Digital Services Act Service Types and Scope

Article 2 applies the DSA to intermediary services offered to recipients that have their place of establishment or are located in the Union, regardless of where the provider itself is established. A non-EU provider can therefore be in scope if it enables natural or legal persons in one or more Member States to use the service and has a substantial connection to the Union.

The first scoping record should decide whether the service is an information society service and whether it is one of the three intermediary service types named in Article 3: mere conduit, caching, or hosting. If the product is not an intermediary service, the DSA does not convert the underlying product, transport, accommodation, delivery, consumer-law, product-safety, copyright, privacy, or audiovisual rules into DSA obligations.

A mere conduit service transmits recipient-provided information in a communication network or provides access to a communication network. A caching service also transmits recipient-provided information but temporarily stores it automatically and intermediately to make onward transmission more efficient or secure. A hosting service stores information provided by, and at the request of, a recipient of the service.

The classification matters because the DSA liability exemptions and due-diligence duties build from this base. Mere conduit and caching analysis focuses on transmission and technical storage conditions. Hosting adds notice-and-action mechanisms, statement-of-reasons duties for certain restrictions, and notification duties for suspicions of serious criminal offences.

An online platform is a hosting service that stores recipient-provided information and disseminates it to the public at the recipient's request, unless public dissemination is only a minor and purely ancillary feature. Social networks, content-sharing services, app stores, and platforms where consumers can conclude distance contracts with traders are common examples, but the legal test depends on the service facts.

Marketplaces are not merely any commerce website. The DSA marketplace overlay applies to providers of online platforms allowing consumers to conclude distance contracts with traders. That overlay adds trader traceability, interface design duties for trader information, and consumer information duties when an illegal product or service was offered through the platform. Online search engines are their own intermediary service category and have separate active-recipient and VLOSE designation analysis.

DSA scoping is cumulative. All intermediary providers have baseline duties such as points of contact, terms-and-conditions transparency, and transparency reporting unless an exclusion applies. Hosting services add notice-and-action and statement-of-reasons duties. Online platforms add complaint handling, out-of-court dispute settlement access, trusted-flagger handling, misuse policies, advertising transparency, recommender transparency, and minor-protection duties where the factual triggers exist.

Micro and small enterprise exclusions reduce some online-platform and marketplace obligations, but they do not remove every DSA duty and they do not protect a service that is designated as a very large online platform. For marketplaces, the additional trader-traceability and interface duties are a further layer on top of online-platform status, not a substitute for hosting or platform obligations.

VLOP and VLOSE status is not a self-selected marketing label. The Commission classifies platforms and search engines with more than 45 million users per month in the EU as very large online platforms or very large online search engines and designates services based on user numbers. Designation then triggers the most stringent DSA duties for that designated service.

The user-number record should be service-specific. Article 24 requires providers of online platforms and online search engines to publish average monthly active recipients in the Union at least every six months, and Commission guidance explains that this information is relevant for VLOP and VLOSE designation. Once designated, a service has four months to comply with the VLOP/VLOSE-specific obligations.