The Digital Services Act 2024 takes effect

  • Insight
  • 5 minute read
  • February 29, 2024

The Digital Services Act (DSA) was enacted on 17 February 2024. It sets harmonised rules for online intermediary services across the European Union.

The DSA aims to create a safe, predictable, and trusted online environment that facilitates innovation while protecting fundamental rights, including consumer rights. The DSA applies to various categories of online intermediary services, including internet service providers, direct messaging services, virtual private networks, domain name systems, and voice over internet protocol (VOIP).

What is the purpose of the DSA?

The DSA creates a safer digital space where users’ fundamental rights are protected and businesses operate on a level playing field. It aims to establish an accountable framework for digital services, enhancing transparency and ensuring high protection for consumers and their online rights. Its primary objective is to prevent illegal and harmful activities online and combat the spread of misinformation. The DSA will achieve this by granting users of digital services greater control over the content they interact with online and impose new obligations on entities that fall under the DSA’s purview.

Who does the DSA apply to?

The DSA applies to all digital intermediaries, regardless of their type. All intermediary services provided via the internet are subject to the provisions. However, the obligations vary depending on the nature of the intermediary service provided. These obligations are tiered and cumulative, meaning that higher categories of intermediary service providers will have more obligations than lower categories. For example, the obligations of a social media platform would be more stringent than those of a search engine.

The DSA does not apply to services where the dissemination of information to the public is merely ancillary1 to the service provided.

The DSA applies to four categories of digital intermediaries:

  1. Very significant online platforms and search engines present distinctive challenges in the propagation of illegal content and societal risks. Special regulations are anticipated for platforms reaching beyond 10% of the European consumer base of 450 million, and the DSA offers a compiled list of designated platforms.
  2. Online platforms serve as hubs connecting sellers and consumers, embracing diverse entities like online marketplaces, app stores, collaborative economy platforms and social media platforms.
  3. Hosting services, encompassing cloud and web hosting services, fall under the umbrella of online platforms, subject to regulatory considerations.
  4. Intermediary services providing network infrastructure, such as internet access providers and domain name registrars, also fall within the regulatory framework, which encompasses hosting services.

1DSA regulations do not cover services where providing information to the public is a secondary or minor aspect of the overall service. If information dissemination is not a primary function of a service, the DSA may not apply to it. For example, if a platform primarily focused on selling products provides some informational content that is not central to its purpose, the DSA might not apply to that specific service.

Additional obligations for VLOPs and VLOSEs

The DSA imposes additional obligations on very large online platforms (VLOPs) and very large online search engines (VLOSEs), which are service providers with at least 45 million average monthly active users in the EU. These obligations include systemic risk assessments, risk mitigation measures and independent audits.

The DSA places an emphasis on assessing and mitigating system risks related to the design, functionality and use of services. This includes redesigning services, terms and conditions, content moderation processes and advertising system processes. These measures aim to ensure a safe, transparent and accountable online environment for users. Clear information must be provided to ensure users can opt out of recommendation systems based on profiling.

To ensure user privacy, VLOPs and VLOSEs must establish a clear point of contact for both authorities and users. Having a designated contact ensures efficient communication and accountability. Such companies must:

  • Promptly report any criminal offences detected on their services. Timely reporting contributes to maintaining a safe online environment.

  • Draft user-friendly terms and conditions. Clarity in legal language fosters transparency and informed consent.

  • Ensure transparency in advertising and recommender systems. Users should know how content is recommended to them.

  • Disclose the main parameters used in their recommender systems. This empowers users to make informed choices.

  • Proactively assess their systemic risk. Continual monitoring helps identify, analyse and assess potential harms associated with their services.

It is also important to note that VLOPs and VLOSEs must not base their recommendation systems on users’ sensitive information, such as sexual orientation, religion, ethnicity and so on. This ensures that users are not discriminated against and their privacy is protected.

Guidance in Ireland

The Digital Service Coordinators (in Ireland, it is Comisiún na Meán) are expected to provide further guidance in the future.

We are here to help you

At PwC, we understand the complexities of regulatory compliance, especially with the introduction of the Digital Services Act (DSA). Our team of experts is well-versed in the intricacies of the DSA and can provide tailored guidance to your business. We can help you conduct assessments and gap analyses, develop customised compliance strategies, draft clear and comprehensive policies, train and educate your team, and establish monitoring and reporting mechanisms. If you would like any further information or have queries about how the DSA could impact your business, please get in touch with a member of our team today.

Risk and Regulation

Let’s change the way we see risk.

Contact us

Pat Moran

Partner, PwC Ireland (Republic of)

Tel: +353 86 380 3738

Leonard McAuliffe

Partner, PwC Ireland (Republic of)

Tel: +353 87 960 3463

Neil Redmond

Director, PwC Ireland (Republic of)

Tel: +353 87 970 7107

Gayatri Soma

Senior Manager, PwC Ireland (Republic of)

Tel: +353 87 721 2975

Follow PwC Ireland