First important compliance deadline for Very Large players under the Digital Services Act

Under the DSA, online platforms or search engines deemed to have at least 45 million “average monthly active recipients” in the EU have been designated as Very Large Online Platforms (VLOPs) or Very Large Search Engines (VLOSEs) by the European Commission. These companies are now obliged to comply with the more stringent rules for very large players outlined in the DSA, since they are regarded as playing a central role in the economy, society and public discourse. To date, a total of 19 companies which have been designated as VLOPs/VLOSEs by the Commission’s DG Connect, although this label has already been subject to legal challenge by two companies before the EU’s general court.

Obligations for such designated companies include delivery of their first risk assessment to evaluate compliance with the due diligence requirements in the DSA, as well as mitigation measures to guard against any potential systemic risks stemming from the design or functioning of their service. The relevant audit reports should be carried out be a service provider that is independent from the VLOP/VLOSE and should contain an opinion on whether the tech company has complied with the relevant obligations and commitments. While these first reports are likely to be a learning curve for both the companies concerned and DG Connect, the Commission is empowered to come forward with a future Delegated Act to provide more guidance on how to carry out risk assessments. For their part, designated companies will be concerned to ensure a sufficient level of confidentiality and protection of trade secrets in respect of the information provided in the context of such audits.

Bird & Bird’s team of experts is on hand to help your organisation with DSA compliance. More information available here.