The introduction of the DSA and the DMA will be the biggest shake-up of e-commerce rules since the dot-com boom.
Businesses caught by the scope of the new digital services laws will be subject to a host of new obligations and requirements.
Like the GDPR, both the DSA and the DMA have extra-EU territorial effect, and so will catch U.S. and other non-EU businesses providing in-scope services within the EU.

On December 15, 2020, the European Commission published proposals for two new EU-wide regulations, the Digital Services Act (DSA), and the Digital Markets Act (DMA), which together are intended to overhaul the rules governing digital services in the EU and update the existing e-commerce framework from 2000.

According the EU Commission, the two main goals of this new regulatory package is to: (1) create a safer digital space in which the fundamental rights of all users of digital services are protected; and (2) establish a level playing field to foster innovation, growth, and competitiveness, both in the European Single Market and globally.

In an article penned by Margrethe Vestager and Thierry Breton (two EU commissioners responsible for driving the new framework), the commissioners comment how the risks associated with the digital services economy are “online bullying, hate speech, fake news, skewed elections, unsafe or counterfeited goods, [and] being choked off from business opportunities if you’re a small player,” and that the existing regulatory framework is ripe for revision, especially in consideration of the fact that most online platforms did not exist in 2000, and the landscape has shifted monumentally.

Regarding the DSA, the EU Commission states that: (1) the new rules are proportionate, foster innovation, growth and competitiveness, and facilitate the scaling up of smaller platforms, SMEs and startups; (2) the responsibilities of users, platforms and public authorities are rebalanced according to European values, placing citizens at the center; (3) the DSA will better protect consumers and their fundamental rights online establish a powerful transparency and a clear accountability framework for online platform foster innovation, growth and competitiveness within the single market.

For citizens, the Commission says this will mean more choice, less exposure to illegal content, and better protection of fundamental rights.

For providers of digital services, the Commission says this will mean legal certainty, and easier startup and scale-up routes in Europe.

For business users, the Commission says this will mean more choice, lower prices, access to EU-wide markets through platforms, the levelling of the playing field against illegal content.

For society at large, the Commission says this will mean greater democratic control and oversight of systemic platforms, and mitigation of systemic risks such as manipulation of disinformation.

Which businesses will be in the DSA’s scope?
In short, the DSA covers cloud and webhosting services, online platforms (e.g., marketplaces, app stores, social media platforms), internet access providers, and domain name registrars. There will be specific rules for very large online platforms, being those which have extensive reach, and therefore pose higher risks relating to the sharing of illegal content, etc.

Like the GDPR, the DSA will have extra-EU territorial effect, meaning that any online intermediaries, wherever established, will be required to comply with its rules if they offer services within the EU.

DSA obligations
The DSA will introduce a host of new obligations on those intermediaries caught by its scope. These obligations will vary by category of intermediary. In other words, the obligations applicable to online platforms will not overlap exactly with hosting services.

These new obligations include:

  • Vetting credentials of third-party suppliers;
  • Transparency reporting;
  • Maintaining points of contact and legal representatives (where necessary);
  • Provision of tools to allow users to flag illegal goods, services or content online;
  • Provision of avenues to allow users to challenge platform content moderation decisions;
  • Obligation to provide information to users;
  • Transparency around online advertising and algorithms used for recommendations; and
  • Reporting criminal offences.

Penalties for non-compliance
The DSA proposal permits Member States to lay down the rules on penalties applicable to infringements, but also establishes that the maximum amount for breaches should not exceed six percent of annual income or turnover, and that penalties associated with the supply of incorrect, incomplete or misleading information, the failure to reply or rectify incorrect, incomplete or misleading information and to submit to an on-site inspection should not exceed one percent of annual income or turnover. Finally, a separate category of periodic fine will exist for very large platforms, which will accrue on a daily basis. This rate will again be determined by Member States, but should not exceed five percent of the average daily turnover in the preceding financial year per day.

The DMA applies to “gatekeepers,” which are businesses with: (1) a strong economic position, and a significant impact on the internal market, and being active in multiple EU countries; (2) a strong intermediation position, meaning that it links a large user base to a large number of businesses; and (3) an (or about to have an) entrenched and durable position in the market, meaning that it is stable over time.

Per the Commission summary of the DMA, the new regulation will incorporate a number of “dos” and “don’ts” for those caught by its scope.

For instance, businesses must not: (1) treat services and products offered by the gatekeeper itself more favourably in ranking than similar services or products offered by third parties on the gatekeeper's platform; and (2) prevent consumers from linking up to businesses outside their platforms; (3) prevent users from un-installing any pre-installed software or app if they so wish.

Non-compliance with the DMA will result in heavier fines than those available under the DSA. In particular, for serious infringements, fines not exceeding 10 percent of total turnover may be applied.

From the author’s work on the original e-Commerce Directive and related EU digital market rules 20 years ago, it seems clear that businesses will, equally, have their work cut out now to properly understand the new rules and then adapt to them.

Things may well still shift as both regulations must now be debated and approved, a process which is expected to take over 12 months. However, it would be prudent to take steps now.

Lessons also learned from the introduction of the GDPR in 2018 highlight the value of detailed analysis and preparation ahead of the type of major change the DSA and DMA will bring. Businesses would be well advised to treat this as a priority in 2021.

These and any accompanying materials are not legal advice, are not a complete summary of the subject matter, and are subject to the terms of use found at: https://www.pillsburylaw.com/en/terms-of-use.html. We recommend that you obtain separate legal advice.