Do you hear the word “regulation” and get nervous? When it comes to the EU’s Digital Services Act (DSA), you shouldn’t worry. If you’re complying with the most up-to-date card brand regulations, you can breathe a sigh of relief. You are likely already doing many of the things required by DSA!
Although the new rules took effect in January, by that time most platforms had already gotten out in front of the regulation by making changes to their systems to make sure they were in compliance.
Under the new rules, digital platforms are held accountable for identifying and handling any harmful or illegal content or services.
This month, we want to help merchants better understand what the DSA is, and its potential impact on their business.
What Is the DSA?
The DSA is a new set of rules designed to create a safer and more open digital space for users and businesses in the European Union. It is intended to protect the rights of users, level the playing field and bring safety through accountability. It covers a variety of online services and applies to all who do business in the EU, no matter where they are located — so even if you live in the United States, if you do business in Europe, the DSA applies to you.
Under the new rules, digital platforms are held accountable for identifying and handling any harmful or illegal content or services. Think of these rules as an extension of the recent Visa and Mastercard regulations, except on a broader regulatory level. Like those card brand rules, the DSA applies to all online intermediaries or anyone who offers a service that distributes information. That could mean an ecommerce platform, marketplace, social media network, search engine, cloud service, messaging app or online advertising service.
The DSA is meant to ensure the highest level of protection for users’ online privacy and data. It also promotes a fair and transparent digital environment by establishing a clear set of rules and responsibilities for both businesses and consumers.
Size Does Matter
How the DSA impacts you or your business depends on how large your customer reach is. For the majority of merchants in our industry, the impact won’t be significant. Most will need to comply with the general obligations of all companies doing business online in the EU: establishing a legal representative in the EU, setting up an effective system for receiving and acting upon any notices of illegal content or activity, informing users about their terms and conditions, cooperating with national authorities, ensuring data portability and providing yearly transparency reports. Again, these are much like the things already required by Visa and Mastercard.
There are additional requirements based on your online platform’s reach. If you reach about 45 million users or approximately 10% of the EU population — which is rare in our industry — that makes you a “Very Large Online Platform” (VLOP), which means you will face a specific set of requirements.
Those requirements include conducting risk assessments, implementing measures to mitigate systemic risk, appointing compliance officers, allowing external audits and providing access to your data to researchers. You will also need to enable users to flag illegal or harmful content and provide an effective way for them to submit complaints. You will be required to cooperate with the European Board for Digital Services and report significant incidents to national authorities. They will need to be able to access all data as well.
You will also need to be able to prove that you are implementing measures to prevent illegal or harmful content, and ensure that there is transparency and accountability with any algorithms. All this will need to be proven, along with human oversight over any automated decision making. Basically, large platforms like Facebook or TikTok will face the same user-generated content rules to which we have all been adhering.
Expanded Easier Reporting
The DSA was designed to make it easier to remove illegal online content. However, it requires online platforms to inform users as to why any content is removed, or why access to an account was restricted. Under the DSA, users can challenge decisions through an out-of-court dispute process. According to the European Commission, the DSA has launched a transparency database, the first of its kind, making content provider decisions accessible to the public.
The DSA also seeks to provide greater transparency and control over what we see on our feeds, and offers protection for minors through a policy of zero tolerance for ads directed at children and teens. According to the new rules, online platforms accessible to minors should offer protection of their privacy and security via settings that are on by default. Online age verification can be put in place to help.
These new regulations will also apply to the online marketplace as a protection measure against the selling of illegal goods. Online merchants must verify their identity before selling anything.
So don’t fret when you encounter these new regulations. The DSA is just another step in making sure all content is compliant with rules that are already widespread, by taking the compliance process to the governmental level. Bottom line: If you are following all the rules, you shouldn’t have a problem.
Cathy Beardsley is president and CEO of Segpay, a merchant services provider offering a wide range of custom financial solutions including payment facilitator, direct merchant accounts and secure gateway services. Under her direction, Segpay has become one of four companies approved by Visa to operate as a high-risk internet payment services provider. Segpay offers secure turnkey solutions to accept online payments, with a guarantee that funds are kept safe and protected with its proprietary Fraud Mitigation System and customer service and support. For any questions or help, contact sales@segpay.com or compliance@segpay.com.
