Skip to main content
NormaGrid

Digital Services Act (DSA)

In force Trust & Safety Regulation Adopted: 19 October 2022 · Applies from: 17 February 2024

AI-assisted content notice: this page includes AI-assisted summaries, FAQs, and glossary entries prepared for navigation purposes. Verify the underlying legal text before relying on this content.

Summary

The Digital Services Act (DSA) establishes harmonised EU rules for intermediary services, including online platforms, to address illegal content, improve transparency and accountability, and protect users’ fundamental rights online. It sets due diligence obligations that scale with the type and size of the service, with the most stringent requirements applying to very large online platforms (VLOPs) and very large online search engines (VLOSEs). The DSA also creates an EU-wide supervision and enforcement framework, with national Digital Services Coordinators and direct European Commission oversight for VLOPs/VLOSEs.

Who is affected?

Providers of intermediary services offering services in the EU (mere conduit, caching, hosting), including online platforms such as marketplaces, app stores and social networks. Additional and stricter obligations apply to VLOPs and VLOSEs designated by the European Commission (generally those reaching at least 45 million average monthly recipients in the EU).

Scope

Intermediary services offered to recipients in the EU, with graduated due diligence obligations from basic intermediary services to online platforms and designated VLOPs/VLOSEs.

Key Points

  • Graduated due diligence obligations depending on the type of intermediary service and whether it is an online platform or a designated VLOP/VLOSE
  • Notice-and-action mechanisms for hosting services and statement-of-reasons requirements for content moderation decisions
  • Enhanced transparency obligations, including transparency reporting and transparency of online advertising (including ad repositories for online platforms where applicable)
  • User protection measures such as complaint-handling systems, out-of-court dispute settlement, and trusted flagger status for qualified entities
  • Specific rules for online platforms, including traceability of traders for online marketplaces and restrictions on certain manipulative interface practices (dark patterns)
  • For VLOPs/VLOSEs: systemic risk assessment and mitigation, independent audits, and data access for vetted researchers; enforcement includes fines of up to 6% of worldwide annual turnover

Key Deadlines

  • — Entry into force (20 days after publication in the Official Journal)
  • — Start of application for provisions enabling designation/supervision of VLOPs and VLOSEs (3 months after entry into force)
  • — General date of application

Related Regulations

Frequently Asked Questions

Who must comply with the Digital Services Act (DSA)?

All providers of intermediary services offering services to recipients in the EU must comply, including mere conduit, caching, and hosting services. Stricter obligations apply to online platforms and especially to Very Large Online Platforms (VLOPs) and Very Large Online Search Engines (VLOSEs) designated by the European Commission.

What types of services are covered by the DSA?

The DSA covers intermediary services such as internet access providers, cloud services, web hosting, online marketplaces, app stores, social networks, and search engines, provided they are accessible to users in the EU.

What are the key obligations for online platforms under the DSA?

Online platforms must implement notice-and-action mechanisms for illegal content, provide statements of reasons for content moderation decisions, ensure transparency in advertising, and establish complaint-handling systems and out-of-court dispute settlement options.

What additional requirements apply to VLOPs and VLOSEs?

VLOPs and VLOSEs must conduct systemic risk assessments, implement risk mitigation measures, undergo independent audits, provide data access to vetted researchers, and comply with enhanced transparency and reporting obligations.

What are the penalties for non-compliance with the DSA?

Penalties can include fines of up to 6% of the provider's worldwide annual turnover. The European Commission and national authorities have enforcement powers, especially for VLOPs and VLOSEs.

How does the DSA interact with other EU regulations?

The DSA complements existing EU laws such as the e-Commerce Directive and the General Data Protection Regulation (GDPR). It introduces new due diligence and transparency requirements without replacing data protection or consumer protection rules.

What practical steps should service providers take to comply with the DSA?

Providers should review their content moderation policies, implement notice-and-action mechanisms, enhance transparency in advertising, establish complaint-handling systems, and, if applicable, prepare for risk assessments and audits.

When did the DSA enter into force and when do obligations apply?

The DSA entered into force on 16 November 2022. Most obligations apply from 17 February 2024, with certain provisions for VLOPs and VLOSEs applying earlier after their designation.

Who supervises and enforces the DSA?

National Digital Services Coordinators supervise most providers, while the European Commission directly oversees VLOPs and VLOSEs. Both have powers to investigate, enforce, and impose penalties.

What mechanisms exist for users to challenge platform decisions under the DSA?

Users can access complaint-handling systems, seek out-of-court dispute settlement, and receive statements of reasons for content moderation decisions, enhancing their ability to challenge and understand platform actions.

Key Terms

Intermediary Services
Services that transmit, cache, or host information provided by users, including internet access, cloud hosting, and online platforms.
Very Large Online Platforms (VLOPs)
Online platforms designated by the European Commission as having at least 45 million average monthly active users in the EU, subject to the most stringent DSA obligations.
Very Large Online Search Engines (VLOSEs)
Search engines designated by the European Commission as having at least 45 million average monthly active users in the EU, subject to enhanced DSA requirements.
Notice-and-Action Mechanism
A process that allows users to notify hosting services of potentially illegal content, requiring timely action and feedback from the provider.
Statement of Reasons
A mandatory explanation provided by platforms to users when content is removed, access is restricted, or accounts are suspended, detailing the reasons for the decision.
Trusted Flagger
An entity or individual recognized for expertise and accuracy in reporting illegal content, whose notices must be prioritized by platforms.
Transparency Reporting
Regular public reports by service providers detailing content moderation actions, complaint handling, and advertising transparency, as required by the DSA.
Systemic Risk Assessment
An obligation for VLOPs and VLOSEs to identify, analyze, and mitigate systemic risks associated with their services, such as the dissemination of illegal content or threats to fundamental rights.
Digital Services Coordinator
A national authority designated by each EU Member State to supervise and enforce the DSA at the national level.
Dark Patterns
Manipulative interface designs that mislead or coerce users, which are restricted under the DSA for online platforms.