Digital Services Act
For two decades, platforms were responsible for nothing. The DSA changes that. Whether it is enforced is a different question.
How to read this page. Tap any underlined word to see the precise legal term and a short definition. Expand any "Deeper" box for the evidence and contested points. The main text works on its own — you can skip both and still get the whole argument.
What the DSA addresses
GDPR protects personal data. Section 230 provides immunity for content. Neither addresses the core question: what responsibility do platforms bear for the effects of their own algorithmic systems? A platform recommending extremist content through its algorithm is not publishing that content — it is amplifying it. The EU Digital Services Act, applicable from February 2024, is the first major legislation to address this.
What it requires
Very large online platforms — those with more than 45 million monthly active users in the EU — must assess and mitigate systemic risks to civic discourse, election integrity, and public health. They must provide transparency about recommendation algorithms, maintain public advertising repositories, give independent researchers genuine data access, undergo algorithmic audits, and take reasonable steps to prevent misuse for disinformation. Fines can reach 6% of global annual turnover — for Meta, potentially exceeding €9 billion.
Very large online platform (VLOP)
The DSA's tier for platforms with more than 45 million monthly active users in the EU — roughly a tenth of the population. VLOPs carry the heaviest obligations precisely because their scale makes their design choices a matter of public consequence rather than private business. The Commission, not national regulators, supervises them directly.
Systemic risk
The DSA's central innovation: instead of policing individual posts, it makes the largest platforms responsible for the society-level effects of their systems — harm to elections, civic discourse, public health, fundamental rights. They must assess these risks and mitigate them. It shifts the legal question from "is this post illegal?" to "does the design of this system cause foreseeable harm at scale?"
First enforcement
In December 2025, the Commission issued a €120 million fine to X (formerly Twitter) for breaching DSA transparency obligations: deceptive redesign of the verification badge, failures in the advertising repository, and limitations on researcher data access. Research examining harmful content on Facebook before and after DSA implementation found no overall decline following the legislation's entry into force — the gap between stated compliance and actual behavioural change remains significant.
The political threat
At the Paris AI Action Summit and Munich Security Conference in 2025, US Vice President Vance attacked the DSA and GDPR as over-regulatory. The White House issued a memo proposing retaliatory tariffs on countries that impose heavy fines on US tech companies. This is the current frontline of the governance story: the most significant platform accountability legislation in existence is under coordinated political pressure. Rules that took years to pass can be weakened faster than they were built.
The Dutch media regulator Commissariaat voor de Media, in its May 2026 report concluding that feeds are "demonstrably risky for democracy," called specifically for better enforcement of existing European legislation — the DSA.
How we know — the gap between compliance on paper and behaviour in practice
The DSA's novelty is also its difficulty: "mitigate systemic risk" is a duty about outcomes, which is harder to verify than a content rule. Early evidence is mixed. The €120 million X fine shows the transparency obligations have teeth. But a study comparing harmful content on Facebook before and after the DSA took effect found no clear decline — suggesting platforms can satisfy procedural requirements (reports filed, repositories maintained) without the underlying behaviour changing. Independent verification depends on the researcher-data-access provisions, which platforms have an incentive to grant as narrowly as possible.
Why this is contested ground. Whether the DSA works is not yet answerable — it is new, enforcement has barely begun, and it is simultaneously under political attack from the US. We present it as the most ambitious attempt to date and an open question, not as a solved problem.
Sources
- European Commission — Digital Services Act package.
- Commissariaat voor de Media, Naar democratisch gezonde feeds (May 2026).
- NATO StratCom Centre of Excellence — research publications on platform regulation and the DSA.
- Centre for Future Generations — DSA Enforcement Tracker.