Will the DSA’s Short Compliance Deadlines Set Some Companies up to Fail?
This week, EU decision makers – member state ambassadors and the European Parliament’s lead committee – are expected to adopt the Digital Services Act (DSA).
These new rules need to be workable in practice in order to lead to a safer and more trustworthy Internet. Most importantly, digital service providers need to be given sufficient lead time to adjust to, and comply with, the new regulation.
While most companies will get 15 months to comply with the DSA obligations, very large online platforms (VLOPs) – defined as those having at least 45 million active users in the EU – are only given a mere six months. This despite VLOPs having much more obligations to implement.
This two-tier approach raises many questions about practical implementation, putting effective compliance and enforcement at risk. Indeed, a DSA with unrealistic lead times would only pay lip service to societal and political concerns about illegal online content, instead of delivering a workable system.
The European Commission will enforce the rules for VLOPs, but in doing so it has to consult the various national regulators, known as Digital Service Coordinators (DSCs). These DSCs, however, will likely not have been established yet when the VLOPs have to comply, as EU member states are given 15 months to comply with the DSA.
DSCs are supposed to designate ‘trusted flaggers’, and VLOPs should consider engaging with these ‘trusted flaggers’ as part of the overall risk assessment and mitigation process. Another example is the role of DSCs in assessing and approving applications by vetted researchers to access VLOP data for specific research projects that meet the criteria set out in the DSA. But how can VLOPs be required to share data with vetted researchers, when the required safeguards won’t be in place for at least nine months?
There is also significant doubt about whether it is actually lawful to impose differentiated implementation periods. The EU Court of Justice (CJEU) already stressed before that the general principle of equal treatment and non-discrimination requires that comparable situations are not treated differently unless differentiation is objectively justified. More specifically, the CJEU considers (C-182/03 and C-217/03) that the principle of equal treatment is infringed if transitional measures are not provided, without providing a reason, to certain groups affected in the same way as others who benefit from such measures.
Indeed, the European legislator should allow an implementation period of 15 months for all providers of digital services, as it has implicitly recognised that the implementation of these DSA obligations is a complex process that requires considerable time. VLOPs, which are subject to additional obligations, should be given at least the same amount of time as everyone else to ensure diligent implementation of their DSA obligations.
After years of hard work, it is essential to ensure that the Digital Services Act becomes a well-functioning regulation that all companies can actually comply with in practice. The DSA will only be a success if it actually sets up companies, and thus all their users, to succeed rather than fail.