Insights into the Digital Services Act (2/3) : liabilities and obligations

In this three-part series, the IP/IT team at Cloix Mendès-Gil delves into the Digital Services Act (DSA), exploring its objectives, impacted entities, and resulting obligations. Previously, we examined the Regulation's general framework, affected parties, and associated penalties. This installment discusses intermediary service providers' obligations and liability under the DSA.

1. Scope of the DSA Regarding Intermediary Service Providers

The DSA, enacted on October 19, 2022, targets intermediary service providers, a concept derived from Directive 2000/31/EC on electronic commerce. The Act categorizes these providers as follows:

  • Simple Transport Services: Involves transmitting information over a communication network or providing network access, typically performed by Internet Service Providers (ISPs).
  • Hosting Services: Entails storing information upon a service recipient's request, including traditional data and IT hosting providers (such as Microsoft Azure, Amazon Web Services, OVH), content-sharing platforms (like YouTube, social networks), and online cloud services (Dropbox, iCloud, Mega, etc.).
  • Caching Services: Refers to the temporary and intermediate storage of information for efficient transmission upon request. This process involves a subset of data storage for quick access by website visitors.

2. Liability of Intermediaries for Content Transmission

Under the DSA, intermediaries provide the necessary technical infrastructure for information transmission or online publication. Similar to France's law on digital economy confidence, intermediaries are not liable for transmitting information on behalf of clients or users, provided they adhere to specific conditions:

  • Simple Transport Services must not originate, select recipients, or alter the transmitted information.
  • Hosting Services should not be aware of illicit content and must act promptly to remove or restrict access upon awareness.
  • Caching Services are required not to alter cached information, adhere to access conditions, comply with industry standards, and promptly address removal requests or legal orders.

In all scenarios, judicial or administrative authorities can demand providers to halt or prevent violations via their services. Notably, the DSA does not mandate general content monitoring, aligning with the 2001 e-commerce directive. However, the DSA introduces a "Good Samaritan" clause, maintaining reduced liability for proactive content regulation efforts.

3. General Common Obligations

The DSA mandates service providers to establish easily accessible contact points for users/customers and authorities. Providers must promptly inform authorities of actions taken in response to injunctions and notify affected users, detailing injunction reasons and available remedies.

Providers outside the EU must appoint a legal representative for DSA services. The DSA also demands annual reports on moderation activities from each provider, exempting micro and small enterprises.

4. Revisions to Terms and Conditions

The DSA necessitates significant updates to service providers' terms and conditions, including:

  • Moderation tools and procedures
  • User content and information restrictions
  • Moderation algorithms and human review processes
  • Internal complaint handling

Additionally, terms and conditions must be clear, simple, intelligible, and accessible. Services predominantly used by minors must ensure terms are comprehensible to this demographic.

The next article will cover additional obligations for hosting providers, content-sharing platforms, and B2C marketplaces.

For assistance with digital space legislation compliance, please contact the IT Contracts, Data & Compliance department.

For further inquiries, please feel free to reach out.