Iubenda logo
Start generating

Documentation

Table of Contents

What is the Digital Services Act? Everything You Need to Know

📣 Latest Update: February 28, 2024

EU Commission Exempts Certain Apple and Microsoft Products from DMA Regulations

The European Commission has announced that specific Apple and Microsoft products, including Apple’s iMessage and Microsoft’s Bing, Edge, and Microsoft Advertising, will not fall under the Digital Markets Act (DMA) as gatekeeper services. This decision, part of the Commission’s comprehensive evaluation, indicates that these services do not meet the criteria for gatekeeper designation under the DMA. The landmark legislation aims to regulate dominant companies in the digital market, preventing misuse of market dominance. Despite this exemption, Apple and Microsoft will remain designated gatekeepers for other core platform services. The Commission’s decision concludes its investigation into the companies, focusing on fostering competition and monitoring market developments closely.

The Digital Markets Act (DMA) has implications for several key players in the technology and digital sectors, affecting their operations and regulatory compliance. Here are a few examples of Very Large Online Platforms (VLOPs) and services affected by the DMA and recent decisions:

Apple:

  • Affected Services: Apple’s designation as a gatekeeper affects its App Store, the Safari browser, and the iOS operating system. These services are critical to Apple’s ecosystem and have a significant impact on developers and businesses that rely on Apple’s platforms to reach consumers. Apple has announced changes to these services to comply with the DMA, which has attracted scrutiny and criticism from various stakeholders.
  • Non-Affected Services: Apple’s messaging service, iMessage, has been exempted from being classified as a gatekeeper service under the DMA. This decision allows Apple to maintain its current operational model for iMessage without the need for interoperability with other messaging services, preserving its privacy and security features that the company emphasizes as a differentiator.
  • Microsoft:

    • Affected Services: Microsoft’s designation as a gatekeeper affects LinkedIn, its social networking service, and Windows PC OS, the operating system for personal computers. These services are integral to Microsoft’s portfolio, influencing a wide range of consumers and businesses that utilize Microsoft’s platforms for professional networking and computing needs.
    • Non-Affected Services: Microsoft’s search engine Bing, its browser Edge, and its online advertising service Microsoft Advertising have been determined not to meet the criteria for gatekeeper services under the DMA. This exemption suggests that these services operate as challengers in the market rather than dominant players, according to a statement from a Microsoft spokesperson.

    Other Gatekeepers and Services:

    • Designated Gatekeepers: In addition to Apple and Microsoft, the European Commission designated Alphabet, Amazon, ByteDance, and Meta as gatekeepers in September 2023. These companies control significant core platform services that influence various digital markets, including social media platforms and web browsers.
    • Regulatory Compliance and Changes: The DMA mandates that gatekeepers must not misuse their market dominance to cement their position and suppress the emergence of competitors. This includes adhering to a series of guidelines designed to foster competition and innovation within the digital markets. The designation and compliance requirements under the DMA necessitate strategic adjustments by these VLOPs to align with new regulatory landscapes in the EU.

    The DMA’s emphasis on promoting competition, interoperability, and consumer choice has led to a reevaluation of the roles and responsibilities of VLOPs within the digital economy. This regulatory approach by the European Commission signifies a significant shift towards ensuring fairer and more open digital markets, with direct implications for how VLOPs operate within the European Economic Area.

Recent Developments:Expanded Designations and Obligations Under the Digital Services Act (DSA)

New Designations: The European Commission has made a significant move under the Digital Services Act by designating three more Very Large Online Platforms (VLOPs): Pornhub, Stripchat, and XVideos. This decision is based on these platforms exceeding the threshold of 45 million average monthly users in the EU. This follows the initial designation of 19 VLOPs and search engines on 25 April 2023.

Compliance Deadline: All online platforms and search engines, except small and microenterprises, must adhere to the general DSA obligations by 17 February 2024. These include user-friendly mechanisms for reporting illegal content, prioritizing notices from trusted flaggers, providing reasons for content restrictions, internal complaint systems for moderation appeals, prompt law enforcement notifications in case of criminal offenses, and enhanced privacy and security, especially for minors.

Stringent Rules for VLOPs: The newly designated VLOPs, including Pornhub, XVideos, and Stripchat, face additional specific measures. Within four months of their designation, they must:

  • Conduct thorough content moderation, including systemic risk analysis, mitigation measures against illegal and rights-threatening content, and reinforced internal processes.
  • Ensure strong protection for minors by designing services to prevent risks to their well-being and using age verification tools.
  • Enhance transparency and accountability through external audits, ad repositories, data access for researchers, bi-annual content moderation and risk management reports, and annual systemic risk and audit reports.
  • Appoint a compliance function and undergo external independent audits annually.

Next Steps: The Commission will supervise these platforms in collaboration with Digital Services Coordinators from Member States, focusing on compliance, especially regarding minors’ protection and illegal content management. Background: The first batch of 19 VLOPs and search engines designated in April 2023 are set to meet their additional DSA obligations by the end of August. The overall enforcement of the DSA involves both the Commission and Digital Services Coordinators, to be appointed by Member States by 17 February 2024.

Recent Developments: Introduction of the Digital Services Act Transparency Database

The European Commission has unveiled a significant enhancement to the Digital Services Act (DSA) with the launch of the Digital Services Act Transparency Database. This database serves as a regulatory repository, and its main purpose is to provide a public record of content moderation decisions made by online platform providers.

What Does the Database Include?

The database will house statements from online platform providers, detailing the reasons for their decisions to either remove or restrict access to certain pieces of content. This is in line with the requirements set out in the DSA, which mandates that platforms explain the rationale behind such decisions.

Who Needs to Comply?

Starting from 17th February 2024, it will be mandatory for all online platform providers operating within the European Union to submit their data to this database. This is aimed at fostering transparency and accountability in the digital sphere.

Effective August 25, 2023, the EU’s Digital Services Act (DSA) now governs “very large online platforms” and “very large online search engines” that have more than 45 million active users in the EU. Under this new regulation, such companies must partake in yearly audits and actively combat disinformation. Non-compliance risks penalties, including fines that can reach up to 6% of a company’s worldwide revenue or even result in a ban. The full Act will be applicable to smaller websites starting early 2024. Big Tech is now under enhanced legal scrutiny, with obligations related to content safety, user targeting, and data sharing. In line with DSA obligations, Google has declared that it will provide targeted ad data to authorized researchers. There remains ongoing debate on whether these tech giants have sufficiently met EU regulatory standards.

🆕 Many of you are probably wondering: “but, what exactly is the Digital Services Act”?

The DSA was published in the Official Journal of the European Union on October 27, 2022, and sets some new and important rules for the online ecosystem.

As a website owner, marketer, publisher or any professional operating online, this is relevant news for you. If you’re curious to know more, keep reading! You’ll find more explanation below.

what is the digital services act

🔍 Digital Services Act explained

The Digital Services Act was presented along with the Digital Markets Act.

Together, they form a single set of new rules that will be applicable across the whole EU to create a safer and more open digital space, where the fundamental rights of users are protected. They also aim at establishing a level playing field for businesses.

🧐 Why is it needed? The rapid and widespread development of digital services has had both a negative and positive impact.

On one side, it fostered communication, access to information, and trade outside the Union. On the other side, it brought some concerns surrounding illegal goods, services and content, as well as manipulative algorithms to trick users.

👉 The European Legislation simply needs to evolve in order to address these new challenges.

The rules established by the DSA include, amongst others, new measures for:

  • enhanced transparency online (ie. better information on terms and conditions or the algorithms used for recommending content or products by advertising platforms or influencers);
  • countering illegal content, goods and services online as well as tracing sellers;
  • restricting targeted advertising for some categories;
  • the overall protection of users, with new safeguards (ie. fill out a complaint, seek compensation or a court settlement, challenge platforms’ content moderation decisions, etc.);
  • the protection of minors, disinformation or election manipulation, cyber violence against women;
  • banning so-called ‘dark patterns’ on the interface of online platforms, referring to misleading tricks that manipulate users into choices they do not intend to make;
  • and more.

Read the full document published in the Official Journal of the European Union here.

🗓️ When will the Digital Services Act be enforced?

The DSA requirements took effect on January 1, 2024.

🎯 Who will be affected by the DSA?

So-called VLOPs (also known as very large online platforms) — will be the first obligated to conform to the new compliance requirements.

🔍 Updates on VLOPs

The European Commission has given guidance on online platforms and search engines’ compliance with the DSA, specifically on reporting the number of users they have in the EU (which will be carefully examined by authorities).

If the published user numbers reach more than 10% of the EU’s population (45 million), the platform will most likely be defined as a very large online platform (VLOP) or search engine (VLOSE) and would be subject to additional obligations including:

  • to comply with the regulation earlier than other actors;
  • to make a risk assessment to identify potential risks for society (i.e. harmful content);
  • to take corresponding risk mitigation measures (involving independent audits).

More information here.

Therefore, in the first quarter of 2023, compliance obligations will probably start to weigh heavily on a number of larger IT companies and Big Tech giants.

“The Commission will be the primary regulator for very large online platforms (reaching 45 million users), while other platforms will be under the supervision of Member States where they are established.”

💡 What should you take away from this?

  • Make sure to remember the key concepts emphasized by this new legislation: enhanced transparency and user rights, bans on illegal practices, misleading tricks and algorithms and some aspects of targeted advertising;
  • Keep an eye on your own practices surrounding these matters by putting in place transparent and compliant processes.

👉 Under the new DSA rules, dark patterns are prohibited. Learn more now about this topic and how to optimize your consent rate while avoiding dark patterns.