Home / Publications / Digital Markets Act: a new and fair business framework...

Digital Markets Act: a new and fair business framework for large platforms

The European Commission has published the draft proposal for a new competition law framework for large online platforms, called the Digital Markets Act (the “DMA”). The reason the Commission proposed the DMA is that a small number of large online platforms capture the biggest share of overall value generated in Europe’s digital economy, and these platforms have emerged by benefitting from sector characteristics such as strong network effects, often embedded in their own platform ecosystems. These platforms represent the key structuring elements in today’s digital economy, intermediating the majority of transactions between end users and business users. A few large platforms increasingly act as gateways or gatekeepers between business users and end users, and enjoy a long-term, entrenched position, often as a result of the creation of conglomerate ecosystems around their core platform services, which reinforces existing entry barriers.

The DMA deals with those large online platforms acting as gatekeepers in digital markets. The DMA aims to ensure that:

  • these platforms behave fairly online;
  • innovators and technology start-ups will have new opportunities to compete and innovate in the online platform environment without having to comply with unfair terms and conditions that limit their development;
  • consumers will have more and better services to choose from, more opportunities to switch their provider if they so wish, direct access to services, and fairer prices.

Who are the gatekeepers?


Gatekeepers are core platform services which meet the qualitative and quantitative criteria set out in the DMA. Core platform services include online intermediation services, search engines, social networking services, video-sharing platform services, number-independent interpersonal communication services, operating systems, cloud computing services, advertising services including any advertising networks, advertising exchanges and any other advertising intermediation services, provided by a provider of any of the core platform services listed above.

A core platform service qualifies as a gatekeeper, if:

  1. it has a significant impact on the internal market, which is presumed if it achieves an annual EEA turnover equal to or above EUR 6.5 billion in the three preceding financial years, or where the average market capitalisation or the equivalent fair market value of the undertaking to which it belongs amounted to at least EUR 65 billion in the preceding financial year, and it provides a core platform service in at least three Member States;
  2. it operates a core platform service which serves as an important gateway for business users to reach end users, which is presumed if it has more than 45 million monthly active end users established or located in the Union and more than 10,000 yearly active business users established in the EU in the preceding financial year;
  3. it enjoys a long-term, entrenched position in its operations or it is foreseeable that it will enjoy such position in the near future, which is presumed if the thresholds in point b) were met in each of the three preceding financial years.

 

What are the gatekeepers’ main obligations? Do’s and Don’ts

 

DO'S

DON'TS


Notifications: 
- if a provider of core platform services meets all of the gatekeeper thresholds, it must notify the Commission of this fact within three months;
- if the gatekeeper plans an M&A transaction with another core platform service provider or with any other digital service provider, it must notify the Commission.

Ensuring freedom for users: 
- Freedom of pricing for business users: allowing business users to apply different prices and conditions for the same products or services through third-party online intermediation services.
- Freedom of business outside the platform: allowing business users to promote their product range and conclude contracts with their customers outside the gatekeeper’s platform. 
- Freedom to uninstall: allowing end users to uninstall any pre-installed software applications on its core platform service. 
- Freedom to install software and application stores: allowing the installation and use of third-party software and application stores which use or interoperate with the gatekeeper’s operating systems, and allowing these software and application stores to be accessed by means other than the gatekeeper’s core platform services.

Data portability: providing rights and tools for business users and end users for data portability in line with the GDPR.

Transparency provisions:
- in online advertisements: providing information for advertisers and publishers on the prices they must pay and the remuneration to be paid to them for the gatekeeper’s advertising services, and providing them with information on measuring tools and information necessary for them to carry out their own independent verification of the advertisements hosted by the gatekeeper’s platform;
- in search engines: ensuring access to other online search engine providers on fair, reasonable and non-discriminatory terms to ranking, query, click and view data in searches by end users;
- in profiling: submitting descriptions of how profiles about consumers are audited in a technologically independent way, which the gatekeeper applies in its core platform services.

Access to data: ensuring access for business users to the data that they generate in using the gatekeeper’s platform.

Equal access to application stores: fair and non-discriminatory general conditions of access for business users to its software application store.

Access to software features: allowing business users and ancillary service providers access to and interoperability with the same operating system, hardware and software features available or used by the gatekeeper of any ancillary services.


No combination of personal data without GDPR consent: no more combining personal data sourced from the core platform services with personal data from any other services offered by the gatekeeper or with personal data from third-party services, and from signing end users into other services of the gatekeeper in order to combine personal data, without a GDPR consent.

No more preventing or restricting business users from raising issues with any relevant public authority relating to any gatekeeper practice.

No mandatory use of the gatekeeper’s identification service: no more requiring business users to use, offer or interoperate with an identification service of the gatekeeper in the context of services offered by the business users using the core platform services of that gatekeeper.

No mandatory subscription for other services: no more requiring users to subscribe to or register with any other core platform services as a condition to access, sign up or register to any of the core platform services.

Information barrier: no more using, in competition with business users, any data not publicly available, which is generated or provided by the business users of the given core platform services.

No discrimination in rankings: no more treating the gatekeeper’s products and services more favourably in ranking compared to third parties’ similar services or products, and fair and non-discriminatory conditions must be applied to such rankings.

No technical restrictions for end users: no more technically restricting end users from switching between different software applications and services using the gatekeeper’s operating system.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 


 

 

What kind of tools and powers do the Commission and other bodies have?


The DMA grants powers and different procedural rights to the European Commission and establishes the Digital Markets Advisory Committee for issuing opinions in issues related to the DMA.

The DMA gives the Commission the following powers:

  1. to designate core platform services that meet the DMA criteria as gatekeepers;
  2. to review ad-hoc the status of gatekeepers on request or on its own;
  3. to review at two-year intervals the status of gatekeepers;
  4. to specify measures to be taken by gatekeeper to comply with the DMA;
  5. to suspend certain gatekeeper obligations under the DMA at a gatekeeper’s request, if the gatekeeper demonstrates that compliance with that specific obligation would endanger its economic viability;
  6. to exempt a gatekeeper from certain obligations under the DMA on the grounds of public morality, public health or public security;
  7. to initiate market investigations:
    1. to examine whether a provider of core platform services should be designated as a gatekeeper;
    2. into systematic non-compliance by a gatekeeper;
    3. to examine whether certain services in the digital sector should be added to the list of core platform services and identify practices that might limit the contestability of core platform services or might be unfair.

The DMA grants investigative, enforcement and monitoring powers to the Commission during its proceedings, based on which the Commission is entitled to:

  1. request information from any undertakings and from the governments and authorities of EU member states;
  2. access data bases and algorithms;
  3. interview any private person or legal entity to collect information relating to the subject-matter of an investigation;
  4. conduct on-site inspections at the premises of any undertakings, including together with auditors and experts;
  5. order interim measures against a gatekeeper on the basis of a prima facie finding of an infringement of obligations under the DMA;
  6. monitor the effective implementation and compliance with the obligations under the DMA.

 

What will the sanctions for non-compliance be?


If the Commission adopts a non-compliance decision in which it finds that a gatekeeper does not comply with one or more obligations under the DMA, the Commission may fine a gatekeeper.

The maximum amount of a fine is 10% of the total worldwide annual turnover of the gatekeeper in the case of a material breach of the obligations under the DMA, and a maximum 1% in the case of a less serious breach of obligations under the DMA.

The Commission is also entitled to order periodic penalty payments of up to 5% of the average daily turnover in certain cases defined in the DMA.

In the case of systematic breaches of the DMA obligations by gatekeepers, additional remedies may be imposed after a market investigation. Such remedies will need to be proportionate to the offence committed. If necessary and as a last resort, non-financial remedies can be imposed. These can include behavioural and structural remedies, e.g. the divestiture of (parts of) a business.
 

What are the next steps?


The European Parliament and Member States will discuss the Commission’s proposal according to the ordinary legislative procedure, which will take at least 18 months. Once adopted, the Act will directly apply across the EU and the core platform service providers will have six months to prepare for the new legal regime.

We will continuously monitor the status of the legislative process and keep you updated on any changes to the draft text of the DMA.

