Garrigues Digital_

Legal innovation in Industry 4.0




The Digital Services Act enters the last lap: approval by Parliament and the Member States and tentative date when it will come into force

Cristina Mesa Sánchez, partner of the Intellectual Property Department.

The European Commission has announced that the Proposal on the Digital Services Act (DSA), including the amendments approved on January 22, 2022 (link) has been approved by the European Parliament and the Member States. The objective: to encourage a safer and fairer online environment. To achieve this, all providers of intermediary services that direct their activities at European users must adapt their services or face sanctions of up to 6% of their global turnover.

As we saw when analyzing the publication of the Proposal (link), the obligations of providers of intermediary services will depend on the type of service they provide and their size. As a result, the closer they are to final users and the bigger they are, the greater their obligations.

While we wait for the final text, we will take a look at the Press Release published by the European Commission, confirming the different types of intermediaries that will have to comply with the new rules of the DSA, which include:

  • Intermediary services: focused on making network infrastructure available to users, includes internet access providers and domain name registrars, among others.
  • Hosting services: including cloud and webhosting services.
  • Online platforms: bringing together sellers and consumers such as online marketplaces, app stores, collaborative economy platforms and social media platforms.  
  • Very large online platforms: where the user threshold is more than 10% of the population of the European Union, which is currently 450 million users.

Therefore, depending on the type of service provided and the provider’s characteristics, the obligations will be more or less stringent. To summarize, the Commission has focused on the following:

  • Measures to counter illegal content: including (i) the possibility of reporting such content through so-called “trusted flaggers”; or (ii) the requirement to improve the traceability of business users in online market places.
  • Measures to increase user control: including (i) new ways for users to challenge platforms' content moderation decisions; (ii) new means of access so that researches can access the data of the largest platforms and gain more insight into their systemic risks; and (iii) measures aimed at increasing the transparency of service providers, including on the algorithms used for recommendation purposes.
  • Measures to assess and mitigate risks: mainly aimed at very large service providers, including both platforms and search engines so that they (i) carry out periodic analyses to prevent risks arising from their use, including undergoing independent audits; (ii) introduce mechanisms to respond to crises affecting public health security or public security; and (iii) introduce safeguards for the protection of minors and limits on the use of sensitive personal data for targeted advertising.
  • Measures to enhance the Commission’s ability to supervise and impose penalties: with respect to very large online platforms, including introducing digital services coordinators and a Board for Digital Services.

As the Commission announces in its press release, the only step left to take is the formal approval of the Proposal by the European Parliament and the Council. Once the final text has been approved, since it is a Regulation, it will be directly applicable across the EU fifteen months after entry into force, or from 1 January 2024, whichever is later. In the case of very large online platforms and search engines, the Commission has established that the DSA will be applicable four months after their designation.

In this context and although there are doubts as to the entry into force of the text, which is not expected before January 1, 2024, it is necessary to initiate a process for adaptation that is slow but sure. To be continued…