More than four years after the European Commission first explored the need for the regulation of digital services, the Digital Services Act (“DSA”) came into force for all in-scope “intermediary service providers” on 17 February 2024. The DSA sets out various obligations with a view to combatting the circulation online of illegal goods and services and illegal or harmful content, and includes obligations relating to notice and takedown of illegal or harmful content (ordered by a court or reported by a user), provision and enforcement of user terms and conditions, content moderation, user reporting mechanisms, user rights to appeal and out-of-court dispute resolution, trusted flaggers, dark patterns, advertising and recommender system transparency, due diligence on online traders, risk assessments and mitigation measures, independent audits and reporting and transparency. Intermediary service providers are subject to some or all these obligations depending on what type of intermediary service provider they are. “Hosting services,” which store content provided by users of their service (e.g. cloud services), are subject to a basic set of these obligations. “Online platforms,” a type of hosting service that disseminates the content provided by the users to the public (e.g. social media platforms), are subject to a further set of these obligations.  “Very Large Online Platforms” (“VLOPs“) and “Very Large Online Search Engines,” services which have 45 million or more average monthly active users in the EU, are subject to all such obligations and more. To date, 17 VLOPs have been designated by the Commission and the DSA is already in force already for a number of them.

The DSA provides for the Commission to produce several Implementing Acts (EU secondary legislation adopted by the Commission where uniform conditions for implementing a legally binding parent EU act are needed), Delegated Acts (EU secondary legislation adopted by the Commission that supplements or amends certain non-essential elements of a parent EU act) and guidelines. Work has already started with the Commission launch of the Statement of Reasons public database (under Article 24(5) DSA) (previously reported by Wiggin here and here), the launch of a consultation on an Implementing Act containing mandatory templates for use in respect of the obligation on online platforms to publish annual content moderation reports (under Article 15(1) and 24(6) DSA) (previously reported by Wiggin) and the launch of a consultation on guidelines for VLOPs and VLOSEs on election integrity (see Article 34(1)(c) DSA) (previously reported by Wiggin).

The DSA also provides for Implementing Acts to be made on information sharing by authorities, the annual supervisory fee that will be charged to VLOPs and VLOSEs to contribute to the costs of enforcement, and on the powers of the authorities to, amongst other things, conduct inspections of VLOPs and VLOSEs. It also provides for there to be Delegated Acts on data access for vetted researchers, the methodology for counting a service provider’s annual users, the process of adjusting the number of users under the test to determine whether an online platform qualifies as a VLOP or VLOSE, independent audits and VLOP and VLOSE obligations to share data on compliance with the authorities. Finally, the DSA also provides for the establishment of guidelines to clarify issues such as the role of “trusted flaggers”, dark patterns, protection of minors, aspects of risk mitigation by VLOPs and VLOSEs, and on the nature of the advertising repositories which must be provided by VLOPs and VLOSEs.

17 February 2024 is also the date on which each EU Member State must appoint a Digital Service Coordinator but, according to reports, less than half of Members States have done so to date.

For more information, click here.