What is the DSA?
The DSA aims to ensure a safe, predictable and trustworthy online environment for individuals by ensuring greater transparency and accountability from intermediary service providers.
Whereas in the case of VLOPs and very large search engines (VLOSEs), the DSA started to apply from 25 August 2023, for the remainder of the intermediary service providers, such as online marketplaces, content sharing platforms, comparison websites and app stores the DSA will begin to apply from 17 February 2024.
The DSA follows a tiered approach in terms of its obligations, with more stringent requirements for the VLOPs and VLOSEs.
| Intermediary Service Providers |
Hosting Service Providers |
Online Platforms | VLOPs/VLOSEs | |
| Point of contact and legal representative (where applicable) | X | X | X | X |
| Terms and Conditions | X | X | X | X |
| Cooperation with national authorities in terms of orders | X | X | X | X |
| Transparency reporting | X | X | X | X |
| Notice and action mechanisms | X | X | X | |
| Providing a statement of reasons | X | X | X | |
| Duty to report suspicions of criminal offences | X | X | X | |
Complaint-handling system and out-of-court dispute settlement |
X | X | ||
| Trusted flaggers | X | X | ||
| Measures and Protection against misuse | X | X | ||
| ‘Know Your Business Customer’ obligations | X | X | ||
| Ban on advertising that is targeted at minors or that is based on special categories of data | X | X | ||
| Transparency of recommender systems | X | X | ||
| Transparency on online advertising | X | X | ||
| Risk management and crisis response | X | |||
| Independent auditing | X | |||
| Internal compliance officers | X | |||
Codes of conduct |
X | |||
| Data access and scrutiny | X |
Timeline of key developments
A political agreement was reached on 23 April 2022 between the European Parliament and the EU Member States, and seven months later, on 16 November 2022, the DSA entered into force.
On 17 February 2023, online platforms and search engines were required to publish information on their monthly active recipients of their services in the EU. This information must also be provided upon request of the local Digital Service Coordinator (‘DSC’’), a Member State’s designated supervisory authority with powers to monitor and enforce compliance with the DSA. Going forward, such entities must also publish the above-mentioned numbers at least twice per year.
On 25 April 2023, the European Commission designated 17 VLOPs and 2 VLOSEs that maintain at least 45 million active monthly users in the EU. The DSA is fully applicable to those businesses since 25 August 2023.
Finally, as mentioned above, the DSA will become applicable to the rest of the entities falling within the scope of the DSA from 17 February 2024. In addition, Member States will be required to designate their DSC by the same date.
Where to go from here?
The DSA represents a complex regulatory challenge for organisations providing intermediary services (i.e. caching, mere conduit, or hosting). The clock is ticking and businesses are under pressure to duly understand their applicable responsibilities under the regulation, particularly, to identify and clarify their position concerning the conditional exemption from liability. Moreover, the nature of the obligations in terms of the DSA varies considerably, requiring legal, technical and organisational efforts at the same time.
To be prepared for the impact of the DSA on your business, the following steps may be considered:
1. Impact Analysis
Assessing your organisation’s position against the DSA’s classification system and identifying your respective obligations
2. Gap Assessment
Documenting any gaps in your current compliance framework in terms of the DSA, and identifying the corrective actions, if any, required to comply with the DSA
3. Implementation and Training
Training your workforce adequately such that they understand their new obligations under the DSA and can act as first responders to maintain the compliance status of your business
Contact Us
At PwC Malta, our Privacy and Data team has the expertise to help your organisation duly understand its requirements under the DSA. For more information on our GDPR compliance and regulatory digital readiness services, please reach out to our sector leaders below.
Contact us
