Digital Services Act. Legal Compliance Obligations

Digital Services Act (DSA) is a part of EU Digital Regulation Strategy which aims to create a safe digital environment. The Digital Services Act officially took effect on the 16th November 2022 and will become directly applicable throughout EU as of 17th February 2024. 

Notably, very large online platforms (VLOPs) and very large online search engines (VLOSEs) are subject to an expedited compliance timeline which requires them to adhere to their obligations under the Digital Services Act within a maximum period of four months subsequent to their designation by the European Commission. 

Some of these designated VLOPs and VLOSEs includes Alibaba AliExpress, Amazon Store, Facebook, Google Play, Instagram, LinkedIn, Twitter, YouTube, Google Search and Bing etc. 

These entities are now mandated to ensure comprehensive compliance with the obligations under the DSA within a timeframe of four months. The obligations require these designated services to conduct evaluations and be transparent about their online advertising, target illegal content and disinformation, take corrective measures against any harmful online practices, systemic risks and to put in place strong mechanisms for content moderation. 

DSA applies to information society services which is any service normally provided for remuneration, at a distance, by electronic means and at the individual request of a recipient of a service. DSA also applies to intermediary services consisting of services like ‘mere conduit’, ‘caching’ and ‘hosting services. 

Mere conduit services refer to an online service that primarily involves transmission of information through a communication network and where the information is typically provided by the users of the service. Thus, a  mere conduit services does not generally involve the creation of content being transmitted on the platform and they serve as a neutral intermediary facilitating transfer of data from one point to another without any active involvement in the generation of content itself. 

Caching services refers to an online service which also involves transmission of information within a communication network, but it is characterized by its automatic, intermediate, and temporary storage of information provided by users of the service and such storage is typically done for the sole purpose of enhancing the efficiency of transmitting storage information to users. 

Some of the key obligations for different types of service providers are enumerated below:

Intermediary Service Providers (ISPs) 

• Designation of Contact Points for Authorities and for Users. Intermediary service providers must designate two points of contact. First, to facilitate direct electronic communication with the authorities of the Member States, Commission, and the Board, and second to facilitate direct communication with the recipients of their service i.e., the users. Notably, providers not established in EU but offering services to the EU must appoint a Legal Representative in the EU member state where it offers its services. Information such as name, postal and email address, telephone number of their legal representative must be notified by the intermediary service providers to the Digital Services Coordinator in the Member States where such legal representative resides/ is established. Additionally, all the essential information for easy identification and communication with the designated single point of contact, must be publicly disclosed. Intermediary service provider shall specify the official language and they must have at least one of the official languages of the Member states in which the intermediary service provider has its primary establishment or where its legal representative resides/is established.

• Obligations Relating to Terms and Conditions. Intermediary service providers are mandated to ensure the inclusion of comprehensive information regarding any restrictions or prerequisites that they impose in relation to the utilization of their services, particularly concerning use-provided content. This disclosure of Information includes any policies, procedures, tools etc. used for content moderation purposes, including algorithmic decision making and procedure for their internal complaint handling system, which must be communicated to the users. Crucially, such information must be made publicly available in a manner that employs language which is clear, plain, intelligible, user friendly and devoid of ambiguity. DSA also mandates the intermediary service providers to promptly inform the users of their service of any substantial change to their Terms and Conditions. Special attention is warranted in case where any intermediary service is primarily directed towards or significantly utilized by minor users. In such instances, the provider must articulate the usage conditions and associated restrictions in a manner readily comprehensible to minors. VLOPs and VLOSEs must comply with a distinct obligation of furnishing users with concise, easily accessible, and machine-readable summary of its terms and conditions to the users, including available remedies and redress mechanisms in clear and unambiguous language. Additionally, VLOPs and VLOSEs are required to publish their terms and conditions in the official languages of all Member States where they provide their services.

• Comprehensive Report on Content Moderation. Under the DSA, Internet Services Providers are obliged to produce annual, comprehensive content moderation reports. These reports, specifically for Internet Services Providers, must include details regarding orders received from member States’ authorities and the time taken for compliance with the order. Additionally, the report must provide insights into the utilization of automated tools, measures adopted for content moderation training, any related service limitations, and number of complaints received through internal complaint handling systems etc.

Hosting Service Providers (including Online Platforms)

• Content Moderation Report to Include Notices. For hosting service providers, the content moderation report under Article 15 of the DSA, should encompass the number of notices submitted by trusted flaggers, the responses, actions undertaken based on these notifications, the number of notices processed using automated methods, and the timeframe required for compliance. However, these obligations do not apply to micro or small enterprises, and which are not VLOPs. 

• Notice and Action Mechanisms. Apart from the above obligations listed for ISPs, the hosting service providers are also required to user-friendly notice and take-down mechanisms which facilitates notification of illegal content by third parties. Such mechanisms provided by hosting services should allow users to submit notices, aiding hosting providers in determining the potential illegality of the reported information without engagement of legal or factual assessments. Upon receipt of such notices, the hosting service provider is obliged to promptly handle the notice, make decisions regarding appropriate actions, for instance, content removal or access restriction, and should promptly notify the user of the measures taken. 

• Notification of Suspicions of Criminal Ofences. A hosting service provider must promptly inform the authorities in their relevant country, if they suspect that a crime might have happened, is happening or could happen, especially if such incident threatens someone’s life or safety. 

Online Platfoms 

Similarly, apart from the obligations imposed on Internet Services Providers and hosting providers, the online platforms must also comply with other additional requirements under the DSA.

• Content Moderation Report. An online platform must include information about the grounds for such complaints, the decisions made regarding them, and the timeframes for decision-making within the report.  

• Complaint Redressal Mechanism System. Online platforms (excluding micro or SME platforms), are obliged to establish easily accessible, user-friendly internal complaint handling system . The users that have submitted a notice shall be given access to such internal complaint handling system for a period of at least six months, for them to lodge complaints after the platforms decides based on a notice about the reported content such as removing it, suspending user’s account etc. 

• Priority to Trusted Flaggers. According to the DSA, trusted flagger will be designated as such by the Digital Services Coordinator (the regulatory authority under the DSA), within the jurisdiction of the member state where such prospective trusted flagger entity is established. Online platform providers are mandated to implement technical and organizational measures to guarantee that notices submitted by these trusted flaggers are given priority or precedence and that these are promptly processed without any delays.

• Measures Against Illegal Content. Online platforms are legally required to clearly present their policies regarding misuse of their services within their terms and conditions. DSA grants online platform providers with the authority to temporarily suspend the provision of their services to users who frequently engage in dissemination of illegal content, but online platform in doing so must follow a reasonable duration of suspension and after issuing a warning.

• Online Interface Design and Prohibited Deceptive Practices. Online platform providers are strictly prohibited from creating or organizing their website or interfaces in a way which can manipulate users, or which seriously impairs user’s ability to freely make decisions.