Our ‘DSA decoded’ blog series helps businesses navigate compliance with the EU Digital Services Act (DSA). In this post, we focus on online marketplaces.
Online marketplaces sit high within the layered compliance pyramid of the DSA. They must not only meet baseline obligations for all intermediary services but also additional requirements for hosting services and online platforms. On top of that, the DSA reserves a specific set of rules tailored to online marketplaces. These rules aim to create a more transparent, trustworthy and safer online environment for consumers in the EU and to combat the sale of illegal goods and services.
Not all online shops are online marketplaces
Unlike under the Consumer Rights Directive (CRD) and the Unfair Commercial Practices Directive (UCPD), the term “online marketplace” is not explicitly used in the DSA. However, according to the heading of Chapter III Section 4 of the DSA, the trader transparency requirements under Articles 29 to 32 DSA apply exclusively to online platforms allowing consumers to conclude distance contracts with traders. This description is similar (but not identical) to the definition of the term “online marketplace” as used in other EU laws such as the CRD and UCPD.
As a consequence of this conceptual definition, only certain services qualify as online marketplaces:
- Online search engines and other (non-online platform) intermediaries cannot be (also) online marketplaces within the meaning of the DSA.
- Only B2C online shops are covered.
- An online shop that exclusively offers the provider’s own products and services cannot be considered an online marketplace either, since no contracts are concluded between consumers and (third-party) traders.
- Social media platforms where traders may occasionally contact consumers and conclude contracts via the chat or comments function are not online marketplaces, unless such commercial activities are actively facilitated by the platform provider (e.g., by way of a formal checkout process directly on the platform).
Trader traceability: The “Know Your Business Customer” rule
A cornerstone of the DSA’s marketplace regulation is the “know your business customer” (KYBC) obligation under Article 30 DSA. Before a trader can offer products or services on a platform, the marketplace provider must collect key identification details, including their name, contact information, payment details, and any trade register information, and then make “best efforts” to assess whether this information is reliable and complete.
To be prepared for regulatory scrutiny, online marketplace providers should thoroughly document their KYBC processes and their rationale for determining what constitutes “best efforts”.
Compliance by design
In addition to the KYBC rule, Article 31 DSA introduces a “compliance by design” mandate, requiring online marketplace providers to design and organize their interfaces in a way that enables traders to comply with their obligations under applicable EU law. This spans a broad range of legally required information – from trader identity details under the E-Commerce Directive to pre-contractual disclosures on pricing and withdrawal rights under the CRD.
A key challenge for providers here is that a proposal for a single implementing act consolidating all these information requirements was ultimately not adopted during the legislative process. As a result, platforms are required to navigate a fragmented regulatory landscape.
Against this backdrop, the DSA requires interfaces to be “user-friendly” and “easily accessible” without defining these terms, forcing online marketplaces to rely on principles from other EU instruments to interpret these standards. Before a listing goes live, providers must use best efforts to check that traders have provided the required information.
Subsequently, Article 31 DSA requires online marketplace providers to make “reasonable efforts to randomly check” whether products or services offered have been identified as illegal in any official, freely accessible online databases. Again, the DSA leaves key terms like “reasonable efforts” and “randomly check” undefined, creating significant legal uncertainty. In practice, compliance with this obligation involves certain operational hurdles. The landscape of “official” databases across the EU is fragmented, and for many online marketplaces, particularly those offering digital services or specialised products, relevant databases may not even exist. This leaves the question of how an online marketplace provider can demonstrate its “reasonable efforts” to check sources that are non-existent or irrelevant. In these cases, regulators will likely expect providers to establish a process to periodically assess the database landscape and build a defensible record of their compliance efforts, ready for regulatory scrutiny.
Right to information: Post-purchase notifications
Further, under Article 32 DSA, when an online marketplace provider becomes aware that an illegal product or service has been offered through its service, it must inform the consumers who purchased the item about (i) the fact that the product or service is illegal, (ii) the identity of the trader, and (iii) any relevant means of redress. This obligation is time‑limited to purchases made within the six months preceding the moment the provider became aware of the illegality. Where the provider does not have the contact details of all affected consumers, it must make the information publicly available and easily accessible on its online interface. In practice, this means online marketplace providers should be prepared to identify illegal offers, retrieve relevant consumer contact data, trigger targeted notifications and, where necessary, publish the required notices.
The VLOP dimension: Mitigating the dissemination of illegal products
For online marketplaces designated as VLOPs, an even more stringent layer of regulation applies. Central to this regime are the obligations under Articles 34 and 35 DSA to conduct comprehensive annual assessments of systemic risks and to implement effective measures to mitigate them. For online marketplaces, this must specifically address the risks arising from the dissemination of illegal products. Further, VLOPs face enhanced transparency duties, such as maintaining a public repository of advertisements (Article 39 DSA).
Enforcement priorities: Online marketplaces in focus
Recent enforcement actions by the European Commission, primarily responsible for enforcing DSA obligations of VLOPs, show a particular focus on online marketplaces. For example, the European Commission has initiated formal proceedings and sent numerous requests for information to several VLOPs that operate online marketplaces. These actions consistently probe compliance with the obligations to assess and mitigate illegal products. However, investigations have also covered compliance regarding the traceability of traders and implementing “compliance by design”. In addition, Digital Service Coordinators increasingly push regulatory enforcement on a national level, while competition and consumer associations begin with bringing complaints and litigating claimed non-compliance with these obligations for online marketplaces.
Key takeaways and outlook
The DSA has fundamentally reshaped the regulatory landscape for online marketplaces, moving them from a position of conditional liability exemption to one of proactive, demonstrable diligence. This seems particular challenging as key terms such as “best efforts” and “reasonable efforts” are rather vague, while the European Commission’s enforcement actions vis-à-vis VLOPs show a clear focus on holding marketplaces accountable.
In light of the regulatory scrutiny, online marketplaces should prepare for their compliance efforts to be closely examined. Providers are well-advised to establish and document robust, defensible processes for trader verification and to ensure their platform architecture actively supports trader compliance. As both regulators and private litigants test the boundaries of these new obligations, the ability to demonstrate a thoughtful and proportionate approach will be paramount.
To find out whether the obligations for online marketplaces apply to you, you can read our previous post on “The art of scoping – which intermediary are you?”.
To learn more about the enforcement mechanisms of the DSA, you can read our previous post on “DSA Enforcement - key points”.