keyboard_tab Digital Service Act 2022/2065 EN
BG CS DA DE EL EN ES ET FI FR GA HR HU IT LV LT MT NL PL PT RO SK SL SV print pdf
- 1 Art. 15 Transparency reporting obligations for providers of intermediary services
- 1 Art. 40 Data access and scrutiny
- 1 Art. 42 Transparency reporting obligations
- 4 Art. 45 Codes of conduct
CHAPTER I
GENERAL PROVISIONS
CHAPTER II
LIABILITY OF PROVIDERS OF INTERMEDIARY SERVICES
CHAPTER III
DUE DILIGENCE OBLIGATIONS FOR A TRANSPARENT AND SAFE ONLINE ENVIRONMENT
SECTION 1
Provisions applicable to all providers of intermediary services
SECTION 2
Additional provisions applicable to providers of hosting services, including online platforms
SECTION 3
Additional provisions applicable to providers of online platforms
SECTION 4
Additional provisions applicable to providers of online platforms allowing consumers to conclude distance contracts with traders
SECTION 5
Additional obligations for providers of very large online platforms and of very large online search engines to manage systemic risks
SECTION 6
Other provisions concerning due diligence obligations
CHAPTER IV
IMPLEMENTATION, COOPERATION, PENALTIES AND ENFORCEMENT
SECTION 1
Competent authorities and national Digital Services Coordinators
SECTION 2
Competences, coordinated investigation and consistency mechanisms
SECTION 3
European Board for Digital Services
SECTION 4
Supervision, investigation, enforcement and monitoring in respect of providers of very large online platforms and of very large online search engines
SECTION 5
Common provisions on enforcement
SECTION 6
Delegated and implementing acts
CHAPTER V
FINAL PROVISIONS
- information society service
- recipient of the service
- consumer
- to offer services in the Union
- substantial connection to the Union
- trader
- intermediary service
- mere conduit
- caching
- hosting
- illegal content
- online platform
- online search engine
- dissemination to the public
- distance contract
- online interface
- Digital Services Coordinator of establishment
- Digital Services Coordinator of destination
- active recipient of an online platform
- active recipient of an online search engine
- advertisement
- recommender system
- content moderation
- terms and conditions
- persons with disabilities
- commercial communication
- turnover
- Mere conduit
- Caching
- large 43
- very 43
- shall 39
- data 26
- online_platforms 22
- providers 20
- information 20
- paragraph 18
- they 17
- request 17
- pursuant 17
- online_search_engines 16
- commission 16
- access 16
- service 15
- including 13
- research 12
- application 12
- referred 11
- provider 11
- digital_services_coordinator_of_establishment 11
- services 10
- reports 10
- which 9
- accordance 9
- conduct 9
- measures 9
- in article 9
- board 9
- codes 8
- concerned 8
- from 8
- researchers 8
- taken 7
- take 7
- intermediary_services 7
- down 7
- digital 7
- specific 7
- recipients 7
- purposes 7
- particular 7
- indicators 7
- number 7
- the 6
- well 6
- risk 6
- provided 6
- relevant 6
- regulation 6
Article 15
Transparency reporting obligations for providers of intermediary_services
1. Providers of intermediary_services shall make publicly available, in a machine-readable format and in an easily accessible manner, at least once a year, clear, easily comprehensible reports on any content_moderation that they engaged in during the relevant period. Those reports shall include, in particular, information on the following, as applicable:
| (a) | for providers of intermediary_services, the number of orders received from Member States’ authorities including orders issued in accordance with Articles 9 and 10, categorised by the type of illegal_content concerned, the Member State issuing the order, and the median time needed to inform the authority issuing the order, or any other authority specified in the order, of its receipt, and to give effect to the order; |
| (b) | for providers of hosting services, the number of notices submitted in accordance with Article 16, categorised by the type of alleged illegal_content concerned, the number of notices submitted by trusted flaggers, any action taken pursuant to the notices by differentiating whether the action was taken on the basis of the law or the terms_and_conditions of the provider, the number of notices processed by using automated means and the median time needed for taking the action; |
| (c) | for providers of intermediary_services, meaningful and comprehensible information about the content_moderation engaged in at the providers’ own initiative, including the use of automated tools, the measures taken to provide training and assistance to persons in charge of content_moderation, the number and type of measures taken that affect the availability, visibility and accessibility of information provided by the recipients of the service and the recipients’ ability to provide information through the service, and other related restrictions of the service; the information reported shall be categorised by the type of illegal_content or violation of the terms_and_conditions of the service provider, by the detection method and by the type of restriction applied; |
| (d) | for providers of intermediary_services, the number of complaints received through the internal complaint-handling systems in accordance with the provider’s terms_and_conditions and additionally, for providers of online_platforms, in accordance with Article 20, the basis for those complaints, decisions taken in respect of those complaints, the median time needed for taking those decisions and the number of instances where those decisions were reversed; |
| (e) | any use made of automated means for the purpose of content_moderation, including a qualitative description, a specification of the precise purposes, indicators of the accuracy and the possible rate of error of the automated means used in fulfilling those purposes, and any safeguards applied. |
2. Paragraph 1 of this Article shall not apply to providers of intermediary_services that qualify as micro or small enterprises as defined in Recommendation 2003/361/EC and which are not very large online_platforms within the meaning of Article 33 of this Regulation.
3. The Commission may adopt implementing acts to lay down templates concerning the form, content and other details of reports pursuant to paragraph 1 of this Article, including harmonised reporting periods. Those implementing acts shall be adopted in accordance with the advisory procedure referred to in Article 88.
SECTION 2
Additional provisions applicable to providers of hosting services, including online_platforms
Article 40
Data access and scrutiny
1. Providers of very large online_platforms or of very large online_search_engines shall provide the Digital_Services_Coordinator_of_establishment or the Commission, at their reasoned request and within a reasonable period specified in that request, access to data that are necessary to monitor and assess compliance with this Regulation.
2. Digital Services Coordinators and the Commission shall use the data accessed pursuant to paragraph 1 only for the purpose of monitoring and assessing compliance with this Regulation and shall take due account of the rights and interests of the providers of very large online_platforms or of very large online_search_engines and the recipients of the service concerned, including the protection of personal data, the protection of confidential information, in particular trade secrets, and maintaining the security of their service.
3. For the purposes of paragraph 1, providers of very large online_platforms or of very large online_search_engines shall, at the request of either the Digital Service Coordinator of establishment or of the Commission, explain the design, the logic, the functioning and the testing of their algorithmic systems, including their recommender_systems.
4. Upon a reasoned request from the Digital_Services_Coordinator_of_establishment, providers of very large online_platforms or of very large online_search_engines shall, within a reasonable period, as specified in the request, provide access to data to vetted researchers who meet the requirements in paragraph 8 of this Article, for the sole purpose of conducting research that contributes to the detection, identification and understanding of systemic risks in the Union, as set out pursuant to Article 34(1), and to the assessment of the adequacy, efficiency and impacts of the risk mitigation measures pursuant to Article 35.
5. Within 15 days following receipt of a request as referred to in paragraph 4, providers of very large online_platforms or of very large online_search_engines may request the Digital_Services_Coordinator_of_establishment, to amend the request, where they consider that they are unable to give access to the data requested because one of following two reasons:
| (a) | they do not have access to the data; |
| (b) | giving access to the data will lead to significant vulnerabilities in the security of their service or the protection of confidential information, in particular trade secrets. |
6. Requests for amendment pursuant to paragraph 5 shall contain proposals for one or more alternative means through which access may be provided to the requested data or other data which are appropriate and sufficient for the purpose of the request.
The Digital_Services_Coordinator_of_establishment shall decide on the request for amendment within 15 days and communicate to the provider of the very large online_platform or of the very large online_search_engine its decision and, where relevant, the amended request and the new period to comply with the request.
7. Providers of very large online_platforms or of very large online_search_engines shall facilitate and provide access to data pursuant to paragraphs 1 and 4 through appropriate interfaces specified in the request, including online databases or application programming interfaces.
8. Upon a duly substantiated application from researchers, the Digital_Services_Coordinator_of_establishment shall grant such researchers the status of ‘vetted researchers’ for the specific research referred to in the application and issue a reasoned request for data access to a provider of very large online_platform or of very large online_search_engine a pursuant to paragraph 4, where the researchers demonstrate that they meet all of the following conditions:
| (a) | they are affiliated to a research organisation as defined in Article 2, point (1), of Directive (EU) 2019/790; |
| (b) | they are independent from commercial interests; |
| (c) | their application discloses the funding of the research; |
| (d) | they are capable of fulfilling the specific data security and confidentiality requirements corresponding to each request and to protect personal data, and they describe in their request the appropriate technical and organisational measures that they have put in place to this end; |
| (e) | their application demonstrates that their access to the data and the time frames requested are necessary for, and proportionate to, the purposes of their research, and that the expected results of that research will contribute to the purposes laid down in paragraph 4; |
| (f) | the planned research activities will be carried out for the purposes laid down in paragraph 4; |
| (g) | they have committed themselves to making their research results publicly available free of charge, within a reasonable period after the completion of the research, subject to the rights and interests of the recipients of the service concerned, in accordance with Regulation (EU) 2016/679. |
Upon receipt of the application pursuant to this paragraph, the Digital_Services_Coordinator_of_establishment shall inform the Commission and the Board.
9. Researchers may also submit their application to the Digital Services Coordinator of the Member State of the research organisation to which they are affiliated. Upon receipt of the application pursuant to this paragraph the Digital Services Coordinator shall conduct an initial assessment as to whether the respective researchers meet all of the conditions set out in paragraph 8. The respective Digital Services Coordinator shall subsequently send the application, together with the supporting documents submitted by the respective researchers and the initial assessment, to the Digital_Services_Coordinator_of_establishment. The Digital_Services_Coordinator_of_establishment shall take a decision whether to award a researcher the status of ‘vetted researcher’ without undue delay.
While taking due account of the initial assessment provided, the final decision to award a researcher the status of ‘vetted researcher’ lies within the competence of Digital_Services_Coordinator_of_establishment, pursuant to paragraph 8.
10. The Digital Services Coordinator that awarded the status of vetted researcher and issued the reasoned request for data access to the providers of very large online_platforms or of very large online_search_engines in favour of a vetted researcher shall issue a decision terminating the access if it determines, following an investigation either on its own initiative or on the basis of information received from third parties, that the vetted researcher no longer meets the conditions set out in paragraph 8, and shall inform the provider of the very large online_platform or of the very large online_search_engine concerned of the decision. Before terminating the access, the Digital Services Coordinator shall allow the vetted researcher to react to the findings of its investigation and to its intention to terminate the access.
11. Digital Services Coordinators of establishment shall communicate to the Board the names and contact information of the natural persons or entities to which they have awarded the status of ‘vetted researcher’ in accordance with paragraph 8, as well as the purpose of the research in respect of which the application was made or, where they have terminated the access to the data in accordance with paragraph 10, communicate that information to the Board.
12. Providers of very large online_platforms or of very large online_search_engines shall give access without undue delay to data, including, where technically possible, to real-time data, provided that the data is publicly accessible in their online_interface by researchers, including those affiliated to not for profit bodies, organisations and associations, who comply with the conditions set out in paragraph 8, points (b), (c), (d) and (e), and who use the data solely for performing research that contributes to the detection, identification and understanding of systemic risks in the Union pursuant to Article 34(1).
13. The Commission shall, after consulting the Board, adopt delegated acts supplementing this Regulation by laying down the technical conditions under which providers of very large online_platforms or of very large online_search_engines are to share data pursuant to paragraphs 1 and 4 and the purposes for which the data may be used. Those delegated acts shall lay down the specific conditions under which such sharing of data with researchers can take place in compliance with Regulation (EU) 2016/679, as well as relevant objective indicators, procedures and, where necessary, independent advisory mechanisms in support of sharing of data, taking into account the rights and interests of the providers of very large online_platforms or of very large online_search_engines and the recipients of the service concerned, including the protection of confidential information, in particular trade secrets, and maintaining the security of their service.
Article 42
Transparency reporting obligations
1. Providers of very large online_platforms or of very large online_search_engines shall publish the reports referred to in Article 15 at the latest by two months from the date of application referred to in Article 33(6), second subparagraph, and thereafter at least every six months.
2. The reports referred to in paragraph 1 of this Article published by providers of very large online_platforms shall, in addition to the information referred to in Article 15 and Article 24(1), specify:
| (a) | the human resources that the provider of very large online_platforms dedicates to content_moderation in respect of the service offered in the Union, broken down by each applicable official language of the Member States, including for compliance with the obligations set out in Articles 16 and 22, as well as for compliance with the obligations set out in Article 20; |
| (b) | the qualifications and linguistic expertise of the persons carrying out the activities referred to in point (a), as well as the training and support given to such staff; |
| (c) | the indicators of accuracy and related information referred to in Article 15(1), point (e), broken down by each official language of the Member States. |
The reports shall be published in at least one of the official languages of the Member States.
3. In addition to the information referred to in Articles 24(2), the providers of very large online_platforms or of very large online_search_engines shall include in the reports referred to in paragraph 1 of this Article the information on the average monthly recipients of the service for each Member State.
4. Providers of very large online_platforms or of very large online_search_engines shall transmit to the Digital_Services_Coordinator_of_establishment and the Commission, without undue delay upon completion, and make publicly available at the latest three months after the receipt of each audit report pursuant to Article 37(4):
| (a) | a report setting out the results of the risk assessment pursuant to Article 34; |
| (b) | the specific mitigation measures put in place pursuant to Article 35(1); |
| (c) | the audit report provided for in Article 37(4); |
| (d) | the audit implementation report provided for in Article 37(6); |
| (e) | where applicable, information about the consultations conducted by the provider in support of the risk assessments and design of the risk mitigation measures. |
5. Where a provider of very large online_platform or of very large online_search_engine considers that the publication of information pursuant to paragraph 4 might result in the disclosure of confidential information of that provider or of the recipients of the service, cause significant vulnerabilities for the security of its service, undermine public security or harm recipients, the provider may remove such information from the publicly available reports. In that case, the provider shall transmit the complete reports to the Digital_Services_Coordinator_of_establishment and the Commission, accompanied by a statement of the reasons for removing the information from the publicly available reports.
Article 45
Codes of conduct
1. The Commission and the Board shall encourage and facilitate the drawing up of voluntary codes of conduct at Union level to contribute to the proper application of this Regulation, taking into account in particular the specific challenges of tackling different types of illegal_content and systemic risks, in accordance with Union law in particular on competition and the protection of personal data.
2. Where significant systemic risk within the meaning of Article 34(1) emerge and concern several very large online_platforms or very large online_search_engines, the Commission may invite the providers of very large online_platforms concerned or the providers of very large online_search_engines concerned, and other providers of very large online_platforms, of very large online_search_engines, of online_platforms and of other intermediary_services, as appropriate, as well as relevant competent authorities, civil society organisations and other relevant stakeholders, to participate in the drawing up of codes of conduct, including by setting out commitments to take specific risk mitigation measures, as well as a regular reporting framework on any measures taken and their outcomes.
3. When giving effect to paragraphs 1 and 2, the Commission and the Board, and where relevant other bodies, shall aim to ensure that the codes of conduct clearly set out their specific objectives, contain key performance indicators to measure the achievement of those objectives and take due account of the needs and interests of all interested parties, and in particular citizens, at Union level. The Commission and the Board shall also aim to ensure that participants report regularly to the Commission and their respective Digital Services Coordinators of establishment on any measures taken and their outcomes, as measured against the key performance indicators that they contain. Key performance indicators and reporting commitments shall take into account differences in size and capacity between different participants.
4. The Commission and the Board shall assess whether the codes of conduct meet the aims specified in paragraphs 1 and 3, and shall regularly monitor and evaluate the achievement of their objectives, having regard to the key performance indicators that they might contain. They shall publish their conclusions.
The Commission and the Board shall also encourage and facilitate regular review and adaptation of the codes of conduct.
In the case of systematic failure to comply with the codes of conduct, the Commission and the Board may invite the signatories to the codes of conduct to take the necessary action.
whereas