The Digital Services Act: a primer
Following its adoption by the Council on October 4, the final version of the Digital Services Act (DSA) has been approved and will be published in the Official Journal of the European Union (OJEU) in the forthcoming weeks. The DSA operates a major step in the ambitious project of redefining interactions and power relations in the digital environment and concluding a process that began with the presentation of the proposal (together with the Digital Markets Act, DMA) in December 2020 as part of the s.c. Digital Services Package.
Since then, the road to the approval of the DSA was significantly fast-paced: after the presentation of the proposal and the beginning of the negotiations in the Council, Member States unanimously agreed on the Council’s position on the DSA in November 2021 already. Now, after its publication, the DSA is expected to come into force in early November.
Since the announcement of the Proposal, the DSA arose at the centre of the debate between scholarship and industry. The goals of the proposal were immediately identified as extremely ambitious: the Act constitutes an attempt to fully harmonize rules to be applied to digital intermediary services, in order to advance the protection of fundamental rights in the EU and to ensure the establishment of a safe, predictable and trustworthy online environment (in the words of the Executive Vice-President of the Commission Margrethe Vestager).
To do so, the DSA is expected to update the pre-existing system as mostly shaped by the E-commerce Directive 2000/31/EC, building up from the traditional distinction between mere conduit, caching, or hosting activities involving data acquisition and processing, and shaping the regime for intermediaries’ responsibilities and liability accordingly.
As for the content of the DSA, the obligations set in the Act are heterogeneous, and in general, they can be qualified as 1) liability rules; 2) provisions regulating transparency and reporting requirements, and lastly 3) rules on due diligence for intermediaries and online platforms for third-party content.
Additionally, the DSA identifies a set of additional risk-mitigation responsibilities for intermediaries that are qualified as Very Large Online Platforms (VLOPs) and Very Large Search Engines (VLSEs). Based on these elements, it is reasonable to assume that the impact of the DSA will be profound on a horizontal scale, addressing large operators as the main target of the Act, but affecting medium and small-sized operators as well.
The multilayered approach endorsed by the EU institutions constitutes a major innovation in the European framework: amongst the provisions that will apply to all operators in the digital market, the Act introduces universal obligations on transparency reporting, terms of services duties of cooperation with national authorities, and the institution of points of contact applying to all intermediary services irrespective of the size of the firm; besides these rules, the DSA also envisions a set of incremental asymmetric obligations to be applied to hosting services, online platforms and VLOPs. The DSA’s approach aims at establishing a set of de minimis rules followed by all the operators in the industry and, in addition, crescent obligations for those subjects, which display a higher market power and, therefore, a higher level of risk for users.
The philosophy of the DSA, and the road to its full application
Many comments in the months preceding the DSA’s approval in its previous iterations discussed the characteristics of its most relevant provisions: amongst the most controversial aspects, rules on recommender systems and advertisements and on the role that the new s.c. trusted flaggers will play in the content moderation framework were thoughtfully inspected. More in general, much attention was paid to the effectiveness of the new harmonized system that the DSA delineates to respond to the presence and dissemination of unlawful content online, and to the relation between the DSA and other sector-specific legislative initiatives that apply to digital services.
Now that the Act has been approved – and with the DMA being published on October 13 in the OJEU– it is worth trying to operate a general assessment of the operation that is taking place at the European level and evaluate what to expect from now onwards.
This aspect is particularly important considering that, besides advancing users’ rights, the DSA will have a major impact on the competitive environment by redefining the cost structures and the interplay dynamics amongst market actors as well as between them and EU institutions. With regards to this aspect, the DSA shows the increasing interest by EU institutions to engage in actions based on co-regulatory paradigms as a way to tackle the informational and structural asymmetry that has been long identified as the main source of regulatory failures when engaging with power in digital markets.
Accordingly, the regulatory model employed by the DSA – which is analogous to the one followed in the DMA as well as in the Artificial Intelligence Act (AIA) – is aimed at creating macro-categories. These categories correspond with different rules regarding due diligence, controls, and sanctions, and are generally defined through a teleological approach, identifying the principles and perimeters that should inspire the intermediaries’ action. Within these boundaries, operators can self-regulate in the identification of the best measures to comply with the regulatory framework designed by the DSA, with the area of ‘free competition’ being more and more restricted as the operator acquires market power.
