The EU Digital Services Act: A new challenge for tech firms

The Digital Services Act (DSA) took effect in the EU on 25 August 2023. Whilst this area had previously been governed by the 2000 E-Commerce Directive, over time new rules became necessary to respond to the increasing volume of illegal online content, leading the EU to develop a set of regulations updating the approach to this issue, including the DSA.

Although the DSA was enacted a little over a year ago, its entry into force seems to have been delayed to give affected companies (internet service providers, social media platforms, online stores, massaging services, online travel platforms, and the like) more time to learn about the requirements and adapt to the changes introduced by the new rules.

Key innovations mandated by the DSA include:

• The rules provide a definition of Very Large Online Platforms (VLOPs) that reach at least 45 million monthly active users in the EU (a figure corresponding to 10 percent of the total EU population). These VLOPs have to comply with additional requirements, including changing their recommendation algorithms so they do not involve profiling and introducing strategies to prevent disinformation from being amplified in times of crisis.
• Online platforms are required to take down illegal content and provide an explanation for doing so, as well as allow users to flag such content. Online stores must also clearly identify traders on their platforms to minimise opportunities for selling illegal goods and providing illicit services.
• Targeted advertising based on religious affiliation, sexual orientation, or ethnicity is banned, including advertising to minors.
• The regulation also prohibits so-called ‘dark patterns’, deceptive website or app user interfaces used to trick or pressure consumers into making choices they otherwise might not.

The DSA also mandates semi-annual audits that include access to algorithms and other proprietary information held by the audited companies. Any non-compliance may carry a fine of up to 6 percent of the audited company’s total global turnover. Although according to the EU’s official explanation the fines are not intended as punishment but rather to incentivise compliance, firms with the largest revenues could face fines running into billions of dollars.

In addition, VLOPs and Very Large Search Engines (VLOSEs) will be required to make available any and all information to facilitate the understanding of potential online risks and will be held accountable for all content they publish. The liability of companies will be assessed with regard to their size, so tech giants such as Google, Apple, Meta, Microsoft, and others will bear the greatest burden of accountability for complying with the DSA.

Although the DSA will apply only within the EU, its impact seems likely to echo throughout the world, and it should come as no surprise to see non-member states choosing to follow on the same path. The ball is now in the tech companies’ court and their response to the DSA is eagerly awaited.