Jump to main content

2 – Digital Services Act: A safer digital space


The European Union's new Digital Services Act aims to create a safer digital space for citizens and businesses. The regulation seeks to provide for greater democratic control and supervision of digital platforms, and to reduce the risk of manipulation, disinformation and illegal content.

The new rules promise better consumer protection and enhanced transparency and accountability for online platforms. It contains regulations on internet services and platforms and will partly update the current e-Commerce Directive, adopted in 2000.

In this article, we will outline the key provisions in the Digital Services Act and identify the services and businesses which are likely to be affected by this new legislation.

Which businesses are affected by the Digital Services Act?

All businesses providing intermediary services to recipients in the European Union fall within the scope of the Digital Services Act, irrespective of whether the business is established in the European Union or not. Intermediary services refer to a wide range of online platforms including hosting services, web shops, online marketplaces, social networks, content-sharing platforms, app stores and online travel and accommodation platforms.

Key Provisions

Liability of providers of intermediary services

The liability of providers of intermediary services as currently set out in Articles 12 to 15 in the e-Commerce Directive are replaced by articles 4,5,6 and article 8 in the Digital Service Act. The new articles sets out the obligations of mere conduit (Article 4), caching (Article 5), hosting services (Article 6) and no general monitoring obligations (Article 8).

The substance of these articles remain largely unchanged compared to Articles 12 to 15 in the e-Commerce Directive. However, there is a new paragraph in Article 6 regarding hosting services which state that the general no liability rule does not apply to the liability under consumer protection law of online platforms allowing consumers to conclude distance contracts with traders. Such platforms are liable for the information presented if that information would lead an average and reasonably well-informed consumer to believe that the information is provided either by the online platform itself or by a recipient of the service who is acting under its authority or control.

New obligations for online intermediary services

Digital Services Act imposes significant obligations to providers of digital services. There are obligations which apply to all intermediary service providers and there are also obligations specifically imposed on (i) hosting services, (ii) online platforms and (iii) "very large online platforms". Very large online platforms are platforms which provide their services to 45 million or more active users in the European Union in average per month.

All intermediary service providers shall:

  • designate a point of contact and, if the relevant provider does not have an establishment in the European Union, legal representative in one of the Member States,
  • provide information in terms and conditions on any policies, procedures, measures and tools used for the purpose of content moderation, including algorithmic decision-making and human manually monitoring
  • publish, at least once a year, clear, reports on any content moderation they have engaged in.

All hosting services shall also:

  • have in place mechanisms enabling individuals to notify them of illegal content.
  • If providers of these services decide to remove or disable access to specific content, they shall inform the recipient who provided that content of the decision along with its reasons.

Online platforms (with the exception of so-called micro and small enterprises) shall also:

  • provide for an internal complaint system and out of court dispute settlement,
  • take the necessary technical and organisational measures to ensure that notices submitted by trusted flaggers* are processed and decided upon with priority and without delay,

*The status of trusted flaggers shall be awarded by the Digital Services Coordinator of the Member State to those who have particular expertise and competence for the purposes of detecting, identifying and notifying illegal content, who represent collective interests independent from any online platform and who carry out activities for the purposes of submitting notices in a timely, diligent and objective manner.

  • suspend, for a reasonable period of time and after having issued a prior warning, the provision of their services to recipients of the service that frequently provide manifestly illegal content,
  • (where an online platform allows consumers to conclude distance contracts with traders) ensure that traders can only use its services if, prior to the use of its services, the online platform has obtained information regarding name, contact information and registration of the trader,
  • notify law enforcement and judicial authorities of suspicions of criminal offences,
  • inform the recipients of advertisements that the information displayed is an advertisement, indicate the natural or legal person on whose behalf the advertisement is displayed and provide meaningful information about the main parameters used to determine the recipient to whom the advertisement is displayed (transparent marketing),
  • shall not present advertisements based on profiling by (i) using personal data of users where they are aware that the user is a minor or (ii) using special categories of personal data,
  • shall not use "dark patterns", i.a design, organise or operate their online interfaces in a way that deceives or manipulates the recipients of their service or in a way that otherwise materially distorts or impairs the ability of the recipients of their service to make free and informed decisions.

Very large online platforms, shall, in addition to all the other obligations:

  • identify, analyse and assess at least once a year, any significant systemic risks relating for example to dissemination of illegal content, negative effects on privacy, freedom of expression and prohibition of discrimination, stemming from the functioning and use of their services in the European Union,
  • put in place reasonable, proportionate and effective mitigation measures tailored to the systemic risks identified,
  • perform independent audits at least once a year of its compliance with the obligations which shall be published,
  • (if they use recommender systems (i.a. algorithms aimed at suggesting relevant items to user)) set out in their terms and conditions, in a clear, accessible and easily comprehensible manner, the main parameters used in their recommender systems,
  • provide the European Commission and vetted researches with access to data, including explanation of the design, logic, the functioning and the testing of their algorithmic systems, that are necessary to monitor and assess their compliance with the Digital Services Act.

Businesses may ask the European Commission to amend its request for information if they consider that giving access to the requested data will lead to significant vulnerabilities for the security of its service or the protection of confidential information, in particular trade secrets (Article 31/6(b)). It is anticipated that the new provisions regarding the algorithmic systems will lead to challenging yet interesting questions from an intellectual property law perspective.

Legislative Status of the Digital Services Act

The Digital Services Act was published in the Official Journal of the European Union on 27 October 2022 and will enter into force twenty days after its publication.

For Norway as an EEA country, Digital Services Act will have to be first incorporated into the EEA agreement after entering into force in the European Union. After that, legislators in Norway must propose a law to implement the Digital Services Act into Norwegian law. It is anticipated that it might take some time to fully implement Digital Services Act in Norway.

The Digital Services Act Package

Digital Services Act is one of the two legislative initiatives proposed by the European Commission regarding the governance of the digital services in the European Union. The second initiative by the European Commission in this context is the Digital Markets Act which aims to foster innovation, growth, and competitiveness in the European digital market. Digital Services Act and Digital Markets Act form a single set of rules, referred as the Digital Services Act Package.

The next article in Wikborg Rein's "A Europe Fit for the Digital Age" article series will be focusing on the Digital Markets Act. In the meantime, our Technology and Digitalisation team is ready to assist businesses and answer questions regarding the new legal framework for digital services in Europe.

Profile image of Lars Erik Steinkjer
Lars Erik Steinkjer
E-mail lst@wr.no
Profile image of Gry Hvidsten
Gry Hvidsten
E-mail ghv@wr.no
Profile image of Chris Andre Jørgensen
Chris Andre Jørgensen
E-mail chj@wr.no
Profile image of Ekin Ince Ersvaer
Ekin Ince Ersvaer
E-mail eie@wr.no

Subscribe to newsletter and invitations