Proposal for a regulation of the European Parliament and of the Council on a single market for digital services (digital services act) and amending Directive 2000/31/EC

In “A Europe Fit for the Digital Age”

PDF version

The rules governing the provision of digital services in the EU have remained largely unchanged since the adoption of the e-Commerce Directive in 2000, while digital technologies and business models continue to evolve rapidly and new societal challenges are emerging, such as the spread of counterfeit goods, hate speech and disinformation online. Against this backdrop, on 15 December 2020, the European Commission tabled a new legislative proposal on a Digital Services Act (DSA) to update the current EU legal framework governing digital services. In parallel, the Commission unveiled a proposal for a Digital Markets Act (see separate fiche).

The DSA is a horizontal instrument that aims to create a safer and trusted online environment. It puts in place a framework of layered responsibilities targeted at different types of services (i.e. intermediary services, hosting services, online platform services, and very large online platforms services) and proposes a set of harmonised EU-wide asymmetric obligations to ensure transparency, accountability and regulatory oversight of the EU online space (for more information see below the briefing on Digital services act: EU Legislation in Progress).

Following protracted interinstitutional negotiations, Parliament and Council reached a provisional political agreement on the DSA in April 2022. Parliament approved the final text during its July 2022 session (with 539 votes in favour, 54 votes against and 30 abstentions). Online platforms (e.g. social media and marketplaces) and online search engines must take measures to protect their users from harmful and illegal content, goods and services. Online platforms must be more transparent and more accountable (e.g. on how their content is recommended to their users) and put in place special measures to ensure their users' safety online. They cannot target advertising based on minors' personal data or on sensitive data (e.g. sexual orientation, religion and ethnicity). They should also not use their online interface to influence users' behaviour, i.e. 'dark patterns'. Online marketplaces are required to make more effort to ensure the information provided by the online traders using their platforms is reliable, including through random checks. Very large online platforms (VLOPs) and very large online search engines (VLOSE) will have to comply with stricter obligations under the DSA, given the significant societal risks they pose when disseminating illegal and harmful content, including disinformation. 

The DSA was published in the Official Journal in October 2022 and entered into force on 1 November 2022. The European Centre for Algorithmic Transparency (ECAT) that provides technical assistance for the enforcement of the DSA has been launched in April 2023. The same month, the Commission adopted the first designation decision under the DSA designating 17 Very Large Online Platforms (VLOPs) and 2 Very Large Online Search Engines (VLOSEs) that reach at least 45 million monthly active users in the EU. Since August 2023, the DSA became legally enforceable for designated VLOPs and VLOSEs. The designated platforms need to perform annual risk assessment exercise to examine risks such as how illegal content might be disseminated through their services and deliver transparency reports. In November 2024, the Commission adopted an implementing regulation with templates for the transparency reports, including harmonised reporting periods.

The number of designated VLOPs and VLOSEs has increased since the initial designation, and now accounts to 23 VLOPs and 2 VLOSEs. 

In September 2023, the Commission launched the DSA Transparency Database. In October 2023, it  published a set of recommendations for Member States to coordinate their response to incidents that may increase the spread and amplification of illegal content, such as terrorist content.

The Commission can send formal requests for information about measures that the VLOPs and VLOSEs have put in place to comply with the DSA provisions. In January 2024, for example, the Commission  sent formal requests for information to 17 of the Very Large Online Platforms and Search Engines (VLOPs and VLOSEs) to enquire about the measures they have taken to comply with the obligation to give access, without undue delay, to the data that is publicly accessible on their online interface to eligible researchers. In addition, the Commission is enquiring about measures on risk mitigation to prevent illegal and harmful content and risks linked to generative AI, recommender systems, and the protection of minors. Some requests enquire about dark patterns, advertising, notice and action mechanisms, and content moderation.

In December 2023, the Commission opened formal infringement proceedings against the VLOP X on several grounds, including suspected breaches of the obligations concerning data access to researchers. In July 2024, Commission issued preliminary findings that X is in breach of the DSA on dark patterns, transparency of advertising and on access to data by researchers. X can exercise its right of defense, while investigation on other provisions continue.

Formal proceedings against TikTok regarding TikTok Lite Revards programme were closed in August 2024, after the platform committed to withdraw the programme from the EU. Proceedings against TikTok on other provisions continue. Formal proceedings against AliExpress and Meta, opened in March and in May 2024, are ongoing. In October 2024, Commission started formal proceedings against VLOP Temu.

In October 2024, the Commission started infringement procedures against Czech Republic, Cyprus and Portugal, sending them reasoned opinions, for not empowering their designated Digital Service Coordinators nor defining the penalties for DSA breaches. 

References:

Further reading:

Author: Polona Car, Members' Research Service, legislative-train@europarl.europa.eu

As of 20/11/2024.