keyboard_tab Digital Service Act 2022/2065 EN
BG CS DA DE EL EN ES ET FI FR GA HR HU IT LV LT MT NL PL PT RO SK SL SV print pdf
- 1 Art. 15 Transparency reporting obligations for providers of intermediary services
- 1 Art. 17 Statement of reasons
- 1 Art. 25 Online interface design and organisation
- 1 Art. 30 Traceability of traders
- 1 Art. 32 Right to information
- 1 Art. 34 Risk assessment
- 1 Art. 40 Data access and scrutiny
- 1 Art. 41 Compliance function
- 1 Art. 73 Non-compliance
- 1 Art. 74 Fines
- 1 Art. 76 Periodic penalty payments
- 1 Art. 88 Committee procedure
CHAPTER I
GENERAL PROVISIONS
CHAPTER II
LIABILITY OF PROVIDERS OF INTERMEDIARY SERVICES
CHAPTER III
DUE DILIGENCE OBLIGATIONS FOR A TRANSPARENT AND SAFE ONLINE ENVIRONMENT
SECTION 1
Provisions applicable to all providers of intermediary services
SECTION 2
Additional provisions applicable to providers of hosting services, including online platforms
SECTION 3
Additional provisions applicable to providers of online platforms
SECTION 4
Additional provisions applicable to providers of online platforms allowing consumers to conclude distance contracts with traders
SECTION 5
Additional obligations for providers of very large online platforms and of very large online search engines to manage systemic risks
SECTION 6
Other provisions concerning due diligence obligations
CHAPTER IV
IMPLEMENTATION, COOPERATION, PENALTIES AND ENFORCEMENT
SECTION 1
Competent authorities and national Digital Services Coordinators
SECTION 2
Competences, coordinated investigation and consistency mechanisms
SECTION 3
European Board for Digital Services
SECTION 4
Supervision, investigation, enforcement and monitoring in respect of providers of very large online platforms and of very large online search engines
SECTION 5
Common provisions on enforcement
SECTION 6
Delegated and implementing acts
CHAPTER V
FINAL PROVISIONS
- information society service
- recipient of the service
- consumer
- to offer services in the Union
- substantial connection to the Union
- trader
- intermediary service
- mere conduit
- caching
- hosting
- illegal content
- online platform
- online search engine
- dissemination to the public
- distance contract
- online interface
- Digital Services Coordinator of establishment
- Digital Services Coordinator of destination
- active recipient of an online platform
- active recipient of an online search engine
- advertisement
- recommender system
- content moderation
- terms and conditions
- persons with disabilities
- commercial communication
- turnover
- Mere conduit
- Caching
- large 85
- very 85
- shall 85
- information 53
- provider 46
- pursuant 43
- paragraph 39
- decision 38
- online_platform 35
- service 28
- data 27
- services 26
- online_search_engine 26
- concerned 25
- referred 25
- commission 25
- online_platforms 24
- request 23
- including 22
- providers 21
- to article 21
- access 20
- in article 20
- compliance 20
- they 19
- trader 18
- traders 18
- the 17
- consumers 16
- online_search_engines 16
- measures 15
- management 14
- regulation 14
- which 14
- have 14
- within 13
- risks 13
- article 13
- from 13
- providers 12
- made 12
- allowing 12
- accordance 12
- comply 12
- research 12
- relevant 12
- digital_services_coordinator_of_establishment 12
- application 11
- distance_contracts 11
- period 11
Article 15
Transparency reporting obligations for providers of intermediary_services
1. Providers of intermediary_services shall make publicly available, in a machine-readable format and in an easily accessible manner, at least once a year, clear, easily comprehensible reports on any content_moderation that they engaged in during the relevant period. Those reports shall include, in particular, information on the following, as applicable:
| (a) | for providers of intermediary_services, the number of orders received from Member States’ authorities including orders issued in accordance with Articles 9 and 10, categorised by the type of illegal_content concerned, the Member State issuing the order, and the median time needed to inform the authority issuing the order, or any other authority specified in the order, of its receipt, and to give effect to the order; |
| (b) | for providers of hosting services, the number of notices submitted in accordance with Article 16, categorised by the type of alleged illegal_content concerned, the number of notices submitted by trusted flaggers, any action taken pursuant to the notices by differentiating whether the action was taken on the basis of the law or the terms_and_conditions of the provider, the number of notices processed by using automated means and the median time needed for taking the action; |
| (c) | for providers of intermediary_services, meaningful and comprehensible information about the content_moderation engaged in at the providers’ own initiative, including the use of automated tools, the measures taken to provide training and assistance to persons in charge of content_moderation, the number and type of measures taken that affect the availability, visibility and accessibility of information provided by the recipients of the service and the recipients’ ability to provide information through the service, and other related restrictions of the service; the information reported shall be categorised by the type of illegal_content or violation of the terms_and_conditions of the service provider, by the detection method and by the type of restriction applied; |
| (d) | for providers of intermediary_services, the number of complaints received through the internal complaint-handling systems in accordance with the provider’s terms_and_conditions and additionally, for providers of online_platforms, in accordance with Article 20, the basis for those complaints, decisions taken in respect of those complaints, the median time needed for taking those decisions and the number of instances where those decisions were reversed; |
| (e) | any use made of automated means for the purpose of content_moderation, including a qualitative description, a specification of the precise purposes, indicators of the accuracy and the possible rate of error of the automated means used in fulfilling those purposes, and any safeguards applied. |
2. Paragraph 1 of this Article shall not apply to providers of intermediary_services that qualify as micro or small enterprises as defined in Recommendation 2003/361/EC and which are not very large online_platforms within the meaning of Article 33 of this Regulation.
