On February 17th, 2024, the European Union (EU) introduced a transformative piece of legislation that impacts both European users who create and share content online and the tech companies that act as intermediaries on the internet. This legislation, known as the Digital Services Act (DSA), was first proposed in December 2020 to modernize the outdated EU e-Commerce Directive, a 20-year-old law that has long provided critical safeguards and legal certainty for businesses operating in the digital space.

The DSA is a landmark regulation introduced by the European Union to create a safer, more transparent digital space across Europe. It imposes a range of obligations on digital services, aiming to protect users from illegal content, ensure transparency, and hold online platforms accountable for their role in the digital ecosystem.

Emerging from this regulation, new obligations divided into four categories were imposed on the Internet service providers (ISPs). The European legislator considers the following principle: responsibilities shall be proportionate to the user’s dimensions.

First level: These services, which include internet service providers and domain registrars, face the least stringent obligations. Their primary responsibilities are to cooperate with authorities and provide transparency about their operations, but they are generally not liable for user content as long as they act swiftly to address illegal activities when notified.

Second level: Hosting providers, such as web hosting companies, have more direct obligations. They must implement effective notice-and-action systems to remove illegal content quickly upon receiving a valid notice. Failure to act can lead to increased liability.

Third level: Online platforms, including social media sites and online marketplaces, are required to go beyond just hosting content. They must provide robust complaint-handling systems, prioritize reports from trusted flaggers, and ensure transparency in their content moderation practices. These platforms face higher levels of liability if they do not comply with these obligations.

Fourth level: VLOPs have the most significant responsibilities under the DSA. In addition to all the obligations of smaller platforms, they must conduct risk assessments, undergo independent audits, and be prepared for crisis situations. Their operations are under closer scrutiny, and non-compliance can result in severe financial penalties

Non-compliance can result in hefty fines—up to 6% of global annual turnover for serious violations. This makes it imperative for businesses to not only understand the DSA but to actively ensure they are in compliance.

While the DSA is a significant regulatory framework, it’s not the only one you need to be aware of. Businesses operating online, especially those with a global presence, should also consider:

GDPR Compliance: The General Data Protection Regulation (GDPR) remains a cornerstone of data protection in the EU. Ensuring your data handling practices align with GDPR requirements is essential to avoid penalties and maintain customer trust.

Content Moderation and Free Speech: In the U.S., Section 230 of the Communications Decency Act provides broad protections for platforms regarding user-generated content. However, this does not mean platforms are free from all obligations—public pressure and voluntary commitments often drive content moderation practices beyond what the law requires.

Cross-Border Operations: If your business operates across multiple jurisdictions, understanding how laws like the DSA interact with other regulations, such as the U.S. DMCA or the UK's Online Safety Bill, is crucial. Harmonizing your compliance strategy across different regions can save time and reduce legal risks.

What Should Businesses Do Next?

1. Assess Your Risk: Evaluate how the DSA and other regulations apply to your business. If you operate a VLOP, start preparing for the additional obligations, including risk assessments and audits.
2. Review and Update Policies: Ensure that your terms of service, content moderation policies, and data protection practices are up-to-date and compliant with the latest regulations.
3. Invest in Compliance: Consider investing in legal counsel or compliance software that can help you navigate the complexities of the DSA and related regulations. Regular training for your team on these issues is also a good practice.

The DSA marks a new era of accountability and transparency in the digital world. For businesses, understanding and adapting to these changes is not just a legal obligation—it’s a strategic necessity. By taking proactive steps to ensure compliance, you can not only avoid penalties but also build a stronger, more trustworthy relationship with your customers.