Digital Services Act Trained Professional (DiSeActTPro)
Overview
The Digital Services Act is the most important and most ambitious regulation in the world in the field of the protection of the digital space against the spread of illegal content, and the protection of users’ fundamental rights. It is a comprehensive set of new rules that regulate the responsibilities of intermediaries that connect consumers with goods, services and content. The regulation covers online marketplaces, social networks, content-sharing platforms, app stores, online travel and accommodation platforms, etc.
Very large platforms are now obliged to assess the risks their systems pose, regarding not only illegal content and products, but also systemic risks to the public interests, fundamental rights, public health and security. They must develop appropriate risk management tools and measures to protect the integrity of their services against the use of manipulative techniques.
According to Article 52 ("Penalties"), the maximum amount of fines that may be imposed for a failure to comply with an obligation laid down in the Digital Services Act is 6 % of the annual worldwide turnover of the provider of intermediary services concerned in the preceding financial year. The maximum amount of the fine that may be imposed for the supply of incorrect, incomplete or misleading information, failure to reply or rectify incorrect, incomplete or misleading information and failure to submit to an inspection is 1 % of the annual income or worldwide turnover of the provider of intermediary services or person concerned in the preceding financial year.
According to Article 41 of the DSA:
- The management body of the provider of the very large online platform or of the very large online search engine shall define, oversee and be accountable for the implementation of the provider's governance arrangements that ensure the independence of the compliance function, including the division of responsibilities within the organisation of the provider of very large online platform or of very large online search engine, the prevention of conflicts of interest, and sound management of systemic risks.
- The management body shall approve and review periodically, at least once a year, the strategies and policies for taking up, managing, monitoring and mitigating the risks identified to which the very large online platform or the very large online search engine is or might be exposed to.
- The management body shall devote sufficient time to the consideration of the measures related to risk management. It shall be actively involved in the decisions related to risk management, and shall ensure that adequate resources are allocated to the management of the risks identified in accordance with Article 34.
According to Article 13:
- Providers of intermediary services which do not have an establishment in the Union but which offer services in the Union shall designate, in writing, a legal or natural person to act as their legal representative in one of the Member States where the provider offers its services.
- Providers of intermediary services shall mandate their legal representatives for the purpose of being addressed in addition to or instead of such providers, by the Member States’ competent authorities, the Commission and the Board, on all issues necessary for the receipt of, compliance with and enforcement of decisions issued in relation to this Regulation. Providers of intermediary services shall provide their legal representative with necessary powers and sufficient resources to guarantee their efficient and timely cooperation with the Member States’ competent authorities, the Commission and the Board, and to comply with such decisions.
- It shall be possible for the designated legal representative to be held liable for non-compliance with obligations under this Regulation, without prejudice to the liability and legal actions that could be initiated against the provider of intermediary services.
The marketplace is clearly demanding qualified professionals that have the knowledge and skills needed to comply with this regulation.
Objectives
The program has been designed to provide with the skills needed to understand and support compliance with the Digital Services Act.
It also provides with the skills needed to pass the Digital Services Act Trained Professional (DiSeActTPro) exam, and to receive the Certificate of Completion, that provides independent evidence that you have a quantifiable understanding of the subject matter.
Target Audience
The program is beneficial to risk and compliance managers and professionals, auditors, consultants, and service providers that work for:
- EU companies and organizations that have to comply with the Digital Services Act,
- non-EU companies and organizations that have operations in EU Member States or provide services to EU citizens, and have to comply with the Digital Services Act.
It includes:
- Intermediary services offering network infrastructure, like Internet access providers, and domain name registrars.
- Hosting services such as cloud and webhosting services.
- Online platforms bringing together sellers and consumers such as online marketplaces, app stores, collaborative economy platforms and social media platforms.
- Very large platforms. They pose particular risks in the dissemination of illegal content and societal harms.
Course Synopsis
The European Union (EU) - key institutions, the EU legislative process, the roles.
- The European System of Financial Supervision.
- The major changes after the Lisbon Treaty.
- Delegated acts - supplementing or amending certain non-essential elements of a basic act.
- Implementing acts.
- Regulatory technical standards (RTS), Implementing technical standards (ITS).
