In the interest of clarity, simplicity and effectiveness, the powers to supervise and enforce the obligations under this Regulation should be conferred to the competent authorities in the Member State where the main establishment of the provider of intermediary services is located, that is, where the provider has its head office or registered office within which the principal financial functions and operational control are exercised. In respect of providers that are not established in the Union, but that offer services in the Union and therefore fall within the scope of this Regulation, the Member State where those providers appointed their legal representative should have competence, considering the function of legal representatives under this Regulation. In the interest of the effective application of this Regulation, all Member States or the Commission, where applicable, should, however, have competence in respect of providers that failed to designate a legal representative. That competence may be exercised by any of the competent authorities or the Commission, provided that the provider is not subject to enforcement proceedings for the same facts by another competent authority or the Commission. In order to ensure that the principle ofne bis in idemis respected, and in particular to avoid that the same infringement of the obligations laid down in this Regulation is sanctioned more than once, each Member State that intends to exercise its competence in respect of such providers should, without undue delay, inform all other authorities, including the Commission, through the information sharing system established for the purpose of this Regulation.
DSA Recital EN
Recital 123
Related across sources
Guidance Guidelines 9/2022 on personal data breach notification under GDPR Guidance Guidelines 07/2020 on the concepts of controller and processor in the GDPR Guidance Guidelines 05/2022 on the use of facial recognition technology in the area of law enforcement Guidance Guidelines 10/2020 on restrictions under Article 23 GDPR Guidance Guidelines 2/2023 on Technical Scope of Art. 5(3) of ePrivacy Directive Guidance ARTICLE 29 DATA PROTECTION WORKING PARTY