The Digital Services Act (DSA), often referred to as the Constitution of the Internet, governs how digital platforms, marketplaces, hosting providers, and SaaS businesses operate in the EU, has officially moved into its enforcement phase. Although passed by the EU, the regulation has global scope, applying to any company (regardless of where it is based) that makes its services accessible to users within the European Union. That includes many non-EU businesses in the Western Balkans, often without their knowledge.

Originally designed to rein in Big Tech, the DSA now applies strict obligations and heavy penalties to digital service providers of all sizes. In 2025, broader enforcement is no longer theoretical. Digital Services Coordinators across the EU are fully staffed and operational, scrutiny in ongoing cases (X, Meta, TikTok) has intensified, and new investigations are likely already underway. Having this in mind, a wide range of companies in the Western Balkans could now be exposed to compliance risk, including SaaS startups, e-commerce platforms, ad networks, media portals, and even freelance developers whose services reach EU users. Now is the time to understand what the DSA requires.

EU Legal Representative

Any company based outside the EU, but offering digital services to the people inside, must have a legal representative within the Union. This person or firm acts as the official point of contact for European authorities. Without one, a company may be hard to reach, but still fully responsible in the eyes of the law.

The legal representative is appointed by contract, usually through a signed mandate or power of attorney, authorizing them to act on the company’s behalf in dealings with EU authorities. They are generally not legally liable and hold no responsibility for any damage caused by the company’s services. Their name and contact information must be clearly published on the company’s website and in its legal documents.

Terms of Service

The platform’s rules must be rewritten in a way that is clear, fair, and fully transparent. It must be clear what types of behavior or content are not allowed, how moderation decisions are made (especially if automated tools are used), and how users can challenge a removal or suspension. The rules must be predictable, transparently enforced, and free of vague or overly broad language that leaves users uncertain about what is permitted.

Notice-and-Action System

Users and authorities must be able to report illegal content (such as hate speech, scams, or counterfeit products) quickly and easily. The platform is expected to review such reports without delay, take appropriate action, and keep records of its decisions.

This reporting system must be clearly visible, straightforward to use, and recognized as a core compliance feature. The form should be publicly accessible without login, enabling users to describe the illegal content, explain the reason, attach relevant evidence, and include their contact information for follow-up.

Yearly Transparency Report

If a company removes content or suspends users, even occasionally, it must publish an annual report explaining how many such actions were taken, why, and whether automation was involved. The report should be concise, easy to understand, and publicly available.

Advertising Transparency

If a platform displays advertising to users in the EU, it must clearly indicate that the content is a paid ad, identify the person or entity that paid for it, and explain the main parameters used to target the user (such as demographics, location, or interests). This obligation applies to both direct and algorithmically delivered ads. The information must be presented in real time, in a way that is clear and accessible to the average user.

Penalties for Non-Compliance

Companies that fail to comply with the DSA may face fines of up to 6% of their global annual turnover, depending on the gravity and duration of the infringement. In the case of incorrect, incomplete, or misleading information provided to regulators, fines of up to 1% of annual turnover may also apply.

In particularly serious or repeated cases of non-compliance, authorities may request that access to the service be temporarily restricted or suspended within the European Union. Such measures are considered only as a last resort, when all other enforcement tools have been exhausted, and the provider continues to disregard its legal obligations.

Key Takeaways

The DSA applies to companies in the Western Balkans that are offering digital services to EU users, regardless of their size. Key obligations include appointing an EU legal representative, enabling users to report illegal content, revising terms of service, publishing annual transparency reports, and ensuring advertising transparency. Non-compliance can result in fines of up to 6% of global turnover and, in serious cases, restriction of access to the EU market. Digital service providers in the Western Balkans should give serious consideration to aligning with the DSA, as non-compliance now carries real and growing risk.