- The Committee of European Auditing Oversight Bodies (CEAOB).
- The European External Action Service, Common Foreign and Security Policy (CFSP), Common Security and Defence Policy (CSDP), European Cyber Defence Policy Framework (CDPF).
Before the Digital Services Act.
The need for the Digital Services Act.
The Digital Services Act, important articles.
Chapter I, General Provisions.
- Subject matter and scope.
- Definitions.
Chapter II, Liability of Providers of Intermediary Services.
- Mere conduit.
- Caching.
- Hosting.
- Voluntary own-initiative investigations and legal compliance.
- No general monitoring or active fact-finding obligations.
- Orders to act against illegal content.
Chapter III, Due Diligence Obligations for a Transparent and Safe Online Environment.
Section 1, Provisions applicable to all providers of intermediary services.
- Points of contact for Member States’ authorities, the Commission and the Board.
- Points of contact for recipients of the service.
- Legal representatives.
- Terms and conditions.
- Transparency reporting obligations for providers of intermediary services.
Section 2, Additional provisions applicable to providers of hosting services, including online platforms.
- Notice and action mechanisms.
- Statement of reasons.
- Notification of suspicions of criminal offences.
Section 3, Additional provisions applicable to providers of online platforms.
- Exclusion for micro and small enterprises.
- Internal complaint-handling system.
- Out-of-court dispute settlement.
- Trusted flaggers.
- Measures and protection against misuse.
- Transparency reporting obligations for providers of online platforms.
- Online interface design and organisation.
- Advertising on online platforms.
- Recommender system transparency.
- Online protection of minors.
Section 4, Additional provisions applicable to providers of online platforms allowing consumers to conclude distance contracts with traders.
- Exclusion for micro and small enterprises.
- Traceability of traders.
- Compliance by design.
- Right to information.
Section 5, Additional obligations for providers of very large online platforms and of very large online search engines to manage systemic risks.
- Very large online platforms and very large online search engines.
- Risk assessment.
- Mitigation of risks.
- Crisis response mechanism.
- Independent audit.
- Recommender systems.
- Additional online advertising transparency.
- Data access and scrutiny.
- Compliance function.
- Transparency reporting obligations.
- Supervisory fee.
Section 6, Other provisions concerning due diligence obligations.
- Standards.
- Codes of conduct.
- Codes of conduct for online advertising.
- Codes of conduct for accessibility.
- Crisis protocols.
Chapter IV, Implementation, Cooperation, Penalties and Enforcement.
Section 1, Competent authorities and national Digital Services Coordinators.
- Competent authorities and Digital Services Coordinators.
- Requirements for Digital Services Coordinators.
- Powers of Digital Services Coordinators.
- Penalties.
- Right to lodge a complaint.
- Compensation.
- Activity reports.
Section 2, Competences, coordinated investigation and consistency mechanisms.
- Competences.
- Mutual assistance.
- Cross-border cooperation among Digital Services Coordinators.
- Referral to the Commission.
- Joint investigations.
Section 3, European Board for Digital Services.
- European Board for Digital Services.
- Structure of the Board.
- Tasks of the Board.
Section 4, Supervision, investigation, enforcement and monitoring in respect of providers of very large online platforms and of very large online search engines.
- Development of expertise and capabilities.
- Enforcement of obligations of providers of very large online platforms and of very large online search engines.
- Initiation of proceedings by the Commission and cooperation in investigation.
- Requests for information.
- Power to take interviews and statements.
- Power to conduct inspections.
- Interim measures.
- Commitments.
- Monitoring actions.
- Non-compliance.
- Fines.
- Enhanced supervision of remedies to address infringements of obligations laid down in Section 5 of Chapter III.
- Periodic penalty payments.
- Limitation period for the imposition of penalties.
- Limitation period for the enforcement of penalties.
- Right to be heard and access to the file.
- Publication of decisions.
- Review by the Court of Justice of the European Union.
- Requests for access restrictions and cooperation with national courts.
- Implementing acts relating to Commission intervention.
Section 5, Common provisions on enforcement.
- Professional secrecy.
- Information sharing system.
- Representation.
Section 6, Delegated and implementing acts.
- Exercise of the delegation.
- Committee procedure.
Chapter V, Final Provisions.
- Review.
- Anticipated application to providers of very large online platforms and of very large online search engines.
- Entry into force and application.
Understanding better the Digital Services Act.
Deadlines.
2022 Strengthened Code of Practice on Disinformation.
- Demonetising the dissemination of disinformation.
- Guaranteeing transparency of political advertising.
- Enhancing cooperation with fact-checkers.
- Facilitating access to data for researchers.
Signatories of the 2022 Strengthened Code of Practice on Disinformation – including Adobe, Alliance4Europe, Google, Meta, Microsoft, Twitter etc.
Other new EU Directives and Regulations.
- The European Cyber Resilience Act.
- The NIS 2 Directive.
- The Digital Operational Resilience Act (DORA).
- The Critical Entities Resilience Directive (CER).
- The Digital Markets Act (DMA).
- The European Health Data Space (EHDS).
- The European Chips Act.
- The European Data Act.
- The European Data Governance Act (DGA).
- The Artificial Intelligence Act.
- The European ePrivacy Regulation.
Closing remarks.
Become a Digital Services Act Trained Professional (DiSeActTPro)
This is a Distance Learning with Certificate of Completion program, provided by Cyber Risk GmbH. The General Terms and Conditions for all legal transactions made through the Cyber Risk GmbH websites (hereinafter “GTC”) can be found at: https://www.cyber-risk-gmbh.com/Impressum.html
Each Distance Learning with Certificate of Completion program (hereinafter referred to as “distance learning program”) is provided at a fixed price, that includes VAT. There is no additional cost, now or in the future, for any reason.
We will send the distance learning program via email up to 24 hours after the payment (working days). Please remember to check the spam folder of your email client too, as emails with attachments are often landed in the spam folder.
You have the option to ask for a full refund up to 60 days after the payment. If you do not want one of our distance learning programs for any reason, all you must do is to send us an email, and we will refund the payment, no questions asked.
Your payment will be received by Cyber Risk GmbH (Dammstrasse 16, 8810 Horgen, Switzerland, Handelsregister des Kantons Zürich, Firmennummer: CHE-244.099.341). Cyber Risk GmbH will also send the certificates of completion to all persons that will pass the exam.
The all-inclusive cost is 297 USD (US Dollars). There is no additional cost, now or in the future, for this program.
First option: You can purchase the Digital Services Act Trained Professional (DiSeActTPro) program with VISA, MASTERCARD, AMEX, Apple Pay, Google Pay etc.
Purchase the Digital Services Act Trained Professional (DiSeActTPro) program here (VISA, MASTERCARD, AMEX, Apple Pay, Google Pay etc.)
Second option: QR code payment.
i. Open the camera app or the QR app on your phone.
ii. Scan the QR code and possibly wait for a few seconds.
iii. Click on the link that appears, open your browser, and make the payment.
Third option: You can purchase the NIS 2 Directive Trained Professional (NIS2DTP) program with PayPal
When you click "Buy Now" below, you will be redirected to the PayPal web site.
What is included in the cost of the distance learning program:
A. The official presentations (1059 slides).
The presentations are effective and appropriate to study online or offline. Busy professionals have full control over their own learning and are able to study at their own speed. They are able to move faster through areas of the course they feel comfortable with, but slower through those that they need a little more time on.
B. Up to 3 online exam attempts per year.
Candidates must pass only one exam. If they fail, they must study the official presentations and retake the exam. Candidates are entitled to 3 exam attempts every year.
If candidates do not achieve a passing score on the exam the first time, they can retake the exam a second time.
If they do not achieve a passing score the second time, they can retake the exam a third time.
If candidates do not achieve a passing score the third time, they must wait at least one year before retaking the exam. There is no additional cost for additional exam attempts.
To learn more, you may visit:
C. The certificate of completion.
Processing and posting via registered mail with tracking number. Certificates are usually dispatched up to 10 weeks after you pass the exam.
If you want a digital copy of your certificate too, to have it until you receive your printed and stamped certificate of completion, please send us an email. We will send a digital copy of your certificate via email in less than 24 hours (working days).
Frequently Asked Questions for the distance learning programs.
1. I want to know more about Cyber Risk GmbH.
“Cyber Risk GmbH” is a company incorporated in Switzerland.
