Enforcement GuideEU

EU Digital Services Act (DSA) Penalties & Fines

What DSA penalties look like in practice - and what evidence reduces exposure.

Covers Member State penalties (Article 52) and Commission fines for VLOPs/VLOSEs (Article 74).

Back to main artifactReview sources
Author
Sorena AI
Published
Feb 21, 2026
Updated
Feb 21, 2026
Sections
4

Structured answer sets in this page tree.

Primary sources
3

Cited legal and guidance references.

Publication metadata
Sorena AI
Published Feb 21, 2026
Updated Feb 21, 2026
Overview

DSA penalties are structured as a deterrence model: Member States must set effective, proportionate and dissuasive penalties for infringements within their competence (Article 52), and the Commission can impose fines on VLOPs/VLOSEs under its supervision (Article 74). This page explains the penalty ceilings and the practical controls that reduce enforcement exposure.

Section 1

Member State penalties (Article 52): the baseline penalty framework

Article 52 requires Member States to lay down penalty rules and ensure they are implemented.

The DSA sets maximum ceilings for certain penalty categories.

  • Penalty standard: penalties must be effective, proportionate and dissuasive; Member States notify the Commission of rules and amendments (Article 52(1)-(2)).
  • Max fine for failure to comply with an obligation under the DSA: up to 6% of annual worldwide turnover of the provider in the preceding financial year (Article 52(3)).
  • Max fine for incorrect/incomplete/misleading information, failure to reply/rectify, and failure to submit to an inspection: up to 1% of annual income or worldwide turnover (Article 52(3)).
  • Periodic penalty payments: maximum up to 5% of average daily worldwide turnover or income per day (Article 52(4)).
Recommended next step

Use EU Digital Services Act (DSA) Penalties & Fines as a cited research workflow

Research Copilot can take EU Digital Services Act (DSA) Penalties & Fines from understanding exposure and enforcement with cited answers to a reusable workflow inside Sorena. Teams working on EU Digital Services Act (DSA) can keep owners, evidence, and next steps aligned without copying this guide into separate documents.

Research workflow
Open Research Copilot for EU Digital Services Act (DSA) Penalties & Fines

Start from EU Digital Services Act (DSA) Penalties & Fines and answer scope, timing, and interpretation questions with cited outputs.

Explore next step
Talk to Sorena
Talk through EU Digital Services Act (DSA)

Review your current process, evidence gaps, and next steps for EU Digital Services Act (DSA) Penalties & Fines.

Explore next step
Section 2

Commission fines for VLOPs/VLOSEs (Article 74): additional exposure after designation

For designated very large online platforms and very large online search engines, the DSA provides a Commission fining regime tied to non-compliance decisions and procedural infringements.

This exposure is separate from, and in addition to, Member State penalties depending on the enforcement track.

  • Non-compliance fines: up to 6% of total worldwide annual turnover in the preceding financial year for relevant infringements and failures to comply with certain Commission decisions (Article 74(1)).
  • Procedural fines: up to 1% of total annual income or worldwide turnover for supplying incorrect/misleading information, failure to reply, failure to rectify, refusing inspections, and related procedural breaches (Article 74(2)).
  • Penalty sizing factors: nature, gravity, duration and recurrence (Article 74(4)).
  • Procedural exposure matters in practice: incorrect, incomplete, or misleading answers to Commission requests for information or inspection questions can independently support fines under Article 74(2).
Section 3

What triggers penalties in practice (operational root causes)

Penalties are often the endpoint of operational failures: missing workflows, inconsistent enforcement, broken reporting, or inability to respond to information requests.

The best mitigation is a compliance system that can prove it is working.

  • Missing or non-functional notice & action (Article 16) and statement-of-reasons workflows (Article 17).
  • Transparency reporting failures or inability to reproduce metrics (Articles 15/24/42).
  • AMAR publication failures (Article 24(2)) or inability to substantiate AMAR on request (Article 24(3)).
  • Marketplace onboarding gaps: incomplete trader traceability and failure to suspend non-compliant traders (Article 30).
  • VLOP systemic-risk program failures: missing risk assessment, mitigation, audit and publication packs (Articles 34-37, 42).
  • Broken investigation response processes: no preserved data extract, no review of RFI answers, or no correction path for incomplete inspection answers.
Section 4

Penalty risk reduction: controls that matter most

To reduce penalty exposure, focus on controls that reduce harm and increase explainability and reproducibility.

These controls also make audits cheaper and faster.

  • Structured decision logs: a statement-of-reasons object for each restriction (Article 17) with grounds, facts, automation use and redress links.
  • Transparency pipeline: metric dictionary + reproducible datasets + QA checks + sign-off for each reporting period.
  • Governance: clear owners for moderation ops, reporting, ads/recommenders, marketplace onboarding, and VLOP risk/audit workstreams.
  • Incident readiness: broken workflows and data quality regressions should be treated as compliance incidents with severity and timelines.
  • Evidence retention: archive policies, templates, logs, and published reports for fast regulatory responses.
  • Response governance: keep a written regulator-response playbook for RFIs, inspections, and corrections under the Commission proceedings rules.
Primary sources

References and citations

Related guides

Explore more topics

DSA Ads & Recommender Systems | Article 26, 27, 38 & 39 Compliance
A deep compliance guide for DSA advertising and recommender system obligations: ad transparency (Article 26), recommender system transparency (Article 27).
DSA Applicability Test | Is the EU Digital Services Act Applicable to You?
A step-by-step applicability test for the EU Digital Services Act (DSA, Regulation (EU) 2022/2065): EU offering triggers.
DSA Enforcement & Investigations | DSCs, Commission Powers, Audits & Procedures
A practical guide to DSA enforcement (Regulation (EU) 2022/2065): how Digital Services Coordinators (DSCs) supervise services.
DSA Notice & Action Workflow | Article 16 Requirements + Templates
A deep implementation guide for DSA notice & action (Regulation (EU) 2022/2065, Article 16): intake design, required notice elements.
DSA Transparency Report Template | Article 15 + Article 24 + VLOP Article 42
Copy and paste ready DSA transparency report template aligned to Regulation (EU) 2022/2065 and Implementing Regulation (EU) 2024/2835.
DSA Transparency Reporting | Articles 15, 24 & 42 Reporting Requirements
A practical guide to EU Digital Services Act transparency reporting: what to publish for Article 15, what to add for Article 24.
DSA vs DMA | Digital Services Act vs Digital Markets Act (What's the Difference?)
A practical comparison of the EU Digital Services Act (DSA, Regulation (EU) 2022/2065) and the EU Digital Markets Act (DMA.
DSA vs UK Online Safety Act | EU vs UK Online Safety Compliance
A practical comparison of the EU Digital Services Act (DSA, Regulation (EU) 2022/2065) and the UK Online Safety Act: scope (EU recipients vs UK users).
EU Digital Services Act (DSA) Requirements | Obligations by Service Type & Tier
A practical breakdown of DSA requirements (Regulation (EU) 2022/2065): obligations for intermediary services, hosting services, online platforms.
EU DSA Checklist | Digital Services Act Compliance Checklist (Audit-Ready)
An audit-ready EU Digital Services Act (DSA) compliance checklist for Regulation (EU) 2022/2065: scope memo, terms transparency.
EU DSA Compliance Guide | Digital Services Act Implementation Playbook
A practical EU Digital Services Act (DSA) compliance guide for Regulation (EU) 2022/2065: scope memo and tiering.
EU DSA Deadlines & Compliance Calendar | Key Dates, Cadence and Milestones
A DSA compliance calendar for Regulation (EU) 2022/2065: entry into force, general applicability, Digital Services Coordinator designation, Article 15, 24.
EU DSA FAQ | Digital Services Act Questions & Answers (Practical)
Practical answers to the most searched EU Digital Services Act (DSA) questions: who is in scope, what "hosting" and "online platform" mean.
EU DSA Service Types & Scope | Hosting vs Platform vs Marketplace
How to classify your service under the EU Digital Services Act (DSA, Regulation (EU) 2022/2065): intermediary service types (mere conduit, caching, hosting).
VLOP/VLOSE Systemic Risk Assessment (DSA) | Articles 34-36 + Mitigation
A deep guide to DSA systemic risk management for VLOPs/VLOSEs: how to run the Article 34 systemic risk assessment (risk categories, frequency.