CHAPTER III - Due Diligence Obligations for a transparent and safe online environment (Art. 11 - 48)
- Section 1 – Provisions applicable to all providers of intermediary services
- Article 11 – Points of contact for Member States’ authorities, the Commission and the Board
- Article 12 – Points of contact for recipients of the service
- Article 13 – Legal representatives
- Article 14 – Terms and conditions
- Article 15 – Transparency reporting obligations for providers of intermediary services
- Section 2 – Additional provisions applicable to providers of hosting services, including online platforms
- Article 16 – Notice and action mechanisms
- Article 17 – Statement of reasons
- Article 18 – Notification of suspicions of criminal offences
- Section 3 – Additional provisions applicable to providers of online platforms
- Article 19 – Exclusion for micro and small enterprises
- Article 20 – Internal complaint-handling system
- Article 21 – Out-of-court dispute settlement
- Article 22 – Trusted flaggers
- Article 23 – Measures and protection against misuse
- Article 24 – Transparency reporting obligations for providers of online platforms
- Article 25 – Online interface design and organisation
- Article 26 – Advertising on online platforms
- Article 27 – Recommender system transparency
- Article 28 – Online protection of minors
- Section 4 – Additional provisions applicable to providers of online platforms allowing consumers to conclude distance contracts with traders
- Article 29 – Exclusion for micro and small enterprises
- Article 30 – Traceability of traders
- Article 31 – Compliance by design
- Article 32 – Right to information
- Section 5 – Additional obligations for providers of very large online platforms and of very large online search engines to manage systemic risks
- Article 33 – Very large online platforms and very large online search engines
- Article 34 – Risk assessment
- Article 35 – Mitigation of risks
- Article 36 – Crisis response mechanism
- Article 37 – Independent audit
- Article 38 – Recommender systems
- Article 39 – Additional online advertising transparency
- Article 40 – Data access and scrutiny
- Article 41 – Compliance function
- Article 42 – Transparency reporting obligations
- Article 43 – Supervisory fee
- Section 6 – Other provisions concerning due diligence obligations
- Article 44 – Standards
- Article 45 – Codes of conduct
- Article 46 – Codes of conduct for online advertising
- Article 47 – Codes of conduct for accessibility
- Article 48 – Crisis protocols
- Section 1 – Competent authorities and national Digital Services Coordinators
- Article 49 – Competent authorities and Digital Services Coordinators
- Article 50 – Requirements for Digital Services Coordinators
- Article 51 – Powers of Digital Services Coordinators
- Article 52 – Penalties
- Article 53 – Right to lodge a complaint
- Article 54 – Compensation
- Article 55 – Activity reports
- Section 2 – Competences, coordinated investigation and consistency mechanisms
- Article 56 – Competences
- Article 57 – Mutual assistance
- Article 58 – Cross-border cooperation among Digital Services Coordinators
- Article 59 – Referral to the Commission
- Article 60 – Joint investigations
- Section 3 – European Board for Digital Services
- Article 61 – European Board for Digital Services
- Article 62 – Structure of the Board
- Article 63 – Tasks of the Board
- Section 4 – Supervision, investigation, enforcement and monitoring in respect of providers of very large online platforms and of very large online search engines
- Article 64 – Development of expertise and capabilities
- Article 65 – Enforcement of obligations of providers of very large online platforms and of very large online search engines
- Article 66 – Initiation of proceedings by the Commission and cooperation in investigation
- Article 67 – Requests for information
- Article 68 – Power to take interviews and statements
- Article 69 – Power to conduct inspections
- Article 70 – Interim measures
- Article 71 – Commitments
- Article 72 – Monitoring actions
- Article 73 – Non-compliance
- Article 74 – Fines
- Article 75 – Enhanced supervision of remedies to address infringements of obligations laid down in Section 5 of Chapter III
- Article 76 – Periodic penalty payments
- Article 77 – Limitation period for the imposition of penalties
- Article 78 – Limitation period for the enforcement of penalties
- Article 79 – Right to be heard and access to the file
- Article 80 – Publication of decisions
- Article 81 – Review by the Court of Justice of the European Union
- Article 82 – Requests for access restrictions and cooperation with national courts
- Article 83 – Implementing acts relating to Commission intervention
- Section 5 – Common provisions on enforcement
- Article 84 – Professional secrecy
- Article 85 – Information sharing system
- Article 86 – Representation
- Section 6 – Delegated and implementing acts
- Article 87 – Exercise of the delegation
- Article 88 – Committee procedure
Art. 40 DSA
Data access and scrutiny
- Providers of very large online platforms or of very large online search engines shall provide the Digital Services Coordinator of establishment or the Commission, at their reasoned request and within a reasonable period specified in that request, access to data that are necessary to monitor and assess compliance with this Regulation.
- Digital Services Coordinators and the Commission shall use the data accessed pursuant to paragraph 1 only for the purpose of monitoring and assessing compliance with this Regulation and shall take due account of the rights and interests of the providers of very large online platforms or of very large online search engines and the recipients of the service concerned, including the protection of personal data, the protection of confidential information, in particular trade secrets, and maintaining the security of their service.
- For the purposes of paragraph 1, providers of very large online platforms or of very large online search engines shall, at the request of either the Digital Service Coordinator of establishment or of the Commission, explain the design, the logic, the functioning and the testing of their algorithmic systems, including their recommender systems.
