The Digital Services Act (“DSA”), dubbed a “European constitution for the internet”, is intended to create a safer and more transparent online environment. From 17 February 2024, it will apply to all digital services that connect consumers to goods, services or content, so it should be of interest to most companies doing business online.
Who does the DSA apply to?
The Digital Services Act applies to all providers of online intermediary services, including conduit services, caching services, and hosting services. In practice, the new provisions may be of interest to, among others:
- online marketplaces that allow consumers to conclude distance contracts with traders;
- cloud service providers that allow storing information provided by the user;
- online shops that allow adding reviews or storing other user-generated content;
- services operating subject-specific forums, e.g. on banking or medical services;
- certain gaming providers; and
- advertising portals.
A special category of web hosts are web platforms, i.e. entities that enable the storage and dissemination of data.
The DSA also distinguishes a special category of entities, i.e. very large web platforms (VLOPs) and very large online search engines (VLOSEs). As they dominate the online market (with more than 45 million users), a number of additional obligations have been imposed on them. Micro and small companies, on the other hand, are exempted from some of the requirements.
As the new rules also apply to various aspects of advertising, marketers and advertising agencies should be aware of the coming changes and plan accordingly.
The rules apply both to companies that are established in the EU and those that merely offer their services within the EU.
What obligations does the DSA impose?
Depending on the nature of the service, there are five levels of obligations imposed on providers. All intermediary providers must designate a single point of contact to communicate directly with the competent authorities and the recipients of their services, as well as prepare and publish a transparency report on the content moderation in which they engage. Hosting providers should remember, among other things, to implement a “notice-and-action” mechanism to address reports of illegal content. Online platform providers are required to set up an internal complaint handling system and to ensure transparency of advertising and the protection of minors. On the other hand, trading platforms (which enable B2C distance contracts) should ensure transparency in transactions and the verification of business customers by introducing the KYBC procedure. As mentioned, most obligations have been placed on the very large platforms and search engines, especially regarding the transparency of their operations.
How to implement the DSA regulations?
Companies operating in the online industry should immediately verify whether their services are subject to the new regulations and what obligations apply to them. It is worth checking whether there is a possibility of benefiting from the exemptions provided for in the regulation.
The relevant points of contact for public authorities and service recipients should be designated and communicated by companies on their websites. It is also necessary to verify the rules and internal procedures used. In particular, it should be checked whether a provider’s policy for dealing with reports of harmful and illegal content is in line with the new rules. Intermediary service providers should also adapt their interfaces and advertising practices to the new requirements. Contracts with contractors may need to be annexed.
Admittedly, there is no Polish bill implementing the DSA yet (only the assumptions of the new bill have been published), but it must be remembered that the provisions of the regulation are directly applicable. Therefore, it is worth undertaking the adaptation work as soon as possible.