Cross-Cutting Issues for DSA Systemic Risk Management: An Agenda for Cooperation

Designated Very Large Online Platforms (VLOPs) and Very Large Online Search Engines (VLOSEs) under the Digital Services Act (DSA) had to present their first systemic risk assessments in August 2023, with public versions of these assessments along with the audit reports due to be published in autumn of 2024. While the main purpose of these assessments is to evaluate individual compliance, mitigation of systemic risks requires a wider view, spanning different risk areas and cutting across different services.   

In this new CERRE Tech, Media and Telecom report, authors Sally Broughton Micova, Daniel Schnurr, Andrea Calef and Bryn Enstone, argue for a meta-analysis across the individual services’ risk assessments, steered by the Digital Services Board and the European Commission and involving academics and civil society, to understand what the most pressing sources of systemic risk are, where common vulnerabilities arise, and what mitigations can effectively reduce negative effects. 

The authors examine the characteristics of VLOPs and VLOSEs with respect to their scale, service type, and business model, as well as the governance mechanisms available to them before considering common factors in risk assessment and prevention of harm. These include several of the elements that Article 34 of the DSA instructs service providers to consider in their risk assessment, such as the design of recommender systems, content moderation systems, and data-related practices. 

The resulting recommendations lay out a research agenda for the European Commission and the Digital Services Board (DSB), as well as academics and other relevant stakeholders, which is intended to contribute directly to the assessment of systemic risk in actual practice and to wider debates about the governance of digital services. These include: 

• An inclusive process to set priorities among the risk areas for meta-analysis, taxonomy of harms, and strategies for consistent use of information-gathering tools across services and over time. 

• Harmonisation of definitions of core concepts and negative effects, understandings of norms and policy goals, and data gathering and reporting, through meta-analysis for each of the risk categories.    

• A list of potential risk-source areas where further meta-analysis by independent researchers is needed. 

• Meta-analysis, and possibly experimentation, on potential mitigation measures to determine best practices. 

• Identifying opportunities where additional cooperation for risk mitigation between service providers and stakeholders is needed. 

This report is part of the ‘Systemic Risk in Digital Services: Operationalising’ project, which includes two other reports focusing on the use cases of electoral integrity (May 2024) and terrorist content (upcoming). This project builds on our earlier report ‘Elements for Effective Systemic Risk Assessment under the DSA’, published in July 2023.