Enforcing the Digital Services Act (DSA) involves a broad spectrum of investigative and punitive measures accessible to both national authorities and the European Commission. The Commission takes the lead in supervising and enforcing the DSA, assisted by Digital Services Coordinators and the Board.
Who does the DSA apply to?
The DSA applies to organisations providing online intermediary services in the EU. These include "mere conduit," "caching," and "hosting" services, encompassing various platforms like internet service providers, social media networks, and online marketplaces.
- A 'mere conduit' service involves transmitting information through a communication network provided by the recipient of the service or facilitating access to a communication network. Examples include internet service providers, direct messaging services, virtual private networks (VPNs), domain name systems (DNS), voice over IP (VoIP), and top-level domain name registries.
- A 'caching' service involves transmitting information through a communication network provided by the recipient of the service, where the information is automatically and temporarily stored to facilitate more efficient onward transmission to other recipients upon their request. Examples include content delivery networks (CDNs), content adaptation proxies, and reverse proxies.
- A 'hosting' service involves storing information provided by and at the request of a recipient of the service. Examples include cloud service providers, online marketplaces, social media platforms, app stores, and travel and accommodation platforms.
What's the enforcement process?
The enforcement process of the DSA relies on collaboration between national authorities and the EU, overseen by the Commission and Digital Services Coordinators (DSCs). In each Member State, DSCs are responsible for supervising intermediary services affected by the DSA and working closely with relevant authorities. These DSCs must have the authority and capabilities necessary to fulfil their duties, including the power to investigate, levy fines, and issue compliance notices affecting intermediary service providers within their jurisdiction, irrespective of their user base. They are also responsible for certifying "trusted flaggers", independent organisations who are experts in detecting, identifying and removing illegal content, and out-of-court dispute settlement bodies.
For very large online platforms (VLOPs) and search engines (VLOSEs), the Commission has direct supervision and enforcement authority under the DSA, rather than the DSCs. However, where the Commission has not initiated proceedings for a particular infringement, the member state where the main establishment of the VLOP or VLOSE provider is located retains the authority to supervise and enforce DSA obligations concerning those providers.
What are the steps of the enforcement process?
Step 1: Investigation Starts
When the Commission or DSCs identify a potential violation of the DSA, they initiate an investigation. This entails requesting information, conducting interviews with relevant individuals, and inspecting locations pertinent to the case. Throughout the investigation, they leverage their authority to gather evidence substantiating the suspected violation.
Step 2: Formal Proceedings
If the Commission or DSCs continue to suspect a violation of the DSA after conducting investigations, they may initiate a formal proceeding. Before making any decisions, the platform under investigation is afforded the opportunity to respond. This involves discussing the preliminary findings and any measures the Commission intends to take based on them.
It's important to note that the DSA does not specify a specific legal deadline for concluding formal proceedings. The duration of the investigation can vary depending on factors such as the complexity of the case, the level of cooperation from the company involved, and the exercise of defence rights.
Step 3: Ruling Time
If the Commission or DSCs confirm a breach of the DSA, they can impose fines of up to 6% of the global turnover of the online service provider. Providers who fail to supply information or provide misleading information may face fines of 1% of worldwide turnover. The DSA also allows for periodic payments of 5% of the average daily worldwide turnover or income to enforce obligations. The Commission or DSCs may require the provider to rectify the breach within a specified timeframe and monitor closely for compliance. In severe or repeated breaches, national courts can ban the service provider from operating in Europe. Any fines imposed can be appealed in EU courts, ensuring fairness and transparency.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.