Search
Contact
21.02.2024 | KPMG Law Insights, KPMG Law Insights

The Digital Services Act – what does it mean for companies?

The Digital Services Act (DSA) is a key component of the EU’s digital strategy and came into force on November 16, 2022. As a regulation, the DSA applies directly without the need for transposition into national law. Providers of intermediary services still have time until February 17, 2024, to implement the requirements. Online platforms within the scope of the DSA had to publish their end-user figures and report them to the EU Commission. On this basis, it is being examined whether the platforms and search engines should be classified as “Very Large Online Platform” (“VLOP”) or “Very Large Online Search Engines” (“VLOSE”). The Commission published the first results on April 25, 2023. Some providers affected by this have now filed a lawsuit against their classification as a VLOP. But what exactly does the Digital Services Act actually regulate?

What is the Digital Services Act about?

The DSA is intended to ensure greater legal certainty and transparency in the digital markets. The regulation also aims to strengthen consumers’ rights and combat illegal content on digital services. Therefore, the regulation also provides for additional liabilities. Ultimately, the Commission wants the Digital Services Act to promote competition and innovation.

The scope of the Digital Services Act

The regulation applies to digital service providers that offer goods, services or content to consumers. This covers all online intermediaries and platforms, such as online marketplaces, social networks, content sharing platforms, app stores and search engines, that offer their services in the EU – regardless of where they are based.

These are the obligations that suppliers face

The obligations of online companies vary depending on their role, size and impact in the online environment. The regulation classifies providers into four tiers of increasing regulatory intensity. A distinction is made between pure intermediary services (Level 1), hosting providers (Level 2), online platforms (Level 3) and VLOPs/VLOSEs (Level 4).

An intermediary service provider (Level 1) is any company that provides information society services, such as caching or hosting. In principle, any provider who mediates services on the Internet in return for payment is covered; the scope of application of the DSA is thus very broad. Level 1 providers are subject in particular to new information and transparency obligations. However, the most important point at this stage is the liability relief for intermediary services. They are liable for illegal content only if they had actual knowledge of the illegality.

Hosting providers (Level 2), for example cloud computing services or web hosting services, must establish procedures for reporting and remedying infringements, including copyright or trademark infringements, in addition to Level 1 obligations in the future.

In addition to the obligations of levels 1 and 2, online platforms (level 3) will in future be subject to bans on “dark patterns” and other manipulative practices to influence user behavior. For example, the design of the termination process must not make it more difficult to terminate a service than the process of signing up for that service. Furthermore, the Commission may in the future issue guidelines in dealing with identified “dark patterns.” Furthermore, additional measures must be taken to protect minors.

By far the most intensive regulation concerns VLOPs and VLOSEs (Level 4). These are online platforms and online search engines with an average of more than 45 million users per month. The classification as VLOP or VLOSE is made by decision of the EU Commission. Currently, 17 online platforms are among the VLOPs and two search engines are considered VLOSEs. Among other things, these are subject to stricter transparency requirements. For example, personnel resources used for content moderation must be provided and the average monthly number of users must be published. In addition, increased requirements apply to risk and crisis management. In particular, providers will be required to conduct risk assessments regarding the dissemination of illegal content or, for example, adverse effects on social debate, electoral processes, or public safety before introducing new features. They are also required to undergo an independent audit once a year.

The implementation effort of all regulations of the DSA is immense and poses enormous financial and organizational challenges for the parties concerned.

Violations are subject to enormous fines

Companies that violate the DSA regulations face high fines and penalty payments: These can amount to up to 5 percent of the daily average revenue. Fines are capped at up to 6 percent of total global annual turnover.

Action against classification as a very large online platform

Companies can bring an action against the classification as a Very Large Online Platform or Very Large Search Engine before the Court of Justice of the European Union (EGC). Several online platforms have already made use of this. One of the largest international online retailers justified its action before the EGC on the grounds that it was not the largest retailer in any EU country. If it were still classified as a VLOP, this would put it at a disadvantage compared to national online retailers. Another online retailer justified its complaint against classification as a VLOP by claiming that the EU Commission had misinterpreted its user figures. The relevant number of users would not exceed the threshold of 45 million.

