keyboard_tab Digital Service Act 2022/2065 EN
BG CS DA DE EL EN ES ET FI FR GA HR HU IT LV LT MT NL PL PT RO SK SL SV print pdf
- 1 Art. 1 Subject matter
- 1 Art. 2 Scope
- 3 Art. 14 Terms and conditions
- 3 Art. 34 Risk assessment
- 3 Art. 35 Mitigation of risks
- 5 Art. 36 Crisis response mechanism
- 3 Art. 40 Data access and scrutiny
- 1 Art. 46 Codes of conduct for online advertising
- 2 Art. 48 Crisis protocols
- 3 Art. 51 Powers of Digital Services Coordinators
- 1 Art. 53 Right to lodge a complaint
- 1 Art. 62 Structure of the Board
- 1 Art. 79 Right to be heard and access to the file
- 1 Art. 80 Publication of decisions
- 1 Art. 86 Representation
CHAPTER I
GENERAL PROVISIONS
CHAPTER II
LIABILITY OF PROVIDERS OF INTERMEDIARY SERVICES
CHAPTER III
DUE DILIGENCE OBLIGATIONS FOR A TRANSPARENT AND SAFE ONLINE ENVIRONMENT
SECTION 1
Provisions applicable to all providers of intermediary services
SECTION 2
Additional provisions applicable to providers of hosting services, including online platforms
SECTION 3
Additional provisions applicable to providers of online platforms
SECTION 4
Additional provisions applicable to providers of online platforms allowing consumers to conclude distance contracts with traders
SECTION 5
Additional obligations for providers of very large online platforms and of very large online search engines to manage systemic risks
SECTION 6
Other provisions concerning due diligence obligations
CHAPTER IV
IMPLEMENTATION, COOPERATION, PENALTIES AND ENFORCEMENT
SECTION 1
Competent authorities and national Digital Services Coordinators
SECTION 2
Competences, coordinated investigation and consistency mechanisms
SECTION 3
European Board for Digital Services
SECTION 4
Supervision, investigation, enforcement and monitoring in respect of providers of very large online platforms and of very large online search engines
SECTION 5
Common provisions on enforcement
SECTION 6
Delegated and implementing acts
CHAPTER V
FINAL PROVISIONS
- information society service
- recipient of the service
- consumer
- to offer services in the Union
- substantial connection to the Union
- trader
- intermediary service
- mere conduit
- caching
- hosting
- illegal content
- online platform
- online search engine
- dissemination to the public
- distance contract
- online interface
- Digital Services Coordinator of establishment
- Digital Services Coordinator of destination
- active recipient of an online platform
- active recipient of an online search engine
- advertisement
- recommender system
- content moderation
- terms and conditions
- persons with disabilities
- commercial communication
- turnover
- Mere conduit
- Caching
- shall 121
- large 58
- very 57
- council 47
- measures 47
- commission 47
- information 42
- paragraph 41
- regulation 41
- european 41
- services 41
- pursuant 39
- parliament 38
- referred 37
- data 37
- oj l 36
- providers 36
- request 34
- rights 34
- the 33
- service 33
- including 31
- decision 31
- digital 28
- crisis 27
- access 26
- particular 26
- specific 26
- board 25
- have 25
- online_platforms 25
- provider 24
- online_search_engines 23
- intermediary_services 23
- union 23
- article 22
- which 22
- protection 21
- they 21
- in article 21
- application 20
- directive 19
- //ec 19
- recipients 19
- infringement 19
- directive 18
- such 18
- following 18
- period 16
- concerned 16
Article 1
Subject matter
1. The aim of this Regulation is to contribute to the proper functioning of the internal market for intermediary_services by setting out harmonised rules for a safe, predictable and trusted online environment that facilitates innovation and in which fundamental rights enshrined in the Charter, including the principle of consumer protection, are effectively protected.
2. This Regulation lays down harmonised rules on the provision of intermediary_services in the internal market. In particular, it establishes:
| (a) | a framework for the conditional exemption from liability of providers of intermediary_services; |
| (b) | rules on specific due diligence obligations tailored to certain specific categories of providers of intermediary_services; |
| (c) | rules on the implementation and enforcement of this Regulation, including as regards the cooperation of and coordination between the competent authorities. |
Article 2
Scope
1. This Regulation shall apply to intermediary_services offered to recipients of the service that have their place of establishment or are located in the Union, irrespective of where the providers of those intermediary_services have their place of establishment.
2. This Regulation shall not apply to any service that is not an intermediary_service or to any requirements imposed in respect of such a service, irrespective of whether the service is provided through the use of an intermediary_service.
3. This Regulation shall not affect the application of Directive 2000/31/EC.
4. This Regulation is without prejudice to the rules laid down by other Union legal acts regulating other aspects of the provision of intermediary_services in the internal market or specifying and complementing this Regulation, in particular, the following:
| (a) | Directive 2010/13/EU; |
| (b) | Union law on copyright and related rights; |
| (c) | Regulation (EU) 2021/784; |
| (d) | Regulation (EU) 2019/1148; |
| (e) | Regulation (EU) 2019/1150; |
| (f) | Union law on consumer protection and product safety, including Regulations (EU) 2017/2394 and (EU) 2019/1020 and Directives 2001/95/EC and 2013/11/EU; |
| (g) | Union law on the protection of personal data, in particular Regulation (EU) 2016/679 and Directive 2002/58/EC; |
| (h) | Union law in the field of judicial cooperation in civil matters, in particular Regulation (EU) No 1215/2012 or any Union legal act laying down the rules on law applicable to contractual and non-contractual obligations; |
| (i) | Union law in the field of judicial cooperation in criminal matters, in particular a Regulation on European Production and Preservation Orders for electronic evidence in criminal matters; |
| (j) | a Directive laying down harmonised rules on the appointment of legal representatives for the purpose of gathering evidence in criminal proceedings. |
Article 14
Terms and conditions
1. Providers of intermediary_services shall include information on any restrictions that they impose in relation to the use of their service in respect of information provided by the recipients of the service, in their terms_and_conditions. That information shall include information on any policies, procedures, measures and tools used for the purpose of content_moderation, including algorithmic decision-making and human review, as well as the rules of procedure of their internal complaint handling system. It shall be set out in clear, plain, intelligible, user-friendly and unambiguous language, and shall be publicly available in an easily accessible and machine-readable format.
2. Providers of intermediary_services shall inform the recipients of the service of any significant change to the terms_and_conditions.
3. Where an intermediary_service is primarily directed at minors or is predominantly used by them, the provider of that intermediary_service shall explain the conditions for, and any restrictions on, the use of the service in a way that minors can understand.
4. Providers of intermediary_services shall act in a diligent, objective and proportionate manner in applying and enforcing the restrictions referred to in paragraph 1, with due regard to the rights and legitimate interests of all parties involved, including the fundamental rights of the recipients of the service, such as the freedom of expression, freedom and pluralism of the media, and other fundamental rights and freedoms as enshrined in the Charter.
5. Providers of very large online_platforms and of very large online_search_engines shall provide recipients of services with a concise, easily-accessible and machine-readable summary of the terms_and_conditions, including the available remedies and redress mechanisms, in clear and unambiguous language.
6. Very large online_platforms and very large online_search_engines within the meaning of Article 33 shall publish their terms_and_conditions in the official languages of all the Member States in which they offer their services.
Article 34
Risk assessment
1. Providers of very large online_platforms and of very large online_search_engines shall diligently identify, analyse and assess any systemic risks in the Union stemming from the design or functioning of their service and its related systems, including algorithmic systems, or from the use made of their services.
They shall carry out the risk assessments by the date of application referred to in Article 33(6), second subparagraph, and at least once every year thereafter, and in any event prior to deploying functionalities that are likely to have a critical impact on the risks identified pursuant to this Article. This risk assessment shall be specific to their services and proportionate to the systemic risks, taking into consideration their severity and probability, and shall include the following systemic risks:
| (a) | the dissemination of illegal_content through their services; |
| (b) | any actual or foreseeable negative effects for the exercise of fundamental rights, in particular the fundamental rights to human dignity enshrined in Article 1 of the Charter, to respect for private and family life enshrined in Article 7 of the Charter, to the protection of personal data enshrined in Article 8 of the Charter, to freedom of expression and information, including the freedom and pluralism of the media, enshrined in Article 11 of the Charter, to non-discrimination enshrined in Article 21 of the Charter, to respect for the rights of the child enshrined in Article 24 of the Charter and to a high-level of consumer protection enshrined in Article 38 of the Charter; |
| (c) | any actual or foreseeable negative effects on civic discourse and electoral processes, and public security; |
| (d) | any actual or foreseeable negative effects in relation to gender-based violence, the protection of public health and minors and serious negative consequences to the person’s physical and mental well-being. |
2. When conducting risk assessments, providers of very large online_platforms and of very large online_search_engines shall take into account, in particular, whether and how the following factors influence any of the systemic risks referred to in paragraph 1:
| (a) | the design of their recommender_systems and any other relevant algorithmic system; |
| (b) | their content_moderation systems; |
| (c) | the applicable terms_and_conditions and their enforcement; |
| (d) | systems for selecting and presenting advertisements; |
| (e) | data related practices of the provider. |
The assessments shall also analyse whether and how the risks pursuant to paragraph 1 are influenced by intentional manipulation of their service, including by inauthentic use or automated exploitation of the service, as well as the amplification and potentially rapid and wide dissemination of illegal_content and of information that is incompatible with their terms_and_conditions.
The assessment shall take into account specific regional or linguistic aspects, including when specific to a Member State.
3. Providers of very large online_platforms and of very large online_search_engines shall preserve the supporting documents of the risk assessments for at least three years after the performance of risk assessments, and shall, upon request, communicate them to the Commission and to the Digital_Services_Coordinator_of_establishment.
Article 35
Mitigation of risks
1. Providers of very large online_platforms and of very large online_search_engines shall put in place reasonable, proportionate and effective mitigation measures, tailored to the specific systemic risks identified pursuant to Article 34, with particular consideration to the impacts of such measures on fundamental rights. Such measures may include, where applicable:
| (a) | adapting the design, features or functioning of their services, including their online_interfaces; |
| (b) | adapting their terms_and_conditions and their enforcement; |
| (c) | adapting content_moderation processes, including the speed and quality of processing notices related to specific types of illegal_content and, where appropriate, the expeditious removal of, or the disabling of access to, the content notified, in particular in respect of illegal hate speech or cyber violence, as well as adapting any relevant decision-making processes and dedicated resources for content_moderation; |
| (d) | testing and adapting their algorithmic systems, including their recommender_systems; |
| (e) | adapting their advertising systems and adopting targeted measures aimed at limiting or adjusting the presentation of advertisements in association with the service they provide; |
| (f) | reinforcing the internal processes, resources, testing, documentation, or supervision of any of their activities in particular as regards detection of systemic risk; |
| (g) | initiating or adjusting cooperation with trusted flaggers in accordance with Article 22 and the implementation of the decisions of out-of-court dispute settlement bodies pursuant to Article 21; |
| (h) | initiating or adjusting cooperation with other providers of online_platforms or of online_search_engines through the codes of conduct and the crisis protocols referred to in Articles 45 and 48 respectively; |
| (i) | taking awareness-raising measures and adapting their online_interface in order to give recipients of the service more information; |
| (j) | taking targeted measures to protect the rights of the child, including age verification and parental control tools, tools aimed at helping minors signal abuse or obtain support, as appropriate; |
| (k) | ensuring that an item of information, whether it constitutes a generated or manipulated image, audio or video that appreciably resembles existing persons, objects, places or other entities or events and falsely appears to a person to be authentic or truthful is distinguishable through prominent markings when presented on their online_interfaces, and, in addition, providing an easy to use functionality which enables recipients of the service to indicate such information. |
2. The Board, in cooperation with the Commission, shall publish comprehensive reports, once a year. The reports shall include the following:
| (a) | identification and assessment of the most prominent and recurrent systemic risks reported by providers of very large online_platforms and of very large online_search_engines or identified through other information sources, in particular those provided in compliance with Articles 39, 40 and 42; |
| (b) | best practices for providers of very large online_platforms and of very large online_search_engines to mitigate the systemic risks identified. |
Those reports shall present systemic risks broken down by the Member States in which they occurred and in the Union as a whole, as applicable.
3. The Commission, in cooperation with the Digital Services Coordinators, may issue guidelines on the application of paragraph 1 in relation to specific risks, in particular to present best practices and recommend possible measures, having due regard to the possible consequences of the measures on fundamental rights enshrined in the Charter of all parties involved. When preparing those guidelines the Commission shall organise public consultations.
Article 36
Crisis response mechanism
1. Where a crisis occurs, the Commission, acting upon a recommendation of the Board may adopt a decision, requiring one or more providers of very large online_platforms or of very large online_search_engines to take one or more of the following actions:
| (a) | assess whether, and if so to what extent and how, the functioning and use of their services significantly contribute to a serious threat as referred to in paragraph 2, or are likely to do so; |
| (b) | identify and apply specific, effective and proportionate measures, such as any of those provided for in Article 35(1) or Article 48(2), to prevent, eliminate or limit any such contribution to the serious threat identified pursuant to point (a) of this paragraph; |
| (c) | report to the Commission by a certain date or at regular intervals specified in the decision, on the assessments referred to in point (a), on the precise content, implementation and qualitative and quantitative impact of the specific measures taken pursuant to point (b) and on any other issue related to those assessments or those measures, as specified in the decision. |
When identifying and applying measures pursuant to point (b) of this paragraph, the service provider or providers shall take due account of the gravity of the serious threat referred to in paragraph 2, of the urgency of the measures and of the actual or potential implications for the rights and legitimate interests of all parties concerned, including the possible failure of the measures to respect the fundamental rights enshrined in the Charter.
2. For the purpose of this Article, a crisis shall be deemed to have occurred where extraordinary circumstances lead to a serious threat to public security or public health in the Union or in significant parts of it.
3. When taking the decision referred to in paragraph 1, the Commission shall ensure that all of the following requirements are met:
| (a) | the actions required by the decision are strictly necessary, justified and proportionate, having regard in particular to the gravity of the serious threat referred to in paragraph 2, the urgency of the measures and the actual or potential implications for the rights and legitimate interests of all parties concerned, including the possible failure of the measures to respect the fundamental rights enshrined in the Charter; |
| (b) | the decision specifies a reasonable period within which specific measures referred to in paragraph 1, point (b), are to be taken, having regard, in particular, to the urgency of those measures and the time needed to prepare and implement them; |
| (c) | the actions required by the decision are limited to a period not exceeding three months. |
4. After adopting the decision referred to in paragraph 1, the Commission shall, without undue delay, take the following steps:
| (a) | notify the decision to the provider or providers to which the decision is addressed; |
| (b) | make the decision publicly available; and |
| (c) | inform the Board of the decision, invite it to submit its views thereon, and keep it informed of any subsequent developments relating to the decision. |
5. The choice of specific measures to be taken pursuant to paragraph 1, point (b), and to paragraph 7, second subparagraph, shall remain with the provider or providers addressed by the Commission’s decision.
6. The Commission may on its own initiative or at the request of the provider, engage in a dialogue with the provider to determine whether, in light of the provider’s specific circumstances, the intended or implemented measures referred to in paragraph 1, point (b), are effective and proportionate in achieving the objectives pursued. In particular, the Commission shall ensure that the measures taken by the service provider under paragraph 1, point (b), meet the requirements referred to in paragraph 3, points (a) and (c).
7. The Commission shall monitor the application of the specific measures taken pursuant to the decision referred to in paragraph 1 of this Article on the basis of the reports referred to in point (c) of that paragraph and any other relevant information, including information it may request pursuant to Article 40 or 67, taking into account the evolution of the crisis. The Commission shall report regularly to the Board on that monitoring, at least on a monthly basis.
Where the Commission considers that the intended or implemented specific measures pursuant to paragraph 1, point (b), are not effective or proportionate it may, after consulting the Board, adopt a decision requiring the provider to review the identification or application of those specific measures.
8. Where appropriate in view of the evolution of the crisis, the Commission, acting on the Board’s recommendation, may amend the decision referred to in paragraph 1 or in paragraph 7, second subparagraph, by:
| (a) | revoking the decision and, where appropriate, requiring the very large online_platform or very large online_search_engine to cease to apply the measures identified and implemented pursuant to paragraph 1, point (b), or paragraph 7, second subparagraph, in particular where the grounds for such measures do not exist anymore; |
| (b) | extending the period referred to paragraph 3, point (c), by a period of no more than three months; |
| (c) | taking account of experience gained in applying the measures, in particular the possible failure of the measures to respect the fundamental rights enshrined in the Charter. |
9. The requirements of paragraphs 1 to 6 shall apply to the decision and to the amendment thereof referred to in this Article.
10. The Commission shall take utmost account of the recommendation of the Board issued pursuant to this Article.
11. The Commission shall report to the European Parliament and to the Council on a yearly basis following the adoption of decisions in accordance with this Article, and, in any event, three months after the end of the crisis, on the application of the specific measures taken pursuant to those decisions.
Article 40
Data access and scrutiny
1. Providers of very large online_platforms or of very large online_search_engines shall provide the Digital_Services_Coordinator_of_establishment or the Commission, at their reasoned request and within a reasonable period specified in that request, access to data that are necessary to monitor and assess compliance with this Regulation.
2. Digital Services Coordinators and the Commission shall use the data accessed pursuant to paragraph 1 only for the purpose of monitoring and assessing compliance with this Regulation and shall take due account of the rights and interests of the providers of very large online_platforms or of very large online_search_engines and the recipients of the service concerned, including the protection of personal data, the protection of confidential information, in particular trade secrets, and maintaining the security of their service.
3. For the purposes of paragraph 1, providers of very large online_platforms or of very large online_search_engines shall, at the request of either the Digital Service Coordinator of establishment or of the Commission, explain the design, the logic, the functioning and the testing of their algorithmic systems, including their recommender_systems.
4. Upon a reasoned request from the Digital_Services_Coordinator_of_establishment, providers of very large online_platforms or of very large online_search_engines shall, within a reasonable period, as specified in the request, provide access to data to vetted researchers who meet the requirements in paragraph 8 of this Article, for the sole purpose of conducting research that contributes to the detection, identification and understanding of systemic risks in the Union, as set out pursuant to Article 34(1), and to the assessment of the adequacy, efficiency and impacts of the risk mitigation measures pursuant to Article 35.
5. Within 15 days following receipt of a request as referred to in paragraph 4, providers of very large online_platforms or of very large online_search_engines may request the Digital_Services_Coordinator_of_establishment, to amend the request, where they consider that they are unable to give access to the data requested because one of following two reasons:
| (a) | they do not have access to the data; |
| (b) | giving access to the data will lead to significant vulnerabilities in the security of their service or the protection of confidential information, in particular trade secrets. |
6. Requests for amendment pursuant to paragraph 5 shall contain proposals for one or more alternative means through which access may be provided to the requested data or other data which are appropriate and sufficient for the purpose of the request.
The Digital_Services_Coordinator_of_establishment shall decide on the request for amendment within 15 days and communicate to the provider of the very large online_platform or of the very large online_search_engine its decision and, where relevant, the amended request and the new period to comply with the request.
7. Providers of very large online_platforms or of very large online_search_engines shall facilitate and provide access to data pursuant to paragraphs 1 and 4 through appropriate interfaces specified in the request, including online databases or application programming interfaces.
8. Upon a duly substantiated application from researchers, the Digital_Services_Coordinator_of_establishment shall grant such researchers the status of ‘vetted researchers’ for the specific research referred to in the application and issue a reasoned request for data access to a provider of very large online_platform or of very large online_search_engine a pursuant to paragraph 4, where the researchers demonstrate that they meet all of the following conditions:
| (a) | they are affiliated to a research organisation as defined in Article 2, point (1), of Directive (EU) 2019/790; |
| (b) | they are independent from commercial interests; |
| (c) | their application discloses the funding of the research; |
| (d) | they are capable of fulfilling the specific data security and confidentiality requirements corresponding to each request and to protect personal data, and they describe in their request the appropriate technical and organisational measures that they have put in place to this end; |
| (e) | their application demonstrates that their access to the data and the time frames requested are necessary for, and proportionate to, the purposes of their research, and that the expected results of that research will contribute to the purposes laid down in paragraph 4; |
| (f) | the planned research activities will be carried out for the purposes laid down in paragraph 4; |
| (g) | they have committed themselves to making their research results publicly available free of charge, within a reasonable period after the completion of the research, subject to the rights and interests of the recipients of the service concerned, in accordance with Regulation (EU) 2016/679. |
Upon receipt of the application pursuant to this paragraph, the Digital_Services_Coordinator_of_establishment shall inform the Commission and the Board.
9. Researchers may also submit their application to the Digital Services Coordinator of the Member State of the research organisation to which they are affiliated. Upon receipt of the application pursuant to this paragraph the Digital Services Coordinator shall conduct an initial assessment as to whether the respective researchers meet all of the conditions set out in paragraph 8. The respective Digital Services Coordinator shall subsequently send the application, together with the supporting documents submitted by the respective researchers and the initial assessment, to the Digital_Services_Coordinator_of_establishment. The Digital_Services_Coordinator_of_establishment shall take a decision whether to award a researcher the status of ‘vetted researcher’ without undue delay.
While taking due account of the initial assessment provided, the final decision to award a researcher the status of ‘vetted researcher’ lies within the competence of Digital_Services_Coordinator_of_establishment, pursuant to paragraph 8.
10. The Digital Services Coordinator that awarded the status of vetted researcher and issued the reasoned request for data access to the providers of very large online_platforms or of very large online_search_engines in favour of a vetted researcher shall issue a decision terminating the access if it determines, following an investigation either on its own initiative or on the basis of information received from third parties, that the vetted researcher no longer meets the conditions set out in paragraph 8, and shall inform the provider of the very large online_platform or of the very large online_search_engine concerned of the decision. Before terminating the access, the Digital Services Coordinator shall allow the vetted researcher to react to the findings of its investigation and to its intention to terminate the access.
11. Digital Services Coordinators of establishment shall communicate to the Board the names and contact information of the natural persons or entities to which they have awarded the status of ‘vetted researcher’ in accordance with paragraph 8, as well as the purpose of the research in respect of which the application was made or, where they have terminated the access to the data in accordance with paragraph 10, communicate that information to the Board.
12. Providers of very large online_platforms or of very large online_search_engines shall give access without undue delay to data, including, where technically possible, to real-time data, provided that the data is publicly accessible in their online_interface by researchers, including those affiliated to not for profit bodies, organisations and associations, who comply with the conditions set out in paragraph 8, points (b), (c), (d) and (e), and who use the data solely for performing research that contributes to the detection, identification and understanding of systemic risks in the Union pursuant to Article 34(1).
13. The Commission shall, after consulting the Board, adopt delegated acts supplementing this Regulation by laying down the technical conditions under which providers of very large online_platforms or of very large online_search_engines are to share data pursuant to paragraphs 1 and 4 and the purposes for which the data may be used. Those delegated acts shall lay down the specific conditions under which such sharing of data with researchers can take place in compliance with Regulation (EU) 2016/679, as well as relevant objective indicators, procedures and, where necessary, independent advisory mechanisms in support of sharing of data, taking into account the rights and interests of the providers of very large online_platforms or of very large online_search_engines and the recipients of the service concerned, including the protection of confidential information, in particular trade secrets, and maintaining the security of their service.
Article 46
Codes of conduct for online advertising
1. The Commission shall encourage and facilitate the drawing up of voluntary codes of conduct at Union level by providers of online_platforms and other relevant service providers, such as providers of online advertising intermediary_services, other actors involved in the programmatic advertising value chain, or organisations representing recipients of the service and civil society organisations or relevant authorities to contribute to further transparency for actors in the online advertising value chain beyond the requirements of Articles 26 and 39.
2. The Commission shall aim to ensure that the codes of conduct pursue an effective transmission of information that fully respects the rights and interests of all parties involved, as well as a competitive, transparent and fair environment in online advertising, in accordance with Union and national law, in particular on competition and the protection of privacy and personal data. The Commission shall aim to ensure that the codes of conduct at least address the following:
| (a) | the transmission of information held by providers of online advertising intermediaries to recipients of the service concerning the requirements set in Article 26(1), points (b), (c) and (d); |
| (b) | the transmission of information held by providers of online advertising intermediaries to the repositories pursuant to Article 39; |
| (c) | meaningful information on data monetisation. |
3. The Commission shall encourage the development of the codes of conduct by 18 February 2025 and their application by 18 August 2025.
4. The Commission shall encourage all the actors in the online advertising value chain referred to in paragraph 1 to endorse the commitments stated in the codes of conduct, and to comply with them.
Article 48
Crisis protocols
1. The Board may recommend that the Commission initiate the drawing up, in accordance with paragraphs 2, 3 and 4, of voluntary crisis protocols for addressing crisis situations. Those situations shall be strictly limited to extraordinary circumstances affecting public security or public health.
2. The Commission shall encourage and facilitate the providers of very large online_platforms, of very large online_search_engines and, where appropriate, the providers of other online_platforms or of other online_search_engines, to participate in the drawing up, testing and application of those crisis protocols. The Commission shall aim to ensure that those crisis protocols include one or more of the following measures:
| (a) | prominently displaying information on the crisis situation provided by Member States’ authorities or at Union level, or, depending on the context of the crisis, by other relevant reliable bodies; |
| (b) | ensuring that the provider of intermediary_services designates a specific point of contact for crisis management; where relevant, this may be the electronic point of contact referred to in Article 11 or, in the case of providers of very large online_platforms or of very large online_search_engines, the compliance officer referred to in Article 41; |
| (c) | where applicable, adapt the resources dedicated to compliance with the obligations set out in Articles 16, 20, 22, 23 and 35 to the needs arising from the crisis situation. |
3. The Commission shall, as appropriate, involve Member States’ authorities, and may also involve Union bodies, offices and agencies in drawing up, testing and supervising the application of the crisis protocols. The Commission may, where necessary and appropriate, also involve civil society organisations or other relevant organisations in drawing up the crisis protocols.
4. The Commission shall aim to ensure that the crisis protocols set out clearly all of the following:
| (a) | the specific parameters to determine what constitutes the specific extraordinary circumstance the crisis protocol seeks to address and the objectives it pursues; |
| (b) | the role of each participant and the measures they are to put in place in preparation and once the crisis protocol has been activated; |
| (c) | a clear procedure for determining when the crisis protocol is to be activated; |
| (d) | a clear procedure for determining the period during which the measures to be taken once the crisis protocol has been activated are to be taken, which is strictly limited to what is necessary for addressing the specific extraordinary circumstances concerned; |
| (e) | safeguards to address any negative effects on the exercise of the fundamental rights enshrined in the Charter, in particular the freedom of expression and information and the right to non-discrimination; |
| (f) | a process to publicly report on any measures taken, their duration and their outcomes, upon the termination of the crisis situation. |
5. If the Commission considers that a crisis protocol fails to effectively address the crisis situation, or to safeguard the exercise of fundamental rights as referred to in paragraph 4, point (e), it shall request the participants to revise the crisis protocol, including by taking additional measures.
CHAPTER IV
IMPLEMENTATION, COOPERATION, PENALTIES AND ENFORCEMENT
SECTION 1
Competent authorities and national Digital Services Coordinators
Article 51
Powers of Digital Services Coordinators
1. Where needed in order to carry out their tasks under this Regulation, Digital Services Coordinators shall have the following powers of investigation, in respect of conduct by providers of intermediary_services falling within the competence of their Member State:
| (a) | the power to require those providers, as well as any other persons acting for purposes related to their trade, business, craft or profession that may reasonably be aware of information relating to a suspected infringement of this Regulation, including organisations performing the audits referred to in Article 37 and Article 75(2), to provide such information without undue delay; |
| (b) | the power to carry out, or to request a judicial authority in their Member State to order, inspections of any premises that those providers or those persons use for purposes related to their trade, business, craft or profession, or to request other public authorities to do so, in order to examine, seize, take or obtain copies of information relating to a suspected infringement in any form, irrespective of the storage medium; |
| (c) | the power to ask any member of staff or representative of those providers or those persons to give explanations in respect of any information relating to a suspected infringement and to record the answers with their consent by any technical means. |
2. Where needed for carrying out their tasks under this Regulation, Digital Services Coordinators shall have the following enforcement powers, in respect of providers of intermediary_services falling within the competence of their Member State:
| (a) | the power to accept the commitments offered by those providers in relation to their compliance with this Regulation and to make those commitments binding; |
| (b) | the power to order the cessation of infringements and, where appropriate, to impose remedies proportionate to the infringement and necessary to bring the infringement effectively to an end, or to request a judicial authority in their Member State to do so; |
| (c) | the power to impose fines, or to request a judicial authority in their Member State to do so, in accordance with Article 52 for failure to comply with this Regulation, including with any of the investigative orders issued pursuant to paragraph 1 of this Article; |
| (d) | the power to impose a periodic penalty payment, or to request a judicial authority in their Member State to do so, in accordance with Article 52 to ensure that an infringement is terminated in compliance with an order issued pursuant to point (b) of this subparagraph or for failure to comply with any of the investigative orders issued pursuant to paragraph 1 of this Article; |
| (e) | the power to adopt interim measures or to request the competent national judicial authority in their Member State to do so, to avoid the risk of serious harm. |
As regards the first subparagraph, points (c) and (d), Digital Services Coordinators shall also have the enforcement powers set out in those points in respect of the other persons referred to in paragraph 1 for failure to comply with any of the orders issued to them pursuant to that paragraph. They shall only exercise those enforcement powers after providing those other persons in good time with all relevant information relating to such orders, including the applicable period, the fines or periodic payments that may be imposed for failure to comply and the possibilities for redress.
