EU Digital Services Act Compliance Guide: Key Requirements & Implementation Steps

Working towards compliance with EU Digital Services Act Package

Earlier in 2024, the EU Digital Markets Act (DMA) came into force. GAFAM companies are primarily targeted although other companies must also comply with the new European regulations. This is not without consequences for their users. The Digital Services Act (DSA) package, adopted by the European Union, consists of two key pieces of legislation: the Digital Services Act (DSA) and the Digital Markets Act (DMA). This package aims to create a safer and more open digital space within the EU by setting out comprehensive rules for online platforms.

Understanding the Acronyms First As Always With EU Regulations…

The DSA and DMA were politically agreed upon in 2022 and complement each other. The following regulations apply uniformly across the EU, creating a single digital market. The European Commission will enforce the rules for the largest platforms, ensuring consistent application and oversight.

Digital Services Act (DSA)

The DSA focuses on enhancing the accountability and transparency of online platforms. It includes measures to:

  • Protect users from illegal content, products, and services.
  • Ensure greater transparency in platform algorithms and content moderation.
  • Strengthen the rights of users by providing mechanisms for redress and appeal against platform decisions.

The purpose of the European Union’s DSA is to create a safer and more transparent online environment by establishing comprehensive rules for digital services and platforms. The DSA aims to:

  1. Protect Users from Illegal Content: The DSA imposes obligations on online platforms to swiftly remove illegal content such as hate speech, counterfeit goods, and other harmful materials, ensuring a safer online experience for users.
  2. Enhance Transparency and Accountability: The Act requires platforms to be more transparent about their content moderation policies, algorithms, and decision-making processes. This includes providing users with clear information about why content is removed or restricted.
  3. Strengthen User Rights: The DSA provides mechanisms for users to appeal and seek redress against platform decisions. It ensures that users have the right to challenge content moderation decisions and receive explanations.
  4. Foster a Competitive Digital Market: By addressing the dominance of large online platforms, the DSA aims to ensure fair competition. This includes preventing platforms from using their power to unfairly promote their own services over those of competitors.
  5. Standardize Rules Across the EU: The DSA creates a single set of rules applicable across the entire EU, ensuring consistency and predictability for businesses and users. This helps to create a level playing field and simplifies compliance for companies operating in multiple EU countries.
  6. Enhance Cooperation and Coordination: The Act promotes cooperation between national authorities and the European Commission to effectively enforce the rules and handle cross-border cases of illegal content and online harms.

These objectives collectively aim to make the digital space safer, more transparent, and fairer for all users while supporting innovation and competition in the EU’s digital market.

Digital Markets Act (DMA)

The DMA addresses the market power of large online platforms, ensuring fair competition. Key provisions include:

  • Restrictions on platforms promoting their own services over those of competitors.
  • Requirements for data sharing with other businesses.
  • Enabling multiple app stores and fairer terms for business users.

The purpose of the European Union’s Digital Markets Act (DMA) is to ensure fair and open digital markets by regulating the behavior of large online platforms, known as “gatekeepers.” The DMA aims to address the imbalances and anti-competitive practices that can arise due to the significant market power these platforms wield. Key objectives include:

1. Promote Fair Competition. The DMA seeks to prevent gatekeepers from engaging in unfair practices that stifle competition. This includes prohibiting self-preferencing (promoting their own services over those of competitors), restricting access to essential platform features, and preventing gatekeepers from using data collected from business users to compete against them.

2. Increase Market Contestability. By imposing obligations on gatekeepers, the DMA aims to create more opportunities for smaller and new market entrants to compete. This includes measures to ensure interoperability, facilitate data portability, and enable businesses to access and interoperate with gatekeeper platforms on fair terms.

3. Enhance Consumer Choice. The DMA aims to ensure consumers have more options and better access to a variety of services. It requires gatekeepers to allow users to uninstall pre-installed software, use alternative services, and access content from third-party providers, thus enhancing consumer freedom and choice.

