Implementation timeline for the EU’s Digital Services Act
The 16 November 2022 marked the entry into force of the Digital Services Act (DSA), which hopes to bring the regulations on the liability regime of online intermediary services into the twenty-first century. Even though most of the regulation will only apply from 17 February 2024 onwards, some intermediary services will have to implement certain measures earlier, with 17 February 2023 having been the recent deadline to watch out for. Non-compliance with the DSA can generally result in a fine of up to 6% annual turnover.
17 February 2023: deadline for implementation of transparency reporting measures
The deadline for implementation of transparency reporting measures was the 17 February 2023. For the European Commission (EC) to establish which platforms or search engines qualify as “very large”, access to the data concerning the number of users a service must be provided. The provisions which have already become applicable since 16 November 2022 are aimed at enabling such a determination.
Who this applies to: this deadline is applicable to all providers of online platforms and online search engines, including small and micro platforms.
What needs to be done: online platforms and search engines must already comply with certain provisions of the DSA before the entire regulation becomes applicable in February 2024:
1. Transparency reporting obligations concerning the publication of average monthly number of active service recipients in the EU, (Art. 24(2) and (3)).
- Please note: the relevant digital service coordinator or European Commission may request such information to be sent to them
- Please note: delegated acts concerning the methodology for calculation may still be passed by the European Commission (Art. 33(3)).
- Please note: this provision is only applicable to online platforms.
Providers of online platforms of any size (including small and micro platforms) should therefore ensure that their systems can ascertain and store the number of average monthly EU recipients for the past six months. By 17 February 2023 all platforms needed to publish such statistics going back until mid-August 2022 on their website. Operators should ensure that this information is gathered and provided in accordance with the General Data Protection Regulations (GDPR).
From Summer 2023: deadline for implementation of compliance measures for VLOPs and VLOSEs
Who this applies to: This deadline is applicable to VLOPs and VLOSEs within four months of being designated as such by the European Commission.
What needs to be done: VLOPs and VLOSEs must oblige with all obligations provided in Art. 11-43 DSA (see below for full overview). These include risk mitigation measures specific to VLOPs and VLOSEs. In particular, stringent due diligence requirements, including mandatory risk assessments and corresponding mitigation measures.
17 February 2024: deadline for implementation of all measures necessary under the DSA
The deadline for implementation of all measures necessary under the DSA will fall on 17 February 2024.
Who this applies to: it will be applicable to all providers of intermediary services, that is, all providers of hosting, caching and mere conduit services offered to EU customers.
What needs to be done: depending on the type of service offered and the number of recipients of the service within the EU, various measures need to be implemented by intermediary services:
- General obligations applicable to all intermediary services (Art. 11-15).
- Additional obligations for hosting services, including platforms (Art. 16-18), including providing notice-and-action mechanisms for illegal content.
- Additional obligations for online platforms (Art. 19-28), including internal complaint systems, measures regarding advertising and the protection of minors.
- Additional obligations for online platforms, allowing consumers to conclude distance contracts with traders (Art. 29-32).
- Additional, specific obligations for VLOPs and VLOSEs to manage systemic risks (Art. 33-43).
Please note that providers of intermediary services must designate a single point of contact for the purposes of communicating inter alia with member states’ authorities and the European Commission. Where the intermediary service does not have an establishment within the EU, a legal representative must be appointed for this purpose in one of the EU member states.
Digital Services Act: further information
For further information on the new rules for online platforms please see Gabriele’s MARQUES weblog of 29 October 2022: “The Digital Services Act becomes reality”.Read more
Digital Services Act: dycip.com/digital-services-act