WorkflowEU DSA

DSA notice and action workflow

Build a notice queue that captures the Article 16 inputs, routes trusted flagger notices with priority, records the decision, and hands off restrictions to user communications and statement-of-reasons reporting.

Use this page for hosting services and online platforms that need a practical, source-grounded operating model for illegal-content notices under the EU Digital Services Act.

Back to main artifactReview sources
Author
Sorena AI
Published
May 9, 2026
Updated
May 9, 2026
Sections
4

Structured answer sets in this page tree.

Primary sources
6

Cited legal and guidance references.

Publication metadata
Sorena AI
Published May 9, 2026
Updated May 9, 2026
Overview

The DSA notice-and-action workflow starts when a hosting service receives an electronic notice about a specific item of allegedly illegal content. A useful workflow does more than collect a webform: it checks whether the notice is precise enough to assess, separates trusted flagger notices, records the moderation decision, informs the notifier and affected user where required, creates any statement of reasons, and preserves the data needed for complaints, dispute settlement, transparency reporting, and regulator questions.

Section 1

1. Intake the notice as a specific content report

Article 16 applies to providers of hosting services, including online platforms. The intake channel should allow any individual or entity to submit notices electronically about specific items of information that they consider illegal content.

Do not treat a general abuse complaint, broad account grievance, or policy suggestion as a complete DSA notice unless it identifies the relevant content and gives enough information to assess the alleged illegality. Keep the original notice payload, timestamps, language, channel, and any automated routing flags.

  • Required notice fields: substantiated explanation of why the content is alleged to be illegal, exact URL or other exact electronic location, any additional locator needed for that content type, notifier name and email unless the DSA exception for certain child sexual abuse offences applies, and a bona fide accuracy-and-completeness statement.
  • Completeness triage: mark the notice complete, incomplete but follow-up possible, duplicate, wrong service, or urgent escalation. A complete notice is one that lets a diligent hosting provider identify and assess the specific item without a detailed legal examination.
  • Receipt acknowledgement: when the notice contains electronic contact information, send a confirmation of receipt without undue delay and store the acknowledgement event.
  • Knowledge marker: if the notice is sufficiently precise and adequately substantiated, record that it may give rise to actual knowledge or awareness for the specific item of information concerned.
  • Safety escalation: if the notice or review creates a reasonable suspicion of a criminal offence involving a threat to life or safety, route it to the law-enforcement notification process rather than leaving it only in the moderation queue.
Sources for this answer
Regulation (EU) 2022/2065 (Digital Services Act)
Article 16 sets the electronic notice mechanism and required notice elements for hosting services.
European Commission - The Digital Services Act
Commission overview describes easy flagging of illegal content and the platform response and appeal context.
Section 2

2. Prioritise trusted flaggers without outsourcing the decision

Online platforms need a separate trusted flagger lane. Trusted flaggers are designated by national Digital Services Coordinators and their notices, when submitted within the designated area of expertise through the Article 16 mechanism, must receive priority and be processed and decided on without undue delay.

Priority does not mean automatic removal. The Commission's trusted flagger page states that providers remain responsible for deciding on notices and removing content where justified. The workflow should therefore identify the trusted flagger, verify scope, speed the review, and still capture the platform's own legal or terms-based decision.

  • Trusted flagger validation: record the entity name, designation source, Digital Services Coordinator, area of expertise, notice channel, and whether the notice falls inside the trusted flagger's designated scope.
  • Priority routing: surface the case ahead of ordinary notices, assign a reviewer with the right language and subject-matter competence, and preserve the queue-time and decision-time metrics.
  • Decision control: require the same outcome fields as other notices: no action, content restriction, account/service restriction, monetisation restriction, escalation, or request for more information.
  • Misuse signal: if the platform has information indicating a significant number of insufficiently precise, inaccurate, or inadequately substantiated trusted flagger notices, prepare the supporting explanation and documents for the Digital Services Coordinator that awarded the status.
  • Reporting split: distinguish total notice-and-action mechanism notices from trusted flagger notices for transparency-report and automation metrics.
Sources for this answer
Regulation (EU) 2022/2065 (Digital Services Act)
Article 22 requires priority handling for trusted flagger notices and covers escalation of misuse information to the relevant Digital Services Coordinator.
European Commission - Trusted flaggers under the Digital Services Act
Commission page explains trusted flagger designation, priority treatment, scope, and the provider's continuing responsibility to decide notices.
Implementing Regulation (EU) 2024/2835 on DSA transparency reporting templates
Annex reporting instructions distinguish notice-and-action mechanism totals and trusted flagger notice counts.
Section 3

3. Decide, act, and communicate the outcome

For every complete notice, the reviewer should decide in a timely, diligent, non-arbitrary, and objective manner. The record should show whether the decision relied on law, terms and conditions, both, or no action, and whether automated means were used in processing or decision-making.

The notifier communication and affected-user communication are different handoffs. Article 16 requires the hosting provider to notify the person or entity that submitted the notice of the decision and available redress. Article 17 separately requires a clear and specific statement of reasons to affected recipients when covered restrictions are imposed and the relevant electronic contact details are known.

  • Decision fields: content identifier, alleged illegal-content category, legal ground if used, terms ground if used, action taken, territorial scope, duration, reviewer, automation used, and decision timestamp.
  • Notifier message: tell the notifier the decision on the reported information without undue delay and include redress information for that decision.
  • Affected user message: when content visibility, payments, service access, or account access is restricted on illegality or terms grounds, issue a statement of reasons at the latest when the restriction is imposed, unless a DSA exception applies.
  • Statement-of-reasons content: include the measure, territorial scope and duration where relevant, facts and circumstances, whether the decision followed an Article 16 notice or own-initiative review, automated-means information where applicable, the legal or contractual ground, and redress options.
  • Automation disclosure: when automated means were used for notice processing or decision-making, include that information in the decision notification and retain the automation flag for reporting.
Sources for this answer
Regulation (EU) 2022/2065 (Digital Services Act)
Articles 16 and 17 define decision notification, automated-means disclosure, covered restrictions, and statement-of-reasons contents.
European Commission - DSA Transparency Database Q&A
Commission FAQ explains that statements of reasons help users understand and potentially challenge content moderation decisions.
Section 4

4. Hand off complaints, dispute routes, transparency reporting, and records

The notice workflow should not close merely because a moderation action was taken. Online platforms need downstream complaint handling for decisions on notices and covered moderation restrictions, and statement-of-reasons data may need submission to the Commission's DSA Transparency Database.

A durable record ties the original notice to the decision, communications, complaint status, out-of-court dispute status, and reporting metrics. That is the record a platform needs when a user appeals, a certified dispute settlement body asks for context, a transparency report is prepared, or a regulator examines trusted flagger handling.

  • Internal complaint route: for online platforms, provide electronic, free internal complaint access for at least six months after the relevant decision, including decisions not to act on a notice and covered restrictions affecting content, service, account, or monetisation.
  • Complaint review: handle complaints in a timely, non-discriminatory, diligent, and non-arbitrary manner, and reverse the decision without undue delay where the complaint shows the original decision was unfounded or the measure was not warranted.
  • Out-of-court dispute route: make clear and user-friendly information available about certified out-of-court dispute settlement, while preserving the option of judicial redress.
  • Transparency Database handoff: online platforms must submit Article 17 decisions and statements of reasons to the Commission database without undue delay and remove personal data from the submitted information.
  • Records to retain: original notice, completeness assessment, trusted flagger status and scope check, receipt acknowledgement, decision rationale, action taken, notifier decision notice, affected-user statement of reasons, appeal and dispute events, automation flags, reversal outcomes, and median-time inputs for reporting.
Sources for this answer
Regulation (EU) 2022/2065 (Digital Services Act)
Articles 20, 21, 23, and 24 connect notice decisions to internal complaints, out-of-court dispute settlement, misuse suspensions, and transparency database submissions.
European Commission - Out-of-court dispute settlement bodies under the DSA
Commission page explains that users can contest platform moderation decisions, including rejected illegal-content notices, through internal complaints, certified ODS bodies, or national courts.
European Commission - DSA Transparency Database Q&A
Commission FAQ explains Article 24(5) statement-of-reasons submission, personal-data removal, and database availability for online platforms.
Implementing Regulation (EU) 2024/2835 on DSA transparency reporting templates
Annex reporting instructions identify notice, trusted flagger, action, automation, complaint, dispute, reversal, implementation, and median-time fields.
Recommended next step

Map notice intake, moderation decisions, statements of reasons, and complaint routes

Sorena can help convert this notice-and-action workflow into queue fields, reviewer prompts, source-linked decision notes, and reporting handoffs for DSA implementation work.

Research workflow
Open Research Copilot for DSA notice handling

Ask source-linked questions about Article 16 notices, trusted flaggers, statements of reasons, appeals, and reporting records.

Explore next step
Talk to Sorena
Discuss DSA notice-and-action operations

Review your intake fields, escalation paths, statement-of-reasons handoff, and complaint records with Sorena.

Explore next step
Primary sources

References and citations

European Commission - DSA Transparency Database Q&A
digital-strategy.ec.europa.eu
Referenced sections
  • Commission FAQ explains Article 24(5) statement-of-reasons submission, personal-data removal, and database availability for online platforms.
"publicly accessible and machine-readable"
European Commission - The Digital Services Act
digital-strategy.ec.europa.eu
Referenced sections
  • Commission overview describes easy flagging of illegal content and the platform response and appeal context.
"Easy flagging of illegal content"
Regulation (EU) 2022/2065 (Digital Services Act)
eur-lex.europa.eu
Referenced sections
  • Articles 20, 21, 23, and 24 connect notice decisions to internal complaints, out-of-court dispute settlement, misuse suspensions, and transparency database submissions.
"internal complaint-handling system"
Related guides

Explore more topics

DSA Ads and Recommender Systems: transparency duties, user choice, and evidence
A grounded DSA guide to ad labels, targeting restrictions, recommender parameter disclosure, non-profiling options for VLOPs and VLOSEs, ad repositories, and compliance evidence.
DSA Applicability Test: classify intermediary services, platforms, marketplaces, VLOPs and VLOSEs
A source-grounded EU Digital Services Act applicability test for classifying intermediary services, hosting services, online platforms, marketplaces, VLOPs and VLOSEs.
DSA Article 28 minors protection guide for online platforms
EU Digital Services Act guide to Article 28 minors protection: platform scope, child-safety measures, targeted ads limits, recommender controls, and grounded evidence.
DSA average monthly active recipients: what platforms must publish
A grounded FAQ on average monthly active recipients under the EU Digital Services Act, including publication, EU recipient scope, the 45 million VLOP/VLOSE threshold, and evidence records.
DSA Complaint and Dispute Workflows for Online Platforms
Build DSA complaint, appeal, statement-of-reasons, and out-of-court dispute workflows for online platform moderation decisions.
DSA crisis response for VLOPs and VLOSEs
EU Digital Services Act crisis response guide for VLOPs and VLOSEs: Article 36 Commission decisions, Article 48 crisis protocols, mitigation, governance, requests for information, and records.
DSA Dark Patterns: interface design checks for online platforms
Article 25 DSA guidance for reviewing online platform interfaces for deceptive, manipulative, or choice-distorting design patterns.
DSA Enforcement and Penalties in the EU
How Digital Services Act enforcement works: Commission and Digital Services Coordinator roles, VLOP and VLOSE investigations, fines, periodic penalty payments, and evidence readiness.
DSA illegal content notices: what must be included?
A grounded FAQ on EU Digital Services Act illegal-content notices: Article 16 notice elements, acknowledgement, decision notices, trusted flagger priority, statements of reasons, and records.
DSA Marketplace Trader Traceability FAQ
Answer to what EU Digital Services Act Article 30 requires online marketplaces to collect, verify, display, retain, and evidence for trader traceability.
DSA Marketplace Trader Traceability Guide
EU Digital Services Act guide for online marketplaces collecting, checking, displaying, storing, and evidencing trader traceability information.
DSA notice and action plus statements of reasons guide
A grounded Digital Services Act guide for notice intake, moderation decisions, statements of reasons, DSA Transparency Database submission, complaints, appeals, trusted flaggers, and records.
DSA recommender transparency FAQ: Article 27 and VLOP options
What EU Digital Services Act recommender transparency requires: main parameters, user options, VLOP/VLOSE non-profiling choices, and evidence to keep.
DSA researcher data access for VLOPs and VLOSEs
Article 40 DSA guide to vetted researcher data access for VLOPs and VLOSEs: DSC requests, eligibility checks, amendment grounds, confidentiality, security, and evidence records.
DSA service tier classifier for platforms, marketplaces, VLOPs and VLOSEs
Classify a digital service under the EU Digital Services Act as intermediary, hosting, online platform, marketplace, VLOP or VLOSE, with EU recipient-count evidence and obligation outputs.
DSA statement of reasons FAQ
When DSA statements of reasons are required, what they must contain, when online platforms submit them to the DSA Transparency Database, and what appeal records to keep.
DSA statement of reasons log workflow for online platforms
Build a DSA statement of reasons log for moderation decisions, Transparency Database submission, complaint links, retention, and QA controls.
DSA transparency report template fields and cadence
A source-grounded template outline for Digital Services Act transparency reports, covering applicable service tiers, reporting periods, CSV/XLSX format, retention, statement-of-reasons links, and required evidence tables.
DSA Transparency Reporting Obligations by Provider Tier
A grounded guide to EU Digital Services Act transparency reports, active-recipient publication, statements-of-reasons submissions, VLOP/VLOSE reports, templates, cadence, and evidence.
DSA VLOP and VLOSE Risk Assessments and Mitigation Guide
Grounded guide to Digital Services Act systemic risk assessments, mitigation measures, audits, transparency reports, data access, and governance evidence for VLOPs and VLOSEs.
DSA VLOP Audit Pack Workflow: Risk, Mitigation, Audit, and Transparency Records
Build a DSA VLOP or VLOSE audit pack covering Article 34 risk assessments, Article 35 mitigations, independent-audit evidence, transparency reports, data access, and compliance governance.
DSA VLOP Risk Assessment FAQ: Article 34, Mitigation, Audits
What VLOPs and VLOSEs must assess under the EU Digital Services Act, when to reassess, how Article 35 mitigation and annual audit evidence fit together, and what records to keep.
DSA vs DMA Platform Rules
Compare the EU Digital Services Act and Digital Markets Act by scope, designation thresholds, obligations, enforcement, evidence, and practical team ownership.
DSA vs GDPR: online-platform governance and personal-data obligations
Compare the EU Digital Services Act and EU GDPR by scope, ads, recommenders, minors, transparency, complaints, enforcement, and evidence.
DSA vs P2B Regulation: EU platform obligations compared
Compare the EU Digital Services Act with the Platform-to-Business Regulation for platform scope, business-user terms, content moderation, ranking transparency, complaints, enforcement, and evidence.
DSA vs Terrorist Content Online Regulation: notice-and-action vs removal orders
Compare DSA content-governance duties with the EU Terrorist Content Online Regulation removal-order workflow for scope, timing, evidence, authorities, and team ownership.
EU Digital Services Act checklist for platforms and hosting services
A grounded DSA checklist for classifying service tiers, notice-and-action, statements of reasons, complaints, transparency reports, ads, recommenders, trader traceability, VLOP/VLOSE duties, and evidence records.
EU Digital Services Act Compliance Guide
DSA compliance guide for intermediary services, hosting providers, online platforms, marketplaces, and VLOP/VLOSE teams: obligations, controls, and evidence to keep.
EU Digital Services Act FAQ: DSA scope, platform duties, VLOPs, reports, and penalties
Concise EU Digital Services Act FAQ covering intermediary-service scope, active-recipient thresholds, illegal-content notices, statements of reasons, trader traceability, recommender transparency, systemic-risk duties, reporting, penalties, and complaints.
EU Digital Services Act penalties and fines: caps and enforcement roles
DSA penalty caps and enforcement roles: Member State fines, Commission fines for VLOPs and VLOSEs, 1% procedural fines, and 5% periodic penalty payments.
EU Digital Services Act requirements by service tier
Overview of DSA obligations for intermediary services, hosting providers, online platforms, marketplaces, VLOPs and VLOSEs, including notices, complaints, ads, transparency reports, audits, data access and enforcement.
EU Digital Services Act service types and scope
Classify DSA service scope across mere conduit, caching, hosting, online platforms, marketplaces, online search engines, and VLOP/VLOSE threshold duties.
EU DSA deadlines and compliance calendar: application dates, reporting cycles, and VLOP clocks
Calendar view of grounded EU Digital Services Act dates: full application, user-number publication, VLOP/VLOSE designation clocks, statements of reasons, and transparency reporting cycles.
EU DSA Transparency Calendar: reporting, SoR database, AMAR updates
Build a DSA transparency calendar for annual reports, statement-of-reasons database submissions, active-recipient updates, and VLOP/VLOSE audit touchpoints.
EU DSA vs UK Online Safety Act: scope, duties, regulator, and evidence
Compare the EU Digital Services Act and UK Online Safety Act for platform scope, risk assessments, child protection, transparency, regulators, enforcement, and owners.