LegalizeCommission Implementing Regulation (EU) 2024/607 of 15 February 2024 on the practical and operational arrangements for the functioning of the information sharing system pursuant to Regulation (EU) 2022/2065 of the European Parliament and of the Council (Digital Services Act)
THE EUROPEAN COMMISSION,
Having regard to the Treaty on the Functioning of the European Union,
Having regard to Regulation (EU) 2022/2065 of the European Parliament and of the Council of 19 October 2022 on a Single Market for Digital Services and amending Directive 2000/31/EC (Digital Services Act) (1), and in particular Article 85 thereof,
After consulting the Digital Services Committee in accordance with Article 88 of Regulation (EU) 2022/2065,
Whereas:
(1) Regulation (EU) 2022/2065 seeks to ensure a safe digital space for users, while ensuring that fundamental rights are respected. It does this by imposing obligations on providers of intermediary services to prevent the spread of illegal content online and by regulating those providers’ content moderation policies in relation to their services. The effective supervision, investigation, enforcement and monitoring of those providers’ compliance with those obligations requires cooperation between the Member States and with the Commission, as well as a seamless exchange of information between the Member States and with the Commission.
(2) To this end, Article 85 of Regulation (EU) 2022/2065 requires the Commission to establish and maintain a reliable, secure and interoperable information sharing system, hereinafter ‘AGORA’, that supports communications between Digital Services Coordinators, the Commission and the European Board for Digital Services (‘the Board’). Other competent authorities may be granted access to AGORA, where necessary, to carry out the tasks conferred on them in accordance with Regulation (EU) 2022/2065. The Digital Services Coordinators, the Commission, and the Board are required to use AGORA for all communications made pursuant to Regulation (EU) 2022/2065.
(3) AGORA is a software application accessible via the Internet to be developed by the Commission. AGORA provides a communication mechanism to facilitate the cross-border exchange of information and mutual assistance between Digital Services Coordinators, the Commission and the Board pursuant to Regulation (EU) 2022/2065. In particular, AGORA should support the Digital Services Coordinators, the Commission and the Board in managing the exchange of information in connection with the supervision, investigation, enforcement and monitoring under Regulation (EU) 2022/2065 based on simple and unified procedures.
(4) This Regulation sets out the practical and operational arrangements for the set-up, maintenance and operation of AGORA for the purposes of supervision, investigation, enforcement and monitoring under Regulation (EU) 2022/2065, which may cover, inter alia, one-to-one exchange of information, notification procedures, alert mechanisms, mutual assistance arrangements and problem-solving between Digital Services Coordinators, the Commission, the Board, and other competent authorities that have been granted access to AGORA pursuant to Regulation (EU) 2022/2065 (‘AGORA actors’).
(5) Given the cross-border and cross-sectoral relevance of intermediary services, a high level of coordination and cooperation among the different relevant actors is necessary to ensure the consistent supervision, investigation, enforcement and monitoring under Regulation (EU) 2022/2065, and the availability of relevant information through AGORA for that purpose.
(6) In order to overcome language barriers, AGORA should be available in all official languages of the Union. To that end, AGORA should offer fully automated machine-translation tools currently available to the Commission for the translation of documents and messages exchanged through it. The Commission should provide natural persons working under the authority of Digital Services Coordinators, the Commission, the Board or other competent authorities that have been granted access to AGORA (‘AGORA user’), and AGORA users appointed as administrators by the Digital Services Coordinators, the Commission, and the Board (‘AGORA administrator’) with such tools. The automated machine-translation tools should be compatible with the security and confidentiality requirements for the exchange of information in AGORA.
(7) In order to fulfil their tasks under Regulation (EU) 2022/2065, Digital Services Coordinators, the Commission and the Board may need to exchange information which may include personal data. Any such exchange of information should comply with the rules on the protection of personal data laid down in Regulations of the European Parliament and of the Council (EU) 2016/679 (2) and (EU) 2018/1725 (3). Accordingly, the exchange of personal data necessary to comply with the obligations and to fulfil the tasks laid down in Regulation (EU) 2022/2065 falls within the scope of the lawful processing of data pursuant to Article 5, point (a) of Regulation (EU) 2018/1725, and Article 6(1), point (e) of Regulation (EU) 2016/679.
(8) AGORA should be the tool used for the exchange of information, including, where necessary, personal data, which would otherwise take place via other means, including regular mail or electronic mail on the basis of a legal obligation imposed on Digital Services Coordinators, the Commission, the Board, and other competent authorities that have been granted access to AGORA pursuant to Regulation (EU) 2022/2065. Personal data exchanged via AGORA should only be processed for the purpose of the supervision, investigation, enforcement and monitoring under Regulation (EU) 2022/2065. Where personal data is processed in the operation of AGORA for the purposes of sharing, requesting and accessing information answering requests for information, referrals, requesting action and requesting support, the Digital Services Coordinators should be separate controllers within the meaning of Regulation (EU) 2016/679 for the processing activities they carry out.
(9) Each Digital Services Coordinator may also decide to use AGORA for its own case-handling activities carried out for the supervision, investigation, enforcement and monitoring under Regulation (EU) 2022/2065. Where personal data is not to be exchanged in AGORA for the purposes of sharing, requesting and accessing information, answering requests for information, referrals, requesting action and requesting support, each Digital Services Coordinator and, where applicable, other competent authorities that have been granted access to AGORA, should be a sole controller within the meaning of Regulation (EU) 2016/679 and Regulation (EU) 2018/1725 with respect to the data processing activities carried out by means of AGORA.
(10) The transmission, storage, and other processing of personal data of natural persons should take place in AGORA for the purposes of supporting communications between AGORA actors to carry out case-handling activities by them in connection with the supervision, investigation, enforcement and monitoring under Regulation (EU) 2022/2065.
(11) AGORA should process personal data insofar as strictly necessary for the supervision, investigation, enforcement, and monitoring under Regulation (EU) 2022/2065. AGORA should process personal data, such as identification data (e.g., name, nickname, alias, date of birth, place of birth, nationality, identification documents, and where necessary other characteristics likely to assist in identification), contact details (e.g., professional and private address, e-mail address, and telephone), case involvement data (e.g., the position and function of the natural person in an undertaking, other roles such as suspect, victim, whistleblower, informant, and witness), case related data (e.g., document, image, video, voice recording, statement, opinion, and record) and any other information deemed necessary to fulfil the requirements under Regulation (EU) 2022/2065.
(12) Following the data protection-by-design and by-default principles, AGORA should be developed and designed with due respect to the requirements of data protection legislation, in particular due to restrictions imposed on access to personal data exchanged in AGORA. Therefore, AGORA should offer a considerably higher level of protection and security than other methods of information exchange, such as telephone, regular mail, or electronic mail.
(13) The Commission should supply and manage the software and IT infrastructure for AGORA, ensure its reliability, security, availability, maintenance and operation, and be involved in the training of and technical assistance to AGORA administrators and AGORA users.
(14) The competence of the Member States to decide which national authorities carry out the obligations resulting from this Regulation should be exercised in accordance with Article 49 and Article 62 of Regulation (EU) 2022/2065. Member States should be able to adapt functions and responsibilities in relation to AGORA to reflect their internal administrative structures, and to implement in AGORA a specific type of work or order of stages in a given work process.
(15) Each Digital Services Coordinatorshould appoint and notify the Commission at least one AGORA administrator in its Member State for issues relating to AGORA. Each Digital Services Coordinator should also be responsible for the appointment of AGORA administrators of its respective competent authorities that have been granted access to AGORA pursuant to Regulation (EU) 2022/2065. Each AGORA administrator should register, grant and revoke access to AGORA to its own AGORA users. In order to achieve efficient supervision, investigation, enforcement and monitoring cooperation of services in scope of Regulation (EU) 2022/2065 through AGORA, Member States should ensure that their respective AGORA administrators and AGORA users have the necessary resources to carry out their obligations in accordance with Article 50(1) of Regulation (EU) 2022/2065.
(16) Information received by a Digital Services Coordinator, the Commission, the Board, or another competent authority that has been granted access to AGORA through AGORA from another Digital Services Coordinator, the Commission, the Board, or another such competent authority should not be deprived of its value as evidence in criminal, civil or administrative proceedings in accordance with relevant EU and national laws solely on the ground that it originated in another Member State, or was received by electronic means, and it should be treated by the relevant AGORA actor in the same way as similar documents originating in its Member State.
(17) It should be possible to process the name and contact details of AGORA administrators and AGORA users necessary to fulfil the objectives of Regulation (EU) 2022/2065 and of this Regulation, including monitoring of the use of AGORA by AGORA administrators and AGORA users, communication, training and awareness-raising initiatives, and gathering information in connection with the supervision, investigation, enforcement and monitoring of services within the scope of Regulation (EU) 2022/2065, or mutual assistance thereof.
(18) In order to ensure the effective monitoring of, and reporting on, the functioning of AGORA, the Digital Services Coordinators, the Board and other competent authorities that have been granted access to AGORA should make relevant information available to the Commission.
(19) Data subjects should be informed about the processing of their personal data in AGORA and the rights they benefit from, in particular the right of access to data relating to them, and the right to have inaccurate data corrected and illegally processed data erased in accordance with Regulation (EU) 2016/679 and Regulation (EU) 2018/1725.
(20) Each AGORA actor, as controller with respect to the data processing activities that it performs in connection with the supervision, investigation, enforcement and monitoring of services in scope of Regulation (EU) 2022/2065 should ensure that data subjects can exercise their rights in accordance with Regulation (EU) 2016/679 and Regulation (EU) 2018/1725. This should include establishing a process for regularly testing, assessing and evaluating the effectiveness of technical and organisational measures for ensuring the security of processing.
(21) The implementation of this Regulation and the performance of AGORA should be monitored in the report on the functioning of AGORA based on statistical data from AGORA and any other relevant data. The Commission should submit the report to the European Parliament, the Council and the European Data Protection Supervisor. The performance of the Digital Services Coordinators, the Board and other competent authorities that have been granted access to AGORA should be evaluated, inter alia, based on average reply times with the aim of ensuring efficient and adequate replies. This report should also address aspects relating to the protection of personal data in AGORA, including data security.
(22) The European Data Protection Supervisor has been consulted in accordance with Article 42(1) of Regulation (EU) 2018/1725, and delivered an opinion on 4 January 2024,
HAS ADOPTED THIS REGULATION:
CHAPTER I
GENERAL PROVISIONS
Article 1
Subject matter and scope
This Regulation lays down the practical and operational arrangements for the functioning of a reliable and secure information sharing system, hereinafter ‘AGORA’, for supervision, investigation, enforcement and monitoring under Regulation (EU) 2022/2065.
Article 2
Information sharing system
The information sharing system AGORA is hereby established.
AGORA is a software application accessible via the Internet, and the tool used for the exchange of information, including, where necessary, personal data, which would otherwise take place via other means, including regular mail or electronic mail.
AGORA shall be used for the exchange of information, including the exchange of information containing personal data, between Digital Services Coordinators, the Commission, and the European Board for Digital Services (‘the Board’), as well as with other competent authorities that are granted access to AGORA to carry out the tasks conferred upon them in accordance with Regulation (EU) 2022/2065, in relation to the supervision, investigation, enforcement and monitoring of that regulation.
Article 3
Definitions
For the purposes of this Regulation, in addition to the definitions set out in Article 3 and 49(1) of Regulation (EU) 2022/2065, Article 4 of Regulation (EU) 2016/679, and Article 3 of Regulation (EU) 2018/1725, the following definitions shall apply:
‘AGORA’ means the information sharing system established and maintained by the Commission to support all communications pursuant to Regulation (EU) 2022/2065 between AGORA actors for the supervision, investigation, enforcement and monitoring under Regulation (EU) 2022/2065;
‘AGORA actor’ means the Digital Services Coordinators, the Commission, the Board, or other competent authorities that are or may be granted access to AGORA where necessary for them to carry out the tasks conferred on them in accordance with Regulation (EU) 2022/2065;
‘AGORA user’ means a natural person working under the authority of an AGORA actor, and registered as such in AGORA, for the purpose of performing the tasks conferred on the AGORA actor by Regulation (EU) 2022/2065;
‘AGORA administrator’ means an AGORA user appointed by an AGORA actor for the purpose of managing AGORA for that actor.
CHAPTER II
FUNCTIONS AND RESPONSIBILITIES IN RELATION TO AGORA
Article 4
Responsibilities of the Commission
The Commission shall be responsible for carrying out the following tasks in relation to AGORA:
(a) providing AGORA in all official Union languages, and maintaining AGORA;
(b) ensuring the reliability, security, availability, maintenance and development of the software and IT infrastructure of AGORA;
(c) offering automated machine-translation tools for the translation of documents and messages exchanged through AGORA;
(d) providing support to other AGORA actors in relation to the use of AGORA;
(e) registering at least one AGORA administrator on behalf of each Digital Services Coordinator and of the Board, and granting them access to AGORA;
(f) appointing at least one AGORA administrator;
(g) performing processing operations on personal data in AGORA, where provided for in this Regulation, for the supervision, investigation, enforcement and monitoring under Regulation (EU) 2022/2065;
(h) auditing, monitoring, and preparing reports needed for auditing and monitoring of AGORA under Regulation (EU) 2022/2065;
(i) providing knowledge, training, and support, including technical assistance, to AGORA administrators;
(j) monitoring performance by all other AGORA actors under this Regulation in accordance with Article 15.
In order to assist the Commission in the performance of the tasks listed in paragraph 1, the other AGORA actors shall provide the Commission with information relating to operations performed by them in AGORA.
Article 5
Processing of personal data by the Commission
The Commission shall be a processor within the meaning of Article 3, point (12), of Regulation (EU) 2018/1725 with respect to the processing of personal data when registering AGORA administrators.
The Commission shall be a separate controller within the meaning of Article 3, point (8), of Regulation (EU) 2018/1725 with respect to the processing of personal data of its own AGORA administrators and AGORA users.
Where the Commission processes personal data in the operation of AGORA for the purpose of sharing, requesting and accessing information, requesting action and requesting support, it shall be considered a separate controller, within the meaning of Article 3, point (8), of Regulation (EU) 2018/1725, from the other AGORA actors for the personal data processing activities it carries out.
Where the Commission processes personal data in the operation of AGORA on behalf of other AGORA actors for the purpose of sharing, requesting and accessing information, requesting action and requesting support, it shall be considered a processor within the meaning of Article 3, point (12), of Regulation (EU) 2018/1725.
For the purposes of this Regulation, the responsibilities of the Commission as processor for data processing activities conducted in AGORA by those other AGORA actors shall be defined in accordance with Annex II.
Article 6
Responsibilities of Digital Services Coordinators
Each Digital Services Coordinator shall appoint, for its Member State, at least one AGORA administrator.
Each Digital Services Coordinator shall be responsible for ensuring that, in relation to the performance of the tasks conferred on it in accordance with Regulation (EU) 2022/2065, only authorised AGORA users have access to AGORA.
Each Digital Services Coordinator shall inform the Commission of the AGORA administrator appointed by it in accordance with paragraph 1 without delay. The Commission shall share that information with the other Digital Services Coordinators and the Board.
Each Digital Services Coordinator shall ensure that the responsibilities of the AGORA administrator pursuant to this Regulation are fulfilled.
Digital Services Coordinators shall be separate controllers within the meaning of Article 4, point (7), of Regulation (EU) 2016/679 with respect to the processing of personal data when registering their AGORA users and granting them access to AGORA.
Where the Digital Services Coordinators process personal data in the operation of AGORA for the purpose of sharing information, requesting and accessing information, answering requests for information, making referrals, requesting action and requesting support, they shall be separate controllers within the meaning of Regulation (EU) 2016/679 for the processing activities they carry out.
Where other competent authorities designated by the Member States pursuant to Article 49(1) of Regulation (EU) 2022/2065, which are not the Digital Services Coordinator, process personal data in the operation of AGORA, such authorities shall be separate controllers within the meaning of Regulation (EU) 2016/679.
Article 7
Responsibilities of the Board
The Board shall appoint one AGORA administrator. The AGORA administrator shall be part of the administrative and analytical support provided to the Board pursuant to Article 62(4) of Regulation (EU) 2022/2065.
The Board shall be responsible for ensuring that only authorised AGORA users have access to AGORA.
The Board shall inform the Commission of the identity of its AGORA administrator appointed in accordance with paragraph 1, and of the tasks for which they are responsible under Article 8 of this Regulation, without delay. The Commission shall share this information with the Digital Services Coordinators.
Article 8
Responsibilities of AGORA administrators
AGORA administrators shall be responsible for:
registering AGORA users, and granting and revoking access to AGORA;
acting as the main contact point for the Commission for issues relating to AGORA, including providing information on aspects relating to the protection of personal data in accordance with this Regulation, Regulation (EU) 2016/679, and Regulation (EU) 2018/1725;
providing knowledge, training and support, including technical assistance and a helpdesk, to AGORA users registered by them;
ensuring the efficient provision of adequate responses by AGORA actors.
Article 9
Access rights of AGORA actors
AGORA actors shall grant and revoke access rights to AGORA administrators for which they are responsible.
Only authorised AGORA administrators and authorised AGORA users shall have access to AGORA.
AGORA actors shall put in place appropriate means to ensure that AGORA administrators and AGORA users are allowed to access personal data processed in AGORA only where strictly necessary for the supervision, investigation, enforcement and monitoring under Regulation (EU) 2022/2065.
Where a procedure relating to the supervision, investigation, enforcement and monitoring under Regulation (EU) 2022/2065 involves the processing of personal data, only AGORA administrators and AGORA users participating in that procedure shall have access to such personal data.
Article 10
Confidentiality
Each Member State and the Commission shall apply their own rules on professional secrecy or other equivalent duties of confidentiality to their AGORA administrators and AGORA users in accordance with national or Union law.
Each AGORA actor shall ensure that demands from other AGORA actors for confidential treatment of information exchanged in AGORA are complied with by AGORA administrators and AGORA users working under their authority.
CHAPTER III
PROCESSING OF PERSONAL DATA AND SECURITY
Article 11
Processing of personal data in AGORA
The transmission, storage and other processing of personal data in AGORA may take place only as necessary and proportionate and only for the following purposes:
(a) supporting communications between AGORA actors in connection with the supervision, investigation, enforcement and monitoring under Regulation (EU) 2022/2065;
(b) case-handling by AGORA actors when carrying out their own activities in connection with the supervision, investigation, enforcement and monitoring under Regulation (EU) 2022/2065;
(c) performing the business and technical transformations of data listed in this Regulation, where this is necessary to enable the exchange of information referred to in points (a) and (b).
The processing of personal data may take place in AGORA only in respect of the following categories of data subjects:
(a) natural persons whose personal information is contained in documents obtained in connection with the supervision, investigation, enforcement and monitoring under Regulation (EU) 2022/2065;
(b) AGORA administrators and AGORA users that have been granted access to AGORA.
The processing of personal data may take place in AGORA only in respect of the following categories of personal data:
identification data, contact details, case involvement data, case related data, and any other information deemed necessary for the supervision, investigation, enforcement and monitoring under Regulation (EU) 2022/2065;
name, address, contact information, contact number and user ID of the AGORA administrators and AGORA users referred to in paragraph 2, point (b).
AGORA shall store the categories of personal data listed under Article 11(3) of this Regulation and the logs indicating information about the flow and movements of the exchanged data carried out for the supervision, investigation, enforcement and monitoring under Regulation (EU) 2022/2065.
The storage of data referred to in paragraph 2 shall be performed using information technology infrastructure located in the European Economic Area.
Each AGORA actor shall ensure that data subjects can exercise their rights in accordance with Regulation (EU) 2016/679 and Regulation (EU) 2018/1725, and shall be responsible for compliance with these regulations for the personal data processing activities carried out on its behalf.
The national Supervisory Authorities and the European Data Protection Supervisor, each acting within the scope of their respective competence, shall ensure coordinated supervision of AGORA and its use by AGORA administrators and AGORA users.
Article 12
Joint controllership in AGORA
The Digital Services Coordinators shall be joint controllers pursuant to Article 26(1) of Regulation (EU) 2016/679 for the transmission, storage and other processing of personal data in AGORA in respect of the activities of the Board carried out in the context of the supervision, investigation, enforcement and monitoring under Regulation (EU) 2022/2065.
When joint investigations are carried out pursuant to Article 60 of Regulation (EU) 2022/2065 in the context of the supervision, investigation, enforcement and monitoring under Regulation (EU) 2022/2065, the concerned Digital Services Coordinators shall be joint controllers, within the meaning of Article 26(1) of Regulation (EU) 2016/679, for the transmission, storage and other processing of personal data in AGORA in the context of a particular joint investigation.
For the purposes of paragraphs 1 and 2, responsibilities shall be allocated among joint controllers in accordance with Annex I.
The Commission shall be a processor within the meaning of Article 3, point (12), of Regulation (EU) 2018/1725 for the processing of personal data carried out on behalf of the Digital Services Coordinators for the purpose of the activities of the Board, and for joint investigations pursuant to Article 60 of Regulation (EU) 2022/2065 carried out in the context of the supervision, investigation, enforcement and monitoring under Regulation (EU) 2022/2065.
Article 13
Security
The Commission shall put in place the necessary, state-of-the-art measures to ensure security of personal data processed in AGORA, including appropriate data access control and a security plan, which shall be kept up-to-date.
The Commission shall put in place the necessary, state-of-the-art measures in the event of a security incident, take remedial action, and ensure that it shall be possible to verify what personal data have been processed in AGORA, when, by whom, and for what purpose.
CHAPTER IV
FINAL PROVISIONS
Article 14
Translation
The Commission shall make AGORA available in all official languages of the Union, and offer to AGORA users automated machine-translation tools for the translation of documents and messages exchanged in AGORA.
A Digital Services Coordinator or any other competent authority to which access to AGORA is granted may produce, in relation to the performance of any of the tasks conferred on it in accordance with Regulation (EU) 2022/2065, any information, document, finding, statement, or certified true copy which it has received in AGORA, on the same basis as similar information obtained in its own country, for purposes compatible with those for which the data were originally collected and in accordance with relevant EU and national laws.
Article 15
Monitoring and reporting
The Commission shall regularly monitor the functioning of AGORA and shall regularly evaluate its performance.
By 17 February 2027, and every three years thereafter, the Commission shall submit to the European Parliament, the Council and the European Data Protection Supervisor a report on the implementation of this Regulation. The report shall include information on the monitoring and evaluation carried out in accordance with paragraph 1, and on the performance of AGORA actors in connection with AGORA with a view to ensuring efficient information sharing and adequate replies. The report shall also address aspects of implementation relating to the protection of personal data in AGORA, including data security.
For the purpose of producing the report referred to in paragraph 2, the Digital Services Coordinators, the Board and other competent authorities to which access is granted where necessary to carry out the tasks conferred to them in accordance with Regulation (EU) 2022/2065 shall, on an annual basis, provide the Commission with any information relevant to the application of this Regulation in the form of reports, including on the application of the data protection requirements and data security laid down in it.
Article 16
Costs
The costs incurred for the set-up, maintenance and operation of AGORA shall be covered by the annual supervisory fees collected by the Commission in accordance with Article 43(2) of Regulation (EU) 2022/2065 and Commission Delegated Regulation (EU) 2023/1127 (4).
The costs for AGORA operations at Member State level, including the human resources needed for training, promotion, technical assistance and helpdesk activities, as well as for the administration of AGORA at national level and any adaptations required to national networks and information systems shall be borne by the Member State which incurs them.
Article 17
Effective application
The Member States shall take all necessary measures to ensure effective application of this Regulation by their AGORA actors.
Article 18
Entry into force
This Regulation shall enter into force on the twentieth day following that of its publication in the Official Journal of the European Union.
This Regulation shall be binding in its entirety and directly applicable in all Member States.
Done at Brussels, 15 February 2024.
For the Commission The President Ursula VON DER LEYEN
(1) OJ L 277, 27.10.2022, p. 1, ELI: http://data.europa.eu/eli/reg/2022/2065/oj.
(2) Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (OJ L 119, 4.5.2016, p. 1, ELI: http://data.europa.eu/eli/reg/2016/679/oj).
(3) Regulation (EU) 2018/1725 of the European Parliament and of the Council of 23 October 2018 on the protection of natural persons with regard to the processing of personal data by the Union institutions, bodies, offices and agencies and on the free movement of such data, and repealing Regulation (EC) No 45/2001 and Decision No 1247/2002/EC (OJ L 295, 21.11.2018, p. 39, ELI: http://data.europa.eu/eli/reg/2018/1725/oj).
(4) Commission Delegated Regulation (EU) 2023/1127 of 2 March 2023 supplementing Regulation (EU) 2022/2065 of the European Parliament and of the Council with the detailed methodologies and procedures regarding the supervisory fees charged by the Commission on providers of very large online platforms and very large online search engines (OJ L 149, 02.03.2023, p. 16, ELI: http://data.europa.eu/eli/reg_del/2023/1127/oj).