keyboard_tab Digital Service Act 2022/2065 EN

1.   Where an information_society_service is provided that consists of the transmission in a communication network of information provided by a recipient_of_the_service, the service provider shall not be liable for the automatic, intermediate and temporary storage of that information, performed for the sole purpose of making more efficient or more secure the information's onward transmission to other recipients of the service upon their request, on condition that the provider:

2.   This Article shall not affect the possibility for a judicial or administrative authority, in accordance with a Member State’s legal system, to require the service provider to terminate or prevent an infringement.

1.   Where an information_society_service is provided that consists of the storage of information provided by a recipient_of_the_service, the service provider shall not be liable for the information stored at the request of a recipient_of_the_service, on condition that the provider:

2.   Paragraph 1 shall not apply where the recipient_of_the_service is acting under the authority or the control of the provider.

3.   Paragraph 1 shall not apply with respect to the liability under consumer protection law of online_platforms that allow consumers to conclude distance_contracts with traders, where such an online_platform presents the specific item of information or otherwise enables the specific transaction at issue in a way that would lead an average consumer to believe that the information, or the product or service that is the object of the transaction, is provided either by the online_platform itself or by a recipient_of_the_service who is acting under its authority or control.

4.   This Article shall not affect the possibility for a judicial or administrative authority, in accordance with a Member State's legal system, to require the service provider to terminate or prevent an infringement.

1.   Upon the receipt of an order to act against one or more specific items of illegal_content, issued by the relevant national judicial or administrative authorities, on the basis of the applicable Union law or national law in compliance with Union law, providers of intermediary_services shall inform the authority issuing the order, or any other authority specified in the order, of any effect given to the order without undue delay, specifying if and when effect was given to the order.

2.   Member States shall ensure that when an order referred to in paragraph 1 is transmitted to the provider, it meets at least the following conditions:

3.   The authority issuing the order or, where applicable, the authority specified therein, shall transmit it, along with any information received from the provider of intermediary_services concerning the effect given to that order to the Digital Services Coordinator from the Member State of the issuing authority.

4.   After receiving the order from the judicial or administrative authority, the Digital Services Coordinator of the Member State concerned shall, without undue delay, transmit a copy of the order referred to in paragraph 1 of this Article to all other Digital Services Coordinators through the system established in accordance with Article 85.

5.   At the latest when effect is given to the order or, where applicable, at the time provided by the issuing authority in its order, providers of intermediary_services shall inform the recipient_of_the_service concerned of the order received and to the effect given to it. Such information provided to the recipient_of_the_service shall include a statement of reasons, the possibilities for redress that exist, and a description of the territorial scope of the order, in accordance with paragraph 2.

6.   The conditions and requirements laid down in this Article shall be without prejudice to national civil and criminal procedural law.

1.   Upon receipt of an order to provide specific information about one or more specific individual recipients of the service, issued by the relevant national judicial or administrative authorities on the basis of the applicable Union law or national law in compliance with Union law, providers of intermediary_services shall, without undue delay inform the authority issuing the order, or any other authority specified in the order, of its receipt and of the effect given to the order, specifying if and when effect was given to the order.

2.   Member States shall ensure that when an order referred to in paragraph 1 is transmitted to the provider, it meets at least the following conditions:

3.   The authority issuing the order or, where applicable, the authority specified therein, shall transmit it, along with any information received from the provider of intermediary_services concerning the effect given to that order to the Digital Services Coordinator from the Member State of the issuing authority.

4.   After receiving the order from the judicial or administrative authority, the Digital Services Coordinator of the Member State concerned shall, without undue delay, transmit a copy of the order referred to in paragraph 1 of this Article to all Digital Services Coordinators through the system established in accordance with Article 85.

5.   At the latest when effect is given to the order, or, where applicable, at the time provided by the issuing authority in its order, providers of intermediary_services shall inform the recipient_of_the_service concerned of the order received and the effect given to it. Such information provided to the recipient_of_the_service shall include a statement of reasons and the possibilities for redress that exist, in accordance with paragraph 2.

6.   The conditions and requirements laid down in this Article shall be without prejudice to national civil and criminal procedural law.

1.   Providers of intermediary_services shall make publicly available, in a machine-readable format and in an easily accessible manner, at least once a year, clear, easily comprehensible reports on any content_moderation that they engaged in during the relevant period. Those reports shall include, in particular, information on the following, as applicable:

2.   Paragraph 1 of this Article shall not apply to providers of intermediary_services that qualify as micro or small enterprises as defined in Recommendation 2003/361/EC and which are not very large online_platforms within the meaning of Article 33 of this Regulation.

3.   The Commission may adopt implementing acts to lay down templates concerning the form, content and other details of reports pursuant to paragraph 1 of this Article, including harmonised reporting periods. Those implementing acts shall be adopted in accordance with the advisory procedure referred to in Article 88.

1.   Providers of hosting services shall provide a clear and specific statement of reasons to any affected recipients of the service for any of the following restrictions imposed on the ground that the information provided by the recipient_of_the_service is illegal_content or incompatible with their terms_and_conditions:

2.   Paragraph 1 shall only apply where the relevant electronic contact details are known to the provider. It shall apply at the latest from the date that the restriction is imposed, regardless of why or how it was imposed.

Paragraph 1 shall not apply where the information is deceptive high-volume commercial content.

3.   The statement of reasons referred to in paragraph 1 shall at least contain the following information:

4.   The information provided by the providers of hosting services in accordance with this Article shall be clear and easily comprehensible and as precise and specific as reasonably possible under the given circumstances. The information shall, in particular, be such as to reasonably allow the recipient_of_the_service concerned to effectively exercise the possibilities for redress referred to in of paragraph 3, point (f).

5.   This Article shall not apply to any orders referred to in Article 9.

1.   This Section, with the exception of Article 24(3) thereof, shall not apply to providers of online_platforms that qualify as micro or small enterprises as defined in Recommendation 2003/361/EC.

This Section, with the exception of Article 24(3) thereof, shall not apply to providers of online_platforms that previously qualified for the status of a micro or small enterprise as defined in Recommendation 2003/361/EC during the 12 months following their loss of that status pursuant to Article 4(2) thereof, except when they are very large online_platforms in accordance with Article 33.

2.   By derogation from paragraph 1 of this Article, this Section shall apply to providers of online_platforms that have been designated as very large online_platforms in accordance with Article 33, irrespective of whether they qualify as micro or small enterprises.

1.   Providers of online_platforms shall take the necessary technical and organisational measures to ensure that notices submitted by trusted flaggers, acting within their designated area of expertise, through the mechanisms referred to in Article 16, are given priority and are processed and decided upon without undue delay.

2.   The status of ‘trusted flagger’ under this Regulation shall be awarded, upon application by any entity, by the Digital Services Coordinator of the Member State in which the applicant is established, to an applicant that has demonstrated that it meets all of the following conditions:

3.   Trusted flaggers shall publish, at least once a year easily comprehensible and detailed reports on notices submitted in accordance with Article 16 during the relevant period. The report shall list at least the number of notices categorised by:

Those reports shall include an explanation of the procedures in place to ensure that the trusted flagger retains its independence.

Trusted flaggers shall send those reports to the awarding Digital Services Coordinator, and shall make them publicly available. The information in those reports shall not contain personal data.

4.   Digital Services Coordinators shall communicate to the Commission and the Board the names, addresses and email addresses of the entities to which they have awarded the status of the trusted flagger in accordance with paragraph 2 or whose trusted flagger status they have suspended in accordance with paragraph 6 or revoked in accordance with paragraph 7.

5.   The Commission shall publish the information referred to in paragraph 4 in a publicly available database, in an easily accessible and machine-readable format, and shall keep the database up to date.

6.   Where a provider of online_platforms has information indicating that a trusted flagger has submitted a significant number of insufficiently precise, inaccurate or inadequately substantiated notices through the mechanisms referred to in Article 16, including information gathered in connection to the processing of complaints through the internal complaint-handling systems referred to in Article 20(4), it shall communicate that information to the Digital Services Coordinator that awarded the status of trusted flagger to the entity concerned, providing the necessary explanations and supporting documents. Upon receiving the information from the provider of online_platforms, and if the Digital Services Coordinator considers that there are legitimate reasons to open an investigation, the status of trusted flagger shall be suspended during the period of the investigation. That investigation shall be carried out without undue delay.

7.   The Digital Services Coordinator that awarded the status of trusted flagger to an entity shall revoke that status if it determines, following an investigation either on its own initiative or on the basis information received from third parties, including the information provided by a provider of online_platforms pursuant to paragraph 6, that the entity no longer meets the conditions set out in paragraph 2. Before revoking that status, the Digital Services Coordinator shall afford the entity an opportunity to react to the findings of its investigation and its intention to revoke the entity’s status as trusted flagger.

8.   The Commission, after consulting the Board, shall, where necessary, issue guidelines to assist providers of online_platforms and Digital Services Coordinators in the application of paragraphs 2, 6 and 7.

1.   Providers of online_platforms shall suspend, for a reasonable period of time and after having issued a prior warning, the provision of their services to recipients of the service that frequently provide manifestly illegal_content.

2.   Providers of online_platforms shall suspend, for a reasonable period of time and after having issued a prior warning, the processing of notices and complaints submitted through the notice and action mechanisms and internal complaints-handling systems referred to in Articles 16 and 20, respectively, by individuals or entities or by complainants that frequently submit notices or complaints that are manifestly unfounded.

3.   When deciding on suspension, providers of online_platforms shall assess, on a case-by-case basis and in a timely, diligent and objective manner, whether the recipient_of_the_service, the individual, the entity or the complainant engages in the misuse referred to in paragraphs 1 and 2, taking into account all relevant facts and circumstances apparent from the information available to the provider of online_platforms. Those circumstances shall include at least the following:

4.   Providers of online_platforms shall set out, in a clear and detailed manner, in their terms_and_conditions their policy in respect of the misuse referred to in paragraphs 1 and 2, and shall give examples of the facts and circumstances that they take into account when assessing whether certain behaviour constitutes misuse and the duration of the suspension.

1.   Providers of online_platforms that present advertisements on their online_interfaces shall ensure that, for each specific advertisement presented to each individual recipient, the recipients of the service are able to identify, in a clear, concise and unambiguous manner and in real time, the following:

2.   Providers of online_platforms shall provide recipients of the service with a functionality to declare whether the content they provide is or contains commercial_communications.

When the recipient_of_the_service submits a declaration pursuant to this paragraph, the provider of online_platforms shall ensure that other recipients of the service can identify in a clear and unambiguous manner and in real time, including through prominent markings, which might follow standards pursuant to Article 44, that the content provided by the recipient_of_the_service is or contains commercial_communications, as described in that declaration.

3.   Providers of online_platforms shall not present advertisements to recipients of the service based on profiling as defined in Article 4, point (4), of Regulation (EU) 2016/679 using special categories of personal data referred to in Article 9(1) of Regulation (EU) 2016/679.

1.   Providers of online_platforms that use recommender_systems shall set out in their terms_and_conditions, in plain and intelligible language, the main parameters used in their recommender_systems, as well as any options for the recipients of the service to modify or influence those main parameters.

2.   The main parameters referred to in paragraph 1 shall explain why certain information is suggested to the recipient_of_the_service. They shall include, at least:

3.   Where several options are available pursuant to paragraph 1 for recommender_systems that determine the relative order of information presented to recipients of the service, providers of online_platforms shall also make available a functionality that allows the recipient_of_the_service to select and to modify at any time their preferred option. That functionality shall be directly and easily accessible from the specific section of the online_platform’s online_interface where the information is being prioritised.

1.   This Section shall not apply to providers of online_platforms allowing consumers to conclude distance_contracts with traders that qualify as micro or small enterprises as defined in Recommendation 2003/361/EC.

This Section shall not apply to providers of online_platforms allowing consumers to conclude distance_contracts with traders that previously qualified for the status of a micro or small enterprise as defined in Recommendation 2003/361/EC during the 12 months following their loss of that status pursuant to Article 4(2) thereof, except when they are very large online_platforms in accordance with Article 33.

2.   By derogation from paragraph 1 of this Article, this Section shall apply to providers of online_platforms allowing consumers to conclude distance_contracts with traders that have been designated as very large online_platforms in accordance with Article 33, irrespective of whether they qualify as micro or small enterprises.

1.   Providers of online_platforms allowing consumers to conclude distance_contracts with traders shall ensure that traders can only use those online_platforms to promote messages on or to offer products or services to consumers located in the Union if, prior to the use of their services for those purposes, they have obtained the following information, where applicable to the trader:

2.   Upon receiving the information referred to in paragraph 1 and prior to allowing the trader concerned to use its services, the provider of the online_platform allowing consumers to conclude distance_contracts with traders shall, through the use of any freely accessible official online database or online_interface made available by a Member State or the Union or through requests to the trader to provide supporting documents from reliable sources, make best efforts to assess whether the information referred to in paragraph 1, points (a) to (e), is reliable and complete. For the purpose of this Regulation, traders shall be liable for the accuracy of the information provided.

As regards traders that are already using the services of providers of online_platforms allowing consumers to conclude distance_contracts with traders for the purposes referred to in paragraph 1 on 17 February 2024, the providers shall make best efforts to obtain the information listed from the traders concerned within 12 months. Where the traders concerned fail to provide the information within that period, the providers shall suspend the provision of their services to those traders until they have provided all information.

3.   Where the provider of the online_platform allowing consumers to conclude distance_contracts with traders obtains sufficient indications or has reason to believe that any item of information referred to in paragraph 1 obtained from the trader concerned is inaccurate, incomplete or not up-to-date, that provider shall request that the trader remedy that situation without delay or within the period set by Union and national law.

Where the trader fails to correct or complete that information, the provider of the online_platform allowing consumers to conclude distance_contracts with traders shall swiftly suspend the provision of its service to that trader in relation to the offering of products or services to consumers located in the Union until the request has been fully complied with.

4.   Without prejudice to Article 4 of Regulation (EU) 2019/1150, if a provider of an online_platform allowing consumers to conclude distance_contracts with traders refuses to allow a trader to use its service pursuant to paragraph 1, or suspends the provision of its service pursuant to paragraph 3 of this Article, the trader concerned shall have the right to lodge a complaint as provided for in Articles 20 and 21 of this Regulation.

5.   Providers of online_platforms allowing consumers to conclude distance_contracts with traders shall store the information obtained pursuant to paragraphs 1 and 2 in a secure manner for a period of six months after the end of the contractual relationship with the trader concerned. They shall subsequently delete the information.

6.   Without prejudice to paragraph 2 of this Article, the provider of the online_platform allowing consumers to conclude distance_contracts with traders shall only disclose the information to third parties where so required in accordance with the applicable law, including the orders referred to in Article 10 and any orders issued by Member States’ competent authorities or the Commission for the performance of their tasks under this Regulation.

7.   The provider of the online_platform allowing consumers to conclude distance_contracts with traders shall make the information referred to in paragraph 1, points (a), (d) and (e) available on its online_platform to the recipients of the service in a clear, easily accessible and comprehensible manner. That information shall be available at least on the online_platform’s online_interface where the information on the product or service is presented.

1.   This Section shall apply to online_platforms and online_search_engines which have a number of average monthly active recipients of the service in the Union equal to or higher than 45 million, and which are designated as very large online_platforms or very large online_search_engines pursuant to paragraph 4.

2.   The Commission shall adopt delegated acts in accordance with Article 87 to adjust the number of average monthly active recipients of the service in the Union referred to in paragraph 1, where the Union’s population increases or decreases at least by 5 % in relation to its population in 2020 or its population after adjustment by means of a delegated act in the year in which the latest delegated act was adopted. In such a case, it shall adjust the number so that it corresponds to 10 % of the Union’s population in the year in which it adopts the delegated act, rounded up or down to allow the number to be expressed in millions.

3.   The Commission may adopt delegated acts in accordance with Article 87, after consulting the Board, to supplement the provisions of this Regulation by laying down the methodology for calculating the number of average monthly active recipients of the service in the Union, for the purposes of paragraph 1 of this Article and Article 24(2), ensuring that the methodology takes account of market and technological developments.

4.   The Commission shall, after having consulted the Member State of establishment or after taking into account the information provided by the Digital_Services_Coordinator_of_establishment pursuant to Article 24(4), adopt a decision designating as a very large online_platform or a very large online_search_engine for the purposes of this Regulation the online_platform or the online_search_engine which has a number of average monthly active recipients of the service equal to or higher than the number referred to in paragraph 1 of this Article. The Commission shall take its decision on the basis of data reported by the provider of the online_platform or of the online_search_engine pursuant to Article 24(2), or information requested pursuant to Article 24(3) or any other information available to the Commission.

The failure by the provider of the online_platform or of the online_search_engine to comply with Article 24(2) or to comply with the request by the Digital_Services_Coordinator_of_establishment or by the Commission pursuant to Article 24(3) shall not prevent the Commission from designating that provider as a provider of a very large online_platform or of a very large online_search_engine pursuant to this paragraph.

Where the Commission bases its decision on other information available to the Commission pursuant to the first subparagraph of this paragraph or on the basis of additional information requested pursuant to Article 24(3), the Commission shall give the provider of the online_platform or of the online_search_engine concerned 10 working days in which to submit its views on the Commission’s preliminary findings and on its intention to designate the online_platform or the online_search_engine as a very large online_platform or as a very large online_search_engine, respectively. The Commission shall take due account of the views submitted by the provider concerned.

The failure of the provider of the online_platform or of the online_search_engine concerned to submit its views pursuant to the third subparagraph shall not prevent the Commission from designating that online_platform or that online_search_engine as a very large online_platform or as a very large online_search_engine, respectively, based on other information available to it.

5.   The Commission shall terminate the designation if, during an uninterrupted period of one year, the online_platform or the online_search_engine does not have a number of average monthly active recipients of the service equal to or higher than the number referred to in paragraph 1.

6.   The Commission shall notify its decisions pursuant to paragraphs 4 and 5, without undue delay, to the provider of the online_platform or of the online_search_engine concerned, to the Board and to the Digital_Services_Coordinator_of_establishment.

The Commission shall ensure that the list of designated very large online_platforms and very large online_search_engines is published in the Official Journal of the European Union, and shall keep that list up to date. The obligations set out in this Section shall apply, or cease to apply, to the very large online_platforms and very large online_search_engines concerned from four months after the notification to the provider concerned referred to in the first subparagraph.

1.   Providers of very large online_platforms and of very large online_search_engines shall diligently identify, analyse and assess any systemic risks in the Union stemming from the design or functioning of their service and its related systems, including algorithmic systems, or from the use made of their services.

They shall carry out the risk assessments by the date of application referred to in Article 33(6), second subparagraph, and at least once every year thereafter, and in any event prior to deploying functionalities that are likely to have a critical impact on the risks identified pursuant to this Article. This risk assessment shall be specific to their services and proportionate to the systemic risks, taking into consideration their severity and probability, and shall include the following systemic risks:

2.   When conducting risk assessments, providers of very large online_platforms and of very large online_search_engines shall take into account, in particular, whether and how the following factors influence any of the systemic risks referred to in paragraph 1:

The assessments shall also analyse whether and how the risks pursuant to paragraph 1 are influenced by intentional manipulation of their service, including by inauthentic use or automated exploitation of the service, as well as the amplification and potentially rapid and wide dissemination of illegal_content and of information that is incompatible with their terms_and_conditions.

The assessment shall take into account specific regional or linguistic aspects, including when specific to a Member State.

3.   Providers of very large online_platforms and of very large online_search_engines shall preserve the supporting documents of the risk assessments for at least three years after the performance of risk assessments, and shall, upon request, communicate them to the Commission and to the Digital_Services_Coordinator_of_establishment.

1.   Providers of very large online_platforms and of very large online_search_engines shall be subject, at their own expense and at least once a year, to independent audits to assess compliance with the following:

2.   Providers of very large online_platforms and of very large online_search_engines shall afford the organisations carrying out the audits pursuant to this Article the cooperation and assistance necessary to enable them to conduct those audits in an effective, efficient and timely manner, including by giving them access to all relevant data and premises and by answering oral or written questions. They shall refrain from hampering, unduly influencing or undermining the performance of the audit.

Such audits shall ensure an adequate level of confidentiality and professional secrecy in respect of the information obtained from the providers of very large online_platforms and of very large online_search_engines and third parties in the context of the audits, including after the termination of the audits. However, complying with that requirement shall not adversely affect the performance of the audits and other provisions of this Regulation, in particular those on transparency, supervision and enforcement. Where necessary for the purpose of the transparency reporting pursuant to Article 42(4), the audit report and the audit implementation report referred to in paragraphs 4 and 6 of this Article shall be accompanied with versions that do not contain any information that could reasonably be considered to be confidential.

3.   Audits performed pursuant to paragraph 1 shall be performed by organisations which:

4.   Providers of very large online_platforms and of very large online_search_engines shall ensure that the organisations that perform the audits establish an audit report for each audit. That report shall be substantiated, in writing, and shall include at least the following:

5.   Where the organisation performing the audit was unable to audit certain specific elements or to express an audit opinion based on its investigations, the audit report shall include an explanation of the circumstances and the reasons why those elements could not be audited.

6.   Providers of very large online_platforms or of very large online_search_engines receiving an audit report that is not ‘positive’ shall take due account of the operational recommendations addressed to them with a view to take the necessary measures to implement them. They shall, within one month from receiving those recommendations, adopt an audit implementation report setting out those measures. Where they do not implement the operational recommendations, they shall justify in the audit implementation report the reasons for not doing so and set out any alternative measures that they have taken to address any instances of non-compliance identified.

7.   The Commission is empowered to adopt delegated acts in accordance with Article 87 to supplement this Regulation by laying down the necessary rules for the performance of the audits pursuant to this Article, in particular as regards the necessary rules on the procedural steps, auditing methodologies and reporting templates for the audits performed pursuant to this Article. Those delegated acts shall take into account any voluntary auditing standards referred to in Article 44(1), point (e).

1.   Providers of very large online_platforms or of very large online_search_engines that present advertisements on their online_interfaces shall compile and make publicly available in a specific section of their online_interface, through a searchable and reliable tool that allows multicriteria queries and through application programming interfaces, a repository containing the information referred to in paragraph 2, for the entire period during which they present an advertisement and until one year after the advertisement was presented for the last time on their online_interfaces. They shall ensure that the repository does not contain any personal data of the recipients of the service to whom the advertisement was or could have been presented, and shall make reasonable efforts to ensure that the information is accurate and complete.

2.   The repository shall include at least all of the following information:

3.   As regards paragraph 2, points (a), (b) and (c), where a provider of very large online_platform or of very large online_search_engine has removed or disabled access to a specific advertisement based on alleged illegality or incompatibility with its terms_and_conditions, the repository shall not include the information referred to in those points. In such case, the repository shall include, for the specific advertisement concerned, the information referred to in Article 17(3), points (a) to (e), or Article 9(2), point (a)(i), as applicable.

The Commission may, after consultation of the Board, the relevant vetted researchers referred to in Article 40 and the public, issue guidelines on the structure, organisation and functionalities of the repositories referred to in this Article.

1.   Providers of very large online_platforms or of very large online_search_engines shall provide the Digital_Services_Coordinator_of_establishment or the Commission, at their reasoned request and within a reasonable period specified in that request, access to data that are necessary to monitor and assess compliance with this Regulation.

2.   Digital Services Coordinators and the Commission shall use the data accessed pursuant to paragraph 1 only for the purpose of monitoring and assessing compliance with this Regulation and shall take due account of the rights and interests of the providers of very large online_platforms or of very large online_search_engines and the recipients of the service concerned, including the protection of personal data, the protection of confidential information, in particular trade secrets, and maintaining the security of their service.

3.   For the purposes of paragraph 1, providers of very large online_platforms or of very large online_search_engines shall, at the request of either the Digital Service Coordinator of establishment or of the Commission, explain the design, the logic, the functioning and the testing of their algorithmic systems, including their recommender_systems.

4.   Upon a reasoned request from the Digital_Services_Coordinator_of_establishment, providers of very large online_platforms or of very large online_search_engines shall, within a reasonable period, as specified in the request, provide access to data to vetted researchers who meet the requirements in paragraph 8 of this Article, for the sole purpose of conducting research that contributes to the detection, identification and understanding of systemic risks in the Union, as set out pursuant to Article 34(1), and to the assessment of the adequacy, efficiency and impacts of the risk mitigation measures pursuant to Article 35.

