| A | B | C | D | E | F | G | H | I | J | K | L | M | N | O | P | Q | R | S | T | U | V | W | X | Y | Z | |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
1 | Regulation | Article | Recitals | Summary of obligation | Target party Companies VLOP/VLOSE Gatekeepers Regulators Others | Targeted Data | Receiving party: Regulator General public Competitor Vetted researchers Recipient of the service Independent auditor | Timeliness of the obligation Continuous Triggered on Action Annually Other intervals | Mode of access for obligation Written Report Data File API Etc. | Final Category: Regulatory Transparency Government Access to Data Private Party Access to Data General Public Access to Data | ||||||||||||||||
2 | DSA | 10 | 31-35 | Providers of intermediary services must provide information about one or more specific individual recipient of the services upon receipt of an order issued by a relevant national judicial or administrative body. Members states must ensure that the order outlines at least: (i) the legal basis; (ii) the identification of the issuing authority; (iii) clear information on the target, such as unique identifiers; (iv) statement of reasons explaining the objective for which the information is required (unless related to criminal offenses); (v) information about redress mechanisms available to the provider and recipient; and (vi) where applicable, information on to which authority the information should be sent to. The information must have been already collected by the provider, and must be within its control. The Digital Services Coordinator of the Member State shall transmit the copy of the order to all Digital Services Coordinators. Providers of intermediary services shall inform the recipient of the service of the order at the latest when the order is applied. There are exemptions for national civil and criminal procedures. | Companies | User-related data, where user is recipient of the service specified by order | Regulator | triggered on action (data request) | data file | Government Access to Data | ||||||||||||||||
3 | DSA | 14 | 45-49 | Providers of Intermediary Services shall include in their terms and conditions information on any restrictions that they impose in relation to the use of their services. This includes policies, procedures, measures and tools for content moderation (including an explanation of algorithmic decision-making and human review) as well as rules with regards to internal complaint handling systems. It must be set out in clear, plain, intelligible, user friendly and unambiguous language, amd shall be publicly available and machine readable. Provider should inform recipients of the service in case of any significant changes. VLOPs and VLOSEs must provide recipients of the service with concise, easily-accessible and machine-readable summaries of the terms and conditions that is also in clear and unambiguous language. They must also publish T&C in all official languages of the EU. | Companies | All restrictions that they impose to use services | General public | continuous | Web portal | General Public Access to Data | ||||||||||||||||
4 | DSA | 15 | 45-49 | Providers of intermediary services must make publicly available and in a machine-readable format, at least once a year, clear, easily comprehensible reports on any content moderation they engaged during the relevant period. Reports must include at least: (i) number of orders received in accordance with articles 8 and 9; (ii) number of notices issued under article 14 (including by trusted flaggers); (iii) meaningful and comprehensible information about content moderation engaged in at the providers' own initiative; (iv) number of complaints received through the internal complaint handling system and the decisions issued in those complaints; (v) descriptions on the use of automated means for content moderation. Does not apply to micro and small enterprises and the Commission may adopt implementing acts | Companies | content moderation summary report with at minimum... | General Public | annually | data file | General Public Access to Data | ||||||||||||||||
5 | DSA | 17 | 50-58; 64 | Providers of hosting services must provide a clear and specific statement of reasons to any affected recipient of the service when they impose restrictions on the recipient. This includes: (i) restrictions on visibility; (ii) suspension or termination of monetary payments; (iii) suspension or termination of service; (iv) suspension or termination of account. Information must be provided at the latest when the restriction is imposed. Does not apply to orders under Article 9. | Companies | content data | Recipient of the service | triggered on action (moderation/suspension of service) | written report | Private party access to data | ||||||||||||||||
6 | DSA | 18 | 56 | Where a provider of hosting services becomes aware of any information giving rise to a suspicion that a criminal offence involving a threat to the life or safety of a person or persons has taken place, is taking place or is likely to take place, it shall promptly inform the law enforcement or judicial authorities of the Member State or Member States concerned of its suspicion and provide all relevant information available. | Companies | All relevant information available on potential crime | Regulator | triggered on action (potential criminal offense) | written report | Government Access to Data | ||||||||||||||||
