Irish law provides for enforcement of EU Digital Services Act

Orla Hubbard of Pinsent Masons in Dublin was commenting after Ireland’s Digital Services Act 2024 (Irish DSA) (88-page / 786KB PDF) was signed into law in the country.

The Irish DSA facilitates the enforcement of the EU DSA – wide-ranging legislation that broadens online intermediaries’ responsibilities for managing illegal and harmful content and sets new requirements around how goods and services are sold online – in Ireland, by two of the country’s regulators. The Irish law came into force just days before the EU DSA came fully into effect on 17 February 2024.

Read more on this topic

• EU Digital Services Act deadline arrives for online intermediaries
• A guide for online intermediaries on the scope of the EU Digital Services Act
• Recommender systems: how the Digital Services Act changes things for platforms
• KYC: the EU Digital Services Act adds to platforms’ DAC7 duties

Responsibility for enforcing the EU DSA rests predominantly with ‘Digital Service Coordinators’ (DSCs), which each EU country is required to designate within their own jurisdictions. To date, DSCs have been designated in 16 of the 27 EU member states. DSCs do share regulatory responsibilities with the European Commission in respect of the largest online intermediaries that are within scope of the EU regime – ‘very large online platforms’ and ‘very large online search engines’.

Recognising that the provision of online services can transcend physical borders, the EU DSA, in a similar vein to the EU General Data Protection Regulation (GDPR), provides for a system of mutual assistance and cross-border regulatory cooperation between different countries’ DSCs. A new European Board for Digital Services has also been established under the EU DSA to promote the consistent application of the regulation across member states. The board will be comprised of representatives from the national DSCs and be chaired by the European Commission.

Under the Irish DSA, media regulator Coimisiún na Meán and has been designated as DSC for Ireland. Coimisiún na Meán is the lead competent authority for enforcement of the EU DSA in Ireland, while the Competition and Consumer Protection Commission (CCPC) has been given specific responsibility for regulating online services that allow consumers to conclude distance contracts with traders, such as online marketplaces.

According to Hubbard, because many major technology companies have their European headquarters in Ireland, confirmation of the Irish regime for enforcing the DSA is a significant development across the EU-wide market. She highlighted that Ireland’s digital services commissioner John Evans, a senior official at Coimisiún na Meán, had recently outlined in an interview with RTE how EU DSA cases arising in other EU countries could be referred to his office for investigation under the new regime.

The EU DSA outlines broad baseline requirements pertaining to online safety and harms, including in respect of the protection of children, but does not prevent individual EU member states from going further in national legislation. Hubbard said Ireland had established a robust online safety regime which includes not just the Irish DSA but also the Online Safety and Media Regulation Act 2022 (OSMR). The OSMR took effect in March 2023.

“The Irish DSA gives Coimisiún na Meán and the CCPC powers related to the supervision and enforcement of the EU DSA in Ireland, including the power to apply for ‘blocking orders’ to block access to intermediary services, and impose administrative fines or other penalties,” Hubbard said.

Hubbard said that the overlap between the Irish DSA, EU DSA, and the OSMR could have a bearing on the regulatory reach of Coimisiún na Meán and the CCPC.

Much of the detailed requirements that online intermediaries face under the OSMR in Ireland are to be set out in binding codes of practice. The first such code envisaged is a new online safety code that 10 ‘video-sharing platform services’ (VSPS) will be expected to adhere to. As well as building on the OSMR, the code also builds on the EU Audiovisual Media Services Directive 2018 (AVMSD). A consultation on the proposed new code closed at the end of last month.

While the code aims to enhance public online safety generally, it has a special focus on protecting children against specific types of harmful content such as cyberbullying, the promotion of self-harm, suicide, or disordered eating. The legislation employs a two-prong approach to this: first the requirement for robust age verification technologies as barrier to children’s exposure to inappropriate content, and second, it aims to provide parents with the tools to safeguard their children against illegal, harmful, or age-inappropriate online content such as violence or pornography.

Once finalised, the code will be legally binding on VSPS headquartered in Ireland and designated as such by Coimisiún na Meán. The regulator will be able to impose fines of up to €20 million or up to 10% of a company’s annual turnover for breaches of the code following its implementation. 

Reddit and Tumblr have challenged their designations as VSPSs. Reddit’s judicial review hearing is scheduled for May 2024. Hubbard said that this will be the first major test to Coimisiún na Meán and the OSMR and will be watched with interest by other online platforms.