DSA vs DMA content safety duties versus gatekeeper obligations

Online intermediary accountability: illegal content handling, content-moderation transparency, platform redress, marketplace trader traceability, advertising and recommender transparency, protection of minors, and VLOP/VLOSE systemic risks.

Gatekeeper market power: conduct by large core platform services that can restrict contestability, user choice, interoperability, data access, switching, business-user reach, or fair access terms.

Frame DSA work as platform governance and safety operations. Frame DMA work as gatekeeper conduct, competition, access, and product-design compliance.

Mere conduit, caching, hosting, online platforms, online marketplaces, online search engines, VLOPs, and VLOSEs, with obligations increasing by service role and size.

Designated gatekeepers and the core platform services listed in the designation decision, including categories such as online intermediation, search, social networking, video-sharing, number-independent messaging, operating systems, browsers, virtual assistants, cloud, and advertising services.

Classify DSA services by intermediary role; classify DMA services by gatekeeper designation and listed core platform service.

VLOP/VLOSE status uses online platform or search engine average monthly active recipients in the EU equal to or higher than 45 million, followed by Commission designation; the enhanced duties apply four months after notification.

Gatekeeper designation uses significant-impact, gateway, and entrenched-position criteria. The quantitative presumption includes EUR 7.5 billion EU turnover in each of the last three financial years or EUR 75 billion market capitalisation/fair market value in the last financial year, the same core platform service in at least three Member States, at least 45 million monthly active EU end users, and at least 10,000 yearly active EU business users.

Do not infer DMA gatekeeper status from DSA VLOP/VLOSE status, or the reverse. Run the two designation tests separately and preserve the user-count methodology behind each one.

Terms controls, points of contact, transparency reporting, hosting notice-and-action, statements of reasons, platform complaint handling, out-of-court dispute handling, trusted flagger priority, misuse controls, ad transparency, recommender transparency, minors safeguards, trader traceability, and VLOP/VLOSE risk management, audits, data access, compliance functions, and ad repositories.

Articles 5 to 7 obligations for each listed core platform service, including limits on personal-data combination without valid consent, anti-steering restrictions, access and interoperability duties, default-choice and uninstallability duties, fair access terms, data portability or access duties, anti-circumvention, Article 11 compliance reporting, concentration notices, and consumer-profiling audit descriptions.

DSA implementation changes moderation, marketplace, ads, recommender, transparency, and risk systems. DMA implementation changes gatekeeper platform conduct, data flows, interoperability, defaults, ranking, access, commercial terms, and reporting evidence.

Service classification, AMAR methodology, notices, moderation decisions, statements of reasons, complaint outcomes, trusted-flagger handling, misuse suspensions, trader verification, ad labels, recommender parameter disclosures, transparency reports, VLOP/VLOSE risk assessments, mitigation records, audit reports, and researcher data-access logs.

Designation records, core platform service maps, obligation matrices, product and engineering change descriptions, data-use records, consent or choice flows, interoperability reference offers and request logs, business-user access terms, compliance-function records, Article 11 compliance reports, non-confidential summaries, annual updates, and consumer-profiling audit descriptions.

Keep a shared evidence register only if each record identifies the regime, article or obligation, owner, source, affected service, date, and next review trigger.

Digital Services Coordinators supervise providers established in their Member State, while the Commission has direct supervisory and enforcement powers for VLOPs and VLOSEs. Commission fines for VLOP/VLOSE infringement can reach 6% of total worldwide annual turnover in the preceding financial year.

The Commission is the sole DMA enforcer, supported by cooperation with national authorities. Fines can reach 10% of total worldwide turnover in the preceding financial year, or 20% for the same or similar Article 5 to 7 infringement for the same core platform service after a non-compliance decision in the preceding eight years.

Regulator engagement should follow the regime. DSA escalation may involve a Digital Services Coordinator or the Commission for VLOPs/VLOSEs; DMA escalation is Commission-centered and tied to gatekeeper non-compliance.

Trust and safety, moderation operations, marketplace operations, advertising product, recommender-system owners, policy, legal, risk, compliance, audit, and researcher-access teams.

Competition counsel, platform product, engineering, data governance, privacy, interoperability owners, developer relations, commercial operations, compliance function, and regulatory reporting teams.

A combined EU digital-regulation steering group can coordinate dependencies, but the accountable owners should remain tied to the system they can actually change.

The same product change can touch DSA and DMA at once when it affects content moderation, trader verification, ad labels, recommender disclosures, or VLOP/VLOSE risk work on one side and data access, interoperability, defaults, steering, or business-user terms on the other.

Reuse is possible only after the team separates the legal question: the DSA asks whether the service is handling intermediary-service duties, while the DMA asks whether a designated gatekeeper is changing conduct for a listed core platform service.

Check whether one change creates two obligations. If yes, keep one evidence file, but tag each artifact with the DSA or DMA rule it supports before you send it to legal, product, or regulators.

Start with DSA if the question is about illegal content, moderation, notice handling, transparency reporting, trader traceability, trusted flaggers, complaints, or systemic-risk mitigation for a platform or search service.

Start with DMA if the question is about a designated gatekeeper's core platform service, especially defaults, access, data combination, interoperability, steering, self-preferencing, tying, or business-user terms.

If both regimes apply, assign two findings and two owners. Then decide which parts of the product spec, log set, or report can be shared without collapsing the DSA service-tier analysis into the DMA gatekeeper analysis.