Entrepreneurs in the e-commerce industry have not had an easy life lately. To run an online business and sell their goods or services, they are forced to meet increasing challenges, not only technological, and competitive but also legal. However, this should not come as a surprise to anyone at a time when the fact is that we use the Internet to an increasing extent in our everyday lives, with more and more purchases made in online stores and people using social networking sites. In turn, human activity in this area translates into the need to adapt legal regulations to related needs, especially to ensure greater security for Internet users.

The e-commerce industry has not yet had time to recover from the need to implement the so-called EU OMNIBUS directive, which required changes in Polish national law, in force, of course, with delays on the part of the Polish legislator, from January 2023 (including under the Consumer Rights Act), and for these entrepreneurs it meant the need to introduce changes on the websites of their businesses and in the IT systems they use to sell goods or services on the Internet. As we remember well, this directive was intended to regulate, among others, the following issues: online stores presenting price reductions for goods or services sold during (often only alleged) promotions, which are inconsistent with reality and constitute an unfair market practice. And not only customers but also entrepreneurs from the same industry should be protected against such practices.

Currently, emotions are heating up with another legal requirement of the European Union, which everyone has probably already heard about, or at least every e-commerce entrepreneur should hear about if they want to continue running their business or just start it. Of course, we are talking about the three-letter abbreviation “DSA” (English) or “AUC” (Polish) (Digital Services Act), and the legal act hidden under this abbreviation affects an increasing number of entities and has an increasing influence on the way each network user uses various services provided via the Internet.

When operating in the e-commerce industry or making purchases online, it is worth being aware of what DSA involves and what areas it affects. Digital transformation brings new threats and challenges for both entrepreneurs and Internet users.

What is DSA?

The Digital Services Act is an EU regulation whose full name is: Regulation (EU) 2022/2065 of the European Parliament and of the Council of 19 October 2022 on the digital single market for digital services and amending Directive 2000/31/EC.

The DSA entered into force on November 16, 2022, but the obligation to comply with it has been divided into two stages. In the first stage, from August 25, 2023, this regulation applied only to a certain group of entities, i.e. very large platforms and online search engines. In the second stage, from February 17, 2024, the regulation applies to all providers of indirect services, including smaller ones.

Does DSA still require implementation in Polish law?

DSA was adopted by the European Union bodies in the form of an EU regulation, so, unlike EU directives, in principle it is fully binding directly on entities obliged to apply it in the Member States, and compliance with the provisions of DSA towards large entities obliged to apply it is supervised by the European Commission.

However, it often happens that the introduction of EU legal provisions entails the need to adapt national provisions which, if their current wording was retained, could be inconsistent with EU regulations or require the creation or change of structures of national authorities that are to enforce these provisions in individual EU Member States. European. Therefore, under Polish law, it is necessary to introduce the so-called Competence Act, which will mainly define the principles of operation of the national supervisory authority ensuring compliance with the provisions of the EU DSA Regulation (the so-called Internet regulator) and other procedural issues.

To better understand this situation, we can point to the well-known EU GDPR, which required the introduction of changes to the provisions of the Personal Data Protection Act in national law regarding the functions of the President of the Personal Data Protection Office.

Moreover, issues arising from DSA also require changes to the Act of July 18, 2002, on the provision of electronic services, which regulates, among others, the area of ​​​​services provided by entrepreneurs in the field of online stores.

Work in this area is carried out by the Ministry of Digitization, which in January 2024 carried out consultations on the assumptions for the act implementing DSA in the Polish legal order.

It is therefore worth following the developments of these regulations at the national level so as not to be exposed to sanctions for violating them.

What are the goals of DSA?

DSA’s primary objective is to create a safe, predictable, and trustworthy online environment in which fundamental rights as enshrined in the Charter of Fundamental Rights of the European Union are effectively protected.

DSA is also to ensure the adaptation of the rules of operation of online intermediaries to changing technologies and business models on the Internet, i.e. issues specified in Directive No. 2000/31/EC on electronic commerce (the so-called e-commerce directive). The EU legislator is aware that, due to the growing challenges regarding the universal use of the Internet, it must ensure, through DSA, the harmonization of the conditions for the provision of indirect services throughout the EU internal market to avoid fragmentation of this market and ensure legal certainty. This, in turn, is intended to create an environment in which it will be possible to introduce innovative digital services and increase their scale throughout the European Union.

If we read the content of this regulation, it is not difficult to agree with the justification for its introduction. So far, each European Union member state has introduced legal regulations on its own regarding procedures for removing illegal content from the Internet. However, there is a justified need to standardize this procedure throughout the European Union, which obliges online platforms to create a system for reporting illegal content, e.g. spreading violence, hatred or child pornography.

It is also worth pointing out that the EU GDPR regulates issues related to the protection of sensitive data. However, DSA does not violate the provisions of the GDPR and additionally introduces further solutions aimed at better protection of Internet users.

Who does DSA apply to?

Under the regulation, the European Commission obtained the right to designate entities that it recognized as very large online platforms (VLOPs) and very large online search engines (VLOSEs). These entities were obliged to apply DSA from August 25, 2023, and the European Commission recognized, among others, as such entities: such well-known entities as Facebook, Tik Tok, Amazon and Google, of which Tik Tok (as VLOP) has already been subject to proceedings initiated by the European Commission in connection with violating DSA provisions.

However, this month, i.e. from February 17, 2024, the regulation becomes applicable to all providers of indirect services (including smaller ones). Providers of indirect services include e-commerce platforms, social networking sites, and hosting providers. To know whether this regulation also applies to you, please refer to the definition of an indirect service provider contained in the regulation and indicated in Art. 3 letter g) of this Regulation.

Therefore, DSA applies to providers of indirect services (so-called intermediaries in access to content posted on the Internet by users). However, it does not apply to those Internet service providers who decide to make their own or other people’s content available on the Internet (so-called content providers). Most of the obligations under the DSA do not apply to providers of indirect services who qualify as micro or small entrepreneurs.

The DSA also applies to entities that, as online intermediaries from outside the European Union, provide their services to users based or located in the European Union.

Does only the DSA regulate activities on the Internet?

DSA became known as the so-called “Constitution of the Internet”, but remember that the list of legal regulations that you must know when conducting business via the Internet is much longer. The following legal acts should be mentioned here:

• Civil Code as the absolute basis for every type of business activity;
• Consumer Rights Act;
• Act on combating unfair competition;
• Act on counteracting unfair market practices;
• GDPR – EU regulation;
• Personal Data Protection Act;
• Database Protection Act;
• Act on copyright and related rights;
• Industrial property law;
• Telecommunications law;
• Act on the provision of electronic services – still or for now…

DSA therefore applies to any website, store, application or other online solution if its operation involves storing information provided by the user (e.g. comments on the website, posts on the platform, and opinions in the online store).

From February 17, 2024, another group of entrepreneurs (i.e. micro-entrepreneurs and small enterprises, if they are not considered very large online platforms) must ensure that they meet the DSA requirements, which will probably require modifications to the regulations on their websites, as well as changes in IT systems and the implementation of a system for monitoring content published by users on websites or social networking sites.

This issue is so interesting and extensive that you will learn about the biggest challenges facing entrepreneurs operating on the Internet in the next entry on DSA published on our website in the coming days.

We encourage you to follow our profile and website on an ongoing basis!

Sources:

1. Directive (EU) 2019/2161 of the European Parliament and of the Council of 27 November 2019 amending Council Directive 93/13/EEC and Directives 98/6/EC, 2005/29/EC, and 2011/83/EU concerning better enforcement and modernization of EU consumer protection rules.

2. Consumer Rights Act of 30 May 2014 (consolidated text Journal of Laws of 2023, item 2759).

3. Link to the article on eur-lex.europa.eu

Article written by Izabela Wilczkowska: