aigovernance.com

Global AI Regulation & Framework Directory

← Directory
RegulationEU

EU Digital Services Act – AI and Algorithmic Accountability Provisions

DSA AI Provisions · European Parliament and Council of the European Union; enforced by Digital Services Coordinators (DSCs) in each Member State and by the European Commission for Very Large Online Platforms (VLOPs) and Very Large Online Search Engines (VLOSEs)

The Digital Services Act imposes transparency, accountability, and risk-management obligations on online intermediaries with respect to algorithmic recommender systems, targeted advertising, and systemic risks. Obligations scale with platform size, with the most stringent requirements applying to VLOPs and VLOSEs.

Overview

Regulation (EU) 2022/2065 on a Single Market for Digital Services (Digital Services Act, DSA) entered into force on 16 November 2022. Obligations for VLOPs and VLOSEs became applicable on 25 August 2023; obligations for all other in-scope providers became applicable on 17 February 2024. The DSA establishes a layered regulatory framework for online intermediary services, with AI-related obligations concentrated in three domains: recommender systems, targeted advertising, and systemic risk management. Providers of online platforms are required to explain the parameters of any recommender system they deploy and offer users meaningful alternatives, including at least one option not based on profiling. All online platforms are prohibited from using dark patterns in their interfaces. For VLOPs and VLOSEs, which are designated by the European Commission on the basis of a threshold of at least 45 million average monthly active recipients in the EU, the obligations are substantially more demanding. Designated platforms must conduct annual systemic risk assessments covering risks arising from algorithmic amplification of illegal content, fundamental rights impacts, civic discourse, electoral processes, and gender-based violence. They must implement reasonable mitigation measures, submit to annual independent audits, grant vetted researcher data access, appoint a compliance officer, and share data with the European Commission and DSCs. Advertising transparency requirements prohibit targeting minors or using sensitive personal data categories for micro-targeted advertising. The Commission has sole enforcement authority over VLOPs and VLOSEs, with fines of up to six percent of global annual turnover and, for repeated infringement, periodic penalty payments and eventual temporary access restriction. Member State DSCs enforce obligations applicable to smaller platforms, with fines up to six percent of national turnover.

Key Requirements

  • All online platforms: Provide clear, accessible information about the main parameters of any recommender system and allow users to modify or opt out of profiling-based recommendations (Article 27).
  • All online platforms: Maintain an advertisement repository disclosing information about each advertisement served, including targeting parameters used (Article 39, applies to platforms with more than one million average monthly active EU recipients).
  • All online platforms: Prohibit the use of interface design that obscures choices or manipulates user behavior (dark patterns prohibition, Article 25).
  • VLOPs and VLOSEs: Conduct annual systemic risk assessments covering algorithmic amplification of illegal content, fundamental rights, democratic processes, and public health risks (Article 34).
  • VLOPs and VLOSEs: Design and implement proportionate risk mitigation measures and document those measures (Article 35).
  • VLOPs and VLOSEs: Submit to independent audits at least annually and publish audit reports (Article 37).
  • VLOPs and VLOSEs: Provide vetted researchers with access to data necessary for systemic risk research (Article 40).
  • VLOPs and VLOSEs: Appoint a DSA compliance officer at senior management level (Article 41).
  • VLOPs and VLOSEs: Prohibit targeted advertising directed at minors and advertising based on sensitive personal data categories (Article 26).
  • VLOPs and VLOSEs: Publish annual transparency reports and submit enhanced transparency reports to the Commission (Articles 15 and 42).
  • All in-scope providers: Publish terms of service in plain language describing content moderation policies and any use of automated means in enforcement.

Who It Affects

Very Large Online Platforms (VLOPs) designated by the European Commission (threshold: 45 million average monthly active EU recipients), including major social media, e-commerce marketplaces, and app stores.Very Large Online Search Engines (VLOSEs) designated by the European Commission.Mid-size and smaller online platforms with EU users that are not VLOPs but are subject to baseline obligations effective 17 February 2024.Online intermediaries including hosting services, cloud infrastructure providers, and content delivery networks, subject to proportionate obligations.Advertisers and ad-tech providers relying on VLOP/VLOSE inventory for EU-targeted campaigns.AI vendors supplying recommender engines, content moderation tools, and ad-targeting systems to in-scope platforms.

Effective Date

2024-02-17

Official source →