Whether the EU will succeed in banning illegal content from online services remains to be seen. In any case, the resistance of the online giants makes it clear that the implementation of the DSA will not be easy. The changes required are far-reaching and in part likely to significantly impact existing business practices in the online space. For VLOPs and VLOSEs in particular, the Digital Markets Act (DMA) can additionally play a major role, which also imposes numerous additional obligations on large online platforms.

In view of the high fines that could be imposed from February 17, 2024, companies should check as soon as possible whether they fall within the scope of the DSA. If so, they should ensure that they meet the new compliance regulations.

Explore #more

27.05.2025 | KPMG Law Insights

Cell Phone Inspections at US Border and Beyond: What to Expect

Key facts: U.S. immigration officials monitor public social media data and travelers should be prepared to share details about their personal social media accounts. All…

23.05.2025 | KPMG Law Insights

Business Travel and Assignment in the USA: What you need to know about US immigration

The recent changes in US immigration rules are causing uncertainty worldwide. In particular, since the new US government took office, processes regarding entry into the…

14.05.2025 | KPMG Law Insights

BGH on customer installations: Decision orders application in line with the directive

In a ruling dated May 13, 2025, the BGH classified the supply infrastructure in the specific case of a residential complex in Zwickau as a…

13.05.2025 | In the media

KPMG Law expert in Spiegel article on energy policy

Dirk-Henning Meier, Senior Manager in the energy law department at KPMG Law, is quoted in a recent article on energy policy in Der Spiegel.…

13.05.2025 | Career, In the media

azur Karriere Magazin – All AI or what?

Artificial intelligence has long since arrived in law firms and legal departments. But dealing with it is a skill that needs to be learned. Many…

13.05.2025 | KPMG Law Insights

Initial experience with the Single-Use Plastics Fund Act: what manufacturers should bear in mind

Beverage cups, foil and plastic cigarette filters litter streets, parks and sidewalks. The cleaning costs are borne by the local authorities. The Disposable Plastics Fund…

07.05.2025 | KPMG Law Insights

Termination of fixed-term rental agreements in the case of pre-leasing

In the case of a pre-leasing, the tenancy only begins at a later date, usually the handover date. In such cases, the contracting parties usually…

06.05.2025 | In the media

Wirtschaftswoche honors KPMG Law

KPMG Law was named “TOP Law Firm 2025” in the field of M&A by WirtschaftsWoche. Ian Maywald, Partner at KPMG Law in Munich, was…

06.05.2025 | KPMG Law Insights

Social insurance obligation for teachers – transitional rule creates clarity

Teachers and lecturers are often hired on a self-employed basis. This practice makes the German pension insurance fund sit up and take notice. It is…

02.05.2025 | In the media

KPMG Law Statement in FINANCE Magazine: How CFOs can save up to 80 percent in the legal department

The cost pressure in companies is increasing – also in legal departments. Two strategies have now become established to save 50 to 80 percent of…

Contact

Francois Heynike, LL.M. (Stellenbosch)

Partner
Head of Technology Law

THE SQUAIRE Am Flughafen
60549 Frankfurt am Main

Tel.: +49-69-951195770
fheynike@kpmg-law.com

Dr. Anna-Kristine Wipper

Partner
Head of Technology Law

Heidestraße 58
10557 Berlin

Tel.: +49 30 530199731
awipper@kpmg-law.com

© 2024 KPMG Law Rechtsanwaltsgesellschaft mbH, associated with KPMG AG Wirtschaftsprüfungsgesellschaft, a public limited company under German law and a member of the global KPMG organisation of independent member firms affiliated with KPMG International Limited, a Private English Company Limited by Guarantee. All rights reserved. For more details on the structure of KPMG’s global organisation, please visit https://home.kpmg/governance.

 KPMG International does not provide services to clients. No member firm is authorised to bind or contract KPMG International or any other member firm to any third party, just as KPMG International is not authorised to bind or contract any other member firm.

Scroll