Digital Services Act (DSA)
The Digital Services Act (DSA) regulates digital platforms and online services in Europe. The DSA came into effect on 17 February 2024 and applies to all providers of online services. As of 4 February 2025, the Autoriteit Persoonsgegevens (AP) (the Dutch data protection authority) and the Netherlands Authority for Consumers & Markets (ACM) are authorised to supervise the DSA rules in the Netherlands.
What is the DSA about?
The DSA sets out rules for providers of so-called online 'intermediary services', such as social media, marketplaces, Internet providers, hosting services, online platforms and online search engines. These services may store, transmit, or disclose user information. The DSA requires these services to provide a safe, predictable and reliable online environment for people and businesses.
There are different (sub)categories of intermediary services for which different rules apply. For example, combating illegal online content, safeguards for users and transparency obligations for online platforms. Platforms, for instance, must notify users when they remove or restrict their content.
Providing digital services often involves the processing of personal data. In that case, both the GDPR and DSA may apply.
How is supervision of the DSA stipulated?
Profiling
The AP supervises two provisions in the DSA that relate to profiling: providers of online platforms may not show users advertising through profiling based on special categories of personal data (Article 26, paragraph 2) or on the basis of personal data of minors (Article 28, paragraph 3).
Recommendation systems
In addition, the AP monitors transparency requirements and functionality requirements of recommendation systems (Article 27 of the DSA). Recommendation systems are, for example, rankings of products shown in an online store or the recommendations in music streaming services. Providers must explain in clear and understandable language why users are presented certain content.
Does a provider offer several options for recommender systems that determine the order of the presented content? Then the provider has to offer a functionality that allows the user of the service to select and modify their preferred option at any time.
Access to data for researchers
The AP also has an advisory obligation (Article 40(8) of the DSA) to the ACM when researchers want access to data from very large online platforms (VLOPs) and very large online search engines (VLOSEs), if these contain personal data. Researchers can use the data to help detect, identify and understand systemic risks and risk mitigation measures taken by providers. For example, measures to combat misleading information. The AP provides advice on whether researchers have taken appropriate technical and organisational measures to protect personal data during their research.
ACM coordinates in the Netherlands
The ACM is the 'digital services coordinator' and therefore the coordinating market supervisory authority of the DSA in the Netherlands. The ACM and the AP only supervise providers of online services that have their main establishment in the Netherlands. Dutch users of online services established outside the Netherlands can report violations to the ACM or the AP. Information about this will follow in the course of 2025.
Very large online platforms and search engines
The European Commission monitors the specific rules for very large online platforms and very large online search engines such as Meta, Amazon and AliExpress internationally. The Commission can ask the ACM, as digital services coordinator, to assist with this. The other parts of the supervision of the DSA is carried out jointly by the European Commission and the digital services coordinator. Both can also enforce separately, but not on the same subjects at the same time.
More information:
Explanation ACM: what is an online platform and which rules apply?
European Commission DSA overview page
Also read: