The European Union's Digital Services Act (DSA) is now in force, moving from legal text to active enforcement. According to a new analysis by cybersecurity and privacy researcher Łukasz Olejnik, the initial results point to a significant compliance gap, suggesting major platforms may be performing the motions of adherence rather than its substance.

Olejnik, who has tracked the DSA's rollout, notes a growing tension between the regulation's demands and what is being delivered. The law requires extensive transparency around content moderation, provides for vetted researcher data access, and mandates risk assessments on issues like disinformation. Yet the transparency reports filed so far vary wildly, with some offering little meaningful insight into how algorithmic systems operate.

The stakes are concrete. The European Commission has already opened formal proceedings against several major platforms for suspected violations, with potential fines reaching up to 6% of a company's global revenue. A particular flashpoint is researcher data access, a cornerstone for independent oversight. In practice, researchers report delays, narrow data offers, and obstruction, hampering real-time study of systemic risks during events like the 2024 European Parliament elections.

The Commission has taken steps to clarify data access rules, but implementation lags. For data and machine learning engineers, the situation presents a clear, technical challenge: the systems they build are now under a regulatory microscope, but the auditability mechanisms remain underdeveloped. The DSA's credibility, and its influence on global regulations, hinges on closing this gap between policy and technical execution. The coming year will show if enforcement can evolve from opening cases to delivering consequential penalties that change platform behavior.

Source: Webpronews