Chapter 3|Additional Obligations for Very Large Platforms|📖 10 min read
Each Member State shall designate one or more competent authorities as responsible for the supervision of providers of intermediary services and the enforcement of this Regulation (competent authorities).
Member States shall designate one of the competent authorities as their Digital Services Coordinator. The Digital Services Coordinator shall be responsible for all matters relating to supervision and enforcement of this Regulation in that Member State, unless the Member State concerned has assigned certain specific tasks or sectors to other competent authorities. In such cases, the Member State shall ensure that the tasks and areas of competence of those authorities are clearly defined and that they cooperate closely and effectively with each other when performing their tasks.
Member States shall make publicly available, and communicate to the Commission and the Board, the name of the Digital Services Coordinator and of other competent authorities and their respective tasks and competences.
Understanding This Article
Article 44 addresses a fundamental challenge in platform regulation: the DSA creates numerous obligations requiring technical implementation (reporting mechanisms, user interfaces, APIs, auditing processes, data repositories), but without technical standards specifying how these should be implemented, each platform would develop proprietary solutions creating fragmentation, incompatibility, and inefficiency. Article 44 directs the Commission to support development of voluntary technical standards by European and international standardization bodies covering key DSA compliance areas, enabling standardized approaches reducing costs, facilitating interoperability, and creating ecosystem benefits.
The Commission's role (paragraph 1) involves three activities: (1) Consult the Board: Before supporting standard development, Commission must consult European Board for Digital Services ensuring standards align with regulatory needs, reflect Member State perspectives, and address practical implementation challenges DSCs identify. (2) Support standards development: Commission financially and technically supports standardization bodies (CEN, CENELEC, ETSI at European level; ISO, IEC at international level) developing DSA-relevant standards. Support includes: funding standardization work, seconding experts, commissioning technical studies, coordinating stakeholder input. (3) Promote implementation: Commission encourages platform adoption of developed standards through: publishing standards guidance, referencing standards in implementing acts, highlighting adoption in compliance assessments, facilitating industry coordination.
Seven specific standardization areas identified (paragraph 1 list) address core DSA compliance needs: (a) Electronic submission of notices under Article 16: Standardized formats, protocols, and APIs for submitting illegal content reports enabling automated notice processing, consistent data collection, cross-platform notice routing. Without standards, each platform's notice mechanism differs requiring custom integration, manual processes. Standards enable: third-party reporting tools submitting notices to multiple platforms simultaneously, automated notice validation, data aggregation for transparency reporting, integration with regulatory monitoring systems. (b) Templates, design, and process standards for communicating with recipients about restrictions: User-friendly communication standards for content removal notices, suspension explanations, appeals processes ensuring clarity, comprehensibility, consistency across platforms. Standards might specify: required information elements, plain language requirements, multi-language support, accessibility features, user interface patterns. This helps platforms comply while protecting user rights through clear, actionable communications. (c) Electronic submission of notices by trusted flaggers through APIs: Trusted flaggers (Article 22) submit large volumes of notices requiring efficient automated processes. Standards define: API specifications for trusted flagger notice submission, authentication and authorization protocols, data formats, status tracking, priority handling. This enables trusted flaggers to develop sophisticated automated detection and reporting tools, platforms to efficiently process high-volume reports, ecosystem development of third-party moderation tools. (d) Specific interfaces, including APIs, to facilitate compliance with Articles 39 and 40: Article 39 (additional advertising transparency) and Article 40 (data access for researchers) require technical interfaces. Standards specify: API endpoints, data formats, authentication mechanisms, query parameters, rate limits, documentation requirements for advertisement repositories and research data access. This facilitates: researchers developing standardized analysis tools working across platforms, platforms implementing compliant interfaces without custom development, verification of compliance through technical conformance testing. (e) Auditing of VLOPs and VLOSEs pursuant to Article 37: Audit methodology standards establish: audit scope and procedures, evidence collection methods, sampling techniques, assessment criteria, reporting formats, auditor qualifications. While Delegated Regulation 2024/436 establishes audit framework, technical standards provide detailed methodologies enabling: consistent audit quality across auditors and platforms, comparability of audit findings, efficiency through standardized procedures, auditor training and certification. (f) Interoperability of advertisement repositories: Article 41 advertisement repositories currently platform-specific; interoperability standards enable: unified search across multiple platform repositories, standardized data formats for cross-platform research, federated queries enabling researchers to search all repositories simultaneously, data portability between research tools. This dramatically enhances research utility and regulatory oversight.
