This article is co-authored by Tiago Bessa, Partner of the Information, Communication & Technology and IP Transactions practices, and Martim Farinha, Knowledge Lawyer in the Knowledge Management department.


The EU Digital Services Act

The much-awaited day has arrived, and the EU Digital Services Act (“DSA”) is fully applicable to all intermediary service providers as from February 17. The DSA is like a new digital constitution for the European Union (“EU”) and aims to: (i) update the legal framework for online intermediary services; (ii) promote a safer, more transparent online environment; (iii) ensure the protection of fundamental rights and fight illegal content online and (iv) provide more control to users and stronger protection of children online. It intends to tackle many of the existing problems by focusing on due process requirements for content moderation and risk management obligations.

However, some uncertainty lingers. Compliance with this new framework is dependent on the designation of Digital Services Coordinators (“DSC”) in each Member-State — which many failed to do right up until the final moments (1), such as Portugal — as well as on the implementation of an adequate institutional balance between DSC and other national and international authorities.


The DSA’s Scope and Obligations in Full Effect

The DSA is applicable to all intermediary services that offer their services to recipients located in the EU. It covers a wide range of services, from internet access providers to online platforms (marketplaces, social networks, cloud services) and search engines and imposes different levels of obligations depending on the main features and functions of the service (mere conduit, caching, hosting), the size of the provider and the number of average monthly users.

Until 17 of February, the bulk of obligations stemming from the DSA were only applicable for very large online platforms (“VLOP”) and very large online search engines (“VLOSE”). With the full application of the DSA, companies of all sizes, which provide intermediary services, are required to designate points of contact for authorities and users, and, if providers are not established in the EU, they must also appoint a legal representative, which must be notified to the DSC.

All other obligations applicable to conduit and caching service providers, all hosting service providers and online platforms are also applicable from 17th February. Such obligations include terms and conditions and transparency obligations. Hosting operators have also other obligations related with, among others, notice and action, internal complaint-handling systems, communications with trusted flaggers and measures against misuse of their services.


The Digital Services Coordinators in the DSA

The DSC are the main authorities in each Member-State for the enforcement of DSA within their territory (the European Commission itself has exclusive powers to supervise the VLOPs and VLOSEs).

The DSC have investigative and enforcement powers to require information from providers, conduct inspections and interviews, impose fines on infringements, and adopt measures to prevent serious harm. The DSC of each Member-State need to cooperate with each other in enforcement and are all part of the newly created European Board of Digital Services (the “Board”).

However, Member-States are also allowed to appoint other competent authorities to be responsible for the supervision of providers of intermediary services and enforcement of the DSA, provided that one of them is designated as the DSC. The later will oversee the others and is responsible for all matters relating to supervision and enforcement of the DSA, outside of those specific sectors or tasks which have a competent authority.

If Member-States opt for this more complex framework, the DSA does not explain in detail how this model should function, but the Member-States must ensure that the tasks of each authority (DSC and other competent authorities) are clearly defined, and that they cooperate closely and effectively when carrying out their tasks.


The DSA’s Institutional Framework in Portugal and Questions Unanswered

After many months, the Government of Portugal announced that it would designate ANACOM – Autoridade Nacional de Comunicações — the communications regulator — as the DSC, alongside two other competent authorities: ERC – Entidade Reguladora para a Comunicação Social — the media regulator — for matters regarding social communication and other media content, and IGAC - General-Inspectorate for Cultural Activities — a public body — for copyright and related rights.

The Decree-Law no 20-B/2024 was published on the 16 of February, just one day before the DSA’s full application. It also included a very general duty of cooperation between these public authorities. The model under which this collaboration will effectively occur will only later be defined by the authorities themselves. A working party group has also been established by the Government to study whether further legislative action is required, notably on potential amendment to be introduced to the Electronic Commerce Law (Decree-Law no 7/2004, 7 of January 2004).

The model followed by the Portuguese government leaves many questions unanswered regarding how each authority will act in practice. Although the DSC has some exclusive tasks in terms of its relationship with intermediary service providers and cooperation with the Commission, and within the rules of trusted flaggers, vetted researchers, and out-of-court dispute settlement bodies, the most important powers endowed to the DSC, i.e., investigation, enforcement, and application of penalties, may be shared with competent authorities.

Within this intersection, it is not clear how ANACOM, ERC, and IGAC will act in practice: (i) if they will have exclusive powers over the specific matters/sectors they oversee, (ii) how this segmentation will be made in a world where convergence is key, or (iii) if they will share their competences. For example, it is not clear what role ERC should have in relation to what is referred to in Decree-Law no 20-B/2024 as "other media content". Some Over-the-Top ("OTT") operators can simultaneously be under the supervision of ANACOM as well as ERC, depending on the activities being carried out. In addition, not all media content is under the supervision of ERC.

In the model chosen by the Portuguese government, these gray areas are not resolved and may result in inaction from both authorities. This is because they may be less keen to intervene if there is a risk of stepping into another authority's competence. This model resembles the one that was devised in the Electronic Commerce Law, with the division between a central supervision authority (in this case, also ANACOM) as well as sectorial supervision authorities (in the banking sector, media sector, etc.). However, this model never worked in practice and is not remembered fondly in Portugal.

For a correct implementation of the Digital Services Act (DSA), it will be important to detail the scope of intervention between ANACOM, ERC, and IGAC, not just institutionally but also with a possible amendment to their statutes in order to make clear their competences with regard to the digital sector. Otherwise, the promise of a safer and more transparent online environment may fall short due to the lack of a correct and adequate institutional framework.

(1) The updated list of the Digital Services Coordinators in the EU can be found here: