The DSA, now awaiting approval from EU ministers, aims to hold platforms accountable to both regulators and users for the content they host.
What Does the Digital Services Act Do?
The DSA’s regulatory burden varies depending on the company’s size and the nature of its business:
- All providers of “intermediary services” are caught by core obligations, such as obligations to respond to orders from national governments to remove illegal content
- A further set of rules kicks in for “online platforms,” mandating a dispute settlement process for challenging decisions to remove content and the publication of statistics on moderation outcomes.
- “Very large” platforms and search engines – those with 45 million monthly active users – are subject to yet another layer of obligations. Among the most impactful is the requirement to “diligently identify, analyze and assess any systemic risks” from both illegal and potentially harmful content. This audit needs to cover broad topics, including “any actual or foreseeable negative effects” on human rights and “civic discourse.”
The upshot is that this legislation will create obligations for a large set of online players and compliance is potentially quite onerous for at least the largest amongst them. The law also comes with uncertainty: questions remain as to what specific ills the legislation seeks to remedy, and therefore how existing models of content moderation should change. The ultimate objective – a “safe, predictable and trustworthy online environment” – is not a clearly defined target.
What Does the Digital Services Act Do?
The DSA’s regulatory burden varies depending on the company’s size and the nature of its business:
- All providers of “intermediary services” are caught by core obligations, such as obligations to respond to orders from national governments to remove illegal content.
- A further set of rules kicks in for “online platforms,” mandating a dispute settlement process for challenging decisions to remove content and the publication of statistics on moderation outcomes.
- “Very large” platforms and search engines – those with 45 million monthly active users – are subject to yet another layer of obligations. Among the most impactful is the requirement to “diligently identify, analyze and assess any systemic risks” from both illegal and potentially harmful content. This audit needs to cover broad topics, including “any actual or foreseeable negative effects” on human rights and “civic discourse.”
The upshot is that this legislation will create obligations for a large set of online players and compliance is potentially quite onerous for at least the largest amongst them. The law also comes with uncertainty: questions remain as to what specific ills the legislation seeks to remedy, and therefore how existing models of content moderation should change. The ultimate objective – a “safe, predictable and trustworthy online environment” – is not a clearly defined target.
Where We Are and What to Look Out for Next
The European Parliament adopted the Digital Services Act on July 5 by 539 votes to 54. This ended rounds of negotiation with the Council, which is now expected to approve the text. The measure will then be published in the Official Journal and come into force 20 days later.
An important staging post on the way to full implementation will be the Commission’s designation of “very large online platforms”. The designees will be required to comply with the DSA four months later. Smaller companies have until at least January 1, 2024 (or 15 months after the directive enters force, whichever is later).
EU governments will also have 15 months from entry into force to establish their Digital Services Coordinator. Responsibility for DSA enforcement is split between these various member state authorities and the European Commission. The relatively dispersed nature of the DSA enforcement implies rules and priorities could vary across jurisdiction, with a risk of potential friction for the digital single market.
Where We Are and What to Look Out for Next
The European Parliament adopted the Digital Services Act on July 5 by 539 votes to 54. This ended rounds of negotiation with the Council, which is now expected to approve the text. The measure will then be published in the Official Journal and come into force 20 days later.
An important staging post on the way to full implementation will be the Commission’s designation of “very large online platforms”. The designees will be required to comply with the DSA four months later. Smaller companies have until at least January 1, 2024 (or 15 months after the directive enters force, whichever is later).
EU governments will also have 15 months from entry into force to establish their Digital Services Coordinator. Responsibility for DSA enforcement is split between these various member state authorities and the European Commission. The relatively dispersed nature of the DSA enforcement implies rules and priorities could vary across jurisdiction, with a risk of potential friction for the digital single market.
Next Up: Data Act Proposal
As the DSA clears the legislative process, next on the slate is a proposed Data Act. Formally a regulation setting out “harmonized rules on fair access to and use of data”, the goal is to address the perceived underutilization of industrial data in the EU. The proposal includes rules to facilitate access to datasets, including ones held by manufacturers, and the terms for this access. It also targets unfair contracts for data-sharing and gives public sector bodies access to private datasets in “exceptional situations of high public interest, such as floods or wildfires.”
The Commission, which has proposed the law, is motivated by a belief that opening up the data generated by connected devices and products to the users of those products is expected to have significant economic benefits. For example, the Commission suggests that the “availability of data about the functioning of industrial equipment will allow factories, farms or construction companies to optimize operational cycles, production lines and supply chain management.”
While the proposal is less advanced than the DMA and DSA, it is making reasonably quick progress through the legislative process. The Commission closed its stakeholder consultation on a draft in May and the Council has been discussing the legislation in June and July. The fine print is likely to evolve but it is already clear that the Data Act will be of interest to a wide range of companies since the act may impact any device that generates significant amounts of data, from farming equipment to healthcare services. Although the obligations involved are shallower than under the likes of the DMA, they apply to a much wider pool of economic actors. It is therefore not a measure that only Big Tech ought to be keeping abreast of.
Next Up: Data Act Proposal
As the DSA clears the legislative process, next on the slate is a proposed Data Act. Formally a regulation setting out “harmonized rules on fair access to and use of data”, the goal is to address the perceived underutilization of industrial data in the EU. The proposal includes rules to facilitate access to datasets, including ones held by manufacturers, and the terms for this access. It also targets unfair contracts for data-sharing and gives public sector bodies access to private datasets in “exceptional situations of high public interest, such as floods or wildfires.”
The Commission, which has proposed the law, is motivated by a belief that opening up the data generated by connected devices and products to the users of those products is expected to have significant economic benefits. For example, the Commission suggests that the “availability of data about the functioning of industrial equipment will allow factories, farms or construction companies to optimize operational cycles, production lines and supply chain management.”
While the proposal is less advanced than the DMA and DSA, it is making reasonably quick progress through the legislative process. The Commission closed its stakeholder consultation on a draft in May and the Council has been discussing the legislation in June and July. The fine print is likely to evolve but it is already clear that the Data Act will be of interest to a wide range of companies since the act may impact any device that generates significant amounts of data, from farming equipment to healthcare services. Although the obligations involved are shallower than under the likes of the DMA, they apply to a much wider pool of economic actors. It is therefore not a measure that only Big Tech ought to be keeping abreast of.
Robbert Snelders
Brussels
T: +32 22872091
rsnelders@cgsh.com
V-Card
Thomas Graf
Brussels
T: +32 22872003
tgraf@cgsh.com
V-Card
Isabel Rooms
Brussels
T: +32 2 287 2336
irooms@cgsh.com
V-Card
Henry Mostyn
London
T: +44 20 7614 2241
hmostyn@cgsh.com
V-Card
Conor Opdebeeck‑Wilson
Built with Shorthand