The EU Digital Services Act: Are you ready to meet your reporting obligations?

The Digital Service Act (‘DSA’) aims to create a safer digital space and enhance accountability for intermediary services. Content moderation and reporting is of crucial importance to achieving this goal.

For the first time, all companies within the scope of the DSA are required to publish their transparency reports in 2025.

Although the Very Large Online Platforms (VLOPs) and Very Large Online Search Engines (VLOSEs) were already subject to the reporting obligations for the past two years, but no standard or best practice could be established, and the DSA left intermediary services in the dark on how to comply with the reporting obligation according to Article 15 of the DSA (‘Transparency Reporting’).

To address this uncertainty, the European Commission was called upon to draft an implementation regulation concerning the form, content and especially also the reporting period for the Transparency Reporting. Finally, the Implementation Regulation 2024/2835 (‘Transparency Reporting Regulation’) was published beginning of November outlining what companies are required to do.

This article explains the steps businesses need to take to ensure compliance with the obligations for Transparency Reporting and Statements of Reason under the Digital Services Act.

Get an Overview

The DSA applies to companies providing intermediary services which include mere conduit, caching, and hosting services as well as search engines. For hosting services, the DSA introduced the additional category of online platforms and of course special rules apply on VLOPs/VLOSEs. On the scope of the DSA and the type of services read more in our article here.

The obligations under the DSA increase depending on the type of business. A table of the obligations categorised according to the type of business can be found here.

Transparency Report

Providers of all types of intermediary services are required to publish Transparency Reports at least once a year. However, this obligation differs greatly for the various types of intermediary services with the goal of applying proportionate obligations to their societal impact. Therefore, the reporting obligations follow a staggered approach of increasing scrutiny when moving up the ladder of the criticality of the business types:

• Micro and small intermediary services are exempt from the reporting obligation;
• All other intermediary services are required to do a basic report according to Article 15 of the DSA;
• Some of the items listed in Article 15 only need to be reported only by hosting services or online platforms;
• In addition to the basic reporting obligations according to Article 15, online platforms are required to also include the information listed in Article 24 into their Transparency Report.
• Finally, VLOPs/VLOSEs have the strictest reporting obligation, and their Transparency Report needs to contain the information according to Article 42 of the DSA in addition to all of the above.

A table outlining the information required for the Transparency Reporting by type of intermediary service provider can be found here. Providers of intermediary services which aren’t very large need to report annually and VLOPs/VLOSEs need to do so biannually.

The formalities for the Transparency Reporting have finally been clarified by the Commission with the Transparency Reporting Regulation. The goal of the regulation is to ensure an adequate level of transparency and accountability, as well as to enable comprehensive and comparable reporting. For this purpose, the Transparency Reporting Regulation contains templates in Annex I and instructions on how to use these templates in Annex II. The use of the templates is obligatory from 1 July 2025.

Besides the form of the Transparency Reporting the Commission’s regulation also stipulates the deadlines for the reporting in Article 2. In principle, the reporting period for the annual reporting is the calendar year from 1 January to 31 December; however, as the DSA came in to force in February, there are two initial reporting cycles before the reporting period gets into the intended rhythm. These are as follows:

Transparency Reports shall be published latest two months after the end of the reporting period. Although this is not explicitly stated for the initial reporting cycles, the same needs to apply as it is nearly impossible to report right at the end of the reporting period without having the time to collect the necessary data.

This means that the deadline for the first reporting cycle is 16 April 2025. As a result, for the annual 2025 Transparency Report the templates aren’t yet obligatory and providers can still use a free format. In case an intermediary service has already published a Transparency Report for a different reporting cycle individual deadlines may apply to publish a report at least once a year.

Examples of Transparency Reports can be found on the Commission’s website, where the VLOPs’/VLOSEs’ reports are collected since 2023.

Statement of Reason and DSA Transparency Database

One of the core concepts of the DSA is the content moderation aimed at detecting, identifying and addressing illegal content or information.

If such content moderation leads to restrictions imposed on users (recipients of the service), providers of hosting services – including providers of online platforms and VLOPs/VLOSEs - are required to provide users with a Statement of Reason according to Article 17 of the DSA (‘SoR’) laying down the grounds upon which the content is considered illegal or incompatible.

In addition to the information provided to affected users, online platforms and VLOPs/VLOSEs are required to submit pseudonymised Statements of Reason also into the DSA Transparency Database, a central database operated by the Commission where all Statements of Reason are publicly available in a machine-readable format.

This table explains the obligations by intermediary type:

As of 20 January 2025, only 116 online platforms have registered to the DSA Transparency Database, a number which is expected to grow exponentially over the next couple of months. Nevertheless, these 116 online platforms submitted 9,442,819,847 Statements of Reason in the last six months, with the majority coming from Google, Facebook and TikTok.

Submitting Statements of Reason into DSA Transparency Database requires an onboarding with the Digital Service Coordinator. For EU online platforms this is the authority in their Member State and for non-EU online platforms it is the authority in the Member State where their legal representative is located.

For the onboarding process, providers of an online platforms can either register with EU survey or contact the Digital Service Coordinator directly (for more information see here). To run this onboarding process non-EU online platforms need in a first step to register their legal representative according to Article 13 of the DSA with the Digital Service Coordinator. For more information on appointing your DSA legal representative, see here.

The DSA Transparency Database provides two ways for submitting Statements of Reason, a webform to fill the data manually and an API connection for an automated reporting.

The webform is only an option for online platforms with a very low volume of Statements of Reason. Ideally, an online platform would reduce the manual work and automate the reporting process. However, automating the content moderation process and the reporting into the DSA Transparency Database is not trivial and requires competent legal and tech capabilities.

If you would like more information on your obligations under the DSA, get in touch. Our experts support businesses all around the globe to ensure compliance with EU data protection compliance.