DSA: notice-and-action for illegal content

Short answer: The Digital Services Act (Regulation (EU) 2022/2065) requires hosting service providers to maintain an electronic mechanism through which any person or entity can report allegedly illegal content. Notices must be handled in a timely, diligent, non-arbitrary and objective manner. Both the person who submitted the notice and the person whose content is affected must receive a reasoned decision. Users may challenge that decision through a free internal complaint procedure.

Scope and dates of application

The DSA was published in the Official Journal of the EU on 27 October 2022 and entered into force on 16 November 2022. For very large online platforms (VLOPs) and very large online search engines (VLOSEs), obligations applied from the date of their designation (the first group was designated in April 2023). For all other providers, obligations have applied since 17 February 2024.

The notice-and-action rules in Section 2 of Chapter III apply to all hosting service providers — from small web hosts to large social networks — with partial exemptions for micro and small enterprises from the more burdensome requirements.

Article 16 — The notice mechanism

Hosting service providers must put mechanisms in place allowing any natural or legal person to notify them of allegedly illegal content. The mechanism must be electronically accessible and user-friendly. A valid notice must include at least:

• a sufficiently substantiated explanation of why the content is allegedly illegal;
• the precise location of the content (for example, an exact URL);
• the name and email address of the notifier, except for notices about child sexual abuse material;
• a statement confirming the notifier's bona fide belief that the information is accurate and complete.

A notice that meets these requirements gives rise to "actual knowledge" within the meaning of Article 6 (the hosting safe harbour), meaning the provider can no longer remain passive with respect to that specific content.

Article 17 — Statement of reasons

The provider must confirm receipt of the notice without undue delay and subsequently communicate its decision. That decision — whether to remove, disable access to, demote, or restrict the content, or to leave it in place — must be accompanied by a clear statement of reasons and information on available remedies. The same duty to give reasons applies towards the person whose content is being restricted.

Article 20 — Internal complaint handling and Article 21 — Out-of-court dispute settlement

Providers of online platforms must offer an internal complaint-handling system that is free of charge and accessible for at least six months after a decision is taken. Complaints must be handled by qualified staff; where automated tools were used to reach the original decision, human review must be available upon challenge. Where internal review does not produce a satisfactory outcome, users may refer the matter to a certified out-of-court dispute settlement body.

Article 22 — Trusted flaggers

National Digital Services Coordinators may designate organisations as "trusted flaggers" where those organisations demonstrate particular expertise in detecting a specific type of illegal content, independence from platform providers, and diligent and objective operations. Online platform providers are required to give priority to notices submitted by trusted flaggers within their designated area of expertise. Trusted flagger status is valid across the entire EU. Trusted flaggers must publish an annual activity report on their notices.

Enforcement and penalties

Each member state designates a national Digital Services Coordinator as its competent supervisory authority. The European Commission supervises VLOPs and VLOSEs directly. Infringements may attract fines of up to 6 % of the provider's global annual turnover.