DSA service-tier workflowEU

EU Digital Services Act Service Tier Classifier Workflow

Classify one digital service under the DSA by checking its technical function, public dissemination features, marketplace transaction model, EU recipient count, and any micro or small enterprise exception.

Use the output to assign the correct DSA obligation set for intermediary services, hosting services, online platforms, marketplaces, very large online platforms, and very large online search engines.

Back to main artifactReview sources
Author
Sorena AI
Published
May 9, 2026
Updated
May 9, 2026
Sections
6

Structured answer sets in this page tree.

Primary sources
7

Cited legal and guidance references.

Publication metadata
Sorena AI
Published May 9, 2026
Updated May 9, 2026
Overview

This workflow classifies a service, not a company. A provider can operate several DSA-relevant services at once, so run a separate record for each product surface, domain, app, marketplace, search function, hosting product, or user-content feature offered to recipients in the Union.

Section 1

Inputs for a defensible DSA tier record

Start with the product facts that decide the DSA tier. The core question is what the service technically does with information supplied by recipients of the service: transmit it, cache it, store it, disseminate it to the public, help consumers conclude distance contracts with traders, or let users search websites.

Keep the tier record separate from broader corporate compliance notes. The classification should identify the service, the EU countries targeted or reached, the recipient groups, the user-content path, the moderation path, and the evidence used for average monthly active recipients in the Union.

  • Service boundary: product name, URL or app surface, feature owner, countries where recipients in the Union can use it, and whether the provider is established in the Union or targets recipients there.
  • Technical function: mere conduit, caching, hosting, online search engine, or another service outside the DSA intermediary-service tiers.
  • User information flow: whether recipients provide information, whether the provider stores it at their request, and whether the service disseminates it to a potentially unlimited public.
  • Marketplace signal: whether consumers can conclude distance contracts with traders through the platform and whether trader onboarding, product listing, or service-offer flows exist.
  • Scale evidence: published average monthly active recipients in the Union, calculation period, counting method, exclusions, and the owner who can answer Commission or Digital Services Coordinator questions.
  • Enterprise-size evidence: whether a micro or small enterprise exception is being used for Article 15, Section 3 online-platform obligations, or Section 4 marketplace obligations, and whether VLOP status overrides it.
Sources for this answer
Regulation (EU) 2022/2065 (Digital Services Act)
Article 3 supplies the definitions used in the classifier, including intermediary service, hosting service, online platform, online search engine, recipient of the service, active recipient, trader, and distance contract.
European Commission - DSA guidance on publishing user numbers
Commission guidance explains that average monthly active recipients in the Union are relevant to Article 24(2), Article 33, and VLOP or VLOSE designation.
Section 2

Tier-by-tier classification tests

Apply the tests cumulatively. A hosting service can also be an online platform, and an online platform can also be a marketplace or a very large online platform. Record the highest applicable obligation tier, but do not drop the lower-tier obligations that still apply.

If a feature is minor, purely ancillary, and technically dependent on another principal service, document that analysis before excluding online-platform status. The DSA definition treats public dissemination as the trigger, but recognises a narrow ancillary-feature exclusion.

  • Intermediary service: classify as mere conduit, caching, or hosting only if the service fits one of the Article 3(g) technical functions.
  • Mere conduit: use this tier when the service transmits recipient-provided information in a communication network or provides access to such a network without initiating the transmission, selecting the receiver, or selecting or modifying the information.
  • Caching: use this tier when the service provides automatic, intermediate, temporary storage only to make onward transmission more efficient or secure.
  • Hosting: use this tier when the service stores information provided by, and at the request of, a recipient of the service. Cloud hosting, web hosting, file storage, content-sharing storage, and paid referencing can require this analysis.
  • Online platform: use this tier when the hosting service stores recipient-provided information and disseminates it to the public at the recipient's request, unless the public dissemination is only a minor and purely ancillary feature that cannot technically stand alone.
  • Online marketplace: add the marketplace layer when the online platform allows consumers to conclude distance contracts with traders. This points the record to trader traceability, compliance-by-design, and consumer information duties.
  • Online search engine: classify separately when users can submit queries to search, in principle, all websites or all websites in a language and receive results.
  • VLOP or VLOSE candidate: escalate when an online platform or online search engine has average monthly active recipients in the Union equal to or higher than 45 million, then track whether the Commission has adopted a designation decision.
Sources for this answer
Regulation (EU) 2022/2065 (Digital Services Act)
Article 3 defines the service categories and Article 33 sets the 45 million average-monthly-active-recipient threshold for VLOP and VLOSE designation.
European Commission - DSA Transparency Database Q&A
Commission Q&A distinguishes hosting services from online platforms and gives examples including cloud services, webhosting, marketplaces, app stores, and social networks.
European Commission - DSA VLOPs and VLOSEs
Commission overview confirms that services with over 45 million users per month in the EU face the most stringent DSA rules after designation.
Section 3

Micro and small enterprise exceptions to record

Do not treat size as a general DSA carve-out. Micro and small enterprise status narrows specific reporting or online-platform duties, while core intermediary-service duties such as contact points, terms and conditions, authority orders, and hosting notice-and-action rules can still matter depending on the tier.

The classifier should name the exact exception used and the section it affects. If a service is designated as a very large online platform, the DSA applies the relevant online-platform and marketplace sections despite micro or small enterprise status.

  • Article 15 transparency reports: the annual content-moderation reporting duty does not apply to intermediary-service providers that qualify as micro or small enterprises and are not VLOPs.
  • Online-platform Section 3: the section does not apply to micro or small online-platform providers, except Article 24(3), and it can continue to be excluded for 12 months after loss of status unless the provider is a VLOP.
  • Marketplace Section 4: the trader traceability, compliance-by-design, and illegal-product consumer-information section does not apply to micro or small marketplace providers, with the same 12-month post-loss rule unless the provider is a VLOP.
  • VLOP override: once the Commission designates an online platform as very large under Article 33, the online-platform and marketplace exceptions do not remove those duties.
  • Evidence to keep: SME status basis, group or undertaking analysis, date status was checked, date status was lost if applicable, VLOP designation check, and the obligation sections excluded or retained.
Sources for this answer
Regulation (EU) 2022/2065 (Digital Services Act)
Articles 15, 19, and 29 state the DSA micro and small enterprise exclusions and the VLOP override for online-platform and marketplace duties.
Digital Services Act: Questions and Answers
Commission FAQ summarises that small and micro enterprises are exempted from some more burdensome rules, while VLOPs and VLOSEs have additional obligations.
Section 4

EU recipient-count and VLOP or VLOSE escalation

For every online platform and online search engine, add a recipient-count annex to the tier record. Article 24(2) requires publication of average monthly active recipients in the Union, calculated over the past six months; Article 24(3) lets the Digital Services Coordinator of establishment or the Commission request updated information and substantiation.

A count at or above 45 million does not by itself complete VLOP or VLOSE classification. It creates a designation issue for the Commission. The workflow output should therefore separate three states: below threshold, threshold met or potentially met but not designated, and designated VLOP or VLOSE.

  • Count unit: active recipients of the online platform or active recipients of the online search engine, using the Article 3 definitions.
  • Geography: recipients in the Union, not global accounts, total registrations, downloads, or monthly visitors without EU filtering.
  • Period: average over the past six months for Article 24(2) publication and updated to the moment of a regulator request under Article 24(3).
  • Publication evidence: public URL or interface location where the count is published, publication date, calculation window, and whether the number is per service rather than per provider group.
  • Substantiation evidence: data tables, bot and duplicate-handling rules, logged-in and logged-out counting logic, sampling assumptions, and owner sign-off that no personal data is included in regulator submissions.
  • Escalation trigger: any count equal to or higher than 45 million, any Digital Services Coordinator or Commission question about methodology, any service acquisition or launch that changes EU reach, or any designation or termination decision from the Commission.
Sources for this answer
Regulation (EU) 2022/2065 (Digital Services Act)
Articles 24 and 33 define publication, regulator-request, threshold, designation, and termination mechanics for average monthly active recipients in the Union.
European Commission - DSA guidance on publishing user numbers
Commission guidance is the grounding source for practical questions about identifying and counting active recipients for Article 24(2) and Article 33.
European Commission - List of designated VLOPs and VLOSEs
Commission list is the public source to check whether a service has already been designated or had designation activity recorded.
Section 5

Obligation output matrix

The classifier is complete only when it names the operational outputs created by the tier. Keep the output matrix short enough for product, legal, trust and safety, marketplace operations, and data teams to maintain.

Use the matrix to avoid two common errors: treating hosting duties as if they apply only to social platforms, and applying marketplace trader duties to a platform that does not let consumers conclude distance contracts with traders.

  • All intermediary services: authority-order intake for illegal-content and information orders, electronic points of contact, legal representative analysis for non-EU providers offering services in the Union, terms-and-conditions disclosures, and Article 15 reporting unless a micro or small exception applies.
  • Hosting services: notice-and-action mechanism, notice receipt and decision notices, statement-of-reasons process for restrictions, and escalation for suspicions of criminal offences involving threats to life or safety.
  • Online platforms: internal complaint handling, out-of-court dispute settlement handling, trusted-flagger priority, misuse suspension policy, advertising transparency, recommender-system transparency, minors protections where accessible to minors, Article 24 reporting additions, Article 24(2) recipient-count publication, and Transparency Database submissions for statements of reasons.
  • Marketplaces: trader traceability intake, checks of trader information against official or reliable sources where available, secure trader-data retention and deletion after the contractual relationship, interface fields for trader and product or service information, random checks against official databases for illegal products or services, and consumer notices when illegal products or services are found.
  • VLOPs and VLOSEs: systemic risk assessment, risk mitigation, crisis response readiness, independent audit, compliance function, data access for Commission and vetted researchers, non-profiling recommender option where applicable, advertising repository, enhanced transparency reports, supervisory-fee tracking, and Commission-designation governance.
Sources for this answer
Regulation (EU) 2022/2065 (Digital Services Act)
The DSA regulation is the binding source for mapping obligations by tier across Chapter III Sections 1 to 5.
European Commission - DSA Transparency Database Q&A
Commission Q&A supports the statement-of-reasons and Transparency Database output for online platforms.
Implementing Regulation (EU) 2024/2835 on DSA transparency reporting templates
Implementing Regulation 2024/2835 supports using harmonised transparency-reporting templates as an output for providers subject to DSA reporting obligations.
Section 6

Governance and reassessment triggers

Assign one accountable owner for the classification record and separate owners for legal interpretation, product facts, marketplace operations, trust and safety controls, transparency reporting, data methodology, and regulator response. The record should be readable without knowing the internal project history.

Reopen the classifier whenever the service changes how it stores, displays, ranks, sells, searches, or moderates recipient-provided information, or when EU reach changes enough to affect the active-recipient count.

  • Product change triggers: launch of public profiles, comments, reviews, listings, creator uploads, app-store features, marketplace checkout, paid referencing, search, recommender systems, or advertising interfaces.
  • Scale triggers: crossing internal warning bands below 45 million EU active recipients, a six-month count update, a Commission or Digital Services Coordinator request, acquisition of a service with EU users, or rapid growth in a Member State.
  • Status triggers: loss of micro or small enterprise status, the end of the 12-month post-loss exception period, Commission VLOP or VLOSE designation, or Commission termination of designation after a one-year period below threshold.
  • Evidence pack: tier decision, source citations, feature screenshots, architecture notes, moderation workflow, terms extracts, notice and complaint queue owners, marketplace trader onboarding records, recipient-count workbook, methodology sign-off, and approval date.
  • Governance output: a dated tier label, obligation matrix, owner map, source list, open issues, next count-publication date, and the escalation path for regulator or authority requests.
Sources for this answer
Regulation (EU) 2022/2065 (Digital Services Act)
Articles 24 and 33 support reassessment triggers tied to recipient counts, designation, termination of designation, and regulator requests for substantiation.
European Commission - DSA VLOPs and VLOSEs
Commission overview supports governance for designated services, including the four-month compliance window, annual audits, data sharing, researcher access, and ad repositories.
Recommended next step

Classify the service before assigning DSA controls

Sorena can help turn the DSA tier record into an obligation matrix, source-linked evidence pack, EU recipient-count review, and owner map for product, trust and safety, legal, marketplace, and reporting teams.

Research workflow
Open Research Copilot for EU Digital Services Act

Ask source-linked questions about DSA service tiers, EU recipient counts, marketplace duties, micro and small exceptions, and VLOP or VLOSE designation.

Explore next step
Talk to Sorena
Talk through implementation

Review one service boundary, its DSA classification, evidence gaps, and obligation outputs with Sorena.

