Artifact GuideEU

EU Digital Services Act (DSA) Service Types & Scope

A defensible way to classify your service type and tier under Regulation (EU) 2022/2065.

Use this page to produce a scope memo that product, legal, security and trust & safety can all execute against.

Back to main artifactReview sources
Author
Sorena AI
Published
Feb 21, 2026
Updated
Feb 21, 2026
Sections
8

Structured answer sets in this page tree.

Primary sources
3

Cited legal and guidance references.

Publication metadata
Sorena AI
Published Feb 21, 2026
Updated Feb 21, 2026
Overview

DSA compliance starts with classification: what service type(s) you provide (intermediary services, hosting, online platform, online marketplace, online search engine) and whether you are in-scope for EU recipients. This page helps you turn "we think we're a platform" into a written scope decision you can defend and maintain as your product evolves.

Section 1

What DSA scope means in practice (why teams get it wrong)

The DSA is structured as a layered obligation model: baseline obligations for intermediary services, extra obligations for hosting services, additional obligations for online platforms, special rules for online marketplaces, and the highest tier for VLOPs/VLOSEs.

Misclassification creates two failure modes: (1) missing obligations you actually need to ship, or (2) building unnecessary controls that slow down your roadmap.

  • Treat scope as a living artifact: update it when features change (UGC, ranking, ads, trading, search, messaging).
  • If you operate multiple services, classify each service separately (DSA duties can attach per service).
  • Keep a written scope memo: service facts -> classification -> obligations -> owners -> evidence.
Recommended next step

Use EU Digital Services Act (DSA) Service Types & Scope as a cited research workflow

Research Copilot can take EU Digital Services Act (DSA) Service Types & Scope from clarifying scope and applicability with cited answers to a reusable workflow inside Sorena. Teams working on EU Digital Services Act (DSA) can keep owners, evidence, and next steps aligned without copying this guide into separate documents.

Research workflow
Open Research Copilot for EU Digital Services Act (DSA) Service Types & Scope

Start from EU Digital Services Act (DSA) Service Types & Scope and answer scope, timing, and interpretation questions with cited outputs.

Explore next step
Talk to Sorena
Talk through EU Digital Services Act (DSA)

Review your current process, evidence gaps, and next steps for EU Digital Services Act (DSA) Service Types & Scope.

Explore next step
Section 2

Step 1 - Are you a provider of intermediary services (baseline DSA layer)?

The DSA applies to providers of intermediary services, including where you transmit, cache, or host information provided by recipients of the service.

If your system stores information "at the request of a user" and makes it available to others, you are typically in hosting territory and will inherit notice & action duties.

  • Mere conduit: you transmit information without selecting or modifying it (common in access/network transit).
  • Caching: you store data for efficiency/performance (common in CDNs).
  • Hosting: you store information provided by a user/recipient at their request (UGC, listings, repositories, comments, file hosting).
Section 3

Step 2 - Hosting vs online platform (the "public distribution" trigger)

The step from hosting -> online platform is the biggest obligation jump for product teams: it adds user redress duties, interface integrity obligations, and stricter transparency requirements.

In practice, "online platform" often maps to user-to-user distribution: recipients provide information that is disseminated to the public (or at least to other users) at their request.

  • If users can post and other users can consume: expect platform duties to be relevant.
  • If your service only hosts private content for one user (e.g., personal storage with no distribution): platform triggers may not apply, but hosting duties still can.
  • Write down the dissemination surface: public pages, group access, search/indexing, recommendations, embeds, API feeds.
Section 4

Step 3 - Online marketplace rules (distance contracts with traders)

If your online platform allows consumers to conclude distance contracts with traders, the DSA adds a dedicated obligation set for trader traceability and marketplace-by-design requirements.

This layer is about preventing illegal goods/services and enabling consumer redress by requiring trader identity information, best-effort verification, and consumer notifications when illegal products/services are discovered.

  • Trader traceability (Article 30): collect trader identity/contact info, trade register identifiers, payment account details, and self-certification of EU law compliance; make best efforts to assess reliability.
  • Compliance by design (Article 31): ensure your interface lets traders provide required product safety/compliance information.
  • Right to information (Article 32): notify consumers when illegal products/services were sold and provide redress information (within the defined lookback window).
Section 5

Step 4 - Online search engine scope

Search engines have DSA obligations, including transparency duties and VLOSE systemic-risk obligations when designated.

If you provide search across the web or across a large corpus and rank results for recipients, treat scope conservatively and document your rationale.

  • Define the searchable corpus: web-wide vs vertical vs internal catalog vs enterprise/private search.
  • Document ranking and recommender behavior: algorithmic parameters, user controls, and ads placement.
  • If you publish average monthly active recipients, keep calculation methodology defensible (Article 24).
Section 6

Step 5 - EU offering triggers + operational setup (points of contact, legal rep)

Scope is not just product taxonomy. The DSA contains operational requirements that affect how you run the service in the EU.

At minimum, plan for points of contact and (where applicable) a legal representative in the Union.

  • Single point of contact for recipients (Article 12): user-friendly electronic communications that do not rely solely on automated tools.
  • Legal representative (Article 13): if you're not established in the Union but offer services in the Union, designate a representative and publish contact details.
  • Terms and conditions transparency (Article 14): content moderation policies, procedures, and tools must be clearly described and machine-readable.
Section 7

Micro/small enterprise exclusions (what you still must do)

The DSA includes exclusions for micro and small enterprises for certain reporting and marketplace sections, but the exclusions are not universal and have exceptions (notably for VLOPs).

Treat this as a legal determination with a documented basis (Recommendation 2003/361/EC thresholds and group/affiliate structure).

  • Transparency reporting baseline excludes micro/small enterprises unless they are VLOPs/VLOSEs (Article 15(2)).
  • Marketplace Section 4 excludes micro/small enterprises, with a 12-month transition after losing status and an override for VLOPs (Article 29).
  • Even with exclusions: document scope, maintain points of contact/terms transparency, and implement safe notice handling where hosting is involved.
Section 8

Scope memo checklist (evidence pack you can reuse across audits)

A strong scope memo makes later implementation work cheaper. It lets you map obligations to owners and prevents "scope drift" from becoming an enforcement surprise.

Use this checklist to produce a scope memo that's useful for product, legal, security and operations.

  • Service inventory: list each service and its key features (UGC, ads, ranking, trading, messaging, search).
  • Classification decision: hosting/platform/marketplace/search; write the rationale and counterarguments.
  • Tier decision: whether you may meet VLOP/VLOSE thresholds; record your AMAR calculation approach (Article 24).
  • Obligation map: link to your internal checklist and owners by workstream (moderation, user redress, transparency reports, marketplace compliance).
  • Change triggers: define what product changes require reclassification and who owns the update.
Primary sources

References and citations

Related guides

Explore more topics

DSA Ads & Recommender Systems | Article 26, 27, 38 & 39 Compliance
A deep compliance guide for DSA advertising and recommender system obligations: ad transparency (Article 26), recommender system transparency (Article 27).
DSA Applicability Test | Is the EU Digital Services Act Applicable to You?
A step-by-step applicability test for the EU Digital Services Act (DSA, Regulation (EU) 2022/2065): EU offering triggers.
DSA Enforcement & Investigations | DSCs, Commission Powers, Audits & Procedures
A practical guide to DSA enforcement (Regulation (EU) 2022/2065): how Digital Services Coordinators (DSCs) supervise services.
DSA Notice & Action Workflow | Article 16 Requirements + Templates
A deep implementation guide for DSA notice & action (Regulation (EU) 2022/2065, Article 16): intake design, required notice elements.
DSA Penalties & Fines | Digital Services Act Enforcement Exposure (6% / 1% / 5%)
How DSA penalties work under Regulation (EU) 2022/2065.
DSA Transparency Report Template | Article 15 + Article 24 + VLOP Article 42
Copy and paste ready DSA transparency report template aligned to Regulation (EU) 2022/2065 and Implementing Regulation (EU) 2024/2835.
DSA Transparency Reporting | Articles 15, 24 & 42 Reporting Requirements
A practical guide to EU Digital Services Act transparency reporting: what to publish for Article 15, what to add for Article 24.
DSA vs DMA | Digital Services Act vs Digital Markets Act (What's the Difference?)
A practical comparison of the EU Digital Services Act (DSA, Regulation (EU) 2022/2065) and the EU Digital Markets Act (DMA.
DSA vs UK Online Safety Act | EU vs UK Online Safety Compliance
A practical comparison of the EU Digital Services Act (DSA, Regulation (EU) 2022/2065) and the UK Online Safety Act: scope (EU recipients vs UK users).
EU Digital Services Act (DSA) Requirements | Obligations by Service Type & Tier
A practical breakdown of DSA requirements (Regulation (EU) 2022/2065): obligations for intermediary services, hosting services, online platforms.
EU DSA Checklist | Digital Services Act Compliance Checklist (Audit-Ready)
An audit-ready EU Digital Services Act (DSA) compliance checklist for Regulation (EU) 2022/2065: scope memo, terms transparency.
EU DSA Compliance Guide | Digital Services Act Implementation Playbook
A practical EU Digital Services Act (DSA) compliance guide for Regulation (EU) 2022/2065: scope memo and tiering.
EU DSA Deadlines & Compliance Calendar | Key Dates, Cadence and Milestones
A DSA compliance calendar for Regulation (EU) 2022/2065: entry into force, general applicability, Digital Services Coordinator designation, Article 15, 24.
EU DSA FAQ | Digital Services Act Questions & Answers (Practical)
Practical answers to the most searched EU Digital Services Act (DSA) questions: who is in scope, what "hosting" and "online platform" mean.
VLOP/VLOSE Systemic Risk Assessment (DSA) | Articles 34-36 + Mitigation
A deep guide to DSA systemic risk management for VLOPs/VLOSEs: how to run the Article 34 systemic risk assessment (risk categories, frequency.