7 | DSA | 21(4) | 59 | Certified out-of-court dispute settlement bodies must report to the Digital Services Coordinator that certified them, on annual basis, information on the number of disputes received, outcomes, average time and others They shall provide additional information upon request of the Digital Services Coordinator | Others | dispute records | Regulator | annually | written report | Government Access to Data | ||||||||||||||||
8 | DSA | 21(4) | 59 | Digital Services Coordinator shall, every two years, draw up a report on the functioning of the out-of-court dispute settlement body that they certified. The report shall include at least: (i) the number of disputes; (ii) the outcomes of the procedures and the average time taken to resolve; (iii) identify and explain any systematic shortcoming; (iv) identify best practices; and (v) issue recommendations on how to improve the system. | Regulators | dispute records | General Public | every 2 years | written report | Regulatory Transparency | ||||||||||||||||
9 | DSA | 22(3) | 62 | Trusted flaggers shall publish, at least once a year, easily comprehensible and detailed reports on notices submitted under article 14. Must list at least: (i) identity of provider of hosting services; (ii) type of allegedly illegal content targeted; (iii) action taken by the provider; (iv) procedures put in place to ensure that trusted flagger remains independent | Others | content data | General Public | annually | written report | General Public Access to Data | ||||||||||||||||
10 | DSA | 22(5) | 62 | European Commission must publish an easily accessible, updated and machine-readable database of trusted flaggers as informed by Digital Services Coordinators | Regulators | organization names | General Public | continuous | data file or queriable API (the volume in question here should likely be provided as a downloadable file, but the language says database so you tell me how interpretable that is) | Regulatory Transparency | ||||||||||||||||
11 | DSA | 24(1) and 24(5-6) | 64; 66 | Providers of online platforms must supplement article 15 reports with information on: (i) the number of disputes submitted to out-of-court settlement bodies and associated information; and (ii) the number of suspensions imposed pursuant to article 20. Online platforms must also submit decisions and statements of reasons of article 17(1) to a publicly, machine readable database of complaints, to be managed by the Commission. Platforms must ensure that the complaint does not contain personal data. Commission may adopt implementing acts to clarify obligations | Companies | dispute records | General Public | continuous | data file or queriable API (the volume in question here should likely be provided as a downloadable file, but the language says database so you tell me how interpretable that is) | General Public Access to Data | ||||||||||||||||
12 | DSA | 24(2) | 65; 77-78 | Providers of online platforms must publish in a publicly available section of their website, at least by 17 February 2023 and every six months thereafter, information on the average monthly active recipients of the services in the EU. It should be calculated as the average over the period of the past six months. | Companies | Number of Users | General Public | Every six months | web portal | General Public Access to Data | ||||||||||||||||
13 | DSA | 24(3-4) | 65; 77-78 | Digital Services Coordinators of the establishment and the Commission have the powers to request updated information on the average number of monthly active users of the services in the EU, as well as more information on the methodology used by the platform to calculate the numbers. | Companies | Number of Users | Regulator | Upon request | Written report | Government Access to Data | ||||||||||||||||
14 | DSA | 26 | 68-69 | Providers of online platforms that present advertisement must ensure that, for each specific advertisement, individual recipients of the service are able to identify, in a clear, concise and unambiguous manner and in real time: (i) that the information is an advertisement; (ii) the natural or legal person on whose behalf the ad is presented; (iii) the natural or legal person who paid for the advertisement; (iv) meaningful information on the parameters used to target the advertisement and, where applicable, how to change them. They must also provide a functionality that allows the identification of whether the content contains or providers commercial communications. | Companies | Information on advertisement | Recipient of the service | Triggered on action (showing an ad) | in-app contextual explanation | Private party access to data | ||||||||||||||||
15 | DSA | 27 | 70 | Providers of online platforms that use recommender systems must set out in plain and intelligible language, the main parameters used in their systems, as well as options for recipients to modify systems Parameters shall include at least: (i) the most significant criteria to determine the information suggested to recipient; (ii) the reasons for the relative importance of those parameters Where several options are available to implement the recommender system, providers shall make directly and easily accessible for the user to modify the criteria according to their preferred option. | Companies | algorithm features | General Public | continuous | written report, in-app contextual explanation | General Public Access to Data | ||||||||||||||||
