Historical excursus

The Digital Services Act (DSA) and the Digital Markets Act (DMA) are two European legislative proposals, and they are two complementary parts of the same project regarding the European digital market. 

The main goal of the DSA is to provide new obligations and responsibilities for digital intermediaries and online platforms, with a particular focus on the content they host, in order to affect those illegal matters which encourage hate, violence, terrorism and similar.

Instead, the purpose of DMA essentially results in regulating the relationships between big tech and their users to avoid unfair behavior.

Is this the first time that such regulatory instruments have been envisaged? NO. 

So, a question naturally arises: now, what does regulate business behaviors and protect final consumers?

There is a specific regulation at European level that was born at the beginning of the 21st century and is undergoing a rapid and constant evolution, due to the development of technological innovations and especially the social context, and it has reached, so far at least, its climax in the two proposals that are being analyzed.


• Regulation eIDAS (UE) n. 910/2014. The purpose of which is to ensure a good functioning of the internal market while pursuing an adequate level of security for electronic identification means and fiduciary services. It lays down the conditions under which Member States shall recognize the means of electronic identification of natural and legal persons covered by a notified electronic identification scheme of another Member State, and establish a legal framework for electronic signatures, electronic seals, electronic time validations, electronic documents, certified electronic delivery services and services related to website authentication certificates.


• EU Directive 2015/849 “Fourth AMLD Directive”. It introduced provisions to optimize the use of anti-money laundering and terrorist financing instruments.


•  Directive (UE) 2016/1148 “ Directive NIS”. It shall establish measures to achieve a common high level of network and information system security in the Union in order to improve the functioning of the internal market.

• Regulation 2016/679/UE, General Regulation on the Protection of Personal Data (GDPR). It lays down rules on the protection of individuals with regard to the processing of personal data and on the free movement of such data. It protects the fundamental rights and freedoms of natural persons, in particular the right to the protection of personal data. The free movement of personal data within the Union may not be restricted or prohibited on grounds relating to the protection of individuals with regard to the processing of personal data


• E-Privacy regulation. It sets rules on the protection of the fundamental rights and freedoms of natural and legal persons with regard to the provision and use of electronic communications services, in particular the right to respect for privacy and communications and the protection of individuals with regard to the processing of personal data. In addition, it shall ensure the free movement of electronic communications data and electronic communications services in the Union, which are not restricted or prohibited on grounds relating to the respect for the privacy and communications of natural and legal persons and the protection of natural persons with regard to the processing of personal data.


• Regulation (UE) 2018/302 “Geoblocking regulation”. It contains measures to prevent unjustified geographical blockages and other forms of discrimination based on nationality, place of residence or place of establishment of customers within the internal market.


• EU cybersecurity regulation 2019/881 (Cybersecurity Act). In order to ensure the smooth functioning of the internal market while pursuing a high level of cyber-security, cyber-security and trust within the Union, this Regulation lays down: the objectives, tasks and organizational aspects of ENISA, (‘European Union Cyber Security Agency and a framework for the introduction of European Cyber Security Certification Schemes to ensure an adequate level of cyber security for ICT products, ICT services and ICT processes in the Union, as well as in order to avoid fragmentation of the internal market with regard to cybersecurity certification schemes in the Union.


• Digital Services Act (DSA) and the Digital Markets Act (DMA)

Definition of the digital package’s target  

The DSA target

«The new rules are proportionate, promote innovation, growth and competitiveness and facilitate the expansion of smaller platforms, SMEs and start-ups. The responsibilities of users, platforms and public authorities are rebalanced according to European values, placing citizens at the center. Rules better protect consumers, and their fundamental rights online establish an effective and clear framework for transparency and accountability of online platforms promote innovation, growth and competitiveness within the single market».

The Digital Services Act establishes due diligence obligations applicable to all digital service providers in the European single market, including those established outside the EU without any restrictions. In the event that the service provider is not based in the EU, it will have to appoint its own representative, as is also provided for other European regulations. The obligations of different online operators correspond to their role, size and impact on the digital ecosystem.

