The Digital Services Act: A Comprehensive Analysis of Europe’s Pioneering Regulatory Framework for Online Platforms

Many thanks to our sponsor Panxora who helped us prepare this research report.

Abstract

This research report undertakes an extensive examination of the European Union’s Digital Services Act (DSA), a landmark legislative instrument enacted in 2022 to reshape the regulatory landscape for digital services. Emerging from the foundational yet increasingly antiquated Electronic Commerce Directive of 2000, the DSA represents a concerted effort to establish a safer, more transparent, and accountable online environment across the EU’s Digital Single Market. The report meticulously unpacks the DSA’s multifaceted core objectives, including the paramount goals of user protection, fostering accountability among digital service providers, harmonizing divergent national regulations, and carefully balancing regulatory oversight with the imperative to foster innovation within the digital economy. Special emphasis is placed on the tiered obligations imposed on various categories of digital intermediaries, culminating in the stringent requirements for Very Large Online Platforms (VLOPs) and Very Large Online Search Engines (VLOSEs), which are identified by their substantial user reach within the EU.

Furthermore, this analysis delves deeply into the DSA’s robust enforcement mechanisms, outlining the shared responsibilities between national Digital Services Coordinators and the overarching supervisory role of the European Commission, alongside the potential for significant penalties for non-compliance. The report also addresses the complex implementation challenges faced by tech companies of all sizes, from managing compliance costs and navigating data access mandates to refining intricate content moderation policies amidst evolving legal interpretations. An assessment of the DSA’s early effectiveness is provided, alongside a forward-looking perspective on its profound impact on global content moderation paradigms. A comprehensive comparative analysis situates the DSA within the broader international context, examining its interplay with other significant digital regulations such as the United Kingdom’s Online Safety Act, the United States’ Section 230, and various digital services taxes, highlighting divergent philosophical approaches to platform governance. Finally, the report concludes by forecasting potential future developments in digital regulation, underscoring the DSA’s pivotal role as a global benchmark and its ongoing implications for the future of the internet.

Many thanks to our sponsor Panxora who helped us prepare this research report.

1. Introduction

The advent and pervasive integration of digital services have profoundly reshaped the global economy, societal interactions, and the fabric of daily life. From facilitating instantaneous communication and commerce to providing unparalleled access to information, digital platforms have become indispensable infrastructure. This rapid and transformative digital proliferation, however, has not been without its concomitant challenges. The rise of sophisticated digital ecosystems has created fertile ground for the dissemination of illegal content, the amplification of disinformation, the proliferation of harmful online behaviors, and the emergence of significant power imbalances that undermine market fairness and consumer welfare. Issues such as hate speech, online harassment, the sale of counterfeit goods, the exploitation of minors, and the manipulation of democratic processes have underscored an urgent need for robust and adaptive regulatory frameworks capable of addressing these complex phenomena.

In response to this intricate web of opportunities and challenges, the European Union has positioned itself at the forefront of digital governance with the introduction of the Digital Services Act (DSA). This ambitious legislative initiative forms a cornerstone of the EU’s broader digital strategy, designed not merely to react to existing problems but to proactively establish a secure, predictable, and fair online environment for its 450 million citizens. The DSA is a testament to the EU’s commitment to upholding fundamental rights in the digital sphere, ensuring that the principles of transparency, accountability, and user safety are embedded within the operational DNA of digital service providers. Its introduction marks a critical juncture in the global debate surrounding platform responsibility, signaling a decisive shift from a largely self-regulatory paradigm towards a more comprehensive and legally binding framework for online content and conduct.

Many thanks to our sponsor Panxora who helped us prepare this research report.

2. Background and Context: Evolution of EU Digital Governance

The Digital Services Act did not emerge in a vacuum; it is the culmination of decades of evolving EU digital policy, directly building upon and significantly modernizing its predecessor, the Electronic Commerce Directive (Directive 2000/31/EC). Proposed by the European Commission in December 2020, alongside its companion legislation, the Digital Markets Act (DMA), the DSA was envisioned as a comprehensive overhaul of the EU’s foundational rules for online services.

2.1 Limitations of the E-Commerce Directive

The E-Commerce Directive, adopted in 2000, was a pioneering piece of legislation for its time, designed to foster the growth of the internet by providing legal certainty for online service providers. Its core principles included the ‘country of origin’ rule, meaning a service provider was primarily subject to the laws of the member state where it was established, and a broad ‘safe harbour’ provision. This provision largely exempted intermediary service providers from liability for illegal content hosted on their platforms, provided they acted expeditiously to remove such content upon receiving actual knowledge of its illegality. This ‘notice and take down’ mechanism was instrumental in allowing the internet to flourish without platforms being unduly burdened by responsibility for every piece of user-generated content.

However, as the internet matured and platforms grew exponentially in scale and complexity, the limitations of the E-Commerce Directive became glaringly apparent. The safe harbour provisions, while promoting innovation, also inadvertently led to a lack of proactive responsibility for platforms. The voluntary nature of content moderation, coupled with fragmented national approaches to enforcement, resulted in an uneven playing field and inconsistent protection for users across the EU. The Directive did not adequately address the systemic risks posed by very large platforms, such as the spread of disinformation, algorithmic amplification of harmful content, or opaque advertising practices. It lacked mechanisms for robust accountability, transparency, or effective redress for users. The rise of social media, online marketplaces, and search engines, which often relied on complex algorithms to curate and amplify content, far outstripped the Directive’s capacity to regulate their societal impact.

2.2 The Legislative Journey of the DSA

The proposal for the DSA initiated a rigorous legislative process involving extensive consultations and negotiations. The European Commission launched a public consultation in mid-2020, gathering input from a wide array of stakeholders, including major tech companies, start-ups, small and medium-sized enterprises (SMEs), consumer organizations, civil society groups, legal experts, academics, and national governments. These consultations highlighted a consensus on the need for updated rules, but also revealed significant divergences in views regarding the scope of liability, the definition of illegal content, the balance between freedom of expression and user safety, and the practicality of proposed compliance measures.

Following the Commission’s initial proposal, the European Parliament and the Council of the European Union each developed their respective positions. Key debates centered on:

• The scope of the act: Which digital services should be covered and to what extent?
• The definition of ‘illegal content’: How to ensure consistency across member states, given varying national laws?
• The threshold for ‘Very Large Online Platforms’ (VLOPs) and ‘Very Large Online Search Engines’ (VLOSEs): What user numbers would trigger enhanced obligations?
• Content moderation obligations: How far should platforms go in proactively identifying and removing illegal content, and what safeguards are needed for freedom of speech?
• Transparency requirements: What specific data and information should platforms be compelled to disclose?
• Enforcement mechanisms: How to ensure effective oversight, particularly for global platforms, and what penalties would be sufficiently deterrent?

Intense trilogue negotiations between the Commission, Parliament, and Council ultimately reconciled these differing positions, leading to a provisional agreement in April 2022. The final text of the DSA was formally adopted by the European Parliament in July 2022 and by the Council in October 2022. The act officially entered into force in November 2022, initiating a phased implementation schedule. The most stringent obligations for VLOPs and VLOSEs came into effect in August 2023, requiring these dominant players to adapt their systems swiftly. The remaining provisions for all other covered digital services are scheduled to apply from February 2024, ensuring a comprehensive rollout across the entire spectrum of online intermediaries.

2.3 Synergy with the Digital Markets Act (DMA)

It is crucial to understand the DSA not in isolation, but as part of a twin legislative package with the Digital Markets Act (DMA). While the DSA focuses on ensuring a safer online environment by regulating content moderation and platform accountability, the DMA aims to curb the market power of dominant ‘gatekeeper’ platforms, fostering fairer competition and contestability in the digital sector. Together, these two acts form a coherent and complementary strategy to address the multifaceted challenges posed by powerful digital actors, creating a comprehensive framework for digital governance within the EU that seeks to promote both user safety and market fairness. Where the DSA addresses what content is permissible and how platforms manage it, the DMA concerns how these powerful platforms operate as market players, preventing anti-competitive practices.

Many thanks to our sponsor Panxora who helped us prepare this research report.

3. Core Objectives of the Digital Services Act

The Digital Services Act is underpinned by a meticulously crafted set of objectives designed to navigate the complexities of the digital age. These objectives are not merely aspirational but translate into concrete legal obligations for digital service providers, seeking to foster a digital ecosystem that is both dynamic and responsible.

3.1 User Protection: Safeguarding Fundamental Rights Online

The primary objective of the DSA is to bolster user protection, ensuring that individuals engaging with online services within the EU can do so in an environment that is safe, lawful, and respectful of their fundamental rights. This encompasses a broad spectrum of protections:

• Protection from Illegal Content: The DSA aims to significantly reduce the prevalence of illegal content online, which can range from hate speech, incitement to terrorism, and child sexual abuse material (CSAM) to the sale of dangerous or counterfeit products, privacy violations, and intellectual property infringement. By mandating robust ‘notice and action’ mechanisms and proactive measures for VLOPs/VLOSEs, the DSA seeks to make platforms more responsive to reports of illegality and to prevent the systemic spread of such content.
• Safeguarding Freedom of Expression: Simultaneously, the DSA acknowledges the critical importance of freedom of expression, a cornerstone of democratic societies. The Act seeks to balance the removal of illegal content with the prevention of arbitrary censorship or over-moderation. It introduces mechanisms such as ‘statement of reasons’ for content removal, internal complaint handling systems, and external dispute resolution, ensuring users have avenues to challenge moderation decisions they believe infringe upon their right to free speech. This delicate balance is a recurring theme throughout the DSA’s provisions.
• Privacy and Data Protection: While the General Data Protection Regulation (GDPR) remains the primary legislation for data protection, the DSA reinforces privacy by imposing specific transparency requirements related to how user data is used, particularly for targeted advertising. It prohibits targeting based on sensitive personal data (e.g., religion, sexual orientation, political views) and offers increased protection for minors, preventing targeted advertising to them based on profiling.
• Consumer Protection: For online marketplaces, the DSA introduces obligations aimed at protecting consumers from unsafe or illegal products and services. This includes requiring marketplaces to verify the identity of traders, design interfaces that prevent illicit trading, and provide clear information to consumers about the products they purchase.

3.2 Accountability of Digital Service Providers: Beyond Mere Intermediaries

A pivotal shift introduced by the DSA is the move from a largely passive liability regime (as seen in the E-Commerce Directive) to a framework that instills greater proactive accountability on the part of digital service providers. The DSA recognizes that platforms are not merely neutral conduits but active shapers of online experiences, and thus bear a responsibility for the content and interactions they facilitate.

• Risk Management: For VLOPs and VLOSEs, accountability translates into a duty to identify, assess, and mitigate systemic risks associated with their services. This is a fundamental departure from previous regulations, compelling platforms to proactively analyze their impact on fundamental rights, public discourse, and safety.
• Transparency in Operations: Accountability is also fostered through unprecedented transparency requirements. Platforms are mandated to provide clear terms and conditions, publish regular transparency reports detailing their content moderation efforts, disclose information about their advertising systems, and explain how their recommender systems operate. This transparency allows regulators, researchers, and the public to scrutinize platform behavior and hold them to account.
• Internal Governance: The DSA requires platforms to establish robust internal governance structures, including dedicated compliance functions, to ensure adherence to their obligations. This includes competent and adequately resourced content moderation teams, as well as clear internal complaint handling systems.

3.3 Harmonization of Regulations: A Unified Digital Single Market

Before the DSA, the absence of a comprehensive EU-wide framework led to a fragmented regulatory landscape. Member states independently enacted their own laws to address online harms, resulting in a ‘patchwork’ of differing rules, enforcement standards, and legal interpretations. This fragmentation created significant legal uncertainty for digital service providers operating across borders, leading to increased compliance costs and potential obstacles to the free flow of services within the Digital Single Market.

The DSA aims to establish a uniform, harmonized set of rules applicable across all 27 EU member states. This harmonization offers several benefits:

• Legal Certainty: It provides a clear and predictable legal framework for online platforms, simplifying compliance efforts and fostering innovation by reducing the burden of navigating divergent national laws.
• Level Playing Field: By applying the same rules to all service providers operating within the EU, the DSA ensures a level playing field, preventing regulatory arbitrage and promoting fair competition.
• Enhanced User Protection: A unified approach guarantees a consistent level of protection for users, regardless of which member state they reside in or which platform they use. This means a similar standard for reporting illegal content, appealing decisions, and understanding platform policies.
• More Effective Enforcement: Harmonization facilitates cross-border cooperation between national authorities and the European Commission, leading to more efficient and effective enforcement against non-compliant platforms.

3.4 Promotion of Innovation: Balancing Regulation with Digital Growth

While imposing significant new obligations, the DSA also aims to foster innovation and growth within the digital economy. The EU recognizes that over-regulation can stifle creativity and hinder the emergence of new services. The DSA attempts to strike a delicate balance through several mechanisms:

• Tiered Approach: By applying a graduated set of obligations, with less stringent rules for smaller platforms and SMEs, the DSA seeks to avoid disproportionate burdens on nascent businesses, allowing them to innovate without being immediately overwhelmed by complex compliance requirements. This tiered structure ensures that the heaviest responsibilities fall on those platforms with the greatest systemic impact.
• Legal Clarity: A clear, predictable regulatory environment can, paradoxically, foster innovation. By setting clear ‘rules of the game,’ the DSA reduces legal uncertainty, allowing innovators to design services with compliance in mind from the outset, rather than facing retrospective legislative changes.
• Fairer Competition: By addressing the dominance of VLOPs/VLOSEs and ensuring greater transparency, the DSA aims to create a more competitive digital market. This could open avenues for smaller, innovative players to compete more effectively, leading to a richer diversity of digital services for users.
• Focus on Systemic Risks: The Act’s focus on systemic risks rather than micromanaging every content moderation decision allows platforms flexibility in how they achieve compliance, encouraging innovative solutions for content governance, algorithmic transparency, and user empowerment. The DSA specifies the what (outcomes) but often leaves the how (implementation) to the platforms, encouraging creative solutions.

These core objectives collectively articulate the EU’s vision for a digital future where the vast benefits of online services are harnessed responsibly, safeguarding democratic values and fundamental rights while continuing to spur technological advancement.

Many thanks to our sponsor Panxora who helped us prepare this research report.

4. Scope and Tiers of Obligation within the Digital Services Act

The Digital Services Act adopts a differentiated and proportionate approach to regulating digital services, establishing a clear hierarchy of obligations based on the nature of the service and its reach. This tiered system ensures that the most stringent requirements are applied to the largest platforms with the greatest societal impact, while smaller entities face lighter, more manageable burdens.

4.1 Categories of Digital Services Covered

The DSA covers a broad spectrum of ‘intermediary services,’ defined expansively to capture almost any service that involves the transmission or storage of information provided by a recipient of the service. These are categorized into four main tiers, each with escalating obligations:

1. Mere Conduit Services: These are services that involve the transmission of information provided by a recipient of the service in a communication network, or the provision of access to a communication network. Examples include Internet Service Providers (ISPs), Wi-Fi providers, and other network infrastructure providers. Their obligations under the DSA are minimal, primarily limited to a general prohibition on monitoring content and a duty to cooperate with judicial or administrative orders.

2. Caching Services: These services involve the automatic, intermediate, and temporary storage of information provided by a recipient of the service, performed for the sole purpose of making the information’s onward transmission more efficient. Examples include Content Delivery Networks (CDNs) and proxy servers. Like mere conduit providers, their obligations are limited, mainly concerning transparency and cooperation with authorities, particularly regarding swift removal of content upon order.

3. Hosting Services: This is a broader category encompassing services that store information provided by a recipient of the service at the request of the recipient. This category includes cloud storage services, web hosting providers, and online platforms. The DSA introduces more significant obligations for hosting services, including robust ‘notice and action’ mechanisms for illegal content, contact points for authorities and users, and transparency regarding content moderation policies.

