Table of Contents
In Short
- The UK Online Safety Act (OSA) and EU Digital Services Act (DSA) both regulate online platforms, but they have distinct rules and enforcement mechanisms.
- The OSA applies to UK platforms, focusing on reducing illegal content and protecting children, with penalties of up to 10% of global turnover.
- The DSA applies to platforms providing services in the EU and imposes stricter rules for larger platforms, including risk assessments and audits.
Tips for Businesses
If your business operates online and reaches users in both the UK and EU, you may need to comply with both the OSA and DSA. Ensure you understand the specific requirements of each law and implement measures for content moderation, transparency, and user safety. Legal advice can help you navigate compliance.
If you operate an online business, digital safety should be a top priority and responsibility to protect your users. Regulatory bodies have implemented frameworks and legal rules to ensure that businesses protect individuals online, introducing strict legal duties and penalties for non-compliance. The UK’s Online Safety Act (OSA) and the EU’s Digital Services Act (DSA) are two major legal frameworks which aim to improve online safety and transparency.
These laws set out essential rules to help protect individuals and manage significant digital risks. UK businesses need to understand the differences between these sets of laws and their significance, particularly as the EU’s DSA can also apply to certain UK-based businesses that target users in the EU. This article introduces the UK OSA and EU DSA, their purposes, and key issues for UK business owners to understand regarding these laws.
What is the UK Online Safety Act?
The UK Parliament introduced the OSA to make certain online platforms more accountable for the risks they create. The UK’s OSA sets out strict duties for businesses that offer user-to-user, search, or pornographic content services (as defined by the OSA). The law focuses on reducing illegal and harmful content online, especially where children and vulnerable users are involved. It sets out a range of duties around illegal content risk assessments and age assurance to help protect children. Codes of practice are published to help provide businesses with guidance on compliance.
It may fall within scope if a business allows users to interact (such as through a messaging app, content-sharing feature or search function). This includes non-UK businesses with ‘links to the UK’, for example, many UK users.
What is the EU Digital Services Act?
The EU’s DSA applies to online intermediaries and platforms providing services in the EU. It covers platforms, hosting providers, marketplaces and search engines – even if the provider is not based in the EU. The European Union introduced the DSA to promote safer digital spaces and improve accountability across the online economy.
A business must follow the DSA if it provides services to EU users or has built a substantial connection to the EU. Businesses located outside the EU can still be caught by the DSA rules.
This factsheet sets out how your business can become GDPR compliant.
The DSA brings a range of important responsibilities. Providers within scope must meet baseline duties, such as being transparent about content moderation and offering tools for users to report illegal content. Platforms and hosting services must take additional steps, such as explaining how content is recommended and handling user complaints. Very large platforms (VLOPs and VLOSEs) must also conduct risk assessments, carry out audits and work with EU regulators.
The European Commission and national authorities enforce the DSA, and their powers include imposing fines of up to 6 per cent of global turnover for breaches.
Continue reading this article below the formDo the OSA and DSA Differ?
Both the OSA and DSA seek to regulate online services and reduce harmful and illegal content, but they take different approaches. Although both laws aim to make the Internet safer, each sets out its own definitions, thresholds, and enforcement tools. This means that following one law does not automatically ensure compliance with the other.
Legal advice can help you classify your services, interpret the rules correctly and take appropriate action to comply with the regulations under the OSA and DSA. This is especially important if your digital business operates in both the UK and EU.
Key Takeaways
If your business provides digital services to UK or EU users, you may need to comply with the UK Online Safety Act, the EU Digital Services Act or both. These laws have similar principles, yet each imposes its own duties. Following one law does not meet the requirements of the other. You must understand both frameworks, whether they apply to your business, and, if so, take steps to comply to avoid penalties. If you need support understanding your obligations, you should get legal advice.
If you need help understanding your obligations under the DSA or OSA, our experienced data, privacy, and IT lawyers can assist as part of our LegalVision membership. For a low monthly fee, you will have unlimited access to solicitors to answer your questions and draft and review your documents. Call us today on 0808 196 8584 or visit our membership page.
Frequently Asked Questions
The Online Safety Act is a UK law that applies to services like social media, messaging apps, and search engines. It sets rules to reduce illegal and harmful content, especially to protect children. Ofcom enforces the law.
The Digital Services Act is an EU law that applies to intermediary services used in the EU, even if the provider is based outside the EU. It sets rules on illegal content, transparency, and user protection, with stricter duties for much larger platforms.
We appreciate your feedback – your submission has been successfully received.
