The DSA aims to create a safe, predictable, and trusted online environment that facilitates innovation while protecting fundamental rights, including consumer rights. The DSA applies to various categories of online intermediary services, including internet service providers, direct messaging services, virtual private networks, domain name systems, and voice over internet protocol (VOIP).
The DSA creates a safer digital space where users’ fundamental rights are protected and businesses operate on a level playing field. It aims to establish an accountable framework for digital services, enhancing transparency and ensuring high protection for consumers and their online rights. Its primary objective is to prevent illegal and harmful activities online and combat the spread of misinformation. The DSA will achieve this by granting users of digital services greater control over the content they interact with online and impose new obligations on entities that fall under the DSA’s purview.
The DSA applies to all digital intermediaries, regardless of their type. All intermediary services provided via the internet are subject to the provisions. However, the obligations vary depending on the nature of the intermediary service provided. These obligations are tiered and cumulative, meaning that higher categories of intermediary service providers will have more obligations than lower categories. For example, the obligations of a social media platform would be more stringent than those of a search engine.
The DSA does not apply to services where the dissemination of information to the public is merely ancillary1 to the service provided.
The DSA applies to four categories of digital intermediaries:
1DSA regulations do not cover services where providing information to the public is a secondary or minor aspect of the overall service. If information dissemination is not a primary function of a service, the DSA may not apply to it. For example, if a platform primarily focused on selling products provides some informational content that is not central to its purpose, the DSA might not apply to that specific service.
The DSA imposes additional obligations on very large online platforms (VLOPs) and very large online search engines (VLOSEs), which are service providers with at least 45 million average monthly active users in the EU. These obligations include systemic risk assessments, risk mitigation measures and independent audits.
The DSA places an emphasis on assessing and mitigating system risks related to the design, functionality and use of services. This includes redesigning services, terms and conditions, content moderation processes and advertising system processes. These measures aim to ensure a safe, transparent and accountable online environment for users. Clear information must be provided to ensure users can opt out of recommendation systems based on profiling.
To ensure user privacy, VLOPs and VLOSEs must establish a clear point of contact for both authorities and users. Having a designated contact ensures efficient communication and accountability. Such companies must:
Promptly report any criminal offences detected on their services. Timely reporting contributes to maintaining a safe online environment.
Draft user-friendly terms and conditions. Clarity in legal language fosters transparency and informed consent.
Ensure transparency in advertising and recommender systems. Users should know how content is recommended to them.
Disclose the main parameters used in their recommender systems. This empowers users to make informed choices.
Proactively assess their systemic risk. Continual monitoring helps identify, analyse and assess potential harms associated with their services.
It is also important to note that VLOPs and VLOSEs must not base their recommendation systems on users’ sensitive information, such as sexual orientation, religion, ethnicity and so on. This ensures that users are not discriminated against and their privacy is protected.
The Digital Service Coordinators (in Ireland, it is Comisiún na Meán) are expected to provide further guidance in the future.
At PwC, we understand the complexities of regulatory compliance, especially with the introduction of the Digital Services Act (DSA). Our team of experts is well-versed in the intricacies of the DSA and can provide tailored guidance to your business. We can help you conduct assessments and gap analyses, develop customised compliance strategies, draft clear and comprehensive policies, train and educate your team, and establish monitoring and reporting mechanisms. If you would like any further information or have queries about how the DSA could impact your business, please get in touch with a member of our team today.