The Digital Services Act 2024 takes effect

What is the purpose of the DSA?

The DSA creates a safer digital space where users’ fundamental rights are protected and businesses operate on a level playing field. It aims to establish an accountable framework for digital services, enhancing transparency and ensuring high protection for consumers and their online rights. Its primary objective is to prevent illegal and harmful activities online and combat the spread of misinformation. The DSA will achieve this by granting users of digital services greater control over the content they interact with online and impose new obligations on entities that fall under the DSA’s purview.

Who does the DSA apply to?

The DSA applies to all digital intermediaries, regardless of their type. All intermediary services provided via the internet are subject to the provisions. However, the obligations vary depending on the nature of the intermediary service provided. These obligations are tiered and cumulative, meaning that higher categories of intermediary service providers will have more obligations than lower categories. For example, the obligations of a social media platform would be more stringent than those of a search engine.

The DSA does not apply to services where the dissemination of information to the public is merely ancillary¹ to the service provided.

The DSA applies to four categories of digital intermediaries:

1. Very significant online platforms and search engines present distinctive challenges in the propagation of illegal content and societal risks. Special regulations are anticipated for platforms reaching beyond 10% of the European consumer base of 450 million, and the DSA offers a compiled list of designated platforms.
2. Online platforms serve as hubs connecting sellers and consumers, embracing diverse entities like online marketplaces, app stores, collaborative economy platforms and social media platforms.
3. Hosting services, encompassing cloud and web hosting services, fall under the umbrella of online platforms, subject to regulatory considerations.
4. Intermediary services providing network infrastructure, such as internet access providers and domain name registrars, also fall within the regulatory framework, which encompasses hosting services.

_{¹DSA regulations do not cover services where providing information to the public is a secondary or minor aspect of the overall service. If information dissemination is not a primary function of a service, the DSA may not apply to it. For example, if a platform primarily focused on selling products provides some informational content that is not central to its purpose, the DSA might not apply to that specific service.}

Additional obligations for VLOPs and VLOSEs

The DSA imposes additional obligations on very large online platforms (VLOPs) and very large online search engines (VLOSEs), which are service providers with at least 45 million average monthly active users in the EU. These obligations include systemic risk assessments, risk mitigation measures and independent audits.

The DSA places an emphasis on assessing and mitigating system risks related to the design, functionality and use of services. This includes redesigning services, terms and conditions, content moderation processes and advertising system processes. These measures aim to ensure a safe, transparent and accountable online environment for users. Clear information must be provided to ensure users can opt out of recommendation systems based on profiling.

To ensure user privacy, VLOPs and VLOSEs must establish a clear point of contact for both authorities and users. Having a designated contact ensures efficient communication and accountability. Such companies must:

• Promptly report any criminal offences detected on their services. Timely reporting contributes to maintaining a safe online environment.

• Draft user-friendly terms and conditions. Clarity in legal language fosters transparency and informed consent.

• Ensure transparency in advertising and recommender systems. Users should know how content is recommended to them.

• Disclose the main parameters used in their recommender systems. This empowers users to make informed choices.

• Proactively assess their systemic risk. Continual monitoring helps identify, analyse and assess potential harms associated with their services.

It is also important to note that VLOPs and VLOSEs must not base their recommendation systems on users’ sensitive information, such as sexual orientation, religion, ethnicity and so on. This ensures that users are not discriminated against and their privacy is protected.

Guidance in Ireland

The Digital Service Coordinators (in Ireland, it is Comisiún na Meán) are expected to provide further guidance in the future.