What are the obligations for service providers?

The obligations aim to protect users online and create a safe, predicable and trustworthy online environment

As a first step you will need to determine in which of the four categories your business belongs, noting that a single entity which provides multiple services might belong in more than one category.  

The obligations below are not exhaustive, please refer to the Digital Services Act package for a detailed overview of the DSA. 

Does the DSA apply to my business?

Categories of Intermediary Service Providers

Category 1: Intermediary Service Providers

Relates to organisations which provide services which consist of either a ‘mere conduit’ service, a ‘caching’ service or a ‘hosting’ service. Categories 2-4 are subsets of this Category 1.  

Category 2: Hosting Service Providers 

Hosting services are intermediary service providers who store information provided by, and at the request of, a recipient of the service.   

Category 3: Online Platforms 

‘Online Platforms’ are hosting services that, at the request of a recipient of the service, stores and disseminates information to the public (unless that activity is a minor and purely ancillary feature of another service or a minor functionality of the principal service and, for objective and technical reasons, cannot be used without that other service, and the integration of the feature or functionality into the other service is not a means to circumvent the applicability of the DSA). 

Category 4: Very Large Online Platforms and Very Large Online Search Engines 

Very Large Online Platforms (VLOPs): VLOPs are online platforms having 45 million or more average monthly active recipients of the service in the EU (representing 10% of the population of the EU).  

Very Large Online Search Engines (VLOSEs): VLOSEs are search engines having 45 million or more average monthly active recipients of the service in the EU (representing 10% of the population of the EU).  

Obligations for all Intermediary Service Providers (categories 1, 2, 3, 4) 

• Provide a method for users to submit requests for the removal of illegal content. This should include instructions on how to do this.  
• Provide information on redress mechanisms to users whose content is subject to any form of restriction, removal, or a removal request, including a reason why the content was removed.  
• Provide a single point of contact to communicate with Coimisiún na Meán, the European Commission, and the European Board for Digital Services.  
• Make terms and conditions public, accessible, and in plain language. Those terms and conditions should include details on policies, processes, and moderation teams.  
• Publish transparency reports to include service data, notice and action complaints, terms of service complaints, illegal content submissions, and orders to provide information. These should also include logs of flags from trusted flaggers separate from reports from other users.  
• Transparency reports must include details on current moderation, including, but limited to processes, training, skills, automation, actions, and decisions.  

• Allow access for potentially illegal content to be reported from anywhere in the EU.  
• Communicate with those who reportpotentially illegal content, including acknowledging receipt of the complaint.  
• Provide a clear policy rationale to those who upload restricted or prohibited content when taking action on their content or accounts.  Actions may include changes to visibility, access, or monetisation, taken proactively and reactively.  
• Report to An Garda Síochána (or local law enforcement authority) any suspected criminal offence that could result in threats to life or safety as soon as possible.

Obligations for all online platforms (categories 3, 4)  

• Facilitate appeals from those who report or upload problematic content with respect to actions taken or not taken for six months from the time of that action. This concerns terms of service complaints and Notice and Action complaints.  
• Complaints must be acted on in a timely, non-discriminatory, diligent and non-arbitrary fashion.  
• Must provide appropriately qualified staff to make decisions and not rely on solely on automation.  
• Must provide access to out of court dispute mechanisms with all action communications.  
• Must suspend access to the Notice and Action mechanism or access to the service platform for those that report or upload problematic content that frequently abuse the service (through uploading manifestly illegal content or making manifestly unfounded complaints). This restriction can be for a defined period of time or indefinite.  
• With respect to transparency reports:
  • Must include out of court dispute settlement data and abusive actor suspensions
  • Must make the transparency reports publicly available every 6 months.
  • Must submit to the European Commission all Statements of Reasons and Notice and Action complaints and outcomes. DSA Transparency Database available here.
• Provide the ability for those who upload content to tag their content as commercial communications.
• Online platforms showing advertisements must clearly display content as such and must provide information on the source and funding of the advertisement.  
• Explain in the terms and conditions the main parameters of their recommender systems.  
• Implement measures to ensure the safety, privacy, and security of minors that use their service.  

 Obligations for all very large online platforms and search engines (category 4) 

• Carry out an annual risk assessment accounting for the impact of recommender systems, content moderation systems, and the enforcement of terms and conditions.  
• Publish user numbers every six months on a publicly available section of the online interface . 
• Be transparent with recommender systems, content moderation decisions, and advertising.  
• Make available and maintain a public repository of advertisements.  
• Establish an internal compliance function.

Which articles of the DSA apply to me?

• If your business, organisation or online service has over 45 million EU users, articles 1 to 48 of the DSA apply. 
• If your business, organisation or online service has under 45 million EU users, articles 1 to 32 of the DSA apply. 
• If your business, organisation or online service is a small or micro-enterprise (employing fewer than 50 persons and whose annual turnover and/or annual balance sheet total does not exceed €10 million) further obligations are excluded.  

Myth Buster

Myth: I am not broadcasting content, so the DSA does not apply to me. 

Fact: The DSA covers a wide range of online services from broadcasting to online marketplaces to digital infrastructures.

Myth: I am not offering video-on-demand, so the DSA does not apply to me.

Fact: The DSA applies to a range of online services, as well as video-on-demand and content creation.

Myth: The DSA does not apply to small business owners

Fact: The DSA applies to micro and small enterprises, however, these enterprises are subject to fewer obligations. Small and micro-enterprises are those which employ fewer than 50 persons and whose annual turnover and/or annual balance sheet total does not exceed €10 million.

Myth: My website or platform does not allow users to generate content, therefore the DSA does not apply to me.

Fact: The DSA may also apply to websites and platforms which do not support user generated content.

Myth: I operate a B2B business model, therefore the DSA does not apply to me.

Fact: Operating on a business-to-business basis does not determine whether a business, organisation or online service is required to meet obligations under the DSA.

Myth: My website requires that users must create accounts in order to engage with our site, therefore the DSA does not apply to me.

Fact: The requirement for a user account does not impact on whether or not the DSA applies.