At the end of April 2022, a political agreement was reached at EU level on a new legislation within the field of cyber law, the Digital Services Act (hereinafter the "DSA"). The last remaining step is now to formally adopt it. DSA is a part of the Digital Single Market, an EU project to unite the EU digital market, increase competition in the internal market and strengthen the protection for consumers.  

With the ever-ongoing technological development, the landscape for digital services looks completely different today than it did just some decades ago. The range of intermediary services has increased, cross-border e-commerce with consumers is a part of everyday life and more and more people are present on various social platforms. At the same time, the internet is a place for illegal content and illegal sales, which poses a threat to the rights of individuals both in terms of internet users and consumers. The DSA aims to protect and strengthen these rights.

The most important news in short

Classification of service providers
Digital service providers are divided into four categories - intermediary services (e.g., internet providers and domain name agents), hosting services (e.g., cloud services and web hosting), online platforms (e.g., app stores and social media) and very large online platforms (online platforms that reach at least 10 percent of the consumers in the EU). There are different obligations depending on the classification. Providers of very large online platforms have the most obligations while providers of intermediary services have the least.

Greater focus on consumer rights
Among other things, the DSA contains provisions on traceability for traders who direct their operations towards consumers. The traceability includes, for example, an obligation to provide contact information and, through self-certification, to commit to offering only lawful products and services. Traders are also prohibited, among other things, from trying to persuade consumers to make a certain choice through the platform's layout, for example by giving one alternative a more prominent place than others or by urging the recipient to change their choice via pop-ups.

Increased transparency
Service providers are required to be open and transparent. This requirement includes stating information about the number of service recipients and, if the company is or has been the subject of it, stating the number of injunctions, notifications or disputes. For supervisory and research purposes, there is a right to certain data from very large online platforms for the purpose of reviewing compliance and for an increased understanding of systematic risks.

Sanctions and supervision
In the event of breaches of its obligations under the DSA, service providers may be subject to sanctions of up to 6% of the global turnover. Supervision and control of compliance is carried out by the respective supervisory authorities of each Member State (for very large online platforms, this is done in cooperation with the European Commission).

KPMG's comments

The DSA is a part of the ongoing harmonization of the EU digital market. It will therefore replace the Member States' respective regulations in this area. In the case of Sweden, the DSA is presumed to affect, among other things, the Act on Electronic Commerce and other Information Society Services (2002:562) and the Act (1998:112) on Responsibility for Electronic Bulletin Boards. A harmonized regulation should lead to an increased predictability for operators on the digital market, which should be beneficial for the compliance of the DSA.

An increased predictability means that the requirements and frameworks for starting and conducting digital operations within the EU becomes clearer. This should facilitate the process of operating within the EU. Requiring traders to commit to only offering products and services that comply with local and EU laws should lead to a more credible market where only legitimate traders compete. In this sense, the DSA may not only be beneficial for individuals and consumers, but also traders.

For operators that will be covered by the DSA, such as e-commerce traders, providers of social media platforms, providers of ordering or booking platforms as well as cloud service providers, it is important to review routines and to adapt them to the legislation once it enters into force. It is important in this regard to have user terms in place in advance that clearly guarantee users' right to fundamental rights, such as the right to freedom of expression, freedom of information and equal treatment, as well as any restrictions that apply when using a service. In addition, it is recommended to continuously analyze risks and, if necessary, take preventive measures. This includes, among other things, conducting regular inspections of the products sold on the platform, reviewing the marketing routines and reviewing the mechanisms that are in place to remove any illegal content quickly and effectively.

KPMG continuously monitors legal matters regarding cyber law and will update the text if needed.

Feel free to contact us if you have any questions regarding the matter.

Read more
The article in Swedish

Kontakta oss