Bumpy Flight for DSA Implementation Ahead
Main takeaways
- The European Commission has been rolling out the Digital Services Act ambitiously
- Yet, while important obligations are about to kick in, vital guidance is still lacking
- Key concepts, such as the methodology for calculating “active users” remain unclear
The European Commission is expected to soon announce its latest round of “very large online platforms” (VLOPs) and “very large search engines” (VLOSEs) designations under the Digital Services Act (DSA). The DSA was adopted over a year ago, which is a great opportunity to reflect on its implementation.
The roll-out of these landmark EU rules, which aim to offer a safe online experience for Europeans, has been progressing steadily in recent months. But that does not mean it’s going off without hiccups.
The first batch of companies that were designated as VLOPs and VLOSEs only had four months to comply (i.e. until 28 August 2023), while other companies still have till 17 February 2024 in order to prepare. Looking back at this first year of DSA implementation, recent months have led to far more questions than answers. Both platforms and stakeholders are increasingly turning to the “control tower” for instructions. But are there enough air traffic controllers in the Commission’s tower, and do they have the bandwidth to ensure a smooth flight?
First of all, the Commission urgently needs to clarify the many questions about the methodology it uses to calculate the infamous “number of average monthly active recipients of the service in the Union” metric. While informal guidance was published earlier this year, there is still no consensus on how to prevent double-counting of users, or what the precise definition of an “active user” is. This is crucial, as this number is used by the Commission to decide whether a company qualifies as “very large” under the DSA, or not.
Indeed, when companies reach the threshold of 45 million active users, they face numerous additional obligations which require significant preparation and time to comply with. Yet, it remains unclear what actually counts as an “active user” and thus which companies exactly qualify. The uncertainty that companies are currently facing needs to stop. The Commission should consult stakeholders as soon as possible and then prepare formal guidance, to be adopted in February 2024.
Generally speaking, it increasingly looks like the European Commission has delayed most of the key guidance originally foreseen by the DSA. Think, for example, about guidance on trusted flaggers, dark patterns, the protection of minors, risk mitigation, and ad repositories. It would be very useful to get answers to pertinent questions about these important issues.
It is understandable that the Commission first had to prioritise legislative acts that were indispensable for the DSA’s enforcement. Making sure the wings are properly attached to the plane’s fuselage before take-off makes sense. But it would be useful to communicate when companies can expect further guidance on the correct route and how to avoid turbulence, once all those flights are airborne.
For instance, avoiding discrepancies in how trusted flaggers are appointed – and who exactly is “trusted” enough to qualify as a flagger – by national authorities is necessary for companies that are active across the EU and want to ensure EU-wide DSA implementation within their organisation. So, at the very least, the Commission should create a database to have a centralised list of trusted flaggers designated at national level before February.
The Commission also opened five DSA-related consultations since the beginning of the year, prior to adopting acts on procedural rules, supervisory fee, audit rules, transparency database, and data access requests. While this effort to gather feedback is commendable, stakeholders would greatly benefit from longer consultation periods (so far, an extremely tight four-week window was the norm), and greater predictability as to when each consultation foreseen by the DSA is likely to take place.
A clear timeline for these acts would be very helpful. For instance, the act on audit rules was only published in late October (with three months left before the Act became law), while at the same time, VLOPs and VLOSEs are expected to launch their mandatory internal audits soon. Without air traffic control’s flight routing information, it is extremely difficult to take off. Similarly, the so-called “transparency database” collecting information on content moderation decisions made by VLOPs was finalised only a fortnight before its official launch, long after online platforms already had to prepare their own systems in order to be ready in time.
In only a few months, the DSA will apply to all online platforms, search engines, and online intermediaries within its scope. Soon everything needs to be ready for the simultaneous take-off of hundreds of flights. Companies that have to comply with the DSA are preparing well in advance but need predictability to do so. Yet, the control tower that is supposed to provide guidance seems to be behind schedule, with too many flights stuck in a queue before they can take off.
For the DSA to become a success, regulators need to be willing and available to cooperate with online intermediaries, as the rules need to be as predictable and reliable as possible. That is why the European Commission and national authorities need to work hand in hand with companies of all sizes to make sure those different operators can offer a smooth flight for Europeans. The tech sector wants the DSA to succeed, and we look forward to all companies receiving clear guidance.
