VLOP/VLSE Framework
The content title specifically focuses on 'Very large online platforms and very large online search engines' as a distinct regulatory category under the DSA. A dedicated topic covering the comprehensive regulatory framework, definitions, and comparative analysis of these two service categories would provide better organization and clarity than distributing this information across multiple existing topics.
very large online platforms very large online search engines VLOP VLSE regulatory framework DSA scope service classification platform obligations
Overview
Legal Framework
The distinct regulatory category of Very Large Online Platforms (VLOPs) and Very Large Online Search Engines (VLSEs) is defined and governed by Articles 33 and 34 of the Digital Services Act (DSA). A platform or search engine is designated as a VLOP or VLSE if it has an average monthly active recipient base in the EU equal to or greater than 45 million. This designation triggers a comprehensive, asymmetric regulatory regime with significantly enhanced obligations, including mandatory systemic risk assessments and mitigation measures, independent auditing, data transparency for vetted researchers, and crisis response cooperation.
Practical Application
As Recitals 132 and 137 of the DSA clarify, the VLOP/VLSE framework is predicated on their systemic societal impact and reach. The European Board for Digital Services is specifically tasked with advising on enforcement measures concerning these entities. The rationale is that non-compliance by a VLOP/VLSE can cause large-scale societal harm across multiple Member States, and their systemic complexities make identifying and addressing failures particularly difficult. Consequently, the primary supervisory and enforcement authority for VLOPs/VLSEs resides with the European Commission, which acts in cooperation with national Digital Services Coordinators. This centralized enforcement model reflects the cross-border nature of the risks these entities pose.
Key Considerations
- Proactive Monitoring of User Metrics: Organizations close to the 45-million-user threshold must implement robust, real-time systems to monitor and report their average monthly active recipients in the EU, as designation is a legal trigger for a substantially heavier compliance burden.
- Prepare for Centralized Enforcement: VLOPs/VLSEs must engage directly with the European Commission as their lead supervisory authority, requiring legal and operational readiness for Commission-led investigations, requests for information, and potential enforcement actions.
- Integrate Systemic Risk Management: Compliance requires moving beyond content-level moderation to establishing formal, documented processes for annually assessing and mitigating systemic risks (e.g., to civic discourse, public health, or fundamental rights) stemming from their service’s design and functioning.
Laws (51)
View all 51Recital 101
Recital 103
Recital 105
Recital 107
Recital 108
Recital 124
Recital 125
Article 33
Very large online platforms and very large online search engines
Article 38
Recommender systems
Article 65
Enforcement of obligations of providers of very large online platforms and of very large online search engines
Article 92
Anticipated application to providers of very large online platforms and of very large online search engines
Recital 134
Recital 132
Recital 134
Recital 137
Recital 138
Recital 139
Recital 140
Recital 145
Guidance (9)
Versiegeschiedenis
guidelines doorgifte van persoonsgegevens tussen overheidsinstanties en -organen binnen en buiten de EER
Richtsnoeren 2/2023 over het technische topassingsgebied van artikel 5, lid 3, van de eprivacyrichtlijn
guidelines technische toepassingsgebied van artikel 5(3) e-privacyrichtlijn
VERSIEGESCHIEDENIS
binding corporate rules voor verwerkingsverantwoordelijken
Versiegeschiedenis
guidelines accreditatie
Richtsnoeren 04/2022 voor de berekening van administratieve geldboeten krachtens de AVG
guidelines berekenen administratieve boetes
Het Europees Comité voor gegevensbescherming (EDPB) heeft deze richtsnoeren vastgesteld met het oog op de harmonisatie van de methode die de toezichthoudende autoriteiten gebruiken om het bedrag van de geldboete te berekenen. Deze richtsnoeren vormen een aanvulling op de eerder vastgestelde Richtsnoeren voor de toepassing en vaststelling van administratieve geldboeten in de zin van Verordening (EU) 2016/679 (WP 253), die betrekking hebben op de omstandigheden waarin een geldboete moet worden opg...
Version history
Guidelines on articles 46 (2) (a) and 46 (3) (b) of Regulation 2016/679 for transfers of personal data between EEA and non-EEA public authorities and bodies
Guidelines 2/2023 on Technical Scope of Art. 5(3) of ePrivacy Directive
Guidelines on technical scope of art. 5(3) of ePrivacy Directive
Version history
Guidelines on the accreditation of certification bodies
Guidelines 04/2022 on the calculation of administrative fines under the GDPR
Guidelines on the calculation of administrative fines under the GDPR
The European Data Protection Board (EDPB) has adopted these guidelines to harmonise the methodology supervisory authorities use when calculating of the amount of the fine. These Guidelines complement the previously adopted Guidelines on the application and setting of administrative fines for the purpose of the Regulation 2016/679 (WP253), which focus on the circumstances in which to impose a fine. The calculation of the amount of the fine is at the discretion of the supervisory authority, ...
News (3)
Digital Omnibus: EDPB and EDPS support simplification and competitiveness while raising key concerns
Brussels, 11 February - The European Data Protection Board (EDPB) and the European Data Protection Supervisor (EDPS) have adopted a Joint Opinion on the Digital Omnibus Regulation proposal.* This proposal aims to simplify the EU's digital regulatory framework, reduce administrative burden and enhance the competitiveness of European organisations. The EDPB and the EDPS focus on the aspects concerning the GDPR, the EUDPR, the ePrivacy Directive, and the Data Acquis.** More specifically, they asses
Register now for our conference on cross-regulatory cooperation in the EU (17 March)
The European Data Protection Board (EDPB) invites you to register for its conference, “Cross-regulatory interplay and cooperation in the EU: a data protection perspective”, taking place on 17 March 2026 in Brussels. This event will offer a high-level overview of the EDPB’s work in the EU’s cross-regulatory landscape, focusing in particular on how regulatory frameworks interact and how cooperation between authorities is ensured. Registration is open until 26 February 2026 and can be completed by
DeFine is a calculator for GDPR fines based on method of the EDPB
> DeFine is a translation into a calculator of part of the methodology proposed by the European Data Protection Board to calculate GDPR fines (see EDPB, Guidelines 04/2022 on the calculation of administrative fines under the GDPR, 12 May 2022, available online; it was subject to a public consultation until 27 June 2022).