Table of Contents
What are Hosting Services?
Hosting services form the digital economy backbone, storing and managing user information across cloud computing platforms, web hosting providers, and file-sharing services. While roles might appear purely technical, the DSA recognises that hosting services enable online communication and commerce fundamentally.
Services qualify as hosting providers when they store user-provided information, whether website files, application data, or user-generated content. The scope remains deliberately broad because hosting services create infrastructure that makes online activity possible.
While hosting obligations are less intensive than online platforms, they remain substantive. The Commission understands that effective content governance requires hosting provider cooperation, even when services aren’t directly involved in content curation or promotion.
DSA Obligations for Hosting Services
Hosting service responsibilities focus on implementing effective content management systems while maintaining operational transparency that enables regulatory oversight.
▶ Content Moderation
Hosting services need to set up user-friendly notice mechanisms for receiving and processing illegal content reports. These systems cannot be buried in website footers or require complex reporting procedure navigation.
When receiving potentially illegal content reports, hosting services must evaluate reports in a timely and diligent manner and respond appropriately. This doesn’t mean automatic removal of reported content, but does require serious report consideration and reasonable timeframe responses.
Every content removal or access restriction requires clear user explanations “statement of reasons”). Generic “community guidelines violation” messages don’t suffice. Users need specific policy violation information and content impact explanations.
▶ Transparency Reporting Obligations
Annual transparency reports should document content moderation activities, including removal request volumes, response times, and system effectiveness metrics.
These reports serve multiple audiences: regulators assessing compliance, users understanding policies, and industry peers benchmarking practices.
▶ Criminal Activity Notification
When encountering content suggesting serious criminal activity affecting life or safety for a person or persons, hosting services must notify relevant law enforcement or judicial authorities promptly. This obligation requires balanced judgement respecting user privacy while recognising public safety responsibilities.
▶ Terms of Service Clarity
Terms of service should explain content policies, removal procedures, and user rights in language ordinary people understand. Legal jargon requiring law degrees to decipher doesn’t meet DSA requirements.
▶ Legal Representative Designation
Non-EU-based hosting providers serving European users must designate EU-based legal representatives capable of communicating with regulatory authorities and responding to compliance enquiries.
This isn’t merely formality. Legal representatives become primary regulatory communication contacts and must be empowered to respond substantively to authority requests.
Check obligations that apply to other categories
