Flag of the European Union

Quick Hits

  • The DSA forms a key element of the EU’s Digital Strategy to strengthen the legal framework for digital advancements and ensure a safe online environment for EU residents.
  • The DSA aims to enable more informed business decisions by increasing the transparency of online services internal operations.
  • The extraterritorial application of the DSA means that it also applies to non-EU organisations that target the EU market or that have a significant number of EU users.

The Digital Services Act does not affect all online services in the same way and instead has provisions based on the category of the service. Three categories of “intermediary services” are covered by the DSA, including “mere conduit services,” “caching services” and “hosting services.” Article 3 of the DSA provides definitions for each of the three categories of services, while recital 29 provides examples. In general, “intermediary services” refers to:

  • enabling the access or transmission of information via a communication network;
  • storing data temporarily as it is transferred via recipients of the service network to increase the efficiency of that data exchange; and
  • storing information provided by the recipients of the service at their request.

Depending on the type of service, the DSA sets various obligations. These include the following:

Transparency and Notice

There are transparency reporting obligations for all online platforms and hosting services. Providers are required to submit a public report when notices are received regarding content moderation. This means a “statement of reasons” must be provided to a European Commission public database whenever content is restricted or removed. Public reports must contain information such as the amount of content removed, the number of notices received, and the number of orders from all relevant national judicial or administrative authorities. Online platforms must prioritise notices by organisations deemed “trusted flaggers” by the designated member state’s Digital Services Coordinator (DSC). Additional transparency requirements apply for VLOPs and VLOSEs. Some reports for these platforms have already been published.

Clarity and Accessibility

Service providers must clearly describe any restrictions they impose on the use of their services in their terms and conditions and must correctly enforce such restrictions. Additionally, services aimed at users under eighteen years of age must provide conditions and restrictions in a manner understandable to a minor.

Online platforms must create online platform interfaces that do not interfere with the ability of service recipients to make free and informed decisions and are prohibited from using malicious nudging such as “dark patterns” which are incorporated into digital design interfaces to distort the choices of the user. They must also provide transparency regarding any advertisements that may appear on their platforms. The DSA requires online platforms to establish an internal complaint management system. The DSA also directs EU member states to establish certified out-of-court dispute settlement bodies to handle disputes about withdrawn content that were not resolved through an online provider’s internal complaint management system.

Intermediary services must provide two points of contact: one for the recipients of the services and one to permit direct communication with the DSC. Providers that are not based in the European Union but provide services there must appoint a legal representative in the European Union.

Hosting Services Additional Obligations

As well as the obligations applicable to all providers of intermediary services, the providers of hosting services must establish a mechanism to enable third parties to notify the presence of allegedly illegal content. If a provider chooses to delete information, suspend, or end service delivery, it must give the relevant user a reasoned explanation. Should the finding raise concern of a criminal offence national law enforcement or judicial authorities must be informed.

Online Marketplaces

In addition to online platforms’ obligations, online marketplaces will be required to assess whether traders have sufficient and reliable information. Furthermore, online marketplaces are required to implement mechanisms for flagging illegal content and goods that infringe a trader’s rights, including intellectual property rights, or that compete on an unfair level.

Noncompliance

The DSA carries significant fines for noncompliance, including up to 6 percent of an organisation’s annual global turnover.

The European Commission together with DSCs will continue to enforce the DSA, with further obligations set to take effect in 2025. The DSA will indirectly affect a large group of organisations, including online traders and intellectual property owners such as brand owners. Organisations may wish to remain aware of these updates and evaluate their compliance with the latest provisions of the DSA.

Ogletree Deakins’ Cybersecurity and Privacy Practice Group and Technology Practice Group will continue to monitor developments and will provide updates on the Cross-Border, Cybersecurity and Privacy, and Technology blogs as additional information becomes available.

Simon J. McMenemy is the managing partner of the London office of Ogletree Deakins, and he is the chair of the firm’s Cybersecurity and Privacy Practice Group.

Lorraine Matthews is a data protection and cybersecurity practice assistant in the London office of Ogletree Deakins.

Follow and Subscribe

LinkedIn | Instagram | Webinars | Podcasts

Author


Browse More Insights

Fingerprint Biometric Authentication Button. Digital Security Concept
Practice Group

Technology

Ogletree Deakins is uniquely situated to provide tech employers and users (the “TECHPLACE™”) with labor and employment advice, compliance counseling, and litigation services that embrace innovation and mitigate legal risk. Through our Technology Practice Group, we support clients in the exploration, invention, and/or implementation of new and evolving technologies to navigate the unique and emerging labor and employment issues present in the workplace.

Learn more
Modern dark data center, all objects in the scene are 3D
Practice Group

Cybersecurity and Privacy

The attorneys in the Cybersecurity and Privacy Practice Group at Ogletree Deakins understand that data now accumulates quickly and transmits easily. As the law adapts to technical advancements, we effectively advise our clients as they work to comply with new developments and best practices for protecting the privacy of the data that their businesses collect and retain.

Learn more
Glass globe representing international business and trade
Practice Group

Cross-Border

Often, a company’s employment issues are not isolated to one state, country, or region of the world. Our Cross-Border Practice Group helps clients with matters worldwide—whether involving a single non-U.S. jurisdiction or dozens.

Learn more
Inside a large shopping mall in Almaty
Industry Group

Retail

Ogletree Deakins is a retail industry leader with clients ranging from brick-and-mortar retailers to online merchants, and small businesses to Fortune 500 corporations. We represent companies in a range of retail sectors, including but not limited to: discount stores, department stores, luxury retailers, home goods and specialty stores, home improvement centers, grocers, pharmacies, online retailers…

Learn more

Sign up to receive emails about new developments and upcoming programs.

Sign Up Now