Digital Services Act (DSA)

The Digital Services Act (DSA) is the EU regulation that governs digital services with requirements for content moderation, transparency and user rights. The regulation applies to all intermediary services offering services to users in the EU and introduces a graduated responsibility system based on the type and size of the service.

Back to Dictionary

What is the Digital Services Act?

The Digital Services Act (Regulation (EU) 2022/2065) is EU legislation that establishes the framework for digital services' responsibilities and obligations. The regulation replaces parts of the e-Commerce Directive from 2000 and reflects that the internet has changed markedly over the past two decades.

The purpose of the DSA is twofold: to protect users and their fundamental rights online, and to create clear, uniform rules for digital services across the EU. It strikes a balance between freedom of expression and the need to combat illegal content.

The DSA introduces a graduated responsibility system where larger and more influential services have more obligations. A small hosting service has fewer requirements than a very large online platform with millions of users.

Who is covered by the DSA?

The DSA divides digital services into four categories with increasing obligations:

Intermediary services: All services that transmit, cache or host information. This is the broadest category and includes internet providers and DNS services.
Hosting services: Services that store information on behalf of users, including cloud services, web hosts and social media.
Online platforms: Hosting services that disseminate information to the public at the user's request, covering social media, marketplaces, app stores and travel portals.
Very large online platforms (VLOPs) and search engines (VLOSEs): Platforms with over 45 million active users in the EU per month, which have the most extensive obligations.

The DSA applies to all services offering themselves to users in the EU, regardless of where the organisation is established.

Central requirements in the DSA

The DSA introduces a range of requirements that vary by service type. All intermediary services must designate contact points, update their terms with information on content moderation and publish annual transparency reports. Hosting services must have notice-and-action mechanisms. Online platforms must have internal complaint systems, cooperate with trusted flaggers, ensure algorithmic transparency and prohibit dark patterns. VLOPs must conduct annual risk assessments, undergo independent audits and provide data access to researchers.

Supervision and enforcement

The DSA establishes a two-level supervisory system. Each EU country must designate a Digital Services Coordinator to supervise services established in the country. The European Commission has direct supervision of very large platforms and search engines. Fines may amount to up to 6% of global annual turnover.

Interaction with GDPR and other rules

The DSA supplements GDPR but does not replace it. While GDPR protects personal data, the DSA regulates platforms' responsibility for the content shared on their services. A platform must comply with both regulations simultaneously. The DSA also has interfaces with NIS2 on cybersecurity and DORA for financial services.

Frequently Asked Questions about Digital Services Act (DSA)

What is the Digital Services Act (DSA)?

The Digital Services Act is an EU regulation that governs digital intermediary services, including online platforms, marketplaces and search engines. It sets requirements for content moderation, transparency, user rights and combating illegal content online.

Who is covered by the DSA?

The DSA covers all intermediary services offering services to users in the EU, regardless of whether the organisation is established in the EU. This includes internet providers, hosting services, online platforms, marketplaces and search engines.

When did the DSA enter into force?

The DSA entered into force on 16 November 2022. Very large online platforms and search engines had to comply from August 2023, whilst all other services had a deadline of 17 February 2024.

What are the sanctions for breaching the DSA?

Fines may amount to up to 6% of the organisation's global annual turnover. For repeated infringements, periodic penalty payments of up to 5% of average daily turnover may be imposed.

How does the DSA differ from GDPR?

GDPR focuses on the protection of personal data, whilst the DSA regulates digital services' obligations regarding content moderation, transparency and illegal content. The two regulations complement each other, and platforms must comply with both.