• Current students
      • Student centre
        Enrol on a course/exam
        My enrolments
        Exam results
        Mock exams
      • Course information
        Students FAQs
        Student induction
        Course enrolment information
        F2f student events
        Key dates
        Book distribution
        Timetables
        FAE elective information
        CPA Ireland student
      • Exams
        CAP1 exam
        CAP2 exam
        FAE exam
        Access support/reasonable accommodation
        E-Assessment information
        Exam and appeals regulations/exam rules
        Timetables for exams & interim assessments
        Sample papers
        Practice papers
        Extenuating circumstances
        PEC/FAEC reports
        Information and appeals scheme
        Certified statements of results
        JIEB: NI Insolvency Qualification
      • CA Diary resources
        Mentors: Getting started on the CA Diary
        CA Diary for Flexible Route FAQs
      • Admission to membership
        Joining as a reciprocal member
        Admission to Membership Ceremonies
        Admissions FAQs
      • Support & services
        Recruitment to and transferring of training contracts
        CASSI
        Student supports and wellbeing
        Audit qualification
        Diversity and Inclusion Committee
    • Students

      View all the services available for students of the Institute

      Read More
  • Becoming a student
      • About Chartered Accountancy
        The Chartered difference
        Student benefits
        Study in Northern Ireland
        Events
        Hear from past students
        Become a Chartered Accountant podcast series
      • Entry routes
        College
        Working
        Accounting Technicians
        School leavers
        Member of another body
        CPA student
        International student
        Flexible Route
        Training Contract
      • Course description
        CAP1
        CAP2
        FAE
        Our education offering
      • Apply
        How to apply
        Exemptions guide
        Fees & payment options
        External students
      • Training vacancies
        Training vacancies search
        Training firms list
        Large training firms
        Milkround
        Recruitment to and transferring of training contract
      • Support & services
        Becoming a student FAQs
        School Bootcamp
        Register for a school visit
        Third Level Hub
        Who to contact for employers
    • Becoming a
      student

      Study with us

      Read More
  • Members
      • Members Hub
        My account
        Member subscriptions
        Newly admitted members
        Annual returns
        Application forms
        CPD/events
        Member services A-Z
        District societies
        Professional Standards
        ACA Professionals
        Careers development
        Recruitment service
        Diversity and Inclusion Committee
      • Members in practice
        Going into practice
        Managing your practice FAQs
        Practice compliance FAQs
        Toolkits and resources
        Audit FAQs
        Practice Consulting services
        Practice News/Practice Matters
        Practice Link
      • In business
        Networking and special interest groups
        Articles
      • Overseas members
        Home
        Key supports
        Tax for returning Irish members
        Networks and people
      • Public sector
        Public sector presentations
      • Member benefits
        Member benefits
      • Support & services
        Letters of good standing form
        Member FAQs
        AML confidential disclosure form
        Institute Technical content
        TaxSource Total
        The Educational Requirements for the Audit Qualification
        Pocket diaries
        Thrive Hub
    • Members

      View member services

      Read More
  • Employers
      • Training organisations
        Authorise to train
        Training in business
        Manage my students
        Incentive Scheme
        Recruitment to and transferring of training contracts
        Securing and retaining the best talent
        Tips on writing a job specification
      • Training
        In-house training
        Training tickets
      • Recruitment services
        Hire a qualified Chartered Accountant
        Hire a trainee student
      • Non executive directors recruitment service
      • Support & services
        Hire members: log a job vacancy
        Firm/employers FAQs
        Training ticket FAQs
        Authorisations
        Hire a room
        Who to contact for employers
    • Employers

      Services to support your business

      Read More
☰
  • The Institute
☰
  • Home
  • Articles
  • Students
  • Advertise
  • Subscribe
  • Archive
  • Podcasts
  • Contact us
Search
View Cart 0 Item
  • Home/
  • Accountancy Ireland/
  • Articles/
  • Technical/
  • Latest News/
  • Article item

Demystifying the Digital Services Act: Exploring essential audit requirements

Aug 02, 2023
The Digital Services Act aims to better protect users in the online world, but its requirements will impose many new obligations on service providers, say Mary Loughney, Shane O’Neill and Filipa Sequeira

The increased use of digital technology dramatically raises the chances of end users being exposed to illegal or harmful online content. Regulations and laws are catching up with the fast-paced world of emerging digital services and online platforms to ensure online services’ security, accountability and openness. 

The Digital Services Act (DSA), an EU regulation, aims to modernise the digital landscape and defend users’ rights.

What digital services does the DSA cover?

The DSA encompasses a broad range of online intermediaries, including internet service providers, cloud services, messaging platforms, marketplaces and social networks. 

Hosting services, such as online platforms (a hosting service provider that “stores and disseminates to the public information, unless that activity is a minor or purely secondary feature of another service”), social networks, content-sharing platforms, online marketplaces and travel/accommodation platforms, have specific due diligence obligations. 

The DSA’s most significant regulations target very large online platforms, with a substantial societal and economic impact reaching a minimum of 45 million EU users, representing 10 percent of the population. 

Similarly, very large online search engines with over 10 percent of the EU’s 450 million consumers will have greater responsibility for combating illegal content on the internet.

Key provisions of the DSA

The DSA outlines specific responsibilities for online platforms, including big platforms, intermediaries and hosting service providers. 

Due to their significant societal impact, the Act introduces categories called Very Large Online Platforms (VLOP) and Very Large Online Search Engines (VLOSE), which are subject to stricter regulations and audit requirements. 

An independent audit must cover all the obligations imposed on VLOPs and VLOSEs by the DSA, including the duties to remove illegal content, provide users with transparency about how their data is used and prevent the spread of disinformation. 

The following focus areas are central to the DSA’s requirements:

  • Due diligence around safety and content moderation: The DSA lays out guidelines to address illegal content, such as hate speech, terrorist propaganda and fake goods. Online platforms must set up efficient content moderation systems and offer ways for users to report unlawful content. This may involve using automated tools for detection and removal.
  • User rights and transparency about terms of service, consent, algorithms and advertising practices: Companies must offer more transparency about how their platforms operate, including their terms of service, algorithms and advertising practices. This will help users to understand how their data is being used.
  • Users’ ability to control their privacy settings and flag harmful content: Companies must provide users with tools to manage their privacy settings and flag harmful content. This will help users to protect their personal data and keep themselves safe online. Companies are also required to respond to flagged content within a reasonable timeframe.
  • Measures to prevent the spread of disinformation: Companies must take steps to prevent the spread of disinformation, such as by labelling sponsored content and providing users with access to reliable information. This may involve working with fact-checking organisations or other companies to share information about disinformation.
  • Accountability for the content hosted on platforms: Companies must be accountable for the content hosted on their platforms. This means they must be able to remove illegal content promptly and co-operate with law enforcement authorities.
With these provisions in mind, a sensible place to begin your journey may involve conducting a maturity assessment using a risk-based approach so the organisation is aware of the risks that require mitigation:

  • Maturity assessment: The risk assessment should consider a range of factors, such as the nature of the platform, the type of content hosted and the potential for harm to users.
  • Address DSA requirement gaps: As a result of the risk assessment, organisations should identify their exposed risks and implement necessary measures, which include enhancing content moderation tooling, increasing transparency and enabling more robust end-user control mechanisms.
  • Compliance reporting: Organisations would be required to comply with third-party external audits. While that audit would evaluate the platform’s systems and processes, compliance reporting may also include information on overall risk mitigation efforts.

The challenging aspects of the DSA’s audit requirements

To ensure compliance with the DSA’s provisions, digital service providers, predominantly VLOPs and VLOSEs, will be subject to independent audits. The audit must be conducted in accordance with the methodology and templates established in the delegated regulation, and the audit should review whether the VLOP or VLOSE:

  • has a clear and transparent policy on how it addresses illegal content;
  • has a system in place for detecting and removing illegal content and preventing the spread of disinformation; and
  • provides users with adequate transparency about how their data is used.
The audits will evaluate the platform’s efforts to deal with illegal content, the openness of content moderation procedures, adherence to DSA requirements, and the efficiency of user reporting mechanisms. The platform’s practices for data security and privacy will also be examined. 

It will be challenging for online intermediaries to comply with some DSA requirements. 

Accurate classification of digital services

The DSA distinguishes between different types of digital services, such as intermediaries, hosting services and online platforms. Assigning the correct classification to a specific service can be complex, especially for hybrid platforms with multiple functionalities. Accurately defining the obligations and responsibilities associated with each classification requires careful analysis.