Authors

Show more Show less
Dóra Petrányi
Dóra Petrányi
Partner
CEE Managing Director, Global Co-Head of the Technology, Media and Communications Group
Budapest
Katalin Horváth
Katalin Horváth
Senior Counsel
Budapest
Márton Domokos
Márton Domokos
Co-ordinator of the CEE Data Protection Practice, CMNO
Budapest
Szabolcs Szendrő
Szabolcs Szendrő
Partner
Head of Competition
Budapest

Read other related content

14/04/2021
Di­git­al Ser­vices Act (DSA): A new leg­al frame­work for the plat­form eco­nomy
The European Com­mis­sion has is­sued the draft pro­pos­al for the Reg­u­la­tion on a Single Mar­ket for Di­git­al Ser­vices (Di­git­al Ser­vices Act, the “DSA”), which cre­ates a new leg­al frame­work for di­git­al ser­vices, amends the e-Com­merce Dir­ect­ive, and pre­pares the EU law for new and in­nov­at­ive in­form­a­tion so­ci­ety di­git­al ser­vices.The DSA sets out uni­form, har­mon­ised rules for in­ter­me­di­ary ser­vice pro­viders (the “ISPs”) to foster in­nov­a­tion, growth and com­pet­it­ive­ness, to bet­ter pro­tect con­sumers and their fun­da­ment­al rights on­line, to en­sure a safe, pre­dict­able and trus­ted on­line en­vir­on­ment, to of­fer more choices for users and less ex­pos­ure to il­leg­al con­tent, to provide ac­cess to busi­ness users to EU-wide mar­kets through plat­forms, and to fa­cil­it­ate the scal­ing up of smal­ler plat­forms, SMEs and start-ups. The new draft rules es­tab­lish:a frame­work for the con­di­tion­al ex­emp­tion from li­ab­il­ity of ISPs;rules on spe­cif­ic due di­li­gence and oth­er ob­lig­a­tions tailored to dif­fer­ent cat­egor­ies of ISPs;law en­force­ment rules and a new re­gime for co­oper­a­tion of and co­ordin­a­tion between the com­pet­ent au­thor­it­ies. 1. Which di­git­al ser­vice pro­viders are covered? The DSA cov­ers those ISPs, wheth­er es­tab­lished in or out­side the EU, that provide in­ter­me­di­ary ser­vices such as con­duit ser­vices, cach­ing ser­vices, host­ing ser­vices to re­cip­i­ents (users, busi­ness users, con­sumers, in­di­vidu­als and leg­al en­tit­ies us­ing the in­ter­me­di­ary ser­vices) hav­ing an es­tab­lish­ment or res­id­ence in the EU.The defin­i­tions of con­duit, cach­ing and host­ing ser­vice pro­viders re­mained the same as in the e-Com­merce Dir­ect­ive; the DSA only re­peats those e-Com­merce Dir­ect­ive defin­i­tions word-for-word.The draft reg­u­la­tion con­tains spe­cial ob­lig­a­tions for on­line plat­form host­ing pro­viders and very large plat­forms as a spe­cial cat­egory of on­line plat­forms, and defines those host­ing ser­vices as fol­lows:On­line plat­forms are pro­viders of host­ing ser­vices which store and make avail­able in­form­a­tion to the pub­lic at the re­quest of a re­cip­i­ent of the ser­vice, e.g. on­line mar­ket­places, app stores, col­lab­or­at­ive eco­nomy plat­forms and so­cial me­dia plat­forms. However, if stor­ing or mak­ing in­form­a­tion avail­able to the pub­lic is a minor and an­cil­lary fea­ture of an­oth­er ser­vice, and can­not be used without that oth­er ser­vice for ob­ject­ive and tech­nic­al reas­ons, the ser­vice does not qual­i­fy as an on­line plat­form. This is the situ­ation with the com­ment sec­tion in an on­line news­pa­per or email and private mes­saging ser­vices.Very large on­line plat­forms are on­line plat­forms which provide their ser­vices to a num­ber of av­er­age monthly act­ive re­cip­i­ents of the ser­vice in the EU equal to or high­er than 45 mil­lion. The list of very large