The Digital Services Act stands out as the most important and ambitious regulation globally in the realm of protecting the digital space against the spread of illegal content and safeguarding users' fundamental rights, heralding a safer and more equitable online environment throughout the European Union (EU). With the deadline for compliance approaching, this article breaks down the crucial next steps to help your online business get on the right track.

What is the DSA?

The DSA is a new regulation across the EU aimed at overseeing digital services functioning as intermediaries for consumers and various goods, services, and content. Within the DSA framework, digital services encompass intermediary entities like host providers, online marketplaces, and social media networks. At its core, it seeks to establish uniform rules that protect EU users while addressing issues related to illegal goods, content, and services, all while safeguarding fundamental rights.

Who does the DSA apply to?

The DSA applies to online intermediaries and platforms, ranging from online marketplaces and social networks to content sharing platforms, app stores, and online travel and accommodation platforms which provide services to EU customers. To alleviate potential burdens on small and micro-enterprises, certain rules within the DSA exempt them.

When does the DSA become applicable and what is the DSA timeline?

Here's a snapshot of the key milestones in the timeline of the DSA:

  • April 23, 2022: a significant milestone was achieved as a political agreement was reached between the European Parliament and EU Member States.
  • November 16, 2022: seven months after the political agreement, the DSA officially entered into force.
  • February 17, 2023: online platforms and search engines were mandated to disclose information on their monthly active users within the EU. This data is not only required to be published regularly but must also be provided upon request from the local Digital Service Coordinator (DSC) – a designated supervisory authority with the authority to ensure DSA compliance.
  • April 25, 2023: following the disclosed information, the European Commission designated VLOPs (Very Large Online Platforms) and VLOSEs (Very Large Online Search Engines). These businesses, maintaining a minimum of 45 million active monthly users in the EU, became subject to the full applicability of the DSA starting from August 25, 2023.
  • February 17, 2024: the DSA is set to extend its reach to the remaining entities within its scope from this date. Member States are also required to designate their DSCs by the same deadline.

What to do next?

Navigating the complexities of the Digital Services Act (DSA) requires a proactive and strategic approach for online service providers offering intermediary services. Here's a straightforward roadmap to guide your next steps:

  1. Impact Analysis: conduct a comprehensive assessment to determine whether the DSA applies to your organization and to what extent.
  2. Gap Assessment: perform a comprehensive gap assessment to highlight any deficiencies in your current framework. This process involves comparing your existing processes and practices with the requirements outlined in the DSA, exposing areas that may need improvement.
  3. Implementation and Training: after identifying gaps, design and implement actions to ensure compliance. This involves updating your legal documents (e.g., Terms and Conditions), policies, procedures, and technical systems. Additionally, initiate training programs to equip your workforce with the knowledge needed to fulfil your obligations under the DSA.

What happens if my organisation does not comply with the DSA?

If your business fails to comply with the DSA, the European Commission has enforcement measures in place.

  • Financial Penalties: the Commission can impose fines of up to 6% of your organization's worldwide annual turnover in case of DSA breaches. This includes situations where there is non-compliance following a decision, failure to comply with interim measures, or a breach of commitments.
  • Periodic Penalties: periodic penalties, amounting to up to 5% of the average daily worldwide turnover, may be applied for each day of delay in complying with remedies, interim measures, or commitments.
  • Temporary Access Restrictions: in extreme cases where the infringement persists, causing serious harm to users and involving criminal offenses threatening life or safety, the Commission can request the DSC of the Member State to seek temporary access restrictions through national courts. This process follows a specific procedure.
  • Enforcement Powers: the Commission can also use its enforcement powers to ensure compliance with the DSA when justified and to the extent that is necessary and proportionate.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.