06 May, 2022
Digital services are playing an increasingly important role both in the economy and in our social lives. While these services positively impact how we connect, communicate, consume and do business, they also result in new challenges.
The European Commission sees three risks in particular:
To address these risks, new EU laws have been called for to ensure greater security and fair competition on the Internet, specifically also reigning in the behaviour of major technology companies. As of March 2022, the European Council and the European Parliament reached a provisional political agreement on the Digital Markets Act (DMA). On April 23, 2022 an agreement on the new Digital Services Act (DSA) followed. Pending final approvals, the new laws are expected to come into effect in 2023.
The Digital Markets Act (DMA) is intended to create fair competitive conditions in Europe. Large online platforms – so-called gatekeepers – are to be prevented from gaining disproportionate power and exploiting it to their advantage.
The Digital Services Act (DSA), on the other hand, aims at protecting consumers. At the same time, however, it is intended to promote innovation, growth and competitiveness in the European single market.
There are overlaps between the DMA and DSA, as some companies and services fall within the scope of both acts. However, due to the different focus of the DMA and DSA, the respective requirements differ.
The DMA specifies do's and don'ts for gatekeepers' day-to-day business operations. The DSA defines cumulative obligations – depending on the nature and size of an online service provider. The larger a provider is and the more extensive the services it offers, the more obligations apply.
The aim of the legislative package is to ensure greater transparency because this enables users to make informed decisions based on risk. Transparency also contributes to continuous improvements in information security, availability and data protection and, last but not least, enables the responsible use of technology. With the new regulation, transparency is no longer just a matter of trust, but will become mandatory.
Online providers should first understand which category they fall into, as this will determine the scope of obligations. Providers are categorized in the DSA according to the services they offer as follows:
Very large online platforms:
Platforms that have more than 45 million users per month.
Online platforms:
Online marketplaces, app stores, collaborative economy platforms, and social media platforms
Hosting services:
Cloud and web hosting services
Intermediary services:
Network infrastructure: Internet access providers and domain name registrars.
Granted, the most comprehensive obligations with regard to the management of systemic risks and the annual performance of corresponding risk audits only apply to providers of very large online platforms. But providers of intermediary services, hosting services, and online platforms are also required to implement transparency reporting, measures against abusive notices and counter-notices, and vetting credentials of third party suppliers, among other things.
Some of the new obligations can be easily integrated into existing compliance processes. Others require a considerable level of effort from providers subject to DSA and DMA regulations.
Defining and introducing new activities or even entirely new processes in the organization can also involve a certain degree of complexity. Compliance teams will rarely have the means to successfully implement all new obligations without external support.
The first step is to achieve clarity on new requirements to drive gap assessments and implementation plans. We can support online service providers by:
While the obligations are mandatory, there is a potential to gain added value from the measures you have or need to put in place. We can help you in bringing that value to your organization by:
“The European Commission's Digital Services Act package will help make the digital space more legally secure and attractive for citizens, businesses and organizations alike.”