Newsletter

Digital Services Act – status

by Paal-André Storesund

Published:

Digital electronics. Photo.

The Regulation 2022/2065, better known as the Digital Service Act ("DSA"), is coming to Norway. While regulations apply directly in the EU Member States without the need for national implementation, for EEA-relevant regulations to be applicable in Norway, they must be implemented through national legislation as adopted into the EEA Agreement through a decision by the EEA Joint Committee. On July 2, the Ministry of Digitalization and Public Governance circulated a proposal for a law on digital services for consultation and the consultation deadline is October 1, 2025. This article will give an update on the status, in addition to a quick recap of some of the most relevant provisions of the DSA. 

The aim of the Norwegian Government is for DSA to apply from summer 2026. The starting point is that regulations are implemented in Norwegian law through incorporation, i.e. the regulation is made applicable as Norwegian law through a reference provision. The consultation paper states that some adjustments will be necessary. However, there is very limited scope of proposing adjustments to the substantive provisions of the regulation. 

The purpose of the regulation is to contribute to a well-functioning internal market for digital services by establishing harmonized rules that will contribute to a safe and secure internet. To achieve this, requirements for intermediary services to ensure transparency and a secure online environment are given: 

  • A single point of contact for member states' authorities, the Commission and the European Board for Digital Services, in addition to recipients of the services, shall be designated (Art. 11 and 12)
     
  • Providers of intermediary services which do not have an establishment in the EU, but which offer services in the EU, shall designate a legal representative (Art. 13)
     
  • Certain requirements relating to the terms and conditions (Art. 14)
     
  • Transparency reporting obligations for providers of intermediary services (Art. 15)
     

In addition to the above rules, there are additional rules based on the businesses' type intermediary services, size and number of users. Providers of hosting services (including online platforms) must:

  • Mechanisms must be put in place to allow individuals or entities to notify them of content considered to be illegal (Art. 16) 
     
  • Statement of reasons must be provided for any affected recipients in case of specific restrictions imposed on the grounds that the information provided by the recipient is illegal or incompatible with the terms and conditions (Art. 17)
     
  • Law enforcement must promptly be informed if the provider becomes aware of information giving rise to suspicion that a criminal offence involving a threat to the life or safety of a person has taken place (art. 18)
     

Depending on and varying on the base of size, providers of online platforms may also become obliged to fulfil certain requirements:

  • An internal complaint-handling system must be in place (Art. 20)
     
  • Out-of-court dispute settlement procedure shall be offered (Art. 21)
     
  • Technical and organizational measures to ensure that notices submitted by trusted flaggers are given priority (Art. 22) 
     
  • Certain measures and protection against misuse, for example recipients frequently providing manifestly illegal content or unfounded complaints must be suspended for a period of time (Art. 23) 
     
  • Special transparency reporting obligations relating to, inter alia, statistics of the out-of-court dispute settlement procedure and suspensions imposed (Art. 24) 
     
  • Online interfaces may not be designed, organized or operated in a way that deceives or manipulates the recipients, e.g. dark patterns (Art. 25)
     
  • Advertising must be recognizable, and information must be provided about who is behind the advertisement, who has paid for it and why you are being shown that advertisement (Art. 26)
     
  • Use of a recommended system, i.e. algorithms that analyze users' past behavior, preferences and interests, to generate personalized recommendations, must be transparent (Art. 27)
     
  • Online platforms accessible to minors must have sufficient measures to ensure a high level of privacy, safety and security of minors, on their service, and advertising based on profiling is not allowed if the platform provider with reasonable certainty is aware that the recipient is a minor (Art. 28)
     

Unless qualified as a micro or small enterprise, online platforms that allow consumers to conclude distance selling contracts with traders, or online marketplaces, are – as a main rule – subject to extended obligations to ensure consumer protection: 

  • The provider is required to collect certain information to trace traders who intend to use the online platform, before the traders are permitted access (Art. 30)
     
  • Online interfaces must be designed and organized in a way that enables traders to comply with their obligations regarding pre-contractual information, compliance and product safety. 
     
  • The consumer has a right to information if the provider of the online platform becomes aware that an illegal product or service has been offered by a trader to an EU consumer. 
     

In addition to the above rules, there are also certain obligations for providers of very large online platforms and of very large online search engines to manage systemic risks. The obligations relate to risk assessments, mitigation of risks, crisis response mechanisms, independent audit, recommender systems, online advertising transparency, establishing a compliance function, additional transparency reporting obligations and data access and scrutiny. As of June 2025, only 25 companies have been appointed by the EU commission as very large online platforms or online search engines. Thus, this last set of rules applies for just a very small number of companies. 
 

Schjødt's technology team closely monitors developments and benefits from having offices both within and outside the EU, particularly when it comes to knowledge of the ever-evolving EU regulation landscape that are gradually implemented into Norwegian law.

Do you have any questions?