Digital Services Act: who it applies to and what are their obligations
Having commenced on February 17, 2024, the Digital Services Act (DSA) is fully operational for intermediary service providers, marking a pivotal moment in digital regulation within the European Union. The DSA represents a comprehensive effort to cultivate a safer digital environment, safeguarding user rights and fostering fair competition among businesses. Its core objectives revolve around curtailing illegal online activities and combatting the dissemination of disinformation. To achieve these goals, the DSA affords users greater control over their online content consumption while imposing fresh responsibilities on entities falling within its remit. Businesses encompassed by the DSA must undertake proactive measures to ensure compliance.
Intermediary services are defined in the DSA as the provision of any of the three following services:
a ‘mere conduit’ service that consists of the transmission of information provided by a recipient of the service in a communication network, or the provision of access to a communication network; such as internet service providers, direct messaging services, virtual private networks, domain name systems, voice over IP, top level domain name registries;
a ‘caching’ service that consists of the transmission of information provided by a recipient of the service in a communication network, involving the automatic, intermediate and temporary storage of that information, for the sole purpose of making the information’s onward transmission to other recipients more efficient upon their request; such as content delivery networks, content adaptation proxies or reverse proxies;
a ‘hosting’ service that consists of the storage of information provided by, and at the request of, a recipient of the service; such as cloud service providers, online marketplaces, social media, app stores.
The scope of the DSA extends to various forms of digital intermediaries, encompassing a broad spectrum of online services. However, the obligations imposed vary depending on the nature of the intermediary service provided, escalating in severity across different tiers of service providers. These tiers delineate the level of obligations incumbent upon each category of intermediary service provider, from caching or mere conduit services to very large online platforms and search engines (VLOPs and VLOSEs). Each tier entails a distinct set of obligations tailored to the role and impact of the service provider within the digital ecosystem.
Under the DSA framework, intermediary service providers are required to adhere to a series of obligations designed to uphold fundamental rights, enhance user transparency and promote user-friendly practices. These obligations range from establishing a single point of contact for communication with service recipients and regulators to implementing effective content moderation mechanisms. Hosting service providers face additional responsibilities, including the adoption of notice and action mechanisms to address illegal content promptly. Similarly, online platforms must facilitate user notifications regarding illegal content and prioritise the safety and privacy of minors.
For online platforms functioning as marketplaces facilitating contracts between consumers and traders, supplementary obligations come into play, such as conducting ‘Know Your Business Customer’ checks and informing consumers of any illegal products or services offered. Notably, VLOPs and VLOSEs bear the most substantial obligations under the DSA, necessitating rigorous risk assessments, compliance audits and the establishment of internal compliance functions.
Ireland assumes a pivotal role in enforcing the DSA, with the newly established Irish Media Commission (Coimisiún na Meán) serving as the national regulator responsible for implementation and enforcement. Service providers must assess their compliance status, adapt internal processes and systems, and revise user interfaces and terms and conditions to align with DSA requirements. Furthermore, online marketplaces must scrutinise their procedures for verifying trader identities and ensuring regulatory compliance. With hefty fines looming for non-compliance, adherence to the DSA is paramount for all intermediary service providers operating within the EU.
About the author: Sinéad Leahy is a Trainee Solicitor with Dermot G. O’Donovan Solicitors.
Comments