The Digital Services Act became effective on 16 November 2022. The new Act aims to promote a transparent and safe online environment by defining responsibilities and accountability for online intermediary services. Our Technology team looks at the significant new obligations for service providers and Ireland’s role under this new framework for a better internet.

What does this new landmark law mean for service providers?

The Digital Services Act (DSA) establishes a framework for an unprecedented level of transparency, accountability and fairness for digital services in the EU. It imposes obligations in a cascading fashion, with a base level of universal obligations and more onerous obligations applying to three specific categories of service provider. The DSA applies where recipients of a service are based in the EU, regardless of the service provider’s place of establishment. It provides for significant fines of up to 6% of global turnover for non-compliance.

Who is covered?

The DSA applies to ‘intermediary services’, the definition for which includes a wide range of online services. In terms of the obligations which apply, the DSA distinguishes between the following types of intermediary service:

‘Caching’ and ‘mere conduit’ services, such as internet access providers
‘Hosting services’ being services consisting of the storage of information provided by, and at the request of, a recipient of the service
‘Online platforms’, being a subset of hosting services that also disseminate information to the public, such as social media and online marketplaces
Very large online platforms and search engines (VLOPs and VLOSEs), being online platforms which have an average monthly user base in the EU of at least 45 million

Significant obligations

The DSA contains a wide array of obligations. The obligations applying to different online services match their role, size and impact in the online ecosystem. Examples of some of the more significant obligations include that:

All services will be required to respond to orders to act against illegal content on their services and inform users of their actions. Terms and conditions will also need to be updated to reflect content moderation practices
All hosting services must put in place ‘notice and action’ mechanisms to enable anyone to flag illegal content and to ensure that they act upon same in a timely manner
All online platforms must have an effective internal complaints-handling system and must put in place “appropriate and proportionate measures” to ensure a high level of privacy, safety and security of minors. We expect European Commission guidance to assist service providers with this, and other, unclear obligations
Online marketplaces must also carry out ‘Know Your Business Customer’ checks. Marketplaces which allow consumers, i.e. natural persons, to conclude contracts with traders must verify basic identity information about the traders conducting business on their platform, and must enable traders to comply with pre-contractual requirements on-platform easily. They must take steps to inform consumers if illegal products or services were sold on the marketplace
In addition to all of the above obligations, VLOPS and VLOSEs have auditing and accountability obligations and must carry out wide ranging periodic risk assessments on, for example, the dissemination of illegal content on their platforms, and any actual or foreseeable negative consequences their services might have for minors, gender violence and civic discourse

Ireland’s role

Ireland now has pan-EU regulatory responsibility for service providers having their main EU establishment here, except for VLOPs and VLOSEs in relation to which the European Commission takes primary responsibility. National regulators known as Digital Services Coordinators (DSCs) have general responsibility for ensuring implementation and enforcement of the DSA. A new Media Commission, to be established under the recently enacted Online Safety and Media Regulation Act 2022, will be Ireland’s DSC under the DSA.

Timelines and next steps

The DSA entered into force on 16 November 2022 and will apply to most services from 17 February 2024. However, the DSA will apply to VLOPs and VLOSEs sooner than this. One of the first challenges for online platforms and search engines is how to calculate the number of average monthly active recipients (AMAR).

Online platforms and search engines have until 17 February 2023 to publish information on their AMAR. We discuss the legal, technical and practical challenges here. The European Commission also has the power to request this information and adopt decisions designating an online platform as a VLOP or VLOSE at any time. The DSA will apply to these services four months from designation.

Next steps for service providers:

Are your services within scope? Providers should consider the services they offer. Services may be entwined, requiring providers to establish a process to decide where to draw the line, particularly for calculating monthly active users, complying with different sets of obligations or where an online marketplace might be integrated into a product
Internally, consider whether and to what extent you need to change systems and practices in order to facilitate compliance with the various requirements under the DSA. This will of course depend on the nature of the service and scope of obligations which apply
Externally, consider whether and to what extent you need to adjust your user interface and terms and conditions to comply with the DSA
If you operate an online marketplace, consider whether you have processes for gathering and verifying identity information on traders. Does your marketplace provide the transparency for consumers, and allow you to suspend traders and products for non-compliance?

Ensuring compliance with the DSA will involve careful consideration of the various obligations, a gap analysis as against the service provider’s current practices and, in most cases, fairly extensive changes to a service provider’s terms, practices and policies, as well as implementing new reporting processes. We recommend that all relevant businesses/organisations take steps now to familiarise themselves with the scope of the Act and start a compliance project without delay.

For more information, please contact a member of our Technology team.

The content of this article is provided for information purposes only and does not constitute legal or other advice.

Product Regulation & Consumer Protection

Wendy Hederman

Partner

+353 86 046 4404 whederman@mhc.ie

Michael Madden

Partner

+353 87 956 7326 mmadden@mhc.ie

Insights Technology

Technology Update: The EU Digital Services Act Enters Into Force

What does this new landmark law mean for service providers?

Who is covered?

Significant obligations

Ireland’s role

Timelines and next steps

Wendy Hederman

Michael Madden

New Chairperson, Philip Nolan

Seminar: Child Safety Spotlight - Navigating New Online Safety Legislation

CPD On Demand: Enforcement of Technology Regulation

CPD On Demand: New Technology Regulation

CPD On Demand: Data Privacy Trends

Report on the Role of the Data Protection Officer

Panel Re-Runs: Technology and Digital Disruption Conference

Conference: Data Privacy and Emerging Technology Regulation Masterclass

Supporting the 2024 AI Awards

Potential Liability for Chatbot Hallucinations?

What does this new landmark law mean for service providers?

Who is covered?

Significant obligations

Ireland’s role

Timelines and next steps

Related Practice Areas

Relevant Links

Related People

Related Content

Subscribe Now to MHC Brief for the Latest Legal Insights and Invites