Digital Services Act: New regime for intermediary services

Digital Services Act and paradigm shift

Regulation (EU) 2022/2065 of the European Parliament and of the Council of October 19, 2022, on a Single Market For Digital Services, commonly known as the Digital Services Act (“DSA”), is another important milestone in the European Union’s (“EU”) regulation of the digital sector.

As part of the DSA Package launched by the European Commission in December 2020, the DSA’s main objective is to implement common rules that guarantee the effective protection of consumers who use digital services. To this end, it establishes new obligations for digital service intermediary players—from small intermediary providers to big tech companies—operating in Europe.

The DSA has come “to bring order” to the digital sector by establishing a new set of rules aimed at improving the mechanisms for removing illegal content and protecting online users’ fundamental rights. The goal is to foster a safer digital environment, while also promoting innovation, growth and competitiveness.

The DSA specifically applies to intermediary services offered to service recipients located in or having their place of business in the EU. Essentially, it targets all services that play an intermediary role between final consumers and product suppliers, such as browsers, app stores, marketplaces, travel and accommodation platforms, and social networks.

It also establishes the responsibilities applicable to intermediary service providers, including large online platforms and search engines (“VLOPs” and “VLOSEs,” respectively), in terms of risk. Specific obligations are established for distinct types of intermediary service providers based on the nature of their services and their size.

Obligations established in the DSA

Summary of DSA obligations:

• Publication of transparency reports: Obligation to publish clear and comprehensible reports on any content moderation/removal activities.
• Assignment of points of contact and legal representatives: A single point of contact must be assigned so that service recipients can communicate directly and quickly with service providers. Providers that do not have an establishment in the EU must designate a legal representative in one of the Member States where it provides services.
• Obligations regarding the protection of minors: Platforms must adopt measures to ensure a high level of privacy, protection and safety for minors, such as (i) age verification and parental control tools, (ii) tools aimed at helping minors report abuse or obtain support, and (iii) special efforts to make their terms and conditions easy to understand for minors.
• Rules on online advertising: Advertising transparency obligations include (i) information on the main parameters for determining targeted advertising, (ii) a ban on presenting advertisements based on profiling minors, and (iii) a ban on using “dark patterns.”
• Transparency in recommendation systems: Obligation to establish, in their terms and conditions, the parameters used in their recommendation systems and the options for changing them.
• Complaints and extrajudicial dispute resolution: Obligation to create an internal complaints management system that is easy to access and use so that complaints can be handled quickly. It establishes the possibility of recourse to the extrajudicial resolution of disputes, including those that have not been settled through the internal system.
• Anti-illegal content measures: These include (i) implementing mechanisms for users to easily report illegal content, (ii) alerting the authorities if there is a suspected crime, (iii) temporarily suspending services for users who frequently post manifestly illegal content, and (iv) conducting stringent identity checks (KYC) for marketplace vendors.
• Additional obligations for VLOPs and VLOSEs: These include (i) conducting an annual assessment of systemic risks, such as the dissemination of illegal content or intentional service manipulation; and (ii) adopting risk mitigation measures, such as adapting interfaces, algorithms and processes.

ANACOM appointed as coordinating authority for digital services in Portugal

On February 8, 2024, the Portuguese government approved Decree-Law 20-B/2024, which appointed the National Communications Authority (ANACOM) as the competent coordinating authority for digital services in Portugal under the DSA. The same decree-law also appoints the ERC as the competent authority for matters related to the media and other media content.

Decree-Law 20-B/2024 was published in the Official Gazette of the Republic of Portugal on February 16, 2023. This is a significant milestone for Portugal, which until recently was one of the last countries in the EU without an appointed national regulatory authority tasked with implementing DSA provisions.

Compliance and applicable fines

The DSA imposes severe penalties for failing to comply with these obligations, including fines of up to 6% of an intermediary service provider’s global business turnover and a possible temporary ban on operating within the EU. Therefore, it is crucial for companies to comply with these obligations while awaiting supervision from the newly appointed regulatory bodies.

Specifically, companies should:

• assess whether their services are covered by the DSA;
• map the corresponding DSA legal requirements based on their services;
• determine whether the exemptions available for micro and small enterprises are applicable; and
• implement the necessary measures in accordance with the scope of their services, such as updating terms and conditions, privacy policies, functionalities for reporting illegal content, and other pertinent legal documents and technical measures.