keyboard_tab Digital Service Act 2022/2065 EN
BG CS DA DE EL EN ES ET FI FR GA HR HU IT LV LT MT NL PL PT RO SK SL SV print pdf
- 2 Art. 23 Measures and protection against misuse
- 1 Art. 28 Online protection of minors
- 1 Art. 30 Traceability of traders
- 1 Art. 31 Compliance by design
- 9 Art. 34 Risk assessment
- 1 Art. 35 Mitigation of risks
- 3 Art. 36 Crisis response mechanism
- 1 Art. 37 Independent audit
- 6 Art. 40 Data access and scrutiny
- 2 Art. 42 Transparency reporting obligations
- 1 Art. 45 Codes of conduct
- 1 Art. 53 Right to lodge a complaint
- 1 Art. 57 Mutual assistance
- 3 Art. 58 Cross-border cooperation among Digital Services Coordinators
- 4 Art. 59 Referral to the Commission
- 2 Art. 64 Development of expertise and capabilities
- 1 Art. 65 Enforcement of obligations of providers of very large online platforms and of very large online search engines
- 1 Art. 72 Monitoring actions
- 2 Art. 82 Requests for access restrictions and cooperation with national courts
- 1 Art. 91 Review
CHAPTER I
GENERAL PROVISIONS
CHAPTER II
LIABILITY OF PROVIDERS OF INTERMEDIARY SERVICES
CHAPTER III
DUE DILIGENCE OBLIGATIONS FOR A TRANSPARENT AND SAFE ONLINE ENVIRONMENT
SECTION 1
Provisions applicable to all providers of intermediary services
SECTION 2
Additional provisions applicable to providers of hosting services, including online platforms
SECTION 3
Additional provisions applicable to providers of online platforms
SECTION 4
Additional provisions applicable to providers of online platforms allowing consumers to conclude distance contracts with traders
SECTION 5
Additional obligations for providers of very large online platforms and of very large online search engines to manage systemic risks
SECTION 6
Other provisions concerning due diligence obligations
CHAPTER IV
IMPLEMENTATION, COOPERATION, PENALTIES AND ENFORCEMENT
SECTION 1
Competent authorities and national Digital Services Coordinators
SECTION 2
Competences, coordinated investigation and consistency mechanisms
SECTION 3
European Board for Digital Services
SECTION 4
Supervision, investigation, enforcement and monitoring in respect of providers of very large online platforms and of very large online search engines
SECTION 5
Common provisions on enforcement
SECTION 6
Delegated and implementing acts
CHAPTER V
FINAL PROVISIONS
- information society service
- recipient of the service
- consumer
- to offer services in the Union
- substantial connection to the Union
- trader
- intermediary service
- mere conduit
- caching
- hosting
- illegal content
- online platform
- online search engine
- dissemination to the public
- distance contract
- online interface
- Digital Services Coordinator of establishment
- Digital Services Coordinator of destination
- active recipient of an online platform
- active recipient of an online search engine
- advertisement
- recommender system
- content moderation
- terms and conditions
- persons with disabilities
- commercial communication
- turnover
- Mere conduit
- Caching
- shall 139
- large 96
- very 96
- information 67
- commission 65
- paragraph 61
- services 59
- pursuant 56
- request 55
- online_platforms 53
- measures 52
- referred 50
- provider 46
- digital 37
- regulation 37
- providers 34
- online_search_engines 34
- specific 33
- board 33
- including 32
- service 31
- data 31
- they 29
- decision 29
- digital_services_coordinator_of_establishment 28
- in article 27
- audit 27
- particular 26
- take 25
- report 25
- traders 25
- concerned 25
- coordinator 25
- the 24
- have 24
- union 24
- online_platform 23
- application 23
- article 22
- providers 22
- account 22
- access 21
- period 21
- compliance 21
- article 20
- from 20
- appropriate 19
- and 18
- relevant 18
- such 18
Article 23
Measures and protection against misuse
1. Providers of online_platforms shall suspend, for a reasonable period of time and after having issued a prior warning, the provision of their services to recipients of the service that frequently provide manifestly illegal_content.
2. Providers of online_platforms shall suspend, for a reasonable period of time and after having issued a prior warning, the processing of notices and complaints submitted through the notice and action mechanisms and internal complaints-handling systems referred to in Articles 16 and 20, respectively, by individuals or entities or by complainants that frequently submit notices or complaints that are manifestly unfounded.
3. When deciding on suspension, providers of online_platforms shall assess, on a case-by-case basis and in a timely, diligent and objective manner, whether the recipient_of_the_service, the individual, the entity or the complainant engages in the misuse referred to in paragraphs 1 and 2, taking into account all relevant facts and circumstances apparent from the information available to the provider of online_platforms. Those circumstances shall include at least the following:
| (a) | the absolute numbers of items of manifestly illegal_content or manifestly unfounded notices or complaints, submitted within a given time frame; |
| (b) | the relative proportion thereof in relation to the total number of items of information provided or notices submitted within a given time frame; |
| (c) | the gravity of the misuses, including the nature of illegal_content, and of its consequences; |
| (d) | where it is possible to identify it, the intention of the recipient_of_the_service, the individual, the entity or the complainant. |
4. Providers of online_platforms shall set out, in a clear and detailed manner, in their terms_and_conditions their policy in respect of the misuse referred to in paragraphs 1 and 2, and shall give examples of the facts and circumstances that they take into account when assessing whether certain behaviour constitutes misuse and the duration of the suspension.
Article 28
Online protection of minors
1. Providers of online_platforms accessible to minors shall put in place appropriate and proportionate measures to ensure a high level of privacy, safety, and security of minors, on their service.
2. Providers of online_platform shall not present advertisements on their interface based on profiling as defined in Article 4, point (4), of Regulation (EU) 2016/679 using personal data of the recipient_of_the_service when they are aware with reasonable certainty that the recipient_of_the_service is a minor.
3. Compliance with the obligations set out in this Article shall not oblige providers of online_platforms to process additional personal data in order to assess whether the recipient_of_the_service is a minor.
