Final Countdown: The regulation of online platforms by the Digital Services Act and the Digital Markets Act
1. Overview
a) Digital Services Act (DSA)
The main purpose of the DSA is to update andpartially replace the previously applicable provisions of the E-Commerce Directive from 2020. It applies to allso-called “intermediary services” that are provided to users established orresident in the European Union.
The term of intermediary services is very broad and covers a wide range of service providers. Unlike the E-Commerce Directive, the DSA provides for a tiered system of obligations for intermediary services. The obligations vary according to the role, size and impact in the online environment, and they become more stringent at each level. General obligations apply to all intermediary services, which are supplemented by further specific obligations at each level. A distinction is made between pure intermediary services (level 1), hosting providers (level 2), online platforms (level 3) and very large online platforms or very large online search engines (level 4):
Accordingly, the portfolio of duties is extensive. It essentially comprises the following::
- Moderation of content: Online platforms are obliged to take measures to combat illegal and harmful content. This includes, in particular, hate speech, terrorist propaganda, child pornography and disinformation.
- Transparency: Online platforms are obliged to make their algorithms and business practices more transparent. This should enable users to better understand how their data is used and how content is moderated.
- Manipulation: Online platforms are prohibited from designing their online interfaces in such a way that deceives, manipulates or otherwise interferes with users’ freedom of choice. This is intended, in particular, to put a stop to so-called “dark patterns”.
- User rights: The DSA strengthens users’ rights, particularly with regard to the protection of personal data, the exercise of freedom of expression and the prevention of discrimination. It also strengthens the protection of minors.
However, the wording of the law is sometimes vague and broad, meaning that there are likely to be many ambiguities and even gray areas. The courts will soon be called upon to provide more legal certainty.
b) Digital Markets Act (DMA)
The DMA is intended to create a level playing field in the digital markets and better protect users’ rights and data. To this end, the European Commission has been granted wide-ranging powers to intervene and take timely action against distortions of competition.
The DMA primarily targets large online platforms with a gatekeeper position. This includes companies that have a significant impact on the internal market, whose platform service serves commercial users as an important gateway to end users and has a consolidated and sustainable market position. Specifically, these are companies with an annual turnover of EUR 7.5 billion in the last three years and 45 million end users and 10,000 business users in the EU. The first six gatekeepers were designated by the EU Commission on 6 September 2023:
At the heart of the DMA are obligations for these gatekeepers in the form of Dos and Don'ts (in particular in Art. 5 and 6 DMA). These mainly concern the following aspects:
- Prohibition of Self-Advancement: Gatekeepers must not favour their own products or services over those of competitors.
- Prohibition of data misuse: Gatekeepers must not merge and reuse user data or use it for purposes that are incompatible with the original purpose for which the data was collected. In particular, they must not use data in competition with commercial users.
- Prohibition of Dependency: Gatekeepers must not take any action that would make users dependent on their services. In particular, gatekeepers must not make the use of one service dependent on the use of another service and must allow interoperability with other communication services.
Once designated by the EU Commission, gatekeepers will have six months to implement the obligations. For those gatekeepers that have already been appointed, the deadline is therefore at the beginning of March 2024.
c) Penalties
Failure to comply with these obligations can result in heavy fines, up to 25% of annual turnover under the DMA and up to 6% of annual turnover under the DSA. The penalties are set by the EU Member States.
2. Implications of DSA and DMA on Online Platforms
The two laws have far-reaching implications, some of which we will take a closer look at below.
a) Liability Regime Under the DSA
Contrary to initial expectations in view of the many debates about increasing the liability of platform operators, the EU Commission has largely retained the liability regime of the E-Commerce Directive in the DSA.
Accordingly, online platforms, as so-called hosting service providers, can benefit from a liability privilege if they provide the service in a neutral manner and through the purely technical and automatic processing of the information provided by users.
In this case, operators of online platforms are only liable for third-party content if they do not remove illegal content once they become aware of it.
This means that there is still no obligation for service providers to proactively monitor and investigate the legality of the content on their platform (as explicitly stated in Art. 8 DSA).
Another key aspect of the DSA is that illegal content must be removed quickly and efficiently. In particular, hosting service providers must set up a user-friendly notice-and-takedown procedure for this purpose, through which users can report digital content and effective remedial action is taken in the event of infringements (Art. 16 DSA).
