The Impact of the 'Digital Services Act (DSA)' on Japan: Explaining the Key Points of Regulation

As of February 17, 2024, the European Union’s Digital Services Act (DSA) has been fully implemented. This regulation applies to companies worldwide that provide digital services to the EU, regardless of their location. Japanese companies offering services within the EU are also subject to this act, making it essential for them to be informed.

Here, we will explain the key points of the Digital Services Act, its impact on Japanese companies, and the measures they can take, while comparing it to similar Japanese laws.

What is the Digital Services Act (DSA)?

The Digital Services Act (DSA) is a comprehensive set of rules concerning e-commerce in the EU that came into effect on November 16, 2022, and was fully implemented on February 17, 2024.

While the EU established the E-Commerce Directive in 2000, it has become increasingly difficult to adapt it to the evolving digital environment, including the internet and online platforms. Consequently, the DSA, a directly binding EU regulation, was enacted to revise the directive.

This legislation is part of the EU’s digital strategy known as “A Europe fit for the Digital Age.”

Objectives of the DSA

On December 15, 2020, the Digital Services Act (DSA), along with the Digital Markets Act (DMA), was announced. The objectives of the DSA are described in Article 1 as follows: (1) to create a safer and more reliable digital space where the fundamental rights of all users of digital services, as guaranteed by the Charter of Fundamental Rights of the European Union, are protected, and (2) to establish fair competition conditions that promote innovation in both the EU market and globally.

The primary focus is believed to be on addressing illegal content. In essence, the principle that “what is illegal offline is also illegal online” is to be realized by, for example, obliging companies to take measures, including the removal of illegal content such as online hate speech and incitement to terrorism, as well as illegal products like counterfeits. Japanese companies with users in the EU will be significantly affected as they are required to comply with these regulations.

Scope of Application for the DSA

The Digital Services Act (DSA) regulates the following four types of providers (intermediary service providers):

1. Intermediary services
2. Hosting services
3. Online platforms
4. Very Large Online Platforms (VLOPs) & Very Large Search Engines (VLOSEs)

The DSA applies to digital services offered to users within the EU, regardless of the provider’s location (country). Japanese companies providing digital services to the EU must comply with the provisions of the DSA.

The Six Obligations and Exemption Provisions Imposed on Providers by the DSA

The Digital Services Act (DSA) stipulates phased obligations for providers according to the nature and size of their business, and the requirements for exemption also vary.

Obligations Imposed on Providers

The obligations of providers defined by the DSA are categorized into six areas: “User Protection,” “Terms of Service,” “Content Management,” “Online Advertising,” “Accountability & Transparency,” and “Other/General.”

Furthermore, “Very Large Online Platforms” (VLOPs) and “Very Large Online Search Engines” (VLOSEs), which reach an average of more than 45 million users per month within the EU (10% of the EU’s 450 million people), are subject to more stringent rules.

Designated VLOPs and VLOSEs must adapt their systems, resources, and processes to comply with the DSA within four months of notification, implement mitigation measures, and establish independent systems for legal compliance. They must then conduct audits and the first annual risk assessment, and report to the European Commission, the supervisory authority. They are also obligated to provide data access. Failure to fulfill these obligations may result in sanctions.

The DSA will be fully implemented from February 17, 2024, and the compliance status of businesses other than VLOPs and VLOSEs will be monitored by the authorities of EU member states thereafter.

Below, we explain the exemption requirements for each type of provider.

Exemption Provisions

① Providers of mere conduit services, a type of intermediary service, are not held responsible for transmitted information if they meet the following requirements (Article 3):

• Not initiating the transmission themselves
• Not selecting the recipient of the transmission
• Not selecting or modifying the information contained in the transmission

① Providers of caching services, another type of intermediary service, are not held responsible for the information they handle if they meet the following requirements (Article 4):

• Not altering the information
• Complying with conditions on access to the information
• Complying with industry standards on updating the information
• Not interfering with the lawful use of widely recognized technologies to obtain data on the use of the information
• Quickly removing or disabling access to stored information when it has been deleted or access has been disabled, or promptly removing or disabling access upon becoming aware that a court or administrative authority has ordered such removal or disabling

② Providers of hosting services are not held responsible for stored information if they meet the following requirements (Article 5):

• Being unaware of any illegal activity or information
• Acting expeditiously to remove or disable access to the information upon becoming aware of its illegality

Implementation Schedule of the DSA

The European Council granted final approval to the “Digital Services Act” (DSA) on October 4, 2022. Consequently, the DSA came into effect on November 16, 2022, and was fully implemented on February 17, 2024.

• DSA Implementation Schedule

Enforcement will be coordinated between new organizations at both the national and EU levels. By February 17, 2024, the DSA will be enforced across the entire EU for all operators within its scope, and each Member State will be required to appoint their national Digital Services Coordinator (DSC).

The established independent regulatory authorities will enforce rules for their own small-scale platforms, while also collaborating with the European Commission and the DSC Board, possessing direct supervisory and punitive enforcement powers at the national level.

