Digital Services Act Package: New Regulation, new Responsibilities

06 May, 2022

Digital services are playing an increasingly important role both in the economy and in our social lives. While these services positively impact how we connect, communicate, consume and do business, they also result in new challenges.

The European Commission sees three risks in particular:

  1. the dissemination of illegal content, goods and services,
  2. manipulative algorithms that reinforce disinformation among the public, and
  3. unevenly distributed market power that gives a disproportionate advantage to "BigTech" companies.

To address these risks, new EU laws have been called for to ensure greater security and fair competition on the Internet, specifically also reigning in the behaviour of major technology companies. As of March 2022, the European Council and the European Parliament reached a provisional political agreement on the Digital Markets Act (DMA). On April 23, 2022 an agreement on the new Digital Services Act (DSA) followed. Pending final approvals, the new laws are expected to come into effect in 2023.

The main aspects in 30 seconds

  • The proposals for the DSA and DMA contain comprehensive obligations – ranging from transparency reporting to managing systemic risks and conducting corresponding annual risk audits.
  • Depending on their role, size and type of service, online service providers will have different obligations going forward to help ensure safe and transparent dealings on the Internet.
  • Online service providers should take proactive measures to create trust and transparency for their users while meeting new requirements.
  • Digital Trust is a unique selling point for online service providers and creates a better online environment for everyone.

Your expert

Markus Vehlow is your expert for the Digital Services Act Package at PwC Germany

Markus Vehlow
Partner, Risk Assurance Solutions at PwC Germany

What the new laws mean for online service providers

The Digital Markets Act (DMA) is intended to create fair competitive conditions in Europe. Large online platforms – so-called gatekeepers – are to be prevented from gaining disproportionate power and exploiting it to their advantage.

The Digital Services Act (DSA), on the other hand, aims at protecting consumers. At the same time, however, it is intended to promote innovation, growth and competitiveness in the European single market.

There are overlaps between the DMA and DSA, as some companies and services fall within the scope of both acts. However, due to the different focus of the DMA and DSA, the respective requirements differ.

The DMA specifies do's and don'ts for gatekeepers' day-to-day business operations. The DSA defines cumulative obligations – depending on the nature and size of an online service provider. The larger a provider is and the more extensive the services it offers, the more obligations apply.

Transparency becomes mandatory

The aim of the legislative package is to ensure greater transparency because this enables users to make informed decisions based on risk. Transparency also contributes to continuous improvements in information security, availability and data protection and, last but not least, enables the responsible use of technology. With the new regulation, transparency is no longer just a matter of trust, but will become mandatory.

How online services providers can prepare

Online providers should first understand which category they fall into, as this will determine the scope of obligations. Providers are categorized in the DSA according to the services they offer as follows:

Very large online platforms:
Platforms that have more than 45 million users per month. 

Online platforms:
Online marketplaces, app stores, collaborative economy platforms, and social media platforms

Hosting services:
Cloud and web hosting services

Intermediary services:
Network infrastructure: Internet access providers and domain name registrars.

Effort should not be underestimated

Granted, the most comprehensive obligations with regard to the management of systemic risks and the annual performance of corresponding risk audits only apply to providers of very large online platforms. But providers of intermediary services, hosting services, and online platforms are also required to implement transparency reporting, measures against abusive notices and counter-notices, and vetting credentials of third party suppliers, among other things.

Some of the new obligations can be easily integrated into existing compliance processes. Others require a considerable level of effort from providers subject to DSA and DMA regulations.

Defining and introducing new activities or even entirely new processes in the organization can also involve a certain degree of complexity. Compliance teams will rarely have the means to successfully implement all new obligations without external support.

Infographic about the Digital Services Act Package by PwC Germany

How PwC can help build awareness, guidance and implement focused compliance measures

The first step is to achieve clarity on new requirements to drive gap assessments and implementation plans. We can support online service providers by:

  • Elaborating the requirements and conducting trainings to upskill your teams.
  • Assessing to what extent established processes, procedures and documentation meet the new requirements. 
  • Identifying potential gaps in current measures and developing an action plan to apply adjustments.
  • Supporting the implementation of adjustments in collaboration with relevant stakeholders across your organization.
  • Helping to establish monitoring of information gathering and transparency reporting processes required by the laws.
  • Facilitating the analysis and mitigation of systemic risks to optimize the organization’s compliance risk profile.
  • Preparing or executing an audit of the measures to fulfill the applicable reporting obligations and related commitments.

While the obligations are mandatory, there is a potential to gain added value from the measures you have or need to put in place. We can help you in bringing that value to your organization by:

  • Deriving targeted actions based on your compliance readiness.
  • Helping you integrate required activities into existing processes and procedures.
  • Providing training that helps your teams efficiently address multiple compliance requirements at the same time.

“The European Commission's Digital Services Act package will help make the digital space more legally secure and attractive for citizens, businesses and organizations alike.”

Markus Vehlow,Partner at PwC Germany
Follow us

Contact us

Markus Vehlow

Markus Vehlow

Partner, Risk Assurance Solutions, PwC Germany

Tel: +49 160 7139416

Clarissa Ahnert

Clarissa Ahnert

Senior Manager, PwC Germany