The Digital Services Act in the Netherlands

The digital world is evolving rapidly, and with it comes the need for regulation to protect users and ensure fair competition. The Digital Services Act (DSA) represents a landmark piece of European Union legislation, aiming to create a safer and more accountable online environment. The Netherlands has implemented the DSA within its national framework, making it crucial for legal professionals, policymakers, and the general public to understand its provisions, enforcement, and implications. At the same time, the European Commission has proposed the Digital Omnibus package, a set of targeted amendments intended to streamline and “stress-test” the EU’s broader digital rulebook. Although the Omnibus proposal does not change the substance of the DSA, it shapes the context in which the Act will be applied, particularly by reducing overlaps with older laws and introducing more coherent supervisory and reporting mechanisms. Understanding the DSA therefore also requires awareness of this wider regulatory consolidation, which is likely to influence enforcement in the coming years. For that reason, this blog also briefly reflects on the Digital Omnibus proposal and its relevance for providers operating under the DSA.

The DSA

The Digital Services Act (Regulation (EU) 2022/2065) is a EU regulation that came into force on 16 November 2022. It forms part of the European digital strategy and seeks to modernise the legal framework for digital services across the EU. It’s a common misconception that the DSA only applies to the big (often US based) online social media platforms. The DSA however applies to a great number of organisations in the Netherlands such as providers of intermediary services like online travel agencies, internet access providers, online platforms such as marketplaces, app stores and social media, hosting services,  very large online platforms (VLOPs) and very large online search engines (VLOSEs).

Key objectives of the DSA include:

• Enhancing transparency and accountability of these online platforms
• Improving user safety by tackling illegal content, goods, and services online
• Protecting fundamental rights, such as freedom of expression and data protection

The DSA introduces new obligations, such as:

• Notice-and-action mechanisms for reporting illegal content (Article 16)
• Transparency requirements for online advertising (Articles 23-26)
• Risk assessment and mitigation for VLOPs and VLOSEs (Article 34)
• Cooperation with national authorities (Article 51)

Implementation in the Netherlands

Each EU Member State is responsible for ensuring the DSA is applied effectively at the national level. In the Netherlands, the DSA is implemented through the “Uitvoeringswet Digitaledienstenverordening” (Implementation Act on the Digital Services Regulation). This act designates the Dutch authorities responsible for overseeing and enforcing the DSA and sets out the necessary national provisions to facilitate its application.

Enforcement in the Netherlands

The main authority tasked with enforcing the DSA in the Netherlands is the Autoriteit Consument & Markt (ACM), or the Netherlands Authority for Consumers and Markets. The ACM acts as the so called ‘Digital Services Coordinator’ (DSC), as required by the DSA for each Member State. The ACM’s role includes supervising compliance, investigating potential breaches, and cooperating with other European regulators and the European Commission. The Dutch Data Protection Authority (Autoriteit Persoonsgegevens) may be involved in cases relating to data protection and privacy aspects under the DSA.

Under the DSA and the Dutch implementation act, the ACM possesses significant enforcement powers. If it finds that an online platform has breached the DSA, the ACM can impose administrative fines. The legal basis for these fines is found in Article 52 of the DSA, which allows for penalties of up to 6% of a provider’s annual worldwide turnover for serious infringements.

In addition to fines, the ACM can order platforms to cease unlawful conduct, enforce corrective measures, and impose periodic penalty payments to ensure compliance. These enforcement powers are designed to provide strong incentives for platforms to adhere to the DSA’s requirements and safeguard users’ interests.

Article 55 of the DSA requires each DSC to publish an annual report summarizing its yearly activities. This report must cover complaints received under Article 53, detail numbers and types of orders from national authorities related to illegal content or information requests (Articles 9 and 10), and describe the actions taken in response. The DSC must also share this report with the European Commission and European Board of Digital Services.

The ACM made it clear in its 2024 report that last year was all about laying the groundwork for the DSA. Although the DSA officially applied from February 2024, ACM’s full enforcement powers only kicked in this year. In the meantime, ACM acted mainly as a point of contact, handling 256 complaints—most related to account restrictions, poor complaint handling, and illegal content—but it couldn’t yet investigate or impose sanctions. Behind the scenes, ACM focused on preparation: publishing guidance, hosting webinars for SMEs, and setting up a “DSA chamber” to coordinate with other Dutch regulators.

