digital-service-act-ue-eu-europa

Digital Service Act approved by the European Parliament: new features on online intermediaries

The European Parliament has recently passed the Digital Services Act[1], a regulation that replaces and novates the previous liability regime for information society service providers, consisting of the E-commerce Directive EC Directive 2000/31[2]. This contribution will analyze the main novelties and the continuities between the old and the new regimes.

Introduction

5 July represents a very important milestone in the roadmap of European digital regulation. In fact, this is the date on which the European Parliament approved the Digital Services Act (DSA), presented by the Commission in December 2020 and on which political agreement had already been reached on April 23, 2022.

This regulation’s stated objective is to contribute to the proper functioning of the internal market for intermediary services by establishing harmonized rules for a safe, predictable, and reliable online environment that facilitates innovation and in which the fundamental rights enshrined in the European Charter of Fundamental Rights, including the principle of consumer protection, are effectively protected.

In other words, it aims to redefine the rules applicable to online platforms by amending the Directive 31/2000, the so-called ‘E-commerce Directive’ and the main regulatory reference with regard to “provider liability’ or “secondary liability’. Indeed, the digital transformation and the increased use of digital services have given rise to new risks and challenges for individual service recipients, for businesses, and for society as a whole, hence the need to revisit the previous regulatory framework, now more than 20 years old.

Main novelties

The new regulatory framework applies to ‘information society services’, i.e. entities offering services at a distance, by electronic means, at the request of a recipient, ‘normally for remuneration’.

The overall architecture of the E-commerce Directive is preserved, but new rules on transparency, disclosure requirements, and accountability are adopted, primarily reflecting existing case law. The choice of regulation rather than directive as the form for the new legislation is a significant continuity solution. The direct applicability of the DSA is anticipated to help eliminate disparities between national E-commerce Directive transpositions.

However, the responsibility exemption for providers engaged in mere conduit, caching, and hosting activities remains preserved. This exemption, which focuses on hosting providers, is based on the condition that the provider of such an information society service is not liable for data maintained at the recipient’s request. All of the above, if the provider lacks actual knowledge of illegal activity or illegal content and, with respect to claims for damages, is unaware of facts or circumstances from which the illegal activity or illegal content is apparent; and, upon acquiring such knowledge or awareness, acts expeditiously to remove or disable access to the illegal content.

Similarly, the absence of a general obligation to monitor the platform for user activity is maintained, but certain exceptions are added. In addition, the DSA introduces a sort of “Good Samaritan” language to highlight that intermediaries are permitted to conduct bona fide voluntary investigations or other efforts aimed at finding and deleting illegal content without the risk of losing exemptions for that reason alone.

In addition to replicating the above exemption framework, the Digital Services Act imposes:

1. due diligence obligations for some specific categories of intermediary service providers.

2. new rules for implementation, enforcement, cooperation and coordination between Member States on digital services.

Perhaps the most significant novelty is the introduction of a ‘scaled’ discipline with four categories of providers and a progressive increase in the obligations, proportionate to the influence played, and responsibilities placed on the platform due to belonging to one or the other of the specified categories. These obligations are summarized here in the Table below.[3]

The categories would be intermediary services, hosting (e.g. cloud), online platform (e.g. social media) and very large platforms.

Intermediary services

Hosting
services
Online
platforms

Very large
platforms

Transparency measure for the online platform Transparency Reports

X

X

X

X

Requirements on terms of service that take into account fundamental rights

X

X

X

X

Notification, intervention and obligation to provide information to users

X

X

X

Transparency of user-facing online advertising

X

X

Transparency of recommendation systems

X

Supervision structure to deal with the complexity of the online space Cooperation with national authorities following orders

X

X

X

X

Contact points and, if necessary, legal representative

X

X

X

X

Complaint, redress and out-of-court dispute resolution mechanism

X

X

External and independent audit, internal compliance function and public accountability

X

Cooperation in response to crises

X

Measures against illegal goods, services, or content online Trusted flaggers

X

X

Measures against abusive service and counter-notification

X

X

Special obligations for marketplaces, e.g. verification of credentials of third-party providers (‘KYBC’), compliance by design, random checks.

X

X

Reporting offences

X

X

Risk Management Obligations

X

X

Codes of Conduct

X

Access by researchers and authorities to key data Sharing data with authorities and researchers

X

The establishment of new national authorities to oversee the DSA’s implementation is an additional innovation of note. In Chapter IV of the proposal, the procedural structure of this body is outlined. This individual is known as the Digital Services Coordinator, and he or she will be responsible, in each Member State, for overseeing the precise application of the DSA with respect to the platforms that have their main establishment in that Member State. The Digital Services Coordinator[4] will have three powers: investigative; enforcement, such as the power to order the cessation of violations, to impose corrective measures or interim measures aimed at avoiding the risk of serious harm; and the power to impound platforms that violate the DSA.

Finally, where the previous measures prove ineffective, coordinators also have the power to:

  1. to require the adoption of an action plan setting out the measures necessary to bring the infringement to an end and to ensure that the provider takes such measures, and to report on the measures taken
  2. to request the competent judicial authorities of that Member State to order the temporary restriction of access of the recipients of the service affected by the infringement.

Finally, platforms may also be sanctioned for submitting incorrect, incomplete or misleading information, as well as for failing to reply or rectify the same information, and for failing to submit to inspections. In these cases, however, penalties may not exceed 1 per cent of annual income or turnover (Article 42(3)).

Next steps

After the European Parliament adopted the DSA at first reading in July 2022, the text must be approved by the Council of the European Union. The DSA will be signed by the Presidents of both institutions and published in the Official Journal following acceptance by the Council. Then, twenty days following its publication in the Official Journal, it will enter into force.

With the exception of the responsibilities for big online platforms and large online search engines, which will apply four months after their designation, the DSA will be directly applicable throughout the EU after 15 months or on 1 January 2024, whichever is later.[5]

References

  1. https://digital-strategy.ec.europa.eu/en/policies/digital-services-act-package
  2. https://eur-lex.europa.eu/legal-content/EN/ALL/?uri=CELEX%3A32000L0031
  3. The Digital Services Act: An Analysis of Its Ethical, Legal, and Social Implications <https://www.researchgate.net/publication/357803324_The_Digital_Services_Act_An_Analysis_of_Its_Ethical_Legal_and_Social_Implications>
  4. https://www.lawinsider.com/dictionary/digital-services-coordinator-of-establishment
  5. https://ec.europa.eu/commission/presscorner/detail/en/IP_22_2545