The EU Digital Services Act aims to create a safer digital space and enhance accountability of intermediary services. Content moderation and reporting is of crucial importance to achieving this goal. For the first time, in 2025 all companies within the scope of the DSA are required to publish transparency reports.
Although the very large online platforms and very large online search engines designated under the DSA have already been subject to the reporting obligations for the past two years, no standard or best practice has been established, and the DSA has left intermediary services in the dark on how to comply with its transparency reporting obligations in Article 15.
To address this uncertainty, the European Commission published in November 2024 the transparency reporting implementing regulation concerning the form, content and reporting period for transparency reporting requirements and outlining what companies are required to do.
What steps do businesses need to take to ensure compliance with obligations for transparency reporting and statements of reason under the DSA?
Overview
The DSA applies to companies providing intermediary services, which include mere conduit, caching and hosting services, as well as search engines. For hosting services, the DSA introduced the additional category of online platforms and, of course, special rules applying to VLOPs and VLOSEs.
The differentiation by the type of business aims to apply proportionate obligations according to the provider's societal impact. This results in a complicated structure of the DSA's material scope and of the applicability of the various obligations. Some of these obligations are related to reporting.
Transparency report
Providers of all types of intermediary services are required to publish transparency reports at least once a year. However, this obligation differs greatly for the various types of intermediary services with the goal of applying proportionate obligations to their societal impact.
Therefore, the reporting obligations follow a staggered approach of increasing scrutiny when moving up the ladder of the criticality of the business types:
Micro and small intermediary services are exempt from the reporting obligation. All other intermediary services are required to do a basic report according to Article 15 containing the number of orders received from authorities and complaints received through the internal complaint-handling system, as well as information on the content moderation and automated tools used for it.
Some of the items listed in Article 15 only need to be reported by hosting services or online platforms. These are related to the notice and action mechanism.
In addition to the basic reporting obligations under Article 15, online platforms are required to also include the information listed in Article 24 in their transparency report, which includes the number of disputes submitted to out-of-court dispute settlement bodies and suspension due to misuse.
Finally, VLOPs and VLOSEs have the strictest reporting obligation. In addition to the other stated requirements, their transparency report must contain — according to Article 42 — information on the language capabilities of the provider.
Providers of intermediary services which aren't very large need to report annually, while VLOPs and VLOSEs are required to do so biannually.
The commission clarified the formalities for transparency reporting with the implementing regulation, which aims to ensure an adequate level of transparency and accountability, as well as to enable comprehensive and comparable reporting. The implementing regulation includes quantitative and qualitative templates which much be used starting 1 July 2025, as well as instructions on how to use the templates.
The implementing regulation, in Article 2, also stipulates reporting deadlines. In principle, the reporting period for annual reports is from 1 Jan. to 31 Dec. However, as the DSA came in to force in February 2024, there are two initial reporting cycles before the reporting period reaches its intended rhythm.
They are:
- Reporting cycle 1: 17 Feb 2024 – 16 Feb 2025
- Reporting cycle 2: 17 Feb 2025 – 31 Dec 2025
- Reporting cycle 3: 1 Jan 2026 – 31 Dec 2026
Transparency reports must be published no later than two months after the end of the reporting period. Although this is not explicitly stated for the initial reporting cycles, the deadline must apply as it is nearly impossible to report right at the end of the reporting period without time to collect the necessary data.
This means the deadline for thefirst reporting cycle is 16 April 2025.
As a result, the templates aren't yet required for the annual 2025 transparency report and providers can still use a free format. In case an intermediary service has already published a transparency report for a different reporting cycle, individual deadlines may apply to publish a report at least once a year.
The commission has published transparency reports by VLOPs and VLOSEs since 2023.
Statement of reason and DSA transparency database
One of the DSA's core concepts is content moderation aimed at detecting, identifying and addressing illegal content or information.
If such content moderation leads to restrictions imposed on users, or recipients of the service, providers of hosting services — including providers of online platforms and VLOPs and VLOSEs — are required to provide a statement of reason, under Article 17, stating the grounds upon which the content is considered illegal or incompatible.
In addition to the information provided to affected users, online platforms and VLOPs and VLOSEs are required to submit a pseudonymized statement of reasons to the DSA Transparency Database, the commission's central database where all statement of reasons are publicly available in a machine-readable format.
As of 20 Jan. 2025, only 116 online platforms have registered to the DSA Transparency Database. That number is expected to grow exponentially over the coming months. Nevertheless, these 116 online platforms submitted 9,442,819,847 statements of reason in the last six months — the majority coming from Google, Facebook and TikTok.
Submitting statements of reason to the DSA Transparency Database requires an onboarding with the digital services coordinator, an individual designated by each member state who is responsible for DSA application and enforcement in that country. For online platforms in the EU, this is the authority in their member state, and for those not based in the EU it is the authority in the member state where their legal representative is located.
For the onboarding process, providers of online platforms can either register with EU survey or contact the digital services coordinator directly. To complete the onboarding process, non-EU online platforms must first designate and register a legal representative located within the EU, according to Article 13, with the digital services coordinator.
The DSA Transparency Database provides two ways for submitting statements of reason, a webform to fill the data manually and an API connection for an automated reporting.
The webform is only an option for online platforms with a very low volume of statements of reason. Ideally, an online platform would reduce the manual work and automate the reporting process. However, automating the content moderation process and reporting to the DSA Transparency Database is not trivial and requires competent legal and tech capabilities.
The adoption of these reporting obligations by European and international providers is still very low. It remains to be seen if the approaching transparency report deadline, combined with the potential for exorbitant fines — capped at 6% of a company's annual worldwide turnover — will change the wait-and-see approach of many businesses.
Andreas Mätzler, CIPP/E, CIPM, FIP, is a partner and Katharina Jokic is a privacy professional at Prighter.
