Tech Firms Must Now Comply With EU Digital Services Act

Image credit: European Commission

DSA arrival. Sweeping new European law must now be obeyed by world’s largest tech companies starting this Friday

Big name tech firms must now comply with a sweeping new European law as of Friday 25 August 2023, or else risk big fines.

It was back in July 2022 when the European Parliament voted to adopt Digital Markets Act (DMA) and Digital Services Act (DSA) – landmark rules that impose significant regulatory burdens on the likes of Amazon, Apple, Alphabet, Meta, TikTok, X and others.

Tech companies had lobbied vigorously against the rules, with Apple for example warning they would open a “Pandora’s box”.

European Parliament

DSA compliance

The landmark rules have been a long time coming after the European Commission had first presented the Digital Markets Act (DMA) and Digital Services Act (DSA) in December 2020. However they were only passed into law in July 2022.

The Digital Markets Act (DMA) is designed to “addresses the negative consequences arising from certain behaviours by platforms acting as digital ‘gatekeepers’ to the single market.”

The DMA could fine big tech firms up to 10 percent of their annual turnover for breaching new EU rules, which require them to open up their platforms to competition from third parties.

The DSA on the other hand targets tech platforms that are used “as a vehicle for disseminating illegal content, or selling illegal goods or services online.”

Under the Digital Services Act (DSA), any tech platform or search engine that has more than 45 million users per month in the EU, is classified as a very large online platforms (VLOP) or very large online search engines (VLOSE).

The new rules that cover everything from social media moderation to targeted advertising and counterfeit goods in e-commerce.

Breaches of the DSA could lead to a fine of 6 percent of turnover and potentially suspension of the service.

Named firms

In April 2023, the European Commission had published the names of 19 platforms that will face the strictest level of regulation under the Digital Services Act (DSA), naming 19 so called ‘Gatekeeper’ firms.

The European Commission specified the following were Very Large Online Platforms (VLOPS). This VLOP designation requires these companies to do more to tackle illegal online content:

  • Alibaba AliExpress;
  • Amazon Store;
  • Apple AppStore;
  • Facebook;
  • Google Play;
  • Google Maps;
  • Google Shopping;
  • Instagram;
  • LinkedIn;
  • Pinterest;
  • Snapchat;
  • TikTok;
  • Twitter/X;
  • Wikipedia;
  • YouTube;
  • Zalando.

It also named the following as Very Large Online Search Engines (VLOSEs):

  • Bing;
  • Google Search.

They had four months (until 25 August 2023) to comply with the DSA’s rules. Smaller tech services won’t have to comply until next year.

Tech challenges

In July this year Amazon announced it was refusing to accept the designation from European officials, that ranks it alongside other major tech platforms such as Apple, Meta Platforms, and Twitter.

Amazon filed its challenge at the Luxembourg-based General Court, Europe’s second highest court, and is the first challenge from a big name tech player, after German online retailer Zalando sued the European Commission over the same issue in June.

Nevertheless Amazon has already taken steps to comply with the act and has reportedly “created a new channel for submitting notices against suspected illegal products and content”.

Zalando as it presses ahead with its challenge reportedly said it will be compliant with the act.

Tech firms have already created entire teams to ensure their compliance with the new EU laws.

Digging into the DSA legislation, it is clear these tech firms now have to assess potential risks they may cause, report that assessment, and put in place measures to deal with the problem.

The BBC noted that among possible risks are the following:

  • Illegal content;
  • Certain rights, such as freedom of expression, media freedom, discrimination, consumer protection and children’s rights;
  • Public security and threats to electoral processes;
  • Gender-based violence, public health, protection of minors, and mental and physical wellbeing.

And lets not forget another biggie, as targeted advertising based on profiling children is no longer permitted.

Tech giants also have to share with regulators details of how their algorithms work. This could include those which decide what adverts users see, or which posts appear in their feed.

In addition, the firms are required to have systems in place for sharing data with independent researchers.