4. The Commission, after consulting the Board, may issue guidelines to assist providers of online_platforms in the application of paragraph 1.
SECTION 4
Additional provisions applicable to providers of online_platforms allowing consumers to conclude distance_contracts with traders
Article 30
Traceability of traders
1. Providers of online_platforms allowing consumers to conclude distance_contracts with traders shall ensure that traders can only use those online_platforms to promote messages on or to offer products or services to consumers located in the Union if, prior to the use of their services for those purposes, they have obtained the following information, where applicable to the trader:
| (a) | the name, address, telephone number and email address of the trader; |
| (b) | a copy of the identification document of the trader or any other electronic identification as defined by Article 3 of Regulation (EU) No 910/2014 of the European Parliament and of the Council (40); |
| (c) | the payment account details of the trader; |
| (d) | where the trader is registered in a trade register or similar public register, the trade register in which the trader is registered and its registration number or equivalent means of identification in that register; |
| (e) | a self-certification by the trader committing to only offer products or services that comply with the applicable rules of Union law. |
2. Upon receiving the information referred to in paragraph 1 and prior to allowing the trader concerned to use its services, the provider of the online_platform allowing consumers to conclude distance_contracts with traders shall, through the use of any freely accessible official online database or online_interface made available by a Member State or the Union or through requests to the trader to provide supporting documents from reliable sources, make best efforts to assess whether the information referred to in paragraph 1, points (a) to (e), is reliable and complete. For the purpose of this Regulation, traders shall be liable for the accuracy of the information provided.
As regards traders that are already using the services of providers of online_platforms allowing consumers to conclude distance_contracts with traders for the purposes referred to in paragraph 1 on 17 February 2024, the providers shall make best efforts to obtain the information listed from the traders concerned within 12 months. Where the traders concerned fail to provide the information within that period, the providers shall suspend the provision of their services to those traders until they have provided all information.
3. Where the provider of the online_platform allowing consumers to conclude distance_contracts with traders obtains sufficient indications or has reason to believe that any item of information referred to in paragraph 1 obtained from the trader concerned is inaccurate, incomplete or not up-to-date, that provider shall request that the trader remedy that situation without delay or within the period set by Union and national law.
Where the trader fails to correct or complete that information, the provider of the online_platform allowing consumers to conclude distance_contracts with traders shall swiftly suspend the provision of its service to that trader in relation to the offering of products or services to consumers located in the Union until the request has been fully complied with.
4. Without prejudice to Article 4 of Regulation (EU) 2019/1150, if a provider of an online_platform allowing consumers to conclude distance_contracts with traders refuses to allow a trader to use its service pursuant to paragraph 1, or suspends the provision of its service pursuant to paragraph 3 of this Article, the trader concerned shall have the right to lodge a complaint as provided for in Articles 20 and 21 of this Regulation.
5. Providers of online_platforms allowing consumers to conclude distance_contracts with traders shall store the information obtained pursuant to paragraphs 1 and 2 in a secure manner for a period of six months after the end of the contractual relationship with the trader concerned. They shall subsequently delete the information.
6. Without prejudice to paragraph 2 of this Article, the provider of the online_platform allowing consumers to conclude distance_contracts with traders shall only disclose the information to third parties where so required in accordance with the applicable law, including the orders referred to in Article 10 and any orders issued by Member States’ competent authorities or the Commission for the performance of their tasks under this Regulation.
7. The provider of the online_platform allowing consumers to conclude distance_contracts with traders shall make the information referred to in paragraph 1, points (a), (d) and (e) available on its online_platform to the recipients of the service in a clear, easily accessible and comprehensible manner. That information shall be available at least on the online_platform’s online_interface where the information on the product or service is presented.
Article 31
Compliance by design
1. Providers of online_platforms allowing consumers to conclude distance_contracts with traders shall ensure that its online_interface is designed and organised in a way that enables traders to comply with their obligations regarding pre-contractual information, compliance and product safety information under applicable Union law.
In particular, the provider concerned shall ensure that its online_interface enables traders to provide information on the name, address, telephone number and email address of the economic operator, as defined in Article 3, point (13), of Regulation (EU) 2019/1020 and other Union law.
2. Providers of online_platforms allowing consumers to conclude distance_contracts with traders shall ensure that its online_interface is designed and organised in a way that it allows traders to provide at least the following:
| (a) | the information necessary for the clear and unambiguous identification of the products or the services promoted or offered to consumers located in the Union through the services of the providers; |
| (b) | any sign identifying the trader such as the trademark, symbol or logo; and, |
| (c) | where applicable, the information concerning the labelling and marking in compliance with rules of applicable Union law on product safety and product compliance. |
3. Providers of online_platforms allowing consumers to conclude distance_contracts with traders shall make best efforts to assess whether such traders have provided the information referred to in paragraphs 1 and 2 prior to allowing them to offer their products or services on those platforms. After allowing the trader to offer products or services on its online_platform that allows consumers to conclude distance_contracts with traders, the provider shall make reasonable efforts to randomly check in any official, freely accessible and machine-readable online database or online_interface whether the products or services offered have been identified as illegal.
Article 34
Risk assessment
1. Providers of very large online_platforms and of very large online_search_engines shall diligently identify, analyse and assess any systemic risks in the Union stemming from the design or functioning of their service and its related systems, including algorithmic systems, or from the use made of their services.
They shall carry out the risk assessments by the date of application referred to in Article 33(6), second subparagraph, and at least once every year thereafter, and in any event prior to deploying functionalities that are likely to have a critical impact on the risks identified pursuant to this Article. This risk assessment shall be specific to their services and proportionate to the systemic risks, taking into consideration their severity and probability, and shall include the following systemic risks:
| (a) | the dissemination of illegal_content through their services; |
| (b) | any actual or foreseeable negative effects for the exercise of fundamental rights, in particular the fundamental rights to human dignity enshrined in Article 1 of the Charter, to respect for private and family life enshrined in Article 7 of the Charter, to the protection of personal data enshrined in Article 8 of the Charter, to freedom of expression and information, including the freedom and pluralism of the media, enshrined in Article 11 of the Charter, to non-discrimination enshrined in Article 21 of the Charter, to respect for the rights of the child enshrined in Article 24 of the Charter and to a high-level of consumer protection enshrined in Article 38 of the Charter; |
| (c) | any actual or foreseeable negative effects on civic discourse and electoral processes, and public security; |
| (d) | any actual or foreseeable negative effects in relation to gender-based violence, the protection of public health and minors and serious negative consequences to the person’s physical and mental well-being. |
2. When conducting risk assessments, providers of very large online_platforms and of very large online_search_engines shall take into account, in particular, whether and how the following factors influence any of the systemic risks referred to in paragraph 1:
| (a) | the design of their recommender_systems and any other relevant algorithmic system; |
| (b) | their content_moderation systems; |
| (c) | the applicable terms_and_conditions and their enforcement; |
| (d) | systems for selecting and presenting advertisements; |
| (e) | data related practices of the provider. |
The assessments shall also analyse whether and how the risks pursuant to paragraph 1 are influenced by intentional manipulation of their service, including by inauthentic use or automated exploitation of the service, as well as the amplification and potentially rapid and wide dissemination of illegal_content and of information that is incompatible with their terms_and_conditions.
The assessment shall take into account specific regional or linguistic aspects, including when specific to a Member State.
3. Providers of very large online_platforms and of very large online_search_engines shall preserve the supporting documents of the risk assessments for at least three years after the performance of risk assessments, and shall, upon request, communicate them to the Commission and to the Digital_Services_Coordinator_of_establishment.
Article 35
Mitigation of risks
1. Providers of very large online_platforms and of very large online_search_engines shall put in place reasonable, proportionate and effective mitigation measures, tailored to the specific systemic risks identified pursuant to Article 34, with particular consideration to the impacts of such measures on fundamental rights. Such measures may include, where applicable:
| (a) | adapting the design, features or functioning of their services, including their online_interfaces; |
| (b) | adapting their terms_and_conditions and their enforcement; |
| (c) | adapting content_moderation processes, including the speed and quality of processing notices related to specific types of illegal_content and, where appropriate, the expeditious removal of, or the disabling of access to, the content notified, in particular in respect of illegal hate speech or cyber violence, as well as adapting any relevant decision-making processes and dedicated resources for content_moderation; |
| (d) | testing and adapting their algorithmic systems, including their recommender_systems; |
| (e) | adapting their advertising systems and adopting targeted measures aimed at limiting or adjusting the presentation of advertisements in association with the service they provide; |
| (f) | reinforcing the internal processes, resources, testing, documentation, or supervision of any of their activities in particular as regards detection of systemic risk; |
| (g) | initiating or adjusting cooperation with trusted flaggers in accordance with Article 22 and the implementation of the decisions of out-of-court dispute settlement bodies pursuant to Article 21; |
| (h) | initiating or adjusting cooperation with other providers of online_platforms or of online_search_engines through the codes of conduct and the crisis protocols referred to in Articles 45 and 48 respectively; |
| (i) | taking awareness-raising measures and adapting their online_interface in order to give recipients of the service more information; |
| (j) | taking targeted measures to protect the rights of the child, including age verification and parental control tools, tools aimed at helping minors signal abuse or obtain support, as appropriate; |
| (k) | ensuring that an item of information, whether it constitutes a generated or manipulated image, audio or video that appreciably resembles existing persons, objects, places or other entities or events and falsely appears to a person to be authentic or truthful is distinguishable through prominent markings when presented on their online_interfaces, and, in addition, providing an easy to use functionality which enables recipients of the service to indicate such information. |
2. The Board, in cooperation with the Commission, shall publish comprehensive reports, once a year. The reports shall include the following:
| (a) | identification and assessment of the most prominent and recurrent systemic risks reported by providers of very large online_platforms and of very large online_search_engines or identified through other information sources, in particular those provided in compliance with Articles 39, 40 and 42; |
| (b) | best practices for providers of very large online_platforms and of very large online_search_engines to mitigate the systemic risks identified. |
Those reports shall present systemic risks broken down by the Member States in which they occurred and in the Union as a whole, as applicable.
3. The Commission, in cooperation with the Digital Services Coordinators, may issue guidelines on the application of paragraph 1 in relation to specific risks, in particular to present best practices and recommend possible measures, having due regard to the possible consequences of the measures on fundamental rights enshrined in the Charter of all parties involved. When preparing those guidelines the Commission shall organise public consultations.
Article 36
Crisis response mechanism
1. Where a crisis occurs, the Commission, acting upon a recommendation of the Board may adopt a decision, requiring one or more providers of very large online_platforms or of very large online_search_engines to take one or more of the following actions:
| (a) | assess whether, and if so to what extent and how, the functioning and use of their services significantly contribute to a serious threat as referred to in paragraph 2, or are likely to do so; |
| (b) | identify and apply specific, effective and proportionate measures, such as any of those provided for in Article 35(1) or Article 48(2), to prevent, eliminate or limit any such contribution to the serious threat identified pursuant to point (a) of this paragraph; |
| (c) | report to the Commission by a certain date or at regular intervals specified in the decision, on the assessments referred to in point (a), on the precise content, implementation and qualitative and quantitative impact of the specific measures taken pursuant to point (b) and on any other issue related to those assessments or those measures, as specified in the decision. |
When identifying and applying measures pursuant to point (b) of this paragraph, the service provider or providers shall take due account of the gravity of the serious threat referred to in paragraph 2, of the urgency of the measures and of the actual or potential implications for the rights and legitimate interests of all parties concerned, including the possible failure of the measures to respect the fundamental rights enshrined in the Charter.
2. For the purpose of this Article, a crisis shall be deemed to have occurred where extraordinary circumstances lead to a serious threat to public security or public health in the Union or in significant parts of it.
