The EU Digital Services Act – The EU Commission designates its first set of VLOPS

DCU Law and Tech regularly publishes blog posts discussing the topics Law and Technology written by a variety of authors.

Gary Brady
Utrecht University (Netherlands)

On April 25th 2023, the European Commission designated its first set of Very Large Online Platforms and Search Engines which will be subject to a series of special obligations under the new Digital Services Act. This Act sets out to update and harmonise rules still applicable to providers of digital services such as social media and search engines. These are still currently governed under the old E-Commerce Directive, which was originally proposed in 2000, so naturally the rules governing online service providers need an update given how much the internet has developed in the 23 years since. It puts forward a horizontal legal framework applicable to all providers of intermediary services and dictates rules on exemptions from liability, due diligence obligations and transparency obligations to ensure fairness, trust, and safety in the digital environment. This is very notable in the sense that now these large platforms, who use algorithms for a lot of their functions, will now have to provide insight on how those algorithms operate.

It is an understatement that the digital space and likewise digital markets and business itself has changed drastically in this period and a novel directive ensuring that mandatory consumer information, communication and online contracting very well ended up being the standard at which to judge online platforms as they went from offering mere message board like services to expansive ecosystems that attract billions globally and generate even more revenue. Thus, it is important to understand where the legislation has come from, how the Digital Services Act builds upon it and where the legislative response to massive platforms, online marketplaces and intermediary services goes from here.

The old E-Commerce Directive rules

The E-Commerce Directive and the new Digital Services Act share the same DNA, that much is certain. The primary goal of the E-Commerce directive originally stated in Recital 5 is to cease the hampering of development of information society services within Europe because of divergences in legislation and legal uncertainty and harmonise legal concepts to ensure legal certainty and consumer confidence, creating a legal framework to ensure free movement of information society services between Member States. This Directive set the framework for the development of a free and open technology sector and has been one of the largest factors in the success of European innovation. One of the most touted features of the E-Commerce Directive that remains highly influential concerns the liability of intermediaries. The Directive allows for services only acting as intermediaries and not creating their own content not to be liable for content posted provided they have no knowledge of its existence or, upon notification, act quickly to remove that illicit content. Moreover, there is no general monitoring obligation on these intermediaries and hosting providers, meaning they are free to develop their service without having to moderate each and every post or undertake investigations voluntarily.

Over the years, the transformation of digital services into unique ecosystems brought a lot of challenges, such as dissemination of illegal content online. In response to this the EU adopted many other complementary regulations, guidelines, and sector specific instruments parallel to the E-Commerce Directive. However, the lack of updated harmonised rules to address further societal risks posed by digital services underpins the need for a new package that comes in the form of the DSA.

What changes with the Digital Services Act?

The DSA seeks to update the harmonise the rules applying to digital service providers and increase regulatory oversight. It preserves the previously mentioned liability rules of the E-Commerce Directive but makes critical changes. We see a paradigm shift from an encouragement of development of a fledging technology and IT sector in 2000, to a hub to facilitate sectoral and self-regulation, as well as clarifying the yardstick by which these big tech companies are measured against. Notably it adds an exemption under Article 6 for voluntary own-initiative investigations and legal compliance, meaning that providers of intermediary services shall not lose their liability exemption because of voluntarily taking actions in identifying and removing illegal content provided, they do so in a good faith and diligent manner. It also introduces further enforcement procedure such as judicial orders to act against illegal content, obligations to provide information and, a requirement to have a notice and action mechanism for content.

Another important innovation of the DSA was already hinted at in the introduction to this blogpost, the designation of certain entities as Very Large Online Platforms. The introduction of categories for intermediary service providers is a significant step for regulating them, from hosting services like cloud providers to social media giants with an average monthly user count of 45 million people or 10% of the Union population, the DSA seeks to encapsulate them all within its scope. The rules and obligations imposed on these entities varies based on their size and reach, for example all intermediary service providers will be subject to some form of transparency reporting in a general sense, but only platform providers will be subject to obligations to act against illegal content. This means that regulation is attempting to reconcile regulating the big companies while also encouraging innovation and start-up enterprise. This will also have ramifications for competition law as the abuse of the dominant position by online platforms and distort competition was also in the mind of EU regulators because in the online platform ecosystem, specific regulation is necessary to guarantee fair competition.

A specific feature of digital services that has significantly evolved in the time since the passing of the e-Commerce Directive is the expansion of online marketplaces and storefronts and the DSA seeks to regulate this sector also. By introducing more due diligence obligations for marketplaces such as identifying the trader and consumer in any given transaction and obliging the platform to verify this information, the DSA attempts to ensure the safety of online marketplaces against scams and illegal products.

The DSA aims to ensure further transparency across the board, of course given the nature of the Act, there are heightened requirements for Very Large Online Platforms but generally speaking this increase in transparency and thus accountability has benefits for all users of all levels. Most notably this comes in a set of ad transparency obligations for platforms displaying advertising on their online interfaces. They are required to provide users with specific information on advertisements in a clear way. They are also required to inform users why they have been recommended such an advertisement, alongside a repository of information relating to that specific advertisement.

Ultimately what we see with the DSA is an evolution of the EU platform regulation acquis, going from facilitating their development in the E-Commerce Directive to acting in a supervisory role in the DSA with the  tightening of compliance management, new reporting obligations and, specific obligations for specific kinds of services mandating features such as trusted flaggers and compliance by design.

What do the DSA changes mean in practical terms?

If one thing is certain from the evolution of social media platforms and digital service providers, it is that they have become increasingly essential for human speech and interaction. They have become the new governors of interaction, and thus they are responsible for shaping culture and discourse but have little direct accountability to their users. The DSA aims to ensure this level of accountability by means of transparency obligations at all levels of intermediary service providers. It means that while these private entities and Very Large Online Platforms may still be allowed and encouraged to undertake their own moderation practices, there must be a place for oversight and supervision. It also provides necessary legal certainty for businesses and companies operating in the digital space as well as increased protections for consumers.

This is not to say there are no shortcomings, for example there are no additional provisions in relation to profiling, tracking and measures that are invasive to privacy, and yes, while transparency rules are a legitimate way of ensuring less of these activities but in the eyes of the individual user, these will go unnoticed, and the user may still very well be subjected to targeted and profiled advertisements. As with every regulatory effort of this magnitude at European level, it seems that there will always be some aspects up for scrutiny or subject to debate amongst co-legislators but if one thing is certain with the DSA, it’s that it is a necessary step in this new social and economic ecosystem of platforms and intermediaries. The DSA recognises this development and accommodates for it by taking this public-private stance of continuing the liability exceptions provided for the E-Commerce Directive but by re-asserting the necessary position of the rule of law in this space while allowing for conversations about enforcement and access to redress and attempting to strike a balance between the rights of the user, the operation and economic activities of platforms and the position of the law in this new digital environment.

More Blog Posts

How can AI improve corporate criminal compliance?
Nicolò Di Paco
University of Pisa
At present, the difficulties that companies have to face in fulfilling self-regulatory tasks are increasing. First of all, corporations nowadays deal…