Image by Gerd Altmann from Pixabay

DSA: EU Commission’s guidance.

The Digital Service Act (REGULATION (EU) 2022/2065 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of October 19, 2022 on a single market for digital services and amending Directive 2000/31/EC (Digital Services Regulation)) was published in the Official Journal of the European Union on 27/10/2022 and-according to Article 93- entered into force on 16/11/2022 and will apply from 17/2/2024.

On 1/2/2023, the European Commission issued a press release entitled “Digital Service Act: Commission provides guidance to online platforms and search engines on publishing user numbers in the EU.”.

That press release refers to the webpage entitled “DSA: Guidance on the requirement to publish user numbers” from which it is possible to download the document titled “Questions and Answers on identification and counting of active recipients of the service under the Digital Services Act” which consists of 13 questions with answers (we only quote the questions at the bottom) to clarify the obligations under Article 24 of the DSA, entitled “Transparency reporting obligations for providers of online platforms.”

The document just mentioned refers to Article 24(2) of the DSA that states:

2. By 17 February 2023 and at least once every six months thereafter, providers shall publish for each online platform or online search engine, in a publicly available section of their online interface, information on the average monthly active recipients of the service in the Union, calculated as an average over the period of the past six months and in accordance with the methodology laid down in the delegated acts referred to in Article 33(3), where those delegated acts have been adopted.

Aim of our investigation

Our investigation aims to verify whether the DSA applies to those who voluntarily and freely operate instances by providing online platforms and search engines.

Analysis of the definitions of DSA

From the aforementioned stringent text of the press release, it appears that:

  • the EU Commission published a guide consisting of 13 questions and answers, inviting online platforms and online search engines to answer practical questions about the DSA provisions regarding the obligation to publish the number of users;
  • according to the guidelines:
    • answering the questions is not mandatory;
    • responses must be submitted by February 17, 2023;
  • the guidance (DSA: Guidance on the requirement to publish user numbers) addresses providers of:
    • online platforms and
    • online search engines.

To have a more accurate and in-depth picture regarding the mentioned guidance, it is necessary to clarify:

  1. which services are mentioned (online platforms and search engines) and
  2. which parties are involved.

Regarding point 1., the DSA provides the definitions in Article 3(1), namely as follows:

(i)  ‘online platformmeans a hosting service that, at the request of a recipient of the service, stores and disseminates information to the public, unless that activity is a minor and purely ancillary feature of another service or a minor functionality of the principal service and, for objective and technical reasons, cannot be used without that other service, and the integration of the feature or functionality into the other service is not a means to circumvent the applicability of this Regulation;

(j)  ‘online search enginemeans an intermediary service that allows users to input queries in order to perform searches of, in principle, all websites, or all websites in a particular language, on the basis of a query on any subject in the form of a keyword, voice request, phrase or other input, and returns results in any format in which information related to the requested content can be found;

To understand the above definitions well, it is necessary to have recourse to others also contained in Article 3(1), namely:

(g)  ‘intermediary servicemeans one of the following information society services:

(i)  a ‘mere conduit’ service, consisting of the transmission in a communication network of information provided by a recipient of the service, or the provision of access to a communication network;

(ii)  a ‘caching’ service, consisting of the transmission in a communication network of information provided by a recipient of the service, involving the automatic, intermediate and temporary storage of that information, performed for the sole purpose of making more efficient the information's onward transmission to other recipients upon their request;

(iii)  a ‘hosting’ service, consisting of the storage of information provided by, and at the request of, a recipient of the service;


However, the investigation is not yet finished because to understand even better the meaning of the services defined in Article 3, it is necessary to resort to the following:

Whereas
(5) This Regulation should apply to providers of certain information society services as defined in Directive (EU) 2015/1535 of the European Parliament and of the Council, that is, any service normally provided for remuneration, at a distance, by electronic means and at the individual request of a recipient. Specifically, this Regulation should apply to providers of intermediary services, and in particular intermediary services consisting of services known as ‘mere conduit’, ‘caching’ and ‘hosting’ services, given that the exponential growth of the use made of those services, mainly for legitimate and socially beneficial purposes of all kinds, has also increased their role in the intermediation and spread of unlawful or otherwise harmful information and activities.

(13)Considering the particular characteristics of the services concerned and the corresponding need to make the providers thereof subject to certain specific obligations, it is necessary to distinguish, within the broader category of providers of hosting services as defined in this Regulation, the subcategory of online platforms. Online platforms, such as social networks or online platforms allowing consumers to conclude distance contracts with traders, should be defined as providers of hosting services that not only store information provided by the recipients of the service at their request, but that also disseminate that information to the public at the request of the recipients of the service. However, in order to avoid imposing overly broad obligations, providers of hosting services should not be considered as online platforms where the dissemination to the public is merely a minor and purely ancillary feature that is intrinsically linked to another service, or a minor functionality of the principal service, and that feature or functionality cannot, for objective technical reasons, be used without that other or principal service, and the integration of that feature or functionality is not a means to circumvent the applicability of the rules of this Regulation applicable to online platforms. For example, the comments section in an online newspaper could constitute such a feature, where it is clear that it is ancillary to the main service represented by the publication of news under the editorial responsibility of the publisher. In contrast, the storage of comments in a social network should be considered an online platform service where it is clear that it is not a minor feature of the service offered, even if it is ancillary to publishing the posts of recipients of the service. For the purposes of this Regulation, cloud computing or web-hosting services should not be considered to be an online platform where dissemination of specific information to the public constitutes a minor and ancillary feature or a minor functionality of such services.

(28) ... Likewise, services used for communications purposes, and the technical means of their delivery, have also evolved considerably, giving rise to online services such as Voice over IP, messaging services and web-based email services, where the communication is delivered via an internet access service. Those services, too, can benefit from the exemptions from liability, to the extent that they qualify as ‘mere conduit’, ‘caching’ or ‘hosting’ services.

(29) ... Intermediary services may be provided in isolation, as a part of another type of intermediary service, or simultaneously with other intermediary services. Whether a specific service constitutes a ‘mere conduit’, ‘caching’ or ‘hosting’ service depends solely on its technical functionalities, which might evolve in time, and should be assessed on a case-by-case basis.

(41) In that regard, it is important that the due diligence obligations are adapted to the type, size and nature of the intermediary service concerned. This Regulation therefore sets out basic obligations applicable to all providers of intermediary services, as well as additional obligations for providers of hosting services and, more specifically, providers of online platforms and of very large online platforms and of very large online search engines. To the extent that providers of intermediary services fall within a number of different categories in view of the nature of their services and their size, they should comply with all the corresponding obligations of this Regulation in relation to those services.

Further considerations arise from an examination of Article 15(2) and Article 19 of the DSA, respectively, titled “Transparency reporting obligations for providers of intermediary services” and “Exclusion for micro and small enterprises”

Article 15(2) states:

1. Paraghraph 1 of this Article shall not apply to providers of intermediary services that qualify as micro or small enterprises as defined in Recommendation 2003/361/EC and which are not very large online platforms within the meaning of Article 33 of this Regulation.

Article 19 states:

1. This Section, with the exception of Article 24(3) thereof, shall not apply to providers of online platforms that qualify as micro or small enterprises as defined in Recommendation 2003/361/EC.

This Section, with the exception of Article 24(3) thereof, shall not apply to providers of online platforms that previously qualified for the status of a micro or small enterprise as defined in Recommendation 2003/361/EC during the 12 months following their loss of that status pursuant to Article 4(2) thereof, except when they are very large online platforms in accordance with Article 33.

2. By derogation from paragraph 1 of this Article, this Section shall apply to providers of online platforms that have been designated as very large online platforms in accordance with Article 33, irrespective of whether they qualify as micro or small enterprises.

Conclusions

The Digital Agenda for Europe has resulted in legislative overproduction at the European level, which-until now and barring errors-is expressed in the following “Acts” and measures:

  1. The European Cyber Resilience Act
  2. The Digital Operational Resilience Act (DORA)
  3. The Critical Entities Resilience Directive (CER)
  4. The Digital Services Act (DSA)
  5. The Digital Markets Act (DMA)
  6. The European Health Data Space (EHDS)
  7. The European Chips Act 
  8. The European Data Act 
  9. European Data Governance Act (DGA) 
  10. The Artificial Intelligence Act 
  11. The European ePrivacy Regulation 
  12. The EU Cyber Defence Policy Framework
  13. The NIS 2 Directive

The European Digital Agenda is based on the concept of digital sovereignty (we have already written about this in previous contributions), so much so that the list mentioned above of legislative measures shows that there is a clear intention to implement a legislative framework with an ad hoc regulatory framework for digital.

