Man admiring city skyline at night from rooftop

Digital Services Act (DSA): Launch of the Registry of Intermediary Service Providers

Until October 22, 2024, all providers of intermediary services with their main establishment in Greece are required to register at the Registry of Intermediary Service Providers, effectively placing themselves under the supervision of the Hellenic Telecommunications and Post Commission (EETT). This obligation, which applies to major categories of businesses operating via the internet, complements the implementation of the Digital Services Act, making the provision of intermediary services a regulated market under a systematic legal framework and supervised by a public authority.

With its Decision 1119/2/28-06-2024, (Government Gazette 4299/B/23-07-2024), the National Telecommunications and Post Commission ("EETT"), in its capacity as the Digital Services Coordinator, issued the Regulation on the Operation of the Registry of Intermediary Service Providers, including Hosting Services ("Regulation").

According to the Regulation, all domestic providers of intermediary services, including hosting service providers, must register in the EETT Registry of Intermediary Service Providers ("Registry") by October 22, 2024.

This follows the implementation of Law 5099/2024, which introduced the application of Regulation (EU) 2022/2065 of the European Parliament and of the Council of October 19, 2022, on a single market for digital services and amending Directive 2000/31/EC ("Digital Services Act") into Greek law.

EETT was designated as the Digital Services Coordinator. It is noted that the Digital Services Act establishes a unified legal framework across the EU for regulating online intermediary services, such as hosting providers, online platforms, and online search engines.

1.Scope of Application

The following providers are required to register in the registry:

  • Providers of mere conduit services, i.e., digital service providers transmitting data through a communication network without modifying the content of that data, such as internet exchange points, wireless access points, virtual private network (VPN) providers, voice over internet protocol (VoIP) providers, email services, and instant messaging services.
  • Caching service providers, who manage the automatic and temporary storage of information to improve network speed and efficiency. An example would be content distribution networks (e.g., Akamai, Cloudflare) that temporarily store content like videos or files for faster delivery to users.
  • Online search engine providers.
  • Hosting service providers, which store content provided by users at their request. This category includes web hosting services, cloud computing providers, mobile app stores, and:
  • Online platforms, a special subset of hosting services that not only store content but also distribute it to a wide audience.
  • Online marketplaces, which facilitate distance contracts between users and merchants.

2. Registry Rules for Intermediary Service Providers

To register in the Registry of Intermediary Service Providers, a registration declaration must be submitted by the obligated enterprise. Not any approval decision from the EETT is required. Upon registration, a Registry Number is issued to the provider.

The registry includes contact information for authorities to manage crises. Specifically, hosting service providers must declare a contact point for receiving removal orders of terrorist content.

Providers must update the Registry with any changes immediately and no later than ten days. The details (EETT Registry number, company name, trade name, address, public contact information, website, and provided services) of registered individuals or legal entities are provided as open data and published on the EETT website.

3. Registration Process

The registration process distinguishes between the following cases:

A) Obligated entities not registered at the EETT Business Registry and Licensing:

  • The obligated companies must submit a registration application via the e-registry platform using the company’s TaxisNet credentials.
  • The registration process involves entering company details and providing the necessary legal documents and information about its legal representative.
  • After completing the registration and submitting the application for an intermediary service license, the providers are officially registered in the registry.

B) Registered obligated companies in the EETT Business Registry with active users:

  • Registration in the Registry of Intermediary Services requires a company data modification application.
  • The necessary legal documents and the company’s legal representative information must be attached to the application.
  • After the modification request is completed, an application for a new license must be submitted through "New Application/New License/Intermediary Services".

C) Registered providers without active users:

  • The process involves adding users via TaxisNet credentials for businesses within Greece, while for businesses outside Greece, an administrator registration is done by submitting an administrator request via the e-registry platform. In all cases, a company modification request must be submitted, including the necessary legal documents and information about the legal representative.
  • Following the modification, a new license application is submitted through the "New Application/New License/Intermediary Services" option.

D) Companies outside Greece:

  • TaxisNet credentials are not required.
  • The application must be accompanied by a digital copy of the administrator’s ID or passport.

4. Supervision & Sanctions

As Digital Services Coordinator, the EETT is responsible for overseeing and enforcing the Digital Services Act in the Greek market for intermediary service providers, with the powers granted by Articles 51-52 of the Act.

In specific, the EETT has the following responsibilities:

  • Requests information from intermediary service providers and any third party.
  • Conducts inspections at facilities and collects information related to investigated violations.
  • Orders the cessation of violations of the Act and imposes commitments and corrective measures regarding compliance with the Act.
  • Takes interim measures and imposes administrative sanctions.
  • Serves as the central point for submitting complaints against intermediary service providers.

In cases of non-compliance with the Digital Services Act, the EETT may impose penalties of up to 6% of the global annual turnover of the audited company.

In particular, for providing inaccurate, incomplete, or misleading information, failure to respond or correct such information, and failure to submit to inspection, the fine cannot exceed one percent (1%) of the annual income or global turnover of the respective intermediary service provider or person in the previous financial year.

The Act no. 5099/2024 is available here.

The EETT Regulation is available here.

The EETT Register is available here.