Cloud Hosting

On July 5, 2022, the European Parliament voted to approve the final text of the Digital Services Act("DSA" or the "Act"), a landmark regulationthat-along with its sister regulation, the Digital Markets Act("DMA")-is poised to transform the global regulatorylandscape for social media platforms, hosting services like cloudservice providers, and other online intermediaries.

Lawmakers have billed the DSA as implementing the principle that"what is illegal offline, should be illegal online." Inreality, the DSA goes much further, requiring online platforms tonot only take greater accountability for "illegal" and"harmful" content that they host, but also to provideunprecedented transparency around their content moderationpractices, targeted advertising, and recommender algorithms, and tomaintain comprehensive risk management systems for a potentiallywide range of systemic risks-from public health crises to politicalmisinformation.

In this Debevoise Data Blog post, we have provided an update onthe status of the DSA, an overview of the key features of thislandmark regulation, and several take-aways for companies about theimport of the DSA.

The Parliamentary vote was the penultimate step for enactment ofthe DSA, which is now due to be adopted by the European Council inSeptember 2022, formally enacting it as law. The Act was firstintroduced in December 2020, but stalled for negotiations betweenthe European Council and Parliament. A political agreement wasreached in late April 2022, and the text of the Act was finalizedin the subsequent months leading up to the July Parliamentaryvote.

Once adopted, the timeline for its application and enforcementwill be fast-paced. While the full text of the DSA would beginapplying to all covered online intermediary services on January 1,2024, companies designated as very large online platforms("VLOPs") may have to begin complying with a subset ofprovisions at a much earlier date, most likely in early ormid-2023.

The DSA applies to a wide range of "intermediaryservices," which the Act categorizes by the role, size, andimpact of a given company on the online ecosystem."Intermediary services" include a broad range of"mere conduit," "caching," and"hosting" services, with the bulk of the Act'srequirements focused on the following types of companies:

Under the Act, VLOPs and VLOSEs are subject to the moststringent set of requirements, as well as greater regulatoryoversight.

The DSA imposes tiered requirements on different categories ofintermediary services, which means that a different set ofobligations will apply to each type of intermediary covered underthe Act. However, the general requirements of the Act are asfollows:

The DSA imposes outright bans on the following practices for allproviders of online platforms:

The DSA increases intermediaries' obligations to counterillegal goods, services, or content online. In particular,platforms must implement policies to ensure greater traceability ofbusiness users in online market places and must provide a mechanismfor any individual or entity to easily flag illegal content.Requirements for various categories of intermediaries include:

The DSA also establishes stringent transparency requirements forintermediary services regarding targeted advertising and contentmoderation practices. Requirements for various categories ofintermediaries include:

The DSA provides that VLOPs (such as major social mediaplatforms) have "a systemic impact in facilitating publicdebate, economic transactions and the dissemination of information,opinions and ideas." Accordingly, the DSA imposes additional,more stringent obligations on them. In addition to the requirementslisted above, VLOPs will be subject to the followingobligations:

Platforms must comply with crisis responseprotocols developed by the Commission in the event ofa "serious threat to public security or public health,"which may include ordering the platform to "identify and applyspecific, effective and proportionate measures" of theplatform's choice to mitigate the threat, provide informationon the threat, or report back to the Commission on progress inmitigating the threat progress (Art. 27a).

Platforms must conduct externalindependent auditing of the platform'scompliance with the DSA on an annual basis, by auditors with provenexpertise, technical competence, and capabilities in the area ofrisk management (Art. 28).

Platforms mustprovide access toplatform data to regulators and vetted researchersunder certain circumstances (Art. 31).

For most platforms, national-level authoritieswill be primarily responsible for enforcement of the DSA, withsupport from the newly formed European Board for Digital Services.Member states will each authorize an authority as a DigitalServices Coordinator, which shall be responsible for all mattersrelating to supervision and enforcement of the DSA. DigitalServices Coordinators will have the power to, among other remedies,impose fines of up to 6% of the annual worldwide turnovers ofproviders who fail to comply with DSA obligations.

For VLOPs, however, the European Commissionwill be primarily responsible for the supervision and enforcementof the DSA, and will be granted enhanced powers for this purpose.The Commission may impose fines of up to 6% of the platform'sannual global turnover where it finds an infringement or failure tocomply. Other specific powers include the authority to requestinformation from the platform (Art. 52); conduct on-siteinspections (Art. 54); and initiate monitoring actions, wherein theCommission can order a platform to provide access to, andexplanations relating to, its databases and algorithms (Art.57).

The DSA is a groundbreaking legislation that aims to transformthe digital regulatory landscape in the EU and beyond. In order tobe prepared to comply with the new rules, companies will need totake note of additional compliance or reporting requirements thatthe DSA will create for them, and the tight timeline on which theywill need to remedy any compliance gaps. Companies should payspecial attention to any implications for their advertisingplatforms as well as any use of algorithmic decision-making or AI,especially in the context of content moderation and recommendersystems, as those applications will be subject to unprecedentedtransparency requirements and, as a consequence, regulatoryscrutiny.

The authors would like to thank Law Clerk Melissa Muse and Summer Law Clerks JoshGoland, Sharon Shaji, and Annabella Waszkiewicz for theircontributions to this article.

The content of this article is intended to provide a generalguide to the subject matter. Specialist advice should be soughtabout your specific circumstances.

Read the original post:
The Digital Services Act (DSA) Transforms Regulation Of Online Intermediaries - Advertising, Marketing & Branding - United States - Mondaq