3. The Commission may adopt implementing acts to lay down templates concerning the form, content and other details of reports pursuant to paragraph 1 of this Article, including harmonised reporting periods. Those implementing acts shall be adopted in accordance with the advisory procedure referred to in Article 88.
SECTION 2
Additional provisions applicable to providers of hosting services, including online_platforms
Article 17
Statement of reasons
1. Providers of hosting services shall provide a clear and specific statement of reasons to any affected recipients of the service for any of the following restrictions imposed on the ground that the information provided by the recipient_of_the_service is illegal_content or incompatible with their terms_and_conditions:
| (a) | any restrictions of the visibility of specific items of information provided by the recipient_of_the_service, including removal of content, disabling access to content, or demoting content; |
| (b) | suspension, termination or other restriction of monetary payments; |
| (c) | suspension or termination of the provision of the service in whole or in part; |
| (d) | suspension or termination of the recipient_of_the_service's account. |
2. Paragraph 1 shall only apply where the relevant electronic contact details are known to the provider. It shall apply at the latest from the date that the restriction is imposed, regardless of why or how it was imposed.
Paragraph 1 shall not apply where the information is deceptive high-volume commercial content.
3. The statement of reasons referred to in paragraph 1 shall at least contain the following information:
| (a) | information on whether the decision entails either the removal of, the disabling of access to, the demotion of or the restriction of the visibility of the information, or the suspension or termination of monetary payments related to that information, or imposes other measures referred to in paragraph 1 with regard to the information, and, where relevant, the territorial scope of the decision and its duration; |
| (b) | the facts and circumstances relied on in taking the decision, including, where relevant, information on whether the decision was taken pursuant to a notice submitted in accordance with Article 16 or based on voluntary own-initiative investigations and, where strictly necessary, the identity of the notifier; |
| (c) | where applicable, information on the use made of automated means in taking the decision, including information on whether the decision was taken in respect of content detected or identified using automated means; |
| (d) | where the decision concerns allegedly illegal_content, a reference to the legal ground relied on and explanations as to why the information is considered to be illegal_content on that ground; |
| (e) | where the decision is based on the alleged incompatibility of the information with the terms_and_conditions of the provider of hosting services, a reference to the contractual ground relied on and explanations as to why the information is considered to be incompatible with that ground; |
| (f) | clear and user-friendly information on the possibilities for redress available to the recipient_of_the_service in respect of the decision, in particular, where applicable through internal complaint-handling mechanisms, out-of-court dispute settlement and judicial redress. |
4. The information provided by the providers of hosting services in accordance with this Article shall be clear and easily comprehensible and as precise and specific as reasonably possible under the given circumstances. The information shall, in particular, be such as to reasonably allow the recipient_of_the_service concerned to effectively exercise the possibilities for redress referred to in of paragraph 3, point (f).
5. This Article shall not apply to any orders referred to in Article 9.
Article 25
Online interface design and organisation
1. Providers of online_platforms shall not design, organise or operate their online_interfaces in a way that deceives or manipulates the recipients of their service or in a way that otherwise materially distorts or impairs the ability of the recipients of their service to make free and informed decisions.
