EU Digital Services Act (DSA) - how will it affect you? - Data Compliant

EU Digital Services Act (DSA) – how will it affect you?

Digital Services Act

There’s a lot of buzz about the new upcoming legislation (Digital Services Act (DSA) and Digital Markets Act (DMA)) for digital services within the EU.  And on 23rd April, Parliament’s Internal Market Committee endorsed the provisionally reached agreement with EU governments on the Digital Services Act.

UK Impact

As these are EU regulations, they will not strictly form part of UK law.  But they will apply to all businesses who offer their services to the EU.  They are also likely to impact the UK’s law reform – and we have already seen some information about the Data Reform Bill in the Queens Speech last week.  

EU Digital Services Act 

The basic principle behind the EU’s Digital Services Act (DSA) is simple: 

If it’s illegal offline … it’s illegal online

The DSA applies to all businesses who act as online intermediaries and provide services in the EU.   The most stringent requirements will affect very large online platforms or search engines – those with over 45 million monthly active users in the EU – for example Google, Facebook, Amazon and so on.

It is designed to protect users’ fundamental rights in digital space, and fight the spread of illegal content and practices. For example, counterfeit online sales, manipulation of information / provision of disinformation, breach of users’ fundamental rights and so on.

Summary of Obligations

For marketers and retailers, the following issues will be particularly relevant:

  • Special protection measures are required to ensure minors’ safety online
  • No targeted advertisements based on the use of minors’ personal data is allowed
  • No targeted advertisements tailored to people’s ethnicity or sexual orientation
  • Additional information must be collected from traders wanting to use selling platforms, and platforms will need to try to verify the information
  • Platforms will need to run random product checks to attempt to avoid sales of counterfeit or dangerous products
  • Dark patterns (for example “bait and switch”, disguised ads, hidden costs, friend spam, misdirection etc) are banned
  • Platforms using algorithms to help online users access relevant content or information, will need to provide some explanation of how the algorithms work.
  • Large platforms will have to offer users a system for recommending content that is not based on such profiling.
  • Promoted content must be clearly labelled as such

Other more general requirements include:

  • Strict requirements to remove illegal content, and to moderate content which may be harmful
  • Consumers will be able to seek compensation for damages caused by a non-compliant platform 
  • Crisis mechanism has been added – to enable the Commission to mandate specific actions around the crisis (for example taking down war propaganda in the case of Russia – Ukraine war).

Penalties for non-compliance

Large platforms will have to assess these risks routinely, and take steps to minimise them. Their risk assessments will be subject to independent audits – failing the audit could lead to fines up to 6% of global turnover.

The DSA runs in parallel with the Digital Markets Act (DMA) – more of that in my next blog.


Victoria Tuffill

20th May 2022

If you are concerned about this new legislation, or would like to chat about how it might impact you and your business, just get in touch.  Call us on 01787 277742 or email  And do have a look at our services to see if we can help you with your more general data protection needs.