Enhanced supervision of remedies to address infringements of obligations laid down in Section 5 of Chapter III
Chapter 4|Supervision, Investigation, Enforcement and Monitoring of VLOPs and VLOSEs|📖 13 min read
1. When adopting a decision pursuant to Article 73 in relation to an infringement by a provider of a very large online platform or of a very large online search engine of any of the provisions of Section 5 of Chapter III, the Commission shall make use of the enhanced supervision system laid down in this Article.
2. In the decision referred to in Article 73, the Commission shall require the provider of a very large online platform or of a very large online search engine concerned to draw up and communicate, within a reasonable period specified in the decision, to the Digital Services Coordinators, the Commission and the Board an action plan setting out the necessary measures which are sufficient to terminate or remedy the infringement.
3. The Board shall, within one month following the receipt of the action plan, provide its opinion on whether the measures set out in the action plan are sufficient to terminate or remedy the infringement. The Board may consult third parties where appropriate.
4. Within one month following receipt of that opinion, the Commission shall decide whether the measures set out in the action plan are sufficient to terminate or remedy the infringement, and shall set a reasonable period for its implementation.
5. The Commission shall subsequently monitor the implementation of the action plan. To that end, the provider of a very large online platform or of a very large online search engine concerned shall communicate the audit report referred to in Article 37 to the Commission without undue delay after it becomes available, and shall keep the Commission up to date on steps taken to implement the action plan.
Understanding This Article
Article 75 establishes enhanced supervision framework automatically triggered when Commission adopts Article 73 non-compliance decision for Section 5 violations (Articles 33-43 VLOP/VLOSE-specific obligations). Enhanced supervision creates structured remediation process ensuring systematic rather than superficial compliance correction through: provider-developed action plans, European Board for Digital Services expert review, Commission approval and deadline-setting, ongoing monitoring via Article 37 audits and compliance updates. Mechanism addresses enforcement challenge that Article 73 decisions identifying violations don't automatically specify remediation details - providers better positioned to design operational fixes given technical knowledge, but Commission oversight prevents inadequate or evasive remediation.
Action Plan Development - Paragraph 2: Article 73 decision requires provider 'draw up and communicate action plan setting out necessary measures sufficient to terminate or remedy infringement' within 'reasonable period specified in decision.' Action plans must include: (1) Violation analysis - provider's assessment of why non-compliance occurred identifying root causes (inadequate resources, flawed methodologies, organizational failures, technological limitations). (2) Remediation measures - specific concrete actions addressing each violation component (algorithm retraining, policy revisions, staffing increases, system deployments, procedural reforms). (3) Implementation timeline - staged schedule with discrete milestones and target completion dates. (4) Responsibility assignments - identification of personnel, units, executives accountable for each measure. (5) Resource allocations - budget commitments, technical infrastructure, human capital dedicated to remediation. (6) Verification mechanisms - methods for assessing measure effectiveness (metrics, testing protocols, audit procedures). (7) Ongoing compliance - systems ensuring sustained compliance beyond initial remediation preventing recurrence. Reasonable period for plan development typically 30-60 days for straightforward violations, 60-90 days for complex multi-faceted non-compliance requiring extensive analysis.
Board Consultation - Paragraph 3: European Board for Digital Services must provide opinion within one month whether action plan measures 'sufficient to terminate or remedy infringement.' Board consultation serves multiple functions: (1) Expert evaluation - Board comprises Member State Digital Services Coordinators with regulatory expertise and national platform oversight experience enabling informed technical assessment. (2) Multi-stakeholder perspective - Board 'may consult third parties' including civil society organizations, academic researchers, industry associations, affected users providing diverse views beyond Commission/provider bilateral exchange. (3) Legitimacy enhancement - Board input demonstrates enforcement doesn't reflect Commission unilateral discretion but benefits from deliberative expert consensus. (4) Consistency promotion - Board review helps ensure comparable violations trigger comparable remediation across platforms and Member States. Board opinion addresses: whether proposed measures technically capable of addressing violation, whether timeline realistic given implementation complexity, whether resource allocations adequate, whether verification mechanisms robust, whether measures risk unintended adverse effects (e.g., over-blocking, excessive compliance costs impacting smaller competitors). Board may consult stakeholders through: written submissions soliciting comments on published action plans, expert hearings with specialists in relevant domains (content moderation, algorithmic fairness, child safety), coordination with national authorities having jurisdiction over provider subsidiaries or local operations.
