The Digital Services Act – Questions and Answers

The Digital Services Act ("DSA") described by some as the "Constitution of the Internet" became fully applicable across the EU on 17 February 2024.

The DSA is designed to provide greater online safety by ensuring that what is illegal offline is also illegal online. There is a key focus under the DSA on better protection for minors.

Below we answer some frequently asked questions:

Who is in scope?

Prior to 17 February 2024, those Very Large Online Platforms ("VLOPs") and Very Large Online Search Engines ("VLOSEs") designated by the EU Commission were subject to the obligations under the DSA.

From 17 February 2024, the DSA applies to all providers of online intermediary services in the EU (hereinafter "ISPs"), whether or not the providers are established in the EU. The DSA therefore also applies to non-EU organisations that target the EU market.

Does the DSA apply in Ireland?

The DSA is an EU Regulation and therefore has direct effect across all EU Member States. However, Ireland was required to introduce legislation to provide for the implementation of supervision and enforcement provisions of the DSA. The Digital Services Act 2024 ("the 2024 Act") was signed into law by President Higgins on 11 February 2024.

What are key features of the Digital Services Act 2024?

The 2024 Act designates Coimisiún Na Meán ("the Coimisiún") as Ireland's Digital Services Coordinator ("DSC"). The Coimisiún shall therefore be responsible for all matters relating to the supervision and enforcement of the DSA in Ireland, and for ensuring coordination at national level in respect of those matters.

The 2024 Act also designates the Competition and Consumer Protection Commission ("CCPC") as the competent authority for purposes of Articles 30 to 32 of the DSA which relates to the supervision and enforcement of online marketplace obligations.

What powers do Digital Service Coordinators have?

DSC's have the following powers under the DSA:

• The power to require information relating to a suspected infringement of the DSA
• The power to carry out or order an inspection in order to examine, seize, take or obtain copies of information relating to a suspected infringement
• To make commitments offered by providers in relation to compliance with the DSA binding
• The power to order cessation of infringements
• The power to impose fines,
• The power to impose periodic penalty payment to ensure that an infringement is terminated
• The power to adopt interim measures in order to avoid the risk of serious harm

What does this mean for Ireland?

Ireland has long been considered as a leader in world technology and is uniquely positioned given that 13 of the 22 designated VLOPs and VLOSEs have their headquarters in Ireland.

The EU Commission have powers to supervise and enforce the DSA in relation to designated VLOPs and VLOSEs. However, where the EU Commission has not initiated proceedings for the same infringement, the member state in which the provider of a VLOPs or VLOSE has their main establishment shall have powers to supervise and enforce obligations under the DSA, with respect to those providers.

The Coimisiún will have powers to supervise and enforce the DSA in relation to ISPs which have their main establishment in the State, or if their legal representative resides in the State.

What are the penalties for those who do not comply with the DSA?

The fines are at a very similar level to GDPR however the maximum fines of up to 6% of annual worldwide turnover from the previous financial year are even greater showing how serious the EU considers the topic.

Those intermediary service providers who fail to supply information or provide incorrect or misleading information are liable to being fined 1% of worldwide turnover.

Periodic payments of 5% of the average daily worldwide turnover or income of the provider, in order to enforce an obligation, is also catered for in the DSA.

What next?

It will be a busy time ahead for both Regulators and ISPs as they adapt to the new obligations they are required to enforce and comply with under the DSA.

The Coimisiún have published guidance and application forms on their website for Out of Court Dispute Settlement (Article 21) and Trusted Flaggers (Article 22).

The Coimisíun have also provided guidance about how they will be handling EU DSA complaints. Notably, the Coimisiún state that while they will assess if ISPs are doing what they are obliged to do under the DSA in relation to illegal content, it is not part of their remit to carry out a content moderation role, to act as an appeal body from decisions of ISPs or to act as a judge in disputes between different parties or different users about illegal content.

Additionally, the Coimisiún advises that if they receive complaints relating to online trading, it may be transmitted to the CCPC as the relevant competent authority.

You can view the Coimisiún's most recent publications here.

If you require any advice or assistance, please do not hesitate to contact Sinéad Taaffe or Damien Watson of this office.