5.   Within 15 days following receipt of a request as referred to in paragraph 4, providers of very large online_platforms or of very large online_search_engines may request the Digital_Services_Coordinator_of_establishment, to amend the request, where they consider that they are unable to give access to the data requested because one of following two reasons:

6.   Requests for amendment pursuant to paragraph 5 shall contain proposals for one or more alternative means through which access may be provided to the requested data or other data which are appropriate and sufficient for the purpose of the request.

The Digital_Services_Coordinator_of_establishment shall decide on the request for amendment within 15 days and communicate to the provider of the very large online_platform or of the very large online_search_engine its decision and, where relevant, the amended request and the new period to comply with the request.

7.   Providers of very large online_platforms or of very large online_search_engines shall facilitate and provide access to data pursuant to paragraphs 1 and 4 through appropriate interfaces specified in the request, including online databases or application programming interfaces.

8.   Upon a duly substantiated application from researchers, the Digital_Services_Coordinator_of_establishment shall grant such researchers the status of ‘vetted researchers’ for the specific research referred to in the application and issue a reasoned request for data access to a provider of very large online_platform or of very large online_search_engine a pursuant to paragraph 4, where the researchers demonstrate that they meet all of the following conditions:

Upon receipt of the application pursuant to this paragraph, the Digital_Services_Coordinator_of_establishment shall inform the Commission and the Board.

9.   Researchers may also submit their application to the Digital Services Coordinator of the Member State of the research organisation to which they are affiliated. Upon receipt of the application pursuant to this paragraph the Digital Services Coordinator shall conduct an initial assessment as to whether the respective researchers meet all of the conditions set out in paragraph 8. The respective Digital Services Coordinator shall subsequently send the application, together with the supporting documents submitted by the respective researchers and the initial assessment, to the Digital_Services_Coordinator_of_establishment. The Digital_Services_Coordinator_of_establishment shall take a decision whether to award a researcher the status of ‘vetted researcher’ without undue delay.

While taking due account of the initial assessment provided, the final decision to award a researcher the status of ‘vetted researcher’ lies within the competence of Digital_Services_Coordinator_of_establishment, pursuant to paragraph 8.

10.   The Digital Services Coordinator that awarded the status of vetted researcher and issued the reasoned request for data access to the providers of very large online_platforms or of very large online_search_engines in favour of a vetted researcher shall issue a decision terminating the access if it determines, following an investigation either on its own initiative or on the basis of information received from third parties, that the vetted researcher no longer meets the conditions set out in paragraph 8, and shall inform the provider of the very large online_platform or of the very large online_search_engine concerned of the decision. Before terminating the access, the Digital Services Coordinator shall allow the vetted researcher to react to the findings of its investigation and to its intention to terminate the access.

11.   Digital Services Coordinators of establishment shall communicate to the Board the names and contact information of the natural persons or entities to which they have awarded the status of ‘vetted researcher’ in accordance with paragraph 8, as well as the purpose of the research in respect of which the application was made or, where they have terminated the access to the data in accordance with paragraph 10, communicate that information to the Board.

12.   Providers of very large online_platforms or of very large online_search_engines shall give access without undue delay to data, including, where technically possible, to real-time data, provided that the data is publicly accessible in their online_interface by researchers, including those affiliated to not for profit bodies, organisations and associations, who comply with the conditions set out in paragraph 8, points (b), (c), (d) and (e), and who use the data solely for performing research that contributes to the detection, identification and understanding of systemic risks in the Union pursuant to Article 34(1).

13.   The Commission shall, after consulting the Board, adopt delegated acts supplementing this Regulation by laying down the technical conditions under which providers of very large online_platforms or of very large online_search_engines are to share data pursuant to paragraphs 1 and 4 and the purposes for which the data may be used. Those delegated acts shall lay down the specific conditions under which such sharing of data with researchers can take place in compliance with Regulation (EU) 2016/679, as well as relevant objective indicators, procedures and, where necessary, independent advisory mechanisms in support of sharing of data, taking into account the rights and interests of the providers of very large online_platforms or of very large online_search_engines and the recipients of the service concerned, including the protection of confidential information, in particular trade secrets, and maintaining the security of their service.

1.   Providers of very large online_platforms or of very large online_search_engines shall establish a compliance function, which is independent from their operational functions and composed of one or more compliance officers, including the head of the compliance function. That compliance function shall have sufficient authority, stature and resources, as well as access to the management body of the provider of the very large online_platform or of the very large online_search_engine to monitor the compliance of that provider with this Regulation.

2.   The management body of the provider of the very large online_platform or of the very large online_search_engine shall ensure that compliance officers have the professional qualifications, knowledge, experience and ability necessary to fulfil the tasks referred to in paragraph 3.

The management body of the provider of the very large online_platform or of the very large online_search_engine shall ensure that the head of the compliance function is an independent senior manager with distinct responsibility for the compliance function.

The head of the compliance function shall report directly to the management body of the provider of the very large online_platform or of the very large online_search_engine, and may raise concerns and warn that body where risks referred to in Article 34 or non-compliance with this Regulation affect or may affect the provider of the very large online_platform or of the very large online_search_engine concerned, without prejudice to the responsibilities of the management body in its supervisory and managerial functions.

The head of the compliance function shall not be removed without prior approval of the management body of the provider of the very large online_platform or of the very large online_search_engine.

3.   Compliance officers shall have the following tasks:

4.   Providers of very large online_platforms or of very large online_search_engines shall communicate the name and contact details of the head of the compliance function to the Digital_Services_Coordinator_of_establishment and to the Commission.

5.   The management body of the provider of the very large online_platform or of the very large online_search_engine shall define, oversee and be accountable for the implementation of the provider's governance arrangements that ensure the independence of the compliance function, including the division of responsibilities within the organisation of the provider of very large online_platform or of very large online_search_engine, the prevention of conflicts of interest, and sound management of systemic risks identified pursuant to Article 34.

6.   The management body shall approve and review periodically, at least once a year, the strategies and policies for taking up, managing, monitoring and mitigating the risks identified pursuant to Article 34 to which the very large online_platform or the very large online_search_engine is or might be exposed to.

