DSA workflow guideEU

DSA notice and action plus statements of reasons

Use this guide to connect Article 16 notice intake, Article 17 statements of reasons, Article 24 database submission, and Article 20-22 redress and trusted-flagger handling.

Built for trust and safety, platform operations, legal, compliance, product, and data teams that need a durable record from notice receipt through decision, explanation, database submission, complaint, and appeal.

Back to main artifactReview sources
Author
Sorena AI
Published
May 9, 2026
Updated
May 9, 2026
Sections
6

Structured answer sets in this page tree.

Primary sources
12

Cited legal and guidance references.

Publication metadata
Sorena AI
Published May 9, 2026
Updated May 9, 2026
Overview

The Digital Services Act separates the work into connected records: a hosting-service notice mechanism for alleged illegal content, a decision on the specific item of information, a statement of reasons to the affected recipient when content or account restrictions are imposed, and, for online platforms, submission of those statements to the Commission's DSA Transparency Database without personal data. The same case record should also preserve complaint, dispute-settlement, trusted-flagger, automation, and transparency-reporting fields.

Section 1

1. Build the Article 16 notice intake record

Providers of hosting services need an electronic notice mechanism that is easy to access and user-friendly. The intake form should capture the elements Article 16 expects before the case is routed: why the notifier alleges the item is illegal, the exact electronic location such as a URL, contact details unless a child sexual abuse exception applies, and a good-faith accuracy statement.

Treat each notice as a case record, not just a support ticket. Article 16 links sufficiently precise and substantiated notices to actual knowledge or awareness when they let a diligent hosting provider identify illegality for the specific item without detailed legal examination.

  • Separate the alleged illegal-content category from terms-and-conditions issues so the later statement of reasons can identify the ground relied on.
  • Store the exact URL or other electronic location, the item count covered by the notice, the notifier type, and whether the notifier is a trusted flagger.
  • Send confirmation of receipt without undue delay when the notice contains electronic contact information.
  • Record whether the notice was processed with automated means and whether any decision-making step used automation.
  • Notify the notifier without undue delay of the decision on the noticed information and include available redress routes.
Sources for this answer
Regulation (EU) 2022/2065 (Digital Services Act), Articles 16 and 17
Article 16 sets the required notice mechanism, notice elements, receipt acknowledgement, decision notice, processing standard, and automation disclosure for notices.
Implementing Regulation (EU) 2024/2835 on DSA transparency reporting templates
The reporting template instructions require notice counts, trusted-flagger notice counts, item counts, automation counts, action basis, and median action time for Article 16 notices.
Section 2

2. Decide the action and create the Article 17 statement of reasons

A statement of reasons is required for affected recipients when a hosting provider restricts content, payments, service access, or an account because user-provided information is illegal content or incompatible with the provider's terms and conditions. It applies at the latest when the restriction is imposed if the provider knows the relevant electronic contact details.

The statement should be written from the decision record. It must explain the restriction, the facts and circumstances relied on, whether the decision followed an Article 16 notice or own-initiative investigation, any automation used, the legal or contractual ground, and the available redress routes.

  • Name the restriction: removal, disabling access, demotion, visibility restriction, payment restriction, service suspension or termination, or account suspension or termination.
  • Record territorial scope and duration where relevant.
  • Explain facts and circumstances in enough detail for the affected recipient to understand and challenge the decision.
  • If the decision concerns alleged illegality, cite the legal ground and explain why the content is considered illegal on that ground.
  • If the decision is based on terms, cite the contractual ground and explain why the content is considered incompatible with it.
  • Include clear, user-friendly redress information, including internal complaints, out-of-court dispute settlement, and judicial redress where applicable.
Sources for this answer
Regulation (EU) 2022/2065 (Digital Services Act), Article 17
Article 17 defines when a statement of reasons is required and the minimum contents of that explanation.
European Commission - DSA Transparency Database Q&A
Commission FAQ explains statements of reasons as the user-facing information provided when content is removed or otherwise restricted.
Section 3

3. Submit platform statements to the DSA Transparency Database

The DSA Transparency Database is narrower than the user-facing statement duty. Article 17 applies to hosting services, including online platforms, but Article 24(5) requires providers of online platforms to submit their Article 17 decisions and statements of reasons to the Commission's publicly accessible machine-readable database.