A new provision in this context is that voluntary investigations or other measures to ensure compliance with the law do not exclude liability privileges (Art. 7 DSA).
b) Targeting Giants
The DSA and DMA focus on the really big players - in the case of the DMA, the gatekeepers mentioned above. In the case of the DSA, these are the “very large online platform” and “very large online search engine”, which are at the highest level in the DSA's system of obligations.
In addition to the general obligations under the DSA, the latter are subject to additional obligations regarding general terms and conditions, protection of minors, transparency of online advertising and the establishment of a compliance department. They must also carry out a risk analysis of new functions with regard to the dissemination of illegal content or negative effects on public security. They will also have to pay a supervision fee to cover the Commission’s enforcement costs. The organizational and economic burden of implementing the regulations should not be underestimated.
Providers with an average of more than 45 million active monthly users in the EU fall into the category of very large online platforms. The classification will be based on a decision by the European Commission. A first desgination has already been made. This includes online platforms such as Amazon, Google, Facebook, X (formerly Twitter), TikTok, Booking.com and Zalando.
Some of the affected companies, including Amazon, have already taken legal action against their classification as a very large online platform and the consequences of this classification. Amazon has achieved a first partial success in proceedings for interim measures. The General Court of the European Union granted an interim relief to suspended Amazon’s obligations to publish a directory of advertisements under the DSA on the grounds that Amazon would otherwise suffer serious and irreparable harm. A decision in the main proceedings is still pending.
The EU Commission has also already taken legal action, opening proceedings under the DSA for the first time on 18 December 2023 — against the online platform X. Amongst others, X is accused of failing to take sufficient action against illegal and misleading content, contrary to legal requirements.
However, this is likely to be just the beginning of the EU Commission’s battle against the giants, as it had already announced in October last year that it intended to initiate similar proceedings against Meta and TikTok.
3. Summary
4. Conclusions for Your Company
The DSA and DMA reform package introduces a number of new regulations and obligations. While the focus is on the aforementioned “very large online platforms” and gatekeepers, ultimately all digital service providers are potentially affected.
As of 17 February 2024, all “intermediary services” must comply with the far-reaching obligations of the DSA. There is not much time left.
Moreover, the organizational, technical and legal effort involved in the implementation should not be underestimated. It is therefore advisable to identify, analyze and implement the necessary steps at an early stage.
Given the regulatory uncertainties that still exist in some areas, it is likely to be a major challenge not only for the giants among the companies in the digital market to maintain an overview.
We therefore recommend you to proceed as follows:
- Identification: Companies should check whether and to what extent the DSA and/or DMA apply to them.
- Analyse: If companies are subject to the regulations, they should examine whether and what specific action is required as a result.
- Implementation: If action is required, the implementation should take into account relevant deadlines and other existing laws.
- Monitoring: The above points should be reviewed on a regular basis, as non-compliance can result in significant sanctions.
We are happy to advise you on the necessary steps and strategic implementation.
You might also be interested in this
German collecting society GEMA now seems to be going on the offensive against providers of generative AI systems. Following the presentation of a – in their opinion – fair licensing model for generative artificial intelligence at the end of September, an “AI Charter” as a suggestion and guideline for the responsible use of generative AI was presented at the beginning of November, and now a lawsuit has been filed against OpenAI at the Munich Regional Court.
In a landmark decision, the European Court of Justice (ECJ) ruled on 24 October 2024 that the Member States of the European Union are obliged to protect works of applied art, regardless of their country of origin or the nationality of their creators. “Works of applied art” are objects that serve a specific purpose but are also artistically designed. Examples include furniture such as chairs, shelves and lamps, but also – under strict conditions – fashion creations.
The use of cheat or modding software has always been controversial in the world of video games. While many gamers see it as a way to make games easier or more exciting, developers and publishers often see it as a threat to their rights and the integrity of their products. The European Court of Justice (ECJ) had to consider the copyright component of this issue in a dispute between Sony and the UK company Datel over the use of cheat software called “Action Replay”, which allowed users to alter the course of a game to gain unintended advantages. Read our article to find out how the case was decided and what the implications are for software development practice.
According to the decision “Der Novembermann” of the Federal Court of Justice (BGH), the fees for warning letters are to be calculated on the basis of a so-called overall value of the claim (“Gesamtgegenstandswert”) and allocated to the individual warning letters if they are related to each other in such a way that the same matter is to be assumed.
