The final text of the Digital Services Act (DSA)

Preamble 111-120, Digital Services Act (DSA)

(111) The Digital Services Coordinator, as well as other competent authorities designated under this Regulation, play a crucial role in ensuring the effectiveness of the rights and obligations laid down in this Regulation and the achievement of its objectives. Accordingly, it is necessary to ensure that those authorities have the necessary means, including financial and human resources, to supervise all the providers of intermediary services falling within their competence, in the interest of all Union citizens.

Given the variety of providers of intermediary services and their use of advanced technology in providing their services, it is also essential that the Digital Services Coordinator and the relevant competent authorities are equipped with the necessary number of staff and experts with specialised skills and advanced technical means, and that they autonomously manage financial resources to carry out their tasks.

Furthermore, the level of resources should take into account the size, complexity and potential societal impact of the providers of intermediary services falling within their competence, as well as the reach of their services across the Union.

This Regulation is without prejudice to the possibility for Member States to establish funding mechanisms based on a supervisory fee charged to providers of intermediary services under national law in compliance with Union law, to the extent that it is levied on providers of intermediary services having their main establishment in the Member State in question, that it is strictly limited to what is necessary and proportionate to cover the costs for the fulfilment of the tasks conferred upon the competent authorities pursuant to this Regulation, with the exclusion of the tasks conferred upon the Commission, and that adequate transparency is ensured regarding the levying and the use of such a supervisory fee.

(112) The competent authorities designated under this Regulation should also act in complete independence from private and public bodies, without the obligation or possibility to seek or receive instructions, including from the government, and without prejudice to the specific duties to cooperate with other competent authorities, the Digital Services Coordinators, the Board and the Commission.

On the other hand, the independence of those authorities should not mean that they cannot be subject, in accordance with national constitutions and without endangering the achievement of the objectives of this Regulation, to proportionate accountability mechanisms regarding the general activities of the Digital Services Coordinators, such as their financial expenditure or reporting to the national parliaments.

The requirement of independence should also not prevent the exercise of judicial review, or the possibility to consult or regularly exchange views with other national authorities, including law enforcement authorities, crisis management authorities or consumer protection authorities, where appropriate, in order to inform each other about ongoing investigations, without affecting the exercise of their respective powers.

(113) Member States can designate an existing national authority with the function of the Digital Services Coordinator, or with specific tasks to supervise the application and enforce this Regulation, provided that any such appointed authority complies with the requirements laid down in this Regulation, such as in relation to its independence.

Moreover, Member States are in principle not precluded from merging functions within an existing authority, in accordance with Union law. The measures to that effect may include, inter alia, the preclusion to dismiss the president or a board member of a collegiate body of an existing authority before the expiry of their terms of office, on the sole ground that an institutional reform has taken place involving the merger of different functions within one authority, in the absence of any rules guaranteeing that such dismissals do not jeopardise the independence and impartiality of such members.

(114) Member States should provide the Digital Services Coordinator, and any other competent authority designated under this Regulation, with sufficient powers and means to ensure effective investigation and enforcement, in accordance with the tasks conferred on them. This includes the power of competent authorities to adopt interim measures in accordance with national law in case of risk of serious harm.

Such interim measures, which may include orders to terminate or remedy a given alleged infringement, should not go beyond what is necessary to ensure that serious harm is prevented pending the final decision. The Digital Services Coordinators should in particular be able to search for and obtain information which is located in its territory, including in the context of joint investigations, with due regard to the fact that oversight and enforcement measures concerning a provider under the jurisdiction of another Member State or the Commission should be adopted by the Digital Services Coordinator of that other Member State, where relevant in accordance with the procedures relating to cross-border cooperation, or, where applicable, by the Commission.

(115) Member States should set out in their national law, in accordance with Union law and in particular this Regulation and the Charter, the detailed conditions and limits for the exercise of the investigatory and enforcement powers of their Digital Services Coordinators, and other competent authorities where relevant, under this Regulation.

(116) In the course of the exercise of those powers, the competent authorities should comply with the applicable national rules regarding procedures and matters such as the need for a prior judicial authorisation to enter certain premises and legal professional privilege. Those provisions should in particular ensure respect for the fundamental rights to an effective remedy and to a fair trial, including the rights of defence, and, the right to respect for private life. In this regard, the guarantees provided for in relation to the proceedings of the Commission pursuant to this Regulation could serve as an appropriate point of reference.