Standards are explicitly voluntary ('support and promote the development and implementation of voluntary standards'): platforms may choose to adopt standards but are not legally required. Voluntary nature balances competing considerations. Benefits of voluntary approach: flexibility (platforms can adopt standards appropriate to their architecture), innovation (platforms not locked into potentially outdated mandated approaches), speed (standards can evolve faster than legal requirements), industry buy-in (voluntary adoption creates industry ownership). Risks: fragmentation if adoption incomplete, lowest-common-denominator standards avoiding challenging requirements, delay if industry slow to develop/adopt. Article 44 balances these through Commission active support and promotion while maintaining voluntary nature.
Paragraph 2 requires Commission support standards updates 'in light of technological developments and user behavior.' Technology evolves rapidly; static standards become obsolete. Ongoing updates ensure: technical relevance (standards reflect current technologies like AI, new platforms, emerging threats), effectiveness (standards address new user behaviors, evolving risks), compatibility (standards integrate with new protocols, frameworks). Commission should establish mechanisms for: monitoring standards implementation, identifying needed updates, coordinating revision processes, ensuring stakeholder input in updates.
Relationship between standards and compliance: Paragraph 3's transparency requirement ensures standards publicly available and easily accessible - not behind paywalls limiting access. However, standards adoption doesn't presume DSA compliance: platform using standardized audit methodology doesn't automatically satisfy Article 37 audit obligation; still must conduct quality audit, address findings, demonstrate actual compliance. Conversely, platform not using standards can still comply using alternative approaches demonstrating equivalent outcomes. Standards facilitate compliance but don't substitute for it.
Key Points
Commission must consult European Board and support development of voluntary standards by European and international standardization bodies
Standards cover electronic submission of notices under Article 16 enabling automated, standardized reporting of illegal content
Templates and design standards for user-friendly communication about content restrictions and decisions
Electronic submission standards for trusted flaggers through APIs enabling efficient, automated reporting
Specific interfaces including APIs to facilitate compliance with obligations in Articles 39 and 40
Auditing standards for VLOPs and VLOSEs pursuant to Article 37 establishing consistent audit methodologies
Interoperability standards for advertisement repositories enabling cross-platform analysis and research
Standards are voluntary: platforms may adopt but not legally required; adoption doesn't presume compliance
Commission supports standards updates reflecting technological developments and user behavior changes
For European Standardization Bodies (CEN/CENELEC/ETSI Developing DSA Standards): European standardization organizations develop Article 44 standards through multi-stakeholder processes. Process: (1) Standardization requests: Commission issues standardization requests identifying priority areas needing standards (e.g., trusted flagger APIs, audit methodologies). Requests specify: regulatory context, technical objectives, stakeholder involvement requirements, timelines. (2) Technical committee formation: Standardization body establishes technical committee bringing together: platform representatives (Meta, Google, TikTok, smaller platforms), technology vendors, civil society organizations, academic experts, regulators (DSCs, Commission observers), users. Balanced representation prevents industry capture while leveraging industry technical expertise. (3) Standards drafting: Committee develops standards through: requirements analysis (what must standard achieve?), technical design (how to implement?), draft standards development, public consultation, revision based on feedback, formal approval. Process typically takes 18-36 months balancing thoroughness with urgency. (4) Publication and maintenance: Publish standards making freely accessible per Article 44, establish maintenance processes for updates, monitor implementation providing guidance. Example: CEN developing standard for trusted flagger API specification: defines RESTful API endpoints for notice submission, JSON data formats for different illegal content types (copyright infringement, illegal products, child sexual abuse material each having specific required fields), OAuth authentication for trusted flagger credential verification, response codes and status tracking, rate limiting specifications, API versioning and deprecation policies. Standard enables trusted flaggers to integrate with multiple platforms through single implementation, platforms to implement compliant interfaces following clear specifications, regulators to verify compliance through technical conformance testing. Implementation challenges: balancing generality (standard applicable to diverse platforms) with specificity (concrete enough for interoperable implementation), achieving consensus among competing platforms, maintaining technical quality while including non-technical stakeholders, updating standards pace with technology evolution. Standards success depends on industry adoption: standardization bodies should engage industry early, incorporate feedback, demonstrate value proposition, facilitate adoption through guidance and tooling.
