Digital Services Act
The Digital Services Act (Regulation (EU) 2022/2065) is the EU's law for online intermediaries. It modernises liability rules for hosting services, imposes due-diligence obligations on online platforms, and adds heightened risk-management duties for Very Large Online Platforms (VLOPs) and Very Large Online Search Engines (VLOSEs) โ those reaching โฅ 45 million monthly active EU users.
Free EU Compliance CheckerWhat does DSA require and when does it apply?
DSA applies to Social Media and Marketplaces organisations across all EU member states. The key deadline is February 17, 2024 (all platforms). Non-compliance carries a maximum penalty of Up to 6% of global turnover (VLOPs/VLOSEs); per member state for others. Core obligations include remove illegal content upon valid notice and provide transparent advertising registers.
- Remove illegal content upon valid notice
- Provide transparent advertising registers
- Disclose algorithmic recommender system logic
- Conduct annual risk assessments (VLOPs)
- Allow third-party auditing (VLOPs/VLSEs)
| Deadline | February 17, 2024 (all platforms) |
| Max fine | Up to 6% of global turnover (VLOPs/VLOSEs); per member state for others |
| Primary sectors | Social Media, Marketplaces, Search Engines |
DSA: Up to 6% of global turnover (VLOPs/VLOSEs); per member state for others max fine
DSA applies to Social Media and Marketplaces organisations in all EU member states. Key deadline: February 17, 2024 (all platforms).
Source: Official Journal of the European Union โ Digital Services Act
Who does DSA apply to?
The DSA applies layered obligations: baseline rules for all intermediary services offered in the EU; additional rules for hosting services; further rules for online platforms; and the strictest tier for designated VLOPs/VLOSEs.
- Intermediary services: mere conduit, caching, hosting providers offering services in the EU (regardless of establishment)
- Hosting providers: notice-and-action mechanisms, statements of reasons for content moderation
- Online platforms: trusted flaggers, transparency on recommender systems, ban on dark patterns
- VLOPs/VLOSEs (โฅ 45m monthly active EU users): annual systemic-risk assessments, independent audits, crisis response
What are the penalties for DSA non-compliance?
Member states set penalties for general intermediaries and online platforms; the Commission is empowered to fine designated VLOPs/VLOSEs directly. Periodic penalty payments can be added.
| Maximum fine | Up to 6% of global annual turnover for VLOPs/VLOSEs; member states set penalties for other intermediaries |
When does DSA apply?
The DSA entered into force on 16 November 2022. It applied to designated VLOPs/VLOSEs from 25 August 2023, and to all other in-scope services from 17 February 2024.
- 2022-11-16 โ Entry into force
- 2023-04-25 โ First VLOP/VLOSE designations
- 2023-08-25 โ Obligations apply to designated VLOPs/VLOSEs
- 2024-02-17 โ Obligations apply to all other in-scope services
Threshold above which the European Commission may designate an online platform as a Very Large Online Platform (VLOP) or Very Large Online Search Engine (VLOSE) โ triggering the strictest tier of DSA obligations.
Regulation (EU) 2022/2065, Article 33(1)
February 17, 2024 (all platforms)
Up to 6% of global turnover (VLOPs/VLOSEs); per member state for others
Social Media, Marketplaces, Search Engines
Threshold above which the European Commission may designate an online platform as a Very Large Online Platform (VLOP) or Very Large Online Search Engine (VLOSE) โ triggering the strictest tier of DSA obligations.
Regulation (EU) 2022/2065, Article 33(1)
| Official name | Regulation (EU) 2022/2065 of the European Parliament and of the Council on a Single Market For Digital Services (Digital Services Act) |
| Reg. No. | (EU) 2022/2065 |
| CELEX | 32022R2065 |
| Type | regulation |
| In force | 2022-11-16 |
| Applies from | 2024-02-17 |
| Max fine | Up to 6% of global annual turnover for VLOPs/VLOSEs; member states set penalties for other intermediaries |
| Authorities | European Commission (for VLOPs/VLOSEs) (EU) National Digital Services Coordinators (DSCs) (member-state) European Board for Digital Services (EU) |
| Source | (EU) 2022/2065 โ EUR-Lex Official Journal |
How do I comply with DSA?
- Remove illegal content upon valid notice
- Provide transparent advertising registers
- Disclose algorithmic recommender system logic
- Conduct annual risk assessments (VLOPs)
- Allow third-party auditing (VLOPs/VLSEs)
Does DSA apply to your business?
Find out in 2 minutes with our free regulation checker.
Check now โ freeDSA by Country
Germany
๐ซ๐ทFrance
๐ณ๐ฑNetherlands
๐ช๐ธSpain
๐ฎ๐นItaly
๐ฆ๐นAustria
๐ง๐ชBelgium
๐ต๐ฑPoland
๐ธ๐ชSweden
๐ฎ๐ชIreland
๐ต๐นPortugal
๐ฉ๐ฐDenmark
๐ซ๐ฎFinland
๐จ๐ฟCzech Republic
๐ท๐ดRomania
๐ญ๐บHungary
๐ธ๐ฐSlovakia
๐ง๐ฌBulgaria
๐ญ๐ทCroatia
๐ฌ๐ทGreece
๐ฑ๐บLuxembourg
๐ช๐ชEstonia
๐ฑ๐ปLatvia
๐ฑ๐นLithuania
๐ธ๐ฎSlovenia
๐ฒ๐นMalta
Explore DSA in depth
DSA by Industry
Related Regulations
DMA
The DMA designates large online platforms as 'gatekeepers' and imposes obligations to ensure contestable and fair digital markets. Targets the largest tech platforms operating in the EU.
GDPR
GDPR governs the processing of personal data of EU residents. It requires lawful basis for processing, data subject rights, breach notification, and accountability measures.
AI Act
The EU AI Act classifies AI systems by risk level and imposes obligations on providers and deployers. High-risk systems face mandatory conformity assessments, documentation, and human oversight requirements.
Explore DSA in depth
Penalties & Fines
See enforcement patterns, fine tier tables, and real enforcement cases across EU member states.
Deadline Timeline
Key milestones, implementation phases, and country-specific deadlines and phased rollout dates.
Industry Guides
Sector-specific DSA guidance for SaaS, fintech, healthcare, and other affected industries.
Next step โ classify
Classify your AI systems
Use the free regulation checker to find out exactly which DSA obligations apply to your business in 2 minutes.
Check Your Compliance Obligations
Find out which DSA obligations apply to your organisation in under 2 minutes.
Recent DSA Articles
Frequently Asked Questions
- Who is subject to the EU Digital Services Act?
- The DSA (Regulation 2022/2065) applies to all digital intermediary services offered to users in the EU โ regardless of where the provider is established. Obligations scale by service type and size: mere conduit and caching services have minimal obligations; hosting services and online platforms must implement notice-and-action mechanisms and transparency reporting; Very Large Online Platforms (VLOPs) and Very Large Online Search Engines (VLOSEs) with over 45 million average monthly EU users face enhanced obligations enforced directly by the European Commission. Small and micro enterprises (under 50 employees, under โฌ10M turnover) are exempt from certain obligations, including complaint-handling and out-of-court dispute settlement requirements. All obligations applied from 17 February 2024.
- What content moderation obligations does the DSA impose on online platforms?
- Online platforms under the DSA must: operate a notice-and-action mechanism allowing users to report illegal content; process valid notices expeditiously and notify users of removal decisions with reasons; provide a non-discriminatory internal complaints mechanism for content removal decisions; offer access to out-of-court dispute settlement bodies; cooperate with trusted flaggers โ vetted organisations that report illegal content at scale; and publish transparency reports on content moderation every six months. Platforms may not use dark patterns that undermine user choices. Advertising cannot target minors or use sensitive data categories (health, religion, sexual orientation, political views) as targeting criteria.
- What obligations apply to Very Large Online Platforms under the DSA?
- VLOPs and VLOSEs with over 45 million monthly EU users face enhanced DSA obligations enforced by the European Commission, not national coordinators. Core obligations: annual systemic risk assessments covering illegal content, fundamental rights, electoral processes, and public health; independent audits of risk assessments and mitigation measures; real-time data access for vetted researchers; algorithmic transparency including a non-profiling-based recommendation option for users; and advertising transparency registers. During elections or public emergencies, the Commission can impose crisis response measures. Non-compliance fines reach 6% of global annual turnover; repeated infringement may result in temporary access restrictions.
For informational purposes only. This is not legal advice โ consult qualified legal counsel.
Last verified: ยท Source: EUR-Lex 32022R2065 ยท Editorial policy