Ensuring Digital Signature Lawfulness for Notice of Promotion in European Union

How to eSign a document: digital signature lawfulness for Notice of Promotion in European Union

good morning good afternoon everyone depending on where you're joining our field Fisher team from today uh welcome to field Fisher silicon Valley's latest uh webinar we're talking today about the Digital Services Act and the digital markets act and what you need to know um I'm joined today uh by Andrea Ortega Richard Lorne and Annie McLaughlin all working out here in Silicon Valley with us and hopefully offering our UK and European perspective uh to all that we're about to share um I am Mark Weber the U.S managing partner of the the office out here and um we're we're here today just to dive into something which to be honest having conversations with clients out there is actually quite confusing in part because uh um a number that we work with are deeply um bedded and saturated in the world of privacy and then suddenly are being hit with laws which don't necessarily make sense in the world of privacy this is a wider set of legal discussions to some that we've had um in recent in recent sort of months um but we're really sitting and bumping against the eu's digital agenda and part of EU harmonization policy um so there's going to be some consistency EU member state to member State although as you'll come to learn some local market definition and departures from that EU consistency and then of course the UK post-brexit sitting outside of those member states will have some similar issues to highlight but we really are talking about the EU today the European Union and not UK initiatives and um in particular we're going to highlight two different uh pieces of legislation within that EU digital agenda part of the eu's sweeping set of changes um and you know part and I say part because it comprises a number of other initiatives like AI rules like data governance rules and more but focusing in on the DSA the Digital Services Act and the dma the digital markets act now the dma is an X anti-competition law really only applying to the very large and we'll talk about those thresholds and talk about how in reality there are only 15 to 20 businesses globally impacted by the dma itself although many who Supply to or interact with those businesses regulated by dma may feel some impact and may actually feel some benefits as the market changes so maybe the dma relevant but less relevant to to some dialing in and listening but it's something that we need to understand and then of course the Digital Services act a much more wide-ranging um set a set of laws um owners for the large a TST key and set of responsibilities so some on the smaller side are also going to be impacted in certain ways and we're going to like we're going to talk about how they're impacted understand it how to split out those burdens within the Digital Services act and to understand what burdens you may face as a business and Richard Andrea and Annie are going to take those in in turn and talk those through but it but essentially we're just trying to provide some overview but then some what if and what what about me and some context to the these rules there's been a lot reported about what they are but not a lot about what they mean and we hope to bring a little bit more understanding uh and a bit more of a picture with some guidance what we should say is we now have these laws published you can actually see them in black and white um you can download them but we're still in the early stages they've been implemented but there's more to come we expect guidance we expect more context and other information around the way these laws will be applied and implemented coming along the way so we simply can't have all the answers right now but we can really say now is the time to think about these rules now is the time to prepare but most importantly I suspect work out whether you need to prepare and what kind of impact the dma or the DSA may have upon you your practice and your business so with that early introduction hi I'm Mark Weber and I'll be handing over to my colleague Andrea Ortega um to uh you know start to dig into some of what I've been talking about so thank you for joining us and Andrea over to you yeah thanks Mark so we're going to start with the DSA and this aims to address the use of the internet for harmful purposes including the trade-off illegal Goods services and content online or the manipulation of algorithmic systems to amplify the spread of misinformation and it's worth noting that before the DSA the e-commerce directive which was adopted over 20 years ago has been the main legal framework for the provision of the Digital Services in the EU match has changed obviously in 20 years and the rules are now in the DSA uh are meant to update and upgrade that regime and so the DSA Builds on the rules of the e-commerce directive it immense and complements it and addresses the particular issues emerging around online intermediaries now um similarly to the gdpr the DSA takes the form of a regulation which means that the new rules will be applied uniformly throughout the EU now however while so how as Mark was pointing out initially note that some terms that in particular the term illegal content which is at the heart of the DSA are not defined within the within the DSA itself so the DSA refers to other laws either at the EU or national level so for example some some terms such as terrorist content uh child sexual abuse material or illegal hate speech are defined at the EU level but for some others we'll have to rely on National legislation in addition to that this function mechanism combines enforcement at both the EU level by the European commission and also at the member state level so each member state will specify the penalties in their National loss in line with requirements set out in the DSA this is to say that while the DSA means more in terms of harmonization at the EU level we'll have to see how it is interpreted and enforcing practice considering both the EU and National levels on the other hand and also similarly to the gdpr these rules will apply to all players European and non-european players so it has extra territorial reach and applies to intermediary services offered to recipients of services where these recipients are established or located in the European Union um the rules primarily concern online intermediaries and platforms that transmit store or make available third-party content to eu-based users so this includes online marketplaces social media networks content sharing platforms app stores messaging services Network infrastructure services and also online search engines among others the U.S the DSA sorry uses a progressive system under which the obligations become more honors too much role size and impact on the online ecosystem so in terms of size and impact we have a very large online platforms and very large search engines which are subject to stricter obligations and then on the other side of the spectrum we have intermediary services that qualify as micro and small which are exempt from most of the obligations and even if you are a micro and small company if you grow significantly there will these companies will benefit from a targeted exemption from a set of obligations directing a transitional 12-month period um before we go into more details uh in terms of timing to comply the DSA will start applying in two steps it will be directly applicable across the EU and to all services service providers in scope on 17th February 2024 but for very large online platforms some very large search engines which are directly supervised by the European commission as regards to their systemic obligations the new rules will kick in earlier following a designation process and I Annie will will come back to this later on in the presentation so moving ahead as mentioned the DSA applies to intermediary services and we're going to go into a bit more detail about what this means and what types of services and providers are within this scope um so it follows the same categorization in the Commerce directive by declining intermediary Services as one of the the following Information Society services first are mere conduit Services second cashing services and finally hosting services mere conduit refers to when the provider is a passive transmitter of information so for example email providers caching providers are providers that temporarily store information to make the exchange more efficient so for instance content delivery networks and hosting Services refer to the stories of information in addition the DSA distinguishes within the broader category of providers of Hosting Services the subcategory of online platforms and online platforms are defined as providers of Hosting services that not only store information but also disseminate that information to the public at the request of the recipients of the services so this is for instance social networks and you have some examples for each of these categories in the slides um now that we've explained quite quickly what services for in scope there's basically um in the tiered approach there's basically four tiers of obligation so tier one refers to obligations that apply to all intermediary services tier two which is highlighted in blue uh refers to the additional obligations that apply to hosting Services tier three refers to the subcategory of online platforms and finally tier 4 refers to the additional obligations that apply to very large online platforms and very large sales engines and potentially the image on the slide is a bit more visual on those tiers um starting with I'm gonna start with tier one and then hand over to the rest of the team to address the following uh tiers uh for tier one um the basic obligations that apply to all intermediary Services which mainly aim to ensure transparency and fundamental rights protection are firstly uh cooperating with authorities this includes in particular member State authorities and the European commission and this includes making public and keeping updated information necessary to easily identify and communicate with the provider single point of contact secondly there's designating and making uh public a single point of contact for the recipients of the service and for those providers uh which do not have an establishment in the EU this also includes designating and EU legal representative thirdly um there's including in the terms of service information on any restrictions in post in relation to the use of their service and this includes for instance information and any policies procedures measures and tools used for the purpose of content moderation including algorithmic decision making and human review as well as the rules of procedure of the internal complaint handling system and finally uh all intermediary Services shall make publicly available at least once a year a comprehensive reports on any content moderation that they've engaged in now um importantly and before we go into more details into the other tiers uh the DSA preserves the liability exemptions for intermediary services that were introduced in the e-commerce directive with some clarifications and different rules applied in view of the different nature of the activities and services provided so for instance mere congoot and caching service providers would not be liable for the information transmitted or accessed when they are in no way involved with information translated access so this requires among other things that the provider does not modify the information that it transmits to which it provides access in the case of Hosting Services the providers should for instance upon obtaining active knowledge or awareness of any legal activity or lineal content act expeditiously to remove it or to disable access to that content and for the U.S audience um importantly these liability exemptions would be equivalent to section 230 of the communications decency acts under which online intermediates that host or republished speed are protected against the range of laws that might otherwise be used to hold them accountable and legally responsible for what others say and do so that's uh