2. The prohibition in paragraph 1 shall not apply to practices covered by Directive 2005/29/EC or Regulation (EU) 2016/679.
3. The Commission may issue guidelines on how paragraph 1 applies to specific practices, notably:
| (a) | giving more prominence to certain choices when asking the recipient_of_the_service for a decision; |
| (b) | repeatedly requesting that the recipient_of_the_service make a choice where that choice has already been made, especially by presenting pop-ups that interfere with the user experience; |
| (c) | making the procedure for terminating a service more difficult than subscribing to it. |
Article 30
Traceability of traders
1. Providers of online_platforms allowing consumers to conclude distance_contracts with traders shall ensure that traders can only use those online_platforms to promote messages on or to offer products or services to consumers located in the Union if, prior to the use of their services for those purposes, they have obtained the following information, where applicable to the trader:
| (a) | the name, address, telephone number and email address of the trader; |
| (b) | a copy of the identification document of the trader or any other electronic identification as defined by Article 3 of Regulation (EU) No 910/2014 of the European Parliament and of the Council (40); |
| (c) | the payment account details of the trader; |
| (d) | where the trader is registered in a trade register or similar public register, the trade register in which the trader is registered and its registration number or equivalent means of identification in that register; |
| (e) | a self-certification by the trader committing to only offer products or services that comply with the applicable rules of Union law. |
2. Upon receiving the information referred to in paragraph 1 and prior to allowing the trader concerned to use its services, the provider of the online_platform allowing consumers to conclude distance_contracts with traders shall, through the use of any freely accessible official online database or online_interface made available by a Member State or the Union or through requests to the trader to provide supporting documents from reliable sources, make best efforts to assess whether the information referred to in paragraph 1, points (a) to (e), is reliable and complete. For the purpose of this Regulation, traders shall be liable for the accuracy of the information provided.
As regards traders that are already using the services of providers of online_platforms allowing consumers to conclude distance_contracts with traders for the purposes referred to in paragraph 1 on 17 February 2024, the providers shall make best efforts to obtain the information listed from the traders concerned within 12 months. Where the traders concerned fail to provide the information within that period, the providers shall suspend the provision of their services to those traders until they have provided all information.
3. Where the provider of the online_platform allowing consumers to conclude distance_contracts with traders obtains sufficient indications or has reason to believe that any item of information referred to in paragraph 1 obtained from the trader concerned is inaccurate, incomplete or not up-to-date, that provider shall request that the trader remedy that situation without delay or within the period set by Union and national law.
Where the trader fails to correct or complete that information, the provider of the online_platform allowing consumers to conclude distance_contracts with traders shall swiftly suspend the provision of its service to that trader in relation to the offering of products or services to consumers located in the Union until the request has been fully complied with.
4. Without prejudice to Article 4 of Regulation (EU) 2019/1150, if a provider of an online_platform allowing consumers to conclude distance_contracts with traders refuses to allow a trader to use its service pursuant to paragraph 1, or suspends the provision of its service pursuant to paragraph 3 of this Article, the trader concerned shall have the right to lodge a complaint as provided for in Articles 20 and 21 of this Regulation.
5. Providers of online_platforms allowing consumers to conclude distance_contracts with traders shall store the information obtained pursuant to paragraphs 1 and 2 in a secure manner for a period of six months after the end of the contractual relationship with the trader concerned. They shall subsequently delete the information.
6. Without prejudice to paragraph 2 of this Article, the provider of the online_platform allowing consumers to conclude distance_contracts with traders shall only disclose the information to third parties where so required in accordance with the applicable law, including the orders referred to in Article 10 and any orders issued by Member States’ competent authorities or the Commission for the performance of their tasks under this Regulation.
7. The provider of the online_platform allowing consumers to conclude distance_contracts with traders shall make the information referred to in paragraph 1, points (a), (d) and (e) available on its online_platform to the recipients of the service in a clear, easily accessible and comprehensible manner. That information shall be available at least on the online_platform’s online_interface where the information on the product or service is presented.
Article 32
Right to information
1. Where a provider of an online_platform allowing consumers to conclude distance_contracts with traders becomes aware, irrespective of the means used, that an illegal product or service has been offered by a trader to consumers located in the Union through its services, that provider shall inform, insofar as it has their contact details, consumers who purchased the illegal product or service through its services of the following:
| (a) | the fact that the product or service is illegal; |
| (b) | the identity of the trader; and |
| (c) | any relevant means of redress. |
The obligation laid down in the first subparagraph shall be limited to purchases of illegal products or services made within the six months preceding the moment that the provider became aware of the illegality.
2. Where, in the situation referred to in paragraph 1, the provider of the online_platform allowing consumers to conclude distance_contracts with traders does not have the contact details of all consumers concerned, that provider shall make publicly available and easily accessible on its online_interface the information concerning the illegal product or service, the identity of the trader and any relevant means of redress.
SECTION 5
Additional obligations for providers of very large online_platforms and of very large online_search_engines to manage systemic risks
Article 34
Risk assessment
1. Providers of very large online_platforms and of very large online_search_engines shall diligently identify, analyse and assess any systemic risks in the Union stemming from the design or functioning of their service and its related systems, including algorithmic systems, or from the use made of their services.
They shall carry out the risk assessments by the date of application referred to in Article 33(6), second subparagraph, and at least once every year thereafter, and in any event prior to deploying functionalities that are likely to have a critical impact on the risks identified pursuant to this Article. This risk assessment shall be specific to their services and proportionate to the systemic risks, taking into consideration their severity and probability, and shall include the following systemic risks:
| (a) | the dissemination of illegal_content through their services; |
| (b) | any actual or foreseeable negative effects for the exercise of fundamental rights, in particular the fundamental rights to human dignity enshrined in Article 1 of the Charter, to respect for private and family life enshrined in Article 7 of the Charter, to the protection of personal data enshrined in Article 8 of the Charter, to freedom of expression and information, including the freedom and pluralism of the media, enshrined in Article 11 of the Charter, to non-discrimination enshrined in Article 21 of the Charter, to respect for the rights of the child enshrined in Article 24 of the Charter and to a high-level of consumer protection enshrined in Article 38 of the Charter; |
| (c) | any actual or foreseeable negative effects on civic discourse and electoral processes, and public security; |
| (d) | any actual or foreseeable negative effects in relation to gender-based violence, the protection of public health and minors and serious negative consequences to the person’s physical and mental well-being. |
2. When conducting risk assessments, providers of very large online_platforms and of very large online_search_engines shall take into account, in particular, whether and how the following factors influence any of the systemic risks referred to in paragraph 1:
| (a) | the design of their recommender_systems and any other relevant algorithmic system; |
| (b) | their content_moderation systems; |
| (c) | the applicable terms_and_conditions and their enforcement; |
| (d) | systems for selecting and presenting advertisements; |
| (e) | data related practices of the provider. |
The assessments shall also analyse whether and how the risks pursuant to paragraph 1 are influenced by intentional manipulation of their service, including by inauthentic use or automated exploitation of the service, as well as the amplification and potentially rapid and wide dissemination of illegal_content and of information that is incompatible with their terms_and_conditions.
The assessment shall take into account specific regional or linguistic aspects, including when specific to a Member State.
3. Providers of very large online_platforms and of very large online_search_engines shall preserve the supporting documents of the risk assessments for at least three years after the performance of risk assessments, and shall, upon request, communicate them to the Commission and to the Digital_Services_Coordinator_of_establishment.
Article 40
Data access and scrutiny
1. Providers of very large online_platforms or of very large online_search_engines shall provide the Digital_Services_Coordinator_of_establishment or the Commission, at their reasoned request and within a reasonable period specified in that request, access to data that are necessary to monitor and assess compliance with this Regulation.
2. Digital Services Coordinators and the Commission shall use the data accessed pursuant to paragraph 1 only for the purpose of monitoring and assessing compliance with this Regulation and shall take due account of the rights and interests of the providers of very large online_platforms or of very large online_search_engines and the recipients of the service concerned, including the protection of personal data, the protection of confidential information, in particular trade secrets, and maintaining the security of their service.
3. For the purposes of paragraph 1, providers of very large online_platforms or of very large online_search_engines shall, at the request of either the Digital Service Coordinator of establishment or of the Commission, explain the design, the logic, the functioning and the testing of their algorithmic systems, including their recommender_systems.
4. Upon a reasoned request from the Digital_Services_Coordinator_of_establishment, providers of very large online_platforms or of very large online_search_engines shall, within a reasonable period, as specified in the request, provide access to data to vetted researchers who meet the requirements in paragraph 8 of this Article, for the sole purpose of conducting research that contributes to the detection, identification and understanding of systemic risks in the Union, as set out pursuant to Article 34(1), and to the assessment of the adequacy, efficiency and impacts of the risk mitigation measures pursuant to Article 35.
5. Within 15 days following receipt of a request as referred to in paragraph 4, providers of very large online_platforms or of very large online_search_engines may request the Digital_Services_Coordinator_of_establishment, to amend the request, where they consider that they are unable to give access to the data requested because one of following two reasons:
| (a) | they do not have access to the data; |
| (b) | giving access to the data will lead to significant vulnerabilities in the security of their service or the protection of confidential information, in particular trade secrets. |
6. Requests for amendment pursuant to paragraph 5 shall contain proposals for one or more alternative means through which access may be provided to the requested data or other data which are appropriate and sufficient for the purpose of the request.
The Digital_Services_Coordinator_of_establishment shall decide on the request for amendment within 15 days and communicate to the provider of the very large online_platform or of the very large online_search_engine its decision and, where relevant, the amended request and the new period to comply with the request.
7. Providers of very large online_platforms or of very large online_search_engines shall facilitate and provide access to data pursuant to paragraphs 1 and 4 through appropriate interfaces specified in the request, including online databases or application programming interfaces.
8. Upon a duly substantiated application from researchers, the Digital_Services_Coordinator_of_establishment shall grant such researchers the status of ‘vetted researchers’ for the specific research referred to in the application and issue a reasoned request for data access to a provider of very large online_platform or of very large online_search_engine a pursuant to paragraph 4, where the researchers demonstrate that they meet all of the following conditions:
| (a) | they are affiliated to a research organisation as defined in Article 2, point (1), of Directive (EU) 2019/790; |
| (b) | they are independent from commercial interests; |
| (c) | their application discloses the funding of the research; |
| (d) | they are capable of fulfilling the specific data security and confidentiality requirements corresponding to each request and to protect personal data, and they describe in their request the appropriate technical and organisational measures that they have put in place to this end; |
| (e) | their application demonstrates that their access to the data and the time frames requested are necessary for, and proportionate to, the purposes of their research, and that the expected results of that research will contribute to the purposes laid down in paragraph 4; |
| (f) | the planned research activities will be carried out for the purposes laid down in paragraph 4; |
| (g) | they have committed themselves to making their research results publicly available free of charge, within a reasonable period after the completion of the research, subject to the rights and interests of the recipients of the service concerned, in accordance with Regulation (EU) 2016/679. |
Upon receipt of the application pursuant to this paragraph, the Digital_Services_Coordinator_of_establishment shall inform the Commission and the Board.
9. Researchers may also submit their application to the Digital Services Coordinator of the Member State of the research organisation to which they are affiliated. Upon receipt of the application pursuant to this paragraph the Digital Services Coordinator shall conduct an initial assessment as to whether the respective researchers meet all of the conditions set out in paragraph 8. The respective Digital Services Coordinator shall subsequently send the application, together with the supporting documents submitted by the respective researchers and the initial assessment, to the Digital_Services_Coordinator_of_establishment. The Digital_Services_Coordinator_of_establishment shall take a decision whether to award a researcher the status of ‘vetted researcher’ without undue delay.
While taking due account of the initial assessment provided, the final decision to award a researcher the status of ‘vetted researcher’ lies within the competence of Digital_Services_Coordinator_of_establishment, pursuant to paragraph 8.
10. The Digital Services Coordinator that awarded the status of vetted researcher and issued the reasoned request for data access to the providers of very large online_platforms or of very large online_search_engines in favour of a vetted researcher shall issue a decision terminating the access if it determines, following an investigation either on its own initiative or on the basis of information received from third parties, that the vetted researcher no longer meets the conditions set out in paragraph 8, and shall inform the provider of the very large online_platform or of the very large online_search_engine concerned of the decision. Before terminating the access, the Digital Services Coordinator shall allow the vetted researcher to react to the findings of its investigation and to its intention to terminate the access.
11. Digital Services Coordinators of establishment shall communicate to the Board the names and contact information of the natural persons or entities to which they have awarded the status of ‘vetted researcher’ in accordance with paragraph 8, as well as the purpose of the research in respect of which the application was made or, where they have terminated the access to the data in accordance with paragraph 10, communicate that information to the Board.