For Platforms (Implementing Standards for Compliance Efficiency): Platforms should strategically adopt Article 44 standards where beneficial. Analysis: (1) Cost-benefit assessment: Standards adoption involves implementation costs (engineering time, testing, integration, documentation) but provides benefits (reduced custom development, interoperability enabling ecosystem, compliance certainty, competitive advantages through compatibility). Platform should assess: Does standard reduce implementation complexity compared to custom approach? Does interoperability create value (e.g., shared trusted flagger networks)? Does standardization provide compliance certainty versus uncertain custom implementation? Are competitors adopting creating competitive pressure? (2) Priority standards: Not all standards equally valuable; platforms should prioritize: Trusted flagger APIs (facilitates scaled moderation through external organizations), audit methodologies (provides compliance roadmap and comparability), notice submission formats (enables automated intake reducing moderation costs), advertisement repository APIs (satisfies Article 41 with established approach). Lower priority might be: niche standards with limited applicability, standards where platform already has superior proprietary approach, standards where competition benefits from differentiation. (3) Implementation approach: When adopting standard: Allocate engineering resources for implementation, test compliance through conformance testing, document implementation for auditors and users, participate in standards maintenance providing feedback on implementation challenges, consider open-source implementations reducing costs. (4) Strategic considerations: Early standards adoption can: shape standards in platform's favor through participation in development, establish platform as compliance leader creating competitive advantages, attract ecosystem partners (developers, researchers, trusted flaggers) who prefer standardized interfaces, reduce regulatory scrutiny by demonstrating proactive compliance. However, premature adoption of immature standards risks implementation of flawed approaches requiring costly revisions. Platforms should balance first-mover advantages with prudent waiting for standards maturity. (5) Hybrid approaches: Platforms might implement standards for external interfaces (notice submission APIs, researcher data access) ensuring interoperability while maintaining proprietary internal implementations (content moderation algorithms, recommendation systems) protecting competitive advantages. Standards don't require end-to-end standardization, only specified interfaces.
For Trusted Flaggers (Leveraging Standardized APIs for Scaled Reporting): Trusted flaggers benefit significantly from standardized notice submission APIs enabling efficient multi-platform reporting. Pre-standards scenario: Trusted flagger combating child sexual abuse material must integrate separately with Facebook, YouTube, TikTok, Twitter/X, Instagram, each having different notice formats, submission methods, status tracking, requiring custom integrations, manual processes, separate tool development. Standardized API scenario: Single implementation submits notices to all platforms using common format, authentication, and tracking. Implementation: (1) Tool development: Trusted flagger develops automated detection and reporting tool: content scanning component identifies illegal content using AI/ML or manual review, notice generation component formats findings into standardized notice format specifying: content identifier (URL, hash), illegal content category (child abuse, terrorism, copyright infringement, etc.), evidence and reasoning, urgency level, contact information, creates API request following standard, authenticates using trusted flagger credentials, submits to platform's standardized endpoint. (2) Multi-platform deployment: Same tool submits to all platforms implementing standard, monitors submission status through standardized status tracking, receives outcomes (content removed, appeal filed, etc.) in standardized formats, aggregates data for reporting and analysis. (3) Efficiency gains: Massively reduced development costs (one implementation vs. dozens), faster deployment to new platforms (when new platform designated, simply add their endpoint), scaled operations (automated submission handles large volumes), improved data quality (standardized formats ensure complete information), analytics (comparable data across platforms reveals enforcement patterns). (4) Ecosystem development: Standardized APIs enable third-party tool vendors to develop commercial trusted flagger platforms, small trusted flaggers to access sophisticated tools, collaboration among trusted flaggers sharing infrastructure, researchers to study trusted flagger effectiveness across platforms. Examples: Internet Watch Foundation (combating child abuse material), EU Internet Forum trusted flaggers (combating terrorist content), copyright enforcement organizations (combating piracy) all benefit from standardized reporting enabling efficient protection at scale.
For Regulators (Using Standards for Compliance Verification and Ecosystem Development): DSCs and Commission use standards to: (1) Compliance verification: Standards enable technical conformance testing - regulator can programmatically test whether platform's implementation meets specifications. Example: testing trusted flagger API by submitting standardized test notices, verifying responses match specification, confirming notice processing within required timeframes. This provides objective compliance assessment supplementing audit findings. (2) Guidance development: Regulators reference standards in guidance documents, recommending adoption as means of compliance, clarifying how standards satisfy legal obligations. This reduces regulatory uncertainty helping platforms understand compliance expectations. (3) Ecosystem facilitation: Commission promotes ecosystem development around standards: hosting developer forums, funding open-source implementations, supporting small platforms' adoption through technical assistance, facilitating trusted flagger network expansion. Robust ecosystem benefits all stakeholders: platforms access shared infrastructure, trusted flaggers leverage economies of scale, researchers use interoperable tools, users benefit from improved content moderation. (4) International coordination: Standards developed by international bodies (ISO/IEC) facilitate global regulatory alignment. Commission should: engage with non-EU regulators promoting DSA standards as global reference, support international standardization ensuring DSA standards considered in global standards, facilitate mutual recognition where third countries adopt compatible standards. This creates global benefits avoiding fragmentation between regulatory jurisdictions. (5) Evolution monitoring: Commission should monitor standards implementation tracking: adoption rates across platforms, implementation quality and conformance, needed revisions based on technological change, gaps requiring new standards. Regular standards review ensures standards remain relevant and effective.