- Upon a reasoned request from the Digital Services Coordinator of establishment, providers of very large online platforms or of very large online search engines shall, within a reasonable period, as specified in the request, provide access to data to vetted researchers who meet the requirements in paragraph 8 of this Article, for the sole purpose of conducting research that contributes to the detection, identification and understanding of systemic risks in the Union, as set out pursuant to Article 34(1), and to the assessment of the adequacy, efficiency and impacts of the risk mitigation measures pursuant to Article 35.
- Within 15 days following receipt of a request as referred to in paragraph 4, providers of very large online platforms or of very large online search engines may request the Digital Services Coordinator of establishment, to amend the request, where they consider that they are unable to give access to the data requested because one of following two reasons:
(a) they do not have access to the data;
(b) giving access to the data will lead to significant vulnerabilities in the security of their service or the protection of confidential information, in particular trade secrets. - Requests for amendment pursuant to paragraph 5 shall contain proposals for one or more alternative means through which access may be provided to the requested data or other data which are appropriate and sufficient for the purpose of the request.
The Digital Services Coordinator of establishment shall decide on the request for amendment within 15 days and communicate to the provider of the very large online platform or of the very large online search engine its decision and, where relevant, the amended request and the new period to comply with the request. - Providers of very large online platforms or of very large online search engines shall facilitate and provide access to data pursuant to paragraphs 1 and 4 through appropriate interfaces specified in the request, including online databases or application programming interfaces.
- Upon a duly substantiated application from researchers, the Digital Services Coordinator of establishment shall grant such researchers the status of ‘vetted researchers’ for the specific research referred to in the application and issue a reasoned request for data access to a provider of very large online platform or of very large online search engine a pursuant to paragraph 4, where the researchers demonstrate that they meet all of the following conditions:
(a) they are affiliated to a research organisation as defined in Article 2, point (1), of Directive (EU) 2019/790;
(b) they are independent from commercial interests;
(c) their application discloses the funding of the research;
(d) they are capable of fulfilling the specific data security and confidentiality requirements corresponding to each request and to protect personal data, and they describe in their request the appropriate technical and organisational measures that they have put in place to this end;
(e) their application demonstrates that their access to the data and the time frames requested are necessary for, and proportionate to, the purposes of their research, and that the expected results of that research will contribute to the purposes laid down in paragraph 4;
(f) the planned research activities will be carried out for the purposes laid down in paragraph 4;
(g) they have committed themselves to making their research results publicly available free of charge, within a reasonable period after the completion of the research, subject to the rights and interests of the recipients of the service concerned, in accordance with Regulation (EU) 2016/679.
Upon receipt of the application pursuant to this paragraph, the Digital Services Coordinator of establishment shall inform the Commission and the Board. - Researchers may also submit their application to the Digital Services Coordinator of the Member State of the research organisation to which they are affiliated. Upon receipt of the application pursuant to this paragraph the Digital Services Coordinator shall conduct an initial assessment as to whether the respective researchers meet all of the conditions set out in paragraph 8. The respective Digital Services Coordinator shall subsequently send the application, together with the supporting documents submitted by the respective researchers and the initial assessment, to the Digital Services Coordinator of establishment. The Digital Services Coordinator of establishment shall take a decision whether to award a researcher the status of ‘vetted researcher’ without undue delay.
While taking due account of the initial assessment provided, the final decision to award a researcher the status of ‘vetted researcher’ lies within the competence of Digital Services Coordinator of establishment, pursuant to paragraph 8. - The Digital Services Coordinator that awarded the status of vetted researcher and issued the reasoned request for data access to the providers of very large online platforms or of very large online search engines in favour of a vetted researcher shall issue a decision terminating the access if it determines, following an investigation either on its own initiative or on the basis of information received from third parties, that the vetted researcher no longer meets the conditions set out in paragraph 8, and shall inform the provider of the very large online platform or of the very large online search engine concerned of the decision. Before terminating the access, the Digital Services Coordinator shall allow the vetted researcher to react to the findings of its investigation and to its intention to terminate the access.
- Digital Services Coordinators of establishment shall communicate to the Board the names and contact information of the natural persons or entities to which they have awarded the status of ‘vetted researcher’ in accordance with paragraph 8, as well as the purpose of the research in respect of which the application was made or, where they have terminated the access to the data in accordance with paragraph 10, communicate that information to the Board.
- Providers of very large online platforms or of very large online search engines shall give access without undue delay to data, including, where technically possible, to real-time data, provided that the data is publicly accessible in their online interface by researchers, including those affiliated to not for profit bodies, organisations and associations, who comply with the conditions set out in paragraph 8, points (b), (c), (d) and (e), and who use the data solely for performing research that contributes to the detection, identification and understanding of systemic risks in the Union pursuant to Article 34(1).
- The Commission shall, after consulting the Board, adopt delegated acts supplementing this Regulation by laying down the technical conditions under which providers of very large online platforms or of very large online search engines are to share data pursuant to paragraphs 1 and 4 and the purposes for which the data may be used. Those delegated acts shall lay down the specific conditions under which such sharing of data with researchers can take place in compliance with Regulation (EU) 2016/679, as well as relevant objective indicators, procedures and, where necessary, independent advisory mechanisms in support of sharing of data, taking into account the rights and interests of the providers of very large online platforms or of very large online search engines and the recipients of the service concerned, including the protection of confidential information, in particular trade secrets, and maintaining the security of their service.