Leave an application
COREDO > Blog > DSA and DMA requirements what you need to know to comply with the regulations

DSA and DMA requirements what you need to know to comply with the regulations

Avatar photo
Updated: 19.09.2025
Content

The question “Does my business fall under the DSA or DMA?”: crucial for strategic planning and risk assessment.

Criterion DSA (Digital Services Act) DMA (Digital Markets Act)
Who it applies to All digital intermediaries, platforms, VLOP/VLOSE Only systemic platforms – gatekeepers
Key thresholds 45 million users (VLOP), 10,000 business users 45 million users, €7.5 billion turnover
Main requirements Content moderation, transparency, data protection Data portability, APIs for competitors
Penalties for violations Up to 6% of global turnover Up to 10–20% of global turnover
Conducting a compliance audit for DSA/DMA is important to prevent regulatory risks and ensure stable business development.

DSA and DMA: Does your company fall within their scope?

Illustration for the section 'DSA and DMA: Does your company fall within their scope?' in the article 'DSA and DMA requirements: what you need to know to comply with the regulations'

DSA compliance analysis for a platform starts with assessing the type of services provided, the size of the user base, and the nature of the data being processed. Mitigations for small and medium-sized enterprises are provided: for example, simplified requirements for internal policies and reporting if the platform’s audience does not exceed the specified thresholds.

COREDO’s practice has shown that even companies with a relatively small user base can fall under certain provisions of the DSA if they provide cross-border digital services or work with sensitive categories of data.

It is important to take into account the risk-based approach to the DSA — assessing not only formal criteria but also potential risks to users and the market.

VLOP and VLOSE: what they are and how they are defined

Illustration for the section 'VLOP and VLOSE: what they are and how they are defined' in the article 'DSA and DMA requirements: what you need to know to comply with the regulations'

  • VLOP (Very Large Online Platforms): Platforms with an audience of more than 45 million users in the EU.
  • VLOSE (Very Large Online Search Engines): Search engines with similar thresholds.
  • DMA gatekeepers: Systemic platforms that have a significant impact on the EU’s digital infrastructure and possess market power.
Metrics for effective DSA/DMA implementation include regular audits of user flows, analysis of business user data, and monitoring of structured data transfer formats.

Steps to comply with the DSA and DMA

Illustration for the section 'Steps to comply with the DSA and DMA' in the article 'DSA and DMA requirements: what you need to know to comply with the regulations'

Online business compliance with the DSA and DMA is not a one-time task but a comprehensive process that includes an audit, implementation of new procedures, and ongoing engagement with regulators.

Platform compliance audit

The first stage is a platform compliance audit, including analysis of the platform’s DSA compliance, an internal DSA compliance audit, and a user profiling audit. The COREDO team has carried out projects where the audit was performed using a checklist of more than 70 items: from user complaint management to verification of algorithmic transparency.

An important element becomes compliance reporting — regular reporting on fulfillment of DSA and DMA requirements that needs to be integrated into business processes.

Risk management and transparency — how to implement?

DSA risk management involves implementing monitoring systems, automating detection and removal of illegal content, as well as content transparency mechanisms. For this, the following are required:

  • Algorithmic transparency: disclosing the principles of recommendation systems.
  • Algorithmic accountability: documenting changes to algorithms and their impact on users.
  • Advertising transparency policy: labeling ads and providing information about advertisers.
  • User complaint management: creating effective feedback channels and complaint handling procedures.
COREDO’s practice shows that implementing these procedures reduces the risk of fines and increases user trust.

Removal of illegal content: how to organize?

Managing the removal of illegal content requires clear procedures for responding to notices, integration of automated tools, and moderator training. Special attention is paid to protecting user data and the safety of minors online, implementing digital identities for users, and restricting access to sensitive content.

In one of COREDO’s cases for an international marketplace, a module for automatically detecting and removing illegal content was implemented, which reduced response time from 48 to 4 hours.

