Julian Jaursch is a project director at not-for-profit think tank Stiftung Neue Verantwortung in Berlin, Germany. He analyzes and develops policy proposals in the areas of platform regulation and dealing with disinformation.

Mathias Vermeulen inspired this text with thoughtful remarks on hurdles to DSA enforcement and provided the initial list and analysis of potential enforcement challenges (remaining errors are not his). The text also draws from a SNV policy paper from October 2022.

In mid-November, the European Union’s Digital Services Act (DSA) entered into force. Granted, the new European rules for social media, online shops and video apps will not apply just yet, but the formal process is officially over. Businesses are getting ready to implement the rules, from establishing or fine tuning notice-and-action mechanisms to explaining recommender systems to creating more transparency around online ads – and the European Commission and EU member states are getting ready to check their compliance.

Such rules are well-intentioned and could ideally help to make the online experiences of millions of people better. Yet, that all depends on strong enforcement. Regulators, even the most advanced ones, face considerable barriers to enforcement. It is important to understand such barriers, and to develop solutions to overcome them.

Potential Barriers to Strong Enforcement

Limited resources and staff

To address the most obvious and least surprising barrier first: Considerable budget increases at oversight agencies, especially to hire expert staff, are necessary. Surely, regulators are clamoring for more money even if there is no law as big as the DSA new on the books. But especially considering the wide-ranging obligations in the DSA, for instance, regarding data access, risk assessments and trusted flaggers, this call for resources cannot be disregarded. The substantive negotiations for the DSA might be over, but the budget negotiations regarding funds for staff and other expenses like hard- and software are just getting started. They might be even harder than the negotiations over the content of the DSA, which were highly contested.

Lack of expertise

Strongly connected to the budget considerations is the need to find and retain experts versed in DSA topics. Many regulators across the EU already have years of experience in enforcing EU-wide rules, dealing with corporate giants and adapting to new laws. However, with the DSA’s emphasis on data gathering and analysis, fundamental rights considerations in the corporate context along with economic, internal market questions, a new crop of experts will be necessary at oversight agencies. So far, regulators often rely on expertise from specific fields, especially law and economics. The idea to attract experienced practitioners and academics from a variety of disciplines and/or working across disciplines to work at regulators is only slowly taking hold. In addition, administrative structures and hiring practices might be a hindrance.

Risk aversion among regulators

EU policymakers have hailed the DSA as a milestone and many outside observers have also largely viewed the law in a positive light, despite serious shortcomings. So, it’s understandable that there is some enthusiasm among regulators to be at the forefront of enforcing these new rules. For instance, in Germany, the media authorities and the telecoms regulator have called for a role in DSA enforcement. Yet, with the DSA’s high profile also comes high risk for regulators to mess up the EU’s attempt to reign in some potentially harmful corporate practices. Thus, there is concern that some regulators might not be willing or able to tackle the big DSA questions. Instead of taking an active role to address issues regarding transparency or trusted flaggers, they could stay content with doing the bare minimum, for instance, ensuring the notice-and-action mechanism works.

Turf wars in member states and with the Commission

In almost no member state was it immediately clear who could and should take on the key oversight role of the national-level Digital Services Coordinator (DSC). Some governments will just announce which agency will take on this important task, other countries will have to go through the parliamentary process. Consultation processes, while crucial and welcome, add months to this timeline. Both within these deliberations and after a DSC has been designated, turf wars among agencies could seriously impede DSA enforcement. Since the DSA covers various regulatory fields, many regulators stake a claim, as the example from Germany shows. A combative approach where regulators are unwilling to cede ground instead of emphasizing collaboration on cross-cutting issues would be a huge barrier to strong enforcement. This also applies to potential conflicts between member states and the Commission.

Weak links to outside expertise

Researchers and civil society actors are given bigger roles in the DSA than in many other laws. Researchers can request data from platforms and help understand risks associated with platforms. Civil society actors are involved in enforcement as trusted flaggers, for example, or as outside observers to be consulted by an advisory board that brings together all DSCs and the Commission. If agencies do not have strong links with academia and civil society in place, they risk weaker enforcement.

Litigation by tech companies

Tech companies could try to stop or delay enforcement of the DSA by challenging either the law itself and/or secondary legislation, such as delegated acts. It might start with big companies questioning whether they are truly “very large online platforms”, but corporate lawyers could surely also take issue with other language in the text. Whether these legal concerns are valid or not, litigating them would take time and delay implementation of the new rules. This could be observed, for instance, in Germany, when some companies challenged rules regarding content moderation in the Network Enforcement Act (NetzDG).

What Can Be Done to Overcome These Barriers

It is important for regulators as well as civil society and researchers to understand these challenges related to DSA enforcement. Identifying hurdles does not have to lead to despair and lethargy, however, but can help to find ways to collaborate and overcome potential obstacles. To start again with an obvious opportunity to clear some enforcement hurdles: The Commission, as well as national regulators, need to be equipped with adequate resources. They are more than mere secretariats monitoring DSA rules. Without them, the law will have no effect. That means that EU and national budget negotiations should allow for budget increases. This additional budget is especially needed to hire a new set of oversight experts from various disciplines and with diverse professional experiences. Hiring processes should be more flexible and shorter, and they should also be open to experienced people without formal academic training.

In addition to the technical hiring process, regulators should continue their push towards becoming attractive, agile destinations for top talent. This does not only relate to wages but speaks more generally to a shift in mindset that is only beginning to take hold at some regulators. The DSA accelerates the need for independent platform oversight agencies to be data-driven, well-connected and collaborative organizations. Externally, that applies to the actual enforcement; and internally, that concerns the working conditions and atmosphere at the Commission and DSCs.

To avoid or alleviate turf wars, member states should emphasize a cross-sectoral, collaborative approach at their DSCs. In practice, this could mean case-based task forces led by a DSC employee that brings together expertise from various regulators, depending on the risk or topic at hand. It would be clear that there is only one DSC per member state but other agencies would ideally not feel left out, knowing that there is a viable mechanism to be included on those topics that concern them. As a first, short-term practical measure, building the information exchange system that the DSA requires to connect the Commission and national bodies should be prioritized. It could serve as a testing ground for cross-national and cross-sectoral communication, even before the first cases land on regulators’ desks.

Some regulators already strive to connect with researchers and other outside experts, but such dialogues need to be further structured and expanded. This could be achieved by creating fellowships that allow experts to serve at the Commission or other regulators for a period of time for a specific question or topic. Thematic, regular roundtables with diverse stakeholders could be another format to explore, as are advisory councils.

Lastly, crucial delegated acts need to be developed quickly and in a transparent, inclusive process. With some of these objectives in mind, the Commission and member states can contribute to robust enforcement and overcome potential barriers. It is understandable that both the ambition and the abilities to create such strong oversight structures vary across governments and regulators. Yet, this only underscores the need to create an EU-wide, collaborative governance regime in which oversight bodies can support each other.