16 | DSA | 30 | 24; 72-74 | Online platforms that allow consumers to conclude distance contracts with traders must obtain the following information from such traders: (a) name, address, telephone number and electronic mail; (b) a copy of the identification document of the trader; (c) the payment account details of the trader; (d) the trade register and registration number (when registered); and (e) a self-certification that the trader commits to only offer products or services that comply with applicable EU rules. Platforms shall make best efforts to assess that the information is reliable and complete before allowing them to use its services, and traders are liable for the accuracy of the information provided. Platform must disclose the information to third parties in accordance with applicable law, and must make (a), (d) and (e) available to recipients of the service, at least on the product listing, in a clear, easily accessible and comprehensive manner. | Companies | KYC Data | Recipient of the service | continuous | web portal | Private party access to data | ||||||||||||||||
17 | DSA | 32 | Where an online platform that allows consumers to conclude long-distance contracts with traders becomes aware, irrespective of the means, that an illegal product or service has been offered to the consumer through its services, it shall inform the consumer who purchased the illegal product/service in the past six months: (i) the fact the the product/service is illegal; (ii) the identity of the trader; and (iii) any relevant means of redress. If the platform does not have the contact information of the consumer, it shall make the information easily accessible in its online interface. | Companies | Data on illegal products/services | Recipient of the service | Triggered on action (knowledge of illegal product/service) | written report | Private party access to data | |||||||||||||||||
18 | DSA | 33(6) | 77-78 | Commission must publish annually a list of VLOP and VLOSE, and shall keep that list up to date. | Regulators | List of VLOP/VLOSE | General Public | continuous | Web portal | Regulatory Transparency | ||||||||||||||||
19 | DSA | 34(3) | 76; 79-90; 92-94 | Providers of VLOP shall preserve their systemic risk analyses and supporting documents for at least 3 years, and must communicate them to the Commission and the Digital Services Coordinator of establishment upon request | VLOP/VLOSE | written report, supporting analysis/data | Regulator | triggered on action (data request) | written report and data file | Government Access to Data | ||||||||||||||||
20 | DSA | 35(2-3) | 76; 79-90; 92-94 | The Board, in cooperation with the Commission, shall publish once a year comprehensive reports which identify: (i) the most prominent and recurrent systemic risks reported by providers of very large online platforms or identified through other sources; and (ii) the best practices adopted by providers of VLOP to mitigate the identified systemic risks. Report shall present systemic risks per Member State in which they occurred and for the Union as a whole. The Commission, in cooperation with DSCs, may issue general guidelines that present best practices and recommend possible measures to help with the detection and mitigation of systemic risks. When this is the case, it must consider the fundamental rights of all parties involved and must organize public consultations on the proposed guidelines. | Regulators | written report | General Public | annually | written report | Regulatory Transparency | ||||||||||||||||
21 | DSA | 37 | 76; 79-90; 92-94 | Providers of VLOP and VLOSE must be subject to at least yearly independent audits, and provide the organization carrying out the audit all the necessary cooperation and assistance to conduct it. This includes access to all relevant data and premises, and the answering of oral and written questions. | VLOP/VLOSE | all data | Independent Auditor | annually | written report, oral interviews, direct system access | Private party access to data | ||||||||||||||||
22 | DSA | 37(2) and 42(4-5) | 76; 79-90; 92-94; 100 | Providers of VLOP and VLOSE must publish the results of the audit and also report it to the Commission and to the Digital Services Coordinator of establishment, including specific risk mitigation measures to be taken. When the audit contains confidential information or may cause significant vulnerabilities for security or harm users, providers may remove some information from public reports. VLOP must report the confidential information to the Commission and DSC of establishment | VLOP/VLOSE | audit report | General Public and Regulator | annually | written report | General Public Access to Data | ||||||||||||||||
23 | DSA | 39 | 68; 95; 107 | Providers of VLOP that present advertising shall compile and make publicly available in a specific section of their online interface, through a searchable and reliable tool that allows for multi-criteria queries, and through APIs, a repository of the displayed advertisement. The repository shall contain at least the following information: (i) the content of the advertisement; (ii) the natural or legal person on whose behalf the advertisement is presented; (iii) the natural or legal person who paid for the ad; (iv) the period of presentation; (v) the main parameters of targeting; (vi) the commercial communication; and (vii) the total number of recipients of the services per Member State The repository must also include some advertisement that was removed or disabled Commission may issue guidelines to structure the depository | VLOP/VLOSE | all paid ads presented in the platform | General Public | continuous | queriable API, web portal | General Public Access to Data | ||||||||||||||||