3. When taking the decision referred to in paragraph 1, the Commission shall ensure that all of the following requirements are met:
| (a) | the actions required by the decision are strictly necessary, justified and proportionate, having regard in particular to the gravity of the serious threat referred to in paragraph 2, the urgency of the measures and the actual or potential implications for the rights and legitimate interests of all parties concerned, including the possible failure of the measures to respect the fundamental rights enshrined in the Charter; |
| (b) | the decision specifies a reasonable period within which specific measures referred to in paragraph 1, point (b), are to be taken, having regard, in particular, to the urgency of those measures and the time needed to prepare and implement them; |
| (c) | the actions required by the decision are limited to a period not exceeding three months. |
4. After adopting the decision referred to in paragraph 1, the Commission shall, without undue delay, take the following steps:
| (a) | notify the decision to the provider or providers to which the decision is addressed; |
| (b) | make the decision publicly available; and |
| (c) | inform the Board of the decision, invite it to submit its views thereon, and keep it informed of any subsequent developments relating to the decision. |
5. The choice of specific measures to be taken pursuant to paragraph 1, point (b), and to paragraph 7, second subparagraph, shall remain with the provider or providers addressed by the Commission’s decision.
6. The Commission may on its own initiative or at the request of the provider, engage in a dialogue with the provider to determine whether, in light of the provider’s specific circumstances, the intended or implemented measures referred to in paragraph 1, point (b), are effective and proportionate in achieving the objectives pursued. In particular, the Commission shall ensure that the measures taken by the service provider under paragraph 1, point (b), meet the requirements referred to in paragraph 3, points (a) and (c).
7. The Commission shall monitor the application of the specific measures taken pursuant to the decision referred to in paragraph 1 of this Article on the basis of the reports referred to in point (c) of that paragraph and any other relevant information, including information it may request pursuant to Article 40 or 67, taking into account the evolution of the crisis. The Commission shall report regularly to the Board on that monitoring, at least on a monthly basis.
Where the Commission considers that the intended or implemented specific measures pursuant to paragraph 1, point (b), are not effective or proportionate it may, after consulting the Board, adopt a decision requiring the provider to review the identification or application of those specific measures.
8. Where appropriate in view of the evolution of the crisis, the Commission, acting on the Board’s recommendation, may amend the decision referred to in paragraph 1 or in paragraph 7, second subparagraph, by:
| (a) | revoking the decision and, where appropriate, requiring the very large online_platform or very large online_search_engine to cease to apply the measures identified and implemented pursuant to paragraph 1, point (b), or paragraph 7, second subparagraph, in particular where the grounds for such measures do not exist anymore; |
| (b) | extending the period referred to paragraph 3, point (c), by a period of no more than three months; |
| (c) | taking account of experience gained in applying the measures, in particular the possible failure of the measures to respect the fundamental rights enshrined in the Charter. |
9. The requirements of paragraphs 1 to 6 shall apply to the decision and to the amendment thereof referred to in this Article.
10. The Commission shall take utmost account of the recommendation of the Board issued pursuant to this Article.
11. The Commission shall report to the European Parliament and to the Council on a yearly basis following the adoption of decisions in accordance with this Article, and, in any event, three months after the end of the crisis, on the application of the specific measures taken pursuant to those decisions.
Article 37
Independent audit
1. Providers of very large online_platforms and of very large online_search_engines shall be subject, at their own expense and at least once a year, to independent audits to assess compliance with the following:
| (a) | the obligations set out in Chapter III; |
| (b) | any commitments undertaken pursuant to the codes of conduct referred to in Articles 45 and 46 and the crisis protocols referred to in Article 48. |
2. Providers of very large online_platforms and of very large online_search_engines shall afford the organisations carrying out the audits pursuant to this Article the cooperation and assistance necessary to enable them to conduct those audits in an effective, efficient and timely manner, including by giving them access to all relevant data and premises and by answering oral or written questions. They shall refrain from hampering, unduly influencing or undermining the performance of the audit.
Such audits shall ensure an adequate level of confidentiality and professional secrecy in respect of the information obtained from the providers of very large online_platforms and of very large online_search_engines and third parties in the context of the audits, including after the termination of the audits. However, complying with that requirement shall not adversely affect the performance of the audits and other provisions of this Regulation, in particular those on transparency, supervision and enforcement. Where necessary for the purpose of the transparency reporting pursuant to Article 42(4), the audit report and the audit implementation report referred to in paragraphs 4 and 6 of this Article shall be accompanied with versions that do not contain any information that could reasonably be considered to be confidential.
3. Audits performed pursuant to paragraph 1 shall be performed by organisations which:
| (a) | are independent from, and do not have any conflicts of interest with, the provider of very large online_platforms or of very large online_search_engines concerned and any legal person connected to that provider; in particular:
|
| (b) | have proven expertise in the area of risk management, technical competence and capabilities; |
| (c) | have proven objectivity and professional ethics, based in particular on adherence to codes of practice or appropriate standards. |
4. Providers of very large online_platforms and of very large online_search_engines shall ensure that the organisations that perform the audits establish an audit report for each audit. That report shall be substantiated, in writing, and shall include at least the following:
| (a) | the name, address and the point of contact of the provider of the very large online_platform or of the very large online_search_engine subject to the audit and the period covered; |
| (b) | the name and address of the organisation or organisations performing the audit; |
| (c) | a declaration of interests; |
| (d) | a description of the specific elements audited, and the methodology applied; |
| (e) | a description and a summary of the main findings drawn from the audit; |
| (f) | a list of the third parties consulted as part of the audit; |
| (g) | an audit opinion on whether the provider of the very large online_platform or of the very large online_search_engine subject to the audit complied with the obligations and with the commitments referred to in paragraph 1, namely ‘positive’, ‘positive with comments’ or ‘negative’; |
| (h) | where the audit opinion is not ‘positive’, operational recommendations on specific measures to achieve compliance and the recommended timeframe to achieve compliance. |
5. Where the organisation performing the audit was unable to audit certain specific elements or to express an audit opinion based on its investigations, the audit report shall include an explanation of the circumstances and the reasons why those elements could not be audited.
