Internet Explorer 11 (IE11) is not supported. For the best experience please open using Chrome, Firefox, Safari or MS Edge

Like the GDPR, the DSA has extraterritorial scope and applies to intermediary service providers who offer services to users in the EU. Our Technology team outlines the factors in determining whether a service provider is within the geographical scope of the DSA.


Overview of the DSA

The Digital Services Act (DSA) establishes a framework for new obligations of transparency, accountability and fairness for intermediary service providers in the EU.

It is critical for service providers to determine whether they are in scope of this new regime. Importantly, the DSA has both a ‘service scope’ which sets out the kinds of services which are in scope (see our article here and video here) as well as a ‘geographic scope’ which determines whether the service provider is captured based on where it offers its services.

Do I ‘offer’ services into the EU?

The DSA applies to intermediary service providers that offer their services to users based in the European Union, irrespective of whether the intermediary service provider is established in the European Union.

A key part of determining whether an intermediary service provider offers services in the EU is the concept of a “substantial connection” to the EU. This will be satisfied when the intermediary service provider is established in an EU Member State. It will primarily be regulated in the Member State where it has its main establishment by the national Digital Services Coordinator. In Ireland, this will be Coimisiún na Meán.

However, very large online platforms (VLOPs) and search engines (VLOSEs), i.e. those with an average monthly user base of more than 45 million, will be subject to additional obligations. The European Commission will have primary regulatory oversight over VLOPs and VLOSEs.

Where a service provider does not have an establishment in the EU, the DSA will apply where the provider has a “substantial connection” to the EU.

This substantial connection will be determined by certain factual criteria, such as where the number of users in one or more Member States is significant to their population, or where the service provider ‘targets’ one or more Member States.

What does targeting mean?

Targeting can be established by a number of different factors, including:

  • Offering the service in a language or currency used in an EU Member State
  • The possibility of ordering goods or services in an EU Member State
  • A top-level domain in an EU Member State, such as the .ie domain
  • The availability of the service in the relevant national app store
  • The provision of local advertising or advertising in local languages, and
  • Offering support in Member State(s)’ local languages

Importantly, mere technical accessibility of the service in a Member State is not enough to demonstrate a ‘substantial connection’.

Requirement to appoint a legal representative

Where an intermediary service provider is not established in the EU but is subject to the DSA, it will be required to appoint a legal representative to engage with relevant national authorities. The legal representative has to be appointed in one of the Member States in which the service provider offers services. The representative must be provided with sufficient resources and powers to comply with their obligations.

A representative under the DSA can be liable for infringements of the DSA by the service provider. While a large number of service providers currently offer representative services under the GDPR’s similar requirement, it seems unlikely this will be replicated in respect of the DSA because of this possibility.

Conclusion

Determining whether your intermediary service is subject to the DSA is crucial. While it is a straightforward analysis for intermediary service providers who are established in the EU, a greater consideration of broader factors is required for those providers who are not established in the EU.

For more information and expert guidance on the likely impact of the Digital Services Act and its obligations on your business, contact a member of our Technology team.

People also ask

Is the EU Digital Services Act in force?

The Digital Services Act entered into force on 16 November 2022. The majority of its obligations apply from 17 February 2024 although it applied to VLOPs and VLOSEs from 25 August 2023.

Does the Digital Services Act apply to UK?

The Digital Services Act will apply to intermediary service providers in the UK who offer services to recipients in the EU.

Who is in scope of the DSA?

  • Caching’ and ‘mere conduit’ services, such as internet access providers
  • ‘Hosting services’ being services consisting of the storage of information provided by, and at the request of, a recipient of the service
  • ‘Online platforms’, being a subset of hosting services that also disseminate information to the public, such as social media and online marketplaces
  • Very large online platforms and search engines (VLOPs and VLOSEs), being online platforms which have an average monthly user base in the EU of at least 45 million

Who will enforce the Digital Services Act?

The DSA will be enforced at a national level by Digital Services Coordinators. Very large online platforms and very large online search engines will primarily be regulated by the European Commission.

Who is affected by the Digital Services Act?

Intermediary service providers, online marketplaces, very large online platforms and very large online search engines.

The content of this article is provided for information purposes only and does not constitute legal or other advice.



Share this: