In this edition of DSA decoded, we’re breaking down the requirements for transparency, accountability, and accessibility within terms and conditions (T&Cs) under the DSA.
T&Cs govern the relationship between an online service and its users and set out the rules and expectations for online behaviour, playing a vital role in establishing safe and secure environments for users. By understanding the essential requirements for T&Cs under the DSA, providers are able to comply with the legal framework and determine their broader approach for drafting, updating and implementing T&Cs throughout their services.
What are T&Cs under the DSA?
T&Cs are widely defined as “all clauses, irrespective of their name or form, which govern the contractual relationship between the provider of intermediary services and the recipients of the service” (Art. 3(u) DSA). Providers have tended to adopt a wide approach to scoping T&Cs under the DSA, incorporating more traditional contractual documents (e.g., terms of service/terms of use) alongside broader policy documents and guidelines.
Whether regulators and courts will consider policies as part of a service provider’s T&Cs remains an open question and would likely be decided on a case-by-case basis (and by reference to contract law in the respective Member State). However, as a rule, the greater the extent to which a policy can impact a user and their rights, the more likely it is to be regarded as T&Cs under the DSA.
What does the DSA require in respect of T&Cs?
The main requirements for providers in relation to T&Cs are set out in Art. 14 (aptly titled: terms and conditions); however, requirements for transparency within T&Cs are broader, including, for example, in relation to use of recommender systems (Art. 27).
In the widest sense, requirements relating to T&Cs are looking to ensure transparency for users in relation to how content is moderated and user’s access/use of a platform may be restricted on the basis of content they provide. There are also additional requirements for services predominantly used by minors, with further obligations for platforms designated as very large online platforms (VLOPs) and very large online search engines (VLOSEs).
Content
Providers must set out in their T&Cs:
- Information about any restrictions that they may impose in relation to the use of the service in respect of information provided by the user.
- Restrictions may include, for example, disablement/termination/suspension of a user’s account or removal, restriction, and/or demonetisation of content posted/uploaded by a user.
- Policies/tools used for content moderation, including in respect of algorithmic decision-making and human review.
- Content moderation encompasses a range of different activities under the DSA, including, for example, measures taken to identify and address illegal content or content that is incompatible with a provider’s policies and which might result in measures that impact the visibility and accessibility of that information or the user’s ability to access the service (Art. 3(t) DSA).
- Details on internal complaint handling procedures, such as how users can challenge decisions made by a provider or raise concerns in relation to content on a platform.
- Information about the main parameters used in their recommender systems, as well as options available to users to modify or influence those main parameters (Art. 27(1)).
T&Cs must be written in ‘clear, plain, intelligible, user-friendly and unambiguous language’ and be publicly available in an easily accessible place. While these requirements are not clearly distinguishable, the challenge for providers remains to draft their T&Cs with such unambiguous clarity that they are readily comprehensible to the average user.
It is crucial to note that the DSA, in contrast to the P2B Regulation (EU/2019/1150), does not address the consequences of a violation of Art. 14 DSA. However, this does not mean a user/consumer is left without protection. This apparent gap may be filled by existing consumer law such as Article 6(1) of the Unfair Contract Terms Directive, which stipulates that unfair terms—a category for which a lack of DSA-mandated transparency serves as strong evidence—shall not be binding on the consumer.
Significant Changes
The DSA also requires providers to notify users about any significant changes to the T&Cs (Art. 14 (2)). While not explicitly defined in the DSA, the Recitals suggest significant changes are those modifications that could materially alter the rights and obligations of users or impact their use of the service. Moreover, Rec. 45(6) establishes that notification about significant changes must be provided to users through appropriate means.
In practice, it will require providers to make a diligent assessment: while purely editorial changes will be unlikely to meet the threshold of significant, the extent to which changes that impact the rights and obligations of users or their use of the service requires a more nuanced assessment, including requiring a balance between comprehensive transparency and the risk of 'notification fatigue' from excessive updates.
Notably, the DSA notification requirement is weaker than the requirements in place under the national laws of several EU Member States, whereby, at least under consumer laws, an amendment to T&Cs typically requires user consent or inclusion of a pre-agreed amendment clause. Given the divergence of laws, providers may consider complying with the strictest applicable requirements when seeking to amend their T&Cs as opposed to implementing country-specific solutions.
Additional safeguards for minors
If a service is primarily aimed at or predominately used by minors, providers of that service are further required to explain the conditions for, and any restrictions on, the use of the service in a way that minors can understand (Art. 14(3)). While this obligation does not necessitate production of a simplified version of the T&Cs themselves, providers are likely to take this approach in practice. To address this requirement, it appears prudent to focus on the youngest possible user group (i.e. the minimum age for using the service) and to provide an explanation tailored to the intellectual capabilities of a user of this group.
In addition, Art. 28(1) of the DSA requires providers of online platforms which are accessible to minors to put in place measures to ensure a high level of privacy, safety, and security for minors on their service. The European Commission has recently published guidelines relating to this provision (the Art. 28 Guidelines) which suggest further obligations in respect of T&Cs. See further DSA decoded #6: The European Commission Finalises Guidelines on the Protection of Minors: What They Mean For Platforms.
The Art. 28 Guidelines state that platforms must present information to minors in a way that is easy to review. This extends to mandating that, where the T&Cs refer to a specific feature, the key information about this feature is presented when the minor engages with it. An example of “good practice” in respect of T&Cs is said to include displaying information about T&Cs with clear headings accompanied by explanatory icons and colourful pictures, using infographics that help minors to understand what they are agreeing to and offering an interactive quiz to check minors’ understanding of the T&Cs. This clearly builds on the broader requirements under Art. 14(3).
To determine whether their services are accessible to or predominately used by minors providers will need to consider the age of their users. This is likely to involve some form of age assurance and the extent to which providers may rely on the declared ages of their users. Notably, according to the Art. 28 Guidelines, a platform cannot rely on the fact that its T&Cs prohibit access to minors. Further, if the T&Cs do require a user to be 18 or older to access the service, providers will likely need to require users to verify their age upon access. At a time when the harms caused to minors online is a key area of focus for international regulators and in public discourse (most recently evidenced by the Art. 28 Guidelines), provisions of the DSA which touch upon minors warrant close attention - including those relating to T&Cs.
Further requirements for VLOPs/VLOSEs
The DSA also imposes additional T&C-related obligations on VLOPs and VLOSEs. They must:
- provide users with a concise, easily accessible and machine-readable summary of the T&Cs in clear and unambiguous language (Art. 14(5)) and
- provide T&Cs in the official languages of all the Member States in which they offer their services (Art. 14(6)).
The summary should include the main elements of the T&Cs, the available remedies and redress mechanisms, and the possibility of easily opting out of optional clauses. The DSA does not set out which parts of the T&Cs are “main elements”, but these are likely to include provisions relating to:
- content moderation principles,
- internal complaint-handling systems,
- the right to refer a dispute to an out-of-court dispute settlement body and
- the right to seek compensation.
As regards the language requirements, VLOPs/VLOSEs are required to publish their terms and conditions in the official languages of the Member States in which they publish their services. This language requirement must be considered in respect of existing policies and new policies that may fall within scope of the DSA.
Enforcement
As we set out in DSA decoded #1: DSA Enforcement, non-compliance with the DSA carries significant regulatory risk, including penalties of up to 6% of global annual turnover. Therefore, a thorough and defensible approach to all DSA obligations, including the small print, is critical to mitigating this risk.
The DSA’s requirements for T&Cs represent a paradigm shift, transforming these documents from standard contractual terms into a central pillar of a provider's compliance architecture. No longer a static legal formality, T&Cs are now a dynamic tool for demonstrating accountability. They must accurately reflect the operational realities of complex internal processes, from content moderation algorithms to recommender system logic.
Conclusion
While Art. 14 DSA builds upon well-established principles for T&Cs, it brings the long neglected small print a little further into the spotlight by transforming T&Cs from a defensive legal shield into a key component of a provider's regulatory due diligence. Ensuring that T&Cs are clear, accessible, and comprehensive, with additional safeguards and obligations for services aimed at or used by minors, and for very large online platforms (VLOPs) and search engines (VLOSEs) will ultimately elevate the drafting and amending process into a strategic, cross-functional exercise, demonstrating adherence to the principles of transparency and accountability while aiming to remain adaptable to evolving interpretations and technological change.