6. Providers of very large online_platforms or of very large online_search_engines receiving an audit report that is not ‘positive’ shall take due account of the operational recommendations addressed to them with a view to take the necessary measures to implement them. They shall, within one month from receiving those recommendations, adopt an audit implementation report setting out those measures. Where they do not implement the operational recommendations, they shall justify in the audit implementation report the reasons for not doing so and set out any alternative measures that they have taken to address any instances of non-compliance identified.
7. The Commission is empowered to adopt delegated acts in accordance with Article 87 to supplement this Regulation by laying down the necessary rules for the performance of the audits pursuant to this Article, in particular as regards the necessary rules on the procedural steps, auditing methodologies and reporting templates for the audits performed pursuant to this Article. Those delegated acts shall take into account any voluntary auditing standards referred to in Article 44(1), point (e).
Article 40
Data access and scrutiny
1. Providers of very large online_platforms or of very large online_search_engines shall provide the Digital_Services_Coordinator_of_establishment or the Commission, at their reasoned request and within a reasonable period specified in that request, access to data that are necessary to monitor and assess compliance with this Regulation.
2. Digital Services Coordinators and the Commission shall use the data accessed pursuant to paragraph 1 only for the purpose of monitoring and assessing compliance with this Regulation and shall take due account of the rights and interests of the providers of very large online_platforms or of very large online_search_engines and the recipients of the service concerned, including the protection of personal data, the protection of confidential information, in particular trade secrets, and maintaining the security of their service.
3. For the purposes of paragraph 1, providers of very large online_platforms or of very large online_search_engines shall, at the request of either the Digital Service Coordinator of establishment or of the Commission, explain the design, the logic, the functioning and the testing of their algorithmic systems, including their recommender_systems.
4. Upon a reasoned request from the Digital_Services_Coordinator_of_establishment, providers of very large online_platforms or of very large online_search_engines shall, within a reasonable period, as specified in the request, provide access to data to vetted researchers who meet the requirements in paragraph 8 of this Article, for the sole purpose of conducting research that contributes to the detection, identification and understanding of systemic risks in the Union, as set out pursuant to Article 34(1), and to the assessment of the adequacy, efficiency and impacts of the risk mitigation measures pursuant to Article 35.
5. Within 15 days following receipt of a request as referred to in paragraph 4, providers of very large online_platforms or of very large online_search_engines may request the Digital_Services_Coordinator_of_establishment, to amend the request, where they consider that they are unable to give access to the data requested because one of following two reasons:
| (a) | they do not have access to the data; |
| (b) | giving access to the data will lead to significant vulnerabilities in the security of their service or the protection of confidential information, in particular trade secrets. |
6. Requests for amendment pursuant to paragraph 5 shall contain proposals for one or more alternative means through which access may be provided to the requested data or other data which are appropriate and sufficient for the purpose of the request.
The Digital_Services_Coordinator_of_establishment shall decide on the request for amendment within 15 days and communicate to the provider of the very large online_platform or of the very large online_search_engine its decision and, where relevant, the amended request and the new period to comply with the request.
7. Providers of very large online_platforms or of very large online_search_engines shall facilitate and provide access to data pursuant to paragraphs 1 and 4 through appropriate interfaces specified in the request, including online databases or application programming interfaces.
8. Upon a duly substantiated application from researchers, the Digital_Services_Coordinator_of_establishment shall grant such researchers the status of ‘vetted researchers’ for the specific research referred to in the application and issue a reasoned request for data access to a provider of very large online_platform or of very large online_search_engine a pursuant to paragraph 4, where the researchers demonstrate that they meet all of the following conditions:
| (a) | they are affiliated to a research organisation as defined in Article 2, point (1), of Directive (EU) 2019/790; |
| (b) | they are independent from commercial interests; |
| (c) | their application discloses the funding of the research; |
| (d) | they are capable of fulfilling the specific data security and confidentiality requirements corresponding to each request and to protect personal data, and they describe in their request the appropriate technical and organisational measures that they have put in place to this end; |
| (e) | their application demonstrates that their access to the data and the time frames requested are necessary for, and proportionate to, the purposes of their research, and that the expected results of that research will contribute to the purposes laid down in paragraph 4; |
| (f) | the planned research activities will be carried out for the purposes laid down in paragraph 4; |
| (g) | they have committed themselves to making their research results publicly available free of charge, within a reasonable period after the completion of the research, subject to the rights and interests of the recipients of the service concerned, in accordance with Regulation (EU) 2016/679. |
Upon receipt of the application pursuant to this paragraph, the Digital_Services_Coordinator_of_establishment shall inform the Commission and the Board.
9. Researchers may also submit their application to the Digital Services Coordinator of the Member State of the research organisation to which they are affiliated. Upon receipt of the application pursuant to this paragraph the Digital Services Coordinator shall conduct an initial assessment as to whether the respective researchers meet all of the conditions set out in paragraph 8. The respective Digital Services Coordinator shall subsequently send the application, together with the supporting documents submitted by the respective researchers and the initial assessment, to the Digital_Services_Coordinator_of_establishment. The Digital_Services_Coordinator_of_establishment shall take a decision whether to award a researcher the status of ‘vetted researcher’ without undue delay.
While taking due account of the initial assessment provided, the final decision to award a researcher the status of ‘vetted researcher’ lies within the competence of Digital_Services_Coordinator_of_establishment, pursuant to paragraph 8.
10. The Digital Services Coordinator that awarded the status of vetted researcher and issued the reasoned request for data access to the providers of very large online_platforms or of very large online_search_engines in favour of a vetted researcher shall issue a decision terminating the access if it determines, following an investigation either on its own initiative or on the basis of information received from third parties, that the vetted researcher no longer meets the conditions set out in paragraph 8, and shall inform the provider of the very large online_platform or of the very large online_search_engine concerned of the decision. Before terminating the access, the Digital Services Coordinator shall allow the vetted researcher to react to the findings of its investigation and to its intention to terminate the access.
11. Digital Services Coordinators of establishment shall communicate to the Board the names and contact information of the natural persons or entities to which they have awarded the status of ‘vetted researcher’ in accordance with paragraph 8, as well as the purpose of the research in respect of which the application was made or, where they have terminated the access to the data in accordance with paragraph 10, communicate that information to the Board.
