Today, 25 August 2023, the Digital Services Act (“DSA”) takes effect for very large online platforms and search engines – the so-called VLOPs and VLOSEs. These are the big tech players (i.e. those platforms and search engines with more than 45 million monthly active users per month in the EU) designated by the European Commission.
For in-scope intermediaries who are not designated VLOPs or VLOSE’s, the DSA will come into general effect on 17 February 2024.
What does the DSA do?
As outlined in our previous blog (see here), the DSA covers online intermediaries offering services in the EU single market, regardless of where they are established. The obligations placed on them scale proportionately depending on their size and nature, with VLOPs and VLOSEs having the most extensive and onerous obligations of all.
These most onerous obligations include requirements to assess, mitigate and report any systemic risks from the design, functioning and use made of the platform’s services; to carry out external and independent auditing at least annually to assess compliance with the DSA; to share data with authorities and researchers; and to establish an internal compliance function.
These large players will also be required to pay an annual supervisory fee of 0.05% of global turnover to fund monitoring and enforcement and will face large fines of up to 6% of global turnover if they fail to comply with the DSA.
Designated VLOPs and VLOSEs
The European Commission has designated a list of 17 VLOPs and 2 VLOSEs. This designation was made based on information regarding user numbers that all online platforms in scope of the DSA were required to publish by 17 February 2023. These designated VLOPs and VLOSEs are as follows:
VLOPs: | Alibaba AliExpress; Amazon Store; Apple AppStore; Booking.com; Facebook; Google Play; Google Maps; Google Shopping; Instagram; LinkedIn; Pinterest; Snapchat; TikTok; Twitter; Wikipedia; YouTube; and Zalando |
VLOSEs: | Bing and Google Search |
Legal challenges to VLOP designations
Although the designation of many of the above platforms as VLOPs was unsurprising (e.g. the designation of large social media platforms such as Facebook) others were less obvious (e.g. online retailer Zalando). Zalando’s website not only allows users to buy items directly from Zalando, but also from certain third parties, meaning that Zalando offers an intermediary service (albeit on a hybrid basis) that seems to have led to its designation as a VLOP. This approach is consistent with guidance from the European Commission which states that where an interface contains a provider’s own content alongside content related to an intermediary service, any user that accesses that interface for the purpose of engaging with the provider’s own content will necessarily be exposed to third-party content by merely visiting the online interface, and thus is considered an active user of that intermediary service for the purposes of the DSA.
On 27 June 2023, Zalando filed a legal claim at the CJEU contesting its designation as a VLOP. Zalando claims that “the European Commission did not take into account the majority retail nature of its business model and that it does not present a ‘systemic risk’ of disseminating harmful or illegal content from third parties.” It has been reported that Amazon has similarly filed a legal challenge to its designation as a VLOP, claiming that the designation unfairly singled Amazon out from other large retailers across the EU.
The UK’s Online Safety Bill
Meanwhile, in the UK, the Online Safety Bill (generally considered to be the UK’s equivalent to the DSA) is still before the House of Lords. It is generally assumed (including by Ofcom) that Royal Assent will now be in autumn 2023. See our previous posts regarding the Online Safety Bill here , here and here.