Digital Services Act – Guidance for Industry

The DSA applies to organisations that provide online intermediary services in the European Union (EU). This includes organisations that at the request of recipients of a service, provide storage, transmission, and/or disclosure to third parties of information online. There are three types of services, collectively known as intermediary services, that have been identified: 

A ‘mere conduit’ service 

• A service that provides access to a communication network or transmits information provided by a service recipient.   
• Examples: broadband providers, mobile network operators, internet service providers, internet exchange points, direct messaging services (not IM services), VOIP, VPNs, Wifi/WLAN, DNS, TLD registries, domain registrars, digital certificate issuers.   

A ‘caching’ service 

• A service that transmits information provided by a service recipient in a communication network, involving the automatic, intermediate and temporary storage of that information, performed for the sole purpose of making onward transmission more efficient to other recipients upon their request.  
• Examples: Content Delivery Network (CDN), proxy server, web caching. 

A ‘hosting’ service (which includes online platforms) 

• A service that consists of the storage of information provided by, and at the request of, a recipient of the service.
• Examples: online marketplaces, app stores, social media platforms, collaborative economy platforms, cloud services, Iaas (servers, networking), PaaS (H/W, stack, infra, dev tools), SaaS (cloud apps/services), serverless computing, file transfer services, file storage services. 

The rules of the DSA apply to all Intermediary Service Providers (ISPs) offering their services in the EU whether they are established in the EU or outside. In terms of obligations that apply to the service provider, the DSA distinguishes between the different categories. 

********************************************************************************************

Categories of Intermediary Service Providers

Category 1: Intermediary Service Providers 

• Relates to organisations which provide services which consist of either a ‘mere conduit’ service, a ‘caching’ service or a ‘hosting’ service. Categories 2-4 are subsets of this Category 1. 

Category 2: Hosting Service Providers 

• Hosting services are intermediary service providers who store information provided by, and at the request of, a recipient of the service.  

Category 3: Online Platforms 

• ‘Online Platforms’ are hosting services that, at the request of a recipient of the service, stores and disseminates information to the public (unless that activity is a minor and purely ancillary feature of another service or a minor functionality of the principal service and, for objective and technical reasons, cannot be used without that other service, and the integration of the feature or functionality into the other service is not a means to circumvent the applicability of the DSA).

Category 4: Very Large Online Platforms and Very Large Online Search Engines 

• Very Large Online Platforms (VLOPs): VLOPs are online platforms having 45 million or more average monthly active recipients of the service in the EU (representing 10% of the population of the EU). 
• Very Large Online Search Engines (VLOSEs): VLOSEs are search engines having 45 million or more average monthly active recipients of the service in the EU (representing 10% of the population of the EU). 

For information on providing a single point of contact, please continue to the next point.

The obligations applied to service providers vary by the size or category of the provider.  As a first step a provider will need to determine to which of the four categories it belongs to, noting that a single entity which provides multiple services might belong to more than one category. The obligations below are not exhaustive, please refer to the Digital Services Act package for a detailed overview of the DSA. 

 Obligations for all Intermediary Service Providers (categories 1, 2, 3, 4) 

• Provide a method for users to submit requests for the removal of illegal content. This should include instructions on its use. 
• Provide information on redress mechanisms and reasons to users whose content is subject to any form of restriction, removal, or a removal request. 
• Provide a single point of contact to communicate with Coimisiún na Meán, the European Commission, and the European Board for Digital Services. 
• Make terms and conditions public, accessible, and in plain language. Those terms and conditions should include details on policies, processes, and moderation teams. 
• Publish transparency reports to include service data, notice and action complaints, terms of service complaints, illegal content submissions, and orders to provide information. These should also include logs of flags from trusted flaggers separate from reports from other users. 
• Transparency reports must include details on current moderation, including, but limited to processes, training, skills, automation, actions, and decisions. 

 Obligations for all hosting services (categories 2, 3, 4) 

• Allow access for potentially illegal content to be reported from anywhere in the EU. 
• Communicate with the reporter of potentially illegal content, including acknowledgement of receipt of the complaint. 
• Provide to uploaders of restricted or prohibited content a clear policy rationale when taking action on their content or accounts. This action may include changes to visibility, access, or monetisation, and concerns actions taken proactively and reactively. 
• Report to An Garda Síochána (or local law enforcement authority) any suspected criminal offence that could result in threats to life or safety when it become aware of it. 

Obligations for all online platforms (categories 3, 4) 

• Facilitate appeals from reporters or uploaders with respect to actions taken or not taken for six months from the time of that action for terms of service complaints and Notice and Action complaints. 
• Complaints must be acted on in a timely, non-discriminatory, diligent and non-arbitrary fashion. 
• Must provide appropriately qualified staff to make decisions and not rely on solely on automation. 
• Must provide access to out of court dispute mechanisms with all action communications. 
• Platforms must suspend access to the Notice and Action mechanism or access to the service platform for uploaders and reporters that frequently abuse the service (through uploading manifestly illegal content or making manifestly unfounded complaints). This restriction can be for a period of time or indefinite. 
• With respect to transparency reports: 
  • Must include out of court dispute settlement data and abusive actor suspensions. 
  • Must make the transparency reports publicly available every 6 months. 
  • Must submit to the European Commission all Statements of Reasons and Notice and Action complaints and outcomes. Database available here: https://transparency.dsa.ec.europa.eu/  

• Provide the ability for uploaders to tag their content as commercial communications. 
• Online platforms showing advertisements must clearly display content as such and must provide information on the source and funding of the advertisement. 
• Explain in the terms and conditions the main parameters of their recommender systems. 
• Implement measures to ensure the safety, privacy, and security of minors that use their service. 