Penalties for Violating the DSA

For entities other than VLOP (Very Large Online Platforms) and VLOSE (Very Large Online Search Engines), national authorities hold the power to supervise and enforce penalties. For VLOP and VLOSE, the European Commission (EU level) directly oversees and has the authority to impose sanctions.

In the event of a violation, the fines (penalties) for VLOP and VLOSE can amount to up to 6% of the entity’s global annual turnover from the preceding fiscal year. Additionally, if inaccurate information is provided in response to information requests, a fine of up to 1% of the previous year’s global turnover can be imposed on VLOP and VLOSE.

Furthermore, the European Commission is also authorized to charge supervisory fees to VLOP and VLOSE, which serve as a funding source for enforcement activities.

Comparison with Similar Japanese Regulations

Here, we will explain the differences between the DSA and similar Japanese regulations.

Act on Improving Transparency and Fairness of Digital Platform Transactions

The “Act on Improving Transparency and Fairness of Digital Platform Transactions” was enacted to enhance the transparency and fairness of transactions on digital platforms and came into force on February 1, 2021.

This law applies to designated operators of specific digital platforms, requiring them to disclose transaction terms and ensure transparency and fairness in operations (measures necessary to promote mutual understanding with users) and to report on their operational status.

Specific digital platforms refer to those providers of digital platforms that particularly need to improve transparency and fairness in transactions. As of January 2024, three comprehensive online mall operators and two app store operators, totaling five companies, have been designated.

Additionally, the law stipulates the provision of information from users to the Minister of Economy, Trade and Industry, collaboration with the Fair Trade Commission, and procedures for public notification delivery to apply to foreign operators. It also mandates a review of the law’s enforcement status and consideration of changes in the economic and social situation after three years of implementation, with necessary measures to be taken as needed.

If violated, the penalties include a fine of up to 500,000 yen under the dual penalty provisions, and a fine of up to 1,000,000 yen for non-compliance with the recommendations of the Ministry of Economy, Trade and Industry.

The differences from the DSA include the scope of regulation, which in the case of Japanese law is limited to designated specific digital platformers, the scale of fines, and the enforcement structure. While the DSA has an independent enforcement body, under this Japanese law, inspections are carried out by the Ministry of Economy, Trade and Industry in collaboration with the Fair Trade Commission.

In other words, when expanding digital services to the EU, it is important to note that the DSA regulates all digital services.

Provider Liability Limitation Law

The “Provider Liability Limitation Law” addresses the limitation of liability for damages of providers and the judicial procedures for disclosure requests of sender information in cases of rights infringement caused by the circulation of information on the Internet.

With the amended law enforced on October 1, 2022, the previously required two separate legal proceedings to identify an anonymous sender and pursue civil liability have been unified into a single non-contentious preservation procedure, reducing the time and economic costs involved.

The Provider Liability Limitation Law applies to all providers, regardless of their size.

Compared to the DSA, while both regulate the responsibility and response to information on the Internet, their scope and content of regulations differ.

The DSA targets all online intermediaries (including platform operators) and defines responsibilities related to the distribution of illegal content based on the personalityistics (type of service) and size of the operators.

For example, the DSA obliges hosting service providers to set up a system that allows users to report information they believe to be illegal, whereas the “Provider Liability Law” does not impose such an obligation.

Differences with the “Provider Liability Law” include obligations to prioritize responses to notifications from trusted flaggers and to comply with orders from EU and member state supervisory authorities regarding measures against illegal information and user information provision.

Furthermore, the DSA includes procedural provisions for internal complaint handling systems and, if unresolved, civil litigation is subject to ADR (Alternative Dispute Resolution).

Measures Required for Japanese Companies

With the full implementation of the DSA (Digital Services Act), Japanese companies are now required to review the status of their service offerings in the EU and the content of those services. After identifying the relevant service categories, they must develop and apply policies to comply with each requirement.

As mentioned above, the following requirements exist:

• User Protection
• Terms of Service
• Content Management
• Online Advertising
• Accountability & Transparency
• Other General Requirements

For detailed guidance, we recommend consulting with a highly specialized attorney.

Reference: Ministry of Internal Affairs and Communications | “Overview of the EU Digital Services Act (DSA)”[ja]

Summary: Keep a Close Eye on the Future Developments of the DSA and Take Comprehensive Measures

We have explained the EU’s Digital Services Act (DSA), which was fully implemented on February 17, 2024.

The EU’s DSA has the potential to become an international gold standard. Companies subject to this regulation will need to review its contents and take measures to ensure compliance with the DSA’s requirements. We recommend consulting with highly specialized attorneys for DSA compliance strategies.

Guidance on Measures by Our Firm

Monolith Law Office is a legal practice with extensive experience in both IT, particularly the internet, and law. In recent years, global business has been expanding increasingly, and the need for legal checks by experts is growing more than ever. Our firm provides solutions related to international legal affairs.

Areas of practice at Monolith Law Office: International Legal Affairs & Overseas Business[ja]