The final text of the Digital Services Act (DSA)

Preamble 101-110, Digital Services Act (DSA)

(101) The Commission should be in possession of all the necessary resources, in terms of staffing, expertise, and financial means, for the performance of its tasks under this Regulation. In order to ensure the availability of the resources necessary for the adequate supervision at Union level under this Regulation, and considering that Member States should be entitled to charge providers established in their territory a supervisory fee to in respect of the supervisory and enforcement tasks exercised by their authorities, the Commission should charge a supervisory fee, the level of which should be established on an annual basis, on very large online platforms and very large online search engines.

The overall amount of the annual supervisory fee charged should be established on the basis of the overall amount of the costs incurred by the Commission to exercise its supervisory tasks under this Regulation, as reasonably estimated beforehand. Such amount should include costs relating to the exercise of the specific powers and tasks of supervision, investigation, enforcement and monitoring in respect of providers of very large online platforms and of very large online search engines, including costs related to the designation of very large online platforms and of very large online search engines or to the set up, maintenance and operation of the databases envisaged under this Regulation.

It should also include costs relating to the set-up, maintenance and operation of the basic information and institutional infrastructure for the cooperation among Digital Services Coordinators, the Board and the Commission, taking into account the fact that in view of their size and reach very large online platforms and very large online search engines have a significant impact on the resources needed to support such infrastructure.

The estimation of the overall costs should take into account the supervisory costs incurred in the previous year including, where applicable, those costs exceeding the individual annual supervisory fee charged in the previous year. The external assigned revenues resulting from the annual supervisory fee could be used to finance additional human resources, such as contractual agents and seconded national experts, and other expenditure related to the fulfilment of the tasks entrusted to the Commission by this Regulation.

The annual supervisory fee to be charged on providers of very large online platforms and of very large online search engines should be proportionate to the size of the service as reflected by the number of its active recipients of the service in the Union. Moreover, the individual annual supervisory fee should not exceed an overall ceiling for each provider of very large online platforms or of very large online search engines taking into account the economic capacity of the provider of the designated service or services.

(102) To facilitate the effective and consistent application of the obligations in this Regulation that may require implementation through technological means, it is important to promote voluntary standards covering certain technical procedures, where the industry can help develop standardised means to support providers of intermediary services in complying with this Regulation, such as allowing the submission of notices, including through application programming interfaces, or standards related to terms and conditions or standards relating to audits, or standards related to the interoperability of advertisement repositories.

In addition, such standards could include standards related to online advertising, recommender systems, accessibility and the protection of minors online. Providers of intermediary services are free to adopt the standards, but their adoption does not presume compliance with this Regulation. At the same time, by providing best practices, such standards could in particular be useful for relatively small providers of intermediary services. The standards could distinguish between different types of illegal content or different types of intermediary services, as appropriate.

(103) The Commission and the Board should encourage the drawing-up of voluntary codes of conduct, as well as the implementation of the provisions of those codes in order to contribute to the application of this Regulation. The Commission and the Board should aim that the codes of conduct clearly define the nature of the public interest objectives being addressed, that they contain mechanisms for independent evaluation of the achievement of those objectives and that the role of relevant authorities is clearly defined.

Particular attention should be given to avoiding negative effects on security, the protection of privacy and personal data, as well as to the prohibition on imposing general monitoring obligations. While the implementation of codes of conduct should be measurable and subject to public oversight, this should not impair the voluntary nature of such codes and the freedom of interested parties to decide whether to participate.

In certain circumstances, it is important that very large online platforms cooperate in the drawing-up and adhere to specific codes of conduct. Nothing in this Regulation prevents other service providers from adhering to the same standards of due diligence, adopting best practices and benefitting from the guidelines provided by the Commission and the Board, by participating in the same codes of conduct.

(104) It is appropriate that this Regulation identify certain areas of consideration for such codes of conduct. In particular, risk mitigation measures concerning specific types of illegal content should be explored via self- and co-regulatory agreements. Another area for consideration is the possible negative impacts of systemic risks on society and democracy, such as disinformation or manipulative and abusive activities or any adverse effects on minors.

This includes coordinated operations aimed at amplifying information, including disinformation, such as the use of bots or fake accounts for the creation of intentionally inaccurate or misleading information, sometimes with a purpose of obtaining economic gain, which are particularly harmful for vulnerable recipients of the service, such as minors. In relation to such areas, adherence to and compliance with a given code of conduct by a very large online platform or a very large online search engine may be considered as an appropriate risk mitigating measure.

The refusal without proper explanations by a provider of an online platform or of an online search engine of the Commission’s invitation to participate in the application of such a code of conduct could be taken into account, where relevant, when determining whether the online platform or the online search engine has infringed the obligations laid down by this Regulation. The mere fact of participating in and implementing a given code of conduct should not in itself presume compliance with this Regulation.

(105) The codes of conduct should facilitate the accessibility of very large online platforms and very large online search engines, in compliance with Union and national law, in order to facilitate their foreseeable use by persons with disabilities. In particular, the codes of conduct could ensure that the information is presented in a perceivable, operable, understandable and robust way and that forms and measures provided pursuant to this Regulation are made available in a manner that is easy to find and accessible to persons with disabilities.

(106) The rules on codes of conduct under this Regulation could serve as a basis for already established self-regulatory efforts at Union level, including the Product Safety Pledge, the Memorandum of understanding on the sale of counterfeit goods on the internet, the Code of conduct on countering illegal hate speech online, as well as the Code of Practice on Disinformation. In particular for the latter, following the Commission’s guidance, the Code of Practice on Disinformation has been strengthened as announced in the European Democracy Action Plan.