3. Where needed for carrying out their tasks under this Regulation, Digital Services Coordinators shall, in respect of providers of intermediary_services falling within the competence of their Member State, where all other powers pursuant to this Article to bring about the cessation of an infringement have been exhausted and the infringement has not been remedied or is continuing and is causing serious harm which cannot be avoided through the exercise of other powers available under Union or national law, also have the power to take the following measures:
| (a) | to require the management body of those providers, without undue delay, to examine the situation, adopt and submit an action plan setting out the necessary measures to terminate the infringement, ensure that the provider takes those measures, and report on the measures taken; |
| (b) | where the Digital Services Coordinator considers that a provider of intermediary_services has not sufficiently complied with the requirements referred to in point (a), that the infringement has not been remedied or is continuing and is causing serious harm, and that that infringement entails a criminal offence involving a threat to the life or safety of persons, to request that the competent judicial authority of its Member State order the temporary restriction of access of recipients to the service concerned by the infringement or, only where that is not technically feasible, to the online_interface of the provider of intermediary_services on which the infringement takes place. |
The Digital Services Coordinator shall, except where it acts upon the Commission’s request referred to in Article 82, prior to submitting the request referred to in the first subparagraph, point (b), of this paragraph invite interested parties to submit written observations within a period that shall not be less than two weeks, describing the measures that it intends to request and identifying the intended addressee or addressees thereof. The provider of intermediary_services, the intended addressee or addressees and any other third party demonstrating a legitimate interest shall be entitled to participate in the proceedings before the competent judicial authority. Any measure ordered shall be proportionate to the nature, gravity, recurrence and duration of the infringement, without unduly restricting access to lawful information by recipients of the service concerned.
The restriction of access shall be for a period of four weeks, subject to the possibility for the competent judicial authority, in its order, to allow the Digital Services Coordinator to extend that period for further periods of the same lengths, subject to a maximum number of extensions set by that judicial authority. The Digital Services Coordinator shall only extend the period where, having regard to the rights and interests of all parties affected by that restriction and all relevant circumstances, including any information that the provider of intermediary_services, the addressee or addressees and any other third party that demonstrated a legitimate interest may provide to it, it considers that both of the following conditions have been met:
| (a) | the provider of intermediary_services has failed to take the necessary measures to terminate the infringement; |
| (b) | the temporary restriction does not unduly restrict access to lawful information by recipients of the service, having regard to the number of recipients affected and whether any adequate and readily accessible alternatives exist. |
Where the Digital Services Coordinator considers that the conditions set out in the third subparagraph, points (a) and (b), have been met but it cannot further extend the period pursuant to the third subparagraph, it shall submit a new request to the competent judicial authority, as referred to in the first subparagraph, point (b).
4. The powers listed in paragraphs 1, 2 and 3 shall be without prejudice to Section 3.
5. The measures taken by the Digital Services Coordinators in the exercise of their powers listed in paragraphs 1, 2 and 3 shall be effective, dissuasive and proportionate, having regard, in particular, to the nature, gravity, recurrence and duration of the infringement or suspected infringement to which those measures relate, as well as the economic, technical and operational capacity of the provider of the intermediary_services concerned where relevant.
6. Member States shall lay down specific rules and procedures for the exercise of the powers pursuant to paragraphs 1, 2 and 3 and shall ensure that any exercise of those powers is subject to adequate safeguards laid down in the applicable national law in compliance with the Charter and with the general principles of Union law. In particular, those measures shall only be taken in accordance with the right to respect for private life and the rights of defence, including the rights to be heard and of access to the file, and subject to the right to an effective judicial remedy of all affected parties.
Article 53
Right to lodge a complaint
Recipients of the service and any body, organisation or association mandated to exercise the rights conferred by this Regulation on their behalf shall have the right to lodge a complaint against providers of intermediary_services alleging an infringement of this Regulation with the Digital Services Coordinator of the Member State where the recipient_of_the_service is located or established. The Digital Services Coordinator shall assess the complaint and, where appropriate, transmit it to the Digital_Services_Coordinator_of_establishment, accompanied, where considered appropriate, by an opinion. Where the complaint falls under the responsibility of another competent authority in its Member State, the Digital Services Coordinator receiving the complaint shall transmit it to that authority. During these proceedings, both parties shall have the right to be heard and receive appropriate information about the status of the complaint, in accordance with national law.
Article 62
Structure of the Board
1. The Board shall be composed of Digital Services Coordinators who shall be represented by high-level officials. The failure by one or more Member States to designate a Digital Services Coordinator shall not prevent the Board from performing its tasks under this Regulation. Where provided for by national law, other competent authorities entrusted with specific operational responsibilities for the application and enforcement of this Regulation alongside the Digital Services Coordinator may participate in the Board. Other national authorities may be invited to the meetings, where the issues discussed are of relevance for them.
2. The Board shall be chaired by the Commission. The Commission shall convene the meetings and prepare the agenda in accordance with the tasks of the Board pursuant to this Regulation and in line with its rules of procedure. When the Board is requested to adopt a recommendation pursuant to this Regulation, it shall immediately make the request available to other Digital Services Coordinators through the information sharing system set out in Article 85.
3. Each Member State shall have one vote. The Commission shall not have voting rights.
The Board shall adopt its acts by simple majority. When adopting a recommendation to the Commission referred to in Article 36(1), first subparagraph, the Board shall vote within 48 hours after the request of the Chair of the Board.
4. The Commission shall provide administrative and analytical support for the activities of the Board pursuant to this Regulation.
5. The Board may invite experts and observers to attend its meetings, and may cooperate with other Union bodies, offices, agencies and advisory groups, as well as external experts as appropriate. The Board shall make the results of this cooperation publicly available.
6. The Board may consult interested parties, and shall make the results of such consultation publicly available.
7. The Board shall adopt its rules of procedure, following the consent of the Commission.
Article 79
Right to be heard and access to the file
1. Before adopting a decision pursuant to Article 73(1), Article 74 or 76, the Commission shall give the provider of the very large online_platform or of the very large online_search_engine concerned or other person referred to in Article 67(1) the opportunity of being heard on:
| (a) | preliminary findings of the Commission, including any matter to which the Commission has taken objections; and |
| (b) | measures that the Commission may intend to take in view of the preliminary findings referred to point (a). |
2. The provider of the very large online_platform or of the very large online_search_engine concerned or other person referred to in Article 67(1) may submit its observations on the Commission’s preliminary findings within a reasonable period set by the Commission in its preliminary findings, which may not be less than 14 days.
