The Emerging Business Ecosystem Under the EU Digital Services Act

Inbal Goldberger / May 29, 2024

This piece is part of a series that marks the first 100 days since the full implementation of Europe's Digital Services Act. You can read more items in the series here.

Europe’s Digital Services Act (DSA) introduces a range of new regulatory obligations that are likely to give rise to a vibrant business ecosystem centered around helping platforms and governments meet the compliance requirements and opportunities the legislation presents.

Existing companies may adapt their business models to align with the needs of the DSA, developing novel business solutions and units, while entirely new enterprises could spring up to capitalize on emerging demand for services.

There are at least six types of services we can expect to see in the future:

  1. Out-of-court dispute resolution services specializing in content moderation decisions: Until now, users who faced enforcement actions from platforms—such as suspension, demonetization, or content removal—could only appeal these decisions through the platform's internal processes. The DSA introduces an out-of-court dispute settlement option, allowing users to challenge these decisions through certified dispute resolution entities. Certification will be granted by the Digital Services Coordinator (DSC) in each member state. I anticipate that existing ombudsman services will form new "digital" units within their organizations to seek qualification to function as these entities under the DSA.
  2. Digital risk assessment consultancies: The DSA requires very large online platforms (VLOPs) and search engines (VLOSEs) to conduct annual risk assessments to identify, analyze, and evaluate systemic risks associated with their services, especially before deploying significant functionalities. I foresee two types of companies capitalizing on this opportunity: consultancy firms specializing in legal and cybersecurity risk assessments, and companies offering Trust & Safety solutions, such as harm detection and threat intelligence. These companies will likely hire experts in online policies and incorporate this service into their consultancy portfolios.
  3. Establishment and support for Trusted Flaggers: The DSA mandates that certified trusted flaggers submit reports about illegal content to platforms and receive priority review. Since trusted flaggers will mainly be research institutions, civil society organizations, and nonprofits, I predict the emergence of new businesses dedicated to supporting or establishing systems for trusted flaggers. These businesses will enhance the reporting of harmful content as required by the DSA. Potential organizations to take on this mission would be independent consultancies or “umbrella organizations” for hotlines, such as INHOPE.
  4. Harm detection services for regulators: These companies will assist regulators in detecting and analyzing harmful content on platforms. By providing evidence of such content, regulators can gather sufficient grounds to open investigations or send requests for information to the platforms. For instance, the EU Commission's recent formal proceedings against Facebook and Instagram relied on claims that these platforms violated the DSA through the dissemination of deceptive advertisements, disinformation campaigns, and coordinated inauthentic behavior. As regulators may lack the expertise to systematically monitor and analyze platforms’ traffic at scale, they can utilize harm detection services to supply the necessary information. Companies that can take on these responsibilities include those specializing in threat intelligence, as well as technology firms that provide harmful content detection services to platforms.
  5. Operational support for regulators: Some regulators may experience a significant increase in their operational load due to the need to implement and enforce the DSA. The DSA designates local Digital Services Coordinators (DSCs) to handle responsibilities such as auditing, investigating, overseeing risk assessment processes, certifying trusted flaggers, managing individual complaints, and more. Member states with a large representation of VLOP headquarters, such as Ireland, will need to apply effective operational measures, such as prioritization and streamlining, to effectively fulfill their commitments as DSCs. Companies that provide platforms specializing in queue management, workflow automation, service request management, or resource planning may be potential candidates for this mission.
  6. DSA readiness consultation: While VLOPs and VLOSEs have large teams dedicated to ensuring compliance with the DSA and can hire regulatory compliance experts, small and medium platforms will face significant challenges in adhering to the new law. These platforms, which may be less familiar with the DSA, still have many uncertainties regarding their compliance. Consequently, we can expect an increase in compliance readiness services that assess a platform’s products, policies, and processes, advising on ways to mitigate any non-compliance risks. Consultancies will emerge to guide companies through the transition to DSA compliance, ensuring they understand and meet all legal obligations.

The DSA not only reshapes the regulatory landscape for digital services in Europe, it also acts as a catalyst for the growth of a robust business ecosystem, with opportunities ranging from compliance support to out-of-court dispute resolution. The scale of the commercial opportunity is difficult to gauge at this early stage, as are the effects of the emergence of this new regulatory economy.


Inbal Goldberger
Inbal Goldberger is a Trust & Safety executive and former military intelligence officer specializing in counter-terrorism. Her journey in cybersecurity led her to a pivotal role at Google Trust & Safety, where she spearheaded initiatives to protect users on Google Search, leading global teams across...