 Obligations for all Very Large online platforms and search engines (category 4) 

• Carry out an annual risk assessment accounting for the impact of recommender systems, content moderation systems, and the enforcement of terms and conditions. 
• Publish user numbers every six months on a publicly available section of the online interface 
• Be transparent with recommender systems, content moderation decisions, and advertising. 
• Make available and maintain a public repository of advertisements. 
• Establish an internal compliance function. 

Information about the DSA from the Department of Enterprise, Trade and Employment: Digital Services Act – DETE (enterprise.gov.ie) 

The full legal text of the DSA: Regulation – 2022/2065 – EN – DSA – EUR-Lex (europa.eu) 

Q&A from the European Commission on the DSA: Questions and Answers: Digital Services Act* (europa.eu) 

Under article 40 of the Digital Services Act (DSA), vetted researchers will be able to request data from very large online platforms (VLOPs) or search engines (VLOSEs) to conduct research on systemic risks in the EU. This requires a Delegated Act which is scheduled to be adopted in spring 2024.

Article 11 of the DSA requires intermediary services to designate a single point of contact to enable them to communicate directly, by electronic means, with Member States’ authorities, the European Commission and the European Board for Digital Services.

Designations of points of contact from intermediary services (or their legal representatives) based in Ireland may be notified to Coimisiún na Meán. Designations or queries may be directed to article11dsadesignations@cnam.ie.

Designation of legal representatives in Ireland by providers of intermediary services pursuant to Article 13 of the Digital Services Act (‘DSA’)

Article 13 of the DSA requires providers of intermediary services, which do not have an establishment in the European Union (‘EU’), but which offer services in the EU, to designate in writing a legal representative in one of the Member States where their services are offered. The legal representative may be a legal or natural person.

Coimisiún na Meán is responsible for receiving designations of legal representatives in Ireland.

Designations must be issued by the provider of intermediary services on their company letterhead and must be signed by a suitably authorised person.

The designation letter must include the following information:

• the company name of the provider of intermediary services;
• details of incorporation of the provider of intermediary services (country of incorporation and company number);
• the name of the legal representative designated for the purpose of Article 13 of the DSA and details of incorporation (if applicable);
• the legal representative’s contact details (contact name, email address, postal address and telephone number); and
• an explicit statement by the provider of intermediary services that the legal representative has been designated for the purpose of Article 13 of the DSA.

Providers of intermediary services are obliged to ensure that the information is publicly available, easily accessible, accurate and kept up to date.

Designations of legal representatives in Ireland must be notified to An Coimisiún. Designations or queries may be directed to article13dsadesignations@cnam.ie.

Article 21 of the Digital Services Act entitles recipients of a service to select a certified out-of-court dispute settlement (ODS) body to resolve disputes relating to decisions of online platforms, including complaints that have not been resolved by means of the internal complaint-handling system of an online platform. The decisions of ODS bodies are not binding.

In accordance with Article 21 of the DSA, Coimisiún na Meán has the power to certify an applicant as an ODS Body, where the applicant meets the following conditions:

• Impartiality and independence, including financially independence, in relation to providers of online platforms and recipients of the service.
• Expertise in relation to areas of illegal content, or in relation to the application and enforcement of terms and conditions of online platforms.
• Remuneration, which requires that ODS body members are remunerated in a way that is not linked to the outcome of the procedure.
• Accessibility, which requires that the ODS settlement is easily accessible, through electronic communications technology and provides for the possibility to initiate the dispute settlement and to submit the requisite supporting documents online.
• Swift and efficient dispute settlement, which requires that the ODS body can settle disputes in a swift, efficient, and cost-effective manner and in at least one of the official languages of the institutions of the Union.
• Clear and fair rules, which requires that the ODS settlement takes place in accordance with clear and fair rules of procedure that are easily and publicly accessible.

Bodies which are established in Ireland may apply to An Coimisiún for certification under Article 21. An Coimisiún has prepared this Application Form and Guidance.

If you would like to apply for certification or if you have any queries in relation to the certification process, please email outofcourtapplications@cnam.ie.

• Current Out-of-Court Dispute Settlement Bodies
• Out of Court Dispute Settlement Bodies – FAQ

Article 22 of the Digital Services Act mandates that providers of online platforms shall take the necessary measures to ensure that the notices submitted by Trusted Flaggers acting within their designated area of expertise, are given priority and processed and decided upon without undue delay.

To be awarded the status of Trusted Flagger, an applicant must satisfy a number of conditions set out in Article 22. An applicant must demonstrate:

• it has particular expertise and competence for the purposes of detecting, identifying and notifying illegal content;
• it is independent from any provider of online platforms; and,
• it carries out its activities for the purposes of submitting notices diligently, accurately and objectively.

Bodies which are established in Ireland may apply to An Coimisiún to be awarded Trusted Flagger status under Article 22. An Coimisiún has prepared this Application Form and Guidance.

If you would like to apply for Trusted Flagger status or if you have any queries in relation to the application process, please email trustedflaggerapplications@cnam.ie.

• Trusted Flaggers FAQ

For general questions about Coimisiún na Meán please contact info@cnam.ie.

For consumer queries about the DSA or to raise complaint please use our consumer contact centre: + 353 1 963 7755 | usersupport@cnam.ie.

If you represent an intermediary service provider and have a question which is not answered here, please contact dsa@cnam.ie.

To submit information as required by the DSA to a local regulator or the European Commission please use dsa@cnam.ie.

For information about the transparency database please visit https://transparency.dsa.ec.europa.eu/.