The DSA is part of the EU’s approach to regulating digital technologies, alongside the Digital Markets Act (DMA) and EU AI Act. It was signed into European Union law in November 2022 and passed officially in Ireland through the Digital Services Bill at the same time. It will come into full effect in the EU starting February 17th, 2024.
The EU Commission – through territory-specific digital services coordinators – will be able to impose fines on non-compliant organisations for violations of the Digital Services Act. The fines can amount to up to 6% of their organisation’s total worldwide annual turnover. In the case of repeat offenders and as a last resort, the digital services coordinator can ask a court for a temporary suspension of the non-compliant organisation’s service(s).
The Digital Services Act (DSA)
The rules specified in the DSA primarily concern online intermediaries and platforms
The Digital Markets Act (DMA)
The Digital Markets Act includes rules that govern gatekeeper online platforms. Gatekeeper platforms are digital platforms with a systemic role in the internal market that function as bottlenecks between businesses and consumers for important digital services.
The DSA and DMA have two main goals:
to create a safer digital space in which the fundamental rights of all users of digital services are protected;
to establish a level playing field to foster innovation, growth, and competitiveness, both in the European Single Market and globally.
Why do we need new rules?
Online platforms have created significant benefits for consumers and innovation and helped the European Union’s internal market become more efficient. They have also facilitated cross-border trading within and outside the Union. Despite a range of targeted, sector-specific interventions at EU-level, there are still significant gaps and legal burdens to address.
A core concern is the trade and exchange of illegal goods, services and content online.
Online services are also being misused by manipulative algorithmic systems to amplify the spread of disinformation, and for other harmful purposes.
The accelerating digitalisation of society and the economy has created a situation where a few large platforms control important ecosystems in the digital economy. They have emerged as gatekeepers in digital markets, with the power to act as private rule-makers. These rules sometimes result in unfair conditions for businesses using these platforms and less choice for consumers.
The European Commission believes that Europe requires a modern legal framework that ensures the safety of users online, establishes governance with the protection of fundamental rights at its forefront, and maintains fair and open online platform environment. The DSA and DMA are part of this framework, along with the Cyber Resilience Act, The EU AI Act as well as DORA in the Financial Services sector. All these Regulations aim to provide stability of the platforms used in everyday life in the European market.
Author: Neil Redmond, Director of Cyber Security, PWC and graduate of the Executive MBA (2004)
To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
Functional Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
The technical storage or access that is used exclusively for statistical purposes.The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.