DSA compliance guide – be prepared for the DSA
scale(8.33333)%22%3E%3CclipPath%20id=%22a%22%3E%3Cpath%20d=%22M0%200h56.693v56.693H0z%22/%3E%3C/clipPath%3E%3Cg%20clip-path=%22url(%23a)%22%3E%3Cpath%20d=%22M28.346.0C12.795.0-.001%2012.796-.001%2028.347s12.796%2028.347%2028.347%2028.347%2028.347-12.796%2028.347-28.347C56.676%2012.803%2043.89.017%2028.346.0m-9.259%2042.735h-6.448V22.3h6.448zM15.7%2019.748h-.046A3.583%203.583.0%200111.8%2016.206c0-2.018%201.558-3.547%203.939-3.547q.156-.014.312-.014a3.6%203.6.0%20013.581%203.555c0%201.98-1.51%203.548-3.934%203.548m29.19%2022.987h-7.312V32.162c0-2.767-1.144-4.657-3.659-4.657a3.7%203.7.0%2000-3.492%202.5%204.7%204.7.0%2000-.157%201.67v11.06h-7.244s.093-18.729.0-20.432h7.244v3.207c.428-1.4%202.743-3.4%206.437-3.4%204.582.0%208.183%202.939%208.183%209.267z%22%20style=%22fill:%238a959b;fill-rule:nonzero%22/%3E%3C/g%3E%3C/g%3E%3C/svg%3E)
%22%3E%3Cpath%20d=%22M12.12%201.176c5.846.0%2010.591%204.615%2010.591%2010.299.0%205.683-4.745%2010.298-10.591%2010.298-5.845.0-10.591-4.615-10.591-10.298.0-5.684%204.746-10.299%2010.591-10.299zM6.331%2017.264H17.91C18.308%2017.264%2018.649%2017.123%2018.932%2016.839%2019.216%2016.556%2019.358%2016.215%2019.358%2015.817V7.132C19.358%206.734%2019.216%206.394%2018.932%206.11%2018.649%205.827%2018.308%205.685%2017.91%205.685H6.331C5.932%205.685%205.592%205.827%205.308%206.11c-.283.284-.425.624-.425%201.022v8.685c0%20.398.142.739000000000001.425%201.022C5.592%2017.123%205.932%2017.264%206.331%2017.264zm0-8.684%205.789%203.618L17.91%208.58v7.237H6.331V8.58zm0-1.448H17.91l-5.79%203.619L6.331%207.132z%22%20style=%22fill:%238a959b%22/%3E%3C/g%3E%3C/svg%3E)
Since February 17, 2024, digital service providers are required to comply with a comprehensive catalog of obligations set out in the Digital Services Act (DSA). Not sure where to start preparing?
Therefore, we have prepared a brief checklist on how to prepare for the DSA. The guide includes basic points and needs to be adapted to the individual needs of your organization. If you have any questions, please contact our team.
1. Check if the DSA applies to you
Does your company or service fall under the scope of the DSA?
a) The DSA applies to providers that have an establishment in the EU.
b) If the establishment is outside the EU, the DSA will apply to the provider if there is a so-called substantial connection with the EU. For example, if the provider has a significant number of users or recipients of the service in the EU or targets its activities to one or more Member States.
Thus, the DSA applies to all providers of intermediary services if they offer their services in the EU.
2. Check what type of intermediary you are
- Mere conduit (access) provider
- Caching provider
- Hosting provider
- Online platform provider
- Online B2C marketplace provider (i.e., online platforms that allow consumers to conclude contracts with traders at a distance)
- Provider of very large online platforms and very large online search engines
3. Check what types of obligations apply to you
This step will be the basis of the process for ensuring compliance with the DSA. Below is a general overview of obligations prepared by the European Commission and adopted by the Czech Ministry of Industry and Trade (MPO). The list of obligations needs to be individually adjusted depending on the type of intermediary service your company provides.
| New obligations | Intermediary services (comulative obligations) | Hosting services (comulative obligations) | Online platforms (comulative obligations) | Very large online platforms (comulative obligations) |
|---|---|---|---|---|
| Transparency reporting | ✓ | ✓ | ✓ | ✓ |
| Requirements on terms of service due account of fundamental rights | ✓ | ✓ | ✓ | ✓ |
| Cooperation with national authorities following orders | ✓ | ✓ | ✓ | ✓ |
| Points of contact and, where necessary, legal representative | ✓ | ✓ | ✓ | ✓ |
| „Notice and action“ and obligation to provide information to users | ✓ | ✓ | ✓ | |
| Reporting criminal offences | ✓ | ✓ | ✓ | |
| Complaint and redress internal mechanism and out of court dispute settlement | ✓ | ✓ | ||
| Trusted flaggers | ✓ | ✓ | ||
| Measures against abusive notices and counter-notice | ✓ | ✓ | ||
| Special obligations for marketplaces, e.g. vetting credentials of third party suppliers, compliance by design, random checks | ✓ | ✓ | ||
| Bans on targeted adverts to children and those based on special characteristics of users | ✓ | ✓ | ||
| Transparency of recommender systems | ✓ | ✓ | ||
| User-facing transparency of online advertising | ✓ | ✓ | ||
| Risk management obligations and crisis response | ✓ | |||
| External and independent auditing | ✓ | |||
| User choice not to have recommendations based on profiling | ✓ | |||
| Data sharing with authorities and researchers | ✓ | |||
| Codes of conduct | ✓ | |||
| Crisis response cooperation | ✓ |
4. Project planning for implementing obligations according to the DSA
Many obligations arising from the DSA cannot be implemented overnight and need time to be introduced and launched in your company. Therefore, we recommend including in the implementation plan:
- Defining the scope of your service.
- Categorizing your service according to the DSA.
- Analysis of weaknesses and deficiencies.
- Risk analysis.
- Project plan (project planning, involvement of all responsible persons, and defining own priorities).
- Implementation of a structure to ensure compliance with the DSA.
- Monitoring and following new regulations by the European Commission. We welcome all such acts as they will provide us with further details and interpretation.
- Conducting controls and updates taking into account the measures taken.
If you are interested in more information or in an offer of our legal services, please do not hesitate contact us at info@stuchlikova.com or call +420 222 767 393.