Caching Services under DSA

Legal Framework

Caching services are governed by Article 5 of the Digital Services Act (DSA), which establishes them as a distinct sub-category of intermediary services alongside mere conduit and hosting services. The provision of a caching service is defined as the automatic, intermediate, and temporary storage of information, performed for the sole purpose of making onward transmission more efficient to other recipients upon their request. This legal definition, rooted in Recital 29, captures technical functions like content delivery networks (CDNs) and proxy caches that are integral to the swift and secure functioning of the online ecosystem.

Practical Application

The DSA creates a conditional liability exemption for caching service providers, which is more nuanced than the broad exemption for mere conduit. The exemption applies only if the provider: (a) does not modify the information; (b) complies with conditions on access to the information (e.g., respecting industry-standard data refresh rules); and (c) does not interfere with the lawful use of technology to obtain data on the use of the information. Crucially, upon obtaining actual knowledge or awareness that the source information has been removed from the initial source or access to it has been disabled, the provider must act expeditiously to remove or disable access to the cached copy. This "actual knowledge" trigger, as interpreted in case law like Nikolaou v. Commission, means the provider must be aware of facts or circumstances from which the illegality is apparent; the threshold is met when a data subject is identifiable even if not explicitly named, underscoring that awareness can be contextual.

Key Considerations

• Monitor Takedown Notices: Implement a robust process to track and verify takedown actions at the original source. Your liability shield for cached content is contingent on expeditious action once you have actual knowledge the source material has been lawfully removed.
• Audit Technical Compliance: Ensure your caching architecture adheres to the strict technical conditions of Article 5, particularly regarding non-modification of content and compliance with rules on data refreshing and access. Documenting these technical standards is critical for demonstrating eligibility for the liability exemption.
• Define "Expeditious" Action: Establish clear internal protocols for the speed of removal/disablement upon receiving valid knowledge. While not defined by a specific timeframe, "expeditious" will be judged by what is technically feasible and reasonable, requiring documented procedures to demonstrate good faith compliance.