What is DSA: The Digital Services Act Explained

What is the Digital Services Act (DSA)?

The Digital Services Act (DSA) is the European Union’s comprehensive regulatory framework for online intermediaries and platforms, including marketplaces, social networks, content-sharing platforms, app stores, and online travel and accommodation platforms. The regulation’s primary objective is to prevent illegal and harmful activities online while combating the spread of disinformation.

This piece of legislation, applicable as of February 2024, establishes user safety protections, safeguards fundamental rights, and creates equitable conditions for online platform operations. The DSA updates the eCommerce Directive in EU law and applies to all online intermediaries offering services within the EU’s single market, regardless of their place of establishment.

The DSA constitutes a fundamental shift in digital governance, moving beyond the 20-year-old e-Commerce Directive to address contemporary challenges including algorithmic manipulation, coordinated disinformation campaigns, and platform market concentration. The regulation operates in direct conjunction with the Digital Markets Act (DMA) to establish comprehensive digital governance across the European Union.

Why was it introduced?

The DSA emerged from mounting concerns regarding increasing platform influence over society, democratic processes, and individual rights. Existing legislation could no longer address the challenges posed by a digital landscape growing at unprecedented speed: hence the need for a new, unified and harmonised set of rules for online services.

The DSA is Europe’s direct response to a maturing online environment in need of a new level of governance.

Key Objectives of the DSA

The Digital Services Act pursues multiple interconnected objectives designed to establish a safer, more transparent, and equitable digital environment. These objectives reflect the EU’s commitment to protecting fundamental rights while fostering innovation and fair competition.

Key objectives include:

▶ Protecting users from illegal content and harmful activities: Establishing clear mechanisms for identifying, reporting, and removing illegal content while preventing its dissemination across platforms.

▶ Ensuring transparency in advertising, content moderation and algorithmic systems: Requiring platforms to provide background information for digital ads, offer explanations for content decisions and make recommendation algorithms transparent to users and researchers.

▶ Safeguarding fundamental rights online: Prioritising protection of freedom of expression, privacy, and other rights guaranteed by the EU Charter of Fundamental Rights.

▶ Creating accountability for systemic risks: Mandating that large platforms identify and mitigate risks their services pose to democracy, public health, civic discourse, and fundamental rights.

▶ Establishing effective oversight and enforcement: Implementing robust enforcement mechanisms with substantial penalties to ensure compliance across the digital ecosystem.

▶ Promoting user empowerment and choice: Providing users with greater control over their online experience, including customization of algorithmic recommendations and understanding of advertising targeting mechanisms.

▶ Fostering competitive fairness: Ensuring fair competition among platforms with different levels of influence over the market while supporting innovation and growth.

Who must comply with the Digital Services Act?

All online intermediaries offering services within the EU’s single market must comply with DSA requirements, regardless of their place of establishment. The regulation employs a graduated compliance approach where obligations are scaled according to service provider size, role, and societal impact.

The DSA categorises digital services into four distinct tiers with progressively stringent requirements:

▶ Intermediary Services

Basic online services that transmit or store third-party information, including internet service providers, domain name registrars, and fundamental web hosting services. These services face core obligations including clear terms of service provision and accessible contact information.

▶ Hosting Services

Intermediary services storing user-provided information, such as cloud computing services, web hosting platforms, and file-sharing services. These providers must implement notice-and-action mechanisms for illegal content removal and maintain transparency regarding content moderation activities.

▶ Online Platforms

Hosting services that store and disseminate information to public audiences, including social media networks, online marketplaces, application stores, and collaborative platforms. These services face enhanced requirements for content moderation systems, user complaint mechanisms, and advertising transparency protocols.

▶ Very Large Online Platforms (VLOPs)

Platforms and search engines exceeding 45 million monthly active users in the EU (representing 10% of the EU population), designated as Very Large Online Platforms (VLOPs) or Very Large Online Search Engines (VLOSEs). These services face the most stringent obligations, including comprehensive systemic risk assessments, independent audits, and enhanced transparency requirements.

Am I a Platform under the DSA?

Determining platform status under the DSA requires careful analysis of your service’s functionality and user interaction patterns. The critical factor is whether your service enables users to provide information that is subsequently disseminated to public audiences or defined recipient groups.

