Digital Services Act Series

The EU’s Digital Strategy: Regulatory Landscape

In March 2021, the European Commission (“the Commission”) proposed the Digital Strategy. One of the main objectives is to create the right conditions and a level playing field for digital networks and innovative services to be developed. This political agenda aligns with EU norms and standards to strengthen the EU’s digital sovereignty. As a result, it is evident that the regulations in this area will keep increasing exponentially, this means that additional goods and services will be subject to additional requirements.

Furthermore, as part of this programme, there is a wider group of proposed digital regulations. In the context of the DSA, the following are key regulations to consider:

The Digital Markets Act. This regulation acts in conjunction with the DSA aiming to improve fair competition within the EU Digital Market. However, this regulation only applies to online platforms with significant influence on the market.
The Data Act. This regulation is a comprehensive initiative to address the challenges and unleash the opportunities presented by data in the EU, emphasising fair access and user rights, while ensuring the protection of personal data, as well as non-personal data.
The AI Act. The first comprehensive law on AI by a major regulator anywhere. This regulation assigns applications of AI to three risk categories. First, applications and systems that create an unacceptable risk, such as government-run social scoring are banned. Second, high-risk applications, such as a CV-scanning tool that ranks job applicants, are subject to specific legal requirements. Lastly, applications not explicitly banned or listed as high-risk are subject to certain additional compliance requirements. You can read our insight on the AI Act here.

The DSA in Ireland

In February 2024, the Irish Government signed into law the full text of the Digital Services Bill 2023 to give effect to the DSA under Irish law. The Bill does not add to or amend the obligations on online platforms under the EU Regulation. The Bill appoints Coimisiún na Meán as the Digital Services Coordinator and the Competition and Consumer Protection Commission as a second competent authority tasked with overseeing online marketplaces. Both supervisory authorities will be empowered to:

Undertake investigations;
Issue compliance notices and orders to end a contravention;
Enter into commitment agreements with intermediary service providers;
Apply for an order to block access to an intermediary service and,
Impose administrative fines and daily penalties up to the maximum limits as set out in the EU Regulation.

How can we help you?

At this stage, organisations under the scope of the DSA need to demonstrate compliance with this regulation to be able to grow in the EU digital environment.

We would very much emphasise that in this new digital landscape, the Commission and regulators will be using more powers with a combination of criminal and legal sanctions being available to regulate the online space.

We are uniquely placed to assist both regarding your operational and legal needs. This combined service provides both technical solutions and regulatory resilience.

Thus, it is crucial to understand what the ongoing obligations and best practices are to ensure compliance with the applicable requirements. KPMG Law can help you on your path to being DSA compliant by:

Completing an assessment on your existing policies and practices to ensure continuous compliance.
Advise you on any guidance or publication issued by the relevant supervisory authorities.
Completing risk assessments as required by the DSA.
Reviewing online advertising disclosures.
Providing training to your staff as required.
Reviewing consumer terms and conditions as well as vendor contracts.

In addition, the KPMG Consulting team has deep technical expertise across all DSA related areas, including implementing compliance functions, frameworks and operating models; implementing complaints handling and issue management systems and processes; designing and implementing Know Your Business Controls (KYBC); performing systemics risk assessments, performing independent reviews and audits.

Our capabilities include experts from IT Assurance, Risk Consulting, Technology Law, Algorithm Assurance, Privacy, Cybersecurity, and Forensic teams. In addition, our DSA services are powered by accelerators to ensure an efficient process. These include:

A global better practice DSA Audit criteria framework;
A DSA Compliance Assessment tool, developed and used for DSA compliance projects at other VLOPs / VLOSEs;
A wealth of experience from other regulated sectors regarding the establishment of independent compliance functions; performing risk assessment; design and implementation of compliance controls, including many aspects of the DSA such as governance arrangements, KYBC controls, complaints handling, and related risk mitigation requirements; and,
An algorithm assurance methodology supporting the audit of DSA obligations in relation to your recommender and content moderation systems.

Digital Services Act Series

The EU’s Digital Strategy: Regulatory Landscape

The DSA in Ireland

How can we help you?

Contact the team

More in Technology & Digital Regulation