Abuse & Notice-and-Action Policy
Effective date: [date] · Last updated: [date]
Moonlight Array B.V.
This policy implements our obligations under Regulation (EU) 2022/2065 (Digital Services Act), Articles 16, 17, and 18, and the Dutch Notice-and-Takedown Code of Conduct for hosting providers.
Draft pending legal review
This document is a starting point for legal review, not legal advice. It should be reviewed by a qualified Dutch/EU technology lawyer before publication. Bracketed items [like this] must be completed before use.
1. Purpose and Scope
This Abuse and Notice-and-Action Policy ("Policy") describes how Moonlight Array B.V. handles reports of allegedly illegal content and activity, abuse of the Service, and infrastructure misuse in connection with AIDO. Moonlight Array B.V. acts as a hosting service provider within the meaning of the Digital Services Act ("DSA"). We store information provided by, and at the request of, our users. We do not initiate, direct, or control the specific actions taken by users' Agents, and we do not systematically monitor user content for illegal activity, except as described in this Policy and as required by applicable law.
This Policy applies to:
- reports of allegedly illegal content hosted on, transmitted through, or generated by the Service;
- reports of activity that violates our Terms of Service or Acceptable Use Policy;
- reports of infrastructure abuse (spam, malware hosting, denial-of-service, credential abuse, etc.);
- orders from competent EU or Dutch authorities.
2. How to Report
Reports can be submitted through the following channels:
- Email: [[email protected]]
- Web form: [https://moonlightarray.nl/abuse]
Both channels are designed to be easily accessible and user-friendly, in accordance with Article 16(1) DSA. Any individual or entity may submit a report. You do not need to be a user of the Service.
3. What to Include in a Report (DSA Article 16(2))
To enable us to assess and act on your report, a valid notice should include the following elements:
- Explanation of illegality: A sufficiently substantiated explanation of the reasons why you allege the information or activity in question is illegal content under EU or Dutch law, or otherwise violates our Terms of Service or Acceptable Use Policy. Please identify the specific law, regulation, or policy you believe has been violated.
- Location of the content or activity: A clear indication of the exact electronic location of the information — such as the URL, IP address, instance identifier, Agent identifier, email headers, log excerpts, or other reference sufficient for us to identify the relevant content or activity.
- Reporter identity: Your name and email address. Exception: In accordance with DSA Article 16(2)(c), this information is not required for reports concerning child sexual abuse material (CSAM) as defined in Articles 3 to 7 of Directive 2011/93/EU.
- Good-faith statement: A statement confirming your good-faith belief that the information and allegations contained in the report are accurate and complete.
Incomplete reports may still be assessed, but may take longer to process. We will make reasonable efforts to request clarification where a report lacks sufficient detail.
4. Processing of Reports
We will process all reports in a timely, diligent, non-arbitrary, and objective manner, in accordance with DSA Article 16(6).
4.1 Acknowledgement. We will send a confirmation of receipt to the reporter without undue delay, provided the reporter included contact information.
4.2 Assessment. We will assess the report against applicable law, our Terms of Service, and our Acceptable Use Policy. Assessment may involve: (a) reviewing the reported content, activity, or logs; (b) reviewing the user's account, Agent configuration, and integration settings; (c) contacting the affected user for their perspective (where appropriate and not contrary to law or safety); (d) consulting legal counsel or relevant authorities where the report involves complex legal questions; (e) using automated tools to assist in identifying the scope of the issue. Where a report, on its face, allows a diligent hosting service provider to identify the illegality of the content or activity without a detailed legal examination, the report gives rise to actual knowledge within the meaning of DSA Article 6.
4.3 Decision and Action. Based on our assessment, we may take one or more of the following actions:
- No action: Where the report is unfounded, vexatious, or the content/activity is not illegal or in violation of our policies;
- Content removal or disabling: Removing or disabling access to specific content;
- Account restriction: Restricting, throttling, suspending, or quarantining the user's account, Agent, Hosted Instance, integrations, or API access;
- Account termination: Permanently terminating the user's account and refusing future service;
- Preservation of evidence: Preserving relevant logs, content, and records for a reasonable period for investigation, legal proceedings, or compliance purposes;
- Notification to authorities: Notifying law enforcement, regulatory authorities, or the competent Digital Services Coordinator where required or appropriate, including in accordance with DSA Article 18 (suspicion of criminal offences involving a threat to life or safety);
- Notification to affected third parties: Notifying affected third-party platforms, service providers, or individuals where appropriate;
- Other reasonable measures: Taking any other action we consider appropriate to address the reported issue.
5. Statement of Reasons (DSA Article 17)
Where we take action against a user (removal of content, restriction, suspension, or termination), we will provide the affected user with a clear and specific statement of reasons, including:
- the nature and scope of the action taken (e.g., content removal, account suspension, instance termination);
- the facts and circumstances on which the decision is based, including information about whether the decision was taken following a report under this Policy or as a result of our own investigation;
- where applicable, information about the use of automated means in reaching the decision;
- where the action is based on the alleged illegality of content, a reference to the legal ground relied upon and an explanation of why the content is considered illegal;
- where the action is based on a violation of our Terms of Service or Acceptable Use Policy, a reference to the specific clause(s) violated and an explanation of why the content or activity violates those terms;
- information about the user's right to appeal the decision (see Section 7) and any available redress options.
The statement of reasons will be provided in clear, plain, and easily understandable language. We will provide the statement at the latest at the time the action takes effect, unless disclosure would compromise an ongoing investigation, harm public safety, or be contrary to law.
6. Notification to the Reporter
We will notify the reporter of our decision without undue delay after reaching a decision, provided the reporter included contact information in the report. The notification will include our decision and any relevant reasoning.
7. Appeals and Redress
Users affected by a content-moderation or enforcement decision may appeal by contacting [[email protected]] or [[email protected]] within [six (6) months] of receiving the statement of reasons. An appeal should include: (a) the user's account identifier and the reference number of the original decision (if provided); (b) a clear explanation of why the user believes the decision was incorrect; (c) any supporting evidence or context. We will review appeals promptly and in a non-arbitrary manner. Where the appeal has merit, we will reverse or modify the decision and notify the user. Where the appeal is rejected, we will explain the reasons.
If you are not satisfied with the outcome of your appeal, you may seek redress through: (a) the out-of-court dispute settlement procedures available under DSA Article 21 (once certified bodies are available in the Netherlands); (b) the competent courts in accordance with the governing law clause in our Terms of Service; or (c) the competent Digital Services Coordinator.
Note: As Moonlight Array B.V. is not an "online platform" within the meaning of DSA Article 3(i) (we do not disseminate user content to the public), the formal internal complaint-handling system under DSA Article 20 may not apply to us. Nevertheless, we voluntarily provide this appeals mechanism to ensure fairness and transparency.
8. Notification of Suspected Criminal Offences (DSA Article 18)
Where we become aware of any information giving rise to a suspicion that a criminal offence involving a threat to the life or safety of a person or persons has taken place, is taking place, or is likely to take place, we will promptly inform the competent law enforcement or judicial authorities of the EU Member State(s) concerned, or Europol where applicable. Where we cannot identify the competent Member State, we will inform the law enforcement authorities of the Member State in which we are established (the Netherlands) or the Dutch Digital Services Coordinator. We will provide all available relevant information, including the content in question, the time and location of the activity, and any relevant user identification data, subject to applicable law.
9. Orders from Authorities
We will comply with orders from competent judicial or administrative authorities of EU Member States requiring us to act against illegal content or to provide information, in accordance with DSA Articles 9 and 10. Upon receipt of such an order, we will: (a) verify its authenticity; (b) take the required action within the timeframe specified in the order; (c) inform the issuing authority of the action taken; and (d) inform the affected user where appropriate and not contrary to the order.