For the sake of transparency, all brokerage service providers will be required to include in their terms and conditions any restrictions or limitations they impose in relation to the use of their services. They will also have to make known the procedures, measures and tools used for content moderation and publish clear and detailed reports on their moderation activities at least once a year.

Which suppliers are affected?

  • Brokerage services that offer network infrastructure: Internet access providers, domain name registrars, including:
  • Hosting services such as cloud and web hosting services, including:
  • Online platforms that bring together sellers and consumers such as online marketplaces, app stores, collaborative economy platforms and social media platforms.  
  • Large online platforms carry particular risks for the dissemination of illegal content and damage to society. There are specific rules for platforms that reach more than 10% of Europe’s 450 million consumers.

In addition to these obligations, hosting service providers will need to:

  • implement intuitive and easy-to-access mechanisms through which users can notify the provider of the presence of illegal content;
  • provide, in case of removal or disabling of the content, a statement of reasons, or a statement addressed to the user who inserted the content, where the reasons for such a measure are clearly indicated and the possibility of appeal is offered.

Online platforms (including e-marketplaces, social network sites, search engines, etc.) will be subject to additional transparency obligations, first of all to ensure that for each advertising displayed the user can clearly recognize who sponsored the ad and what parameters were used to decide to direct that content to a particular recipient.

The Digital Services Act establishes a distinction between “online platforms” and “very large online platforms”, i.e. those that reach more than 45 million average monthly users. In view of the large amount of data and information they process, the influence they may have on the market and users’ choices, and the systemic risks they may pose in terms of the dissemination of illegal content, additional transparency obligations apply to them.

If they use content recommendation systems (as is often the case on major e-commerce sites), the parameters used and any options for service recipients to modify or influence those parameters should be clearly stated in the platform’s terms and conditions. In addition, consumers must be guaranteed the right to opt out of recommendations for profiling-based content.


For intermediaries who are found to be fulfilled, liability exemptions will be provided.

For defaulting companies, the Commission has provided for penalties of up to 6% of total turnover. In case of repeated failure to comply with the obligations provided, with the implementation of conduct that may endanger the rights and safety of people, it will also be possible to request the temporary suspension of the service offered by the platform.

The DMA targets – gatekeepers

The Digital Market Act targets the so-called gatekeepers. But who are they?

Gatekeepers are big online platforms which exercise control over access to the digital market. Their role is to allow the connection between end-users and business-users, which means that they act as a link between businesses and consumers.

For this reason, gatekeepers hold a great power in terms of selection of users (from both sides of the market) that can access the platform: gatekeepers could impose unfair conditions to users that demand access to the platform, causing a decrease of demand or supply and thus affecting the market and the competition.

These unfair behaviours won’t be tolerated anymore and gatekeepers will have to allow

Chapter II of the DMA Proposal, Article 3, Designation of gatekeepers, provides the criteria to identify the gatekeepers. At first, three cumulative conditions must be met, so that the gatekeeper is the provider of core platform only if:

  1. has a significant impact on the internal market (the condition is presumed to be met if the company reports an annual turnover of 6.5bln or a market capitalisation of 65bln);
  2. operates a core platform services used by business-users to reach end-users (the condition is presumed to be met if the platform has 45mln end-users monthly and 10k business users yearly)
  3. enjoys and entrenched and durable position that will presumably be kept in the future (the condition is presumed to be met if the first two conditions have been met for three subsequent years)

The providers that meet all the conditions have to notify it to the European Commission. In absence of notification, the Commission will be able nonetheless to label the provider as gatekeeper if the criteria are met.

Legal Desk Department

Gastaldo Leonardo
Sellitto Mariarosaria
Finocchiaro Albert

Prof. Pollicino Oreste

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

Create a website or blog at WordPress.com

Up ↑

%d bloggers like this: