European parliament adopts Digital Services Act and Digital Markets Act after 18-month wait


On 5 July, the European Parliament adopted both the Digital Services Act (DSA) and Digital Markets Act (DMA) in a sweeping final vote. See below for an overview of the notable changes since the publication of the proposals. For more information on the DSA and the DMA, also read our previous in-depth articles on the draft provisions of the DSA here, and on the draft provisions of the DMA here.

The main changes contained in the DSA include the following:

  • Providers of intermediary services must designate a single point of contact enabling the recipients of the service to communicate directly and rapidly with them by electronic means and in a user-friendly manner, including allowing recipients of the service to choose the means of communication, which must not solely rely on automated (AI) tools.
  • Providers of intermediary services must inform the recipients of the service of any significant change to the terms and conditions.
  • Next to the very large online platforms (VLOPs), the DSA introduces the category of “very large online search engines”, which are designated as such once they reach 45 million or more active recipients of the service in the EU on a monthly average.
  • Providers of VLOPs and very large online search engines must provide recipients of services with a concise, easily accessible summary of the terms and conditions in machine-readable format, including the available remedies and redress mechanisms, using clear and unambiguous language, and in the official languages of all member states in which they offer services.
  • Providers of online platforms must not design, organise or operate their online interfaces in a way that deceives, manipulates or otherwise materially distorts or impairs the ability of recipients of their service to make free and informed decisions (i.e. dark patterns).
  • Providers of online platforms that use recommender (AI) systems must set out in their terms and conditions in plain and intelligible language the main parameters used in their recommender systems, along with the options for the recipients of the service to modify or influence those main parameters.
  • The online platform allowing consumers to conclude distance contracts with traders must design and organise their online interface in a way that enables traders to comply with their obligations regarding pre-contractual information, compliance and product safety information under applicable Union law (i.e. compliance by design).
  • Providers of VLOPs must establish an independent compliance function that has sufficient authority, stature and resources, as well as access to the management body of the provider of the very large online platform to monitor the compliance of that provider with the DSA.
  • Recipients of the service must have the right to seek compensation from providers of intermediary services, against any damage or loss suffered due to an infringement of the provider’s obligations under the DSA.

The main changes in the DMA include:

  • Web browsers and virtual assistants are categorised as “core platform services”. A “web browser” refers to a software application enabling end users to access and interact with web content hosted on servers connected to networks, such as the Internet. A “virtual assistant” is defined as software that can process demands, tasks or questions, including those based on audio, visual, written input, gestures or motions, and – based on those demands, tasks or questions – provides access to other services or controls connected to physical devices.
  • Gatekeepers must make the basic functionalities of number-independent interpersonal communications services interoperable with the number-independent interpersonal communications services of other providers. This includes e-mail, chat functions, over-the-top services such as text messaging between individuals from the designation as a gatekeeper; text messaging within groups within two years of the designation; and voice and video calls within four years of the designation.
  • Within six months of the designation, gatekeepers must provide the Commission and publish on their website a detailed and transparent compliance report, which they must update periodically (i.e. at least annually).
  • The Commission is empowered to adopt a wide range of delegated acts extending the obligations or adding further conditions to the obligations of gatekeepers.

Next steps

Once both texts are formally adopted by the European Council, they will be published in the EU Official Journal and enter into force 20 days after publication.

The DSA will be directly applicable across the EU and will apply 15 months or from 1 January 2024 (whichever is later) after the entry into force. Regarding the obligations for VLOPs and very large online search engines, these DSA obligations will go into force earlier – four months after being designated by the European Commission.

The DMA will become applicable six months following its entry into force. Gatekeepers will have a maximum of six months after its designation to comply with the new obligations.

For more information on data protection regulations in Hungary, contact your CMS client partner or local CMS experts.

The article was co-authored by Anna Horváth, Daniella Huszár and János Bálint.