Assessing the EU’s Digital Services Coordinators on Resourcing and Readiness

This piece is part of a series of published to mark the first 100 days since the full implementation of Europe's Digital Services Act on February 17, 2024. You can read more items in the series here.

When the European Union’s Digital Services Act (DSA) took full effect on February 17, 2024, each of the bloc’s 27 Member States were required to have appointed a competent authority to act as a Digital Service Coordinator (DSC). Alongside the European Commission, DSCs are responsible for the implementation and enforcement of the DSA in their own jurisdictions. Much like the bloc’s flagship privacy framework, the General Data Protection Regulation, the regulators designated to manage the DSA at a national level are charged with monitoring and regulating all of the online services located within their jurisdictions, including working in tandem with the Commission to enforce the provisions of the law specific to the largest services, the Very Large Online Platforms (VLOPs) and Search Engines (VLOSEs).

In addition to the investigations and sanctions which fall under a DSC’s enforcement duties, designated regulators are also responsible for building out the infrastructure required for full implementation of the DSA. DSCs are responsible for certifying trusted flaggers, vetting researchers, and fielding incoming inquiries and complaints from their constituencies. While national regulators do have support from the Commission in enforcing the DSA as it relates to VLOPs and VLOSEs, these regulators are entirely responsible for the heavy administrative work of building a new bureaucracy around digital economies. Though the statutory demands are less, a number of these designated regulators are also active participants in their Member States’ involvement with the DSA’s sister legislation, the Digital Markets Act (DMA), locating them centrally in the effort to create a single digital market across the EU.

Now 100 days on from the date of full implementation of the DSA, the landscape of DSCs across the EU varies broadly. Where some existing regulators have been tasked with new additions to their portfolios, other jurisdictions have remade or made new agencies to handle the duties of the DSA. A few Member States have even run afoul of the Commission in failing to appoint an adequately empowered regulator, or any regulator at all, to the DSC post. Considering the Commission’s flurry of activity – with five DSA investigations launched in just over five months – a well-functioning DSC might not appear central to the effort to tackle the most egregious harms done by the largest platforms. However, if we’re to believe that the DSA will create a safer online world entirely, the grinding and often unnoticed work of national implementation will be the foundation for a unified European digital realm.

Given the disproportionate population of VLOPs and VLOSEs with European headquarters on the Emerald Isle, Ireland’s newly named and recently reformed Coimisiún na Meán will be the most high profile DSC in the EU. Unsurprisingly, Ireland was also among the quickest to dedicate some of the most extensive resourcing per capita to its online safety regulator. Much like its GDPR-centered counterpart the Irish Data Protection Commission, the Coimisiún na Meán will be responsible for regulating Apple, Google, Meta, TikTok and X, among other tech giants, alongside the Commission. Unlike in most other Member States, the new media regulator was built on new statutory footing, reforming the former Broadcasting Authority of Ireland with a remit more dedicated to online safety both through the DSA and domestic policy. Though unique among its EU peers, the Coimisiún na Meán’s €1.46 per capita budget (as of fiscal year 2022-2023) and approximately 130 staff members brings its resources in line with other premier online safety regulators around the world, including Australia’s eSafety Commissioner and the United Kingdom’s Office of Communications, better known as Ofcom.

Far more common was the choice to assign existing telecommunications national regulatory authorities the additional title and duties of DSC. In total, of the competent authorities identified as DSCs to date, 17 are existing national regulatory authorities for telecommunications. As many of these agencies oversaw the liberalization of European telecommunications and the introduction of asymmetric regulation for competitive markets, participating in the creation of another new regulatory regime will be a more familiar feat for these NRAs. In addition to the completed and pending designations of heavy hitters such as Germany’s Bundesnetzagentur (BNetzA) and Spain’s Comisión Nacional de los Mercados y la Competencia (CNMC), smaller NRAs like the Malta Communications Authority will also expand their portfolios to manage online services for their Member States.

Given the global trend in market convergence as well as increasing political pressure among European network operators to extend symmetric regulation to tech firms competing in communications markets, a number of these regulators have already begun some work programs related to online services, often including the implementation of the EU’s Open Internet Access Regulation in 2016. Similarly, trends in consumer-focused policymaking in European telecommunications in recent years means many of these agencies will have established channels for constituent contact and outreach, lending a bit of institutional memory for DSA-related constituent services.

Ultimately, these NRAs will see more limited duties at the supranational level as well as much more modest resourcing. Given the concentration of large platforms in only a handful of Member States, much of the headline grabbing enforcement work will fall elsewhere in the bloc. Perhaps relatedly, many of these telecommunications regulators have seen limited or no budgetary increases in recent fiscal years. The CNMC, BNetzA and Italy’s Autorità per le Garanzie nelle Comunicazioni (AGCOM) have seen only 4, 12, and 8% budgetary increases over the past five funding cycles. While these regulators are funded both through central political appropriations and independent fees collected from sectoral stakeholders by the regulator, their DSA-related work streams will need to carry on with limited additional spending.

Though the responsibilities among DSCs will vary greatly, a central aim of the DSA and DMA package remains the creation of a digital single market for the EU. With similar restructuring under consideration for telecommunications markets, this roster of DSCs will see their regulatory work driven towards European unification, even in the face of vastly different resourcing and statutory footing. For the next 100 days and for the next European Commission, the question now appears not only whether the EU can successfully implement the DSA but whether that implementation can be equally impactful everywhere among unequal implementors in the form of DSCs.