Before submission, online platforms must remove personal data. Redress options are relevant to the affected recipient and are not included in the public database. The Commission FAQ also explains the database lifecycle: statements become available from the following day, search data is retained for six months, daily dumps are retained for 18 months, and aggregated dashboard statistics are available for five years.

  • Keep one case record that can produce both the recipient-facing explanation and the database submission.
  • Run a personal-data exclusion check before submission and retain evidence of the check.
  • Do not submit the underlying moderated content as if it were part of the database record; the database records statements of reasons, not the content itself.
  • Preserve the platform, timeframe, restriction type, ground, decision facts, automation fields, and free-text explanations needed to reconcile database submissions with internal cases.
  • Keep download, correction, and quality-monitoring logs so later transparency reports and regulator questions can be traced back to submitted cases.
Sources for this answer
Regulation (EU) 2022/2065 (Digital Services Act), Article 24(5)
Article 24(5) requires online platforms to submit Article 17 decisions and statements of reasons to the Commission database and ensure submissions contain no personal data.
European Commission - How the Digital Services Act enhances transparency
Commission transparency page explains the database, public access, near-real-time collection, and the no-personal-data submission expectation.
European Commission - DSA Transparency Database Q&A
Commission database FAQ explains database scope, public access, data fields, personal-data exclusion, search, downloads, and retention periods.
Section 4

4. Connect complaints, appeals, and dispute settlement to the same case

For online platforms, the decision is not complete when the statement of reasons is sent. Article 20 requires a free electronic internal complaint-handling system for at least six months after the recipient or notifier is informed of covered decisions. Covered decisions include action or inaction on a notice, content visibility restrictions, service suspension or termination, account suspension or termination, and monetisation restrictions.

Complaint outcomes need human supervision. Article 20 requires timely, non-discriminatory, diligent, and non-arbitrary handling, reversal without undue delay where the complaint shows the original decision was unfounded, reasoned decisions to complainants, and decisions not taken solely by automated means.

  • Link every complaint to the original notice, moderation decision, statement of reasons, database submission identifier where used, and appeal deadline.
  • Record whether the complaint was upheld, partially reversed, reversed, or rejected, and the median decision time for transparency reporting.
  • Tell complainants about certified out-of-court dispute settlement and other redress options when issuing the complaint decision.
  • For out-of-court disputes, keep the selected certified body, outcome, completion time, implementation decision, and cost allocation evidence.
  • Keep judicial redress references separate from platform-managed complaint steps so the user-facing text does not imply court rights depend on internal exhaustion.
Sources for this answer
Regulation (EU) 2022/2065 (Digital Services Act), Articles 20 and 21
Articles 20 and 21 define online-platform internal complaint handling and access to certified out-of-court dispute settlement bodies.
European Commission - DSA out-of-court dispute settlement
Commission source for certified out-of-court dispute settlement bodies and the DSA dispute-settlement route.
Implementing Regulation (EU) 2024/2835 on DSA transparency reporting templates
Template instructions include internal complaint categories, including complaints about decisions not to act on Article 16 notices and trusted-flagger notices.
Section 5

5. Give trusted flagger notices priority without outsourcing the decision

Trusted flaggers are certified by the Digital Services Coordinator in the Member State where the applicant is established. For online platforms, Article 22 requires technical and organisational measures so notices submitted by trusted flaggers within their designated area of expertise through Article 16 mechanisms are prioritised and processed and decided without undue delay.

Priority is not automatic removal. The Commission trusted-flagger page explains that trusted flaggers notify online platforms of content they consider illegal, while providers remain responsible for deciding on notices and removing content where justified.

  • Verify the trusted flagger status, designated area of expertise, and EU-wide validity before routing the notice as a priority trusted-flagger notice.
  • Tag trusted-flagger notices separately from ordinary notices for Article 22 and implementing-template reporting.
  • Keep the same Article 16 quality fields for trusted-flagger notices: reason, exact electronic location, contact details where required, good-faith statement, item count, action basis, automation use, and decision time.
  • Escalate evidence to the awarding Digital Services Coordinator if platform records indicate a significant number of insufficiently precise, inaccurate, or inadequately substantiated notices from a trusted flagger.
  • Do not include personal data in trusted-flagger annual-report or platform-transparency data outputs.
Sources for this answer
Regulation (EU) 2022/2065 (Digital Services Act), Article 22
Article 22 defines priority handling for trusted-flagger notices, certification criteria, annual reporting, database publication, suspension, and revocation.
European Commission - Trusted flaggers under the Digital Services Act
Commission page explains the role of trusted flaggers, DSC designation, priority treatment, EU-based eligibility, and provider responsibility for deciding notices.
European Commission - Digital Services Coordinators
Commission page explains that Digital Services Coordinators certify trusted flaggers and out-of-court dispute settlement bodies.
Section 6

Records checklist for notice, decision, statement, and appeal evidence

The useful record is a joined case history: notice intake, moderation review, statement of reasons, database submission, complaint, appeal, and reporting metrics. Keeping these as separate disconnected logs makes it difficult to prove that the provider sent the right user notice, submitted the right public database fields, and reported the right aggregate counts.

Use the checklist below as a minimum record structure. Add product-specific fields only when they help prove a DSA requirement or explain a decision to a user, auditor, Digital Services Coordinator, or the Commission.

Does every DSA notice require a statement of reasons?

No. Article 16 requires the provider to notify the notifier of the decision on the noticed information. Article 17 requires a statement of reasons to affected recipients when the hosting provider imposes covered restrictions because user-provided information is illegal content or incompatible with terms and conditions, subject to the Article 17 conditions and exceptions.

Which providers submit statements of reasons to the DSA Transparency Database?

The user-facing statement duty applies to providers of hosting services, including online platforms. The Article 24(5) database submission duty applies to providers of online platforms, which must submit Article 17 decisions and statements of reasons to the Commission database without personal data.

How should trusted-flagger notices be handled?

Online platforms must give Article 16 notices from trusted flaggers priority and process and decide them without undue delay when the flagger acts within its designated expertise. The platform still owns the moderation decision and should keep evidence of the trusted-flagger status, notice quality, action basis, timing, and outcome.

  • Service classification: hosting service, online platform, and any micro or small enterprise assessment relevant to platform-specific obligations.
  • Notice record: notifier type, trusted-flagger status if any, alleged illegal-content category, exact electronic location, item count, contact information rule, good-faith statement, receipt confirmation, and processing timestamps.
  • Decision record: action taken or not taken, legal or terms basis, facts and circumstances, automation use, reviewer, non-arbitrary and objective review notes, and decision notification.
  • Statement-of-reasons record: affected recipient, restriction type, scope, duration, legal or contractual explanation, redress text, delivery time, and any exception relied on.
  • Database record: online-platform submission status, personal-data removal check, submission date, correction or quality issue, and linkage to the public database export fields.
  • Redress record: internal complaint window, complaint category, reasoned complaint decision, human-supervision evidence, reversal status, out-of-court dispute body, outcome, implementation, and timing.
  • Reporting record: Article 15 and Article 24 template fields for notices, trusted-flagger notices, automated processing, action basis, complaints, dispute settlement, reversals, and median times.
Sources for this answer
Regulation (EU) 2022/2065 (Digital Services Act)
Primary DSA source for notice mechanisms, statements of reasons, complaints, dispute settlement, trusted flaggers, and database submission.
Implementing Regulation (EU) 2024/2835 on DSA transparency reporting templates
Source for harmonised transparency-reporting fields tied to notice intake, trusted-flagger notices, automated processing, internal complaints, disputes, and median times.
Recommended next step

Use this guide to connect notices, decisions, redress, and database submissions

Sorena can help map your DSA notice intake, moderation decisioning, statement-of-reasons, complaint, trusted-flagger, and transparency-reporting records into reusable evidence workflows.

Research workflow
Open Research Copilot for DSA questions

Ask source-linked questions about Article 16 notices, Article 17 statements, DSA Transparency Database submission, trusted flaggers, and appeals.

Explore next step
Talk to Sorena
Talk through implementation

Review your DSA notice-and-action workflow, statement-of-reasons fields, complaint routing, and evidence gaps with Sorena.

Explore next step
Primary sources

References and citations

European Commission - Digital Services Coordinators
digital-strategy.ec.europa.eu
Referenced sections
  • Commission page explains that Digital Services Coordinators certify trusted flaggers and out-of-court dispute settlement bodies.
"certifying trusted flaggers"
European Commission - DSA Transparency Database Q&A
digital-strategy.ec.europa.eu
Referenced sections
  • Commission database FAQ explains database scope, public access, data fields, personal-data exclusion, search, downloads, and retention periods.
"The database is publicly accessible and machine-readable."
Regulation (EU) 2022/2065 (Digital Services Act)
eur-lex.europa.eu
Referenced sections
  • Primary DSA source for notice mechanisms, statements of reasons, complaints, dispute settlement, trusted flaggers, and database submission.
"a Single Market For Digital Services"
Regulation (EU) 2022/2065 (Digital Services Act), Article 24(5)
eur-lex.europa.eu
Referenced sections
  • Article 24(5) requires online platforms to submit Article 17 decisions and statements of reasons to the Commission database and ensure submissions contain no personal data.
"publicly accessible machine-readable database"
Related guides

Explore more topics

DSA Ads and Recommender Systems: transparency duties, user choice, and evidence
A grounded DSA guide to ad labels, targeting restrictions, recommender parameter disclosure, non-profiling options for VLOPs and VLOSEs, ad repositories, and compliance evidence.
DSA Applicability Test: classify intermediary services, platforms, marketplaces, VLOPs and VLOSEs
A source-grounded EU Digital Services Act applicability test for classifying intermediary services, hosting services, online platforms, marketplaces, VLOPs and VLOSEs.
DSA Article 28 minors protection guide for online platforms
EU Digital Services Act guide to Article 28 minors protection: platform scope, child-safety measures, targeted ads limits, recommender controls, and grounded evidence.
DSA average monthly active recipients: what platforms must publish
A grounded FAQ on average monthly active recipients under the EU Digital Services Act, including publication, EU recipient scope, the 45 million VLOP/VLOSE threshold, and evidence records.
DSA Complaint and Dispute Workflows for Online Platforms
Build DSA complaint, appeal, statement-of-reasons, and out-of-court dispute workflows for online platform moderation decisions.
DSA crisis response for VLOPs and VLOSEs
EU Digital Services Act crisis response guide for VLOPs and VLOSEs: Article 36 Commission decisions, Article 48 crisis protocols, mitigation, governance, requests for information, and records.
DSA Dark Patterns: interface design checks for online platforms
Article 25 DSA guidance for reviewing online platform interfaces for deceptive, manipulative, or choice-distorting design patterns.
DSA Enforcement and Penalties in the EU
How Digital Services Act enforcement works: Commission and Digital Services Coordinator roles, VLOP and VLOSE investigations, fines, periodic penalty payments, and evidence readiness.
DSA illegal content notices: what must be included?
A grounded FAQ on EU Digital Services Act illegal-content notices: Article 16 notice elements, acknowledgement, decision notices, trusted flagger priority, statements of reasons, and records.
DSA Marketplace Trader Traceability FAQ
Answer to what EU Digital Services Act Article 30 requires online marketplaces to collect, verify, display, retain, and evidence for trader traceability.
DSA Marketplace Trader Traceability Guide
EU Digital Services Act guide for online marketplaces collecting, checking, displaying, storing, and evidencing trader traceability information.
DSA Notice and Action Workflow for Hosting Services and Online Platforms
A grounded DSA notice-and-action workflow covering notice intake, completeness checks, trusted flaggers, decisions, user communications, statements of reasons, appeals, and records.
DSA recommender transparency FAQ: Article 27 and VLOP options
What EU Digital Services Act recommender transparency requires: main parameters, user options, VLOP/VLOSE non-profiling choices, and evidence to keep.
DSA researcher data access for VLOPs and VLOSEs
Article 40 DSA guide to vetted researcher data access for VLOPs and VLOSEs: DSC requests, eligibility checks, amendment grounds, confidentiality, security, and evidence records.
DSA service tier classifier for platforms, marketplaces, VLOPs and VLOSEs
Classify a digital service under the EU Digital Services Act as intermediary, hosting, online platform, marketplace, VLOP or VLOSE, with EU recipient-count evidence and obligation outputs.
DSA statement of reasons FAQ
When DSA statements of reasons are required, what they must contain, when online platforms submit them to the DSA Transparency Database, and what appeal records to keep.
DSA statement of reasons log workflow for online platforms
Build a DSA statement of reasons log for moderation decisions, Transparency Database submission, complaint links, retention, and QA controls.
DSA transparency report template fields and cadence
A source-grounded template outline for Digital Services Act transparency reports, covering applicable service tiers, reporting periods, CSV/XLSX format, retention, statement-of-reasons links, and required evidence tables.
DSA Transparency Reporting Obligations by Provider Tier
A grounded guide to EU Digital Services Act transparency reports, active-recipient publication, statements-of-reasons submissions, VLOP/VLOSE reports, templates, cadence, and evidence.
DSA VLOP and VLOSE Risk Assessments and Mitigation Guide
Grounded guide to Digital Services Act systemic risk assessments, mitigation measures, audits, transparency reports, data access, and governance evidence for VLOPs and VLOSEs.
DSA VLOP Audit Pack Workflow: Risk, Mitigation, Audit, and Transparency Records
Build a DSA VLOP or VLOSE audit pack covering Article 34 risk assessments, Article 35 mitigations, independent-audit evidence, transparency reports, data access, and compliance governance.
DSA VLOP Risk Assessment FAQ: Article 34, Mitigation, Audits
What VLOPs and VLOSEs must assess under the EU Digital Services Act, when to reassess, how Article 35 mitigation and annual audit evidence fit together, and what records to keep.
DSA vs DMA Platform Rules
Compare the EU Digital Services Act and Digital Markets Act by scope, designation thresholds, obligations, enforcement, evidence, and practical team ownership.
DSA vs GDPR: online-platform governance and personal-data obligations
Compare the EU Digital Services Act and EU GDPR by scope, ads, recommenders, minors, transparency, complaints, enforcement, and evidence.
DSA vs P2B Regulation: EU platform obligations compared
Compare the EU Digital Services Act with the Platform-to-Business Regulation for platform scope, business-user terms, content moderation, ranking transparency, complaints, enforcement, and evidence.
DSA vs Terrorist Content Online Regulation: notice-and-action vs removal orders
Compare DSA content-governance duties with the EU Terrorist Content Online Regulation removal-order workflow for scope, timing, evidence, authorities, and team ownership.
EU Digital Services Act checklist for platforms and hosting services
A grounded DSA checklist for classifying service tiers, notice-and-action, statements of reasons, complaints, transparency reports, ads, recommenders, trader traceability, VLOP/VLOSE duties, and evidence records.
EU Digital Services Act Compliance Guide
DSA compliance guide for intermediary services, hosting providers, online platforms, marketplaces, and VLOP/VLOSE teams: obligations, controls, and evidence to keep.
EU Digital Services Act FAQ: DSA scope, platform duties, VLOPs, reports, and penalties
Concise EU Digital Services Act FAQ covering intermediary-service scope, active-recipient thresholds, illegal-content notices, statements of reasons, trader traceability, recommender transparency, systemic-risk duties, reporting, penalties, and complaints.
EU Digital Services Act penalties and fines: caps and enforcement roles
DSA penalty caps and enforcement roles: Member State fines, Commission fines for VLOPs and VLOSEs, 1% procedural fines, and 5% periodic penalty payments.
EU Digital Services Act requirements by service tier
Overview of DSA obligations for intermediary services, hosting providers, online platforms, marketplaces, VLOPs and VLOSEs, including notices, complaints, ads, transparency reports, audits, data access and enforcement.
EU Digital Services Act service types and scope
Classify DSA service scope across mere conduit, caching, hosting, online platforms, marketplaces, online search engines, and VLOP/VLOSE threshold duties.
EU DSA deadlines and compliance calendar: application dates, reporting cycles, and VLOP clocks
Calendar view of grounded EU Digital Services Act dates: full application, user-number publication, VLOP/VLOSE designation clocks, statements of reasons, and transparency reporting cycles.
EU DSA Transparency Calendar: reporting, SoR database, AMAR updates
Build a DSA transparency calendar for annual reports, statement-of-reasons database submissions, active-recipient updates, and VLOP/VLOSE audit touchpoints.
EU DSA vs UK Online Safety Act: scope, duties, regulator, and evidence
Compare the EU Digital Services Act and UK Online Safety Act for platform scope, risk assessments, child protection, transparency, regulators, enforcement, and owners.