24 | DSA | 40(1-3) | 96-97 | Providers of VLOP/VLOSE must provide Digital Services Coordinator of establishment and the Commission, upon reasoned request and within a reasonable period, access to data that is necessary to monitor and assess compliance Provider must also explain the design, logic of functioning and allow for the testing of algorithms (including recommender systems) Regulators must ensure that personal data, confidential information, trade secrets and security of the service are respected. | VLOP/VLOSE | any data | Regulator | triggered on action (data request) | varied depending on data requested | Government Access to Data | ||||||||||||||||
25 | DSA | 40(4-13) | 79-84; 96-98; 124 | Upon reasoned request from Digital Services Coordinator of establishment, providers of VLOP/VLOSE must also provide access to data to vetted researchers for the purposes of detecting, identifying and understanding systemic risks in the EU, and assess the adequacy, efficiency and impacts of risk mitigation measures. This includes appropriate interfaces specified in the request (including the creation of online databases and API access) Platform may request the DSC to amend the request if it deems unable to provide access due to: (i) lack of access to data; or (ii) if giving access to data will lead to significant security vulnerabilities or endanger confidential information or trade secrets. In this case, VLOP must propose alternatives to fulfill the request access. Digital Services Coordinator of establishment is in charge of awarding status of vetted researchers and issue access requests when researchers demonstrate that they: (i) are affiliated with a research organization as defined by article 2 of Directive 2019/790; (ii) are independent from commercial interests; (iii) fully disclosed the source of funding for the research; (iv) are in capacity to preserve data security and confidentiality, protect personal data, and describe the technical and organizational measures they will employ to do so; (v) justify the necessity and proportionality of the request and the timeframe of access; (vi) explain the systemic risks to be addressed; and (vii) commit to make the results of the research available to the general public free of charge, within a reasonable period and subject to the protection of rights and interests of the recipients of the service concerned. DSC must inform the Board and the Commission upon receiving a request Vetted researchers may also submit the request to DSC of the research organization, and then this DSC shall forward the request after initial assessment. DSC of establishment is competent to issue final decision without undue delay. DSC of establishment must also revoke access if it determines that the researcher no longer meets the conditions for the initial award, but must give the party the chance to react before taking a decision. DSC must inform the Board the identity of the vetted researchers and the purpose of the research. The EC may adopt delegated acts to lay down the technical conditions for data sharing, taking into account the need to protect personal privacy, confidential information and trade secrets. | VLOP/VLOSE | all data | Vetted researchers | triggered on action (data request) | varied depending on data requested, explicitly including API access | Private party access to data | ||||||||||||||||
26 | DSA | 40(12) | 79-84; 96-98 | Providers of VLOP/VLOSE must provide access to public data, including real-time data where technically possible, to researchers, non-profits and independent organizations and associations engaged in performing research that contributes to the detection, identification and understanding of systemic risks in the EU These must meet certain criteria, laid out in article 31 such as: (b) independence from commercial interests; (c) disclosure in the sources of funding; (d) the capacity to preserve data security and confidentiality requirements of the data, including the ability to describe measure in place for this end; and (e) a justification of the necessity and proportionality of the data access requested (given the purposes of the research), the access timeframes and the expected results. | VLOP/VLOSE | all public data? | General Public | continuous | streaming API | General Public Access to Data | ||||||||||||||||
27 | DSA | 42 | Reports on content moderation published by VLOP pursuant to articles 15 and 24(1) shall specify: (i) human resources devoted to content moderation for each official language of the Union; (ii) qualification and linguistic expertise of the people performing these tasks; and (iii) indicators of accuracy per official language of the Union. Must also publish information on the average monthly recipients of the services per Member State Reports must be published at least every six months | VLOP/VLOSE | content moderation summary report | General Public and Regulator | every 6 months | written report | General Public Access to Data | |||||||||||||||||
28 | DSA | 45(4) | 103-107 | The Commission and the Board shall assess whether codes of conduct meet their main aims by monitoring and evaluating the achievement of their objectives. They shall publish the conclusions. | Regulators | Conclusions on codes of conduct | General Public | Unclear | Written report | Regulatory Transparency | ||||||||||||||||
29 | DSA | 51 | 114-116; 130 | Digital Services Coordinators have broad powers to investigate and ensure compliance with obligations, including powers to perform audits, carry out inspections (or request a judicial authority to authorize if required). | Regulators | all data | Regulator | triggered on action (data request) | varied depending on data requested | Government Access to Data | ||||||||||||||||
30 | DSA | 55 | 122 | Digital Services Coordinators shall draw up annual reports of their activities, including the number of complaints received under article 53 and an overview of their follow-up. These must be available to the public in a machine-readable format (without prejudice to confidentiality of certain information). These include information on the number of orders to act against illegal content and orders to provide information, as well as the effects given to these orders. there should also be a division between judicial and administrative orders. | Regulators | activity reports, including complaints | General Public | annually | written report | Regulatory Transparency | ||||||||||||||||
31 | DSA | 65-69; 72; 74 | 114; 138-141 | Commission has investigatory powers with regards to providers of VLOP and VLOSE and may request information from multiple undertakings, take interviews and statements, conduct on-site inspections (including requiring companies to provide access and explain the functioning of IT systems, Algorithms, data-handling and business practices). Commission may also coordinate with DSC to obtain information in possession of the DSC or rely on its investigative powers or require the implementation of monitoring actions by VLOP/VLOSEs. Commission may impose fines not exceeding 1% of total annual income or worldwide turnover if parties supply misleading or incomplete information or fail to reply to a request for information. | VLOP/VLOSE | all data | Regulator | triggered on action (data request) | varied depending on data requested | Government Access to Data | ||||||||||||||||
32 | DSA | 80 | Commission shall publish its decisions. The publication shall have regard to the rights and legitimate interests of the provider of the very large online platform or of the very large online search engine concerned, any other person referred to in Article 67(1) and any third parties in the protection of their confidential information. | Regulators | Decisions | General public | Triggered on action (adoption of decision) | Written report | Regulatory Transparency | |||||||||||||||||
33 | DSA | 79 | 146 | General right of access to the file that includes the protection of confidential information and business secrets | Regulators | all data | Competitor | triggered on action (data request) | varied depending on data requested | Private party access to data | ||||||||||||||||
34 | DMA | 3(3) | 17-22 | Undertaking has to notify the Commission and provide information whenever it meets the formal thresholds for definition as a gatekeeper | Gatekeepers | notification of gatekeeper status | Regulator | triggered on action (status change) | written report | Government Access to Data | ||||||||||||||||
35 | DMA | 4(3) | 29 | Commission shall publish and update a list of gatekeepers per core platform service | Regulators | list of gatekeeper names | General public | continuous | written report | Regulatory Transparency | ||||||||||||||||
36 | DMA | (5(9) | 45 | Gatekeeper shall provide advertisers or authorized third parties, on a daily basis and free of charge, for each advertisement placed by the advertiser: (i) price and fees paid; (ii) remuneration received by the publisher; (iii) metrics on which the prices, fees and remunerations were calculated. Publisher may refuse to share detailed information with the advertisers, so gatekeeper has to provide advertiser with information on the average daily remuneration. | Gatekeepers | ad market data | Recipient of the service | daily | data file | Private party access to data | ||||||||||||||||
37 | DMA | 5(10) | 45 | Gatekeeper shall provide each publisher or authorized third parties, free of charge information on a daily basis, concerning each advertisement displayed: (i) the remuneration received and the fees paid by that publisher; (ii) the price paid by the advertiser; (iii) the measure on which each of the prices and remunerations are calculated. Advertiser may refuse to share detailed information with the publishers, so gatekeeper has to provide publisher with information on the average daily remuneration. | Gatekeepers | ad market data | Recipient of the service | daily | data file | Private party access to data | ||||||||||||||||
38 | DMA | 6(5) | 51-52 | Gatekeeper shall not treat more favourably, in ranking, indexing and crawling, services and products offered by the gatekeeper itself than similar services of a third-party. The gatekeeper shall apply transparent, fair and non-discriminatory conditions to such ranking, indexing and crawling. This obligation likely requires gatekeepers to at least outline what such conditions are. | Gatekeepers | conditions to such ranking, indexing and crawling. | General public | continuous | in-app contextual explanation | General Public Access to Data | ||||||||||||||||
39 | DMA | 6(8) | 58 | Gatekeeper shall provide advertisers and publishers, and authorized third-parties, free of charge, access to performance measuring tools of the gatekeeper and data necessary for advertisers and publishers to carry out independent verifications. This includes aggregated and non-aggregated data. | Gatekeepers | ad market data | Recipient of the service | continuous | data file or queriable API | Private party access to data | ||||||||||||||||
40 | DMA | 6(9) | Gatekeeper shall provide end-users and authorized third-parties, free of charge, with effective data portability for the core platform service. This includes real-time access to data | Gatekeepers | user data, content data? | Recipient of the service | continuous | data file | Private party access to data | |||||||||||||||||
41 | DMA | 6(10) | 60 | The gatekeeper shall provide business users and third parties authorised by a business user, at their request, free of charge, with effective, high-quality, continuous and real-time access to, and use of, aggregated and non-aggregated data, including personal data, that is provided for or generated in the context of the use of the relevant core platform services or services provided together with, or in support of, the relevant core platform services by those business users and the end users engaging with the products or services provided by those business users. If personal data is involved, must obtain express consent from user. | Gatekeepers | content data | Recipient of the service | continuous | streaming API | Private party access to data | ||||||||||||||||
42 | DMA | 6(11) | 61 | Gatekeeper must provide to any online search engine with access on FRAND terms, to ranking, query, click and view data in relation to free and paid search queries. The data must be anonymised | Gatekeepers | search query data | Competitor | upon request, but then likely continuous | queriable or streaming API | Private party access to data | ||||||||||||||||
43 | DMA | 6(12) | 62 | Gatekeeper that provides software application stores, online search engines and online social networking services must publish general conditions of access that are fair, reasonable and non-discriminatory. They should also allow for an EU based alternative dispute settlement mechanism. | Gatekeepers | FRAND access conditions | General public | continuous | in-app contextual explanation | General Public Access to Data | ||||||||||||||||
44 | DMA | 7(4); 7(8) | 64 | Gatekeeper must publish a reference offer laying down the technical details and general terms and conditions of interoperability for messaging services. Gatekeeper shall share only the strictly necessary personal data of end-users to accomplish the interoperability | Gatekeepers | message service technical specification | Competitor | continuous | written report | General Public Access to Data | ||||||||||||||||
45 | DMA | 8(6) | 65 | Commission shall publish a preliminary and non-confidential version of the summary of the specification of an obligation, and allow for comments | Regulators | message service technical specification summary | General public | initial, then triggered on action (specification change) | written report | Regulatory Transparency | ||||||||||||||||
46 | DMA | 11 | 68 | Within 6 months after designation, gatekeeper must report to the Commission in a detailed and transparent manner the measures it has implemented to ensure compliance with obligations. Gatekeeper must also provide the Commission with a non-confidential summary of the measures, which the EC will make available on its website. | Gatekeepers | report summarizing compliance measures | Regulator | once, 6 months after designation | written report | Government Access to Data | ||||||||||||||||
47 | DMA | 13 | Commission may require that gatekeepers provide any information it deems necessary to assess compliance with the obligations | Gatekeepers | all data | Regulator | triggered on action (data request) | varied depending on data requested | Government Access to Data | |||||||||||||||||
48 | DMA | 14 | 71 | Gatekeeper has to inform the EC of any intended concentration that may impact one of the core platform services, or enable the collection of data, irrespective of whether it is subject to notification under the Merger Regulation. Must inform prior to implementation and following the conclusion of the agreement. EC should publish an annual list of acquisitions | Gatekeepers | Acquisition list | General public and Regulator | annually | written report | Government Access to Data | ||||||||||||||||
49 | DMA | 15 | 72 | Within 6 months after designation, gatekeeper must submit to the EC the results of an independent audit on any techniques used for profiling of consumers. The Commission will transmit the audit to the EDPB. Commission may adopt implementing acts to develop the methodology for the audit Gatekeeper must make an overview of the audit publicly available. It can protect trade secrets and must update summary at least annually | Gatekeepers | user profiling techniques audit | General public and Regulator | 6 months after designation and then annually | written report | General Public Access to Data | ||||||||||||||||
50 | DMA | 18(5-6) | 75 | EC must publish a non-confidential summary of its proposed findings and remedies it is considering as a result of a market investigation for systematic non-compliance. Same for commitments | Regulators | market investigation finding summary, commitment summary | General public | triggered on action (market investigation findings, commitments) | written report | Regulatory transparency | ||||||||||||||||
51 | DMA | 21-23 30(1) | 80-83 | Commission has broad powers to require access to any data and algorithms of undertakings in order to carry out duties under this Regulation. Request has to be specific and substantiated. Commission also has broad powers to carry out interviews and take statements in order to carry out duties under this Regulation and to conduct inspections, including powers to require the undertaking or association of undertakings to provide access to and explanations on its organisation, functioning, IT system, algorithms, data-handling and business practices and to record or document the explanations given. Commission may impose fines of up to 1% of gatekeeper's worldwide turnover for failure to comply with access to data, algorithms and other obligations | Gatekeepers | all data | Regulator | triggered on action (data request) | varied depending on data requested | Government Access to Data | ||||||||||||||||
52 | DMA | 34 | 88-89 | General right of access to the file, including right to access to the Commission's file. Commission has to respect business secrets | Regulators | All data gathered by the Commission? | Competitor | Triggered on action | varied depending on data requested | Private party access to data | ||||||||||||||||
53 | DMA | 35 | Commission must submit an annual implementation report to the European Parliament and the Council. It should also publish the report on its website. | Regulators | commission reports | General Public | annually | written report | Regulatory transparency | |||||||||||||||||
54 | DMA | 41(5) | 88-89 | Commission shall publish the results of its assessment to open a market investigation that has been filed by at least three Member States | Regulators | commission reports | General Public | triggered on action (assessment completion) | written report | Regulatory transparency | ||||||||||||||||
55 | DMA | 44 | 88-89 | Commission shall publish its decisions | Regulators | commission reports | General Public | triggered on action (decision) | written report | Regulatory transparency | ||||||||||||||||
56 | ||||||||||||||||||||||||||
57 | DA | Users have a right of access to data generated by the use of a product or related service | Data holder | Data generated by the use of a product or related service | Users and third parties (excluding DMA gatekeepers) | triggered at user request and where applicable, continuously and in real-time | data file or API (if real-time) | Access for private party users: individuals and business users | ||||||||||||||||||
58 | DA | Obligation to remove commercial, technical, contractual and organisational obstacles inhibiting customers from porting data between data processing services | Providers of data processing services | Data, applications and other digital assets | Users and third party providers of data processing services | triggered at customer request | data file | Access for private party customers of data processing services | ||||||||||||||||||
59 | DA | Access for public sector bodies to private sector data on grounds of exceptional need | Data holder | Data for exceptional need | Public sector body or a Union institution, agency or body | triggered at request of a public sector body or Union institution, agency or body | data file | Regulator access to data | ||||||||||||||||||
60 | ||||||||||||||||||||||||||
61 | AI | Access of national competent authorities to information and documentation necessary to check compliance | Providers, importers and distributors of high-risk AI systems | Information and documentation necessary to demonstrate conformity of the AI system | Regulator | triggered at request of the national authority | data file | Regulator access to data | ||||||||||||||||||
62 | AI | Access of market surveillance authorities to data and documentation to check compliance with | Providers | training, validation and testing datasets | Regulator | triggered at request of the market surveillance authority | data file, API, or source code | Regulator access to data | ||||||||||||||||||
63 | ||||||||||||||||||||||||||
64 | ||||||||||||||||||||||||||
65 | ||||||||||||||||||||||||||
66 | ||||||||||||||||||||||||||
67 | ||||||||||||||||||||||||||
68 | ||||||||||||||||||||||||||
69 | ||||||||||||||||||||||||||
70 | ||||||||||||||||||||||||||
71 | ||||||||||||||||||||||||||
72 | ||||||||||||||||||||||||||
73 | ||||||||||||||||||||||||||
74 | ||||||||||||||||||||||||||
75 | ||||||||||||||||||||||||||
76 | ||||||||||||||||||||||||||
77 | ||||||||||||||||||||||||||
78 | ||||||||||||||||||||||||||
79 | ||||||||||||||||||||||||||
80 | ||||||||||||||||||||||||||
81 | ||||||||||||||||||||||||||
82 | ||||||||||||||||||||||||||
83 | ||||||||||||||||||||||||||
84 | ||||||||||||||||||||||||||
85 | ||||||||||||||||||||||||||
86 | ||||||||||||||||||||||||||
87 | ||||||||||||||||||||||||||
88 | ||||||||||||||||||||||||||
89 | ||||||||||||||||||||||||||
90 | ||||||||||||||||||||||||||
91 | ||||||||||||||||||||||||||
92 | ||||||||||||||||||||||||||
93 | ||||||||||||||||||||||||||
94 | ||||||||||||||||||||||||||
95 | ||||||||||||||||||||||||||
96 | ||||||||||||||||||||||||||
97 | ||||||||||||||||||||||||||
98 | ||||||||||||||||||||||||||
99 | ||||||||||||||||||||||||||
100 |