on­line plat­forms is pub­lished in the Of­fi­cial Journ­al of the EU. 2. No change in the li­ab­il­ity of ISPs for in­form­a­tion stored or trans­mit­ted in their ser­vices The DSA does not change the li­ab­il­ity re­gime of ISPs for il­leg­al con­tent. It only re­peats the li­ab­il­ity pro­vi­sions of the e-Com­merce Dir­ect­ive word-for-word and also main­tains the e-com­merce rule that ISPs do not have a gen­er­al ob­lig­a­tion to mon­it­or the in­form­a­tion they trans­mit or store, or to act­ively seek facts or cir­cum­stances in­dic­at­ing il­leg­al activ­ity.As an ad­di­tion, the draft reg­u­la­tion stip­u­lates that ISPs can still refer to the ex­emp­tion of li­ab­il­ity even if they con­duct vol­un­tary self-ini­ti­ated in­vest­ig­a­tions or oth­er activ­it­ies aimed at de­tect­ing, identi­fy­ing and re­mov­ing, or dis­abling ac­cess to, il­leg­al con­tent, or take the ne­ces­sary meas­ures to com­ply with the re­quire­ments of EU law. 3. What are the new ob­lig­a­tions? The DSA stip­u­lates new ob­lig­a­tions on ISPs at dif­fer­ent levels. Com­mon ob­lig­a­tions ap­ply to all kind of ISPs, in­clud­ing on­line plat­forms and very large on­line plat­forms. Host­ing pro­viders have ad­di­tion­al ob­lig­a­tions, and the DSA con­tains spe­cial ob­lig­a­tions for on­line plat­forms com­pared to oth­er host­ing ser­vices. In ad­di­tion, very large on­line plat­forms have fur­ther ob­lig­a­tions to man­age sys­tem­ic risks. 3.1 Com­mon ob­lig­a­tions ap­plic­able to all ISPs Provid­ing in­form­a­tion to au­thor­it­ies based on or­ders: if an ISP re­ceives an or­der from an au­thor­ity to act against il­leg­al con­tent, the ISP must in­form the au­thor­ity without un­due delay about the ac­tions it takes and the time of those ac­tions. Fur­ther­more, if the ISP re­ceives an or­der to provide in­form­a­tion about a spe­cif­ic in­di­vidu­al re­cip­i­ent of a ser­vice, the ISP must con­firm the re­ceipt of the or­der to the au­thor­ity without un­due delay and must provide the re­ques­ted in­form­a­tion with cer­tain lim­it­a­tions.Des­ig­nat­ing points of con­tact and leg­al rep­res­ent­at­ives: ISPs must es­tab­lish a single point of con­tact for dir­ect elec­tron­ic com­mu­nic­a­tion with the au­thor­it­ies and pub­lish it. Fur­ther­more, ISPs not es­tab­lished in the EU but of­fer­ing ser­vices in the EU must des­ig­nate in writ­ing a leg­al rep­res­ent­at­ive (to­geth­er with its name and con­tact de­tails) in one of the EU coun­tries where the ISP of­fers ser­vices for re­ceipt, ex­e­cu­tion and en­force­ment of au­thor­ity de­cisions and for co­oper­a­tion with the au­thor­it­ies. This des­ig­nated leg­al rep­res­ent­at­ive can be held li­able for non-com­pli­ance with ob­lig­a­tions un­der the DSA.In­dic­at­ing re­stric­tions in terms: all re­stric­tions (in­clud­ing con­tent mod­er­a­tion, al­gorithmic de­cision-mak­ing, and hu­man re­view rules) re­lated to the use of ISPs’ ser­vices re­gard­ing in­form­a­tion provided by the re­cip­i­ents must be in­cluded in the terms and con­di­tions of the ser­vices.Pub­lish­ing an­nu­al trans­par­ency re­ports: ISPs must pub­lish de­tailed an­nu­al re­ports of any con­tent mod­er­a­tion they en­gaged in dur­ing the rel­ev­ant peri­od. These re­ports must in­clude, among oth­ers, cer­tain in­form­a­tion on the or­ders from au­thor­it­ies, no­tices on il­leg­al con­tent and com­plaints re­ceived by the ISP, as well as on con­tent mod­er­a­tion by the ISP. 3.2 Ad­di­tion­al