Removing illegal content in a timely manner

The DSA requires the removal of unlawful content in a timely manner after being made aware of its existence. Implementing effective content moderation mechanisms while respecting freedom of expression and avoiding over-removal or under-removal of content is a complex task. Developing sophisticated algorithms and human review processes to strike the right balance poses significant technical and operational challenges. 

Further transparency about how content is moderated 

The DSA requires more transparency about how online intermediaries moderate content. This includes providing information about the criteria used to moderate content, the processes used to make decisions and the appeals process available to users who flag moderation issues. 

It can be difficult to require online intermediaries to disclose sensitive information about their internal operations.

Additional steps to protect users’ privacy rights 

The DSA requires additional steps to protect users’ privacy and enhance users’ rights. This includes transparency, user control over content and redress mechanisms. 

These new provisions can be challenging to implement as they require online intermediaries to change their business practices significantly. 

Implementing user-friendly interfaces and operative-complaint resolution mechanisms to ensure seamless user experiences can be technically complex and resource intensive.

Compliance with new rules on targeted advertising 

The DSA introduces new rules on targeted advertising. These rules prohibit online intermediaries from using sensitive personal data to target users with ads, and they require online intermediaries to give users more control over the ads they see. 

Co-operation with authorities

The DSA emphasises co-operation between platforms and regulatory authorities. 
Ensuring information sharing, responding to legitimate requests and establishing effective communication channels with various national authorities across the EU pose many challenges. Maintaining confidentiality and data protection while complying with these requirements can be tricky.

Interpretation of the DSA

The interpretation of the DSA may evolve as it undergoes the legislative process. As such, there are themes associated with how one might expect an audit will be conducted:

  • Transparency: The audits must be conducted transparently.
  • Accountability: The audits are designed to ensure that VLOPs and VLOSEs are accountable for compliance with the DSA.
  • Effectiveness: The audits must effectively identify and address any compliance gaps.
  • Proportionality: The audits must be proportionate to the size and complexity of the VLOPS and VLOSEs.
  • Flexibility: The delegated regulation allows auditors to adapt the audit methodology to the specific circumstances of the VLOP or the VLOSE.
These are just some specific requirements that are tricky and complicated to implement. However, the DSA is essential to creating a safer and more accountable online environment.

Best practice

The table above displays exemplary and tactical actions that could be considered when enhancing users’ privacy rights and transparency about terms of service, consent, algorithms and advertising practices.

In addition to these specific steps, companies should consider implementing several general best practices:

  • A well-defined risk management framework: Establishing ongoing risk assessment activities will help companies identify and mitigate user risks.
  • A culture of compliance: This will help ensure that all stakeholders are aware of the DSA requirements and committed to complying with them.
  • A robust process for responding to incidents: This will help companies to respond quickly and effectively to any incidents that may arise.
  • An oversight process for monitoring and reporting on compliance: This will help companies track their progress and identify areas where they may need to improve.

A trustworthy online environment

The DSA represents a significant step toward regulating online platforms and digital services within the EU.

By introducing audit requirements, the DSA enhances transparency, accountability and user protection in the digital world. Independent audits will serve as a mechanism to ensure compliance with the DSA’s provisions, thereby fostering a safer, fairer and more trustworthy online environment.
Mary Loughney is Director and Head of Technology Risk Consulting at Grant Thornton 
Shane O’Neill is Partner and Head  of Technical Change, Financial Services Advisory at Grant Thornton 
Filipa Sequeira is Senior Consultant of Financial Services Advisory at Grant Thornton

The latest news to your inbox

Please enter a valid email address You have entered an invalid email address.

Useful links

  • Current students
  • Becoming a student
  • Knowledge centre
  • Shop
  • District societies

Get in touch

Dublin HQ

Chartered Accountants
House, 47-49 Pearse St,
Dublin 2, Ireland

TEL: +353 1 637 7200
Belfast HQ

The Linenhall
32-38 Linenhall Street, Belfast
Antrim BT2 8BG, United Kingdom.

TEL: +44 28 9043 5840

Connect with us

CAW Footer Logo-min
GAA Footer Logo-min
CARB Footer Logo-min
CCAB-I Footer Logo-min

© Copyright Chartered Accountants Ireland 2020. All Rights Reserved.

☰
  • Terms & conditions
  • Privacy statement
  • Event privacy notice
LOADING...

Please wait while the page loads.