DSA now fully in force

As of 17 February 2024, the EU’s Digital Services Act (“DSA”) is now fully in force for all in-scope intermediary service providers.

For the first set of designated very large online platforms and search engines – the so-called VLOPs and VLOSEs, the DSA has applied since 25 August 2023. These VLOPs and VLOSEs are big tech players (i.e. those platforms and search engines with more than 45 million monthly active users per month in the EU) designated by the European Commission. Now, the Act also applies all other in-scope intermediary service providers.

What does the DSA do?

The Commission has described the DSA’s main goal as being “to prevent illegal and harmful activities online and the spread of disinformation”. As outlined in our previous blogs (see here and here), the DSA applies to online intermediaries and platforms offering services in the EU single market, regardless of where they are established. The obligations placed on them scale proportionately depending on their size and nature:

• VLOPs and VLOSEs: These organisations attract the most extensive and onerous obligations under the DSA. As noted above, the first set of VLOPs and VLOSEs designated as such by the Commission in April 2023 have had to comply with their DSA obligations since August last year. A second set of three VLOPs was designated in December 2023, and those platforms will have four months from such designation to comply with the more onerous obligations specific to VLOP/VLOSEs. Their obligations include requirements to assess, mitigate and report any systemic risks from the design, functioning and use made of the platform’s services; to carry out external and independent auditing at least annually to assess compliance with the DSA; to share data with authorities and researchers; and to establish an internal compliance function. The providers of VLOPs and VLOSEs will also be required to pay an annual supervisory fee of 0.05% of global turnover to fund monitoring and enforcement and will face large fines of up to 6% of global turnover if they fail to comply with the DSA.
   
• Other in-scope intermediary service providers: Smaller players must still abide by certain obligations set out in the DSA, all of which are now in force. For example, all in-scope service providers will have to comply with transparency related obligations, including publishing annual reports on any content moderation they engage in. They will also have to include information in their terms and conditions about any restrictions they impose on what content users can provide on the service, and will have to explain any policies, procedures, measures and tools used for the purposes of content moderation, including algorithmic decision making and human review, as well as the rules of procedure of their internal complaint handling system. Although there is no general obligation to monitor the content that services transmit or store, where a service provider does impose restrictions in respect of content provided by users, the DSA requires that those restrictions must be imposed in a diligent, objective, and proportionate manner, with due regard to the rights and interests of all parties involved. All in-scope service providers will also have to designate single points of contact to enable them to communicate directly with relevant authorities, and with users. 

More rules to follow 

The DSA envisages that certain of its articles will be fleshed out by delegated acts, implementing acts and guidelines. For example, the Commission is currently consulting on draft guidelines which focus on how VLOPs and VLOSEs can take measures to mitigate systemic risks on their services relating to the integrity of electoral processes (as required by Article 35) – a pertinent topic given a number of upcoming elections. 

Another recent consultation looked at an implementing regulation aimed at increasing the quality and level of harmonisation of transparency reports, to guarantee the same level of transparency and accountability across platforms. The adoption of the relevant implementing regulation is expected in the first quarter of 2024.

The UK’s Online Safety Act

Whilst this weekend was a significant date for the EU regime, for those based in or providing services in the UK, it’s also important to monitor Ofcom’s developments in this space. Ofcom is also currently running a consultation on guidance related to the Online Safety Act (“OSA”). The OSA is widely considered to be the UK’s equivalent to the DSA, given the two Acts have similar aims (although notable differences in approach). As detailed in our previous blog, to implement the new regime Ofcom is taking a phased approach to publishing draft Codes of Practice and guidance and running consultations on these. This first consultation focusses on Ofcom’s guidance related to illegal harms.