The Digital Services Act (DSA)

The Digital Services Act (DSA) has been agreed upon by the EU Parliament and the European Commission. Together with the Digital Markets Act (DMA), it aims to frame how business is done digitally and how to protect users. The Digital Services Act will have an impact on social media networks, search engine and online marketplaces.

This article only covers the Digital Services Act. The Digital Markets Act will be discussed in a separate blog post. It is by no mean exhaustive and may be incorrect as the DSA is complex (in this case please send me your contact details and I'll correct the article swiftly).

The DSA builds on the eCommerce Directive 2000/31/EC. It has two primary objectives:

  • create a European digital space in which users (consumers) and professional users (marketplace sellers for example) are protected. This means that the regulatory framework will impose rules on how digital platforms manage content, product sales, advertising and the use of algorithms.
  • establish a level playing field in which fair growth and innovation is fostered. This means that all parties play by the same set of rules.

Businesses impacted by the DSA

The definition of the legislation is targeting "online services" in a broad way that includes:

  • online marketplaces
  • social networks
  • content-sharing platforms
  • app stores
  • travel and accommodation platforms
  • internet providers and domain registrars
  • cloud and web hosting services

The EU legislations puts players in buckets which own their own set of specific elements to comply with. Players as listed above are all digital services that provide goods, services or content. These are:

  • Intermediary Services and Hosting Services, for example Network Solutions as domain registrar or the Apple AppStore.
  • Hosting Services, for example Microsoft Azure or Amazon Web Services (AWS).
  • Online Platforms, for example eBay, Tik Tok, Instagram or Twitter.
  • Very Large Platforms, for example Google Search Engine.

Each category has a set of requirements to comply with that the EU has defined (see the Requirements paragraph here below).

The legislation excludes micro, small and medium-sized businesses. The EU defines the threshold being 250 employees or less than 50 million euros annual turnover (read https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:32003H0361 for details). 90% of the EU businesses are small and mid-size enterprises.

One may play with the notion of "very large". It seems that 45 million users is the threshold for becoming such a player. Players conducting business in Europe are subject to the legislation, regardless of where the headquarter of that player is based. We've seen similar approaches with the marketplace MOSS (Mini One Stop Shop) and OSS (One Stop Shop).

As an example, Google's market share in Europe is 91.91% in June 2022 (source https://gs.statcounter.com/search-engine-market-share/all/europe) which makes it qualify as large player.

Requirements

What does the legislation mean for online players? There are well-defined criteria and scenarios but it's fair to say that the future will tell how the interpretation of the legislation will influence the Do's and Dont's of the digital platforms.

In short, platforms are required to:

  • provide transparency in their business that includes their ways of working, contacts and legal representatives, algorithmic calculations (for example how their recommendation engine works) but also user-facing transparency such as bans of advertising to children, prohibition of targeting advertising based on particular characteristics of users or clear(er) terms of service for users.
  • cooperate with national authorities.
  • vet the credentials of third-party suppliers or sellers is a special obligation that marketplace operators will have to take into consideration. It also includes compliance by design.
  • provide visibility in complaints and dispute processes, measures on the topics of fraudulent and counterfeit products.
  • publish information on crisis management, risk management, external independent auditing, internal compliance functions, codes of conduct and public accountability.

The obligations are cumulative based on the bucket classification of the online player. These are:

For all details about the legal implications of the Digital Services Act, read this article by Orrick that provides a long list of obligations.

The legislation is exhaustive and well-defined. We all know, however, that the devil is in the details so expect Google and others to poke holes in the articles in order to bypass of the requirements.

Sanctions

Failure to comply sets the players to pay fines up to 6% of their global turn-over.

Impact on marketplaces

Being fairly enthusiastic about marketplaces, let me try to sketch the impact of the Digital Services Act (DSA) for marketplace operators:

  • provide transparent reports regarding the number of complaints received, disputes and out-of-court settlements. This means that the services quality that includes shipment to the end consumer, state of the packaging, accuracy of delivery and dead-on-arrival (DOA) will have to be published by marketplace operations.
    Unsure that the likes of eBay will see a negative impact on their business as they have quite intensive rules and processes in place. Marketplaces such as Wish may be in deep trouble, though. Mid-size marketplaces may unlock the potential of their marketplace platform such as Mirakl that provides quality dashboards based on KPIs that marketplace operators define.
  • ensure traceability of sellers. This is not new as marketplace operators are due to KYC (know your customers) sellers prior to onboarding them. What is new is that the operators will have to provide information about the sellers such as contact details, identification documents and their bank details.
    To be fair, this is already covered by the new EU Digital Seller Platform Rules that will be in action for transactions in 2023 and to be reported in 2024. This topic will be a major concern for all marketplace merchants during 2023.
    What is new is that operators will also have to provide information about the products that third-party sellers sell, which opens a huge can of worms in terms of counterfeits or copycats. It will enforce more control for platforms such as eBay but as stated above, they've been in that business for decades so their processes are well defined in my opinion.
  • compliance by design. Well that's a big word but what it means is that platforms will have to have well-documented seller KYC and onboarding processes to be able to operate in the EU.
    I seriously doubt that marketplace operators with a revenue above 50 million euros do not have processes in place. I can't see FNAC in France or H&M in Sweden go rogue onboarding sellers. However, marketplaces that are below 50 million EUR revenue may not have covered all aspects of KYC and onboarding in an automated way. There may be some potential to improve for that type of operators.

Overall the transparency and compliance rules are great elements to formalise in the legislation but won't be deal breakers for marketplace operators. The traceability of sellers and requirements to share transactional and product information to the local authorities is more challenging for operators. They will need to find solutions to gather and classify information, compile them in reports and then file them to tax authorities.

What's next

It is expected that the EU formalises the adoption of the Digital Services Act (DSA) during summer 2022. It will enter into force 15 months after the ratification of the act by the EU or 1st January 2024. The very large platforms will see the legislation enter into force four months after they have been designated as entering the category so it could well be that the likes of Google would be under the hook already in 2023.

Summary: