The Digital Services Act (DSA) is a sweeping set of regulations passed by the European Union to regulate online platforms and ensure user safety. Key aspects include:
- Requires platforms to quickly remove illegal content, misinformation, hate speech, etc. Platforms must make it easier for users to flag such content.
- Restricts targeted advertising for children based on sensitive data like ethnicity or political views. Requires transparency around ad targeting practices.
- Obligates large platforms (over 45 million EU users) to share data with researchers and regulators to enable oversight. Requires risk assessments and independent audits.
- Violations can result in fines of up to 6% of global revenue. Repeated issues could ban companies from operating in the EU.
Major platforms like Google, Meta, Microsoft, etc. have announced changes to comply, including expanded reporting flows, ad transparency tools, and data-sharing programs. However, specifics on enforcement approach are still developing.
The rules currently apply only in the EU but could influence global policies. The requirements may also pressure companies to extend privacy protections and transparency worldwide, not just in Europe, to simplify compliance.
In summary, the DSA significantly expands obligations around content, data use, and transparency for digital platforms. By threatening access to EU users, it aims to force accountability on tech giants to address societal harms. Its effects will likely have worldwide implications in the years ahead.
The impact of the Digital Services Act on digital platforms: https://digital-strategy.ec.europa.eu/en/policies/dsa-impact-platforms
What Are the Key Provisions of the Digital Services Act
The overarching goal of the DSA is to foster safer, more responsible online environments. It establishes legally enforceable obligations around illegal content, transparency, targeted advertising, algorithmic systems, etc. Key provisions include:
- Faster removal of illegal content: Platforms must put in place systems to quickly take down illegal goods or services, hate speech, terrorist propaganda, and other unlawful material when identified. Users can easily flag such content.
- Restrictions on targeted ads: Targeting ads based on sensitive attributes like ethnicity, political views, sexual orientation, etc., is banned. Strict limits are imposed on targeting ads to minors.
- Algorithmic transparency: For very large platforms, external and independent auditing of algorithmic systems is mandated to assess risks and mitigate issues around illegal content promotion, manipulative interfaces, and more.
- Access to data: Platforms must provide access to data with researchers and authorities to enable oversight. However, data sharing must comply with privacy regulations.
The requirements scale is based on company size and risk profile. Major platforms like Google, Amazon, Meta, Microsoft, etc., with over 45 million EU users, are designated “very large online platforms” (VLOPs) and face the most stringent oversight.
Violations can result in massive fines – up to 6% of global annual turnover. Repeated systemic issues could even result in platforms being banned from operating in the EU entirely.
As such, the DSA fundamentally rebalances power dynamics between Big Tech, regulators, and users. It aims to force platforms to take accountability for societal impacts while still enabling innovation.
The rules currently apply only in the EU. But we will likely see privacy improvements and transparency tools extended more widely as global companies move to simplify compliance. The DSA could emerge as a model for platform regulation globally.
As CIOs, we must closely track these developments from the EU and evaluate potential changes needed to internal policies, processes, and technologies to align with the vision for a safer yet vibrant digital ecosystem. While compliance is the priority today, the principles behind these rules will likely transform the expectations of tech companies worldwide in the years ahead.
What Is the Timeline for Compliance With the Digital Services Act
Here is a summary of key dates for compliance with the Digital Services Act:
February 17, 2023:
Deadline for all online platforms and search engines to publish average monthly active user figures in the EU and update every six months. You are required to have systems to process complaints submitted on behalf of users.
Summer 2023:
Very large online platforms (45M+ EU users) and very large search engines must comply with additional obligations around risk assessments, due diligence, transparency, etc.
February 17, 2024:
Deadline for full compliance for all in-scope service providers. This includes hosting services, online platforms, etc. Must have notice-and-takedown systems, internal complaint systems, and other requirements in place.
The requirements scale is based on company size and risk level. Fines for violations can be up to 6% of global annual revenue.
Online platforms and search engines had early transparency reporting deadlines, while very large players must comply by summer 2023. Full implementation covering all digital service providers is set for February 2024.