Your service qualifies as an online platform if it stores and publicly disseminates information at the request of the user. This classification may include social media platforms, review websites, online marketplaces, discussion forums, video-sharing platforms, and collaborative platforms such as wikis.

It should be noted that not all services hosting content qualify as online platforms. Private messaging services, email providers, personal cloud storage services, and internal communication tools typically fall outside of the DSA definition. Small and medium enterprises with fewer than 250 employees and revenues below EUR 50 million or balance sheets under EUR 43 million may fall within scope of the regulation, but they are eligible for exemptions from platform requirements.

Given the complexity of these determinations, consulting legal experts familiar with DSA requirements ensures accurate classification and appropriate compliance measures.

How can EDAA help you comply with the DSA?

The European Interactive Digital Advertising Alliance (EDAA) has developed the Advanced Advertising Transparency Programme (AATP) to facilitate alignment with the transparency requirements of Article 26. The AATP builds upon the well-established “AdChoices Icon,” a ubiquitous consumer-facing symbol of transparency, to deliver required disclosures and control options to users.

The AATP enables participating companies to provide meaningful advertising transparency and effective consumer choice while aligning with the DSA’s objective of delivering predictable and trusted online environments to consumers in the EU. Independent certification demonstrates programme compliance, while enforcement mechanisms ensure consumer complaint and query systems remain accessible, transparent, recognisable, and enforceable.

This collaborative industry approach reduces implementation complexity and costs while ensuring consistent standards across the digital advertising ecosystem. Companies benefit from leveraging existing industry infrastructure while meeting new regulatory requirements through established partnerships and proven compliance frameworks.

Impact of DSA

The Digital Services Act creates extensive changes affecting multiple stakeholders across the digital ecosystem and broader society.

▶ For citizens

— Better protection: Accelerated removal of illegal content and improved protection against online harassment, hate speech, and dangerous products or services.
— Controlled personalisation: Access to additional choice and control options over algorithmic recommendations and targeted advertising.
— Enhanced transparency: Improved access to information relative to content moderation decisions and targeted advertising, including recourse options.

▶ For providers of digital services

— Clearer rules: A single, harmonised set of rules for digital services applicable across the EU, as opposed to a variety of differing national-level laws.
— Scaled requirements: New obligations tailored to the size and capacity of each digital services provider create a level playing field and safeguards small and medium-sized businesses.
— Increased collaboration: DSA compliance requires cross-industry collaboration, and cross-industry collaboration fosters innovation and competitiveness.

▶ For business users of digital services

— Safer marketplaces: New transparency requirements raise the bar for online marketplaces, fostering a safe environment for consumers and traders alike.
— Stronger rights: Enhanced oversight mechanisms prevent arbitrary or discriminatory practices against business users and offer accessible recourse options.
— Greater transparency: Enhanced insight into platform decision-making processes affecting reach and visibility.

▶ For society at large

— Protecting democracy: Enhanced safeguards against disinformation and information manipulation, particularly during electoral processes and public debates.
— Digital governance: Establishing international standards that promote European values and governance principles worldwide.
— Increased trust: Improved transparency and accountability mechanisms help restore public confidence in digital platforms and services.

DSA for Consumers: Rights & Protection

The DSA establishes a consumer-centric approach to digital governance, recognising that the power imbalance between platforms and users warrants the introduction of rules for the protection of the latter. The regulation prioritises consumer consent, control, and data access across digital interactions.

Consumers gain substantial new rights under the DSA, including understanding why they encounter specific content, how their data enables targeted advertising, and who are the entities behind the ads they see online. For each advertisement presented to individual recipients, users must be able to identify the content as advertising, the entity on whose behalf the advertisement appears, the entity who paid for the ad (if different), and meaningful information about the targeting parameters used.

DSA transparency requirements extend beyond advertising to encompass recommender systems, providing users insight into content curation processes and the ability to modify algorithmic parameters. The regulation establishes comprehensive complaint and redress mechanisms, ensuring effective challenges to platform decisions and access to remedies where applicable.

Enforcement and Penalties

The DSA establishes one of the most comprehensive enforcement frameworks in digital regulation, combining substantial financial penalties with operational oversight powers. Enforcement operates through a dual framework: national Digital Services Coordinators oversee platforms within their territories, while the European Commission (in collaboration with national authorities) supervises Very Large Online Platforms and Very Large Online Search Engines.

Enforcement authorities can impose fines reaching 6% of global turnover for non compliance with the DSA while ordering providers to implement corrective measures within specified timeframes. Periodic penalties reaching 5% of average daily worldwide turnover may also be applied for each day of delay in complying with relevant requirements. In cases involving persistent non-compliance causing serious harm, with criminal implications threatening lives or safety, Digital Services Coordinators may request temporary service suspension.

How is DSA related to data-driven advertising?

Data-driven advertising (sometimes referred to as “Interest-Based Advertising (IBA)” or previously “Online Behavioural Advertising (OBA)”) intersects directly with the DSA’s transparency and consumer protection framework. The DSA transforms digital advertising operations by introducing mandatory transparency requirements that exceed previous legal obligations. Online platforms are now formally prohibited from presenting advertising based on profiling using special categories of personal data, including health information, political opinions, or ideological convictions.

The relationship between DSA and data-driven advertising centres on empowering consumers with meaningful choice and control mechanisms. While the DSA doesn’t prohibit personalised advertising entirely, it requires comprehensive consumer understanding of targeting processes. Platforms must provide detailed information about targeting parameters, and methods for consumers to modify these parameters (where applicable).

This approach transforms data-driven advertising from a practice often perceived as opaque into a transparent process enabling informed consumer participation. The DSA acknowledges that personalised advertising can provide value to consumers and businesses when conducted transparently with appropriate safeguards, while insisting that this value exchange must be clear, equitable, and respectful of fundamental rights.

Relationship with other EU regulations

The DSA operates within a comprehensive ecosystem of EU digital regulations, each addressing distinct aspects of the digital economy while maintaining complementary objectives and enforcement mechanisms.

▶ DSA and GDPR:

The General Data Protection Regulation focuses on personal data protection and privacy rights, while the DSA addresses platform responsibilities and content governance. These regulations operate synergistically, with the DSA building upon GDPR’s data protection principles while establishing platform-specific obligations. The DSA’s advertising transparency requirements align with GDPR while extending significantly beyond existing requirements, particularly regarding targeting parameter information. 

▶ DSA and DMA:

The Digital Services Act and Digital Markets Act form unified regulations applicable across the EU with dual objectives: creating safer digital environments protecting fundamental rights and establishing competitive fairness fostering innovation, growth, and competitiveness. The DSA addresses content governance and user safety while the DMA focuses on competition and market fairness among major digital platforms.

▶ DSA and Political Ads Regulation (TTPA):

The Regulation on the Transparency and Targeting of Political Advertising complements the DSA by establishing specialised requirements for political advertisements. While the DSA provides general advertising transparency requirements, the TTPA creates additional obligations for political content, establishing comprehensive electoral integrity frameworks.

DSA Updates

The Digital Services Act represents evolving legislation that continues developing through implementation guidance, enforcement decisions, and regulatory developments. Recent updates demonstrate the regulation’s adaptive nature and ongoing refinement.

The Commission recently endorsed integrating the voluntary Code of Practice on Disinformation into the DSA framework, establishing it as a compliance benchmark for platform obligations. On 2 July 2025, the Commission published delegated act provisions outlining rules for qualified researcher access to VLOP and VLOSE internal data for systematic risk research and mitigation measure analysis.

The Commission continues refining implementation through official requests for information (sometimes resulting in formal proceedings against major platforms), updated guidance documents, and enhanced collaboration with national authorities. These ongoing developments ensure DSA responsiveness to emerging digital landscape challenges while maintaining consistent enforcement standards across the European Union.

Resources

Comprehensive understanding of the Digital Services Act requires access to authoritative and current information from official sources. The European Commission provides definitive guidance documents, complete legal texts, and implementation materials serving as the authoritative reference for compliance obligations.

Industry associations, legal practitioners, and academic institutions contribute valuable analysis and practical implementation guidance. However, given the regulation’s complexity and ongoing evolution through enforcement decisions and updated guidance, consulting multiple sources and seeking professional advice ensures accurate understanding and effective compliance strategies.

The stakes for misunderstanding DSA requirements are substantial, making professional guidance essential for organisations navigating these obligations.