ob­lig­a­tions on all host­ing pro­viders Man­aging no­tices on il­leg­al con­tents: the host­ing pro­vider must in­tro­duce eas­ily ac­cess­ible, user-friendly elec­tron­ic pro­cesses for man­aging no­tices on il­leg­al con­tents. The DSA lists the man­dat­ory ele­ments of such a no­tice. The host­ing pro­vider must con­firm the re­ceipt of such no­tice in a re­spond­ing email and no­ti­fy the claimant of its de­cision without un­due delay.Provid­ing reas­on­ing for de­cisions: if the host­ing pro­vider de­cides to re­move or make un­avail­able any il­leg­al con­tent provided by the re­cip­i­ent, it must in­form the re­cip­i­ent of the de­cision and give clear reas­on­ing for that de­cision. This reas­on­ing must con­tain all man­dat­ory ele­ments lis­ted in the DSA. The de­cision must be pub­lished in an an­onymised way in the Com­mis­sion’s pub­lic data­base. 3.4 Spe­cial ob­lig­a­tions of on­line plat­forms The pro­vi­sions ap­plic­able to on­line plat­forms can­not be ap­plied to SME on­line plat­forms. The fol­low­ing ad­di­tion­al ob­lig­a­tions ap­ply to on­line plat­forms, in­clud­ing very large on­line plat­forms:Com­plaint man­age­ment sys­tem: on­line plat­forms must main­tain an in­tern­al, user-friendly, eas­ily ac­cess­ible elec­tron­ic com­plaint man­age­ment sys­tem and must grant ac­cess to it to the re­cip­i­ents. The re­cip­i­ents can sub­mit com­plaints elec­tron­ic­ally here against the on­line plat­form’s de­cisions on their il­leg­al con­tent.Out of court dis­pute set­tle­ment: re­cip­i­ents af­fected by an on­line plat­form’s de­cision on il­leg­al con­tent are en­titled to turn to an out-of-court body cer­ti­fied by the di­git­al ser­vice co­ordin­at­or. The on­line plat­forms are bound by the de­cision of this body. The DSA con­tains the de­tailed rules for the pro­ceed­ings and the de­cisions of this cer­ti­fied body.Pri­or­ity for trus­ted flag­gers: on­line plat­forms must pro­cess the no­tices on il­leg­al con­tent sub­mit­ted by trus­ted flag­gers with pri­or­ity. The di­git­al ser­vice co­ordin­at­ors are en­titled to qual­i­fy an en­tity as a trus­ted flag­ger if all con­di­tions lis­ted in the DSA are met. The list of trus­ted flag­gers is pub­lished in the Com­mis­sion’s pub­licly avail­able data­base.Meas­ures against ab­us­ive no­tices and counter-no­tices: on­line plat­forms must sus­pend their ser­vices to re­cip­i­ents that fre­quently provide mani­festly il­leg­al con­tent. Fur­ther­more, on­line plat­forms must also sus­pend the pro­cessing of no­tices and com­plaints sub­mit­ted by per­sons that fre­quently sub­mit no­tices or com­plaints that are mani­festly un­foun­ded. The DSA con­tains de­tailed rules for the cir­cum­stances to be as­sessed in the case of such sus­pen­sion.Re­port­ing sus­pi­cions of crim­in­al of­fences: on­line plat­forms must promptly in­form the mem­ber states’ com­pet­ent law en­force­ment au­thor­it­ies, or in cer­tain cases Euro­pol, if they be­come aware of any sus­pi­cion of a crim­in­al of­fence in­volving a threat to the life or safety of per­sons has taken place, is tak­ing place or is likely to take place.Know Your Busi­ness Cus­tom­er: on­line plat­forms must identi­fy their traders pro­mot­ing mes­sages or of­fer­ing products or ser­vices to EU con­sumers, and must ob­tain in­form­a­tion about them lis­ted in the DSA, among oth­ers the name, con­tact de­tails, re­gis­tra­tion num­ber, copy of the ID card of the trader. More de­tailed trans­par­ency re­ports: on­line plat­forms must in­clude ad­di­tion­al in­form­a­tion in their an­nu­al trans­par­ency re­port, such as in­form­a­tion about out-of-court dis­putes, sus­pen­sions, and auto­mated con­tent mod­er­a­tion. Fur­ther­more, on­line plat­forms must pub­lish in­form­a­tion at least once every six months on the av­er­age monthly act­ive re­cip­i­ents of the ser­vice in each EU coun­try.User-fa­cing trans­par­ency of on­line ad­vert­ising: on­line plat­forms must en­sure that ad­vert­ise­ments dis­played in their ser­vices con­tain in­form­a­tion that this is an ad­vert­ise­ment, who is the ad­vert­iser, and the tar­get audi­ence of the ad­vert­ise­ments. 3.5 Very large on­line plat­forms’ spe­cial ob­lig­a­tions for man­aging sys­tem­ic risks The draft reg­u­la­tion con­tains the fol­low­ing spe­cial ob­lig­a­tions for very large on­line plat­forms for man­aging sys­tem­ic risks:Risk man­age­ment ob­lig­a­tions: very large on­line plat­forms must con­duct an­nu­al risk as­sess­ments on the sig­ni­fic­ant sys­tem­ic risks stem­ming from the func­tion­ing and use of their ser­vices in the EU. Fur­ther­more, based on these risk as­sess­ments, they must put in place reas­on­able, pro­por­tion­ate and ef­fect­ive risk mit­ig­a­tion meas­ures for the sys­tem­ic risks they identi­fy. The DSA con­tains a de­tailed list of those risk-mit­ig­a­tion meas­ures.Ex­tern­al risk audit­ing and pub­lic ac­count­ab­il­ity: very large on­line plat­forms must con­duct an­nu­al audits on com­pli­ance with the DSA and the code of con­duct via an in­de­pend­ent, ex­tern­al pro­fes­sion­al aud­it­or. The aud­it­or must is­sue a writ­ten audit re­port in­clud­ing the man­dat­ory ele­ments lis­ted in the DSA in writ­ing.Trans­par­ency of re­com­mend­er sys­tems: if a very large on­line plat­form uses a re­com­mend­er sys­tem, it must in­clude the main para­met­ers of and cer­tain in­form­a­tion about this sys­tem in its terms and con­di­tions, and must en­sure op­tions for users not in­volving pro­fil­ing.More trans­par­ency in on­line ad­vert­ising: very large on­line plat­forms must make pub­licly avail­able, through APIs, an an­onymised re­pos­it­ory about the on­line ad­vert­ise­ments dis­played on the plat­form. The re­pos­it­ory must con­tain the con­tent of the ad­vert­ise­ments, each ad­vert­iser’s name, the peri­od when each ad­vert­ise­ment was dis­played, and cer­tain in­form­a­tion about the tar­get audi­ence of each ad­vert­ise­ment.Data shar­ing with au­thor­it­ies and re­search­ers: very large on­line plat­forms must provide ac­cess to the data to the di­git­al ser­vice co­ordin­at­or or the Com­mis­sion for mon­it­or­ing and as­sess­ing com­pli­ance with the DSA, and must grant ac­cess to the data to vet­ted aca­dem­ic, in­de­pend­ent re­search­ers for con­duct­ing re­search that con­trib­utes to the iden­ti­fic­a­tion and un­der­stand­ing of sys­tem­ic risks. Data ac­cess must be en­sured via APIs or on­line data­bases.Com­pli­ance of­ficer: very large on­line plat­forms must ap­point at least one pro­fes­sion­al com­pli­ance of­ficer to mon­it­or com­pli­ance with the DSA. The com­pli­ance of­ficer’s name and con­tact de­tails must be provided to the di­git­al ser­vice co­ordin­at­or and the Com­mis­sion.Ad­di­tion­al trans­par­ency re­port­ing du­ties: very large on­line plat­forms must pub­lish trans­par­ency re­ports every six months and must pub­lish and sub­mit ad­di­tion­al re­ports lis­ted in