The Digital Services Act – Are we turning a new leaf on online security?

The Digital Services Act – Are we turning a new leaf on online security?

As of the 4th October 2022, the EU Council have approved the Digital Services Act which aims to protect users online by imposing obligations on digital services.

Since the e-commerce directive in 2000 (ECD), the legal framework surrounding digital services had not changed until December 2020, where the European Commission presented a digital services package which was made up of the Digital Services Act (DSA) and the Digital Markets Act (DMA). The aim of these were to tighten security on online platforms and monitor the digital space in a way that protects its users sufficiently.

The DMA was reached by the Council and the European Parliament on 24 March 2022, signed on 15 September 2022 and came into effect on 1 November 2022.

The DSA will also enter into force on 16 November 2022. The level of obligations required under the DSA depend on the provider’s size and the level of any potential risk, but it will cover services including social media, online marketplaces, very large online platforms and very large online search engines. Some of its key provisions gravitate around:

  • Identifying and removing any illegal content (including products and services).
  • Banning “dark practices” which could manipulate a users’ choice.
  • Increased transparency and accountability of online platforms.
  • Strengthening transparency of online advertising (including prohibiting platforms from using targeted advertising based off minors’ data).
  • Strengthening content checks on traders.

It is expected that the majority of the new requirements will apply to intermediary service providers during 2024, but online platforms will need to publish the number of their average monthly active users in the EU within three months of the DSA taking effect, as well as six monthly thereafter and then at any time on request.  The requirement extends to non-EU platforms providing services to consumers or business users established or resident in an EU member state. This information will allow the European Commission to assess whether platforms should be considered as very large online platforms for the sake of the new obligations.

The DSA will not replace the ECD but instead it will work alongside it to create a safer online space.  It will also align with the EU GDPR and complements the EU Platform to Business Regulation, which (amongst other obligations) requires the terms and conditions of online platform providers to be written in plain language and be readily available to business users at all stages of their relationship.

If you need any assistance with understanding your requirements as an online business provider, you can contact our commercial and technology team at: [email protected]