7.   The management body shall devote sufficient time to the consideration of the measures related to risk management. It shall be actively involved in the decisions related to risk management, and shall ensure that adequate resources are allocated to the management of the risks identified in accordance with Article 34.

1.   Providers of very large online_platforms or of very large online_search_engines shall publish the reports referred to in Article 15 at the latest by two months from the date of application referred to in Article 33(6), second subparagraph, and thereafter at least every six months.

2.   The reports referred to in paragraph 1 of this Article published by providers of very large online_platforms shall, in addition to the information referred to in Article 15 and Article 24(1), specify:

The reports shall be published in at least one of the official languages of the Member States.

3.   In addition to the information referred to in Articles 24(2), the providers of very large online_platforms or of very large online_search_engines shall include in the reports referred to in paragraph 1 of this Article the information on the average monthly recipients of the service for each Member State.

4.   Providers of very large online_platforms or of very large online_search_engines shall transmit to the Digital_Services_Coordinator_of_establishment and the Commission, without undue delay upon completion, and make publicly available at the latest three months after the receipt of each audit report pursuant to Article 37(4):

5.   Where a provider of very large online_platform or of very large online_search_engine considers that the publication of information pursuant to paragraph 4 might result in the disclosure of confidential information of that provider or of the recipients of the service, cause significant vulnerabilities for the security of its service, undermine public security or harm recipients, the provider may remove such information from the publicly available reports. In that case, the provider shall transmit the complete reports to the Digital_Services_Coordinator_of_establishment and the Commission, accompanied by a statement of the reasons for removing the information from the publicly available reports.

1.   The Commission shall consult the Board, and shall support and promote the development and implementation of voluntary standards set by relevant European and international standardisation bodies, at least in respect of the following:

2.   The Commission shall support the update of the standards in the light of technological developments and the behaviour of the recipients of the services in question. The relevant information regarding the update of the standards shall be publicly available and easily accessible.

1.   The Board may recommend that the Commission initiate the drawing up, in accordance with paragraphs 2, 3 and 4, of voluntary crisis protocols for addressing crisis situations. Those situations shall be strictly limited to extraordinary circumstances affecting public security or public health.

2.   The Commission shall encourage and facilitate the providers of very large online_platforms, of very large online_search_engines and, where appropriate, the providers of other online_platforms or of other online_search_engines, to participate in the drawing up, testing and application of those crisis protocols. The Commission shall aim to ensure that those crisis protocols include one or more of the following measures:

3.   The Commission shall, as appropriate, involve Member States’ authorities, and may also involve Union bodies, offices and agencies in drawing up, testing and supervising the application of the crisis protocols. The Commission may, where necessary and appropriate, also involve civil society organisations or other relevant organisations in drawing up the crisis protocols.

4.   The Commission shall aim to ensure that the crisis protocols set out clearly all of the following:

5.   If the Commission considers that a crisis protocol fails to effectively address the crisis situation, or to safeguard the exercise of fundamental rights as referred to in paragraph 4, point (e), it shall request the participants to revise the crisis protocol, including by taking additional measures.

1.   Member States shall ensure that their Digital Services Coordinators perform their tasks under this Regulation in an impartial, transparent and timely manner. Member States shall ensure that their Digital Services Coordinators have all necessary resources to carry out their tasks, including sufficient technical, financial and human resources to adequately supervise all providers of intermediary_services falling within their competence. Each Member State shall ensure that its Digital Services Coordinator has sufficient autonomy in managing its budget within the budget's overall limits, in order not to adversely affect the independence of the Digital Services Coordinator.

2.   When carrying out their tasks and exercising their powers in accordance with this Regulation, the Digital Services Coordinators shall act with complete independence. They shall remain free from any external influence, whether direct or indirect, and shall neither seek nor take instructions from any other public authority or any private party.

3.   Paragraph 2 of this Article is without prejudice to the tasks of Digital Services Coordinators within the system of supervision and enforcement provided for in this Regulation and the cooperation with other competent authorities in accordance with Article 49(2). Paragraph 2 of this Article shall not prevent the exercise of judicial review and shall also be without prejudice to proportionate accountability requirements regarding the general activities of the Digital Services Coordinators, such as financial expenditure or reporting to national parliaments, provided that those requirements do not undermine the achievement of the objectives of this Regulation.

1.   Member States shall lay down the rules on penalties applicable to infringements of this Regulation by providers of intermediary_services within their competence and shall take all the necessary measures to ensure that they are implemented in accordance with Article 51.

2.   Penalties shall be effective, proportionate and dissuasive. Member States shall notify the Commission of those rules and of those measures and shall notify it, without delay, of any subsequent amendments affecting them.

3.   Member States shall ensure that the maximum amount of fines that may be imposed for a failure to comply with an obligation laid down in this Regulation shall be 6 % of the annual worldwide turnover of the provider of intermediary_services concerned in the preceding financial year. Member States shall ensure that the maximum amount of the fine that may be imposed for the supply of incorrect, incomplete or misleading information, failure to reply or rectify incorrect, incomplete or misleading information and failure to submit to an inspection shall be 1 % of the annual income or worldwide turnover of the provider of intermediary_services or person concerned in the preceding financial year.

4.   Member States shall ensure that the maximum amount of a periodic penalty payment shall be 5 % of the average daily worldwide turnover or income of the provider of intermediary_services concerned in the preceding financial year per day, calculated from the date specified in the decision concerned.

1.   Digital Services Coordinators shall draw up annual reports on their activities under this Regulation, including the number of complaints received pursuant to Article 53 and an overview of their follow-up. The Digital Services Coordinators shall make the annual reports available to the public in a machine-readable format, subject to the applicable rules on the confidentiality of information pursuant to Article 84, and shall communicate them to the Commission and to the Board.

2.   The annual report shall also include the following information:

3.   Where a Member State has designated several competent authorities pursuant to Article 49, it shall ensure that the Digital Services Coordinator draws up a single report covering the activities of all competent authorities and that the Digital Services Coordinator receives all relevant information and support needed to that effect from the other competent authorities concerned.

1.   In the absence of a communication within the period laid down in Article 58(5), in the case of a disagreement of the Board with the assessment or the measures taken or envisaged pursuant to Article 58(5) or in the cases referred to in Article 60(3), the Board may refer the matter to the Commission, providing all relevant information. That information shall include at least the request or recommendation sent to the Digital_Services_Coordinator_of_establishment, the assessment by that Digital Services Coordinator, the reasons for the disagreement and any additional information supporting the referral.

2.   The Commission shall assess the matter within two months following the referral of the matter pursuant to paragraph 1, after having consulted the Digital_Services_Coordinator_of_establishment.

3.   Where, pursuant to paragraph 2 of this Article, the Commission considers that the assessment or the investigatory or enforcement measures taken or envisaged pursuant to Article 58(5) are insufficient to ensure effective enforcement or otherwise incompatible with this Regulation, it shall communicate its views to the Digital_Services_Coordinator_of_establishment and the Board and request the Digital_Services_Coordinator_of_establishment to review the matter.

The Digital_Services_Coordinator_of_establishment shall take the necessary investigatory or enforcement measures to ensure compliance with this Regulation, taking utmost account of the views and request for review by the Commission. The Digital_Services_Coordinator_of_establishment shall inform the Commission, as well as the requesting Digital Services Coordinator or the Board that took action pursuant to Article 58(1) or (2), about the measures taken within two months from that request for review.

1.   The Digital_Services_Coordinator_of_establishment may launch and lead joint investigations with the participation of one or more other Digital Services Coordinators concerned:

2.   Any Digital Services Coordinator that proves that it has a legitimate interest in participating in a joint investigation pursuant to paragraph 1 may request to do so. The joint investigation shall be concluded within three months from its launch, unless otherwise agreed amongst the participants.

The Digital_Services_Coordinator_of_establishment shall communicate its preliminary position on the alleged infringement no later than one month after the end of the deadline referred to in the first subparagraph to all Digital Services Coordinators, the Commission and the Board. The preliminary position shall take into account the views of all other Digital Services Coordinators participating in the joint investigation. Where applicable, this preliminary position shall also set out the enforcement measures envisaged.

3.   The Board may refer the matter to the Commission pursuant to Article 59, where:

4.   In carrying out the joint investigation, the participating Digital Services Coordinators shall cooperate in good faith, taking into account, where applicable, the indications of the Digital_Services_Coordinator_of_establishment and the Board’s recommendation. The Digital Services Coordinators of destination participating in the joint investigation shall be entitled, at the request of or after having consulted the Digital_Services_Coordinator_of_establishment, to exercise their investigative powers referred to in Article 51(1) in respect of the providers of intermediary_services concerned by the alleged infringement, with regard to information and premises located within their territory.

1.   The Board shall be composed of Digital Services Coordinators who shall be represented by high-level officials. The failure by one or more Member States to designate a Digital Services Coordinator shall not prevent the Board from performing its tasks under this Regulation. Where provided for by national law, other competent authorities entrusted with specific operational responsibilities for the application and enforcement of this Regulation alongside the Digital Services Coordinator may participate in the Board. Other national authorities may be invited to the meetings, where the issues discussed are of relevance for them.

2.   The Board shall be chaired by the Commission. The Commission shall convene the meetings and prepare the agenda in accordance with the tasks of the Board pursuant to this Regulation and in line with its rules of procedure. When the Board is requested to adopt a recommendation pursuant to this Regulation, it shall immediately make the request available to other Digital Services Coordinators through the information sharing system set out in Article 85.

3.   Each Member State shall have one vote. The Commission shall not have voting rights.

The Board shall adopt its acts by simple majority. When adopting a recommendation to the Commission referred to in Article 36(1), first subparagraph, the Board shall vote within 48 hours after the request of the Chair of the Board.

4.   The Commission shall provide administrative and analytical support for the activities of the Board pursuant to this Regulation.

5.   The Board may invite experts and observers to attend its meetings, and may cooperate with other Union bodies, offices, agencies and advisory groups, as well as external experts as appropriate. The Board shall make the results of this cooperation publicly available.

6.   The Board may consult interested parties, and shall make the results of such consultation publicly available.

7.   The Board shall adopt its rules of procedure, following the consent of the Commission.

1.   In order to carry out the tasks assigned to it under this Section, the Commission may conduct all necessary inspections at the premises of the provider of the very large online_platform or of the very large online_search_engine concerned or of another person referred to in Article 67(1).

2.   The officials and other accompanying persons authorised by the Commission to conduct an inspection shall be empowered to:

3.   Inspections may be carried out with the assistance of auditors or experts appointed by the Commission pursuant to Article 72(2), and of Digital Services Coordinator or other competent national authorities of the Member State in the territory of which the inspection is conducted.

4.   Where the production of required books or other records related to the provision of the service concerned is incomplete or where the answers to questions asked under paragraph 2 of this Article are incorrect, incomplete or misleading, the officials and other accompanying persons authorised by the Commission to conduct an inspection shall exercise their powers upon production of a written authorisation specifying the subject matter and purpose of the inspection and the penalties provided for in Articles 74 and 76. In good time before the inspection, the Commission shall inform the Digital Services Coordinator of the Member State in the territory in which the inspection is to be conducted thereof.

5.   During inspections, the officials and other accompanying persons authorised by the Commission, the auditors and experts appointed by the Commission, the Digital Services Coordinator or the other competent authorities of the Member State in the territory of which the inspection is conducted may require the provider of the very large online_platform or of the very large online_search_engine or other person concerned to provide explanations on its organisation, functioning, IT system, algorithms, data-handling and business conducts, and may address questions to its key personnel.

6.   The provider of the very large online_platform or of the very large online_search_engine or other natural or legal person concerned shall be required to submit to an inspection ordered by decision of the Commission. The decision shall specify the subject matter and purpose of the inspection, set the date on which it is to begin and indicate the penalties provided for in Articles 74 and 76 and the right to have the decision reviewed by the Court of Justice of the European Union. The Commission shall consult the Digital Services Coordinator of the Member State on territory of which the inspection is to be conducted prior to taking that decision.

7.   Officials of, and other persons authorised or appointed by, the Digital Services Coordinator of the Member State on the territory of which the inspection is to be conducted shall, at the request of that Digital Services Coordinator or of the Commission, actively assist the officials and other accompanying persons authorised by the Commission in relation to the inspection. To this end, they shall have the powers listed in paragraph 2.

8.   Where the officials and other accompanying persons authorised by the Commission find that the provider of the very large online_platform or of the very large online_search_engine or the other person concerned opposes an inspection ordered pursuant to this Article, the Member State in the territory of which the inspection is to be conducted shall, at the request of those officials or other accompanying persons and in accordance with the national law of the Member State, afford them necessary assistance, including, where appropriate under that national law, in the form of coercive measures taken by a competent law enforcement authority, so as to enable them to conduct the inspection.

9.   If the assistance provided for in paragraph 8 requires authorisation from a national judicial authority in accordance with the national law of the Member State concerned, such authorisation shall be applied for by the Digital Services Coordinator of that Member State at the request of the officials and other accompanying persons authorised by the Commission. Such authorisation may also be applied for as a precautionary measure.

10.   Where the authorisation referred to in paragraph 9 is applied for, the national judicial authority before which a case has been brought shall verify that the Commission decision ordering the inspection is authentic and that the coercive measures envisaged are neither arbitrary nor excessive having regard to the subject matter of the inspection. When conducting such verification, the national judicial authority may ask the Commission, directly or through the Digital Services Coordinators of the Member State concerned, for detailed explanations, in particular those concerning the grounds on which the Commission suspects an infringement of this Regulation, concerning the seriousness of the suspected infringement and concerning the nature of the involvement of the provider of the very large online_platform or of the very large online_search_engine or of the other person concerned. However, the national judicial authority shall not call into question the necessity for the inspection nor demand information from the case file of the Commission. The lawfulness of the Commission decision shall be subject to review only by the Court of Justice of the European Union.

1.   For the purposes of carrying out the tasks assigned to it under this Section, the Commission may take the necessary actions to monitor the effective implementation and compliance with this Regulation by providers of the very large online_platform and of the very large online_search_engines. The Commission may order them to provide access to, and explanations relating to, its databases and algorithms. Such actions may include, imposing an obligation on the provider of the very large online_platform or of the very large online_search_engine to retain all documents deemed to be necessary to assess the implementation of and compliance with the obligations under this Regulation.

2.   The actions pursuant to paragraph 1 may include the appointment of independent external experts and auditors, as well as experts and auditors from competent national authorities with the agreement of the authority concerned, to assist the Commission in monitoring the effective implementation and compliance with the relevant provisions of this Regulation and to provide specific expertise or knowledge to the Commission.

1.   The Commission may adopt a decision, imposing on the provider of the very large online_platform or of the very large online_search_engine concerned or other person referred to in Article 67(1), as applicable, periodic penalty payments not exceeding 5 % of the average daily income or worldwide annual turnover in the preceding financial year per day, calculated from the date appointed by the decision, in order to compel them to:

2.   Where the provider of the very large online_platform or of the very large online_search_engine concerned or other person referred to in Article 67(1) has satisfied the obligation which the periodic penalty payment was intended to enforce, the Commission may fix the definitive amount of the periodic penalty payment at a figure lower than that under the original decision.

1.   Before adopting a decision pursuant to Article 73(1), Article 74 or 76, the Commission shall give the provider of the very large online_platform or of the very large online_search_engine concerned or other person referred to in Article 67(1) the opportunity of being heard on:

2.   The provider of the very large online_platform or of the very large online_search_engine concerned or other person referred to in Article 67(1) may submit its observations on the Commission’s preliminary findings within a reasonable period set by the Commission in its preliminary findings, which may not be less than 14 days.

3.   The Commission shall base its decisions only on objections on which the parties concerned have been able to comment.

4.   The rights of defence of the parties concerned shall be fully respected in the proceedings. They shall be entitled to have access to the Commission's file under the terms of a negotiated disclosure, subject to the legitimate interest of the provider of the very large online_platform or of the very large online_search_engine or other person concerned in the protection of their business secrets. The Commission shall have the power to adopt decisions setting out such terms of disclosure in case of disagreement between the parties. The right of access to the file of the Commission shall not extend to confidential information and internal documents of the Commission, the Board, Digital Service Coordinators, other competent authorities or other public authorities of the Member States. In particular, the right of access shall not extend to correspondence between the Commission and those authorities. Nothing in this paragraph shall prevent the Commission from disclosing and using information necessary to prove an infringement.

5.   The information collected pursuant to Articles 67, 68 and 69 shall be used only for the purpose of this Regulation.

1.   The power to adopt delegated acts is conferred on the Commission subject to the conditions laid down in this Article.

2.   The delegation of power referred to in Articles 24, 33, 37, 40 and 43 shall be conferred on the Commission for five years starting from 16 November 2022. The Commission shall draw up a report in respect of the delegation of power not later than nine months before the end of the five-year period. The delegation of power shall be tacitly extended for periods of an identical duration, unless the European Parliament or the Council opposes such extension not later than three months before the end of each period.

3.   The delegation of power referred to in Articles 24, 33, 37, 40 and 43 may be revoked at any time by the European Parliament or by the Council. A decision of revocation shall put an end to the delegation of power specified in that decision. It shall take effect the day following that of its publication in the Official Journal of the European Union or at a later date specified therein. It shall not affect the validity of any delegated acts already in force.

4.   Before adopting a delegated act, the Commission shall consult experts designated by each Member State in accordance with the principles laid down in the Interinstitutional Agreement of 13 April 2016 on Better Law-Making.

5.   As soon as it adopts a delegated act, the Commission shall notify it simultaneously to the European Parliament and to the Council.

6.   A delegated act adopted pursuant to Articles 24, 33, 37, 40 and 43 shall enter into force only if no objection has been expressed by either the European Parliament or the Council within a period of three months of notification of that act to the European Parliament and the Council or if, before the expiry of that period, the European Parliament and the Council have both informed the Commission that they will not object. That period shall be extended by three months at the initiative of the European Parliament or of the Council.

1.   This Regulation shall enter into force on the twentieth day following that of its publication in the Official Journal of the European Union.

2.   This Regulation shall apply from 17 February 2024.

However, Article 24(2), (3) and (6), Article 33(3) to (6), Article 37(7), Article 40(13), Article 43 and Sections 4, 5 and 6 of Chapter IV shall apply from 16 November 2022.