(107) The provision of online advertising generally involves several actors, including intermediary services that connect publishers of advertisements with advertisers. Codes of conduct should support and complement the transparency obligations relating to advertising for providers of online platforms, of very large online platforms and of very large online search engines set out in this Regulation in order to provide for flexible and effective mechanisms to facilitate and enhance the compliance with those obligations, notably as concerns the modalities of the transmission of the relevant information.

This should include facilitating the transmission of the information on the advertiser who pays for the advertisement when they differ from the natural or legal person on whose behalf the advertisement is presented on the online interface of an online platform. The codes of conduct should also include measures to ensure that meaningful information about the monetisation of data is appropriately shared throughout the value chain.

The involvement of a wide range of stakeholders should ensure that those codes of conduct are widely supported, technically sound, effective and offer the highest levels of user-friendliness to ensure that the transparency obligations achieve their objectives. In order to ensure the effectiveness of codes of conduct, the Commission should include evaluation mechanisms in drawing up the codes of conduct. Where appropriate, the Commission may invite the Fundamental Rights Agency or the European Data Protection Supervisor to express their opinions on the respective code of conduct.

(108) In addition to the crisis response mechanism for very large online platforms and very large online search engines, the Commission may initiate the drawing up of voluntary crisis protocols to coordinate a rapid, collective and cross-border response in the online environment. Such can be the case, for example, where online platforms are misused for the rapid spread of illegal content or disinformation or where the need arises for rapid dissemination of reliable information.

In light of the important role of very large online platforms in disseminating information in our societies and across borders, providers of such platforms should be encouraged in drawing up and applying specific crisis protocols.

Such crisis protocols should be activated only for a limited period of time and the measures adopted should also be limited to what is strictly necessary to address the extraordinary circumstance. Those measures should be consistent with this Regulation, and should not amount to a general obligation for the participating providers of very large online platforms and of very large online search engines to monitor the information which they transmit or store, nor actively to seek facts or circumstances indicating illegal content.

(109) In order to ensure adequate oversight and enforcement of the obligations laid down in this Regulation, Member States should designate at least one authority with the task to supervise the application and enforce this Regulation, without prejudice to the possibility to designate an existing authority and to its legal form in accordance with national law.

Member States should, however, be able to entrust more than one competent authority, with specific supervisory or enforcement tasks and competences concerning the application of this Regulation, for example for specific sectors where existing authorities may also be empowered, such as electronic communications’ regulators, media regulators or consumer protection authorities, reflecting their domestic constitutional, organisational and administrative structure.

In the exercise of their tasks, all competent authorities should contribute to the achievement of the objectives of this Regulation, namely to the proper functioning of the internal market for intermediary services where the harmonised rules for a safe, predictable and trusted online environment that facilitates innovation, and in particular the due diligence obligations applicable to different categories of providers of intermediary services, are effectively supervised and enforced, with a view to ensure that fundamental rights, as enshrined in the Charter, including the principle of consumer protection, are effectively protected. This Regulation does not require Member States to confer on competent authorities the task to adjudicate on the lawfulness of specific items of content.

(110) Given the cross-border nature of the services at stake and the horizontal range of obligations introduced by this Regulation, one authority appointed with the task of supervising the application and, where necessary, enforcing this Regulation should be identified as a Digital Services Coordinator in each Member State. Where more than one competent authority is appointed to supervise the application of, and enforce, this Regulation, only one authority in that Member State should be designated as a Digital Services Coordinator.

The Digital Services Coordinator should act as the single contact point with regard to all matters related to the application of this Regulation for the Commission, the Board, the Digital Services Coordinators of other Member States, as well as for other competent authorities of the Member State in question. In particular, where several competent authorities are entrusted with tasks under this Regulation in a given Member State, the Digital Services Coordinator should coordinate and cooperate with those authorities in accordance with the national law setting their respective tasks and without prejudice to the independent assessment of the other competent authorities.

While not entailing any hierarchical supraordination over other competent authorities in the exercise of their tasks, the Digital Services Coordinator should ensure effective involvement of all relevant competent authorities and should timely report their assessment in the context of cooperation on supervision and enforcement at Union level.

Moreover, in addition to the specific mechanisms provided for in this Regulation as regards cooperation at Union level, Member State should also ensure cooperation among the Digital Services Coordinator and other competent authorities designated at national level, where applicable, through appropriate tools, such as by pooling of resources, joint task forces, joint investigations and mutual assistance mechanisms.

Note: This is the final text of the Digital Services Act. The full name is "Regulation (EU) 2022/2065 of the European Parliament and of the Council of 19 October 2022 on a Single Market For Digital Services and amending Directive 2000/31/EC (Digital Services Act)".

Contact us

Cyber Risk GmbH
Dammstrasse 16
8810 Horgen
Tel: +41 79 505 89 60


We process and store data in compliance with both, the Swiss Federal Act on Data Protection (FADP) and the EU General Data Protection Regulation (GDPR). The service provider is Hostpoint. The servers are located in the Interxion data center in Zürich, the data is saved exclusively in Switzerland, and the support, development and administration activities are also based entirely in Switzerland.

Understanding Cybersecurity in the European Union.

1. The NIS 2 Directive

2. The European Cyber Resilience Act

3. The Digital Operational Resilience Act (DORA)

4. The Critical Entities Resilience Directive (CER)

5. The Digital Services Act (DSA)

6. The Digital Markets Act (DMA)

7. The European Health Data Space (EHDS)

8. The European Chips Act

9. The European Data Act

10. European Data Governance Act (DGA)

11. The Artificial Intelligence Act

12. The European ePrivacy Regulation

13. The European Cyber Defence Policy

14. The Strategic Compass of the European Union

15. The EU Cyber Diplomacy Toolbox