keyboard_tab Digital Service Act 2022/2065 EN

1.   Where an information_society_service is provided that consists of the storage of information provided by a recipient_of_the_service, the service provider shall not be liable for the information stored at the request of a recipient_of_the_service, on condition that the provider:

(a)	does not have actual knowledge of illegal activity or illegal_content and, as regards claims for damages, is not aware of facts or circumstances from which the illegal activity or illegal_content is apparent; or

(b)	upon obtaining such knowledge or awareness, acts expeditiously to remove or to disable access to the illegal_content.

2.   Paragraph 1 shall not apply where the recipient_of_the_service is acting under the authority or the control of the provider.

3.   Paragraph 1 shall not apply with respect to the liability under consumer protection law of online_platforms that allow consumers to conclude distance_contracts with traders, where such an online_platform presents the specific item of information or otherwise enables the specific transaction at issue in a way that would lead an average consumer to believe that the information, or the product or service that is the object of the transaction, is provided either by the online_platform itself or by a recipient_of_the_service who is acting under its authority or control.

4.   This Article shall not affect the possibility for a judicial or administrative authority, in accordance with a Member State's legal system, to require the service provider to terminate or prevent an infringement.

1.   Providers of online_platforms shall provide recipients of the service, including individuals or entities that have submitted a notice, for a period of at least six months following the decision referred to in this paragraph, with access to an effective internal complaint-handling system that enables them to lodge complaints, electronically and free of charge, against the decision taken by the provider of the online_platform upon the receipt of a notice or against the following decisions taken by the provider of the online_platform on the grounds that the information provided by the recipients constitutes illegal_content or is incompatible with its terms_and_conditions:

(a)	decisions whether or not to remove or disable access to or restrict visibility of the information;

(b)	decisions whether or not to suspend or terminate the provision of the service, in whole or in part, to the recipients;

(c)	decisions whether or not to suspend or terminate the recipients’ account;

(d)	decisions whether or not to suspend, terminate or otherwise restrict the ability to monetise information provided by the recipients.

2.   The period of at least six months referred to in paragraph 1 of this Article shall start on the day on which the recipient_of_the_service is informed about the decision in accordance with Article 16(5) or Article 17.

3.   Providers of online_platforms shall ensure that their internal complaint-handling systems are easy to access, user-friendly and enable and facilitate the submission of sufficiently precise and adequately substantiated complaints.

4.   Providers of online_platforms shall handle complaints submitted through their internal complaint-handling system in a timely, non-discriminatory, diligent and non-arbitrary manner. Where a complaint contains sufficient grounds for the provider of the online_platform to consider that its decision not to act upon the notice is unfounded or that the information to which the complaint relates is not illegal and is not incompatible with its terms_and_conditions, or contains information indicating that the complainant’s conduct does not warrant the measure taken, it shall reverse its decision referred to in paragraph 1 without undue delay.

5.   Providers of online_platforms shall inform complainants without undue delay of their reasoned decision in respect of the information to which the complaint relates and of the possibility of out-of-court dispute settlement provided for in Article 21 and other available possibilities for redress.

6.   Providers of online_platforms shall ensure that the decisions, referred to in paragraph 5, are taken under the supervision of appropriately qualified staff, and not solely on the basis of automated means.

1.   Providers of very large online_platforms or of very large online_search_engines that present advertisements on their online_interfaces shall compile and make publicly available in a specific section of their online_interface, through a searchable and reliable tool that allows multicriteria queries and through application programming interfaces, a repository containing the information referred to in paragraph 2, for the entire period during which they present an advertisement and until one year after the advertisement was presented for the last time on their online_interfaces. They shall ensure that the repository does not contain any personal data of the recipients of the service to whom the advertisement was or could have been presented, and shall make reasonable efforts to ensure that the information is accurate and complete.

2.   The repository shall include at least all of the following information:

(a)	the content of the advertisement, including the name of the product, service or brand and the subject matter of the advertisement;

(b)	the natural or legal person on whose behalf the advertisement is presented;

(c)	the natural or legal person who paid for the advertisement, if that person is different from the person referred to in point (b);

(d)	the period during which the advertisement was presented;

(e)	whether the advertisement was intended to be presented specifically to one or more particular groups of recipients of the service and if so, the main parameters used for that purpose including where applicable the main parameters used to exclude one or more of such particular groups;

(f)	the commercial_communications published on the very large online_platforms and identified pursuant to Article 26(2);

(g)	the total number of recipients of the service reached and, where applicable, aggregate numbers broken down by Member State for the group or groups of recipients that the advertisement specifically targeted.

3.   As regards paragraph 2, points (a), (b) and (c), where a provider of very large online_platform or of very large online_search_engine has removed or disabled access to a specific advertisement based on alleged illegality or incompatibility with its terms_and_conditions, the repository shall not include the information referred to in those points. In such case, the repository shall include, for the specific advertisement concerned, the information referred to in Article 17(3), points (a) to (e), or Article 9(2), point (a)(i), as applicable.

The Commission may, after consultation of the Board, the relevant vetted researchers referred to in Article 40 and the public, issue guidelines on the structure, organisation and functionalities of the repositories referred to in this Article.

1.   Providers of very large online_platforms or of very large online_search_engines shall establish a compliance function, which is independent from their operational functions and composed of one or more compliance officers, including the head of the compliance function. That compliance function shall have sufficient authority, stature and resources, as well as access to the management body of the provider of the very large online_platform or of the very large online_search_engine to monitor the compliance of that provider with this Regulation.

2.   The management body of the provider of the very large online_platform or of the very large online_search_engine shall ensure that compliance officers have the professional qualifications, knowledge, experience and ability necessary to fulfil the tasks referred to in paragraph 3.

The management body of the provider of the very large online_platform or of the very large online_search_engine shall ensure that the head of the compliance function is an independent senior manager with distinct responsibility for the compliance function.

The head of the compliance function shall report directly to the management body of the provider of the very large online_platform or of the very large online_search_engine, and may raise concerns and warn that body where risks referred to in Article 34 or non-compliance with this Regulation affect or may affect the provider of the very large online_platform or of the very large online_search_engine concerned, without prejudice to the responsibilities of the management body in its supervisory and managerial functions.

The head of the compliance function shall not be removed without prior approval of the management body of the provider of the very large online_platform or of the very large online_search_engine.

3.   Compliance officers shall have the following tasks:

(a)	cooperating with the Digital_Services_Coordinator_of_establishment and the Commission for the purpose of this Regulation;

(b)	ensuring that all risks referred to in Article 34 are identified and properly reported on and that reasonable, proportionate and effective risk-mitigation measures are taken pursuant to Article 35;

(c)	organising and supervising the activities of the provider of the very large online_platform or of the very large online_search_engine relating to the independent audit pursuant to Article 37;

(d)	informing and advising the management and employees of the provider of the very large online_platform or of the very large online_search_engine about relevant obligations under this Regulation;

(e)	monitoring the compliance of the provider of the very large online_platform or of the very large online_search_engine with its obligations under this Regulation;

(f)	where applicable, monitoring the compliance of the provider of the very large online_platform or of the very large online_search_engine with commitments made under the codes of conduct pursuant to Articles 45 and 46 or the crisis protocols pursuant to Article 48.

4.   Providers of very large online_platforms or of very large online_search_engines shall communicate the name and contact details of the head of the compliance function to the Digital_Services_Coordinator_of_establishment and to the Commission.

5.   The management body of the provider of the very large online_platform or of the very large online_search_engine shall define, oversee and be accountable for the implementation of the provider's governance arrangements that ensure the independence of the compliance function, including the division of responsibilities within the organisation of the provider of very large online_platform or of very large online_search_engine, the prevention of conflicts of interest, and sound management of systemic risks identified pursuant to Article 34.

6.   The management body shall approve and review periodically, at least once a year, the strategies and policies for taking up, managing, monitoring and mitigating the risks identified pursuant to Article 34 to which the very large online_platform or the very large online_search_engine is or might be exposed to.

7.   The management body shall devote sufficient time to the consideration of the measures related to risk management. It shall be actively involved in the decisions related to risk management, and shall ensure that adequate resources are allocated to the management of the risks identified in accordance with Article 34.

1.   Providers of very large online_platforms or of very large online_search_engines shall publish the reports referred to in Article 15 at the latest by two months from the date of application referred to in Article 33(6), second subparagraph, and thereafter at least every six months.

2.   The reports referred to in paragraph 1 of this Article published by providers of very large online_platforms shall, in addition to the information referred to in Article 15 and Article 24(1), specify:

(a)

the human resources that the provider of very large online_platforms dedicates to content_moderation in respect of the service offered in the Union, broken down by each applicable official language of the Member States, including for compliance with the obligations set out in Articles 16 and 22, as well as for compliance with the obligations set out in Article 20;

(b)	the qualifications and linguistic expertise of the persons carrying out the activities referred to in point (a), as well as the training and support given to such staff;

(c)	the indicators of accuracy and related information referred to in Article 15(1), point (e), broken down by each official language of the Member States.

The reports shall be published in at least one of the official languages of the Member States.

3.   In addition to the information referred to in Articles 24(2), the providers of very large online_platforms or of very large online_search_engines shall include in the reports referred to in paragraph 1 of this Article the information on the average monthly recipients of the service for each Member State.

4.   Providers of very large online_platforms or of very large online_search_engines shall transmit to the Digital_Services_Coordinator_of_establishment and the Commission, without undue delay upon completion, and make publicly available at the latest three months after the receipt of each audit report pursuant to Article 37(4):

(a)	a report setting out the results of the risk assessment pursuant to Article 34;

(b)	the specific mitigation measures put in place pursuant to Article 35(1);

(c)	the audit report provided for in Article 37(4);

(d)	the audit implementation report provided for in Article 37(6);

(e)	where applicable, information about the consultations conducted by the provider in support of the risk assessments and design of the risk mitigation measures.

5.   Where a provider of very large online_platform or of very large online_search_engine considers that the publication of information pursuant to paragraph 4 might result in the disclosure of confidential information of that provider or of the recipients of the service, cause significant vulnerabilities for the security of its service, undermine public security or harm recipients, the provider may remove such information from the publicly available reports. In that case, the provider shall transmit the complete reports to the Digital_Services_Coordinator_of_establishment and the Commission, accompanied by a statement of the reasons for removing the information from the publicly available reports.