EU’s DSA and DMA Receive Final Approval - What’s Next?

The Digital Services Act (DSA) and the Digital Markets Act (DMA) are legislative proposals of the European Commission that aim to build a safer online space by protecting users’ fundamental rights and establishing a fair playing field for businesses.

While the proposals for DSA and DMA were made back in 2020, they received the final greenlight only in October 2022. The long-awaited approval of these regulations is the ideal moment to review their development timeline, take a look at their key focal points, find out when they will enter into full force, and gain an understanding of the changes that will follow. Read ahead for all the details!

DMA Vs. DSA: What’s the Difference?

The DSA and DMA together comprise the Digital Services Package, a set of laws expected to have considerable influence not only in Europe but also worldwide by defining new standards for digital consumer business.

The main goals of these initiatives are as follows:

• DSA: to ensure transparency, accountability, and user safety for online platforms by modernizing the eCommerce Directive adopted in 2000. The DSA aims to harmonize various laws in the EU that have arisen at national levels to address illegal content, like the German NetzDG and the French Loi Avia. Under the DSA, such local laws would be overwritten to create a unified legal framework for all EU jurisdictions.
• DMA: to set clear rules for the operations of large online platforms, specifically Big Tech companies. The DMA will classify certain platforms as "gatekeepers", depending on their number of users, capitalization, and turnover, making them subject to new obligations. Some companies that are likely to fall into this category include Google, Amazon, Apple, and Facebook. The Act’s aim is to prevent industry giants from abusing their power and ensure new players can enter the market.

Now that the key focal points of the DMA and DSA are clear, let’s take a look at the way they were developed and review the deadlines by which they should be applied.

The DSA & DMA Development Timeline

Here’s an overview of the Digital Services Package's evolution throughout the years:

• 15 December 2020 - The European Commission made the proposals for the DSA and DMA.
• 25 March 2022 - A political agreement was reached on the Digital Markets Act.
• 22 April 2022 - The European Parliament and the EU Member States reached a consensus on the Digital Services Act.
• 5 July 2022 - The European Parliament approved the DSA along with the DMA.
• 14 September 2022 - The DMA was signed into law by the Presidents of the Parliament and the Council, which concluded the legislative procedure.
• 4 October 2022 - The European Council gave its final approval to the Regulation on a Digital Services Act, which marks the final step for the DSA to come to life.
• 12 October 2022 - The Digital Markets Act was published in the Official Journal. The regulation will enter into force 20 days after this date and become fully applicable on 2 May 2023.

The DSA hasn’t been registered in the Official Journal of the European Union as of 12 October 2022. However, it is agreed that this initiative will enter into force on the twentieth day following its publication.

The service providers that fall under the DSA regulation will then have time until 1 January 2024 to establish full compliance with it. However, large online platforms will have to apply the DSA earlier - four months after its publication.

With the deadlines approaching, it is only natural to wonder if these new legislative pieces will affect your organization. Find out below!

Which Businesses Will the DSA and DMA Affect?

The extent to which the new rules will affect your company depends on the type of online business, its size of operations, and other characteristics. Here’s a brief overview of what to expect:

DSA

The Digital Services Act (DSA) will mostly concern online intermediaries, such as:

• Online marketplaces
• Social networks
• App stores
• Online travel platforms
• Cloud services

Such companies will be obliged to carry out an annual assessment to identify and address systemic risks linked to their services. The risks that need to be evaluated are mainly related to:

• The spread of illegal content
• Public security
• Negative effects on civic discourse and electoral processes
• Targeted advertising based on sensitive personal data

All in all, the DSA requires fundamental adjustments in the digital services infrastructure. Medium-size platforms will also need to take care of these aspects and put in place new monitoring and reporting mechanisms. Besides, the DSA is expected to boost the development of automated solutions for advanced content review.

DMA

To qualify as a gatekeeper under the DMA, a company should have:

• A yearly revenue of €7,5 billion, a market value of €75 billion, or more than 45 billion unique monthly visitors on its online platform. However, the EU Commission can also appoint gatekeepers, so companies like Booking or Zalando could be potentially added to the list even though they don’t qualify with the general criteria.
• A significant impact on the market and be a critical intermediary for businesses to reach end users.
• An established position on the market.

Many tech giants match these criteria and thus have to comply with the DMA regulations. In an attempt to even the playing field for competition, the Digital Markets Act bans such activities as:

• Sharing data between services without user consent
• Ranking the companies’ own products or services higher than those of third parties
• Tracking end users outside of the gatekeepers’ platform for targeted advertising without consent

The rules introduced by the DMA could also prevent such services as iMessage and Amazon from displaying their products and services above those of the competitors and cause significant changes in Google and Meta’s advertisement data-gathering practices.

Bottom Line: Assess the Risks and Address Them

If your company falls under the gatekeeper category according to the DMA or is a large-scale intermediary platform or hosting service that matches the DSA criteria, big changes are coming your way.

However, be prepared that even if your business will not be directly impacted by the new rules, it is most likely to face indirect consequences, with one of the most obvious influences associated with the restrictions of personalized target advertisements.

Although the impact of the DMA and DSA will not be the same for all businesses as it was with the GDPR, experts advise putting the insights gained during that era into practice. Thus, whether you run a small, medium, or large company, it’s critical to develop an understanding of the new rules as soon as possible, assess your organization’s status, and make relevant changes to prevent last-minute hasty adjustments.