The EU Digital Services Act (DSA) came into force on 16 November 2022. Imposing specific obligations on internet intermediaries, the DSA has the aim of protecting users' fundamental online rights, streamlining the removal of illegal content, and improving online accountability. As we reported here, the DSA updates and incorporates the E-Commerce Directive (which came into effect in 2000), intending to redefine the legal framework for regulating online content. Whilst the DSA is an EU Regulation and so applies in the EU and not the UK, it may affect UK-based providers, as explained below. We set out below the DSA's implications for brand owners and how it might assist in taking action against online infringement.
Although most of the DSA's provisions will apply from 17 February 2024, very large online platforms (VLOPs) and very large online search engines (VLOSEs) (discussed further below) will be required to comply with their obligations four months after they are designated as such by the EU: online platforms had until 17 February 2023 to publish their number of active monthly users, which will inform the EU's designation process.
Scope of the DSA
The DSA applies to different types of online services providers, with varying degrees of obligations depending on the type, size and reach of the intermediary. Broadly speaking, the types of intermediaries falling under the DSA's remit are:
- intermediary service providers, such as internet access providers, domain name registrars and those offering network infrastructure;
- hosting services, such as cloud and webhosting services;
- online platforms, such as online marketplaces, app stores and social media platforms; and
- VLOPs and VLOSEs, which are defined as those with more than 45 million average monthly users within the EU.
As would be expected, the full gamut of obligations imposed by the DSA will apply to VLOPs and VLOSEs, which are seen as posing increased risk in the dissemination of illegal content. In comparison, micro and small companies are under obligations proportionate to their ability and size.
The extraterritorial nature of the Regulation means that the DSA governs any online intermediaries who provide services to users within the EU, even if they are established outside of the EU (which, post Brexit, obviously includes online service providers established in the UK).
In common with the E-Commerce Directive, the DSA provides a liability exemption for three types of intermediary services: (i) mere conduits (such as internet service providers, Wi-Fi hotspots and domain name registrars), (ii) caching services (such as temporary storage services) and (iii) hosting services (including search engines, online marketplaces, social networks, video sharing platforms and cloud services). Again, in common with the E-Commerce Directive, this exemption is only the starting point: intermediaries may lose the benefit of this exemption, if, for instance, they have "actual knowledge" of illegal content, see more on this below.
In parallel to the EU's DSA, the UK Government is currently taking through Parliament its own framework to improve online safety, the Online Safety Bill (for more information about the OSB, see our OSB hub). Despite their similar aims, however, the two pieces of legislation vary significantly, in scope and the types of obligations imposed. The key similarities and differences between the DSA and OSB are discussed further here, but one key difference of note is that the OSB does not include within its definition of 'illegal content' falling under the Bill content that infringes IP rights.
The DSA and IP Enforcement
The following significant features of the DSA are intended to make the fight against counterfeit goods and IP infringement more streamlined, particularly in respect of repeat infringers.
- Notice and Action Mechanisms – all hosting services must put in place a standardised, user-friendly Notice and Action procedure, so that users of the platform can easily notify the host of infringing and/or illegal content. Once notice has been given, it must be reviewed by the hosting service provider "without undue delay".
This tool is expected to make it easier and quicker (instantaneous, thanks to electronic delivery) for users to report illegal or infringing content. If the information set out in the notice is sufficiently precise and adequately substantiated, this will trigger "actual knowledge" on the part of the hosting service provider, which will remove it from the liability exemption, meaning the host will have to engage with the alleged infringement/illegal activity, and take action if necessary. The hosting service provider will also have an obligation to inform the user of the action taken in response to the notice (if any).
As with the DSA's predecessor, the E-Commerce Directive, hosting service providers will not be able to turn a blind eye or passively allow infringement/illegal activity to continue: once they receive adequate notification they are exposed to liability unless appropriate action is taken.
- Redress Mechanisms for Notice Providers and Users - in addition to the standardised and streamlined Notice and Action mechanism discussed above, providers of online platforms must put in place an internal complaints mechanism to allow notice givers (individuals or entities) to appeal if they are not satisfied with the action taken in respect of their notice. This internal complaints mechanism must also be available to users of the platform whose content is removed as a result of the Notice and Action mechanism, and wish to challenge that removal.
Should a notice giver/user not be satisfied with the outcome of the platform's internal complaints mechanism, the DSA provides for the establishment of independent out-of-court dispute settlement bodies to review a platform's decision. If the dispute settlement body finds in favour of the user or the notice provider (as opposed to the online platform), the platform will have to pay the user's/notice provider's costs.
This should encourage platforms to take appropriate action if they are notified of illegal/infringing content, or risk having their inaction/decision challenged (with cost consequences). This should also encourage increased reporting of illegal and infringing content.
- Trusted Flagger Status – qualifying entities can be awarded trusted flagger status within the context of the improved Notice and Action mechanisms. Trusted flagger notices are submitted via special channels and must be processed and decided upon with priority. This will be particularly useful for brands, which can ask the Member State's Digital Services Coordinator to award this status if they meet the qualifying requirements.
- Legal Representative – as with the General Data Protection Regulation, the DSA applies to all intermediaries offering services to users in the EU, regardless of whether they are established in the EU, or not. Intermediaries that are not established in the EU will have to appoint a legal representative within the EU to ensure that the DSA can be enforced against those non-Member platforms.
- Repeat Infringers Policy - platforms must take steps to protect against repeated misuse e.g., users who repeatedly upload illegal content or submit vexatious notices. The platform will have an obligation to provide clear guidance in its terms and conditions about what will amount to repeated misuse. Where users repeatedly infringe/misuse, the platform will be entitled to suspend the user's account, though it must give advance warning to the user if it intends to take this action. Amazon, for example, has recently issued proceedings in the US against serial filers of false takedown notices.
- Know Your Business Customer – online platforms will need to identify, and take reasonable steps to verify, any third party sellers "at the gate", and will need to ensure that the marketplace presents certain trader information to the user. In conjunction with the improved Notice and Action procedures discussed above (including trusted flaggers), this should discourage rogue sellers of infringing and counterfeit goods.
There is also an obligation for the online platform to conduct random checks on products and services offered via an online marketplace, taking action against third party sellers where necessary, hopefully reducing the scope for IP infringement.
- Increased Transparency – the DSA sets out several layers of transparency obligations (with the most onerous obligations for online platforms, VLOPs and VLOSEs), which will allow rights holders and content providers to be better informed about how and why content is removed, how advertising works and how ranking and recommendations work. Intermediaries will have to produce annual transparency reports (which will also be standardised to allow users to compare data from one intermediary service to another).
It remains to be seen whether the DSA will achieve its aim of ensuring a safe and accountable online environment. However, given the development of the internet over the last 23 years (in scope, size, and technology) the E-Commerce Directive needed to be updated. The changes introduced by the DSA are welcome for brands and IP rights holders, and could signal a new era for the enforcement of IP rights online. However, it relies somewhat on the online service providers implementing the DSA's requirements and brand owners will likely have to be the ones to enforce this.