The Digital Services Act (DSA) is a European Union (EU) regulation that governs the operation of online service providers. It is worth remembering since its name has been often appearing in various online spaces for some time now. After the 17th of February – the date in which EU legislation was adopted to be enforced in Poland, we will hear about it even more frequently.
This act is part of two EU regulations – the Digital Services Act and the Digital Markets Act, which together create the EU’s “digital package” that is intended to holistically regulate the activities of digital service providers online. The main goal is to better protect internet users while not blocking the innovation and development of digital services within the EU.
The Digital Services Act – why was it created, what were the principal objectives?
At the time of the new law’s adoption, the EU digital market was regulated by the 2000 E-Commerce Directive. It became clear that the e-world had changed significantly over the decades. The directive was no longer fit for a world where internet giants and platforms offering citizen services shape our functioning, affecting virtually every aspect of daily life. This includes how we communicate, shop, use services, acquire information, and more. Progressing technology is inevitably linked with new dangers of disinformation, fake news, and open access to illegal content.
The European Union’s answer to these problems are the Digital Services Act and the Digital Markets Act, which were announced to provide Internet users with access to safe digital products, protect user rights, and provide space for free and fair competition.
Digital Services Act
“For too long, tech giants have benefited from a lack of rules. The digital world has become a Wild West, with the biggest and strongest setting the rules, but a new sheriff has arrived in town – the DSA. Now, the rules and rights will be strengthened”[1] – This statement about the DSA was made by Christel Schaldemose, the MEP responsible for introducing the Digital Services Act through the European Parliament.
The addressees of the Act are intermediary service providers. According to Article 3, subparagraph g) of the DSA:
- “An intermediary service” means any of the following information society services:
(i) a “mere conduit” service, consisting of the transmission in a telecommunications network of information provided by a recipient of the service, or the provision of access to a telecommunications network; - (ii) a “caching” service consisting of the transmission in a telecommunications network of information provided by a recipient of the service, including automatic, intermediate, and temporary storage of this information, performed solely for the purpose of facilitating subsequent transmission of information at the request of other recipients;
- (iii) a “hosting” service consisting of the storage of information provided by a recipient of the service and at their request”.
In practice, the regulation will cover all entities providing internet access services, VPN, hosting services, server services, cloud services, and also services allowing for the search of information on the internet. Importantly, the concept of hosting must be understood broadly, detached from the meaning we were used to as providing a website and files related to it on a server – in the DSA’s understanding, we speak of hosting when dealing with such a functionality of a digital service which enables the storage of information at the user’s request. Hosting will be, for instance, enabling a user to utilize a discussion forum, adding product reviews in an online store, enabling a user of an internet service to create their own account, in which they can fill in information about themselves and more. The owner of the internet service providing the given service will be recognized as the hosting provider, even if within the scope of the given functionality they use the services of a third party (for example an external comments system provider).
The act introduces a new definition of an internet platform, these will be entities whose primary activity is to enable users to store and disseminate information. This mostly concerns social networking sites, i.e., Facebook, Instagram, TikTok, but also other internet portals allowing for the publication of user-sourced content if such functionality is not merely peripheral to their operations.
The DSA provides for a hierarchy of responsibility. The most restrictive obligations stemming from the Act have been imposed on major internet platforms (so-called VLOPs – very large online platforms) and large internet search engines (so-called VLOSEs – very large search engines). This group includes internet platforms and search engines with over 45 million active users. To visualize, 45 million users is approximately 10% of the entire EU population.
The European Commission selected 17 such entities:
Alibaba AliExpress, Amazon Store, Apple AppStore, Bing, Booking.com, Facebook, Google Maps, Google Search, Google Shopping, Instagram, LinkedIn, Pinterest, Snapchat, TikTok, Wikipedia, X (formerly Twitter), YouTube, Zalando. All of these had to adjust to the new regulations last year.
As part of their new obligations, the largest entities, among other things, had to establish audit-subject plans to reduce the systemic risk associated with their operations (disinformation, election manipulations, cyberbullying, and others). They were also obliged to provide researchers and state institutions with data regarding their operation and to introduce a mechanism allowing users to decide whether they want to receive targeted advertising.
Besides the restrictions introduced for the major market players, the act also imposes a number of obligations on entities providing mere conduit, caching and hosting services.
Among the obligations referring to all intermediary service providers we will find:
- · specifying a contact point;
- · appointing a representative;
- · the necessity of supplementing service regulations with provisions regarding unacceptable content and their moderation, the application of decision-making algorithms, and the rules for changing service use conditions;
- · implementing a channel for reporting illegal content;
- · enabling users to appeal against decisions.
What about the Polish legislation?
The Digital Services Act is valid in the legal order, however, Polish regulations need to be adjusted to EU regulations due to this. The recent consultations organized by the Ministry of Digitisation regarding the implementation of the Act, which is expected to be enforced in Poland starting the 17th of February, have just ended.
We do not yet know the content of the proposed regulations, but on the Ministry of Digitisation’s webpage, we could familiarize ourselves with the results of the consultations on the implementation of the Act in Poland[2]. Their analysis provides orientation on the shape of the future regulatory provisions.
It is not surprising that the regulations of the act are intended to be incorporated into the Act on the Provision of Electronic Services (A’sA’), but during the consultations, there were also voices suggesting that analyzation and verification of the conceptual grid of the A’sA’ should be performed concurrently with the amendment, to avoid any potential inconsistencies with European regulations.
The DSA envisions the necessity of appointing a new authority – a digital affairs coordinator. According to the original assumptions, this role was to be fulfilled by the President of the Office of Electronic Communications (OEC), although the DSA also stipulates that some obligations resulting from the DSA are to be performed by competent authorities. In Poland, the President of The Office of Competition and Consumer Protection (OCCP) will assume this role.
According to the Ministry of Digitisation’s proposal, the district court will be the first-instance court in civil law cases related to violations of the Act. The Court for the Protection of Competition and Consumers (CPCC) is expected to become the appellate body in cases of fines imposed on intermediary service providers.
Another new concept appearing in the DSA are the so-called trusted flaggers – verified entities whose reports regarding intermediary services are to be prioritized by providers. In the Polish regulation, the President of the OEC intends to grant the status of a trusted flagger only to entities demonstrating appropriate knowledge and experience in identifying illegal content. An interesting aspect to be resolved in the Polish regulation is the status of the so-called “verified researcher” – an entity which can gain access to the business data of intermediary entities and the problem of secure data processing.
The draft of the new provisions implementing the Act is still waiting for its time. Similarly, answers to the most important questions related to the new legislation, with many questions emerging. Will the new regulations truly revolutionize the digital world, and will the Internet become a safer place, or may users not notice any changes? As always when introducing new legislation, we do not know if they might lead to overregulation of the matter, which will have an impact on the digital development of EU? We will be able to answer all these questions in due course.
Author: Attorney Joanna Kik, Legal Office J. Chałas and Partners
[1)https://www.europarl.europa.eu/news/pl/headlines/society/20211209STO19124/czym-sa-akt-o-rynkach-cyfrowych-i-akt-o-uslugach-cyfrowych-wyjasniamy]
[2)https://www.gov.pl/web/cyfryzacja/wyniki-konsultacji-zalozen-wdrozenia-aktu-o-uslugach-cyfrowych-w-polsce
The post The Digital Services Act (DSA) – What changes are coming after the 17th of February? first appeared on CEO Magazine.