12. Providers of very large online_platforms or of very large online_search_engines shall give access without undue delay to data, including, where technically possible, to real-time data, provided that the data is publicly accessible in their online_interface by researchers, including those affiliated to not for profit bodies, organisations and associations, who comply with the conditions set out in paragraph 8, points (b), (c), (d) and (e), and who use the data solely for performing research that contributes to the detection, identification and understanding of systemic risks in the Union pursuant to Article 34(1).
13. The Commission shall, after consulting the Board, adopt delegated acts supplementing this Regulation by laying down the technical conditions under which providers of very large online_platforms or of very large online_search_engines are to share data pursuant to paragraphs 1 and 4 and the purposes for which the data may be used. Those delegated acts shall lay down the specific conditions under which such sharing of data with researchers can take place in compliance with Regulation (EU) 2016/679, as well as relevant objective indicators, procedures and, where necessary, independent advisory mechanisms in support of sharing of data, taking into account the rights and interests of the providers of very large online_platforms or of very large online_search_engines and the recipients of the service concerned, including the protection of confidential information, in particular trade secrets, and maintaining the security of their service.
Article 42
Transparency reporting obligations
1. Providers of very large online_platforms or of very large online_search_engines shall publish the reports referred to in Article 15 at the latest by two months from the date of application referred to in Article 33(6), second subparagraph, and thereafter at least every six months.
2. The reports referred to in paragraph 1 of this Article published by providers of very large online_platforms shall, in addition to the information referred to in Article 15 and Article 24(1), specify:
| (a) | the human resources that the provider of very large online_platforms dedicates to content_moderation in respect of the service offered in the Union, broken down by each applicable official language of the Member States, including for compliance with the obligations set out in Articles 16 and 22, as well as for compliance with the obligations set out in Article 20; |
| (b) | the qualifications and linguistic expertise of the persons carrying out the activities referred to in point (a), as well as the training and support given to such staff; |
| (c) | the indicators of accuracy and related information referred to in Article 15(1), point (e), broken down by each official language of the Member States. |
The reports shall be published in at least one of the official languages of the Member States.
3. In addition to the information referred to in Articles 24(2), the providers of very large online_platforms or of very large online_search_engines shall include in the reports referred to in paragraph 1 of this Article the information on the average monthly recipients of the service for each Member State.
4. Providers of very large online_platforms or of very large online_search_engines shall transmit to the Digital_Services_Coordinator_of_establishment and the Commission, without undue delay upon completion, and make publicly available at the latest three months after the receipt of each audit report pursuant to Article 37(4):
| (a) | a report setting out the results of the risk assessment pursuant to Article 34; |
| (b) | the specific mitigation measures put in place pursuant to Article 35(1); |
| (c) | the audit report provided for in Article 37(4); |
| (d) | the audit implementation report provided for in Article 37(6); |
| (e) | where applicable, information about the consultations conducted by the provider in support of the risk assessments and design of the risk mitigation measures. |
5. Where a provider of very large online_platform or of very large online_search_engine considers that the publication of information pursuant to paragraph 4 might result in the disclosure of confidential information of that provider or of the recipients of the service, cause significant vulnerabilities for the security of its service, undermine public security or harm recipients, the provider may remove such information from the publicly available reports. In that case, the provider shall transmit the complete reports to the Digital_Services_Coordinator_of_establishment and the Commission, accompanied by a statement of the reasons for removing the information from the publicly available reports.
Article 45
Codes of conduct
1. The Commission and the Board shall encourage and facilitate the drawing up of voluntary codes of conduct at Union level to contribute to the proper application of this Regulation, taking into account in particular the specific challenges of tackling different types of illegal_content and systemic risks, in accordance with Union law in particular on competition and the protection of personal data.
2. Where significant systemic risk within the meaning of Article 34(1) emerge and concern several very large online_platforms or very large online_search_engines, the Commission may invite the providers of very large online_platforms concerned or the providers of very large online_search_engines concerned, and other providers of very large online_platforms, of very large online_search_engines, of online_platforms and of other intermediary_services, as appropriate, as well as relevant competent authorities, civil society organisations and other relevant stakeholders, to participate in the drawing up of codes of conduct, including by setting out commitments to take specific risk mitigation measures, as well as a regular reporting framework on any measures taken and their outcomes.
3. When giving effect to paragraphs 1 and 2, the Commission and the Board, and where relevant other bodies, shall aim to ensure that the codes of conduct clearly set out their specific objectives, contain key performance indicators to measure the achievement of those objectives and take due account of the needs and interests of all interested parties, and in particular citizens, at Union level. The Commission and the Board shall also aim to ensure that participants report regularly to the Commission and their respective Digital Services Coordinators of establishment on any measures taken and their outcomes, as measured against the key performance indicators that they contain. Key performance indicators and reporting commitments shall take into account differences in size and capacity between different participants.
4. The Commission and the Board shall assess whether the codes of conduct meet the aims specified in paragraphs 1 and 3, and shall regularly monitor and evaluate the achievement of their objectives, having regard to the key performance indicators that they might contain. They shall publish their conclusions.
The Commission and the Board shall also encourage and facilitate regular review and adaptation of the codes of conduct.
In the case of systematic failure to comply with the codes of conduct, the Commission and the Board may invite the signatories to the codes of conduct to take the necessary action.
Article 53
Right to lodge a complaint
Recipients of the service and any body, organisation or association mandated to exercise the rights conferred by this Regulation on their behalf shall have the right to lodge a complaint against providers of intermediary_services alleging an infringement of this Regulation with the Digital Services Coordinator of the Member State where the recipient_of_the_service is located or established. The Digital Services Coordinator shall assess the complaint and, where appropriate, transmit it to the Digital_Services_Coordinator_of_establishment, accompanied, where considered appropriate, by an opinion. Where the complaint falls under the responsibility of another competent authority in its Member State, the Digital Services Coordinator receiving the complaint shall transmit it to that authority. During these proceedings, both parties shall have the right to be heard and receive appropriate information about the status of the complaint, in accordance with national law.