12. Providers of very large online_platforms or of very large online_search_engines shall give access without undue delay to data, including, where technically possible, to real-time data, provided that the data is publicly accessible in their online_interface by researchers, including those affiliated to not for profit bodies, organisations and associations, who comply with the conditions set out in paragraph 8, points (b), (c), (d) and (e), and who use the data solely for performing research that contributes to the detection, identification and understanding of systemic risks in the Union pursuant to Article 34(1).
13. The Commission shall, after consulting the Board, adopt delegated acts supplementing this Regulation by laying down the technical conditions under which providers of very large online_platforms or of very large online_search_engines are to share data pursuant to paragraphs 1 and 4 and the purposes for which the data may be used. Those delegated acts shall lay down the specific conditions under which such sharing of data with researchers can take place in compliance with Regulation (EU) 2016/679, as well as relevant objective indicators, procedures and, where necessary, independent advisory mechanisms in support of sharing of data, taking into account the rights and interests of the providers of very large online_platforms or of very large online_search_engines and the recipients of the service concerned, including the protection of confidential information, in particular trade secrets, and maintaining the security of their service.
Article 41
Compliance function
1. Providers of very large online_platforms or of very large online_search_engines shall establish a compliance function, which is independent from their operational functions and composed of one or more compliance officers, including the head of the compliance function. That compliance function shall have sufficient authority, stature and resources, as well as access to the management body of the provider of the very large online_platform or of the very large online_search_engine to monitor the compliance of that provider with this Regulation.
2. The management body of the provider of the very large online_platform or of the very large online_search_engine shall ensure that compliance officers have the professional qualifications, knowledge, experience and ability necessary to fulfil the tasks referred to in paragraph 3.
The management body of the provider of the very large online_platform or of the very large online_search_engine shall ensure that the head of the compliance function is an independent senior manager with distinct responsibility for the compliance function.
The head of the compliance function shall report directly to the management body of the provider of the very large online_platform or of the very large online_search_engine, and may raise concerns and warn that body where risks referred to in Article 34 or non-compliance with this Regulation affect or may affect the provider of the very large online_platform or of the very large online_search_engine concerned, without prejudice to the responsibilities of the management body in its supervisory and managerial functions.
The head of the compliance function shall not be removed without prior approval of the management body of the provider of the very large online_platform or of the very large online_search_engine.
3. Compliance officers shall have the following tasks:
| (a) | cooperating with the Digital_Services_Coordinator_of_establishment and the Commission for the purpose of this Regulation; |
| (b) | ensuring that all risks referred to in Article 34 are identified and properly reported on and that reasonable, proportionate and effective risk-mitigation measures are taken pursuant to Article 35; |
| (c) | organising and supervising the activities of the provider of the very large online_platform or of the very large online_search_engine relating to the independent audit pursuant to Article 37; |
| (d) | informing and advising the management and employees of the provider of the very large online_platform or of the very large online_search_engine about relevant obligations under this Regulation; |
| (e) | monitoring the compliance of the provider of the very large online_platform or of the very large online_search_engine with its obligations under this Regulation; |
| (f) | where applicable, monitoring the compliance of the provider of the very large online_platform or of the very large online_search_engine with commitments made under the codes of conduct pursuant to Articles 45 and 46 or the crisis protocols pursuant to Article 48. |
4. Providers of very large online_platforms or of very large online_search_engines shall communicate the name and contact details of the head of the compliance function to the Digital_Services_Coordinator_of_establishment and to the Commission.
5. The management body of the provider of the very large online_platform or of the very large online_search_engine shall define, oversee and be accountable for the implementation of the provider's governance arrangements that ensure the independence of the compliance function, including the division of responsibilities within the organisation of the provider of very large online_platform or of very large online_search_engine, the prevention of conflicts of interest, and sound management of systemic risks identified pursuant to Article 34.
6. The management body shall approve and review periodically, at least once a year, the strategies and policies for taking up, managing, monitoring and mitigating the risks identified pursuant to Article 34 to which the very large online_platform or the very large online_search_engine is or might be exposed to.
7. The management body shall devote sufficient time to the consideration of the measures related to risk management. It shall be actively involved in the decisions related to risk management, and shall ensure that adequate resources are allocated to the management of the risks identified in accordance with Article 34.
