Digital Services Act: What has enforcement been like for the DSA so far?

29 July 2024

The Digital Services Act (‘DSA’) is a European Union (‘EU’) regulation which is primarily regulated by the EU Commission. This new regulation came into force on 16 November 2023 and is now in full effect since 17 February 2024 for all EU Member States.

For a summary of the main obligations of the DSA and what entities it applies to, please see our article here. The primary objective of the DSA is to ensure a secure online environment that safeguards the basic rights of users and promotes fair competition among businesses.

The DSA and Ireland

The Coimisún na Meán (‘CNM’) is the regulator which has been created to deal with the DSA among other digital media regulations in Ireland. The CNM has been steadily hiring and building out their operations since its establishment on 15 March 2023. One of its key actions to date was the publishing of the Draft Online Safety Code on 27 May 2024. This document is quite concise and the CNM is likely to want to expand on this guidance. Importantly, the DSA establishes a framework of responsibilities divided between national competent authorities such as the CNM, and the EU Commission to ensure effective regulation and oversight of digital services within the EU.

Actions the DSA has prompted

While we are still at the early stages of DSA enforcement, we set out early EU cases of interest below.

The EU Commission has brought actions against various platforms. These cases appear to have a common content moderation theme. Trust and safety teams in large social media platforms can often be less well funded than others, and this is well publicised with X.

X

The first action the EU Commission brought was against X, (formerly Twitter), in December 2023. The EU Commission claims that X had breached the DSA regarding risk management of illegal content, content moderation and the measures taken to combat information manipulation on the platform and transparency and giving data access to researchers. The EU Commission opened formal proceedings after conducting a preliminary investigation on X. The EU is seeking information from X about its cuts to its content moderation having noted that X’s transparency report shows that their content moderation team has been reduced by 20%.

The latest breach X is being accused of is their ‘verification’ feature. The verified checkmark, which can be purchased by the X user, is deceiving as it makes users unable to authenticate the accounts they interact with on X. As of 12 July 2024, the EU commission has sent their preliminary findings to X for breaching the DSA. If the preliminary views are confirmed the EU commission could fine X up to 6% of their worldwide annual turnover.

TikTok

The EU Commission brought an action against TikTok in February 2024 regarding transparency and giving data access to researchers but also for protection of minors. The EU Commission are also looking at the risk management of harmful content and addictive design. In TikTok’s case, the EU Commission are focusing on TikTok’s age verification tools.

Finally, the third case already in effect is against TikTok once again in April 2024. This case is for the launch of ‘TikTok Lite’ in France and Spain. Under the DSA, very large online platforms (‘VLOPs’) are required to submit a risk assessment report, which was not submitted by TikTok prior to the launch of the app. The EU Commission is particularly concerned for children as the there is an absence of age verification mechanisms in the app. Since TikTok failed to provide a risk assessment report, the EU Commission put in a formal request for information from TikTok. The EU Commission made clear that if TikTok failed to provide a risk assessment by April 23^rd, then the EU Commission could issue TikTok a penalty worth up to 1% of their total annual income and could face periodic fines that can amount to 5% of their average daily income or their annual turnover worldwide. TikTok confirmed that they have submitted the risk assessment report before the April 23^rddeadline.

For each of these cases an in-depth investigation will be carried out. There will be the opening of formal proceedings where evidence will be gathered.

Difficulties

As this is the first year of the DSA in effect these VLOPs are the first to be under the scrutiny of the EU Commission regarding the implementation of the DSA. Once this first year is finished there will be more information on what is expected for companies to provide and do to meet the requirements of the DSA.

What’s Next?

The outcome of the three cases already taking place will show the general trajectory of the DSA and its enforcement. There are still a lot of unknowns as of the enforcement of the DSA, but this will all become clearer with time.