Financial Services Advisory

The Digital Services Act: Ensuring a safe and accountable online environment

insight featured image
“The responsibilities of users, platforms, and public authorities are rebalanced according to European values, placing citizens at the centre.” European Commission

The Digital Services Act (DSA) is a proposed piece of legislation by the European Union that aims to modernize and harmonize the rules governing digital services across the EU.

The DSA is part of a broader package of digital regulations, including the Digital Markets Act (DMA).

These Acts have two main objectives:

  1. To create a safer digital space in which the fundamental rights of all users of digital services are protected;
  2. Create a safer online environment for users, promote innovation and fair competition, and increase the accountability of digital services providers.


Digital Services Act timelines


What are the key goals of the Digital Services Act?

Affects / Impacts Benefits


Better protection for consumers and their fundamental rights online.


Establish a powerful transparency and a clear accountability framework for online platforms.


Mitigation of systemic risks, such as manipulation or disinformation.

Providers of digital services

Business users of digital services

Society at large


Which providers are covered?

  1. Intermediary services: Internet access providers, domain name registrars
  2. Hosting services: Cloud and webhosting services
  3. Online platforms: Online marketplaces, app stores, collaborative economy platforms and social media platforms
  4. Very large online platforms: Risks in the dissemination of illegal content and societal harms

View the list of new obligations


Stages / tasks of the external audit of a VLOP under the DSA

Pre-audit planning

Pre-audit planning helps to ensure a successful audit by setting clear objectives, identifying potential risks, and establishing communication channels with the VLOP's management team.

This phase also helps to minimise disruptions to the VLOP's operations by identifying the most convenient time to conduct the audit.

Risk Assessment

The risk assessment phase helps the audit team to identify and prioritise potential risks and compliance issues, allowing for a more focused and efficient audit.

This phase helps to ensure that the audit plan addresses the highest priority risks, providing assurance to the VLOP's management team and stakeholders.

Audit program development

The audit program development phase helps to ensure that the audit is comprehensive and covers all relevant areas, providing assurance to the VLOP's management team and stakeholders.

Assigning roles and responsibilities to audit team members ensures that the audit is performed efficiently and effectively.


The fieldwork phase provides an opportunity for the audit team to collect data, documentation, and evidence to support the audit findings, ensuring that the audit is comprehensive and accurate.

Conducting testing of the VLOP's controls allows the audit team to evaluate their effectiveness and identify any gaps in the VLOP's compliance with the DSA requirements.

Data Analysis

The data analysis phase helps to identify any trends, patterns, or anomalies that may indicate areas of non-compliance with the DSA requirements.

Analyzing the evidence collected during the fieldwork phase provides a clearer understanding of the VLOP's compliance with the DSA requirements, enabling the audit team to provide more accurate findings and recommendations.


The reporting phase is critical in ensuring that the VLOP understands the audit results and takes appropriate action to address any areas of non-compliance with the DSA requirements.

Providing a clear and concise report that accurately represents the audit team's findings and recommendations helps to facilitate the VLOP's understanding and action.

Maturity Assessment will enable our clients to diagnose their maturity / readiness as regards Digital Services Act (DSA) and establish a recommended path towards improvement.

General Maturity Assessment Process

  1. Reports and Diagnostics are composed of Multiple Dimensions critical for VLOPs to comply to DSA;
  2. A point system and weighting is applied to all question responses in every Dimension;
  3. A score range is mapped to the weighting of responses and assigned to every Dimension from Nascent to Leading;
  4. An Overall Score range is plotted on a Maturity Indicator;
  5. Overall Maturity Score is divided into 4 ranges based on points - Nascent, Developing, Maturing and Leading;
  6. Clients are offered a SME to provide personalised recommendations and richer insights.


Next steps and how we can help

Grant Thornton Ireland are well positioned to assist your firm with Digital Services Act queries.  We have the experience and expertise to support you in embedding the Act’s requirements into your entity to ensure adherence to the new regulatory requirements. 

Our market leading team of regulatory professionals can also provide support with a full fitness check of your firm in comparison to the wider regulatory expectations regarding DSA. From bespoke advice to large-scale projects, our subject matter experts are here to help.