Commission Decision - Paragraph 4: Commission must decide within one month of receiving Board opinion whether action plan sufficient and set 'reasonable period for implementation.' Decision-making process: Commission reviews action plan against Article 73 decision requirements, considers Board opinion (though not legally binding - Commission retains final authority), may request additional information or clarifications from provider, assesses whether measures address all violation dimensions. Sufficiency standard requires measures be: (1) Complete - addressing all identified violations not merely subset, (2) Effective - reasonably likely to achieve compliance not merely symbolic gestures, (3) Verifiable - enabling objective assessment of implementation and success, (4) Timely - implementable within reasonable period without indefinite delays, (5) Sustainable - creating lasting compliance systems not temporary fixes. If Commission finds action plan insufficient, provider must submit revised plan addressing deficiencies - iterative process continues until Commission approves adequate plan. Implementation period determination considers: technical complexity (algorithm modifications requiring extensive testing versus operational policy changes), resource availability (measures requiring new hiring, infrastructure deployment need longer timelines), business integration (changes affecting core platform functionality need careful rollout preventing service disruption), third-party dependencies (measures relying on external vendors, partners create timeline uncertainty). Typical implementation periods: 3-6 months for operational/procedural remediation, 6-9 months for moderate algorithmic or system changes, 9-12 months for extensive technical overhauls or structural reorganizations.
Implementation Monitoring - Paragraph 5: Commission 'shall subsequently monitor implementation' through two mechanisms: (1) Article 37 audit reports - providers must communicate annual independent audit reports to Commission 'without undue delay after available.' Auditors assess action plan implementation as part of general DSA compliance audit, verifying measures actually deployed, testing effectiveness, documenting any failures or gaps. Commission reviews audit findings evaluating whether implementation proceeding as planned. (2) Ongoing updates - providers must 'keep Commission up to date on steps taken to implement action plan' through periodic progress reports (typically monthly or quarterly depending on implementation timeline). Updates document: completed milestones with supporting evidence, ongoing activities and status, encountered obstacles or delays with explanations, metrics showing remediation effectiveness, anticipated next steps. Commission monitoring may also involve: Article 67 information requests seeking detailed implementation documentation, Article 68 interviews with personnel responsible for remediation, Article 69 inspections verifying system deployments or procedural changes, Article 72 monitoring including algorithm access and database review, third-party complaints or reports indicating implementation failures. Inadequate implementation triggers Article 76 periodic penalty payments compelling compliance - daily fines accrue until provider achieves satisfactory implementation.
The enhanced supervision framework represents one of the DSA's most sophisticated enforcement mechanisms, creating an intensive monitoring regime that continues after the Commission has identified systemic violations. Unlike one-time enforcement actions, Article 75's enhanced supervision establishes an ongoing relationship between the Commission and the non-compliant platform, with structured oversight designed to ensure that remedial measures are not merely implemented superficially but fundamentally address the systemic issues that led to the initial violation.
The action plan requirement is central to this framework. Within one month of receiving an Article 73 non-compliance decision for Section 5 violations, the platform must submit a comprehensive action plan detailing how it will terminate the infringement and prevent its recurrence. This action plan must specify the measures the platform intends to implement, provide detailed timelines for implementation, explain the methodology for assessing effectiveness, and commit to independent auditing by qualified auditors. The Commission, advised by the European Board for Digital Services, evaluates whether these planned measures are sufficient to remedy the breach and sets a reasonable period for implementation.