3. The Commission shall base its decisions only on objections on which the parties concerned have been able to comment.
4. The rights of defence of the parties concerned shall be fully respected in the proceedings. They shall be entitled to have access to the Commission's file under the terms of a negotiated disclosure, subject to the legitimate interest of the provider of the very large online_platform or of the very large online_search_engine or other person concerned in the protection of their business secrets. The Commission shall have the power to adopt decisions setting out such terms of disclosure in case of disagreement between the parties. The right of access to the file of the Commission shall not extend to confidential information and internal documents of the Commission, the Board, Digital Service Coordinators, other competent authorities or other public authorities of the Member States. In particular, the right of access shall not extend to correspondence between the Commission and those authorities. Nothing in this paragraph shall prevent the Commission from disclosing and using information necessary to prove an infringement.
5. The information collected pursuant to Articles 67, 68 and 69 shall be used only for the purpose of this Regulation.
Article 80
Publication of decisions
1. The Commission shall publish the decisions it adopts pursuant to Article 70(1), Article 71(1) and Articles 73 to 76. Such publication shall state the names of the parties and the main content of the decision, including any penalties imposed.
2. The publication shall have regard to the rights and legitimate interests of the provider of the very large online_platform or of the very large online_search_engine concerned, any other person referred to in Article 67(1) and any third parties in the protection of their confidential information.
Article 86
Representation
1. Without prejudice to Directive (EU) 2020/1828 or to any other type of representation under national law, recipients of intermediary_services shall at least have the right to mandate a body, organisation or association to exercise the rights conferred by this Regulation on their behalf, provided the body, organisation or association meets all of the following conditions:
| (a) | it operates on a not-for-profit basis; |
| (b) | it has been properly constituted in accordance with the law of a Member State; |
| (c) | its statutory objectives include a legitimate interest in ensuring that this Regulation is complied with. |
2. Providers of online_platforms shall take the necessary technical and organisational measures to ensure that complaints submitted by bodies, organisations or associations referred to in paragraph 1 of this Article on behalf of recipients of the service through the mechanisms referred to in Article 20(1) are processed and decided upon with priority and without undue delay.
SECTION 6
Delegated and implementing acts
Article 93
Entry into force and application
1. This Regulation shall enter into force on the twentieth day following that of its publication in the Official Journal of the European Union.
2. This Regulation shall apply from 17 February 2024.
However, Article 24(2), (3) and (6), Article 33(3) to (6), Article 37(7), Article 40(13), Article 43 and Sections 4, 5 and 6 of Chapter IV shall apply from 16 November 2022.
This Regulation shall be binding in its entirety and directly applicable in all Member States.
Done at Strasbourg, 19 October 2022.
For the European Parliament
The President
R. METSOLA
For the Council
The President
M. BEK
(1) OJ C 286, 16.7.2021, p. 70.
(2) OJ C 440, 29.10.2021, p. 67.
(3) Position of the European Parliament of 5 July 2022 (not yet published in the Official Journal) and decision of the Council of 4 October 2022.
(4) Directive 2000/31/EC of the European Parliament and of the Council of 8 June 2000 on certain legal aspects of information_society_services, in particular electronic commerce, in the Internal Market ('Directive on electronic commerce') (OJ L 178, 17.7.2000, p. 1).
(5) Directive (EU) 2015/1535 of the European Parliament and of the Council of 9 September 2015 laying down a procedure for the provision of information in the field of technical regulations and of rules on Information Society services (OJ L 241, 17.9.2015, p. 1).
(6) Regulation (EU) No 1215/2012 of the European Parliament and of the Council of 12 December 2012 on jurisdiction and the recognition and enforcement of judgments in civil and commercial matters (OJ L 351, 20.12.2012, p. 1).
(7) Directive 2010/13/EU of the European Parliament and of the Council of 10 March 2010 on the coordination of certain provisions laid down by law, regulation or administrative action in Member States concerning the provision of audiovisual media services (Audiovisual Media Services Directive) (OJ L 95, 15.4.2010, p. 1).
(8) Regulation (EU) 2019/1148 of the European Parliament and of the Council of 20 June 2019 on the marketing and use of explosives precursors, amending Regulation (EC) No 1907/2006 and repealing Regulation (EU) No 98/2013 (OJ L 186, 11.7.2019, p. 1).
(9) Regulation (EU) 2019/1150 of the European Parliament and of the Council of 20 June 2019 on promoting fairness and transparency for business users of online intermediation services (OJ L 186, 11.7.2019, p. 57).
(10) Regulation (EU) 2021/784 of the European Parliament and of the Council of 29 April 2021 on addressing the dissemination of the terrorist content online (OJ L 172, 17.5.2021, p. 79).
(11) Regulation (EU) 2021/1232 of the European Parliament and of the Council of 14 July 2021 on temporary derogation from certain provisions of Directive 2002/58/EC as regards the use of technologies by providers of number-independent interpersonal communications services for the processing of personal and other data for the purpose of combating online child sexual abuse (OJ L 274, 30.7.2021, p. 41).
(12) Directive 2002/58/EC of the European Parliament and of the Council of 12 July 2002 concerning the processing of personal data and the protection of privacy in the electronic communications sector (Directive on privacy and electronic communications) (OJ L 201, 31.7.2002, p. 37).
(13) Regulation (EU) 2017/2394 of the European Parliament and of the Council of 12 December 2017 on cooperation between national authorities responsible for the enforcement of consumer protection laws and repealing Regulation (EC) No 2006/2004 (OJ L 345, 27.12.2017, p. 1).
(14) Regulation (EU) 2019/1020 of the European Parliament and of the Council of 20 June 2019 on market surveillance and compliance of products and amending Directive 2004/42/EC and Regulations (EC) No 765/2008 and (EU) No 305/2011 (OJ L 169, 25.6.2019, p. 1).
(15) Directive 2001/95/EC of the European Parliament and of the Council of 3 December 2001 on general product safety (OJ L 11, 15.1.2002, p. 4).
(16) Directive 2005/29/EC of the European Parliament and of the Council of 11 May 2005 concerning unfair business-to- consumer commercial practices in the internal market and amending Council Directive 84/450/EEC, Directives 97/7/EC, 98/27/EC and 2002/65/EC of the European Parliament and of the Council and Regulation (EC) No 2006/2004 of the European Parliament and of the Council (‘Unfair Commercial Practices Directive’) (OJ L 149, 11.6.2005, p. 22).
(17) Directive 2011/83/EU of the European Parliament and of the Council of 25 October 2011 on consumer rights, amending Council Directive 93/13/EEC and Directive 1999/44/EC of the European Parliament and of the Council and repealing Council Directive 85/577/EEC and Directive 97/7/EC of the European Parliament and of the Council (OJ L 304, 22.11.2011, p. 64).
(18) Directive 2013/11/EU of the European Parliament and of the Council of 21 May 2013 on alternative dispute resolution for consumer disputes and amending Regulation (EC) No 2006/2004 and Directive 2009/22/EC (OJ L 165, 18.6.2013, p. 63).
(19) Council Directive 93/13/EEC of 5 April 1993 on unfair terms in consumer contracts (OJ L 95, 21.4.1993, p. 29).
(20) Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (OJ L 119, 4.5.2016, p. 1).
(21) Directive 2001/29/EC of the European Parliament and of the Council of 22 May 2001 on the harmonisation of certain aspects of copyright and related rights in the information society (OJ L 167, 22.6.2001, p. 10).
(22) Directive 2004/48/EC of the European Parliament and of the Council of 29 April 2004 on the enforcement of intellectual property rights (OJ L 157, 30.4.2004, p. 45).
(23) Directive (EU) 2019/790 of the European Parliament and of the Council of 17 April 2019 on copyright and related rights in the Digital Single Market and amending Directives 96/9/EC and 2001/29/EC (OJ L 130, 17.5.2019, p. 92).
(24) Directive (EU) 2018/1972 of the European Parliament and of the Council of 11 December 2018 establishing the European Electronic Communications Code (OJ L 321, 17.12.2018, p. 36).
(25) Commission Recommendation 2003/361/EC of 6 May 2003 concerning the definition of micro, small and medium-sized enterprises (OJ L 124, 20.5.2003, p. 36).
(26) Directive 2011/93/EU of the European Parliament and of the Council of 13 December 2011 on combating the sexual abuse and sexual exploitation of children and child pornography, and replacing Council Framework Decision 2004/68/JHA (OJ L 335, 17.12.2011, p. 1).
(27) Directive 2011/36/EU of the European Parliament and of the Council of 5 April 2011 on preventing and combating trafficking in human beings and protecting its victims, and replacing Council Framework Decision 2002/629/JHA (OJ L 101, 15.4.2011, p. 1).
(28) Directive (EU) 2017/541 of the European Parliament and of the Council of 15 March 2017 on combating terrorism and replacing Council Framework Decision 2002/475/JHA and amending Council Decision 2005/671/JHA (OJ L 88, 31.3.2017, p. 6).
(29) Regulation (EU) 2016/794 of the European Parliament and of the Council of 11 May 2016 on the European Union Agency for Law Enforcement Cooperation (Europol) and replacing and repealing Council Decisions 2009/371/JHA, 2009/934/JHA, 2009/935/JHA, 2009/936/JHA and 2009/968/JHA (OJ L 135, 24.5.2016, p. 53).
(30) Council Directive (EU) 2021/514 of 22 March 2021 amending Directive 2011/16/EU on administrative cooperation in the field of taxation (OJ L 104, 25.3.2021, p. 1).
(31) Directive 98/6/EC of the European Parliament and of the Council of 16 February 1998 on consumer protection in the indication of the prices of products offered to consumers (OJ L 80, 18.3.1998, p. 27).
(32) Directive (EU) 2016/943 of the European Parliament and of the Council of 8 June 2016 on the protection of undisclosed know-how and business information (trade secrets) against their unlawful acquisition, use and disclosure (OJ L 157, 15.6.2016, p. 1).
(33) Directive (EU) 2020/1828 of the European Parliament and of the Council of 25 November 2020 on representative actions for the protection of the collective interests of consumers and repealing Directive 2009/22/EC (OJ L 409, 4.12.2020, p. 1).
(34) Regulation (EU) No 182/2011 of the European Parliament and of the Council of 16 February 2011 laying down the rules and general principles concerning mechanisms for control by Member States of the Commission’s exercise of implementing powers (OJ L 55, 28.2.2011, p. 13).
(35) OJ L 123, 12.5.2016, p. 1.
(36) Regulation (EU) 2018/1725 of the European Parliament and of the Council of 23 October 2018 on the protection of natural persons with regard to the processing of personal data by the Union institutions, bodies, offices and agencies and on the free movement of such data, and repealing Regulation (EC) No 45/2001 and Decision No 1247/2002/EC (OJ L 295, 21.11.2018, p. 39).
(37) OJ C 149, 27.4.2021, p. 3.
(38) Directive (EU) 2019/882 of the European Parliament and of the Council of 17 April 2019 on the accessibility requirements for products and services (OJ L 151, 7.6.2019, p. 70).
(39) Council Regulation (EC) No 139/2004 of 20 January 2004 on the control of concentrations between undertakings (OJ L 24, 29.1.2004, p. 1).
(40) Regulation (EU) No 910/2014 of the European Parliament and of the Council of 23 July 2014 on electronic identification and trust services for electronic transactions in the internal market and repealing Directive 1999/93/EC (OJ L 257, 28.8.2014, p. 73).
(41) Regulation (EU, Euratom) 2018/1046 of the European Parliament and of the Council of 18 July 2018 on the financial rules applicable to the general budget of the Union, amending Regulations (EU) No 1296/2013, (EU) No 1301/2013, (EU) No 1303/2013, (EU) No 1304/2013, (EU) No 1309/2013, (EU) No 1316/2013, (EU) No 223/2014, (EU) No 283/2014, and Decision No 541/2014/EU and repealing Regulation (EU, Euratom) No 966/2012 (OJ L 193, 30.7.2018, p. 1).