What are Very Large Online Platforms?
Very Large Online Platforms (VLOPs) and Very Large Online Search Engines (VLOSEs) are digital services that reach more than 45 million average monthly active users in the European Union. The European Commission designates these platforms based on user numbers that providers must report every six months.
Once the Commission designates a platform as a VLOP or search engine as a VLOSE, the service has four months to comply with the Digital Services Act requirements. This designation triggers specific regulatory obligations that address the particular risks such large services pose to Europeans regarding illegal content, fundamental rights, public security, and wellbeing.
Current List of VLOPs and VLOSEs
The European Commission has designated the following services as VLOPs and VLOSEs based on their substantial user base in the EU:
Very Large Online Platforms:
- AliExpress (104.3 million users)
- Amazon Store (181.3 million users)
- App Store (123 million users)
- Booking.com (over 45 million users)
- Facebook (259 million users)
- Google Maps (275.6 million users)
- Google Play (284.6 million users)
- Google Shopping (70.8 million users)
- Instagram (259 million users)
- LinkedIn (45.2 million logged-in users, 132.5 million logged-out visits)
- Pinterest (124 million users)
- Pornhub (over 45 million users)
- Shein (108 million users)
- Snapchat (102 million users)
- Temu (75 million users)
- TikTok (135.9 million users)
- Whatsapp (51.7 million users)
- Wikipedia (151.1 million users)
- X (formerly Twitter) (115.1 million users)
- XVideos (160 million users)
- XNXX (45 million users)
- YouTube (416.6 million users)
- Zalando (74.5 million retail users, 26.8 million third-party content users)
Very Large Online Search Engines:
- Bing (119 million users)
- Google Search (364 million users)
DSA Obligations for VLOPs and VLOSEs
VLOPs and VLOSEs face the most extensive regulatory framework under the DSA due to their significant influence on European society and their potential to amplify risks at scale. These obligations build upon the standard requirements that apply to all online platforms whilst introducing enhanced measures for systemic risk management and transparency.
The key DSA obligations for VLOPs and VLOSEs include:
▶ Risk Assessment and Mitigation: VLOPs and VLOSEs must identify, analyse, and assess systemic risks stemming from their services, including risks to fundamental rights (freedom of expression, media freedom, discrimination, consumer protection, children’s rights), illegal content dissemination, negative effects on civic discourse and electoral processes, as well as on users’ physical health and mental wellbeing. Once identified, platforms must implement reasonable, proportionate, and effective mitigation measures tailored to specific risks.
▶ Independent Auditing Requirements: Platforms must undergo independent audits at least once yearly and adopt measures responding to auditor recommendations. Audits must be completed within one year of designation, with platforms required to publish reports on risk assessments, mitigation measures, and audit implementation within three months of receiving audit results.
▶ Internal Compliance Function: VLOPs and VLOSEs must establish an internal compliance function composed of one or more compliance officers tasked with ensuring identified risks are properly mitigated, representing a mandatory shift towards internal governance structures focused on regulatory compliance.
▶ Data Sharing and Research Access: Platforms must share their data with the Commission and national authorities for monitoring and compliance assessment. They must also allow vetted researchers access to platform data when research contributes to detecting, identifying, and understanding systemic risks in the EU.
▶ Recommender System Transparency: VLOPs must provide users with at least one option in their recommender systems that is not based on user profiling, empowering users to discover the basis for content ranking and make informed choices about personalised recommendations.
▶ Enhanced Advertising Transparency (Article 26): All online platforms, including VLOPs, must ensure users can identify “in a clear, concise and unambiguous manner and in real time” key advertisement elements including clear labelling through prominent markings, advertiser identification, payment source disclosure when different from advertiser, targeting parameter transparency, and user control options for changing parameters (where applicable).
▶ Prohibition of Sensitive Data Targeting: Platforms cannot present advertisements based on profiling using special categories of personal data such as sexual orientation, religion, or ethnicity.
▶ Advertisement Repositories (Article 39): VLOPs and VLOSEs must create and maintain repositories of all advertisements presented on their platforms for the exposure period plus at least one year after. These repositories must be accessible through APIs, enabling systematic analysis of advertising data at scale.
▶ Advertising System Risk Mitigation: VLOPs and VLOSEs must assess systemic risks from their advertising systems and implement mitigation measures, including adapting advertising systems and adopting targeted measures to limit or adjust advertisement presentation.
▶ Supervisory Fee Payment: VLOPs and VLOSEs must pay an annual supervisory fee to fund the resources required for Commission oversight and enforcement activities.
▶ Transparency Reporting: Enhanced transparency reporting obligations beyond standard platform requirements, including detailed information about content moderation decisions, systemic risk assessments, and mitigation measures implemented, as well as regular updates about the number of monthly active users in the EU.
Check obligations that apply to other categories