Article 57
Mutual assistance
1. Digital Services Coordinators and the Commission shall cooperate closely and provide each other with mutual assistance in order to apply this Regulation in a consistent and efficient manner. Mutual assistance shall include, in particular, exchange of information in accordance with this Article and the duty of the Digital_Services_Coordinator_of_establishment to inform all Digital Services Coordinators of destination, the Board and the Commission about the opening of an investigation and the intention to take a final decision, including its assessment, in respect of a specific provider of intermediary_services.
2. For the purpose of an investigation, the Digital_Services_Coordinator_of_establishment may request other Digital Services Coordinators to provide specific information in their possession as regards a specific provider of intermediary_services or to exercise their investigative powers referred to in Article 51(1) with regard to specific information located in their Member State. Where appropriate, the Digital Services Coordinator receiving the request may involve other competent authorities or other public authorities of the Member State in question.
3. The Digital Services Coordinator receiving the request pursuant to paragraph 2 shall comply with such request and inform the Digital_Services_Coordinator_of_establishment about the action taken, without undue delay and no later than two months after its receipt, unless:
| (a) | the scope or the subject matter of the request is not sufficiently specified, justified or proportionate in view of the investigative purposes; or |
| (b) | neither the requested Digital Service Coordinator nor other competent authority or other public authority of that Member State is in possession of the requested information nor can have access to it; or |
| (c) | the request cannot be complied with without infringing Union or national law. |
The Digital Services Coordinator receiving the request shall justify its refusal by submitting a reasoned reply, within the period set out in the first subparagraph.
Article 58
Cross-border cooperation among Digital Services Coordinators
1. Unless the Commission has initiated an investigation for the same alleged infringement, where a Digital_Services_Coordinator_of_destination has reason to suspect that a provider of an intermediary_service has infringed this Regulation in a manner negatively affecting the recipients of the service in the Member State of that Digital Services Coordinator, it may request the Digital_Services_Coordinator_of_establishment to assess the matter and to take the necessary investigatory and enforcement measures to ensure compliance with this Regulation.
2. Unless the Commission has initiated an investigation for the same alleged infringement, and at the request of at least three Digital Services Coordinators of destination that have reason to suspect that a specific provider of intermediary_services infringed this Regulation in a manner negatively affecting recipients of the service in their Member States, the Board may request the Digital_Services_Coordinator_of_establishment to assess the matter and take the necessary investigatory and enforcement measures to ensure compliance with this Regulation.
3. A request pursuant to paragraph 1 or 2 shall be duly reasoned, and shall at least indicate:
| (a) | the point of contact of the provider of the intermediary_services concerned as provided for in Article 11; |
| (b) | a description of the relevant facts, the provisions of this Regulation concerned and the reasons why the Digital Services Coordinator that sent the request, or the Board, suspects that the provider infringed this Regulation, including the description of the negative effects of the alleged infringement; |
| (c) | any other information that the Digital Services Coordinator that sent the request, or the Board, considers relevant, including, where appropriate, information gathered on its own initiative or suggestions for specific investigatory or enforcement measures to be taken, including interim measures. |
4. The Digital_Services_Coordinator_of_establishment shall take utmost account of the request pursuant to paragraphs 1 or 2 of this Article. Where it considers that it has insufficient information to act upon the request and has reasons to consider that the Digital Services Coordinator that sent the request, or the Board, could provide additional information, the Digital_Services_Coordinator_of_establishment may either request such information in accordance with Article 57 or, alternatively, may launch a joint investigation pursuant to Article 60(1) involving at least the requesting Digital Services Coordinator. The period laid down in paragraph 5 of this Article shall be suspended until that additional information is provided or until the invitation to participate in the joint investigation is refused.
5. The Digital_Services_Coordinator_of_establishment shall, without undue delay and in any event not later than two months following receipt of the request pursuant to paragraph 1 or 2, communicate to the Digital Services Coordinator that sent the request, and the Board, the assessment of the suspected infringement and an explanation of any investigatory or enforcement measures taken or envisaged in relation thereto to ensure compliance with this Regulation.
Article 59
Referral to the Commission
1. In the absence of a communication within the period laid down in Article 58(5), in the case of a disagreement of the Board with the assessment or the measures taken or envisaged pursuant to Article 58(5) or in the cases referred to in Article 60(3), the Board may refer the matter to the Commission, providing all relevant information. That information shall include at least the request or recommendation sent to the Digital_Services_Coordinator_of_establishment, the assessment by that Digital Services Coordinator, the reasons for the disagreement and any additional information supporting the referral.
2. The Commission shall assess the matter within two months following the referral of the matter pursuant to paragraph 1, after having consulted the Digital_Services_Coordinator_of_establishment.
3. Where, pursuant to paragraph 2 of this Article, the Commission considers that the assessment or the investigatory or enforcement measures taken or envisaged pursuant to Article 58(5) are insufficient to ensure effective enforcement or otherwise incompatible with this Regulation, it shall communicate its views to the Digital_Services_Coordinator_of_establishment and the Board and request the Digital_Services_Coordinator_of_establishment to review the matter.
The Digital_Services_Coordinator_of_establishment shall take the necessary investigatory or enforcement measures to ensure compliance with this Regulation, taking utmost account of the views and request for review by the Commission. The Digital_Services_Coordinator_of_establishment shall inform the Commission, as well as the requesting Digital Services Coordinator or the Board that took action pursuant to Article 58(1) or (2), about the measures taken within two months from that request for review.
Article 64
Development of expertise and capabilities
1. The Commission, in cooperation with the Digital Services Coordinators and the Board, shall develop Union expertise and capabilities, including, where appropriate, through the secondment of Member States’ personnel.
2. In addition, the Commission, in cooperation with the Digital Services Coordinators and the Board, shall coordinate the assessment of systemic and emerging issues across the Union in relation to very large online_platforms or very large online_search_engines with regard to matters covered by this Regulation.
3. The Commission may ask the Digital Services Coordinators, the Board and other Union bodies, offices and agencies with relevant expertise to support the assessment of systemic and emerging issues across the Union under this Regulation.