4. Online Platforms: This is a sub-category of hosting services that store and disseminate information to the public, at the request of a recipient of the service. This includes social networks (e.g., Facebook, X, Instagram), online marketplaces (e.g., Amazon, eBay), app stores, and content-sharing platforms (e.g., YouTube, TikTok). Online platforms face more extensive obligations than general hosting services, encompassing enhanced transparency, internal complaint-handling systems, out-of-court dispute resolution mechanisms, and measures against illegal goods and services for marketplaces.

5. Very Large Online Platforms (VLOPs) and Very Large Online Search Engines (VLOSEs): These are the highest tier of digital service providers and are subject to the most stringent and far-reaching obligations under the DSA. A platform or search engine is designated as a VLOP or VLOSE if it has an average of 45 million or more monthly active recipients of its service in the European Union. This threshold, equivalent to 10% of the EU’s population, signifies a significant systemic reach and impact. The European Commission is responsible for designating VLOPs and VLOSEs based on the data provided by the platforms themselves. The rationale behind this stringent tier is the recognition that platforms of this scale possess unique power and influence, carrying inherent systemic risks that necessitate enhanced oversight and proactive risk management.

4.2 Differentiated Obligations across Tiers

The DSA’s brilliance lies in its graduated approach, ensuring that regulatory burdens are proportionate to the size and impact of the service provider:

• Universal Obligations (for all intermediary services): All service providers covered by the DSA, regardless of their size, must:

  • Establish a single point of contact for direct communication with member states’ authorities and the Commission.
  • Establish a single point of contact for users.
  • Include certain information in their terms and conditions, outlining restrictions on content and how content moderation decisions are made.
  • Act on illegal content reports in a timely and objective manner (‘notice and action’).

• Additional Obligations for Hosting Services (including Online Platforms): In addition to the universal obligations, hosting services must:

  • Implement robust ‘notice and action’ mechanisms that are easy to use and allow for specific and substantiated reports of illegal content.
  • Provide a clear ‘statement of reasons’ to users when content is removed, restricted, or when accounts are suspended.
  • Implement internal complaint-handling systems for users to challenge moderation decisions.
  • Cooperate with ‘trusted flaggers’ – specialized entities recognized by national Digital Services Coordinators for their expertise and reliability in identifying illegal content.

• Specific Obligations for Online Platforms: Online platforms face further requirements, including:

  • Implementing effective out-of-court dispute settlement mechanisms.
  • Measures against illegal content online, including addressing repeated illegal content uploaders.
  • For online marketplaces, specific measures to ensure that products or services offered by traders are safe and legal, including verifying trader identity and designing interfaces to prevent illicit trading.
  • Transparency regarding online advertising, including disclosing that content is an advertisement and who paid for it.

• Most Extensive Obligations for VLOPs and VLOSEs: As detailed in the following section, these entities bear the heaviest responsibilities, reflecting their systemic impact on public discourse, safety, and fundamental rights within the EU.

This tiered structure is central to the DSA’s efficacy, allowing it to address the varied complexities of the digital ecosystem without stifling innovation or overburdening smaller entities, while simultaneously ensuring comprehensive oversight of the most influential online actors.

Many thanks to our sponsor Panxora who helped us prepare this research report.

5. Enhanced Obligations for Very Large Online Platforms (VLOPs) and Very Large Online Search Engines (VLOSEs)

For Very Large Online Platforms (VLOPs) and Very Large Online Search Engines (VLOSEs), the Digital Services Act introduces a distinct and significantly more rigorous set of obligations. These entities, identified by their substantial reach of over 45 million monthly active users in the EU, are deemed to carry systemic risks that necessitate proactive and extensive regulatory oversight. The rationale is that their sheer scale and pervasive influence can amplify harms, shape public discourse, and impact fundamental rights in ways that smaller platforms cannot.

5.1 Systemic Risk Assessment and Mitigation

One of the most innovative and demanding requirements for VLOPs and VLOSEs is the mandatory annual assessment and mitigation of systemic risks arising from their services. This is a proactive duty, shifting the responsibility from merely reacting to individual pieces of illegal content to identifying and addressing the underlying mechanisms that might facilitate harm.

• Types of Systemic Risks: The DSA identifies several categories of systemic risks that platforms must analyze:

  • Dissemination of illegal content: This includes the spread of child sexual abuse material, hate speech, terrorism content, and counterfeit goods. Platforms must analyze how their systems (e.g., recommender algorithms, design choices) might inadvertently amplify such content.
  • Negative effects on fundamental rights: This encompasses risks to freedom of expression, media freedom, privacy, non-discrimination, and children’s rights. For example, biased algorithms or overly aggressive content moderation could infringe on these rights.
  • Negative effects on public health, minors, civic discourse, and electoral processes: Risks include the spread of health misinformation, content detrimental to minors’ well-being, the manipulation of political debates, and foreign interference in elections.
  • Gender-based violence and mental health impacts: Platforms must consider how their services might contribute to or exacerbate issues like online harassment, cyberbullying, or body image concerns.

• Risk Assessment Process: VLOPs and VLOSEs are required to:

  • Conduct annual risk assessments, evaluating the design, functioning, and use of their services, including their algorithmic systems (e.g., recommender systems, ad targeting systems).
  • Involve independent auditors in these assessments to ensure objectivity and thoroughness.
  • Publicly disclose key findings of their risk assessments, subject to data protection and commercial confidentiality constraints.

• Risk Mitigation Measures: Based on their assessments, platforms must implement reasonable, proportionate, and effective mitigation measures. These can include:

  • Adapting recommender systems: Modifying algorithms to reduce the amplification of harmful or illegal content, offering users options to customize or disable recommender systems.
  • Improving content moderation: Investing in more human moderators, especially with local linguistic and cultural expertise, and developing more sophisticated AI tools for detection and prioritization.
  • Vetting advertisers and users: Implementing stricter ‘Know Your Business Customer’ (KYBC) processes for advertisers and marketplace sellers to prevent the spread of fraudulent or illegal goods and services.
  • Enhancing user reporting tools: Making it easier for users to report various types of harmful content and track the status of their reports.
  • Crisis response mechanisms: Establishing protocols for responding rapidly to emerging crises, such as surges in disinformation during public health emergencies or elections.

5.2 Enhanced Transparency Requirements

Transparency is a cornerstone of the DSA, particularly for VLOPs and VLOSEs, designed to shed light on internal operations that have historically been opaque.

• Comprehensive Transparency Reports: These platforms must publish very detailed, semi-annual transparency reports. These reports go beyond basic metrics to include data on:

  • The number of content moderation actions taken (removals, disabling access, demonetization), broken down by category of content (e.g., hate speech, nudity, misinformation) and the legal basis for the action.
  • The means by which illegal content was detected (e.g., user report, trusted flagger, automated detection).
  • Information on the use and performance of automated content moderation tools.
  • The number of complaints received, internal reviews, and outcomes.
  • Data on the number of active users per member state.

• Transparency on Advertising: VLOPs and VLOSEs must provide users with clear, real-time information about online advertisements, including:

  • That the content is an advertisement.
  • The identity of the natural or legal person on whose behalf the advertisement is displayed.
  • Meaningful information about the main parameters used to determine why the user received the advertisement.
  • Options to change these parameters or opt out of certain targeting.
  • The DSA also prohibits targeting advertising to minors based on their personal data and prohibits targeting based on sensitive personal data (e.g., ethnicity, political opinions, sexual orientation).

• Transparency of Recommender Systems: Platforms must provide clear and accessible explanations of how their recommender systems work, including the main parameters used to suggest content. Crucially, they must offer at least one option for users that is not based on profiling (e.g., chronological feed or content from followed accounts only).

5.3 Data Access for Vetted Researchers

To foster independent scrutiny and academic understanding of systemic risks, the DSA mandates VLOPs and VLOSEs to provide access to their data for vetted researchers. This is a crucial provision aimed at enabling a scientific understanding of how these platforms impact society.

• Who gets access? Access is granted to independent academic researchers and research organizations, provided they are vetted by the Digital Services Coordinator and meet specific criteria for independence, scientific expertise, and ability to protect personal data.
• What data? The data provided must be necessary for specific scientific research into systemic risks within the EU. This can include anonymized aggregated data, but under strict conditions and safeguards, may extend to more granular data where necessary for the research and permitted by data protection law.
• Purpose: The data access is strictly for non-commercial scientific research related to the DSA’s systemic risks and transparency provisions.

5.4 Enhanced User Empowerment

VLOPs and VLOSEs are required to implement even more robust mechanisms to empower users and give them greater control and recourse.

• Effective ‘Notice and Action’ Mechanisms: While all hosting services have these, for VLOPs/VLOSEs, these must be highly accessible, user-friendly, and capable of handling high volumes of reports effectively.
• Internal Complaint-Handling System: Platforms must provide an internal system for users to lodge complaints against content moderation decisions (e.g., removal, account suspension). This system must be free of charge, easy to access, and ensure that complaints are reviewed in a timely, non-discriminatory, and non-arbitrary manner by adequately qualified staff.
• Out-of-Court Dispute Settlement: Users must have the option to refer disputes concerning content moderation decisions to certified out-of-court dispute settlement bodies, providing an impartial third-party review without resorting to litigation.
• Trusted Flaggers: VLOPs/VLOSEs must prioritize and process notices from ‘trusted flaggers’ — specialized entities designated by Digital Services Coordinators based on their expertise, independence, and experience in identifying illegal content. This aims to accelerate the removal of clearly illegal material.
• Prohibition of Dark Patterns: The DSA specifically prohibits the use of ‘dark patterns’ – deceptive interface designs that manipulate users into making choices they might not otherwise make, particularly in relation to privacy settings or service subscriptions.
• Protection of Minors: Explicit measures are required to protect minors, including a ban on targeted advertising based on profiling of minors and obligations to design services with minors’ best interests in mind.

These enhanced obligations underscore the EU’s determination to regulate the most powerful digital actors commensurate with their profound societal influence, shifting the paradigm towards greater transparency, accountability, and user-centricity in the digital realm.

Many thanks to our sponsor Panxora who helped us prepare this research report.

6. Enforcement Mechanisms: A Multi-Layered Approach

Effective enforcement is paramount to the success of any ambitious legislative initiative, and the Digital Services Act establishes a robust, multi-layered enforcement architecture. This system balances national oversight with centralized EU-level powers, particularly for Very Large Online Platforms (VLOPs) and Very Large Online Search Engines (VLOSEs).

6.1 Designated Digital Services Coordinators (DSCs)

Each EU member state is required to appoint an independent national Digital Services Coordinator (DSC). These DSCs are the primary points of contact for service providers and users within their respective jurisdictions and play a crucial role in overseeing compliance for all digital services falling under the DSA, with the exception of VLOPs/VLOSEs, which fall under the direct purview of the European Commission.

• Responsibilities: DSCs are responsible for:

  • Receiving and investigating complaints from users and ‘trusted flaggers’ regarding non-compliance.
  • Issuing enforcement orders, including requiring information from service providers, ordering the cessation of infringements, or imposing fines for non-compliance with the DSA within their jurisdiction.
  • Facilitating out-of-court dispute settlement bodies.
  • Cooperating with other DSCs across the EU and with the European Commission to ensure consistent application of the DSA.
  • Recognizing ‘trusted flaggers’ and independent research organizations.
  • Imposing fines for breaches, with national laws dictating the precise amounts, typically up to 6% of a company’s global annual turnover for serious infringements, mirroring the Commission’s powers for VLOPs/VLOSEs, or 1% for providing incorrect information.

• Independence: The DSA emphasizes the need for DSCs to be independent of political and economic influence, ensuring impartial enforcement.

6.2 The European Commission’s Direct Supervisory Role

The European Commission holds direct and exclusive supervisory and enforcement powers over VLOPs and VLOSEs. This centralization of power reflects the cross-border and systemic nature of these platforms’ impact and the need for a unified approach to regulation. The Commission acts as the primary regulator for the largest online players, working closely with the DSCs through the European Board for Digital Services.

• Investigation Powers: The Commission has extensive investigative powers, including the ability to:

  • Request information from VLOPs/VLOSEs.
  • Conduct on-site inspections.
  • Interview personnel.
  • Demand access to databases and algorithms.
  • Order independent audits of platforms’ risk management systems.

• Enforcement Actions and Sanctions: For non-compliance with the DSA, particularly by VLOPs/VLOSEs, the Commission can impose significant penalties:

  • Fines: Fines can be up to 6% of a company’s global annual turnover for infringements of the DSA’s obligations. This percentage is designed to be a substantial deterrent, reflecting the immense revenues of these platforms. For example, a 6% fine on a multi-billion euro global turnover could amount to billions of euros, as seen in recent cases involving tech giants by the EU (e.g., potential fines against X, Meta, and Apple as indicated in references).
  • Periodic Penalties: If a VLOP/VLOSE fails to comply with corrective measures ordered by the Commission, it may face daily fines of up to 5% of its average daily worldwide turnover until compliance is achieved. This ensures swift adherence to remedial actions.
  • Commitment Decisions: The Commission can accept commitments from platforms to address specific compliance issues, making these commitments legally binding.

• Temporary Suspension of Service (Measure of Last Resort): In the most severe and exceptional cases, where a VLOP or VLOSE commits a serious and repeated infringement that causes grave harm to fundamental rights and has failed to comply with previous orders, the Commission can request a judicial order for the temporary suspension of the service within the EU. This is an extreme measure, requiring judicial oversight, and is envisioned only as a last resort in egregious circumstances where other enforcement actions have failed.

6.3 The European Board for Digital Services

The DSA establishes the European Board for Digital Services, an advisory body composed of the heads of the national Digital Services Coordinators. This Board plays a crucial role in ensuring the consistent application of the DSA across the EU.

• Cooperation and Coordination: The Board facilitates cooperation between national DSCs and the Commission, exchanging best practices, developing guidelines, and issuing opinions on enforcement matters.
• Advisory Role: It advises the Commission and DSCs on emerging issues, enforcement priorities, and the development of codes of conduct for platforms.
• Ensuring Consistency: The Board helps prevent divergent interpretations and enforcement outcomes across member states, thereby strengthening the harmonization objective of the DSA.

This multi-pronged enforcement framework, with its significant financial penalties and direct oversight of the largest platforms by the Commission, represents a powerful new tool in the EU’s regulatory arsenal. It signals a clear intent to move beyond voluntary compliance and ensure that digital service providers are held genuinely accountable for their actions and their impact on European citizens.

Many thanks to our sponsor Panxora who helped us prepare this research report.

7. Implementation Challenges for Tech Companies

The Digital Services Act presents a complex array of implementation challenges for tech companies, varying in scale and intensity depending on their size and the tier of obligations they fall under. While the DSA aims for harmonization and a level playing field, the practical realities of adapting existing operations to new, stringent legal requirements can be significant.

7.1 Compliance Costs

Adhering to the DSA’s extensive requirements necessitates substantial investments in resources, infrastructure, and personnel. For Very Large Online Platforms (VLOPs) and Very Large Online Search Engines (VLOSEs), these costs can be enormous.

• Human Resources: Platforms need to hire and train additional staff across various departments. This includes more content moderators (who often require linguistic and cultural expertise for all 24 official EU languages), legal and policy experts to interpret the DSA’s nuances, compliance officers, data scientists for risk assessments, and engineers to redesign systems. The need for human oversight is critical, as algorithmic solutions alone are often insufficient for complex content moderation decisions.
• Technological Infrastructure: Significant investment is required to adapt existing technological systems. This includes developing new interfaces for user reporting and appeals, enhancing transparency features for advertising and recommender systems, building secure APIs for data access for researchers, and overhahauling internal data governance frameworks to ensure compliance with risk assessment and reporting mandates.
• Auditing and Reporting: The requirement for independent audits of risk management systems, along with the extensive semi-annual transparency reports, incurs significant costs associated with external auditors and internal data collection and reporting processes.
• Legal and Consulting Fees: Navigating the complexities of the DSA, particularly in its initial implementation phase, often requires extensive engagement with legal counsel and specialized consultants to ensure proper interpretation and application of the new rules.

For smaller platforms and SMEs, while the immediate financial penalties might be less severe, the relative burden of compliance can be disproportionately high. They may lack the internal resources and expertise to readily adapt, potentially leading to competitive disadvantages or barriers to entry.

7.2 Data Management and Access

The DSA’s requirements concerning data management present a dual challenge: ensuring transparency and providing data access for research, while simultaneously upholding stringent user privacy protections under the GDPR.

• Balancing Transparency and Privacy: Platforms must find sophisticated ways to anonymize and aggregate data for transparency reports and researcher access without compromising the privacy of individual users. This requires advanced data governance protocols and potentially the development of privacy-enhancing technologies.
• Technical Implementation of Data Access: Granting secure, controlled, and meaningful data access to vetted researchers, as mandated for VLOPs/VLOSEs, is a complex technical undertaking. It involves creating dedicated APIs, secure data environments, and robust authentication mechanisms, while also negotiating data sharing agreements that address liability and data misuse concerns.
• Data Integrity and Storage: The sheer volume of data generated by VLOPs/VLOSEs means that data storage, management, and retrieval for compliance purposes alone represent a substantial operational challenge.

7.3 Content Moderation: Navigating Complexity and Scale

Content moderation under the DSA is arguably one of the most challenging areas, fraught with definitional ambiguities, scalability issues, and inherent tensions between competing rights.

• Defining ‘Illegal Content’: The DSA defers to national laws for the definition of ‘illegal content.’ This means platforms must be cognizant of 27 different national legal systems, each with potentially distinct interpretations of what constitutes hate speech, defamation, or other illegal acts. This multi-jurisdictional approach adds immense complexity, requiring granular, country-specific moderation policies.
• ‘Harmful Content’ vs. ‘Illegal Content’: While the DSA primarily targets illegal content, it also implicitly influences the management of ‘harmful but legal’ content through systemic risk assessments. Platforms must navigate this fine line, often facing public and political pressure to remove content that, while undesirable, may not strictly be illegal, posing risks to freedom of expression.
• Scalability: Moderating billions of pieces of content daily across diverse languages and cultural contexts is a monumental task. Reliance on Artificial Intelligence (AI) for detection is necessary but imperfect, often prone to errors, biases, and a lack of contextual understanding. Over-reliance on AI can lead to ‘false positives’ (legitimate content removed) or ‘false negatives’ (illegal content missed).
• Safeguarding Freedom of Expression: The DSA’s emphasis on user redress mechanisms (statement of reasons, appeals) aims to prevent arbitrary removals. However, platforms must invest heavily in ensuring their moderation teams are well-trained to make nuanced decisions that balance user safety with freedom of expression, avoiding a ‘chilling effect’ where legitimate speech is stifled due to fear of arbitrary removal.

7.4 Legal Uncertainties and Interpretations

As a nascent and comprehensive piece of legislation, the DSA inevitably introduces a degree of legal uncertainty during its initial phases of implementation.

• Guidance and Case Law: Tech companies will rely heavily on forthcoming guidelines from the European Commission and national Digital Services Coordinators to clarify ambiguous provisions. However, these guidelines will evolve, and definitive interpretations will only emerge through administrative decisions and judicial case law over time.
• Divergence in National Enforcement: Despite the DSA’s harmonization objective, there is a risk of divergent interpretations and enforcement priorities among the national DSCs, particularly for services that fall below the VLOP/VLOSE threshold. This could reintroduce some of the fragmentation the DSA sought to eliminate.
• Jurisdictional Complexity: For global tech companies, adapting their services specifically for the EU market, while maintaining global consistency or managing different regulatory regimes worldwide, adds layers of jurisdictional and operational complexity.
• Technological Agnosticism vs. Specificity: The DSA attempts to be technologically neutral, but applying its principles to rapidly evolving technologies like generative AI, virtual reality, or the metaverse will present ongoing interpretative challenges. Regulators and platforms will need to continuously adapt to new forms of digital interaction and associated risks.

Addressing these implementation challenges requires not only significant financial and human capital but also a strategic shift in corporate culture towards proactive compliance, transparency, and a deeper understanding of platforms’ societal responsibilities. The DSA marks a significant paradigm shift, demanding that tech companies integrate regulatory adherence into their core operational and product development processes.

Many thanks to our sponsor Panxora who helped us prepare this research report.

8. Effectiveness in Achieving Stated Goals: Early Indicators and Lingering Challenges

The Digital Services Act is a relatively new piece of legislation, with its full provisions for Very Large Online Platforms (VLOPs) and Very Large Online Search Engines (VLOSEs only coming into effect in August 2023, and for other services in February 2024. Therefore, a definitive assessment of its long-term effectiveness is still premature. However, early indicators and initial responses from platforms and regulators suggest both promising progress and persistent challenges.

8.1 Enhanced Transparency and Accountability

One of the most immediate and tangible impacts of the DSA has been a noticeable increase in transparency from VLOPs and VLOSEs. The legal mandate for detailed, semi-annual transparency reports has compelled platforms to disclose unprecedented levels of information about their content moderation practices, algorithmic decision-making, and advertising policies.

• Comprehensive Reports: Platforms are now publishing extensive reports detailing the volume of content removed, the reasons for removal, the methods of detection, and data on user complaints and appeals. This data is invaluable for researchers, regulators, and the public to understand the scale and nature of content moderation efforts. For instance, companies like Meta, Google, and X (formerly Twitter) have begun releasing more granular data on moderation actions and risk assessments, albeit with varying degrees of detail and clarity.
• Clearer Terms of Service: The DSA has pushed platforms to make their terms and conditions more accessible and understandable, outlining their content policies and enforcement mechanisms with greater clarity.
• Advertising Disclosures: Users are increasingly seeing clearer labels on advertisements and more information about who is paying for them and why they are being targeted. While imperfect, this represents a significant step towards demystifying the opaque world of online advertising.

This heightened transparency is a crucial step towards greater accountability, enabling external scrutiny and fostering a more informed public debate about platform governance. It allows for the identification of systemic issues and provides a baseline against which platforms’ future performance can be measured.

8.2 Improved User Safety and Rights

While difficult to quantify definitively in the short term, there are early indications that the DSA is contributing to improved user safety and stronger protection of user rights.

• More Responsive Content Moderation: The ‘notice and action’ framework, coupled with the threat of significant fines, is incentivizing platforms to act more swiftly and comprehensively on reports of illegal content, such as child sexual abuse material (CSAM), hate speech, and the sale of dangerous goods. The prioritization of ‘trusted flaggers’ also streamlines the removal of clearly illegal content.
• Enhanced Redress Mechanisms: Users now have clearer pathways to challenge content moderation decisions through internal complaint systems and external out-of-court dispute resolution bodies. This provides a crucial safeguard against arbitrary censorship and strengthens fundamental rights like freedom of expression. The requirement for ‘statement of reasons’ for content removal ensures users understand why their content was affected.
• Protection for Minors: The prohibition of targeted advertising based on profiling of minors is a significant step towards safeguarding children’s online experience, reducing their exposure to potentially manipulative commercial practices.

However, ensuring ‘improved user safety’ is a continuous battle against evolving threats. The ‘whack-a-mole’ problem, where illegal content reappears quickly or migrates to other platforms, remains a persistent challenge.

8.3 Increased Accountability and Deterrence

The most significant enforcement actions are only just beginning to materialize, but the DSA’s potent penalty structure is already having a deterrent effect, forcing VLOPs/VLOSEs to prioritize compliance.

