Search every question across sub-FAQs

For this FAQ, average monthly active recipients means the Article 24(2) user-number publication for an online platform or online search engine: information on the average monthly active recipients of the service in the Union, calculated as an average over the past six months.

The relevant population is not worldwide users. The DSA text and Commission guidance frame the obligation around active recipients of the service in the Union, and the Commission guidance links that publication to Article 24(2), Recital 77, DSA definitions in Article 3, and the VLOP/VLOSE designation rule in Article 33.

Article 24(2) required providers to publish the first information by 17 February 2023 and to update it at least once every six months thereafter. The publication must be in a publicly available section of the online interface for each online platform or online search engine.

The publication duty is separate from authority-response duties. Under Article 24(3), the Digital Services Coordinator of establishment or the Commission may request the published information updated to the moment of the request, and may require additional calculation information, explanations, and substantiation about the data used.

Article 33 applies the very large online platform and very large online search engine regime to online platforms and online search engines with average monthly active recipients in the Union equal to or higher than 45 million, once designated by the Commission.

Designation is a Commission decision. The Commission can base the decision on Article 24(2) data reported by the provider, information requested under Article 24(3), or other information available to it. If designated, the additional VLOP/VLOSE obligations apply from four months after notification to the provider. The Commission terminates a designation if the service remains below the threshold for an uninterrupted period of one year.

The DSA does not require teams to publish their full internal calculation workbook on the public page. It does, however, let the Digital Services Coordinator of establishment and the Commission ask for explanations and substantiation about the calculation and the data used, without personal data.

A defensible evidence record should therefore explain the service boundary, the Union recipient population, the six-month averaging period, the data sources used, the assumptions applied, the publication location, and the authority-response owner. Keep methodology caveats visible in the internal record rather than turning them into unsupported precision in the public copy.

Article 16 requires providers of hosting services to offer easy-to-access, user-friendly electronic mechanisms for notices about specific items of information that a person or entity considers illegal content.

A notice should be treated as an Article 16 notice only when it is precise enough to identify the content and substantiated enough to let the provider assess the alleged illegality without turning the intake queue into a general monitoring exercise.

If the notice contains the notifier's electronic contact information, the hosting service must confirm receipt without undue delay and later notify the notifier of the decision on the reported information, including available redress routes.

If automated means are used for processing or decision-making, that use must be disclosed in the decision notification. If the provider restricts content because it is illegal or incompatible with terms, Article 17 may also require a clear and specific statement of reasons to the affected recipient.

A trusted flagger notice is still submitted through the Article 16 mechanism, but Article 22 requires online platforms to give priority to notices from trusted flaggers acting within their designated area of expertise and to process and decide them without undue delay.

Trusted flagger status does not transfer the moderation decision to the flagger. The Commission explains that trusted flaggers notify platforms of content they consider illegal, while providers remain responsible for deciding on notices and removing content where justified.

For an online marketplace in scope of Article 30, a trader should not be able to promote messages about products or services, or offer products or services to consumers located in the Union, until the platform has obtained the required trader information.

The marketplace also has to make best efforts to assess whether the information is reliable and complete before the trader uses the service. That assessment can use freely accessible official databases or online interfaces made available by a Member State or the Union, or supporting documents from reliable sources requested from the trader.

Article 30 separates internal collection from consumer-facing disclosure. The marketplace does not publish every collected item, but it must make the trader's name and contact information, trade-register information where applicable, and the trader's compliance self-certification available to recipients of the service in a clear, easily accessible, and comprehensible way.

The disclosure belongs at least on the marketplace interface where the product or service information appears. Hiding the trader's identity until after checkout is the type of presentation risk the DSA is designed to avoid.

If the marketplace has sufficient indications or reason to believe that Article 30 trader information is inaccurate, incomplete, or not up to date, it must ask the trader to remedy the problem without delay or within the period set by Union and national law.

If the trader does not correct or complete the information, the marketplace must swiftly suspend the service for that trader in relation to products or services offered to consumers located in the Union. A refusal or suspension decision also connects to the DSA complaint routes available to the trader.

Trader traceability should be implemented together with Article 31 marketplace interface controls. The interface must let traders provide required pre-contractual, compliance, and product safety information, including product or service identification, trader signs such as a trademark or logo, and applicable labelling and marking information.

After a trader is allowed to offer products or services, the marketplace must make reasonable efforts to randomly check official, freely accessible, machine-readable databases or interfaces to see whether offered products or services have been identified as illegal. If the marketplace becomes aware that an illegal product or service was offered, Article 32 requires consumer information where contact details are available, or public notice where they are not.

The useful evidence is the proof that the marketplace actually enforced Article 30 in seller onboarding and live seller maintenance. Keep the collected trader data securely, document how reliability and completeness were assessed, and tie each trader status change to the relevant product or service flow.

Article 30 requires secure storage during the contractual relationship and for six months after it ends, followed by deletion. Disclosure to third parties should be limited to cases required by applicable law, including DSA orders and competent-authority or Commission orders.

Article 27 applies to providers of online platforms that use recommender systems. The DSA defines a recommender system as a fully or partly automated system that suggests information, prioritises it, or determines the relative order or prominence of information in the platform interface.

The platform must set out, in its terms and conditions and in plain, intelligible language, the main parameters used by the recommender system and any options recipients have to modify or influence those parameters.

Article 27 distinguishes between disclosure of options and in-product functionality. If several options are available for a recommender system that determines the relative order of information, the platform must let the recipient select and modify the preferred option at any time.

That control must be directly and easily accessible from the specific part of the online interface where information is being prioritised. A buried account setting is weak evidence if the ranking choice is presented somewhere else.

Article 38 adds a separate requirement for providers of very large online platforms and very large online search engines that use recommender systems. In addition to Article 27, they must provide at least one option for each recommender system that is not based on profiling under the GDPR definition referenced by the DSA.

The Commission describes VLOPs and VLOSEs as platforms or search engines with equal to or higher than 45 million monthly users in the EU once designated. For those designated services, the recommender inventory should show each recommender system and the matching non-profiling option.

Keep enough evidence to prove that the public disclosure, the live user interface, and the recommender implementation describe the same system. This is especially important for VLOPs and VLOSEs because DSA risk assessment, mitigation, audit, and data-access provisions can require explanations of algorithmic-system design, logic, functioning, and testing.

The evidence record should avoid invented scoring formulas. Use the real product documentation: criteria that matter most, reasons those criteria matter, UI choices available to recipients, and release records showing when the disclosure changed.

A statement of reasons is triggered by the moderation decision, not by the label a team gives the workflow. Article 17 applies to providers of hosting services when they impose one of the listed restrictions because information provided by a recipient of the service is considered illegal content or incompatible with the provider's terms and conditions.

The covered restrictions include removing, disabling access to, demoting, or otherwise restricting visibility of specific information; suspending, terminating, or otherwise restricting monetary payments; suspending or terminating all or part of the service; and suspending or terminating the recipient's account.

Article 17 applies only where the provider knows the relevant electronic contact details, and it applies at the latest from the date the restriction is imposed. It does not apply to deceptive high-volume commercial content, and it does not apply to orders covered by Article 9.

Article 17 requires enough detail for the affected recipient to understand the decision and exercise available redress rights. The statement should identify the moderation measure, the territorial scope and duration where relevant, the facts and circumstances relied on, and whether the decision followed an Article 16 notice or voluntary own-initiative investigation.

If automated means were used, the statement should say so where applicable, including whether the moderated content was detected or identified using automated means. If the ground is alleged illegality, cite the legal ground and explain why the information is illegal on that ground. If the ground is terms incompatibility, cite the contractual ground and explain why the information conflicts with it.

Redress information is part of the statement itself. For platform decisions, that means the recipient-facing notice should connect the user to the internal complaint-handling route where available, out-of-court dispute settlement where applicable, and judicial redress.

The DSA Transparency Database does not collect every hosting-service statement of reasons. The Commission FAQ explains that it collects statements of reasons from online platforms, which are a subset of hosting services that store user-provided information and disseminate it publicly, such as online marketplaces, app stores, or social networks.

For online platforms, Article 24(5) requires submission of the Article 17 decisions and statements of reasons to the Commission without undue delay for inclusion in a publicly accessible, machine-readable database. The submitted information must not contain personal data.

The Commission FAQ says redress options are not included in the public database because they are relevant only for the addressee of the statement of reasons. Operationally, keep the recipient-facing statement with redress information separately from the public database payload, and keep a personal-data removal check before submission.

For online platforms, Article 20 requires an effective internal complaint-handling system for at least six months after the recipient is informed about covered moderation decisions. Complaints must be handled in a timely, non-discriminatory, diligent, and non-arbitrary manner, and complaint decisions must be supervised by appropriately qualified staff rather than made solely by automated means.

Users can also turn to certified out-of-court dispute settlement bodies for covered platform moderation disputes, without losing the ability to go to court. The Commission's dispute-settlement page states that users may select any certified body whose expertise covers the dispute and whose language coverage fits the case.

Keep records that let reviewers connect the original moderation decision, the recipient-facing statement, the Transparency Database submission where required, and any complaint or dispute outcome. The Commission database FAQ also gives retention context for public database access: statements become available from the following day after successful insertion, search retains them for six months, daily dumps retain them for 18 months, and dashboard aggregate statistics cover the last five years.