it for tier one now we're going to jump into tiers two and three with Richard and uh annual average tier four with a very large online platform some very large search engines so on to the return thanks Andrea so just to level set very quickly Andreas talked so far about the obligations that apply to all intermediary Services those Services which are within the scope of the DSA whether they are mere conduits whether they are caching services or whether they are hosting services and what you may have gathered so far is that actually it's a pretty limited set of obligations that apply at that tier one level now we're going to start stepping things up and looking at the more onerous obligations so I'm going to be talking about the tier 2 and tier 3 obligations which apply to hosting services that third large bracket of providers under the DSA and a subcategory of a type of hosting service who are online platforms um to begin with I think it's important to understand the distinction between these two types of service providers um it's important to understand this because there's such a broad range of services that fall within hosting so understanding at what point they qualify and become an online platform is going to be quite key for this piece of law so um let's start with hosting services so these are services that essentially merely store information at the user's request so some obvious examples here might be Cloud Computing Services or web hosting Services an online platform it not only stores information at the request of the user but it also disseminates that information to the public and that's a defined phrase that's defined within the DSA so some examples here would be social networks online marketplaces and other kind of services that enable users to share content and information let's dig in a little bit more to that definition of what constitutes disseminating information to the public so the DSA says says this is where the platform is making information easily and generally available to a potentially unlimited number of persons um so importantly we're talking about information that is stored on the platform of the user's request and at the user's requests via the platform also um makes that information available to the public hopefully the DSA includes some examples so for example it says if the platform is providing interpersonal communication services so for example an email service or private messaging that's not disseminating information to the public because they're just sending Communications between a finite number of persons and the sender the user is determining who's receiving those Communications so that wouldn't count as an online platform service however if that service allows users to post messages to a public group or send messages to an open Channel where the sender hasn't determined the recipient then that would fall within scope of being an online platform now naturally for a lot of modern Services things can get complicated because they might provide different features they might include private messaging they might include message boards and open forums so it's going to be very important for service providers to identify which one of our services appear hosting and which one of our services fall within that open platform definition the DSA also addresses use cases where the service requires registration so you have to create an account and login does that still qualify as disseminating information to the public and it says yes it can do if that registration is automatic and it doesn't involve any kind of human decision or selection process and I think what they're intending to capture there is if you can sign up for an account online easily and it's automatically you're in but you have some credentials then within that platform you are still potentially disseminating information to the public they also have an exception for services that are purely minor and ancillary features so if there's an aspect of the surface that does disseminate information to the public but it's just minor and ancillary that doesn't pull the service within scope of being an online platform and hopefully they provide a couple of examples so one is well the comments section in an online newspaper they say that's probably an ancillary service because the online newspapers main Services publishing news under their editorial responsibility so the fact that they have a comments section doesn't necessarily mean they're within scope of being an online platform by contrast though they say Okay a social network that has a comments feature and allows people to post comments to other users even though that comments feature might be ancillary to other um services and features provided on the platform that's more likely to be considered an online platform service so as we as we said earlier there's going to be more guidance and discussion around uh how the law is going to be interpreted um but understanding which services are within scope and whether they fall on the hosting or the platform side of things it's going to be very important so let's talk about the obligations and on this slide we've covered both tier two and tier three and as you can see immediately for hosting Services uh there's only a couple of really additional obligations for hosting services on top of the ones that Andrea has already discussed so the first is that in addition to the ones Andrea has mentioned the hosting Services need to implement and notice an action mechanism to remove online content that is distributed or stored on their service so that means they have to give users mechanisms to notify them of illegal content that they're hosting and they have to process those requests and notices in a timely diligent non-arbitrary and objective Manner and if they remove content from their service they also have to provide the user who is storing and owning that content they have to give them a reason why the content's being removed there's another obligation to called out in the DSA which is that if a hosting service uh is suspicious of any criminal offenses that involve a threat to a person's life or safety they have to report those suspicions to law enforcement and make available all relevant information moving on now we're starting to consider the tier three obligations so these are the ones that only apply to those online platforms and as you can see we're looking at a much longer list here and things start to get more onerous for the online platform so the first one that's specific to online platforms is that they have to provide a complaint and redress mechanism for their users this involves a complaint handling system so if they take down content from their platform for six months following that takedown they have to give users access to that system that allows them to issue a complaint and then the complaint has to be handled by the platform in a timely non-discriminatory diligent and non-arbitrary manner in addition to that users also should have the ability to settle uh disputes in an out of court dispute settlement mechanism as well um the next one for online platforms is how they deal with trusted flaggers and this is a A New Concept under the DSA so as part of the notice and action procedure platforms also have to respond to notices from so-called trusted flaggers and they have to deal with those notices preferentially and more rapidly than they deal with other kinds of notices now we're not going to go into too much depth in who trusted flaggers are but this is a distinct status that's going to be awarded to particular entities by the Digital Services coordinators appointed in each member state so there is a whole structure and system to this so that status can only be awarded to entities not individuals and these entities have to qualify so they have to demonstrate certain expertise and competence in tackling illegal content so we won't go into too much more on that subject uh but suffice it to say over the next year we'll start to see who may be considered a trusted Flagger and what role they might they might play moving on there's also a number of other obligations for online platforms and these start to stray away from that content moderation space so now we're looking at other areas where we're thinking about what's fair for users online uh one of those is around the use of recommendation systems on the platform so platforms are expected to be a lot more transparent in their terms and conditions about how content is recommended to users through algorithms and why certain content is suggested so I think we just lost the slide deck I'll just bring that back up here we go back in oh pardon me okay I'll just scroll down to the slide because for some reason it's being a little uncooperative okay so where did I get to Okay so we've got recommendation systems and then we can start talking about dark patterns so this is a topic that's been discussed a lot in the last year or two but particularly around um in in the Privacy space and how dark patterns are used to influence users choices with respect to cookies and other privacy choices but the DSA is talking more broadly about the use of dog patterns in online interfaces and effectively it prohibits those dark patterns where they deceive or manipulate users and impair their ability to make free and informed decisions so that's quite Broad and it really requires the platform to scrutinize and interrogate all of their online interfaces that invite the users to make a particular choice for instance over their settings or whether to sign up to a new feature Etc and then the last two on a list are all around advertising so the first is that platforms have to be a lot more transparent in how advertising is presented to users and why certain advertising is presented and then the second area is a little blunter it's saying that platforms will no longer be able to Target advertising to minors children and for the purposes of the DSA that's if you're under 80 18 years of age and the second band is that you can't uh direct and Target advertising to users based on profiling using special category data under the gdpr and as a reminder that's effectively sensitive forms of data like Health ethnicity political views Etc under the DSA you can't use that information to profile and Target advertising to your users so as you can see there's a broad range of different obligations under the DSA and these are pretty important they cut across many different aspects of the business in terms of product advertising terms Etc and there'll be a lot for platforms within scope to think about and now I'm going to hand over to Annie who's going to lead us into the final top tier of obligations that apply to the very large platforms any over to you thanks Richard and so as introduced by Richard we're going to talk about tier four which relates to a very large online platforms and very large online search engines and due to their incredible reach and influence very large online platforms are placed under additional obligations to mitigate the risks they pose regarding the spread of illegal content online the threshold of being deemed a very large online platform or search engine is met where a platform has more than 45 million active users per month on average within the EU this number roughly represents 10 of the EU consumers just to highlight that the designation is different under the DSA and the DNA and in some ways the designation in the DSA is more straightforward as it is based only on this one threshold whereas the dma differentiates between business users and non-business users the DSA does not and it is a calculation of all active recipients of services the methodology for calculating the average number of monthly users is unclear and but we expect the commission to issue supplementary information containing methodology to calculate that in due course um for now what we do know is that it's a calculation based on those in the union and it is the average of monthly recipients of services over a six-month period based on this the European commission will designate which entities are very large online platforms like search engines this information is made available to it by providers of online platforms through their obligations to publish the number of active end users on their online interface and online platforms have to do this and by the 17th of February 2023 um and the commission um can also use any other information available to them to designate online platforms it's very large so non-compliance with those um obligations in the act and doesn't affect the um it doesn't have the effect of avoiding designation so very large online platforms and search engines will be published in the on official Journal of the European Union and the list will be kept up to date by the commission once designated as a very large online platform or search engine they are four months to comply with their obligations under the DSA so if we go to the next slide and so in addition to the obligations that we have already heard from Richard and Andrea these companies are subject to stringent due diligence requirements which include things such as mandatory risk assessments and corresponding mitigation measures um they must conduct annual audits they must appoint a compliance officer or function they must um amongst other things they need to set up a repository containing detailed advertising information and this must be published um so going into the mandatory risk assessment so when talking about this we're referring to the analysis of systemic risks which has a very broad definition and it includes things like illegal content human rights political implications and privacy violations the obligation to mitigate relates to these risks very large online platforms must also undergo annual independent audits um into their compliance with the DSA and they must adopt recommendations from those audit reports within one month or Justify the reasons for not doing so in terms of a compliance officer it must be independent from operational functions it must report directly to management um recommended recommendation algorithms and so users must have a choice and not to have recommendations based on profiling and with regards to the repository of advertising data so in addition to the obligations that Richard discussed and we are very large online platforms have to publish a repository of information relating to advert advertising including the content of the advert the person on whose behalf it was displayed the period during which it was displayed on and so on um regarding data accent and certain data must be made available to authorities including data relating to compliance um with the DSA and platforms will be under supervision of the European commission and the so-called Digital Services coordinators so with that I'll hand back over to Richard and I think we're going to go on to the digital Market site yeah thank you Annie so that was I I think it's fair to say Whistle Stop tour of the DSA and um I don't think we have not covered all of the obligations of all aspects of the DSA there are other ones but we've covered basically the key things to be thinking about in terms of which providers are within scope how services are defined and what what are the key obligations for those Services um we'll come back to some more practical tips a little later but before we do that we're going to spend a few minutes talking about the dma the digital markets act um so as the moment earlier this is a separate piece of law to the DSA and I think there has been a little bit of confusion in some discussions between these two different laws and what they're all about um the DNA is effectively a competition regulation it's a set of xanity competition rules that are going to apply to the very largest Platforms in the EU and the term that's used is Gatekeepers so these so-called digital Gatekeepers that provide a number of core platform services to both business users and end users in the European Union what the regulation effectively does is it draws heavily on past computation competition cases that have been brought by the European commission and these rules are going to sit on top of existing competition rules both at the EU and National level so it's not replacing any existing rules but it's going to complement those rules and sit on top of them very importantly it's also going to introduce new enforcement powers for the European commission including a very large level of possible fines up to 10 percent of the company's Global turnover quite I I watering amounts when you think about the size of these companies but the European commission is also going to have a sweeping set of other enforcement Powers including the ability to enforce behavioral and structural remedies and also to conduct Market investigations as well so this law is really seen as a very a game changing and important Anti-Trust and anti-competition law let's just spend a couple of minutes talking about who these Gatekeepers might be so there's both a qualitative and quantitative assessment of who's within scope and it gets quite technical so on the left here we're looking at the qualitative assessment so we're talking about platform services that are provided in multiple EU member states and which have a significant impact on the EU markets there's a uh enumerated list of services that are within scope that's an exhaustive list and there are 10 which are covered by the regulation they're listed at the bottom there um even though there are only 10 within scope you can see they're pretty broad actually so it captures all kinds of services but importantly those Services have to be provided in multiple EU states and there has to be a significant impact for the EU Market as well the second threshold is very important that's the fact that the platform is acting as a Gateway both for business users and end users as well so it provides um services to both businesses and consumers and the third feature is that this platform enjoys and entrenched and durable position in the market so either whether it qualifies now as having an entrenched position but also if that entrenched position is foreseen in the future as well now in terms of who actually is going to meet that qualitative assessment well there