EU Digital Services Act
Regulation (EU) 2022/2065
The EU's accountability framework for online intermediaries and platforms. Creates tiered obligations based on service type and size, with the strictest rules for very large platforms reaching 45 million+ EU users.
The Digital Services Act is the EU's answer to a simple question: who is responsible when something goes wrong online? For two decades, platforms operated under rules written in the early days of the internet. The DSA replaces that outdated framework with a modern set of obligations that scale with a platform's size and influence. If your company operates any kind of online service that reaches EU users -- whether you host content, run a marketplace, or operate a social network -- the DSA applies to you.
The law works on a tiered system. Basic intermediary services like internet providers have light obligations: appoint a contact person, publish transparency reports, and keep terms of service honest about content moderation. Hosting services add notice-and-action procedures for illegal content. Online platforms layer on complaint-handling systems, advertising transparency, and protections for minors. At the top, very large online platforms (VLOPs) with 45 million or more EU monthly users face the strictest requirements: systemic risk assessments, independent audits, and public ad repositories.
Enforcement is split between national Digital Services Coordinators, who supervise smaller services, and the European Commission, which directly oversees VLOPs. The Commission has already opened formal proceedings against X, TikTok, Meta, AliExpress, Temu, and Shein. Fines can reach 6% of global annual turnover -- for the largest tech companies, that means potential penalties in the billions. No final fines have been imposed yet, but the pace of enforcement is accelerating.
For businesses, the practical impact depends on your tier. A small cloud hosting provider needs a notice-and-action system and a transparency report. A mid-sized marketplace must verify its traders and label advertisements. A platform approaching the 45-million-user threshold should prepare for the full VLOP compliance programme well in advance -- the obligations are substantial and the four-month compliance window after designation is tight.
The DSA's defining structure: obligations are cumulative. Each tier inherits all obligations from the tier below it. The higher the tier, the greater the societal impact and the stricter the rules. Click each tier.
The Commission designates platforms exceeding 45 million average monthly active users in the EU. Designated platforms have four months to comply. Filter by category to explore.
The European Commission has direct supervisory authority over VLOPs and VLOSEs. Below is a timeline of all formal proceedings opened since the DSA became applicable.
The DSA creates the most comprehensive transparency regime for online platforms in the world. Click each obligation to see details.
The DSA establishes a structured notice-and-action mechanism for handling illegal content. This is the core operational process every hosting service must implement.
From proposal to full enforcement -- the DSA's phased rollout, VLOP designations, and enforcement milestones.
Each EU member state must appoint a Digital Services Coordinator (DSC) responsible for enforcing the DSA at national level. The DSC supervises all non-VLOP services established in its member state.
Select your company type for tailored compliance guidance.