4. Member States shall cooperate with the Commission, in particular through their respective Digital Services Coordinators and other competent authorities, where applicable, including by making available their expertise and capabilities.
Article 65
Enforcement of obligations of providers of very large online_platforms and of very large online_search_engines
1. For the purposes of investigating compliance of providers of very large online_platforms and of very large online_search_engines with the obligations laid down in this Regulation, the Commission may exercise the investigatory powers laid down in this Section even before initiating proceedings pursuant to Article 66(2). It may exercise those powers on its own initiative or following a request pursuant to paragraph 2 of this Article.
2. Where a Digital Services Coordinator has reason to suspect that a provider of a very large online_platform or of a very large online_search_engine has infringed the provisions of Section 5 of Chapter III or has systemically infringed any of the provisions of this Regulation in a manner that seriously affects recipients of the service in its Member State, it may send, through the information sharing system referred to in Article 85, a request to the Commission to assess the matter.
3. A request pursuant to paragraph 2 shall be duly reasoned and at least indicate:
| (a) | the point of contact of the provider of the very large online_platform or of the very large online_search_engine concerned as provided for in Article 11; |
| (b) | a description of the relevant facts, the provisions of this Regulation concerned and the reasons why the Digital Services Coordinator that sent the request suspects that the provider of the very large online_platforms or of the very large online_search_engine concerned infringed this Regulation, including a description of the facts that show that the suspected infringement is of a systemic nature; |
| (c) | any other information that the Digital Services Coordinator that sent the request considers relevant, including, where appropriate, information gathered on its own initiative. |
Article 72
Monitoring actions
1. For the purposes of carrying out the tasks assigned to it under this Section, the Commission may take the necessary actions to monitor the effective implementation and compliance with this Regulation by providers of the very large online_platform and of the very large online_search_engines. The Commission may order them to provide access to, and explanations relating to, its databases and algorithms. Such actions may include, imposing an obligation on the provider of the very large online_platform or of the very large online_search_engine to retain all documents deemed to be necessary to assess the implementation of and compliance with the obligations under this Regulation.
2. The actions pursuant to paragraph 1 may include the appointment of independent external experts and auditors, as well as experts and auditors from competent national authorities with the agreement of the authority concerned, to assist the Commission in monitoring the effective implementation and compliance with the relevant provisions of this Regulation and to provide specific expertise or knowledge to the Commission.
Article 82
Requests for access restrictions and cooperation with national courts
1. Where all powers pursuant to this Section to bring about the cessation of an infringement of this Regulation have been exhausted, the infringement persists and causes serious harm which cannot be avoided through the exercise of other powers available under Union or national law, the Commission may request the Digital_Services_Coordinator_of_establishment of the provider of the very large online_platform or of the very large online_search_engine concerned to act pursuant to Article 51(3).
Prior to making such request to the Digital Services Coordinator, the Commission shall invite interested parties to submit written observations within a period that shall not be less than 14 working days, describing the measures it intends to request and identifying the intended addressee or addressees thereof.
2. Where the coherent application of this Regulation so requires, the Commission, acting on its own initiative, may submit written observations to the competent judicial authority referred to Article 51(3). With the permission of the judicial authority in question, it may also make oral observations.
For the purpose of the preparation of its observations only, the Commission may request that judicial authority to transmit or ensure the transmission to it of any documents necessary for the assessment of the case.
3. When a national court rules on a matter which is already the subject matter of a decision adopted by the Commission under this Regulation, that national court shall not take any decision which runs counter to that Commission decision. National courts shall also avoid taking decisions which could conflict with a decision contemplated by the Commission in proceedings it has initiated under this Regulation. To that effect, a national court may assess whether it is necessary to stay its proceedings. This is without prejudice to Article 267 TFEU.
Article 91
Review
1. By 18 February 2027, the Commission shall evaluate and report to the European Parliament, the Council and the European Economic and Social Committee on the potential effect of this Regulation on the development and economic growth of small and medium-sized enterprises.
By 17 November 2025, the Commission shall evaluate and report to the European Parliament, the Council and the European Economic and Social Committee on:
| (a) | the application of Article 33, including the scope of providers of intermediary_services covered by the obligations set out in Section 5 of Chapter III of this Regulation; |
| (b) | the way that this Regulation interacts with other legal acts, in particular the acts referred to in Article 2(3) and (4). |
2. By 17 November 2027, and every five years thereafter, the Commission shall evaluate this Regulation, and report to the European Parliament, the Council and the European Economic and Social Committee.
This report shall address in particular:
| (a) | the application of paragraph 1, second subparagraph, points (a) and (b); |
| (b) | the contribution of this Regulation to the deepening and efficient functioning of the internal market for intermediary_services, in particular as regards the cross-border provision of digital services; |
| (c) | the application of Articles 13, 16, 20, 21, 45 and 46; |
| (d) | the scope of the obligations on small and micro enterprises; |
| (e) | the effectiveness of the supervision and enforcement mechanisms; |
| (f) | the impact on the respect for the right to freedom of expression and information. |
3. Where appropriate, the report referred to in paragraphs 1 and 2 shall be accompanied by a proposal for amendment of this Regulation.
4. The Commission shall, in the report referred to in paragraph 2 of this Article, also evaluate and report on the annual reports on their activities by the Digital Services Coordinators provided to the Commission and the Board pursuant to Article 55(1).
5. For the purpose of paragraph 2, Member States and the Board shall send information on the request of the Commission.
6. In carrying out the evaluations referred to in paragraph 2, the Commission shall take into account the positions and findings of the European Parliament, the Council, and other relevant bodies or sources, and shall pay specific attention to small and medium-sized enterprises and the position of new competitors.
7. By 18 February 2027, the Commission, after consulting the Board, shall carry out an assessment of the functioning of the Board and of the application of Article 43, and shall report it to the European Parliament, the Council and the European Economic and Social Committee, taking into account the first years of application of the Regulation. On the basis of the findings and taking utmost account of the opinion of the Board, that report shall, where appropriate, be accompanied by a proposal for amendment of this Regulation with regard to the structure of the Board.
whereas