Scope

The DSA applies to providers of intermediary services, such as internet access providers, hosting services, domain name registrars, online marketplaces, app stores, social networks, content-sharing platforms and online travel and accommodation platforms.

The DSA classifies these intermediaries into different categories, such as intermediary services, hosting services, online platforms, and very large online platforms (VLOPs), each subject to tailored obligations based on their size, impact, and the risk they pose to society.

Relevance

An important backdrop for the DSA is a desire to regulate today’s situation where platform owners themselves may determine what content should be displayed, and what should be removed. Manipulation of content may pose risks to principles of democracy, e.g. in connection with elections. The DSA further aims to ensure equal market conditions for platform providers, a market dominated by a limited number of actors. Implementation in Norway is expected to be made through a new act and amendments to the Norwegian E-commerce act. 

Key obligations

Intermediary services will be required to publish transparency reports on their content moderation practices, including the handling of illegal content and the implementation of their terms of service. Platforms must establish mechanisms allowing users to easily report illegal content and take swift action to remove or disable access to such content, while at the same time mandating users’ fundamental rights to freedom of expression and information.

Online marketplaces must ensure the traceability of business users on their platforms to combat the sale of illegal goods, services, or content, and allow for effective internal and external complaints (e.g. with respect to removal of content). Further, users must receive clear information about why they are shown specific advertisements and who is sponsoring them. Manipulative design (such as “dark patterns” that could prevent users from making free and informed decisions) will be prohibited.

VLOPs face additional obligations, such as risk assessments, independent audits, and adherence to codes of conduct. They must also provide data access to researchers, e.g. to understand how online risks evolve. This would in practice entitle researchers to conduct “scraping operations” on platforms for authorized purposes.