- Kristýna Zábojníková
In recent years, many services have moved online. Almost anything can be bought from the comfort of home these days, and sharing information to a wide range of people is just a click away. That is why the European Union has taken steps to make the online environment more secure, trustworthy, transparent and predictable across its Member States.
The Digital Security Act (DSA)
The Digital Security Act (the "Regulation" or "DSA") is a European Union regulation for operators of platforms such as Youtube, Instagram, Allegro and other similar services.. The Regulation came into force on 17 February 2024.
The aim of the DSA is to respond to the dynamic development of online platforms and services and the increase in the number of people using these services in their daily lives. The modernization and improvement of the regulatory framework for digital services in the European Union focuses on stronger user protection in the online environment, including transparency, limiting misinformation, reporting mechanisms for illegal content and other obligations – all of which the European Union expects from the Regulation.
What are digital services?
The DSA applies to what it calls 'digital services'. These are various online platforms and services including social networks, online marketplaces, hosting, etc. Realistically, we can think of these as:
Public WiFi networks or VPNs
Accommodation and travel platforms
Social media
Platforms for sharing information
Shopping platforms
Cloud computing services
Internet search engines
Reverse proxy servers
Who is affected by the DSA?
The regulation affects a wide range of digital service providers. Providers of individual services must respect the obligations imposed by the Regulation from 17 February 2024. These services then include simple transmission services, caching services and hosting services.
The principle of the DSA requirements
A specific feature of the Regulation is the introduction of asymmetric rules. The obligations do not apply equally to all entities but depend on the social and economic impact of the intermediary in question. Obligations are thus divided into certain groups, and gradually escalate.
Additional obligations will apply to operators of very large online platforms and search engines. Specifically, these are entities that have an average monthly number of active recipients of their services of at least 45 million. They will then be labelled as very large operators by the European Commission. The current list of all thewentities can be found here.
Some of the very large operators include LinkedIn, Booking.com, YouTube, Zalando and Google.
Specific obligations according to the DSA
The greatest emphasis is placed on the obligation of transparency and information sharing, whether in terms of publishing contact details, information on content moderation procedures or rules for handling complaints. These obligations apply to all intermediaries.
- If the entity provides hosting services or operates online platforms, it is already subject to extra obligations. They must have a mechanism in place to report illegal content, and clearly and specifically justify any restriction on content.
- Slightly stricter obligations fall on online platform providers, where there is also a strong emphasis on moderating not only illegal content and creating mechanisms for complaints and reporting, but also on regulating the publication of advertisements. There is a particular focus on the protection of minors.
- For platforms that provide space for trading, the emphasis is on knowing the traders to whom they offer their space. In addition, they should randomly verify the legality of the goods and services offered and inform the consumer in the event of a breach.
- The last category with the most stringent obligations is the very large online platforms and internet search engines. The most important obligation is the requirement to analyze the risks associated with the provision of servicesand then implement appropriate measures.
With the DSA Regulation, we also have two new statutes. The positions of trusted whistleblower and vetted researcher are designed to review content and detect systemic risks.
Role of the Czech Telecommunications Office
The Regulation imposes obligations not only on private parties but also on Member States, which should designate a body to supervise compliance with the Regulation. This national coordinator of digital services should be the Czech Telecommunications Office, as is clear from the draft Digital Economy Act currently before the Government for discussion.