As a consequence, the Commission aims at exercising its behavioural powers – and, when necessary, sanctions – as an ex-post remedy in case of violations of the Act, while mostly relying on reporting and (for VLOPs and VLOEs) auditing, as primary tools to detect misalignments with the principles set by the DSA.
This choice has significant consequences, that will be determinant for the Act to achieve its expected goals. Intuitively, a fundamental aspect will involve the ability of the Commission to effectively carry on with its role, as well as to assess the competitive outcomes of different strategies that could be employed at different levels to actualize the obligations set in the DSA.
With the Act entering in full force at the beginning of 2024 for all operators, and with some of its provisions beginning to apply on previous dates  the industry and the EU institutions will face immediate challenges in making the Act enforceable, that will most likely shape the structure of digital markets.
At first glance, we can identify a set of challenges that the DSA will have to overcome in the immediate future to effectively promote competition in the digital environment.
Aspects to be addressed in order to put the DSA framework “in motion”
The first central aspect concerns the allocation of resources to allow for effective monitoring and supervision of DSA’s obligations. The transparency reporting obligations will be the first to apply after the approval of the DSA. Thus, it will be essential for the Commission to ensure that sufficient resources are allocated to allow for effective scrutiny of the information provided by the platforms.
This issue also applies to one of the most relevant innovations brought by the DSA, i.e., the obligation to establish a single point of contact for direct communication between them and their users to allow for meaningful communication regarding restrictions of user-generated content, the Commission will have to lay down a significant amount of human resources to ensure that operators do actually implement DSA-compliant procedures.
In the absence of effective tools for conducting monitoring and supervision, there is a risk that platforms will be able to exploit supervisory shortcomings and frustrate the goals of the DSA.
Another significant element, which needs yet to be solved, relates to DSA’s delegated acts and interpretation. To properly operate, the DSA will require the implementation of a plurality of delegated acts, codes of conduct, and voluntary standards mentioned in the Act. These documents will be delegated to different actors.
Amongst the most relevant documents e.g. the Commission shall:
- Redact a list of trusted flaggers for content moderation and inspection, pursuant to Article 22(5), and provide a set of reporting standards for these subjects;
- Establish rules for platforms’ audits towards VLOPs and VLOEs, under Article 37(7);
- Identify the technical conditions for data sharing, under Article 40(13).
All these steps are, indeed, prior conditions for the DSA to properly operate. Additionally, some of these delegated acts will be essential to interpret and update some of the DMA’s concepts, such as dark patterns, which are presented and illustrated in their main characteristics in Recital 67 only.
It goes without saying that any regulatory uncertainty will lessen the DSA’s effectiveness in levelling the playing field across market actors, and potentially allow for exploitative conduct to the detriment of consumers.
Putting the user at the centre of the system, for real
Amongst the main novelties introduced by the DSA, the centrality of the users cannot be doubted. Users will be entitled to receive information inter alia about the parameters and indexes that are used to craft personalized advertisements or, more in general, regarding the use of recommender systems (with an explicit opt-out system for automated recommenders employed by VLOPs and VLOEs).
Additionally, every time that users are subject to a restriction of their generated content, they will be entitled to receive a statement of reason explaining the basis for the platform’s action and will subsequently be entitled to access to a multi-level grievance mechanism including an internal complaint-handling system, an out-of-court dispute settlement system, and a traditional model based on judicial redress (both individual and collective).
Therefore, ensuring the effectiveness of remedies provided by the DSA will play a pivotal role in order to properly advance users’ protection in the digital environment.
Currently, and for these innovations to be effective, some aspects will have indeed to be further clarified: inter alia, the organization of the settlement system and the identification (and, if needed, institution) of the relevant body to solve disputes will represent a major critical aspect in the future. This also considering that, whereas arbitration bodies were to be employed, this would essentially delegate an essential content moderating function to a private entity, which might prove itself particularly problematic considering that the moderation over user-generated content has significant – and still unresolved – interaction with fundamental rights such as freedom of speech, or on the competitive relationship between one of the platforms and its competitors.
Eventually, the relation of these bodies with judicial redress, and eventually, the institution of forms of public scrutiny, will have to be further developed. Recently, consumers’ freedom of choice was identified as a determinant element in antitrust cases, in order to assess the presence of lock-in effects characterizing dominant positions in digital markets. The very existence of such choice shall be assessed by operating the actual effectiveness of remedies, which will also constitute a primary private enforcement tool for countering manifestations of platforms’ power.
