In this contribution, we take a closer look at two European regulations, the Digital Services Act (DSA) and the Digital Markets Act (DMA). These two pioneering regulations are of great interest to individuals and businesses. The Digital Services Act (DSA) aims to ensure free and secure access to internet services. The Digital Market Act (DMA) aims to limit the dominance of certain dominant players in the digital economy.
In this article, we will focus on why these regulations were adopted and what they bring before looking at the practical implications of both regulations in a following article.
1. Why were these two regulations created?
Digital services and especially intermediary services play an important role in our daily lives and in the EU economy. We interact with these services on a daily basis when we shop online, order meals, search for information, communicate, watch movies, listen to music, for example...
Digital services have facilitated cross-border trade and access to new markets, not only for individuals, but also for businesses.
Digital services refer to a broad category of online services that play an intermediary role in connecting consumers with goods, services and content.
While the digital transformation and the increased use of digital services have many benefits, there are also a lot of risks and challenges.
Commerce and exchange of illegal goods, services and content online is a major concern. In particular, online services are also being misused by algorithmic manipulation systems for harmful purposes such as the spread of disinformation. These challenges and the way platforms address them have a significant impact on the fundamental rights of online users, namely the freedom of expression and of information, the freedom to conduct a business, the right to non-discrimination, as well as the attainment ensuring of a high level of consumer protection.
Another issue is that some large platforms control important ecosystems in the digital economy and increasingly act as "gatekeepers" between business users and end users. These large platforms often have such an important impact and control of access to certain markets that many business users are very dependent on them (Amazon, app stores, ...). This can grant them the power to act as private rule-makers functioning as bottlenecks between businesses and end users giving them less choice.
This is why the European Union has adopted a modern and uniform legal framework that guarantees the security of online users, focusing on the protection of their fundamental rights and on maintaining an open, transparent and fair environment for online platforms.
2. What does the Digital Services Act (called DSA) bring us?
2.1 Specific rules for online platforms
The Digital Services Act (hereinafter DSA) introduces harmonised rules on the provision of online services, and more specifically intermediary services, offered by simple websites and internet infrastructure services (mobile internet infrastructure such as 5G) and online platforms. These include online marketplaces, social networks (just think at Facebook and Instagram), content sharing platforms, online search engines, operating systems or app stores, and online travel and accommodation platforms (just think holiday discounter, booking.com, etc).
The DSA regulates the following services:
- "mere conduit" services (conduits) that transmit in a communication network information provided by a recipient of the service, or provide access to a communication network. These include internet exchange points, wireless access points, virtual private networks, DNS services and resolvers, top-level domain name registries, registrars, certificate authorities that issue digital certificates, voice over IP and other interpersonal communication services;
- "caching" services that transmit in a communication network information provided by a recipient of the service, where that information is automatically, intermediately and temporarily performed for the sole purpose of making more efficient or more secure the subsequent transmission of that information to other recipients of the service upon their request. This includes the sole provision of content delivery networks, reverse proxies or content adaptation proxies;
- "hosting" services that consist of storing the information provided by a recipient of the service and at their request, such as cloud computing, web hosting, paid referencing or services enabling sharing information and content online, including file storage and sharing.
Online platforms are defined as hosting services that not only store information provided by the recipients of the service at their request, but also disseminate it to the public. However, an online platform does not exist when the dissemination to the public is merely a minor or purely ancillary feature that is intrinsically linked to another service or constitutes a minor functionality of the principal service, and this is not a way to circumvent the applicability of this regulation. Sharing an online newspaper is an example of an ancillary service to the main service consisting of publishing news under the editorial responsibility of the publisher.
The DSA provides an exemption from liability for providers of "mere conduit" and "caching" and hosting services in certain situations. For "mere conduit" and "caching", this applies when they are in no way involved with the information transmitted or accessed, except as regards technical acts necessary during transmission or provision of access, to the extent that these acts do not alter the integrity of the information. Hosting service providers may qualify for the liability exemption if, once they become aware of illegal activities or content, they act expeditiously to remove or to disable access to that content.
The DSA regulates thus the responsibilities for very large online platforms and very large online search engines in relation to systemic issues such as disinformation, hoaxes and manipulation during pandemics, harms to vulnerable groups and other emerging societal harms.
The DSA will provide all actors in the online ecosystem with effective means to counter illegal content, goods and services, namely:
- Users will be empowered to report illegal content in an easy and effective way;
- A privileged channel will be created for trusted flaggers to report illegal content to which platforms will have to react with priority;
- When enabled by national law, Member State authorities will be able to order any platform operating in the EU, regardless of its location, to remove illegal content.
2.2 The DSA is also very important for start-ups and innovation in general
The DSA introduces harmonised legislation for the entire digital single market, which is a great added value for start-ups and small platforms.
