KPMG Law LLP logo

2 April 2024

The Digital Services Act (“DSA”) is a European Union (“EU”) regulation which came into force in EU law in November 2022. Its main goal is to prevent illegal and harmful activities online and the spread of disinformation. It ensures user safety, protects fundamental rights, and creates a fair and open online platform environment.

KPMG Law is releasing this series of articles over the next three weeks to explore this issue in some detail.

History of the DSA

The DSA started to apply from 25 August 2023 for Very Large Online Platforms (“VLOPs”) and very large search engines (“VLOSEs”), for the remainder of the intermediary service providers, such as online marketplaces, content sharing platforms, comparison websites and app stores the DSA applied from 17 February 2024.

It is fair to say that the European Commission (“the Commission”) has been busy since these laws came into effect. In December 2023, the EU opened its first formal procedure under the DSA to assess whether a prominent social media company, was taking appropriate steps in relation to fighting manipulation of information on the platform.

Specific queries were also raised in relation to the current company’s practice of charging users for the use of the verification service. This commercialisation of what was previously seen as a verification process (whereby a user had to have been seen over a period of time to be a provider of trusted content) has been questioned by the Commission. The Commission is using its formal powers to issue a formal “Request for Information”.

Access to public data

In January 2024, 17 parties that have been designated Very Large Online Platforms (VLOPs) or Very Large Online Search Engines (VLOSEs) had been queried in respect of their compliance with their obligations to give access, without undue delay, to data that is publicly accessible on their online interface to eligible researchers.

The Commission sees access to data by researchers as key to accountability and public scrutiny. Researcher access is believed by the Commission to be essential in relation to ensuring controls on disinformation and misinformation in electoral contexts and it is also seen as a key part of monitoring the level of illegal content and goods on online platforms.

Treatment of foreseeable negative effects

In February 2024, on 19th February, 2 days after the coming into full force for all parties that will be affected by the DSA, another social media platform received enquiries on relation to their obligations “on assessment and mitigation of actual foreseeable negative effects,” stemming from the design of the company’s systems including algorithmic systems.

In early March 2024, the EU opened formal proceedings against an online marketplace in relation to “areas linked to the management and mitigation of risks, to content moderation… the transparency of advertising and recommender systems, to the traceability of traders and to data access for researchers.”

This activist approach by the Commission is backed up by significant sanctions and real powers to investigate and obtain documentation. Organisations should be aware that this approach mirrors the way that the Commission can take action in respect of what is seen as anti-competitive behaviour and the fines and sanctions also resemble this particular area of Commission activity.

Impacts of non-compliance

The Commission can, from February 2024 onwards:

As last resort measures, if the infringement persists and causes serious harm to users and entails criminal offences involving threat to persons' life or safety, the Commission can also request the temporary suspension of the service.

In this context it is key to know if these powers can apply to your organisation.

The short answer may not be comforting. While the Commission reserves significant powers to significant multinational corporates, a wide variety of companies providing a variety of conduit, caching and hosting services will be within the scope of the DSA. We will discuss this more in the next article.

How can we help you?

At this stage, organisations under the scope of the DSA need to demonstrate compliance with this regulation to be able to grow in the EU digital environment.

We would very much emphasise that in this new digital landscape, the Commission and regulators will be using more powers with a combination of criminal and legal sanctions to regulate the online space.

We are uniquely placed to assist both regarding your operational and legal needs.

Thus, it is crucial to understand what the ongoing obligations and best practices are to ensure compliance with the applicable requirements. KPMG Law can help you on your path to being DSA compliant by:

In addition, the KPMG Consulting team has deep technical expertise across all DSA related areas, including:

Our capabilities include experts from IT Assurance, Risk Consulting, Technology Law, Algorithm Assurance, Privacy, Cybersecurity, and Forensic teams. In addition, our DSA services are powered by accelerators to ensure an efficient process. These include:

Contact the team

David McMunn

David McMunn

Director & Head of Technology & Digital Law

Sean Redmond

Sean Redmond


Daniela Mejuto Pita

Daniela Mejuto Pita

Associate Director