Enhanced supervision differs from regular Commission monitoring under Article 72 in several key respects. First, it is triggered automatically by an Article 73 non-compliance decision for Section 5 violations, rather than being discretionary. Second, it involves mandatory action plans and independent audits, not merely Commission information requests. Third, it creates ongoing reporting obligations where platforms must keep the Commission continuously updated on implementation progress. Fourth, it may involve commitments to participate in relevant codes of conduct under Article 45, integrating the platform into industry-wide compliance frameworks. This multi-layered approach ensures comprehensive oversight of systemic risk mitigation.
Key Points
Mandatory enhanced supervision for all Article 73 non-compliance decisions involving Section 5 violations (Articles 33-43 VLOP/VLOSE obligations)
Action plan requirement: providers must develop detailed remediation plan within Commission-specified reasonable period
Action plan distributed to Digital Services Coordinators, Commission, and Board - creates multi-stakeholder transparency
Board consultation: must provide opinion within one month on whether action plan measures sufficient to remedy infringement
Board may consult third parties (civil society, academics, affected users) when evaluating action plan adequacy
Commission decision: must determine action plan sufficiency within one month of receiving Board opinion and set implementation deadline
Ongoing monitoring: Commission tracks implementation through Article 37 audit reports and provider updates
Providers must communicate audit reports 'without undue delay' and keep Commission informed of implementation progress
Hypothetical Meta Article 34/35 Action Plan: Commission Article 73 decision finds Meta violated Article 34 (inadequate systemic risk assessment for teen mental health impacts) and Article 35 (ineffective risk mitigation measures). Article 75 paragraph 2 requires Meta develop action plan within 60 days. Meta submits plan: (1) Violation analysis - acknowledges risk assessment focused primarily on illegal content and election manipulation, giving insufficient attention to mental health/wellbeing risks; mitigation measures emphasized content removal rather than algorithmic adjustments reducing harmful exposure. (2) Remediation measures - Conduct comprehensive mental health risk assessment examining: eating disorder content amplification, appearance-focused social comparison triggers, harassment and bullying patterns, anxiety-inducing recommendation patterns, sleep disruption from engagement optimization; Deploy algorithmic modifications: reduce appearance-focused content in teen feeds, limit comparisons metrics (likes, follower counts) for users under 18, downrank anxiety-inducing content, implement time-based engagement limits; Enhance reporting and support: simplified mental health content reporting, partnerships with crisis support organizations, intervention notices for users exhibiting distress signals; Independent research: provide Article 40 researchers comprehensive data access studying teen mental health impacts enabling ongoing oversight. (3) Timeline - Risk assessment completion: 4 months, Algorithm modifications testing and deployment: 8 months, Reporting enhancements: 3 months, Research access: 6 months. (4) Resources - €500M budget allocation, 200 FTE engineers/researchers, partnerships with 5 mental health organizations, computing resources for algorithm retraining. (5) Verification - Article 37 independent audit of implementation, third-party testing of algorithmic changes by academic researchers, survey evidence from teen users and parents, quarterly transparency reports with mental health metrics. Board paragraph 3 consultation: reviews plan, conducts expert hearings with child psychologists, eating disorder specialists, researchers studying social media impacts. Board opinion: measures appear comprehensive but concerns about timeline (8 months for algorithm changes seems slow given harm urgency), recommends expedited phased rollout beginning most critical changes sooner, suggests Board member observation of algorithm testing. Commission paragraph 4 decision: approves action plan with modifications - requires initial algorithm changes within 4 months (eating disorder downranking, engagement limits) with full deployment by 8 months, mandates monthly progress reports given teen safety priority. Sets 12-month overall implementation period. Monitoring paragraph 5: Meta submits monthly updates showing algorithm testing progress, engineering challenges, initial deployment to user subsets. Article 37 audit (10 months) finds eating disorder downranking deployed and effective (40% reduction in eating disorder content exposure for teen users), engagement limits partially implemented but circumventable, harassment reporting improved but utilization low. Commission requires Meta address gaps before declaring full compliance - additional iteration preventing Meta from claiming complete implementation prematurely.