As we already observed, users have a pivotal role and are subject to a significant amount of information regarding how their content is managed and the reasons why some services and offers are displayed to them. Against this background, the regulation of the modes of disclosure and the improvement of users’ literacy levels will be essential.
First and foremost, the significant reliance on disclosure duties as a means of regulation is always prone to the well-known critique regarding their effectiveness in general: e.g., with regards to recommender systems, all information regarding their parameters and modes of operation must be presented to the user in the platform terms of services.
It goes without saying that, as users are already not used to reading the conditions for accessing a service, fueling that document with additional information will most likely have little or no role in empowering them and allowing them to make aware choices.
The overreliance on disclosure duties is also particularly significant when considering the level of specification that information should display. Even if the regulation states that disclosure towards users should be readable and easy to understand, in the absence of an actual effort to improve users’ specific literacy regarding e.g. the characteristics of the content moderation system, as well as how to activate the specific remedies that the DSA provides, informing them about the existence of these tools would only amount to additional information they will not read or consider.
Even if other Regulations – in primis the DMA – expressly forbids major platforms on the market to exploit information asymmetry and condition access to digital services to users’ consent regarding data processing (therefore creating structural barriers favouring exploitation), it should be observed that aware choice  still constitutes a cornerstone of the competitive process. Thus, structuring effective disclosures has a major impact on the market’s development.
Assess the DMA’s impact on enterprises’ operativity models
A major doubt regarding the DSA’s effectiveness in the competitiveness of the digital market lies in the ability of enterprises to encompass the regulatory cost in a prospective way and more in general in the economic and organizational impact of the DSA on them.
Whereas legislators expect that the DSA will provide a level playing field in the market by enabling small and medium enterprises to enter the market while at the same time advancing user protection in the digital environment, the introduction of the DSA’s diversified asymmetric obligation system will require firms to develop sophisticated and dynamic business models that can take into account the additional obligations a firm will have to consider once it scales in size (e.g. after being qualified as a VLOP).
Also, compliance – as the GDPR experience teaches us – might have a significant cost for the enterprise, and subsequently operate as an entry barrier favouring concentration in the provision of digital services. Therefore, even for the existing VLOPs and VLOES, the economic and managerial sustainability of the DSA will be another element to take into account in evaluating whether the new regulation will actually enable more competition in digital markets.
The role of the DSA as a piece of the overall architecture the EU is setting up
Although one of the main goals of the DSA was to reduce the normative fragmentation resulting from the initiatives undertaken at the national level, the DSA is, by itself, a piece of a wider puzzle that should be considered in its entirety both in its horizontal and vertical dimension, ensuring the DSA’s harmonization with other Regulations.
Even if coordination with the DMA was, in part, assured by the parallel development characterizing the two proposals, on a horizontal level contingencies – and potential overlaps – can still be expected. This might happen, for example, between the DSA and the Artificial Intelligence Act (AIA), as some of the technologies subject to regulation in the DSA – e.g. those related to personalized advertising – might fall within the taxonomy of the AIA. Eventually, also the recent proposal for the European Media Freedom Act (EMFA), which enshrines a right of customisation of audiovisual media offer in favour of users (Art. 19), might require coordination with the DSA’s rules.
As for the vertical dimension, the DSA is not intended to replace, but rather to complement, these sectoral initiatives, which will continue to apply as lex specialis. Accordingly, sector-specific regulation is supposed to remain in force alongside the DSA, including inter alia the 2018 revised Audiovisual Media Services Directive (AMSD), the Platform to Business Regulation, and the main bodies of consumer protection such as the Directive (EU) 2019/2161 and the Unfair Commercial Practices Directive. Whereas this aspect is, in principle, understandable, it should rather be observed that the EU is experiencing a general renovation trend that will affect these regulations as well. For example, the AMSD will most likely be amended on the basis of the impact of the EMFA, and the Commission recently launched a new fitness check regarding the UCPD in the digital markets.
The outcomes of this fast-paced and multi-faceted renovation process that is impacting European law at different levels will be essential in order to evaluate whether at the time of its entry into force the DSA will locate itself within a harmonized regulatory environment, which was identified as essential to ensure a competitive and accountable online environment, mirroring the primary goal of the EU Digital Strategy.
 E.g. reporting obligations applicable to online platforms (Art. 24(2)) will start to apply immediately, as well as a set of specific obligations related to the designation of VLOPs and VLOEs (Art. 33).
 As qualified under Art. 7 GDPR, to be interpreted in accordance with Recital 32 of the Regulation.