The Digital Services Act (DSA) - One more acronym to be aware of
On the 16th of November 2022, a new act, the Digital Services Act (DSA) entered into force.
So, as well as the NIS2 directive, which widens the scope of the rules of NIS (the directive on security of network and information systems), we now need to be aware of this latest act, which will affect our industry in some way.
So what’s it all about ?
As per the European Commission's (EC) own words; “The Digital Services Act (DSA) regulates the obligations of digital services that act as intermediaries in their role of connecting consumers with goods, services, and content.
This includes online marketplaces amongst others.
It will give better protection to users and to fundamental rights online, establish a powerful transparency and accountability framework for online platforms and provide a single, uniform framework across the EU.”
The DSA aims to create a safer and more transparent online environment for all EU citizens. It does this by requiring online service providers to take greater responsibility for the content that appears on their platforms. For example, the DSA requires these companies to put in place measures to detect and remove illegal content, such as hate speech and incitement to violence.
Another key aspect of the DSA is that it seeks to level the playing field for smaller businesses operating online. The act includes measures to prevent large companies from using their dominant market position to unfairly discriminate against smaller competitors. This will make it easier for new, innovative companies to enter the online market and compete with the established players.
Additionally, the DSA includes provisions to protect the personal data of EU citizens. This includes requiring online service providers to be more transparent about how they collect, use, and share personal data, and to provide greater control to users over their own data.
But why another act?
Up until recently, the legal framework for the provision of digital services in the EU was the e-Commerce Directive. This framework was adopted over 20 years ago and as well know very well, things change very quickly in the online space. The EC felt it was time to upgrade it.
Once again, from the horse’s mouth;
“The new rules are proportionate, foster innovation, growth and competitiveness, and facilitate the scaling up of smaller platforms, SMEs and start-ups. The responsibilities of users, platforms, and public authorities are rebalanced according to European values, placing citizens at the centre. The rules
Better protect consumers and their fundamental rights online.
Establish a powerful transparency and a clear accountability framework for online platforms
Foster innovation, growth and competitiveness within the single market
The Digital Services Act and Digital Markets Act create a level playing field that will allow innovative digital businesses to grow within the single market and compete globally.
So who does it cover?
In short, pretty much anyone that provides some sort of online service. While this certainly looks to be focused on very large platforms and very large search engines (make whatever leap you wish), there are obligations for our industry.
Intermediary services offering network infrastructure: Internet access providers, domain name registrars, including also:
Hosting services such as cloud and web hosting services, including also:
Online platforms bringing together sellers and consumers such as online marketplaces, app stores, collaborative economy platforms and social media platforms.
Very large online platforms pose particular risks in the dissemination of illegal content and societal harms. Specific rules are foreseen for platforms reaching more than 10% of 450 million consumers in Europe
The obligations vary depending on what type of service you provide, with the (quite substantial) onus being laid at the feet of online platforms and very large platforms.
Below, we've narrowed down the obligations to players in the Intermediary services (IS) and Hosting services (HS). Domain name registrars fall into the former category.
Transparency reporting: Both IS and HS
Requirements on terms of service due account of fundamental rights: Both IS and HS
Cooperation with national authorities following orders: Both IS and HS
Points of contact and, where necessary, legal representative: Both IS and HS
Notice and action and obligation to provide information to users: Only HS
Reporting criminal offences: Only HS
Is this yet another cost centre for only EU based service providers?
It SEEMS not. The new EU rules will apply to all online intermediaries offering their services in the single market, whether they are established in the EU or outside. They will have to comply with these new rules even if they do not have a physical presence in the EU.
As a result, when not established in the EU, they will have to appoint a legal representative of their choice in one of the member states. This can be done through a branch office or another type of legal entity such as an association or company. Many companies already do as part of their obligations in other legal instruments.
While this “levels the playing field”, organisations will have to pick up the tab of the additional services / processes they will have to implement. Sparking concerns that organisations will need to raise prices and that in the long run, the consumer will pay, as always.
So, why should I care ?
You don't need to care but you should, at the very least, familiarise yourself with the obligations of the act.
The act aims to increase regulatory oversight and accountability of online platforms, which could result in increased compliance costs and potential fines for non-compliance.
On a more positive note, the act aims to improve online safety and security, which could lead to increased consumer trust in online services and potentially drive more business for hosting and domain name registrar companies.
When do I need to act?
The DSA entered into force on the 16th of November 2022. It will be directly applicable across the EU and will apply fifteen months or from 1 January 2024, whichever comes later, after entry into force.
Where do I find out more ?
The EU commission has published some helpful documents, which are listed below