosures to the relevant regulatory authority, law enforcement, users, and the public.
    • Building a compliance function and putting in place dedicated personnel.
    • Embedding new design principles driven by DSA compliance.
  • Horizon scanning.
    • Platforms and search engines close to hitting 45m MARs in the EU will need to future-proof their products and compliance efforts against the likelihood of future designation as a VLOP or VLOSE, with the more onerous obligations that entails. Service providers will need to assess not just their existing user base, product categorisation, and functionality but where they plan to be in the future.
    • All service providers will need to consider how future product design and development will affect service categorisation under the DSA and understand what additional compliance obligations may kick in as products evolve and new products are launched.
    • All service providers will also need to consider how the enforcement landscape will likely evolve. Who is likely to be designated as the local regulator? How active is that local regulator likely to be, and what are its own priorities? How quick have local regulators been to enforce other emerging laws, for example, in the data privacy or consumer space? Will regulators become more sophisticated as more information is made available to them, and how will that shape the regulators' view of your products?
Contact Information
John Groom
Partner
London
Read my Bio
john.groom@bakermckenzie.com
Natasha Denton
Associate
London
natasha.denton@bakermckenzie.com
Kathy Harford
Lead Knowledge Lawyer
London
kathy.harford@bakermckenzie.com

Copyright © 2024 Baker & McKenzie. All rights reserved. Ownership: This documentation and content (Content) is a proprietary resource owned exclusively by Baker McKenzie (meaning Baker & McKenzie International and its member firms). The Content is protected under international copyright conventions. Use of this Content does not of itself create a contractual relationship, nor any attorney/client relationship, between Baker McKenzie and any person. Non-reliance and exclusion: All Content is for informational purposes only and may not reflect the most current legal and regulatory developments. All summaries of the laws, regulations and practice are subject to change. The Content is not offered as legal or professional advice for any specific matter. It is not intended to be a substitute for reference to (and compliance with) the detailed provisions of applicable laws, rules, regulations or forms. Legal advice should always be sought before taking any action or refraining from taking any action based on any Content. Baker McKenzie and the editors and the contributing authors do not guarantee the accuracy of the Content and expressly disclaim any and all liability to any person in respect of the consequences of anything done or permitted to be done or omitted to be done wholly or partly in reliance upon the whole or any part of the Content. The Content may contain links to external websites and external websites may link to the Content. Baker McKenzie is not responsible for the content or operation of any such external sites and disclaims all liability, howsoever occurring, in respect of the content or operation of any such external websites. Attorney Advertising: This Content may qualify as “Attorney Advertising” requiring notice in some jurisdictions. To the extent that this Content may qualify as Attorney Advertising, PRIOR RESULTS DO NOT GUARANTEE A SIMILAR OUTCOME. Reproduction: Reproduction of reasonable portions of the Content is permitted provided that (i) such reproductions are made available free of charge and for non-commercial purposes, (ii) such reproductions are properly attributed to Baker McKenzie, (iii) the portion of the Content being reproduced is not altered or made available in a manner that modifies the Content or presents the Content being reproduced in a false light and (iv) notice is made to the disclaimers included on the Content. The permission to re-copy does not allow for incorporation of any substantial portion of the Content in any work or publication, whether in hard copy, electronic or any other form or for commercial purposes.

HighQ
Copyright Baker McKenzie 2024 | Disclaimers | Supplemental Privacy Statement