Enforcement and Penalties under the EU Digital Services Act

DSA enforcement and penalties

Table of Contents

  1. Enforcement at National Level
  2. Enforcement at EU Level
  3. Enforcement Cases

The Digital Services Act represents a fundamental shift in how the EU regulates digital platforms. This isn’t theoretical policy anymore. Penalties for non-compliance can reach up to 6% of global annual turnover, establishing the DSA as one of the most stringent regulatory frameworks for digital platforms worldwide.

For those of us working in digital advertising or platform compliance, understanding these enforcement mechanisms has become business critical. The consequences extend well beyond financial penalties to include potential market access restrictions. We’re dealing with sophisticated regulatory architecture that requires equally sophisticated compliance strategies.

DSA Enforcement Enforcers

Enforcement at National Level

The enforcement structure operates on two distinct levels, and understanding this division is essential for your compliance planning. All intermediary services in scope of the Regulation fall under national enforcement, with one significant exception: Very Large Online Platforms and Very Large Online Search Engines face direct EU oversight.

This distributed approach reflects practical regulatory wisdom. National authorities understand their domestic markets, regulatory cultures, and business ecosystems in ways that centralised EU oversight simply can’t match.

DSA Enforcement at National Level

Role of National Digital Services Coordinators

Digital Services Coordinators (DSCs) are independent national authorities that each member state was required to establish. These aren’t just administrative bodies processing paperwork. They function as your primary regulatory interface for most DSA compliance matters.

DSCs wield substantial enforcement powers. They can request access to data, order inspections, and impose significant fines on intermediary service providers within their jurisdiction. Yet their responsibilities extend beyond enforcement. They certify trusted flaggers, vet researchers seeking platform data access, and manage complaints from users and civil society organisations.

What makes this system particularly effective is the collaborative framework built into its design. DSCs are required to coordinate with each other and with the European Commission. This isn’t bureaucratic courtesy; it’s strategic regulatory architecture.

Cross-border cooperation allows a DSC of destination to request investigations from the DSC of establishment when suspected breaches occur. Joint investigations can be initiated when multiple DSCs identify potential violations across different jurisdictions. This prevents the jurisdictional arbitrage that has historically weakened digital regulation.

The European Board for Digital Services, comprising all national DSCs and chaired by the Commission, facilitates knowledge sharing and coordinates enforcement practices across the Union. It’s an impressive example of regulatory coordination at scale.

DSA Enforcement National level 2

Penalties for Non-Compliance with DSA at National Level

The financial implications demand serious attention from senior management.

  • ▶  Fines can reach up to 6% of the provider’s global annual turnover for failure to comply with DSA obligations. Global turnover, not just EU revenue. The intention is clear.
  • ▶  Periodic penalty payments of up to 5% of average daily worldwide turnover accrue for each day of delay in complying with DSC orders, interim measures, or binding commitments. Daily accumulation creates powerful incentives for swift remediation.

DSCs aren’t limited to financial measures. They can order specific compliance actions, require detailed remediation plans, and in severe cases, request temporary service restrictions within their jurisdiction.

Enforcement at EU Level

EU-level enforcement targets the platforms that pose systemic risks across the European digital ecosystem. This enforcement tier applies exclusively to VLOP and VLOSE (those exceeding 45 million monthly active EU users).

The rationale is straightforward: when platforms reach this scale, their operational decisions affect fundamental rights, democratic processes, and market competition across multiple member states.

Role of the European Commission

The Commission’s investigatory powers are designed to match the complexity and scale of VLOP and VLOSE operations. The Commission can issue binding information requests to verify platform compliance, with fines up to 1% of worldwide annual turnover for incorrect, misleading, or incomplete responses.

Access to data and algorithms represents the Commission’s most significant oversight tool. Regulators can examine how recommendation systems operate, whether they amplify illegal content, and how they contribute to systemic risks. This level of access was unthinkable in previous regulatory frameworks.

On-site inspections remain available, with assistance from the national Digital Services Coordinator and/or local law enforcement authority, where necessary. The Commission can also conduct interviews with platform personnel, subject to individual consent.

DSA Enforcement EU level 1

Investigation Process

The Commission follows a structured investigatory approach that balances thorough examination with due process requirements.

  • 1.  Opening of an investigation: when a suspicion of infringement is raised, either through regular monitoring activities or through an external notification, the Commission may decide to open an investigation and begin gathering further evidence (e.g. through requests for information, interviews or inspections).
  • 2.  Opening of a proceeding: the Commission communicates the preliminary findings of their investigation to the company concerned and sets out remedial measures to address the infringement; under the “right to be heard” and “right of defence” principles, the company is entitled to access to the Commission’s file and is given the opportunity to submit its observations on the preliminary findings.
  • 3.  Non-compliance decision: this step follows the official determination of an infringement; the Commission may impose fines up to 6% of the global annual turnover of the company concerned and order remedial actions with specific deadlines, which may be accompanied by an enhanced supervision period to ensure compliance; the Commission’s decision may be appealed before the EU courts.

The Commission may also decide to issue interim measures before a final decision is taken, if it deems that there is an urgency due to the risk of serious damage for the users of the service; examples may include orders to make changes to recommender systems, to increase monitoring of specific keywords or hashtags, or to terminate or remedy alleged infringements.

DSA Enforcement EU level One page

Penalties for Non-Compliance with DSA at European level

Commission penalties operate at a different scale and with different strategic objectives than national enforcement. When dealing with VLOPs and VLOSEs, the Commission isn’t just addressing compliance failures; it’s shaping the behaviour of platforms that influence millions of users and entire digital markets.

  • ▶  Fines up to 6% of annual worldwide turnover for serious infringements – These may be imposed in case of breach of DSA obligations, failure to comply with interim measures, or breach of binding commitments.
  • ▶  Fines up to 1% of annual worldwide turnover for minor infringements – These may be occasioned for example by the intentional or negligent failure to reply to requests for information or to submit to an inspection.
  • ▶  Periodic penalty payments reaching 5% of average daily income – The Commission can maintain these payments for extended periods while platforms implement complex systemic changes.
  • ▶  Market access restrictions and temporary suspension – This last-resort measure can be applied, following a strict approval procedure requested by the Commission, if the infringement persists and causes serious harm to users and entails criminal offences involving threat to persons’ life or safety.

Enforcement Cases

Commission enforcement activities have accelerated significantly since full DSA implementation. Multiple formal proceedings are currently underway across various platforms, addressing issues from content moderation and algorithmic transparency to election integrity and the protection of minors.

These early enforcement actions serve dual purposes: addressing specific compliance failures while establishing precedents for future DSA application. For professionals working across the digital advertising ecosystem, these cases provide invaluable insights into practical compliance expectations.

Detailed information about current enforcement activities is available through the Commission’s official VLOP and VLOSE supervision page. The opening of formal proceedings doesn’t constitute a non-compliance finding (this distinction often gets lost in media coverage). These represent investigatory measures designed to gather evidence and assess practices against DSA requirements.

The outcomes of these initial cases will establish crucial precedents for future DSA interpretation and enforcement. As the regulatory landscape matures, digital service providers should expect increasingly sophisticated and targeted oversight approaches.

Understanding these enforcement mechanisms isn’t just about avoiding penalties. It’s about building compliance strategies that enable sustainable growth within the European digital market.

is your compliance strategy redy to go?