Surfing the Digital Single Market: A Closer Look at the Digital Services Act (DSA) – Part 18 March 2023
An article by Diana Ciubotaru and Vladimir Griga
2023 – digitisation, evolution, innovation.
These are just some of the labels that mark the start of a new age in the EU digital regulatory framework. Everything we do nowadays is centred around those three terms and we are all part of making these concepts tangible in the actual world, without actually realising it. But how close are we to properly regulating that digital, yet increasingly real world?
This article is structured in three parts:
▸ In this first part, we are laying the groundwork within the digital landscape, explaining the purpose and impact of the DSA. Additionally, we are breaking down the entities who fall within the scope of the Regulation and outline the rules on intermediary liability.
▸ In the second part, we shall delve deep into the bread and butter of the DSA, namely the new and refined obligations, applicable to various types of online intermediary service providers.
▸ In the third and final part, we shall cover an unusual, yet interesting addition brought by the DSA: the so-called “Good Samaritan” provision. We are also going to talk about the relationship of the DSA with other EU laws, as well as its enforcement and entry into force, before wrapping up and laying down our conclusions.
Make sure you subscribe to our newsletter to stay updated on the latest legal developments.
From the perspective of innovation and digitisation, we are experiencing a period of transition which has been symbolically encapsulated by the European Commission (the “Commission” or the “EC) in its 2021 paper, “2030 Digital Compass: the European way for the Digital Decade”. In this age of technology, it’s not just compasses that have gone from being physical objects to digital features on our smartphones. The entire world around us has also become increasingly virtual, evident in the way we live, work, and interact with each other. The EC’s initiative, dubbed “the path to the digital decade”, aims to ensure that the European Union achieves its goals and targets for a digital transformation of the society and economy in line with EU’s values, strengthening the digital leadership and promoting human-centred, inclusive and sustainable digital policies that empower citizens and businesses.
From this point of view, the last months of 2022 were the starting point for significant changes in the global digital landscape, whereby two key pieces of legislation emerged: the Digital Markets Act (the “DMA”) and the Digital Services Act (the “DSA” or the “Regulation”), which together form a set of new rules applicable throughout the EU as part of a digital strategy called “A Europe fit for the Digital Age”. Our focus in this article will be mainly on the DSA.
Purpose, Impact and What it Means for the Digital Landscape
The DSA is a set of rules that are part of the European Digital Strategy, which aims to strengthen the single market for digital services, promote innovation and the competitiveness of the European online environment. Additionally, the DSA aims to revitalise the existing legal framework that has been applicable for twenty years, respectively Directive 2000/31/EC (the “E-Commerce Directive” or the “Directive”). This Directive has entered into force more than 20 years ago, and the digital paradigm has vastly changed since then (for example, the E-Commerce Directive predates not just smartphones, but also the widespread use of Bluetooth in consumer devices; and whilst there almost 5 billion Internet users worldwide, which encompass over 60% of the world nowadays, only 7% of the world population was online back in 2000). Furthermore, due to its legal nature, the Directive has also had some diverging national implementations into the Member States’ local laws. Unlike the E-Commerce Directive, the DSA shall apply immediately and coherently across the entire EU, without the need of local transpositions.
On top of all the significant benefits it has brought (e.g., innovative business models and services, such as online social networks and online platforms that allow consumers to conclude distance contracts with traders, which offers users the possibility of easy communication, shop or access of any kind of information), the rapid and widespread development of digital services also brought some inherent downsides to our society and economy. For example, there are concerns regarding the trade and exchange of illegal goods, services and online content. Moreover, online services are also being misused to amplify the spread of disinformation, as well as for other harmful purposes. These new challenges and the way online platforms address them can have a significant impact on fundamental rights in the online world.
These concerns have given rise to the need to establish a legal framework containing a set of rules on the liability of the providers of digital services and which ensures the guidelines for a more competitive digital market. Rather big shoes to fill, yet, the DSA aims high and well into the future.
Who falls under the purview of the DSA?
The DSA applies to online intermediary services offered to users (both consumers and businesses) in the European Union. These services are considered to be offered in the EU, for example, if users are able to order products or services in at least one Member State, use one of the official EU languages, pay in Euro or other local currencies, or use a national top level domain. Most importantly, the provider’s place of establishment is irrelevant, the DSA applying to providers from both within and outside the EU.
Naturally, the DSA targets providers of such online intermediary services, which are services that transmit, cache or store third-party information, covering a wide variety of digital activities.
Deep-diving into the Regulation, we may find several categories of online intermediary service providers:
▸ Mere conduit services include generic categories of services, e.g., virtual private networks, internet exchange points, DNS services and resolvers, wireless access points, top-level domain name registries, voice over IP and other interpersonal communication services;
▸ Caching services, which offer temporary storage of data in order to optimise the onward transmission of information, e.g., content delivery networks, reverse proxies or content adaptation proxies;
▸ Hosting services, which store third-party information provided by users of the respective service, e.g., web-hosting, cloud computing, paid referencing services or services enabling sharing information and content online (such as file storage and sharing):
- Online platforms, which are hosting services that not only store information, but also make it available to the general public, at the request of their users, e.g., online marketplaces, social media networks, online travel/accommodation websites, app stores. Services enabling emails and private messaging are generally not included in the scope, as long as the communication is only between a limited number of individuals;
- Very Large Online Platforms (“VLOPs”) and Very Large Online Search Engines (“VLOSEs”), which are online platforms and search engines with over 45 million active monthly users in the EU (which currently represents 10% of the total EU consumers), designated as such by the Commission.
Be that as it may, the technical functionalities of each service will determine the category in which it will fall under, and such assessment should be carried out on a case-by-case basis.
Preserving the Rules on Intermediary Liability
The E-Commerce Directive has long enshrined the safe harbour principle, by which online intermediaries are not liable for the information transmitted through their services, assuming they (i) were not actively involved in such transmission or (ii) acted expeditiously to remove or to disable access to the information upon receiving notice.
The DSA has maintained this liability regime for intermediaries, with minor changes. However, additional requirements for various types of intermediaries have been introduced, which we shall cover later.
Not least, similar to the E-Commerce Directive, the DSA reiterates that intermediaries do not have a general monitoring obligation in what regards the information transmitted or stored by them.
 Regulation (EU) 2022/1925 on contestable and fair markets in the digital sector and amending Directives (EU) 2019/1937 and (EU) 2020/1828 (Digital Markets Act), available here: https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A32022R1925
 Regulation (EU) 2065/2022 on a Single Market for Digital Services and amending Directive 2000/31/EC (Digital Services Act), available here: https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=celex%3A32022R2065