Data portability and APIs under the DMA

The DMA requires ensuring portability of user data between platforms, as well as providing competitors access to APIs on non-discriminatory terms. To achieve this, it is necessary to:

  • Implement structured data transfer formats.
  • Ensure business users have access to necessary tools.
  • Prepare regular gatekeeper reporting under the DMA.
COREDO’s solution for one fintech client included developing an API compliant with DMA requirements and conducting an independent security audit of data transmission.

Thus, meeting these requirements becomes an important basis for successful engagement with the European Commission and supervisory authorities.

Engagement with the European Commission and supervisory authorities

Engagement with the European Commission on DSA and DMA issues requires transparency, timely preparation of compliance reporting, and readiness for inspections. It is important to establish processes for interaction with supervisory authorities to minimize the risk of sanctions and ensure business resilience.

COREDO supports clients at all stages: from preparing documentation to participating in communications with regulators and independent compliance audits.

Liability and fines under the DSA and DMA

Illustration for the section«Liability and fines under the DSA and DMA» in the article «DSA and DMA requirements: what you need to know to comply with the regulations»

DSA and DMA provide for significant fines for non-compliance with requirements, as well as additional enforcement measures, up to divestiture (forced separation of the business).

Fines for companies and common mistakes

  • DSA: Fines of up to 6% of the company’s global turnover.
  • DMA: Fines of up to 10–20% of global turnover, and in the case of systematic violations, additional measures, including restrictions on market activity.

Typical mistakes when implementing DSA and DMA identified by the COREDO team:

  • Underestimating the scope of required changes to the IT infrastructure.
  • Lack of regular internal audits and monitoring of regulatory changes.
  • Ignoring requirements for algorithmic transparency and reporting.
  • A formal approach to content moderation and user data protection.
Effectiveness metrics for implementing the DSA and DMA include not only a reduction in the number of incidents, but also increased trust from users and partners.

How to prepare for an audit and reduce risks

Minimizing the risk of DSA violations requires implementing a risk-oriented approach, regular internal control and the use of compliance automation tools. COREDO’s practice has shown that integrating compliance procedures into existing IT infrastructure reduces costs and increases business adaptability to new requirements.

This creates a solid foundation for moving on to the implementation of DSA and DMA in corporate practice.

Implementation of DSA and DMA for business

Illustration for the section «Implementation of DSA and DMA for business» in the article «DSA and DMA requirements: what you need to know to comply with the regulations»

The implementation of DSA and DMA for business fundamentally changes the digital environment for all companies providing services in the EU — regardless of their size and sector. These innovations not only tighten requirements for large platforms, but also open new opportunities and benefits for small and medium-sized businesses, which is especially important in the context of growing digital competition.

Benefits for small and medium-sized businesses

For small businesses, concessions are provided: simplified requirements for internal policies, reporting and moderation procedures. At the same time, it is important to remember that as audience size and the geographic scope of services increase, DSA and DMA requirements become fully applicable.

Companies in different jurisdictions

Cross-border digital services and the DSA require taking into account differences in national regulatory approaches, as well as developing a unified strategy for entering the EU market. COREDO’s solutions include developing universal compliance policies and integrating requirements into the processes of registering legal entities in the EU taking into account the DSA and DMA.

Legal entity registration and compliance

Registration of legal entities in the EU, taking into account the DSA and DMA, requires not only preparing the standard set of documents, but also developing internal policies to comply with the DSA and DMA, implementing structured data transfer formats and ensuring EU digital infrastructure that meets the new standards.

LEAVE AN APPLICATION AND GET
A CONSULTATION

    By contacting us you agree to your details being used for the purposes of processing your application in accordance with our Privacy policy.

    +420 228 886 867

    K Cervenemu dvoru 3269/25a, Prague, 130 00, Czech Republic

    Sitemap    © 2025 Copyright © RES JUDICATA s.r.o. All rights reserved