10. Proactive Measures and Voluntary Investigations
We may, but are not obligated to (except where required by applicable law), conduct proactive monitoring or voluntary investigations to identify and remove illegal content or violations of our Terms of Service or Acceptable Use Policy. In accordance with DSA Article 7, voluntary investigations conducted in good faith and with diligence do not cause us to lose the hosting safe-harbour protection under DSA Article 6. Proactive measures may include automated abuse-detection systems, rate-limit monitoring, outbound traffic analysis, and review of Agent configurations flagged by automated systems. Where automated means are used, we will indicate this in the statement of reasons provided to affected users.
11. Infrastructure Abuse
Infrastructure abuse includes, but is not limited to: spam origination or relay, malware hosting or distribution, participation in botnets or DDoS attacks, port scanning or vulnerability exploitation, cryptocurrency mining, credential abuse, open proxy or relay operation, and use of Hosted Instances for purposes unrelated to the Service. Infrastructure abuse may be detected through automated monitoring, third-party abuse reports (including reports from CERT, IP-reputation services, or third-party platform abuse desks), or internal investigation. We may respond to infrastructure abuse immediately, without prior notice to the user, where delay would create imminent risk to the Service, our infrastructure, third parties, or the public. We will provide a statement of reasons to the affected user as soon as practicable after taking action.
12. Repeat Infringers
Users who repeatedly violate our Terms of Service, Acceptable Use Policy, or applicable law — or who repeatedly submit illegal or abusive content through the Service — may be subject to escalating enforcement measures, including permanent account termination and refusal of future service. We maintain records of enforcement actions to identify repeat infringers. Escalation is proportionate: first violations may result in a warning or temporary restriction; repeated or serious violations may result in immediate permanent termination.
13. Misuse of Reporting Mechanisms
Submitting manifestly unfounded, vexatious, or bad-faith reports is prohibited. If we determine that a reporter is systematically submitting unfounded or abusive reports, we may: (a) disregard further reports from that reporter; (b) temporarily or permanently block the reporter's access to our reporting mechanisms; and (c) pursue legal remedies where appropriate.
14. Transparency
We will publish transparency reports in accordance with our obligations under DSA Article 15, including information about the number of reports received, actions taken, use of automated tools, and other information required by law. Transparency reports will be published on our Transparency Report page and will cover the reporting period specified by applicable law.
15. Legal Representative and Contact Point
Moonlight Array B.V. is established in the Netherlands. Our contact point for DSA-related matters, including for authorities, users, and reporters, is: Email: [[email protected]]; Postal address: [address]. We will respond to communications in English and Dutch. Where required by DSA Article 13, our designated point of contact for competent authorities, the European Commission, and the European Board for Digital Services is: [same or separate contact].
16. Cooperation with Authorities
We cooperate with competent EU and Dutch authorities, including the Dutch Digital Services Coordinator (the Autoriteit Consument en Markt, "ACM", where designated), the Autoriteit Persoonsgegevens, law enforcement, and Europol, in accordance with applicable law. We may disclose user information and content to competent authorities where required by law, court order, or where we reasonably believe disclosure is necessary to prevent imminent harm to life or safety.
17. Retention of Abuse Records
We retain abuse reports, investigation records, enforcement decisions, and related correspondence for [24] months or longer where required for ongoing legal proceedings, regulatory obligations, or repeat-infringer tracking. Where an abuse report contains Personal Data, we process it in accordance with our Privacy Policy and applicable data protection law.
18. Changes to This Policy
We may update this Policy from time to time to reflect changes in law, regulatory guidance, or our operational practices. Where changes are material, we will provide notice on our website and, where appropriate, by email.
19. Contact
- Abuse reports: [[email protected]]
- Appeals: [[email protected]]
- General enquiries: [[email protected]]
- Postal address: [address]