Internet Explorer 11 (IE11) is not supported. For the best experience please open using Chrome, Firefox, Safari or MS Edge

Transparency Reporting Under the DSA

To date, only very large online platforms and search engines have had to publish transparency reports under the EU’s Digital Services Act. The first reporting cycle for all remaining service providers subject to the DSA is fast approaching. In this article, our Data & Technology team examines the challenges faced by service providers and offers practical guidance on how to prepare for this and future reporting cycles.


Article 15 of the Digital Services Act (DSA) requires in-scope service providers to publish a transparency report detailing how they carry out content moderation, including how they implement and action Member State orders, carry out own-initiative moderation and process user reports. All in-scope providers must comply with the requirements of Article 15, however the content of transparency reports will depend on how a service is categorised under the DSA.

The European Commission published an Implementing Regulation in November 2024 which details the format and granular data requirements for these reports. However, those requirements will only apply from 1 July 2025 and so they do not apply to reports published under this first reporting cycle. As a result, service providers have some discretion in determining the format and structure of their first report.

This interim period presents both an opportunity and a challenge for businesses. On the one hand, the absence of rigidly prescribed templates allows companies to tailor their reports to their current practices. On the other, the basic requirements of Article 15, prior to application of the more detailed requirements of the Implementing Regulation, are nonetheless onerous and ambiguous as to how certain data points are to be reported.

Challenges of transparency reporting

Many providers are finding that the information they are required to report is not data they have traditionally collected or tracked in a systematic way. For example, they may need to categorise user reports into the types of illegal content set out by the European Commission. Additionally, they are required to report on the median time taken to respond to a user report and the use of automated tools on their services.

To address these issues, many providers are engaging in data mapping exercises to ensure they can meet the DSA’s requirements. This involves reviewing internal systems, identifying relevant data sources, and implementing new processes to track and record required metrics. For smaller platforms, these efforts can be resource-intensive, as they may lack the sophisticated compliance tools and infrastructure.

Providers must also be mindful of potential discrepancies between their initial reports and future reporting requirements under the Implementing Regulation. Helpfully though, the Implementing Regulation notes that providers can publish updated versions of previously published transparency reports for the purpose of rectifying inconsistencies, errors, or changes in the methodology applied to calculate reported figures. The Implementation Regulation requires, however, that updates are clearly flagged as such.

Key takeaways

There are four main considerations for service providers:

1. Data mapping and governance: Providers should identify the gaps or inconsistencies in current data collection practices and implement processes to capture the metrics required for Article 15 compliance. A key consideration for service providers who have multiple reportable services is to consolidate the data collection practices across services to ensure a smoother reporting process in the future.

2. Ensure underlying tools enable compliance: the transparency report must include data on the service’s notice and action and internal appeals mechanisms. Providers must ensure that these mechanisms are set up to capture the data required for the transparency report.

3. Prepare to publish the first report: the first report must include the information set out in Article 15, but the Implementing Regulation can and is being used as non-binding guidance for this report. Importantly, the deadline for publication of the first report is not fixed to a single date. This is because a report must be published within two months of the end of a reporting period, but service providers are free to choose an end date between 31 December 2024 and 16 February 2025. This means that reports can be published from 28 February 2025 up to 17 April 2025, depending on what end date the provider chooses. Adopting a later date might be beneficial, in terms of seeing how other providers have approached some of the trickier issues.

4. Plan ahead: while this year’s reports offer some flexibility, the Implementing Regulation’s entry into force in July 2025 means that providers must align their practices with its granular requirements sooner rather than later. In particular, the Implementing Regulation standardises the categories of illegal content which populate the transparency reports. Also, unlike the first report, all future reports will be harmonised to the calendar year which means that they must all be published by the end of February, except for the very large services which must publish bi-annual reports.

Conclusion

In advance of publishing the first report, providers should consider how they can comply with the strict requirements of the DSA, while keeping an eye on more granular future reporting requirements. It is not too late to consider how the first report can be organised to comply with the DSA, while providing a solid foundation for future reporting periods. Providers should use this period to build robust, scalable systems that can handle the more stringent requirements set to take effect from July 2025.

For any questions on DSA transparency reporting, please contact a member of our Data & Technology team.

The content of this article is provided for information purposes only and does not constitute legal or other advice.



Share this: