The DSA entered into force on November 16, 2022 and will be fully applicable in Member States from February 17, 2024. While many provisions of the DSA apply without the need for implementing legislation, since EU Regulations have a direct effect, the Bill is necessary to give effect to those provisions which do not apply directly.

An overview of the DSA

The DSA is an EU Regulation which amends the e-Commerce Directive. As provided in Article 1(1), it aims to strengthen the operation of the EU's internal market for online intermediary services by leveling the playing field for digital businesses whilst creating a safer, more competitive, and innovative online space for consumers.

In terms of scope, the DSA applies to organizations that provide online intermediary services within the European Single Market, regardless of whether they are established in the EU or outside of it. The DSA encompasses three types of intermediary services:

• 'mere conduit' service: consisting of the transmission of information provided by a recipient of the service through a communication network or the provision of access to a communication network;
• 'caching' service: consisting of the transmission of information provided by a recipient of the service through a communication network, which includes the automatic, intermediate, and temporary storage of that information. The purpose of this storage is to enhance the efficient onward transmission of the information to other recipients upon their request; and
• 'hosting' service: consisting of the storage of information provided by, and at the request of, a recipient of the service.

There are four categories of Intermediary Service Providers (ISPs) defined in the DSA:

• Category 1 (ISPs): these organizations provide online services that include a 'mere conduit' service, a 'hosting' service, or a 'caching' service. Examples of this category include internet access providers and domain name registrars.
• Category 2 (hosting services): these ISPs store the information provided by service users at their request. Examples of this category include web hosting services and cloud services.
• Category 3 (online platforms): these hosting services store and disseminate information to the public, as requested by service users. Examples of this category include online marketplaces, app stores, collaborative economy platforms, and social media platforms.
• Category 4 (VLOPs and VLOSEs): Very Large Online Platforms (VLOPs) and Very Large Online Search Engines (VLOSEs) are platforms or search engines with at least 45 million average monthly active service users in the EU, which represent approximately 10% of the EU population.

The categorization of ISPs determines the legal obligations imposed on them. The DSA adopts a tiered approach as set out in the table published by the European Commission, with the VLOPs and VLOSEs subject to more stringent obligations due to the risks they pose in relation to the dissemination of illegal content and societal harm more broadly.

The content of the Digital Services Bill

The Bill has several objectives, including ensuring the necessary infrastructure to enforce the obligations outlined in the DSA. Alongside solidifying the liability framework for ISPs, the Bill also aims to standardize the process of removing illegal content through court orders. Additionally, the Bill covers various miscellaneous provisions.

Furthermore, the Bill incorporates the Government's decision to designate Coimisiún na Meán (CNM) as the Digital Services Coordinator, which serves as the relevant competent authority under the DSA. The Online Safety and Media Regulation Act 2022, enacted on March 15, 2023, amends the Broadcasting Act 2009 and establishes CNM. CNM is an independent body, led by an Executive Chair and three commissioners: an Online Safety Commissioner, a Media Development Commissioner, and a Broadcasting Commissioner.

The Bill assigns CNM with the responsibility of supervising and enforcing the provisions of the DSA for ISPs legally established in Ireland. This is in line with the EU's country-of-origin principle, which requires information society services to comply with the laws of the Member State in which they are legally established when operating across the EU. CNM's role includes receiving and investigating complaints from service users and prescribed authorities regarding potential violations of the DSA. CNM is empowered to carry out on-site inspections, interview employees, and request the disclosure of relevant documents and information to aid in investigations. Additionally, CNM can engage in joint investigations with other Digital Services Coordinators from different Member States, and contribute to the coordinated supervision of systemic platforms, many of which are based in Ireland.

In relation to enforcement, the Bill empowers CNM to block access to certain ISPs in Ireland, initiate the process of removing illegal content, and issue content limitation notices. CNM can also impose interim measures and issue orders requiring the cessation of DSA infringements. For breaches of obligations under the DSA, CNM has the power to impose fines of up to 6% of global annual turnover. Failure to comply with requests for information, cooperate with investigations or other obligations may result in fines of up to 1% of global turnover or annual income. Additionally, periodic penalty payments of up to 5% of the average global daily turnover may also be imposed in certain circumstances.

CNM is also responsible for certifying out-of-court dispute settlement bodies, developing and revising an e-Commerce compliance strategy, providing guidance on applying to the courts for orders to act against illegal content online, and other focus areas outlined in the DSA. CNM must also prepare and publish an annual report on the number and subject matter of orders to act against illegal content.

Key takeaways for service users

Users of ISPs that fall within the scope of the DSA will benefit from greater protection of their fundamental rights. The aim is to reduce exposure to illegal content and promote competition, allowing access to a wider variety of innovative services at lower prices.

In passing the Digital Services Bill and establishing CNM, the Government is aiming to ensure greater democratic control and oversight over systemic platforms, supplementing the Commission's regulatory role in overseeing larger platforms and search engines (VLOPs and VLOSEs). The objective is to mitigate the risks of information manipulation and disinformation, creating a safer and more transparent digital environment.

Key takeaways for ISPs

ISPs falling within the CNM's supervisory jurisdiction, based on the country-of-origin principle, must be aware of the potential for enforcement actions, fines, and penalties in case of non-compliance with DSA regulations. Small and medium-sized enterprises (SMEs) will have proportional obligations based on their size, with a transitional 12-month period in place whereby SMEs that grow rapidly can benefit from targeted exemptions from certain obligations under the DSA.

Kate Colleary Founder & Director
[email protected]
Louise McCormack Data protection consultant
[email protected]
Pembroke Privacy Limited, Dublin