the DSA to the di­git­al ser­vice co­ordin­at­or and the Com­mis­sion. 4. Com­pet­ent au­thor­it­ies, for­um shop­ping All EU mem­ber states must des­ig­nate a com­pet­ent na­tion­al en­force­ment au­thor­ity for the DSA and the same or an­oth­er au­thor­ity as the di­git­al ser­vice co­ordin­at­or. Each di­git­al ser­vice co­ordin­at­or has the power of in­vest­ig­a­tion and is en­titled to de­mand in­form­a­tion from the ISPs and any oth­er per­son on sus­pec­ted in­fringe­ments of the DSA, to carry out on-site in­spec­tions, to ask staff of the ISPs to give ex­plan­a­tions, to or­der the ces­sa­tion of an in­fringe­ment, to im­pose fines, and to ad­opt in­ter­im meas­ures.The EU mem­ber state in which the main es­tab­lish­ment of the ISP is loc­ated will have jur­is­dic­tion over the ISP. If an ISP does not have an es­tab­lish­ment in the EU but of­fers ser­vices in the EU, it will be deemed to be un­der the jur­is­dic­tion of the EU mem­ber state where its leg­al rep­res­ent­at­ive resides or is es­tab­lished, which en­ables for­eign ISPs to choose the EU jur­is­dic­tion by des­ig­nat­ing its leg­al rep­res­ent­at­ive. If the ISP fails to ap­point a leg­al rep­res­ent­at­ive, all EU mem­ber states will have jur­is­dic­tion over that ISP.The DSA es­tab­lishes the European Board for Di­git­al Ser­vices, an in­de­pend­ent ad­vis­ory group of di­git­al ser­vice co­ordin­at­ors on the su­per­vi­sion of ISPs with ad­vis­ory tasks for di­git­al ser­vice co­ordin­at­ors and the Com­mis­sion.The DSA in­tro­duces en­hanced su­per­vi­sion for very large plat­forms. In this case, the di­git­al ser­vices co­ordin­at­or will con­sider all opin­ions and re­com­mend­a­tions of the European Board for Di­git­al Ser­vices and the Com­mis­sion. The Com­mis­sion and the Board is en­titled to re­com­mend that the di­git­al ser­vice co­ordin­at­or in­vest­ig­ates the in­fringing activ­ity. The Com­mis­sion is en­titled to ini­ti­ate its own pro­ceed­ings against a very large on­line plat­form in cases defined in the DSA. The DSA con­tains spe­cial rules for pro­ceed­ings ini­ti­ated by the Com­mis­sion against a very large plat­form, with spe­cial pro­ced­ur­al rights and ob­lig­a­tions. 5. Sanc­tions The DSA does not con­tain an ex­haust­ive list of sanc­tions for an in­fringe­ment of the reg­u­la­tion; the Mem­ber States will set out the rules on sanc­tions. The draft reg­u­la­tion defines the fol­low­ing max­im­um amount of pen­al­ties:6% of the an­nu­al in­come or turnover of the ISP for in­fringing the ob­lig­a­tions in the DSA;1% of the an­nu­al in­come or turnover of the ISP for sup­ply­ing in­cor­rect, in­com­plete or mis­lead­ing in­form­a­tion, fail­ing to reply or rec­ti­fy in­cor­rect, in­com­plete or mis­lead­ing in­form­a­tion, and fail­ing to sub­mit to an on-site in­spec­tion;5% of the av­er­age daily turnover in the pre­ced­ing fin­an­cial year per day, cal­cu­lated from the date ap­poin­ted by the de­cision in the case of daily, peri­od­ic pen­alty pay­ments. 6. Next steps The European Par­lia­ment and Mem­ber States will dis­cuss the Com­mis­sion’s pro­pos­al ac­cord­ing to the or­din­ary le­gis­lat­ive pro­ced­ure, which will take at least 18 months. Once ad­op­ted, the DSA will dir­ectly ap­ply across the EU and ISPs will have three months to pre­pare for the new leg­al re­gime.We will con­tinu­ously mon­it­or the status of the le­gis­lat­ive pro­cess and keep you up­dated on any changes to the draft text of the DSA.