Professor Steve Peers, Royal Holloway University of London
Photo credit: Animated Heaven, via Wikimedia Commons
Introduction
The EU’s Digital Services Act (DSA) sets out rules for regulating online platforms and search engines. The following sets out a summary of what the Act does, and links to key resources. It draws upon (and updates) a blog post on the Commission’s first non-compliance decision under the Act. This post will be updated.
Overview of the Digital Services Act
The DSA contains rules that govern online platforms generally, regardless of size, but its most prominent rules concern a special regulatory regime for the biggest platforms, defined as ‘very large online platforms’ (VLOPs) and ‘very large online search engines’ (VLOSEs), which subjects them to greater regulation. The Act gives the EU Commission power to designate such platforms and search engines (on the basis that 10% of the EU population visit them monthly) and to enforce the provisions of the DSA against them.
The Commission’s list of designated VLOPs and VLOSEs includes US companies (including Meta, X, Google, LinkedIn), and also Chinese companies (AliExpress, TikTok, Temu, Shein), EU companies (Booking.com, Zalando, and two porn sites), and a Canadian site, Pornhub. Overall, nearly half of the companies designated as operating VLOPs and VLOSEs are non-American (although some of the American companies operate more than one platform).
For VLOPs, enforcement of the DSA involves a number of measures, including requests for information, a start of an investigation into possible breach of the Act, a preliminary finding of a breach, and a final decision finding a breach – which can result in a fine (of up to 6% of worldwide annual turnover) and orders to change practices. A VLOP or VLOSE can also agree avoid a fine by agreeing binding commitments to change its practices with the Commission (in effect, a settlement) before it reaches a final decision. If a finding of breach is not complied with, the Commission can impose very high fines – up to 5% of worldwide annual turnover per day.
The Act imposes a very high threshold before a ban can be imposed against a platform – essentially a refusal to remove illegal content, with additional safeguards including involvement of a court.
The case law has not yet fleshed out the relationship between the DSA and Member States’ laws on overlapping issues, or clarified whether there can be private enforcement of the DSA (ie individuals challenging the VLOPs and VLOSEs in court for breach of the Act, rather than the Commission enforcing it) in parallel.
Substantively, the Act’s requirements on VLOPs and VLOSEs (in its Articles 33-43) start with risk assessment: they must ‘diligently identify, analyse and assess any systemic risks in the Union stemming from the design or functioning of their service and its related systems, including algorithmic systems, or from the use made of their services’. Systemic risks are further defined as including ‘dissemination of illegal content through their services’, ‘negative effects’ upon various human rights, ‘actual or foreseeable negative effects on civic discourse and electoral processes, and public security’, and ‘actual or foreseeable negative effects in relation to gender-based violence, the protection of public health and minors and serious negative consequences to the person’s physical and mental well-being’.
Very large platforms and search engines are also obliged to (as further defined): mitigate these risks; comply with a decision requiring a response to a crisis; perform independent audits; offer a recommender system not based on profiling, at least as an option; make public a repository of advertising data; provide access to their data to researchers; explain their algorithms to regulators; establish independent compliance bodies; provide further public data on their operations; and pay an annual supervisory fee to the EU Commission.
The DSA in the EU courts
Challenges to designation
Amazon, Zalando and several porn sites have challenged their designation as VLOPs.