Safer Digital Spaces – what it means for Service Operators

The first milestone under the EU’s Digital Services Act (DSA) arrived on 17 February 2023, with relevant businesses now required to publish their average monthly active recipient numbers at least every six months. Meanwhile, the UK’s ‘equivalent’ legislation, the Online Safety Bill (OSB), continues to make its passage through parliament.

Both the DSA and the OSB are intended to create a safer digital space and online environment. The DSA’s rules extends to online intermediaries that either operate in the EU and/or have a ‘substantial connection’ to the EU, being an establishment in the EU, or a significant number of users in the EU, or activities targeted to an EU Member State.

Accordingly, many UK businesses may find themselves subject to a dual regime.

 

What services will the OSB apply to?

The OSB applies to ‘regulated user-to-user service’ or a ‘regulated search service’. User-to-user services allow users to generate content which is then accessible and viewable to other users (this also includes services featuring user-interactions via bots). Either service is deemed to be regulated if it has a link with the United Kingdom. This wide definition extends beyond the key ‘big tech’ players, and although certain exemptions apply, it will capture many smaller online platforms and marketplaces. For example, any platform which hosts a chat or direct messaging function between users will be caught.

The OSB categorises service operators according to number of service users and functionalities of the service, and applies different levels of regulation to each category, with ‘Category 1’ subject to the most onerous obligations.  Key obligations include:

•  All services operators will have a duty to carry out sufficient assessments of illegal content risk and children’s risk and ensure such assessments are up to date (in accordance with guidance to be issued by OFCOM).
•  Service operators must take proactive measures to ensure there are appropriate systems in place to: prevent service users from encountering priority illegal content (this is widely defined and includes  content relating to terrorism, child abuse, self-harm, suicide, fraud and proceeds of crime), minimise the time any such content is present on the service and, once alerted to the presence of any illegal content, act to swiftly take it down.
•  Providing service users with functionality to report content and issue complaints.
•  An overriding duty to balance users’ rights to freedom of expression within the law when deciding on and implementing safety measures and policies required by the OSB.
•  For Category 1 operators, implementing proportionate systems to prevent service users from encountering fraudulent advertising, and to minimise and remove its presence.
•  Making provision in terms of service (Category 1 operators) or providing publicly accessible statements (Category 2A operators) to inform service users of technology used to address fraudulent advertising.

 

Looking ahead – what should service operators do now?

With the OSB approaching final approval in parliament, service operators should look ahead and assess whether they fall within the scope of the OSB and which specific obligations apply. At this stage, service operators have time to determine whether they have the capabilities in-house to achieve compliance, or whether third party software support or external technology may be required.  In addition, while the implications for businesses whose activities rely on regulated service operators is not yet clear, such parties may wish to review contractual arrangements and consider whether obligations to comply with the OSB should be included. Operators who are subject to a dual regime under both the DSA and OSB will have a more difficult task and need to prepare carefully, given the DSA and the OSB are working to different timetables and, although the DSA also has a tiered regime, the OSB’s ‘Category 1’ will not necessarily correspond to the DSA’s top tier (identified as ‘VLOPS’ - Very Large Online Platforms). These businesses will therefore need to assess their obligations under each independently.