For platforms subject to enhanced supervision following an Article 73 non-compliance decision, developing an effective action plan is the first critical step. The action plan must be submitted within one month of the non-compliance decision and must demonstrate genuine understanding of the systemic failures that led to the violation. Superficial or incomplete action plans risk rejection by the Commission, potentially leading to additional procedural violations and further fines. Platforms should involve cross-functional teams including legal, compliance, product, engineering, and risk management personnel in action plan development to ensure technical feasibility and comprehensive coverage.
The independent audit component requires careful planning and auditor selection. Platforms must engage auditors who meet DSA qualifications and are truly independent from the platform's management. The audit methodology must be rigorous enough to satisfy Commission requirements while being practically implementable. Audit reports become key evidence of compliance progress, so platforms must ensure auditors have full access to necessary systems, data, and personnel. The timing of audits should align with implementation milestones, providing objective assessment of progress at critical stages rather than merely at the end of the implementation period.
Continuous communication with the Commission is essential throughout enhanced supervision. Platforms should establish dedicated channels for Commission updates, designate responsible personnel for liaison, provide regular status reports beyond minimum requirements, proactively notify the Commission of implementation challenges or delays, and request clarification when Commission expectations are unclear. This collaborative approach can help build Commission confidence in the platform's compliance efforts and may provide flexibility if unexpected implementation challenges arise.
Participation in relevant codes of conduct under Article 45 may be required or encouraged as part of the action plan. Platforms should evaluate which codes of conduct are relevant to the specific Section 5 violations identified, assess the additional obligations that code participation would impose, consider how code of conduct commitments interact with action plan obligations, and determine whether code participation offers strategic advantages such as demonstrating industry leadership in addressing systemic risks. Code participation can serve as evidence of good faith compliance efforts and may help satisfy enhanced supervision requirements more effectively.
The reasonable implementation period set by the Commission requires realistic project planning. Platforms must develop detailed implementation timelines identifying all necessary technical changes, resource allocations, testing requirements, and validation procedures. Implementation should be staged with measurable milestones allowing both the platform and the Commission to assess progress. Risk management is crucial - platforms should identify potential implementation obstacles and develop contingency plans to address delays or technical failures. Missing Commission-mandated deadlines can result in periodic penalty payments under Article 76, making reliable project management essential.
Documentation throughout enhanced supervision is critical for demonstrating compliance. Platforms should maintain: (1) Detailed records of all action plan implementation steps; (2) Technical specifications and testing results; (3) Audit reports and audit follow-up actions; (4) Communications with the Commission; (5) Evidence of resource allocation and organizational changes; (6) Metrics demonstrating effectiveness of implemented measures. This documentation serves multiple purposes: satisfying Commission oversight requirements, supporting defense against claims of non-compliance, and providing evidence for audit verification.
Financial planning is necessary given the potential costs of enhanced supervision. Platforms must budget for: (1) Independent auditor fees; (2) Implementation costs for technical and operational changes; (3) Personnel costs for dedicated compliance teams; (4) Ongoing monitoring and reporting systems; (5) Potential periodic penalty payments if delays occur. For major platforms with revenues in tens of billions, comprehensive enhanced supervision programs may cost tens of millions of euros, but this must be weighed against the risk of fines up to 6% of global turnover for continued non-compliance.
Enhanced supervision eventually concludes when the Commission determines that the platform has successfully implemented the action plan and effectively remedied the Section 5 violations. Platforms should work toward clear exit criteria, demonstrating sustained compliance over a meaningful period, providing comprehensive evidence that systemic issues have been resolved, and showing that risk management systems are now effective in preventing recurrence. Successfully completing enhanced supervision not only resolves the immediate enforcement action but also demonstrates to regulators, users, and stakeholders that the platform takes systemic obligations seriously and can implement effective corrective measures.