are some presumptions built in so if uh the platform is providing services in at least e three EU member states then that's one of the conditions satisfied if it has an annual EU turnover of over 7.5 billion euros in the last five three Financial years or an average market cap of over 75 billion euros in the last Financial year that's the second condition map and then also they also have to have a certain amount of both end users and business users in the EU 45 million for end users and 10 000 active business users in the EU um so as you can see there's um a fairly uh you know long list of criteria that need to be met and the obligation and onus is on these companies to determine whether they fall within scope or not and then if they think they do to notify the European Commission the European commission can also carry out its own Market investigations and determine on its own whether they think a company Falls within scope and importantly even if a company does not meet these criteria the European commission has leveraged to designate the companies within scope following its own Market study as well so these are pretty important powers that the commission has in practice what does this mean well we're looking at the big Tech and we're really thinking about the largest 15 to 20 firms that are operating in the EU and some of the biggest names out there so it's really a handful of companies and many are not going to fall within scope there's also a long lead time in terms of when the DNA is going to become effective and when the designation process is taking place so I'll just hand back to Annie now who's going to explain the timeline on that thanks Richard so um the dma entered into pause on the 1st of November um and it becomes fully applicable on the 2nd of May 2023. um following that within two months of it becoming applicable companies have to notify the commission if they meet the quantitative thresholds to qualify as a gatekeeper once they have notified the commission the commission has 45 days to issue a gatekeeper designation decision so we at the earliest we expect um the timing for the first designation um by the European commission is summer 2023 um and then the earliest expected timing for when the first designated Gatekeepers will need to comply with the dma and which is six months following the designation decision would be around spring 2024 and uh in terms of the obligations that apply to um in scope Gatekeepers so the dma establishes uh do's and don'ts uh that Gatekeepers must comply with in their daily operations and some examples we've listed on the slide so for the doers we have allowing third parties to interoperate with The Gatekeepers own services in certain specific situations um allowing their business users to access the data that they generate in their use of The Gatekeepers platform providing companies advertising on their platform with the tools and information necessary for advertisers and Publishers to carry out their own independent verification of their advertisements host by the gatekeeper and allowing their business users to promote their their offer and conclude contracts with their customers Outside The Gatekeepers platform and we wanted to highlight some of the data protection so that the data protection perspective of some of these obligations and for these first four um some of these obligations are in line with the rights of data circuits to access their their personal data and their right to data portability under the ddpr so interestingly in the case of the access ride in this context this requires Gatekeepers to provide business users with access to the usage data generated from their use of the core platform services um examples of the don'ts uh include treating services and products offered by the gatekeeper itself more favorably in ranking than similar services or products offered by Third parties on The Gatekeepers platform so that's to the point of self-preferencing preventing consumers from linking up to business businesses outside their platforms preventing users from uninstalling any frame software up if they wish so and tracking end users outside of The Gatekeepers core platform service for the purposes of targeting advertising without effective consent having been granted so to the data protection aspects in this case Gatekeepers will need to obtain consent for a few things so to combine personal data from a core platform service with personal data from other services um combining personal data from the core platform Service uh with third-party data so for example data collected from third-party websites via cookies also for processing third-party data for advertising purposes and finally for signing in end users to multiple services offered by the gatekeeper in order to combine personal data um it's worth noting as well that to ensure that the new gatekeeper rules keep up with the fast pace of digital markets the European commission will carry out Market investigations and update dynamically the obligations for Gatekeepers when necessary so this will be quite challenging I will have to see how it plays out um and I'm moving on to retired who's um going to address some practical takeaways for both the DSA and the dma yeah absolutely thanks Andrea so far we have thrown a lot of lore at you and there is a huge amount to cover um it's a lot to cover in this webinar um and even when you go into more depth there's a huge complexity in range to these laws and there's a lot to learn so I think at this point it's probably a good moment to break down some of the Practical things you need to start thinking about when it comes to the DSA and the dma and how you're going to approach these two laws for your company the first thing is don't panic it probably feels a little bit overwhelming and uh trying to navigate these laws might seem like a very dense forest but there is a way to approach it so firstly it's important to identify whether the DSA and or the DMI actually apply to you and probably what you've gathered you might have a good sense of whether the dma is even going to be relevant for most