Explore next step
Primary sources

References and citations

Digital Services Act: Questions and Answers
digital-strategy.ec.europa.eu
Referenced sections
  • Commission FAQ summarises that small and micro enterprises are exempted from some more burdensome rules, while VLOPs and VLOSEs have additional obligations.
"exempted from some rules"
European Commission - DSA guidance on publishing user numbers
digital-strategy.ec.europa.eu
Referenced sections
  • Commission guidance is the grounding source for practical questions about identifying and counting active recipients for Article 24(2) and Article 33.
"identification and counting of active recipients"
European Commission - DSA Transparency Database Q&A
digital-strategy.ec.europa.eu
Referenced sections
  • Commission Q&A supports the statement-of-reasons and Transparency Database output for online platforms.
"Article 24 (5) of the DSA requires providers of online platforms"
European Commission - DSA VLOPs and VLOSEs
digital-strategy.ec.europa.eu
Referenced sections
  • Commission overview supports governance for designated services, including the four-month compliance window, annual audits, data sharing, researcher access, and ad repositories.
"has 4 months to comply with the DSA"
Regulation (EU) 2022/2065 (Digital Services Act)
eur-lex.europa.eu
Referenced sections
  • Articles 24 and 33 support reassessment triggers tied to recipient counts, designation, termination of designation, and regulator requests for substantiation.
"provide additional information as regards the calculation"
Related guides

Explore more topics

DSA Ads and Recommender Systems: transparency duties, user choice, and evidence
A grounded DSA guide to ad labels, targeting restrictions, recommender parameter disclosure, non-profiling options for VLOPs and VLOSEs, ad repositories, and compliance evidence.
DSA Applicability Test: classify intermediary services, platforms, marketplaces, VLOPs and VLOSEs
A source-grounded EU Digital Services Act applicability test for classifying intermediary services, hosting services, online platforms, marketplaces, VLOPs and VLOSEs.
DSA Article 28 minors protection guide for online platforms
EU Digital Services Act guide to Article 28 minors protection: platform scope, child-safety measures, targeted ads limits, recommender controls, and grounded evidence.
DSA average monthly active recipients: what platforms must publish
A grounded FAQ on average monthly active recipients under the EU Digital Services Act, including publication, EU recipient scope, the 45 million VLOP/VLOSE threshold, and evidence records.
DSA Complaint and Dispute Workflows for Online Platforms
Build DSA complaint, appeal, statement-of-reasons, and out-of-court dispute workflows for online platform moderation decisions.
DSA crisis response for VLOPs and VLOSEs
EU Digital Services Act crisis response guide for VLOPs and VLOSEs: Article 36 Commission decisions, Article 48 crisis protocols, mitigation, governance, requests for information, and records.
DSA Dark Patterns: interface design checks for online platforms
Article 25 DSA guidance for reviewing online platform interfaces for deceptive, manipulative, or choice-distorting design patterns.
DSA Enforcement and Penalties in the EU
How Digital Services Act enforcement works: Commission and Digital Services Coordinator roles, VLOP and VLOSE investigations, fines, periodic penalty payments, and evidence readiness.
DSA illegal content notices: what must be included?
A grounded FAQ on EU Digital Services Act illegal-content notices: Article 16 notice elements, acknowledgement, decision notices, trusted flagger priority, statements of reasons, and records.
DSA Marketplace Trader Traceability FAQ
Answer to what EU Digital Services Act Article 30 requires online marketplaces to collect, verify, display, retain, and evidence for trader traceability.
DSA Marketplace Trader Traceability Guide
EU Digital Services Act guide for online marketplaces collecting, checking, displaying, storing, and evidencing trader traceability information.
DSA notice and action plus statements of reasons guide
A grounded Digital Services Act guide for notice intake, moderation decisions, statements of reasons, DSA Transparency Database submission, complaints, appeals, trusted flaggers, and records.
DSA Notice and Action Workflow for Hosting Services and Online Platforms
A grounded DSA notice-and-action workflow covering notice intake, completeness checks, trusted flaggers, decisions, user communications, statements of reasons, appeals, and records.
DSA recommender transparency FAQ: Article 27 and VLOP options
What EU Digital Services Act recommender transparency requires: main parameters, user options, VLOP/VLOSE non-profiling choices, and evidence to keep.
DSA researcher data access for VLOPs and VLOSEs
Article 40 DSA guide to vetted researcher data access for VLOPs and VLOSEs: DSC requests, eligibility checks, amendment grounds, confidentiality, security, and evidence records.
DSA statement of reasons FAQ
When DSA statements of reasons are required, what they must contain, when online platforms submit them to the DSA Transparency Database, and what appeal records to keep.
DSA statement of reasons log workflow for online platforms
Build a DSA statement of reasons log for moderation decisions, Transparency Database submission, complaint links, retention, and QA controls.
DSA transparency report template fields and cadence
A source-grounded template outline for Digital Services Act transparency reports, covering applicable service tiers, reporting periods, CSV/XLSX format, retention, statement-of-reasons links, and required evidence tables.
DSA Transparency Reporting Obligations by Provider Tier
A grounded guide to EU Digital Services Act transparency reports, active-recipient publication, statements-of-reasons submissions, VLOP/VLOSE reports, templates, cadence, and evidence.
DSA VLOP and VLOSE Risk Assessments and Mitigation Guide
Grounded guide to Digital Services Act systemic risk assessments, mitigation measures, audits, transparency reports, data access, and governance evidence for VLOPs and VLOSEs.
DSA VLOP Audit Pack Workflow: Risk, Mitigation, Audit, and Transparency Records
Build a DSA VLOP or VLOSE audit pack covering Article 34 risk assessments, Article 35 mitigations, independent-audit evidence, transparency reports, data access, and compliance governance.
DSA VLOP Risk Assessment FAQ: Article 34, Mitigation, Audits
What VLOPs and VLOSEs must assess under the EU Digital Services Act, when to reassess, how Article 35 mitigation and annual audit evidence fit together, and what records to keep.
DSA vs DMA Platform Rules
Compare the EU Digital Services Act and Digital Markets Act by scope, designation thresholds, obligations, enforcement, evidence, and practical team ownership.
DSA vs GDPR: online-platform governance and personal-data obligations
Compare the EU Digital Services Act and EU GDPR by scope, ads, recommenders, minors, transparency, complaints, enforcement, and evidence.
DSA vs P2B Regulation: EU platform obligations compared
Compare the EU Digital Services Act with the Platform-to-Business Regulation for platform scope, business-user terms, content moderation, ranking transparency, complaints, enforcement, and evidence.
DSA vs Terrorist Content Online Regulation: notice-and-action vs removal orders
Compare DSA content-governance duties with the EU Terrorist Content Online Regulation removal-order workflow for scope, timing, evidence, authorities, and team ownership.
EU Digital Services Act checklist for platforms and hosting services
A grounded DSA checklist for classifying service tiers, notice-and-action, statements of reasons, complaints, transparency reports, ads, recommenders, trader traceability, VLOP/VLOSE duties, and evidence records.
EU Digital Services Act Compliance Guide
DSA compliance guide for intermediary services, hosting providers, online platforms, marketplaces, and VLOP/VLOSE teams: obligations, controls, and evidence to keep.
EU Digital Services Act FAQ: DSA scope, platform duties, VLOPs, reports, and penalties
Concise EU Digital Services Act FAQ covering intermediary-service scope, active-recipient thresholds, illegal-content notices, statements of reasons, trader traceability, recommender transparency, systemic-risk duties, reporting, penalties, and complaints.
EU Digital Services Act penalties and fines: caps and enforcement roles
DSA penalty caps and enforcement roles: Member State fines, Commission fines for VLOPs and VLOSEs, 1% procedural fines, and 5% periodic penalty payments.
EU Digital Services Act requirements by service tier
Overview of DSA obligations for intermediary services, hosting providers, online platforms, marketplaces, VLOPs and VLOSEs, including notices, complaints, ads, transparency reports, audits, data access and enforcement.
EU Digital Services Act service types and scope
Classify DSA service scope across mere conduit, caching, hosting, online platforms, marketplaces, online search engines, and VLOP/VLOSE threshold duties.
EU DSA deadlines and compliance calendar: application dates, reporting cycles, and VLOP clocks
Calendar view of grounded EU Digital Services Act dates: full application, user-number publication, VLOP/VLOSE designation clocks, statements of reasons, and transparency reporting cycles.
EU DSA Transparency Calendar: reporting, SoR database, AMAR updates
Build a DSA transparency calendar for annual reports, statement-of-reasons database submissions, active-recipient updates, and VLOP/VLOSE audit touchpoints.
EU DSA vs UK Online Safety Act: scope, duties, regulator, and evidence
Compare the EU Digital Services Act and UK Online Safety Act for platform scope, risk assessments, child protection, transparency, regulators, enforcement, and owners.