Registered company name: Cyber Risk GmbH.
Registered address: Dammstrasse 16, 8810 Horgen, Switzerland.
Company number: CHE-244.099.341.
Cantonal Register of Commerce: Canton of Zürich.
Swiss VAT number: CHE-244.099.341 MWST.
EU VAT number: EU276036462. Cyber Risk GmbH is registered for EU VAT purposes in Germany (Bundeszentralamt für Steuern, Dienstsitz Saarlouis, Referat St III 4, One-Stop-Shop, Ludwig-Karl-Balzer-Allee 2, 66740 Saarlouis - Verfahren One-Stop-Shop, Nicht EU-Regelung) for the sale of services in the EU. The VAT One Stop Shop (OSS) simplifies VAT obligations for non-EU businesses selling goods and services cross border to final consumers in the EU. Cyber Risk GmbH declares and pays EU VAT in a single electronic quarterly return submitted to Germany, and the German Bundeszentralamt für Steuern forwards the EU VAT due to each member State of the EU.
“Cyber Risk GmbH Training Programs” are training programs developed, updated and provided by Cyber Risk GmbH, and include:
a) In-House Instructor-Led Training programs,
b) Online Live Training programs,
c) Video-Recorded Training programs,
d) Distance Learning with Certificate of Completion programs.
“Cyber Risk GmbH websites” are all websites that belong to Cyber Risk GmbH, and include the following:
a. Sectors and Industries.
2. Social Engineering Training
12. Transport Cybersecurity Toolkit
14. Sanctions Risk
15. Travel Security
b. Understanding Cybersecurity.
4. What is Synthetic Identity Fraud?
c. Understanding Cybersecurity in the European Union.
2. The European Cyber Resilience Act
3. The Digital Operational Resilience Act (DORA)
4. The Critical Entities Resilience Directive (CER)
5. The Digital Services Act (DSA)
6. The Digital Markets Act (DMA)
7. The European Health Data Space (EHDS)
10. European Data Governance Act (DGA)
11. The Artificial Intelligence Act
12. The European ePrivacy Regulation
13. The European Cyber Defence Policy
14. The Strategic Compass of the European Union
15. The EU Cyber Diplomacy Toolbox
2. Are your training and certification programs vendor neutral?
Yes. We do not promote any products or services, and we are 100% independent.
3. I want to learn more about the exam.
You can take the exam online from your home or office, in all countries.
It is an open book exam. Risk and compliance management is something you must understand and learn, not memorize. You must acquire knowledge and skills, not commit something to memory.
You will be given 90 minutes to complete a 35-question exam. You must score 70% or higher.
The exam contains only questions that have been clearly answered in the official presentations.
All exam questions are multiple-choice, composed of two parts:
a. A stem (a question asked, or an incomplete statement to be completed).
b. Four possible responses.
In multiple-choice questions, you must not look for a correct answer, you must look for the best answer. Cross out all the answers you know are incorrect, then focus on the remaining ones. Which is the best answer? With this approach, you save time, and you greatly increase the likelihood of selecting the correct answer.
TIME LIMIT - This exam has a 90-minute time limit. You must complete this exam within this time limit, otherwise the result will be marked as an unsuccessful attempt.
BACK BUTTON - When taking this exam you are NOT permitted to move backwards to review/change prior answers. Your browser back button will refresh the current page instead of moving backward.
RESTART/RESUME – You CANNOT stop and then resume the exam. If you stop taking this exam by closing your browser, your answers will be lost, and the result will be marked as an unsuccessful attempt.
SKIP - You CANNOT skip answering questions while taking this exam. You must answer all the questions in the order the questions are presented.
We do not send sample questions or past exams. If you study the presentations, you can score 100%.
When you are ready to take the exam, you must follow the steps described at "Question h. I am ready for the exam. What must I do?", at:
4. How comprehensive are the presentations? Are they just bullet points?
The presentations are not bullet points. They are effective and appropriate to study online or offline.
5. Do I need to buy books to pass the exam?
No. If you study the presentations, you can pass the exam. All the exam questions are clearly answered in the presentations. If you fail the first time, you must study more. Print the presentations and use Post-it to attach notes, to know where to find the answer to a question.
6. Is it an open book exam? Why?
Yes, it is an open book exam. Risk and compliance management is something you must understand and learn, not memorize. You must acquire knowledge and skills, not commit something to memory.
7. Do I have to take the exam soon after receiving the presentations?
No. You can take the exam any time. Your account never expires.
8. I want to receive another printed and stamped certificate (I lost the one sent, or for other reasons). Can you send me another one?
Every time we send certificates via registered mail with tracking number, we also send all tracking numbers via email. Please track your certificate and ensure you or somebody else can receive it. If there is any problem in the process, please let us know. If we do not receive an email up to 90 days after the day we sent the tracking numbers, indicating that your certificate was not delivered, we will mark the certificate as delivered.
The cost of each additional printed and stamped certificate is 65 USD. It includes the administration, processing and posting via registered mail with tracking number (not courier). Certificates are usually dispatched every 10 weeks. We accept payment with cards, QR, and PayPal.
9. Why should I purchase this program?
Firms and organizations hire and promote “fit and proper” professionals who can provide evidence that they are qualified. Employers need assurance that employees have the knowledge and skills needed to mitigate risks and accept responsibility. Supervisors and auditors ask for independent evidence that the process owners are qualified, and that the controls can operate as designed, because the persons responsible for these controls have the necessary knowledge and experience.
There are many new Directives and Regulations in the EU, and our target audience is overwhelmed and has little time to spare. Cyber Risk GmbH has developed a program that can assist them in understanding the new requirements, and in providing evidence that they are qualified, as they must pass an exam to receive their certificate of completion.
The all-inclusive cost of our distance learning programs is very low. There is no additional cost for each program, now or in the future, for any reason.
There are 3 exam attempts per year that are included in the cost of each program, so you do not have to spend money again if you fail.
You have a 100 USD discount for your second and each additional program from Cyber Risk GmbH (the all-inclusive cost is 197 USD).
For example, you may consider:
1. The Digital Markets Act Trained Professional (DiMaActTPro) program at: https://www.eu-digital-markets-act.com/DiMaActTPro_Training.html.
2. The Data Governance Act Trained Professional (DatGovActTP) program at: https://www.european-data-governance-act.com/DatGovActTP_Training.html.
3. The NIS 2 Directive Trained Professional (NIS2DTP) program at: https://www.nis-2-directive.com/NIS_2_Directive_Trained_Professional_(NIS2DTP).html.
4. The Digital Operational Resilience Act Trained Professional (DORATPro) program at: https://www.digital-operational-resilience-act.com/Digital_Operational_Resilience_Act_Trained_Professional_(DORATPro).html.
5. The Critical Entities Resilience Directive Trained Professional (CERDTPro) program at: https://www.critical-entities-resilience-directive.com/Critical_Entities_Resilience_Directive_Trained_Professional_(CERDTPro).html.
If you have already purchased one of our programs, please send us an email, to give you the URL for the discounted cost.
George Lekatis, a well-known expert in risk management and compliance, oversaw the development of this program. He has more than 20,000 hours experience as a seminar leader, and has provided training and executive coaching in information security and risk management to many leading global organizations, in 36 countries.
Contact us
Cyber Risk GmbH
Dammstrasse 16
8810 Horgen
Tel: +41 79 505 89 60
Email: george.lekatis@cyber-risk-gmbh.com
Web: https://www.cyber-risk-gmbh.com
We process and store data in compliance with both, the Swiss Federal Act on Data Protection (FADP) and the EU General Data Protection Regulation (GDPR). The service provider is Hostpoint. The servers are located in the Interxion data center in Zürich, the data is saved exclusively in Switzerland, and the support, development and administration activities are also based entirely in Switzerland.
Understanding Cybersecurity in the European Union.
2. The European Cyber Resilience Act
3. The Digital Operational Resilience Act (DORA)
4. The Critical Entities Resilience Directive (CER)
5. The Digital Services Act (DSA)
6. The Digital Markets Act (DMA)
7. The European Health Data Space (EHDS)
10. European Data Governance Act (DGA)
11. The Artificial Intelligence Act
12. The European ePrivacy Regulation
13. The European Cyber Defence Policy