4. Foster Innovation. By curbing anti-competitive practices, the DMA encourages innovation by ensuring that start-ups and smaller companies can compete on a level playing field. This environment stimulates innovation and diversity in digital markets, benefiting consumers and the economy.

5. Transparency and Accountability. The DMA mandates greater transparency from gatekeepers regarding their advertising practices, data use, and algorithms. This ensures that businesses and consumers understand how their data is used and how decisions affecting their interactions with the platform are made.

6. Regulatory Oversight. The DMA establishes clear and enforceable rules that the European Commission can oversee and enforce. This includes the power to investigate, impose fines, and take corrective actions against gatekeepers that violate the rules.

The following specific measures are also included in the DMA enforcement protocol:

  • Data Sharing: Gatekeepers must share data with competitors and business users to ensure a fair competitive environment.
  • Interoperability: Gatekeepers must ensure their services are compatible with those of competitors, fostering a more integrated digital ecosystem.
  • Restrictions on Bundling: Preventing gatekeepers from bundling their products in ways that limit consumer choice and competition.

Overall, the DMA aims to ensure a dynamic, fair, and innovative digital market that benefits businesses, consumers, and the broader economy within the EU.

Who is eligible to comply with EU Digital Services Act Package?

These Acts apply to a wide range of online intermediaries and platforms that offer services within the European Union. The entities that must comply include:

  1. Intermediary Services: These are services that provide infrastructure for the transmission of data, such as internet access providers and domain name registrars.
  2. Hosting Services: Services that store information provided by and at the request of a user, including cloud and web hosting services.
  3. Online Platforms: Platforms that facilitate interactions between users and third-party goods, services, or content, such as social media platforms, online marketplaces, and app stores. This category includes both large platforms and smaller ones.
  4. Very Large Online Platforms (VLOPs): Platforms with a significant reach and impact, defined as those with over 45 million active monthly users in the EU. These platforms have additional obligations due to their size and influence.
  5. Online Search Engines: Services that allow users to search for information online, including general search engines like Google.

Obligations are established using a tiered approach where obligations vary depending on the size and role of the service provider:

  • All Intermediaries: Basic obligations include transparency reporting and cooperating with national authorities.
  • Hosting Services: Must act upon notices of illegal content and provide mechanisms for users to report such content.
  • Online Platforms: Have additional requirements, including transparency in advertising, user complaint mechanisms, and measures to protect minors.
  • Very Large Online Platforms: Subject to the most stringent requirements, including risk assessments, external audits, and providing data to researchers.

What are the risks for companies failing to comply with EU Digital Services Act Package?

Companies that fail to comply face significant risks and penalties. The consequences are designed to ensure compliance and safeguard the digital environment for users within the EU. The main risks include:

  1. Fines and Financial Penalties: Non-compliant companies can be fined up to 6% of their global annual turnover. This substantial financial penalty is intended to ensure that the cost of non-compliance outweighs any potential benefits from disregarding the rules​​.
  2. Periodic Penalty Payments: In addition to fines, the European Commission can impose periodic penalty payments. These are recurring fines designed to compel companies to address and rectify instances of non-compliance promptly.
  3. Operational Restrictions: For severe or repeated non-compliance, companies may face operational restrictions. This could include temporary or permanent bans on providing services within the EU, significantly impacting their market presence and revenue streams.
  4. Legal Liability: Companies may face increased legal liability for harm caused by illegal content or products that they failed to manage according to EU Digital Services Act Package requirements. This could result in lawsuits from affected parties, further financial penalties, and reputational damage.
  5. Reputational Damage: Non-compliance with the EU Digital Services Act Package can severely damage a company’s reputation. Trust and credibility are crucial in the digital market, and being publicly identified as non-compliant can lead to a loss of customers and partners.
  6. Increased Scrutiny and Audits: Companies that do not comply with the EU Digital Services Act Package may be subject to increased scrutiny and frequent audits by EU authorities. This can lead to operational disruptions and additional costs associated with compliance reviews and corrective actions.
  7. Obligations for Very Large Online Platforms (VLOPs): VLOPs face the most stringent requirements and consequently the highest risks. Non-compliance can trigger particularly severe penalties and stringent corrective measures due to their significant impact on the digital ecosystem.