From our point of view, this is an ambitious project also because it is not easy to circumscribe “digital” in a list of laws.

Returning to the topic of this contribution, it is not entirely clear who provides the services of online platforms and search engines.

The main indication emerges from Whereas(5) where it states: “This Regulation should apply to providers of certain information society services as defined in Directive (EU) 2015/1535 of the European Parliament and of the Council (5), that is, any service normally provided for remuneration, at a distance, by electronic means and at the individual request of a recipient.

The term “normally” suggests that the service could also be provided free of charge, i.e., “unpaid.”

Another interesting aspect is in Whereas(41) regarding duties of care, when it specifies: “basic obligations applicable to all providers of intermediary services, as well as additional obligations for providers of hosting services and, more specifically, providers of online platforms and of very large online platforms and of very large online search engines.”.

Whereas(41), therefore, brings out another aspect related to the dimensions of the service provider, given that it provides a distinction between providers of

  • online platforms;
  • very large online platforms;
  • very large online search engines.

It is clear, therefore, that the criterion used by the European legislature for the applicability of the DSA refers to the size of the enterprise.

Thus, two crucial aspects emerge, namely:

  • one must deal with enterprises;
  • reference is made to the large size of the enterprise.

Those to whom the DSA applies should be the so-called “gatekeepers.”

All this determines - in our opinion - the exclusion from the applicability of the DSA to all those entities that are not “enterprises” and are not “very large.”

Indeed, on the Internet and especially (but not only) in the so-called “Fediverse” there are many subjects, often individuals, associations, and foundations, that are non-profit and, therefore, are not “enterprises”. Thus, such entities should be excluded from the DSA regulations. The efforts of these entities who voluntarily and freely set up online services available to anyone should be appreciable, mainly because of the effort required to set up the services and the costs incurred.

Our conclusions are also applicable for services considered “meta-search engines” such as SearXNG because they do not qualify as “search engines” and because they are operated by entities that are not businesses as specified.

The conclusions about the non-applicability of the DSA also apply to services that provide communication systems based on open protocols such as XMPP and Matrix.

Questions

  1. What is the scope of the obligation under the DSA concerning the identification and counting of average monthly active recipients of the service?
  2. What does “publish […] information on the average monthly active recipients of the service in the Union” in Article 24(2) DSA mean? Do providers of online platforms or of search engines have the obligation to publish the actual number of active recipients of their service on their online interface?
  3. Does the DSA require providers of online platform and of online search engine service(s) to notify the published numbers to the Commission?
  4. Where does a provider of online platform or of online search engine need to publish information on average monthly active recipients of its service in the Union?
  5. When does a recipient of an online platform service need to be considered as an “active recipient” of that service?
  6. When does a recipient of an online search engine service need to be considered an “active recipient” of that service?
  7. Do providers of online platforms that allow consumers to conclude distance contracts with traders need to count only consumers as active recipients or also traders offering their products or services on those platforms?
  8. Do providers of online platforms also need to count third party advertisers using those platforms to advertise products or services?
  9. Do only recipients of the service that have purchased a product or a service through an online marketplace need to be counted as “active recipients” of the service?
  10. Do only registered recipients of the service need to be counted as “active recipients” of the service?
  11. Do users that click on a link by mistake or that make superfluous visits to the online platform or to the online search engine need to be counted as “active recipients” of the service?
  12. Are providers of online platforms and of online search engines obliged to avoid double counting or counting inauthentic users (e.g. bots)?
  13. Should providers of hybrid online platforms allowing consumers to conclude distance contracts with traders, i.e. those providers that offer their own products or services alongside third-party products and services, be required to count all visitors to their platforms as “recipients of the service”?

If this resource was helpful, you could contribute by

Buy me a coffee

Or donate via

Liberapay


Follow us on Mastodon

Stay tuned!