What EU DSA Transparency Reporting Actually Requires

The EU Digital Services Act's transparency reporting obligations are often described in shorthand — "publish a report on content moderation" — but the actual statutory requirements are more specific, and the gap between what different types of platforms must report is significant.

Article 15: The baseline for all intermediary services

Article 15 applies to all providers of intermediary services — hosting services, caching services, mere conduit providers — regardless of size. It requires annual publication of a transparency report covering four areas.

The number of orders received from member state authorities under Articles 9 (removal orders) and 10 (orders to provide information), along with the median time to comply and the number of orders contested. The number of notices received under Article 16 (the "notice and action" mechanism), broken down by type of alleged illegal content and the action taken. Own-initiative moderation actions taken against illegal or terms-violating content, broken down by content category, the automated means used to detect the content, and the action taken. And the number of disputes submitted to out-of-court dispute settlement bodies under Article 21.

For most platforms, these requirements are manageable with structured data exports. A platform that processes notices and takes moderation actions has the underlying data — the compliance work is making it auditable and reportable in a consistent format, and maintaining that format across reporting periods.

Article 42: What VLOPs and VLOSEs must add

For platforms designated as Very Large Online Platforms or Very Large Online Search Engines — roughly, more than 45 million active monthly users in the EU — Article 42 substantially extends these obligations.

Reporting frequency increases from annual to semi-annual. Every six months, VLOPs must publish a complete transparency report covering the same categories as Article 15 with substantially more granularity. Not an update — a full report.

Content category and language breakdowns become mandatory. The per-category reporting Article 15 requires at a high level becomes far more detailed for VLOPs: breakdowns by the specific content category within each type of illegal content, and by the language of the content. This requires structured classification data that ties each moderation action to a specific category in the platform's taxonomy, which must in turn map to the DSA's defined categories. Building that mapping — and maintaining it as both platform policy and DSA guidance evolve — is a non-trivial infrastructure problem.

Decision-making timeline data is required: median time between receiving a notice and taking action, median time to notify the user of the action, and similar operational metrics. These aren't post-hoc calculations; they require timestamps to be captured and stored at each stage of the notice-handling workflow. If the timestamps aren't there when you need them, they can't be reconstructed.

For user appeals under Article 20, platforms must report the number of appeals received, the number reversed, and the median time to decision. Again, this requires the operational data to exist at the time of reporting — a structured appeals pipeline with decision tracking, not a spreadsheet maintained by a policy analyst.

Article 42(2) adds requirements specifically for government orders received under Articles 9 and 10, including breakdown by the member state that issued the order and the legal basis cited.

The practical gap

A platform that only processes notices under Article 16 can build a compliance workflow around a structured database of incoming notices and outgoing actions. The data shape is relatively simple and the cadence is annual. A VLOP cannot: it needs category classification at the time of moderation (not retroactively tagged), timestamped workflow stages across the notice lifecycle, a structured appeals pipeline with decision tracking, and the organizational capacity to produce and publish a complete report every six months.

The Commission published a harmonized reporting template in 2024 that brought standardization to the categories and metrics. The H2 2025 reports are the first to follow this template in full, including precision and recall indicators for automated detection tools — which fills a gap the DSA Observatory had identified as producing effectively meaningless accuracy data under the prior approach.

Publication itself has requirements: reports must be submitted to the European Commission's Transparency Database (for individual orders and notices) and published on the platform's website in a machine-readable format where possible. The database submission requirement is separate from the website publication, and the timelines differ.

The enforcement picture is still developing. The Commission opened formal proceedings against X and TikTok in 2024; the DSA gives the Commission direct enforcement authority over VLOPs in ways that don't apply to smaller platforms operating under Article 15 alone. Getting the reporting right matters both as a compliance obligation and as the primary evidentiary record in any Commission proceeding.