New business ecosystem based on the EU Digital Services Act

This article is part of a series marking the first 100 days of the full implementation of the European Digital Services Act. You can find the other articles in the series here.

The European Digital Services Act (DSA) introduces a range of new regulatory obligations and is likely to create a vibrant business ecosystem centred around helping platforms and governments meet the compliance requirements and opportunities set out in the law.

Existing companies may adapt their business models to meet the needs of DSA and develop new business solutions and units, and entirely new companies may emerge to take advantage of the new demand for their services.

We expect to see at least six different services in the future.

1. Alternative Dispute Resolution Services Specializing in Content Moderation Decisions: Until now, users who received enforcement actions from platforms such as suspension, demonetisation or content removal could only challenge these decisions through the platform's internal processes. The DSA will introduce alternative dispute resolution options, allowing users to challenge these decisions through accredited dispute resolution bodies. Accreditation will be granted by the Digital Services Coordinator (DSC) of each Member State. Existing ombudsman services are expected to form new “digital” units within their organisations to qualify to act as these bodies under the DSA.
2. Digital Risk Assessment Consultant: The DSA requires Large Online Platforms (VLOPs) and Search Engines (VLOSEs) to conduct annual risk assessments to identify, analyze, and evaluate systemic risks associated with their services, especially before implementing any significant features. We expect two types of companies to take advantage of this opportunity: consulting firms that specialize in legal and cybersecurity risk assessments, and companies that provide Trust & Safety solutions, such as harm detection and threat intelligence. These companies will likely hire online policy experts and incorporate this service into their consulting portfolios.
3. Establishing and supporting trusted reportersThe DSA mandates that accredited trusted flaggers submit reports of illegal content to platforms for priority review. Since trusted flaggers are primarily research institutes, civil society organizations, and non-profits, we expect to see new businesses emerge that specialize in supporting and building trusted flaggers. These businesses will strengthen the DSA-mandated reporting of harmful content. Potential organizations that could take on this mission are independent consultancies or “umbrella organizations” for hotlines such as INHOPE.
4. Hazard Detection Services for Regulatory Agencies: These companies help regulators detect and analyze harmful content on platforms. By providing evidence of such content, regulators can gather sufficient grounds to launch an investigation or send information requests to platforms. For example, the European Commission's recent formal proceedings against Facebook and Instagram relied on allegations that these platforms violated the DSA through the dissemination of false advertising, disinformation campaigns, and coordinated misconduct. Because regulators may lack the expertise to systematically monitor and analyze platform traffic at scale, they can turn to harm detection services to provide them with the information they need. Companies that can take on these responsibilities include companies that specialize in threat intelligence and technology companies that provide harmful content detection services to platforms.
5. Operational support for regulators: Some regulators may experience a significant increase in their operational load as they will have to implement and enforce the DSA. The DSA will designate a regional Digital Service Coordinator (DSC) to handle responsibilities such as audits, investigations, overseeing the risk assessment process, accrediting trusted flagging officers, and managing individual complaints. Member states with a large number of VLOP headquarters, such as Ireland, will need to apply effective operational measures such as prioritization and streamlining to effectively fulfil their responsibilities as DSC. Companies offering platforms specializing in queue management, workflow automation, service request management, or resource planning may be candidates for this mission.
6. DSA Preparation Consultation: While VLOPs and VLOSEs have large teams dedicated to ensuring compliance with the DSA and can hire regulatory compliance experts, small and mid-sized platforms will face significant challenges in complying with the new law. These platforms, who may not be as familiar with the DSA, still have a lot of uncertainty regarding compliance. As a result, we expect to see an increase in compliance readiness services that evaluate platforms' products, policies, and processes and advise them on how to mitigate the risk of non-compliance. We will see the emergence of consultants who can guide companies through the transition to DSA compliance and ensure they understand and comply with all legal obligations.

The DSA will not only reshape the regulatory environment for digital services in Europe, but will also act as a catalyst for the growth of a robust business ecosystem with opportunities ranging from compliance support to out-of-court dispute resolution. At this early stage, it is difficult to gauge the scale of the commercial opportunities, as is the impact of the emergence of this new regulated economy.