The final text of the Digital Services Act (DSA)
Preamble 121-130, Digital Services Act (DSA)
(121) Without prejudice to the provisions on the exemption from liability provided for in this Regulation as regards the information transmitted or stored at the request of a recipient of the service, a provider of intermediary services should be liable for the damages suffered by recipients of the service that are caused by an infringement of the obligations set out in this Regulation by that provider. Such compensation should be in accordance with the rules and procedures set out in the applicable national law and without prejudice to other possibilities for redress available under consumer protection rules.
(122) The Digital Services Coordinator should regularly publish, for example on its website, a report on the activities carried out under this Regulation. In particular, the report should be published in a machine-readable format and include an overview of complaints received and of their follow-up, such as the overall number of complaints received and the number of complaints that led to the opening of a formal investigation or to the transmission to other Digital Services Coordinators, without referring to any personal data.
Given that the Digital Services Coordinator is also made aware of orders to take action against illegal content or to provide information regulated by this Regulation through the information sharing system, the Digital Services Coordinator should include in its annual report the number and categories of such orders addressed to providers of intermediary services issued by judicial and administrative authorities in its Member State.
(123) In the interest of clarity, simplicity and effectiveness, the powers to supervise and enforce the obligations under this Regulation should be conferred to the competent authorities in the Member State where the main establishment of the provider of intermediary services is located, that is, where the provider has its head office or registered office within which the principal financial functions and operational control are exercised.
In respect of providers that are not established in the Union, but that offer services in the Union and therefore fall within the scope of this Regulation, the Member State where those providers appointed their legal representative should have competence, considering the function of legal representatives under this Regulation.
In the interest of the effective application of this Regulation, all Member States or the Commission, where applicable, should, however, have competence in respect of providers that failed to designate a legal representative. That competence may be exercised by any of the competent authorities or the Commission, provided that the provider is not subject to enforcement proceedings for the same facts by another competent authority or the Commission.
In order to ensure that the principle of ne bis in idem is respected, and in particular to avoid that the same infringement of the obligations laid down in this Regulation is sanctioned more than once, each Member State that intends to exercise its competence in respect of such providers should, without undue delay, inform all other authorities, including the Commission, through the information sharing system established for the purpose of this Regulation.
(124) In view of their potential impact and the challenges involved in effectively supervising them, special rules are needed regarding the supervision and enforcement in respect of providers of very large online platforms and of very large online search engines. The Commission should be responsible, with the support of national competent authorities where relevant, for oversight and public enforcement of systemic issues, such as issues with a wide impact on collective interests of recipients of the service.
Therefore, the Commission should have exclusive powers of supervision and enforcement of the additional obligations to manage systemic risks imposed on providers of very large online platforms and of very large online search engines by this Regulation. The exclusive powers of the Commission should be without prejudice to certain administrative tasks assigned by this Regulation to the competent authorities of the Member State of establishment, such as the vetting of researchers.
(125) The powers of supervision and enforcement of due diligence obligations, other than the additional obligations to manage systemic risks imposed on providers of very large online platforms and of very large online search engines by this Regulation, should be shared by the Commission and by the national competent authorities.
On the one hand, the Commission could in many instances be better placed to address systemic infringements committed by those providers, such as those affecting multiple Member States or serious repeated infringements or concerning a failure to establish effective mechanisms required by this Regulation. On the other hand, the competent authorities in the Member State where the main establishment of a provider of very large online platform or of very large online search engine is located could be better placed to address individual infringements committed by those providers, that do not raise any systemic or cross-border issues.
In the interest of efficiency, to avoid duplication and to ensure compliance with the principle of ne bis in idem, it should be for the Commission to assess whether it deems it appropriate to exercise those shared competences in a given case and, once it has initiated proceedings, Member States should no longer have the ability to do so. Member States should cooperate closely both with each other and with the Commission, and the Commission should cooperate closely with the Member States, in order to ensure that the system of supervision and enforcement set up by this Regulation functions smoothly and effectively.
(126) The rules of this Regulation on the allocation of competence should be without prejudice to the provisions of Union law and national rules on private international law concerning jurisdiction and applicable law in civil and commercial matters, such as proceedings brought by consumers in the courts of the Member State where they are domiciled in accordance with relevant provisions of Union law.
Regarding the obligations imposed by this Regulation on providers of intermediary services to inform the issuing authority of the effect given to the orders to act against illegal content and orders to provide information, the rules on allocation of competence should only apply to the supervision of enforcement of those obligations, but not to other matters related to the order, such as the competence to issue the order.
(127) Given the cross-border and cross-sectoral relevance of intermediary services, a high level of cooperation is necessary to ensure the consistent application of this Regulation and the availability of relevant information for the exercise of enforcement tasks through the information sharing system. Cooperation may take different forms depending on the issues at stake, without prejudice to specific joint investigation exercises.
It is in any case necessary that the Digital Services Coordinator of establishment of a provider of intermediary services informs other Digital Services Coordinators about issues, investigations and actions which are going to be taken vis à vis such a provider. Moreover, when a competent authority in a Member State holds relevant information for an investigation carried out by the competent authorities in the Member State of establishment, or is able to gather such information located in its territory to which the competent authorities in the Member State of establishment do not have access, the Digital Services Coordinator of destination should assist the Digital Services Coordinator of establishment in a timely manner, including through the exercise of its powers of investigation in accordance with the applicable national procedures and the Charter.
The addressee of such investigatory measures should comply with them and be liable in case of failure to comply, and the competent authorities in the Member State of establishment should be able to rely on the information gathered through mutual assistance, in order to ensure compliance with this Regulation.
(128) The Digital Services Coordinator of destination, in particular on the basis of complaints received or of the input of other national competent authorities where appropriate, or the Board in case of issues involving at least three Member States, should be able to ask the Digital Services Coordinator of establishment to take investigatory or enforcement actions with regard to a provider under its competence.
Such requests for action should be based on well-substantiated evidence showing the existence of an alleged infringement with negative impact on collective interests of the recipients of the service in its Member State or having a negative societal impact.
The Digital Services Coordinator of establishment should be able to rely on mutual assistance or invite the requesting Digital Services Coordinator to a joint investigation in case further information is needed to take a decision, without prejudice to the possibility to request the Commission to assess the matter if it has reason to suspect that a systemic infringement by a very large online platform or a very large online search engine may be at stake.
(129) The Board should be able to refer the matter to the Commission in case of any disagreement as to the assessments or the measures taken or proposed or of a failure to adopt any measures in accordance with this Regulation following a cross-border cooperation request or a joint investigation.
Where the Commission, on the basis of the information made available by the concerned authorities, considers that the proposed measures, including the proposed level of fines, cannot ensure the effective enforcement of the obligations laid down in this Regulation, it should accordingly be able to express its serious doubts and request the competent Digital Services Coordinator to re-assess the matter and take the necessary measures to ensure compliance with this Regulation within a defined period.
This possibility is without prejudice to the Commission’s general duty to oversee the application of, and where necessary enforce, Union law under the control of the Court of Justice of the European Union in accordance with the Treaties.
(130) In order to facilitate cross-border supervision and investigations of obligations laid down in this Regulation involving several Member States, the Digital Services Coordinators of establishment should be able, through the information sharing system, to invite other Digital Services Coordinators to a joint investigation concerning an alleged infringement of this Regulation.
Other Digital Services Coordinators, and other competent authorities, where appropriate, should be able to join the investigation proposed by the Digital Services Coordinator of establishment, unless the latter considers that an excessive number of participating authorities may affect the effectiveness of the investigation taking into account the features of the alleged infringement and the lack of direct effects on the recipients of the service in those Member States.
Joint investigation activities may include a variety of actions to be coordinated by the Digital Services Coordinator of establishment in accordance with the availabilities of the participating authorities, such as coordinated data gathering exercises, pooling of resources, task forces, coordinated requests for information or common inspections of premises.
All competent authorities participating in a joint investigation should cooperate with the Digital Services Coordinator of establishment, including by exercising their powers of investigation within their territory, in accordance with the applicable national procedures. The joint investigation should be concluded within a given timeframe with a final report taking into account the contribution of all participating competent authorities.
Also the Board, where this is requested by at least three Digital Services Coordinators of destination, may recommend to a Digital Services Coordinator of establishment to launch such joint investigation and give indications on its organisation. In order to avoid deadlocks, the Board should be able to refer the matter to the Commission in specific cases, including where the Digital Services Coordinator of establishment refuses to launch the investigation and the Board does not agree with the justification given.
Note: This is the final text of the Digital Services Act. The full name is "Regulation (EU) 2022/2065 of the European Parliament and of the Council of 19 October 2022 on a Single Market For Digital Services and amending Directive 2000/31/EC (Digital Services Act)".
Contact us
Cyber Risk GmbH
Dammstrasse 16
8810 Horgen
Tel: +41 79 505 89 60
Email: george.lekatis@cyber-risk-gmbh.com
Web: https://www.cyber-risk-gmbh.com
We process and store data in compliance with both, the Swiss Federal Act on Data Protection (FADP) and the EU General Data Protection Regulation (GDPR). The service provider is Hostpoint. The servers are located in the Interxion data center in Zürich, the data is saved exclusively in Switzerland, and the support, development and administration activities are also based entirely in Switzerland.
Understanding Cybersecurity in the European Union.
2. The European Cyber Resilience Act
3. The Digital Operational Resilience Act (DORA)
4. The Critical Entities Resilience Directive (CER)
5. The Digital Services Act (DSA)
6. The Digital Markets Act (DMA)
7. The European Health Data Space (EHDS)
10. European Data Governance Act (DGA)
11. The Artificial Intelligence Act
12. The European ePrivacy Regulation
13. The European Cyber Defence Policy