• Commission Investigations: The European Commission has initiated formal investigations into several major platforms, including X (formerly Twitter) regarding alleged breaches related to illegal content and disinformation, and Meta and TikTok concerning transparency and user protection rules (as referenced in the provided articles). These investigations demonstrate the Commission’s readiness to use its new powers and send a strong signal to other platforms.
• Market Behavior Changes: Even prior to full enforcement, the prospect of fines up to 6% of global annual turnover has prompted VLOPs/VLOSEs to dedicate significant resources to compliance. This includes hiring more staff, revamping internal policies, and redesigning parts of their services to align with DSA requirements. The EU’s fines against Apple and Meta under new digital regulation, though potentially more related to the DMA, illustrate the bloc’s willingness to levy substantial penalties.

8.4 Lingering Challenges and Areas for Improvement

Despite these positive initial signs, several challenges remain in ensuring the DSA’s full and consistent effectiveness:

• Consistent Enforcement: A key challenge lies in ensuring consistent enforcement across all 27 EU member states, particularly for platforms that do not fall under the direct supervision of the European Commission. The capacity, resources, and independence of national Digital Services Coordinators (DSCs) will be crucial in this regard. Divergent national interpretations could undermine the harmonization objective.
• Resource Allocation: Both platforms and regulators face significant resource demands. Platforms must continuously invest in compliance, while DSCs and the Commission need sufficient funding, technical expertise, and human capital to effectively monitor, investigate, and enforce the DSA, especially against sophisticated global tech giants.
• Evolving Digital Risks: The digital landscape is constantly evolving, with new technologies (e.g., generative AI, deepfakes, metaverse environments) and new forms of harm emerging regularly. The DSA, while aiming to be future-proof, will need continuous evaluation and potential adaptation to remain relevant and effective against these novel threats.
• Content Moderation Dilemmas: The tension between freedom of expression and user safety remains inherent. Platforms must make difficult, often subjective, decisions daily. There is a continuous risk of either over-moderation (leading to censorship claims) or under-moderation (leading to insufficient protection against harm).
• Data Access for Researchers: While mandated, the practical implementation of secure, meaningful, and timely data access for vetted researchers is a complex undertaking, requiring ongoing cooperation and trust-building between platforms and academia.
• The ‘Brussels Effect’ and Global Backlash: While the DSA aims to set global standards, it can also lead to political friction. The Associated Press reports on the US barring Europeans accused of pressuring tech firms to censor, and the EU’s subsequent warning, underscore the geopolitical dimensions and potential for backlash when a single jurisdiction attempts to regulate global internet services.

In conclusion, the DSA has undeniably set a new global benchmark for platform regulation, driving greater transparency and accountability. However, its ultimate effectiveness will depend on consistent and well-resourced enforcement, adaptive regulatory responses to technological evolution, and a continued commitment to balancing fundamental rights in the complex digital sphere.

Many thanks to our sponsor Panxora who helped us prepare this research report.

9. Broader Impact on Global Content Moderation Practices

The European Union has historically demonstrated a unique capacity to influence global regulatory trends, a phenomenon often referred to as the ‘Brussels Effect.’ The Digital Services Act (DSA) is poised to exert a similar influence on global content moderation practices and the broader landscape of digital regulation, compelling platforms to adapt their operations worldwide.

9.1 Setting Regulatory Standards: The ‘Brussels Effect’

The DSA’s comprehensive and stringent framework for platform accountability and content moderation is rapidly emerging as a de facto global standard. Multilateral companies, particularly Very Large Online Platforms (VLOPs) and Very Large Online Search Engines (VLOSEs), often find it economically and operationally more efficient to implement a single, high standard of compliance across all their global operations rather than maintaining separate, country-specific systems. This phenomenon, where companies adopt EU regulatory standards globally due to the EU’s significant market size and political influence, means that the DSA’s principles can indirectly shape content moderation and platform design far beyond the EU’s borders.

• Influence on Internal Policies: Many global tech companies are likely to adjust their internal content moderation policies, terms of service, and transparency reporting standards to align with the DSA’s requirements, even for users outside the EU. This can lead to a global uplift in user protection and accountability measures.
• Blueprint for Other Jurisdictions: Governments worldwide, grappling with similar challenges of online harms, disinformation, and platform power, are closely observing the DSA’s implementation and effectiveness. The DSA’s tiered approach, systemic risk management framework, and emphasis on transparency and user redress mechanisms are being studied as potential models for national or regional legislation in other parts of the world. Countries in Africa, Asia, and Latin America are considering similar approaches to digital governance, looking to the EU for guidance on establishing robust regulatory frameworks.

9.2 Encouraging Global Transparency

The DSA’s robust transparency requirements, particularly for VLOPs/VLOSEs, are fostering a global shift towards greater openness from platforms. As these companies start publishing detailed reports on their content moderation, advertising practices, and algorithmic systems for EU users, there will be increasing pressure from civil society, academics, and other governments to extend similar levels of transparency globally.

• Increased Scrutiny: Once data becomes available for EU operations, it inevitably invites comparative analysis and questions about similar practices in other regions. This can drive a broader demand for platforms to be more transparent about their impact and operations worldwide.
• Public and Research Demands: The DSA’s provisions for data access for vetted researchers in the EU will likely inspire similar calls from academic communities and advocacy groups in other countries, pushing for greater availability of platform data for public interest research globally.

9.3 Balancing Regulation and Innovation: A Global Debate

The DSA reignites a global debate on the appropriate balance between regulating digital services to mitigate harms and fostering innovation. The EU’s stance is that a clear, predictable regulatory environment, far from stifling innovation, can actually encourage it by ensuring fair competition and building user trust. This perspective challenges the long-held Silicon Valley ethos of minimal regulation.

• Shifting Business Models: The DSA’s provisions, such as those related to targeted advertising and recommender systems, may prompt platforms to rethink their business models and product design, emphasizing user choice and data privacy over aggressive data monetization. These changes, once implemented for the EU, could permeate global product offerings.
• Responsibility as a Design Principle: The DSA encourages a ‘safety by design’ or ‘accountability by design’ approach, where platform responsibility is considered from the outset of product development, rather than as an afterthought. This philosophical shift could influence global best practices in software development and platform architecture.

9.4 Impact on Geopolitical Relations and Digital Sovereignty

The DSA also has geopolitical implications, as it asserts the EU’s digital sovereignty and its right to regulate global tech companies operating within its borders. This can lead to friction with other nations, particularly the United States, which has traditionally favored a lighter touch for its tech giants.

• Clash of Regulatory Philosophies: The EU’s proactive, rights-based regulatory approach contrasts sharply with the US’s First Amendment-centric view and Section 230 liability shield (discussed in the next section), which prioritizes free speech and minimizes platform liability. This divergence could lead to ongoing diplomatic and trade disputes.
• Data Flows and Jurisdictional Reach: The DSA’s extraterritorial reach, applying to any service provider targeting EU users regardless of their establishment, highlights the complexities of governing a global internet and raises questions about national jurisdiction over digital spaces.

In essence, the DSA is not just a European law; it is a powerful statement about the future of digital governance. Its comprehensive nature, coupled with the EU’s market power, positions it as a significant force shaping how platforms operate, moderate content, and engage with users worldwide, driving a global conversation about the responsibilities that come with immense digital influence.

Many thanks to our sponsor Panxora who helped us prepare this research report.

10. Comparative Analysis with Other Emerging Digital Regulations

The Digital Services Act is part of a broader global trend towards increased scrutiny and regulation of digital services. While the DSA stands out for its comprehensive and tiered approach to platform accountability and content moderation, it is crucial to understand its unique features by comparing it with other significant regulatory initiatives worldwide. These comparisons reveal diverse philosophical underpinnings and policy priorities across different jurisdictions.

10.1 United States: Section 230 of the Communications Decency Act

Section 230 of the US Communications Decency Act of 1996 stands in stark contrast to the DSA’s fundamental approach to platform liability. Often summarized by the phrase ‘platforms are not publishers,’ Section 230(c)(1) provides broad immunity to online platforms from liability for user-generated content, stating that ‘No provider or user of an interactive computer service shall be treated as the publisher or speaker of any information provided by another information content provider.’ Furthermore, Section 230(c)(2) grants immunity for platforms’ ‘good Samaritan’ efforts to moderate content, protecting them from liability for removing or restricting access to objectionable material.

• Core Principle: The underlying philosophy of Section 230 is to foster a vibrant and open internet by shielding platforms from the immense legal burden of policing every piece of user-generated content. This immunity allowed platforms to grow rapidly without fear of endless lawsuits over third-party speech, thereby promoting free expression and innovation.
• Critiques: In recent years, Section 230 has faced intense criticism from across the political spectrum. Critics on the right argue it allows platforms to censor conservative viewpoints with impunity, while critics on the left contend it allows platforms to escape responsibility for the spread of hate speech, disinformation, and other harmful content. Both sides argue that platforms have become too powerful and should be more accountable.
• Key Difference from DSA: The most fundamental difference is the DSA’s proactive approach to platform responsibility and its shift away from broad immunity. While the DSA retains a conditional liability exemption for hosting providers (‘safe harbour’), it imposes extensive duties of care, risk assessment, and transparency, particularly on VLOPs/VLOSEs. The DSA views platforms not as passive conduits but as active shapers of online environments, thus mandating a higher degree of accountability. There is no equivalent to Section 230’s broad immunity in the DSA.
• Ongoing Debates: There are ongoing efforts in the US to reform Section 230, ranging from calls for its complete repeal to more targeted amendments that would carve out exceptions for specific types of content (e.g., child exploitation) or impose duties of care. However, any reform faces significant constitutional hurdles related to the First Amendment, which provides robust protection for free speech.

10.2 United Kingdom: Online Safety Act (OSA)

The UK’s Online Safety Act, which received Royal Assent in October 2023, is another landmark piece of legislation that shares some common goals with the DSA but adopts a distinct regulatory philosophy and enforcement model.

• Core Principle: The OSA introduces a ‘duty of care’ on online platforms to protect users from illegal and harmful content. It distinguishes between illegal content and ‘legal but harmful’ content, with different obligations for each. A key focus is the protection of children.
• Scope: The OSA applies to user-to-user services (e.g., social media, forums) and search engines. It introduces a tiered approach, similar to the DSA, with stricter obligations for larger platforms and those hosting content likely to be accessed by children.
• ‘Legal but Harmful’ Content: A key differentiator is the OSA’s specific focus on ‘legal but harmful’ content, particularly for children and, for the largest platforms, for adults where such content is specified in terms of service. This introduces a more complex moderation challenge than the DSA’s primary focus on illegal content.
• Enforcement: The UK’s communications regulator, Ofcom, is designated as the independent online safety regulator, with powers to investigate, audit, and impose substantial fines (up to £18 million or 10% of global annual turnover, whichever is greater) for non-compliance. Ofcom also has the power to order platforms to block access to services in the most extreme cases.
• Similarities with DSA: Both the DSA and OSA emphasize risk assessments, transparency reports, robust complaint mechanisms, and duties to swiftly remove illegal content. Both aim to make platforms more accountable and protect users.
• Differences from DSA: The OSA’s concept of ‘legal but harmful’ content (for adults) has been controversial due to concerns about freedom of expression. Its enforcement model is centralized under Ofcom, while the DSA employs a dual national/EU enforcement structure. The DSA’s specific provisions on recommender systems and data access for researchers are more developed.

10.3 Digital Services Taxes (DSTs): Canada and France

Several countries have implemented or proposed Digital Services Taxes (DSTs), which represent a fundamentally different approach to regulating the digital economy. These taxes are primarily fiscal measures, aiming to ensure that large multinational digital companies pay their ‘fair share’ of taxes in the jurisdictions where they generate significant revenue, rather than primarily addressing content moderation or market power.

• Canada’s Digital Services Tax Act: This proposed act would impose a 3% tax on Canadian digital services revenue for companies with annual worldwide revenue of €750 million or more and annual revenue greater than $20 million from Canadian digital services. It targets online marketplaces, online advertising services, and social media services. The tax is a unilateral measure, primarily a response to the slow progress of international efforts to reform global corporate taxation for the digital age (e.g., OECD’s Pillar Two).
• France’s GAFA Tax: Implemented in 2019, France’s ‘GAFA’ tax (named after Google, Apple, Facebook, Amazon) imposes a 3% levy on the French revenues of large digital companies derived from digital advertising, the sale of user data, and marketplace services. It targets companies with global revenue exceeding €750 million and French revenue exceeding €25 million. The French Constitutional Council upheld this tax, signaling its durability. France has committed to repealing its national DST once the OECD’s global tax reform comes into effect.
• Key Difference from DSA: DSTs are revenue-focused and aim to address tax fairness. They do not impose obligations related to content moderation, user safety, transparency of algorithms, or market power. Their impact on digital services is indirect, primarily affecting their financial bottom line rather than their operational practices related to content.

10.4 Germany: Network Enforcement Act (NetzDG)

Germany’s NetzDG, enacted in 2017, was an influential precursor to the DSA, specifically targeting hate speech and other illegal content on social media platforms. It directly informed some aspects of the DSA’s ‘notice and action’ framework.

• Core Principle: NetzDG aimed to combat hate speech and disinformation by requiring social media platforms to remove ‘manifestly illegal’ content within 24 hours of being notified, or within seven days for less clear cases. It applied to platforms with over 2 million registered German users.
• Critiques: NetzDG was criticized for potentially leading to over-moderation (‘chilling effect’) due to the tight deadlines and the significant fines for non-compliance. Critics also argued it delegated too much power to private companies to make complex legal judgments about content legality.
• Relationship with DSA: The DSA’s framework for illegal content supersedes and harmonizes many aspects of NetzDG. The DSA aims to address the ‘chilling effect’ concerns through more robust appeal mechanisms and by placing the most complex risk assessments and oversight with independent authorities rather than solely on platforms.

10.5 Other Global Initiatives

Many other jurisdictions are also developing or considering digital regulations:

• Australia’s Online Safety Act (2021): Empowers the eSafety Commissioner with significant powers to order the removal of cyberbullying, image-based abuse, and other serious online harms, with a focus on child safety.
• India’s Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules (2021): Imposes due diligence requirements on intermediaries, mandates specific grievance redressal mechanisms, and requires rapid takedown of certain content, particularly for ‘significant social media intermediaries.’

This comparative analysis demonstrates that while there is a global consensus on the need to regulate digital services, approaches diverge significantly in terms of their philosophical underpinnings (e.g., free speech vs. safety), policy priorities (e.g., content moderation vs. competition vs. taxation), and enforcement mechanisms. The DSA, with its holistic and systemic approach to platform governance, stands as a particularly ambitious and influential model within this evolving global regulatory landscape.

Many thanks to our sponsor Panxora who helped us prepare this research report.

11. Future Developments in Digital Regulation

The digital landscape is characterized by its relentless pace of innovation, and legislative frameworks like the Digital Services Act must contend with this dynamism. The future of digital regulation is likely to be shaped by ongoing efforts to refine existing laws, adapt to emerging technologies, and navigate complex geopolitical dimensions.

11.1 Global Harmonization and the ‘Brussels Effect’ Persistence

While complete global harmonization of digital regulations remains an ambitious and perhaps unattainable goal due to differing national values, legal traditions, and geopolitical interests, the ‘Brussels Effect’ of the DSA is expected to continue to drive a degree of convergence. Other jurisdictions will likely draw inspiration from the DSA’s structured approach, particularly its tiered obligations, systemic risk management, and transparency requirements. This does not imply identical legislation, but rather a gradual alignment of core principles and best practices.

• Bilateral and Multilateral Engagements: International bodies like the OECD, G7, and G20, along with bilateral dialogues between major economies (e.g., EU-US Trade and Technology Council), will play a crucial role in fostering discussions around common standards for platform accountability, data governance, and cybersecurity. These forums may seek to identify areas for interoperability or mutual recognition of regulatory frameworks to reduce fragmentation for global companies.
• Challenges to Harmonization: Significant obstacles to full harmonization include differing approaches to freedom of speech (e.g., US First Amendment vs. EU’s fundamental rights framework), data localization demands from various countries, and the assertion of national digital sovereignty. The tension between the EU’s proactive regulatory stance and the US’s market-driven approach will likely persist.

11.2 Adaptive Frameworks for Emerging Technologies

The DSA was designed with some degree of ‘future-proofing,’ by focusing on the functions of digital services rather than specific technologies. However, the rapid advancement of technologies will continuously test the adaptability of current regulations.

• Artificial Intelligence (AI) and Generative AI: The rise of generative AI, capable of creating highly realistic text, images, and video, poses significant challenges for content moderation, disinformation, and copyright. While the EU’s AI Act specifically addresses the development and deployment of AI systems, its interplay with the DSA (which regulates the use of AI within online platforms) will need clarification. Future regulations may need to address the provenance of AI-generated content, liability for AI-generated harms, and the role of AI in systemic risk assessments.
• Metaverse and Immersive Technologies: As the internet evolves into more immersive virtual environments (the metaverse), new questions will arise regarding identity, ownership, virtual violence, harassment, and the enforcement of rules in decentralized or persistent virtual worlds. Existing concepts of ‘content’ and ‘users’ may need redefinition, potentially necessitating new regulatory extensions or entirely novel frameworks.
• Decentralized Technologies (Web3, Blockchain): The DSA’s applicability to fully decentralized services, where there is no central intermediary or identifiable service provider, presents a significant conceptual and practical challenge. Future regulations will need to grapple with how to ensure accountability and user protection in truly distributed digital ecosystems.

Regulators will likely move towards more agile and iterative regulatory approaches, incorporating sandbox environments, regulatory impact assessments for new technologies, and a continuous dialogue with innovators and experts to ensure laws remain relevant without stifling innovation.

11.3 Enhanced Enforcement Mechanisms and Resourcing

The effectiveness of the DSA, and future digital regulations, will heavily depend on robust and adequately resourced enforcement mechanisms.

• Strengthening National Capacities: National Digital Services Coordinators (DSCs) will require significant investment in expertise, training, and resources to effectively supervise the vast array of digital services within their jurisdictions. Their ability to conduct investigations, enforce compliance, and cooperate across borders will be critical.
• Cross-Border Cooperation: The European Board for Digital Services will play an increasingly vital role in ensuring consistent application and enforcement across the EU. Mechanisms for efficient information sharing and coordinated action will be further refined.
• Legal Challenges and Judicial Review: As enforcement actions multiply, platforms are likely to challenge fines and orders in court. The evolving body of case law will further define the boundaries and interpretation of the DSA, providing greater clarity over time.
• Global Enforcement Alliances: Faced with powerful global tech companies, regulators may explore enhanced international cooperation, information-sharing agreements, and potentially even joint enforcement actions with like-minded jurisdictions outside the EU.

11.4 Expanding Scope of Digital Governance

Digital regulation is not a static field; it is continuously expanding to cover new facets of the digital economy and society. Beyond content moderation and market power, future developments may include:

• Data Governance: Further refinement of rules around data access, data portability, data sharing, and data altruism, building on the GDPR and the Data Governance Act.
• Cybersecurity: Integrated approaches to cybersecurity and platform integrity, recognizing the interconnectedness of content risks and cyber threats.
• Digital Identity: Development of secure and interoperable digital identity frameworks that empower users while ensuring privacy.
• Platform Worker Rights: Regulation addressing the working conditions and rights of individuals employed by or through digital platforms.

In essence, the future of digital regulation will be a dynamic interplay between legislative innovation, technological evolution, and geopolitical realities. The DSA has laid a formidable foundation, but its legacy will ultimately be defined by its capacity for adaptation and the unwavering commitment of regulators to enforce its principles in a rapidly changing world.

Many thanks to our sponsor Panxora who helped us prepare this research report.

12. Conclusion

The Digital Services Act (DSA) stands as a monumental legislative achievement by the European Union, representing a profound shift in the governance of online platforms and digital services. It moves decisively beyond the limitations of the largely passive liability regime established by the E-Commerce Directive, ushering in an era of heightened transparency, accountability, and user protection across the EU’s Digital Single Market. The Act’s carefully structured, tiered approach, which imposes the most stringent obligations on Very Large Online Platforms (VLOPs) and Very Large Online Search Engines (VLOSEs), reflects a nuanced understanding of the systemic risks these dominant actors pose to fundamental rights, civic discourse, and public safety.

The DSA’s core objectives—safeguarding users from illegal and harmful content, fostering genuine accountability among digital service providers, harmonizing a fragmented regulatory landscape, and promoting innovation within a predictable legal framework—are ambitious yet critically necessary. The comprehensive requirements for VLOPs and VLOSEs, encompassing mandatory systemic risk assessments and mitigation measures, unparalleled transparency regarding content moderation and advertising, data access for vetted researchers, and robust user empowerment mechanisms, collectively redefine the responsibilities of platforms in the 21st century.

While the DSA is still in its nascent stages of implementation, early indicators point towards enhanced transparency from platforms and a growing commitment to compliance, driven by the credible threat of substantial fines and direct oversight from the European Commission. The establishment of national Digital Services Coordinators and the European Board for Digital Services forms a robust, multi-layered enforcement architecture designed to ensure consistent application and effective deterrence across the Union.

However, the path to full effectiveness is fraught with challenges. Tech companies face significant compliance costs, complex data management dilemmas, and the intricate task of balancing content moderation against the imperative to protect freedom of expression. Regulators, in turn, must contend with ensuring consistent enforcement across member states, securing adequate resources, and continuously adapting the framework to the relentless pace of technological evolution and emerging digital risks. The geopolitical implications, particularly the tension with jurisdictions holding differing regulatory philosophies, also remain a significant factor.

Despite these complexities, the DSA has already exerted a profound influence globally, demonstrating the ‘Brussels Effect’ by serving as a blueprint for other nations grappling with similar issues of platform governance. Its principles are shaping international dialogues on content moderation, platform accountability, and the balance between regulation and innovation. As the digital sphere continues its rapid transformation with the advent of AI, the metaverse, and decentralized technologies, the DSA’s foundational principles will undoubtedly inform subsequent regulatory developments. Its ongoing evaluation and adaptive refinement will be paramount to its enduring success, cementing its legacy as a pivotal and enduring framework that seeks to ensure that the internet remains an open, safe, and accountable space for all.

Many thanks to our sponsor Panxora who helped us prepare this research report.

References

• Associated Press. (2025). EU accuses Meta and TikTok of breaching transparency rules. Retrieved from apnews.com
• Associated Press. (2025). EU hits Elon Musk’s X with 120 million euro fine for breaching bloc’s social media law. Retrieved from apnews.com
• Associated Press. (2025). EU warns of possible action after the US bars 5 Europeans accused of censorship. Retrieved from apnews.com
• Associated Press. (2025). Brussels slaps fines on Apple and Meta under new digital regulation while striving not to politicize the move. Retrieved from lemonde.fr
• Associated Press. (2025). US bars five Europeans it says pressured tech firms to censor American viewpoints online. Retrieved from apnews.com
• European Commission. (2022). Digital Services Act: Keeping us safe online. Retrieved from commission.europa.eu
• European Commission. (2023). Digital Services Act takes effect for large online platforms. Retrieved from data.europa.eu
• Eurojust. (2024). Digital Services Act: Ensuring a safe and accountable online environment. Retrieved from eurojust.europa.eu
• Le Monde. (2025). French Constitutional Council upholds GAFA tax. Retrieved from lemonde.fr
• Wikipedia contributors. (2025). Digital Services Act. In Wikipedia, The Free Encyclopedia. Retrieved from en.wikipedia.org
• Wikipedia contributors. (2025). Digital Services Tax Act (Canada). In Wikipedia, The Free Encyclopedia. Retrieved from en.wikipedia.org
• Wikipedia contributors. (2025). Online Safety Act 2023. In Wikipedia, The Free Encyclopedia. Retrieved from en.wikipedia.org/wiki/Online_Safety_Act_2023
• Wikipedia contributors. (2025). Section 230 of the Communications Decency Act. In Wikipedia, The Free Encyclopedia. Retrieved from en.wikipedia.org/wiki/Section_230_of_the_Communications_Decency_Act