it's not going to be directly applicable to you because as we've said that's only going to apply to the very large platforms but you know still worth thinking about if you think you might be on the The Fringe of some of those criteria by contrast the DSA is likely to apply to a very broad range of services and it captures most but you need to then think about well which services are within scope and which definitions do we need to be thinking about and that's really important because as we've seen uh for most there are actually fairly limited obligations under the DSA whereas when we start to think about certain types of services those commitments and obligations start to grow and build and that's when you're starting to think about the more onerous requirements of the DSA so identify whether you're within scope of the laws and also identify which services are within scope that might become a little bit more complicated if you're offering you know different products different Services because let's not forget under the DSA we're thinking about requirements that apply for particular services and the regulation actually calls that out and says that a single provider might provide certain services that within scope of certain rules and other services that are within the scope of other rules so navigating that and uh identifying the boundaries is going to be really key um lastly also if you think you might qualify as one of those very large online platforms or search engines under the DSA then you have to think about well what's the methodology that we're going to use to calculate on monthly active user base for each of our services to identify whether we are potentially within scope of those most onerous rules so step one is that scoping exercise very important the Second Step will be okay we know uh which which uh aspects of the law apply to us so let's start mapping out the relevant requirements and identify which requirements apply to us and which service so for example online services generally they need to be thinking about the liability regime under the DSA and how they're dealing with illegal content on their service and how they are complying with those notice and takedown requirements then stepping up if you actually qualify as a hosting service you'll also need to think about those additional obligations around providing notice and action mechanisms for users and then if you have services that qualify as an online platform you'll need to think about all of those additional obligations as well including providing a complaint mechanism for your users and addressing the other range of requirements that are specified under the DSA in terms of timing don't forget the deadlines so the DSA for most comes into effect on 17th of February 2024 so you do have time um but there's a lot to think about and then the last step okay we know what um we need to achieve but how do we get there so it's all about translating those legal requirements into concrete actions and importantly also start thinking about who you need to engage within the business who are the internal stakeholders that are going to need to be involved so for instance for some this might be thinking about okay we need to update our terms and conditions to address informational and transparency requirements in particular you know how are we addressing content moderation through our service um for others depending on which requirements apply you might need to be thinking about your online interfaces are there any potential dog patterns that we need to think about and also how do we address transparency requirements within online interfaces and also uh for some you'll also need to think about internal complaints processes and setting that up so given the broad scope of a law like the DSA you will need to engage with different parts of the business that could be the legal and Commercial team it could be the product team it could be content moderation it could be advertising identifying you know how we're going to tackle this and who needs to be involved is going to be a really important thing to think about so breaking down this into stages will help you address what is otherwise quite a complex piece of Regulation and don't forget Don't Panic there is time and there are people who can help including feel Fisher so everyone who's presented today Mark myself Andrea Annie we are very happy to help if you have follow-up questions from this webinar today yeah and thanks very much Richard and uh we we should also say it may be direct here from Silicon Valley but also reaching into some of our fantastic colleagues in Europe and France and particularly our Belgian office sort of uh also you know building a center of excellence around a lot of this digital agenda um so thank you for joining us today um news uh what's coming ahead with the field official webinars uh looking ahead to the 7th of December so after Thanksgiving for those of us out in the US um we're going to have a session on data privacy looking ahead for 2023. um looking at predictions well what we need to think about maybe what we need to prepare some budget for what we need to allocate some resource for and just looking at this multitude of almost tidal wave of new things that are potentially coming and of course the things that we know that are going to happen and then there's those old faithfuls every six months we speculate about e-privacy maybe we really will see an AI act maybe we will see new developments in U.S state law so just looking a little bit ahead with some of our predictions about what we think uh you're going to be working on and what we think we're going to be preparing for for 2023 so myself eilish hopefully a number of our colleagues will be joining you for that so details to follow looking up if you'd like to be on our list please let us know and um we will be recording this making a copy available and undoubtedly um popping it out on LinkedIn putting it on our YouTube channel but it will always be available Within in 24 or 48 hours if you just want to contact your usual Phil Fisher contact thanks very much