The Digital Services Act (DSA), a major EU regulation for online content, was signed into law yesterday.

The DSA together with the Digital Markets Act (the DMA) form part of an EU legislative strategy that seeks to create a level playing field for both big and small businesses in the digital world, create a harmonized approach to doing business online and to create a safer environment for users online.

What ‘s new

More particularly, the DSA aims to achieve the following objectives:

  1. Establish a powerful transparency and accountability framework for internet intermediaries:

The DSA will hold intermediaries accountable for policing content on their sites. This is achieved through imposing obligations to carry out content moderation and transparency reporting and requiring them to comply with orders to remove illegal content from their services. For larger online intermediaries, the DSA requires them to carry out risk assessments and external audits and to report on the findings.

  1. Ensure the safety of users of digital services:

The DSA provides users with actionable rights. Users will be entitled to lodge a complaint in circumstances where an online intermediary fails to comply with the DSA.

  1. Create a harmonized approach to content regulation:

DSA rules will apply on a pan-European basis and will address the legislative “gaps” that currently exist from the fragmented enforcement and implementation of the e-Commerce Directive. The DSA also provides for unified enforcement as it allows for co-operation between Member States and provides for a supervisory and enforcement role for the European Commission in respect of certain provisions of the DSA.

Services in scope

The DSA will apply to a range of providers of digital “intermediary services” (which would include mere conduit services, caching services and hosting services), where such services are offered to natural or legal person recipients that are established or located in the EU. Broadly, the obligations set out in the DSA are proportionate to the scale of the user base of the service provider. The most significant obligations will fall on:

  • Very Large Online Providers (VLOPs) – these are online platforms that store and disseminate user-generated content to the public at the request of a user. The platform must have 45+ million active monthly users in the EU in order to qualify as a VLOP.
  • Very Large Online Search Engines (VLOSEs) – these are online search engines that consist of 45+ million active monthly users in the EU.

VLOPs and VLOSEs: What are the key obligations

Some of the key obligations for VLOPs and VLOSEs (“Large Providers“) include:

  • the obligations to perform risk assessments to assess the “significant systemic risks” that stem from the provision of their services. This would include risks in relation to the dissemination of illegal and other harmful content through their services. Large Providers will be required to put in place reasonable, proportionate and effective mitigation measures, tailored to the specific systemic risks identified in their risk assessment, with particular consideration for the impacts of such measures on fundamental rights;
  • the obligation to establish an independent compliance function that reports directly to the management body of the provider and can raise concerns and warn the management body of non-compliance risks;
  • the obligation to conduct independent audits which assess the provider’s compliance with certain obligations arising under DSA, as well as any commitments to the codes of conduct; and
  • the obligation to comply with detailed transparency reporting requirements including the requirement to make publicly available reports, setting out the main findings of the external audit and the results of the risk assessment.

When does the DSA come into force

The DSA is due to be signed into law on 19 October 2022. It will enter into force 20 days after its publication in the Official Journal of the European Union. The majority of its provisions will apply 15 months thereafter or on 1 January 2024, whichever is later. However, rules governing Large Providers will apply from four months after the provider has been notified of its designation as a VLOP/VLOSE by the European Commission.

For more information on this topic, please contact Andrea Lawler, Partner, Commercial & Technology, Caitríona Lavelle, Solicitor Commercial & Technology or any member of A&L Goodbody’s Commercial & Technology team