Launch Q3 2026
BearGuard®
BearGuard®
Governance & AI Guardrails
DE EN
Digital Markets

Digital Services Act (DSA) — Regulation (EU) 2022/2065

The Digital Services Act (EU 2022/2065) establishes comprehensive due diligence obligations for online intermediaries and platforms to protect EU users.

LinkedIn X WhatsApp

Summary

The Digital Services Act (DSA), Regulation (EU) 2022/2065, fundamentally modernises the regulatory framework for digital intermediary services in the EU. It replaces key provisions of the e-Commerce Directive of 2000 and introduces tiered due diligence obligations for online platforms — from basic transparency requirements for all intermediaries to stringent obligations for very large online platforms (VLOPs) and very large online search engines (VLOSEs) with more than 45 million monthly users in the EU.

The DSA requires platforms to implement more effective procedures for removing illegal content, strengthens users' rights through complaint mechanisms and independent dispute resolution, and mandates comprehensive transparency regarding algorithmic recommendation and online advertising. VLOPs and VLOSEs must additionally conduct annual risk assessments of systemic risks and submit to independent audits.

On 25 April 2023, the Commission designated the first 17 VLOPs and 2 VLOSEs. Since 17 February 2024, the DSA applies in full to all online intermediaries in the EU.

History

Commission President Ursula von der Leyen announced a new Digital Services Act during her 2019 bid for the Commission presidency. Between July and September 2020, the Commission conducted a public consultation. On 15 December 2020, the Commission published the DSA proposal alongside the Digital Markets Act.

On 23 April 2022, Parliament and Council reached a political agreement. Parliament endorsed the DSA on 5 July 2022, and the Council of the EU gave its final approval on 4 October 2022. The regulation was published in the Official Journal on 27 October 2022 and entered into force on 16 November 2022. Very large platforms had to comply with the enhanced obligations from 25 August 2023. Full applicability for all intermediary services began on 17 February 2024.

The DSA builds on the e-Commerce Directive of 2000 (2000/31/EC) and does not repeal it: it carries over and modernises that directive's conditional liability exemptions for intermediary services (now Art. 4-6 DSA) and supplements them with new, tiered due-diligence obligations. For enforcement, Member States had to designate national Digital Services Coordinators (DSCs) as competent authorities under Articles 49-51 DSA by 17 February 2024.

Scope

The DSA applies to all providers of intermediary services that offer their services to users in the EU, regardless of the provider's place of establishment. It builds on the e-Commerce Directive (2000/31/EC) and carries over its conditional liability exemptions (now Art. 4-6 DSA) without repealing the directive:

  • Intermediary services (all): Providers of mere conduit, caching, and hosting services, including cloud and web hosting providers — subject to basic transparency and reporting obligations.
  • Hosting services: All services that store information provided by users must establish a notice-and-action mechanism for the removal of illegal content.
  • Online platforms: Marketplaces, app stores, social networks, and content-sharing platforms must additionally provide internal complaint mechanisms, out-of-court dispute resolution, and transparency in online advertising.
  • Very large online platforms (VLOPs) and search engines (VLOSEs): Platforms with over 45 million monthly users in the EU (including Google, Facebook, Amazon, TikTok, YouTube, Instagram, X/Twitter) face the most stringent obligations including risk assessments, audits, and data access for researchers.
  • Online marketplaces: Special traceability obligations for traders (Know-Your-Business-Customer) and random checks on product compliance.

Enforcement is carried out by national Digital Services Coordinators (DSCs) under Articles 49-51 DSA, which each Member State had to designate as a competent authority by 17 February 2024; for VLOPs and VLOSEs, exclusive supervision of the specific obligations rests with the European Commission.

Key Requirements

  • Notice-and-action mechanism (Art. 16): Hosting services must provide an easily accessible reporting system through which any person can flag illegal content, and must act promptly.
  • Transparency reports (Art. 15, 24, 42): All intermediaries must publish annual transparency reports on content moderation; VLOPs and VLOSEs must report semi-annually.
  • Systemic risk assessment (Art. 34): VLOPs and VLOSEs must annually assess risks related to the dissemination of illegal content, fundamental rights, public health, elections, and gender-based violence.
  • Independent audits (Art. 37): VLOPs and VLOSEs must undergo an independent audit of DSA compliance at least once per year.
  • Transparency in online advertising (Art. 26, 39): Platforms must label every displayed advertisement, identify the sponsor, and disclose the targeting criteria used.
  • Protection of minors (Art. 28): Platforms must not display profiling-based advertising to minors and must ensure a high level of privacy and safety for minors.
  • Data access for researchers (Art. 40): VLOPs and VLOSEs must grant vetted researchers access to their data to investigate systemic risks.
  • Designation of Digital Services Coordinators (Art. 49-51): Each Member State had to designate, by 17 February 2024, a national Digital Services Coordinator (DSC) as an independent competent authority responsible for supervising and enforcing the DSA.

Related Frameworks

DMAAI Act

Content last reviewed: 29 May 2026. Found an error or need an update? [email protected]