The Digital Services Act (DSA) is a key EU regulation that has applied since February 2024 and fundamentally modernises the legal framework for digital services in Europe. Its objective is to create a safe, transparent, and trustworthy online environment. The DSA sets out the responsibilities and obligations of digital service providers, particularly with regard to combating illegal content, strengthening users’ rights, and increasing platform transparency.

The DSA applies to companies that provide intermediary services in the EU, regardless of whether they are established within or outside the EU. The key criterion is whether the services are made available to users in the EU.

The DSA distinguishes between the following categories of intermediary services:

• Mere conduit services: e.g. internet access providers, DNS services, VPN providers
• Caching services: e.g. content delivery networks (CDNs), reverse proxy services
• Hosting services: e.g. cloud providers, web hosting services, file-sharing services
• Online platforms: e.g. online marketplaces, social networks, app stores, sharing platforms
• Very Large Online Platforms (VLOPs): platforms with more than 45 million monthly active users in the EU (e.g. Facebook, Amazon, YouTube)
• Online search engines: e.g. Google, Bing

The DSA also applies to smaller businesses and start-ups where they provide one of the above services.

The obligations under the DSA vary depending on the category of service and the size of the provider. Key requirements include:

General Obligations for All Intermediary Services

• Establishment of a single point of contact for authorities and users
• Appointment of a legal representative where the provider is established outside the EU
• Transparent and user-friendly terms and conditions, particularly with regard to minors

Specific Obligations for Hosting Services and Online Platforms

• Implementation of a notice-and-action mechanism, allowing users to report illegal content, which must be reviewed and, where appropriate, removed
• Acknowledgement of reports and provision of reasons for content-related decisions
• Establishment of complaint-handling mechanisms and access to out-of-court dispute settlement
• Priority handling of notices submitted by trusted flaggers
• Measures against abusive notices and against users who frequently post illegal content

Additional Obligations for Online Platforms

• Prohibition of dark patterns and other manipulative user interface designs
• Transparency requirements for advertising and recommender systems, including disclosure of key parameters
• Protection of minors, including a prohibition on profiling-based advertising directed at minors
• Verification of traders offering goods or services through distance contracts
• Information obligations towards consumers regarding illegal products, services, or content

Additional Obligations for Very Large Online Platforms (VLOPs) and Search Engines

• Annual risk assessments and independent external audits
• Provision of data access for researchers to assess compliance
• Establishment of a public advertising repository
• Offering users the option to use recommender systems that are not based on profiling

The DSA interacts with a range of other European and German regulatory frameworks, including the GDPR, NIS2, Unfair Competition Law, the P2B Regulation, and the Media State Treaty (MStV). Fundamental requirements relating to transparency and users’ rights often overlap, making it important for businesses to understand these interactions in order to comply with parallel obligations efficiently. Structured legal advice can help identify synergies and ensure that compliance is managed in a coordinated and holistic manner.