The European Commission wants you to live long and prosper online, and to that bold end they published the Digital Services Act, which came into force fully in January 2024.
The Digital Services Act aims to make a safer online environment for both consumers and businesses in the EU, by imposing certain rules on online intermediaries – essentially anyone who stores or transmits a user’s information on their behalf. Through the Act, people in the EU can expect better mechanisms for preventing and removing illegal content, heavier protection of fundamental rights online, stronger oversight of larger providers, and more. The Act also gives businesses easier access to the wider EU market through a single set of rules applicable across the EU.
So, what is the Digital Services Act, and why should you care?
What is the Digital Services Act?
The Digital Services Act is part of the EU Commission’s strategy for a safe and human-centred digital future, and works alongside the Digital Markets Act. In a nutshell:
Where the Digital Markets Act focuses on the people deciding whether or not to let you into the marketplace, the Digital Services Act focuses on the people already inside.
The Act exists because the Commission understands that digital environment moves quickly, and historical legal mechanisms are too slow to provide justice before significant damage is done. While a user can use these existing methods to get illegal content removed (like taking down an online store providing counterfeit goods) or to enforce their freedom of expression (like forcing an online platform to reinstate an account that was unfairly banned), these methods are almost always slower and more difficult to implement than doing anything else online. So in the time it takes you to solve one problem offline, another ten problems have arisen online – and this bottleneck ultimately leads to users abandoning their claims out of despair, and getting no real justice.
Who does the Act apply to?
The Digital Services Act applies to anyone providing an “intermediary service” to users in the EU. Even if the provider of that service is based outside of the EU, the Act still applies.
The key definitions here are:Â
- “intermediary service”, being any information society service in the form of:
- a mere conduit – transmitting your information (like your email provider);
- caching – transmitting and temporarily storing your information for efficiency (like your web browser);
- hosting – storing your information (like your social media provider);
- “information society service”, being any service that is provided on request, at a distance, and electronically.
The Act also breaks service providers down into different tiers, with more intense obligations applying to the higher tiers:
- all intermediaries;
- hosting providers;
- online platforms;
- online platforms that allow users to conclude distance contracts;
- very large online platforms (VLOPs) and very large online search engines (VLOSEs).
The Act defines these “very large” online platforms and search engines as those that have over 45 million monthly active users in the EU (like Facebook or Google), and the Commission maintains an updated list of these.
What does the Digital Services Act change or require?
Under the Digital Services Act, and depending on their specific tier, intermediary service providers (or online intermediaries) will be required to implement a number of changes in how they do business, including:
- establishing a single, non-automated and easily accessible point of contact for users;
- giving clear, detailed and easily accessible information on how they moderate content and handle complaints;
- compiling clear and easily accessible report on their content moderation decisions, annually;
- establishing easily accessible mechanisms for reporting illegal content, and responding to these quickly;
- designing their interfaces in a way that doesn’t manipulate or deceive users;
- performing significant due diligence on traders on their platforms;
- taking certain actions in response to the Commission identifying a significant threat to public security or health (VLOPs/VLOSEs only).
The Act also waives certain obligations where the online intermediaries qualify as micro or small enterprises, being businesses that employ less than 250 employees, and with less than EUR 50 million annual turnover or EUR 43 million annual balance sheet total.
What are the penalties for not complying with the Act?
Online intermediaries that fail to comply with the Digital Services Act could face serious penalties, including:
- fines of up to 6% of global turnover, per failure to comply;
- periodic penalties of up to 5% of average daily worldwide turnover, per day of not following an order to fix the failure; and
- temporary suspension of their services, if the failure continues and causes serious harm to user.
Practically, what does the Digital Services Act mean for me?
The Digital Services Act will affect everyone, in some way. For consumer users, the Act means more effective content moderation, clarity on exactly who they’re buying from, and a better understanding of how they’re being targeted and what they can do about it. For business users, the Act means a single set of rules in the EU (and the increased trade that comes with it), better protections against fake copycat services, and more transparency on platforms’ internal processes.
But it’s obviously the online intermediaries that will be doing the heavy lifting. If that’s you, the Digital Services Act will fundamentally affect how you present and provide your services.