Article 73
Non-compliance
1. The Commission shall adopt a non-compliance decision where it finds that the provider of the very large online_platform or of the very large online_search_engine concerned does not comply with one or more of the following:
| (a) | the relevant provisions of this Regulation; |
| (b) | interim measures ordered pursuant to Article 70; |
| (c) | commitments made binding pursuant to Article 71. |
2. Before adopting the decision pursuant to paragraph 1, the Commission shall communicate its preliminary findings to the provider of the very large online_platform or of the very large online_search_engine concerned. In the preliminary findings, the Commission shall explain the measures that it considers taking, or that it considers that the provider of the very large online_platform or of the very large online_search_engine concerned should take, in order to effectively address the preliminary findings.
3. In the decision adopted pursuant to paragraph 1 the Commission shall order the provider of the very large online_platform or of the very large online_search_engine concerned to take the necessary measures to ensure compliance with the decision pursuant to paragraph 1 within a reasonable period specified therein and to provide information on the measures that that provider intends to take to comply with the decision.
4. The provider of the very large online_platform or of the very large online_search_engine concerned shall provide the Commission with a description of the measures it has taken to ensure compliance with the decision pursuant to paragraph 1 upon their implementation.
5. Where the Commission finds that the conditions of paragraph 1 are not met, it shall close the investigation by a decision. The decision shall apply with immediate effect.
Article 74
Fines
1. In the decision referred to in Article 73, the Commission may impose on the provider of the very large online_platform or of the very large online_search_engine concerned fines not exceeding 6 % of its total worldwide annual turnover in the preceding financial year where it finds that the provider, intentionally or negligently:
| (a) | infringes the relevant provisions of this Regulation; |
| (b) | fails to comply with a decision ordering interim measures under Article 70; or |
| (c) | fails to comply with a commitment made binding by a decision pursuant to Article 71. |
2. The Commission may adopt a decision imposing on the provider of the very large online_platform or of the very large online_search_engine concerned or on another natural or legal person referred to in Article 67(1) fines not exceeding 1 % of the total annual income or worldwide turnover in the preceding financial year, where they intentionally or negligently:
| (a) | supply incorrect, incomplete or misleading information in response to a simple request or request by a decision pursuant to Article 67; |
| (b) | fail to reply to the request for information by decision within the set period; |
| (c) | fail to rectify within the period set by the Commission, incorrect, incomplete or misleading information given by a member of staff, or fail or refuse to provide complete information; |
| (d) | refuse to submit to an inspection pursuant to Article 69; |
| (e) | fail to comply with the measures adopted by the Commission pursuant to Article 72; or |
| (f) | fail to comply with the conditions for access to the Commission’s file pursuant to Article 79(4). |
3. Before adopting the decision pursuant to paragraph 2 of this Article, the Commission shall communicate its preliminary findings to the provider of the very large online_platform or of the very large online_search_engine concerned or to another person referred to in Article 67(1).
4. In fixing the amount of the fine, the Commission shall have regard to the nature, gravity, duration and recurrence of the infringement and, for fines imposed pursuant to paragraph 2, the delay caused to the proceedings.
Article 76
Periodic penalty payments
1. The Commission may adopt a decision, imposing on the provider of the very large online_platform or of the very large online_search_engine concerned or other person referred to in Article 67(1), as applicable, periodic penalty payments not exceeding 5 % of the average daily income or worldwide annual turnover in the preceding financial year per day, calculated from the date appointed by the decision, in order to compel them to:
| (a) | supply correct and complete information in response to a decision requiring information pursuant to Article 67; |
| (b) | submit to an inspection which it has ordered by decision pursuant to Article 69; |
| (c) | comply with a decision ordering interim measures pursuant to Article 70(1); |
| (d) | comply with commitments made legally binding by a decision pursuant to Article 71(1); |
| (e) | comply with a decision pursuant to Article 73(1), including where applicable the requirements it contains relating to the action plan referred to in Article 75. |
2. Where the provider of the very large online_platform or of the very large online_search_engine concerned or other person referred to in Article 67(1) has satisfied the obligation which the periodic penalty payment was intended to enforce, the Commission may fix the definitive amount of the periodic penalty payment at a figure lower than that under the original decision.
Article 88
Committee procedure
1. The Commission shall be assisted by a committee (‘the Digital Services Committee’). That Committee shall be a Committee within the meaning of Regulation (EU) No 182/2011.
2. Where reference is made to this paragraph, Article 4 of Regulation (EU) No 182/2011 shall apply.
CHAPTER V
FINAL PROVISIONS
whereas