It is also crucial for them to get access to cross-border customers already in their critical growth phase. But due to the far-reaching fragmentation of this legislation, it was not always easy for small(er) players to act correctly. So that problem will no longer arise especially as standardisation actions and codes of conduct will support smooth implementation of the unified regulation by smaller companies.
For example, the DSA clarifies for platforms what transparency obligations they have to comply with regarding their operation, how they have to follow up reports on illegal content from end users and how they have to deal with offering advertising and remote sales on their platform. In turn, start-ups can react faster and easier to illegal content that could harm their business (e.g. counterfeiting).
Furthermore, responsibilities in the online ecosystem will be linked to the size of players, meaning that small platforms will be exempt from most obligations.
Overall, this will lead to a better environment for innovation, growth and competitiveness and facilitate the scaling up of smaller platforms, start-ups and SMEs.
2.3 Application of the DSA
The DSA has already entered into force on 16 November 2022 and will be directly applicable across the EU on 17 February 2024.
All online platforms, except micro and small ones, had to publish data on the number of active monthly end-users on their websites by 17 February 2023. The European Commission also invited them to report the published numbers to it.
Based on those user numbers, the Commission will be assessing whether a platform should be designated as a very large online platform or very large online search engine.
Following that Commission designation decision, the entity concerned has four months to comply with its obligations under the DSA. Here, conducting an annual risk assessment is of great importance, which must also be communicated to the Commission.
3. What does the Digital Markets Act (called DMA) bring us?
3.1 Specific rules for "gatekeepers"
The Digital Markets Act (further referred to as DMA) contains a set of carefully defined rules applicable to online platforms that act as "gatekeepers".
The DMA covers ten core platform services, namely online intermediation services (bol.com, amazon.com, …), online search engines (Google, Bing, …), online social networking services (Facebook, Instagram, TikTok, Snapchat, Bereal, …), video-sharing platform services (Youtube, Vimeo, …), number-independent interpersonal communication services (chat services), operating systems (Windows, Android, IOS, …), cloud computing services (Office365, Google Workspace, …), advertising services (Google Ads, …), web browsers (Chrome, Firefox, …), virtual assistants (Siri, Alexa, …).
The aim is to prevent these so-called gatekeepers from imposing unfair conditions on businesses and end users, and to ensure the openness of important digital services.
Gatekeeper platforms are digital platforms that provide an important gateway for business users to reach their end users - and therefore have a significant impact on the internal market and can act as bottlenecks between businesses and end users.
There are three main cumulative criteria that brings a company under the scope of the DMA:
- A size that impacts the internal market: this is presumed to be the case if the company achieves an annual Union turnover equal to or above €7.5 billion in each of the last three financial years, or where its average market capitalisation or equivalent fair market value amounted to at least €75 billion in the last financial year, and it provides a core platform service in at least three Member States;
- The control of an important gateway for business users towards final consumers: this is presumed to be the case if the company operates a core platform service with more than 45 million monthly active end users established or located in the EU and more than 10,000 yearly active business users established in the EU in the last financial year;
- An entrenched and durable position in its operations or if it is foreseeable in the near future: this is presumed to be the case if the company met the second criterion in each of the last three financial years.
To determine whether a core platform service should be considered a "gatekeeper", it is verified that they meet these quantitative criteria but these core platform services have the opportunity to rebut the presumption and demonstrate that they should not be designated as gatekeepers. Conversely, the Commission may launch a market investigation to assess whether a company that does not meet these criteria should still be considered a gatekeeper, and this on the basis of a qualitative assessment.
To ensure that these types of gatekeeper platforms do not become too dominant in digital markets and that markets with large gatekeeper platforms remain fair and accessible to innovators, companies and new entrants to the markets, the DMA is imposing a series of obligations on gatekeepers and prohibiting them, among other things, from engaging in certain unfair behaviour.
Among other things, gatekeepers will have to ensure that end users can easily unsubscribe from core platform services or uninstall pre-installed core platform services, stopping the installation of software by default alongside the operating system, providing advertising performance data and ad pricing information, allowing developers to use alternative in-app payment systems, and allowing end users to download alternative app stores.
Some of these services are also covered by the Digital Services Regulation, but the DMA's finality is different.
3.2 Application of the DMA
The DMA is to become applicable on 2 May 2023.
By 3 July 2023, companies must provide the European Commission with information on their number of users so that the Commission can designate "gatekeepers" by 6 September 2023.
Gatekeepers will then have until 6 March 2024 to ensure they comply with the DMA's obligations.
It is important that companies take into account the entry into force deadlines so that they implement the new EU regulations on time.
With this article, we mainly wanted to outline the context of these two regulations, which will have an impact on how everyone moves, acts and shops online, and to highlight the relevant deadlines for each regulation.
In a subsequent article, we will discuss the practical implications of both regulations.
Should you have any questions regarding this matter, please do not hesitate to contact our specialists: +32 (0)2 747 40 07 or email@example.com.
The practical implications of the regulations on digital services and markets
IP - Data Protection Law