These risks underscore the importance for companies operating within the EU to diligently comply to avoid substantial financial, legal, and reputational repercussions

What should companies implement to ensure compliance with EU Digital Services Act Package?

Ksapa has significant global expertise working with technology companies – including the largest and primarily targeted by these regulations. To ensure compliance with the EU Digital Services Act Package,companies should implement several key measures and practices. Here are the main steps companies should take:

1. Transparency and Reporting

  • Content Moderation Policies: Clearly define and publish content moderation policies, including rules for removing illegal content and managing user complaints.
  • Transparency Reports: Regularly publish transparency reports detailing actions taken to moderate content, the number of removals, and the rationale behind these actions.

2. Mechanisms for Handling Illegal Content

  • Notice and Action Mechanism: Implement a robust system for users to report illegal content. This should include an easy-to-use reporting tool and clear procedures for handling reports.
  • Swift Action on Illegal Content: Establish processes to swiftly remove or disable access to illegal content upon receiving valid notices.

3. User Rights and Redress Mechanisms

  • Appeals Process: Provide mechanisms for users to appeal content moderation decisions. Ensure that users can challenge the removal or restriction of their content and receive explanations for decisions made.
  • User Notifications: Inform users about actions taken on their content, including reasons for removal or restriction.

4. Algorithmic Transparency

  • Algorithmic Accountability: Disclose the criteria and functioning of algorithms used for content recommendation, moderation, and ranking. Ensure that these processes are understandable and accessible to users.
  • Risk Assessments: Conduct regular risk assessments on the impact of algorithms, particularly concerning the dissemination of illegal content and the protection of fundamental rights.

5. Data Sharing and Cooperation

  • Data Sharing with Authorities: Ensure mechanisms are in place to share relevant data with regulatory authorities when required, especially for Very Large Online Platforms (VLOPs).
  • Cooperation with Authorities: Cooperate with national and EU regulatory bodies in enforcing the DSA’s provisions, including compliance with investigation and audit requests.

6. Additional Obligations for Very Large Online Platforms (VLOPs)

  • Independent Audits: Conduct and publish the results of independent audits to verify compliance with DSA requirements.
  • Risk Mitigation Measures: Implement measures to mitigate systemic risks identified in risk assessments, such as spreading illegal content, misinformation, and adverse effects on fundamental rights.
  • Crisis Response: Develop crisis protocols to address rapid and large-scale dissemination of harmful content during emergencies.

7. Safety and Trust

  • Product Safety: Ensure that products and services offered on the platform comply with safety standards. Implement measures to prevent the sale of dangerous or non-compliant products.
  • Advertising Transparency: Clearly label advertisements and disclose the identity of advertisers. Provide users with information on why they are targeted by specific ads.

8. Internal Compliance Structures

  • Compliance Officers: Appoint compliance officers or teams responsible for ensuring adherence to the DSA.
  • Training and Awareness: Conduct regular training for employees on DSA requirements and compliance procedures.

By implementing these measures, Ksapa can help companies to align their operations with the EU Digital Services Act Package requirements, ensuring legal compliance and fostering a safer, more transparent, and accountable digital environment within the EU. Contact us for more information!

Avatar photo
Website | more posts

Author of several books and resources on business, sustainability and responsibility. Working with top decision makers pursuing transformational changes for their organizations, leaders and industries. Working with executives improving resilience and competitiveness of their company and products given their climate and human right business agendas. Connect with Farid Baddache on Twitter at @Fbaddache.

Leave a Reply

Your email address will not be published. Required fields are marked *