A prior, fair and impartial procedure should be guaranteed before taking any final decision, including the right to be heard of the persons concerned, and the right to have access to the file, while respecting confidentiality and professional and business secrecy, as well as the obligation to give meaningful reasons for the decisions.

This should not preclude the taking of measures, however, in duly substantiated cases of urgency and subject to appropriate conditions and procedural arrangements. The exercise of powers should also be proportionate to, inter alia the nature and the overall actual or potential harm caused by the infringement or suspected infringement. The competent authorities should take all relevant facts and circumstances of the case into account, including information gathered by competent authorities in other Member States.

(117) Member States should ensure that violations of the obligations laid down in this Regulation can be sanctioned in a manner that is effective, proportionate and dissuasive, taking into account the nature, gravity, recurrence and duration of the violation, in view of the public interest pursued, the scope and kind of activities carried out, as well as the economic capacity of the infringer.

In particular, penalties should take into account whether the provider of intermediary services concerned systematically or recurrently fails to comply with its obligations stemming from this Regulation, as well as, where relevant, the number of recipients of the service affected, the intentional or negligent character of the infringement and whether the provider is active in several Member States.

Where this Regulation provides for a maximum amount of fines or of a periodic penalty payment, this maximum amount should apply per infringement of this Regulation and without prejudice to the modulation of the fines or periodic penalty payments for specific infringements. Member States should ensure that the imposition of fines or periodic penalty payments in respect of infringements should in each individual case be effective, proportionate and dissuasive by setting up national rules and procedures in accordance with this Regulation, taking into account all the criteria concerning the general conditions for imposing the fines or periodic penalty payments.

(118) In order to ensure effective enforcement of the obligations laid down in this Regulation, individuals or representative organisations should be able to lodge any complaint related to compliance with those obligations with the Digital Services Coordinator in the territory where they received the service, without prejudice to this Regulation’s rules on allocation of competences and to the applicable rules on handling of complaints in accordance with national principles of good administration.

Complaints could provide a faithful overview of concerns related to a particular intermediary service provider’s compliance and could also inform the Digital Services Coordinator of any more cross-cutting issues. The Digital Services Coordinator should involve other national competent authorities as well as the Digital Services Coordinator of another Member State, and in particular the one of the Member State where the provider of intermediary services concerned is established, if the issue requires cross-border cooperation.

(119) Member States should ensure that Digital Services Coordinators can take measures that are effective in addressing and proportionate to certain particularly serious and persistent infringements of this Regulation. Especially where those measures can affect the rights and interests of third parties, as may be the case in particular where the access to online interfaces is restricted, it is appropriate to require that the measures are subject to additional safeguards.

In particular, third parties potentially affected should be afforded the opportunity to be heard and such orders should only be issued when powers to take such measures as provided by other acts of Union law or by national law, for instance to protect collective interests of consumers, to ensure the prompt removal of web pages containing or disseminating child pornography, or to disable access to services that are being used by a third party to infringe an intellectual property right, are not reasonably available.

(120) Such an order to restrict access should not go beyond what is necessary to achieve its objective. For that purpose, it should be temporary and be addressed in principle to a provider of intermediary services, such as the relevant hosting service provider, internet service provider or domain registry or registrar, which is in a reasonable position to achieve that objective without unduly restricting access to lawful information.

Note: This is the final text of the Digital Services Act. The full name is "Regulation (EU) 2022/2065 of the European Parliament and of the Council of 19 October 2022 on a Single Market For Digital Services and amending Directive 2000/31/EC (Digital Services Act)".

Contact us

Cyber Risk GmbH
Dammstrasse 16
8810 Horgen
Tel: +41 79 505 89 60


We process and store data in compliance with both, the Swiss Federal Act on Data Protection (FADP) and the EU General Data Protection Regulation (GDPR). The service provider is Hostpoint. The servers are located in the Interxion data center in Zürich, the data is saved exclusively in Switzerland, and the support, development and administration activities are also based entirely in Switzerland.

Understanding Cybersecurity in the European Union.

1. The NIS 2 Directive

2. The European Cyber Resilience Act

3. The Digital Operational Resilience Act (DORA)

4. The Critical Entities Resilience Directive (CER)

5. The Digital Services Act (DSA)

6. The Digital Markets Act (DMA)

7. The European Health Data Space (EHDS)

8. The European Chips Act

9. The European Data Act

10. European Data Governance Act (DGA)

11. The Artificial Intelligence Act

12. The European ePrivacy Regulation

13. The European Cyber Defence Policy

14. The Strategic Compass of the European Union

15. The EU Cyber Diplomacy Toolbox