The EU Digital Services Act (DSA) entered into force on 16 November 2022. Its primary aim is to ensure a “safe, predictable and trusted online environment”. To this end, the DSA inter-alia prescribes rules for:
- How intermediary services can escape liability against illegal content and services, and
- What due diligence measures should intermediary services adopt for tackling illegal content and services; and claiming exemption from liability.
The Questions and Answers published by the European Commission further outline the scheme and objectives of the DSA.
The coming into force of the DSA marks the beginning of preparations for its implementation and enforcement. However, the Act will be implemented in phases. Regulated organizations are required to already comply with certain obligations as per the following timeline:
Publication of average monthly active recipients of service by 17 February 2023
Providers of online platforms and search engines need to publish the average monthly active recipients of their services in the EU on a “publicly accessible section” of their website. For this first instance, the Commission has encouraged providers to share their average monthly recipients by email to CNECT-DSA-Registry@ec.europa.eu, as well as with the concerned Digital Services Coordinator, once appointed.
The Commission has also issued guidance on calculating the average through another set of Questions and Answers. Eventually, the mechanism for this calculation will be determined as per the Commission’s delegated legislation.
Basis this metric, the Commission will identify and designate “Very Large Online Platforms” (VLOPs) and “Very Large Online Search Engines” (VLOSEs) - platforms and search engines with 45 million average monthly active recipients or more.
DSA applies to VLOPs and VLOSEs by Summer 2023
VLOPs and VLOSEs are to comply with the DSA within four months of their designation. This four-month period is expected to end by mid-2023, and at the latest by September 2023.
Specifically, VLOPs and VLOSEs are required to complete the assessment of “systemic risks” posed by their services within this deadline. Systemic risks include circulation of illegal content; threat to fundamental rights of individuals such as their right to dignity and privacy; possible negative effects on electoral processes, public interest, security etc., among others.
DSA applies in entirety by 17 February 2024
The DSA will apply to all intermediary services falling within its scope across member states by 17 February 2024.
Call to action
Given the enormously high fines of up to 6% of the defaulting organization’s annual global turnover, it would be prudent for potential VLOPs and VLOSEs to err on the side of caution and strategize for complying with the DSA, with assessment of systemic risks being a priority.
Services that could qualify as platforms or search engines, in so far as their recipients are based in the EU, should work towards publishing information on their monthly average active recipients by the 17 February deadline, if they haven’t already.
Admittedly, it can be challenging for providers to determine whether their services fall within the scope of the DSA and to what extent, as the answer depends on factors such as the nature of the service, its primary functionality, and the interpretation of the Act. On the bright side, upcoming guidance and delegated legislations from the Commission should help make the route to compliance more tangible.
We at Considerati are closely following these developments and remain available for any questions you may have in preparing for compliance with the DSA.