These efforts during the initial phase have been helpful in raising awareness among Dutch service providers about their obligations under the DSA. The ACM has emphasised cooperation with stakeholders and the importance of proactive compliance, encouraging platforms to address shortcomings before full enforcement began. Furthermore, the preparatory work laid a solid foundation for the ACM’s transition from guidance and coordination to active monitoring and enforcement as of this year; 2025.

First investigations of the ACM

The ACM recently initiated an investigation into compliance with the DSA in the Netherlands. This probe focuses on how online platforms have implemented the new rules, particularly regarding transparency, user safety, and the removal of illegal content.

The ACM has requested information from several large online platforms operating in the Dutch market to assess whether they meet the DSA’s requirements. This national action is part of a wider European trend. Across the EU, enforcement activity under the DSA has intensified, particularly towards the largest online platforms. The European Commission has both opened investigations and issued requests for information addressing systemic risks such as the presence of illegal content and products, the transparency of recommender systems and the access to data for qualified researchers. Other cases focus on the (addictive) design of platform interfaces and the online protection of minors.

Digital Omnibus proposal: implications for digital services

Against this backdrop of increasing regulatory consolidation, the European Commission has also introduced the Digital Omnibus proposal, which reshapes the context in which the DSA will operate. The European Commission tabled its so-called Digital Omnibus proposal, as a first step in “stress-testing” and simplifying the wider digital rulebook without changing the underlying policy goals. The proposal introduces targeted, largely technical amendments intended to reduce overlapping obligations, cut compliance costs and make the existing framework more workable, while keeping high standards of fundamental rights protection intact.

For digital services and online platforms, the most relevant element is the proposed repeal of the Platform-to-Business (P2B) Regulation, whose transparency and fairness rules have now largely been overtaken by newer instruments such as the Digital Markets Act (DMA) and the DSA. By removing this older layer, the Commission aims to streamline the platform acquis and avoid duplicative, “stacked” obligations, with the DSA and DMA as the main reference points for platform regulation going forward.

In parallel, the Digital Omnibus would introduce a single EU “entry point” for incident reporting, bringing together notification duties that today sit in different acts, including the GDPR, NIS2 and DORA. This is mainly a procedural change, but it is relevant for larger platform providers that are already subject to several reporting regimes and operate across multiple Member States.

Finally, the proposal is accompanied by a broader “Digital Fitness Check” of the EU’s digital legislation. The Commission explicitly signals that the DSA will be evaluated in 2027 as part of this exercise, which means that the interaction between the DSA and neighbouring instruments will remain under review, even if the Omnibus proposal itself does not reopen the substance of the DSA’s obligations.

Key takeaways

The DSA marks a new era of responsibility for digital service providers, with the Netherlands at the forefront of its enforcement and implementation. For Dutch businesses, the coming years – and particularly 2026, when ACM’s supervisory roadmap begins to take full effect – will be critical for getting compliance in order. The ACM has already stepped up its supervision and is now actively assessing how platforms apply their DSA obligations, with close attention to transparency duties, illegal-content procedures and risk-mitigation measures. This scrutiny is expected to intensify further as the supervisory framework matures and more platforms come within scope next year.

At the same time, the ACM’s approach aligns with broader EU priorities and the emerging Digital Omnibus agenda, signalling a shift from soft coordination to more structured and assertive enforcement across Europe’s digital landscape. A few takeaways for companies are:

1. Establish and document clear internal policies and update operational practices to fully align with DSA obligations, including notice-and-action procedures, transparency reporting, risk assessments and governance of recommender systems where relevant.
2. Be prepared to demonstrate compliance on short notice. The ACM increasingly conducts targeted requests for information, audits and supervisory checks. Platforms should ensure they have a procedure set up to receive and subsequently evidence their processes, decisions and risk-mitigation measures in a structured and defensible way.
3. Monitor ongoing EU-level developments and seek legal advice timely. The regulatory environment continues to evolve through DSA enforcement trends, ACM guidance and the forthcoming Digital Omnibus package. Staying up to date is essential to maintain compliance, manage risk and anticipate future supervisory expectations.