Protecting Your Business in a Digital World
The EU Digital Services Act has changed the rules for online businesses. So, if your company operates online in the European Union, it affects you too.
This legislation aims to create a safer and more accountable online environment. But what does it mean for your day-to-day operations, and how can you stay on the right side of the law?
Here’s what you need to understand and how we assist.
What is the EU Digital Services Act?
The Digital Services Act (DSA) focuses on online intermediaries, like online marketplaces, social media platforms, content-sharing sites, app stores, and cloud and web hosting services.
It’s part of a broader effort by the EU to regulate the digital economy alongside the Digital Markets Act (DMA).
The DSA’s primary goals are to: Protect users’ fundamental rights online.
Users have stronger rights under the DSA. This includes the right to complain about content moderation decisions and the right to know why they see specific advertisements.
Tackle illegal content, products, and services.
You need systems to quickly remove illegal content (like hate speech or terrorist propaganda) reported by users or authorities. This isn’t just about reacting; it’s about having proactive processes.
Verify business sellers.
Online marketplaces must collect and verify the identities of businesses that sell on their platforms. This is to protect consumers from counterfeit goods and rogue traders.
Increase transparency and accountability for online platforms.
You must be open about how your algorithms work. For example, if you use algorithms to recommend content or target advertising, you need to explain this to users in a clear, easy-to-understand way.
Foster innovation and competition in the digital market.
You must operate in a way that supports a fair digital marketplace. This means not engaging in practices that could unfairly disadvantage smaller competitors or give your services an undue advantage if you’re a larger platform. The DSA requires you to actively contribute to a level playing field where innovation can thrive.
The DSA sets out the responsibilities of online intermediaries. Regardless of where you are globally, if you connect European users to goods, services, or content, you fall under the DSA’s scope.
Digital Services Act Compliance: What You Need to Do
The DSA has different rules depending on the size and nature of your online service.
Smaller companies have fewer obligations than very large online platforms (VLOPs) and very large online search engines (VLOSEs). VLOPs and VLOSEs are platforms with more than 45 million average monthly users in the EU.
However, all businesses covered by the DSA must:
- Have clear terms and conditions. Your terms of service must be easy to understand and explain how you moderate content.
- Cooperate with national authorities. Processes must be in place to respond to orders from EU Member States to remove illegal content or provide information.
- Report criminal offences. If you become aware of information suggesting a serious criminal offence involving a threat to life or safety, you must inform law enforcement.
- Establish a point of contact. You need a designated point of contact for authorities and a legal representative if you don’t have a physical presence in the EU.
VLOPs and VLOSEs have additional responsibilities, including:
- Annual risk assessments. You must identify, analyse, and assess systemic risks related to your services. This includes risks related to illegal content, fundamental rights, the spread of disinformation, and public security.
- Risk mitigation measures. You must put “reasonable, proportionate and effective” measures in place to address the risks identified in your assessments.
- Independent audits. Independent auditors must review your risk assessments and mitigation measures.
- Transparency reporting. You must publish regular reports on your content moderation practices, risk assessments, and other aspects of DSA compliance.
- Data access for researchers. VLOPs and VLOSEs must provide access to specific data to vetted researchers to enable scrutiny of how they address illegal content and societal risks.
DSA Business Impact: It’s More Than Just Fines
Failing to follow the regulations can lead to significant Digital Services Act penalties.
The fines can be up to 6% of your company’s global annual turnover. That’s a considerable financial risk for any business. A platform could even be banned from operating in the EU for serious, repeated offences.
But the impact goes beyond money:
- Reputational Damage. Non-compliance can seriously harm your company’s reputation. Consumers are increasingly concerned about online safety and data privacy.
- Operational Disruption. If regulators find you in breach of the DSA, they can order you to change your services, which could be disruptive and costly.
- Legal Challenges. Users or other businesses could take legal action against you if they believe you’ve violated the DSA.
EU Regulations for Online Platforms: Beyond the DSA
The DSA is part of a broader push by the EU to regulate the digital economy. It complements other key regulations, like:
The General Data Protection Regulation (GDPR) focuses on protecting personal data online.
The Digital Operational Resilience Act (DORA) ensures financial businesses can manage cyberattacks and tech disruptions.
The Digital Markets Act (DMA) looks at large companies controlling access to key digital services to prevent anti-competitive practices.The upcoming Artificial Intelligence (AI) Act will regulate how businesses develop and use AI.
DSA Cybersecurity Requirements and How 7ASecurity Can Help
The DSA doesn’t just set rules for content moderation. It also touches on cybersecurity.
While it doesn’t have detailed technical requirements like the Network and Information Security Directive (NIS2), it expects you to take steps to protect your systems and users’ data.
Although it’s not explicitly mentioned in the Act, this is why you need threat-led penetration testing (TLPT).
TLPT, a sophisticated form of penetration testing, simulates real-world cyberattacks. It goes beyond simple vulnerability scanning. TLPT helps you identify weaknesses in your defences before attackers exploit them.
It’s a proactive approach that aligns perfectly with the DSA’s emphasis on risk assessment and mitigation.
7ASecurity’s penetration tests and security audits help you identify and fix weaknesses before they become problems.
We take a rigorous, manual approach, ensuring you get validated results and avoid false positives. Our services also include training for your teams, expert advice to prepare your business for compliance, and more.
